-
1.发明公开公开(公告)号:US20240152627A1
公开(公告)日:2024-05-09
申请号:US18549069
申请日:2022-03-01
发明人: Rainer Falk , Hans Aschauer , Omar Belhachemi , Christian Peter Feist , Hermann Seuschek , Thomas Zeschg
CPC分类号: G06F21/577 , G06F21/602
摘要: Various embodiments of the teachings herein include a method for determining the integrity of data processing of operative data using a trusted execution environment. The method may include: presenting the trusted execution environment with input data including the operative data and test data; processing the input data to produce output data; subjecting that portion of the output data formed by the processed test data to a comparison with reference data; and using the comparison as a basis for determining the integrity of the data processing.
-
公开(公告)号:US11783039B2
公开(公告)日:2023-10-10
申请号:US17438618
申请日:2020-02-25
发明人: Hans Aschauer , Rainer Falk , Christian Peter Feist , Steffen Fries , Aliza Maftun , Hermann Seuschek , Thomas Zeschg
CPC分类号: G06F21/57 , G06F21/76 , G06F2221/034
摘要: A method for verifying an execution environment provided by a configurable hardware module, where the execution environment is used for execution of at least one hardware-application, includes receiving a hardware-application 16. The hardware-application includes configuration data describing an instantiation as a hardware-application component on the configurable hardware module. A received hardware-application is instantiated as the hardware-application component in the execution environment. The execution environment of the configurable hardware module that executes the hardware-application component in the respective execution environment is analyzed by an instantiated hardware-application component. The hardware application component communicates with a characterizing unit providing characterizing parameters for the execution environment of the configurable hardware module. The analyzed execution environment of the configurable hardware module is verified as admissible for execution of the hardware-application component if the analyzed execution environment matches the characterizing parameters provided by the characterizing unit.
-
公开(公告)号:US20230308266A1
公开(公告)日:2023-09-28
申请号:US18191432
申请日:2023-03-28
发明人: Andreas Furch , Hans Aschauer , Fabrizio De Santis , Rainer Falk , Malek Safieh , Daniel Schneider , Florian Wilde , Thomas Zeschg
CPC分类号: H04L9/0852 , H04L9/3215 , H04L9/3265
摘要: Various embodiments of the teachings herein include a method for onboarding an IoT device (3) of a manufacturer, in a manner secure against quantum computer attacks, in an infrastructure of a customer by means of a first server (1) of a manufacturer domain of the manufacturer and a second server (2) of a customer domain of the customer. In some embodiments, three authenticated and encrypted communication channels and a key encapsulation method are used to provide a device certificate of the customer domain for the IoT device on the IoT device.
-
公开(公告)号:US20220164485A1
公开(公告)日:2022-05-26
申请号:US17434872
申请日:2020-02-26
发明人: Thomas Zeschg , Hans Aschauer , Rainer Falk , Christian Peter Feist , Aliza Maftun , Hermann Seuschek
摘要: Incoming and outgoing communication of a hardware-application component is monitored and controlled at runtime of the hardware-application component. In this way, a kind of firewall is provided for ensuring secure and un-altered operation of a hardware-application performing security-critical functionalities on a field-programmable gate array. The hardware-application component may interact with other components directly and/or via an on-chip bus. The monitoring of incoming and/or outgoing communication is particularly advantageous when using third party hardware-applications or software applications, i.e., applications developed by untrusted parties. Another advantage is the possibility of monitoring and controlling all the communication between hardware-applications, hardware- and software applications, hardware-applications and peripherals, IO controllers, etc. It is beneficial especially in case a hardware-application is compromised and tries to compromise the rest of the embedded device, or in case a corrupted software application tries to compromise the associated hardware-application at runtime.
-
5.发明申请公开(公告)号:US20200089890A1
公开(公告)日:2020-03-19
申请号:US16466869
申请日:2017-10-10
发明人: Hans Aschauer , Steffen Fries , Markus Heintel , Dominik Merli , Rainer Falk
IPC分类号: G06F21/57
摘要: Provided is a device unit, including a module, which can configure the device unit with an operating state from among different operating states during the start-up process and/or during ongoing operation of the device unit, wherein a first protected operating state of the different operating states is designed to allow the execution of at least one operating process which can be predefined and to optionally protect the operating process by means of defined cryptographic means, wherein at least one second operating state of the different operating states is designed to deactivate the first protected operating state and to allow at least one other changeable operating process and to optionally protect the operating process by means of specifiable cryptographic means.
-
公开(公告)号:US20220247581A1
公开(公告)日:2022-08-04
申请号:US17613577
申请日:2020-03-31
发明人: Hans Aschauer , Fabrizio De Santis , Steffen Fries
摘要: Methods and devices are provided for establishing secure communication between the devices without relying on local time information. According to the methods, a client device, which is going to establish the secure communication to a server device, is provided by the server device with a proof of its integrity. The proof of integrity of the server device is issued by a trusted third party (TTP) to which both devices have a trust relation.
-
公开(公告)号:US20220179950A1
公开(公告)日:2022-06-09
申请号:US17425808
申请日:2019-12-04
发明人: Hans Aschauer , Rainer Falk , Christian Peter Feist , Steffen Fries , Aliza Maftun , Hermann Seuschek , Thomas Zeschg
IPC分类号: G06F21/55
摘要: A die arrangement and a method of monitoring the same are provided. The die arrangement includes a plurality of dies and a physical interconnection structure extending between and traversing the plurality of dies. The physical interconnection structure is arranged for imparting unpredictable, yet reproducible properties to a digital signal being carried on the physical interconnection structure. The die arrangement further includes a monitoring logic for monitoring the properties of the digital signal. This enables detection of tampering of topological arrangements of semiconductor dies to one another.
-
公开(公告)号:US11303440B2
公开(公告)日:2022-04-12
申请号:US16484015
申请日:2017-12-28
发明人: Hans Aschauer , Daniel Schneider , Rainer Falk
摘要: A programmable hardware security module, a method for securing a private key of a cryptographic key pair, and a method for securely providing a private key of a cryptographic key pair on a programmable hardware security module, wherein with the described devices and methods, a decentralised PKI is built, via which device keys and device certificates can be generated and target devices can be provided securely, where in this regard, the key-pair-specific transport key plays a central role in protecting the generated private key that is to be transferred, and where this is linked to the particular key pair intended for a target device via a key derivation from a master key utilizing a key-pair-specific derivation parameter.
-
公开(公告)号:US11018846B2
公开(公告)日:2021-05-25
申请号:US16051581
申请日:2018-08-01
发明人: Hans Aschauer , Rainer Falk , Kai Fischer , Steffen Fries , Markus Heintel , Wolfgang Klasen , Axel Pfau
摘要: A method for achieving a security function for a security control device for controlling a device or an installation, including: a) providing at least one first partial secret that is stored in a basic control device, b) providing at least one second partial secret that is stored in a security module, c) combining the at least one first and second partial secret to form an overall secret, required to achieve the security function, within the time period in which the basic control device interacts with the security module via the first and second coupling interfaces, and d) disguising the combined overall secret outside the time period.
-
公开(公告)号:US11003763B2
公开(公告)日:2021-05-11
申请号:US16050435
申请日:2018-07-31
发明人: Hans Aschauer , Rainer Falk , Kai Fischer , Steffen Fries , Markus Heintel , Wolfgang Klasen , Axel Pfau
摘要: Provided is a method for achieving a security function for a security control device for controlling a device or an installation, including: a basic control device, and a security module and having the following steps of a) providing at least one first partial secret which is stored in the basic control device, b) providing at least one second partial secret which is stored in the security module, c) combining the at least one first partial secret and the at least one second partial secret in order to achieve the security function, wherein the at least one first partial secret is broken down into sections of a predefinable size and the set of sections is gradually combined with the at least second partial secret by means of a calculation rule, which can be processed within a predefinable period during the execution of the calculation rule according to the size and set.
-
-
-
-
-
-
-
-
-
搜索结果
37 条记录 (耗时 0.012 秒)
