Abstract: Devices, methods, and a computer program for releasing transportation vehicle components and a vehicle-to-vehicle communication module. The device for releasing a vehicle component of a transportation vehicle includes at least one interface for communication with further vehicle components of the transportation vehicle and a control module for controlling the at least one interface to receive messages from the further vehicle components of the transportation vehicle and to verify the identity of the further vehicle components based on the received messages and the stored identification data of the further vehicle components. The messages on which the verification of the identity of the further vehicle components is based are messages used in regular operation of the vehicle component. The control module also releases the vehicle component in response to the identity of the further transportation vehicle components being consistent with the stored identification data of the further vehicle components.

Abstract: A method is disclosed for authentic data transmission between control devices of a vehicle in which messages which are sent from a first control device to a receiver control device and are provided with a first cryptographic key for authentication, and messages that are sent from a second control device to the receiver control device are provided with a second cryptographic key for authentication. First status information provided with a third cryptographic key is sent from a monitoring module of the first control device to the receiver control device and second status information provided with the second cryptographic key is sent from the second control device to the receiver control device. The first status information and second status information are received by the receiver control device. The received first and second status information is evaluated to detect a manipulation of the first control device.

Abstract: Data backup in a vehicle, where a datum is generated by a function implemented on a first control device of the vehicle. The securing of the datum generated is determined using the configuration data stored in a first control device. If the datum generated is to be protected, it is cryptographically marked and/or encrypted. The cryptographically marked and/or encrypted datum is stored in a memory of the first control device. In addition the cryptographically marked and/or encrypted datum or a value derived therefrom is sent over an electronic network of the vehicle to at least one second control device, received by the latter and stored in a memory of the second control device.

Abstract: Devices, methods, and a computer program for releasing transportation vehicle components and a vehicle-to-vehicle communication module. The device for releasing a vehicle component of a transportation vehicle includes at least one interface for communication with further vehicle components of the transportation vehicle and a control module for controlling the at least one interface to receive messages from the further vehicle components of the transportation vehicle and to verify the identity of the further vehicle components based on the received messages and the stored identification data of the further vehicle components. The messages on which the verification of the identity of the further vehicle components is based are messages used in regular operation of the vehicle component. The control module also releases the vehicle component in response to the identity of the further transportation vehicle components being consistent with the stored identification data of the further vehicle components.

Abstract: A method for protected communication is provided. The method comprises defining master keys for different service domains within the scope of influence of a vehicle manufacturer generating a master key reference for the vehicle within the range of influence of the vehicle manufacturer, securely introducing one or more of the cryptographic keys derived from at least one of the defined master keys and the associated master key reference into the vehicle, and transmitting to an external server a message signed with one of the derived cryptographic keys, which is additionally provided with the master key reference and the current status of the vehicle. The method further comprises deriving the at least one cryptographic key in the external server from the master key identified by the master key reference depending on the key status of the vehicle, and checking the authenticity of the signed message with the derived cryptographic key.

Abstract: The invention relates to a method for generating cryptographic keys according to a key derivation function model. An embodiment includes the following steps: defining a master key for different models of a product type from a manufacturer; defining a set of key derivation parameters for the key derivation function model; determining the key derivation parameters for the model for which a cryptographic key is to be derived; deriving a single cryptographic key or a set of cryptographic keys from the master key according to the key derivation function model taking into account the key derivation parameters, wherein the step of defining a set of key derivation parameters comprises at least the following parameters: key type identification and key type learning counter.

Abstract: A device, method and computer program for enabling a vehicle component and a vehicle-to-vehicle communication module. The device includes at least one interface for communication with a second vehicle component of the transportation vehicle. The second vehicle component is part of a secured cluster of vehicle components of the transportation vehicle. The device includes a control module to control the at least one interface and to receive at least one message from the second vehicle component via the at least one interface. The control module legitimates the second vehicle component based on the at least one message received from the second vehicle component. The control module enables the first vehicle component in response to the at least one received message implying that the second vehicle component has been enabled and in response to the legitimation of the second vehicle component being successful.

Abstract: A method providing security the first time a mobile device makes contact with a device including a trusted entity introducing asymmetric key into a mobile device, performing a key exchange method on contact-making resulting in a shared key in the mobile device and in the device, generating a first signature with the symmetric key using the shared key in the mobile device, generating a second signature with the symmetric key using the shared key in the device, transmitting the first signature to the device and the second signature to the mobile device, authenticating the device by cryptographic verification of the second signature with the symmetric key in the mobile device, authenticating the mobile device by cryptographic verification of the first signature with the symmetric key in the device, and continuing contact-making in the event of mutual successful authentication or termination of contact-making if at least one authentication has failed.

Abstract: Devices, methods, and a computer program for releasing transportation vehicle components and a vehicle-to-vehicle communication module. The device for releasing a vehicle component of a transportation vehicle includes at least one interface for communication with further vehicle components of the transportation vehicle and a control module for controlling the at least one interface to receive messages from the further vehicle components of the transportation vehicle and to verify the identity of the further vehicle components based on the received messages and the stored identification data of the further vehicle components. The messages on which the verification of the identity of the further vehicle components is based are messages used in regular operation of the vehicle component. The control module also releases the vehicle component in response to the identity of the further transportation vehicle components being consistent with the stored identification data of the further vehicle components.

Abstract: A method for protected communication by a vehicle is provided, which may comprise: defining a number of master keys for different service domains within the scope of influence of a vehicle manufacturer; generating a master key reference for the vehicle or for a control unit of the vehicle within the range of influence of the vehicle manufacturer; securely introducing one or more of the cryptographic keys derived from at least one of the defined master keys and the associated master key reference into the vehicle, or into a control unit of the vehicle, within the range of influence of the vehicle manufacturer; transmitting from the vehicle to an external server a message signed with one of the derived cryptographic keys, which is additionally provided with the master key reference and the current status of the vehicle; deriving the at least one cryptographic key in the external server from the master key identified by the master key reference depending on the key status of the vehicle; checking the authenticit

Abstract: The invention relates to a method for generating cryptographic keys according to a key derivation function model. An embodiment includes the following steps: defining a master key for different models of a product type from a manufacturer; defining a set of key derivation parameters for the key derivation function model; determining the key derivation parameters for the model for which a cryptographic key is to be derived; deriving a single cryptographic key or a set of cryptographic keys from the master key according to the key derivation function model taking into account the key derivation parameters, wherein the step of defining a set of key derivation parameters comprises at least the following parameters: key type identification and key type learning counter.

Abstract: A method for providing an authenticated connection between at least two communication partners including implementing a server application on a first communication partner of the at least two communication partners, implementing a first user application on a second communication partner of the at least two communication partners, and carrying out an application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner. The method enables a coupling of at least two communication partners which is effected at the application level and is independent of the protection of the communication connection between the communication partners.

Abstract: A method for providing an authenticated connection between at least two communication partners including implementing a server application on a first communication partner of the at least two communication partners, implementing a first user application on a second communication partner of the at least two communication partners, and carrying out an application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner. The method enables a coupling of at least two communication partners which is effected at the application level and is independent of the protection of the communication connection between the communication partners.

Abstract: A method for providing an authenticated connection between at least two communication partners and to a communication system. The method includes providing a shared secret key for the at least two communication partners; setting up an anonymous signal-conducting connection between the at least two communication partners, wherein all messages of the connection between the at least two communication partners are encrypted using the shared secret key; and authenticating the connection between the at least two communication partners by a user. The method provides a secure and convenient authentication of a connection between two communication partners, wherein the authentication is effected at the application level.

Abstract: A method for providing an authenticated connection between at least two communication partners including implementing a server application on a first communication partner of the at least two communication partners, implementing a first user application on a second communication partner of the at least two communication partners, and carrying out an application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner. The method enables a coupling of at least two communication partners which is effected at the application level and is independent of the protection of the communication connection between the communication partners.

Abstract: A method for asymmetrical key derivation by a signing entity for a terminal including introducing identical cryptographic material into the signing entity and into the terminal; deriving in each case a private key from the cryptographic material in the signing entity and in the terminal; calculating in each case a public key from the private key in the signing entity and in the terminal; generating a signature and/or a signed public key in the signing entity; transferring the signature and/or the signed public key from the signing entity into the terminal; and appending the signature of the signing entity to the public key in the terminal.

Abstract: A method for implementing an encrypted client-server communication, wherein the server includes an entry point, service systems behind the entry point, and a secure system. The method includes incorporating common cryptographic material into the client and into the secure system, deriving key material from the common cryptographic material in the client for an encrypted communication between the client and a service system, deriving key material from the common cryptographic material in the secure system for an encrypted communication between the client and a service system, and transferring the key material into the service system or retaining the key material in the secure system.

Abstract: A method for providing an authenticated connection between at least two communication partners and to a communication system. The method includes setting up an anonymous signal-conducting connection between the at least two communication partners; checking the authenticity of a signed certificate used by a first communication partner of the at least two communication partners by a second communication partner of the at least two communication partners; reproducing an authentication code by the second communication partner after the check of the authenticity of the signed certificate used by the first communication partner has been carried out; and confirming the authentication code reproduced by the second communication partner by a user by the first communication partner. The method provides a possibility which increases the security of a certificate-based authentication of a communication connection between at least two communication partners.

Abstract: A method for performing certification by a control device of a vehicle including generating a first signed certificate, which has at least one public key, and generating an associated private key; single-time introduction of the first signed certificate and of the associated private key into the control device; producing a second certificate; signing a further public key in the control device, using the private key and the second certificate; and making available the signed further public key together with the first signed certificate.

Abstract: A device, method and computer program for enabling a vehicle component and a vehicle-to-vehicle communication module. The device includes at least one interface for communication with a second vehicle component of the transportation vehicle. The second vehicle component is part of a secured cluster of vehicle components of the transportation vehicle. The device includes a control module to control the at least one interface and to receive at least one message from the second vehicle component via the at least one interface. The control module legitimates the second vehicle component based on the at least one message received from the second vehicle component. The control module enables the first vehicle component in response to the at least one received message implying that the second vehicle component has been enabled and in response to the legitimation of the second vehicle component being successful.