52
•
Collector password for electrical interface (only read of data);
•
Management password for optical interface (read of data and parameterization);
•
Management password for electrical interface (read of data and parameterization).
Password is limited to a sequence of 8 ASCII symbols.
A system of prevention from password guessing is implemented. If the meter registers more than
four cases of entering wrong password in sequence, optical communication interface is blocked for
24 hours. During this time the meter does not accept even the correct password.
Passwords are write-only. Password can be changed only by providing old password via
communication interface or password can be erased by special command only after opening of
main cover. In that case registered (stored) data is kept non-violated.
13.2.3
Encryption and Authentication
In case public communication channel (e.g. PLC) is used for remote meter readout and/or
parameterization, it is highly recommended to enable High Level Security (HLS) in the meter. HLS
allows mutual authentication of the client (Central System) and the server (meter) participating in
the communication session, as well as encryption of data transmitted. Authentication and
encryption is implemented in meter according to DLMS/COSEM protocol specifications.
The
Galois/Counter Mode (GCM) with AES-128 coding is employed as cryptographic algorithm. Meter
contains the following keys:
•
Encryption key for Collector client (only read of data);
•
Authentication key for Collector client (only read of data);
•
Encryption key for Management client (read of data and parameterization);
•
Authentication key for Management client (read of data and parameterization);
•
Encryption key for Firmware update client;
•
Authentication key for Firmware update client;
•
Master key for wrapping of encryption keys and authentication keys.
Keys are 16 byte long write-only. For delivery, they are wrapped using the AES-128 key wrap
algorithm and the master key. Individual master keys for each meter are generated at the factory
and delivered to the customer in the form of encrypted file. After High Level Security was enabled
in the meter, it cannot be downgraded to Low Level Security, without opening main cover of meter.
13.2.4
Firmware/hardware identifiers
Each meter is identified by a unique meter serial number, which is presented on the nameplate
(see Figure 5-3), as well as available on LCD display and communication interfaces (OBIS = 0.0.0
and OBIS = C.1.0).
Furthermore, meter hardware is identified by meter type (OBIS = C.1.1) and ordering code (OBIS
= C.1.2). Meter type and ordering code are presented on the nameplate (see Figure 5-3).
Firmware of the meter is identified by firmware version, which is hardcoded into the meter firmware
and can be readout via communication interfaces (OBIS = 0.2.0). Furthermore, meter verifies
periodically the check sum of the firmware (OBIS = C.70.0) and registers internal error in case of
corrupted check sum (see chapter 11.4.1).
13.2.5
User’s identifiers
There can be written two user’s identifiers (OBIS = 0.0.1 and OBIS = 0.0.2) into the GAMA 100
meters. Every identifier is a string of up to 16 ASCII symbols. Identifiers are set by means of
parameterization software.
13.2.6
Blocking of optical communication interface
Meter blocks optical interface for parameterization only. Parameterization is prohibited via optical
interface at all time. Interface can be unblocked.
It is done, when meter enters service display
sequence by pressing sealed push-button. Note, that pressing the sealed push-button,
Summary of Contents for G1B Series
Page 2: ......
