• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    Communication module (1) for data transmission between at least one hardware component (2), which is integrated into an internal network (3) of a technical system (4), and a backend computer system (5), which is connected to a packet-switched data network (6) . The communication module (1) has a gateway (7) close to the device and a gateway (8) close to the network, which are connected to one another via a point-to-point connection (9) which is free of intermediate stations. The network-close gateway (8) provides a data transmission interface between the packet-switched data network (6) and the point-to-point connection (9) and the device-close gateway (7) provides a data transmission interface between the point-to-point connection (9 ) and the internal network (3).
    公开号:AT521914A1
    申请号:T51106/2018
    申请日:2018-12-13
    公开日:2020-06-15
    发明作者:Ing Ing Andreas Aldrian Dipl;Wolf Christoph;Ma Zhendong;Maier Patrik;Sprung Samuel
    申请人:Avl List Gmbh;
    IPC主号:
    专利说明:

    15
    20
    25th
    30th
    35
    AV-4053 AT
    Communication module
    The invention relates to a communication module for data transmission between at least one hardware component, which is integrated in an internal network of a technical system, and a back-end computer system, which is connected to a packet-switched data network. The invention also relates to a technical system
    such a communication module and methods executable with such systems.
    Due to the advances in the development of "intelligent" hardware systems and their use in technical systems in both industrial, professional and private environments, securing data against unauthorized access and manipulation has become significantly more important. One of the reasons for this is that data manipulation, such as a hacker attack on embedded hardware systems, has an immediate impact on the behavior of these systems and can not only impair the integrity and function of these systems, but even a danger to the life and limb of the user can represent. Examples include steering or braking systems in autonomous, semi-autonomous and conventional vehicles, control devices for aircraft or switchgear in infrastructure, such as for power supply. Malicious manipulation of the functions of such systems can pose a danger not only to individuals, but also to the general public
    going out.
    In addition, many hardware systems generate numerous data from which, for example, information about the behavior, the location, or even the health status of users can be evaluated (for example, data from fitness trackers or the like). Examples of such data also include telemetry data from (autonomous) vehicles, sensor and control data from industrial plants, research data from which information about research projects of competing companies or institutions can be derived, communication data, etc. For all such data there is a legitimate interest of Owner that this data
    cannot be viewed or used by third parties without authorization.
    Technical systems, such as a (possibly autonomous) vehicle, a machine or machine arrangement in an industrial environment, a transport device, a test or measuring device, such as a (engine) test bench or technical monitoring devices usually contain a large number of hardware components which are used for an internal network (or possibly several internal networks) communicate with each other in order to accomplish the task placed on the technical system. The hardware components usually include sensors and actuators,
    through which the technical system interacts with the (real) environment.
    2135 "
    15
    20
    25th
    30th
    35
    AV-4053 AT
    So that such complex tasks can be implemented by the hardware components, they are each equipped with their own (micro) processors and memory units that perform the functions of the hardware component according to a program logic
    Taxes.
    An essential part of this program logic is usually stored in a non-volatile memory, for example a flash memory, so that it is available every time the hardware component is started or initialized. This part is commonly referred to as "firmware". The firmware remains unchanged during the operation of the hardware, however changes are possible, for example if an old version of the firmware is replaced by a new version. The new version is usually provided by the manufacturer of the hardware component from a back-end computer system via a packet-switched data network, in particular the Internet. The firmware can be updated either as a result of user intervention, it can be triggered by the hardware component or by another component of the technical system, or it can be triggered by the back-end computer system. One attack strategy is to exchange the firmware for a corrupted version during transmission over the Internet (or another packet-switched data network) and thereby (remote) access to the functionality of the hardware component. With an unencrypted transmission, this is possible for technically savvy perpetrators with relatively little effort, but even with an encrypted transmission, an attack can be successful, for example in the form of a man-in-the-middle attack or by using one of the transmission components via which the Encryption or decryption
    done, is hacked.
    Another security aspect relates to the transmission of data generated by a hardware component to the back-end computer system. Such data can be, for example, telemetry or sensor data, which are transmitted to the back-end computing system, for example, for maintenance or monitoring purposes. On the one hand, this transmission should be secure against eavesdropping for data security reasons; on the other hand, it must also be possible to prevent manipulation of the data. A targeted manipulation of the data would make it possible, for example, to pretend the wrong end situation to the backend computing system, for example by
    trigger a (wrong) reaction or false alarm.
    It is the object of the present invention to provide devices and methods with which the transmission of data between hardware components, which are embedded in technical systems, and a back-end computer system, which is connected to the Internet or another packet-switched data network, can be manipulated and
    bug-proof can be carried out.
    3135 ”
    15
    20
    25th
    30th
    35
    AV-4053 AT
    These and other tasks are achieved according to the invention by a communication module of the type mentioned at the outset, which has a gateway close to the device and a gateway close to the network, which are connected to one another via a point-to-point connection free of intermediate stations, the gateway close to the network providing a data transmission interface between the packet-switched data network and provides the point-to-point connection, and wherein the near-device gateway provides a data transmission interface between the point-to-point connection and the internal network. The point-to-point connection represents a non-redirectable “bottleneck” that prevents an attack coming from the packet-switched data network. Communication between the gateway close to the device and the gateway close to the network is strictly defined and it is not possible to "break out" of it. Since the point-to-point connection, which is free of intermediate stations, does not allow routing, it is not possible for an attacker to address any components by rerouting the communication. Even if an attacker was able to bypass or switch off the security functions of the network-related gateway, he still cannot access the internal network or the
    Hardware component received.
    Advantageously, the gateway near the device can have a gateway security module and / or the gateway near the network can have a gateway security module. Such gateway security modules allow complex implementation
    Encryption and signature procedures in a hardware-related manner.
    In a preferred embodiment, at least one gateway security module can have a card interface for a processor chip card. This facilitates the serial production of the gateways, since the specific security features (in particular the definition and / or generation of the cryptographic keys, the selection and definition of the security protocols, etc.) can be defined in the processor chip card in accordance with a cryptographic system. The processor chip card can be purchased from third party manufacturers specializing in this technical field, which is the development of the gateways
    facilitated.
    The invention further relates to a technical system with a corresponding communication module, the technical system further comprising at least one hardware component and at least one internal network. According to the invention, very complex technical systems, for example (autonomous) vehicles, industrial plants, transport devices, test benches or measuring devices, can be counteracted
    Secure data manipulation and data espionage.
    In an advantageous embodiment, the hardware component can be a
    Security controller with an integrated crypto processor, a non-volatile memory
    4135 ”
    15
    20
    25th
    30th
    35
    AV-4053 AT
    and have volatile memory. On the one hand, this enables (additional) end-to-end encryption of the data transmitted between a back-end computer system or another authorized data sender or data receiver and the hardware component (or vice versa); on the other hand, authenticity can be achieved using digital signatures and integrity of the data can be checked and ensured both by the hardware component itself and by the back-end computer system. By installing a security controller in the hardware component, the data can, for example, be encrypted in such a way that not even the manufacturer of the communication module or the back-end computer system could decrypt the data. For example, the data can be encrypted for an authorized data recipient (such as the owner of the technical system or another authorized person) who retrieves the encrypted data from the back-end computer system and then decrypts it
    can.
    In a further advantageous embodiment of the invention, the technical system can be an autonomous, semi-autonomous or conventional vehicle according to one of the autonomy levels 0 to 5. The classification of the autonomy levels refers to the standard SAE J3016, which is commonly used in this area and is published by SAE International in the version applicable at the time of the oldest filing date of the patent family in question. Particularly in vehicles with higher levels of autonomy, data manipulation can have devastating consequences, so that in this
    Area there is a special need for high-quality security solutions.
    The technical system can advantageously be a machine arrangement controlled by an automation system, in particular a test bench. In numerous industrial applications that are controlled by automation systems, different hardware components are used, which have sensors and actuators. According to the invention, these hardware components can be “remotely maintained”, on the one hand the firmware or other application software and, for example, parameter data can be updated from a back-end computer system. On the other hand, data can also be transmitted from the hardware component to the back-end computing system, such as telemetry data with which, for example
    Malfunctions or maintenance requirements can be identified.
    The invention further relates to a method for transmitting device data of a hardware component, which is integrated into an internal network of a technical system, to a back-end computer system, which is connected to a packet-switched data network
    is connected, the process being characterized by the following steps:
    51357
    15
    20
    25th
    30th
    35
    AV-4053 AT
    - Transmission of the device data from the hardware component via the internal network
    the gateway close to the device,
    - Transmission of the device data from the gateway near the device via the point-to-
    Point connection to the network-related gateway,
    the device data in from the device-near gateway or the network-close gateway
    an encrypted instance of the device data is converted, and
    - Transmission of the encrypted instance of the device data from the network-related
    Gateway via the packet-switched data network to the back-end computer system.
    Device data can be any data that are measured or created by the hardware component or that can be stored in a device memory of the hardware component. The term “device data” encompasses both the unencrypted device data and device data which are present in encrypted form and which are also referred to herein as the “encrypted instance” of the device data. “Encrypted instance” of the device data is thus data from which the unencrypted device data can be calculated using the respective cryptographic key and the corresponding cryptographic method. If necessary, the device data can be encrypted several times overlapping. For example, the hardware component can encrypt the device data in accordance with its own encryption protocol, which may be completely separate and independent of the functionality of the communication module. In this case, the device data are already transmitted as an encrypted instance to the gateway of the communication module near the device. The
    Communication module then creates another encrypted instance of this device data.
    The method can advantageously have the following steps: creating an encrypted instance of the device data using a public key of a recipient of the data, in particular the back-end computer system, by the device-near gateway, preferably using the gateway security module of the device-close gateway, or through the network-close gateway, preferably using the gateway security module of the network-close gateway. The encryption can be carried out either by the hardware component, by the gateway close to the device or by the gateway close to the network, the security being higher the fewer transmission steps that have to be carried out unencrypted. If necessary, additional encryption and decryption steps can also be provided, for example the transmission between the gateway close to the device and the gateway close to the network can be protected via the point-to-point connection by additional encryption, which is between the gateway close to the device and the gateway
    network-related gateway (or between the hardware component and the
    6135 ”
    15
    20
    25th
    30th
    35
    AV-4053 AT
    network-related gateway) is established. This can be particularly advantageous if the device data is only transmitted from the gateway close to the network using the
    public key of the backend computing system are encrypted.
    The terms "public key" and "private key" in a known manner designate key pairs according to asymmetric cryptosystems (both in connection with
    Encryption / decryption, as well as in connection with digital signatures).
    In an advantageous embodiment, the step of transmitting the encrypted instance via the packet-switched data network can include transmitting the encrypted instance to a broker, and is carried out in accordance with a protocol that works purely via push mechanisms. This means that the gateway close to the network can be additionally protected against hacker attacks, since all inbound traffic (i.e. data transmission initiated "from outside" via open ports) is prevented with such protocols
    can.
    Advantageously, the gateway close to the network can encrypt the encrypted instance of the device data before transmission via the packet-switched data network in accordance with a network encryption protocol, whereby proven protocols can be used. This blocks the data with an additional security layer against unauthorized access. This encryption can be done by the gateway security module
    network-related gateways.
    According to a further advantageous embodiment, the encrypted instance of the device data can contain test data which allow the back-end computing system and / or another authorized data receiver to check the integrity and / or authenticity of the device data. Such test data can, for example, use checksums (hashes) and digital signatures in a manner known per se, these data possibly
    can be encrypted together with the device data in a data envelope.
    In a further aspect, the invention relates to a method for storing update data in a device memory of a hardware component, which is integrated into an internal network of a technical system, the update data for the hardware component being provided by a back-end computer system and
    the method comprising the following steps:
    - Receiving an encrypted instance of the update data by the network-close gateway via the packet-switched data network from the back-end
    Computer system,
    - Transmission of the update data from the network-related gateway via the
    Point-to-point connection to the gateway close to the device,
    71357
    15
    20
    25th
    30th
    35
    AV-4053 AT
    Transmission of the update data to the hardware component via the internal network,
    the encrypted instance of the update data from the device-near
    Gateway or the network-related gateway is decrypted, and
    - Saving the update data in the device memory of the
    Hardware component.
    As a result, update data, for example current firmware or parameter data, can be transmitted in a secure manner from the back-end computer system to the hardware component. If necessary, an additional, independent encryption of the device data between an authorized data transmitter can be carried out
    and the hardware component.
    Update data can be any data that can be stored in a device memory of the hardware component. The term “update data” encompasses both the unencrypted update data and also update data which are present in encrypted form and which are also referred to herein as the “encrypted instance” of the update data. Any data that can be identified using the respective cryptographic key and the corresponding cryptographic key are thus referred to as the “encrypted instance” of the update data
    Procedure to have the unencrypted update data calculated.
    The update data can either have been encrypted by an authorized data transmitter with a public key of the hardware component or the gateway close to the device or the gateway close to the network and have already been transmitted in encrypted form to the back-end computer system. In this case, the backend computer system only acts as an intermediary who has no access to the unencrypted data. On the other hand, the encrypted instance of the update data can also be obtained from the back-end computer system using a public key of the hardware component, the gateway close to the device, or the gateway close to the network
    to be created.
    The method can advantageously have the following steps: decrypting the encrypted instance of the update data by the network-close gateway, preferably using the gateway security module of the network-close gateway or by the device-close gateway, preferably using the
    Gateway security module of the gateway close to the device.
    If the hardware component is provided with a security controller,
    complete end-to-end encryption can also be implemented. On the other hand
    8/35 ")
    15
    20
    25th
    30th
    35
    AV-4053 AT
    The data can also be transmitted to hardware components without their own security controller in a very secure manner, since the unencrypted data is only in the internal network, i.e., for example, via an internal fieldbus system, such as a CAN bus, and possibly via the point-to-point connection be transmitted. If necessary, the transmission between the gateway close to the network and the gateway close to the device via the point-to-point connection can in turn be protected by additional encryption which is established between the gateway close to the device (or the hardware component) and the gateway close to the network. The decryption is preferably carried out by the gateway close to the device or the hardware component, both of which have no direct connection to a public network. The method can also be carried out with certain restrictions with a simplified communication module, in which the gateway close to the device has no
    has its own gateway security module.
    The update data can advantageously be a firmware, a
    Application software and / or parameter data of the hardware component include.
    In a further advantageous embodiment, the step of receiving may include retrieving the encrypted instance of the update data from a broker
    and take place according to a protocol that works purely via push mechanisms.
    According to the invention, it can be provided according to a further embodiment that the encrypted instance of the update data contains test data, which check the integrity and / or authenticity of the gateway security module of the gateway close to the device, and / or the gateway security module of the gateway close to the network and / or the security controller of the hardware component allow update data. By checking the authenticity and integrity of the received instance of the update data, for example by means of digital signatures according to the cryptographic system used by the security controller or gateway security module, it can be ensured that e.g. The exchange of the firmware (which is usually done by so-called "flashing" of the corresponding device memory, is only carried out if the data is trusted by the
    Security controller (or gateway security module) is ensured. Definitions:
    In the context of the present disclosure, a “technical system” is a device that has at least one internal network and at least one hardware component that is capable of communicating via this internal network.
    9/35 ”
    15
    20
    25th
    30th
    35
    AV-4053 AT
    In connection with the present disclosure, an “internal network” refers to a communication infrastructure of the technical system that is preferably limited to the technical system and that is suitable for data exchange between hardware components. Depending on the type of technical system, the internal network can be configured according to one
    routable protocol or a non-routable protocol will work.
    In the context of the present disclosure, a “hardware component” is a technical unit that has at least one processor or microcontroller and a storage unit and that is capable of communicating via the respective internal network.
    In the context of the present disclosure, “firmware” refers to a program logic stored in a memory of the hardware component, which is necessary for the operation of the hardware component. Depending on the complexity of the hardware component, the firmware can completely define the operation of the hardware component, possibly using changeable parameters, or it can
    Allow hardware components to run application programs.
    As "application software" of the hardware component in connection with the present disclosure, one that can be executed by the hardware component is generally
    Program logic.
    In connection with the present disclosure, “parameter data” of the hardware component are data which represent values which represent the
    Affect the operation of the hardware component.
    In the context of the present disclosure, a “backend computer system” is a computer infrastructure in which data relating to the hardware component are stored. The backend computing system is able to communicate via the packet-switched data network in order to send data via this packet-switched data network to the technical system, or via the communication module of the technical system to the hardware component, and data from this hardware component via the communication module of the technical System too
    receive.
    In the context of the present disclosure, a “security controller” refers to a unit that can preferably be designed as hardware, in particular as a microchip, the security controller expanding a hardware component with basic security functions. The basic security functions relate in particular to the generation of cryptographic keys, their safe keeping (an extraction of private keys is to be prevented), the transport and
    Decryption of data and handling of digital signatures. Of the
    "-9
    15
    20
    25th
    30th
    35
    AV-4053 AT
    Security controller contains at least one unique identifier that can be used to identify the hardware component. For reasons of size optimization, it is preferred to design the security controller as a single microchip that is installed in the respective hardware unit. If the size of the hardware unit allows this, it is also possible to use a system with a card interface and a processor chip card, as is the case for the gateway defined below.
    Security module is described.
    A security controller preferably comprises at least one crypto processor. The crypto processor can preferably have a random number generator, at least one key generator (e.g. according to RSA), at least one hash generator (e.g. according to a Secure Hash Algorithm - SHA), and at least one encryption / decryption / signature unit. Furthermore, the security controller usually has a non-volatile and / or a volatile memory. For example, an endorsement key and a storage root key can be stored in the non-volatile memory. An endoresement key is a cryptographic key assigned to the security controller, which is preferably stored unchangeably in the non-volatile memory during production. A storage root key is a cryptographic key stored in the protected, non-volatile memory, which can, however, be changed by special functions, for example if the security controller is taken over by a new user. For security reasons, the endorsement key and the storage root key must not be able to leave secure storage. Therefore, the crypto processor must be able to use these keys in order to be able to carry out the cryptographic operation. In the volatile memory of the security controller, for example, platform configuration registers,
    Attestation identity keys and other stored keys must be stored.
    Examples of security controllers include Trusted Platform Modules (TPM) according to the TCG specification of the Trusted Computing Group. It is assumed in connection with the subject disclosure that the person skilled in the art has detailed knowledge of the TCG specification at the time of the oldest filing of the
    the current patent family.
    In the context of the present disclosure, a “crypto processor” refers to a microprocessor that performs basic cryptographic functions, in particular secure data communication, encryption and decryption, authentication and / or
    Management of cryptology keys combined.
    As a "gateway security module" in connection with the objective
    Disclosure refers to a hardware unit that is a gateway around basic
    15
    20
    25th
    30th
    35
    AV-4053 AT
    Security functions expanded. The gateway security module can be constructed in a similar way to a security controller, or can even be of the same construction. The KGateway security module can have a card interface into which a processor chip card can be inserted, which contains a substantial part of the gateway security module and in which the basic security functions in particular can be encoded. In this way, for example in the case of series production of the gateway security module, a hardware technology can be combined with the respective processor chip card
    create unique gateway security module.
    It should be noted that the distinction between the terms "gateway security module" and "security controller" implies neither a functional nor a hardware-technical difference, but only defines their assignment (one time to a hardware unit, the other time to a gateway). In particular, the KGateway security module and security controller can be functionally and / or hardware-technically identical or different. Also, several gateway security modules of different gateways can each be designed as different hardware, and the security controllers of different hardware units do not have to be identical, but can have a different design. All features that are described here in connection with the security controller can thus also be applied to the gateway security module
    and vice versa, unless otherwise expressly stated.
    In connection with the present disclosure, a “processor chip card” is a card which can be inserted or inserted into a card interface, usually made of plastic, and which is provided with a built-in integrated circuit (chip). The integrated circuit comprises hardware logic, at least one memory and at least one microprocessor. Processor chip cards are controlled by special card readers, which are referred to in connection with the present disclosure as "card interface". Processor chip cards are often referred to in general language as "Smartcard" or "Integrated Circuit Card (ICC)". The processor chip card often has a credit card format, but it can also have other formats, such as a SIM card format (e.g. standard SIM, mini SIM, micro SIM, nano SIM). If necessary, the processor chip card can also be in the form of a
    Embedded SIM installed directly in the relevant device and cannot be replaced.
    In the context of the present disclosure, a “hardware security module” (also referred to as “hardware security module - HSM”) is generally an internal or external peripheral device that is used in a computer infrastructure (such as the back-end computer system described here) for the efficient and safe
    Execution of cryptographic operations or applications. This allows for
    -11
    15
    20
    25th
    30th
    35
    AV-4053 AT
    Example, the trustworthiness and integrity of data and the related
    Ensure information IT systems.
    In the context of the present disclosure, “cryptographic key” generally refers to information that parameterizes and controls a cryptographic algorithm. In particular, a distinction is made between decryption keys and encryption keys, which are each linked to one another. In the case of symmetrical encryption systems, the decryption key and the encryption key are identical. Asymmetric encryption systems, on the other hand, use key pairs that consist of a public key ("Public Key") and a private key ("Private Key"). Asymmetric cryptographic keys can not only be used for encryption and decryption,
    but can also be used for digital signing.
    The term “cryptographic system” or “cryptosystem” is used generically in connection with the present disclosure both for systems for encryption and decryption, for key exchange processes and for processes for digital signature. A well-known example of a cryptographic system is the RSA cryptographic system, which works on a one-way function based on prime numbers. Other examples of cryptographic systems are based on elliptic curve cryptography (ECC). Examples include Elliptic Curve Diffie-Hellman (ECDH), Elliptic Curve Integrated Encryption Scheme (ECIES), also called Integrated Encryption Scheme (IES), Elliptic Curve Digital Signature Algorithm (ECDSA) and ECMQV
    Key agreement protocol proposed by Menezes, Qu and Vanstone.
    In connection with the present disclosure, a “network encryption protocol” is a network protocol that guarantees the encrypted data transmission over a computer network. Such a network encryption protocol can consist, for example, of a key exchange protocol and symmetrical methods which ensure the confidentiality and integrity of the transmitted messages. Examples of standards for network encryption protocols include Transport Layer Security (TLS), Secure Shell (SSH), IPsec, WPA2.
    In the context of the present disclosure, a “gateway” is a component that denotes a connection between two communication systems and in particular between two network systems of different protocols (the same
    or different layers in the OSI model).
    As a "point-to-point connection" in connection with the objective
    Disclosure generally understood a direct connection path without intermediate stations.
    15
    20
    25th
    30th
    AV-4053 AT
    This includes, for example, communication in the lower network layers 1-3 in the OSI model. The communication via the point-to-point connection is preferably carried out in accordance with a non-routable protocol. An example of such a connection is a direct connection via a serial bus system, for example a universal serial bus (USB).
    In the context of the present disclosure, a “process that works purely via push mechanisms” is a process in which the communication is always mediated via an intermediary broker in accordance with a PublisherSubscriber model. In particular, it is not necessary to establish a direct end-to-end connection. Examples of such methods are provided by communication methods which are structured in accordance with the MQTT specification (“Message Queuing Telemetry Transport”), in particular in accordance with the MQTT specification in the version applicable at the time of the oldest filing date of the patent family in question
    Frame.
    In the context of the present disclosure, a “broker” is a server that manages the messages that are made available or that are provided in accordance with a publisher-subscriber model or the method that works purely via push mechanisms.
    be retrieved.
    The present invention is explained in more detail below with reference to FIGS. 1 to 3, which is advantageous by way of example, schematically and not in a restrictive manner
    Show embodiments of the invention. It shows
    Fig. 1 is a schematic representation of those involved in a data transfer between a back-end server and a hardware component according to the invention
    Components in a block diagram,
    Fig. 2 is a simplified schematic representation of that shown in Fig. 1
    Data transmission path and
    Fig. 3 is a schematic block diagram of a secure communication system
    between several backend computer systems and several technical systems.
    Fig. 1 shows a schematic representation of the essential entities that are provided in the environment of the inventive methods and devices. A technical system 4 has a communication module 1, an internal network 3 and a number of hardware components 2, 2 ′, which are connected to one another and to the communication module 1 via the internal network 3. Each of those shown in FIG. 1
    Hardware components 2, 2 'have a security controller 14, 14', but they can
    14 135 ”
    15
    20
    25th
    30th
    35
    AV-4053 AT
    in the technical system 4 also conventional hardware components to the internal
    Network 3 must be connected, which do not have a safety controller.
    The communication module 1 comprises a gateway 7 close to the device and a gateway 8 close to the network, which are connected to one another by means of a point-to-point connection 9. The gateway 7 close to the device establishes a communication connection between the internal network 3 and the point-to-point connection 9 and the gateway 8 close to the network establishes a communication connection between the point-to-point connection 9 and a packet-switched data network 6. The packet-switched data network can be any local
    or wide area network, especially the Internet.
    The connection via the packet-switched data network 6 serves the technical system 4 in particular to exchange data with a computer arrangement referred to as a back-end computer system 5. The back-end computer system 5 has a computer infrastructure referred to as “data center” 21, which may be, for example, a server-based computer network from a manufacturer or provider of the hardware components 2, 2 ′. The back-end computer system 5 furthermore comprises one or more databases in which the hardware components 2, 2 ′ relating to data are stored. In Fig. 1, a software repository 15 and a firmware repository 16 are shown symbolically, in which software or firmware for
    Hardware components are stored encrypted.
    The communication between the back-end computer system 5 and the network-related gateway 8 of the communication module 1 of the technical system 4 is carried out via a broker 20 and carried out according to a protocol that is based purely on push mechanisms. Such protocols, for example according to the MQTT specification, allow the implementation of firewall guidelines on the part of the communication module 1, which block incoming traffic. Manipulation of the system via web services and the establishment of an end-to-end connection down to the communication module 1 can thus be excluded. For protocols that function purely via push mechanisms, such as according to the MQTTP protocol, it is known that no direct end-to-end connection is established, but rather the communication is always mediated via the intermediary broker 20, which receives data from a “publisher” , and provides them for one or more “subscribers”, preferably a certificate-based identification of the publisher and / or subsecriber and, if appropriate, encryption of the data. Each endpoint "opens" communication to broker 20 on its own, and this is not initiated "from outside". Since both communication partners can act both as subseribers and publishers, it is possible to exchange data in both directions without having to set up a potentially vulnerable web service. From the communication module
    1 (i.e. from the gateway 7 close to the network) becomes a at defined intervals
    15
    20
    25th
    30th
    35
    AV-4053 AT
    Connection to the broker 20 is established and either data is made available for retrieval by authorized third parties (in particular from the back-end computer system 5) (ie the communication module 1 acts as a publisher) or data is retrieved from third parties (ie the communication module 1 acts as a subscriber) . In an analogous manner, the back-end computer system 5 can act both as a publisher and as a subscriber in order to receive data from the communication module 1 (or from a “underlying” hardware component 2) or to send data to the communication module 1 (or to the
    Hardware component 2) to send.
    The security controllers 14, 14 'of the hardware components 2, 2' can, for example, be designed as an integrated circuit or hardware chip, which makes it possible to equip even relatively small hardware components with such a security controller 14, 14 '. The security controller 14, 14 'expands the hardware components 2, 2' by basic security functions according to at least one cryptographic system. The security controller can, for example, specify a specification of trusted computing
    Group (TCG) and be designed as a "Trusted Platform Module" (TPM).
    The gateway 7 close to the device has a gateway security module 10, which comprises a card interface 13 for a processor chip card 12, and the gateway 8 close to the network has a further gateway security module 10 'with a card interface 13' and a processor chip card 12 '. If necessary, the gateway security module 10 of the gateway 7 near the device can be dispensed with in order to simplify the hardware expenditure, in which case the corresponding encryption and decryption functions of the security modules 14, 14 'of the hardware components 2, 2' and / or the
    Gateway security module 10 'of the network-related gateway 8 are adopted.
    The security controllers 14, 14 'of the hardware components 2, 2' and the gateway security modules 10, 10 'of the gateways 7, 8 each contain a unique identifier which is used to identify the corresponding hardware component or the respective gateway. Corresponding cryptographic systems by the security controllers and
    Gateway security modules that can be used are known in the art.
    The security functions in the back-end computer system 5, in particular the administration and distribution of cryptographic keys, the encryption, decryption and digital signing, can be managed by a hardware security module 11. The hardware security module 11 can also have the public keys of the security controllers 14, 14 'and gateway security modules 10, 10' in the system. However, this is not a mandatory requirement, since the back-end computer system 5 can also receive and store data that it is not allowed to decrypt, for example
    if this data (collected by the hardware component) is for a third party (the
    16/35 ”
    15
    20
    25th
    30th
    35
    AV-4053 AT
    is designated as an authorized data recipient) and are encrypted with its public key. On the other hand, update data handled by the back-end computing system 5 may come from a third party (which also herein as
    authorized data sender) and have already been encrypted by it.
    The units provided for the cryptographic methods, in particular the gateway security modules 10, the security controllers 14 and the hardware security modules 11 can optionally have several different cryptographic ones
    Support systems.
    The arrangement described above allows an extremely effective and strong security of communication connections between the hardware components 2, 2 'and the back-end computer system 5 (or a third party authorized data receiver and / or data transmitter). An exemplary communication of data from the hardware unit 2 to the back-end computer system 5 and from the back-end computer system 5 to the hardware unit 2 is described below with reference to the schematic illustration
    described in Fig. 2.
    The gateway security module 10 of the gateway 7 close to the device, the gateway security module 10 ° of the gateway 8 close to the network, the hardware security module 11 of the back-end computer system 5 and possibly the security controller 14 of the hardware system 2 are capable of at least their security functionalities
    work through a common cryptographic system.
    In order to transmit data from the hardware component 2 to the back-end computing system 5, an initialization is carried out first, with the security controller 14, the two gateway security modules 10, 10 and the hardware security module 11 (or a corresponding security module of a third party who act as data receiver or transmitter) generate key pairs (consisting of a public and a private key) and exchange the public keys with each other in a secure manner. This initialization phase can take place during the “commissioning” or personalization of the communication module 1, possibly even before the communication module 1 is delivered by the manufacturer. The communication module 1 is immediately ready for use after this initialization phase and has all the data and prerequisites that are required to carry out the method according to the invention. The communication paths for which the communication module 1 is provided are usually defined after the initialization phase and change subsequently
    not, or can only be changed by deleting and re-initializing.
    Data that are transferred during the operation of the technical system 4 via the internal network 3 (e.g.
    a CAN bus of a vehicle) can be transmitted from the gateway 7 near the device
    17135
    15
    20
    25th
    30th
    35
    AV-4053 AT
    detected, encrypted by the gateway 7 near the device or the gateway 8 close to the network in accordance with the inventive method and transmitted to the back-end computer system 5. In this case, the gateway 7 close to the device (or the gateway close to the network) can basically be regarded as the end point of the secured transmission chain. The method can be carried out in connection with hardware components that do not have their own security controller 14. This method is referred to as variant A in the description below. The case in which the network-related gateway carries out the encryption is referred to in the figure as variant A '. For the sake of clarity, a detailed description of this variant A 'has been omitted, since the implementation of this variant is in the ability of
    Average specialist, who is aware of the subject disclosure, lies.
    In addition, according to the invention, it is also possible to implement a secure connection from the hardware component 2 to the back-end computer system 5 (or to a third data receiver or data transmitter downstream of this back-end computer system 5), provided the corresponding hardware component 2 has a corresponding security controller 14 has. This possibility is described in the description below
    referred to as variant B.
    According to variant A, the gateway 7 close to the device generates a secret one-time key using the gateway security module 10 and uses an authenticated encryption function in order to encrypt the data to be transmitted with the one-time key. The gateway security module 10 then creates a parameter set for a one-pass key exchange, these parameters comprising a public key of the back-end computer system 5 (or a unit contained therein). The gateway security module 10 encrypts the one-time key using a key wrapping scheme and generates a data envelope (“data envelope”) that includes all of these
    Contains data.
    According to variant B, the security controller 14 of the hardware component 2 can already perform independent encryption of the device data, the corresponding device data already being transmitted in a secure manner from the hardware component 2 to the gateway 7 near the device (step 100). The encryption used by the hardware component 2 can be independent of the cryptographic system used by the communication module 1. In that case, the communication module 1 uses the method according to the invention
    Encryption on already encrypted device data.
    The gateway 7 near the device transmits the data envelope packet via the (preferably not
    routable) point-to-point connection 9 to the network-near gateway 8 (step 101).
    18/35 ”
    15
    20
    25th
    30th
    35
    AV-4053 AT
    The network-close gateway 8 acts as a publisher and establishes a connection with the broker 20 that is secured in accordance with a network encryption protocol (e.g. TLS), whereby both client authentication and server authentication take place. The network-close gateway then transmits the data wrapping packet as publisher to a channel (this is also referred to as a topic or topic, e.g. MQTT topic) of the broker (step 102).
    The back-end computer system 5 also establishes a connection with the broker 20 which is secured in accordance with a network encryption protocol (e.g. TLS), acts as a subscriber to the channel, and receives the data envelope packet (step 103). If necessary, the back-end computer system 5 transmits the data wrapping package to a recipient in
    Backend computer system 5.
    Regardless of the direction of the data transmission, the connection establishment with the broker 20 can take place both from the respective publisher and from the respective subsecriber in accordance with a defined time schedule and / or event-related, for each
    Roles can be defined for publishers / subscribers.
    At the destination in the back-end computer system 5, the relevant data are extracted from the data wrapping package, the key wrapping key is calculated using the OnePass key exchange scheme and the secret key is decrypted using the key wrapping key. Then the integrity and authenticity of the data are verified and the data itself decrypted. The back-end computer system 5 can either use the unencrypted device data in this way
    generate, or the device data in the form encrypted by hardware component 2.
    In the opposite direction, the communication of data from the back-end computer system 5 to the hardware component 2 can be carried out in an exemplary embodiment according to the steps described below. This variant also describes two variants, which are referred to herein as variant C and variant C '. In variant C, the encryption extends from the back-end computer system 5 to the gateway 7 close to the device, and in variant C 'the secure connection extends from the back-end computer system 5 to the gateway 8 close to the network. In addition, the data transmitted according to the inventive method can be used for the hardware component 2 must be encrypted in accordance with its own cryptographic system (such encryption being created either by the back-end computing system 5 or by an authorized data transmitter). Such
    additional encryption is shown in Fig. 2 as variant D.
    The relevant unit in the backend computing system, for example the software repository
    15 or the firmware repository 16 in which the data for the transmission are stored,
    15
    20
    25th
    30th
    35
    AV-4053 AT
    uses the private key in the corresponding hardware security module 11 to create a digital signature for the data to be transmitted, which are to be transmitted to the hardware component 2. The data can include, for example, application software, firmware or parameter data for the hardware component 2. If necessary, this data may already have been stored in encrypted form in the back-end computer system 5, the encryption being carried out, for example, by a manufacturer of the hardware component, but who is not the owner and administrator of the back-end computer system. In this case, the back-end computer system 5 in conjunction with the communication module 1 can only offer a highly secure transmission functionality for third parties, in which the encryption provided in any case "overlaps" with a further, highly secure encryption.
    becomes.
    The data, including the digital signature (s), are encrypted in the back-end computer system 5, preferably before they leave the unit in question. A secret one-time key is created using the hardware security module 11 and an authenticated encryption function is used to encrypt the data to be signed with the one-time key. A parameter set for a one-pass key exchange is then created in the hardware security module 11, these parameters either comprising the public key of the gateway 7 close to the device (variant C) or the public key of the gateway 8 close to the network (variant C ′). The one-time key is encrypted using a key wrapping scheme and a data envelope (“data envelope”) is generated that contains all of this data. Alternatively, the above steps cannot be carried out by the hardware security module 11 of the back-end computer system 5, but also, for example, by an authorized data transmitter. Instead of the hardware security module 11, a software solution can also be used, for example in the form of a soft HSM
    or a similar system.
    The back-end computer system 5 acts as a publisher and establishes a connection with the broker 20 which is secured in accordance with a network encryption protocol, with both client authentication and server authentication taking place. Then the backend computer system 5, as the publisher, transmits the data wrapping package to a broker channel (step 201).
    The network-related gateway 8 also establishes a connection with the broker 20 which is secured in accordance with a network encryption protocol, acts as a subscriber to the channel, and receives the data envelope packet (step 202), both of which
    Client authentication, as well as server authentication.
    20/38 ”
    15
    20
    25th
    30th
    35
    AV-4053 AT
    According to variant C ', the network-close gateway 8 previously extracts the relevant data from the data wrapping packet using the gateway security module 10'. The key wrapping key is calculated using the one pass key exchange scheme and the secret key is decrypted using the key wrapping key. The integrity and the authenticity of the data are verified using a public key of the backend computer system 5 (which is stored in the gateway security module 10 ') and the data itself is decrypted and transmitted via the point
    to point connection 9 transmitted to the gateway 7 near the device.
    According to variant C, the data wrapping packet is transmitted from the gateway 8 close to the network via the point-to-point connection 9 to the gateway 7 near the device (step 203). The gateway 7 near the device extracts the relevant data from the data envelope, calculates the key wrapping key using the one-pass key exchange scheme and decrypts the secret key using the key wrapping key. The integrity and authenticity of the data are verified and the data is decrypted. If necessary, ensuring the integrity and authenticity of the data can already be integrated in the cryptographic system or on another
    appropriately implemented.
    Then the device-related gateway 7 transmits (204) the data to the hardware component 2. If the hardware component 2 has a security controller 14, the integrity and the authenticity of the data can also be checked by the security controller 14, for example using a public key Backend computer system 5 or a public key of the point at which the data was created or encrypted. Optionally, the security controller 14 of the hardware component 2 can also, according to variant D.
    Decrypt the additional encryption level.
    In the context of the present disclosure, “public key of the back-end computer system” refers to all public keys of key pairs whose private key is assigned to a component of the back-end computer system 5 or is stored therein. In particular, such a public key of the back-end computer system 5 can be, for example, the software repository 15 or the
    Firmware repository 16 can be assigned.
    Using the method described above, very complex communication structures can be created, via which numerous technical systems 4 of different types can communicate securely with one or more back-end computer systems 5. 3 shows an expanded communication structure, for example
    with a first technical system 4 and a second technical system 4 '. The first
    15
    20
    25th
    30th
    35
    AV-4053 AT
    Technical system 4 can represent, for example, an industrial device 18, for example a test bench or a machine arrangement, in which at least one hardware component 2, for example a sensor unit, is provided. Typically, an industrial facility includes a variety of hardware components 2 that can be used in conjunction with the teachings of the invention. The second technical system 4 'shown can represent, for example, an autonomous vehicle 17, in which at least one hardware component 2 is contained. Such a vehicle usually contains a large number of hardware components 2, for each of which the
    teachings of the invention can be used.
    In Fig. 3 only two technical systems 4, 4 'are represented representatively, but it is clear that the communication infrastructure has a variety of different and / or
    can support similar technical systems.
    Examples of technical systems which can advantageously be operated in connection with the present invention include plants from power plant operators, plants from ship lock operators, autonomous, semi-autonomous and conventional vehicles and ships, medical examination systems, such as MRI devices and
    the like, airplanes, production facilities, etc.
    Examples of hardware components that can be provided in such technical systems include portable exhaust systems (PEMS), control devices for vehicles,
    Household appliances, PLC systems, generally sensors and actuators, etc.
    Each technical system comprises (at least) one communication module 1, 1 '. Each communication module 1, 1 'has essentially the same basic structure with a gateway 7 close to the device, a point-to-point connection 9 and one
    gateway 8 close to the network, as has already been described in connection with FIG. 1.
    One or more back-end computer systems 5, 5 'can be present in the communication infrastructure. For example, the communication with hardware components 2 via a communication module 1 can be used by several hardware providers, and / or several backend computer systems 5 can be provided for different groups of technical systems and / or hardware components. The communication via the packet-switched data network 6 can be carried out, for example, via the same broker 20, but several brokers can also be used for different ones
    Communication channels should be provided.
    The communication infrastructure shown by way of example in FIG. 3 allows complete end-to-end encryption between a component of a back-end computing system 5, 5 'and that for each supported hardware component 2, 2'
    To manufacture communication module 1 or the hardware component 2. This allows
    -21
    15
    20
    25th
    30th
    AV-4053 AT
    For example, hacker attacks aimed at replacing software or firmware of a hardware component in the course of the transmission over the packet-switched data network 6 against a corrupt version. There are also numerous approaches aimed at targeting a hardware-based attack (for example, through a side channel attack) on the communication module 1, the internal network 3 or the hardware component 2
    have been thwarted by the devices and methods according to the invention.
    Reference number: communication module 1
    Hardware component 2 internal network 3
    technical system 4 backend computer system 5 packet-switched data network 6 device-near gateway 7 network-close gateway 8 point-to-point connection 9 gateway security module 10 hardware security module 11 processor chip card 12 card interface 13 security controller 14 software repository 15 firmware repository 16 vehicle 17
    industrial equipment 18 device memory 19
    Broker 20
    Data center 21
    231357
    权利要求:
    Claims (18)
    [1]
    1. Communication module (1) for data transmission between at least one hardware component (2), which is integrated in an internal network (3) of a technical system (4), and a back-end computer system (5), which is connected to a packet-switched data network (6) is connected, characterized in that the communication module (1) has a gateway (7) close to the device and a gateway (8) close to the network, which are connected to one another via a point-to-point connection (9) which is free of intermediate stations, the gateway close to the network ( 8) provides a data transmission interface between the packet-switched data network (6) and the point-to-point connection (9), and the gateway (7) close to the device provides a data transmission interface
    between the point-to-point connection (9) and the internal network (3).
    [2]
    2. Communication module (1) according to claim 1, characterized in that the device-near gateway (7) has a gateway security module (10) and / or that
    network-near gateway (8) has a gateway security module (10 °).
    [3]
    3. Communication module (1) according to claim 2, characterized in that at least one gateway security module (10) has a card interface (13) for a processor chip card (12).
    [4]
    4. Technical system (4) with a communication module (1) according to one of claims 1 to 3, wherein the technical system (4) further at least one
    Hardware component (2) and at least one internal network (3).
    [5]
    5. Technical system (4) according to claim 4, characterized in that the hardware component (2) has a security controller (14) with an integrated
    Has crypto processor, a non-volatile memory and a volatile memory.
    [6]
    6. Technical system (4) according to claim 4 or 5, characterized in that the
    technical system is a vehicle (17) according to one of the autonomy levels 1 to 5.
    [7]
    7. Technical system (4) according to claim 4 or 5, characterized in that the technical system (4) controlled by an automation system
    Machine arrangement (18), in particular a test bench.
    [8]
    8. A method for the transmission of device data of a hardware component (2), which is integrated into an internal network (3) of a technical system (4) according to one of claims 4 to 7, to a back-end computer system (5), which to a packet-switched Data network (6) is connected, the method by the following steps
    is marked:
    24 135 ”
    15
    20
    25th
    30th
    AV-4053 AT
    - Transmission (100) of the device data from the hardware component (2) via the
    internal network (3) to the gateway (7) close to the device,
    - Transmission (101) of the device data from the gateway (7) close to the device via the
    Point-to-point connection (9) to the gateway (8) close to the network,
    whereby from the gateway (7) close to the device or the gateway (8) close to the network
    Device data is converted into an encrypted instance of the device data, and
    - Transmission (102, 103) of the encrypted instance of the device data from the network-related gateway (8) via the packet-switched data network (6) to the
    Backend computer system (5).
    [9]
    9. The method according to claim 8, characterized in that the method the
    following steps:
    Creation of an encrypted instance of the device data using a public key of a recipient of the data, in particular the backend
    Computer system (5), by
    o the device-near gateway (7), preferably using the gateway
    Security module (10) of the gateway (7) near the device, or
    o through the network-near gateway (8), preferably using the
    Gateway security module (10 °) of the network-related gateway (7).
    [10]
    10. The method according to claim 8 or 9, characterized in that the step of transmitting (102, 103) the encrypted entity via the packet-switched data network (6) comprises transmitting (102) the encrypted entity to a broker (20), and according
    a protocol takes place, which works purely via push mechanisms.
    [11]
    11. The method according to any one of claims 8 to 10, characterized in that the network-close gateway (8) the encrypted instance of the device data before transmission via the packet-switched data network (6) according to a network encryption protocol
    encrypted.
    [12]
    12. The method according to any one of claims 8 to 11, characterized in that the encrypted instance of the device data contains test data, which the back-end computing system (5) and / or another authorized data recipient to test
    Allow device data integrity and / or authenticity.
    [13]
    13. A method for storing update data in a device memory (19) of a hardware component (2), which according to an internal network (3) of a technical system (4)
    is one of claims 4 to 7, wherein the update data for the
    251357
    15
    20
    25th
    30th
    AV-4053 AT
    Hardware component (2) are provided by a back-end computer system (5) and
    the process being characterized by the following steps:
    - Receiving (202) an encrypted instance of the update data by the network-close gateway (8) via the packet-switched data network (6) from the
    Backend computer system (5),
    - Transmission (203) of the update data from the network-related gateway (8)
    via the point-to-point connection (9) to the gateway (7) close to the device,
    - Transmission of the update data to the hardware component (2) via the
    internal network (3),
    wherein encrypted instance of the update data from the gateway (7) near the device
    or the network-related gateway (8) is decrypted, and
    - Saving the update data in the device memory (19)
    Hardware component.
    [14]
    14. The method according to claim 13, characterized in that the encrypted instance of the update data from the back-end computer system (5) and / or an authorized data transmitter using a public key of the hardware component (2), and / or the gateway (7) close to the device. and / or the network-related gateway (8)
    becomes.
    [15]
    15. The method according to claim 13 or 14, characterized in that the method
    comprises the following steps: decrypting the encrypted instance of the update data
    o through the network-near gateway (8), preferably using the
    Gateway security module (10 °) of the network-related gateway (8) or
    o through the device-near gateway (7), preferably using the
    Gateway security module (10) of the gateway (7) close to the device.
    [16]
    16. The method according to any one of claims 13 to 15, characterized in that the update data, a firmware, an application software and / or parameter data
    the hardware component (2) include.
    [17]
    17. The method according to any one of claims 13 to 16, characterized in that the step of receiving (202) comprises retrieving the encrypted instance of the update data from a broker (20) and is carried out according to a protocol,
    which works purely via push mechanisms.
    26135 ”
    [18]
    18. The method according to any one of claims 13 to 17, characterized in that the encrypted instance of the update data contains test data which the gateway security module (10) of the gateway (7) close to the device and / or the gateway security module (10 °) of the gateway (8) close to the network. and / or the security controller (14) of the hardware component (2) checks the integrity and / or authenticity of the
    Allow update data.
    271357
    类似技术:
    公开号 | 公开日 | 专利标题
    DE102017124866A1|2018-06-07|Secure process control communications
    DE102017124821A1|2018-05-17|PUBLICATION OF DATA OVER A DATA DIODE FOR SECURE PROCESS CONTROL COMMUNICATIONS
    DE102017124844A1|2018-05-09|Safely transport data over a data diode for secure process control communications
    DE102009024604B4|2011-05-05|Generation of a session key for authentication and secure data transmission
    EP2749003B1|2018-06-27|Method for authenticating a telecommunication terminal comprising an identity module on a server device in a telecommunication network, use of an identity module, identity module and computer program
    DE102018216915A1|2019-04-04|System and method for secure communications between controllers in a vehicle network
    EP2572494B1|2018-07-11|Method and system for secure data transmission with a vpn box
    EP2586178B1|2016-12-28|Method for tamperproof key management
    EP2863610A2|2015-04-22|Method and system for tamper-proof provision of multiple digital certificates for multiple public keys of a device
    EP3270560B1|2020-03-25|Method for establishing secure communication links to an industrial automation system and firewall system
    WO2019007582A1|2019-01-10|Method and device for feedback-free unidirectional transmission of data to a remote application server
    AT521914B1|2020-10-15|Communication module
    EP3595267A1|2020-01-15|Method, devices and system for exchanging data between a distributed database system and devices
    EP3562115A1|2019-10-30|Protected transmission of data using post-quantum cryptography
    EP3681102B1|2022-03-16|Method for validation of a digital user certificate
    EP3506144A1|2019-07-03|Method and system for checking an integrity of a communication
    WO2018177614A1|2018-10-04|Protective means, method and device containing a protective means for protecting a communication network connected to the device
    WO2014063775A1|2014-05-01|Method for secure management of subscriber identity data
    EP3050244B1|2019-03-20|Provision and use of pseudonymous keys in hybrid encryption
    DE102015208176A1|2016-03-24|Device and method for authorizing a private cryptographic key in a device
    EP3661113A1|2020-06-03|Method and device for the transmission of data in a publish-subscribe system
    DE102014212219A1|2015-12-31|Method for authentication and connection of a device to a network and network participants established for this purpose
    DE102020004128A1|2022-02-03|Cryptographic method for secure and authorized login and authentication of devices in a network using secrets and by exchanging secret keys
    EP3525414A1|2019-08-14|Method for the encoded transmission of data on a cryptographically protected unencrypted communication link
    EP3554114A1|2019-10-16|Method, apparatuses and computer program product for monitoring of an encrypted connection in a network
    同族专利:
    公开号 | 公开日
    KR20210101304A|2021-08-18|
    EP3895387A1|2021-10-20|
    US20220021663A1|2022-01-20|
    AT521914B1|2020-10-15|
    JP2022514492A|2022-02-14|
    CN113261243A|2021-08-13|
    WO2020118342A1|2020-06-18|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    WO2005050933A1|2003-11-14|2005-06-02|Sprint Communications Company, L. P.|Point-to-point route monitoring in a packet-based core network|
    WO2015089457A1|2013-12-13|2015-06-18|M87, Inc.|Methods and systems of secure connections for joining hybrid cellular and non-cellular networks|
    US20180219944A1|2016-06-28|2018-08-02|Anyfi Inc|Method and apparatus and computer readable record media for communication on wi-fi direct multi-group network|CN112013976A|2020-07-06|2020-12-01|天津城建大学|Concrete temperature measurement system based on loRa|US20030147534A1|2002-02-06|2003-08-07|Ablay Sewim F.|Method and apparatus for in-vehicle device authentication and secure data delivery in a distributed vehicle network|
    CN102598594A|2009-11-04|2012-07-18|丰田自动车株式会社|Gateway device for vehicles|
    US10285051B2|2016-09-20|2019-05-07|2236008 Ontario Inc.|In-vehicle networking|
    法律状态:
    优先权:
    申请号 | 申请日 | 专利标题
    ATA51106/2018A|AT521914B1|2018-12-13|2018-12-13|Communication module|ATA51106/2018A| AT521914B1|2018-12-13|2018-12-13|Communication module|
    US17/312,387| US20220021663A1|2018-12-13|2019-12-12|Communication module|
    EP19827589.3A| EP3895387A1|2018-12-13|2019-12-12|Communication module|
    KR1020217022026A| KR20210101304A|2018-12-13|2019-12-12|communication module|
    CN201980082798.XA| CN113261243A|2018-12-13|2019-12-12|Communication module|
    JP2021533459A| JP2022514492A|2018-12-13|2019-12-12|Communication module|
    PCT/AT2019/060437| WO2020118342A1|2018-12-13|2019-12-12|Communication module|
    [返回顶部]