Abstract

The Plug-and-Charge (PnC) standard defined in ISO 15118 facilitates simple Electric Vehicle (EV) charging with modern Charge Points (CPs). When drivers plug in their EV into a CP, the EV authenticates itself to the CP with a so-called contract certificate. Then, the CP automatically initiates charging and billing. In this paper, we identify gaps in PnC regarding the installation process of the contract certificate in EVs.We propose an alternative approach based on modern extensions of OAuth 2, i.e., OpenID Federation with a Device Authorization Grant and a Rich Authorization Request. We perform a symbolic protocol verification using the Tamarin prover to prove security, provide an open-source implementation to demonstrate the feasibility of the concept, and evaluate the performance of the prototype. The new approach is more user-friendly, more secure, and features a less complex EV charging authorization than existing solutions. The proposed cross-device authorization flow can also be applied to use cases beyond EV charging where users authorize IoT devices from a trusted smartphone.

Link: https://ieeexplore.ieee.org/document/11176043

Citation: Jonas Primbs, Dustin Kern, Michael Menth, and Christoph Krauß. 2025. Streamlining Plug-and-Charge Authorization for Electric Vehicles with OAuth 2 and OpenID Federation. In IEEE Access, https://doi.org/10.1109/ACCESS.2025.3613667