Abstract: The embodiments relate to tamper protection of a field device. The method includes: checking whether manipulation of the field device has taken place; outputting a non-manipulation certificate in case a negative inspection result is determined; transferring the non-manipulation certificate; a registration device checking the non-manipulation certificate; determining an active status of the field device in case the non-manipulation certificate is valid; checking the field device by querying the status of the field device; transferring field device data to the monitoring device; and accepting the field device data if the field device has an active status. The invention further relates to a monitoring system for a field device and a use.

Abstract: A method, a first device, and a switching center are described. A first device is authenticated by a switching center inside a network taking into account the use of additional (e.g., virtual) network interfaces. A device uses certificates to transfer additional MAC addresses for authentication. As a result, a device having a plurality of MAC addresses gains access to a network from a plurality of MAC addresses in a one-off authentication process.

Abstract: A method and system for authorizing a user at a field device by a portable communications device. A first information is acquired by the portable communications device for identifying the field device. The portable communications device sends to a system the first information and a second information for identifying at least one of (i) the portable communications device, and (ii) the user thereof. The system determines a first piece of access information on the basis of the first information and the second information, and sends the first piece of access information to the portable communications device. The portable communications device transmits the second information and the first piece of access information to the field device. The field device determines a second piece of access information on the basis of the second information, and compares the first piece of access information with the second piece of access information.

Abstract: A method and a regulating unit for avoiding overloads for link sections within a power supply system use requirements for loads to determine which link sections can be enabled for loads.

Abstract: The embodiments relate to methods and apparatuses for producing secure transmission of a message. The methods are based on production of a basic key that is used for producing respective transmitter keys for a plurality of transmitters. For the ascertainment of the receiver keys by respective receivers, the basic key is transmitted to the receivers, which for their part are able to ascertain a receiver key for checking the integrity of the message from a respective transmitter on the basis of the basic key and an identifier for the transmitter. The receiver ascertains a cryptographic checksum, which, in the course of the integrity check, is compared with a cryptographic checksum that has been produced by the transmitter and sent along by the respective message. The embodiments may be used within the context of automation and sensor networks.

Abstract: The invention relates to a device for authenticating a product with respect to at least one authenticator. Said device comprises a capturing unit, a test unit and a transmitting unit. Said capturing unit is designed to capture a challenge emitted by the authenticator. Said test unit is designed to test an authorization from the authenticator for capturing a response to the emitted challenge. Said transmitter unit is designed to transmit a predetermined response to the authenticator in accordance with the tested authorization and the captured challenge. As a result, increased security during the authentication is ensured. The invention also relates to a system comprising said type of device and an authenticator, and to a method and a computer program product for authenticating a product.

Abstract: A security device and a method provide a cryptographic key for a field device. The security device is connected to at least one tamper sensor which is associated with the field device and which, when a physical manipulation carried out on the field device is detected, a manipulation message is emitted. The cryptographic key is only provided to the field device by the security device if the security device does not receive a manipulation message from the tamper sensors associated with the field device.

Abstract: A method for processing messages in a communication network, wherein messages are transmitted between network nodes of the communication network, which are each combined with test information that is verifiable to determine whether a corresponding message is admissible, where an admissible message leads to a positive test result and an inadmissible message leads to a negative test result. For at least one message that is provided for a respective network node, an action coupled to the message is performed from the respective network node in time a message is received in the respective network node without checking the test information combined with the message, wherein, upon execution of the action, the test information is verified by the respective network node and, when the test result is negative, at least one predefined measure is performed.

Abstract: A device for transcoding during an encryption-based access check of a client device to a databank, which provides a data set in an encrypted area, has: a unit for assigning a specific access level of the client device and for providing a corresponding first group key of the client device as a function of a registration parameter, wherein the client device is allowed access to a first area, which is encrypted using the first group key, and all areas of the database subordinate to the first area as a function of the assigned access level; a unit for providing a classification result depending on a classification of the data set of the particular area by one of the client devices allowed to access the particular area; and a unit for transcoding the data set and/or a data set key for the data set as a function of the classification result.

Abstract: A method and a server are configured to provide, in a tamperproof manner, a key certificate for a public device key of a user device, which is installed for a user, by means of a server belonging to a service provider who provides the user with a service via the user device, wherein the server provides the user device with the key certificate if a signing request message received by the user device is successfully verified by the server using a one-time password generated for the user device by the server.

Abstract: The embodiments relate to methods for generating cryptographically protected redundant data packets. N redundant data packets are produced by N different generation units. The respective generation unit is allocated a unique identification. N cryptographically protected redundant data packets are generated by an individual cryptographic function from the N generated redundant data packets, the cryptographic function being parameterized for generating the respective cryptographically protected data packet by a cryptographic key and by the identification allocated to the corresponding generation unit. The cryptographic key may be used for a plurality of channels. The embodiments also relate to a computer program product and a device for generating cryptographically protected redundant data packets.

Abstract: In a method for providing a one-time password for a user device belonging to a user, which password is intended to register the user device with a server, the server generates the one-time password using a cryptographic operation on the basis of a unique use identifier and transmits the password to the user device. The method provides a service provider with the possibility of tying additional conditions for registration to the one-time password and thus increases the flexibility of the service provider when configuring the services offered by the latter and increases security against manipulation.

Abstract: A vehicle accumulator connected to a charging device is charged by controlling a configurable charge program executed by a control unit of the charge device. The configurable charge program is obtained from a charge program memory, so that the vehicle accumulator can be charged in an optimal manner with an individual charging characteristic.

Abstract: A system for providing a control program code (SPC) for controlling a device connected to a control device has: an authentication service which, after successful authentication of the device with respect to the authentication service, transmits a device ID (FG-ID) of the authenticated device to a commissioning service which, on the basis of the device ID (FG-ID) of the authenticated device, transmits a control program code (SPC) to a control device which controls the authenticated device using the control program code (SPC).

Abstract: A test comment is transmitted by a test unit in the form of a data transmission via a mains supply to one or more electric components of a network. Each electric component that receives a transmitted test command transmits a test response that characterizes each electric component, in the form of a data transmission via the mains supply back to the test unit, the transmitted response being then evaluated in the test unit.

Abstract: In order to issue a security credential, a client of a system is configured to send a credential request in order to have a credential issuer prepare a security credential. The credential request is received by a credential attribute intermediary connected between the client and the credential issuer. At least one attribute of the requesting client is ascertained by the credential attribute intermediary. The at least one attribute ascertained by the credential attribute intermediary is confirmed to the credential issuer. The security credential is issued by the credential issuer based on the credential request received by the credential attribute intermediary and based on the at least one attribute confirmed by the credential attribute intermediary.

Abstract: Method and system for providing device-specific operator data for an automation device in an automation installation, which automation device authenticates itself to an authentication server in the automation installation via at least one authentication credential, wherein if up-to-date device-specific operator data from the installation operator of the automation installation are available for the automation device, then the up-to-date device-specific operator data are tied to the authentication credential of the authentication device.

Abstract: In a method for issuing a digital certificate by a certification authority (B), a device (A) sends a request message to the certification authority (B) for issuing the certificate, the certification authority (B) receives the request message and sends a request for authenticating the device (A) to the device (A), the device (A) sends a response to the certification authority (B) in response to the received request, and the certification authority (B) checks the received response and generates the certificate and sends the certificate to the device (A), if the response was identified as correct.

Abstract: In a control network for a rail vehicle, control units of the rail vehicle are connected to each other in a ring shape via at least two communication paths. A first control unit transmits user data via a communication path in a first direction to a second control unit and test data associated with the user data for checking the user data via another communication path in a second direction opposite to the first direction to the second control unit. The second control unit can thus detect manipulation of data by a third party.

Abstract: A method checks the integrity of data stored in a predetermined memory area of a memory of a first device. The first device is coupled to at least one second device by a network The method involves providing at least one parameter which is suitable for influencing a hash value of at least one predetermined hash function. At least one hash value is calculated on the basis of the data stored in the predetermined memory, the at least one predetermined hash function and the at least one parameter. The second device checks the integrity of the data stored in the predetermined memory area of the first device on the basis of the calculated hash value or values.