Abstract: Various embodiments of the teachings herein include a method for enhancing security of a product using a supply chain of suppliers for manufacturing or producing the product. The method may include: consulting a security information dataset including a first security provision datum of a supplier and a second security provision datum of a supplier's supplier; and matching or comparing the first security demand datum and the second security provision datum with the security demand datum. The security information dataset includes a security demand datum of a supplied entity supplied by the supplier. The security provision datum of the supplier's supplier is validated by the supplier.

Abstract: A method for achieving a security function for a security control device for controlling a device or an installation, including: a) providing at least one first partial secret that is stored in a basic control device, b) providing at least one second partial secret that is stored in a security module, c) combining the at least one first and second partial secret to form an overall secret, required to achieve the security function, within the time period in which the basic control device interacts with the security module via the first and second coupling interfaces, and d) disguising the combined overall secret outside the time period.

Abstract: Provided is a method for achieving a security function for a security control device for controlling a device or an installation, including: a basic control device, and a security module and having the following steps of a) providing at least one first partial secret which is stored in the basic control device, b) providing at least one second partial secret which is stored in the security module, c) combining the at least one first partial secret and the at least one second partial secret in order to achieve the security function, wherein the at least one first partial secret is broken down into sections of a predefinable size and the set of sections is gradually combined with the at least second partial secret by means of a calculation rule, which can be processed within a predefinable period during the execution of the calculation rule according to the size and set.

Abstract: A device is provided for detecting time information of different administrative domains. The device includes a plurality of detection units, wherein each detection unit is assigned to one of the administrative domains and is configured to receive time information from a timer of the assigned administrative domains for synchronising with the assigned administrative domains, a storage device having a plurality of storage areas, and a plurality of control units, wherein each control unit is assigned exclusively to one of the detection units and the control units are configured to detect, synchronised with one another, a respective most recent item of the received time information of the respective assigned detection unit and to store the synchronously detected time information of the plurality of detection units together as synchronised data in one of the storage regions.

Abstract: A retrieval device for secure retrieval of optical information for a first device from a light source of a second device includes, a housing made from at least one material which is opaque for the light emitted from the light source. The housing is arranged to contain the light from at least a part of the light source. The retrieval device includes an attachment adapted to detachably attach the housing to the second device, a light receiver arranged to receive optical information from the light source, said light receiver located inside the housing, and a connector arranged to transfer an optical and/or electrical signal from the light receiver to the first device.

Abstract: A modular security control device for controlling an apparatus or an installation includes a basic control apparatus which is configured such that an apparatus or an installation which is at least connectable to the basic control apparatus is at least controllable via a sequence of a control program in the basic control apparatus, and includes a security module which is configured to provide or perform a cryptographic functionality for the basic control apparatus, where the security module is connected to the basic control apparatus by a data connection via a data interface, the basic control apparatus is configured to interact with the security module to achieve a security function of the security control device, and where the basic control apparatus is configured to query an identity and/or authenticity of the security module.

Abstract: Provided is a method for the secure, computer-aided execution of program instructions of an application, including the following method steps. The method includes a step of switching on a learning mode of an execution environment. The method includes a further step of performing the application in the execution environment while the learning mode is switched on, wherein program instructions of the application are performed for a selected predetermined application scenario and the execution environment assigns a first application scenario-specific validity information to the performed program instructions. The method includes a step of switching on a working mode of the execution environment, wherein, in the working mode, the execution environment checks the first validity information of the program instructions, and wherein the execution environment executes the program instructions as a function of their validity information.

Abstract: Provided is a retrieval device for secure retrieval of optical information for a first device from a light source of a second device, including: a housing made from at least one material which is opaque for the light emitted from the light source, wherein the housing is arranged to contain the light from at least a part of the light source, an attachment adapted to detachably attach the housing to the second device, a light receiver arranged to receive optical information from the light source, said light receiver located inside the housing, a connector arranged to transfer an optical and/or electrical signal from the light receiver to the first device.

Abstract: A method for achieving a security function for a security control device for controlling a device or an installation, including: a) providing at least one first partial secret that is stored in a basic control device, b) providing at least one second partial secret that is stored in a security module, c) combining the at least one first and second partial secret to form an overall secret, required to achieve the security function, within the time period in which the basic control device interacts with the security module via the first and second coupling interfaces, and d) disguising the combined overall secret outside the time period.

Abstract: Provided is a method for achieving a security function for a security control device for controlling a device or an installation, including: a basic control device, and a security module and having the following steps of a) providing at least one first partial secret which is stored in the basic control device, b) providing at least one second partial secret which is stored in the security module, c) combining the at least one first partial secret and the at least one second partial secret in order to achieve the security function, wherein the at least one first partial secret is broken down into sections of a predefinable size and the set of sections is gradually combined with the at least second partial secret by means of a calculation rule, which can be processed within a predefinable period during the execution of the calculation rule according to the size and set.

Abstract: A modular security control apparatus for the protected transfer of network packets is provided. In particular, an exchange of network data (e.g. network packets) between a first internal source network and a second internal network (e.g. second destination network) via a non-trustworthy internal and/or external network (first destination network) is made possible.

Abstract: Provided is a method for the secure, computer-aided execution of program instructions of an application, including the following method steps. The method includes a step of switching on a learning mode of an execution environment. The method includes a further step of performing the application in the execution environment while the learning mode is switched on, wherein program instructions of the application are performed for a selected predetermined application scenario and the execution environment assigns a first application scenario-specific validity information to the performed program instructions. The method includes a step of switching on a working mode of the execution environment, wherein, in the working mode, the execution environment checks the first validity information of the program instructions, and wherein the execution environment executes the program instructions as a function of their validity information.

Abstract: A device is provided for detecting time information of different administrative domains. The device includes a plurality of detection units, wherein each detection unit is assigned to one of the administrative domains and is configured to receive time information from a timer of the assigned administrative domains for synchronising with the assigned administrative domains, a storage device having a plurality of storage areas, and a plurality of control units, wherein each control unit is assigned exclusively to one of the detection units and the control units are configured to detect, synchronised with one another, a respective most recent item of the received time information of the respective assigned detection unit and to store the synchronously detected time information of the plurality of detection units together as synchronised data in one of the storage regions.

Abstract: A modular security control device for controlling an apparatus or an installation includes a basic control apparatus which is configured such that an apparatus or an installation which is at least connectable to the basic control apparatus is at least controllable via a sequence of a control program in the basic control apparatus, and includes a security module which is configured to provide or perform a cryptographic functionality for the basic control apparatus, where the security module is connected to the basic control apparatus by a data connection via a data interface, the basic control apparatus is configured to interact with the security module to achieve a security function of the security control device, and where the basic control apparatus is configured to query an identity and/or authenticity of the security module.

Abstract: A method and a server for integrating a device into a network, a first device identification of the device is detected being a reading device authorized for this purpose, and the detected first device identification being transmitted as configuration data into an access-protected configuration data memory of the network. The first device identification of the device is transmitted from the reading device to the configuration data memory and stored in the memory. After the device to be integrated is connected to an access node of the network, the server automatically configures the connected device for the network if a corresponding first device identification of the device is already stored in the access-protected configuration data memory of the network for the second device identification of the device connected to the access node of the network such that an efficient and secured integration of a communication-enabled terminal into a network is achieved.

Abstract: The embodiments relate to methods for plagiarism protection for cryptographic challenge-response methods, wherein an originality test for products that require a secret symmetric or private asymmetric key on the product side is carried out such that a plagiarism protection service is set up as a web service that carries out a calculation of the challenge for the product to be tested and a verification of the response for the product and sends the result of the verification in an integrity-protected manner to a testing unit authorized for plagiarism testing, and which, if the cryptographic challenge-response method is not present on the product to be tested after the key has been authenticated and authorized by the product to be tested, can subsequently send software for calculating the response directly to the product online.

Abstract: In a method for detecting infringements of the authenticity of a system component an authentication request is sent from a controller to an authentication device of the system component. A first authentication code is calculated in the authentication device by applying a shared one-way function to an identification code, stored in the authentication device, for the system component. A second authentication code in the controller is calculated by applying the shared one-way function to an identification code, stored in the controller, for the system component, and an authentication response including the first authentication code is sent from the authentication device to the controller. The first authentication code is compared with the second authentication code in the controller for detecting infringements of the authenticity of the system component.

Abstract: A method and a server for integrating a device into a network, a first device identification of the device is detected being a reading device authorized for this purpose, and the detected first device identification being transmitted as configuration data into an access-protected configuration data memory of the network. The first device identification of the device is transmitted from the reading device to the configuration data memory and stored in the memory. After the device to be integrated is connected to an access node of the network, the server automatically configures the connected device for the network if a corresponding first device identification of the device is already stored in the access-protected configuration data memory of the network for the second device identification of the device connected to the access node of the network such that an efficient and secured integration of a communication-enabled terminal into a network is achieved.

Abstract: In a method for detecting infringements of the authenticity of a system component an authentication request is sent from a controller to an authentication device of the system component. A first authentication code is calculated in the authentication device by applying a shared one-way function to an identification code, stored in the authentication device, for the system component. A second authentication code in the controller is calculated by applying the shared one-way function to an identification code, stored in the controller, for the system component, and an authentication response including the first authentication code is sent from the authentication device to the controller. The first authentication code is compared with the second authentication code in the controller for detecting infringements of the authenticity of the system component.

Abstract: A server implemented method for securing data is provided. The method includes generating a context container for storing data objects transferred to the server during a session with a client, creating, from the data objects in the context container, a plurality of protected zones of data objects, wherein each protected zone includes data objects of a different class of security and creating a reference for each protected zone. Further, the method includes providing the client access to that protected zone via the reference, wherein the reference is non-persistently stored in the server.