Abstract: Devices, methods, and a computer program for releasing transportation vehicle components and a vehicle-to-vehicle communication module. The device for releasing a vehicle component of a transportation vehicle includes at least one interface for communication with further vehicle components of the transportation vehicle and a control module for controlling the at least one interface to receive messages from the further vehicle components of the transportation vehicle and to verify the identity of the further vehicle components based on the received messages and the stored identification data of the further vehicle components. The messages on which the verification of the identity of the further vehicle components is based are messages used in regular operation of the vehicle component. The control module also releases the vehicle component in response to the identity of the further transportation vehicle components being consistent with the stored identification data of the further vehicle components.

Abstract: Devices, methods, and a computer program for releasing transportation vehicle components and a vehicle-to-vehicle communication module. The device for releasing a vehicle component of a transportation vehicle includes at least one interface for communication with further vehicle components of the transportation vehicle and a control module for controlling the at least one interface to receive messages from the further vehicle components of the transportation vehicle and to verify the identity of the further vehicle components based on the received messages and the stored identification data of the further vehicle components. The messages on which the verification of the identity of the further vehicle components is based are messages used in regular operation of the vehicle component. The control module also releases the vehicle component in response to the identity of the further transportation vehicle components being consistent with the stored identification data of the further vehicle components.

Abstract: The invention relates to a method for generating cryptographic keys according to a key derivation function model. An embodiment includes the following steps: defining a master key for different models of a product type from a manufacturer; defining a set of key derivation parameters for the key derivation function model; determining the key derivation parameters for the model for which a cryptographic key is to be derived; deriving a single cryptographic key or a set of cryptographic keys from the master key according to the key derivation function model taking into account the key derivation parameters, wherein the step of defining a set of key derivation parameters comprises at least the following parameters: key type identification and key type learning counter.

Abstract: Executing one or more vehicle applications using a vehicle computation unit of a vehicle and providing a permission information manifest for a vehicle application, and controlling a communication between vehicle applications of a vehicle based on permission information manifests associated with the vehicle applications. Programming instructions of the one or more vehicle applications are obtained, as well as one or more individual permission information manifests of the one or more vehicle applications. Each permission information manifest includes information related to one or more permitted vehicle services of a vehicle application of the one or more vehicle applications. The information related to the one or more permitted services indicates one or more vehicle services the vehicle application is permitted to offer to further vehicle applications of the vehicle and/or one or more vehicle services of the further vehicle applications the vehicle application is permitted to use.

Abstract: A device, method and computer program for enabling a vehicle component and a vehicle-to-vehicle communication module. The device includes at least one interface for communication with a second vehicle component of the transportation vehicle. The second vehicle component is part of a secured cluster of vehicle components of the transportation vehicle. The device includes a control module to control the at least one interface and to receive at least one message from the second vehicle component via the at least one interface. The control module legitimates the second vehicle component based on the at least one message received from the second vehicle component. The control module enables the first vehicle component in response to the at least one received message implying that the second vehicle component has been enabled and in response to the legitimation of the second vehicle component being successful.

Abstract: A method providing security the first time a mobile device makes contact with a device including a trusted entity introducing asymmetric key into a mobile device, performing a key exchange method on contact-making resulting in a shared key in the mobile device and in the device, generating a first signature with the symmetric key using the shared key in the mobile device, generating a second signature with the symmetric key using the shared key in the device, transmitting the first signature to the device and the second signature to the mobile device, authenticating the device by cryptographic verification of the second signature with the symmetric key in the mobile device, authenticating the mobile device by cryptographic verification of the first signature with the symmetric key in the device, and continuing contact-making in the event of mutual successful authentication or termination of contact-making if at least one authentication has failed.

Abstract: Devices, methods, and a computer program for releasing transportation vehicle components and a vehicle-to-vehicle communication module. The device for releasing a vehicle component of a transportation vehicle includes at least one interface for communication with further vehicle components of the transportation vehicle and a control module for controlling the at least one interface to receive messages from the further vehicle components of the transportation vehicle and to verify the identity of the further vehicle components based on the received messages and the stored identification data of the further vehicle components. The messages on which the verification of the identity of the further vehicle components is based are messages used in regular operation of the vehicle component. The control module also releases the vehicle component in response to the identity of the further transportation vehicle components being consistent with the stored identification data of the further vehicle components.

Abstract: The invention relates to a method for generating cryptographic keys according to a key derivation function model. An embodiment includes the following steps: defining a master key for different models of a product type from a manufacturer; defining a set of key derivation parameters for the key derivation function model; determining the key derivation parameters for the model for which a cryptographic key is to be derived; deriving a single cryptographic key or a set of cryptographic keys from the master key according to the key derivation function model taking into account the key derivation parameters, wherein the step of defining a set of key derivation parameters comprises at least the following parameters: key type identification and key type learning counter.

Abstract: A method for providing an authenticated connection between at least two communication partners including implementing a server application on a first communication partner of the at least two communication partners, implementing a first user application on a second communication partner of the at least two communication partners, and carrying out an application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner. The method enables a coupling of at least two communication partners which is effected at the application level and is independent of the protection of the communication connection between the communication partners.

Abstract: A method for providing an authenticated connection between at least two communication partners including implementing a server application on a first communication partner of the at least two communication partners, implementing a first user application on a second communication partner of the at least two communication partners, and carrying out an application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner. The method enables a coupling of at least two communication partners which is effected at the application level and is independent of the protection of the communication connection between the communication partners.

Abstract: A method for providing an authenticated connection between at least two communication partners and to a communication system. The method includes providing a shared secret key for the at least two communication partners; setting up an anonymous signal-conducting connection between the at least two communication partners, wherein all messages of the connection between the at least two communication partners are encrypted using the shared secret key; and authenticating the connection between the at least two communication partners by a user. The method provides a secure and convenient authentication of a connection between two communication partners, wherein the authentication is effected at the application level.

Abstract: A method for providing an authenticated connection between at least two communication partners including implementing a server application on a first communication partner of the at least two communication partners, implementing a first user application on a second communication partner of the at least two communication partners, and carrying out an application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner. The method enables a coupling of at least two communication partners which is effected at the application level and is independent of the protection of the communication connection between the communication partners.

Abstract: A method for asymmetrical key derivation by a signing entity for a terminal including introducing identical cryptographic material into the signing entity and into the terminal; deriving in each case a private key from the cryptographic material in the signing entity and in the terminal; calculating in each case a public key from the private key in the signing entity and in the terminal; generating a signature and/or a signed public key in the signing entity; transferring the signature and/or the signed public key from the signing entity into the terminal; and appending the signature of the signing entity to the public key in the terminal.

Abstract: A method for implementing an encrypted client-server communication, wherein the server includes an entry point, service systems behind the entry point, and a secure system. The method includes incorporating common cryptographic material into the client and into the secure system, deriving key material from the common cryptographic material in the client for an encrypted communication between the client and a service system, deriving key material from the common cryptographic material in the secure system for an encrypted communication between the client and a service system, and transferring the key material into the service system or retaining the key material in the secure system.

Abstract: A method for providing an authenticated connection between at least two communication partners and to a communication system. The method includes setting up an anonymous signal-conducting connection between the at least two communication partners; checking the authenticity of a signed certificate used by a first communication partner of the at least two communication partners by a second communication partner of the at least two communication partners; reproducing an authentication code by the second communication partner after the check of the authenticity of the signed certificate used by the first communication partner has been carried out; and confirming the authentication code reproduced by the second communication partner by a user by the first communication partner. The method provides a possibility which increases the security of a certificate-based authentication of a communication connection between at least two communication partners.

Abstract: A method for indicating authorized authentication media for a vehicle including detecting a key authorized for the vehicle via a first interface; ascertaining the authentication media that are authorized for the vehicle; and outputting an indication if, on the one hand, the key authorized for the vehicle was detected previously and if, on the other hand, at least one authentication medium was ascertained in the course of the ascertaining step, wherein the vehicle communicates with the authentication media via a second interface, which differs from the first interface. Also disclosed is a device and vehicle.

Abstract: A method for performing certification by a control device of a vehicle including generating a first signed certificate, which has at least one public key, and generating an associated private key; single-time introduction of the first signed certificate and of the associated private key into the control device; producing a second certificate; signing a further public key in the control device, using the private key and the second certificate; and making available the signed further public key together with the first signed certificate.

Abstract: A method for updating software of a control unit of a vehicle which includes exchanging individual data blocks of the software in a memory of the control unit and generating cryptographic material for each exchanged data block by processing each exchanged data block with a cryptographic function. The method includes storing the generated cryptographic material in a test data block which contains cryptographic material for each data block and includes verifying the consistency of the cryptographic material, stored in the test data block, of all data blocks of the software by matching the cryptographic material stored in the test data block with consistency test data. The disclosed embodiments reduce the necessary cryptographic operations during a partial updating of the software of a control unit of a vehicle.

Abstract: A device, method and computer program for enabling a vehicle component and a vehicle-to-vehicle communication module. The device includes at least one interface for communication with a second vehicle component of the transportation vehicle. The second vehicle component is part of a secured cluster of vehicle components of the transportation vehicle. The device includes a control module to control the at least one interface and to receive at least one message from the second vehicle component via the at least one interface. The control module legitimates the second vehicle component based on the at least one message received from the second vehicle component. The control module enables the first vehicle component in response to the at least one received message implying that the second vehicle component has been enabled and in response to the legitimation of the second vehicle component being successful.

Abstract: A component for processing a datum requiring protection, which component implements at least one security function for protecting the datum requiring protection, and a method for implementing a security function for protecting a datum requiring protection in such a component. The datum requiring protection is assigned to a protection target class. The security function includes at least one protective measure from a selection of protective measures associated with the protection target class.