CZ303209B6 - Method of maintaining safe state of safety systems with complex security, especially on railway, when making data impressions - Google Patents

Abstract

In the present invention, there is disclosed a method of maintaining safe state of safety systems with a complex security, especially on railway, when making data impressions, wherein at least two units together make data impressions and at the same time none of them alone makes it possible to create such a data impression. The invention is characterized in that the process of making a data impression is broken down into sequences of making partial data impressions in a determined time sequence the result of which is the original data impression and in case of detection of a fault in some of the cooperating units, the defect-free unit, which cooperates with the faulty unit, refuses the creation of the partial data impression.

Description

The present invention relates to a method of maintaining a secure state of composite security systems, in particular railways, in the creation of data impressions.

BACKGROUND OF THE INVENTION

Overall, the security of critical applications at the highest level can be divided into technical and functional security. Functional safety in railway signaling technology mainly deals with traffic safety algorithms that ensure the reduction of risks arising mostly outside the signaling equipment itself, especially in the adjacent railway infrastructure such as track circuits, lights, switches etc. On the other hand technical security is focused on they arise mainly due to failure states of the intruder alarm system. When designing safety devices, it is therefore necessary to take into account the effects of fault conditions on the safety function of the device from the technical safety point of view. When considering the impact of sporadic failures, it is necessary for systems with higher safety requirements to ensure that they remain safe in the event of any type of sporadic accidental fault condition that is considered possible. This principle is known as Fail-Safe and can be achieved in several different ways, namely inherent failure safety, compound failure safety and reactive failure safety. According to the principle of inherent safety, safety is achieved in the event of a failure, since no plausible types of failure of the unit are dangerous. Failure reliability must be guaranteed, for example, by the physical properties of the components used and their wiring. In this case, mastering the failure (detection and negation) is ensured primarily by the laws of physics.

In contrast, composite and reactive security uses detection to achieve security to prevent hazards. In the case of compound security, the voting principle is used to detect fault conditions. In the case of reactive safety, fast and reliable detection is ensured by a specialized unit designed for this purpose. However, this special unit does not directly perform the safety function, but only oversees the proper performance of the safety function of the main (functional) unit. If a malfunction of the main unit safety function is detected by the special unit, the special unit ensures that the outputs of the system with higher safety requirements go into a safe state. With some simplification, the voting principle of compound security is replaced by the detection quality of the special unit for reactive security. Current security devices for high risk mostly use all three principles, and in some cases it is very difficult to decide which of these principles.

In the case of a composite failure failure, more than one unit (device) performs a safety function (traffic safety algorithms). part of the device, in cooperation with other units. In this case, independent units decide by majority, vote on their outputs, their functions. For example, two out of two units, two out of three, three out of five, etc. decide. commands for trains that are transmitted by GSM communication. Because of the possibility of attack in GSM transmission, cryptographic protection using DES (Data Encryption Standard) block cipher must be used. For a composite safety technique, a failure is required that a dangerous fault condition in one unit be detected and managed in a time sufficient to prevent a consistent fault condition in the other unit. It is required that the fault condition be managed before the selected detection (voting) procedure fails due to further degradation of the system.

-1 CZ 303209 B6

One of the important procedures to ensure the principle of composite safety in the event of failure is the process of coping with the failure after its detection. Usually, irreversibly disconnecting a broken unit from another function is used. Since the mains voltage is usually disconnected to disconnect the unit, certain complications arise when the system is started normally. Another frequently used technique is isolation of a broken part, eg by functional disconnection of a broken unit without the need to disconnect the hardware. One possibility for implementing this method is to have a safety-relevant information that is necessary to perform a safety-relevant activity, e.g., to perform selected communication between the security devices. One common element that must be legally transmitted is the security code, which is the part of the message that is added to the transmitted data to check its integrity and authenticity. According to its design, the security code may be cryptographic and non-cryptographic. In the patent document CZ 296129 the form of the security code is adapted to the need for composite security in the event of failure, but this solution is limited to some cyclic codes, it cannot be used for linear or cryptographic codes. It is therefore not applicable to transmission systems where an attack on the transmitted information cannot be ruled out, in particular to change its content or to change its authenticity. Although the procedure described in DE 102007032805 A1 can be used to calculate the cryptographic security code, it is only possible to use it in a given composition, i.e. for a limited number of security codes, which limits its use. The purpose of the present invention is to provide a method which can be adapted to almost any type of security code, hereinafter referred to as a fingerprint.

SUMMARY OF THE INVENTION

It is an object of the present invention to provide a method of maintaining secure state of composite security systems, in particular on rail, in the creation of data fingerprints, wherein at least two units together form fingerprints while each of them does not itself permit the creation of such a fingerprint. The principle of the invention is that the data imprinting process is broken down into a sequence of partial data imprinting within a specified time sequence resulting in the original data imprinting, and if a fault is detected in one of the cooperating units, the intact unit rejects that cooperates with the corrupted unit, creating a partial fingerprint of the data, thereby preventing the creation of the original fingerprint of the original data is thus created only from a sequence of units that have no fault. The security system comprising the above units may be a radio block control center for controlling trains via radio communication.

Data fingerprints are the result of a function that generates a representative data pattern of the original data from a given original data using a defined reduction. Such a function can be constructed, for example, using a cyclic code by placing the remainder of the fingerprint after dividing the input information by the generating polynomial of the cyclic code. Such a fingerprint then serves, for example, to check the integrity of the data or to check its authenticity.

In the case of linear codes, where a generating matrix is used to create the data imprint, the resulting partial data imprint is created by permuting the original data imprint, the inverse permutation being decomposed into partial permutations, thereby producing partial transformations that result from the resulting partial data imprint. creates the original fingerprint of the data. For this purpose, it is sufficient to perform only the permutation of the columns generating the matrix.

If a block cipher is used to create the original CBC-MAC data fingerprint using the Cipher Block Chaining (CBC) method, the block cipher is modified so that the resulting CBC data fingerprint differs from the original CBC-MAC data fingerprint and other partial transformations. the resulting partial fingerprint of the data creates the original fingerprint of the CBC-MAC data.

-2GB 303209 B6

When using the DES (Data Encryption Standard) block cipher with the input permutation of the original data block, the encryption portion, and the output inverse permutation of the encrypted data block, the output inverse permutation is decomposed into sub-permutations, resulting in sub transformations that original fingerprint data.

When using the Advanced Encryption Standard (AES) block cipher, which is performed in calculation blocks (rounds) using a specific key for each calculation block, a different key is added to the encrypted data from the original data block in each calculation block, and the last calculation block key is added to the first calculation block key of the next calculation step, including the CBC method, to ensure that the resulting partial fingerprint is different from the original fingerprint, with the next partial transformation transforming the resulting fingerprint into a form where it is permutation of the original fingerprint and inverse permutation is decomposed into partial permutations that transform the partial fingerprint into the original fingerprint.

In the case of using linear codes, where a generating matrix is used to generate the fingerprint, the resulting fingerprint is used to validate the fingerprint, which for an unbroken authentic message is equal to the received fingerprint obtained by inverted unit co-permutation. If a verification polynomial system is used whose least common multiple is equal to the generating polynomial of the cyclic security code, these verification polynomials are used to check integrity and authenticity.

In the case of using the DES block cipher, the inverse procedure shall be used to verify the original CBC-MAC data fingerprint using three different keys K _s i, K _s2 , K _s3 , where the received original fingerprint CBC-MAC data is first decrypted using the third key K _s3 . then encrypts with the d25 key K _s2 , and if the authenticated fingerprint is authentic and intact, the result of these operations coincides with the fingerprint of the message generated using the first key K _s] .

If the AES block cipher is used, the inverse procedure is used to verify the original CBC-MAC data fingerprint, where the received original CBC-MAC data fingerprint is first decrypted and then only the previous data blocks are converted to CBC-MAC by XOR with the last data block. backward to the first block of data, where for an authentic and intact message the result of the calculation is equal to the initialization vector.

The main advantage of the method of maintaining a secure state in the event of a failure of security systems with a composite security in the creation of data fingerprints according to the present invention over the prior art solutions described above is that this procedure does not require specialized hardware means for comparison or voting. otherwise they would have to work on the principle of inherent safety. This procedure leads to simplification of HW design, reduction of costs and ultimately to increased reliability of security systems.

BRIEF DESCRIPTION OF THE DRAWINGS

BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings illustrate embodiments of the present invention, followed by a detailed description thereof with explanation. The binary (n, β) -line block systematic code consists of k information bits (information part) and c = n-k check bits (control parts), which are organized in the resulting message according to the diagram in FIG. 1.

If a block cipher is used to create the original CBC-MAC data fingerprint using the Cipher Block Chaining (CBC) method, the block cipher is modified so that the resulting CBC data fingerprint differs from the original CBC-MAC data fingerprint and other partial transformations. the original fingerprint of the CBC-MAC data is created. The original procedure for calculating CBC-MAC using the DES block cipher is evident from the diagram in FIG. 2. The CBC-MAC calculation technique is based on the fact that the inversion of the IP input permutation for the DES block cipher is not known in any unit, so cooperation between pairs of units is necessary to achieve the correct result,

-3E 303209 B6, which will create the necessary transformation in cooperation with each other, see the following diagram in Fig. 3. The original DES block cipher calculation scheme is shown in FIG. 4. AES block cipher is, like DES, executed in rounds, see Fig. 5 with the AES block cipher calculation structure.

Depending on the key length (128, 192 to 256 bits), the appropriate number of cycles (Nr - 10, 12 and 14 rounds) is performed. Before the first and then after each round, an appropriate portion of the expanded key is added to the status information, using the XOR operation. Since the CBC-MAC calculation is also based on the XOR operation, it is possible to exploit the commutativeness of this operation to rearrange the CBC-MAC calculation so that even the last 16B of the expanded key is pre-adjusted using the XOR function with the first 16B keys. The change in the calculation is schematically indicated as follows (original in Fig. 6 and then new in

Giant. 7).

In the case of the DES block cipher to verify the original fingerprint of the CBC-MAC data upon reception, a procedure that does not recreate it can be used. This procedure is based on the inverse procedure for creating the original fingerprint of CBC-MAC data, using three different keys.

From the received telegram, it is necessary to decrypt (D) CBC-MAC using the third key K _s3 , further encrypt (E) with the second key K _s2 and then verify that the result corresponds to the fingerprint of the message generated by the first key K _st (see Fig. 8). In the diagram of FIG. 9, a system for creating a fingerprint of a valid message for checking its integrity and authenticity is described, which requires two units to work together.

DETAILED DESCRIPTION OF THE INVENTION

Composite safety of railway signaling systems is a principle that allows their safety to be maintained when the safety function is performed by more than one unit in cooperation with other independent units. For example, when independent units mostly decide on the output of their functions, that is, two out of three units, two out of two, three out of five, and so on.

The method of maintaining secure state of security systems with composite railway safety during data fingerprinting will be described below for the case of linear codes and block codes DES (Data Encryption Standard) and AES (Advanced Encryption Standard) created by CBS (Cipher Block) method. Chaining of the original CBC-MAC data and the block cipher is modified such that the resulting CBC-MAC data subprint differs from the original CBC-MAC data imprint, and by further partial transformations of the resulting CBC-MAC data imprint the original CBC-MAC data is created. Data imprinting is the result of a function that creates a representative data pattern of the original data using a defined reduction from the original data.

The purpose of the data imprint is, for example, to check the integrity of the data or to check its authenticity.

Linear code is defined by a generating matrix that describes the transformation of the original data into a fingerprint. As already mentioned, the fingerprints are the result of a function that creates a representative sample of the original data from the given original data by means of a defined reduction and serves, for example, the data.

to check data integrity. In the following paragraphs, a binary (,,)) -line block systematic code is considered, which consists of k information bits (information part) and c = n-k check bits (control parts), which are organized in the resulting report according to the diagram in Fig. 1. 1.

The binary (n, k) -line (block) systematic code is fully described by the generating binary matrix in the following form. Each line vector B ₍ oc bits is a corresponding contribution to the control section if both the bit and the message are nonzero.

-4GB 303209 B6

OB 0 ··· OB, '1 0 ··· 0B, B' G = [£, /]] = 0 1 ··· OB • in «*» m = [e, bp} = 0 1 ··· 0B, B 5 · «« * 0 0 ··· 1 B _n 0 0 ··· \ B „P _ ⁿ -

If the necessary permutations provede are made on the bits of row B of matrix B, then the new generating matrix M already produces an imprint in which the bits are appropriately switched. The resulting partial impression of the data is therefore a matrix

Al is created by permuting the original data imprint, which is determined by the permutation matrix P. In terms of coding theory, this is an equivalent linear code. The intrinsic multiplication by the generating matrix M of the systematic binary code then represents the use of the XOR operation to add the vectors B, to the control portion. Therefore, only Z matrix BP is required for the calculation of the matrix A /. The necessary permutations P for unit collaboration are part of the information in the data structure 10, which is referred to as the restart tag. Methods for working with the restart mark (safety-relevant information) are described in detail in patent document CZ 298373.

Since all cyclic codes are linear, the above-described procedure can also be applied to all cyclic codes that are generated above algebraic bodies of characteristic two (FG (2 ^m )). All these codes can be understood as binary linear codes. So far, this group of cyclic codes includes all considered safety codes for the considered applications of railway signaling safety devices.

If a block cipher is used to create the original CBC-MAC data fingerprint using the Cipher Block Chaining (CBC) method, the block cipher is modified so that the resulting CBC data fingerprint differs from the original CBC-MAC data fingerprint and other partial transformations. the original fingerprint of the CBC-MAC data is created. The original procedure for calculating CBC-MAC using the DES block cipher is evident from the diagram in FIG. 2.

The calculation of the original fingerprint of the CBC-MAC data begins by modifying the first 64-bit data block with the initialization vector using the XOR operation. The block cipher DES (Data Encryption Standard) with the Ks _b key is used for the result. In the DES calculation, the input permutation is used first and the inverse permutation is used after using its own encryption procedure. An additional 64-bit block of data is added to the result obtained using the XOR operation, and then the procedure is followed in a similar manner in the pos30 calculation. If the permutation contained in the DES algorithm is set aside before the XOR operation, we obtain a procedure where the calculation of one permutation (inverse permutation) is saved in each step. The inverse permutation is used only once at the end of the calculation.

The following CBC-MAC calculation technique is based on the fact that the inverse IP permutation inversion for the DES block cipher is not known in any unit, so to achieve the correct result it is necessary to cooperate between pairs of units that create the necessary transformation in mutual cooperation. FIG. 3. The original DES block cipher calculation diagram is shown in FIG. 4.

The structure of the encryption (decryption and decryption) of the AES (Advanced Encryption Standard) block cipher has several fundamental differences from the DES block cipher. The first difference is that encryption and decryption are specialized non-interchangeable procedures. Since only the cryptographic procedure is necessary to create the CBCMAC, it can be limited to modifying this procedure for composite failover purposes in the following. Another difference between AES and DES is that AES does not use any input and output permutations. With some effort, permutations can be built into the AES encryption procedure, but this increases the computing power required. Therefore, it is preferable to modify the AES calculation in such a way that no intermediate result is a usable fingerprint and incorporate the necessary permutations into the final calculation procedure.

-5GB 303209 B6

AES block cipher is, like DES, executed in rounds, see Fig. 5 with the AES block cipher calculation structure. Depending on the key length (128, 192 and 256 bits), the appropriate number of cycles (Nr - 10, 12 and 14 rounds) is performed. Before the first, and then after each round, the status information is modified using the XOR function with the appropriate portion of the expanded key. Since the CBC-MAC calculation is also based on the XOR operation, it is possible to take advantage of the commutativeness of this operation to rearrange the CBC-MAC calculation so that the last 16B of the expanded key is pre-adjusted using the XOR operation with the first 16B keys. The change in the calculation is schematically indicated as follows (original in Fig. 6 and then new in Fig. 7). Compared to the original calculation (diagram in Fig. 6), after the last round it is always applied both the last and the first part of the expanded key. As a result, the result at the end of the calculation is modified by the first 16B keys. The necessary permutations are made for this result, and the portion of the key on which the permutation is made is applied to the intermediate result thus obtained. This gives the necessary resulting partial impression, which is already completed in the same way as in the other cases with the cooperation of the designated units.

The calculation procedure outlined in the "new calculation structure" diagram (Fig. 7) can be further accelerated by adding the first key to the key for the last round when the key is expanded, using the XOR operation. Due to this modification, one key application before the first round is saved from the second block calculation. The whole CBC-MAC calculation is therefore broken down into three parts. In the initial portion, the first portion of the expanded key (i.e., the first 16B secret key) is applied before the first round, and then, after each round, the next respective portion.

In the repeated calculation, the first part of the expanded key is no longer used and only the other parts after each round are applied. In the final modification, the permutation is applied to the result and modified by the first part of the expanded key on which the permutation was also performed.

The basic principle of technical security for fingerprint authentication is that the validation process does not produce the correct fingerprint. Control procedures which would benefit from the re-creation of imprints are therefore inadmissible. Such an inspection procedure is simply misusable for the recipient and the verifier of the correctness of the impression to produce such fingerprints, possibly due to the failure.

For acyclic linear codes, it is possible to first create a fingerprint on which the permutation is applied using the above matrix Λ / and then compare it with the received fingerprint on which the inverse permutation is applied, created in cooperation with the required number of one35 flows. This procedure must also be applied to cyclic codes if the generating polynomial in question cannot be divided into a usable system of factors. This type of linear security codes has not yet been required for any application.

If there is a system of polynomials (verification polynomials) whose least common multiple is equal to the generating polynomial of the cyclic security code, then the fingerprint verification process by the generating polynomial can be replaced by checking with the verification polynomials. This procedure is described in detail in patent document CZ 296129.

To verify the original fingerprint of CBC-MAC data using the DES block cipher on reception, it is also possible to use a procedure that does not recreate it (a generally recommended technique). This procedure is based on the inverse procedure to create the original fingerprint of CBC-MAC data, using three different keys. From the received telegram it is necessary to decrypt (D) CBC-MAC using the third key K _s3 , further encrypt (E) using the second key K _s2 and then verify that the result corresponds to the fingerprint of the message generated by the first key K _s (see Fig. 8) ,

This control procedure has an advantage similar to that described in the previous paragraph. To verify the integrity and authenticity of an incoming message, it is not necessary to cooperate with the units necessary to create it.

-6GB 303209 B6

To verify the original fingerprint of CBC-MAC data using the AES block cipher on reception, it is possible to use a similar procedure as described in the previous paragraph. It is necessary to decrypt the block with the original fingerprint of the CBC-MAC data from the received telegram and then continue the inverse procedure (using the XOR operation always with the last block of data, ...) until the initialization vector has been reconstructed. of the original fingerprint of the CBC-MAC data. If we get the agreed value, the message received is integrity and authentic. Because the AES block cipher decryption procedure can be used without restriction in a single unit, this checking procedure is feasible without the collaboration of multiple units.

i The unfinished process of constructing the original CBC-MAC fingerprint on the received message data can also be used for inspection. If the result is corrected by the XOR operation with the received original CBC-MAC data before the original CBCMAC data has been reconstructed, then the first 16B of the secret key used must be obtained for the intact authentic.

In the diagram of FIG. 9, a system for creating a fingerprint of a valid message for checking its integrity and authenticity is described, which requires exactly two units to work together. (Note: At least one other unit of the device needs to work together to create a fingerprint. The intent of this will be apparent from the below).

In the “two out of three” system, three units A, B, C are involved in the creation of the impression, none of which knows the complete process of its creation, and the impression is created by the forced cooperation of two units each. The procedure thus proceeds in up to six different sequences. From the data of the generated message u (marked as DATA field in the picture), the fingerprint F (u) is created as follows in the picture

1. Each of the three units A, B, C generates the resulting partial fingerprint for the integrity check called PAIC (Primary Authorization Integrity Check) from the data using the F _PA tc function. The Fpaic function creates the resulting partial fingerprint of the data to which the P _PA and _C permutations are applied so that it does not produce a valid report with the data; ie it is a composite map F _PA j _C = P _PA i _C ° F. The F _PAIC function is the same in all three units and must be implemented so that a valid F (u) data impression can be created by incomplete execution. Thus, the function F and then the permutation of Ppaic cannot be performed first; the composite function F _PA ic must be non-degradable for the unit.

2. Unit A processes the PAIC data field with P _AB i to create a Secondary Authorization Integrity Check (SAIC _aB ), which is a partial transformation of the resulting partial fingerprint - this function permits PAIC field bits that are unique within the system; only a unit has the ability to perform a given permutation

A and can only be used for collaboration with unit B. At the same time, by permutation P _{AC, it} also creates a second secondary authorization fingerprint, SAIC _A c, designed to cooperate with unit C.

3. Simultaneously, the unit B will create from the PAIC field by means of permutations P _BA i and Pbci secondary authorization fingerprints SAIC _BA and SAIC _bc , intended for cooperation with units A and C.

4. Simultaneously, the unit C creates from the PAIC field by permutations P _CA! and P _CBt SAICca and SAIC _cb secondary fingerprints, intended for cooperation with units A and B.

5. Each of the permutations P _XY1 (where X and Y may be A, B, and C) is unique within the system; it is known only to the X unit and can only be used for cooperation with the Y unit.

Following replacement of the sixth secondary replicas (partial transformation of the resulting partial fingerprint) between units: Unit A sends print SAIC _ab drive B and drive C SAICac fingerprint;

the unit B sends the SAIC impression to the _BA unit A and the SAIC impression to the _bc to the C unit and finally the C unit sends the SAICc impression to the A unit to the SAICcb impression to the B unit (see figure).

7. Unit A processes the secondary authorization fingerprint SAIC _ba (which it received from unit B) by permitting P _BA2 to form the final FAIC authorization fingerprint _ba . At the same time, it applies to the author 50 the imprint of the SAIC _ca (which it received from the C unit) by permutation P _CA 2, resulting in the final authorization imprint FAICca-7EN 303209 B6

8. At the same element B creates a secondary authorization fingerprint SA1C _AB (which came from the unit A) with the permutation P, _and b2 final fingerprint authentication and authorization Faic _ab SAICcb fingerprint (which came from the C drive) the permutation P _CB 2 final fingerprint authentication FAICcb ·

9. Finally, the unit C creates the final authorization fingerprint FA1C _ac from the secondary authorization fingerprint SA1C _ac (which it received from unit A) by permutation P _A c2 and the authorization fingerprint SAICbc (which it received from the unit C) by permitting Pbc2 the final authorization fingerprint FAIC _bc .

10. _Again, each of the permutations P _XY2 (where X and Y can be A, B, and C) is unique within the system; it is known only to the Y unit and can only be used to process both the secondary and the fingerprint created by the X unit.

11. Permutations P _XY] and P _XY2 (X and Y can have values A, B and C) are chosen so that by the composition of permutations P _XY | and P _{XY2 have} the same permutation for each X, Y pair, namely PpAic ¹ permutation inverse to PpAic permutation (ie PAbi ° Pab2 ⁼ Paci ° Pac2 ⁼ ··· ⁼ Pcbi ° Pcb2 ~ Ppaic *) all units function all the final FAICXY prints the same.

(For example, FAICab = Pab2 (Pab. (Fpaic ()))) = Ppaic '(Ppaic {F («)) = F (w).

Before commencing the calculation, a check of the mutual match of the DATA field between the units is performed. Also, before adding a DATA field to a FAIC fingerprint, the unit verifies that the FAIC fingerprint matches the data it secures.

Industrial applicability

The invention is useful for maintaining a secure state of security systems with a composite security, in particular on railways, in the creation of data fingerprints.

Claims (10)

1. A method of maintaining the secure condition of composite security systems, in particular railways, in the production of fingerprints where at least two units together form The data imprinting process is broken down into sequences of creating partial fingerprints of the data in a predetermined time sequence, resulting in the original data imprinting, and in the case of When a fault is detected in one of the cooperating units, an intact unit that cooperates with the failed unit refuses to create a partial fingerprint of the data, thereby making it impossible to create the original fingerprint. Method according to claim 1, characterized in that, in the case of linear codes, where a generating matrix is used to create the fingerprint, the resulting partial fingerprint of the data is generated such that it is a permutation of the original fingerprint, the inverse permutation being decomposed into partial permutations. and This creates partial transformations that make the resulting partial data impression the original data impression. Method according to claim 1, characterized in that, in the case of using a block cipher which produces the original fingerprint of the CBC-MAC data using the Cipher Btock Chaining (CBC) method, the block cipher is modified so that the resulting partial fingerprint of the CBC data differs from the original 50 of the CBC-MAC data imprint and further sub transforms of the resulting partial data imprint will create the original CBC-MAC data imprint. The method of claim 3, wherein, in the case of using a Data Encryption Standard (DES) block cipher with an IP input permutation of the original data block, an encryption portion, and The output inverse permutation is decomposed into sub-permutations, resulting in sub-transformations that create the original data imprint from the resulting data sub-imprint. Method according to claim 3, characterized in that in the case of using the AES (Advanced Encryption Standard) block cipher, which is performed in calculation blocks (rounds), a specific key is used for each calculation block, the encrypted data from the of the original data block adds a different key in each calculation block, and the last calculation block key is added to the first calculation block key of the next CBC calculation step to ensure that the resulting partial data impression is different from the original data impression. into a shape that is a permutation of the original imprint and an inverse permutation decomposes into partial permutations that transform the partial imprint into the original imprint. Method according to claim 2, characterized in that in the case of using linear codes where a generating matrix is used to create a fingerprint, the resultant fingerprint is used for authenticating the fingerprint, which for the intact authentic message is equal to the received fingerprint obtained by cooperation units according to claim 1, on which permutation is performed in inverse order. Method according to claim 2, characterized in that in the case of using a system of verification polynomials whose least common multiple is equal to the generating polynomial of the cyclic security code, these verification polynomials are used to check integrity and authenticity. Method according to claim 4, characterized in that, in the case of using a DES block cipher, an inverse procedure is used to verify the original fingerprint of the CBC-MAC data using three different keys (K _sU K _s2 , K ^), -Mac data is first decrypted using a third key (K _s3) and then encrypted using a second key (K ^), the fingerprint authentication if it is authentic and intact, the result of these operations, coincides with the fingerprint generated message using a first key _(K i ) · The method of claim 5, wherein, in the case of using an AES block cipher, an inverse procedure is used to verify the original CBC-MAC data fingerprint, wherein the received original CBC-MAC data fingerprint is first decrypted and then XOR with the last data block. Only the preceding blocks of data are modified on the CBC-MAC, returning to the first block of data, where for an authentic and intact message the result of the calculation is equal to the initialization vector. Method according to any one of claims 1 to 9, characterized in that the security system comprising the units according to claim 1 is a radio block control center for controlling trains by radio communication.