Abstract: A method for managing access to a device, which has a first and a second input interface, each for inputting a character string, including the steps of: generating a password having a prescribed minimum number of characters and having a measure of complexity; generating a subpassword on the basis of the generated password and a prescribed mapping specification, wherein the subpassword has a lower measure of complexity than the password; and enabling access to the device if a character string input via the first input interface corresponds to the password or a character string input via the second input interface corresponds to the subpassword. The method and a corresponding access system for a device permit simple handling of the password management by the respective user is also provided.

Abstract: Provided is a method for the cryptographically protected provision of a digital certificate for a device, including the following steps: generating a one-time security ID according to a provided secret and at least one item of device-specific information; in a configuration device, transmitting the one-time security ID to the device; and in the device, generating an item of security information according to the one-time security ID; requesting a certificate by a request message, which contains an item of device-specific information and which is cryptographically protected by the security information, from an issuing authority; and at the issuing authority, checking the security information by the device-specific ID and the secret provided to the issuing authority; and transmitting a certificate to the device in the event of a positive check result.

Abstract: Various embodiments include a method for providing a proof of origin for a digital key pair comprising: generating the digital key pair at an origin specified by a device, wherein the origin comprises a security module of the device, wherein the digital key pair includes a private key stored in the security module protected against access; and providing the proof of origin confirming generation of the digital key pair at the origin, wherein the proof of origin is protected by a secret key provided by the device, wherein the secret key is stored in the security module; and issuing the public key of the digital key pair together with the proof of origin.

Abstract: A network device, including two interfaces for connecting to an access-protected access point of a data network and to a network component which is to be allowed access to the data network via the access point is provided. The network device is designed to be authenticated at the access point using authentication data when the access point is connected and the network component is connected and to allow the connected network component to access the data network via the access point in the event of a successful authentication at least for network components which satisfy one or more specified criteria.

Abstract: A computing device is proposed for detecting attacks on a technical system based on events of an event sequence is provided. The computing device has a receiving unit for receiving the event sequence which includes a plurality of events, wherein an attack is determined by a specific sequence in the events in the received event sequence, and a checking unit for checking the received event sequence based on a main event which is contained in the specific sequence in events, wherein the checking unit is additionally designed to carry out a pattern recognition in the received event sequence based on the specific sequence in events if the main event has occurred. As the checking unit merely checks the received event sequence for the occurrence of a main event, and the more exact pattern recognition is only carried out after the main event occurs, the necessary computing expense can be reduced.

Abstract: A device for adapting the use of an apparatus is provided. The device has a processing unit for checking if a license for the apparatus exists and for producing a certificate request and a transmitting/receiving unit for transmitting the certificate request to a certification server and for receiving a certificate from the certification server in response to the certificate request. The processing unit is designed to check if information contained in the certificate match the license information and to adapt the use of the apparatus on the basis of the certificate. The invention further relates to a system having such a device and to a corresponding method for adapting the use of an apparatus. By the device, acceptance of a certificate by an apparatus can be restricted such that the newly obtained certificates can be subjected to certain conditions. The conditions can, for example, define the use of the apparatus.

Abstract: Provided is a method for the secure replacement of a first manufacturer certificate already incorporated into a device with a second manufacturer certificate, having the steps: —identifying at least one specific device-related parameter that uniquely identifies the device and that is contained in the first manufacturer certificate and uniquely identifies the device from a trusted device database, —generating a second manufacturer certificate containing at least the specific device-related parameter of the first certificate; and —incorporating the first manufacturer certificate into the device through the second manufacturer certificate, as well as a system designed to perform the method.

Abstract: A method for managing access to a device, which has a first and a second input interface, each for inputting a character string, including the steps of: generating a password having a prescribed minimum number of characters and having a measure of complexity; generating a subpassword on the basis of the generated password and a prescribed mapping specification, wherein the subpassword has a lower measure of complexity than the password; and enabling access to the device if a character string input via the first input interface corresponds to the password or a character string input via the second input interface corresponds to the subpassword. The method and a corresponding access system for a device permit simple handling of the password management by the respective user is also provided.

Abstract: An apparatus for using a certificate on a device is proposed, including a processing unit for generating a certificate request and a transmitter-receiver unit for transmitting the generated certificate request to a first external computing unit, which is configured to generate a certificate for the device and to allow a second external computing unit to re-sign the certificate with an additional manufacturer's signature, and for receiving the re-signed certificate from the external computing unit. The processing unit is further configured to check the manufacturer's signature based on information stored in the device and to use the certificate depending on a result of the check. Furthermore, a system and a corresponding method are proposed.

Abstract: A computer apparatus for transmitting a certificate to a device in an installation is provided. The computer apparatus has a coupling unit for establishing and breaking a connection between the computer apparatus and the device, a processing unit for transmitting a certificate to the device by means of the established connection, wherein the certificate is valid for a first time period and is issued by a certification authority based on a certificate request, and a receiving unit for receiving a further certificate request from the device by means of the established connection, wherein the further certificate request is designed to request a certificate for a second time period, wherein the coupling unit is designed to break the connection after the certificate is transmitted and the further certificate request is received.

Abstract: Provided is a method for generating a device-specific identifier in a device which contains at least one programmable circuit component and the circuit of which consists of individual components that are configured by loading a bitstream, having the following method steps: displaying the reference identifier as a bit sequence and assigning each bit of the reference identifier to a respective different component of the circuit component; generating a reference bitstream for a reference circuit of the circuit component, the bitstream containing at least the specified component of the reference identifier; and entering the device specific identifier as a binary sequence by overwriting the bits of the corresponding components of the reference identifier directly in the reference bitstream.

Abstract: Systems and methods for characterizing a client apparatus on at least one server apparatus are provided. A first certificate is received in the event of a first request for a connection set-up from a server apparatus in a client apparatus. One or more predefined certificate parameters of the first certificate are stored as a set of characterization parameters in the client apparatus. Each further certificate from a server apparatus is checked that is received in the client apparatus in the event of a request for a further connection set-up, against the stored characterization parameter set. A request for a further connection set-up is accepted only if all of the predefined certificate parameters of the further certificate match all characterization parameters of the characterization parameter set.

Abstract: A method for providing recorded anonymized routes, each of which indicates a spatial movement of an object from a first end point to a second end point via successive path points and which are recorded by means of a position indication for the path points and anonymized by removing object-identifying data. The method has the following steps: dividing a geographical region in which a route is contained into at least one sub-region; removing all position indications of a route within end sub-regions of the route, i.e. within the sub-regions in which at least one end point of the route is contained; and outputting the remaining position indications of the route for further analysis and/or control. The disclosed also relates to a device and a computer program product which are designed to carry out the method.

Abstract: A system for obtaining and analyzing forensic data in a distributed computer infrastructure. The system includes a plurality of computing devices and at least one monitoring unit, which are connected to each other via a communication network. Every computing device is configured to detect security events and send same to the monitoring unit. The monitoring unit is configured to evaluate the received security events and assign same to a danger category, wherein if there is a lack of information for assigning a danger category, the computing device is configured in such a manner as to receive instructions for gathering additional forensic data and to send the additional data via an analysis unit to the monitoring unit. The monitoring unit is configured in such a manner as to transmit instructions to the computing device for gathering additional data and to use same for re-evaluation and assigning of a danger category.

Abstract: A method for providing recorded anonymized routes, wherein a route is a spatial movement of an object from a starting point to a destination point via successive waypoints, which movement is recorded by means of a position indication for each waypoint and is anonymized by removing object-identifying data, having the steps of: capturing more than one route, wherein each captured route has at least one waypoint or at least one overlapping partial route of adjacent waypoints in common with at least one other captured route, segmenting each route into at least two partial routes comprising at least one overlapping partial route or a common waypoint, storing each individual partial route of each captured route in a single data record for each partial route, and outputting the captured routes only in the form of the partial-route-specific data records. In addition, an apparatus which carries out the method.

Abstract: A device for monitoring a component has at least one processor core and a further processor core. The device further includes a determining unit configured to determine a profile of the processor core, the profile being influenced by an input signal applied to the processor core, and to determine a further profile of the further processor core, the further profile being influenced by a further input signal applied to the further processor core. The device further includes a comparison unit configured to compare the profile and the further profile and to generate a fault signal, if a comparison result of a comparison carried out by the comparison unit indicates defective similarity of the profile to the further profile.

Abstract: An apparatus for using a certificate on a device is proposed, including a processing unit for generating a certificate request and a transmitter-receiver unit for transmitting the generated certificate request to a first external computing unit, which is configured to generate a certificate for the device and to allow a second external computing unit to re-sign the certificate with an additional manufacturer's signature, and for receiving the re-signed certificate from the external computing unit. The processing unit is further configured to check the manufacturer's signature based on information stored in the device and to use the certificate depending on a result of the check. Furthermore, a system and a corresponding method are proposed.

Abstract: Provided is a method for generating a device-specific identifier in a device which contains at least one programmable circuit component and the circuit of which consists of individual components that are configured by loading a bitstream, having the following method steps: displaying the reference identifier as a bit sequence and assigning each bit of the reference identifier to a respective different component of the circuit component; generating a reference bitstream for a reference circuit of the circuit component, the bitstream containing at least the specified component of the reference identifier, and entering the device specific identifier as a binary sequence by overwriting the bits of the corresponding components of the reference identifier directly in the reference bitstream.

Abstract: A method and an apparatus for authenticating a service user for a service that is to be provided. The method has the following steps: a) provision of an anonymous and self-signed certificate, produced by a service use means of the service user, for set-up of a connection, protected by the use of a security protocol, for data transmission between the service use device which is for example, a mobile device or a PC, via his anonymous, self-signed certificate and a service provision device, for example, a server, at the application level using the group signature, and b) verification of the provided anonymous and self-signed certificate by means of a group signature, assigned to a group, for detecting the authorization of the service user to use the service, in order to establish whether the service user providing the certificate through his service use device is a member of the group.

Abstract: A network device, two interfaces for connecting to an access-protected access point of a data network and to a network component which is to be allowed access to the data network via the access point. The network device is designed to be authenticated at the access point using authentication data when the access point is connected and the network component is connected and to allow the connected network component to access the data network via the access point in the event of a successful authentication at least for network components which satisfy one or more specified criteria.