EP1665611A1 - Voie de transmission de donnees pourvue d'un dispositif de controle de l'integrite des donnees - Google Patents

Voie de transmission de donnees pourvue d'un dispositif de controle de l'integrite des donnees

Info

Publication number
EP1665611A1
EP1665611A1 EP04762641A EP04762641A EP1665611A1 EP 1665611 A1 EP1665611 A1 EP 1665611A1 EP 04762641 A EP04762641 A EP 04762641A EP 04762641 A EP04762641 A EP 04762641A EP 1665611 A1 EP1665611 A1 EP 1665611A1
Authority
EP
European Patent Office
Prior art keywords
data
data transmission
transmission path
input
output
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP04762641A
Other languages
German (de)
English (en)
Inventor
Martin Heinebrodt
Ulf Wilhelm
Paco Haffmans
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Robert Bosch GmbH
Original Assignee
Robert Bosch GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Robert Bosch GmbH filed Critical Robert Bosch GmbH
Publication of EP1665611A1 publication Critical patent/EP1665611A1/fr
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/004Arrangements for detecting or preventing errors in the information received by using forward error control
    • H04L1/0056Systems characterized by the type of code used
    • H04L1/0061Error detection codes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/004Arrangements for detecting or preventing errors in the information received by using forward error control
    • H04L1/0045Arrangements at the receiver end

Definitions

  • the invention relates to a data transmission link with a device for checking the data integrity of data transmitted from the transmitter side to the receiver side of the data transmission link, in particular in a motor vehicle, and to a method for checking the data integrity according to the preamble of claim 6.
  • Data transmission links of the generic type are known. These are used to determine whether data sent by a sender has reached a recipient in unchanged form.
  • checksum methods are known, for example, in which a checksum is determined on the transmitter side for the data to be transmitted and is appended to the data to be transmitted. The checksum of the transmitted data is then determined again on the receiver side and compared with the attached transmitted checksum. If this test is positive, that is to say that the data is correctly transmitted from the sender to the receiver, the integrity of the data is guaranteed and the data can be processed further on the receiver side. If the check leads to a negative result, that is to say a change in the data on the transmitter-receiver link was found, then a procedure for correcting the transmission error is initiated.
  • a braking request can now also be triggered by safety functions, such as an anti-lock braking system, an electronic stability program or a braking assistant, or by comfort functions, such as adaptive cruise control.
  • safety functions such as an anti-lock braking system, an electronic stability program or a braking assistant
  • comfort functions such as adaptive cruise control.
  • the signals are partially transmitted from the vehicle communication on-board network CAN (Controller Area Network), whereby further control devices, for example for the dashboard, the engine or a diagnostic system, can also be connected to the CAN.
  • CAN Controller Area Network
  • a brake may only trigger if the control unit of the braking system has actually generated a braking request Errors in control units connected to the CAN or caused by faults within the CAN. This is aggravated by the fact that such applications are time-critical, which means that the time between the braking request from the control unit of the braking system and the required brake release is so short that there is no time to validate the braking request - be it by the control unit, be it verified by the brake itself. It is often only possible to transmit a single signal for triggering. There is no time to correct a faulty signal with another signal or to wait for another signal to be checked. Hence one Signa! of great importance with a somewhat irreversible character.
  • the data transmission link offers the advantage over the fact that a reliable determination of the data integrity is also realized in time-critical applications.
  • the data transmission path is characterized by a first, transmitter-side and a second, receiver-side data modification device, each of which has the same transmission function that effects the change of input data in output data and is connected to the data transmission path, a receiver-side one that is transmitted by the first data modification device via the Comparing the data transmission path and the output data supplied to the second data modification device, and if the output data are identical, activating a comparator that is connected to the data transmission path and the second data modification device, the transmission of input data generated by the transmitter to the first data modification device and of the same input data via the data transmission path to the data transmission path second data changing device.
  • the following mode of operation results for such a data transmission link.
  • input data are generated on the transmitter side of the data transmission link, by means of which an event is to be effected on the receiver side.
  • the data transmission link can be a wired (for Act electrically or optically) as well as a wireless (for example radio or infrared transmission) link.
  • input data are transmitted to the first data modification device and additionally to the second data modification device via the data transmission link.
  • the input data that are transmitted to the first and to the second data modification device are identical or identical. This can be achieved, for example, by generating two identical input data signals and routing them to the first or second data modification device or also by splitting the signal of the input data into two identical but separate input data signals after their generation.
  • the data modification devices are designed, for example, as a logic circuit, programmable electronic component or processor and have the same transfer function. For the same transfer function, it is decisive that if matching input data are supplied to the data changing devices, matching output data are also generated. However, it is not necessary for the output data to be generated using identical individual steps. (For example, it is possible to realize the transfer function "doubling of x" both as “multiplication of 2 " x "and as” addition x + x ".)
  • the output data generated by the data modification devices are fed to the comparator on the receiver side, the output data generated on the transmitter side being transmitted to the receiver side via the data transmission link.
  • the comparator checks the output data generated on the transmitter and receiver side for equality.
  • the comparator activates the release device, which releases the output data on the transmitter side or on the receiver side for further processing. (Due to the equality of sender-side or receiver-side output data, the further use of sender-side or receiver-side output data always leads to the same result.)
  • the data transmission link described brings great security in determining data integrity, since two different but defined associated data sets are transmitted. In this way, both random errors in data integrity and systematic errors can be determined, since the choice of the transfer function, for example a unique function with a large number of possible input and output data, can prevent changes along the transmission path Input and output data on the comparator again lead to matching output data.
  • the data transmission link described also has a speed advantage since the data modification devices work independently of one another and therefore the time windows in which the data modification devices generate the output data can overlap or even lie at the same time.
  • a particularly advantageous embodiment is obtained if the input data are sent in the direction of the first and second data modification devices at substantially the same time. Since the throughput sequences “first data modification device, data transmission link, input of the comparator” and “data transmission link, second data modification device, input of the comparator” require approximately the same time, an im means Essentially simultaneous sending of the input data also an approximately simultaneous arrival of the output data at the comparator. This means that there are no waiting times at the comparator during which the comparator has to wait for output data at one of its inputs. This minimizes the time from generating the input data to establishing data integrity.
  • the data transmission link has at least one communication channel, in particular a CAN (Controller Area Network) communication channel.
  • CAN Controller Area Network
  • the output data generated by the first data modification device and the input data supplied to the second data modification device are advantageously transmitted through a common communication channel of the data transmission link.
  • the release device enables the actuation of an actuator, in particular a brake. This ensures that an actuator is not triggered due to incorrectly transmitted data or data not intended for the actuator. In this way, a dangerous incorrect triggering of the brake of a motor vehicle, in particular the incorrect triggering of full braking, can be avoided.
  • the invention further relates to a method for checking the data integrity of a data transmission from the transmitter side to the receiver side.
  • Data transmission route in particular in a motor vehicle, wherein
  • Input data from a first data modification device having a transfer function are changed into first output data and are fed to a comparator via the data transmission link,
  • the comparator outputs an activation signal.
  • Figure the principle of operation of a data transmission link according to the invention with a device for checking the data integrity.
  • the figure shows a data transmission link 1 having an area on the transmitter side 2, a data transmission link 3 and an area on the receiver side 4.
  • the receiver side 4 has a second data Change device 6, a comparator 7, a release device 8 and an actuator 9, which is designed here as a brake 10 of a motor vehicle.
  • the data transmission path is designed here as a communication channel 11 of a CAN, on which data is transmitted serially.
  • a receiver coding within the data ensures that even when using a common communication channel 11 or communication network, the data is only ever accepted by the addressed target receiver.
  • the first and the second data changing device 5, 6 have the same transfer function with which input data are converted into output data. That is, if the data changing devices 5, 6 are loaded with matching input data, then they generate matching output data.
  • the following mode of operation results for data transmission link 1:
  • the control device 12 generates input data E1, E2 from source input data E, which originate from sensors (not shown in more detail) on the basis of computing or program instructions.
  • the input data E1 are converted by the first data modification device 5 into output data A1 and fed to a first input of the comparator 7 via the feed point 13, the communication channel 11 and the decoupling point 14.
  • the input data E2 are fed via the feed-in point 13, the communication channel 11 and the decoupling point 14 to the second data changing device 6, the output data A2 is generated and fed to the second input of the comparator 7.
  • the comparator 7 now checks the output data A1, A2 for equality and forwards the result of the test via the line R to the release device 8. Only if the output data A1, A2 are identical?
  • the enabling device 8 activates and forwards the output data A1 branched off at the node 15 to the brake 10.
  • the dashed line from node 16 to release device 8 indicates that output data A2 can also be used for forwarding.
  • both output data A1, A2 can also be supplied to the release device 8, with logic within the release device 8 then determining which data are forwarded to the brake 10.
  • the signal is only forwarded to the brake 10 if the output data A1 generated by the first data modification device 5 and passed via the communication channel 11 to the comparator 7 match the output data A2 that are provided by the second data modification device 6 were generated on the basis of the input data E2 transmitted by the communication channel 11. If there is a change in the input data E2 along the communication channel 11, the second data change device 6 generates output data A2 which do not match the output data A1, and therefore the release device 8 is not activated. The same result calls for a change in the output data A1 along the communication channel 11, because even then the output data A2 do not match the changed output data A1.
  • a change in the input data E2 and the output data A1 is also detected when the transfer function of the first and the second data change device 5, 6 has a large number of possible input and output data. This ensures a high level of certainty that the brake 10 is really only actuated if this should actually be effected on the basis of the original input data E. In addition to the high security offered by the data transmission link, only a very small amount of time is required for checking the data integrity, since the first and second data modification devices 5, 6 work independently of one another and can process input data E1, E2 as soon as this input data E1, E2 are present at the respective input of the first or second data modification device 5, 6.
  • the output data A1, A2 are also available to the comparator 7 as quickly as possible, so that the data integrity can be checked immediately.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Communication Control (AREA)
  • Regulating Braking Force (AREA)
  • Valves And Accessory Devices For Braking Systems (AREA)
  • Detection And Prevention Of Errors In Transmission (AREA)

Abstract

L'invention concerne une voie de transmission de données (1) comportant un dispositif de contrôle de l'intégrité des données transmises du côté émetteur (2) au côté récepteur (4) de la voie de transmission de données (3), en particulier dans un véhicule automobile, cette voie de transmission de données comportant un premier dispositif de modification de données (5), placé côté émetteur, et un second dispositif de modification de données (6), placé côté récepteur, qui ont chacun une fonction de transmission identique, ainsi qu'un comparateur qui compare les données de sortie (A1, A2) des dispositifs de modification de données (5, 6). Les données d'entrée (E1) sont traitées sur le côté émetteur (2), pour être transformées en données de sortie (A1) et transmises au côté récepteur (4), et des données d'entrée (E2) identiques sont transmises au côté récepteur (4) où elles sont modifiées en données de sortie (A2). L'invention concerne également un procédé de contrôle de l'intégrité des données.
EP04762641A 2003-09-18 2004-08-10 Voie de transmission de donnees pourvue d'un dispositif de controle de l'integrite des donnees Ceased EP1665611A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10343172.1A DE10343172B4 (de) 2003-09-18 2003-09-18 Datenübertragungsstrecke mit Einrichtung zur Prüfung der Datenintegrität
PCT/DE2004/001796 WO2005032033A1 (fr) 2003-09-18 2004-08-10 Voie de transmission de donnees pourvue d'un dispositif de controle de l'integrite des donnees

Publications (1)

Publication Number Publication Date
EP1665611A1 true EP1665611A1 (fr) 2006-06-07

Family

ID=34305876

Family Applications (1)

Application Number Title Priority Date Filing Date
EP04762641A Ceased EP1665611A1 (fr) 2003-09-18 2004-08-10 Voie de transmission de donnees pourvue d'un dispositif de controle de l'integrite des donnees

Country Status (5)

Country Link
US (1) US7831897B2 (fr)
EP (1) EP1665611A1 (fr)
JP (1) JP4290195B2 (fr)
DE (1) DE10343172B4 (fr)
WO (1) WO2005032033A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009115903A1 (fr) 2008-03-20 2009-09-24 Kinamik Data Integrity, S.L. Procédé et système pour fournir une intégrité granulaire fine à des données numériques

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1943781A1 (fr) * 2005-11-03 2008-07-16 Continental Teves AG & Co. oHG Circuit de commutation de signal mixte destine a un systeme de commande ou de regulation electronique securise
US10637785B2 (en) * 2018-08-16 2020-04-28 Uchicago Argonne, Llc Software defined networking multiple operating system rotational environment
US11876833B2 (en) 2019-08-15 2024-01-16 Uchicago Argonne, Llc Software defined networking moving target defense honeypot
DE102021127310B4 (de) 2021-10-21 2024-02-08 Liebherr-Aerospace Lindenberg Gmbh System und Verfahren zur Datenübertragung

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0214475B1 (fr) * 1985-09-11 1991-06-26 Siemens Aktiengesellschaft Circuit pour transmettre des signaux de données entre des dispositifs de commande reliées entre eux par un système en anneaux
US4852680A (en) * 1988-04-07 1989-08-01 J. I. Case Company Vehicle anti-theft system with remote security module
KR100201580B1 (ko) * 1991-04-02 1999-06-15 후루까와 준노스께 다중전송시스템
JP3164402B2 (ja) 1991-04-02 2001-05-08 古河電気工業株式会社 多重伝送方式
NL9200391A (nl) * 1992-03-03 1993-10-01 Nederland Ptt Inrichting voor het in een stroom van transmissiecellen aanbrengen van een wijziging.
JPH05316125A (ja) 1992-05-07 1993-11-26 Toyota Central Res & Dev Lab Inc シリアル多重通信システム
JPH07183887A (ja) 1993-12-24 1995-07-21 Hitachi Ltd Atmアダプテーション装置およびcrc符号生成回路
DE59607113D1 (de) * 1995-04-13 2001-07-26 Siemens Schweiz Ag Zuerich Datenübertragungsverfahren und Vorrichtung
WO1998010618A1 (fr) * 1996-09-04 1998-03-12 Hitachi, Ltd. Procede et systeme de transmission d'informations d'etat de voie ferree
DE19644238C2 (de) * 1996-10-24 1998-12-24 Krone Ag Verfahren zur Synchronisation von Übertragungen mit konstanter Bitrate in ATM-Netzen und Schaltungsanordnung zur Durchführung des Verfahrens
JP3253565B2 (ja) * 1997-04-25 2002-02-04 矢崎総業株式会社 通信システム及び通信方法
DE19729105A1 (de) * 1997-07-08 1999-01-14 Bosch Gmbh Robert Einrichtung zur Übertragung von Daten
JP3788867B2 (ja) * 1997-10-28 2006-06-21 株式会社東芝 半導体記憶装置
US6683854B1 (en) * 1998-03-20 2004-01-27 International Business Machines Corporation System for checking data integrity in a high speed packet switching network node
US7046802B2 (en) * 2000-10-12 2006-05-16 Rogaway Phillip W Method and apparatus for facilitating efficient authenticated encryption
JP3501763B2 (ja) 2001-02-19 2004-03-02 Necアクセステクニカ株式会社 データ送信装置、データ受信装置及びデータ送受信装置
FR2824176B1 (fr) * 2001-04-30 2003-10-31 St Microelectronics Sa Procede et dispositif de lecture de cellules de memoire dynamique
US7493140B2 (en) * 2003-01-22 2009-02-17 Johnson Controls Technology Company System, method and device for providing communication between a vehicle and a plurality of wireless devices having different communication standards

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2005032033A1 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009115903A1 (fr) 2008-03-20 2009-09-24 Kinamik Data Integrity, S.L. Procédé et système pour fournir une intégrité granulaire fine à des données numériques

Also Published As

Publication number Publication date
DE10343172B4 (de) 2016-02-11
US7831897B2 (en) 2010-11-09
DE10343172A1 (de) 2005-04-14
US20070230464A1 (en) 2007-10-04
WO2005032033A1 (fr) 2005-04-07
JP4290195B2 (ja) 2009-07-01
JP2007504726A (ja) 2007-03-01

Similar Documents

Publication Publication Date Title
DE10113917B4 (de) Verfahren und Vorrichtung zur Überwachung von Steuereinheiten
EP2160857B1 (fr) Procédé de contrôle et circuit électronique de transmission série sécurisée de données
DE102006054124B4 (de) Verfahren und System zur sicheren Datenübertragung
EP2681633A2 (fr) Nouvelle combinaison de correction d'erreurs et de détection d'erreurs pour la transmission de données numériques
DE102006017302B4 (de) Verfahren und System zur Kontrolle einer Signalübertragung eines elektrischen Pedals
WO2017021060A1 (fr) Procédé et système de transmission sans effet rétroactif de données entre réseaux
DE102014202826A1 (de) Teilnehmerstation für ein Bussystem und Verfahren zur Erhöhung der Datenrate eines Bussystems
EP1665611A1 (fr) Voie de transmission de donnees pourvue d'un dispositif de controle de l'integrite des donnees
DE102017202347B4 (de) Verfahren, System, und Fahrzeug umfassend das System zum Testen einer Funktionssicherheit eines Fahrzeugs während eines Betriebs des Fahrzeugs
DE102021112146A1 (de) Kabelbasiertes Steuersystem zur Steuerung eines Kraftfahrzeugs
DE102021120393B3 (de) Verfahren und Verschaltung zum Betrieb eines Netzwerks oder Netzwerkabschnitts
DE102018220324A1 (de) Verfahren zur Überwachung eines Datenübertragungssystems, Datenübertragungssystem und Kraftfahrzeug
DE102013108006B4 (de) Kommunikationsanordnung
EP3570499A1 (fr) Procédé d'identification de connexion fonctionnellement sûre
DE102007058071A1 (de) Verfahren und Vorrichtung zur Plausibilisierung einer Auswertung von sicherheitsrelevanten Signalen für ein Kraftfahrzeug
DE10121061B4 (de) Überwachungsvorrichtung und Überwachungsverfahren
EP1928091B1 (fr) Capteur avec système de sécurité
DE102020210096A1 (de) Verfahren und Vorrichtung zum Ermitteln von Informationen eines Bussystems
DE102021117324A1 (de) Sendeeinheit und Empfangseinheit zum Senden und Empfangen von Datenpaketen
EP4048574A1 (fr) Dispositif d'évaluation conçu pour réaliser une évaluation tolérante aux erreurs de signaux de détection pour un appareil de commande de moteur d'une direction de véhicule automobile et direction de véhicule automobile
DE102019210969A1 (de) Verfahren zum Betreiben eines kraftfahrzeuginternen Kommunikationssystems mittels einer Watchdogeinrichtung, Computerprogramm, Kommunikationssystem, elektronisches Fahrzeugführungssystem sowie Kraftfahrzeug
DE3327489C2 (fr)
EP1133096A2 (fr) Procédé et système de transmission de données a sûreté intégrée entre des ordinateurs à sécurité intrinsèque
DE102008052781A1 (de) Fehlererkennung in differentiellen Bussystemen
DE102021127310B4 (de) System und Verfahren zur Datenübertragung

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20060418

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): DE FR GB IT

17Q First examination report despatched

Effective date: 20060718

DAX Request for extension of the european patent (deleted)
RBV Designated contracting states (corrected)

Designated state(s): DE FR GB IT

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20100327