-
公开(公告)号:US20240031388A1
公开(公告)日:2024-01-25
申请号:US18028599
申请日:2021-09-10
发明人: Rishith Ellath Meethal , Christoph Ernst Ludwig , Mohamed Khalil , Christoph Heinrich , Steffen Fries , Uwe Blöcher , Dirk Hartmann
IPC分类号: H04L9/40 , G05B19/418
CPC分类号: H04L63/1425 , G05B19/41885 , G05B19/4183
摘要: For detecting a cyber-attack on a machine controller, a concurrent simulation of the machine is run in a secured access domain. From the machine controller actual control data are transmitted to the machine and resulting monitoring data are transmitted to a monitoring device. Furthermore, sensor data of the machine are transmitted to the concurrent simulation on a first secured transmission path. Based on the sensor data, the concurrent simulation simulates an operational behavior of the machine, thus inferring simulated monitoring data. The simulated monitoring data are then compared with the resulting monitoring, and an alarm signal is triggered depending on the comparison.
-
2.发明申请METHOD, DEVICE, AND SYSTEM FOR MONITORING A SECURITY NETWORK INTERFACE UNIT 有权用于监控安全网络接口单元的方法,设备和系统公开(公告)号:US20160205069A1
公开(公告)日:2016-07-14
申请号:US14913414
申请日:2014-07-22
发明人: Uwe Blöcher , Rainer Falk , David von Oheimb
IPC分类号: H04L29/06
CPC分类号: H04L63/02 , H04L63/0263 , H04L63/1408 , H04L63/1416 , H04L63/1441 , H04L67/12
摘要: The invention relates to a method for monitoring a security network interface unit (23), FIG. 2 for example a firewall, which receives a stream of data packets via a first interface (21), checks said data stream with respect to filtering rules, and outputs said data stream to a second interface (22). The method has the steps of duplicating and outputting the data stream to the second interface (22), checking the output data stream for inadmissible data traffic, transmitting a warning message to the security network interface unit if inadmissible data traffic is detected in the data stream, and restricting the data stream by means of the security network interface unit if the warning message is received in the security network interface unit (23). The device or the system according to the invention comprises units which are designed to carry out the aforementioned method.
摘要翻译: 本发明涉及一种用于监控安全网络接口单元(23)的方法, 2例如经由第一接口(21)接收数据分组流的防火墙,根据过滤规则检查所述数据流,并将所述数据流输出到第二接口(22)。 该方法具有将数据流复制并输出到第二接口(22)的步骤,检查输出数据流是否不允许的数据业务,如果在数据流中检测到不允许的数据业务,则向安全网络接口单元发送警告消息 并且如果在所述安全网络接口单元(23)中接收到所述警告消息,则通过所述安全网络接口单元来限制所述数据流。 根据本发明的装置或系统包括被设计为执行上述方法的单元。
-
3.发明申请公开(公告)号:US20180124121A1
公开(公告)日:2018-05-03
申请号:US15559524
申请日:2016-03-18
发明人: Uwe Blöcher , Rainer Falk , Jens Reinert , Wen Tang , Martin Wimmer
CPC分类号: H04L63/306 , G06F21/6236 , H04L63/02 , H04L63/0209 , H04L63/0281 , H04L63/105 , H04L63/123 , H04W12/02
摘要: A one-way coupling device for the feedback-free transmission of data from the first network with high security requirements into a second network with low security requirements, containing a request unit, an eavesdropping unit and a receiving unit, wherein the request unit is formed so as to provide a first communication link within the first network to at least one device and, moreover, to request first data from the at least one device and then to transmit the first data via a second communication link on a separate line loop of the request unit, and the eavesdropping unit, which is formed so as to eavesdrop on data on the separate line loop and to transmit data to a receiving unit which is arranged in the second network. Also, a corresponding request unit, a corresponding method and a corresponding computer program product is also provided.
-
公开(公告)号:US20160162383A1
公开(公告)日:2016-06-09
申请号:US14906383
申请日:2014-06-18
发明人: Uwe Blöcher , Jens-Uwe Bußer , Rainer Falk , Volker Fusenig
CPC分类号: G06F11/3048 , G06F11/16 , G06F11/1641 , G06F11/3024 , G06F11/3058 , G06F11/328 , G06F11/3409 , G06F21/755 , G06F2201/81 , G06F2201/86
摘要: A device for monitoring a component has at least one processor core and a further processor core. The device further includes a determining unit configured to determine a profile of the processor core, the profile being influenced by an input signal applied to the processor core, and to determine a further profile of the further processor core, the further profile being influenced by a further input signal applied to the further processor core. The device further includes a comparison unit configured to compare the profile and the further profile and to generate a fault signal, if a comparison result of a comparison carried out by the comparison unit indicates defective similarity of the profile to the further profile.
摘要翻译: 用于监视组件的设备具有至少一个处理器核心和另外的处理器核心。 所述设备还包括确定单元,其被配置为确定所述处理器核心的简档,所述简档受到施加到所述处理器核心的输入信号的影响,并且确定所述另外的处理器核心的另外的简档,所述另外的简档受到 另外的输入信号被施加到另外的处理器核心。 所述设备还包括比较单元,其被配置为比较所述简档和所述另外的配置文件并产生故障信号,如果由所述比较单元执行的比较的比较结果指示所述配置文件与所述另外的配置文件的不相似性。
-
公开(公告)号:US11063957B2
公开(公告)日:2021-07-13
申请号:US15742930
申请日:2016-06-27
发明人: Uwe Blöcher , Rainer Falk , Jens Reinert , Martin Wimmer
摘要: Provided is a method for decoupled transmission of data between networks having different security requirements, in which, in a first network having high security requirements, first data from a first application are transmitted in a communication exclusively between components within the first network via multiple communication links, data being captured in the first network by at least one monitoring device per communication link in a decoupled manner and being transmitted to a second network having lower security requirements. Also, a corresponding arrangement is also provided.
-
公开(公告)号:US10594611B2
公开(公告)日:2020-03-17
申请号:US15026051
申请日:2014-08-12
发明人: Uwe Blöcher , Rainer Falk , David von Oheimb
IPC分类号: H04L12/803 , H04L12/24 , H04L12/26 , H04L12/841
摘要: There is a need for coupling, for example within an automation area, particularly critical subareas with less critical subareas of the automation area. The invention relates to a method and a network filtering device for filtering a data packet between a first network and a second network. According to the invention, a data packet is checked several times in parallel by means of a multiplier and a plurality of filtering devices.
-
公开(公告)号:US20160248679A1
公开(公告)日:2016-08-25
申请号:US15026051
申请日:2014-08-12
发明人: Uwe Blöcher , Rainer Falk , David von Oheimb
IPC分类号: H04L12/803 , H04L12/24 , H04L12/26 , H04L12/841
CPC分类号: H04L47/125 , H04L12/4625 , H04L41/0618 , H04L43/028 , H04L43/0882 , H04L43/12 , H04L47/28
摘要: There is a need for coupling, for example within an automation area, particularly critical subareas with less critical subareas of the automation area. The invention relates to a method and a network filtering device for filtering a data packet between a first network and a second network. According to the invention, a data packet is checked several times in parallel by means of a multiplier and a plurality of filtering devices.
摘要翻译: 需要耦合,例如在自动化区域内,特别是具有自动化区域的不太重要的子区域的关键子区域。 本发明涉及一种用于对第一网络和第二网络之间的数据分组进行过滤的方法和网络过滤装置。 根据本发明,通过乘法器和多个滤波装置并行地检查数据分组数次。
-
8.发明授权公开(公告)号:US11223657B2
公开(公告)日:2022-01-11
申请号:US15559524
申请日:2016-03-18
发明人: Uwe Blöcher , Rainer Falk , Jens Reinert , Wen Tang , Martin Wimmer
摘要: A one-way coupling device for the feedback-free transmission of data from the first network with high security requirements into a second network with low security requirements, containing a request unit, an eavesdropping unit and a receiving unit, wherein the request unit is formed so as to provide a first communication link within the first network to at least one device and, moreover, to request first data from the at least one device and then to transmit the first data via a second communication link on a separate line loop of the request unit, and the eavesdropping unit, which is formed so as to eavesdrop on data on the separate line loop and to transmit data to a receiving unit which is arranged in the second network. Also, a corresponding request unit, a corresponding method and a corresponding computer program product is also provided.
-
公开(公告)号:US10833965B2
公开(公告)日:2020-11-10
申请号:US15535184
申请日:2015-12-10
发明人: Uwe Blöcher , Rainer Falk , Martin Wimmer
摘要: A method and an apparatus for repercussion-free capture of data from at least one device is provided, which is arranged in a first network having a high security requirement, in a second network having a low security requirement, containing a requesting unit, which is arranged within the first network and is designed to request data from the at least one device in accordance with a request profile, a monitoring unit, which is arranged within the first network and is designed to monitor data that have been sent by the at least one device in response to the request and to transmit said data to an evaluation unit, an evaluation unit, which is arranged in the second network and is designed to compare the monitored data with the data expected on the basis of the request profile, and an alarm unit.
-
公开(公告)号:US10089206B2
公开(公告)日:2018-10-02
申请号:US14906383
申请日:2014-06-18
发明人: Uwe Blöcher , Jens-Uwe Bußer , Rainer Falk , Volker Fusenig
摘要: A device for monitoring a component has at least one processor core and a further processor core. The device further includes a determining unit configured to determine a profile of the processor core, the profile being influenced by an input signal applied to the processor core, and to determine a further profile of the further processor core, the further profile being influenced by a further input signal applied to the further processor core. The device further includes a comparison unit configured to compare the profile and the further profile and to generate a fault signal, if a comparison result of a comparison carried out by the comparison unit indicates defective similarity of the profile to the further profile.
-
-
-
-
-
-
-
-
-
搜索结果
11 条记录 (耗时 0.017 秒)
