Siemens MindConnect Nano System Manual page 126

Insights hub

Hide thumbs Also See for MindConnect Nano:

Getting started (96 pages)

Quick start (2 pages)

Quick start (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

Table of Contents

Appendix

8.16 MindConnect General Security Principles

Case 1:

The shared secret (valid for 7 days) – to be used to access token in the request.

The re-registration access token (RAT) – to be used for the renewal of registration, once the

registration is expired.

Case 2:

The re-registration access token (RAT) – to be used for the renewal of registration, once the

registration is expired.

The agent management stores the public key received after registering an agent and uses it to

verify the request access token from agent, which uses JWT signed with private key from now

on. For more information, see

Validity of the credentials

By default, each registered agent (either RSA 3072 or Shared Secret security profile) has its own

credentials valid for 7 days and it must be renewed on a regular basis. After this period,

Industrial IoT will not grant any access tokens to the agent and the agent credentials will be

invalid. The agent needs to re-register by providing its Registration Access Token (RAT).

Registration access tokens have no practical expiration times but each time a client refreshes its

registration a new RAT is generated by Industrial IoT.

API communication agent (e.g. MindConnect Nano)

Except the one for onboarding and registration, all Industrial IoT APIs require an access token:

The Agent requests an access token from Agent IAM using a self signed JSON Web Token (JWT).

The JWT is signed (see RFC-7515) with either the shared secret (Case 1) or the private key of the

public / private key pair (Case 2) in Step 2. The JWT contains the tenantId

The granted access token is valid for 30 minutes. It is also a JWT and contains:

tenantId

scopes: It describes the type of services used in this token holder.

After expiry, a new token needs to be requested.

Firmware management

Firmware management is stored in secure cloud storage. Agent accesses secure storage through

a signed URL issued by Industrial IoT and it is valid for 7 days.

Firmware is signed with private key from Industrial IoT. Firmware installer (MERS) on device,

checks signature against matching public key provided at initial installation in the factory.

MindConnect Nano

System Manual 7/2023

Onboarding an

Agent.

126

Table of Contents

This manual is also suitable for:

Mindconnect iot2040

Siemens MindConnect Nano System Manual page 126

Related Manuals for Siemens MindConnect Nano

Related Products for Siemens MindConnect Nano

This manual is also suitable for:

Table of Contents