Abstract: Provided is a device unit, including a module, which can configure the device unit with an operating state from among different operating states during the start-up process and/or during ongoing operation of the device unit, wherein a first protected operating state of the different operating states is designed to allow the execution of at least one operating process which can be predefined and to optionally protect the operating process by means of defined cryptographic means, wherein at least one second operating state of the different operating states is designed to deactivate the first protected operating state and to allow at least one other changeable operating process and to optionally protect the operating process by means of specifiable cryptographic means.

Abstract: Provided is a method for checking the integrity of user data by a processor, which includes a method step for a first check value for the user data to be computed during a security-protected mode of operation. The method includes a further method step for the first check value to be stored in a security-protected memory module of the processor during the security protected mode of operation. The method includes a further method step for a second check value for the user data to be computed during a runtime mode. The method includes a further method step for the first check value to be compared with the second check value by the processor during the runtime mode. The method includes a further method step for a piece of control information to be provided by the processor during the runtime mode, wherein the control information includes a result of the comparing.

Abstract: A method for producing a cryptographic timestamp for a digital document using multiple time servers is provided. In the method, a nonce value is produced and a current hash value is formed from the nonce value and the digital document. Then, a time server is repeatedly selected, the current hash value is transmitted to the selected time server, a response comprising a digital signature of the current hash value and a time indication is received by the selected time server, and an additional hash value is determined from the received response and used as the current hash value. The cryptographic timestamp for the digital document is formed from the nonce value and the multiple received responses. The method produces a tamperproof timestamp on a majority basis and is suitable for dating and protocolling in the field of automation and IoT.

Abstract: Provided is a method and apparatus for providing a cryptographic security function for the operation of a device, and to an associated computer program (product). The method for providing a cryptographic security function for the operation of a device carries out the following steps: receiving a request to provide such a security function, providing an interface to a point providing such a security function, said point being called a trust anchor, wherein said interface determines context information in accordance with the application initialing the request, providing the requested security function for the application initiating the request, wherein the determined context information influences the provision of said security function.

Abstract: Provided is a method for generating a device-specific identifier in a device which contains at least one programmable circuit component and the circuit of which consists of individual components that are configured by loading a bitstream, having the following method steps: displaying the reference identifier as a bit sequence and assigning each bit of the reference identifier to a respective different component of the circuit component; generating a reference bitstream for a reference circuit of the circuit component, the bitstream containing at least the specified component of the reference identifier; and entering the device specific identifier as a binary sequence by overwriting the bits of the corresponding components of the reference identifier directly in the reference bitstream.

Abstract: A method for producing a cryptographic timestamp for a digital document using multiple time servers is provided. In the method, a nonce value is produced and a current hash value is formed from the nonce value and the digital document. Then, a time server is repeatedly selected, the current hash value is transmitted to the selected time server, a response comprising a digital signature of the current hash value and a time indication is received by the selected time server, and an additional hash value is determined from the received response and used as the current hash value. The cryptographic timestamp for the digital document is formed from the nonce value and the multiple received responses. The method produces a tamperproof timestamp on a majority basis and is suitable for dating and protocolling in the field of automation and loT.

Abstract: Provided is a device unit, including a module, which can configure the device unit with an operating state from among different operating states during the start-up process and/or during ongoing operation of the device unit, wherein a first protected operating state of the different operating states is designed to allow the execution of at least one operating process which can be predefined and to optionally protect the operating process by means of defined cryptographic means, wherein at least one second operating state of the different operating states is designed to deactivate the first protected operating state and to allow at least one other changeable operating process and to optionally protect the operating process by means of specifiable cryptographic means.

Abstract: Provided is a method for the secure, computer-aided execution of program instructions of an application, including the following method steps. The method includes a step of switching on a learning mode of an execution environment. The method includes a further step of performing the application in the execution environment while the learning mode is switched on, wherein program instructions of the application are performed for a selected predetermined application scenario and the execution environment assigns a first application scenario-specific validity information to the performed program instructions. The method includes a step of switching on a working mode of the execution environment, wherein, in the working mode, the execution environment checks the first validity information of the program instructions, and wherein the execution environment executes the program instructions as a function of their validity information.

Abstract: Provided is a method for checking the integrity of user data by a processor, which includes a method step for a first check value for the user data to be computed during a security-protected mode of operation. The method includes a further method step for the first check value to be stored in a security-protected memory module of the processor during the security protected mode of operation. The method includes a further method step for a second check value for the user data to be computed during a runtime mode. The method includes a further method step for the first check value to be compared with the second check value by the processor during the runtime mode. The method includes a further method step for a piece of control information to be provided by the processor during the runtime mode, wherein the control information includes a result of the comparing.

Abstract: Provided is a method and apparatus for providing a cryptographic security function for the operation of a device, and to an associated computer program (product). The method for providing a cryptographic security function for the operation of a device carries out the following steps: receiving a request to provide such a security function, providing an interface to a point providing such a security function, said point being called a trust anchor, wherein said interface determines context information in accordance with the application initialing the request, providing the requested security function for the application initiating the request, wherein the determined context information influences the provision of said security function.

Abstract: A method for providing a security function, in particular a cryptographic function, for a device, wherein the following method steps are carried out: receiving a request to execute the security function; loading a security application for the security function via a control application, wherein the control application is stored on a first internal memory of a security module and the security application is transferred from a memory which is external to the security module; checking an integrity of the security application by means of security information; executing the security application and providing the security function, wherein the execution and provision steps are carried out after the successful integrity checking step.

Abstract: Provided is a method for the secure, computer-aided execution of program instructions of an application, including the following method steps. The method includes a step of switching on a learning mode of an execution environment. The method includes a further step of performing the application in the execution environment while the learning mode is switched on, wherein program instructions of the application are performed for a selected predetermined application scenario and the execution environment assigns a first application scenario-specific validity information to the performed program instructions. The method includes a step of switching on a working mode of the execution environment, wherein, in the working mode, the execution environment checks the first validity information of the program instructions, and wherein the execution environment executes the program instructions as a function of their validity information.

Abstract: Provided is a method for generating a device-specific identifier in a device which contains at least one programmable circuit component and the circuit of which consists of individual components that are configured by loading a bitstream, having the following method steps: displaying the reference identifier as a bit sequence and assigning each bit of the reference identifier to a respective different component of the circuit component; generating a reference bitstream for a reference circuit of the circuit component, the bitstream containing at least the specified component of the reference identifier, and entering the device specific identifier as a binary sequence by overwriting the bits of the corresponding components of the reference identifier directly in the reference bitstream.

Abstract: A method for generating a key in a programmable hardware module is provided, wherein the programmable hardware module has a bitstream containing configuration settings of the programmable hardware module. The device has a readout unit for reading at least one part of the bit stream, a generating unit for generating a key based on a cryptographic function and the at least one part of the bit stream, and a memory unit for storing the generated key. By means of the device according to the invention, a key can be generated in a simple manner using already existing information. Further provided is a programmable hardware module having such a device, and to a method for generating a key in a programmable hardware module.