Abstract: Some embodiments of the teachings herein include a method for integrating a new component with a device certificate of a domain with a domain root certificate into a network with at least one existing component with an existing device certificate of the domain. An example method includes: accepting a request from the new component signed with the device certificate of the domain; determining the existing component with the existing device certificate transmitting the request to the existing component; verifying the device certificate using the domain root certificate of the domain; providing a response signed with the existing device certificate and provided with a network certificate using the existing component or obtaining a response signed with the existing device certificate and provided with a network certificate from the existing component; transmitting the response to the new component; and integrating the new component into the network using the network certificate.

Abstract: Various teachings of the present disclosure include methods for providing cryptographic keys for signing data. The method may include: providing a plurality of keys as leaves of a hash tree structure having at least one first hash tree; evaluating a requirement criterion for a requirement for additional keys and, if the requirement criterion is satisfied, generating a plurality of additional keys available as leaves of a further hash tree; and integrating the further hash tree into the hash tree structure so a respective root of the further hash tree is signed with a leaf of the hash tree structure. A number of hash trees of the hash tree structure is not predetermined.

Abstract: Provided is a method for transmitting data packets over a network from a sender to a receiver via a communication link consisting of at least one transmission section, via which the data packet is transmitted from a sender node to a receiver node, the method having the following steps for at least one transmission section: first security information, which includes information about a cryptographic protective function used in the transmission of the data packet via an adjacent transmission section, is assigned to the data packet by the sender node, the data packet having the assigned security information is transmitted to the receiver node of the transmission section, the security information is checked in the receiver node against a preset guideline, and at least one measure is provided in accordance with the result of the check.

Abstract: Various embodiments of the teachings herein include a method for onboarding an IoT device (3) of a manufacturer, in a manner secure against quantum computer attacks, in an infrastructure of a customer by means of a first server (1) of a manufacturer domain of the manufacturer and a second server (2) of a customer domain of the customer. In some embodiments, three authenticated and encrypted communication channels and a key encapsulation method are used to provide a device certificate of the customer domain for the IoT device on the IoT device.

Abstract: Provided is a method for transmitting data packets over a network from a sender to a receiver via a communication link consisting of at least one transmission section, via which the data packet is transmitted from a sender node to a receiver node, the method having the following steps for at least one transmission section: first security information, which includes information about a cryptographic protective function used in the transmission of the data packet via an adjacent transmission section, is assigned to the data packet by the sender node, the data packet having the assigned security information is transmitted to the receiver node of the transmission section, the security information is checked in the receiver node against a preset guideline, and at least one measure is provided in accordance with the result of the check.

Abstract: The proposal relates to a method for transmitting data in a network (NW) comprising a plurality M of communication apparatuses, with M?2, wherein the plurality M comprises a first communication apparatus (20) and a second communication apparatus (30), which are connected via a network connection section (NVA) for the purpose of transmitting data, having the steps of: a) ascertaining a time-of-flight property of data transmitted between the first communication apparatus (20) and the second communication apparatus (30) via the network connection section (NVA) by means of the first communication apparatus (20) and the second communication apparatus (30) in each case, b) deriving a secret by means of the first communication apparatus (20) and the second communication apparatus (30) in each case, by using the respective ascertained time-of-flight property, and c) transmitting a message protected by means of the derived secret between the first and second communication apparatuses (20, 30).

Abstract: In order to grant an access to a computer-based object, a memory card having a program code processor is provided, on which at least one public and private key assigned to the memory card are stored. In addition, an item of license information is provided, which comprises at least one license code encrypted by means of the public key assigned to the memory card, on a computing device which controls the access to the computer-based object.

Abstract: Disclosed is a memory card comprising a program code processor for granting access to a computer-based object, at least one public and private key that is allocated to the memory card as well as a public key of a trustworthy entity being stored on said memory card. Furthermore, a piece of license information comprising at least one license code which is encoded by means of the public key allocated to the memory card is provided on an arithmetic unit that controls access to the computer-based object.

Abstract: Disclosed is a memory card comprising a program code processor for granting access to a computer-based object, at least one public and private key that is allocated to the memory card as well as a public key of a trustworthy entity being stored on said memory card. Furthermore, a piece of license information comprising at least one license code which is encoded by means of the public key allocated to the memory card is provided on an arithmetic unit that controls access to the computer-based object.

Abstract: In order to grant an access to a computer-based object, a memory card having a program code processor is provided, on which at least one public and private key assigned to the memory card are stored. In addition, an item of license information is provided, which comprises at least one license code encrypted by means of the public key assigned to the memory card, on a computing device which controls the access to the computer-based object.

Abstract: The invention relates to a method for generating and/or validating electronic signatures during which an asymmetric key pair is generated that comprises a private signature key and a public validation key. In addition, at least one electronic signature is calculated by using the private signature key and by applying a predeterminable signature function for at least one electronic document. A certification of the public validation key ensues after the calculation of the at least one electronic signature.