Abstract: Provided is a device for transmitting data between a first and a second network, including: a first one-way communication path solely for transmitting data from the first to the second network, including a first data diode and an encryption device for cryptographically encrypting the data to be transmitted from the first to the second network; and a second one-way communication path solely for transmitting data from the second to the first network, including a second data diode and a decryption device for cryptographically decrypting the data to be transmitted from the second to the first network.

Abstract: A method for examining connection parameters during establishing of a cryptographically protected communication connection between a first communication device and a second communication device, comprising the method steps: transmitting an attestation data structure, which contains at least one connection parameter of the first and/or second communication device as attestation information, from the first and/or second communications devices to the second and/or first communication device, eavesdropping on the attestation data structure by means of a monitoring device arranged within a data transmission path of the communication connection, examining the attestation information in a comparison to a specified guideline, and a corresponding communication system, a communication device, a monitoring device and a computer program product for carrying out the method.

Abstract: Provided is a network cabling apparatus and protective apparatus for the protected transmission of data, comprising two protective devices which are assigned to one another and can each be connected to one end of a data transmission device, each protective device having: a first interface for connection to the data transmission apparatus; a second interface for connection to a device; and a crypto unit which has a cryptographic function that can be configured in an equivalent manner on each of the assigned protective devices and which cryptographically protects the data to be transmitted.

Abstract: Provided is an arrangement for monitoring, a monitoring device and intermediary device and method for monitoring an encrypted connection between a client and an access point in a network, wherein—an Extensible Authentication Protocol is used for access authentication of the client to the network on an authentication server, and—a transport layer security protocol having a key disclosure function is executed within the Extensible Authentication Protocol, in which security information for the cryptographic protection of the connection is provided to an intermediary device and is transmitted from the intermediary device to a monitoring device for monitoring the connection. Also provided is a computer program product of the same.

Abstract: A data processing device, which is adapted to process a first radio signal is provided. Hereby, the data processing device includes a receiver unit, which is adapted to receive the first radio signal, wherein the first radio signal is indicative of a first set of positions of an object within a first time interval. The data processing device further includes a transaction data generation unit, which is adapted to generate first transaction data based on the received first radio signal. The data processing device further includes an output unit, which is adapted to transfer the first transaction data to the distributed database. Further provided is a corresponding method of processing a first radio signal.

Abstract: A method for achieving a security function for a security control device for controlling a device or an installation, including: a) providing at least one first partial secret that is stored in a basic control device, b) providing at least one second partial secret that is stored in a security module, c) combining the at least one first and second partial secret to form an overall secret, required to achieve the security function, within the time period in which the basic control device interacts with the security module via the first and second coupling interfaces, and d) disguising the combined overall secret outside the time period.

Abstract: A method for deterministic auto-configuration of a device upon connection to an apparatus includes as a first step, during a first-time connection of the device to the apparatus, a generation of a device-specific configuration data structure, wherein this configuration data structure identifies the configuration data of the device and/or the apparatus, which configuration data was determined during a first-time connection of the device to the apparatus. The next step is storing of the configuration data structure in the device and/or in the apparatus. During a renewed connection of the device to the apparatus, the first-time configuration data of the device and/or the apparatus is determined by means of the configuration data structure, and the device and/or the apparatus correspondingly furnishes the first-time configuration data. The system is equipped in such a way as to execute the stated method.

Abstract: Provided is a method for achieving a security function for a security control device for controlling a device or an installation, including: a basic control device, and a security module and having the following steps of a) providing at least one first partial secret which is stored in the basic control device, b) providing at least one second partial secret which is stored in the security module, c) combining the at least one first partial secret and the at least one second partial secret in order to achieve the security function, wherein the at least one first partial secret is broken down into sections of a predefinable size and the set of sections is gradually combined with the at least second partial secret by means of a calculation rule, which can be processed within a predefinable period during the execution of the calculation rule according to the size and set.

Abstract: Various embodiments disclosed help to implement integrity verification of sensors and signaling lines of the sensors. According to various embodiments, this is achieved by performing an analysis of a noise signal on the signaling line and transmitting check data indicative of a result of the analysis.

Abstract: An apparatus, a security device, a security system comprising the security device and the apparatus, and a method for generating an apparatus-specific apparatus certificate for the apparatus includes coupling the security device to the apparatus, a one-time useable private signing key being stored in the security device, storing apparatus-specific identification information in the security device, accessing the private signing key in the security device, generating the apparatus-specific apparatus certificate depending on the stored identification information in the security device, the apparatus-specific apparatus certificate being signed using the private signing key, and preventing a further access to the private signing key such that it becomes possible to generate an apparatus-specific apparatus certificate for an apparatus with little complexity, in particular without using a public key infrastructure.

Abstract: Provided is a method for computer-assisted creation of a security-protected digital twin, including the following method steps providing at least one selected subset of data of a primary digital twin; storing transactions, wherein the transactions comprise the selected subset of the data and/or first checksums for the selected subset of the data are calculated and the transactions comprise the first checksum; creating the security-protected digital twin by generating links of a block chain, wherein the links comprise the transactions and the links are joined to one another to form the block chain.

Abstract: A control unit which includes at least one processor designed to carry out the following steps: —tamper-proof detection of operational safety-related integrity monitoring data of a system which is equipped with an operational safety-critical function and which is connected or can be connected to a communications network by radio transmission, the integrity monitoring data describing integrity monitoring of the system and external access to the radio transmission; and —tamper-proof recording and/or storing of the integrity monitoring data in order to evaluate same in the event of a use of the operational safety-related function is provided.

Abstract: Provided is a system for the cryptographically protected monitoring of at least one component of a device or a system, including a component for providing at least one second element of a blockchain, having at least one transaction dataset including a monitored operating state of at least one component of the device or the system; a device for linking the at least one second element to a first element of the same or of a further blockchain; a device for providing a checking function which checks a transaction which is defined by the at least one transaction dataset and which is to be carried out for integrity; and a device for forming a transaction dataset having an action associated with the operating state, depending on the checking result delivered by the checking function, wherein the transaction defined by the transaction dataset can be carried out by a system component.

Abstract: An apparatus for detecting a physical manipulation on a security module that stores security-relevant data includes a sensor device for generating sensor data that describe a physical influence on the security module, and a first and a second monitoring device, wherein the first monitoring device is set up to receive the sensor data from the sensor device and to take the sensor data as a basis for generating first monitoring data, and the second monitoring device is set up to receive the first monitoring data from the first monitoring device and to use the received first monitoring data to detect a manipulation of the security module. Two monitoring devices communicating with one another that in each case can discern a manipulation on the security module are used to ensure a high level of security for the security module.

Abstract: A method for the disclosure of at least one cryptographic key used for encrypting at least one communication connection between a first communication subscriber and a second communication subscriber in which, in a publish-subscriber server, at least one of the communication subscribers logs on as a publishing unit and at least one monitoring device logs on as a subscribing unit, and in a subsequent negotiation of a cryptographic key by the publishing unit, automatically the negotiated cryptographic key is supplied from the publishing unit to the publish-subscribe server, the negotiated cryptographic key is transmitted from the publish-subscribe server to the at least one subscribing unit, and the encrypted communication connection from the subscribing unit is decrypted using the cryptographic key is provided. The following also relates to a corresponding system.

Abstract: Methods and apparatuses for using certificates using a positive list are provided. This involves a message, wherein the message includes a certificate for a device, the certificate has a signature for checking an authenticity of the certificate and a piece of admissibility information for ascertaining an admissibility of the certificate using a positive list, being taken as a basis for carrying out authorization for the device subject to the check and the ascertainment. The disclosed can be used in industrial or medical environments.

Abstract: A method for the cryptographically protected unidirectional data transmission of payload data, wherein one or more data packets includes the payload data are transmitted on an end-to-end data transmission link from a first communication unit in a first network via a one-way communication unit, which is arranged between the first network and a second network, to a second communication unit in the second network, is provided.

Abstract: Provided is a computer-implemented apparatus for processing data, having a digital chip having at least one part that is reconfigurable by a number N of configuration descriptions, with N?1, a determined configuration description from the number N for reconfiguring the reconfigurable part, and a providing unit for providing an identifier specific to the determined configuration description by using a number A of derivation parameters comprising the determined configuration description, with A?1, is proposed, wherein the part reconfigured with the determined configuration description) is set up to perform a cryptographic function on determined data by using the provided specific identifier to generate cryptographically processed data. This allows security-relevant functions to be implemented as configuration descriptions. This has the advantage that the security when processing data in digital chips is increased.

Abstract: Apparatuses for a set of cryptographically protected and filtered and also sorted transaction data records of a link of a blockchain and to a method for forming a set of the sorted transaction data records is provided. One aspect is an apparatus for providing a set of cryptographically protected and filtered transaction data records from a set of integrity-checked and semantically sorted transaction data records of a link of a blockchain, which link is formed in particular using the method of providing at least one such link of a blockchain and coupling to a filtering device that ascertains the set of filtered transaction data records from the set of checked and semantically sorted transaction data records of the blockchain by using a filter criterion, and outputting the ascertained set of filtered transaction data records.

Abstract: A method for computer-aided testing and confirmation of at least one system state of a first system by a confirmation device, is provided. After the testing of a first item of integrity information, which is provided by the first system, the confirmation device provides a second, combined item of integrity information and confirms the same cryptographically. The second item of integrity information includes at least part of the first item of integrity information and can be transmitted to a second system, in order to confirm the integrity of the first system to the latter. A confirmation device, to a first system, to a second system and to a computer program product in order to carry out the steps of the method is also provided.