Abstract: A method and assembly for identifying animals, wherein according to the invention, for the identification of an animal, first a sensor checks whether a body part of the animal to be identified is in a predefined position is provided. With a positive test result, an imaging sensor is prompted to capture an image of the nose of the animal. According to the invention, by means of a pattern recognition method, a texture of the nose is then detected on the captured image and extracted and the animal is assigned a unique identifier based on the extracted nose texture.

Abstract: Forming a set of protected and sorted transaction datasets of a blockchain may include: a) forming a second block chained to the first block; b) defining a search term in the second block; c) selecting a transaction dataset from a set of unsorted transaction datasets, wherein the selected transaction dataset has been checked for integrity; d) assigning the selected transaction dataset to the search term; e) repeating steps b) to d) until a predefined number of transaction datasets to be selected is reached or the set of unsorted transaction datasets is empty; f) semantically sorting the selected and assigned transaction datasets on the basis of a predefined sorting criterion, wherein the assigned search terms are in an order corresponding to the sorting criterion; and g) forming the set of cryptographically protected and semantically sorted transaction datasets using the order.

Abstract: To improve the access control in regard to safety and protection of network operation and network data when controlling accesses to networks based on IT systems including embedded systems or distributed systems, it is proposed that observation and evaluation (detection) of the communication in a network (performance of a network communication protocol collation of the observed protocol with a multiplicity of reference protocols, preferably stored in a list, that are usually used in operation- and/or safety-critical networks) be used to independently identify whether an uncritical or critical network is involved in the course of a network access, in particular the setup of a network connectivity, to at least one from at least one network that is uncritical in regard to operation and/or safety, in particular referred to as a standard network, and at least one network that is critical in regard to operation and/or safety.

Abstract: A method and an apparatus for repercussion-free capture of data from at least one device is provided, which is arranged in a first network having a high security requirement, in a second network having a low security requirement, containing a requesting unit, which is arranged within the first network and is designed to request data from the at least one device in accordance with a request profile, a monitoring unit, which is arranged within the first network and is designed to monitor data that have been sent by the at least one device in response to the request and to transmit said data to an evaluation unit, an evaluation unit, which is arranged in the second network and is designed to compare the monitored data with the data expected on the basis of the request profile, and an alarm unit.

Abstract: Provided is a method for producing a product by a machine tool, wherein the control information and/or production data of a machine tool, such as a milling machine, injection molding machine, welding robot, laser cutter or 3D printer, is protected or cryptographically encrypted such that unauthorized copying or modifying is prevented, including the steps: producing product by the machine tool taking into consideration control information which controls the production of the product; generating production data by the machine tool during production of the product, wherein the production data describes the production of the product; providing protection information to the machine tool, which indicates which of the production data is to be protected, and defines a protection method for the production data which is protected; and protecting that production data which, according to the protection information, is to be protected, by the protection method defined by the protection information.

Abstract: The invention relates to a method for providing a wireless local network, wherein stationary communication devices and mobile communication devices are connected in the manner of a mesh as the sub-network, which is particularly connected to an infrastructure network and configured to exchange authentication messages with at least one communication device, which is particularly disposed in the infrastructure network and provides an authentication function. During an attempt to establish a first link by a first communication device connected to a communication device providing the authentication function to a second communication device connected to the communication device providing the authentication function, an authenticator role to be assigned as part of an authentication process is associated with the first and second communication devices, wherein at least one property correlating with the connection is analyzed for meeting a criterion.

Abstract: Provided is a method for erasing security relevant information in a device, having the method steps of: ascertaining at least one movement parameter of the device over time, monitoring the ascertained movement parameters over time on the basis of at least one prescribed movement pattern, and triggering tin erase process for the security-relevant information if the ascertained movement parameter over time is consistent with the at least one prescribed movement pattern. An apparatus and a computer program product for carrying out the method to ensure that security-relevant data of the device are erased reliably and completely even in the event of an accident or another unforeseen event is also provided.

Abstract: Provided is a method for generating a data stream, the transmitter of which is authenticated. The method includes calculating at least one first item of authentication information, wherein the at least one first item of authentication information is generated from a first item of validation information in each case using a cryptographic one-way function. The method includes storing the at least one first item of authentication information in a first data element of the data stream in each case. The method includes transmitting the particular first data element to at least one receiver. The method includes storing the particular first item of validation information in a second data element of the data stream in each case. The method includes transmitting the particular second data element to the at least one receiver.

Abstract: A method and transmission apparatus for direct and feedback-free transmission of log messages from at least one first network into a second network is provided. Log messages are transmitted individually and directly. The log messages in the first network are monitored by a monitoring device and transmitted into the second network via a one-way data transmission unit. The transmission is thus carried out feedback-free and with integrity protected. Additionally, a log server having a line loop is provided. Local messages are transmitted via the line loop and filtered, monitored by a monitoring device and transmitted directly to a second log server in the second network via the one-way data transmission unit Thus, efficient transmission of log messages into a second network for real-time analysis is achieved.

Abstract: The invention relates to an automation device (41, 81), a system and a method for updating a digital device certificate (55, 86, 96) of an automation device (41, 81) of an automation system, wherein the automation device (41, 81) is authenticated to an authentication partner by means of at least one device certificate (55, 86, 96). The device certificate (55, 86, 96) is connected to device-specific configuration data of the automation device (41, 81). Following a modification of the configuration of the automation device (41, 81), according to the invention an updated device certificate (55, 86, 96) having device-specific configuration data according to the modified configuration of the automation device (41, 81) is determined by the automation device (41, 81) and subsequently used for authentication.

Abstract: A device is provided for detecting time information of different administrative domains. The device includes a plurality of detection units, wherein each detection unit is assigned to one of the administrative domains and is configured to receive time information from a timer of the assigned administrative domains for synchronising with the assigned administrative domains, a storage device having a plurality of storage areas, and a plurality of control units, wherein each control unit is assigned exclusively to one of the detection units and the control units are configured to detect, synchronised with one another, a respective most recent item of the received time information of the respective assigned detection unit and to store the synchronously detected time information of the plurality of detection units together as synchronised data in one of the storage regions.

Abstract: Provided is a computer-implemented method and a transmission apparatus for transmitting data between a first network and a second network having high and low security requirements, wherein a first session is set up between the first and second networks, a first data packet is transmitted from a transmitting unit in the first network via a first one-way communication unit to a receiving unit in the second network, and a second session is set up and a second data packet is transmitted from a transmitting unit in the second network via a second one-way communication unit to a validation unit, the second data packet is validated in the validation unit on a prescribed rule, positive validation of the second data packet results in a third session being set up, and the second data packet is transmitted from the validation unit to a receiving unit in the first network.

Abstract: Provided is a method for proving authenticity of a device with the aid of a proof of authorization of the device, wherein the proof of authorization is provided in a first step and the integrity of identity details of the proof of authorization can be checked on the basis of a digital signature of a proof of authorization issuer, and wherein the proof of authorization has an item of hardware authentication information, and affiliation of the proof of authorization to the device is proved in a second step by means of a hardware secret of the device associated with the hardware authentication information. Two-factor authentication is therefore enabled, which authentication ties authentication of the device, in particular, to the fact that a hardware-specific secret is used for the check.

Abstract: A method by means of which it is possible, for example, to react to a smart contract of a block chain which is incorrectly programmed and to cancel if required, is provided. Furthermore, conventional operating systems and cloud-based operating systems can also be improved to improve the execution of a smart contract/(first) program code. As a result, processes in particular block chain smart contracts, operating system processes, cloud applications, are significantly better carried out and controlled.

Abstract: A method for providing messages which can be authenticated is provided. The method has a step of determining a repeating message content of the messages, a step of calculating sub-authentication codes for the messages using the repeating message content, wherein a first authentication code can be calculated for at least some of the messages from at least one part of the sub-authentication code in order to authenticate the repeating message content, and a step of providing the messages, wherein the messages contain the repeating message content and at least one respective sub-authentication code of the sub-authentication codes.

Abstract: Transaction selection device adapted to select at least one transaction from a plurality of non-confirmed transactions for creating a new blockchain block of a blockchain is provided. The transaction selection device includes a receiving unit, which is adapted to receive the plurality of non-confirmed transactions. The transaction selection device further includes a classification unit, which is adapted to classify the plurality of non-confirmed transactions based on at least one criterion. The transaction selection device further includes a selection unit, which is adapted to select the at least one transaction from the plurality of non-confirmed transactions based on the classification of the classification unit. The selection unit is adapted to provide the at least one non-confirmed transaction for the creation of the new blockchain block of a blockchain.

Abstract: A method as well as a crypto-arrangement and a computer program product for monitoring an integrity of a test dataset, wherein a random sample of a test dataset is checked for integrity is provided. The method for monitoring an integrity of a test dataset includes the following steps: random sample-type selection of the test dataset from a dataset to be transferred via a communications connection; cryptographically protected provision of the selected test dataset to a test unit, wherein a communication via the communications connection is carried out uninfluenced by the selection and preparation; testing of the cryptographically protected test dataset for integrity by the test unit, based on cryptographic calculations and plausibility information.

Abstract: Provided is a computer-implemented apparatus for processing data, having a digital chip having at least one part that is reconfigurable by a number N of configuration descriptions, with N?1, a determined configuration description from the number N for reconfiguring the reconfigurable part, and a providing unit for providing an identifier specific to the determined configuration description by using a number A of derivation parameters comprising the determined configuration description, with A?1, is proposed, wherein the part reconfigured with the determined configuration description) is set up to perform a cryptographic function on determined data by using the provided specific identifier to generate cryptographically processed data. This allows security-relevant functions to be implemented as configuration descriptions. This has the advantage that the security when processing data in digital chips is increased.

Abstract: A retrieval device for secure retrieval of optical information for a first device from a light source of a second device includes, a housing made from at least one material which is opaque for the light emitted from the light source. The housing is arranged to contain the light from at least a part of the light source. The retrieval device includes an attachment adapted to detachably attach the housing to the second device, a light receiver arranged to receive optical information from the light source, said light receiver located inside the housing, and a connector arranged to transfer an optical and/or electrical signal from the light receiver to the first device.

Abstract: Provided is a device, in particular suitable for a runtime environment for a block chain, for operating a cryptographically protected virtual machine, the device including: —at least one first link of a block chain is provided, which link includes at least one transaction data record, which describes at least one first operating state of the virtual machine and has at least one instruction for forming a second link in the block chain, the at least one transaction data record of the second link describing a second operating state of the virtual machine is modified compared to the first operating state, —checking function checks a transaction to be performed is provided and defined by the transaction data record in order to determine whether the second operating state of the virtual machine is admissible, and —carrying out the transaction depending on the checked admissibility is provided.