Patents by Inventor Stefan Pyka
Stefan Pyka has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240168793Abstract: Various embodiments of the teachings herein include a method for checking container applications on a host system for manipulation. An example method includes: starting a respective checking process on the host system for each of at least two of the container applications; and assigning the respective checking process using a data-technology linkage. The checking processes subject the current behavior of at least one of the container applications other than the respective assigned container application to a comparison with a reference behavior of the at least one other container application.Type: ApplicationFiled: March 17, 2022Publication date: May 23, 2024Applicant: Siemens AktiengesellschaftInventors: Stefan Pyka, Roman Bendt, Rainer Falk, Christian Peter Feist, Daniela Friedrich, Christian Knierim, Ricarda Weber
-
Publication number: 20230014846Abstract: Various embodiments of the teachings herein include an integrity monitoring system for runtime integrity monitoring of a control device connected to sensors and/or actuators and comprising an automation device for collecting operating state data of the control device. The system may include an integrity monitoring unit detachably connectable directly to the control device to monitor the integrity status of the control device on the basis of operating state data transferred from the automation device to the integrity monitoring unit.Type: ApplicationFiled: October 22, 2020Publication date: January 19, 2023Applicant: Siemens AktiengesellschaftInventors: Rainer Falk, Christian Peter Feist, Steffen Fries, Axel Pfau, Stefan Pyka, Daniel Schneider, Franz Sperl
-
Patent number: 11106828Abstract: Provided is a method and apparatus for providing a cryptographic security function for the operation of a device, and to an associated computer program (product). The method for providing a cryptographic security function for the operation of a device carries out the following steps: receiving a request to provide such a security function, providing an interface to a point providing such a security function, said point being called a trust anchor, wherein said interface determines context information in accordance with the application initialing the request, providing the requested security function for the application initiating the request, wherein the determined context information influences the provision of said security function.Type: GrantFiled: March 7, 2017Date of Patent: August 31, 2021Inventors: Rainer Falk, Dominik Merli, Stefan Pyka
-
Patent number: 10489564Abstract: Provided is a method for the secure, computer-aided execution of program instructions of an application, including the following method steps. The method includes a step of switching on a learning mode of an execution environment. The method includes a further step of performing the application in the execution environment while the learning mode is switched on, wherein program instructions of the application are performed for a selected predetermined application scenario and the execution environment assigns a first application scenario-specific validity information to the performed program instructions. The method includes a step of switching on a working mode of the execution environment, wherein, in the working mode, the execution environment checks the first validity information of the program instructions, and wherein the execution environment executes the program instructions as a function of their validity information.Type: GrantFiled: January 25, 2017Date of Patent: November 26, 2019Assignee: SIEMENS AKTIENGESELLSCHAFTInventors: Hans Aschauer, Rainer Falk, Kai Fischer, Markus Heintel, Wolfgang Klasen, Dominik Merli, Axel Pfau, Stefan Pyka, Daniel Schneider
-
Publication number: 20190095648Abstract: Provided is a method and apparatus for providing a cryptographic security function for the operation of a device, and to an associated computer program (product). The method for providing a cryptographic security function for the operation of a device carries out the following steps: receiving a request to provide such a security function, providing an interface to a point providing such a security function, said point being called a trust anchor, wherein said interface determines context information in accordance with the application initialing the request, providing the requested security function for the application initiating the request, wherein the determined context information influences the provision of said security function.Type: ApplicationFiled: March 7, 2017Publication date: March 28, 2019Inventors: RAINER FALK, DOMINIK MERLI, STEFAN PYKA
-
Publication number: 20180365411Abstract: A method for providing a security function, in particular a cryptographic function, for a device, wherein the following method steps are carried out: receiving a request to execute the security function; loading a security application for the security function via a control application, wherein the control application is stored on a first internal memory of a security module and the security application is transferred from a memory which is external to the security module; checking an integrity of the security application by means of security information; executing the security application and providing the security function, wherein the execution and provision steps are carried out after the successful integrity checking step.Type: ApplicationFiled: November 28, 2016Publication date: December 20, 2018Applicant: Siemens AktiengesellschaftInventors: Rainer FALK, Steffen FRIES, Markus HEINTEL, Dominik MERLI, Stefan PYKA
-
Publication number: 20180341755Abstract: Provided is a method for the secure, computer-aided execution of program instructions of an application, including the following method steps. The method includes a step of switching on a learning mode of an execution environment. The method includes a further step of performing the application in the execution environment while the learning mode is switched on, wherein program instructions of the application are performed for a selected predetermined application scenario and the execution environment assigns a first application scenario-specific validity information to the performed program instructions. The method includes a step of switching on a working mode of the execution environment, wherein, in the working mode, the execution environment checks the first validity information of the program instructions, and wherein the execution environment executes the program instructions as a function of their validity information.Type: ApplicationFiled: January 25, 2017Publication date: November 29, 2018Inventors: HANS ASCHAUER, RAINER FALK, KAI FISCHER, MARKUS HEINTEL, WOLFGANG KLASEN, DOMINIK MERLI, AXEL PFAU, STEFAN PYKA, DANIEL SCHNEIDER
-
Patent number: 9960913Abstract: The invention relates to a first network unit (See) which comprises a secure hardware component (HK) for saving and running software. A second network unit (P) comprises a secure software component (SK) for saving and running software. A method for secure communication comprises: saving a first common secret, a first algorithm and a second algorithm on the network units; sending a first date from the second network unit to the first network unit; running the first algorithm on the first network unit and on the second network unit wherein the input is in each case formed by the second common secret and the first date; sending of a second date from the first network unit to the second network unit; running the second algorithm on the first network unit and on the second network unit; wherein the input is formed in each case by the second common secret and the second date; and use of the third common secret for a secure communication.Type: GrantFiled: September 16, 2013Date of Patent: May 1, 2018Assignee: Siemens AktiengesellschaftInventors: Stefan Pyka, Johannes Zwanzger
-
Patent number: 9367297Abstract: An IT system includes at least one first processing unit and one second processing unit. The first and second processing units jointly execute an application program and are each associated with an installation routine designed to control updating of a first or second program part of the application program. A first actual state is associated with the first processing unit and a second actual state is associated with the second processing unit. After system reboot, or as soon as the first and second program part have been successfully stored, or an error is detected when storing the first and/or second program part, predefined processing steps are respectively carried out in a predefined order by the first processing unit aid the second processing unit depending on the actual state of the first processing unit and the actual state of the second processing unit.Type: GrantFiled: October 15, 2012Date of Patent: June 14, 2016Assignee: Continental Automotive GmbHInventors: Bernd Meyer, Stefan Pyka, David Von Oheimb
-
Publication number: 20150334096Abstract: The invention relates to a first network unit (See) which comprises a secure hardware component (HK) for saving and running software. A second network unit (P) comprises a secure software component (SK) for saving and running software. A method for secure communication comprises: saving a first common secret, a first algorithm and a second algorithm on the network units; sending a first date from the second network unit to the first network unit; running the first algorithm on the first network unit and on the second network unit wherein the input is in each case formed by the second common secret and the first date; sending of a second date from the first network unit to the second network unit; running the second algorithm on the first network unit and on the second network unit; wherein the input is formed in each case by the second common secret and the second date; and use of the third common secret for a secure communication.Type: ApplicationFiled: September 16, 2013Publication date: November 19, 2015Inventors: Stefan Pyka, Johannes Zwanzger
-
Publication number: 20140298104Abstract: An IT system includes at least one first processing unit and one second processing unit The first and second processing units jointly execute an application program and are each associated with an installation routine designed to control updating of a first or second program part of the application program. A first actual state is associated with the first processing unit and a second actual state is associated with the second processing unit. After system reboot, or as soon as the first and second program part have been successfully stored, or an error is detected when storing the first and/or second program part, predefined processing steps are respectively carried out in a predefined order by the first processing unit aid the second processing unit depending on the actual state of the first processing unit and the actual state of the second processing unit.Type: ApplicationFiled: October 15, 2012Publication date: October 2, 2014Inventors: Bernd Meyer, Stefan Pyka, David Von Oheimb
-
Patent number: 8369514Abstract: The aim of the embodiments is to provide a method for the secure processing of data, in which security is increased in relation to side channel attacks. To achieve this, operation codes for commanding co-processors are determined, for example for the bit-dependent transposition of register contents. The solution exploits the fact that as a result of the technical configuration for the co-processor, a shift of register contents, for example from register A to register B cannot be differentiated from the exterior from a shift from register A to register C.Type: GrantFiled: December 19, 2006Date of Patent: February 5, 2013Assignee: Seimens AktiengesellschaftInventors: Michael Braun, Anton Kargl, Bernd Meyer, Stefan Pyka
-
Publication number: 20100172490Abstract: The aim of the embodiments is to provide a method for the secure processing of data, in which security is increased in relation to side channel attacks. To achieve this, operation codes for commanding co-processors are determined, for example for the bit-dependent transposition of register contents. The solution exploits the fact that as a result of the technical configuration for the co-processor, a shift of register contents, for example from register A to register B cannot be differentiated from the exterior from a shift from register A to register C.Type: ApplicationFiled: December 19, 2006Publication date: July 8, 2010Inventors: Michael Braun, Anton Kargl, Bernd Meyer, Stefan Pyka