UNE-EN IEC 62351-4:2018

1.1 ScopeThis second edition of this part of IEC 62351 substantially extents the scope of the first edition. While the first edition primarily provided some limited support for authentication during handshake for the Manufacturing Message Specification (MMS) based applications, this second edition provides support for extended integrity and authentication both for the handshake phase, and for the data transfer phase. In addition, it provides for shared key management and data transfer encryption and it provides security end-to-end (E2E) with zero or more intermediate entities. While the first edition only provides support for systems based on the MMS, i.e., systems using Open Systems Interworking (OSI) protocols, this second edition also provides support for application protocols using other protocol stacks, e.g., a TCP/IP protocol stack. This support is extended to protect application protocols using XML encoding and other protocols that have a handshake that can support the Diffie-Hellman key exchange. This extended security is referred to as E2E-security.It is intended that this part of IEC 62351 be referenced as normative part of IEC TC 57 standards that have a need for using application protocols, e.g., MMS, in a secure manner.It is anticipated that there are implementation, in particular Inter-Control Centre Communications Protocol (ICCP) implementations that are dependent on the first edition of this part of IEC 52315. The first edition specification of the A-security-profile is therefore included as separate sections. Implementations supporting this A-security-profile will interwork with implementation supporting the first edition of this part of IEC 62351.Special diagnostic information is provided for exception conditions for E2E-security.This part of IEC 62351 represents a set of mandatory and optional security specifications to be implemented for protected application protocols.1.2 ObjectThe initial audience for this part of IEC 62351 is the members of the working groups developing or making use of the protocols within IEC TC 57. For the measures described in this part of IEC 62351 to take effect, they shall be accepted and referenced by the specifications for the protocols themselves.The subsequent audience for this part of IEC 62351 is the developers of products that implement these protocols.Portions of this part of IEC 62351 may also be of use to managers and executives in order to understand the purpose and requirements of the work.