Firmware

By RIOD Engineering · June 23, 2026

BLE User Management for EV Chargers

Bluetooth Low Energy is the reliable answer to charger access when the network is not: apartment basements, remote sites, or any situation where the phone and the charger need to talk directly.

This is what a production-grade BLE user management stack looks like in charger firmware.

BLE User Management for EV Chargers

GATT service design

Four characteristics on a single GATT service: auth (challenge-response), session control (start/stop), telemetry (energy, duration, error state), and user provisioning (add/revoke keys). Simple enough that any competent mobile developer can integrate; specialized enough that random BLE scanners can't do anything useful with it.

Characteristic-level access is protected: only authorized clients can write to session control or provisioning; telemetry read is public once authenticated.

HMAC challenge-response security

Every session start begins with a challenge from the charger and a response from the phone. The response is HMAC(user_key, challenge_nonce). No replay possible (nonce is fresh); no impersonation possible (user_key is per-user).

Keys are provisioned during onboarding via a secure channel (cloud → phone → BLE to charger). Revocation propagates the next time the phone or charger syncs. Compromised keys can be rotated without touching charger firmware.

Provisioning and revocation offline

New users can be added via an admin phone in physical proximity (BLE only, no cloud needed), critical for standalone basement deployments. Revocation happens the same way, or via cloud sync when connectivity is available.

The charger holds up to N user keys locally (typically 500-1000). At full capacity, oldest-inactive is rotated out. For very large user bases, a cloud-authenticated model is more appropriate; BLE-only fits sites with a bounded user population.

Shipped in production

RIOD PowerPod chargers ship with this BLE stack. It's proven in Indian residential deployments where cellular in basements is guaranteed to be terrible. Same stack available under firmware engagement for OEMs building on ESP32 or similar hardware.

Offline revocation risk

Revocations only reach the charger when the phone or the charger syncs to the cloud. For sites that stay offline for long periods, that gap is a real security consideration. Mitigation: give local keys a defined expiry, so a revoked user cannot use their old credential indefinitely, and require periodic sync on the admin side so revocations propagate promptly.

Security checklist

  • Per-user keys, never a shared secret across the fleet
  • Nonce-based challenge-response so captured traffic cannot be replayed
  • Signed commands from the phone with the user's key
  • Key rotation supported without breaking active users
  • Admin audit log for provisioning and revocation actions

Capacity planning

  • Local key limit per charger (typically 500 to 1,000)
  • Expected user count per site (apartment or workplace)
  • Guest access capacity separate from resident/employee capacity
  • Admin recovery path if the local key store gets corrupted

Deploying EV charging?

Talk to our team about your project. We design, supply, and manage EV charging infrastructure across India.

Schedule a meeting