利用ISO&IEC TS 30168集成安全元件到OPC UA安全.pdf

1、Integration of secure elementsinto OPC UA Security using ISO/IEC TS 30168OPC DAY 2023,Markus HeintelUnrestricted|Siemens 2023|Markus Heintel|T CST SES-DE|2023-06-20Integration of secure elements into OPC UA Security using ISO/IEC TS 30168SpeakerUnrestricted|Siemens 2023|Markus Heintel|T CST SES-DE|2

2、023-06-20Page 2 Markus Heintel Working at Siemens Technology,Cybersecurity&Trust,Security for Embedded Systems asLead Architect for Smart Manufacturing Security Several years experience with integrated circuit cards andsmart card middleware Security expert in IEC TC65 WG23 and WG24 Editor for TS 301

3、68 at ISO/IEC JTC 1 SC41 WG3 Integration of secure elements into OPC UA Security using ISO/IEC TS 30168AgendaUnrestricted|Siemens 2023|Markus Heintel|T CST SES-DE|2023-06-20Page 3 OPC UA Security and secure elements Secure element technologies and capabilities ISO/IEC TS 30168“Generic Trust Anchor A

4、PIfor Industrial IoT Devices”Ongoing standardization activities for ISO/IEC TS 30168 and next stepsIntegration of secure elements into OPC UA Security using ISO/IEC TS 30168Use of secure elements within the OPC UA Security ArchitectureUnrestricted|Siemens 2023|Markus Heintel|T CST SES-DE|2023-06-20P

5、age 4secure elementsecure elementSource:OPC UA Part 2,Figure 2 OPC UA security architecturehttps:/reference.opcfoundation.org/Core/Part2/v104/docs/4.5passwordpassword verifierTC:Trusted CertificateEE:End EntityDCA ClientRegistrarCertificate ManagerProvideIdentitiesSelected DeviceIdentity Certificate

6、Create SecureChannel with Selected IdentityStartSigningRequest/FinishSigningRequestDCA CertificateGet TrustListDCA TrustListCreate SecureChannel with DCA Certifiateloop Until all applications registeredloop Until all application certificates updatedStartSigningRequest/FinishSigningRequestApplication