Abstract: A vehicle accumulator connected to a charging device is charged by controlling a configurable charge program executed by a control unit of the charge device. The configurable charge program is obtained from a charge program memory, so that the vehicle accumulator can be charged in an optimal manner with an individual charging characteristic.

Abstract: A modular security control apparatus for the protected transfer of network packets is provided. In particular, an exchange of network data (e.g. network packets) between a first internal source network and a second internal network (e.g. second destination network) via a non-trustworthy internal and/or external network (first destination network) is made possible.

Abstract: A method for providing a security function, in particular a cryptographic function, for a device, wherein the following method steps are carried out: receiving a request to execute the security function; loading a security application for the security function via a control application, wherein the control application is stored on a first internal memory of a security module and the security application is transferred from a memory which is external to the security module; checking an integrity of the security application by means of security information; executing the security application and providing the security function, wherein the execution and provision steps are carried out after the successful integrity checking step.

Abstract: Provided is a method for an authorized issuing of an authentication token for a device, including requesting an authentication token for the device by sending a request message and at least one authentication parameter to an authorization apparatus, verifying authenticity of the request message using the authentication parameter, verifying authorization for the request by comparing information on the device obtained with the request message in the authorization apparatus with context information for the device stored in a database, and on success of the verification of the authenticity and of the authorization, authorizing the issuing of the requested authentication token.

Abstract: A method and an apparatus for transmitting data from a transmitter in a first communication network (21) to a receiver in a second, safety-critical application network (22) comprises an input buffer unit (31), an output buffer unit (32), a waiting unit (33) and a testing unit (34). The input buffer unit (31) provides the data that are to be transmitted. The waiting unit (33) detects an input time for the data that are to be transmitted, ascertains a dwell time for the data and stores the data that are to be transmitted and/or a check value for the data that are to be transmitted. The testing unit (34) is designed to test the data that are to be transmitted, following expiry of the dwell time, using a test pattern (41) that is up-to-date following expiry of the dwell time. The output buffer unit (32) is designed to provide the data for the receiver if the data have been deemed uncritical during the check. The test pattern preferably relates to a virus pattern.

Abstract: Adapting access rules for a data interchange between a first network and a second network by the second network is provided based on a service-specific integrity information item of the first network, wherein the first network processes data for carrying out a service and the service defines multiple components. A respective integrity status is transmitted for each of the components by each respective component via a communication link within the first network to a management unit of the first network. The service-specific integrity information item is computed based on each respective integrity status by the management unit. The service-specific integrity information item is transmitted by a network access point of the first network to a receiver in the second network for adapting the access rules. Access by the receiver to each respective integrity status is prevented.

Abstract: A system for providing a control program code (SPC) for controlling a device connected to a control device has: an authentication service which, after successful authentication of the device with respect to the authentication service, transmits a device ID (FG-ID) of the authenticated device to a commissioning service which, on the basis of the device ID (FG-ID) of the authenticated device, transmits a control program code (SPC) to a control device which controls the authenticated device using the control program code (SPC).

Abstract: Provided is a method and a security module for determining or providing a device-specific private key for an asymmetrical cryptographic process. A device-specific private primary seed is reproducibly formed from a device-specific secret piece of data, and the device-specific private key is determined from the device-specific private primary seed.

Abstract: Provided is a network cabling apparatus and protective apparatus for the protected transmission of data, comprising two protective devices which are assigned to one another and can each be connected to one end of a data transmission device, each protective device having: a first interface for connection to the data transmission apparatus; a second interface for connection to a device; and a crypto unit which has a cryptographic function that can be configured in an equivalent manner on each of the assigned protective devices and which cryptographically protects the data to be transmitted.

Abstract: A device is provided for detecting time information of different administrative domains. The device includes a plurality of detection units, wherein each detection unit is assigned to one of the administrative domains and is configured to receive time information from a timer of the assigned administrative domains for synchronising with the assigned administrative domains, a storage device having a plurality of storage areas, and a plurality of control units, wherein each control unit is assigned exclusively to one of the detection units and the control units are configured to detect, synchronised with one another, a respective most recent item of the received time information of the respective assigned detection unit and to store the synchronously detected time information of the plurality of detection units together as synchronised data in one of the storage regions.

Abstract: A method operates an arrangement having a substation and a terminal device connected to the substation. The terminal device is equipped with a terminal device certificate and a private key. The certificate enables a signed data transmission, indicates the substation as the certificate issuer, has a signature of the substation and contains a reference to a public key of the terminal device. Following a connection of a control station to the substation, the control station recertifies the public key of the substation by creating a signed certificate for the substation containing the public key of the substation, for the authentication of data which are or are intended to be transmitted from the terminal device to another terminal device. The terminal device certificate indicating the substation as the certificate issuer is transferred to the other terminal device and the certificate verification is carried out based on recertified public key.

Abstract: A modular security control device for controlling an apparatus or an installation includes a basic control apparatus which is configured such that an apparatus or an installation which is at least connectable to the basic control apparatus is at least controllable via a sequence of a control program in the basic control apparatus, and includes a security module which is configured to provide or perform a cryptographic functionality for the basic control apparatus, where the security module is connected to the basic control apparatus by a data connection via a data interface, the basic control apparatus is configured to interact with the security module to achieve a security function of the security control device, and where the basic control apparatus is configured to query an identity and/or authenticity of the security module.

Abstract: A method, a first device, and a switching center are described. A first device is authenticated by a switching center inside a network taking into account the use of additional (e.g., virtual) network interfaces. A device uses certificates to transfer additional MAC addresses for authentication. As a result, a device having a plurality of MAC addresses gains access to a network from a plurality of MAC addresses in a one-off authentication process.

Abstract: Methods and apparatuses for using certificates using a positive list are provided. This involves a message, wherein the message includes a certificate for a device, the certificate has a signature for checking an authenticity of the certificate and a piece of admissibility information for ascertaining an admissibility of the certificate using a positive list, being taken as a basis for carrying out authorization for the device subject to the check and the ascertainment. The disclosed can be used in industrial or medical environments.

Abstract: An apparatus for adapting authorization information for a terminal is provided. The apparatus has a communication unit for communicating with the terminal, the communication unit being configured to carry out the communication as a test communication using an encryption protocol, a checking unit for checking a configuration of the encryption protocol on the terminal, and a control unit for adapting the authorization information for the terminal on the basis of a result of the check. A corresponding method for adapting authorization information for a terminal is also proposed. The proposed apparatus makes it possible to check the options supported by a terminal in an encryption protocol. In this case, the check can be carried out, in particular, using an encrypted communication connection which could not be monitored by a firewall.

Abstract: An electronic key supports a plurality of authentication methods and effectively prevents bidding-down attacks. For this purpose, security information is additionally provided by the electronic key, based on which a card reading device recognizes which authentication methods are supported by the electronic key. When the reading device recognizes based on said information that the electronic key supports a stronger second authentication method, but the authentication method was not recognized by the card reading device, the electronic key is, for example, rejected.

Abstract: A method transmits a signal using a unidirectional communications link, which is protected by an asymmetric cryptography method. A counter value is incremented by a transmitter during a transmission operation. Subsequently, a challenge is determined by the transmitter on the basis of the counter value and a control command that can be executed by a receiver and, on the basis of the challenge that is determined a response is in turn determined. The challenge and the response are transmitted from the transmitter to the receiver. The challenge received is then checked by the receiver to see whether the counter value used in the challenge is greater than a counter value previously stored by the transmitting transmitter. The response received is checked on the basis of the challenge. Following successful checking of the challenge and response, the control command transmitted in the challenge is executed.

Abstract: A method, system, backend, terminal, and computer program product are disclosed for producing a secure communication channel for a terminal, the method having the following method steps. A first method step for setting up a secure communication channel between a communication partner and a backend by a communication protocol. A second method step for producing a communication channel between the communication partner and the terminal. A third method step for transmitting the channel binding information. A fourth method step for storing the channel binding information on the terminal. A fifth method step for creating a data structure and a first digital signature across the data structure y. A sixth method step for sending the data structure and the digital signature from the backend to the terminal. A seventh method step for checking authenticity of the data structure.

Abstract: A method for deterministic auto-configuration of a device upon connection to an apparatus includes as a first step, during a first-time connection of the device to the apparatus, a generation of a device-specific configuration data structure, wherein this configuration data structure identifies the configuration data of the device and/or the apparatus, which configuration data was determined during a first-time connection of the device to the apparatus. The next step is storing of the configuration data structure in the device and/or in the apparatus. During a renewed connection of the device to the apparatus, the first-time configuration data of the device and/or the apparatus is determined by means of the configuration data structure, and the device and/or the apparatus correspondingly furnishes the first-time configuration data. The system is equipped in such a way as to execute the stated method.

Abstract: A device for detecting a manipulation to a program code wherein the program code is configured to be executed from an execution environment on a computing system, is provided. The device includes a comparator unit which is configured to compare data of the program code with reference data in order to produce a comparison result to compare, if the execution environment conveys a termination command to the program code, and a detection unit which is configured to detect a manipulation of the program code on the basis of the comparison result. The device can prevent data, which is produced or used during the execution of a program code, from continuing to be used after termination of the program code if an attack or manipulation of the program code has occurred. A method is further proposed for detecting a manipulation to a program code.