Abstract: A method of starting-up a computer system includes accessing a second storage area of a storage in which program data are stored; loading and executing the program data from a second storage area; mounting an external storage medium connected to the computer system, wherein a file system key that decrypts a file system data is stored on an external storage medium, wherein the file system key is encrypted on the external storage medium; loading the encrypted file system key from the external storage medium into the computer system; decrypting the encrypted file system key by a key stored in the second storage area; setting the decrypted file system key in a cryptographic module established by the start-up process; and decrypting and loading file system data of the encrypted file system by the cryptographic modules by the set file system key, whereby the computer system is started up completely.

Abstract: A method of starting-up a computer system includes accessing a second storage area of a storage in which program data are stored; loading and executing the program data from a second storage area; mounting an external storage medium connected to the computer system, wherein a file system key that decrypts a file system data is stored on an external storage medium, wherein the file system key is encrypted on the external storage medium; loading the encrypted file system key from the external storage medium into the computer system; decrypting the encrypted file system key by a key stored in the second storage area; setting the decrypted file system key in a cryptographic module established by the start-up process; and decrypting and loading file system data of the encrypted file system by the cryptographic modules by the set file system key, whereby the computer system is started up completely.

Abstract: A method for secure data management in a computer network includes automatically calculating a key from a predetermined number of key fragments of a predetermined length for an encryption of data, encrypting data of a data set to be protected by the calculated key, dividing the data set into a predetermined number of data subsets, wherein the above steps are carried out by at least one processing computer system from a group of processing computer systems, and transmitting the key fragments and the data subsets to a distributed protection system in the computer network, wherein in each case one or more key fragments and in each case one or more data subsets are transmitted respectively from the at least one processing computer system to in each case one entity from a plurality of entities of the distributed protection system in the computer network, and storing all transmitted key fragments and data subsets in the respective entities of the distributed protection system.

Abstract: A method communicates between secured computer systems in a computer network infrastructure. Data packets are transmitted between a plurality from a group of processing computer systems, wherein such a transmission is performed by at least one broker computer system. The data packets are advantageously routed via at least one relay system connected upstream or downstream of the broker computer system in a transmission path of the data packets. All from the group of processing computer systems keep predetermined network ports at least temporarily closed so that access to a respective processing computer system via a network by the network ports is prevented. The relay system keeps predetermined network ports closed at least to the broker computer system, which has the relay system connected downstream so that access to the relay system via a network by the network ports is prevented.

Abstract: A method of unblocking external computer systems includes transmitting an authentication packet from an external computer system, configured outside the computer network infrastructure, to a broker computer system within the computer network infrastructure, wherein the authentication packet contains signed information for authentication of the external computer system, automatically transmitting the authentication packet from the broker computer system to at least one processing computer system within the computer network infrastructure, wherein the processing computer system keeps predetermined network ports at least temporarily closed wherein, however, the processing computer system is capable of accessing the broker computer system to fetch the authentication packet from the broker computer system, unblocking at least one selective network port by the processing computer system for communication with the external computer system, and establishing a connection to the selectively unblocked network port of th

Abstract: A computer system architecture, wherein a virtual machine and a virtual network bridge are controllable by a basic operating system, the virtual machine is linked to the virtual network bridge and set up for communication with further virtual machines within a virtual communication subnetwork, establishment of a connection from the virtual machine to an external physical network outside the physical computer system, which has a different configuration than the virtual communication subnetwork, is prevented, and the network ports of the physical computer system are set up such that relaying of a communication between the virtual machine and other virtual machines within the virtual communication subnetwork beyond the physical computer system by the external physical network (N, N1, N2) is permitted, but establishment of a connection from the external physical network from outside the physical computer system to the physical computer system independently of the virtual communication subnetwork is prevented.

Abstract: A routing method of forwarding task instructions between secured computer systems in a computer network infrastructure includes calling up routing information stored in a key computer system, generating a task file in the key computer system, wherein the task file comprises at least the routing information and a task description of at least one task for the target computer system; transmitting the task file based upon the routing information along the communication path from the key computer system by the group of the broker computer systems to the target computer system; verifying validity of the task file by the target computer system; executing at least one task in the target computer system by the task file in the case that verification of validity of the task file was successful.

Abstract: A method unblocks external computer systems for communication with secured processing computer systems in a computer network infrastructure. An instruction packet is transmitted from an external computer system to a broker computer system within the computer network infrastructure. A random port number of a network port is then generated by the broker computer system, and the random port number is transmitted to a processing computer system. The processing computer system at least temporarily keeps predetermined network ports closed so that access by the external computer system via network by the network ports is prevented, wherein the random port number and/or other information can be interchanged between the processing computer system and the broker computer system, however.

Abstract: A method of communicating between secured computer systems includes supplementing a prepared task file with specified information in a source computer system, transmitting the supplemented task file from the source computer system to a task computer system, transmitting the supplemented task file from the task computer system to a target computer system, verifying validity of the supplemented task file by the target computer system, and executing at least one task in the target computer system on the basis of the supplemented task file in the event that verification of the validity of the supplemented task file was successful, wherein both the source computer system and the target computer system at least temporarily keep specified network ports closed such that addressability of the source computer system or of the target computer system, respectively, via a network for storing or fetching the task file is prevented, but the task computer system is accessible with at least one listening open network port via

Abstract: A method of booting a production computer system includes establishing a connection between a key computer system and the production computer system, gathering information about system data of the production computer system, transmitting the information about the system data of the production computer system to the key computer system, comparing the gathered information with comparison information stored in the key computer system, automated transmitting of a passphrase from the key computer system to the production computer system to decrypt encrypted file system date on a medium within the production computer system if the comparison is successful, decrypting the encrypted file system data on the medium by the passphrase, and loading the decrypted file system data and booting the production computer system.

Abstract: A method of accessing a physically secured rack includes assigning a task identification by a key computer system, which specifies a task for an administrator of an administration user group for access to the rack, transmitting the task identification from the key computer system to the administrator and an access control unit for the rack, prompting an input of the task identification by the access control unit, verifying the input task identification by the access control unit, prompting input of a personal access identification of the administrators by the access control unit, verifying the input personal access identification of the administrator by the access control unit, and releasing a physical access security system for the access to the administrator to the rack if both preceding verification steps are successful.

Abstract: A method unblocks external computer systems for communication with secured processing computer systems in a computer network infrastructure. An instruction packet is transmitted from an external computer system to a broker computer system within the computer network infrastructure. A random port number of a network port is then generated by the broker computer system, and the random port number is transmitted to a processing computer system. The processing computer system at least temporarily keeps predetermined network ports closed so that access by the external computer system via network by the network ports is prevented, wherein the random port number and/or other information can be interchanged between the processing computer system and the broker computer system, however.

Abstract: A method for secure data management in a computer network includes automatically calculating a key from a predetermined number of key fragments of a predetermined length for an encryption of data, encrypting data of a data set to be protected by the calculated key, dividing the data set into a predetermined number of data subsets, wherein the above steps are carried out by at least one processing computer system from a group of processing computer systems, and transmitting the key fragments and the data subsets to a distributed protection system in the computer network, wherein in each case one or more key fragments and in each case one or more data subsets are transmitted respectively from the at least one processing computer system to in each case one entity from a plurality of entities of the distributed protection system in the computer network, and storing all transmitted key fragments and data subsets in the respective entities of the distributed protection system.

Abstract: A method of distributing tasks between computer systems in a computer network infrastructure includes parallel receiving a task file by a plurality of broker computer systems, negotiating a primary broker computer system from the broker computer systems, transmitting task information of the task file from the primary broker computer system to a primary processing computer system from a plurality of processing computer systems, and performing at least one action in the primary processing computer system by the transmitted task information, wherein all from the group of the processing computer systems keep predetermined network ports used for this method closed such that no connection establishment from the exterior is permitted and access via a network by the network ports is prevented, and a respective processing computer system is capable of establishing a connection to a respective broker computer system to fetch respective task information from the broker computer system.

Abstract: A method forwards data between secured computer systems in a computer network structure. Data packets are transmitted along a predetermined communication path structure from a source computer system to at least one target computer system by means of a group of task servers, wherein the communication path structure comprises a plurality of parallel sub-paths. Both the source computer system and the target computer system keep predetermined network ports closed such that no connection establishment from the exterior to the source computer system or to the target computer system is permitted, wherein, the source computer system or the target computer system can establish a connection to a respective broker computer system to store data packets in the broker computer system or to fetch them from there.

Abstract: A routing method of forwarding task instructions between secured computer systems in a computer network infrastructure includes calling up routing information stored in a key computer system, generating a task file in the key computer system, wherein the task file comprises at least the routing information and a task description of at least one task for the target computer system; transmitting the task file based upon the routing information along the communication path from the key computer system by the group of the broker computer systems to the target computer system; verifying validity of the task file by the target computer system; executing at least one task in the target computer system by the task file in the case that verification of validity of the task file was successful.

Abstract: A method of unblocking external computer systems includes transmitting an authentication packet from an external computer system, configured outside the computer network infrastructure, to a broker computer system within the computer network infrastructure, wherein the authentication packet contains signed information for authentication of the external computer system, automatically transmitting the authentication packet from the broker computer system to at least one processing computer system within the computer network infrastructure, wherein the processing computer system keeps predetermined network ports at least temporarily closed wherein, however, the processing computer system is capable of accessing the broker computer system to fetch the authentication packet from the broker computer system, unblocking at least one selective network port by the processing computer system for communication with the external computer system, and establishing a connection to the selectively unblocked network port of th

Abstract: A method communicates between secured computer systems in a computer network infrastructure. Data packets are transmitted between a plurality from a group of processing computer systems, wherein such a transmission is performed by at least one broker computer system. The data packets are advantageously routed via at least one relay system connected upstream or downstream of the broker computer system in a transmission path of the data packets. All from the group of processing computer systems keep predetermined network ports at least temporarily closed so that access to a respective processing computer system via a network by the network ports is prevented. The relay system keeps predetermined network ports closed at least to the broker computer system, which has the relay system connected downstream so that access to the relay system via a network by the network ports is prevented.

Abstract: A method of booting a production computer system includes establishing a connection between a key computer system and the production computer system, gathering information about system data of the production computer system, transmitting the information about the system data of the production computer system to the key computer system, comparing the gathered information with comparison information stored in the key computer system, automated transmitting of a passphrase from the key computer system to the production computer system to decrypt encrypted file system date on a medium within the production computer system if the comparison is successful, decrypting the encrypted file system data on the medium by the passphrase, and loading the decrypted file system data and booting the production computer system.

Abstract: A method of communicating between secured computer systems includes supplementing a prepared task file with specified information in a source computer system, transmitting the supplemented task file from the source computer system to a task computer system, transmitting the supplemented task file from the task computer system to a target computer system, verifying validity of the supplemented task file by the target computer system, and executing at least one task in the target computer system on the basis of the supplemented task file in the event that verification of the validity of the supplemented task file was successful, wherein both the source computer system and the target computer system at least temporarily keep specified network ports closed such that addressability of the source computer system or of the target computer system, respectively, via a network for storing or fetching the task file is prevented, but the task computer system is accessible with at least one listening open network port via