HCC’s Transport Layer Security (TLS) or Datagram Transport Layer Security (DTLS) is a highly optimized software module designed to provide secure network communications for embedded devices. The software is developed using a rigorous adherence to MISRA C:2004 and is available with a full MISRA compliance report. The importance of using a strong development process and source code control has been emphasized by a number of high-profile security problems caused by source code errors. Network security requires a high degree of quality and traditional methods of ‘freestyle coding’ and test do not provide sufficient guarantees of correctness.

Offered TLS/DTLS is a framework for secure communication in computer networks, based on the TCP/IP or UDP protocols. The module supports Secure Sockets Layer (SSL) 3.0 but this is deprecated as TLS 1.2 is the recommended standard. The TLS and DTLS module forms part of HCC’s MISRA-compliant TCP/IP stack and is designed specifically for use with it.

This module provides three options:

• TLS interfacing to either HCC’s MISRA-compliant TCP or to a TCP Sockets interface.
• DTLS interfacing to either HCC’s MISRA-compliant UDP or to a UDP Sockets interface.
• TLS interfacing to HCC’s EAP-TLS module (EAP is the Extensible Authentication Protocol). The EAP-TLS module interfaces to the TLS RAW interface.

The TLS/DTLS implementation can be used as client or server (host). The module provides the following guaranteed capabilities, regardless of the components that lie beneath it:

• Privacy – it ensures that nobody else can read the message.
• Authenticity – it ensures that each party really is talking to the peer they think they are talking to.
• Integrity – it ensures that the data payload has not been modified/tampered with.

Note: You may not require all three of the above capabilities for all use cases; We can advise on this.

EAP-TLS

The module uses HCC’s Embedded Encryption Manager (EEM) to provide encryption and certificate management.

The TLS RAW interface can be used to interface TLS to HCC’s EAP-TLS module.

Features

• Conforms to the HCC Advanced Embedded Framework.
• Designed for integration with both RTOS and non-RTOS based systems.
• MISRA-compliant. A full MISRA compliance report is provided and, for specialized applications, a full UML description is available that can be licensed as a separate component.
• Designed for microcontrollers, ensuring a low memory footprint. This is typically around 20 KB of ROM or 8 KB of RAM.
• Typically uses a standard Sockets interface, allowing easy integration with many embedded applications.
• Supports TLS 1.0, 1.1 and 1.2 (RFC 5246) and SSL 3.0 and is verifiable.
• Supports DTLS version 1.2 (RFC 6347) and version 1.0 (RFC 4347).
• Supports HCC’s EAP-TLS module (through its RAW interface).
• Supports heartbeat extensions (RFC 6520).
• Supports HTTP over TLS (RFC 2818).
• Provides HTTP or FTP Server support for HTTPS and FTPS implementations, or for connection to any other secure client or server application.
• Uses HCC’s Embedded Encryption Manager (EEM) to provide full certificate management.
• Supports all the algorithms supported by the EEM, including AES, 3DES, DSS, EDH, MD5, RSA, SHA-1, SHA-256, SHA-384, and SHA-512. These acronyms are expanded below.
• Supports all the mandatory cipher suites required by different versions of TLS.
• Supports Elliptic Curve Cryptography (ECC) (RFC 4492).
• Supports Authenticated Encryption with Associated Data (AEAD).

The supported algorithms are:

• Advanced Encryption Standard (AES).
• Digital Signature Standard (DSS).
• Elliptic Curve Digital Signature Algorithm (ECDSA).
• Ephemeral Diffie-Hellman (EDH) algorithm.
• Message Digest Algorithm 5 (MD5).
• RSA Signature Algorithm (RSA).
• Secure Hash Algorithm SHA-1, SHA-1 HMAC, SHA1-HMAC-96, SHA-256, SHA-384 and SHA-512). (HMAC stands for Hash Message Authentication Code.)
• Tiger/128, Tiger/160, Tiger/192 and Tiger/192 HMAC.
• Triple Data Encryption Standard (3DES).

For more information, licensing details, price quotation requests, please contact us via contact form or directly: sales@jpembedded.eu, +48 601 088 970.

Garibaldi Key Distribution and Management System is designed for utilities looking for a secure data transfer over wide area networks. Key distribution and access control mechanisms enables security for routable GOOSE and routable Sampled Values in IEC 61850 and DNP3 (Sav6 and AMP) networks.

Garibaldi supports GDOI protocol (specified by RFC 6407) used for key negotiation between IED and Group Controller/Key Server (GCKS). End-to-end cybersecurity is implemented according to the guidelines specified in the IEC 62351-9 standard.

Garibaldi Management System is supplemented by the intuitive web application that allows diagnosing of the system, datastream usage, importing SCL file, management certificates and statistics tracking.

Garibaldi solution:

• Manages large numbers of 61850 multicast group’s (Group Members / Devices / Apps) key.
• Distributes symmetric keys via PULL, PUSH, and multicast-PUSH mechanisms.
• Operates in centralized or de-centralized environments.
• Generates individual keys per DataStream (increases security).
• Follows cybersecurity recommended by IEC 62351-9.
• Manages system enrollment allowing revocation.
• Manages access control for DNP3 SAv6 and AMP.
• Is easy to use thanks to the dedicated web application.

Apart from Garibaldi solution JPEmbedded offers an IEC 61850 library supporting R-GOOSE, R-SMV communication with group member (GM) cybersecurity enabled. A fully-featured system including IEC 61850 IED from JPEmbedded, KDC (Garibaldi) and protection relays from GE was presented at the IEC 61850 IOP 2019 event in Charlotte and at DistribuTECH 2020.

For more information, licensing details, price quotation requests, please contact us via contact form or directly: sales@jpembedded.eu, +48 601 088 970.

JPEmbedded’s JPE 61850 – papilio gateway is a cost-saving, hardware solution allowing integration of various IoT (Internet of Things) devices and IEDs (Intelligent Electronic Devices) with the grid. The product is available as an electronic module to integrate into own device.

Key features:

• Conversion of MQTT, Modbus RTU, Modbus TCP and IEC 60870-5-103 to IEC 61850.
• Certified IEC 61850 stack.
• Full IEC 61850 support including MMS, GOOSE, and SV communication.
• User-friendly configuration interface.
• Connection of a multiple devices to the IEC 61850 network at the same time (one-to-many).
• Low-cost solution.
• Intuitive, fast configuration and mapping with our Drosera application.

If you would like to know more about our IEC 61850 gateway you can download the product datasheet here.

For more information or price quotation requests, please contact us: sales@jpembedded.eu, +48 601 088 970.

JPEmbedded’s JPE 61850 – apis enables communication between the Intelligent Electronic Devices (IED’s)operating in IEC 61850 networks and other devices which do not support this standard. It converts the most popular protocols like Modbus, 60870-5-103, 60870-5-104, DNP3, MQTT, Profinet to IEC 61850. Gateway may be ordered as a standalone product, easily mountable at din-rail or, as a hardware module to integrate in the device.

IEC 61850 is an international standard describing data model and communication services for power grid devices. IEC 61850 improves interoperability between systems provided by diverse manufacturers.

Key features:

• Conversion of various protocols (Modbus RTU, Modbus TCP,IEC 60870-5-103, IEC 60870-5-104, DNP3, MQTT, Profinet) to IEC 61850
• Certified IEC 61850 stack
• Support of MMS, GOOSE and SV communication
• Secure communication according to IEC 62351
• Different physical interfaces: CAN, I2C, SPI, RS 485, Ethernet
• Manageable switch with two ports

Gateways:

• IEC 60870-5-103 to IEC 61850 gateway
• IEC 60870-5-104 to IEC 61850 gateway
• Modbus TCP/RTU to IEC 61850 gateway
• DNP3 to IEC 61850 gateway
• MQTT to IEC 61850 gateway
• Profinet to IEC 61850 gateway

If you would like to know more about our JPE 61850 – apis you can download product datasheet here.

For more information or price quotation requests, please contact us: sales@jpembedded.eu, +48 601 088 970.

Crabro Power is a dedicated platform designed to facilitate the development of technologically advanced products for smart energy grids. This is a comprehensive solution that seamlessly integrates essential communication protocols, including IEC 61850 and DNP3, along with robust cybersecurity support compliant with IEC 62351 standard. With OpenPLC integrated on the separate core of the device, user can program dedicated, product specific logic. Built-in web server and intuitive engineering tool makes programming, customization and configuration of the device very simple. With these foundational features already in place, developers can focus on creating their own custom applications on top of the Crabro Power platform. The use of Crabro Power significantly reduces development costs and accelerates time-tomarket for Intelligent Electronic Devices (IEDs).

Supported protocols:

• IEC 61850
• IEC 60870-5-101
• IEC 60870-5-103
• IEC 60870-5-104
• DNP3 TCP & serial
• ModbusTCP/RTU
• MQTT
• PUB/SUB (used by Google Cloud Platform)
• PRP & HSR redundancy

If you would like to know more about our Crabro Power platform you can download product datasheet here.

For more information or price quotation requests, please contact us: sales@jpembedded.eu, +48 601 088 970.

Lightweight, highly configurable, platform agnostic, delivered as a source code IEC 61850 library for embedded devices.

IEC 61850 is an international standard describing data model and communication services for power grid devices also known as IEDs (intelligent electronic device). Main protocols specified by the standard are MMS (Manufacturing Message Specification), GOOSE (Generic Object Oriented Substation Event), and SV (Sampled Values). Beside generic functionality of power systems, IEC 61850 defines profiles like 61850-7-420 for distributed energy resources (DER)) or hydroelectric power plants which are defined in IEC 61850-7-420.

IEC 61850 library by JPEmbedded exhibits object-oriented design and is implemented in C ++ language. This hardware platform independent solution, is easy to integrate on any device with or without operating system. Other advantages of our product are its high configurability in terms of functionality and resources used, and very low memory footprint which is especially important for embedded devices. Depending on data model and functionality of the specific device memory usage could be as low as 240kB of Flash and 150kB of RAM. Library supports 2nd edition of the standard.

The main components of the solution are: IEC 61850 core library, hardware abstraction layer (HAL), configuration module and user application (please refer to the ‘61850 library architecture’ picture in the product gallery below). Core library implements bulk of the functionality specified by the standard. It handles data model initialization and access APIs, handling of data sets, control blocks and control model. Hardware Abstraction Layer (HAL) also known as ‘driver’ provides abstraction of hardware platform and operating system (if used). This layer implements well defined API used by the core library for handling TCP/IP connections, transmission of Ethernet frames, thread creation and synchronization, timers and file system access. Configuration file configures library to meet the needs of specific device or application. User application realizes logic specific for given device (e.g. protection relay or merging unit functionality). User application is a top level component, usually implemented by the customer. It initializes IEC 61850 library and defines user specific callback functions. Library is delivered as a source code and it features royalty-free licensing model.

Implemented features:

• MMS server.
• Object oriented data model.
• Data sets.
• Reporting (buffered & unbuffered).
• GOOSE (subscriber & publisher).
• R-GOOSE (routable GOOSE).
• Sampled Values (subscriber & publisher).
• R-SMV (routable Sampled Values).
• Control Model.
• Logging.
• Substitution.
• Setting groups.
• Cybersecurity (IEC 62351).

Compliance of JPEmbedded’s library with EN 61850 standard has been confirmed by a certificate issued by Instytut Energetyki in Gdańsk. The certification process was implemented thanks to the European Regional Development Fund.

To request a FREE EVALUATION version of the library, please send us an e-mail containing information about the target platform microcontroller and operating system. For more information, licensing details, price quotation requests, please contact us directly: sales@jpembedded.eu, +48 601 088 970

IEC 61850 has been created by IEC Technical Committee 57 which is responsible for development of standards for information exchange for power systems and other related systems including Energy Management Systems, SCADA, distribution automation & teleprotection.

Inter-Control Center Communications Protocol (ICCP) also known as TASE.2 is the standard that defines communication between control centers, utilities and power pools. Since TASE.2 and IEC 61850 both use the MMS communication protocol, a significant part of the source code is shared by both products. The library architecture is comprised of a core component, which implements functionality defined by the standard and platform abstraction layer (aka ‘driver’). Using this approach, the library can easily be ported to different platforms. Currently, Windows (7, 8, 10) and Linux are supported. The library design is object oriented, C++ was used for implementation, but C or Java language API could be provided if requested by the customer. JPEmbedded’s solution supports both the server and client side of communication. An encrypted secure channel based on TLS protocol in accordance with the IEC 62351 standard is also an option.

To request a FREE EVALUATION version of the library, please send us an e-mail containing information about the target platform microcontroller and operating system. For more information, licensing details, price quotation requests, please contact us directly: sales@jpembedded.eu, +48 601 088 970

DNP3 is one of the most popular protocols used for communication between control centers (e.g. SCADA systems) and intelligent electronic devices (IEDs) installed at substations. In addition to the traditional electric utilities, it is also used in hydropower companies or gas suppliers.

The DNP protocol was created in 1990 by Westronic, Inc. (now GE Harris). The standard has been designed on the basis of 60870-5-101:2003 with the addition of specific functionality needed for North American applications. Currently DNP3 is an open and public protocol, maintained by the Users Group. The latest version of the standard IEEE Std 1815-2010 was released in 2012.

DNP3 library implemented by JPEmbedded is easily portable to any device with or without an operating system. It supports both, outstation and master side, serial and TCP operation modes. The implementation in C++ language takes into account requirements specific for embedded platforms, which are:

• resource efficiency,
• high configuration flexibility,
• HW platform independence.

DNP3 library supports level 3 interoperability and the following features:

• static data points (class 0),
• events (class 1-3),
• reading / writing of data objects,
• control operations,
• data freeze,
• cybersecurity (IEC 62351).

The main components of the library are DNP3 core library, hardware abstraction layer (HAL), configuration file, master application, and outstation application (please refer to the enclosed picture). Core library implements the bulk of the functionality specified by the standard and it is common for outstation and master. It handles data access, generation of events and control model. HAL provides an abstraction of hardware platform and operating system (if used). The configuration file defines a set of macro-definitions which enable or disable selected features of the library, customize it’s behaviour and configures resource (e.g. RAM) utilization by specifying the size of buffers used for reporting or maximum number of instances of some type e.g. data sets. Outstation / Master application realize logic specific for a given device and is usually implemented by the end-user of the library.

To request a FREE EVALUATION version of the library, please send us an e-mail containing information about the target platform microcontroller and operating system. For more information, licensing details, price quotation requests, please contact us directly: sales@jpembedded.eu, +48 601 088 970.

IEC 60870-5-101 is a standard for power system monitoring, control, and associated communications for telecontrol, teleprotection, and telecommunications for electric power systems. It uses a standard asynchronous serial interface and is designed to be used on systems where there are permanent direct connections between the controlling station and the controlled device.

IEC 60870-5-101 software library by JPEmbedded is platform-independent and can be used with or without an operating system (bare metal application). The library features a low memory footprint. Due to the features listed above it is suitable to be used on the STM32 range of products.

The IEC 60870-5-104 library is implemented in C++, but we offer various APIs, including C.  The library is provided as source code.

To request a FREE EVALUATION version of the library, please send us an e-mail containing information about the target platform microcontroller and operating system. For more information, licensing details, price quotation requests, please contact us directly: sales@jpembedded.eu, +48 601 088 970

The IEC 60870-5-104 is an international standard, released in 2000 by the IEC. The standard enables communication between a control station and substation via TCP/IP network. The application layer is based on the IEC 60870-5-101, and the communication on the client-server model.

Implementation of the 104 library offered by JPEmbedded includes server-side functionality. It is implemented in C++ in a way that allows it to be easily integrated into various hardware platforms with or without any OS. High configurability allows decreasing the size of the client’s executable, as only the selected subset of ASDUs enters the binary.

To request a FREE EVALUATION version of the library, please send us an e-mail containing information about the target platform microcontroller and operating system. For more information, licensing details, price quotation requests, please contact us directly: sales@jpembedded.eu, +48 601 088 970