Abstract: A method for evaluating data is based on a computational model, the computational model comprising model data, a training function and a prediction function. The method includes training the computational model by: receiving training data and training result data for training the computational model, and computing the model data from the training data and the training result data with the training function. The method includes predicting result data by: receiving field data for predicting result data; and computing the result data from the field data and the model data with the prediction function. The training data may be plaintext and the training result data may be encrypted with a homomorphic encryption algorithm, wherein the model data may be computed in encrypted form from the training data and the encrypted training result data with the training function.

Abstract: A for ensuring grid stability by using a distributed ledger, the method comprising the steps: measuring metrics from a plurality of distributed energy resource, DER, wherein said metrics are related to grid stability; storing (a) said metrics/measurements in the distributed ledger; transferring said metrics from the distributed ledger into a smart contract (2); computing any deviations between said metrics and predetermined values stored in advance in the smart contract (2) by executing the smart contract; transferring and storing results from the computing step in the distributed ledger; and transferring said results from the distributed ledger to the respective DER of the plurality of DERs, wherein said DER receives positive or negative values which regulates the amount of contribution to the grid.

Abstract: The present invention provides an approach for granting access and respectively denying access to an instruction set of a device. The technical teaching provides the advantage that unauthorized access can be effectively prevented. Hence, maintenance work can be performed by specialized staff and security sensitive parts of the instruction sets are secured.

Abstract: The application relates to a method for computing a probabilistic encryption scheme for encrypting a data item in an electronic device including: computing a plurality of random bit strings in a computation cluster; sending the computed plurality of random strings to the electronic device; generating a random string (rE) for using in the encryption scheme in the electronic device using a subset of the plurality of the random strings computed in the computation cluster and encrypting the data item using the random string computed in the electronic device. The present application also relates to a corresponding system and corresponding computer program product including one or more computer readable media having computer executable instructions for performing the steps of the method.

Abstract: The present invention discloses a method for computing a secret value including a first secret using a function including an operation, comprising: computing, by a host, a first encrypted value of the first secret with a first key; sending, by the host, the first encrypted value to a value holder and the first key to a key holder, wherein the value holder and the key holder are independently trusted by the host; computing, by the value holder, a computed encrypted value from the first encrypted value using the function; and computing, by the key holder, a computed key from the first key using the function.

Abstract: The present invention generally relates to a context-aware security self-assessment method or module that determines the context in which the device is used and based on this, assesses the devices security settings. The context may refer to the system environment, the applications the device is used for, and/or the current life-cycle stage of the device, without being limited to said contexts. The method of the present invention preferably prioritizes and rates the security relevant findings and presents them in combination with mitigation options through a web interface, a configuration tool, or through notifications in the control system.

Abstract: An industrial automation and control system is provided with a control unit and at least one electronic device. The system establishes a first data connection to an external maintenance unit. The control unit is connected to the electronic device. The electronic device establishes a second data connection to the external maintenance unit and receives or retrieves a proximity information from the external maintenance unit through the second data connection. The electronic device sends the proximity information to the control unit. The control unit grants access to the electronic device by the external maintenance unit through the first data connection to perform maintenance of the electronic device if the proximity information indicates that the external maintenance unit is within a predetermined range from the electronic device.

Abstract: A method of automatically generating secure code includes: receiving source code and security constraints for the source code, the security constraints encoding, to what extend a variable in the source code is considered secure; and generating secure code from the source code and the security constraints by replacing non-secure operations in the source code, which operate on the variables considered as secure, with secure operations; wherein a secure operation is an operation, which, when applied to at least one encrypted variable, generates an encrypted result, which, when decrypted, is the result of the non-secure operation applied to the not encrypted variable.

Abstract: A method for offering data with objects to be performed on the basis of the data, providing solutions to the problems and verifying the provided solutions. The method including the steps of providing a digital platform; uploading the data with the object as challenge to the platform; uploading a smart contract relating to the challenge to the platform; transferring the challenge from the platform to at least one solution provider; uploading a signed hash of the solution provider's solution of the challenge to the platform; uploading the solution provider's solution of the challenge to the platform; and evaluating at the platform the uploaded solution based on predefined conditions.

Abstract: The invention relates to a method for storing data blocks from client devices to a cloud storage system, the method includes the steps of: d) storing an encrypted first data block and a challenge of the first data block of a first client device on the cloud storage system, e) determining if a hash of a second data block of a second client device stored on the cloud storage system equals the hash of the first data block, f) if yes, transmitting the challenge of the first data block from the cloud storage system to the second client device, g) extracting, at the second client device, the bits at the positions or at the range contained in the challenge, hashing the extracted bits, encrypting the hashed bits with a public key of the first client device or of the second client device and uploading the encrypted bits from the second client device to the cloud storage system, and h) storing the encrypted bits from the second client device on the cloud storage system.

Abstract: The application relates to a method for aggregation of a performance indicator of a device including: concatenating a respective first data item to a plurality of second data items in the device; encrypting the plurality of concatenated second data items relevant for computing the performance indicator using a first encryption key in the device, wherein the first encryption key is based on an additive homomorphic encryption scheme; sending the encrypted concatenated second data items to a computation cluster; computing the performance indicator on the computation cluster using the encrypted concatenated second data items and computing an aggregate value regarding the performance indicator by summing up the encrypted concatenated second data items; sending the aggregate value to a server of a service provider of the device; decrypting the aggregate value using a second encryption key on the server of the service provider; and verifying the decrypted result by checking whether the decrypted sum computed by summ

Abstract: The invention relates to a method for storing data blocks from client devices to a cloud storage system, the method includes the steps of: d) storing an encrypted first data block and a challenge of the first data block of a first client device on the cloud storage system, e) determining if a hash of a second data block of a second client device stored on the cloud storage system equals the hash of the first data block, f) if yes, transmitting the challenge of the first data block from the cloud storage system to the second client device, g) extracting, at the second client device, the bits at the positions or at the range contained in the challenge, hashing the extracted bits, encrypting the hashed bits with a public key of the first client device or of the second client device and uploading the encrypted bits from the second client device to the cloud storage system, and h) storing the encrypted bits from the second client device on the cloud storage system.

Abstract: The present invention generally relates to a context-aware security self-assessment method or module that determines the context in which the device is used and based on this, assesses the devices security settings. The context may refer to the system environment, the applications the device is used for, and/or the current life-cycle stage of the device, without being limited to said contexts. The method of the present invention preferably prioritizes and rates the security relevant findings and presents them in combination with mitigation options through a web interface, a configuration tool, or through notifications in the control system.

Abstract: A programmable logic controller for an industrial control system is disclosed which includes an application logic execution layer and at least one of an update checking layer and an output checking layer. The application logic layer is configured for processing sensor input data to generate an output parameter for an actuator. The output checking layer is configured for outputting only an allowed output parameter to the actuator. The update checking layer is configured for verifying whether application logic update defined by application logic update data corresponds to an application logic update in a list of allowed logic updates, and the application logic is updated only if the update data is allowed application logic update data.

Abstract: The invention relates to a method for aggregation of a performance indicator of a device comprising the steps of: concatenating a respective first data item to a plurality of second data items in the device; encrypting the plurality of concatenated second data items relevant for computing the performance indicator using a first encryption key in the device, wherein the first encryption key is based on an additive homomorphic encryption scheme; sending the encrypted concatenated second data items to a computation cluster; computing the performance indicator on the computation cluster using the encrypted concatenated second data items and computing an aggregate value regarding the performance indicator by summing up the encrypted concatenated second data items; sending the aggregate value to a server of a service provider of the device; decrypting the aggregate value using a second encryption key on the server of the service provider; and verifying the decrypted result by checking whether the decrypted sum comp

Abstract: The application relates to a method for computing a probabilistic encryption scheme for encrypting a data item in an electronic device including: computing a plurality of random bit strings in a computation cluster; sending the computed plurality of random strings to the electronic device; generating a random string (rE) for using in the encryption scheme in the electronic device using a subset of the plurality of the random strings computed in the computation cluster and encrypting the data item using the random string computed in the electronic device. The present application also relates to a corresponding system and corresponding computer program product including one or more computer readable media having computer executable instructions for performing the steps of the method.

Abstract: A method and system for automatic signalling an alert when a possible intrusion occurs in an industrial automation and control system, based on security events which occur in the industrial automation and control system or are externally fed into the system. The method includes the steps of: (a) determining a correlation of a first and second security event and storing the correlation in an event database, wherein the correlation includes a probability that the first security event is followed by the second security event within a normalized time period, (b) identifying a candidate event as the first security event, based on event information of the candidate event, upon occurrence of the candidate event, (c) classifying the candidate event as anomalous when the probability exceeds a predetermined threshold and no second security event follows the candidate event within the normalized time period, and (d) signalling the alert indicating the candidate event.

Abstract: A method of automatically generating secure code includes: receiving source code and security constraints for the source code, the security constraints encoding, to what extend a variable in the source code is considered secure; and generating secure code from the source code and the security constraints by replacing non-secure operations in the source code, which operate on the variables considered as secure, with secure operations; wherein a secure operation is an operation, which, when applied to at least one encrypted variable, generates an encrypted result, which, when decrypted, is the result of the non-secure operation applied to the not encrypted variable.

Abstract: A method for evaluating data is based on a computational model, the computational model comprising model data, a training function and a prediction function. The method includes training the computational model by: receiving training data and training result data for training the computational model, and computing the model data from the training data and the training result data with the training function. The method includes predicting result data by: receiving field data for predicting result data; and computing the result data from the field data and the model data with the prediction function. The training data may be plaintext and the training result data may be encrypted with a homomorphic encryption algorithm, wherein the model data may be computed in encrypted form from the training data and the encrypted training result data with the training function.

Abstract: The present invention discloses a method for computing a secret value including a first secret using a function including an operation, comprising: computing, by a host, a first encrypted value of the first secret with a first key; sending, by the host, the first encrypted value to a value holder and the first key to a key holder, wherein the value holder and the key holder are independently trusted by the host; computing, by the value holder, a computed encrypted value from the first encrypted value using the function; and computing, by the key holder, a computed key from the first key using the function.