Abstract: Provided is a method for overload protection in a container-virtualized computing apparatus that provides a computer-implemented application by at least one work container, having the following steps: —receiving a request message to call the application, checking the currently existing workload of the computing apparatus against a stipulated load limit value, and if the current workload is higher than the load limit value, forwarding the request message to a load rejection container that provides at least one form of handling of the application that is modified compared to the work container.

Abstract: A computer-implemented method for configuring an access protection system which is suitable for regulating a data communication link of a computer-implemented application between a first computer network and a second computer network is provided. For this purpose, the computer-implemented application is run in the first computer network in a production environment or in an image of the first computer network in a test system. A data communication link of the computer-implemented application to the second computer network is determined by a sensor and a configuration rule is derived therefrom for the access protection system for permitting the data communication link of the computer implemented application between the first computer network and the second computer network in the production system. Also provided are a device, a test system, an access protection system, a computer program product and a computer-readable data carrier.

Abstract: A system for providing a control program code (SPC) for controlling a device connected to a control device has: an authentication service which, after successful authentication of the device with respect to the authentication service, transmits a device ID (FG-ID) of the authenticated device to a commissioning service which, on the basis of the device ID (FG-ID) of the authenticated device, transmits a control program code (SPC) to a control device which controls the authenticated device using the control program code (SPC).

Abstract: A network device and a method for operating a network device for an automation network are provided. The network device is set up with the help of a real-time application for providing a function of the network device. The real-time application has at least one predefined, updatable parameter. The network device has a storage device for storing update data for the updatable parameter in an update storage area and storing application data for the real-time application in an application storage area. The network device is set up such that, after update data has been written into the update storage area at a predefined update time, a first memory address referring to the application storage area switches to a second memory address referring to the update storage area in which the update data is stored. The switch takes place deterministically within a predefined update timeslot during runtime of the real-time application.

Abstract: Method and system for providing device-specific operator data for an automation device in an automation installation, which automation device authenticates itself to an authentication server in the automation installation via at least one authentication credential, wherein if up-to-date device-specific operator data from the installation operator of the automation installation are available for the automation device, then the up-to-date device-specific operator data are tied to the authentication credential of the authentication device.

Abstract: A method for producing a hardware device, in particular a trusted platform module for the execution of at least one cryptographic algorithm, the hardware device corresponding to a real-time class, i.e., it fulfils specifiable run-time requirements for real-time applications, wherein the method comprises preparing at least one cryptographic algorithm in the manner of a program code; determining a maximum/longest execution time (WCET) for the algorithm, producing a tamper-proof hardware module, which is configured to execute the algorithm, and assigning the hardware module to a real-time class depending on the maximum/longest execution time (WCET).

Abstract: A device for transcoding during an encryption-based access check of a client device to a databank, which provides a data set in an encrypted area, has: a unit for assigning a specific access level of the client device and for providing a corresponding first group key of the client device as a function of a registration parameter, wherein the client device is allowed access to a first area, which is encrypted using the first group key, and all areas of the database subordinate to the first area as a function of the assigned access level; a unit for providing a classification result depending on a classification of the data set of the particular area by one of the client devices allowed to access the particular area; and a unit for transcoding the data set and/or a data set key for the data set as a function of the classification result.

Abstract: The embodiments relate to methods for plagiarism protection for cryptographic challenge-response methods, wherein an originality test for products that require a secret symmetric or private asymmetric key on the product side is carried out such that a plagiarism protection service is set up as a web service that carries out a calculation of the challenge for the product to be tested and a verification of the response for the product and sends the result of the verification in an integrity-protected manner to a testing unit authorized for plagiarism testing, and which, if the cryptographic challenge-response method is not present on the product to be tested after the key has been authenticated and authorized by the product to be tested, can subsequently send software for calculating the response directly to the product online.

Abstract: A system for providing a control program code (SPC) for controlling a device connected to a control device has: an authentication service which, after successful authentication of the device with respect to the authentication service, transmits a device ID (FG-ID) of the authenticated device to a commissioning service which, on the basis of the device ID (FG-ID) of the authenticated device, transmits a control program code (SPC) to a control device which controls the authenticated device using the control program code (SPC).

Abstract: In a method for detecting infringements of the authenticity of a system component an authentication request is sent from a controller to an authentication device of the system component. A first authentication code is calculated in the authentication device by applying a shared one-way function to an identification code, stored in the authentication device, for the system component. A second authentication code in the controller is calculated by applying the shared one-way function to an identification code, stored in the controller, for the system component, and an authentication response including the first authentication code is sent from the authentication device to the controller. The first authentication code is compared with the second authentication code in the controller for detecting infringements of the authenticity of the system component.

Abstract: Against the background of continually growing problems of product piracy, in particular due to the further expansion and liberalization of international trade, there is great demand for automated and reliable inspection of the authenticity of products. Thus, methods and systems are provided for inspecting a product as an original product of a product producer by authenticating at least one RFID (Radio Frequency Identification) tag allocated to the product using an asymmetrical challenge response protocol.

Abstract: A method for producing a hardware device, in particular a trusted platform module for the execution of at least one cryptographic algorithm, the hardware device corresponding to a real-time class, i.e., it fulfils specifiable run-time requirements for real-time applications, wherein the method comprises preparing at least one cryptographic algorithm in the manner of a program code; determining a maximum/longest execution time (WCET) for the algorithm, producing a tamper-proof hardware module, which is configured to execute the algorithm, and assigning the hardware module to a real-time class depending on the maximum/longest execution time (WCET).

Abstract: Method and system for providing device-specific operator data for an automation device in an automation installation, which automation device authenticates itself to an authentication server in the automation installation via at least one authentication credential, wherein if up-to-date device-specific operator data from the installation operator of the automation installation are available for the automation device, then the up-to-date device-specific operator data are tied to the authentication credential of the authentication device.

Abstract: A network device and a method for operating a network device for an automation network are provided. The network device is set up with the help of a real-time application for providing a function of the network device. The real-time application has at least one predefined, updatable parameter. The network device has a storage device for storing update data for the updatable parameter in an update storage area and storing application data for the real-time application in an application storage area. The network device is set up such that, after update data has been written into the update storage area at a predefined update time, a first memory address referring to the application storage area switches to a second memory address referring to the update storage area in which the update data is stored. The switch takes place deterministically within a predefined update timeslot during runtime of the real-time application.

Abstract: Against the background of continually growing problems of product piracy, in particular due to the further expansion and liberalization of international trade, there is great demand for automated and reliable inspection of the authenticity of products. The present disclosure relates to methods and systems for inspecting a product as an original product of a product producer by authenticating at least one RFID (Radio Frequency Identification) tag allocated to the product using an asymmetrical challenge response protocol.

Abstract: In a method for detecting infringements of the authenticity of a system component an authentication request is sent from a controller to an authentication device of the system component. A first authentication code is calculated in the authentication device by applying a shared one-way function to an identification code, stored in the authentication device, for the system component. A second authentication code in the controller is calculated by applying the shared one-way function to an identification code, stored in the controller, for the system component, and an authentication response including the first authentication code is sent from the authentication device to the controller. The first authentication code is compared with the second authentication code in the controller for detecting infringements of the authenticity of the system component.

Abstract: A device for transcoding during an encryption-based access check of a client device to a databank, which provides a data set in an encrypted area, has: a unit for assigning a specific access level of the client device and for providing a corresponding first group key of the client device as a function of a registration parameter, wherein the client device is allowed access to a first area, which is encrypted using the first group key, and all areas of the database subordinate to the first area as a function of the assigned access level; a unit for providing a classification result depending on a classification of the data set of the particular area by one of the client devices allowed to access the particular area; and a unit for transcoding the data set and/or a data set key for the data set as a function of the classification result.