ISO 15118-20 Development Practice: A Complete Implementation Path from Protocol Stack Integration to Plug-and-Charge

Preface

ISO 15118-20 is a new-generation standard for vehicle-to-grid (V2G) bidirectional charging and standardized Plug-and-Charge (PnC). It replaces the older ISO 15118-2, mandating TLS 1.3 mutual authentication, binary EXI encoding, a complete PnC certificate PKI system, compatibility with CCS2 European DC chargers, support for vehicle-to-grid discharging, grid dispatch, and contactless automatic authorization & billing.

The full development chain consists of eight phases: hardware platform selection, underlying communication driver development, protocol stack layered porting & integration, PKI certificate security system development, OCPP 2.0.1 cloud backend interconnection, full state machine implementation for PnC, V2G bidirectional power interaction, and conformance & real vehicle joint debugging testing. It covers the full R&D workflow for three parties: charger SECC, on-board EVCC, and cloud CSMS.

1. Overall System Architecture (Three-Party Collaboration)

On-Board Vehicle Side (EVCC Controller)
├─ BMS / On-Board OBC → Power interaction
├─ HSM Secure Element → Stores vehicle contract certificates, private keys, V2G root CA
└─ GreenPHY PLC Module → Power Line Communication over CP control pilot wire

Vehicle-Charger Communication Link: ISO 15118-20 Protocol Stack
(PLC + IPv6 + TLS 1.3 + V2GTP + EXI)

Charger Side EVSE (SECC Main Controller)
├─ GreenPHY PLC
├─ SECC Protocol Stack
├─ HSM/SE Secure Element (Charger certificates, root certificate library)
├─ Power Modules, Energy Meters, Protection Circuits
└─ OCPP 2.0.1 Client → Connects to Cloud Backend

Cloud CSMS Platform
├─ OCPP Server
├─ PKI Certificate Management Center (Interconnected with Hubject/V2G Root CA System)
├─ EMSP Operator Account, Billing & Roaming Authentication
└─ V2G Grid Dispatch Interface

Core Interaction Logic: EVCC ←ISO 15118-20→ SECC ←OCPP 2.0.1→ CSMS. PnC authentication relies on joint verification of certificate chains from all three parties.

2. Phase 1: Hardware Platform Setup (Two Schemes: SECC Charger / EVCC On-Board Unit)

2.1 Physical Communication Layer: HomePlug GreenPHY PLC (Mandatory Hardware)

The designated communication medium for ISO 15118-20 is power line carrier over the CP pilot wire via GreenPHY chips; Wi-Fi is only an alternative backup channel.

1. Mainstream PLC Chips

• Overseas: QCA7000, QCA7005
• Domestic: MSE1020/MSE1022 by MaxLinear, Qualcomm-Silicon Motion solutions

1. Two Hardware Wiring Interfaces

• RMII direct connection to MCU Ethernet MAC (Recommended: stable, low latency)
• SPI interface (Compact single-chip solution for low-cost DC chargers)

1. Signal Matching Key Points: Add common-mode inductors, TVS surge protection devices and impedance matching resistors on CP lines to avoid PLC disconnection caused by EMC interference.

2.2 SECC Charger Main Controller Hardware Selection

Application Scenario	Chip Solution	Supporting Peripherals
High-power commercial DC chargers	i.MX RT1064 / STM32MP135 (Linux MPU)	EdgeLock SE050 secure element, 4G cellular module, metering IC
Low-cost AC / compact DC chargers	GD32F450 / NXP Kinetis M (FreeRTOS MCU)	SPI encryption chip, local Flash certificate cache

Mandatory Hardware: HSM/SE secure hardware. Private keys must never be stored in plaintext; all TLS 1.3 signature operations must be executed inside the secure element to meet automotive security standards.

2.3 On-Board EVCC Hardware

The vehicle charging domain controller connects to an external PLC module, paired with an on-board HSM to store vehicle contract certificates and MO operator root CAs. It communicates with the BMS via CAN bus to exchange charging power, SoC, and temperature data.

2.4 Development & Debug Toolchain

1. Protocol Simulation: Vector CANoe + Option.SmartCharging + VH5110 PLC signal capture hardware
2. HIL Simulation: Typhoon HIL404 to simulate complete BMS and EVCC interaction
3. Open-Source Protocol Stack Debugging: Python-ISO15118 (Docker one-click EVCC/SECC simulation)
4. Certificate Tooling: Vector Security Manager for batch generation of V2G PKI certificate chains

3. Phase 2: Underlying Driver & Communication Link Development (Bottom-Up Implementation)

3.1 SLAC Link Auto-Negotiation (Predecessor Process Before PLC Connection)

After gun insertion and PP resistor detection, the SECC initiates the SLAC protocol:

1. SECC broadcasts SLAC discovery frames
2. EVCC responds with link parameters and assigns IPv6 local link addresses
3. Completes PLC channel negotiation and establishes a 6LoWPAN IPv6 communication channel

Core Development Focus: Strictly implement SLAC timeout timers per standard. Reset PLC and clear all IP sessions immediately upon gun removal to prevent reconnection anomalies.

3.2 Bottom-Up Layered Protocol Stack Porting (Full ISO 15118-20 Stack)

7 standard layers implemented sequentially from physical to application layer:

1. Physical Layer: GreenPHY driver, CP signal modulation/demodulation, interrupt-driven transmit/receive
2. Data Link Layer: 802.3 Ethernet adaptation, SLAC state machine
3. Network Layer: Lightweight IPv6 stack (local link address only, public routing disabled)
4. Transport Layer: Custom optimized TCP (2s handshake timeout, sliding window tuned for narrow-band PLC)
5. Security Layer: TLS 1.3 mutual TLS authentication (mandatory for ISO 15118-20; TLS 1.2 downgrade prohibited)

• Fixed cipher suites: secp256r1 / secp384r1 elliptic curves
• Mutual certificate verification: EV validates SECC charger certificate; SECC validates vehicle Contract Certificate

1. V2G Transport Layer: V2GTP frame encapsulation, decapsulation and fragment reassembly
2. Application Layer: EXI compact XML codec + V2G business state machine

3.3 Practical EXI Codec Integration

EXI replaces raw XML to compress frames and reduce PLC transmission latency, with two integration schemes:

1. Embedded MCU: Lightweight static libexi library with redundant schema nodes trimmed, RAM footprint < 200KB
2. Linux MPU: Open-source exi-java / exi-python libraries for simulation and debugging

Common Pitfall: ISO 15118-20 adds new V2G discharge message nodes. The EXI schema must adopt the official 2020 XSD specification; mixing ISO 15118-2 schemas will cause direct frame parsing failures.

4. Phase 3: Core Protocol Stack Integration & State Machine Development (Core R&D Module)

4.1 Two Deployment Schemes for Protocol Stacks

Scheme A: Commercial Off-the-Shelf Protocol Stack (Mass Production Preferred)

Vector V2G Stack, NXP EasyEVSE with built-in ISO 15118-20 stack. Exposed standardized APIs only require integration with underlying PLC drivers, HSM encryption interfaces and upper-layer power control logic. Development cycle: 2–3 months.

Scheme B: Self-Developed Stack Based on Open Source (Independent R&D Vendors)

Port python-iso15118 to embedded C, fully implement V2GTP, EXI, TLS 1.3 and complete state machines. Full conformance testing must be conducted independently. Development cycle: 6–8 months.

4.2 Complete Charging Session State Machine (Mandatory Workflow for PnC)

WaitForPlugIn (Idle Standby)
    ↓ Gun inserted + SLAC connection completed
SessionSetup (Session initialization, exchange supported protocol version 20)
    ↓
ServiceDiscovery (Exchange capabilities: AC/DC charging, V2G, PnC services)
    ↓
PaymentServiceSelection (Select PnC automatic payment mode)
    ↓
PaymentProcessing (Core PnC mutual certificate authentication workflow)
    ↓ Authentication passed
PowerDelivery (Charge / discharge power interaction, V2G grid dispatch)
    ↓ Battery full / gun unplugged
SessionStop (Terminate session, tear down TLS connection, reset PLC)

Critical State Transition Constraints: TLS disconnection, certificate verification failure or timeout at any stage trigger an immediate jump to SessionStop and clear all session cache.

4.3 Encapsulated Standardized APIs Between SECC and Local Business Logic

Three decoupled interface layers separate the protocol stack from charger host logic:

1. Downlink API (Charger → Protocol Stack): Max power limit, grid dispatch commands, emergency stop signals
2. Uplink API (Protocol Stack → Charger): Vehicle SoC, requested voltage/current, PnC authentication result, session end energy consumption data
3. Security API: HSM wrapper for certificate read, signature, verification and isolated private key operations

5. Phase 4: PnC Plug-and-Charge PKI Security System Development (Largest R&D Challenge)

5.1 Four-Tier V2G PKI Certificate Hierarchy (ISO 15118-20 Standard Trust Chain)

1. V2G Root CA: Global root certificate authority (Authorized bodies such as Hubject; root CA library pre-installed on all vehicles and chargers at factory)
2. MO Sub-CA: Mobile Operator secondary CA, issues vehicle certificates
3. CPO Sub-CA: Charging Point Operator secondary CA, issues SECC charger certificates
4. Endpoint Certificates

• EV Side: Contract Certificate (Unique per vehicle, embedded with eMAID authentication ID)
• SECC Side: EVSE Leaf Certificate

Trust Rules: The vehicle verifies the charger certificate chain up to the V2G Root CA; the charger verifies the vehicle contract certificate against the identical root CA. Authentication fails if cross-root CA chains are used, disabling PnC.

5.2 End-to-End PnC Authentication Practical Workflow (Contactless Charging Upon Plug-In)

1. TLS 1.3 Handshake: EVCC and SECC exchange endpoint certificates; local HSM performs base certificate chain validation
2. EV sends PaymentDetailsReq carrying full vehicle certificate chain and eMAID
3. SECC caches certificates locally and forwards all certificate data to CSMS backend via OCPP 2.0.1 DataTransfer
4. CSMS interfaces with PKI service to complete CRL certificate revocation list verification and match eMAID to user accounts
5. CSMS returns OCPP Authorize authentication result (Approved / Rejected)
6. SECC responds with PaymentDetailsRes approval, enters power delivery phase, and triggers automatic billing without NFC card / APP scanning

5.3 Key Development Requirements for Certificate Management

1. Local Cache: SECC caches frequently used MO root CAs to support temporary offline PnC charging under weak cellular networks; settlement synchronized once reconnected
2. Remote Certificate Update: Support CertificateInstallationReq frames for over-the-air vehicle contract certificate renewal
3. Security Restrictions: All private keys stored permanently in HSM with export disabled; mandatory validation of certificate validity periods, periodic CRL synchronization
4. Failure Degradation: Automatically switch to EIM external authorization (APP / NFC card fallback) if PnC certificate verification fails

6. Phase 5: Integration Between ISO 15118-20 and OCPP 2.0.1 Cloud Backend

6.1 Message Tunneling & Interoperability Mechanism

Raw ISO 15118 vehicle-charger frames cannot be transmitted directly to the cloud. All data is encapsulated via OCPP 2.0.1 DataTransfer:

• Fixed Vendor ID: ISO15118-20
• Data Payload: Raw binary EXI frames
  The CSMS parses certificates, eMAID and charging session data to complete authentication, billing and session log storage.

6.2 Extended OCPP Functions for PnC R&D

1. SignCertificate: Charger requests SECC certificate renewal from CSMS
2. GetCertificateStatus: Backend queries vehicle certificate revocation status
3. Session Reporting: Upload original ISO 15118 energy consumption frames upon session completion as settlement proof
4. V2G Dispatch Downlink: Grid power load commands delivered via OCPP to SECC and forwarded to EVCC for vehicle-to-grid discharging

6.3 CSMS Backend PKI Service Development

1. Interconnect with third-party V2G CA providers to synchronize root certificates and CRL revocation lists
2. eMAID Database: Map vehicle contract certificates to end users, tariff plans and settlement accounts
3. Roaming Interconnection: Cross-EMSP certificate trust for universal PnC compatibility across third-party chargers

7. Phase 6: V2G Bidirectional Charge-Discharge Function Extension (Core New Capability of 15118-20)

1. Extended Discharge State Logic: Differentiate Charging (Vehicle Receives Power) / Discharging (Vehicle Feeds Grid) within the PowerDelivery state
2. Power Coordination Logic

• EVCC reports maximum discharge power and minimum battery protection SoC threshold
• SECC issues dynamic discharge power commands based on grid load and time-of-use tariffs

1. Grid Dispatch Compatibility: Supports peak load shaving, photovoltaic energy storage coordination, real-time bidirectional energy metering reporting
2. Safety Protection: Overcurrent discharge protection, low battery cut-off, immediate power shutdown upon PLC communication loss

8. Phase 7: End-to-End Testing & Conformance Certification (Mandatory for Mass Production)

8.1 Layered Unit Testing

1. Underlying Communication: SLAC connectivity, PLC stability under high/low temperature, IPv6 reconnection testing
2. Protocol Stack Unit Test: Full EXI frame coverage, TLS 1.3 handshake fault tolerance, complete state machine transition coverage
3. Security Unit Test: HSM certificate signature & verification, private key isolation, interception of expired/revoked certificates

8.2 End-to-End PnC Scenario Test Cases

1. Standard Nominal Flow: Plug gun → automatic authentication → charging → unplug & settlement full contactless workflow
2. Abnormal Edge Cases: Expired certificates, offline charging with network loss, revoked CRL certificates, mid-TLS handshake disconnection
3. Degradation Scenarios: Automatic fallback to NFC card authorization upon PnC failure
4. V2G Bidirectional Scenarios: Charge mode, discharge mode, dynamic bidirectional power switching

8.3 Official Conformance Certification

1. CharIN official ISO 15118-20 protocol conformance testing
2. PKI security compliance & TLS 1.3 security audit
3. Real vehicle interoperability testing with mainstream CCS2 EV models (Mercedes, BMW, Volkswagen etc.)
4. Mass-production EMC, high-low temperature environmental reliability testing

9. Common Development Pitfalls & Solutions

1. TLS 1.3 Handshake Failure
   Root Cause: Mismatched elliptic curve cipher suites, incomplete certificate chains, mixed TLS 1.2 / TLS 1.3 versions
   Solution: Strictly follow CharIN TLS Implementation Guide, lock secp256r1 cipher suite, preload full V2G root certificate library
2. Frequent PLC Communication Dropouts
   Root Cause: CP line EMC noise interference, incorrect GreenPHY clock configuration, SLAC timer drift
   Solution: Add filtering circuits, optimize PLC driver retransmission logic, fast link reset on communication timeout
3. PnC Authentication Cloud Timeout Failure
   Root Cause: Poor 4G cellular signal, OCPP message congestion, oversized certificate frames
   Solution: Local certificate caching, asynchronous OCPP message queue, EXI frame payload optimization
4. EXI Frame Parsing Errors
   Root Cause: Mixed ISO 15118-2 and 2020 schemas, lost frame fragments
   Solution: Maintain independent dedicated EXI schemas for ISO 15118-20, add fragment validation logic in V2GTP layer
5. PKI Security Vulnerabilities
   Root Cause: Plaintext private key storage in Flash, disabled HSM secure element
   Solution: Full hardware isolation of all secret keys, permanently disable private key export interfaces

10. Project Deliverable Checklist

1. Hardware: SECC/EVCC schematic, GreenPHY PCB layout, HSM secure circuit design
2. Underlying Firmware: PLC driver, SLAC stack, IPv6 adaptation layer, TLS 1.3 crypto wrapper
3. Protocol Stack: Full ISO 15118-20 source code / static library, state machine logic, EXI codec module
4. PKI Toolchain: Batch certificate generation scripts, HSM certificate read/write firmware
5. OCPP Integration Layer: OCPP 2.0.1 DataTransfer tunneling component, CSMS connection SDK
6. Test Documentation: Conformance test cases, PnC scenario test report, real vehicle interoperability report
7. Operation & Maintenance Manual: Certificate renewal workflow, backend PKI deployment guide, fault troubleshooting handbook

11. Reference Development Timeline

1. Hardware Selection & Underlying Driver Development: 1 month
2. ISO 15118-20 Protocol Stack Porting & Integration: 2–3 months
3. PnC PKI Security System R&D: 1.5 months
4. OCPP Cloud Interconnection & CSMS Backend Development: 1 month
5. V2G Bidirectional Power Function Extension: 1 month
6. Full-System Testing & Interoperability Certification: 1.5 months
   Total Cycle: 7–9 months (Commercial off-the-shelf protocol stack solution); add 4 months for fully self-developed open-source stack

---

Relevant Diagram Description (Matching Article Content)

Image Theme: ISO 15118-20 End-to-End System Architecture Diagram

Core visual elements of the technical drawing:

1. Three partitioned modules: On-board EVCC Vehicle Unit, SECC DC Charger Controller, Cloud CSMS Platform
2. Communication medium labels: CP GreenPHY PLC, IPv6 TLS 1.3 V2GTP EXI
3. Security hardware markers: EV HSM, Charger SE Secure Element, V2G PKI Root CA Chain
4. Cross-protocol tunnel mark: OCPP 2.0.1 DataTransfer for certificate & session uplink
5. Bidirectional V2G power arrow between EV and charger to represent vehicle-to-grid discharge
6. Workflow annotation: Plug-in → SLAC → TLS Mutual Auth → PnC Payment Processing → Bidirectional Power Delivery → Session Termination

The diagram visually maps the full development path covered in the article, clearly distinguishing hardware layers, protocol stacks, security PKI system and cloud interconnection modules for engineering documentation and presentation use.

Image Search Keywords (for downloading matching technical diagram)

ISO 15118-20 system architecture diagram PnC V2G SECC EVCC OCPP 2.0.1
CCS Plug and Charge PLC TLS PKI communication block diagram
Vehicle to Grid ISO15118-20 end-to-end workflow schematic