Ampcontrol ensures the highest security standards for OCPP connections, protecting data and verifying system authenticity
Ampcontrol secures OCPP communications with TLS (Security Profile 2), encrypting data during transmission. Mutual TLS (mTLS) authentication (Security Profile 3) ensures mutual verification of central systems and charge points, preventing interception and unauthorized access.
Mutual TLS authenticates both central systems and charge points with digital certificates, safeguarding against man-in-the-middle attacks. Ampcontrol leverages Public Key Infrastructure (PKI) to validate certificates through trusted Certificate Authorities (CAs), ensuring both message integrity and non-repudiation.
Ampcontrol secures WebSocket connections and supports VPN use, reducing vulnerabilities by preventing open ports for inbound traffic. Cloud software is safeguarded through HTTPS, TLS 1.3, SSO with 2 step verification. Admins utilize Role-Based Access Control (RBAC), allowing role-specific access to reduce potential exposure to unauthorized users.
Ampcontrol supports Security Profile 2 (Secure Transport Layer - TLS) and Security Profile 3 (Mutual TLS - mTLS) for OCPP connections. These profiles enable secure, encrypted data transmission and mutual authentication between charge points and the central system.
Security Profile 2 uses HTTPS and TLS protocols to encrypt data, preventing interception during transmission. This profile includes server-side authentication, where the charge point verifies the identity of the central system to ensure it’s connecting to an authorized source.
Security Profile 3, which uses Mutual TLS (mTLS), enables mutual authentication, meaning both the central system and charge points verify each other’s digital certificates. This two-way authentication prevents unauthorized access and helps guard against man-in-the-middle attacks.
Ampcontrol leverages PKI to issue and validate digital certificates through trusted Certificate Authorities (CAs). This approach ensures that both the central system and charge points communicate securely, confirming data origin and message integrity.
Ampcontrol uses secure WebSocket connections to safeguard data transmission between chargers and the central system. Additionally, Ampcontrol supports secure VPN connections to avoid the need for open ports, enhancing security and reducing vulnerability to attacks.
Ampcontrol employs Role-Based Access Control (RBAC) for admin users. RBAC restricts user access based on roles, ensuring that only authorized users can access sensitive functions and reducing the risk of unauthorized access within the platform.