Hacker News new | past | comments | ask | show | jobs | submit login

Thank you! That's pretty cool. The proposed changes actually will fix this glaring omission:

> Limited Security – by only validating SECC TLS cert is from a trusted issuer, one charger’s compromised private key compromises the entire region

And I like the simplification. Instead of relying on validating contracts, the charger provider will simply rely on signed "metering receipts" from the car. Each car has its own private key (presumably in some hardware-hardened storage), and the charging network can just associate the payment details with the public key of the car.

The provider can use the receipts as a proof that the car has indeed used the charging equipment. And the receipts are sent periodically during the charging process, so the charger can terminate the session if there's a discrepancy between the station's and the car's accounting.

Nice and neat.

Edit: and this also can easily work offline. The networks can just sync the list of approved public keys to chargers with the corresponding credit balances. It'll require account setup with each network, but if you have to do it once, it's not _too_ bad.




FWIW, if the manufacturer does it right, it could theoretically do the sync once with your car and have it authenticate with a lot of different networks that participate in that same partnership. Otherwise, it'll just be a one-time setup the first time you charge.

For example, Ford has this "Blue Oval" network concept, so any charger network that is a part of that would trust that without necessarily needing me to associate my individual car identity.

Honestly though I'm kind of a fan of just having a credit card reader on the dispenser. Its way easier if I want to choose a different payment method for a particular charge, and honestly it is not that much additional work to plug in, tap a credit card or phone, and then it starts charging. Its adding like 10-30 seconds to a 10min+ transaction.


Oh, for sure. There's a lot of possible workflows. E.g. a car can present the provider's login screen on the dashboard.

> Its way easier if I want to choose a different payment method for a particular charge, and honestly it is not that much additional work to plug in, tap a credit card or phone, and then it starts charging. Its adding like 10-30 seconds to a 10min+ transaction.

Credit card readers are a PITA, and they need connectivity. More importantly, the ISO 15118 protocol can be used with wireless charging! Imagine just parking at a designated spot, clicking "confirm" on the car dash, and walking away. The car can even align itself with the charging coils.


> Credit card readers are a PITA, and they need connectivity.

EVV transactions can be done offline. It depends on the issuer if it's allowed.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: