Abstract: A computer-implemented method is for dynamic data minimization of a data set for transfer of the minimized data set from a central instance to outside of the central instance, the data set including a second set of individual attributes. The method includes provisioning a whitelist including a first set of attributes being a subset of a second set of attributes. The minimized data set includes the first set of attributes. The method further includes determining an attribute list including a third set of attributes, the third set of attributes including at least the complement of the first set of attributes in relation to the second set of attributes. The method also includes provisioning the attribute list by the central instance for use outside of the central instance.

Abstract: Provided is a method for checking a safety rating of a first device with the aid of an associated digital certificate, including the steps: sending the digital certificate having an identifier of a safety rating from the first device to a second device, checking the identifier of the safety rating with respect to a predefined safety rule by means of the second device, executing safety measures in accordance with the result of checking the safety rules.

Abstract: Provided is a memory device for transmitting data between at least two computer devices, which are assigned to different network zones, which memory device contains at least one memory unit for storing data, at least two interfaces which lead towards the exterior and to which a respective one of the external computer devices can be connected for reading and/or writing data, and at least one control unit which is designed in such a way as to establish access rights to the data of the memory unit as a function of at least two of interfaces which lead towards the exterior. Thus, for example a data transmission can be established exclusively from a first computer device to a second computer device.

Abstract: Provided is a method for the validation of a digital certificate by a validation apparatus that checks the certificate of a communication partner on behalf of a first device, including the method steps of: the first device (requesting validation of the certificate of the communication partner at a first validation apparatus, the first validation apparatus querying validation information at a status collection apparatus, checking, in the first validation apparatus, whether validation information has been received from the status collection apparatus, and transmitting the validation information from the first validation apparatus to the first device, wherein, only in the event of a negative inspection result, the validation information of the certificate is determined in the first validation apparatus.

Abstract: A method for examining connection parameters during establishing of a cryptographically protected communication connection between a first communication device and a second communication device, comprising the method steps: transmitting an attestation data structure, which contains at least one connection parameter of the first and/or second communication device as attestation information, from the first and/or second communications devices to the second and/or first communication device, eavesdropping on the attestation data structure by means of a monitoring device arranged within a data transmission path of the communication connection, examining the attestation information in a comparison to a specified guideline, and a corresponding communication system, a communication device, a monitoring device and a computer program product for carrying out the method.

Abstract: Provided is a network cabling apparatus and protective apparatus for the protected transmission of data, comprising two protective devices which are assigned to one another and can each be connected to one end of a data transmission device, each protective device having: a first interface for connection to the data transmission apparatus; a second interface for connection to a device; and a crypto unit which has a cryptographic function that can be configured in an equivalent manner on each of the assigned protective devices and which cryptographically protects the data to be transmitted.

Abstract: Provided is an arrangement for monitoring, a monitoring device and intermediary device and method for monitoring an encrypted connection between a client and an access point in a network, wherein—an Extensible Authentication Protocol is used for access authentication of the client to the network on an authentication server, and—a transport layer security protocol having a key disclosure function is executed within the Extensible Authentication Protocol, in which security information for the cryptographic protection of the connection is provided to an intermediary device and is transmitted from the intermediary device to a monitoring device for monitoring the connection. Also provided is a computer program product of the same.

Abstract: A method for achieving a security function for a security control device for controlling a device or an installation, including: a) providing at least one first partial secret that is stored in a basic control device, b) providing at least one second partial secret that is stored in a security module, c) combining the at least one first and second partial secret to form an overall secret, required to achieve the security function, within the time period in which the basic control device interacts with the security module via the first and second coupling interfaces, and d) disguising the combined overall secret outside the time period.

Abstract: A method for deterministic auto-configuration of a device upon connection to an apparatus includes as a first step, during a first-time connection of the device to the apparatus, a generation of a device-specific configuration data structure, wherein this configuration data structure identifies the configuration data of the device and/or the apparatus, which configuration data was determined during a first-time connection of the device to the apparatus. The next step is storing of the configuration data structure in the device and/or in the apparatus. During a renewed connection of the device to the apparatus, the first-time configuration data of the device and/or the apparatus is determined by means of the configuration data structure, and the device and/or the apparatus correspondingly furnishes the first-time configuration data. The system is equipped in such a way as to execute the stated method.

Abstract: Provided is a method for achieving a security function for a security control device for controlling a device or an installation, including: a basic control device, and a security module and having the following steps of a) providing at least one first partial secret which is stored in the basic control device, b) providing at least one second partial secret which is stored in the security module, c) combining the at least one first partial secret and the at least one second partial secret in order to achieve the security function, wherein the at least one first partial secret is broken down into sections of a predefinable size and the set of sections is gradually combined with the at least second partial secret by means of a calculation rule, which can be processed within a predefinable period during the execution of the calculation rule according to the size and set.

Abstract: A method for the disclosure of at least one cryptographic key used for encrypting at least one communication connection between a first communication subscriber and a second communication subscriber in which, in a publish-subscriber server, at least one of the communication subscribers logs on as a publishing unit and at least one monitoring device logs on as a subscribing unit, and in a subsequent negotiation of a cryptographic key by the publishing unit, automatically the negotiated cryptographic key is supplied from the publishing unit to the publish-subscribe server, the negotiated cryptographic key is transmitted from the publish-subscribe server to the at least one subscribing unit, and the encrypted communication connection from the subscribing unit is decrypted using the cryptographic key is provided. The following also relates to a corresponding system.

Abstract: Methods and apparatuses for using certificates using a positive list are provided. This involves a message, wherein the message includes a certificate for a device, the certificate has a signature for checking an authenticity of the certificate and a piece of admissibility information for ascertaining an admissibility of the certificate using a positive list, being taken as a basis for carrying out authorization for the device subject to the check and the ascertainment. The disclosed can be used in industrial or medical environments.

Abstract: Provided is a method for producing a product by a machine tool, wherein the control information and/or production data of a machine tool, such as a milling machine, injection molding machine, welding robot, laser cutter or 3D printer, is protected or cryptographically encrypted such that unauthorized copying or modifying is prevented, including the steps: producing product by the machine tool taking into consideration control information which controls the production of the product; generating production data by the machine tool during production of the product, wherein the production data describes the production of the product; providing protection information to the machine tool, which indicates which of the production data is to be protected, and defines a protection method for the production data which is protected; and protecting that production data which, according to the protection information, is to be protected, by the protection method defined by the protection information.

Abstract: The invention relates to an automation device (41, 81), a system and a method for updating a digital device certificate (55, 86, 96) of an automation device (41, 81) of an automation system, wherein the automation device (41, 81) is authenticated to an authentication partner by means of at least one device certificate (55, 86, 96). The device certificate (55, 86, 96) is connected to device-specific configuration data of the automation device (41, 81). Following a modification of the configuration of the automation device (41, 81), according to the invention an updated device certificate (55, 86, 96) having device-specific configuration data according to the modified configuration of the automation device (41, 81) is determined by the automation device (41, 81) and subsequently used for authentication.

Abstract: A device is provided for detecting time information of different administrative domains. The device includes a plurality of detection units, wherein each detection unit is assigned to one of the administrative domains and is configured to receive time information from a timer of the assigned administrative domains for synchronising with the assigned administrative domains, a storage device having a plurality of storage areas, and a plurality of control units, wherein each control unit is assigned exclusively to one of the detection units and the control units are configured to detect, synchronised with one another, a respective most recent item of the received time information of the respective assigned detection unit and to store the synchronously detected time information of the plurality of detection units together as synchronised data in one of the storage regions.

Abstract: Provided is a method for proving authenticity of a device with the aid of a proof of authorization of the device, wherein the proof of authorization is provided in a first step and the integrity of identity details of the proof of authorization can be checked on the basis of a digital signature of a proof of authorization issuer, and wherein the proof of authorization has an item of hardware authentication information, and affiliation of the proof of authorization to the device is proved in a second step by means of a hardware secret of the device associated with the hardware authentication information. Two-factor authentication is therefore enabled, which authentication ties authentication of the device, in particular, to the fact that a hardware-specific secret is used for the check.

Abstract: A retrieval device for secure retrieval of optical information for a first device from a light source of a second device includes, a housing made from at least one material which is opaque for the light emitted from the light source. The housing is arranged to contain the light from at least a part of the light source. The retrieval device includes an attachment adapted to detachably attach the housing to the second device, a light receiver arranged to receive optical information from the light source, said light receiver located inside the housing, and a connector arranged to transfer an optical and/or electrical signal from the light receiver to the first device.

Abstract: A method for the computer-aided processing of a random bit pattern, the random bit pattern being provided in a traceable and secure manner and high flexibility of the random bit pattern being ensured is provided. Embodiments of the invention is advantageous over conventional methods because embodiments of the invention defines, in particular at a first point in time, all degrees of freedom or parameters (e.g., which data source should be used, cryptographic methods for the first cryptographic checksum, number of measurement values, data format of the measurement values, a length of the random bit pattern, a data format of the random bit pattern (32-bit numbers, 64 bit numbers)) for the random bit pattern in the first method data set and/or format data set. In particular, it is no longer possible to freely select the parameters at the second point in time.

Abstract: A method for transfer of a dataset includes provisioning or generating a user-side Diffie Hellman key pair, including a secret user key and a public user key; transferring the public user key to the server; provisioning or generating a server-side Diffie Hellman key pair, including secret server and public server keys; provisioning a dataset on the server; generating a server-side Diffie Hellman key using the secret server key and the public user key, and encrypting the dataset to generate an encrypted dataset, via a resulting server-side Diffie Hellman key generated on the server side; transferring the encrypted dataset to the cloud service; retrieving the public server key and the encrypted dataset from the cloud service; and generating a user-side Diffie Hellman key using the secret user key and the public server key retrieved, and decrypting the encrypted dataset on the user device using the user-side Diffie Hellman key.

Abstract: A modular security control device for controlling an apparatus or an installation includes a basic control apparatus which is configured such that an apparatus or an installation which is at least connectable to the basic control apparatus is at least controllable via a sequence of a control program in the basic control apparatus, and includes a security module which is configured to provide or perform a cryptographic functionality for the basic control apparatus, where the security module is connected to the basic control apparatus by a data connection via a data interface, the basic control apparatus is configured to interact with the security module to achieve a security function of the security control device, and where the basic control apparatus is configured to query an identity and/or authenticity of the security module.