Abstract: Provided is a method for sending digital data over a number of channels wherein a sender performs the following steps: encoding source data having a first number of source symbols, the encoding being such that an error correction code is generated from the source data, the error correction code comprising a second number of repair symbols higher than the first number as well as identifiers where each identifier is assigned to a corresponding repair symbol, the error correction code adding redundancy to the source data; encrypting each repair symbol by an encryption process which is based on a shared secret between the sender and a receiver, where the encryption process for a respective repair symbol depends on the identifier assigned to the respective repair symbol; feeding pairs of the encrypted repair symbols and the assigned identifiers to the number of channels which are connected to the receiver.

Abstract: A computer-implemented method for error-correction-encoding and encrypting of a file is provided. The file is split into at least two blocks. The first block is encrypted using a given encryption key. The encrypted first block is encoded twice using a first and second forward error correction code of the first block. Each subsequent block is encrypted by performing an algebraic operation. The encrypted block is encoded twice using a first and second forward error correction code for this block, wherein a cryptographic indexing function provides a set of indices used by the second forward error correction code to produce the second encoded chunk. The first encoded chunks of each encrypted block are outputted. The computer-implemented method enables secure transmission of a file content between low power devices.

Abstract: A computing device is proposed for detecting attacks on a technical system based on events of an event sequence is provided. The computing device has a receiving unit for receiving the event sequence which includes a plurality of events, wherein an attack is determined by a specific sequence in the events in the received event sequence, and a checking unit for checking the received event sequence based on a main event which is contained in the specific sequence in events, wherein the checking unit is additionally designed to carry out a pattern recognition in the received event sequence based on the specific sequence in events if the main event has occurred. As the checking unit merely checks the received event sequence for the occurrence of a main event, and the more exact pattern recognition is only carried out after the main event occurs, the necessary computing expense can be reduced.

Abstract: A method of operating a server system is provided. The method includes providing an updated authentication tree data structure based on a pruning authentication tree data structure, wherein the pruning authentication tree data structure includes a first set of N data blocks and a first root hash value, the data blocks of the first set being associated to the first root hash value via an associating authentication path. The updated authentication tree data structure includes a second set of data blocks determined based on pruning M data blocks from the first set, the updated authentication tree data structure including a pruning hash value determined based on the pruned data blocks, and including a second root hash value determined based on the second set, each of the data blocks of the second set being associated to the second root hash value via an associating authentication path.

Abstract: Provided is a method for sending digital data over a number of channels wherein a sender performs the following steps: encoding source data having a first number of source symbols, the encoding being such that an error correction code is generated from the source data, the error correction code comprising a second number of repair symbols higher than the first number as well as identifiers where each identifier is assigned to a corresponding repair symbol, the error correction code adding redundancy to the source data; encrypting each repair symbol by an encryption process which is based on a shared secret between the sender and a receiver, where the encryption process for a respective repair symbol depends on the identifier assigned to the respective repair symbol; feeding pairs of the encrypted repair symbols and the assigned identifiers to the number of channels which are connected to the receiver.

Abstract: Provided is a workflow system for managing a workflow including a plurality of places; a token, the token representing a deliverable; a transition between places, the transition consuming a predetermined token from a first place and creating a predetermined token in a second place.

Abstract: A computer-implemented method for error-correction-encoding and encrypting of a file is provided. The file is split into at least two blocks. The first block is encrypted using a given encryption key. The encrypted first block is encoded twice using a first and second forward error correction code of the first block. Each subsequent block is encrypted by performing an algebraic operation. The encrypted block is encoded twice using a first and second forward error correction code for this block, wherein a cryptographic indexing function provides a set of indices used by the second forward error correction code to produce the second encoded chunk. The first encoded chunks of each encrypted block are outputted. The computer-implemented method enables secure transmission of a file content between low power devices.

Abstract: Provided is a bilateral transfer comprising the provision of a performance and a counter-performance, the provision of the performance necessitating the transport of a performance object by means of a distribution network, wherein a change frame indicates the range in which the performance and/or the counter-performance can be modified. Also provided is a method for controlling the transfer which includes steps of recording the performance, the counter-performance, and the change frame; transporting the performance object by means of the distribution network in dependence on an operational state of the distribution network; and determining the counter-performance based on the performance provided within the change frame.

Abstract: A system for obtaining and analyzing forensic data in a distributed computer infrastructure. The system includes a plurality of computing devices and at least one monitoring unit, which are connected to each other via a communication network. Every computing device is configured to detect security events and send same to the monitoring unit. The monitoring unit is configured to evaluate the received security events and assign same to a danger category, wherein if there is a lack of information for assigning a danger category, the computing device is configured in such a manner as to receive instructions for gathering additional forensic data and to send the additional data via an analysis unit to the monitoring unit. The monitoring unit is configured in such a manner as to transmit instructions to the computing device for gathering additional data and to use same for re-evaluation and assigning of a danger category.

Abstract: A device for verifying a content of an analog document is provided. The device includes a scanning unit being configured to generate a scan information by scanning the analog document and to store the scan information in a storing element being provided on the analog document, and a verification unit being configured to verify the content of the analog document using the stored scan information. Further, a corresponding method for verifying a content of an analog document is provided. Using the provided device for verifying the content of an analog document, it can be ensured that the content of the analog document is not changed by an attacker. If the content is changed, the verification would fail.

Abstract: A method for identifying manipulation of data records in a system including a computation apparatus and an external security apparatus, wherein the data records are stored in the computation apparatus, having the method steps of: allocation of a secret to a computation apparatus, generation of a first cryptographic key by a one-way function on the basis of the secret, storage of the secret on a security apparatus that is different from the computation apparatus, use of the first cryptographic key for the purpose of protecting a first data record, and generation of a respective next cryptographic key by the same one-way function on the basis of the respectively preceding cryptographic key for the purpose of protecting a next data record on the computation apparatus and simultaneous erasure or overwriting of the respectively preceding cryptographic key.

Abstract: A system for obtaining and analyzing forensic data in a distributed computer infrastructure. The system includes a plurality of computing devices and at least one monitoring unit, which are connected to each other via a communication network. Every computing device is configured to detect security events and send same to the monitoring unit. The monitoring unit is configured to evaluate the received security events and assign same to a danger category, wherein if there is a lack of information for assigning a danger category, the computing device is configured in such a manner as to receive instructions for gathering additional forensic data and to send the additional data via an analysis unit to the monitoring unit. The monitoring unit is configured in such a manner as to transmit instructions to the computing device for gathering additional data and to use same for re-evaluation and assigning of a danger category.

Abstract: A computing device is proposed for detecting attacks on a technical system based on events of an event sequence is provided. The computing device has a receiving unit for receiving the event sequence which includes a plurality of events, wherein an attack is determined by a specific sequence in the events in the received event sequence, and a checking unit for checking the received event sequence based on a main event which is contained in the specific sequence in events, wherein the checking unit is additionally designed to carry out a pattern recognition in the received event sequence based on the specific sequence in events if the main event has occurred. As the checking unit merely checks the received event sequence for the occurrence of a main event, and the more exact pattern recognition is only carried out after the main event occurs, the necessary computing expense can be reduced.

Abstract: A very efficient authentication and authorization check in n:m relationships is possible with a method for checking the entitlement of a user of a telecommunication terminal (1) to a service, whereby an access device (4) on a telecommunication network (3) obtains at least one certificate and a proof of identity (10) from the telecommunication terminal (1), whereupon NMT (5) together with a certification device (7) carries out a check of whether the certificate giving the identity is valid and has a positive status and whether particular authorization may be obtained from complementary certificates. Should the above be the case, a secret (for example a session key) is transmitted (15) to the access device (4) which is also sent (15, 16) to the telecommunication terminal (1, 2), encoded with at least the public key. The access device (4) is then activated with a policy corresponding to the rights of the telecommunication user.

Abstract: A protocol with constant-time complexity solves the problem of private identification of tags in low-cost, large-scale radio frequency identification (RFID) systems—assuming that an adversary has complete control over the communication channel. Each RFID tag has an internal counter, c, and is preloaded with a unique pseudonym, ?, and a secret key, k. A RFID reader attempting to identify and authenticate a tag within its range generates and transmits a random nonce to the RFID tag, which returns a first hash of its current pseudonym and counter, and a second hash that is a function of the secret key. The reader uses the returned data to identify the RFID tag and its secret key by reference to a database and returns other hash values that authenticate the reader to the RFID tag. The most expensive operation that RFID tags are required to perform is a hash function.

Abstract: A method and a device for operating a technical installation using data from a third party are provided, the data being protected against unauthorized use. A first and a second rights object are used for protecting the data, the first rights object specifying an authorized use of the data with a variable not defined in respect of its value and the second rights object defining a value for the variable.

Abstract: In the method and the arrangement for checking the authenticity of a first communication subscriber in a communications network, a first information item is formed in the first communication subscriber using a fault detection data item of the first communication subscriber and an information item relating to a random data item. In a second communication subscriber in the communications network, a second fault information item is formed using a fault detection data item of the second communication subscriber and the information relating to the random data item. The authenticity of the first communication subscriber is checked using the first fault information and the second fault information.

Abstract: A protocol with constant-time complexity solves the problem of private identification of tags in low-cost, large-scale radio frequency identification (RFID) systems—assuming that an adversary has complete control over the communication channel. Each RFID tag has an internal counter, c, and is preloaded with a unique pseudonym, ?, and a secret key, k. A RFID reader attempting to identify and authenticate a tag within its range generates and transmits a random nonce to the RFID tag, which returns a first hash of its current pseudonym and counter, and a second hash that is a function of the secret key. The reader uses the returned data to identify the RFID tag and its secret key by reference to a database and returns other hash values that authenticate the reader to the RFID tag. The most expensive operation that RFID tags are required to perform is a hash function.

Abstract: A method for processing rights granted to an operator of a device or a group of devices using a rights object, wherein the method comprises at least the steps of receiving a rights object from the computer of a third party, generating at least one derived rights object based on the rights object received from the computer of the third party, and forwarding the at least one derived rights object to the device or individual devices from the group of devices. A system is provided which operates in accordance with the method. An apparatus that performs the method is also provided.

Abstract: Based on security parameters previously agreed upon by first and second communication devices, a first security value is determined by the second communication device and transmitted to the first communication device. The first communication device determines second and third security values based on the security parameters and the first security value and transmits the second and third security values to the second communication device. The second communication device determines a fourth security value based on the security parameters and, if the second security value matches the fourth security value, authenticates the first communication device. Upon successful authentication of the first communication device, a shared key is determined by both communication devices based on the third security value and the security parameters.