EP2039583A1 - Railway radio control system - Google Patents
Railway radio control system Download PDFInfo
- Publication number
- EP2039583A1 EP2039583A1 EP08252720A EP08252720A EP2039583A1 EP 2039583 A1 EP2039583 A1 EP 2039583A1 EP 08252720 A EP08252720 A EP 08252720A EP 08252720 A EP08252720 A EP 08252720A EP 2039583 A1 EP2039583 A1 EP 2039583A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- train
- radio communication
- radio
- control unit
- authentication process
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B61—RAILWAYS
- B61L—GUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
- B61L15/00—Indicators provided on the vehicle or vehicle train for signalling purposes ; On-board control or communication systems
- B61L15/0018—Communication with or on the vehicle or vehicle train
- B61L15/0027—Radio-based, e.g. using GSM-R
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B61—RAILWAYS
- B61L—GUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
- B61L15/00—Indicators provided on the vehicle or vehicle train for signalling purposes ; On-board control or communication systems
- B61L15/0018—Communication with or on the vehicle or vehicle train
- B61L15/0036—Conductor-based, e.g. using CAN-Bus, train-line or optical fibres
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B61—RAILWAYS
- B61L—GUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
- B61L27/00—Central railway traffic control systems; Trackside control; Communication systems specially adapted therefor
- B61L27/70—Details of trackside communication
Definitions
- the present invention relates to the art of realizing a stable data communication by establishing a plurality of radio communication channels between a train and a communication base station, the art of train control performed via radio and the art of a safe and stable data communication system using a plurality of radio communications that adopt a data encryption system of data transmitted on radio communication channels and a security authentication technique required for entering the radio-controlled zone.
- Communication systems are utilized to perform train control via a "blocking system" in which only a single train is accepted to travel within a single section.
- ERTMS/ETCS utilizes GSM-R (GSM-Railway) using a GSM network as the radio communication system.
- the data is encrypted before radio transmission so as to ensure the confidentiality of data, and the received data is decrypted, thereby protecting the data information from the exterior.
- Patent document 1 discloses a method for controlling the train by transmitting the control information for operating the train safely on a railroad via wire to the train.
- the disclosure realizes a train control system having a high security extent by providing a radio control unit, a data encryption system and a radio transmitter malfunction detection system for utilizing radio communication for train control.
- Japanese patent application laid-open publication 2006-129432 discloses a train authentication technique of a train control system using radio communication.
- the key used for encrypting and decrypting data on the communication channels is determined per each train, which is notified from a ground train control unit through the authentication process of the train.
- the authentication process is performed at the ground train control unit in response to an authentication request sent from an on-train control unit via an on-train radio control unit.
- the authentication process is performed with the aim to prevent impersonation access to the whole system. Further, the authentication process is performed at the start up of the train, the entry of the train to the control section and periodically during traveling of the train to update the encryption key, so as to change the encryption pattern of data of the train and to prevent the data from being read from the exterior.
- the arrangement of establishing a plurality of radio communication channels between the on-train control unit of a single train and the ground train control unit is aimed at realizing a stable and continuous data communication between the on-train control unit and the ground train control unit by realizing redundant radio communication channels.
- This art realizes a highly reliable data communication by providing redundant multiple radio communication channels using multiple CHs, multiple antennas and radio control units under the following radio communication environments: (1) preventing interference bymultipath fading of radio waves withinbuildings in the urban area or within tunnels; (2) preventing interference by noise from other radio communication systems; and (3) change in radio status caused by the movement of the train.
- the control system When the ground train control unit recognizes start up or system entry of the train, the control system must perform an authentication process to notify information such as acceptance to enter system or an encryption key allocated uniquely to each train. If this authentication process must be performed with all the plurality of radio communication channels of a single train, the ground train supervising system must perform a large number of processes determined by the number of trains times the number of radio communication channels, by which the process load becomes excessive.
- the above-mentioned system also has another drawback in that the encryption rules determinedbetween the on-train control unit and the ground train control unit by the authentication process must be set to correspond to the number of radio communication channels per a single train, and the processing load related to data communication becomes excessive.
- the object of providing redundant radio communication channels is as mentioned earlier. According to the present system configuration in which the defection of data is prevented since other radio communication channels are connected even if one radio communication channel is disconnected, some radio communication channels may not be able to perform the authentication process at the time of initial start up of the train according for example to the position of the train, the environment of the radio or the apparatus status of the radio control unit. Such radio communication channel may recover its connection by the movement of the train.
- the radio communication channel for performing data communication for train control and a radio communication channel for performing authentication process, and since the processing mode of the ground train control unit differs for each of the radio communication channels for a single train, the process performed by the ground train control unit becomes too complex.
- the object of the present invention is to provide a train control system having redundant data communication channels using a plurality of radio communication channels using difference channels (CH) between the on-train control unit and the ground train control unit so as to prevent disconnection of communication of control data in the bidirectional radio communication between the on-train control unit and the ground train control unit in a train control system, wherein each of the radio communication channels are made effective as safe and stable data communication channels.
- CH difference channels
- the present invention provides a train control system establishing radio communication between a plurality of on-train radio control apparatuses moving on a predetermined track and a plurality of ground train radio control units disposed along a predetermined track, so as to establish parallel simultaneous radio communications on a plurality of radio communication channels of various communication frequencies between the plurality of on-train radio communication apparatuses and the plurality of ground train radio control units, characterized in that one radio communication channel is selected out of the plurality of radio communication channels to perform an authentication request and an authentication process, wherein an encryption key obtained by the authentication process is used as a common encryption key shared by the plurality of on-train radio control units to encrypt data communication between the plurality of on-train radio control units and the plurality of ground train radio control units.
- the present invention also characterizes in that the authentication request and the authentication process required at the time of entry of the on-train radio control unit to the train control system or at the initial start up of the on-train radio control unit are performed by switching the selected radio communication channels.
- the present invention also characterizes in that a supervising system of the on-train radio control unit for selecting a single radio communication channel and performing the authentication request generates a random number for the authentication process, and hands over the random number to only the radio communication channel for performing the authentication request and the authentication process.
- the present invention further characterizes in that the data on the plurality of radio communication channels are encrypted using an encryption key generated by a ground train supervising system and notified via the ground train radio control unit to the on-train radio control unit, wherein the encryption key is notified from the ground train radio control unit while performing authentication of a single radio communication channel, and the supervising system of the ground train radio control unit shares the encryption key with other on-train radio control units to be used for encrypting data sent via other radio communication channels that have not performed authentication, so that the data sent on all the plurality of radio communication channels established between the on-train radio control units and the ground train radio control units can be encrypted.
- the present invention also characterizes in that the supervising system of the on-train radio control unit observes the status of radio waves of a plurality of radio communication channels and the status of apparatuses of the on-train radio control units, so as to determine a single radio communication channel for performing the authentication process and to start the authentication process.
- the present invention further characterizes in that the train control system is equipped with an authentication retry function in which if the authentication process is not completed within a certain period of time or if radio communication is disconnected during the authentication process, the authentication process is discontinued and terminated, then the supervising system selects another radio communication channel to restart the authentication process, so as to switch the radio communication channel to retry the authentication request and the authentication process.
- the present invention also characterizes in that when the authentication is completed via a single radio communication channel, data communication of the on-train radio control unit within the train control system is accepted, and the supervising system of the on-train radio control apparatus shares the authentication completion information and the encryption key with other radio communication channels, so that the data communication on the remaining radio communication channels are also accepted and started, by which the data communication of the train control system is activated.
- data is communicated via a plurality of radio communication channels between the on-train control unit of a single train and the ground train control unit so as to ensure the redundancy of data communication, and a secure and appropriate authentication is performed by executing a security authentication between the on-train and ground train control units using one of the plurality of radio communication channels. Further, by sharing the encryption key obtained by the authentication process with other radio communication channels to start data communication, the security of data sent via the redundant radio communication channels can be guaranteed effectively.
- the authentication process is performed via only one radio communication channel, so that compared to the system in which all the radio communication channels must perform the authenticationprocess, the loadof authenticating a single train is very small. This is also effective from the viewpoint of reducing load of the ground train control unit that controls the plurality of trains traveling on one railroad track.
- the authentication request and the authentication process required during initial start up of the on-train radio control unit or the entry of the on-train radio control unit to the train control system is performed by switching the selected radio communication channels, so that even if the radio communication status or the status of the radio transmitter or the antenna is not good, the authentication process can be performed by switching to another radio communication channel, so that the plurality of radio communication channels can be performed effectively under a condition in which the authentication process is required.
- the supervising system of the on-train radio control unit for selecting a single radio communication channel and executing the authentication request generates random numbers for the authentication process, and hands over the random number only to the radio communication channel that performs the authentication request and the authentication process, so that the authentication request and the authentication process can be performed effectively only by the supervising system and the radio communication channel performing the authentication process.
- the data on the plurality of radio communication channels is encrypted using an encryption key generated by the ground train supervising system and notified via the round-based radio control unit to the on-train radio control unit.
- the encryption key is notified from the ground train radio control unit upon performing authentication on a single radio communication channel, and the supervising system of the ground train radio control unit demands the on-train radio control unit to share the encryption key for encrypting data with other radio communication channels that have not performed authentication.
- the data on all the plurality of radio communication channels between the on-train radio control unit and the ground train radio control unit can be encrypted, so that compared to the system where all the radio communication channels must perform the authentication process, the authentication process is restricted to a single radio communication channel, the load for performing the authentication process of a single train can be reduced, and the load applied to the ground train control unit that controls the plurality of trains traveling on one railroad track can be reduced.
- the radio wave status of the plurality of radio communication channels and the apparatus status of the on-train radio control unit is monitored by the supervising system of the on-train radio control unit, and by determining the single radio communication channel for performing the authentication process and starting the authentication process, the radio wave status of the plurality of radio communication channels and the apparatus status of the on-train radio control unit can be monitored efficiently, and the authentication process can be started efficiently, compared to the system in which a plurality of on-train radio control units monitor the status respectively.
- the present invention can further be equipped with an authentication retry function that disconnects and terminates the authentication process if the authentication process is not completed within a certain period of time or if the radio communication is disconnected during the authentication process, and selects another radio communication channel to retry the authentication process by the supervising system so as to switch the radio communication channel for retrying the authentication request and the authentication process.
- an authentication retry function that disconnects and terminates the authentication process if the authentication process is not completed within a certain period of time or if the radio communication is disconnected during the authentication process, and selects another radio communication channel to retry the authentication process by the supervising system so as to switch the radio communication channel for retrying the authentication request and the authentication process.
- the authentication process when the authentication process is completed via a single radio communication channel, data communication of the on-train radio control unit in the train control system is accepted, and the supervising system of the on-train radio control unit shares the authentication completion information and the encryption key with other radio communication channels, so that data communication via the remaining radio communication channels is also accepted and started, and the data communication of the train control system can be started.
- the security of data encryption of the radio communication channels not having performed the authentication process is also ensured.
- the data sent on the radio communication channels are encrypted for confidentiality.
- the plurality of radio communication channels formed between a single train and a ground train control unit use the same encryption key to encrypt the same control data, so that identical information are transmitted via the respective radio communication channels.
- An authentication process is performed to prevent impersonation access from the exterior of the system to the radio transmission channels.
- the encryption key generated by the ground train control unit is notified to the on-train control unit.
- the authentication process is performed between the train and the ground train control unit.
- the authentication process recognizes the authentication request from the train via the radio communication path, and determines whether or not to accept access of the train to the system. When access is accepted, an encryption key used for encrypting the data on the radio communication channel is notified to the train. If authentication requests are sent via each of the plurality of radio communication channels between the ground train control unit and a single train, the ground train control unit must receive a large number of authentication requests corresponding to the number of radio communication channels to authenticate only a single train, so that when it is necessary to authenticate multiple trains, the process to be performed at the ground train control unit will become too complex and the load will become excessive. By restricting the number of radio communication channels subjected to authenticationprocesstoone, and having only one authentication request for a single radio communication channel to be output per a single train, the process load of the ground train control unit can be reduced.
- the present system corresponds to such data communication malfunction by establishing a plurality of radio communication channels.
- the authentication process is performed on a single radio communication channel, if the above-mentioned problems causing defective data communication occurs and the radio communication control unit cannot perform the authentication process, switching among the plurality of radio communication channels is performed for example by the following processes:
- data communication is performed via a plurality of radio communication channels established between the on-train control unit of a single train and the ground train control unit, so as to ensure the redundancy of data communication. Further, by executing a security authentication between the on-train and ground train control units using a single radio communication channel out of the plurality of radio communication channels, it becomes possible to perform a secure and appropriate authentication effectively, and by sharing the encryption key obtained in the security authentication process with other radio communication channels when data communication is started, security of data can be guaranteed in the redundant radio communication channels.
- the authentication process performed when starting up the train, when entering the system and when updating the encryption key is performed by selecting one of the plurality of radio communication paths, so that even if the radio communication status or the statuses of the radio transmitter or the antenna is not good, the authentication process can be performed by switching to another radio communication channel, so that the plurality of radio transmission channels can be used effectively in such a state where authentication process is necessary.
- the present system restricts the authentication process to be performed by only a single radio communication channel, so that the load of the authentication process is very small. Therefore, the load on the ground train control unit that controls the large number of trains on a single track can be effectively reduced.
- the channels When an authentication process is performed for all the plurality of radio communication channels, the channels will have various different encryption keys, and the load of the decryption process by the ground train control unit becomes excessive.
- the encryption key obtained via the authentication process by the on-train control unit is distributed and shared with other on-train control units, so that the data encryption of the radio communication channels that did not perform authentication process will also be security-ensured.
- all the data communicated on the plurality of radio communication channels between the ground train control unit and a single train are protected by the same encryption key as that used in the authentication process.
- FIG. 1 is a diagram showing the on-train and ground train control units according to embodiment 1 of the present invention.
- the ground-based facilities include a ground train control unit 10 that generates information to a train 90 accompanying the bidirectional data communication with the train 90, and a ground train radio communication apparatus AP 111 for realizing radio communication (hereinafter referred to as ground train radio control apparatus: AP).
- a supervising system AP master 14 of the plurality of ground train radio control units that exist along the railroad tracks is arranged between the ground train control unit 10 and the AP 111.
- an on-train control unit 12 functioning as the supervising system of the train 90 and an on-train radio control unit STA 131 for performing radio communication (hereinafter referred to as on-train radio control unit: STA) are provided as the train-based facilities.
- STA on-train radio control unit
- four STAs, STA 131, STA 132, STA 133 and STA 134 are disposed on a train 90, with four radio communication channels formed between the on-train control unit 12 and the ground train control unit 10.
- each STA has established radio communication channels with the AP 111, AP 112, AP 113 and AP 114.
- the respective radio communication channels use different channels (CH), and when the on-train radio control units STA 131, STA 132, STA 133 and STA 134 each having an antenna 8 communicate with the base-stations AP 111, AP 112, AP 113 and AP 114 having different installationenvironments and each having an antenna 8, the environments of the radio communication channels are set to be varied, so that when the radio transmission path is disconnected due to radio wave environment or the status of operation of the on-train radio communication system STA, the data from another on-train radio communication system STA is used for processing data of the on-train control unit 12.
- CH channel
- FIG. 2 is a data communication flow chart of the radio communication channel according to embodiment 1 of the present invention.
- the train 90 communicates data with the ground-based facility.
- the information that the ground train control unit 10 wishes to send to a single train is at first transmitted to the AP master 14.
- the information having been subjected to encryption process in the AP master 14 is then send to each of the APs 111 through 114.
- Each AP 111 through 114 transmits the encrypted train control information to each STA 131 through 134 having established radio communication, respectively, and each STA 131 through 134 having received the data sends the decrypted data to the on-train control unit 12.
- each STA 131 through 13 encrypts the data and sends the data to each AP 111 through 114 having established radio communication channels.
- the AP 111 through 114 notifies the received data to the AP master 14, and the AP master 14 decrypts the data.
- the decrypted data from the on-train control unit 12 is notified from the AP master 14 to the ground train control unit 10.
- the on-train control unit 12 usually uses data from a single STA for control, but if data reception error such as the missing of data or missing of data update occurs, or if data disconnection of the radio communication channel occurs, the data received by other STA are used for control. This redundancy of radio communication channels enables to prevent data from the ground train control unit 10 from being discontinued.
- the radio communication channels are open networks, so that the data must be encrypted to ensure confidentiality of the data.
- the encryption key required for the encryption is generated by the ground train control unit 10 per each train 90, and during the authentication process performed during start up of the train or the system entry of the train, the key is handed over from the ground train control unit 10 to the on-train control unit 12.
- FIG. 3 is a flowchart showing the authentication process performed among the various apparatuses according to embodiment 1 of the present invention.
- the on-train control unit 12 generates a random number.
- the on-train control unit 12 selects an STA 13 for performing authentication, and outputs an authentication request by handing over the generated random number.
- the STA 13 transmits the random number to the AP master 14 via a radio communication channel.
- the AP master 14 encrypts the random number using an authentication key shared in advance by the STA 13 and the AP master 14.
- the data is sent to the STA 13, and the STA 13 decrypts the same.
- the STA 13 receives the random number again from the on-train control unit 12 that had been received previously, and compares the same with the random number that had been encrypted and decrypted using the authentication key so as to confirm that they match.
- the ground train control unit 10 generates a random number.
- the ground train control unit 10 hands over the generated random number to the AP master 14.
- the AP master 14 transmits the random number to the STA 13 using AP 11 having a secured radio communication channel that is performing authentication process.
- the STA 13 encrypts the random number using an authentication key shared in advance by the STA 13 and the AP master 14.
- the data is sent to the AP master 14, and the AP master 14 decrypts the same.
- theAPmaster 14 receives the random number again from the ground train control unit 10 that had been received previously, and compares the same with the random number that had been encrypted and decrypted using the authentication key, so as to confirm that they match.
- the ground train control unit 10 encrypts the encryption key determined uniquely for each train, which is notified to the on-train control unit 12 via the radio communication channel established between the AP master 14 and the STA 13.
- the on-train control unit 12 subjects the encryption key received at the time of completion of authentication to a sharing process to share the same with other STAs not subjected to the authentication process, and then notifies that the authentication has completed. Thereby, radio communication using all four STAs is started.
- FIG. 4 is a data communication flow chart illustrating the authentication process performed using radio communication channels according to embodiment 1 of the present invention.
- STA 131 is performing the authentication process.
- the authentication process is performed using a single radio communication channel 41 via the process shown in FIG. 3 .
- the on-train control unit 12 performs an discontinuation-termination process of the authentication process, and outputs an authentication process request to STA 132 so as to switch the STA performing the authentication process.
- This arrangement constitutes an authentication retry function.
- the encryption key notified from the ground train control unit 10 through the authentication process is shared via the on-train control unit 12 with other STAs 132, 133 and 134.
- all the radio communication channels have completed the authentication process and are able to communicate data using the distributed encryption key, so that the data communication of all four radio communication channels are protected from interception from the exterior.
- the authentication is performed using a single wire communication channel and single STA. If the authentication is not completed within a certain period of time and the authentication key is not notified to the on-train control unit 12, the system is equipped with a retry function to perform an authentication discontinuation-termination process so as to switch the authentication request to another STA to retry the authentication.
- the authentication process can be performed by switching the STA used for authentication.
- the authentication process must be performed for four times per a single train, and the process load of the AP master 14 and the ground train control unit 10 becomes excessive.
- the on-train control unit 12 must perform an authentication process corresponding to the radio communication status in addition to performing the train control based on the communicated data, and the performance load of the system becomes excessive.
- the train control unit according to embodiment 1 of the present invention By applying the train control unit according to embodiment 1 of the present invention to perform the authentication process using an STA administering a single radio communication channel and share the encryption key obtained through the authentication process with other STAs administering other radio communication channels, the STAs not having performed the authentication process can also share the encryption key to perform encryption anddecryptionofdata. Thus, even in STAs not having established radio communication during the authentication process can share the encryption key after the authentication of a single STA has completed, so that when radio communication has been established while the train is moving, encrypted data can be communicated immediately.
- the present invention is applicable to signaling systems for moving vehicles such as railway cars, monorails and light rail transits (LRT).
- the present invention is applicable not only to railway cars, but also to systems aimed at performing highly reliable transmission on an open network by adopting redundant data communication using a plurality of radio communication channels.
Abstract
one radio communication channel is selected out of the plurality of radio communication channels to perform an authentication request and an authentication process, wherein an encryption key obtained by the authentication process is used as a common encryption key shared by the plurality of on-train radio control units to encrypt data communication between the plurality of on-train radio control units and the plurality of ground train radio control units.
Description
- The present invention relates to the art of realizing a stable data communication by establishing a plurality of radio communication channels between a train and a communication base station, the art of train control performed via radio and the art of a safe and stable data communication system using a plurality of radio communications that adopt a data encryption system of data transmitted on radio communication channels and a security authentication technique required for entering the radio-controlled zone.
- Communication systems are utilized to perform train control via a "blocking system" in which only a single train is accepted to travel within a single section.
- Recently, there are demands to cut down costs related to the train communication system by introducing a radio communication system. In the United States and China, a CBTC (Communication Based Train Control) system is being introduced to perform train control via radio communication.
- On the other hand, in Europe, the introduction of a system called ERTMS/ETCS is started. ERTMS/ETCS utilizes GSM-R (GSM-Railway) using a GSM network as the radio communication system.
- In a train control system that realizes bidirectional communication of mutual control information between a ground train control unit of the train and a on-train control unit of the train performing radio control of the train using a radio band, which is an open network, the data is encrypted before radio transmission so as to ensure the confidentiality of data, and the received data is decrypted, thereby protecting the data information from the exterior.
- International publication
98/41435 - Japanese patent application laid-open publication
2006-129432 - The arrangement of establishing a plurality of radio communication channels between the on-train control unit of a single train and the ground train control unit is aimed at realizing a stable and continuous data communication between the on-train control unit and the ground train control unit by realizing redundant radio communication channels. This art realizes a highly reliable data communication by providing redundant multiple radio communication channels using multiple CHs, multiple antennas and radio control units under the following radio communication environments: (1) preventing interference bymultipath fading of radio waves withinbuildings in the urban area or within tunnels; (2) preventing interference by noise from other radio communication systems; and (3) change in radio status caused by the movement of the train.
- When the ground train control unit recognizes start up or system entry of the train, the control system must perform an authentication process to notify information such as acceptance to enter system or an encryption key allocated uniquely to each train. If this authentication process must be performed with all the plurality of radio communication channels of a single train, the ground train supervising system must perform a large number of processes determined by the number of trains times the number of radio communication channels, by which the process load becomes excessive.
- The above-mentioned system also has another drawback in that the encryption rules determinedbetween the on-train control unit and the ground train control unit by the authentication process must be set to correspond to the number of radio communication channels per a single train, and the processing load related to data communication becomes excessive.
- The object of providing redundant radio communication channels is as mentioned earlier. According to the present system configuration in which the defection of data is prevented since other radio communication channels are connected even if one radio communication channel is disconnected, some radio communication channels may not be able to perform the authentication process at the time of initial start up of the train according for example to the position of the train, the environment of the radio or the apparatus status of the radio control unit. Such radio communication channel may recover its connection by the movement of the train. If the authentication process is to be performed after the connection has recovered, there will be two types of radio communication channels connected, the radio communication channel for performing data communication for train control anda radio communication channel for performing authentication process, and since the processing mode of the ground train control unit differs for each of the radio communication channels for a single train, the process performed by the ground train control unit becomes too complex.
- The object of the present invention is to provide a train control system having redundant data communication channels using a plurality of radio communication channels using difference channels (CH) between the on-train control unit and the ground train control unit so as to prevent disconnection of communication of control data in the bidirectional radio communication between the on-train control unit and the ground train control unit in a train control system, wherein each of the radio communication channels are made effective as safe and stable data communication channels.
- The present invention provides a train control system establishing radio communication between a plurality of on-train radio control apparatuses moving on a predetermined track and a plurality of ground train radio control units disposed along a predetermined track, so as to establish parallel simultaneous radio communications on a plurality of radio communication channels of various communication frequencies between the plurality of on-train radio communication apparatuses and the plurality of ground train radio control units, characterized in that one radio communication channel is selected out of the plurality of radio communication channels to perform an authentication request and an authentication process, wherein an encryption key obtained by the authentication process is used as a common encryption key shared by the plurality of on-train radio control units to encrypt data communication between the plurality of on-train radio control units and the plurality of ground train radio control units.
- The present invention also characterizes in that the authentication request and the authentication process required at the time of entry of the on-train radio control unit to the train control system or at the initial start up of the on-train radio control unit are performed by switching the selected radio communication channels.
- The present invention also characterizes in that a supervising system of the on-train radio control unit for selecting a single radio communication channel and performing the authentication request generates a random number for the authentication process, and hands over the random number to only the radio communication channel for performing the authentication request and the authentication process.
- The present invention further characterizes in that the data on the plurality of radio communication channels are encrypted using an encryption key generated by a ground train supervising system and notified via the ground train radio control unit to the on-train radio control unit, wherein the encryption key is notified from the ground train radio control unit while performing authentication of a single radio communication channel, and the supervising system of the ground train radio control unit shares the encryption key with other on-train radio control units to be used for encrypting data sent via other radio communication channels that have not performed authentication, so that the data sent on all the plurality of radio communication channels established between the on-train radio control units and the ground train radio control units can be encrypted.
- The present invention also characterizes in that the supervising system of the on-train radio control unit observes the status of radio waves of a plurality of radio communication channels and the status of apparatuses of the on-train radio control units, so as to determine a single radio communication channel for performing the authentication process and to start the authentication process.
- The present invention further characterizes in that the train control system is equipped with an authentication retry function in which if the authentication process is not completed within a certain period of time or if radio communication is disconnected during the authentication process, the authentication process is discontinued and terminated, then the supervising system selects another radio communication channel to restart the authentication process, so as to switch the radio communication channel to retry the authentication request and the authentication process.
- The present invention also characterizes in that when the authentication is completed via a single radio communication channel, data communication of the on-train radio control unit within the train control system is accepted, and the supervising system of the on-train radio control apparatus shares the authentication completion information and the encryption key with other radio communication channels, so that the data communication on the remaining radio communication channels are also accepted and started, by which the data communication of the train control system is activated.
- According to the present invention, data is communicated via a plurality of radio communication channels between the on-train control unit of a single train and the ground train control unit so as to ensure the redundancy of data communication, and a secure and appropriate authentication is performed by executing a security authentication between the on-train and ground train control units using one of the plurality of radio communication channels. Further, by sharing the encryption key obtained by the authentication process with other radio communication channels to start data communication, the security of data sent via the redundant radio communication channels can be guaranteed effectively.
- Further according to the present invention, the authentication process is performed via only one radio communication channel, so that compared to the system in which all the radio communication channels must perform the authenticationprocess, the loadof authenticating a single train is very small. This is also effective from the viewpoint of reducing load of the ground train control unit that controls the plurality of trains traveling on one railroad track.
- Further according to the present invention, the authentication request and the authentication process required during initial start up of the on-train radio control unit or the entry of the on-train radio control unit to the train control system is performed by switching the selected radio communication channels, so that even if the radio communication status or the status of the radio transmitter or the antenna is not good, the authentication process can be performed by switching to another radio communication channel, so that the plurality of radio communication channels can be performed effectively under a condition in which the authentication process is required.
- Moreover, according to the present invention, the supervising system of the on-train radio control unit for selecting a single radio communication channel and executing the authentication request generates random numbers for the authentication process, and hands over the random number only to the radio communication channel that performs the authentication request and the authentication process, so that the authentication request and the authentication process can be performed effectively only by the supervising system and the radio communication channel performing the authentication process.
- Further according to the present invention, the data on the plurality of radio communication channels is encrypted using an encryption key generated by the ground train supervising system and notified via the round-based radio control unit to the on-train radio control unit. The encryption key is notified from the ground train radio control unit upon performing authentication on a single radio communication channel, and the supervising system of the ground train radio control unit demands the on-train radio control unit to share the encryption key for encrypting data with other radio communication channels that have not performed authentication. Thereby, the data on all the plurality of radio communication channels between the on-train radio control unit and the ground train radio control unit can be encrypted, so that compared to the system where all the radio communication channels must perform the authentication process, the authentication process is restricted to a single radio communication channel, the load for performing the authentication process of a single train can be reduced, and the load applied to the ground train control unit that controls the plurality of trains traveling on one railroad track can be reduced.
- Further according to the present invention, the radio wave status of the plurality of radio communication channels and the apparatus status of the on-train radio control unit is monitored by the supervising system of the on-train radio control unit, and by determining the single radio communication channel for performing the authentication process and starting the authentication process, the radio wave status of the plurality of radio communication channels and the apparatus status of the on-train radio control unit can be monitored efficiently, and the authentication process can be started efficiently, compared to the system in which a plurality of on-train radio control units monitor the status respectively.
- The present invention can further be equipped with an authentication retry function that disconnects and terminates the authentication process if the authentication process is not completed within a certain period of time or if the radio communication is disconnected during the authentication process, and selects another radio communication channel to retry the authentication process by the supervising system so as to switch the radio communication channel for retrying the authentication request and the authentication process. Thus, even if the radio communication status or the radio transmitter/antenna status is not good, the radio communication can be switched to another radio communication channel to execute the authentication process, and the plurality of radio communication channels can be used effectively in a state where the authentication process is required.
- Further according to the present invention, when the authentication process is completed via a single radio communication channel, data communication of the on-train radio control unit in the train control system is accepted, and the supervising system of the on-train radio control unit shares the authentication completion information and the encryption key with other radio communication channels, so that data communication via the remaining radio communication channels is also accepted and started, and the data communication of the train control system can be started. Thereby, the security of data encryption of the radio communication channels not having performed the authentication process is also ensured. In other words, all the data on the plurality of radio communication channels between the ground train control unit and a single train is protected by the same encryption key as the authentication process, and the present invention enables to overcome the drawback of the prior art having to distribute different encryption keys and increasing the decryption process load of the ground train control unit.
-
-
FIG. 1 is a system configuration diagram illustrating the on-train and ground-based systems according toembodiment 1 of the present invention; -
FIG. 2 is a flow chart of data communication of radio communication channels according toembodiment 1 of the present invention; -
FIG. 3 is a chart of the flow during authentication process of apparatuses according toembodiment 1 of the present invention; and -
FIG. 4 is a flow chart of the data communication during the authentication process on the radio communication channel according toembodiment 1 of the present invention. - Now, we will describe the preferred embodiments of the present invention.
- According to a representative preferred embodiment of the present invention, the data sent on the radio communication channels are encrypted for confidentiality. The plurality of radio communication channels formed between a single train and a ground train control unit use the same encryption key to encrypt the same control data, so that identical information are transmitted via the respective radio communication channels. There are a plurality of communication channels established between the ground train control unit and a single train, but since the same control data are encrypted using the same encryption key, the data sent via the plurality of radio communication paths will be the same. By adopting a system in which a radio communication channel preferentially used for data is set in advance, and when the radio communication path is disconnected or when an invalid data is received, the data sent via another radio communication channel is used for control, it becomes possible to prevent the transmission and reception of data, train control and train administration data sent via the plurality of radio communication channels from becoming extremely long and complicated.
- An authentication process is performed to prevent impersonation access from the exterior of the system to the radio transmission channels. Through the authentication process, the encryption key generated by the ground train control unit is notified to the on-train control unit. When starting up the train, when entering the system, and each time when the encryption key is updated periodically while the train is moving, the authentication process is performed between the train and the ground train control unit.
- The authentication process recognizes the authentication request from the train via the radio communication path, and determines whether or not to accept access of the train to the system. When access is accepted, an encryption key used for encrypting the data on the radio communication channel is notified to the train. If authentication requests are sent via each of the plurality of radio communication channels between the ground train control unit and a single train, the ground train control unit must receive a large number of authentication requests corresponding to the number of radio communication channels to authenticate only a single train, so that when it is necessary to authenticate multiple trains, the process to be performed at the ground train control unit will become too complex and the load will become excessive. By restricting the number of radio communication channels subjected to authenticationprocesstoone, and having only one authentication request for a single radio communication channel to be output per a single train, the process load of the ground train control unit can be reduced.
- There is a possibility that data communication on the radio communication channel cannot be performed such as due to radio wave interference caused by noise, differences in radio wave property due to installation positions of the antennas, the distance between the ground base station, the malfunction of the radio communication control unit or the antenna, and so on. The present system corresponds to such data communication malfunction by establishing a plurality of radio communication channels.
- Though the authentication process is performed on a single radio communication channel, if the above-mentioned problems causing defective data communication occurs and the radio communication control unit cannot perform the authentication process, switching among the plurality of radio communication channels is performed for example by the following processes:
- (A) If the authentication process is not completed within a fixed period of time, the on-train control unit switches the authentication process/ authentication request to another radio communication system.
- (B) The on-train control unit designates the radio communication channel for performing the authentication process by recognizing the data communication statuses such as the apparatus status of the radio communication control unit and the status of the radio communication.
- According to a representative embodiment of the present invention, data communication is performed via a plurality of radio communication channels established between the on-train control unit of a single train and the ground train control unit, so as to ensure the redundancy of data communication. Further, by executing a security authentication between the on-train and ground train control units using a single radio communication channel out of the plurality of radio communication channels, it becomes possible to perform a secure and appropriate authentication effectively, and by sharing the encryption key obtained in the security authentication process with other radio communication channels when data communication is started, security of data can be guaranteed in the redundant radio communication channels.
- The authentication process performed when starting up the train, when entering the system and when updating the encryption key is performed by selecting one of the plurality of radio communication paths, so that even if the radio communication status or the statuses of the radio transmitter or the antenna is not good, the authentication process can be performed by switching to another radio communication channel, so that the plurality of radio transmission channels can be used effectively in such a state where authentication process is necessary.
- Compared to the case where the authentication process is performed for all the radio communication channels, the present system restricts the authentication process to be performed by only a single radio communication channel, so that the load of the authentication process is very small. Therefore, the load on the ground train control unit that controls the large number of trains on a single track can be effectively reduced.
- When an authentication process is performed for all the plurality of radio communication channels, the channels will have various different encryption keys, and the load of the decryption process by the ground train control unit becomes excessive. However, according to the present invention in which the train is authenticated using a single radio communication channel, the encryption key obtained via the authentication process by the on-train control unit is distributed and shared with other on-train control units, so that the data encryption of the radio communication channels that did not perform authentication process will also be security-ensured. In other words, all the data communicated on the plurality of radio communication channels between the ground train control unit and a single train are protected by the same encryption key as that used in the authentication process.
- Now, the preferred embodiment of the present invention will be described in detail with reference to the drawings.
-
FIG. 1 is a diagram showing the on-train and ground train control units according toembodiment 1 of the present invention. InFIG. 1 , the ground-based facilities include a groundtrain control unit 10 that generates information to atrain 90 accompanying the bidirectional data communication with thetrain 90, and a ground train radiocommunication apparatus AP 111 for realizing radio communication (hereinafter referred to as ground train radio control apparatus: AP). A supervisingsystem AP master 14 of the plurality of ground train radio control units that exist along the railroad tracks is arranged between the groundtrain control unit 10 and theAP 111. - In
FIG. 1 , an on-train control unit 12 functioning as the supervising system of thetrain 90 and an on-train radiocontrol unit STA 131 for performing radio communication (hereinafter referred to as on-train radio control unit: STA) are provided as the train-based facilities. According to the present embodiments, four STAs,STA 131,STA 132,STA 133 andSTA 134 are disposed on atrain 90, with four radio communication channels formed between the on-train control unit 12 and the groundtrain control unit 10. Here, each STA has established radio communication channels with theAP 111,AP 112,AP 113 andAP 114. - The respective radio communication channels use different channels (CH), and when the on-train radio
control units STA 131,STA 132,STA 133 andSTA 134 each having anantenna 8 communicate with the base-stations AP 111,AP 112,AP 113 andAP 114 having different installationenvironments and each having anantenna 8, the environments of the radio communication channels are set to be varied, so that when the radio transmission path is disconnected due to radio wave environment or the status of operation of the on-train radio communication system STA, the data from another on-train radio communication system STA is used for processing data of the on-train control unit 12. -
FIG. 2 is a data communication flow chart of the radio communication channel according toembodiment 1 of the present invention. InFIG. 2 , thetrain 90 communicates data with the ground-based facility. The information that the groundtrain control unit 10 wishes to send to a single train is at first transmitted to theAP master 14. The information having been subjected to encryption process in theAP master 14 is then send to each of theAPs 111 through 114. EachAP 111 through 114 transmits the encrypted train control information to eachSTA 131 through 134 having established radio communication, respectively, and eachSTA 131 through 134 having received the data sends the decrypted data to the on-train control unit 12. - When data is to be sent from the
train 90 to the ground, the on-train control unit 12 hands over the data that must be sent to the ground to eachSTA 131 through 134. EachSTA 131 through 13 encrypts the data and sends the data to eachAP 111 through 114 having established radio communication channels. TheAP 111 through 114 notifies the received data to theAP master 14, and theAP master 14 decrypts the data. The decrypted data from the on-train control unit 12 is notified from theAP master 14 to the groundtrain control unit 10. - The on-
train control unit 12 usually uses data from a single STA for control, but if data reception error such as the missing of data or missing of data update occurs, or if data disconnection of the radio communication channel occurs, the data received by other STA are used for control. This redundancy of radio communication channels enables to prevent data from the groundtrain control unit 10 from being discontinued. - The radio communication channels are open networks, so that the data must be encrypted to ensure confidentiality of the data. The encryption key required for the encryption is generated by the ground
train control unit 10 per eachtrain 90, and during the authentication process performed during start up of the train or the system entry of the train, the key is handed over from the groundtrain control unit 10 to the on-train control unit 12. -
FIG. 3 is a flowchart showing the authentication process performed among the various apparatuses according toembodiment 1 of the present invention. At first, the on-train control unit 12 generates a random number. The on-train control unit 12 selects anSTA 13 for performing authentication, and outputs an authentication request by handing over the generated random number. TheSTA 13 transmits the random number to theAP master 14 via a radio communication channel. TheAP master 14 encrypts the random number using an authentication key shared in advance by theSTA 13 and theAP master 14. The data is sent to theSTA 13, and theSTA 13 decrypts the same. Once more, theSTA 13 receives the random number again from the on-train control unit 12 that had been received previously, and compares the same with the random number that had been encrypted and decrypted using the authentication key so as to confirm that they match. - Next, the ground
train control unit 10 generates a random number. The groundtrain control unit 10 hands over the generated random number to theAP master 14. TheAP master 14 transmits the random number to theSTA 13 usingAP 11 having a secured radio communication channel that is performing authentication process. TheSTA 13 encrypts the random number using an authentication key shared in advance by theSTA 13 and theAP master 14. The data is sent to theAP master 14, and theAP master 14 decrypts the same. Once more,theAPmaster 14 receives the random number again from the groundtrain control unit 10 that had been received previously, and compares the same with the random number that had been encrypted and decrypted using the authentication key, so as to confirm that they match. - Once the matching of the random numbers is confirmed by the two sets of random number encryption-decryption sequences mentioned above, the authentication is completed, and the ground
train control unit 10 encrypts the encryption key determined uniquely for each train, which is notified to the on-train control unit 12 via the radio communication channel established between theAP master 14 and theSTA 13. - The on-
train control unit 12 subjects the encryption key received at the time of completion of authentication to a sharing process to share the same with other STAs not subjected to the authentication process, and then notifies that the authentication has completed. Thereby, radio communication using all four STAs is started. -
FIG. 4 is a data communication flow chart illustrating the authentication process performed using radio communication channels according toembodiment 1 of the present invention. InFIG. 4 ,STA 131 is performing the authentication process. The authentication process is performed using a singleradio communication channel 41 via the process shown inFIG. 3 . When the authentication process is not completed within a certain period of time, if the radio communication status is deteriorated during the procedure, or if theSTA 131 malfunctions, the on-train control unit 12 performs an discontinuation-termination process of the authentication process, and outputs an authentication process request toSTA 132 so as to switch the STA performing the authentication process. This arrangement constitutes an authentication retry function. - The encryption key notified from the ground
train control unit 10 through the authentication process is shared via the on-train control unit 12 withother STAs - The authentication is performed using a single wire communication channel and single STA. If the authentication is not completed within a certain period of time and the authentication key is not notified to the on-
train control unit 12, the system is equipped with a retry function to perform an authentication discontinuation-termination process so as to switch the authentication request to another STA to retry the authentication. - According to the above-described system of the present invention, even if only a single radio communication channel is used to perform authentication and the radio communication status is deteriorated or the STA malfunctions, the authentication process can be performed by switching the STA used for authentication.
- If the present invention is not applied and the authentication process must be performed for each of the plurality of radio communication channels, the authentication process must be performed for four times per a single train, and the process load of the
AP master 14 and the groundtrain control unit 10 becomes excessive. - Further, if the present invention is not applied and the radio communication status of the target radio communication channel is not good so that authentication process cannot be performed, data communication cannot be performed until the radio communication status is improved. In such case, the on-
train control unit 12 must perform an authentication process corresponding to the radio communication status in addition to performing the train control based on the communicated data, and the performance load of the system becomes excessive. - By applying the train control unit according to
embodiment 1 of the present invention to perform the authentication process using an STA administering a single radio communication channel and share the encryption key obtained through the authentication process with other STAs administering other radio communication channels, the STAs not having performed the authentication process can also share the encryption key to perform encryption anddecryptionofdata. Thus, even in STAs not having established radio communication during the authentication process can share the encryption key after the authentication of a single STA has completed, so that when radio communication has been established while the train is moving, encrypted data can be communicated immediately. - The present invention is applicable to signaling systems for moving vehicles such as railway cars, monorails and light rail transits (LRT). The present invention is applicable not only to railway cars, but also to systems aimed at performing highly reliable transmission on an open network by adopting redundant data communication using a plurality of radio communication channels.
Claims (7)
- A train control system establishing radio communication between a plurality of on-train radio control apparatuses moving on a predetermined path and a plurality of ground train radio control units disposed along a predetermined path, so as to establish parallel simultaneous radio communications on a plurality of radio communication channels of various communication frequencies between the plurality of on-train radio communication apparatuses and the plurality of ground train radio control units, characterized in that
one radio communication channel is selected out of the plurality of radio communication channels to perform an authentication request and an authentication process, wherein an encryption key obtained by the authentication process is used as a common encryption key shared by the plurality of on-train radio control units to encrypt data communication between the plurality of on-train radio control units and the plurality of ground train radio control units. - The train control system according to claim 1, wherein the authentication request and the authentication process required at the time of entry of the on-train radio control unit to the train control system or at the initial start up of the on-train radio control unit are performed by switching the selected radio communication channels.
- The train control system according to claim 2, wherein a supervising system of the on-train radio control unit for selecting a single radio communication channel and performing the authentication request generates a random number for the authentication process, and hands over the random number to only the radio communication channel for performing the authentication request and the authentication process.
- The train control system according to claim 2, wherein the data on the plurality of radio communication channels are encrypted using an encryption key generated by a ground train supervising system and notified via the ground train radio control unit to the on-train radio control unit, wherein the encryption key is notified from the ground train radio control unit while performing authentication of a single radio communication channel, and the supervising system of the ground train radio control unit shares the encryption key with other on-train radio control units to be used for encrypting data sent on other radio communication channels that have not performed authentication, so that the data sent on all the plurality of radio communication channels established between the on-train radio control units and the ground train radio control units can be encrypted.
- The train control system according to claim 1 or claim 2, wherein the supervising system of the on-train radio control unit observes the status of radio waves of a plurality of radio communication channels and the status of apparatuses of the on-train radio control units, so as to determine a single radio communication channel for performing the authentication process and to start the authentication process.
- The train control system according to claim 5, wherein the train control system is equipped with an authentication retry function in which if the authentication process is not completed within a certain period of time or if video communication is disconnected during the authentication process, the authentication process is discontinued and terminated, then the supervising system selects another radio communication channel to restart the authentication process, so as to switch the radio communication channel to retry the authentication request and the authentication process.
- The train control system according to claim 5, wherein when the authentication is completed via a single radio communication channel, data communication of the on-train radio control unit within the train control system is accepted, and the supervising system of the on-train radio control apparatus shares the authentication completion information and the encryption key with other radio communication channels, so that the data communication on the remaining radio communication channels are also accepted and started, by which the data communication of the train control system is activated.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2007240874A JP4471996B2 (en) | 2007-09-18 | 2007-09-18 | Train control system |
Publications (2)
Publication Number | Publication Date |
---|---|
EP2039583A1 true EP2039583A1 (en) | 2009-03-25 |
EP2039583B1 EP2039583B1 (en) | 2011-08-03 |
Family
ID=39962735
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP08252720A Not-in-force EP2039583B1 (en) | 2007-09-18 | 2008-08-15 | Railway radio control system |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP2039583B1 (en) |
JP (1) | JP4471996B2 (en) |
CN (1) | CN101391616B (en) |
AT (1) | ATE518718T1 (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102209366A (en) * | 2010-03-31 | 2011-10-05 | 中兴智能交通(无锡)有限公司 | Vehicle-mounted communication method and system |
RU2444455C2 (en) * | 2010-06-03 | 2012-03-10 | Открытое Акционерное Общество "Российские Железные Дороги" | Data transmission system for controlling train movement in tunnel |
WO2012136525A1 (en) * | 2011-04-05 | 2012-10-11 | Siemens Aktiengesellschaft | Key management system and method for a train protection system |
DE102011084344A1 (en) * | 2011-10-12 | 2013-04-18 | Siemens Aktiengesellschaft | Method for optimizing the runtime for packet-oriented mobile transmission of data telegrams |
DE102011118076A1 (en) * | 2011-11-04 | 2013-05-08 | Airbus Operations Gmbh | Method for significantly increasing the availability of wireless connections |
US9128815B2 (en) | 2013-01-14 | 2015-09-08 | Thales Canada Inc | Control system for vehicle in a guideway network |
DE102014226902A1 (en) * | 2014-12-23 | 2016-01-14 | Siemens Aktiengesellschaft | Establishing a secure data transmission connection in rail traffic |
EP2939901A4 (en) * | 2012-12-28 | 2016-09-21 | Toshiba Kk | Train control system and train control method |
EP2874860B1 (en) | 2012-10-04 | 2016-11-02 | Siemens Aktiengesellschaft | Operating system for operating functional units in a rail vehicle |
WO2019076032A1 (en) * | 2017-10-20 | 2019-04-25 | 北京全路通信信号研究设计院集团有限公司 | Method and system for classified storage of keys |
EP3495233A4 (en) * | 2016-08-04 | 2019-11-06 | Mitsubishi Electric Corporation | Wireless train control system and wireless train control method |
WO2019242967A1 (en) * | 2018-06-19 | 2019-12-26 | Siemens Mobility GmbH | Method for data transfer within a rail vehicle and/or between the rail vehicle and at least one external unit, communication system, rail vehicle and unit |
US11420662B2 (en) | 2016-11-17 | 2022-08-23 | Hitachi Rail Sts S.P.A. | Device and method for the safe management of vital communications in the railway environment |
Families Citing this family (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
RU2011104435A (en) * | 2011-02-09 | 2012-08-20 | Закрытое акционерное общество "АЭРО-КОСМИЧЕСКИЕ ТЕХНОЛОГИИ" (RU) | PASSENGER TRAIN SECURITY AND COMMUNICATION SYSTEM |
DE102011083122A1 (en) | 2011-09-21 | 2013-03-21 | Siemens Aktiengesellschaft | Method for operating a vehicle-side receiving device of a train control system and vehicle-side receiving device |
CN102497429B (en) * | 2011-12-13 | 2014-08-06 | 南京恩瑞特实业有限公司 | Multi-redundancy processing method for train-ground data transmission in rail transit |
CN103052030B (en) * | 2012-12-10 | 2016-05-11 | 成都瑞杰斯特科技有限公司 | Train-installed communication network reconnection method and reconnecting system |
JP6001467B2 (en) * | 2013-01-28 | 2016-10-05 | 株式会社日立製作所 | Signal security system |
JP6051092B2 (en) * | 2013-04-15 | 2016-12-27 | 株式会社日立製作所 | Train control system |
JP6241067B2 (en) * | 2013-05-16 | 2017-12-06 | 三菱電機株式会社 | Wireless device |
DE102014204146A1 (en) * | 2014-03-06 | 2015-09-10 | Siemens Aktiengesellschaft | Method for controlling a rail vehicle connected to a CBTC system and CBTC system having at least one rail vehicle |
CN104768151B (en) * | 2015-04-16 | 2018-04-20 | 北京交通大学 | Access key amending method based on vehicle-ground wireless communication system |
CN105025479B (en) * | 2015-07-27 | 2019-03-05 | 北京交通大学 | Vehicle-ground wireless communication of urban railway transport system authentication key configures system and method |
CN105142137B (en) * | 2015-07-27 | 2018-10-12 | 北京交通大学 | Vehicle-ground wireless communication of urban railway transport system authentication key configures system and method |
US11044603B2 (en) | 2016-04-28 | 2021-06-22 | Mitsubishi Electric Corporation | On-vehicle device, ground data-managing device, ground-to-vehicle communication security system, and ground-to-vehicle communication method |
CN106347413B (en) * | 2016-09-27 | 2019-06-21 | 中车青岛四方机车车辆股份有限公司 | A kind of single cab signal host control vehicle method and system |
US20190359235A1 (en) * | 2017-02-10 | 2019-11-28 | Mitsubishi Electric Corporation | On-board wireless system |
KR102185389B1 (en) * | 2018-10-29 | 2020-12-01 | 한국철도기술연구원 | Railway Vehicle Remote Test System |
EP3976441A4 (en) * | 2019-05-31 | 2023-01-25 | Hitachi, Ltd. | Train control system, train control device, and train control method |
CA3151398A1 (en) * | 2019-10-17 | 2021-04-22 | Thales Canada Inc. | Method for cbtc system migration using autonomy platform |
CN111148073B (en) * | 2020-04-03 | 2020-07-31 | 北京全路通信信号研究设计院集团有限公司 | Secret key management method and system for train-ground communication transmission information |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE4310644A1 (en) * | 1993-04-01 | 1994-10-06 | Deutsche Aerospace | Method for reducing the bit error rate in the transmission of digital data via radio and arrangement for carrying out the method |
WO1998041435A1 (en) | 1997-03-19 | 1998-09-24 | Hitachi, Ltd. | Method and system for controlling train by radio |
JP2006129432A (en) | 2004-09-30 | 2006-05-18 | Hitachi Ltd | Method of updating encryption key in distributed environment, encryption key updating system, authentication server constituting the encryption key updating system, mobile object, and radio base station |
US20070028099A1 (en) * | 2003-09-11 | 2007-02-01 | Bamboo Mediacasting Ltd. | Secure multicast transmission |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4371629B2 (en) * | 2002-04-25 | 2009-11-25 | 日本電気株式会社 | Group encryption communication method, authentication method, computer and program |
JP2005318448A (en) * | 2004-04-30 | 2005-11-10 | Yahata Denki Sangyo Kk | Inductive loop type radio communications system |
JP2007013754A (en) * | 2005-07-01 | 2007-01-18 | Matsushita Electric Ind Co Ltd | Base station, mobile station, server, and mobile communication system using them |
JP4710579B2 (en) * | 2005-12-06 | 2011-06-29 | 日本電気株式会社 | Train radio interference avoidance system and in-train radio terminal |
-
2007
- 2007-09-18 JP JP2007240874A patent/JP4471996B2/en not_active Expired - Fee Related
-
2008
- 2008-08-15 AT AT08252720T patent/ATE518718T1/en not_active IP Right Cessation
- 2008-08-15 EP EP08252720A patent/EP2039583B1/en not_active Not-in-force
- 2008-08-20 CN CN2008102110778A patent/CN101391616B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE4310644A1 (en) * | 1993-04-01 | 1994-10-06 | Deutsche Aerospace | Method for reducing the bit error rate in the transmission of digital data via radio and arrangement for carrying out the method |
WO1998041435A1 (en) | 1997-03-19 | 1998-09-24 | Hitachi, Ltd. | Method and system for controlling train by radio |
EP0970868A1 (en) * | 1997-03-19 | 2000-01-12 | Hitachi, Ltd. | Method and system for controlling train by radio |
US20070028099A1 (en) * | 2003-09-11 | 2007-02-01 | Bamboo Mediacasting Ltd. | Secure multicast transmission |
JP2006129432A (en) | 2004-09-30 | 2006-05-18 | Hitachi Ltd | Method of updating encryption key in distributed environment, encryption key updating system, authentication server constituting the encryption key updating system, mobile object, and radio base station |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102209366B (en) * | 2010-03-31 | 2013-09-18 | 中兴智能交通(无锡)有限公司 | Vehicle-mounted communication method and system |
CN102209366A (en) * | 2010-03-31 | 2011-10-05 | 中兴智能交通(无锡)有限公司 | Vehicle-mounted communication method and system |
RU2444455C2 (en) * | 2010-06-03 | 2012-03-10 | Открытое Акционерное Общество "Российские Железные Дороги" | Data transmission system for controlling train movement in tunnel |
WO2012136525A1 (en) * | 2011-04-05 | 2012-10-11 | Siemens Aktiengesellschaft | Key management system and method for a train protection system |
DE102011084344A1 (en) * | 2011-10-12 | 2013-04-18 | Siemens Aktiengesellschaft | Method for optimizing the runtime for packet-oriented mobile transmission of data telegrams |
DE102011118076A1 (en) * | 2011-11-04 | 2013-05-08 | Airbus Operations Gmbh | Method for significantly increasing the availability of wireless connections |
DE102011118076B4 (en) | 2011-11-04 | 2024-04-18 | Airbus Operations Gmbh | Methods to significantly increase the availability of wireless connections |
US10624026B2 (en) | 2011-11-04 | 2020-04-14 | Airbus Operations Gmbh | Method for considerably enhancing the availability of wireless connections |
US9950719B2 (en) | 2012-10-04 | 2018-04-24 | Siemens Aktiengesellschaft | Operator control system for operator control of functional units for a rail vehicle |
EP2874860B1 (en) | 2012-10-04 | 2016-11-02 | Siemens Aktiengesellschaft | Operating system for operating functional units in a rail vehicle |
EP2939901A4 (en) * | 2012-12-28 | 2016-09-21 | Toshiba Kk | Train control system and train control method |
US9128815B2 (en) | 2013-01-14 | 2015-09-08 | Thales Canada Inc | Control system for vehicle in a guideway network |
DE102014226902A1 (en) * | 2014-12-23 | 2016-01-14 | Siemens Aktiengesellschaft | Establishing a secure data transmission connection in rail traffic |
EP3495233A4 (en) * | 2016-08-04 | 2019-11-06 | Mitsubishi Electric Corporation | Wireless train control system and wireless train control method |
US11117601B2 (en) | 2016-08-04 | 2021-09-14 | Mitsubishi Electric Corporation | Radio train control system and radio train control method |
US11420662B2 (en) | 2016-11-17 | 2022-08-23 | Hitachi Rail Sts S.P.A. | Device and method for the safe management of vital communications in the railway environment |
WO2019076032A1 (en) * | 2017-10-20 | 2019-04-25 | 北京全路通信信号研究设计院集团有限公司 | Method and system for classified storage of keys |
WO2019242967A1 (en) * | 2018-06-19 | 2019-12-26 | Siemens Mobility GmbH | Method for data transfer within a rail vehicle and/or between the rail vehicle and at least one external unit, communication system, rail vehicle and unit |
Also Published As
Publication number | Publication date |
---|---|
ATE518718T1 (en) | 2011-08-15 |
JP2009067357A (en) | 2009-04-02 |
CN101391616A (en) | 2009-03-25 |
CN101391616B (en) | 2011-04-06 |
EP2039583B1 (en) | 2011-08-03 |
JP4471996B2 (en) | 2010-06-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2039583B1 (en) | Railway radio control system | |
JP3269635B2 (en) | Wireless train control method and wireless train control system | |
JP6092548B2 (en) | Radio system and train control system | |
KR101852048B1 (en) | communication system for tracked vehicle | |
CN110366518B (en) | Ad-hoc communication network | |
US20200139995A1 (en) | Secure locomotive communication system | |
Lakshminarayana et al. | Signal jamming attacks against communication-based train control: Attack impact and countermeasure | |
CN111148073B (en) | Secret key management method and system for train-ground communication transmission information | |
JP5016394B2 (en) | Wireless control security system | |
JPH08316899A (en) | Train radio system and mobile station | |
JP5503692B2 (en) | Wireless control security system | |
EP3495233B1 (en) | Wireless train control system and wireless train control method | |
EP3219575B1 (en) | Method for securing the exchange of authentication keys and associated key management module | |
JP2009049738A (en) | Train control system by radio | |
JP2018056736A (en) | Radio system for radio type train control system | |
US11958519B2 (en) | Method for operating a railway system, and vehicle of a railway system | |
US20220007186A1 (en) | Secure Vehicle Communication System | |
CN1756149B (en) | Cipher key updating method of dispersible environment and its system | |
JP2009137555A (en) | Train control system | |
KR102287253B1 (en) | Communication switching technology in case of error of direct communication between adjacent trains | |
CN115297475B (en) | Quantum key distribution method for rail transit system | |
US6574466B2 (en) | Method of securing transmission of information utilizing time variant techniques with error detecting code | |
KR20000076389A (en) | Method and system for controlling train by radio | |
KR102322903B1 (en) | Interworking method for mitigation of interference between unlicensed communication for train operation and unlicensed communication for passenger service | |
RU2784101C1 (en) | Train traffic control system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20080903 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL BA MK RS |
|
17Q | First examination report despatched |
Effective date: 20090903 |
|
AKX | Designation fees paid |
Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: B61L 3/22 20060101AFI20101104BHEP Ipc: H04W 12/04 20090101ALN20101104BHEP |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP Ref country code: CH Ref legal event code: NV Representative=s name: TROESCH SCHEIDEGGER WERNER AG |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: T3 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602008008589 Country of ref document: DE Effective date: 20110929 |
|
REG | Reference to a national code |
Ref country code: SE Ref legal event code: TRGR |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20110803 |
|
LTIE | Lt: invalidation of european patent or patent extension |
Effective date: 20110803 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20110803 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20110803 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20110803 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20111103 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20111205 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20111203 |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 518718 Country of ref document: AT Kind code of ref document: T Effective date: 20110803 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20110803 Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20110803 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20110803 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20111104 Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20110803 Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20110803 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20110831 Ref country code: BE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20110803 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20110803 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20110803 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: MM4A |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20110803 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20110803 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20110803 |
|
26N | No opposition filed |
Effective date: 20120504 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20110815 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602008008589 Country of ref document: DE Effective date: 20120504 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20111114 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20110815 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20111103 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20110803 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20110803 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 9 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 10 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 11 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: NL Payment date: 20210716 Year of fee payment: 14 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: IT Payment date: 20210712 Year of fee payment: 14 Ref country code: FR Payment date: 20210715 Year of fee payment: 14 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: CH Payment date: 20210816 Year of fee payment: 14 Ref country code: SE Payment date: 20210810 Year of fee payment: 14 Ref country code: DE Payment date: 20210706 Year of fee payment: 14 Ref country code: GB Payment date: 20210707 Year of fee payment: 14 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R119 Ref document number: 602008008589 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: SE Ref legal event code: EUG |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MM Effective date: 20220901 |
|
GBPC | Gb: european patent ceased through non-payment of renewal fee |
Effective date: 20220815 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20220816 Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20220831 Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20220831 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NL Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20220901 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IT Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20220815 Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20220831 Ref country code: DE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20230301 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GB Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20220815 |