User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation

About This Document

Applicable Documents

6 | 85

A6V11646120_enUS_b_40

Applicable Documents

Title

Document ID/Reference

Security for industrial process measurement and

control – Network and system security

IEC 62443-3

Information technology — Security techniques —

Code of practice for information security controls

ISO IEC 27002:2017

Technical Terms and Abbreviations

Term

Description

AES

The Advanced Encryption Standard is a specification for the encryption of

electronic data established by the U.S. National Institute of Standards and

Technology (NIST) in 2001. AES supersedes the Data Encryption Standard

(DES)

[7]

, which was published in 1977. The algorithm described by AES is a

symmetric-key algorithm, meaning the same key is used for both encrypting

and decrypting the data.

BACnet

BACnet is a communications protocol for Building Automation and Control

(BAC) networks. BACnet was designed to allow communication of building

automation and control systems for applications such as heating, ventilating,

and air-conditioning control (HVAC), lighting control, access control, and fire

detection systems and their associated equipment. The BACnet protocol

provides mechanisms for computerized building automation devices to

exchange information, regardless of the particular building service they

perform.

BIOS

BIOS is non-volatile firmware used to perform hardware initialization during the

booting process (power-on startup), and to provide runtime services for

operating systems and programs.

CAPI Certificates

The Microsoft windows platform specific Cryptographic Application

Programming Interface (also known variously as CryptoAPI, Microsoft

Cryptography API, MS-CAPI or simply CAPI) is an application programming

interface included with Microsoft Windows operating systems that provides

services to enable developers to secure Windows-based applications using

cryptography. It is a set of dynamically linked libraries that provides an

abstraction layer which isolates programmers from the code used to encrypt

the data. The Crypto API was first introduced in Windows NT 4.0

[1]

and

enhanced in subsequent versions.

CryptoAPI supports both public-key and symmetric key cryptography, though

persistent symmetric keys are not supported. It includes functionality for

encrypting and decrypting data and for authentication using digital certificates.

It also includes a cryptographically secure pseudorandom number generator

function CryptGenRandom.

CryptoAPI works with a number of CSPs (Cryptographic Service Providers)

installed on the machine. CSPs are the modules that do the actual work of

encoding and decoding data by performing the cryptographic functions.

Vendors of HSMs may supply a CSP which works with their hardware.

DiffieHellmann

Diffie–Hellman key exchange (DH) is a method of securely exchanging

cryptographic keys over a public channel. DH is one of the earliest practical

examples of public key exchange implemented within the field of cryptography.