KEYnote 33 English - Spring 2017 - Page 13

set up the licenses in the devices , which is done simply via the OPC UA protocol .
Available today CodeMeter ’ s solutions , with CmEmbedded and CmASICs with USB / SPI communication , CmSticks for USB , or CmCards , are available as a module for the Unified Automation ANSI C OPC UA SDK and for the High Performance OPC UA SDK . to attacks . The consequences of compromised endpoints can be disastrous : Cryptographic keys can be stolen , the identity of the device affected , settings data like trust lists and certificates tampered with , applications manipulated , and invaluable know-how lost .
This calls for extensive protections . Many devices using OPC UA are still not protected enough , with private keys and trust lists stored in the regular file system and applications left unguarded against tampering . Attacks against endpoints might succeed and compromise entire infrastructures . Functionality , reliability , and know-how are all at risk .
OPC UA SDK , CmEmbedded , and CmDongles - A match made in heaven
CmEmbedded is a small-footprint modular runtime used to access the CodeMeter license container and the secure CmDongles . It supports many common operating systems outof-the-box and can be extensively customized , as it is delivered as ANSI C source code .
CmDongle
Runtime Bridge
Network Client
Encrypted Communication
CmActLicense
License Cache
The CmDongle hardware uses smart card chips made by Infineon that are Common Criteria ( CC ) EAL5 + certified , including the cryptographic libraries . All keys are securely stored and all cryptographic operations happen on this hardware .
The integration of CmEmbedded into the OPC UA SDKs offers additional security without additional effort and adds new licensing capabilities on top .
Making OPC UA more secure in the field
CodeMeter Embedded
CodeMeter Embedded
Development
OPC UA Application
The private keys are stored securely in the CmDongle hardware , using RSA keys with up to 2048-bit and ECC with 224-bit . The encryption of the OPC UA software on the device prevents tampering and reverse engineering and makes sure that critical processes occur only on fully protected hardware .
Advantages of license management with OPC UA
More and more devices with OPC UA depend on software to realize their capabilities , be it PLCs , intelligent sensors , RFID readers , or engines and actuators . With CodeMeter , individual functions can be licensed and novel pay-per-use or subscription business models be introduced to develop new after-sales business . No physical changes are needed to
They have been tested and proven their worth in many projects , such as SmartFactoryKL , secure plug & work with the Fraunhofer Institute IOSB , OpSIT in the healthcare sector , and IUNO , the national reference project for IT security in Industrie 4.0 introduced by the German Ministry for Education and Research .
Summary The IoT , IIoT , and Industrie 4.0 depend on fully interoperable and secure endpoint communication and semantics . OPC UA is supported by many organizations and players in the industry and can deliver what is required .
With its security and licensing capabilities , CodeMeter is a powerful enabler for new projects . Invaluable know-how is invested into flexible production processes , software , or technical and production data . Protecting these assets against theft and manipulation and seizing the opportunities of the digital age in new business models is CodeMeter ’ s mission .
OPC UA Application
OPC UA Secure Channel
Feature # 1 Feature # 2 Feature # 3
CodeMeter Embedded
13