MOC S1SP Certification Authority
from Smart DCC
Grant of Approval
tScheme Limited grants approval to the electronic trust service identified as:
Middle Operating Capability SMETS1 Service Provider CA Service.
as supplied by:
Smart DCC Ltd
17 Rochester Row, London SW1P 1QT
The management system used to deliver this service is certified by:
LR Lloyd's Register Quality Assurance Ltd.
of Trinity Park, 1 Bickenhill Lane, Birmingham B37 7ES
to satisfy the criteria defined in the following tScheme Approval Profiles:
| Title | Identity | Issue |
| Base Approval Profile | tSd0111 | 3.02 |
| Approval Profile for a Certification Authority* | tSd0102 | 3.03 |
| Approval Profile for Certificate Generation* | tSd0104 | 3.03 |
*not including Qualified Certificates
This approval initially commenced on:
18th October 2023
Documents supporting this grant are available by clicking on the links in the table above.
This Grant of approval is issued by:
tScheme Limited
Mulberry Grove
PO Box 3653
WOKINGHAM
RG40 9NN
United Kingdom
Company Number 4000985
Approved Service Description
This tScheme approval covers a PKI scheme operated by Smart DCC Ltd (and its subcontractors). The scheme is known as the ‘Middle Operating Capability SMETS1 Service Provider CA Service (MOC S1SP PKI)’. It enables Smart DCC to identify, and communicate securely with, smart meters installed in the early stages of the smart metering programme, which (in the absence of national infrastructure) could only communicate with the energy supplier that installed them.
In technical terms, the PKI facilitates the regular exchange of information between a Head End System, operated by Smart DCC, and the Comms Hub which serves as the entry point for the smart meter installation in each home. A Home Area Network links the Comms Hub to the meters.
The MOC PKI scheme uses “Elliptic Curve Diffie Hellman (ECDH)” algorithm with ephemeral key pair (ECDHE) and provides secure key exchange without requiring transport security. The encryption technique is also aligned to
- NIST Smart Grid Guidelines
- NSA Suite-B Cryptoography Specification
- Federal Information Processing Standard (FIPS) - 140-2 (level 2 and level 3)
Smart DCC’s MOC service, the MOC service is provided by Secure Meters and their PKI Service is a ‘closed’ PKI and is only accessible to the MOC for their own use. The PKI is not made available for public use.
The MOC PKI Service only issued Certificates to internal embedded IoT devices (SMETS1 Devices) manufactured and supplied by MOC such as smart meters, home / industrial control devices and gateways.
MOC is the only Relying Party and the only Subscribers in relation to the SMETS1 PKI Service.
MOC’s SMETS1 PKI Service is used internally for issuance of Certificates to support a secure communications infrastructure for their Customer’s SMETS1 Devices as per MOC’s general security commitments within their respective Customer contracts.
The MOC’s SMETS1 PKI Service issues Certificates for the purposes of:
- The creation, sending, receipt and processing of communications to and from SMETS1 Devices and HES in accordance with or pursuant to their contractual arrangements with their Customers and the Smart Energy Code (SEC), which will further include:
- Symmetric key generation (Digital Signature, Key Agreement).
- Code signing (Digital Signature, Non-Repudiation, Code Signing).
- TLS Communication (Digital Signature, Key Agreement, TLS Web Client Authentication, TLS Web Server Authentication); and
- Authentication and Non-Repudiation of MOC SMETS1 Devices (Digital Signature, Non-Repudiation, Key Encipherment, Data Encipherment, Key Agreement, TLS Web Client Authentication, TLS Web Server Authentication).
It should be noted that the MOC’s SMETS1 PKI Service does not support Certificate status i.e., Certificates cannot be revoked and a CRL or ARL is never published.
MOC’s SMETS1 PKI Services are operated from within internal networks and servers of MOC, that reside within secure data centers. There are no internet facing elements of the MOC SMETS1 PKI Service.