METHOD AND ARRANGEMENT FOR THE SECURE TRANSMISSION OF A MESSAGE FROM A TRANSMITTER TO A RECEIVER

Abstract

A method transmits a message from a transmitter to a receiver. A telegram generated by the transmitter and contains the message and check data, is transferred to a transmitter-side access protection device. The transmitter-side access protection device modifies the telegram and then transmits it to a receiver-side access protection device. The transmitter-side access protection device modifies the telegram by encrypting the check data, which contains a security code formed with the message by the transmitter, using a secret key forming coded data. The message remains unencrypted in the telegram. The receiver-side access protection device processes the modified telegram and passes the processed telegram to the receiver. The receiver-side access protection device forms the processed telegram by decrypting the coded data, and the receiver verifies the processed telegram using the message contained therein and the check data contained therein and rejects the message if the check data does not correlate.

Claims

1-14. (canceled)

15. A method for transmitting a message from a transmitter to a receiver, which comprises: transferring a telegram generated by the transmitter to a transmitter-side access protection device, the telegram containing the message and check data formed with the message; modifying the telegram via the transmitter-side access protection device, the transmitter-side access protection device modifying the telegram by encrypting the check data as a whole or at least a part of the check data and the check data containing a security code formed with the message by the transmitter, the transmitter-side access protection device using a secret key for forming coded data, and in the telegram the coded data replaces the check data which has been encrypted by the coded data resulting in a modified telegram, wherein the message remains unencrypted in the modified telegram; transmitting the modified telegram over a connection being potentially insecure or a potentially vulnerable transmission medium, to a receiver-side access protection device; processing, via the receiver-side access protection device, the modified telegram and forwarding a processed telegram to the receiver, wherein the receiver-side access protection device forms the processed telegram by decrypting the coded data and replacing the coded data in the modified telegram with decrypted coded data; and verifying, via the receiver, the processed telegram on a basis of the message contained therein and the check data contained therein and rejecting the message if the check data does not correlate with the message.

16. The method according to claim 15, wherein: before an encryption of the check data or at least the part of the check data, the transmitter-side access protection device adds additional check data and also encrypts the additional check data using the secret key when forming the coded data; and the receiver-side access protection device decrypts the coded data) and after decrypting the coded data, verifies the additional check data contained therein for correctness and forwards the processed telegram to the receiver only if the additional check data indicates correct data transmission.

17. The method according to claim 15, wherein: before or after the encrypting of the check data or at least the part of the check data, the transmitter-side access protection device generates further check data, namely by encrypting part of the telegram being an unmodified telegram of the transmitter using a further secret key, and transmits the further check data as part of the modified telegram to the receiver-side access protection device; and the receiver-side access protection device verifies the further check data for correctness and forwards the processed telegram to the receiver only if the further check data indicates correct data transmission.

18. The method according to claim 15, wherein before or after encrypting the check data or at least the part of the check data, the transmitter-side access protection device generates further check data, namely by encrypting an entire unmodified telegram of the transmitter using a further secret key, and transmits the further check data as part of the modified telegram to the receiver-side access protection device and the receiver-side access protection device verifies the further check data for correctness and forwards the processed telegram to the receiver only if the further check data indicates correct data transmission.

19. The method according to claim 15, wherein: before encrypting the check data or at least a part of the check data, the transmitter-side access protection device adds additional check data and also encrypts the additional check data using the secret key when forming the coded data; before or after forming the coded data, the transmitter-side access protection device generates further check data, namely by encrypting part of the telegram being an unmodified telegram of the transmitter using a further secret key, and transmits the further check data as part of the modified telegram to the receiver-side access protection device; the receiver-side access protection device verifies the further check data for correctness; and the receiver-side access protection device decrypts the coded data and verifies the additional check data for correctness and the receiver-side access protection device forwards the processed telegram to the receiver only if both the further check data and the additional check data indicate correct data transmission.

20. The method according to claim 15, wherein: before encrypting the check data or at least the part of the check data, the transmitter-side access protection device adds additional check data and also encrypts the additional check data using the secret key when forming the coded data; before or after forming the coded data the transmitter-side access protection device generates further check data, namely by encrypting an entire unmodified telegram of the transmitter using a further secret key, and forwards the further check data as part of the modified telegram to the receiver-side access protection device; the receiver-side access protection device verifies the further check data for correctness; and the receiver-side access protection device decrypts the coded data) and verifies the additional check data for correctness and the receiver-side access protection device forwards the processed telegram to the receiver only if both the further check data and the additional check data indicate correct data transmission.

21. The method according to claim 15, wherein the transmitter forms the security code such that a change in the message contained in the telegram can be identified on a receiver side by evaluating the security code.

22. The method according to claim 15, wherein in addition to the security code, the check data generated by the transmitter contains at least one of the following items of message-independent information: a sequence number of the telegram; a timestamp of the telegram; an identifier of the transmitter; and an identifier of the receiver.

23. The method according to claim 15, wherein the transmitter and the receiver each have a safety level of at least 1 in accordance with safety standards EN 50129 and/or EN 50159.

24. The method according to claim 15, wherein the data connection between the transmitter and the transmitter-side access protection device is access-protected and is considered safe and the data connection between the receiver and the receiver-side access protection device is access-protected and is considered safe.

25. The method according to claim 15, wherein there is no logical connection between the transmitter and the transmitter-side access protection device and the transmitter-side access protection device is only suitable for receiving telegrams from the transmitter, modifying the telegrams and outputting modified telegrams.

26. The method according to claim 15, wherein there is no logical connection between the receiver and the receiver-side access protection device and the receiver-side access protection device is only suitable for processing received telegrams and outputting processed telegrams.

27. The method according to claim 15, which further comprises: transmitting the message by one vehicle-side or track-side device of a railway signaling system to another vehicle-side or track-side device of a railway signaling system; and accommodating the transmitter and the transmitter-side access protection device as well as the receiver and the receiver-side access protection device in the vehicle-side or track-side device.

28. A configuration, comprising: a transmitter-side access protection device; a receiver-side access protection device; a receiver; a transmitter configured to transmit a telegram generated by said transmitter to said transmitter-side access protection device, the telegram containing a message and check data is formed with the message; said transmitter-side access protection device configured to modify the telegram by encrypting all the check data or at least a part of the check data which contains a security code formed by said transmitter with the message, using a secret key for forming coded data and, in the telegram, replacing the check data which has been encrypted with the coded data, wherein the message remains unencrypted in the telegram; said transmitter-side access protection device is furthermore configured to then transmit a modified telegram over a connection being a potentially insecure or potentially vulnerable transmission medium, to said receiver-side access protection device; said receiver-side access protection device configured to process the modified telegram by decrypting the coded data and replacing the coded data in the modified telegram with the decrypted coded data resulting in a processed telegram, and forwarding the processed telegram to said receiver; and said receiver is configured to check the processed telegram using the message contained therein and the check data contained therein and to reject the message if the check data does not correlate with the message.

Description

[0025] The invention is described in more detail hereinafter with reference to exemplary embodiments. FIGS. 1 to 6 show by way of example exemplary embodiments for various arrangements according to the invention on the basis of which exemplary embodiments of the method according to the invention are described. Specifically, by way of example:

[0026] FIG. 1 shows an exemplary embodiment of an arrangement in which a transmitter-side access protection device encrypts the entire check data,

[0027] FIG. 2 shows an exemplary embodiment of an arrangement in which a transmitter-side access protection device only encrypts the security code in the check data of the telegram of the transmitter,

[0028] FIG. 3 shows an exemplary embodiment of an arrangement in which a transmitter-side access protection device encrypts the security code and a further part of the check data of the telegram of the transmitter,

[0029] FIG. 4 shows an exemplary embodiment of an arrangement in which a transmitter-side access protection device encrypts the security code, a further part of the check data in the telegram of the transmitter and also added additional check data using a key,

[0030] FIG. 5 shows an exemplary embodiment of an arrangement in which a transmitter-side access protection device encrypts the security code and a further part of the check data in the telegram of the transmitter with a first key forming coded data and even forms and adds further check data using a second key, and

[0031] FIG. 6 shows an exemplary embodiment of an arrangement in which a transmitter-side access protection device encrypts the security code, a further part of the check data in the telegram of the transmitter and also added additional check data using a first key and forms and adds further check data using a second key.

[0032] In the figures, for the sake of clarity the same reference characters are always used for identical or comparable components.

[0033] FIG. 1 shows an arrangement with a transmitter side 10, having a transmitter 11 and a transmitter-side access protection device 12. Furthermore, the arrangement comprises a receiver side 20, having a receiver 21 and a receiver-side access protection device 22.

[0034] Hereinafter, it is assumed by way of example that the connection 13 between the transmitter 11 and the transmitter-side access protection device 21 is secure or, at least with regard to manipulations, more secure than the connection 30 between the transmitter side 10 and the receiver side 20. It is also assumed by way of example that the connection 23 between the receiver-side access protection device 22 and the receiver 21 is secure or, at least with regard to manipulations, more secure than the connection 30 between the transmitter side 10 and the receiver side 20. The connection 30 can be formed by a potentially insecure or potentially vulnerable transmission medium, for example by a data network such as, for example the Internet.

[0035] The arrangement according to FIG. 1, for the transmission of a message N from the transmitter 11 to the receiver 21, for example, is operated as follows:

[0036] The transmitter 11 generates a telegram T which contains the message N and the check data P formed with the message. The check data P can, for example, contain test values and/or hash values, as is generally known, for example, from the aforementioned publications DE 10 2016 205 126 A1 and DE 100 11 887 A1 or the safety standards EN 50129 and EN 50159.

[0037] The check data P generated by the transmitter preferably contains a security code which makes it possible on the receiver side for a change in the message N contained in the telegram T to be detected by evaluating the security code. Furthermore, the check data P preferably contains a sequence number of the telegram T, a timestamp of the telegram T, an identifier of the transmitter 11 and an identifier of the receiver 21.

[0038] The telegram T is transmitted by the transmitter 11 to the transmitter-side access protection device 12. The transmitter-side access protection device 12 modifies the telegram T to form a modified telegram T by encrypting the check data P as a whole using a secret key forming coded data P and replacing the check data P in the telegram T with the coded data P.

[0039] Then the transmitter-side access protection device 12 transmits the modified telegram T over the connection 30 to the receiver-side access protection device 22. The receiver-side access protection device 22 processes the modified telegram T. As part of processing, it decrypts the coded data P using a, for example public, key complementary to the secret key of the transmitter-side access protection device 12 and forms a processed telegram T by replacing the coded data P with the decrypted coded data.

[0040] If the transmission of the telegram T over the connection 30 was uninterrupted, the decoded or decrypted coded data correspond to the original check data P in the telegram T of the transmitter 11; this is assumed by way of example in the illustration in FIG. 1.

[0041] Then the receiver-side access protection device 22 forwards the processed telegram T to the receiver 21. The receiver 21 verifies the processed telegram T using the message N contained therein and the check data P contained therein and rejects the message N if the check data P does not correlate with the message N. If the message N and the check data P correlate or match in terms of content, the message N is evaluated.

[0042] The receiver 21 can check the processed telegram T, for example, by forming its own check data with the message N and comparing this with the check data P contained in the processed telegram T: if the self-formed check data corresponds to the check data P contained in the processed telegram T, the message is evaluated, otherwise it is rejected.

[0043] FIG. 2 shows an arrangement in which the transmitter-side access protection device 12 forms the modified T by encrypting from the check data only one security code SC contained therein using the secret key forming coded data SC and in the telegram T replacing the security code SC with the coded data SC. The remaining check data U remains unchanged.

[0044] The receiver-side access protection device 22 decrypts the coded data SC, determines the security code SC and generates the processed telegram T which is transmitted to the receiver 21; in this regard, the above statements apply accordingly in connection with FIG. 1.

[0045] FIG. 3 shows an arrangement in which the transmitter-side access protection device 12 forms the modified T by encrypting from the check data the security code SC and a part Y without security code using the secret key forming coded data (Y,SC), and in the telegram T replacing the latter with the coded data (Y,SC). The other part X of the check data remains unencrypted.

[0046] The receiver-side access protection device 22 decrypts the coded data (Y,SC), determines the security code SC and the part Y of the check data P and generates the processed telegram T, which is transmitted to the receiver 21; in this regard, the above statements apply accordingly in connection with FIG. 1.

[0047] FIG. 4 shows an arrangement in which the transmitter-side access protection device 12 forms the modified telegram T by adding additional check data Pz before encrypting the part Y of the check data P and the security code SC and also encrypting this additional check data Pz using the secret key when forming the coded data (Y,SC,Pz).

[0048] The additional check data Pz can, for example, contain one or more hash values over the entire telegram T or parts of the telegram T.

[0049] The receiver-side access protection device 22 decrypts the coded data (Y,SC,Pz). After decryption of the coded data, it verifies the additional check data Pz contained therein for correctness and then forwards the processed telegram T to the receiver 21 only if the additional check data Pz indicates correct data transmission.

[0050] FIG. 5 shows an arrangement in which the transmitter-side access protection device 12 forms the modified T by generating further check data N before or after (based on a first key) encryption of the check data P or a part of the check data P, in other words, before or after the formation of the coded data P (see FIG. 1), SC (see FIG. 2) oras shown by way of example in FIG. 5(Y,SC) (see FIG. 3), namely by encrypting the entire unmodified telegram T or a part of the unmodified telegram T, for example, by encrypting the message N in the telegram T, with a further (in other words, a second) secret key which is preferably different from the first key.

[0051] The further check data N can, for example, contain one or more hash values over the entire telegram T or parts of the telegram T. The further check data N can, for example, contain MAC (Message Authentication Code) values.

[0052] The receiver-side access protection device 22 verifies the further check data N for correctness. Checking for correctness can be performed, for example, by the receiver-side access protection device 22in a manner analogous to the transmitter-side access protection device 12 or, for example, in the same mannerforming its own further check data N with the decrypted telegram T or the corresponding parts of the decrypted telegram T. Then the receiver-side access protection device 22 compares its own further check data N with the received further check data N. If the self-formed further check data N corresponds to the received further check data N, it is concluded that the transmission is correct. The processed telegram T is then forwarded to the receiver 21 only if the further check data N indicates correct data transmission.

[0053] FIG. 6 shows an arrangement in which the transmitter-side access protection device 12 forms the modified telegram T by performing the steps both according to the embodiment variant according to FIG. 4 and according to the embodiment variant according to FIG. 5. Accordingly, before encrypting the check data P or at least a part of the check data P, the transmitter-side access protection device 12 adds additional check data Pz and encrypts this additional check data Pz when forming the coded data (Y,SC,PZ) with a first secret key.

[0054] Before or after forming the coded data (Y,SC,PZ), the transmitter-side access protection device 12 generates further check data N, namely by encrypting part of the unmodified telegram T of the transmitter or the entire unmodified telegram T of the transmitter with a further (second) secret key. The further check data N is transmitted as part of the modified telegram T to the receiver-side access protection device 22. The second secret key is preferably different from the first secret key with which the coded data (Y,SC,PZ) is formed.

[0055] The receiver-side access protection device 22 decrypts the further check data N and the coded data (Y,SC,Pz) and verifies the further check data N and the additional check data Pz for correctness.

[0056] The receiver-side access protection device 22 then forwards the processed or decrypted telegram T to the receiver 21 only if both the decrypted further check data N and the additional check data Pz indicate correct data transmission.

[0057] With a view to secure message transmission, it is regarded as advantageous if in the case of the exemplary embodiments according to FIGS. 1 to 6, the transmitter and the receiver each has a safety level of at least 1 in accordance with the safety standards EN 50129 and/or EN 50159.

[0058] The arrangements according to FIGS. 1 to 6 can be used advantageously to transmit messages from one vehicle-side or track-side device of a railway signaling system to another vehicle-side or track-side device of the railway signaling system. In this case, it is advantageous if the transmitter 11 and the transmitter-side access protection device 12 as well as the receiver 21 and the receiver-side access protection device 22 are accommodated in the vehicle-side or track-side devices.

[0059] Although the invention was illustrated and described in more detail by preferred exemplary embodiments, the invention is not limited by the disclosed examples and other variations can be derived therefrom by a person skilled in the art without departing from the scope of the invention.

METHOD AND ARRANGEMENT FOR THE SECURE TRANSMISSION OF A MESSAGE FROM A TRANSMITTER TO A RECEIVER

Inventors

Cpc classification

Classification Explorer

H04L9/304

ELECTRICITY

Classification Explorer

H04L2209/72

ELECTRICITY

Classification Explorer

H04L2209/84

ELECTRICITY

Classification Explorer

H04L9/0825

ELECTRICITY

Classification Explorer

H04L9/3242

ELECTRICITY

Classification Explorer

H04L2209/34

ELECTRICITY

International classification

Classification Explorer

H04L9/08

ELECTRICITY

Classification Explorer

H04L9/30

ELECTRICITY

Classification Explorer

H04L9/32

ELECTRICITY

Abstract

Claims

Description