PKI solution from secunet meets smart meter requirements set by the BSI

In future energy networks, smart meters (intelligent measurement systems) measure energy consumption and send the information to the energy supplier in encrypted form. This infrastructure also aims to enable new applications such as dynamic tariffs. Certificates are used to ensure that communication is secure and that the smart meter gateway and market participants are authenticated. A Public Key Infrastructure (PKI) is required in order to create, use and manage the certificates.

In order for smart metering solutions to be implemented in Germany, a PKI with a special profile needs to be deployed in accordance with the associated BSI Guideline TR-03109. The technical and organisational requirements for implementation of the CA (Certification Authority) are prescribed by the BSI. A root CA provided by the BSI acts as the trust anchor in the infrastructure. Sub-CAs are established underneath this to control the issuing and management of certificates to market participants, such as energy suppliers, network operators and smart meter gateways.

secunet has implemented the corresponding requirements from the Guideline and associated Certificate Policy in its PKI, and has now successfully tested the use of this PKI as a sub-CA underneath the smart meter beta root CA for which the BSI is responsible. This has cleared the way for the rollout of the planned smart metering solutions from energy suppliers with the secunet PKI.

As such, operators of smart meter gateway administrator solutions can use the PKI as a sub-CA in order to create and manage certificates for smart meter gateways (including quality seal certificates) and for external market participants. The PKI is also suitable for Home Area Network (HAN) certificates.