Patents by Inventor Stefan Seltzsam
Stefan Seltzsam has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11930071Abstract: Provided is a network adapter for unidirectional transmission of a user data stream to a bidirectional network interface, the network adapter including: a first connection unit which is physically connected to a bidirectional network interface of a first device; a second connection unit which is physically connected to a bidirectional network interface of a second device; and a terminating unit which has at least one bit transmission module and which is designed to establish a bidirectional data link to the network interface of the first device, to receive the user data stream from the first device exclusively in a unidirectional fashion via the data link, and not to send a user data stream to the first device.Type: GrantFiled: July 24, 2020Date of Patent: March 12, 2024Assignee: SIEMENS AKTIENGESELLSCHAFTInventors: Rainer Falk, Stefan Seltzsam, Hermann Seuschek, Martin Wimmer
-
Patent number: 11477175Abstract: A method for the cryptographically protected unidirectional data transmission of payload data, wherein one or more data packets includes the payload data are transmitted on an end-to-end data transmission link from a first communication unit in a first network via a one-way communication unit, which is arranged between the first network and a second network, to a second communication unit in the second network, is provided.Type: GrantFiled: July 15, 2020Date of Patent: October 18, 2022Assignee: SIEMENS MOBILITY GMBHInventors: Rainer Falk, Stefan Seltzsam, Hermann Seuschek, Martin Wimmer
-
Publication number: 20220286448Abstract: Digital rights management is extended such that control over the access to data stored in a cloud remains with the originator of the data. The access information is coordinated between a rights application in the cloud and a rights server outside the cloud. A rights policy is used for fine-grained regulation of the access for users (user groups), computers (client, server) and validity periods. The access limits actions that can be performed with the data, such as a server application being provided with access to index said data without being able to access the complete contents of the data in the process. The access extension may be used for any type of distributed data processing in which the data are intended to be protected against unauthorized access operations.Type: ApplicationFiled: March 28, 2022Publication date: September 8, 2022Inventors: Monika Maidl, Stefan Seltzsam
-
Publication number: 20220279038Abstract: Provided is a network adapter for unidirectional transmission of a user data stream to a bidirectional network interface, the network adapter including: a first connection unit which is physically connected to a bidirectional network interface of a first device; a second connection unit which is physically connected to a bidirectional network interface of a second device; and a terminating unit which has at least one bit transmission module and which is designed to establish a bidirectional data link to the network interface of the first device, to receive the user data stream from the first device exclusively in a unidirectional fashion via the data link, and not to send a user data stream to the first device.Type: ApplicationFiled: July 24, 2020Publication date: September 1, 2022Inventors: Rainer Falk, Stefan Seltzsam, Hermann Seuschek, Martin Wimmer
-
Patent number: 11290446Abstract: Digital rights management is extended such that control over the access to data stored in a cloud remains with the originator of the data. The access information is coordinated between a rights application in the cloud and a rights server outside the cloud. A rights policy is used for fine-grained regulation of the access for users (user groups), computers (client, server) and validity periods. The access limits actions that can be performed with the data, such as a server application being provided with access to index said data without being able to access the complete contents of the data in the process. The access extension may be used for any type of distributed data processing in which the data are intended to be protected against unauthorized access operations.Type: GrantFiled: May 26, 2020Date of Patent: March 29, 2022Assignee: ServiceNow, Inc.Inventors: Monika Maidl, Stefan Seltzsam
-
Patent number: 11032250Abstract: Provided is a network cabling apparatus and protective apparatus for the protected transmission of data, comprising two protective devices which are assigned to one another and can each be connected to one end of a data transmission device, each protective device having: a first interface for connection to the data transmission apparatus; a second interface for connection to a device; and a crypto unit which has a cryptographic function that can be configured in an equivalent manner on each of the assigned protective devices and which cryptographically protects the data to be transmitted.Type: GrantFiled: November 9, 2017Date of Patent: June 8, 2021Inventors: Rainer Falk, Steffen Fries, Stefan Seltzsam
-
Publication number: 20210021578Abstract: A method for the cryptographically protected unidirectional data transmission of payload data, wherein one or more data packets includes the payload data are transmitted on an end-to-end data transmission link from a first communication unit in a first network via a one-way communication unit, which is arranged between the first network and a second network, to a second communication unit in the second network, is provided.Type: ApplicationFiled: July 15, 2020Publication date: January 21, 2021Inventors: Rainer Falk, Stefan Seltzsam, Hermann Seuschek, Martin Wimmer
-
Publication number: 20200358759Abstract: Digital rights management is extended such that control over the access to data stored in a cloud remains with the originator of the data. The access information is coordinated between a rights application in the cloud and a rights server outside the cloud. A rights policy is used for fine-grained regulation of the access for users (user groups), computers (client, server) and validity periods. The access limits actions that can be performed with the data, such as a server application being provided with access to index said data without being able to access the complete contents of the data in the process. The access extension may be used for any type of distributed data processing in which the data are intended to be protected against unauthorized access operations.Type: ApplicationFiled: May 26, 2020Publication date: November 12, 2020Inventors: Monika Maidl, Stefan Seltzsam
-
Patent number: 10666647Abstract: Digital rights management is extended such that control over the access to data stored in a cloud remains with the originator of the data. The access information is coordinated between a rights application in the cloud and a rights server outside the cloud. A rights policy is used for fine-grained regulation of the access for users (user groups), computers (client, server) and validity periods. The access limits actions that can be performed with the data, such as a server application being provided with access to index said data without being able to access the complete contents of the data in the process. The access extension may be used for any type of distributed data processing in which the data are intended to be protected against unauthorized access operations.Type: GrantFiled: April 29, 2019Date of Patent: May 26, 2020Assignee: ServiceNow, Inc.Inventors: Monika Maidl, Stefan Seltzsam
-
Patent number: 10461941Abstract: A data structure is provided for use as a positive list in a device, including an entry for each permitted communication partner of the device having a first identifier that explicitly identifies the communication partner, a value of a predetermined certificate field that identifies a certificate as explicitly associated with the communication partner, and a respective check value from at least one certificate of a communication partner that explicitly identifies the certificate. A method for updating the positive list for certificates from permitted communication partners of a device comprises the method steps of receiving a new certificate from a communication partner in the device, checking whether the positive list has an entry having an identifier of the communication partner and a value of a predetermined certificate field from the new certificate.Type: GrantFiled: March 13, 2017Date of Patent: October 29, 2019Assignee: Siemens AktiengesellschaftInventors: Hendrik Brockhaus, Rainer Falk, Stefan Seltzsam
-
Publication number: 20190319947Abstract: Digital rights management is extended such that control over the access to data stored in a cloud remains with the originator of the data. The access information is coordinated between a rights application in the cloud and a rights server outside the cloud. A rights policy is used for fine-grained regulation of the access for users (user groups), computers (client, server) and validity periods. The access limits actions that can be performed with the data, such as a server application being provided with access to index said data without being able to access the complete contents of the data in the process. The access extension may be used for any type of distributed data processing in which the data are intended to be protected against unauthorized access operations.Type: ApplicationFiled: April 29, 2019Publication date: October 17, 2019Inventors: Monika Maidl, Stefan Seltzsam
-
Patent number: 10320777Abstract: It is proposed that known digital rights management (EDRM: Enterprise Digital Rights Management) be extended such that control over the access to data stored in a cloud remains with the user or originator of the data. This requires the access information to be coordinated between a rights application in the cloud and a rights server in the region of the user (that is to say outside the cloud). A rights policy can be used for fine-grained regulation of the access for users (user groups), computers (client, server) and validity periods. In this context, the access comprises a wide variety of actions which can be performed with the data. In particular, it is advantageous that a server application is provided with (temporally limited) access to a portion of the data in order to index said data, for example, without the server being able to access the complete contents of the data in the process.Type: GrantFiled: May 9, 2012Date of Patent: June 11, 2019Assignee: Siemens AktiengesellschaftInventors: Monika Maidl, Stefan Seltzsam
-
Publication number: 20180145952Abstract: Provided is a network cabling apparatus and protective apparatus for the protected transmission of data, comprising two protective devices which are assigned to one another and can each be connected to one end of a data transmission device, each protective device having: a first interface for connection to the data transmission apparatus; a second interface for connection to a device; and a crypto unit which has a cryptographic function that can be configured in an equivalent manner on each of the assigned protective devices and which cryptographically protects the data to be transmitted.Type: ApplicationFiled: November 9, 2017Publication date: May 24, 2018Inventors: RAINER FALK, STEFFEN FRIES, STEFAN SELTZSAM
-
Publication number: 20170288880Abstract: A data structure is provided for use as a positive list in a device, including an entry for each permitted communication partner of the device having a first identifier that explicitly identifies the communication partner, a value of a predetermined certificate field that identifies a certificate as explicitly associated with the communication partner, and a respective check value from at least one certificate of a communication partner that explicitly identifies the certificate. A method for updating the positive list for certificates from permitted communication partners of a device comprises the method steps of receiving a new certificate from a communication partner in the device, checking whether the positive list has an entry having an identifier of the communication partner and a value of a predetermined certificate field from the new certificate.Type: ApplicationFiled: March 13, 2017Publication date: October 5, 2017Inventors: HENDRIK BROCKHAUS, RAINER FALK, STEFAN SELTZSAM
-
Patent number: 9215070Abstract: A method is provided for cryptographic protection of an application associated with an application owner and executed in an external data processing center having a security module that stores private cryptographic material of the application owner. A first secure channel between the security module and application owner and a second secure channel between the application owner and the application are used for transmitting a cryptographic key. The cryptographic key is automatically made available to the secure module and the application via the secure channels, without the data processing center service operator being able to access said key. The application can authenticate itself using the key so that the cryptographic material can be transmitted to the application via a channel protected by the cryptographic key. The application data can be encrypted using the cryptographic material such that the application data cannot be accessed by the data processing center service operator.Type: GrantFiled: June 22, 2011Date of Patent: December 15, 2015Assignee: SIEMENS AKTIENGESELLSCHAFTInventors: Monika Maidl, Stefan Seltzsam
-
Publication number: 20140208409Abstract: It is proposed that known digital rights management (EDRM: Enterprise Digital Rights Management) be extended such that control over the access to data stored in a cloud remains with the user or originator of the data. This requires the access information to be coordinated between a rights application in the cloud and a rights server in the region of the user (that is to say outside the cloud). A rights policy can be used for fine-grained regulation of the access for users (user groups), computers (client, server) and validity periods. In this context, the access comprises a wide variety of actions which can be performed with the data. In particular, it is advantageous that a server application is provided with (temporally limited) access to a portion of the data in order to index said data, for example, without the server being able to access the complete contents of the data in the process.Type: ApplicationFiled: May 9, 2012Publication date: July 24, 2014Inventors: Monika Maidl, Stefan Seltzsam
-
Publication number: 20130124860Abstract: A method is provided for cryptographic protection of an application associated with an application owner and executed in an external data processing center having a security module that stores private cryptographic material of the application owner. A first secure channel between the security module and application owner and a second secure channel between the application owner and the application are used for transmitting a cryptographic key. The cryptographic key is automatically made available to the secure module and the application via the secure channels, without the data processing center service operator being able to access said key. The application can authenticate itself using the key so that the cryptographic material can be transmitted to the application via a channel protected by the cryptographic key. The application data can be encrypted using the cryptographic material such that the application data cannot be accessed by the data processing center service operator.Type: ApplicationFiled: June 22, 2011Publication date: May 16, 2013Inventors: Monika Maidl, Stefan Seltzsam
-
Publication number: 20130014286Abstract: A method and a system make EDRM-protected data objects available to users. Access rights to an EDRM-protected data object are produced depending on partial access rights to at least one or more data objects, which data objects are contained in the respective EDRM-protected data object. The access rights to the EDRM-protected data object are calculated by a client computer of the user using an access right differentiation function depending on the partial access rights which are made available by different EDRM servers. A data object key of the EDRM-protected data object is calculated by the client computer of the user using a key differentiation function depending on partial keys which are made available by the different EDRM servers.Type: ApplicationFiled: December 15, 2010Publication date: January 10, 2013Applicant: SIEMENS AKTIENGESELLSCHAFTInventors: Rainer Falk, Steffen Fries, Stefan Seltzsam
-
Publication number: 20120324239Abstract: Virtual machines are used in the utilization of distributed computer infrastructures to be able to distribute the workload to individual computers in as flexible a manner as possible. For this purpose, it is necessary to restrict the use of the virtual machine in a robust manner by regulatory or administrative defaults. A method protects a virtual machine during the migration, storage or operation thereof by way of digital rights management and encryption. For this purpose, the hypervisor or the virtual machine monitor as well as the virtual machine are expanded by corresponding functionalities.Type: ApplicationFiled: November 24, 2010Publication date: December 20, 2012Applicant: Siemens AktiengesellschaftInventors: Rainer Falk, Steffen Fries, Stefan Seltzsam
-
Publication number: 20120233712Abstract: A method and device for accessing control data SD according to provided permission information RI, wherein a virtual engine VM is generated according to the provided permission information RI that serves to access the control data SD. As a result, a user can access control data SD solely via the virtual engine VM, thus ensuring that the user does not receive any access permission to the control data SD that are not described in the permission information RI.Type: ApplicationFiled: October 14, 2010Publication date: September 13, 2012Applicant: Siemens AktiengesellschaftInventors: Rainer Falk, Stefan Seltzsam