Offline

By RIOD Engineering · July 3, 2026

Offline Authorization and Store-and-Forward Billing for EV Chargers

When the charger is offline, the wrong architecture loses revenue. The right architecture records every session with sufficient integrity that no revenue is lost, no session is duplicated, and no unauthorized user can slip through.

This is what offline authorization and store-and-forward billing look like when they're engineered correctly.

Offline Authorization and Store-and-Forward Billing for EV Chargers

Local authorization list

The charger holds a local list of authorized users (RFID cards, BLE keys, whitelist entries). Additions and revocations come from the cloud when connected, but the list is complete enough to work standalone.

The list has a version number; on reconnect, the CMS diffs its authoritative list against the charger's version and sends only the changes. A charger offline for a month doesn't waste bandwidth re-downloading a full user database.

Transaction journaling

Every session is journaled to NVS with StartTransaction, all MeterValues, and StopTransaction, exactly as OCPP requires. The journal survives power loss with dual-write and CRC.

On reconnect, the journal replays to the CMS as-if the events had happened live. Timestamps are preserved so billing and reporting see the actual times, not the reconnect time.

Sync and reconciliation

The CMS accepts the replayed transactions, matches them to driver accounts, and applies tariffs at the historical rate. Reconciliation confirms totals: journal delta equals CMS transaction delta.

Any anomaly (missing MeterValues, duplicate transaction ID, timestamp out of range) triggers a reconciliation ticket. Operations reviews it before it's included in settled revenue. Silent errors don't reach billing.

Fraud and duplicate protection

Signed session records so a spoofed phone can't inject fake transactions. Sequence numbers per charger so a lost record is detected on sync (a gap in the sequence). Idempotent transaction handling at the CMS so a retry of the same record doesn't double-count.

Offline mode isn't a security hole. It's a correctness engineering problem with a well-defined solution.

Offline billing requirements

  • Signed session journal on the charger (per-charger key)
  • Monotonic sequence numbers so gaps and duplicates are detectable
  • A reliable timestamp source (RTC with battery backup, corrected on sync)
  • Duplicate prevention on replay
  • Tariff snapshot stored with each session so historical prices reconcile correctly

Reconciliation state machine

  • Pending sync: session recorded on charger, not yet uploaded
  • Synced: record received by CMS, awaiting processing
  • Disputed: mismatch between charger claim and CMS expectation
  • Settled: reconciled, billed, and posted to finance
  • Manually reviewed: flagged for operator attention (unusual pattern or gap)

Fraud cases to defend against

  • Replay attack: signed nonce prevents reusing an old session record
  • Duplicate session: sequence number gap detection at the CMS
  • Revoked user offline: local key expiry limits window of unauthorized use
  • Modified timestamp: RTC drift detection during sync

Deploying EV charging?

Talk to our team about your project. We design, supply, and manage EV charging infrastructure across India.

Schedule a meeting