Search

27 result(s) for SecurityPolicies

• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  4.6 SecurityPolicies
  SecurityPolicies A SecurityPolicy specifies which security mechanisms are to be used and are derived from a Security Profile (see 4.7 for details). Security policies are used by the Server ... wishes to open or for the session-less connection it wishes to make. SecurityPolicies are also used with PubSub communication. SecurityPolicies include the following information: algorithms for signing and encryption
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  9.4.2 Certificate management for developers
  security infrastructure. Developers should also keep in mind that depending on the SecurityPolicies that an OPC UA Application supports, the Application could require multiple Certificates and TrustLists . This is required
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.5.4.1 Description
  depends on the SecurityPolicy for the Endpoint . OPC 10000-7 defines Profiles for common SecurityPolicies and assigns a unique URI to them. It is expected that applications have built ... knowledge of the SecurityPolicies that they support, as a result, only the Profile URI for the SecurityPolicy is specified in the EndpointDescription . A Client cannot connect to an Endpoint that
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.6.1 Overview
  these algorithms when it creates a SecureChannel . It should be noted that some SecurityPolicies defined in OPC 10000-7 will turn off authentication and encryption resulting in a SecureChannel that
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.7.2.1 Description
  signatures may be empty. See OPC 10000-7 for the definition of SecurityPolicies and the handling of these parameters. The Server returns its EndpointDescriptions in the response. Clients use this
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.1.8 Calculating Signatures used in CreateSession and ActivateSession
  CreateSession are used to calculate the Signatures . Channel bound Signatures are only used with SecurityPolicies with SecureChannelEnhancements = TRUE. Otherwise, the legacy calculation method is used. The new Signature calculation method ... above apply except the SecurityPolicy for the selected UserTokenPolicy specifies the signing algorithm. For SecurityPolicies with SecureChannelEnhancements =FALSE, the legacy Signature calculation method is used. The inputs are defined
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.15 EphemeralKeyType
  created by the sender. It is encoded according to the rules for the ECC SecurityPolicies (see OPC 10000-7 ). The size of the Public Key is specified by the current
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.36 SignatureData
  string containing the URI of the algorithm . The URI is NULL or Empty for SecurityPolicies with SecureChannelEnhancements =TRUE (see OPC 10000-6 ) and all ECC SecurityPolicies. If this
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.2.1 Overview
  SecurityPolicy is set to None then no encryption or signature is required. The possible SecurityPolicies are defined in OPC 10000-7 . It is recommended that applications never set the SecurityPolicy ... layout to be updated as new token types are defined or new SecurityPolicies are added. The EncryptedSecret format starts with a TypeId , EncodingMask and Length . These values allow a Server
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.2.3 EncryptedSecret Format
  SecurityPolicyUri . Each EncryptedSecret DataType describes how the key data is structured for different SecurityPolicies . Nonce ByteString This is the last serverNonce returned in the CreateSession or ActivateSession Response when ... encryption is applied. Each EncryptedSecret DataType describes how the Signature is calculated for different SecurityPolicies . The currently available EncryptedSecret DataTypes are defined in Table 184 . Table 184 - EncryptedSecret DataTypes Type
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.4 UserNameIdentityToken
  encrypted and serialized as described in 7.40.2.2 . When using the ECC based SecurityPolicies the password is encrypted and serialized as described in 7.40.2.5 . The Server shall decrypt the password ... This parameter is null or empty if the password is not encrypted. For SecurityPolicies with SecureChannelEnhancement =TRUE, the Client shall set this field to null or empty and Servers shall
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.41 UserTokenPolicy
  only be returned in EndpointDescription with an RSA ServerCertificate. If the SecurityMode is None, SecurityPolicies based on ECC or RSA_DH are not allowed and Clients shall not use UserTokenPolicies ... that require encryption with these SecurityPolicies . RSA based SecurityPolicies are allowed, however, the Client shall only use a ServerCertificate which it trusts to encrypt UserIdentityTokens with tokenType USERNAME or ISSUEDTOKEN
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.1 Security Handshake and Security Policies
  together during a security handshake is called a SecurityPolicy . OPC 10000-7 defines standard SecurityPolicies as parts of the standard Profiles which OPC UA applications are expected to support ... also defines a URI for each standard SecurityPolicy . The latest versions of all SecurityPolicies are available in the online Profiles website. OPC 10000-7 defines the link to this website
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.7.2.1 Overview
  security is applied to the Message when not using AuthenticatedEncryption algorithms. For these SecurityPolicies any padding is appended to the message before appending the Signature . When using Sign mode ... security is applied to the Message when using Authenticated Encryption algorithms. For these SecurityPolicies the Signature is calculated during encryption and appended after the encrypted data. Figure 12 - MessageChunk
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.7.2.4 Sequence Header
  issued and it shall be incremented by exactly one for each MessageChunk sent. SecurityPolicies with LegacySequenceNumbers set to TRUE, the SequenceNumber shall monotonically increase for all Messages and shall ... UInt32.MaxValue - 1024). The first number after the wrap around shall be less than 1024. SecurityPolicies with LegacySequenceNumbers set to FALSE, the SequenceNumber shall start at 0 and monotonically increase
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.7.5 ChannelThumbprint
  ChannelThumbprint When using SecurityPolicies with SecureChannelEnhancements = TRUE, the Signature on the OpenSecureChannel Response is calculated by appending the bytes of the Signature from the first OpenSecureChannel Request to the bytes
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.7.6 Deriving keys
  Table 65 specifies how to derive the secrets and seeds when using RSA based SecurityPolicies . Table 65 - PRF inputs for RSA based SecurityPolicies Name Derivation ClientSecret The value
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.8.1 Secure Channel Handshake
  EphemeralKey , however, it may allow other named curves. OPC UA applications that support ECC SecurityPolicies shall support multiple Certificates. ECC Public Keys and digital signatures are the output
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.8.3 ECC and RSA-DH Encrypted Secret
  EccEncryptedSecret structure which is used to protect secrets with ECC and RSA-DH SecurityPolicies . Applying security with ECC or RSA-DH requires two EphemeralKeys generated by the sender
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.10.24 SecuritySettingsDataType
  with a None SecurityMode only use the SecurityPolicyUris and the CertificateGroupName to restrict the SecurityPolicies that may be used in the UserTokenPolicies. Table 114 - SecuritySettingsDataType Structure Name Type Description SecuritySettingsDataType
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.5.4 KeyCredentialServiceType
  /UA-Profile/Authentication/mqtt-username ; http://opcfoundation.org/UA-Profile/Security/UserToken/Server/UserNamePassword ; http://opcfoundation.org/UA-Profile/Authentication/amqp-sasl-plain . The SecurityPolicyUris Property is the list of SecurityPolicies that may be used when encrypting the KeyCredentials . One of these URIs is passed
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.5.5 StartRequest
  provided. PublicKey A Public Key used to encrypt the returned KeyCredential secret. For RSA SecurityPolicies this is the DER encoded form of an X.509 v3 Certificate as described ... SecurityPolicies this is an ephemeral key created by the owner of the KeyCredentials . Not specified if no encryption is required. If the SecurityPolicyUri is provided this field shall be provided
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.5.6 FinishRequest
  CertificateThumbprint The SHA1 hash of the Certificate used to encrypt the secret for RSA SecurityPolicies . Set to NULL for ECC or RSA-DH SecurityPolicies . SecurityPolicyUri The SecurityPolicy used to create
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.6.7 UpdateCredential
  CertificateThumbprint The SHA1 hash of the Certificate used to encrypt the secret. For RSA SecurityPolicies this shall be one of the ApplicationInstance Certificates assigned to the Server ... SecurityPolicies this field is not specified. Not specified if the secret is not encrypted. SecurityPolicyUri The SecurityPolicy used to encrypt the secret. If not specified the secret is not encrypted
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  8.3.2 GetSecurityKeys Method
  algorithms and key lengths used to secure the messages. The SecurityPolicies are defined in OPC 10000-7 . FirstTokenId The SecurityTokenId of the first key in the array of returned keys
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  8.4.1 SecurityGroupType definition
  milliseconds. The Property SecurityPolicyUri is the identifier for a SecurityPolicy . SecurityPolicies define the set of algorithms and key lengths used to secure the messages exchanged in the context ... SecurityGroup . The SecurityPolicies are defined in OPC 10000-7 . The Property MaxFutureKeyCount defines the maximum number of future keys returned by the Method GetSecurityKeys . The Property MaxPastKeyCount defines the maximum
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  9.1.3.3 SetSecurityKeys
  algorithms and key lengths used to secure the messages. The SecurityPolicies are defined in OPC 10000-7 . CurrentTokenId The SecurityTokenId that appears in the header of messages secured with