RFID beim Laden: Flexibel freischalten – vom einfachen Badge bis zur High-Security-Lösung
E-Driving

RFID charging: Flexible activation – from simple badges to high-security solutions

How smart authentication prevents electricity theft and makes charging processes more convenient

Whether in a private carport, company parking lot, or hospital – RFID cards make unlocking charging sessions convenient and reliable. Unencrypted systems score points with their ease of use and quick integration, while encrypted versions, such as the solutions from Legic, are in demand where security and protection against counterfeiting are paramount. Depending on the application, a charging infrastructure can be created that offers the right balance between convenience and security.

Table of Contents

  1. When an official ID card opens doors, pays for the coffee, and starts the load
    An everyday scene from the hospital shows how a well-designed RFID unlocking solution combines comfort and security.
  2. What is RFID and how does it work?
    How radio identification works, which standards are relevant, and what requirements a wallbox must meet.
  3. Unencrypted or encrypted? Two approaches, two strengths
    Differences between open and encrypted systems – and when each variant makes sense.
  4. What happens when the wallbox is activated?
    How the technical process works in the background
  5. Case study Legic: from system architecture to everyday clinical practice
    How the interplay of hardware and software ensures reliable authentication – and why this is convincing in everyday hospital life.
  6. From hospital to company parking lot – application scenarios for different environments
    Why the combination of unencrypted and encrypted access is ideal for many operators
  7. Organizational and safety aspects
    Map management, offline vs. online verification, data protection and cybersecurity in operation
  8. Outlook: Technological advancements
    Future trends such as smartphone as a badge, plug & charge, and integration with identity management.
  9. Why activation is more than just a technical detail
    Why trust, efficiency and security make the difference – and what that means for operators

1. When an official ID opens doors, pays for the coffee, and starts the load

A nurse parks her electric car on the hospital grounds, holds her employee ID badge to the wallbox in the staff parking area as usual – and the JUICE CHARGER me 3 starts charging immediately. No additional authentication process, no app, no QR code. Unlocking can be this simple: with a badge that also grants access and serves as a payment method for the cafeteria. For the hospital and its staff, it's security and ease of use combined.
RFID-based activation combines user-friendliness with security-critical requirements. But how does it work technically? Is encryption always necessary? What are the consequences for operating with both methods?

2. What is RFID and how does it work?

RFID stands for Radio Frequency Identification . An RFID system typically consists of at least two parts: a transponder (card, key fob, or badge) and a reader (which is integrated into the wallbox). During contactless reading, a small electronic interface is activated wirelessly, which then transmits an identification number.

Important terms:
  • Transponder = chip/badge containing an identity.
  • Reader = reading device in the charging station.
  • NFC (Near Field Communication) = short-range wireless communication; supported by many cards and smartphones.
  • ISO 14443 Proximity = international standard for RFID in close proximity (up to approx. 10 cm) – commonly used for NFC cards or contactless smart cards such as MIFARE.
  • ISO 15693 Vicinity = Standard for long-range RFID (up to approx. 1 m) – is mostly used for identification systems with a greater range, such as for access control or industrial applications; some visitor badges work this way.

RFID is therefore the interface – how well this interface is protected against misuse depends on the technology used.

3. Unencrypted or encrypted? Two approaches, two strengths

Unencrypted systems – easier to integrate

For many simple implementations, it suffices to read the card's unique identifier (UID) and compare it to a list. This is quick and easy – but vulnerable: many cheap cards can be copied (cloned) or their UID can be spoofed. Technical attacks such as intercepting communications, replay attacks, or impersonation are possible if no cryptographic mechanisms are used.

Encrypted systems – significantly more secure

Encrypted cards (such as MIFARE DESFire or proprietary systems like Legic) use secret keys and cryptographic protocols. Instead of simply transmitting a static UID, they perform true authentication – often via a challenge-response process. This renders simple copying ineffective because attackers don't know the secret key. Many of these systems also offer mechanisms to protect against replay attacks , establish session keys , and encrypt communication.
Important: Not all cards with similar names offer the same level of security – some older standards (e.g., MIFARE Classic) are known to be insecure, while modern variants (DESFire, Legic advant) offer significantly stronger protection.

4. What happens when the wallbox is activated?

Activating a charging station typically involves three conceptually different steps: identification, authentication , and authorization. These three levels should be considered separately because each step has its own security requirements.

RFID Flowchart
Loading permission in an encrypted environment:

1) Identification (recognition): The user holds an RFID card to the reader. The reader (in the wallbox) recognizes the card, initiates a communication session, and reads an identifier (e.g., a UID – Unique Identifier ). This identification answers the question: Who or what is here?

2) Authentication (verification): The system checks whether the card is genuine and actually belongs to the claimed identity. In encrypted systems, this is often done using a challenge-response procedure.
a) Challenge (request): The reader sends a random number to the card as a verification task. This number is unique and prevents replay attacks.
b) Response: The card calculates a signed response from this unique value using its secret key and sends it back.
c) Verification (checking): The wallbox or backend checks the response against the expected value.

3) Authorization (rights check and release): If authentication is successful, the system checks which actions are permitted: Is the user authorized to charge at this charging point (or at all)? Is the charging process within the permitted time window? Which tariff applies? Based on the defined rules, release is granted, and the wallbox starts the charging process. This authorization check can be performed either locally on the device (whitelist) or centrally in the backend.

4) Logging: The process is stored in the system for billing, traceability and security analysis.

If the verification is performed offline on the device , the charger must securely store key material (e.g., in a hardware secure element ). If the verification is performed online via a backend , the charging station is usually connected via a protocol such as OCPP (Open Charge Point Protocol) – this enables centralized policies, blacklists, and real-time decisions. In principle, both options are possible with the JUICE CHARGER me 3.

5. Case study Legic: from system architecture to everyday clinical practice

Legic in the wallbox: Safety with a system

An example of secure and flexible integration is the solution from Legic. It combines secure hardware with an intelligent software platform . On the hardware side, each RFID badge or card contains a proprietary Legic chip with an integrated security key, which is authenticated via a compatible reader. In the wallbox, a proprietary microcontroller processes the data received from the RFID reader and converts it into a Modbus-compatible signal, which is transmitted to the charging electronics (JUICE CHARGE CONTROLLER). The security and communication logic (RFID/Legic) is thus separated from the actual charging and control logic. The software side includes a backend connection through which badges can be centrally managed and permissions granted or revoked. This means that if a card is blocked, it is invalid system-wide – whoever finds it cannot use it. However, every hospital employee with a valid badge can charge as usual.
If the Legic system is integrated into the JUICE CHARGER me 3, the wallboxes can read and process both common RFID standards (MIFARE Classic/DESFire) and encrypted Legic cards contactlessly. The relevant standards ISO 15693 and ISO 14443 are supported.

How Legic combines safety and comfort in everyday hospital life

In everyday hospital life, it becomes clear how this technology integrates seamlessly into existing systems – without additional cards or complicated processes.

Specific advantages in the hospital context:
  • No badge forest: Employees use the same badge they already use for doors or the canteen, now also for charging their vehicles – increasing ease of use.
  • Non-duplicable: Legic cards contain a secure hardware element with secret keys, making unauthorized duplication virtually impossible.
  • Fine-tuning & blocking: Centrally managed rights allow for immediate blocking of a lost card – the block can be distributed online or via regular synchronization to all charging stations.
  • Traceability: Charging logs (audit logs) record who charged when – this ensures transparency in billing and control.

In this way, an infrastructure is created that meets high security requirements without making everyday life more difficult.

6. From hospital to company parking lot – application scenarios for different environments

In areas with high security requirements – such as hospitals, data centers, or research institutions – investing in encrypted, centrally managed RFID systems is worthwhile. In many other scenarios, however, it is necessary to weigh costs against security needs. Here, hybrid architectures, i.e., systems that support both unencrypted and encrypted RFID cards, often offer the optimal balance between security, ease of use, and cost-effectiveness.

  • Companies with employees and guests: Employees use encrypted badges; guests are issued temporary, time-limited tokens (e.g., one-time cards, QR codes, or app tokens).
  • Residential complexes / apartment buildings: Residents receive secure, personalized cards; suppliers/tradespeople receive simple, time-limited tags.
  • Public charging points: Publicly accessible charging points can be activated via payment methods (payment terminals) or QR codes (QR Flow) , while charging stations for registered vehicle fleets are operated fully encrypted.

The advantage of hybrid systems is that they allow for a gradual transition. You can start with unencrypted, inexpensive readers and later easily switch to encrypted systems – provided the wallbox supports different card standards and the backend can process both types.

7. Organizational and safety aspects

While simple, unencrypted solutions are inexpensive and easy to operate, encrypted systems like Legic offer added value in environments with high security requirements (e.g., hospitals). For many operators, a hybrid approach makes sense: encrypted cards for permanent staff, time-limited tokens for guests.

Practical tips:
  • Card management: A secure and clearly regulated process for generating, issuing, and regularly renewing digital keys, as well as for issuing, replacing, and blocking charging cards, is crucial for system protection. A streamlined process reduces the risk of misuse and simplifies administration.
  • Offline versus online verification: A local (offline) whitelist ensures that activation works even in the event of network problems. Online verification, on the other hand, allows cards to be blocked immediately – for example, in case of loss.
  • Logging and data protection: Records (logs) are not only relevant for billing and traceability, but also for detecting attempted attacks or unusual behavior. Data protection should always be considered: It is recommended to store only necessary identifiers and to protect personal data through pseudonymization and targeted deletion. This way, security and data protection can be reconciled.
  • Cybersecurity: Built-in hardware security elements (security chips) in chargers increase the level of security. Furthermore, wallboxes should only boot original firmware (secure boot) and receive updates via protected channels. This ensures long-term operational reliability.

From a technical perspective, the combination of challenge-response authentication, secure key management, and robust backend integration ensures that charging infrastructure can be operated in a user-friendly and secure manner. For operators, this means: relying on multi-standard readers, managing keys securely, establishing clear processes for issuing and deactivating keys, and monitoring developments related to smartphone-based activation and ISO 15118.

8. Outlook: Technological advancements

Electric mobility is evolving, and with it, the charging infrastructure. What works with a card today could be handled by the car itself tomorrow.

  • Smartphone as a badge: Smartphones are increasingly replacing physical RFID cards. Charging can be started easily and contactlessly via NFC and secure apps with one-time tokens . Dynamic authorization concepts offer the possibility of granting time-limited or location-based access – ideal for visitors or car sharing.
  • Plug & Charge: With the ISO 15118 (Plug & Charge) standard, the vehicle itself becomes a digital identity. It authenticates automatically when plugged into the charging station – without a card or app. In the future, the car could handle not only authentication but also billing, thus becoming a universal access key for charging points, parking systems, or fleet management.
  • Integration with fleet and identity management: When fleet management, access control systems, and IT identities converge, an integrated management system is created. User management, billing, and station management, along with all other permissions, can be centrally controlled there. The charging infrastructure, together with the vehicle, backend, app, and identity infrastructure, thus becomes an integral component of a networked security and identity ecosystem.

This means that RFID remains an important component of access technology, but is increasingly becoming part of a larger whole. Those who rely on flexible, multi-standard-compatible systems today can prepare for these developments.

9. Why activation is more than a technical detail

At first glance, the question seems trivial: How do you start charging at a wallbox? But in the everyday life of companies, hospitals, residential developments or municipalities, it becomes a question of safety, convenience and operating costs.
The loss of an unencrypted badge poses the risk of electricity theft and other problems. A secure, encrypted ID card like Legic prevents this – and simultaneously simplifies use and management. The example from the hospital shows that it's not just about technology, but also about trust: in the reliability of the infrastructure, the protection of sensitive areas, and smooth processes. Therefore, a well-chosen unlocking solution is more than just access control – it strengthens security, efficiency, and, last but not least, the acceptance of electromobility.

Read more here

JUICE CHARGER ME 3

the smart wallbox with load management
https://juice.world/collections/juice-charger-me-3
The JUICE CHARGER me 3 is a smart wallbox with load management — ideal for future-proof, reliable, stationary charging.