Patents by Inventor Rainer Falk

Rainer Falk has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20210321256
    Abstract: The invention relates to a computer-implemented method for connecting a network component to a network, in particular a mobile communications network, with an extended network access identifier. The method involves a receiving of the extended network access identifier from the network component via a network access server, wherein the extended network access identifier comprises at least one network access restriction for connecting the network component to the network. The method also involves a receiving of a requested user access profile from a user profile server via the network access server, wherein the user access profile comprises access authorisations for connecting the network component to the network. The network component is authenticated in the network via the network access server, if the received extended network access identifier fulfills thre access authorisations of the received user access profile.
    Type: Application
    Filed: August 2, 2019
    Publication date: October 14, 2021
    Inventor: Rainer Falk
  • Publication number: 20210314775
    Abstract: Provided is a method for setting up access authorization for a subscriber apparatus to access a subnetwork of a mobile radio network, wherein the subnetwork is administrated by a mobile radio administration apparatus and the access authorization for the subscriber apparatus to access the subnetwork is checked by an access apparatus of the mobile radio network, wherein—access authorization to access the subnetwork is requested for the subscriber apparatus from the mobile radio administration apparatus by a local administration apparatus,—a subnetwork authorization token is assigned to the subscriber apparatus by the mobile radio administration apparatus and transmitted to the subscriber apparatus, wherein the subscriber apparatus is authorized to access the subnetwork only if the subnetwork authorization token is transmitted from the subscriber apparatus to the subnetwork during an access request and is confirmed as valid.
    Type: Application
    Filed: June 5, 2019
    Publication date: October 7, 2021
    Inventors: Rainer Falk, Steffen Fries, Joachim Walewski
  • Patent number: 11134072
    Abstract: Provided is a method for checking a safety rating of a first device with the aid of an associated digital certificate, including the steps: sending the digital certificate having an identifier of a safety rating from the first device to a second device, checking the identifier of the safety rating with respect to a predefined safety rule by means of the second device, executing safety measures in accordance with the result of checking the safety rules.
    Type: Grant
    Filed: December 22, 2016
    Date of Patent: September 28, 2021
    Inventors: Rainer Falk, Steffen Fries
  • Publication number: 20210297415
    Abstract: Provided a method for setting up an authorization verification for a first device, for example a field device in an automation system, wherein the first device is configured by configuration data transmitted to the first device from a configuration module that is detachably connected to the first device and, for example, is implemented in the form of an SD card or a USB stick, having: detection of a connection of a configuration module to the first device, reading configuration module-specific device information from the configuration module, requesting configuration module-specific authorization verification for the configuration model-specific device information from the first device in an authorization device, and storing the requested configuration module-specific authorization verification on a security storage unit of the first device.
    Type: Application
    Filed: July 9, 2019
    Publication date: September 23, 2021
    Inventor: Rainer Falk
  • Patent number: 11128551
    Abstract: A method and transmission apparatus for direct and feedback-free transmission of log messages from at least one first network into a second network is provided. Log messages are transmitted individually and directly. The log messages in the first network are monitored by a monitoring device and transmitted into the second network via a one-way data transmission unit. The transmission is thus carried out feedback-free and with integrity protected. Additionally, a log server having a line loop is provided. Local messages are transmitted via the line loop and filtered, monitored by a monitoring device and transmitted directly to a second log server in the second network via the one-way data transmission unit Thus, efficient transmission of log messages into a second network for real-time analysis is achieved.
    Type: Grant
    Filed: September 25, 2018
    Date of Patent: September 21, 2021
    Inventors: Rainer Falk, Matthias Seifert, Martin Wimmer
  • Publication number: 20210286906
    Abstract: Provided is a memory device for transmitting data between at least two computer devices, which are assigned to different network zones, which memory device contains at least one memory unit for storing data, at least two interfaces which lead towards the exterior and to which a respective one of the external computer devices can be connected for reading and/or writing data, and at least one control unit which is designed in such a way as to establish access rights to the data of the memory unit as a function of at least two of interfaces which lead towards the exterior. Thus, for example a data transmission can be established exclusively from a first computer device to a second computer device.
    Type: Application
    Filed: June 27, 2017
    Publication date: September 16, 2021
    Inventors: Steffen Fries, Martin Wimmer, Rainer Falk
  • Patent number: 11106828
    Abstract: Provided is a method and apparatus for providing a cryptographic security function for the operation of a device, and to an associated computer program (product). The method for providing a cryptographic security function for the operation of a device carries out the following steps: receiving a request to provide such a security function, providing an interface to a point providing such a security function, said point being called a trust anchor, wherein said interface determines context information in accordance with the application initialing the request, providing the requested security function for the application initiating the request, wherein the determined context information influences the provision of said security function.
    Type: Grant
    Filed: March 7, 2017
    Date of Patent: August 31, 2021
    Inventors: Rainer Falk, Dominik Merli, Stefan Pyka
  • Patent number: 11095444
    Abstract: Automatically and dynamically ascertaining by means of autoconfiguration whether used or activated and usable cipher suites and/or key lengths are sufficiently strong for current cryptographic protection of the control communication and/or other service access by virtue of 1) “cipher-suite”-based/-specific information available in the network/system being called up to ascertain reference cipher suites and/or 2) block chain information available in the network/system, containing data records referred to as “proof of work” for solving complex computation tasks, being called up or ascertained, with the ascertainment of block chain difficulty parameters as key length estimation parameters to ascertain appropriate reference key lengths, in particular reference minimum key lengths required for cryptoalgorithms, and 3) the ascertained reference cipher suites and/or the reference key lengths ascertained by the key length estimation parameters being compared with the used or activated and usable cipher suites and/or k
    Type: Grant
    Filed: January 11, 2018
    Date of Patent: August 17, 2021
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventor: Rainer Falk
  • Publication number: 20210226776
    Abstract: Signal, data transmission, and/or encryption units generating a cryptographic code using a cryptographic key before writing to a pseudorandom noise buffer memory. The PRN code generator comprises a first processor generating a PRN code from initial data using a cryptographic key. A second processor generates sections of the PRN code for integrity check purposes through computation using the same cryptographic key and initial data. Within the PRN code generator and before temporary storage of the PRN code in the buffer memory, there is a comparison device for comparing at least one duplicated section of the PRN code sequence cryptographically generated by the first processor with the section computed by the second processor. A blocking, stop and/or alarm function is activated in the comparison device and triggered on the basis of a predefined degree of matching between the section obtained through duplication and the computed section.
    Type: Application
    Filed: January 14, 2021
    Publication date: July 22, 2021
    Applicant: Siemens Aktiengesellschaft
    Inventor: Rainer Falk
  • Publication number: 20210224377
    Abstract: The following relates to a hardware security module for usage with manufacturing devices and a method for operating the same is provided. The security module includes: a secure element, which is adapted to detect an operating mode of the hardware security module; a first interface which is adapted to receive commands for controlling the hardware security module; a central processing unit for processing application program code in a secure environment; a second interface which is adapted for receiving configuration data, wherein the second interface is activated and deactivated in dependence of the detected operating mode.
    Type: Application
    Filed: November 14, 2018
    Publication date: July 22, 2021
    Inventors: Hans Aschauer, Rainer Falk, Christian Peter Feist, Daniel Schneider
  • Patent number: 11063957
    Abstract: Provided is a method for decoupled transmission of data between networks having different security requirements, in which, in a first network having high security requirements, first data from a first application are transmitted in a communication exclusively between components within the first network via multiple communication links, data being captured in the first network by at least one monitoring device per communication link in a decoupled manner and being transmitted to a second network having lower security requirements. Also, a corresponding arrangement is also provided.
    Type: Grant
    Filed: June 27, 2016
    Date of Patent: July 13, 2021
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventors: Uwe Blöcher, Rainer Falk, Jens Reinert, Martin Wimmer
  • Publication number: 20210192083
    Abstract: A method for providing restricted access to hardware component interfaces of a network device by one or more software components of the network device, wherein an access to a hardware component interface requested by a software component is permitted by a mandatory access control, MAC, mechanism implemented as part of the network device's operating system on the basis of a MAC security policy including access rights defined as access relations between software component security labels assigned to software component types and hardware component interface security labels assigned to hardware component interface types.
    Type: Application
    Filed: October 18, 2018
    Publication date: June 24, 2021
    Inventors: Rainer Falk, Christian Peter Feist, Johannes Zwanzger
  • Publication number: 20210176051
    Abstract: A method for examining connection parameters during establishing of a cryptographically protected communication connection between a first communication device and a second communication device, comprising the method steps: transmitting an attestation data structure, which contains at least one connection parameter of the first and/or second communication device as attestation information, from the first and/or second communications devices to the second and/or first communication device, eavesdropping on the attestation data structure by means of a monitoring device arranged within a data transmission path of the communication connection, examining the attestation information in a comparison to a specified guideline, and a corresponding communication system, a communication device, a monitoring device and a computer program product for carrying out the method.
    Type: Application
    Filed: June 7, 2018
    Publication date: June 10, 2021
    Inventors: Rainer Falk, Steffen Fries
  • Publication number: 20210176223
    Abstract: Provided is a device for transmitting data between a first and a second network, including: a first one-way communication path solely for transmitting data from the first to the second network, including a first data diode and an encryption device for cryptographically encrypting the data to be transmitted from the first to the second network; and a second one-way communication path solely for transmitting data from the second to the first network, including a second data diode and a decryption device for cryptographically decrypting the data to be transmitted from the second to the first network.
    Type: Application
    Filed: November 15, 2018
    Publication date: June 10, 2021
    Inventor: Rainer Falk
  • Patent number: 11032250
    Abstract: Provided is a network cabling apparatus and protective apparatus for the protected transmission of data, comprising two protective devices which are assigned to one another and can each be connected to one end of a data transmission device, each protective device having: a first interface for connection to the data transmission apparatus; a second interface for connection to a device; and a crypto unit which has a cryptographic function that can be configured in an equivalent manner on each of the assigned protective devices and which cryptographically protects the data to be transmitted.
    Type: Grant
    Filed: November 9, 2017
    Date of Patent: June 8, 2021
    Inventors: Rainer Falk, Steffen Fries, Stefan Seltzsam
  • Publication number: 20210168174
    Abstract: Provided is an arrangement for monitoring, a monitoring device and intermediary device and method for monitoring an encrypted connection between a client and an access point in a network, wherein—an Extensible Authentication Protocol is used for access authentication of the client to the network on an authentication server, and—a transport layer security protocol having a key disclosure function is executed within the Extensible Authentication Protocol, in which security information for the cryptographic protection of the connection is provided to an intermediary device and is transmitted from the intermediary device to a monitoring device for monitoring the connection. Also provided is a computer program product of the same.
    Type: Application
    Filed: April 8, 2019
    Publication date: June 3, 2021
    Inventors: Rainer Falk, Steffen Fries
  • Publication number: 20210160059
    Abstract: A data processing device, which is adapted to process a first radio signal is provided. Hereby, the data processing device includes a receiver unit, which is adapted to receive the first radio signal, wherein the first radio signal is indicative of a first set of positions of an object within a first time interval. The data processing device further includes a transaction data generation unit, which is adapted to generate first transaction data based on the received first radio signal. The data processing device further includes an output unit, which is adapted to transfer the first transaction data to the distributed database. Further provided is a corresponding method of processing a first radio signal.
    Type: Application
    Filed: April 12, 2019
    Publication date: May 27, 2021
    Inventor: Rainer Falk
  • Patent number: 11018846
    Abstract: A method for achieving a security function for a security control device for controlling a device or an installation, including: a) providing at least one first partial secret that is stored in a basic control device, b) providing at least one second partial secret that is stored in a security module, c) combining the at least one first and second partial secret to form an overall secret, required to achieve the security function, within the time period in which the basic control device interacts with the security module via the first and second coupling interfaces, and d) disguising the combined overall secret outside the time period.
    Type: Grant
    Filed: August 1, 2018
    Date of Patent: May 25, 2021
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventors: Hans Aschauer, Rainer Falk, Kai Fischer, Steffen Fries, Markus Heintel, Wolfgang Klasen, Axel Pfau
  • Patent number: 11005709
    Abstract: A method for deterministic auto-configuration of a device upon connection to an apparatus includes as a first step, during a first-time connection of the device to the apparatus, a generation of a device-specific configuration data structure, wherein this configuration data structure identifies the configuration data of the device and/or the apparatus, which configuration data was determined during a first-time connection of the device to the apparatus. The next step is storing of the configuration data structure in the device and/or in the apparatus. During a renewed connection of the device to the apparatus, the first-time configuration data of the device and/or the apparatus is determined by means of the configuration data structure, and the device and/or the apparatus correspondingly furnishes the first-time configuration data. The system is equipped in such a way as to execute the stated method.
    Type: Grant
    Filed: April 1, 2015
    Date of Patent: May 11, 2021
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventors: Rainer Falk, Steffen Fries
  • Patent number: 11003763
    Abstract: Provided is a method for achieving a security function for a security control device for controlling a device or an installation, including: a basic control device, and a security module and having the following steps of a) providing at least one first partial secret which is stored in the basic control device, b) providing at least one second partial secret which is stored in the security module, c) combining the at least one first partial secret and the at least one second partial secret in order to achieve the security function, wherein the at least one first partial secret is broken down into sections of a predefinable size and the set of sections is gradually combined with the at least second partial secret by means of a calculation rule, which can be processed within a predefinable period during the execution of the calculation rule according to the size and set.
    Type: Grant
    Filed: July 31, 2018
    Date of Patent: May 11, 2021
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventors: Hans Aschauer, Rainer Falk, Kai Fischer, Steffen Fries, Markus Heintel, Wolfgang Klasen, Axel Pfau