Already a subscriber? 
MADCAD.com Free Trial
Sign up for a 3 day free trial to explore the MADCAD.com interface, PLUS access the
2009 International Building Code to see how it all works.
If you like to setup a quick demo, let us know at support@madcad.com
or +1 800.798.9296 and we will be happy to schedule a webinar for you.
Security check
Please login to your personal account to use this feature.
Please login to your authorized staff account to use this feature.
Are you sure you want to empty the cart?
ANSI C12 IEC 62056-5-3 ED 4 American National Standard for Electricity Metering Data Exchange – The DLMS/ COSEM Suite Part 5-3: DLMS/COSEM Application Layer, 0
- CONTENTS
- FOREWORD
- INTRODUCTION
- 1 Scope
- 2 Normative references
- 3 Terms, definitions, abbreviated terms and symbols [Go to Page]
- 3.1 General DLMS®/COSEM definitions
- 3.2 Definitions related to cryptographic security
- 3.3 Definitions and abbreviated terms related to the Galois/Counter Mode
- 3.4 General abbreviated terms
- 3.5 Symbols related to the Galois/Counter Mode
- 3.6 Symbols related the ECDSA algorithm
- 3.7 Symbols related to the key agreement algorithms
- 4 Overview of DLMS®/COSEM [Go to Page]
- 4.1 Information exchange in DLMS®/COSEM [Go to Page]
- 4.1.1 General
- 4.1.2 Communication model
- 4.1.3 Naming and addressing [Go to Page]
- 4.1.3.1 General
- 4.1.3.2 Naming
- 4.1.3.3 Addressing
- 4.1.3.4 System title
- 4.1.3.5 Logical Device Name
- 4.1.3.6 Client user identification
- 4.1.4 Connection oriented operation
- 4.1.5 Application associations [Go to Page]
- 4.1.5.1 General
- 4.1.5.2 Application context
- 4.1.5.3 Authentication
- 4.1.5.4 xDLMS context
- 4.1.5.5 Security context
- 4.1.5.6 Access rights
- 4.1.6 Messaging patterns
- 4.1.7 Data exchange between third parties and DLMS®/COSEM servers
- 4.1.8 Communication profiles
- 4.1.9 Model of a DLMS®/COSEM metering system
- 4.1.10 Model of DLMS®/COSEM servers
- 4.1.11 Model of a DLMS®/COSEM client
- 4.1.12 Interoperability and interconnectivity in DLMS®/COSEM
- 4.1.13 Ensuring interconnectivity: the protocol identification service
- 4.1.14 System integration and meter installation
- 4.2 DLMS®/COSEM application layer main features [Go to Page]
- 4.2.1 General
- 4.2.2 DLMS®/COSEM application layer structure
- 4.2.3 The Association Control Service Element, ACSE
- 4.2.4 The xDLMS application service element [Go to Page]
- 4.2.4.1 Overview
- 4.2.4.2 The xDLMS initiate service
- 4.2.4.3 COSEM object related xDLMS services [Go to Page]
- 4.2.4.3.1 General
- 4.2.4.3.2 xDLMS services used by the client with LN referencing
- 4.2.4.3.3 xDLMS services used by the client with SN referencing
- 4.2.4.3.4 Unsolicited services
- 4.2.4.3.5 Selective access
- 4.2.4.3.6 Multiple references
- 4.2.4.3.7 Attribute_0 referencing
- 4.2.4.4 Additional mechanisms [Go to Page]
- 4.2.4.4.1 Overview
- 4.2.4.4.2 Referencing methods and service mapping
- 4.2.4.4.3 Identification of service invocations: the Invoke_Id parameter
- 4.2.4.4.4 Priority handling
- 4.2.4.4.5 Transferring long messages
- 4.2.4.4.6 Composable xDLMS messages
- 4.2.4.4.7 Compression and decompression
- 4.2.4.4.8 General protection
- 4.2.4.4.9 General block transfer (GBT)
- 4.2.4.5 Additional data types
- 4.2.4.6 xDLMS version number
- 4.2.4.7 xDLMS conformance block
- 4.2.4.8 Maximum PDU size
- 4.2.5 Layer management services
- 4.2.6 Summary of DLMS®/COSEM application layer services
- 4.2.7 DLMS®/COSEM application layer protocols
- 5 Information security in DLMS®/COSEM [Go to Page]
- 5.1 Overview
- 5.2 The DLMS®/COSEM security concept [Go to Page]
- 5.2.1 Overview
- 5.2.2 Identification and authentication [Go to Page]
- 5.2.2.1 Identification
- 5.2.2.2 Authentication mechanisms [Go to Page]
- 5.2.2.2.1 Overview
- 5.2.2.2.2 No security (Lowest Level Security) authentication
- 5.2.2.2.3 Low Level Security (LLS) authentication
- 5.2.2.2.4 High Level Security (HLS) authentication
- 5.2.3 Security context
- 5.2.4 Access rights
- 5.2.5 Application layer message security
- 5.2.6 COSEM data security
- 5.3 Cryptographic algorithms [Go to Page]
- 5.3.1 Overview
- 5.3.2 Hash function
- 5.3.3 Symmetric key algorithms [Go to Page]
- 5.3.3.1 General
- 5.3.3.2 Encryption and decryption
- 5.3.3.3 Advanced Encryption Standard
- 5.3.3.4 Encryption Modes of Operation
- 5.3.3.5 Message Authentication Code
- 5.3.3.6 Key wrapping
- 5.3.3.7 Galois/Counter Mode [Go to Page]
- 5.3.3.7.1 General
- 5.3.3.7.2 GCM functions
- 5.3.3.7.3 The initialization vector, IV
- 5.3.3.7.4 The encryption key, EK
- 5.3.3.7.5 The authentication key, AK
- 5.3.3.7.6 Length of the authentication tag
- 5.3.3.8 AES key wrap
- 5.3.4 Public key algorithms [Go to Page]
- 5.3.4.1 General
- 5.3.4.2 Elliptic curve cryptography [Go to Page]
- 5.3.4.2.1 General
- 5.3.4.2.2 NIST recommended elliptic curves
- 5.3.4.3 Data conversions [Go to Page]
- 5.3.4.3.1 Overview
- 5.3.4.3.2 Conversion between Bit Strings and Octet Strings (BS2OS)
- 5.3.4.3.3 Conversion between Octet Strings and Bit Strings (OS2BS)
- 5.3.4.3.4 Conversion between Integers and Octet Strings (I2OS)
- 5.3.4.3.5 Conversion between Octet Strings and Integers (OS2I)
- 5.3.4.3.6 Conversion between Field Elements and Octet Strings (FE2OS)
- 5.3.4.3.7 Conversion between Octet Strings and Field Elements (OS2FE)
- 5.3.4.4 Digital signature
- 5.3.4.5 Elliptic curve digital signature (ECDSA)
- 5.3.4.6 Key agreement [Go to Page]
- 5.3.4.6.1 Overview
- 5.3.4.6.2 The Ephemeral Unified Model C(2e, 0s, ECC CDH) scheme
- 5.3.4.6.3 The One-Pass Diffie-Hellman C(1e, 1s, ECC CDH) scheme
- 5.3.4.6.4 The Static Unified Model C(0e, 2s, ECC CDH) scheme
- 5.3.4.6.5 Key Derivation Function – The NIST Concatenation KDF
- 5.3.5 Random number generation
- 5.3.6 Compression
- 5.3.7 Security suite
- 5.4 Cryptographic keys – overview
- 5.5 Key used with symmetric key algorithms [Go to Page]
- 5.5.1 Symmetric keys types
- 5.5.2 Key information with general-ciphering APDU and data protection
- 5.5.3 Key identification
- 5.5.4 Key wrapping
- 5.5.5 Key agreement
- 5.5.6 Symmetric key cryptoperiods
- 5.6 Keys used with public key algorithms [Go to Page]
- 5.6.1 Overview
- 5.6.2 Key pair generation
- 5.6.3 Public key certificates and infrastructure [Go to Page]
- 5.6.3.1 Overview
- 5.6.3.2 Trust model
- 5.6.3.3 PKI architecture – informative [Go to Page]
- 5.6.3.3.1 General
- 5.6.3.3.2 Root-CA
- 5.6.3.3.3 Sub-CA
- 5.6.3.3.4 End entities
- 5.6.4 Certificate and certificate extension profile [Go to Page]
- 5.6.4.1 General
- 5.6.4.2 The X.509 v3 Certificate
- 5.6.4.3 tbsCertificate [Go to Page]
- 5.6.4.3.1 Overview
- 5.6.4.3.2 Serial number
- 5.6.4.3.3 Issuer and Subject
- 5.6.4.3.4 Validity period
- 5.6.4.3.5 SubjectPublicKeyInfo
- 5.6.4.3.6 Subject Unique ID
- 5.6.4.4 Certificate extensions [Go to Page]
- 5.6.4.4.1 Overview
- 5.6.4.4.2 Authority Key Identifier
- 5.6.4.4.3 SubjectKeyIdentifier
- 5.6.4.4.4 KeyUsage
- 5.6.4.4.5 CertificatePolicies
- 5.6.4.4.6 SubjectAltNames
- 5.6.4.4.7 IssuerAltName
- 5.6.4.4.8 Basic constraints
- 5.6.4.4.9 Extended Key Usage
- 5.6.4.4.10 cRLDistributionPoints
- 5.6.4.4.11 Other extensions
- 5.6.5 Suite B end entity certificate types to be supported by DLMS®/COSEM servers
- 5.6.6 Management of certificates [Go to Page]
- 5.6.6.1 Overview
- 5.6.6.2 Provisioning servers with trust anchors
- 5.6.6.3 Provisioning the server with further CA certificates
- 5.6.6.4 Security personalisation of the server
- 5.6.6.5 Provisioning servers with certificates of clients and third parties
- 5.6.6.6 Provisioning clients and third parties with certificates of servers
- 5.6.6.7 Certificate removal from the server
- 5.7 Applying cryptographic protection [Go to Page]
- 5.7.1 Overview
- 5.7.2 Protecting xDLMS APDUs [Go to Page]
- 5.7.2.1 Overview
- 5.7.2.2 Security policy and access rights values
- 5.7.2.3 Ciphered xDLMS APDUs
- 5.7.2.4 Encryption, authentication and compression [Go to Page]
- 5.7.2.4.1 Overview
- 5.7.2.4.2 The security header
- 5.7.2.4.3 Plaintext and Additional Authenticated Data
- 5.7.2.4.4 Encryption key and authentication key
- 5.7.2.4.5 Initialization vector
- 5.7.2.4.6 Service-specific ciphering xDLMS APDUs
- 5.7.2.4.7 The general-glo-ciphering and general-ded-ciphering xDLMS APDUs
- 5.7.2.4.8 The general-ciphering APDU
- 5.7.2.4.9 Use of the fields of the ciphering xDLMS APDUs
- 5.7.2.4.10 Encoding example: global-get-request xDLMS APDU
- 5.7.2.5 Digital signature
- 5.7.3 Multi-layer protection by multiple parties
- 5.7.4 HLS authentication mechanisms
- 5.7.5 Protecting COSEM data
- 6 DLMS®/COSEM application layer service specification [Go to Page]
- 6.1 Service primitives and parameters
- 6.2 The COSEM-OPEN service
- 6.3 The COSEM-RELEASE service
- 6.4 COSEM-ABORT service
- 6.5 Protection and general block transfer parameters
- 6.6 The GET service
- 6.7 The SET service
- 6.8 The ACTION service
- 6.9 The ACCESS service [Go to Page]
- 6.9.1 Overview – Main features [Go to Page]
- 6.9.1.1 General
- 6.9.1.2 Unified WITH-LIST service to improve efficiency
- 6.9.1.3 Specific variants for selective access
- 6.9.1.4 Long_Invoke_Id parameter
- 6.9.1.5 Self-descriptive responses
- 6.9.1.6 Failure management
- 6.9.1.7 Time stamp as a service parameter
- 6.9.1.8 Presence of data in service primitives
- 6.9.2 Service specification
- 6.10 The DataNotification service
- 6.11 The EventNotification service
- 6.12 The TriggerEventNotificationSending service
- 6.13 Variable access specification
- 6.14 The Read service
- 6.15 The Write service
- 6.16 The UnconfirmedWrite service
- 6.17 The InformationReport service
- 6.18 Client side layer management services: the SetMapperTable.request
- 6.19 Summary of services and LN/SN data transfer service mapping
- 7 DLMS®/COSEM application layer protocol specification [Go to Page]
- 7.1 The control function [Go to Page]
- 7.1.1 State definitions of the client side control function
- 7.1.2 State definitions of the server side control function
- 7.2 The ACSE services and APDUs [Go to Page]
- 7.2.1 ACSE functional units, services and service parameters
- 7.2.2 Registered COSEM names [Go to Page]
- 7.2.2.1 General
- 7.2.2.2 The COSEM application context
- 7.2.2.3 The COSEM authentication mechanism name
- 7.2.2.4 Cryptographic algorithm ID-s
- 7.2.3 APDU encoding rules [Go to Page]
- 7.2.3.1 Encoding of the ACSE APDUs
- 7.2.3.2 Encoding of the xDLMS APDUs
- 7.2.3.3 XML
- 7.2.4 Protocol for application association establishment [Go to Page]
- 7.2.4.1 Protocol for the establishment of confirmed application associations
- 7.2.4.2 Repeated COSEM-OPEN service invocations
- 7.2.4.3 Establishment of unconfirmed application associations
- 7.2.4.4 Pre-established application associations
- 7.2.5 Protocol for application association release [Go to Page]
- 7.2.5.1 Overview
- 7.2.5.2 Graceful release of an application association
- 7.2.5.3 Non-graceful release of an application association
- 7.3 Protocol for the data transfer services [Go to Page]
- 7.3.1 Negotiation of services and options – the conformance block
- 7.3.2 Confirmed and unconfirmed service invocations [Go to Page]
- 7.3.2.1 Service invocations by the client
- 7.3.2.2 Service invocations by the server (unsolicited services)
- 7.3.3 Protocol for the GET service
- 7.3.4 Protocol for the SET service
- 7.3.5 Protocol for the ACTION service
- 7.3.6 Protocol for the ACCESS service
- 7.3.7 Protocol of the DataNotification service
- 7.3.8 Protocol for the EventNotification service
- 7.3.9 Protocol for the Read service
- 7.3.10 Protocol for the Write service
- 7.3.11 Protocol for the UnconfirmedWrite service
- 7.3.12 Protocol for the InformationReport service
- 7.3.13 Protocol of general block transfer mechanism [Go to Page]
- 7.3.13.1 General
- 7.3.13.2 The GBT procedure [Go to Page]
- 7.3.13.2.1 Overview
- 7.3.13.2.2 The confirmed GBT procedure [Go to Page]
- 7.3.13.2.2.1 General
- 7.3.13.2.2.2 Confirmed GBT procedure triggered by a service invocation
- 7.3.13.2.2.3 Confirmed GBT procedure triggered by reception of a GBT APDU from the peer
- 7.3.13.2.3 The unconfirmed GBT procedure
- 7.3.13.3 GBT procedure state variables
- 7.3.13.4 Send GBT APDU stream sub-procedure [Go to Page]
- 7.3.13.4.1 General
- 7.3.13.4.2 Initialization
- 7.3.13.4.3 Confirmed GBT stream send [Go to Page]
- 7.3.13.4.3.1 General
- 7.3.13.4.3.2 Last block management
- 7.3.13.4.3.3 Process
- 7.3.13.4.4 Unconfirmed GBT send
- 7.3.13.5 Process GBT APDU sub-procedure [Go to Page]
- 7.3.13.5.1 General
- 7.3.13.5.2 Processing GBT APDUs in a confirmed GBT procedure
- 7.3.13.5.3 Processing GBT APDUs in an unconfirmed GBT procedure
- 7.3.13.6 Check RQ and fill gaps sub-procedure [Go to Page]
- 7.3.13.6.1 General
- 7.3.13.6.2 Confirmed GBT procedure
- 7.3.13.6.3 Unconfirmed GBT procedure
- 7.3.13.7 GBT protocol examples
- 7.3.13.8 Aborting the GBT procedure
- 7.3.14 Protocol of exception mechanism
- 8 Abstract syntax of ACSE and COSEM APDUs
- 9 COSEM APDU XML schema [Go to Page]
- 9.1 General
- 9.2 XML Schema
- Annex A (normative) Using the DLMS®/COSEM application layer in various communications profiles [Go to Page]
- A.1 General
- A.2 Targeted communication environments
- A.3 The structure of the profile
- A.4 Identification and addressing schemes
- A.5 Supporting layer services and service mapping
- A.6 Communication profile specific parameters of the COSEM AL services
- A.7 Specific considerations / constraints using certain services within a given profile
- A.8 The 3-layer, connection-oriented, HDLC based communication profile
- A.9 The TCP-UDP/IP based communication profiles (COSEM_on_IP)
- A.10 The wired and wireless M-Bus communication profiles
- A.11 The S-FSK PLC profile
- Annex B (normative) SMS short wrapper
- Annex C (normative) Gateway protocol [Go to Page]
- C.1 General
- C.2 The gateway protocol
- C.3 HES in the WAN/NN acting as Initiator (Pull operation)
- C.4 End devices in the LAN acting as Initiators (Push operation) [Go to Page]
- C.4.1 General
- C.4.2 End device with WAN/NN knowledge
- C.4.3 End devices without WAN/NN knowledge
- C.5 Security
- Annex D (informative) AARQ and AARE encoding examples [Go to Page]
- D.1 General
- D.2 Encoding of the xDLMS InitiateRequest / InitiateResponse APDU
- D.3 Specification of the AARQ and AARE APDUs
- D.4 Data for the examples
- D.5 Encoding of the AARQ APDU
- D.6 Encoding of the AARE APDU
- Annex E (informative) Encoding examples: AARQ and AARE APDUs using a ciphered application context [Go to Page]
- E.1 A-XDR encoding of the xDLMS InitiateRequest APDU, carrying a dedicated key
- E.2 Authenticated encryption of the xDLMS InitiateRequest APDU
- E.3 The AARQ APDU
- E.4 A-XDR encoding of the xDLMS InitiateResponse APDU
- E.5 Authenticated encryption of the xDLMS InitiateResponse APDU
- E.6 The AARE APDU
- E.7 The RLRQ APDU (carrying a ciphered xDLMS InitiateRequest APDU)
- E.8 The RLRE APDU (carrying a ciphered xDLMS InitiateResponse APDU)
- Annex F (informative) Data transfer service examples [Go to Page]
- F.1 GET / Read, SET / Write examples
- F.2 ACCESS service example
- F.3 Compact array encoding example [Go to Page]
- F.3.1 General
- F.3.2 The specification of compact-array
- F.3.3 Example 1: Compact array encoding an array of five long-unsigned values
- F.3.4 Example 2: Compact-array encoding of five octet-string values
- F.3.5 Example 3: Encoding of the buffer of a Profile generic object
- F.4 Profile generic IC buffer attribute encoding examples [Go to Page]
- F.4.1 General
- F.4.2 Get-response with Profile generic normal encoding example
- F.4.3 Get-response with Profile generic null-data compressed encoding example
- F.4.4 Get-response with Profile generic compact-array encoding example
- F.4.5 Get-response with Profile generic null-data and delta-value encoding example
- F.4.6 Comparison of various encoding methods for Get-response APDU
- F.4.7 Combination of the various encoding methods and V.44 compression
- Annex G (normative) NSA Suite B elliptic curves and domain parameters
- Annex H (informative) Example of an End entity signature certificate using P-256 signed with P-256 [Go to Page]
- H.1 Fields of public key certificates
- H.2 Example of a Root-CA Certificate using P-256 signed with P-256
- H.3 Example of an end entity digital signature Certificate using P-256 signed with P-256
- Annex I (normative) Use of key agreement schemes in DLMS®/COSEM [Go to Page]
- I.1 Ephemeral Unified Model C(2e, 0s, ECC CDH) scheme
- I.2 One-Pass Diffie-Hellman C(1e, 1s, ECC CDH) scheme
- I.3 Static Unified Model C(0e, 2s, ECC CDH) scheme
- Annex J (informative) Exchanging protected xDLMS APDUs between TP and server [Go to Page]
- J.1 General
- J.2 Example 1: Protection is the same in the two directions
- J.3 Example 2: Protection is different in the two directions
- Annex K (informative) Significant technical changes with respect to IEC 62056‑5‑3:2017
- Bibliography [Go to Page]
