Basic security requirements – OPC UA interfaces for plastics and rubber machinery – Data exchange between injection moulding machines and MES

6 Basic security requirements

6.1 Application Security

For the communication between IMM and MES the OPC UA application authentication via X509 certificates shall be used. OPC UA provides functionalities for using self-signed certificates that have to be manually added to a “trust list” as well as for certificates issued by a certificate authority (CA).

The minimum requirements of the protocol level for a OPC 40077 compliant connection are:

Use of (self-signed) certificates for OPC UA application authentication

Security Policy: Basic256

Message Security Mode: sign

6.2 User security/Access control

6.2.1 On IMM

On the IMM authentication via user name and password is commonly used.

6.2.2 On MES

For the users and roles of the connection the following applies:

User names can be manufacturer dependent.

Standard roles are

“OPC40077”: read and write access for selected parameters

“OPC40077_read_only”: no writing permissions

Manufactures can add additional roles. They may not start with “OPC40077”. For these roles, more parameters can be writeable than for the OPC40077 role.

The standard user “OPC40077” has the role “OPC40077” (and no other additional role), “OPC40077_read_only” has the roll “OPC40077_read_only” (and no other additional role); the passwords for the standard users are defined by the manufacturers (they may be empty).