-
61.发明授权公开(公告)号:US09363672B2
公开(公告)日:2016-06-07
申请号:US14391964
申请日:2013-04-11
发明人: Michael Bahr , Rainer Falk , Parag Mogre
摘要: A method and network node device control the run of technology specific Push-Button Configuration sessions within a heterogeneous or homogeneous wireless network as well as a heterogeneous or homogeneous wireless network detecting a session overlap within the network. The session is related to a configuration session (bootstrapping session, setup session) that establishes a security configuration for encrypted communication over a wireless link it is proposed an enhanced mechanism for controlling the run of technology specific Push Button Configuration sessions within a heterogeneous or homogeneous wireless network and a plurality of network node devices interconnected to each other via at least one interface and/or over multiple hops and authenticated or unauthenticated for the network by using a piece of information, e.g. a “Configuration Setup Session Identifier (CSSID),” for identifying a technology specific Push Button Configuration setup session.
摘要翻译: 方法和网络节点设备控制在异构或同质无线网络内的技术特定的按钮配置会话的运行,以及检测网络内的会话重叠的异构或同质无线网络。 该会话与配置会话(引导会话,安装会话)相关联,该配置会话(通过无线链路建立用于加密通信的安全配置),它提出了一种用于在异构或同质无线网络中控制特定于技术的按钮配置会话运行的增强机制 网络和多个网络节点设备,所述多个网络节点设备通过至少一个接口和/或多个跳跃彼此互连,并且通过使用一条信息来认证或未认证网络,例如 “配置设置会话标识符(CSSID)”,用于标识技术特定的按钮配置设置会话。
-
公开(公告)号:US20150278527A1
公开(公告)日:2015-10-01
申请号:US14432201
申请日:2013-08-08
发明人: Rainer Falk
CPC分类号: G06F21/577 , G01R31/3187 , G06F2221/034 , G09C1/00 , H04L9/3278 , H04L2209/12 , H04L2209/26
摘要: The invention relates to a circuit unit (1) comprising a Physical Unclonable Function (6), hereinafter referred to as PUF (6), a verification unit (5) and an information storage device (7) for storing at least one Challenge-Response-Pair (CR1); wherein the Challenge-Response-Pair (CR1) comprises a Challenge Information (C1) and a Response Information (R1) associated therewith, and wherein the verification unit (5) is embodied and/or adapted, in order to bring about an input of the challenge information (C1) into the PUF (6) and to use a PUF Response (PR1) created thereafter by the PUF (6) and the Response Information for a comparison, and in dependence of the result of the comparison release or restrict a use of the PUF (6).
摘要翻译: 本发明涉及一种电路单元(1),包括物理不可克隆功能(6),以下称为PUF(6),验证单元(5)和信息存储设备(7),用于存储至少一个挑战响应 - 公路(CR1); 其中所述挑战 - 响应对(CR1)包括与其相关联的挑战信息(C1)和响应信息(R1),并且其中所述验证单元(5)具体化和/或适配,以便产生 将挑战信息(C1)输入到PUF(6)中并且使用由PUF(6)随后创建的PUF响应(PR1)和用于比较的响应信息,并且根据比较结果释放或限制 使用PUF(6)。
-
63.发明申请METHOD AND DEVICES FOR RUNNING TECHNOLOGY SPECIFIC PUSH-BUTTON CONFIGURATION SESSIONS 有权用于运行技术特定按钮配置会话的方法和设备公开(公告)号:US20150113138A1
公开(公告)日:2015-04-23
申请号:US14394054
申请日:2013-04-11
发明人: Michael Bahr , Rainer Falk , Parag Mogre
CPC分类号: H04L41/28 , H04L63/08 , H04L63/107 , H04W12/06 , H04W74/002 , H04W84/12
摘要: Overlapping Push Button Configuration (PBC) sessions are prevented without any deadlocks of technology specific PBC methods by controlling the run of technology specific PBC sessions within a heterogeneous network of network node devices interconnected via at least one I interface and/or over multiple hops and authenticated for the network, by enabling a two-level PBC within the heterogeneous network based on a network node device of the network node devices being authenticated for the network as registrar, which is especially selectable or determined. Level-1 of the two-level PBC performed at the abstraction layer of the heterogeneous network accomplishes the detection of the wish for PBC, prevention of overlapping PBC sessions independent of underlying communication technology, coordination of technology-specific PBC runs, whereas in level-2 of the two-level PBC performed within a technology-specific communication technology a technology-specific PBC is used, which is triggered by the level-1.
摘要翻译: 通过控制通过至少一个I接口和/或多跳进行互连的网络节点设备的异构网络中的技术特定PBC会话的运行来防止重叠按钮配置(PBC)会话,而不会出现技术特定PBC方法的任何死锁 对于网络,通过基于网络节点设备的网络节点设备对网络进行身份验证的特殊网络中的两级PBC,作为特别可选择或确定的注册器。 在异构网络的抽象层执行的两级PBC级别1完成了对PBC的愿望的检测,防止重叠的PBC会话独立于底层通信技术,协调技术特定的PBC运行, 2级PBC在技术特定的通信技术中进行了一项技术特定的PBC,由第1级触发。
-
公开(公告)号:US20240236671A1
公开(公告)日:2024-07-11
申请号:US18559036
申请日:2022-05-03
发明人: Steffen Fries , Rainer Falk , Joachim Walewski , Michael Bahr
IPC分类号: H04W12/06
CPC分类号: H04W12/06
摘要: A method of onboarding a user device onto an industrial network includes receiving a registration request from the user device. The user device is connected to a gateway device associated with a first wireless network. The registration request includes one or more network access parameters associated with the user device. At least one network access parameter from the network access parameters is indicative of the gateway device and/or the first wireless network. The method includes authenticating the user device based on the received registration request. Authenticating includes verifying validity of network access parameters of the registration request. The method allows for utilization of network access data to evaluate if the user device is indeed an actual user device or an unauthorized device. Accordingly, an overall security associated with the onboarding process is improved.
-
公开(公告)号:US20240223389A1
公开(公告)日:2024-07-04
申请号:US18558071
申请日:2022-04-26
发明人: Hans Aschauer , Fabrizio De Santis , Rainer Falk , Andreas Furch , Daniel Schneider , Thomas Zeschg
CPC分类号: H04L9/50 , H04L9/0825 , H04L9/3236 , H04L9/3247
摘要: Various teachings of the present disclosure include methods for providing cryptographic keys for signing data. The method may include: providing a plurality of keys as leaves of a hash tree structure having at least one first hash tree; evaluating a requirement criterion for a requirement for additional keys and, if the requirement criterion is satisfied, generating a plurality of additional keys available as leaves of a further hash tree; and integrating the further hash tree into the hash tree structure so a respective root of the further hash tree is signed with a leaf of the hash tree structure. A number of hash trees of the hash tree structure is not predetermined.
-
66.发明授权公开(公告)号:US11914715B2
公开(公告)日:2024-02-27
申请号:US16466869
申请日:2017-10-10
发明人: Hans Aschauer , Steffen Fries , Markus Heintel , Dominik Merli , Rainer Falk
CPC分类号: G06F21/575 , G06F21/572 , G06F21/577 , G06F21/107 , G06F2221/2105
摘要: Provided is a device unit, including a module, which can configure the device unit with an operating state from among different operating states during the start-up process and/or during ongoing operation of the device unit, wherein a first protected operating state of the different operating states is designed to allow the execution of at least one operating process which can be predefined and to optionally protect the operating process by means of defined cryptographic means, wherein at least one second operating state of the different operating states is designed to deactivate the first protected operating state and to allow at least one other changeable operating process and to optionally protect the operating process by means of specifiable cryptographic means.
-
公开(公告)号:US11882447B2
公开(公告)日:2024-01-23
申请号:US17266905
申请日:2019-08-02
发明人: Rainer Falk
CPC分类号: H04W12/08 , H04L63/102 , H04W8/18 , H04W12/06 , H04W48/02
摘要: The invention relates to a computer-implemented method for connecting a network component to a network, in particular a mobile communications network, with an extended network access identifier. The method involves a receiving of the extended network access identifier from the network component via a network access server, wherein the extended network access identifier comprises at least one network access restriction for connecting the network component to the network. The method also involves a receiving of a requested user access profile from a user profile server via the network access server, wherein the user access profile comprises access authorisations for connecting the network component to the network. The network component is authenticated in the network via the network access server, if the received extended network access identifier fulfills thre access authorisations of the received user access profile. Then the network connection of the network component to the network via the network access server is configured by means of the access authorisations of the user access profile once the network component is authenticated. There is also a determining of the network restriction received with the extended network access identifier via the network access server, and a verifying of the configured network connection of the network component to the network via the network access server based on the determined network access restriction. Then the network component is connected to the network via the network access server, once the configured network connection is verified and the configured network connection fulfills the determined network access restrictions.
-
68.发明公开公开(公告)号:US20230244472A1
公开(公告)日:2023-08-03
申请号:US18008238
申请日:2021-06-07
发明人: Armin Amrhein , Stefan Becker , Rainer Falk , Axel Pfau
IPC分类号: G06F8/65
CPC分类号: G06F8/65
摘要: Various embodiments of the teachings herein include a configuration device for determining an update configuration for a software update for a technical installation. The device may include: a module to acquire operating parameters of a production process of a technical installation, including configuration parameters of the technical installation; a module to load software updates for one or more elements of the technical installation; a module to use the operating parameters and the software updates as a basis for determining an update configuration for the software updates; and a module to transfer the update configuration and/or the software updates to an update server. The update server controls and/or monitors and/or records the software update of the one or more elements of the technical installation on the basis of the update configuration.
-
公开(公告)号:US11662702B2
公开(公告)日:2023-05-30
申请号:US16954109
申请日:2018-11-15
发明人: Omar Belhachemi , Rainer Falk , Christian Peter Feist , Kai Fischer , Daniela Friedrich , Steffen Fries , Markus Heintel
IPC分类号: G05B19/042 , G05B9/02 , H04L9/00 , H04L9/30
CPC分类号: G05B19/0428 , G05B9/02 , H04L9/002 , H04L9/3066 , G05B2219/36542
摘要: Provided is a method for producing a product by a machine tool, wherein the control information and/or production data of a machine tool, such as a milling machine, injection molding machine, welding robot, laser cutter or 3D printer, is protected or cryptographically encrypted such that unauthorized copying or modifying is prevented, including the steps: producing product by the machine tool taking into consideration control information which controls the production of the product; generating production data by the machine tool during production of the product, wherein the production data describes the production of the product; providing protection information to the machine tool, which indicates which of the production data is to be protected, and defines a protection method for the production data which is protected; and protecting that production data which, according to the protection information, is to be protected, by the protection method defined by the protection information.
-
公开(公告)号:US11609996B2
公开(公告)日:2023-03-21
申请号:US17048657
申请日:2019-04-12
发明人: Rainer Falk
摘要: An object of the disclosure is to simplify security enhancements based on trusted computing. For this, a first data processing apparatus configured to operate in accordance with one or more platform configuration is provided. The first data processing apparatus includes an attestation processor, a network interface, and a data storage device for storing validation data. The attestation processor is configured to establish attestation data that is indicative of a current platform configuration. The validation data facilitates a validity check of integrity data, which includes the attestation data. The first data processing apparatus is configured to provide the integrity and validation data.
-
-
-
-
-
-
-
-
-
搜索结果
155 条记录 (耗时 0.02 秒)
