Abstract: Various embodiments of the teachings herein include an industrial device. An example includes: a number of integrity measuring units for providing integrity measurement values; an attestation unit to provide an integrity attestation protected by a first cryptographic protection indicating an integrity of the device or of a part of the device, wherein the integrity attestation has a number of provided integrity measurement values; and a confirmation unit connected to the attestation unit via a physically protected transmission path, the confirmation unit comprising: a checking unit to provide checking information by checking a state of the confirmation unit and/or of the industrial device, and an issuing unit to issue a confirmation attestation protected by a second cryptographic protection depending on the provided checking information.

Abstract: A method for granting access to objects by entities in a computerized system includes: providing an access control list (ACL) specifying for each object access rights to the objects of the computerized system; assigning a capability requirement information to at least one of the objects in the ACL; assigning a capability information to at least one entity of the entities in the computerized system; requesting access to an object by an entity; checking if the requesting entity has an access right in accordance with the ACL; and granting access to the requested object by the requesting entity only when the capability information assigned to the requesting entity matches with the capability requirement information assigned to the requested object. The combination of an ACL based access to files with capabilities improves the security of the system.

Abstract: The disclosure relates to a method and a device for authenticating an FPGA configuration. The method includes at least partly reading the configuration of a FPGA by the FPGA itself and calculating a first checksum using the read configuration. The method further includes providing an authentication response which confirms that the FPGA configuration is authentic when the first checksum matches a specified checksum, wherein the reading, calculating, and providing are carried out in an obfuscated manner. The authentication response confirming that the FPGA configuration is authentic is not provided or is only provided with a very low degree of probability when the first checksum and the specified checksum do not match. In this regard, an FPGA may check its own configuration.

Abstract: A signing system for validating stateful hash-based digital signatures includes a signing device, a logging device and a verifying device, wherein each signing device is configured to receive data, generate a hash-based digital signature including a one-time signature, generate a one-time public key, send the generated one-time public key, send the hash-based digital signature, the verifying device is configured to generate a validation one-time public key, send the validation one-time public key, and the logging device is configured to store the generated one-time public key, receive a validation one-time public key, compare the validation one-time public key with all one-time public keys, provide a validation feedback signal, if the validation one-time public key coincides with exactly one stored one-time private key, and provide a warning feedback signal, if the validation one-time public key does not coincide with exactly one stored one-time private key.

Abstract: Various embodiments of the teachings herein include methods for determining a Gaussian integer congruent to a given Gaussian integer modulo. The method may include: starting with a Gaussian integer base raised to an integer exponent having a norm smaller than or equal to that of the Gaussian integer modulus and larger than the norm of the difference of the Gaussian integer base raised to the integer exponent and the Gaussian n integer modulus; initializing a variable value candidate for the Gaussian integer congruent with the given Gaussian integer; then iteratively decrementing the variable value by a product of the Gaussian integer modulus and a component-wise down rounded quotient of the current value of the variable value candidate and the Gaussian integer base raised to the integer exponent, as long as the quotient is not vanishing; and identifying the resulting variable value candidate as the Gaussian integer congruent.

Abstract: Various embodiments of the teachings herein include a method for arranging a shared cryptographic key with a communication partner. The method may include: selecting a first point of a first elliptic curve; sending the first point to the communication partner using a public channel; receiving a second point of the first elliptic curve from the communication partner; and determining the shared key using a non-trivial, inverse shared mapping of the second point with respect to a shared isomorphic mapping of a second elliptic curve onto the first elliptic curve.

Abstract: Methods and devices are provided for establishing secure communication between the devices without relying on local time information. According to the methods, a client device, which is going to establish the secure communication to a server device, is provided by the server device with a proof of its integrity. The proof of integrity of the server device is issued by a trusted third party (TTP) to which both devices have a trust relation.

Abstract: Various teachings of the present disclosure include methods for providing cryptographic keys for signing data. The method may include: providing a plurality of keys as leaves of a hash tree structure having at least one first hash tree; evaluating a requirement criterion for a requirement for additional keys and, if the requirement criterion is satisfied, generating a plurality of additional keys available as leaves of a further hash tree; and integrating the further hash tree into the hash tree structure so a respective root of the further hash tree is signed with a leaf of the hash tree structure. A number of hash trees of the hash tree structure is not predetermined.

Abstract: A monitoring system including a requesting device, a monitoring apparatus and a signing device, wherein the monitoring apparatus is configured to receive a signature request data structure, store the data, receive a hash-based digital signature generated for the data by a stateful hash-based cryptographic function of the signing device, extract a one-time signature from the received hash-based digital signature, determine a one-time public key based on the stored data to be signed and the one-time signature, compare the one-time public key with previous one-time public keys determined from hash-based digital signatures previously received from the signing device, and if the one-time public key is different to any of previous one-time public keys, store the one-time public key in a data storage unit, if the one-time public key is equal to at least one of the previous one-time public keys, output a first warning signal to the requesting device.

Abstract: Various embodiments of the teachings herein include a method for arranging a shared cryptographic key with a communication partner. The method may include: selecting a first point of a first elliptic curve; sending the first point to the communication partner using a public channel; receiving a second point of the first elliptic curve from the communication partner; and determining the shared key using a non-trivial, inverse shared mapping of the second point with respect to a shared isomorphic mapping of a second elliptic curve onto the first elliptic curve.

Abstract: An issuing device is configured to: respond to a challenge request by transmitting a challenge; and respond to a certification request including a public key and ownership information thereof by issuing a digital certificate certifying the ownership information. The ownership information includes counterparty identity information relating to a ledger of a distributed database. The digital certificate is issued if it is successfully verified that a valid response to the challenge has been posted to the ledger of the distributed database and is associated therein with the counterparty identity information of the certification request. The digital certificate facilitates proofing that an owner of a public key is a given counterparty to a blockchain ledger. Also, a corresponding requesting device and corresponding methods and computer program products for issuing and requesting a digital certificate are disclosed.

Abstract: A signing system for validating stateful hash-based digital signatures includes a signing device, a logging device and a verifying device, wherein each signing device is configured to receive data, generate a hash-based digital signature including a one-time signature, generate a one-time public key, send the generated one-time public key, send the hash-based digital signature, the verifying device is configured to generate a validation one-time public key, send the validation one-time public key, and the logging device is configured to store the generated one-time public key, receive a validation one-time public key, compare the validation one-time public key with all one-time public keys provide a validation feedback signal, if the validation one-time public key coincides with exactly one stored one-time private key, and provide a warning feedback signal, if the validation one-time public key does not coincide with exactly one stored one-time private key.

Abstract: Various embodiments of the teachings herein include a method for onboarding an IoT device (3) of a manufacturer, in a manner secure against quantum computer attacks, in an infrastructure of a customer by means of a first server (1) of a manufacturer domain of the manufacturer and a second server (2) of a customer domain of the customer. In some embodiments, three authenticated and encrypted communication channels and a key encapsulation method are used to provide a device certificate of the customer domain for the IoT device on the IoT device.

Abstract: The invention relates to a booting device (2) for a computer element (1) for booting the computer element (1), wherein the booting device (2) comprises a memory unit (3) for storing a protection code (4), and a protection unit (5) for checking the integrity of a software component (6) of the computer element (1) based on the protection code (4), wherein the booting device (2) is suitable for executing the software component (6) to boot the computer element (1), wherein the protection code (4) can be at least partially changed from outside the booting device (2). The protection code, which serves to check the integrity of a booting process, can be changed and/or updated from outside the booting device, e.g. by a user.

Abstract: A method for securely starting device software is provided, in particular an operating system, of an electronic device, wherein a plurality of successive software modules which contain software code are run by the device. The method has the steps of: a) running the first software module, b) loading the subsequent software module using the preceding software module, c) checking the software code of the subsequent software module and identifying security features using an identification scheme, d) evaluating the identified security features using a security, e) running the subsequent software module if the evaluation results in a value of trustworthiness that lies above a specified threshold, and f) running steps b) to e) for each of the subsequent software modules.

Abstract: Methods and devices are provided for establishing secure communication between the devices without relying on local time information. According to the methods, a client device, which is going to establish the secure communication to a server device, is provided by the server device with a proof of its integrity. The proof of integrity of the server device is issued by a trusted third party (TTP) to which both devices have a trust relation.

Abstract: A method for granting access to objects by entities in a computerized system includes: providing an access control list (ACL) specifying for each object access rights to the objects of the computerized system; assigning a capability requirement information to at least one of the objects in the ACL; assigning a capability information to at least one entity of the entities in the computerized system; requesting access to an object by an entity; checking if the requesting entity has an access right in accordance with the ACL; and granting access to the requested object by the requesting entity only when the capability information assigned to the requesting entity matches with the capability requirement information assigned to the requested object. The combination of an ACL based access to files with capabilities improves the security of the system.

Abstract: The disclosure relates to a method and a device for authenticating an FPGA configuration. The method includes at least partly reading the configuration of a FPGA by the FPGA itself and calculating a first checksum using the read configuration. The method further includes providing an authentication response which confirms that the FPGA configuration is authentic when the first checksum matches a specified checksum, wherein the reading, calculating, and providing are carried out in an obfuscated manner. The authentication response confirming that the FPGA configuration is authentic is not provided or is only provided with a very low degree of probability when the first checksum and the specified checksum do not match. In this regard, an FPGA may check its own configuration.

Abstract: An issuing device is configured to: respond to a challenge request by transmitting a challenge; and respond to a certification request including a public key and ownership information thereof by issuing a digital certificate certifying the ownership information. The ownership information includes counterparty identity information relating to a ledger of a distributed database. The digital certificate is issued if it is successfully verified that a valid response to the challenge has been posted to the ledger of the distributed database and is associated therein with the counterparty identity information of the certification request. The digital certificate facilitates proofing that an owner of a public key is a given counterparty to a blockchain ledger. Also, a corresponding requesting device and corresponding methods and computer program products for issuing and requesting a digital certificate are disclosed.