Abstract: The authentication mechanism provides a personalized, server-specific authentication of a user with respect to a service server using an authentication token. The method includes a registration of a user with a service server, which includes a creation of a personalized user account for the user with the service server. Furthermore, a server-specific, asymmetric cryptographic key pair is generated for the user by an authentication token, the key pair including an authentication key and an authenticating key. The authenticating key is made available to the service server and assigned to the personalized user account thereby.

Abstract: The invention relates to a method for authenticating (400) a current user of a mobile, portable communication system (100) with respect to a server (150) by means of a behavior-based authentication. The server (150) comprising a first interface and a second interface. The first interface is configured to communicate with at least one activatable device (152), and the second interface is configured to communicate with a mobile, portable communication system (100). The method for authentication comprises: receiving at least one classification result (600) by the server (150) from the mobile, portable communication system (100); evaluating the at least one classification result (600) by the server according to a predefined examination criterion (800); and activating the device (152) by the server (150) by means of a control signal.

Abstract: The method includes creating and sending a change request for a change to the system configuration of the hardware system by means of a first hardware component of the plurality of hardware components, receiving the change request by means of the further hardware components of the plurality of hardware components, checking the change request by means of the further hardware components for compatibility of the change request with the configuration of the particular receiving hardware component by using configuration data of the receiving hardware component, in the case that the requested change to the system configuration is compatible with the configuration of the receiving hardware component, generating and sending an approval of the change to the system configuration by means of the receiving hardware component, and in the case that an approval quorum of the hardware components that is necessary for consent is achieved, entering the requested change to the system configuration of the hardware system into th

Abstract: The invention relates to a method for the tamper-proof storage of data in an electronic store using a bidirectionally linked blockchain structure. The method comprises the steps of: providing a first family of functions, which comprises a plurality of functions, wherein the functions differ by at least one first parameter and are uniquely identifiable using the first parameter of each; generating an additional block to extend the blockchain structure which comprises the data to be stored; creating a first block-dependent bidirectional linking function for bidirectional linking of the last block to the additional block.

Abstract: A file management server may include a processor, a network interface for operatively coupling the file management server to a user computer system and to memory services via a network. The file management server includes a file management application configured to receive an authorisation enquiry of the user computer system to store file fragments of a file via the network in a plurality of the memory services; and in response to the receipt of the authorisation enquiry, request an authorisation token from each of the memory services and forward, to the user computer system, authorisation tokens formed as URLs and obtained in response to the request. Each URL enables direct write or direct read access to a storage space of one of the memory services identified by the URL. Metadata that allows reconstruction of the file from the stored file fragments is protected against access by the memory services.

Abstract: In one embodiment the method includes providing a bidirectionally linked blockchain structure; generating an additional block for expanding the blockchain structure, which includes the data to be stored and is intended to be linked bidirectionally to the last block of the blockchain structure, the last block of the blockchain structure including stored data; and calculating a first block-dependent linking function for bidirectionally linking the last block to the additional block. The calculation of the linking function including calculating a combined block-dependent check value of the last block and of the additional block, using the data stored in the last block and the data to be stored in the additional block; and associating the combined check value with a block-independent, linking process-specific function. The method further includes adding the first block-dependent linking function to the last block and to the additional block.

Abstract: The invention relates to a method for the tamper-proof storing of data in a bidirectionally linked blockchain structure. The method comprises the steps of creating an additional block Bi to extend the blockchain structure which comprises the data to be stored as payload data creating a bidirectional linking of the additional block Bi to a predefined number of preceding blocks, wherein creating the bidirectional linking comprises performing a backward linking of the additional block to the predefined number of preceding blocks and performing a forward linking of the predefined number of preceding blocks to the additional block.

Abstract: The invention relates to a method and to an identification apparatus (1) for identifying a person by means of facial recognition.

Abstract: In order to increase the security of value or security documents 100, a multi-luminescent security element 400 is provided which contains at least one first luminescence means 510 and at least one second luminescence means 520. The first luminescence means 510 can be excited under first excitation conditions Sp-1 for the purpose of luminescence, and the second luminescence means 520 can be excited under second excitation conditions Sp-2 for the purpose of luminescence, said second excitation conditions Sp-2 differing from the first excitation conditions Sp-1. The multi-luminescent security element 400 is additionally equipped with at least one absorber means 600 which prevents an excitation of the at least one first luminescence means 510 under the second excitation conditions Sp-2 for the purpose of luminescence.

Abstract: The method includes generating an additional block for expanding a blockchain structure, which includes the data to be stored and is intended to be linked bidirectionally to the last block of the blockchain structure; calculating a first check value of the last block for bidirectionally linking the additional block to the last block of the blockchain structure; calculating a check value of the additional block for bidirectionally linking the additional block to the last block of the blockchain structure; adding the first check value of the last block to the last block and; adding the check value of the additional block to the additional block.

Abstract: The invention relates to a method for securely providing a personalized electronic identity on a terminal (2) which can be used by a user (1) for identification purposes when claiming an online service. In the method, an identification application is ran on a terminal (2), which is assigned to a user (1), in a system comprising data processing devices (9; 10; 11; 12) and said terminal (2), and additionally a personalization application and an identity provider application are ran.

Abstract: A system includes a first computer system (FCS) configured to receive an authentication request of a user with respect to the first authentication system (FAS), and communicate an unsuccessful authentication attempt. In response, a bridge computer system (BCS), is configured to request a user ID and receive at least the user ID; identify an address of a second computer system (SCS) based on the user ID; and initiate the second authentication system (SAS) using the address. The SCS, if the user has been successfully authenticated with respect to the SAS, is configured to communicate successful authentication to the BCS; and in response, the BCS is configured to send the FAS a confirmation message, and the FCS is configured to treat the user as authenticated.

Abstract: In order to increase the security of value or security documents 100, a multi-luminescent security element 400 is provided which contains at least one first luminescence means 510 and at least one second luminescence means 520. The first luminescence means 510 can be excited under first excitation conditions Sp-1 for the purpose of luminescence, and the second luminescence means 520 can be excited under second excitation conditions Sp-2 for the purpose of luminescence, said second excitation conditions Sp-2 differing from the first excitation conditions Sp-1. The multi-luminescent security element 400 is additionally equipped with at least one absorber means 600 which prevents an excitation of the at least one first luminescence means 510 under the second excitation conditions Sp-2 for the purpose of luminescence.

Abstract: A method for providing and checking the validity of a virtual document on a first computer system is disclosed. The virtual document is provided by means of a mobile second computer system for a first computer system. The method includes receiving a password-protected storage address of a first database at which the virtual document can be read, reading the virtual document, displaying the virtual document on a display of the first computer system, receiving a unique second identifier of the mobile second computer system, calculating a third identifier using the received second identifier and a hash value of the virtual document, identifying the database entry of the second database in which a first identifier of a first pairing consisting of the mobile second computer system and the first virtual document is stored, comparing the calculated third identifier with the first identifier stored in the identifier database entry.

Abstract: A method for issuing a virtual document by a first computer system of an issuer, includes creating the virtual document; calculating a hash value of the virtual document; sending a signed entry request including the hash value to a blockchain server; receiving the signed entry request by the blockchain server; and executing, by the blockchain server, program instructions of a program module identified by the signed entry request, wherein the execution of the program instructions includes checking the signature of the entry request, using a public cryptographic key of the issuer registered in the blockchain, and, if the signature is valid, generating an additional block of the blockchain for the issue of the virtual document, wherein the generated block includes an entry associated with the program module and including the first hash value.

Abstract: The method includes creating a signed output instruction for outputting a vehicle certificate, having a data record characterising the vehicle, using the blockchain, in the case of a valid signature, receiving the vehicle certificate, outputting the vehicle certificate, wherein the output vehicle certificate includes a machine-readable code, wherein the machine-readable code includes a private cryptographic key of an asymmetric key pair, wherein a public cryptographic key of the asymmetric key pair is identified in the blockchain as a check value for checking a signature of a read request for reading vehicle data of the vehicle certificate from the blockchain.

Abstract: An ID token includes a sensor, a communication interface, and a first microcontroller. The ID token includes a protected second microcontroller having at least one microcontroller communication interface, which is arranged in a holder of the ID token, wherein the microcontroller communication interface provides a data input and a data output. The first microcontroller is configured as a proxy for switching between the sensing of the measurement data by the sensor and forwarding of the sensed measurement data from the sensor to the first application of the protected second microcontroller by the microcontroller communication interface thereof on the one hand and forwarding of notifications for establishing a connection between the second application and the reading device and/or forwarding of APDUs by the connection between the second application and the reading device on the other hand.

Abstract: A method for integrating a hologram into the body of a security document that has a laminated body. The method includes: providing a holographic film having a backing substrate layer and a photo layer; providing additional substrate layers; carrying out a laminating process in order to form the laminated body, the holographic film together with the additional substrate layers being collated to form a substrate layer stack and being combined, together with the additional substrate layers, in a high-pressure, high-temperature laminating method to form the laminated body. There is also described a corresponding security document body.

Abstract: The invention relates to a method for cryptographically secure storing a file (101) using a web application executed by a web browser (106) on a user computer system (104, 162, 168) of a user (102, 160). The method comprises: encrypting the file (101) on the user computer system (104, 162, 168) by the web application, providing a distribution plan by the web application, fragmenting the encrypted file (101) on the user computer system (104, 162, 168) by the web application into a plurality of file fragments (F1-F4) according to the distribution plan, sending the resulting file fragments (F1-F4) by the web application over the network (178) to the storage services identified by the distribution plan (SD1-SD6).

Abstract: Method for generating a digital signature for a digital content using a computer and trustworthy signature hardware connected thereto for data exchange, includes generating a message digest from the digital content by an application executed on the computer; generating descriptive data relating to the electronic digital signature; transmitting the message digest and the descriptive data to the trustworthy signature hardware; outputting the descriptive data at an output device of the trustworthy signature hardware; carrying out a user interaction as precondition for the continuation of the method; generating signature data from the message digest and the descriptive data by the trustworthy signature hardware; and transmitting the signature data from the trustworthy signature hardware to the computer and in particular the application.