EP1815256A1 - Elektronischer tachograph für ein kraftfahrzeug - Google Patents

Elektronischer tachograph für ein kraftfahrzeug

Info

Publication number
EP1815256A1
EP1815256A1 EP05818272A EP05818272A EP1815256A1 EP 1815256 A1 EP1815256 A1 EP 1815256A1 EP 05818272 A EP05818272 A EP 05818272A EP 05818272 A EP05818272 A EP 05818272A EP 1815256 A1 EP1815256 A1 EP 1815256A1
Authority
EP
European Patent Office
Prior art keywords
unit
tachograph
data
card
main microprocessor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
EP05818272A
Other languages
English (en)
French (fr)
Other versions
EP1815256B1 (de
Inventor
Laurent Malberti
Eric Romon
Jacques Kunegel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Actia Automotive SA
Original Assignee
Actia SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=34951974&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=EP1815256(A1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Actia SA filed Critical Actia SA
Priority to PL05818272T priority Critical patent/PL1815256T3/pl
Publication of EP1815256A1 publication Critical patent/EP1815256A1/de
Application granted granted Critical
Publication of EP1815256B1 publication Critical patent/EP1815256B1/de
Anticipated expiration legal-status Critical
Revoked legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C5/00Registering or indicating the working of vehicles
    • G07C5/08Registering or indicating performance data other than driving, working, idle, or waiting time, with or without registering driving, working, idle or waiting time
    • G07C5/0841Registering performance data
    • G07C5/085Registering performance data using electronic data carriers
    • G07C5/0858Registering performance data using electronic data carriers wherein the data carrier is removable
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C7/00Details or accessories common to the registering or indicating apparatus of groups G07C3/00 and G07C5/00

Definitions

  • the invention relates to a unit of a so-called tachograph control device intended to be loaded onto a motor vehicle-in particular a vehicle for transporting goods or passengers-in order to enable the control of the activities of a driver of the vehicle.
  • driver designates a person who can in turn exercise the activities of driver or co-driver (also called “conveyor") of the vehicle.
  • the tachograph comprises, in addition to this unit, at least one vehicle motion sensor, connected to the unit when the latter is on board.
  • a tachograph has the particular function of recording, storing, producing, printing, and possibly exchanging and displaying, data, called driver data, relating to the activities of a driver of the vehicle, with a view to allow control of these activities by a controller.
  • the tachographs currently used in Europe are of the tachograph type with disks, graphics, such as that described by US 4,782,691. These are analog and mechanical instruments for retranscribing conductive data on a paper disk by means of a stylus.
  • electronic tachographs Following a widespread trend in the automotive field, electronic tachographs have also been developed, including microprocessor circuits for the processing and storage of driver data.
  • the introduction of. Electronics in tachographs have made it possible to envisage the implementation of new equipment within the tachograph unit and the realization by it of new functions. Thus, for example, studies have focused on the replacement of known graphic discs (and still used ...) by electronic smart cards.
  • tachograph units such as that described by US 4,644,368, with smart card reader / writer devices.
  • a tachograph unit already has, for this purpose, mechanical protections (reinforced housing possibly equipped with security seals ).
  • the implementation of electronic components - including microprocessor circuit (s) and smart card reader (s) - in the tachograph unit allows today to consider the implementation of electronic protections within of the unit, such as cryptographic security mechanisms.
  • the aim of the invention is to provide a tachograph, and more specifically a secure electronic tachograph unit, in which the following are particularly guaranteed: the mutual authenticity (verification of identity) of the tachograph unit and of certain external media to the unit (such as the motion sensor and smart cards) with which the unit is to exchange data; note that a media is considered external to the unit when it is not incorporated into the design in the secure case of the unit and is independent or detachable from the unit,
  • the tachograph unit must keep cryptographic secrets (private or secret encryption keys, for encryption and decryption) and integrate corresponding encryption algorithms.
  • the object of the invention is to provide a secure tachograph unit, not only endowed with such cryptographic algorithms and secrets, but also and above all with enhanced electronic protection capable of offering a high level of resistance to fraudulent attacks.
  • the aim is not only to offer control and limitation of access to data managed by the unit, read and / or write, but also and above all to ensure compliance with this limitation by detecting any falsification of these data.
  • An object of the invention is to provide a unit able to strongly resist an attack conducted using sophisticated means, whether means implemented directly on the circuits of the unit or remotely.
  • the object of the invention is in particular to provide a unit offering a level of security rated E3 FORT according to the ITSEC evaluation methodology.
  • Another object of the invention is to provide a more efficient electronic tachograph unit also in terms of functionality.
  • the invention aims to achieve the aforementioned objectives at lower cost, by proposing a tachograph unit low cost.
  • the invention aims to provide a tachograph unit that fulfills these objectives from means, including electronic components, customary and inexpensive, or possibly new but inexpensive development and manufacturing.
  • the invention relates to a tachograph unit intended to be loaded onto a motor vehicle and to be connected to at least one vehicle motion sensor, which unit comprises at least one microprocessor card), called the main card, for processing and storage of data, called tachograph data, comprising at least data, called conductive data, relating to activities of a driver of said vehicle.
  • the tachograph unit is also adapted to perform operations, said security operations, implementing encryption algorithms for the purpose of authentication of at least a portion of the tachograph data.
  • security data refers to additional data stored and / or created and / or calculated and / or used ... in the context of security operations.
  • the security data includes encryption keys, certificates issued by authorized official bodies, security attributes generated by a security operation for a data transmission, such as a signature, a checksum -dite checksum -...
  • Some of these data, called secret data are by definition secret: stored in the tachograph unit, they must remain inaccessible to any unauthorized person (the tachograph unit must offer a high level of resistance to attacks to obtain this secret data); it is essentially secret -symmetric encryption keys and private encryption keys.
  • the main card comprises at least one microprocessor, said main microprocessor, for the processing of the tachograph data,
  • the unit comprises at least one physically protected integrated cryptographic service provider circuit, said CSP circuit, distinct from the main microprocessor (s), CSP circuit in which at least data are stored called secret security data , this CSP circuit being adapted to perform at least part of the safety operations when the unit is on board a vehicle.
  • said CSP circuit distinct from the main microprocessor (s), CSP circuit in which at least data are stored called secret security data , this CSP circuit being adapted to perform at least part of the safety operations when the unit is on board a vehicle.
  • CSP circuit (s) can be carried by the main card or by one or more other card (s).
  • the invention consists in selecting and separating from all the operations implemented by a tachograph unit, at least part of the operations relating solely to security (operations of authenticating and / or protecting certain data by means of encryption algorithms, with the ultimate aim of guaranteeing the authenticity and integrity of the driver data), and to execute the selected security operations by a specific, physically protected circuit.
  • this protected circuit are stored secret security data. It can also store encryption algorithms and / or non-secret security data (such as public keys) relating to the security operations allocated to said CSP circuit.
  • Such an electronic architecture makes it possible to guarantee a very high level of security, never achieved to date in a tachograph unit.
  • the (s) circuit (s) CSP is (are) dedicated (s) essentially to the realization of security operations, the term "essentially” meaning that each circuit CSP is dedicated to operations of security and possibly to specific operations requiring a low capacity of processing and storage, such as the storage of temporary data generated by the processing of tachograph data.
  • a cryptographic service provider circuit that is customary and inexpensive, having a low processing and storage capacity, can thus be used as a CSP circuit according to the invention, given that it is "discharged" from the functionalities of tachograph unit that require more capacity.
  • the (s) circuit (s) CSP is (are) dedicated (s) essentially to the realization of all security operations. Therefore, the main microprocessor (s) does not perform any security operation. It is therefore possible to use, as main microprocessor, a basic microprocessor, unprotected and therefore inexpensive, such as, for example, a computer usually used in the automotive field. Such a conventional computer has sufficient processing and storage capacity to handle all the tasks (excluding security operations) assigned to the tachograph unit.
  • the tachograph unit comprises a single CSP circuit, essentially dedicated to all security operations.
  • the main card of the tachograph unit comprises at least one memory, called application memory, associated with a main microprocessor, in which is stored an application (one or more programs), called tachograph application , which can be loaded into this main microprocessor for processing tachograph data.
  • this microprocessor main is adapted to verify the authenticity and integrity of at least a portion of the tachograph application using at least one security operation performed by a CSP circuit of the tachograph unit.
  • said main microprocessor integrates a protected start program, physically registered in the microprocessor and adapted for, during an operation to implement at least one of a tachograph application (first or new) in the unit, order audit CSP circuit the execution of at least one security operation for the purpose of authenticating said application or tachograph application part, and only ordering the registration of this application or tachograph application part in the application memory if it is considered by the CSP circuit to be authentic and honest.
  • the tachograph application finally stored in the application memory and used by the main microprocessor (s) is therefore necessarily authentic and integrated, that is to say, conceived and implemented by an authorized organization, in a secure environment, according to the specifications imposed by the rules and standards.
  • the tachograph application stored in the application memory is itself adapted to, when loaded into the main microprocessor for tachograph data processing, periodically control the associated CSP circuit 1. performing at least one security operation for its own authentication.
  • each CSP circuit is connected to a main microprocessor, said associated CSP and main microprocessor circuit being adapted to operate in a master / slave relationship in which the main microprocessor is the master and the CSP circuit is the slave .
  • all the security operations executed by a CSP circuit are performed at the request of the associated main microprocessor, which, for this purpose, transmits to the CSP circuit data to be authenticated together with at least one command for executing an operation. corresponding security.
  • the tachograph unit comprises a reader / writer device for smart cards, called tachograph cards, able to receive at least two tachograph cards in parallel.
  • the tachograph unit also comprises a connection interface, called a tachograph card interface, for wireless communication (and in particular at a distance) of the unit with a card reader / writer device.
  • a connection interface called a tachograph card interface
  • tachograph external to the unit (in its simplest version, this external device is adapted to receive only one tachograph card at a time).
  • each tachograph card belonging to one of these types: driver cards, controller cards, business cards and shop cards.
  • Each type of tachograph card opens right on the one hand to a restricted access to certain predetermined data stored in the unit, and on the other hand to the execution of certain predetermined operations according to the type of tachograph card.
  • the insertion of a tachograph card into the card reader / writer device (whether it is the device of the integrated device unit or an external device capable of communicating with the unit) makes it possible to open an operating session of the unit corresponding to the type of card inserted.
  • any tachograph card inserted in the card reader / writer device must be able to be authenticated, as well as the data exchanged between the tachograph card and the tachograph unit.
  • the reader / recorder device is controlled by at least one main microprocessor of the unit, which is associated with a CSP circuit.
  • This main microprocessor (or possibly these main microprocessors) is adapted to control said circuit CSP performing security operations for the mutual authentication of the unit and a tachograph card present in the reader / writer device (integrated or external), and not allowing the opening of a corresponding operating session only if the unit and the tachograph card are considered authentic.
  • An authenticated driver card thus gives access to a session of operation called driver session; an authenticated workshop card gives access to a session of operation known as a workshop session; an authenticated controller card provides access to a session of operation known as a controller session; an authenticated corporate card gives access to a session of operation called business session.
  • This mutual authentication between tachograph card and unit is preferably performed as soon as a card is inserted into the card reader / writer device (especially the integrated device).
  • the main microprocessor is adapted to monitor card insertions and withdrawals in the reader / writer device and to trigger the aforementioned security operations as soon as an insertion of a tachograph card into the reader / writer device is detected.
  • Opening an operating session allows operations to be performed, the nature of which depends on the type of the session. Some of these operations may lead to data exchanges between tachograph card and unit.
  • the main microprocessor is adapted to control the circuit CSP execution of at least a security operation to authenticate said data, and to process the exchanged data only if they are considered to be authentic and honest.
  • the main microprocessor is suitable for: when data (in particular tachograph data) is received by the unit from said tachograph card, commanding the circuit CSP to perform at least one safety operation in order to the authentication of the received data, and treat said data only if they are considered by the CSP circuit as authentic and honest,
  • the unit when data must be transmitted by the unit to said tachograph card, command the CSP circuit to perform at least one security operation in order to protect the integrity of the data to be transmitted.
  • the tachograph card is further adapted to perform at least one security operation to authenticate the transmitted data, and to process the data only if it considers them to be authentic and honest.
  • the tachograph unit must also be able to authenticate the motion sensor with which it communicates when it is on board a vehicle, as well as the data, called motion data, that it receives from said sensor. Note that the movement data are tachograph data.
  • the tachograph unit For its connection to the motion sensor, the tachograph unit comprises a connection interface, called sensor interface.
  • this connection is preferably wired, in which case the sensor interface consists of one or more connector (s). But it is not excluded that this connection is wireless and that the sensor interface comprises (possibly in combination with a connector) an emitter-receiver device of electromagnetic waves.
  • the main board of the unit comprises at least one main microprocessor connected to said sensor interface and which is associated with a CSP circuit, said main microprocessor being adapted to control said execution of the CSP circuit. security operations with a view to the mutual authentication of the motion sensor and the unit and the authentication of the motion data received from the motion sensor by the unit, and received motion data only if the motion sensor and unit are considered authentic and the received data is considered to be authentic and correct.
  • the main microprocessor is suitable for: in the context of an initial operation called the pairing operation of a motion sensor and the tachograph unit, to control to the CSP circuit performing at least one security operation for mutual authentication of the sensor and the unit, and allowing a subsequent exchange of data between said sensor and the unit only if these are considered as being authentic, - in the context of a periodic operation, called a movement data control operation, commanding the circuit CSP to execute at least one security operation for the purpose of authenticating data, called control data , exchanged between the sensor and the unit as part of this control operation, and allow processing of the motion data received by the unit over an elapsed period only if said control data is considered to be authentic and correct .
  • control data the purpose of authenticating data
  • control data exchanged between the sensor and the unit as part of this control operation
  • the pairing operation can be implemented only if an authentic and authenticated workshop tachograph card is present in the card reader / writer device integrated into the unit.
  • the primary microprocessor (s) of the unit is adapted to allow the execution of a pairing operation only in the context of a workshop session (which can only be opened by the authentication of a workshop card).
  • the tachograph unit also comprises a connection interface, called the unloading interface, for the communication of the unit with an external device called unloading device, in particular able to store tachograph data.
  • the unloading interface may include a connector, for a flash connection of the unloader with the unit, and / or an electromagnetic wave transmitter / receiver device, for wireless communication between the unloading interface unit and an optionally remote unloading device.
  • a data unloading operation can be implemented, on the order of a user, only if a tachograph card of a controller, a workshop or an enterprise (excluding a control card). driver) authentic and authenticated is present in the device reader / chart recorder (integrated or external).
  • the main microprocessor (s) is (are) adapted to allow the execution of a data unloading operation to an unloading device "connected" to the unit ( wired or wireless connection) via the unloading interface, only in the context of a controller or workshop or enterprise session (opened by the authentication of a corresponding card).
  • the downloaded tachograph data are accompanied by a security attribute, such as an electronic signature, for subsequent authentication by the unloading device or by another tool.
  • the main microprocessor is also adapted for, in the context of a data unloading operation, commanding the circuit CSP the execution of at least one security operation for the protection of the data to be unloaded.
  • the unit also advantageously comprises a connection interface, called a calibration interface, comprising at least one connector, for the communication of the unit with an external device called calibration device, for the purpose of calibrating unit.
  • a calibration operation can not be implemented, on the control of a user, by means of a calibration device connected to the unit via the calibration interface, only if an authentic and authenticated workshop tachograph card is present in the card reader / writer device integrated into the unit.
  • the main microprocessor (s) is (are) adapted to allow the execution of a calibration operation only in the context of a workshop session ( opened by the authentication of a workshop card).
  • calibration data are transmitted to the unit by the calibration device.
  • the data calibration stored in the unit at the end of the calibration operation are tachograph data.
  • a main microprocessor of the unit is adapted to monitor card insertions and withdrawals in the card reader / writer device (integrated or external) and, as soon as a withdrawal of a tachograph card of the reader / writer device is detected, interrupt any operation in progress in the corresponding operating session.
  • the operations are interrupted during sensor matching, updating the tachograph application, calibration, tachograph data unloading and of course read / write on the tachograph card (which does not is more connected ).
  • the main card comprises a single main microprocessor for the processing of tachograph data, to which a power supply circuit permanently powered by a permanent electrical source of the vehicle is connected, a mass memory, called application memory, of the type electronic and nonvolatile -and especially flash-type for storing at least one tachograph application, a mass memory, said data memory, of electronic and nonvolatile type -and especially flash-type for data storage tachographs and possibly other data excluding secret security data (the two previously defined memories may be two separate memories or a single memory), a calendar real-time clock, a sensor connector and a (single) connector, called unloading / calibration connector, for connection to the unit of an external standard device or an external device for unloading, a reader / recorder device as previously defined,
  • the unit comprises a single CSP circuit, dedicated to carrying out all the safety operations, said main microprocessor and CSP circuit being connected and adapted to operate in a master / slave relationship in which the main microprocessor is the master and the circuit CSP is the slave, the unit also comprises a printer, a display screen, a device for inputting data by a user (such as a keyboard).
  • the invention also relates to a tachograph unit characterized in combination by all or some of the characteristics mentioned above and below.
  • the invention extends to a motor vehicle equipped with such a tachograph unit.
  • FIG. 1 is a perspective view of a tachograph unit according to the invention
  • FIG. 2 is an exploded perspective view of a tachograph unit according to the invention
  • FIG. 3 is a block diagram illustrating the architecture of this tachograph unit and the organization of its various components
  • FIG. 4 is a flowchart illustrating the progress of a security operation according to the invention.
  • the tachograph unit 1 comprises, within a reinforced secure housing 2 (formed of several elements 2a, 2b, 2c) and provided with security seals 50:
  • a microprocessor main board 3 which carries a main microprocessor 4, such as those usually used in the automotive field; alternatively, said board carries a group of microprocessors in parallel to provide redundancy, or a plurality of independent or serially connected microprocessors that share the functionality of the tachograph;
  • the main board 3 also carries a cryptographic service provider circuit 20 CSP connected to the main microprocessor 4 according to a master / slave relationship in which the main microprocessor 4 is the master and the circuit CSP 20 is the slave; such a CSP circuit is physically protected; it possesses for this purpose not only physical but also functional characteristics (memory able to disperse the secrets it contains ...) guaranteeing its inviolability;
  • the circuit CSP 20 is for example a microprocessor CSP similar to those used for bank cards;
  • the circuit CSP 20 integrates a protected memory in which are stored encryption algorithms, secret security data (private keys and session keys) and possibly other security data (public keys ..., these other security data can alternatively be
  • a flash mass memory 5 connected to the main microprocessor 4, and in which a tachograph application is stored that makes it possible to perform all the functions of the tachograph to the exclusion of at least part of the security operations and preferably to the exclusion of all security operations to be implemented to ensure a high level of resistance to fraudulent attacks;
  • the tachograph application includes commands to trigger the execution of security operations;
  • the application memory 5 is of the non-volatile type, - a power supply circuit 6 permanently connected to a permanent electrical source of the vehicle in order to feed the main microprocessor 4 permanently whatever the operating phase of the vehicle in progress (non-contact, after ignition, engine stopped, engine running, vehicle stationary, vehicle running ...), - a real-time calendar clock 7 (date and time) connected to the main microprocessor 4, and preferably has a battery backup,
  • the device has two substantially identical blocks 81, 82, each comprising: "A mechanical interface (slotted, drawer, slide carriage ...) for receiving a tachograph card, provided with a motorized controlled mechanism for moving a card 60 between an insertion / withdrawal position and a position locked read / write, "a connector allowing the connection between the main microprocessor 4 of the unit and the chip 61 of a tachograph card present in the locked read / write position,
  • At least one card detection element in the locked read / write position able to transmit a signal to the main microprocessor 4 when a card is detected in the locked read / write position
  • an electromagnetic wave transmitter / receiver device 16 connected to the main microprocessor 4 and forming a connection interface, called a card interface, for the wireless communication of the unit with a tachograph card reader / writer device external to the 'unit,
  • an electromagnetic wave transmitter / receiver device 14 connected to the main microprocessor 4 and providing a connection interface of the unit 1 with a remote discharging device; alternatively, a single transmitter / receiver device provides a communication interface with both a card reader / writer device and a remote data unloader device,
  • a device 11 for data input by a user controlled by the main microprocessor 4 and comprising a keypad and / or a touch screen,
  • a sensor connector 12 connected to the main microprocessor 4, providing a connection interface of the unit 1 with a motion sensor for receiving vehicle movement data, an unloading / calibration connector 13 connected to the main microprocessor 4, making a connection interface of the unit 1 with a calibration device or an unloading device, in order to receive calibration data (sent by the calibration device) or unloading (to the unloading device) of tachograph data,
  • a nonvolatile flash mass memory 17 connected to the main microprocessor 4 and in which the tachograph data are stored, data referred to as operating data (screen illumination ratio 9, image area tickets to be printed by the printer 10 %) and data called ancillary data (random, temporary data 7), and possibly security data provided that they are not secret (public keys for example) .
  • the tachograph comprises a vehicle motion sensor, connecting cables for connecting the motion sensor and the sensor connector 12 of the onboard unit.
  • the motion sensor is formed in particular by a motion detection element, a microprocessor (to which the detection element is connected) and a connector for connecting the microprocessor of the sensor to the onboard unit.
  • the main function of the tachograph unit is the processing of conductive data, among which may be mentioned:
  • the functions assigned to the main microprocessor essentially concern calculation functions relating to the conductive data, more general functions for managing all the tachograph data (conductive data, motion data, controller data, data of calibration, company data %) and control functions of the various units of the on-board unit. These functions include:
  • the monitoring of the driver's activities, the monitoring of the driving situation the processing of driver data manually entered by the driver (such as the place of start and end of the daily work periods, the driver's activities and the conditions special)
  • the security operations for the mutual authentication of the unit and a tachograph card implement, preferably, encryption calculations by means of asymmetric keys (private and public keys). .
  • the main microprocessor 4 is indeed adapted to identify card insertions and withdrawals according to the signals it receives from the detection device (s) of said reader device / recorder: the presence of a card 60 in the read / write position - reception of a detection signal - after a period of absence of a card - no detection signal - translates the insertion of a card; the absence of a card following a period of card presence reflects the withdrawal of a card.
  • the security operations for the authentication of data exchanged between the unit and the motion sensor or between the unit and a tachograph card preferably implement encryption calculations using session keys, that is, symmetric keys (secret keys).
  • session keys common to the CSP 20 of the unit and to the external media (motion sensor or tachograph card) are established jointly by the two elements as part of the operations. mutual authentication of these elements or immediately thereafter.
  • the session keys are stored in the (protected) memory of the CSP circuit 20.
  • the reading of tachograph data on a previously authenticated tachograph card gives rise to the operations illustrated in FIG. 3, which make it possible to guarantee the integrity of the data read (these operations are intended to verify that the data received by the main microprocessor 4 correspond to those sent by the tachograph card and that they were therefore not falsified during transmission).
  • the main microprocessor 4 prepares the read command (step 30): the control code is provided with data, called ancillary data, necessary for its execution, such as the address and the length of the tachograph data to be read (with a view to their location in the memory of the tachograph card).
  • step 31 It transmits (step 31) the data annexed to the circuit CSP 20, with a command to execute a corresponding security operation, in order to protect the integrity of said data.
  • the circuit CSP 20 calculates (step 32) a checksum, called checksum, of the ancillary data, encrypts said checksum by means of its session key and transmits (step 33) the encrypted checksum to the main microprocessor 4.
  • the microprocessor main 4 prepares (step 34) and transmits (step 35) the entire read command (command code + ancillary data + checksum) to the tachograph card 60 (i.e., to its electronic chip 61) via the connector of the reader / writer device 8.
  • the tachograph card 60, 61 checks the integrity of the data received (step 36) by decrypting the checksum received by means of its session key, calculating the checksum of the received ancillary data and comparing both values. If the latter coincide, the tachograph card 60, 61 transmits (step 38) the requested tachograph data, after having previously calculated and encrypted - by means of its session key - their checksum (step 37). Upon receipt of the data (step 39), the main microprocessor 4 transmits (step 40) to the CSP circuit 20 the tachograph data and the encrypted checksum received, as well as a command to execute a corresponding security operation to check the integrity of tachograph data received.
  • the CSP circuit 20 calculates the checksum tachograph data and decrypts the encrypted checksum that accompanies them by means of its session key and compares the two values obtained (step 41). If they coincide, it sends a signal of agreement to the main microprocessor 4; otherwise, it transmits to the latter a signal of disagreement (step 42).
  • the main microprocessor 4 only operates the tachograph data if the received signal is a tuning signal (step 43). If the tachograph data are not considered authentic (disagreement signal), the microprocessor stores the anomaly and possibly emits a signal corresponding to the attention of the user (step 43).
  • Motion data received from the motion sensor is also subject to security operations for authentication.
  • the motion sensor previously authenticated in the context of a pairing operation with the unit, continuously transmits pulses that it transmits to the unit, each pulse being transmitted at the instant when a predetermined distance has been traveled by the vehicle since the previous impulse.
  • the motion sensor also has a counter, which it increments with each pulse emitted.
  • the main microprocessor of the unit has a counter, which it increments with each pulse received.
  • the main microprocessor triggers a secure operation to compare the sensor and unit counters.
  • the reading of the sensor counter is performed, for example, as previously explained with regard to the reading of tachograph data in a tachograph card: the value of the sensor counter transmitted to the unit is in particular authenticated by a security attribute of type encrypted checksum.
  • a relative value of the sensor counter and a relative value of the unit counter are calculated by the main microprocessor and then compared. This procedure verifies the authenticity and integrity of the data (pulses) transmitted by the sensor during the period since the last comparison operation. It goes without saying that the invention may be subject to numerous variants with respect to the embodiments previously described and shown in the figures.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Time Recorders, Dirve Recorders, Access Control (AREA)
EP05818272A 2004-11-22 2005-11-22 Elektronischer tachograph für ein kraftfahrzeug Revoked EP1815256B1 (de)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PL05818272T PL1815256T3 (pl) 2004-11-22 2005-11-22 Jednostka tachografu elektronicznego dla pojazdu samochodowego

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0412379A FR2878355B1 (fr) 2004-11-22 2004-11-22 Unite de tachigraphe electronique pour vehicule automobile
PCT/FR2005/002893 WO2006053998A1 (fr) 2004-11-22 2005-11-22 Unite de tachygraphe electronique pour véhicule automobile

Publications (2)

Publication Number Publication Date
EP1815256A1 true EP1815256A1 (de) 2007-08-08
EP1815256B1 EP1815256B1 (de) 2013-01-02

Family

ID=34951974

Family Applications (1)

Application Number Title Priority Date Filing Date
EP05818272A Revoked EP1815256B1 (de) 2004-11-22 2005-11-22 Elektronischer tachograph für ein kraftfahrzeug

Country Status (6)

Country Link
EP (1) EP1815256B1 (de)
BR (1) BRPI0517699A (de)
ES (1) ES2401592T3 (de)
FR (1) FR2878355B1 (de)
PL (1) PL1815256T3 (de)
WO (1) WO2006053998A1 (de)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102007058163A1 (de) 2007-09-28 2009-04-23 Continental Automotive Gmbh Tachograph, Maut-On-Board-Unit, Anzeigeinstrument und System
DE102009051350A1 (de) 2009-10-30 2011-05-05 Continental Automotive Gmbh Verfahren zum Betreiben eines Tachographen und Tachograph
EP2362357B1 (de) 2010-02-22 2020-02-12 Stoneridge Electronics AB Erweiterte Fahrtenschreiberfunktionen
EP2369555B1 (de) 2010-02-22 2014-07-02 Stoneridge Electronics AB Temporärer Download
BE1020818A3 (fr) * 2012-07-05 2014-05-06 Hennekinne Yves Systeme de cartes a puces pour automobile.
DE102013214798A1 (de) 2013-07-29 2015-01-29 Continental Automotive Gmbh Tachografenanordnung und Verfahren zum Betreiben einer Tachografenanordnung
DE102020216530A1 (de) * 2020-12-23 2022-06-23 Continental Automotive Gmbh Tachographensystem für ein Kraftfahrzeug, Kraftfahrzeug und Verfahren zum Betreiben eines Tachographensystems
RU209414U1 (ru) * 2021-12-02 2022-03-16 Общество с ограниченной ответственностью "НОВЫЕ РЕШЕНИЯ ДРАЙВА" Цифровой тахограф

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3505068C1 (de) * 1985-02-14 1986-06-19 Mannesmann Kienzle GmbH, 7730 Villingen-Schwenningen Fahrtschreiber fuer Kraftfahrzeuge
GB9220875D0 (en) * 1992-10-05 1992-11-18 Matra Marconi Space Uk Ltd A tachograph
US5497419A (en) * 1994-04-19 1996-03-05 Prima Facie, Inc. Method and apparatus for recording sensor data
US6556905B1 (en) * 2000-08-31 2003-04-29 Lisa M. Mittelsteadt Vehicle supervision and monitoring
AU2002211692A1 (en) * 2000-10-12 2002-04-22 Southwest Research Institute Method and apparatus for personnel transportable data recording

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2006053998A1 *

Also Published As

Publication number Publication date
EP1815256B1 (de) 2013-01-02
ES2401592T3 (es) 2013-04-22
FR2878355B1 (fr) 2007-02-23
WO2006053998A1 (fr) 2006-05-26
BRPI0517699A (pt) 2008-10-14
FR2878355A1 (fr) 2006-05-26
PL1815256T3 (pl) 2013-06-28

Similar Documents

Publication Publication Date Title
CA2261629C (fr) Systeme de stockage securise de donnees sur cd-rom
EP0719438B1 (de) Zugangskontrollsystem mit autorisierten und mittels eines tragbaren speicherträgers erneuerbaren stundenbereichen
EP0531241B1 (de) Elektronisches Zugangskontrollsystem
EP0037762A1 (de) Verfahren und System zur Übertragung signierter Nachrichten
EP2048814A1 (de) Verfahren zur biometrischen Authentifizierung, entsprechendes Computerprogramm, entsprechender Authentifizierungsserver, entsprechendes Endgerät und tragbares Objekt
EP1964307A1 (de) Verfahren zum erzeugen eines sicheren zählers auf einem onboard-computersystem mit einer chipkarte
EP1293062B1 (de) Verfahren zur gesicherten biometrischen authentifizierung oder identifizierung, erfassungsmodul und modul zur prüfung biometrischer daten
WO2012160298A1 (fr) Acces et personnalisation d'un vehicule automobile par telephone
EP2500872A1 (de) Gesichertes Steuerungsverfahren zur Öffnung von Schließvorrichtungen mit Hilfe eines kommunizierenden Objekts vom Typ Handy
FR2996947A1 (fr) Procede securise de commande d'ouverture de dispositifs de serrure a partir de messages mettant en oeuvre un cryptage symetrique
FR2950450A1 (fr) Procede de verification de la validite d'un ticket electronique de stationnement.
FR2792754A1 (fr) Dispositif electronique de surveillance de vehicules contenant au moins un support de donnees transportables
EP1815256B1 (de) Elektronischer tachograph für ein kraftfahrzeug
FR2795579A1 (fr) Procede de securisation d'une communication de donnees entre un support de donnees et un vehicule et dispositif de surveillance du fonctionnement d'un vehicule
EP0856624B1 (de) Sicherheitsvorrichtung für Kraftfahrzeuge und Lernverfahren dafür
EP1683112A1 (de) System zur steuerung von informationen in bezug auf ein fahrzeug
FR2835951A1 (fr) Systeme d'authentification electronique
EP1825441B1 (de) Einheit eines elektronischen tachographen für ein kraftfahrzeug
FR2730076A1 (fr) Procede d'authentification par un serveur du porteur d'un objet portatif a microprocesseur, serveur et objet portatif correspondants
WO2017005644A1 (fr) Procédé et système de contrôle d'accès à un service via un média mobile sans intermediaire de confiance
EP4437479A1 (de) Verfahren zum einrichten einer transaktion zwischen einem kommunizierenden objekt und einem transaktionssteuermodul für ein oder mehrere produkte oder dienste
FR3117655A1 (fr) Système de tachygraphe, dispositif de tachygraphe et procédé de fonctionnement d’un système de tachygraphe
FR3090026A1 (fr) Demande d'acces et autorisation d'acces mains libres a un objet apte a etre verrouiller
EP2431947A1 (de) Verfahren zur Sicherung von elektronischen Fahrtenschreibersystemen
WO2012101389A1 (fr) Systeme biometrique de verification de l'identite avec un signal de reussite, cooperant avec un objet portatif

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20070614

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA HR MK YU

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: ACTIA AUTOMOTIVE

REG Reference to a national code

Ref country code: DE

Ref legal event code: R079

Ref document number: 602005037754

Country of ref document: DE

Free format text: PREVIOUS MAIN CLASS: G01P0001120000

Ipc: G07C0007000000

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

RIC1 Information provided on ipc code assigned before grant

Ipc: G07C 7/00 20060101AFI20120425BHEP

Ipc: G07C 5/08 20060101ALI20120425BHEP

Ipc: G01P 1/12 20060101ALI20120425BHEP

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA HR MK YU

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

Free format text: NOT ENGLISH

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

Ref country code: AT

Ref legal event code: REF

Ref document number: 591970

Country of ref document: AT

Kind code of ref document: T

Effective date: 20130115

BECA Be: change of holder's address

Owner name: 5 RUE JORGE SEMPRUN,F-31432 TOULOUSE CEDEX 4

Effective date: 20130102

Owner name: ACTIA AUTOMOTIVE

Effective date: 20130102

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

Free format text: LANGUAGE OF EP DOCUMENT: FRENCH

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602005037754

Country of ref document: DE

Effective date: 20130307

RAP2 Party data changed (patent owner data changed or rights of a patent transferred)

Owner name: ACTIA AUTOMOTIVE

REG Reference to a national code

Ref country code: SE

Ref legal event code: TRGR

REG Reference to a national code

Ref country code: ES

Ref legal event code: FG2A

Ref document number: 2401592

Country of ref document: ES

Kind code of ref document: T3

Effective date: 20130422

REG Reference to a national code

Ref country code: NL

Ref legal event code: T3

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 591970

Country of ref document: AT

Kind code of ref document: T

Effective date: 20130102

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130102

REG Reference to a national code

Ref country code: EE

Ref legal event code: FG4A

Ref document number: E007912

Country of ref document: EE

Effective date: 20130401

PLBI Opposition filed

Free format text: ORIGINAL CODE: 0009260

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG4D

REG Reference to a national code

Ref country code: PL

Ref legal event code: T3

26 Opposition filed

Opponent name: STONERIDGE ELECTRONICS AB

Effective date: 20130605

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130102

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130102

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130102

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130402

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130502

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130102

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130502

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130403

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130102

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130102

REG Reference to a national code

Ref country code: DE

Ref legal event code: R026

Ref document number: 602005037754

Country of ref document: DE

Effective date: 20130605

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130102

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130102

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130102

PLAX Notice of opposition and request to file observation + time limit sent

Free format text: ORIGINAL CODE: EPIDOSNOBS2

PLAF Information modified related to communication of a notice of opposition and request to file observations + time limit

Free format text: ORIGINAL CODE: EPIDOSCOBS2

PLAF Information modified related to communication of a notice of opposition and request to file observations + time limit

Free format text: ORIGINAL CODE: EPIDOSCOBS2

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

PLBB Reply of patent proprietor to notice(s) of opposition received

Free format text: ORIGINAL CODE: EPIDOSNOBS3

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20131130

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130102

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20131130

REG Reference to a national code

Ref country code: IE

Ref legal event code: MM4A

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20131122

PLAB Opposition data, opponent's data or that of the opponent's representative modified

Free format text: ORIGINAL CODE: 0009299OPPO

PLAB Opposition data, opponent's data or that of the opponent's representative modified

Free format text: ORIGINAL CODE: 0009299OPPO

R26 Opposition filed (corrected)

Opponent name: STONERIDGE ELECTRONICS AB

Effective date: 20130605

R26 Opposition filed (corrected)

Opponent name: STONERIDGE ELECTRONICS AB

Effective date: 20130605

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130102

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20131122

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO

Effective date: 20051122

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 11

PLAB Opposition data, opponent's data or that of the opponent's representative modified

Free format text: ORIGINAL CODE: 0009299OPPO

R26 Opposition filed (corrected)

Opponent name: STONERIDGE ELECTRONICS AB

Effective date: 20130605

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: IT

Payment date: 20151118

Year of fee payment: 11

Ref country code: GB

Payment date: 20151014

Year of fee payment: 11

Ref country code: DE

Payment date: 20151109

Year of fee payment: 11

Ref country code: EE

Payment date: 20151026

Year of fee payment: 11

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: PL

Payment date: 20151026

Year of fee payment: 11

Ref country code: NL

Payment date: 20151014

Year of fee payment: 11

Ref country code: SE

Payment date: 20151117

Year of fee payment: 11

Ref country code: ES

Payment date: 20151125

Year of fee payment: 11

Ref country code: BE

Payment date: 20151123

Year of fee payment: 11

Ref country code: FR

Payment date: 20150925

Year of fee payment: 11

RDAF Communication despatched that patent is revoked

Free format text: ORIGINAL CODE: EPIDOSNREV1

APBM Appeal reference recorded

Free format text: ORIGINAL CODE: EPIDOSNREFNO

APBP Date of receipt of notice of appeal recorded

Free format text: ORIGINAL CODE: EPIDOSNNOA2O

APAH Appeal reference modified

Free format text: ORIGINAL CODE: EPIDOSCREFNO

REG Reference to a national code

Ref country code: DE

Ref legal event code: R064

Ref document number: 602005037754

Country of ref document: DE

Ref country code: DE

Ref legal event code: R103

Ref document number: 602005037754

Country of ref document: DE

APBU Appeal procedure closed

Free format text: ORIGINAL CODE: EPIDOSNNOA9O

RDAG Patent revoked

Free format text: ORIGINAL CODE: 0009271

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: PATENT REVOKED

27W Patent revoked

Effective date: 20160808

GBPR Gb: patent revoked under art. 102 of the ep convention designating the uk as contracting state

Effective date: 20160808

REG Reference to a national code

Ref country code: EE

Ref legal event code: MF4A

Ref document number: E007912

Country of ref document: EE

Effective date: 20161025

REG Reference to a national code

Ref country code: SE

Ref legal event code: ECNC