White Paper
OPC UA with Security
OPC UA is an ISO standardized protocol for connected devices accessing the Internet, with offsite
maintenance as a typical use case. The OPC-UA standard includes security specifications, but most
instances use OPC UA without the security protocols. In everyday business, the greatest obstacle in this
respect lies in the administration and allocation of keys and rights. Wibu-Systems solves this problem of
access key management with CodeMeter License Central, which can also manage certificates. CodeMeter
can be configured to integrate with OPC UA, using the protocols of OPC UA in full conformity with the
standards. This enables OPC UA with security for authentication and encrypted communication.
Integrity Protection
Reliably protecting the integrity of a plant is an important sales argument. This also goes for guaranteeing
the conformity of components: Industry-specific norms regulate the precise specifications of production
equipment. Be they rail-certified, blast-proof, food-safe, vibration-resistant, or watertight, components
are made and equipped for their intended purpose. The operators of production plants want assurances
that all of their components and software are fully certified. CodeMeter allows this level of integrity
protection with signed program code and inclusion in a trusted certification chain.
Manipulation
Every technical device is made for a specific area of operation, and its producer would guarantee its
effective work under these terms and specifications. What are the implications for producers when their
clients tamper with the equipment to modify it beyond its specified range? A modified motorcycle will
be faster and louder – and soon be taken off the roads by traffic police. Their drivers will lose their
insurance and be liable for hefty fines. A modified production plant might also be running faster and
create additional profits, but their components would also wear down in record time. If the producer
of the machinery cannot prove that the machines were running outside of the original specifications,
he would have to provide the regular maintenance and warranty coverage. CodeMeter enables the
makers of plant machinery to protect against the illicit changing of parameters or record any changes in
a tamperproof log.
Modular Protection for the Plant Engineer’s Source Code
Plant engineers usually possess the readable source code for their applications. Effective protections are
now essential: By having access to the source code, the client could interfere with the internal workings of
the machine. Having this opportunity to edit the source code can indeed be a reasonable requirement for
qualified maintenance personnel, e.g. for taking less relevant defective sensors offline to keep production
processes running until the sensor is repaired at the next maintenance interval. By contrast, parts that
are critical for security and for protecting the plant engineers’ essential know-how must be shielded
from such external access. The client should not be able to copy and pass on functioning source code
to unauthorized third parties. Again, the licensing mechanisms offered by CodeMeter are an effective
barrier. Not only the clients of plant engineers, but also their employees have access to the source code.
Developers write the machine applications in an IEC 61131 language, for which they need access to
readable source code. Maintenance technicians need to work with the source code in their routines. By
force or enticement, a criminal counterfeiter could use these staff members as an open door to the code.
Source code needs to be protected against unfaithful employees and disloyal clients alike. CodeMeter
guarantees that protection: The counterfeiter might get the source code, but he could never produce an
executable application for it.
8