Patents by Inventor David von Oheimb
David von Oheimb has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11588647Abstract: Provided is a method for validating a predetermined digital certificate having a validation device, wherein the validation device stores approval information that specifies which digital certificates of a plurality of digital certificates are permissible digital certificates, and wherein the validation device further stores trust information which indicates a trust level of the permissible digital certificates. The method includes determining, while taking account of the approval information, whether the predetermined digital certificate is permissible for the planned use under the current conditions; and if it is determined that the predetermined digital certificate is permissible, determining the trust level of the predetermined digital certificate by taking into consideration the trust information for the planned use and the current conditions, is provided.Type: GrantFiled: November 6, 2018Date of Patent: February 21, 2023Assignee: SIEMENS GAMESA RENEWABLE ENERGY A/SInventors: Michael Munzert, David von Oheimb
-
Publication number: 20200358623Abstract: Provided is a method for validating a predetermined digital certificate having a validation device, wherein the validation device stores approval information that specifies which digital certificates of a plurality of digital certificates are permissible digital certificates, and wherein the validation device further stores trust information which indicates a trust level of the permissible digital certificates. The method includes determining, while taking account of the approval information, whether the predetermined digital certificate is permissible for the planned use under the current conditions; and if it is determined that the predetermined digital certificate is permissible, determining the trust level of the predetermined digital certificate by taking into consideration the trust information for the planned use and the current conditions, is provided.Type: ApplicationFiled: November 6, 2018Publication date: November 12, 2020Inventors: Michael Munzert, David von Oheimb
-
Patent number: 10594611Abstract: There is a need for coupling, for example within an automation area, particularly critical subareas with less critical subareas of the automation area. The invention relates to a method and a network filtering device for filtering a data packet between a first network and a second network. According to the invention, a data packet is checked several times in parallel by means of a multiplier and a plurality of filtering devices.Type: GrantFiled: August 12, 2014Date of Patent: March 17, 2020Assignee: Siemens AktiengesellschaftInventors: Uwe Blöcher, Rainer Falk, David von Oheimb
-
Authorization apparatus and method for an authorized issuing of an authentication token for a device
Patent number: 10511587Abstract: Provided is a method for an authorized issuing of an authentication token for a device, including requesting an authentication token for the device by sending a request message and at least one authentication parameter to an authorization apparatus, verifying authenticity of the request message using the authentication parameter, verifying authorization for the request by comparing information on the device obtained with the request message in the authorization apparatus with context information for the device stored in a database, and on success of the verification of the authenticity and of the authorization, authorizing the issuing of the requested authentication token.Type: GrantFiled: May 18, 2016Date of Patent: December 17, 2019Assignee: SIEMENS AKTIENGESELLSCHAFTInventors: Hendrik Brockhaus, Steffen Fries, Michael Munzert, David Von Oheimb -
Patent number: 10476861Abstract: Systems and methods for characterizing a client apparatus on at least one server apparatus are provided. A first certificate is received in the event of a first request for a connection set-up from a server apparatus in a client apparatus. One or more predefined certificate parameters of the first certificate are stored as a set of characterization parameters in the client apparatus. Each further certificate from a server apparatus is checked that is received in the client apparatus in the event of a request for a further connection set-up, against the stored characterization parameter set. A request for a further connection set-up is accepted only if all of the predefined certificate parameters of the further certificate match all characterization parameters of the characterization parameter set.Type: GrantFiled: October 2, 2014Date of Patent: November 12, 2019Assignee: Siemens AktiengesellschaftInventors: Hendrik Brockhaus, Jens-Uwe Bußer, Steffen Fries, David von Oheimb
-
AUTHORIZATION APPARATUS AND METHOD FOR AN AUTHORIZED ISSUING OF AN AUTHENTICATION TOKEN FOR A DEVICE
Publication number: 20180359241Abstract: Provided is a method for an authorized issuing of an authentication token for a device, including requesting an authentication token for the device by sending a request message and at least one authentication parameter to an authorization apparatus, verifying authenticity of the request message using the authentication parameter, verifying authorization for the request by comparing information on the device obtained with the request message in the authorization apparatus with context information for the device stored in a database, and on success of the verification of the authenticity and of the authorization, authorizing the issuing of the requested authentication token.Type: ApplicationFiled: May 18, 2016Publication date: December 13, 2018Inventors: HENDRIK BROCKHAUS, STEFFEN FRIES, MICHAEL MUNZERT, DAVID VON OHEIMB -
Patent number: 9979695Abstract: The invention relates to a method for monitoring a security network interface unit (23), for example a firewall, which receives a stream of data packets via a first interface (21), checks said data stream with respect to filtering rules, and outputs said data stream to a second interface (22). The method has the steps of duplicating and outputting the data stream to the second interface (22), checking the output data stream for inadmissible data traffic, transmitting a warning message to the security network interface unit if inadmissible data traffic is detected in the data stream, and restricting the data stream by means of the security network interface unit if the warning message is received in the security network interface unit (23). The device or the system according to the invention comprises units which are designed to carry out the aforementioned method.Type: GrantFiled: July 22, 2014Date of Patent: May 22, 2018Assignee: Siemens AktiengesellschaftInventors: Uwe Blöcher, Rainer Falk, David von Oheimb
-
Publication number: 20160344727Abstract: Systems and methods for characterizing a client apparatus on at least one server apparatus are provided. A first certificate is received in the event of a first request for a connection set-up from a server apparatus in a client apparatus. One or more predefined certificate parameters of the first certificate are stored as a set of characterization parameters in the client apparatus. Each further certificate from a server apparatus is checked that is received in the client apparatus in the event of a request for a further connection set-up, against the stored characterization parameter set. A request for a further connection set-up is accepted only if all of the predefined certificate parameters of the further certificate match all characterization parameters of the characterization parameter set.Type: ApplicationFiled: October 2, 2014Publication date: November 24, 2016Inventors: Hendrik Brockhaus, Jens-Uwe Bußer, Steffen Fries, David von Oheimb
-
Publication number: 20160248679Abstract: There is a need for coupling, for example within an automation area, particularly critical subareas with less critical subareas of the automation area. The invention relates to a method and a network filtering device for filtering a data packet between a first network and a second network. According to the invention, a data packet is checked several times in parallel by means of a multiplier and a plurality of filtering devices.Type: ApplicationFiled: August 12, 2014Publication date: August 25, 2016Inventors: Uwe Blöcher, Rainer Falk, David von Oheimb
-
Publication number: 20160205069Abstract: The invention relates to a method for monitoring a security network interface unit (23), FIG. 2 for example a firewall, which receives a stream of data packets via a first interface (21), checks said data stream with respect to filtering rules, and outputs said data stream to a second interface (22). The method has the steps of duplicating and outputting the data stream to the second interface (22), checking the output data stream for inadmissible data traffic, transmitting a warning message to the security network interface unit if inadmissible data traffic is detected in the data stream, and restricting the data stream by means of the security network interface unit if the warning message is received in the security network interface unit (23). The device or the system according to the invention comprises units which are designed to carry out the aforementioned method.Type: ApplicationFiled: July 22, 2014Publication date: July 14, 2016Applicant: Siemens AktiengesellschaftInventors: Uwe Blöcher, Rainer Falk, David von Oheimb
-
Patent number: 9367297Abstract: An IT system includes at least one first processing unit and one second processing unit. The first and second processing units jointly execute an application program and are each associated with an installation routine designed to control updating of a first or second program part of the application program. A first actual state is associated with the first processing unit and a second actual state is associated with the second processing unit. After system reboot, or as soon as the first and second program part have been successfully stored, or an error is detected when storing the first and/or second program part, predefined processing steps are respectively carried out in a predefined order by the first processing unit aid the second processing unit depending on the actual state of the first processing unit and the actual state of the second processing unit.Type: GrantFiled: October 15, 2012Date of Patent: June 14, 2016Assignee: Continental Automotive GmbHInventors: Bernd Meyer, Stefan Pyka, David Von Oheimb
-
Publication number: 20140298104Abstract: An IT system includes at least one first processing unit and one second processing unit The first and second processing units jointly execute an application program and are each associated with an installation routine designed to control updating of a first or second program part of the application program. A first actual state is associated with the first processing unit and a second actual state is associated with the second processing unit. After system reboot, or as soon as the first and second program part have been successfully stored, or an error is detected when storing the first and/or second program part, predefined processing steps are respectively carried out in a predefined order by the first processing unit aid the second processing unit depending on the actual state of the first processing unit and the actual state of the second processing unit.Type: ApplicationFiled: October 15, 2012Publication date: October 2, 2014Inventors: Bernd Meyer, Stefan Pyka, David Von Oheimb
-
Publication number: 20100204880Abstract: A data processing device having a security processor for processing data in a manner secure from manipulation and/or a confidential manner. At least one ASIC circuit is connected to the security processor via an internal bus. The ASIC circuit has a plurality of interfaces for connecting peripheral units, and the security processor exchanges data with the peripheral units via the ASIC circuit.Type: ApplicationFiled: September 8, 2008Publication date: August 12, 2010Applicant: Continental Automotive GmbHInventor: David von Oheimb