Patents by Inventor Hendrik Brockhaus
Hendrik Brockhaus has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20220191191Abstract: Provided is a method for the cryptographically protected provision of a digital certificate for a device, including the following steps: generating a one-time security ID according to a provided secret and at least one item of device-specific information; in a configuration device, transmitting the one-time security ID to the device; and in the device, generating an item of security information according to the one-time security ID; requesting a certificate by a request message, which contains an item of device-specific information and which is cryptographically protected by the security information, from an issuing authority; and at the issuing authority, checking the security information by the device-specific ID and the secret provided to the issuing authority; and transmitting a certificate to the device in the event of a positive check result.Type: ApplicationFiled: March 25, 2020Publication date: June 16, 2022Inventors: Hendrik Brockhaus, Jens-Uwe Bußer
-
Publication number: 20220158852Abstract: Various embodiments include a method for providing a proof of origin for a digital key pair comprising: generating the digital key pair at an origin specified by a device, wherein the origin comprises a security module of the device, wherein the digital key pair includes a private key stored in the security module protected against access; and providing the proof of origin confirming generation of the digital key pair at the origin, wherein the proof of origin is protected by a secret key provided by the device, wherein the secret key is stored in the security module; and issuing the public key of the digital key pair together with the proof of origin.Type: ApplicationFiled: February 7, 2020Publication date: May 19, 2022Applicant: Siemens AktiengesellschaftInventors: Hendrik Brockhaus, Jens-Uwe Busser
-
Patent number: 11165773Abstract: A network device, including two interfaces for connecting to an access-protected access point of a data network and to a network component which is to be allowed access to the data network via the access point is provided. The network device is designed to be authenticated at the access point using authentication data when the access point is connected and the network component is connected and to allow the connected network component to access the data network via the access point in the event of a successful authentication at least for network components which satisfy one or more specified criteria.Type: GrantFiled: May 31, 2016Date of Patent: November 2, 2021Inventors: Hendrik Brockhaus, Jens-Uwe Bußer, Rainer Falk
-
Patent number: 10867014Abstract: A device for adapting the use of an apparatus is provided. The device has a processing unit for checking if a license for the apparatus exists and for producing a certificate request and a transmitting/receiving unit for transmitting the certificate request to a certification server and for receiving a certificate from the certification server in response to the certificate request. The processing unit is designed to check if information contained in the certificate match the license information and to adapt the use of the apparatus on the basis of the certificate. The invention further relates to a system having such a device and to a corresponding method for adapting the use of an apparatus. By the device, acceptance of a certificate by an apparatus can be restricted such that the newly obtained certificates can be subjected to certain conditions. The conditions can, for example, define the use of the apparatus.Type: GrantFiled: May 9, 2016Date of Patent: December 15, 2020Assignee: Siemens AktiengesellschaftInventors: Hendrik Brockhaus, Jens-Uwe Bußer
-
Publication number: 20200366506Abstract: Provided is a method for the secure replacement of a first manufacturer certificate already incorporated into a device with a second manufacturer certificate, having the steps: —identifying at least one specific device-related parameter that uniquely identifies the device and that is contained in the first manufacturer certificate and uniquely identifies the device from a trusted device database, —generating a second manufacturer certificate containing at least the specific device-related parameter of the first certificate; and —incorporating the first manufacturer certificate into the device through the second manufacturer certificate, as well as a system designed to perform the method.Type: ApplicationFiled: August 9, 2018Publication date: November 19, 2020Inventors: Hendrik Brockhaus, Jens-Uwe Bußer
-
Patent number: 10706137Abstract: An apparatus for using a certificate on a device is proposed, including a processing unit for generating a certificate request and a transmitter-receiver unit for transmitting the generated certificate request to a first external computing unit, which is configured to generate a certificate for the device and to allow a second external computing unit to re-sign the certificate with an additional manufacturer's signature, and for receiving the re-signed certificate from the external computing unit. The processing unit is further configured to check the manufacturer's signature based on information stored in the device and to use the certificate depending on a result of the check. Furthermore, a system and a corresponding method are proposed.Type: GrantFiled: June 27, 2016Date of Patent: July 7, 2020Assignee: Siemens AktiengesellschaftInventors: Hendrik Brockhaus, Jens-Uwe Bußer
-
Patent number: 10680832Abstract: A computer apparatus for transmitting a certificate to a device in an installation is provided. The computer apparatus has a coupling unit for establishing and breaking a connection between the computer apparatus and the device, a processing unit for transmitting a certificate to the device by means of the established connection, wherein the certificate is valid for a first time period and is issued by a certification authority based on a certificate request, and a receiving unit for receiving a further certificate request from the device by means of the established connection, wherein the further certificate request is designed to request a certificate for a second time period, wherein the coupling unit is designed to break the connection after the certificate is transmitted and the further certificate request is received.Type: GrantFiled: August 23, 2017Date of Patent: June 9, 2020Assignee: SIEMENS SCHWEIZ AGInventors: Hendrik Brockhaus, Jens-Uwe Bußer, Jürgen Gessner
-
Authorization apparatus and method for an authorized issuing of an authentication token for a device
Patent number: 10511587Abstract: Provided is a method for an authorized issuing of an authentication token for a device, including requesting an authentication token for the device by sending a request message and at least one authentication parameter to an authorization apparatus, verifying authenticity of the request message using the authentication parameter, verifying authorization for the request by comparing information on the device obtained with the request message in the authorization apparatus with context information for the device stored in a database, and on success of the verification of the authenticity and of the authorization, authorizing the issuing of the requested authentication token.Type: GrantFiled: May 18, 2016Date of Patent: December 17, 2019Assignee: SIEMENS AKTIENGESELLSCHAFTInventors: Hendrik Brockhaus, Steffen Fries, Michael Munzert, David Von Oheimb -
Patent number: 10476861Abstract: Systems and methods for characterizing a client apparatus on at least one server apparatus are provided. A first certificate is received in the event of a first request for a connection set-up from a server apparatus in a client apparatus. One or more predefined certificate parameters of the first certificate are stored as a set of characterization parameters in the client apparatus. Each further certificate from a server apparatus is checked that is received in the client apparatus in the event of a request for a further connection set-up, against the stored characterization parameter set. A request for a further connection set-up is accepted only if all of the predefined certificate parameters of the further certificate match all characterization parameters of the characterization parameter set.Type: GrantFiled: October 2, 2014Date of Patent: November 12, 2019Assignee: Siemens AktiengesellschaftInventors: Hendrik Brockhaus, Jens-Uwe Bußer, Steffen Fries, David von Oheimb
-
Patent number: 10461941Abstract: A data structure is provided for use as a positive list in a device, including an entry for each permitted communication partner of the device having a first identifier that explicitly identifies the communication partner, a value of a predetermined certificate field that identifies a certificate as explicitly associated with the communication partner, and a respective check value from at least one certificate of a communication partner that explicitly identifies the certificate. A method for updating the positive list for certificates from permitted communication partners of a device comprises the method steps of receiving a new certificate from a communication partner in the device, checking whether the positive list has an entry having an identifier of the communication partner and a value of a predetermined certificate field from the new certificate.Type: GrantFiled: March 13, 2017Date of Patent: October 29, 2019Assignee: Siemens AktiengesellschaftInventors: Hendrik Brockhaus, Rainer Falk, Stefan Seltzsam
-
AUTHORIZATION APPARATUS AND METHOD FOR AN AUTHORIZED ISSUING OF AN AUTHENTICATION TOKEN FOR A DEVICE
Publication number: 20180359241Abstract: Provided is a method for an authorized issuing of an authentication token for a device, including requesting an authentication token for the device by sending a request message and at least one authentication parameter to an authorization apparatus, verifying authenticity of the request message using the authentication parameter, verifying authorization for the request by comparing information on the device obtained with the request message in the authorization apparatus with context information for the device stored in a database, and on success of the verification of the authenticity and of the authorization, authorizing the issuing of the requested authentication token.Type: ApplicationFiled: May 18, 2016Publication date: December 13, 2018Inventors: HENDRIK BROCKHAUS, STEFFEN FRIES, MICHAEL MUNZERT, DAVID VON OHEIMB -
Publication number: 20180211025Abstract: An apparatus for using a certificate on a device is proposed, including a processing unit for generating a certificate request and a transmitter-receiver unit for transmitting the generated certificate request to a first external computing unit, which is configured to generate a certificate for the device and to allow a second external computing unit to re-sign the certificate with an additional manufacturer's signature, and for receiving the re-signed certificate from the external computing unit. The processing unit is further configured to check the manufacturer's signature based on information stored in the device and to use the certificate depending on a result of the check. Furthermore, a system and a corresponding method are proposed.Type: ApplicationFiled: June 27, 2016Publication date: July 26, 2018Inventors: Hendrik Brockhaus, Jens-Uwe Bußer
-
Publication number: 20180152447Abstract: A network device, two interfaces for connecting to an access-protected access point of a data network and to a network component which is to be allowed access to the data network via the access point. The network device is designed to be authenticated at the access point using authentication data when the access point is connected and the network component is connected and to allow the connected network component to access the data network via the access point in the event of a successful authentication at least for network components which satisfy one or more specified criteria.Type: ApplicationFiled: May 31, 2016Publication date: May 31, 2018Inventors: Hendrik Brockhaus, Jens-Uwe Busser, Rainer Falk
-
Publication number: 20180137259Abstract: A device for adapting the use of an apparatus is provided. The device has a processing unit for checking if a license for the apparatus exists and for producing a certificate request and a transmitting/receiving unit for transmitting the certificate request to a certification server and for receiving a certificate from the certification server in response to the certificate request. The processing unit is designed to check if information contained in the certificate match the license information and to adapt the use of the apparatus on the basis of the certificate. The invention further relates to a system having such a device and to a corresponding method for adapting the use of an apparatus. By the device, acceptance of a certificate by an apparatus can be restricted such that the newly obtained certificates can be subjected to certain conditions. The conditions can, for example, define the use of the apparatus.Type: ApplicationFiled: May 9, 2016Publication date: May 17, 2018Inventors: Hendrik Brockhaus, Jens-Uwe Bußer
-
Publication number: 20180131520Abstract: A method for securely interchanging configuration data between a first apparatus and a second apparatus, including the steps of producing a digital signature for the configuration data for the first apparatus using a piece of security information from the first apparatus, storing the configuration data, the digital signature and a security token in an external memory apparatus, and loading of the configuration data, the digital signature and the security token from the external memory apparatus into the second apparatus is provided. Furthermore, an arrangement for securely interchanging configuration data including an apparatus, and a first memory apparatus detachably connected to the apparatus is also provided.Type: ApplicationFiled: June 3, 2016Publication date: May 10, 2018Inventors: Hendrik Brockhaus, Jens-Uwe Bußer, Alexander Winnen
-
Publication number: 20180062861Abstract: A computer apparatus for transmitting a certificate to a device in an installation is provided. The computer apparatus has a coupling unit for establishing and breaking a connection between the computer apparatus and the device, a processing unit for transmitting a certificate to the device by means of the established connection, wherein the certificate is valid for a first time period and is issued by a certification authority based on a certificate request, and a receiving unit for receiving a further certificate request from the device by means of the established connection, wherein the further certificate request is designed to request a certificate for a second time period, wherein the coupling unit is designed to break the connection after the certificate is transmitted and the further certificate request is received.Type: ApplicationFiled: August 23, 2017Publication date: March 1, 2018Inventors: HENDRIK BROCKHAUS, JENS-UWE BUßER, JÜRGEN GESSNER
-
Publication number: 20170288880Abstract: A data structure is provided for use as a positive list in a device, including an entry for each permitted communication partner of the device having a first identifier that explicitly identifies the communication partner, a value of a predetermined certificate field that identifies a certificate as explicitly associated with the communication partner, and a respective check value from at least one certificate of a communication partner that explicitly identifies the certificate. A method for updating the positive list for certificates from permitted communication partners of a device comprises the method steps of receiving a new certificate from a communication partner in the device, checking whether the positive list has an entry having an identifier of the communication partner and a value of a predetermined certificate field from the new certificate.Type: ApplicationFiled: March 13, 2017Publication date: October 5, 2017Inventors: HENDRIK BROCKHAUS, RAINER FALK, STEFAN SELTZSAM
-
Publication number: 20160344727Abstract: Systems and methods for characterizing a client apparatus on at least one server apparatus are provided. A first certificate is received in the event of a first request for a connection set-up from a server apparatus in a client apparatus. One or more predefined certificate parameters of the first certificate are stored as a set of characterization parameters in the client apparatus. Each further certificate from a server apparatus is checked that is received in the client apparatus in the event of a request for a further connection set-up, against the stored characterization parameter set. A request for a further connection set-up is accepted only if all of the predefined certificate parameters of the further certificate match all characterization parameters of the characterization parameter set.Type: ApplicationFiled: October 2, 2014Publication date: November 24, 2016Inventors: Hendrik Brockhaus, Jens-Uwe Bußer, Steffen Fries, David von Oheimb
-
Patent number: 7721100Abstract: In order to grant an access to a computer-based object, a memory card having a program code processor is provided, on which at least one public and private key assigned to the memory card are stored. In addition, an item of license information is provided, which comprises at least one license code encrypted by means of the public key assigned to the memory card, on a computing device which controls the access to the computer-based object.Type: GrantFiled: September 20, 2004Date of Patent: May 18, 2010Assignee: Siemens AktiengesellschaftInventors: Hendrik Brockhaus, Andreas Furch, Kay-Christian Wondollek
-
Patent number: 7711957Abstract: Disclosed is a memory card comprising a program code processor for granting access to a computer-based object, at least one public and private key that is allocated to the memory card as well as a public key of a trustworthy entity being stored on said memory card. Furthermore, a piece of license information comprising at least one license code which is encoded by means of the public key allocated to the memory card is provided on an arithmetic unit that controls access to the computer-based object.Type: GrantFiled: September 20, 2004Date of Patent: May 4, 2010Assignee: Siemens AktiengesellschaftInventors: Hendrik Brockhaus, Andreas Furch, Kay-Christian Wondollek