Terms and definitions – OPC Unified Architecture

3.1 Terms and definitions

For the purposes of this document, the terms and definitions given in OPC 10000-1 and the following apply.

3.1.1 Untitled

3.1.2 Untitled

limit on the circumstances under which an operation, such as a read, write or a call, can be performed on a Node

3.1.3 Untitled

3.1.4 Untitled

digitally signed document that asserts that the subject is entitled to access a Resource

3.1.5 Untitled

3.1.6 Untitled

individual installation of an OPC UA program with a globally unique identity

3.1.7 Untitled

3.1.8 Untitled

Certificate that uniquely identifies an individual ApplicationInstance

3.1.9 Untitled

3.1.10 Untitled

a globally unique identifier for an OPC UA Application running on a particular device

3.1.11 Untitled

3.1.12 Untitled

Cryptography method that uses a pair of keys, one that is designated the Private Key and kept secret, the other called the Public Key that is generally made available

Note 1

Note 1 to entry: ‘"Asymmetric Cryptography". Is an Asymmetric Encryption algorithm when an entity “A” requires Confidentiality for data sent to entity “B”, then entity “A” encrypts the data with a Public Key provided by entity “B”. Only entity “B” has the matching Private Key that is needed to decrypt the data. In an asymmetric Digital Signature algorithm when an entity “A” requires message Integrity or to provide Authentication for data sent to entity “B”, entity A uses its Private Key to sign the data. To verify the signature, entity B uses the matching Public Key that entity A has provided. In an asymmetric key agreement algorithm, entity A and entity B each send their own Public Key to the other entity. Then each uses their own Private Key and the other's Public Key to compute the new key value.’ according to IS Glossary.

Note 2 to entry: Asymmetric Cryptography is also known as Public Key Cryptography. Public key Cryptography originally was based on RSA which has been extended to include ECC.

3.1.13 Untitled

3.1.14 Untitled

mechanism used by Asymmetric Cryptography for encrypting data with the Public Key of an entity and for decrypting data with the associated Private Key

3.1.15 Untitled

3.1.16 Untitled

mechanism used by Asymmetric Cryptography for signing data with the Private Key of an entity and for verifying the data’s signature with the associated Public Key

3.1.17 Untitled

3.1.18 Untitled

security objective that assures that any actions or activities in a system can be recorded

3.1.19 Untitled

3.1.20 Untitled

tracking of actions and activities in the system, including security related activities where Audit records can be used to review and verify system operations

3.1.21 AuthenticatedEncryption

encryption scheme which simultaneously assures the data confidentiality and authenticity

3.1.22 Untitled

3.1.23 Untitled

process that assures that the identity of an entity such as a Client, Server, Publisher or user can be verified

3.1.24 Untitled

3.1.25 Untitled

ability to grant access to a system resource

3.1.26 Untitled

3.1.27 Untitled

Server which validates a request to access a Resource returns an AccessToken that grants access to the Resource

3.1.28 Untitled

3.1.29 Untitled

security objective that assures that the system is running normally. That is, no services have been compromised in such a way to become unavailable or severely degraded

3.1.30 Untitled

3.1.31 Untitled

entity that can issue Certificates, also known as a CA

3.1.32 Untitled

3.1.33 Untitled

3.1.34 Untitled

persistent location where Certificates and Certificate revocation lists (CRLs) are stored

3.1.35 Untitled

3.1.36 Untitled

statement in an AccessToken that asserts information about the subject which the Authorization Service knows to be true

3.1.37 Untitled

3.1.38 Untitled

security objective that assures the protection of data from being read by unintended parties

3.1.39 Untitled

3.1.40 Untitled

discipline that embodies the principles, means, and methods for the transformation of data in order to hide their semantic content, prevent their unauthorized use, or prevent their undetected modification

3.1.41 Untitled

3.1.42 Untitled

program designed by an organization to maintain the security of the entire organization’s assets to an established level of Confidentiality, Integrity, and Availability, whether they are on the business side or the industrial automation and control systems side of the organization

3.1.43 Untitled

3.1.44 Untitled

mechanism for negotiating a shared secret between two parties that can be used for secret communication for exchanging data over a network

Note 1 to entry: Elliptic Curve Cryptography (ECC) requires the use of a Diffie Hellman Key Exchange.

3.1.45 Untitled

3.1.46 Untitled

value computed with a cryptographic algorithm and appended to data in such a way that any recipient of the data can use the signature to verify the data’s origin and Integrity

3.1.47 Untitled

3.1.48 Untitled

Asymmetric Cryptography method that uses a pair of keys calculated from the mathematical structure of elliptic curves over finite fields

Note to entry: ECC is a family of algorithms that support Digital Signatures but not encryption.

3.1.49 Untitled

3.1.50 Untitled

algorithm for which it is computationally infeasible to find either a data object that maps to a given hash result (the "one-way" property) or two data objects that map to the same hash result (the "collision-free" property)

3.1.51 Untitled

3.1.52 Untitled

MAC that has been generated using an iterative Hash Function

3.1.53 Untitled

3.1.54 Untitled

security objective that assures that information has not been modified or destroyed in an unauthorized manner, see IS Glossary

3.1.55 Untitled

3.1.56 Untitled

Server which verifies credentials provided by a Security Principal and returns a token which can be passed to an associated Authorization Service

3.1.57 Untitled

3.1.58 Untitled

protocol used for establishing a secure communication path between two entities in an unsecured environment whereby both entities apply a specific algorithm to securely exchange secret keys that are used for securing the communication between them

3.1.59 Untitled

3.1.60 Untitled

short piece of data that results from an algorithm that uses a secret key (see Symmetric Cryptography) to hash a Message whereby the receiver of the Message can check against alteration of the Message by computing a MAC that should be identical using the same Message and secret key

3.1.61 Untitled

3.1.62 Untitled

Digital Signature used to ensure the Integrity of Messages that are sent between two entities

3.1.63 Untitled

3.1.64 Untitled

ability to prove the occurrence of a claimed event or action and its originating entities

Note 1 to entry: The purpose of non-repudiation is to resolve disputes about the occurrence or non-occurrence of the event or action and involvement of entities in the event.

Note 2 to entry: This definition comes from OPC Profiles – OPC UA Profiles and Facets