Siemens SIMATIC S7-1500 Function Manual page 158

Layers required
The figure below shows the three layers that are always required for establishing a
connection: the transport layer, the secure channel and the session.
Figure 9-6
● Transport layer:
This layer sends and receives messages. OPC UA uses an optimized TCP-based binary
protocol here. The transport layer is the basis for the subsequent secure channel.
● Secure channel
The secure channel receives the data received from the transport layer, and forwards that
data to the session. The secure channel forwards data of the session that is to be sent to
the transport layer.
In "Sign" security mode, the secure channel signs the data (messages) that is sent. When
a message is received, the secure channel checks the signature to detect any
manipulations.
With a "SignAndEncrypt" security policy, the secure channel signs and encrypts the send
data. Data received is decrypted by the secure channel, and the secure channel then
checks the signature.
With the "No security" security policy, the message packages pass the secure channel
unchanged (the messages are received and sent in plain text).
● Session
The session forwards the messages from the secure channel to the application, or
receives from the application the messages that are to be sent. The application uses the
process values or provides the values.
Communication
Function Manual, 11/2019, A5E03735815-AH
Necessary layers: transport layer, secure channel and session
OPC UA communication
9.2 Security at OPC UA
157