公开(公告)号：US20240111268A1

公开(公告)日：2024-04-04

申请号：US18478527

申请日：2023-09-29

Applicant: Rainer Falk ,  Stefan Becker ,  Christian Peter Feist ,  Klaus-Peter Hofmann

Inventor： Rainer Falk ,  Stefan Becker ,  Christian Peter Feist ,  Klaus-Peter Hofmann

IPC: G05B19/4155

CPC classification number: G05B19/4155 ,  G05B2219/31368

Abstract: A system, template, and method of managing virtual control units in an industrial automation facility are provided. The industrial automation facility includes machines. The method includes generating templates including deployment criteria for the virtual control units. Each of the virtual control units is capable of controlling at least one of the machines. The virtual control units are mapped to one or more compute nodes based on the deployment criteria. The virtual control units are instantiated on the mapped compute nodes when the controlled machines are in operation. The method includes validating that the instantiation of the virtual control units is in accordance with the templates using an attestation that confirms determined deployment parameters after deployment of the virtual control units. The machines perform the industrial process, according to control commands received from at least one of the virtual control units, when the virtual control units are validly instantiated.

公开(公告)号：US10528484B2

公开(公告)日：2020-01-07

申请号：US13979731

申请日：2011-12-15

Applicant: Rainer Falk ,  Steffen Fries

Inventor： Rainer Falk ,  Steffen Fries

IPC: G06F11/30 ,  G06F12/14

Abstract: A device for protecting a security module from manipulation attempts in a field device. A control device is configured to control the field device, a security module is configured to provide cryptographic key data which is to be used by the control device, and an interface device is connected to the control device. The security module is configured to allow the control device access to the cryptographic key data in the security module and to prevent access to the cryptographic key data in the event of a manipulation attempt on the field device.

公开(公告)号：US10431032B2

公开(公告)日：2019-10-01

申请号：US13823341

申请日：2011-08-17

Applicant: Rainer Falk

Inventor： Rainer Falk

IPC: G07C11/00 ,  H04Q9/00

Abstract: In order to monitor the number of plug cycles of a plug, such as a plug of a charging cable for an electric car, a plug cycle counter associated with the plug is counted up in an electronic memory after every plug cycle. A warning can thus be issued when a permitted quantity of plug cycles for the plug has been exceeded. Alternatively, the electrical connection at a charging station for an electric car or at a data cable for an automation system can also be cut off if the service life of the plug has been exceeded. High availability of the plug is thereby achieved, because the corresponding cable can be replaced in a timely manner. A hazard to persons due to defective current-carrying parts is also prevented.

公开(公告)号：US09806883B2

公开(公告)日：2017-10-31

申请号：US14576458

申请日：2014-12-19

Applicant: Rainer Falk

Inventor： Rainer Falk

IPC: H04L9/08 ,  H04L9/14 ,  G09C1/00

CPC classification number: H04L9/0816 ,  G09C1/00 ,  H04L9/0866 ,  H04L9/14 ,  H04L2209/24

Abstract: The embodiments relate to a method and a digital circuit area for securely providing a key using a request unit and a provision unit. In this case, a key is derived from parameters, at least one of which is used for the key derivation in a non-predefinable manner by the request unit. In this case, the key derivation is carried out in a digital circuit area in which the request unit and the provision unit are implemented.

公开(公告)号：US09628278B2

公开(公告)日：2017-04-18

申请号：US13583970

申请日：2011-02-14

Applicant: Rainer Falk ,  Steffen Fries

Inventor： Rainer Falk ,  Steffen Fries

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L9/3236 ,  H04L9/3271 ,  H04L63/0442 ,  H04L63/123

Abstract: A method transmits a signal using a unidirectional communications link, which is protected by an asymmetric cryptography method. A counter value is incremented by a transmitter during a transmission operation. Subsequently, a challenge is determined by the transmitter on the basis of the counter value and a control command that can be executed by a receiver and, on the basis of the challenge that is determined a response is in turn determined. The challenge and the response are transmitted from the transmitter to the receiver. The challenge received is then checked by the receiver to see whether the counter value used in the challenge is greater than a counter value previously stored by the transmitting transmitter. The response received is checked on the basis of the challenge. Following successful checking of the challenge and response, the control command transmitted in the challenge is executed.

公开(公告)号：US09147088B2

公开(公告)日：2015-09-29

申请号：US14112534

申请日：2012-04-11

Applicant: Rainer Falk ,  Steffen Fries

Inventor： Rainer Falk ,  Steffen Fries

IPC: G06F21/86 ,  G05B19/042

CPC classification number: G06F21/86 ,  G05B19/0425 ,  G05B2219/37038

Abstract: The embodiments relate to tamper protection of a field device. The method includes: checking whether manipulation of the field device has taken place; outputting a non-manipulation certificate in case a negative inspection result is determined; transferring the non-manipulation certificate; a registration device checking the non-manipulation certificate; determining an active status of the field device in case the non-manipulation certificate is valid; checking the field device by querying the status of the field device; transferring field device data to the monitoring device; and accepting the field device data if the field device has an active status. The invention further relates to a monitoring system for a field device and a use.

Abstract translation: 实施例涉及现场设备的防篡改。 该方法包括：检查现场设备的操作是否发生; 在确定负检查结果的情况下输出非操作证书; 转移非操作证书; 检查非操作证书的注册设备; 在非操作证书有效的情况下确定现场设备的活动状态; 通过查询现场设备的状态来检查现场设备; 将现场设备数据传送到监控设备; 并且如果现场设备具有活动状态，则接受现场设备数据。 本发明还涉及现场设备的监视系统和用途。

公开(公告)号：US09143935B2

公开(公告)日：2015-09-22

申请号：US12086621

申请日：2006-12-06

Applicant: Rainer Falk ,  Christian Günther ,  Dirk Kröselberg

Inventor： Rainer Falk ,  Christian Günther ,  Dirk Kröselberg

IPC: G06F15/173 ,  H04W12/06 ,  H04L29/06 ,  H04W84/12

CPC classification number: H04W12/06 ,  H04L63/08 ,  H04L63/1466 ,  H04W12/10 ,  H04W84/12

Abstract: A counter status that is allocated to a communication terminal and a base station is usually deleted when the storage space in the respective base station is used up. To address this, the counter status is saved in an additional communication network element when a predefinable criterion is met, and can thus be retrieved.

Abstract translation: 当各基站的存储空间用尽时，分配给通信终端和基站的计数器状态通常被删除。 为了解决这个问题，当满足预定义的标准时，计数器状态被保存在附加的通信网络元件中，并且因此可以被检索。

公开(公告)号：US09131372B2

公开(公告)日：2015-09-08

申请号：US12525456

申请日：2008-01-25

Applicant: Rainer Falk ,  Florian Kohlmayer

Inventor： Rainer Falk ,  Florian Kohlmayer

IPC: H04L29/06 ,  H04W12/06 ,  H04W84/22

CPC classification number: H04W12/08 ,  H04L61/6022 ,  H04L63/062 ,  H04L63/0876 ,  H04L63/10 ,  H04W12/06 ,  H04W24/08 ,  H04W76/10 ,  H04W84/18 ,  H04W84/22

Abstract: The invention relates to a method for providing a wireless local network, wherein stationary communication devices and mobile communication devices are connected in the manner of a mesh as the sub-network, which is particularly connected to an infrastructure network and configured such that it can exchange authentication messages with at least one communication device, which is particularly disposed in the infrastructure network and provides an authentication function. During an attempt to establish a first link by a first communication device connected to a communication device providing the authentication function to a second communication device connected to the communication device providing the authentication function, an authenticator role to be assigned as part of an authentication process is associated with the first and second communication devices, wherein at least one property correlating with the connection is analyzed for meeting a criterion. The invention further relates to an arrangement comprising means for carrying out the method.

Abstract translation: 本发明涉及一种用于提供无线局域网的方法，其中固定通信设备和移动通信设备以网格的方式连接为子网，该子网特别地连接到基础设施网络并且被配置为使得其可以交换 具有至少一个通信设备的认证消息，其特别地设置在基础设施网络中并提供认证功能。 在通过连接到提供认证功能的通信设备的第一通信设备建立到连接到提供认证功能的通信设备的第二通信设备的尝试中，作为认证过程的一部分被分配的认证者角色是 与第一和第二通信设备相关联，其中分析与连接相关联的至少一个属性以满足标准。 本发明还涉及包括用于执行该方法的装置的装置。

公开(公告)号：US20150149779A1

公开(公告)日：2015-05-28

申请号：US14403907

申请日：2013-04-24

Applicant: Rainer Falk ,  Steffen Fries

Inventor： Rainer Falk ,  Steffen Fries

IPC: H04L9/08 ,  H04L9/32

CPC classification number: H04L9/0847 ,  H04L9/0866 ,  H04L9/3247

Abstract: The embodiments relate to methods and apparatuses for producing secure transmission of a message. The methods are based on production of a basic key that is used for producing respective transmitter keys for a plurality of transmitters. For the ascertainment of the receiver keys by respective receivers, the basic key is transmitted to the receivers, which for their part are able to ascertain a receiver key for checking the integrity of the message from a respective transmitter on the basis of the basic key and an identifier for the transmitter. The receiver ascertains a cryptographic checksum, which, in the course of the integrity check, is compared with a cryptographic checksum that has been produced by the transmitter and sent along by the respective message. The embodiments may be used within the context of automation and sensor networks.

Abstract translation: 实施例涉及用于产生消息的安全传输的方法和装置。 该方法基于用于产生用于多个发射机的相应发射机密钥的基本密钥的生成。 为了确定相应接收机的接收机密钥，基本密钥被发送到接收机，接收机能够基于基本密钥确定用于从相应发射机检查消息的完整性的接收机密钥，以及 发射机的标识符。 接收机确定加密校验和，其在完整性检查过程中与由发送器产生并由相应消息一起发送的加密校验和进行比较。 实施例可以在自动化和传感器网络的上下文中使用。

公开(公告)号：US08909927B2

公开(公告)日：2014-12-09

申请号：US12291490

申请日：2008-11-10

Applicant: Rainer Falk ,  Florian Kohlmayer

Inventor： Rainer Falk ,  Florian Kohlmayer

IPC: H04L29/06 ,  H04L9/32 ,  G08G1/0962 ,  G08G1/0967 ,  H04L12/58 ,  H04W12/10 ,  G08G1/09 ,  H04L9/00 ,  H04M3/533 ,  G06F15/16

CPC classification number: H04L63/123 ,  G06F15/16 ,  G08G1/093 ,  G08G1/0962 ,  G08G1/096716 ,  G08G1/09675 ,  G08G1/096791 ,  H04L9/00 ,  H04L9/32 ,  H04L29/06 ,  H04L51/26 ,  H04L51/38 ,  H04M3/5335 ,  H04W12/10

Abstract: A message processing device for processing messages has at least one reception buffer, a message includes at least one authentication element and one message content. The message is received and stored in the reception buffer. A characteristic variable of a priority for security checking of the message is determined as a function of the message content. A processing sequence for further message processing for the security checking, taking into account the at least one authentication element of the messages in the reception buffer is defined and carried out as a function of the characteristic variable.

Abstract translation: 用于处理消息的消息处理设备具有至少一个接收缓冲器，消息包括至少一个认证元件和一个消息内容。 该消息被接收并存储在接收缓冲器中。 作为消息内容的函数确定消息的安全检查的优先级的特征变量。 考虑到接收缓冲器中的消息的至少一个认证元素的安全检查的进一步消息处理的处理顺序被定义并作为特征变量的函数来执行。