Abstract: Various embodiments include a method for controlling interaction between a first physical entity and a second physical entity. An example includes: receiving an interaction request from the second physical entity at the first physical entity; in response to the interaction request, transmitting a verification request to a first virtual entity representing the first physical entity; in response to the verification request, determining a measure of a trustworthiness of the second physical entity; and controlling interaction of the second physical entity with the first physical entity on the basis of the measure of the trustworthiness of the second physical entity.

Abstract: Various embodiments of the teachings herein include a method for assigning a digital model to a physical component of an automation system. An example method includes: consulting a physical component with a piece of link information referring to a digital model of the physical component in a digital twin of the physical component; and using the link information to determine the digital model to which the link information refers and assign said digital model to the physical component.

Abstract: Provided is a device unit, including a module, which can configure the device unit with an operating state from among different operating states during the start-up process and/or during ongoing operation of the device unit, wherein a first protected operating state of the different operating states is designed to allow the execution of at least one operating process which can be predefined and to optionally protect the operating process by means of defined cryptographic means, wherein at least one second operating state of the different operating states is designed to deactivate the first protected operating state and to allow at least one other changeable operating process and to optionally protect the operating process by means of specifiable cryptographic means.

Abstract: Provided is a method for transmitting data packets over a network from a sender to a receiver via a communication link consisting of at least one transmission section, via which the data packet is transmitted from a sender node to a receiver node, the method having the following steps for at least one transmission section: first security information, which includes information about a cryptographic protective function used in the transmission of the data packet via an adjacent transmission section, is assigned to the data packet by the sender node, the data packet having the assigned security information is transmitted to the receiver node of the transmission section, the security information is checked in the receiver node against a preset guideline, and at least one measure is provided in accordance with the result of the check.

Abstract: Keystream generators for secure data transmission, the keystream generators being operated in counter mode, against repeated or improper generation of an already generated keystream and to protect the data transmission against repeated use of a keystream, so-called reuse are provided. The keystream generator is operated, with respect to realization options, selectively in one of two operating modes, an encryption operating mode and a decryption operating mode. In the encryption operating mode, a keystream generated on the basis of a first control data set is used to encrypt data, in particular payload data, to form cipher-data, the product of ciphered data or payload data. In the decryption operating mode, a keystream generated on the basis of a second control data set is used to decrypt the cipher-data. The keystream is output only if the generation of the keystream from the encryption of a counter value of the keystream generator operated in counter mode with a block cipher key is error-free.

Abstract: Provided is a method for producing a product by a machine tool, wherein the control information and/or production data of a machine tool, such as a milling machine, injection molding machine, welding robot, laser cutter or 3D printer, is protected or cryptographically encrypted such that unauthorized copying or modifying is prevented, including the steps: producing product by the machine tool taking into consideration control information which controls the production of the product; generating production data by the machine tool during production of the product, wherein the production data describes the production of the product; providing protection information to the machine tool, which indicates which of the production data is to be protected, and defines a protection method for the production data which is protected; and protecting that production data which, according to the protection information, is to be protected, by the protection method defined by the protection information.

Abstract: Keystream generators for secure data transmission, the keystream generators being operated in counter mode, against repeated or improper generation of an already generated keystream and to protect the data transmission against repeated use of a keystream, so-called reuse are provided. The keystream generator is operated, with respect to realization options, selectively in one of two operating modes, an encryption operating mode and a decryption operating mode. In the encryption operating mode, a keystream generated on the basis of a first control data set used to encrypt data, in particular payload data, to form cipher-data, the product of ciphered data or payload data. In the decryption operating mode, a keystream generated on the basis of a second control data set is used to decrypt the cipher-data. The keystream output only if the generation of the keystream from the encryption of a counter value of the keystream generator operated in counter mode with a block cipher key is error-free.

Abstract: The invention relates to a communication network having at least one network element (NE), via which data associated with the communication are conducted.

Abstract: Provided is a method for transmitting data packets over a network from a sender to a receiver via a communication link consisting of at least one transmission section, via which the data packet is transmitted from a sender node to a receiver node, the method having the following steps for at least one transmission section: first security information, which includes information about a cryptographic protective function used in the transmission of the data packet via an adjacent transmission section, is assigned to the data packet by the sender node, the data packet having the assigned security information is transmitted to the receiver node of the transmission section, the security information is checked in the receiver node against a preset guideline, and at least one measure is provided in accordance with the result of the check.

Abstract: The proposal relates to a method for transmitting data in a network (NW) comprising a plurality M of communication apparatuses, with M?2, wherein the plurality M comprises a first communication apparatus (20) and a second communication apparatus (30), which are connected via a network connection section (NVA) for the purpose of transmitting data, having the steps of: a) ascertaining a time-of-flight property of data transmitted between the first communication apparatus (20) and the second communication apparatus (30) via the network connection section (NVA) by means of the first communication apparatus (20) and the second communication apparatus (30) in each case, b) deriving a secret by means of the first communication apparatus (20) and the second communication apparatus (30) in each case, by using the respective ascertained time-of-flight property, and c) transmitting a message protected by means of the derived secret between the first and second communication apparatuses (20, 30).

Abstract: The invention relates to a communication network having at least one network element (NE), via which data associated with the communication are conducted.

Abstract: A method for achieving a security function for a security control device for controlling a device or an installation, including: a) providing at least one first partial secret that is stored in a basic control device, b) providing at least one second partial secret that is stored in a security module, c) combining the at least one first and second partial secret to form an overall secret, required to achieve the security function, within the time period in which the basic control device interacts with the security module via the first and second coupling interfaces, and d) disguising the combined overall secret outside the time period.

Abstract: Provided is a method for achieving a security function for a security control device for controlling a device or an installation, including: a basic control device, and a security module and having the following steps of a) providing at least one first partial secret which is stored in the basic control device, b) providing at least one second partial secret which is stored in the security module, c) combining the at least one first partial secret and the at least one second partial secret in order to achieve the security function, wherein the at least one first partial secret is broken down into sections of a predefinable size and the set of sections is gradually combined with the at least second partial secret by means of a calculation rule, which can be processed within a predefinable period during the execution of the calculation rule according to the size and set.

Abstract: In a method for protecting security-relevant data in a cache memory, a copy of this security-relevant data from a general memory is stored in the cache memory, and the method includes stipulating obfuscation parameters, determining a first cache set address from a memory address of the general memory at which the security-relevant data are stored, generating a first modified cache set address for a first cache set with a generation function using the obfuscation parameters and the first cache set address, and storing the copy of the security-relevant data using the first modified cache set address in a first cache line of the first cache set.

Abstract: A method to an associated computer program product, to a production unit, and to an arrangement for examining a consistency between reference data of a production object and data of a digital twin of the production object, wherein two separate communication channels are used.

Abstract: A method and a device, by which a customer/buyer of an additively manufactured workpiece can verify whether the quality of the printed workpiece matches the specifications prescribed by the manufacturer is provided. The manufacturer can in this case control and/or monitor in particular a number of authorized workpieces. In addition, in the event of damage, it can be proved whether a workpiece authorized by the manufacturer has been used.

Abstract: A method and device are provided for use in a network including at least one existing device. At least one virtual sub-network is established within the network and a certain trust level is assigned to the at least one virtual sub-network. The device is assigned a first trust level. The device receives a token correlated with the assigned first trust level. The device is permitted into the at least one virtual subnet upon presentation of that token if the first trust level corresponds or includes the certain trust level.

Abstract: Provided is a method and an arrangement for enabling a processing step for an object that is to be processed, wherein an availability result, which indicates an availability of the processing step, is determined for the processing step on the basis of rules.

Abstract: Provided is a method for producing a product by a machine tool, wherein the control information and/or production data of a machine tool, such as a milling machine, injection molding machine, welding robot, laser cutter or 3D printer, is protected or cryptographically encrypted such that unauthorized copying or modifying is prevented, including the steps: producing product by the machine tool taking into consideration control information which controls the production of the product; generating production data by the machine tool during production of the product, wherein the production data describes the production of the product; providing protection information to the machine tool, which indicates which of the production data is to be protected, and defines a protection method for the production data which is protected; and protecting that production data which, according to the protection information, is to be protected, by the protection method defined by the protection information.

Abstract: A retrieval device for secure retrieval of optical information for a first device from a light source of a second device includes, a housing made from at least one material which is opaque for the light emitted from the light source. The housing is arranged to contain the light from at least a part of the light source. The retrieval device includes an attachment adapted to detachably attach the housing to the second device, a light receiver arranged to receive optical information from the light source, said light receiver located inside the housing, and a connector arranged to transfer an optical and/or electrical signal from the light receiver to the first device.