Abstract: A method for providing an authenticated connection between at least two communication partners including implementing a server application on a first communication partner of the at least two communication partners, implementing a first user application on a second communication partner of the at least two communication partners, and carrying out an application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner. The method enables a coupling of at least two communication partners which is effected at the application level and is independent of the protection of the communication connection between the communication partners.

Abstract: A method for protected communication by a vehicle which includes generating a key pair consisting of a private key and a public key and/or of one or more symmetric keys for the vehicle or for a controller of the vehicle in the area of influence of the vehicle manufacturer, generating a first certificate using the key pair, introducing the key pair and the first certificate and/or the symmetric key into the vehicle or the controller, authenticating the vehicle or the controller to a new communication partner by generation of a new key pair for this communication path and sending a signed message together with the certificate, and authenticating a new communication partner to the vehicle or the controller using a signed message and a public key, which are produced by the new communication partner on the basis of a certification by the vehicle manufacturer.

Abstract: A method for providing an authenticated connection between at least two communication partners including implementing a server application on a first communication partner of the at least two communication partners, implementing a first user application on a second communication partner of the at least two communication partners, and carrying out an application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner. The method enables a coupling of at least two communication partners which is effected at the application level and is independent of the protection of the communication connection between the communication partners.

Abstract: A method providing security the first time a mobile device makes contact with a device including a trusted entity introducing asymmetric key into a mobile device, performing a key exchange method on contact-making resulting in a shared key in the mobile device and in the device, generating a first signature with the symmetric key using the shared key in the mobile device, generating a second signature with the symmetric key using the shared key in the device, transmitting the first signature to the device and the second signature to the mobile device, authenticating the device by cryptographic verification of the second signature with the symmetric key in the mobile device, authenticating the mobile device by cryptographic verification of the first signature with the symmetric key in the device, and continuing contact-making in the event of mutual successful authentication or termination of contact-making if at least one authentication has failed.

Abstract: A method for a manipulation protection of useful data packets to be transmitted via a bus system between at least two system components, wherein the system components include a signing and signing test unit by which data packets can be generated and tested. A first one of the system components generates an independent protective data packet with protective information for a useful data packet to be transmitted via the bus system, which protective data packet is independent of this useful data packet but, can be allocated unambiguously to it, after which the generated protective data packet is sent out separately from the associated useful data packet via the bus system to the second one of the system components and a verification of the authenticity of the useful data packet to be transmitted is effected by the transmitted protective data packet by the second one of the system components.

Abstract: A component for connecting to a data bus wherein the component implements at least one cryptographic functionality. Also disclosed is a method for implementing a cryptographic functionality in such a component. The implementation of the cryptographic functionality is based on a specified selection of cryptographic functions, methods and protocols adapted to the performance of the component, wherein minimum lengths are defined for the respectively used cryptographic keys.

Abstract: A method is described for revoking a group of certificates, each of which includes a key, for an authenticated communication between one first subscriber and at least one second subscriber, one first key and one revocation value, with the aid of which the keys of the group of certificates may be calculated from the first key, being transmitted for the purpose of revocation to the at least one second subscriber.

Abstract: A method for updating software of a control unit of a vehicle which includes exchanging individual data blocks of the software in a memory of the control unit and generating cryptographic material for each exchanged data block by processing each exchanged data block with a cryptographic function. The method includes storing the generated cryptographic material in a test data block which contains cryptographic material for each data block and includes verifying the consistency of the cryptographic material, stored in the test data block, of all data blocks of the software by matching the cryptographic material stored in the test data block with consistency test data. The disclosed embodiments reduce the necessary cryptographic operations during a partial updating of the software of a control unit of a vehicle.

Abstract: A method for authenticating a radio key for a vehicle involving determining a distance between the radio key and the vehicle and authenticating the radio key. A character string generated by the radio key is transmitted to the vehicle to determine the distance. The character string is generated independently of an item of information transmitted by the vehicle, and the authentication is based on the character string.

Abstract: A method for providing an authenticated connection between at least two communication partners and to a communication system. The method includes setting up an anonymous signal-conducting connection between the at least two communication partners; checking the authenticity of a signed certificate used by a first communication partner of the at least two communication partners by a second communication partner of the at least two communication partners; reproducing an authentication code by the second communication partner after the check of the authenticity of the signed certificate used by the first communication partner has been carried out; and confirming the authentication code reproduced by the second communication partner by a user by the first communication partner. The method provides a possibility which increases the security of a certificate-based authentication of a communication connection between at least two communication partners.

Abstract: A method for providing an authenticated connection between at least two communication partners and to a communication system. The method includes providing a shared secret key for the at least two communication partners; setting up an anonymous signal-conducting connection between the at least two communication partners, wherein all messages of the connection between the at least two communication partners are encrypted using the shared secret key; and authenticating the connection between the at least two communication partners by a user. The method provides a secure and convenient authentication of a connection between two communication partners, wherein the authentication is effected at the application level.

Abstract: A method for providing an authenticated connection between at least two communication partners including implementing a server application on a first communication partner of the at least two communication partners, implementing a first user application on a second communication partner of the at least two communication partners, and carrying out an application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner. The method enables a coupling of at least two communication partners which is effected at the application level and is independent of the protection of the communication connection between the communication partners.

Abstract: A component for connecting to a data bus wherein the component implements at least one cryptographic functionality. Also disclosed is a method for implementing a cryptographic functionality in such a component. The implementation of the cryptographic functionality is based on a specified selection of cryptographic functions, methods and protocols adapted to the performance of the component, wherein minimum lengths are defined for the respectively used cryptographic keys.

Abstract: A component for processing a datum requiring protection, which component implements at least one security function for protecting the datum requiring protection, and a method for implementing a security function for protecting a datum requiring protection in such a component. The datum requiring protection is assigned to a protection target class. The security function includes at least one protective measure from a selection of protective measures associated with the protection target class.

Abstract: A method for implementing an encrypted client-server communication, wherein the server includes an entry point, service systems behind the entry point, and a secure system. The method includes incorporating common cryptographic material into the client and into the secure system, deriving key material from the common cryptographic material in the client for an encrypted communication between the client and a service system, deriving key material from the common cryptographic material in the secure system for an encrypted communication between the client and a service system, and transferring the key material into the service system or retaining the key material in the secure system.

Abstract: A method for asymmetrical key derivation by a signing entity for a terminal including introducing identical cryptographic material into the signing entity and into the terminal; deriving in each case a private key from the cryptographic material in the signing entity and in the terminal; calculating in each case a public key from the private key in the signing entity and in the terminal; generating a signature and/or a signed public key in the signing entity; transferring the signature and/or the signed public key from the signing entity into the terminal; and appending the signature of the signing entity to the public key in the terminal.

Abstract: A method for performing certification by a control device of a vehicle including generating a first signed certificate, which has at least one public key, and generating an associated private key; single-time introduction of the first signed certificate and of the associated private key into the control device; producing a second certificate; signing a further public key in the control device, using the private key and the second certificate; and making available the signed further public key together with the first signed certificate.

Abstract: A method for protected communication by a vehicle which includes generating a key pair consisting of a private key and a public key and/or of one or more symmetric keys for the vehicle or for a controller of the vehicle in the area of influence of the vehicle manufacturer, generating a first certificate using the key pair, introducing the key pair and the first certificate and/or the symmetric key into the vehicle or the controller, authenticating the vehicle or the controller to a new communication partner by generation of a new key pair for this communication path and sending a signed message together with the certificate, and authenticating a new communication partner to the vehicle or the controller using a signed message and a public key, which are produced by the new communication partner on the basis of a certification by the vehicle manufacturer.

Abstract: A method for a manipulation protection of useful data packets to be transmitted via a bus system between at least two system components, wherein the system components include a signing and signing test unit by which data packets can be generated and tested. A first one of the system components generates an independent protective data packet with protective information for a useful data packet to be transmitted via the bus system, which protective data packet is independent of this useful data packet but, can be allocated unambiguously to it, after which the generated protective data packet is sent out separately from the associated useful data packet via the bus system to the second one of the system components and a verification of the authenticity of the useful data packet to be transmitted is effected by the transmitted protective data packet by the second one of the system components.

Abstract: A method for indicating authorized authentication media for a vehicle including detecting a key authorized for the vehicle via a first interface; ascertaining the authentication media that are authorized for the vehicle; and outputting an indication if, on the one hand, the key authorized for the vehicle was detected previously and if, on the other hand, at least one authentication medium was ascertained in the course of the ascertaining step, wherein the vehicle communicates with the authentication media via a second interface, which differs from the first interface. Also disclosed is a device and vehicle.