Abstract: Provided is a method for the cryptographically protected provision of a digital certificate for a device, including the following steps: generating a one-time security ID according to a provided secret and at least one item of device-specific information; in a configuration device, transmitting the one-time security ID to the device; and in the device, generating an item of security information according to the one-time security ID; requesting a certificate by a request message, which contains an item of device-specific information and which is cryptographically protected by the security information, from an issuing authority; and at the issuing authority, checking the security information by the device-specific ID and the secret provided to the issuing authority; and transmitting a certificate to the device in the event of a positive check result.

Abstract: Various embodiments include a method for providing a proof of origin for a digital key pair comprising: generating the digital key pair at an origin specified by a device, wherein the origin comprises a security module of the device, wherein the digital key pair includes a private key stored in the security module protected against access; and providing the proof of origin confirming generation of the digital key pair at the origin, wherein the proof of origin is protected by a secret key provided by the device, wherein the secret key is stored in the security module; and issuing the public key of the digital key pair together with the proof of origin.

Abstract: A network device, including two interfaces for connecting to an access-protected access point of a data network and to a network component which is to be allowed access to the data network via the access point is provided. The network device is designed to be authenticated at the access point using authentication data when the access point is connected and the network component is connected and to allow the connected network component to access the data network via the access point in the event of a successful authentication at least for network components which satisfy one or more specified criteria.

Abstract: A device for adapting the use of an apparatus is provided. The device has a processing unit for checking if a license for the apparatus exists and for producing a certificate request and a transmitting/receiving unit for transmitting the certificate request to a certification server and for receiving a certificate from the certification server in response to the certificate request. The processing unit is designed to check if information contained in the certificate match the license information and to adapt the use of the apparatus on the basis of the certificate. The invention further relates to a system having such a device and to a corresponding method for adapting the use of an apparatus. By the device, acceptance of a certificate by an apparatus can be restricted such that the newly obtained certificates can be subjected to certain conditions. The conditions can, for example, define the use of the apparatus.

Abstract: Provided is a method for the secure replacement of a first manufacturer certificate already incorporated into a device with a second manufacturer certificate, having the steps: —identifying at least one specific device-related parameter that uniquely identifies the device and that is contained in the first manufacturer certificate and uniquely identifies the device from a trusted device database, —generating a second manufacturer certificate containing at least the specific device-related parameter of the first certificate; and —incorporating the first manufacturer certificate into the device through the second manufacturer certificate, as well as a system designed to perform the method.

Abstract: An apparatus for using a certificate on a device is proposed, including a processing unit for generating a certificate request and a transmitter-receiver unit for transmitting the generated certificate request to a first external computing unit, which is configured to generate a certificate for the device and to allow a second external computing unit to re-sign the certificate with an additional manufacturer's signature, and for receiving the re-signed certificate from the external computing unit. The processing unit is further configured to check the manufacturer's signature based on information stored in the device and to use the certificate depending on a result of the check. Furthermore, a system and a corresponding method are proposed.

Abstract: A computer apparatus for transmitting a certificate to a device in an installation is provided. The computer apparatus has a coupling unit for establishing and breaking a connection between the computer apparatus and the device, a processing unit for transmitting a certificate to the device by means of the established connection, wherein the certificate is valid for a first time period and is issued by a certification authority based on a certificate request, and a receiving unit for receiving a further certificate request from the device by means of the established connection, wherein the further certificate request is designed to request a certificate for a second time period, wherein the coupling unit is designed to break the connection after the certificate is transmitted and the further certificate request is received.

Abstract: Provided is a method for an authorized issuing of an authentication token for a device, including requesting an authentication token for the device by sending a request message and at least one authentication parameter to an authorization apparatus, verifying authenticity of the request message using the authentication parameter, verifying authorization for the request by comparing information on the device obtained with the request message in the authorization apparatus with context information for the device stored in a database, and on success of the verification of the authenticity and of the authorization, authorizing the issuing of the requested authentication token.

Abstract: Systems and methods for characterizing a client apparatus on at least one server apparatus are provided. A first certificate is received in the event of a first request for a connection set-up from a server apparatus in a client apparatus. One or more predefined certificate parameters of the first certificate are stored as a set of characterization parameters in the client apparatus. Each further certificate from a server apparatus is checked that is received in the client apparatus in the event of a request for a further connection set-up, against the stored characterization parameter set. A request for a further connection set-up is accepted only if all of the predefined certificate parameters of the further certificate match all characterization parameters of the characterization parameter set.

Abstract: A data structure is provided for use as a positive list in a device, including an entry for each permitted communication partner of the device having a first identifier that explicitly identifies the communication partner, a value of a predetermined certificate field that identifies a certificate as explicitly associated with the communication partner, and a respective check value from at least one certificate of a communication partner that explicitly identifies the certificate. A method for updating the positive list for certificates from permitted communication partners of a device comprises the method steps of receiving a new certificate from a communication partner in the device, checking whether the positive list has an entry having an identifier of the communication partner and a value of a predetermined certificate field from the new certificate.

Abstract: Provided is a method for an authorized issuing of an authentication token for a device, including requesting an authentication token for the device by sending a request message and at least one authentication parameter to an authorization apparatus, verifying authenticity of the request message using the authentication parameter, verifying authorization for the request by comparing information on the device obtained with the request message in the authorization apparatus with context information for the device stored in a database, and on success of the verification of the authenticity and of the authorization, authorizing the issuing of the requested authentication token.

Abstract: An apparatus for using a certificate on a device is proposed, including a processing unit for generating a certificate request and a transmitter-receiver unit for transmitting the generated certificate request to a first external computing unit, which is configured to generate a certificate for the device and to allow a second external computing unit to re-sign the certificate with an additional manufacturer's signature, and for receiving the re-signed certificate from the external computing unit. The processing unit is further configured to check the manufacturer's signature based on information stored in the device and to use the certificate depending on a result of the check. Furthermore, a system and a corresponding method are proposed.

Abstract: A network device, two interfaces for connecting to an access-protected access point of a data network and to a network component which is to be allowed access to the data network via the access point. The network device is designed to be authenticated at the access point using authentication data when the access point is connected and the network component is connected and to allow the connected network component to access the data network via the access point in the event of a successful authentication at least for network components which satisfy one or more specified criteria.

Abstract: A device for adapting the use of an apparatus is provided. The device has a processing unit for checking if a license for the apparatus exists and for producing a certificate request and a transmitting/receiving unit for transmitting the certificate request to a certification server and for receiving a certificate from the certification server in response to the certificate request. The processing unit is designed to check if information contained in the certificate match the license information and to adapt the use of the apparatus on the basis of the certificate. The invention further relates to a system having such a device and to a corresponding method for adapting the use of an apparatus. By the device, acceptance of a certificate by an apparatus can be restricted such that the newly obtained certificates can be subjected to certain conditions. The conditions can, for example, define the use of the apparatus.

Abstract: A method for securely interchanging configuration data between a first apparatus and a second apparatus, including the steps of producing a digital signature for the configuration data for the first apparatus using a piece of security information from the first apparatus, storing the configuration data, the digital signature and a security token in an external memory apparatus, and loading of the configuration data, the digital signature and the security token from the external memory apparatus into the second apparatus is provided. Furthermore, an arrangement for securely interchanging configuration data including an apparatus, and a first memory apparatus detachably connected to the apparatus is also provided.

Abstract: A computer apparatus for transmitting a certificate to a device in an installation is provided. The computer apparatus has a coupling unit for establishing and breaking a connection between the computer apparatus and the device, a processing unit for transmitting a certificate to the device by means of the established connection, wherein the certificate is valid for a first time period and is issued by a certification authority based on a certificate request, and a receiving unit for receiving a further certificate request from the device by means of the established connection, wherein the further certificate request is designed to request a certificate for a second time period, wherein the coupling unit is designed to break the connection after the certificate is transmitted and the further certificate request is received.

Abstract: A data structure is provided for use as a positive list in a device, including an entry for each permitted communication partner of the device having a first identifier that explicitly identifies the communication partner, a value of a predetermined certificate field that identifies a certificate as explicitly associated with the communication partner, and a respective check value from at least one certificate of a communication partner that explicitly identifies the certificate. A method for updating the positive list for certificates from permitted communication partners of a device comprises the method steps of receiving a new certificate from a communication partner in the device, checking whether the positive list has an entry having an identifier of the communication partner and a value of a predetermined certificate field from the new certificate.

Abstract: Systems and methods for characterizing a client apparatus on at least one server apparatus are provided. A first certificate is received in the event of a first request for a connection set-up from a server apparatus in a client apparatus. One or more predefined certificate parameters of the first certificate are stored as a set of characterization parameters in the client apparatus. Each further certificate from a server apparatus is checked that is received in the client apparatus in the event of a request for a further connection set-up, against the stored characterization parameter set. A request for a further connection set-up is accepted only if all of the predefined certificate parameters of the further certificate match all characterization parameters of the characterization parameter set.

Abstract: In order to grant an access to a computer-based object, a memory card having a program code processor is provided, on which at least one public and private key assigned to the memory card are stored. In addition, an item of license information is provided, which comprises at least one license code encrypted by means of the public key assigned to the memory card, on a computing device which controls the access to the computer-based object.

Abstract: Disclosed is a memory card comprising a program code processor for granting access to a computer-based object, at least one public and private key that is allocated to the memory card as well as a public key of a trustworthy entity being stored on said memory card. Furthermore, a piece of license information comprising at least one license code which is encoded by means of the public key allocated to the memory card is provided on an arithmetic unit that controls access to the computer-based object.