EP2115703B1 - Tachygraphe - Google Patents
Tachygraphe Download PDFInfo
- Publication number
- EP2115703B1 EP2115703B1 EP08707898.6A EP08707898A EP2115703B1 EP 2115703 B1 EP2115703 B1 EP 2115703B1 EP 08707898 A EP08707898 A EP 08707898A EP 2115703 B1 EP2115703 B1 EP 2115703B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- tachograph
- functional unit
- data
- tco
- chip card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 239000008186 active pharmaceutical agent Substances 0.000 claims description 10
- 238000000034 method Methods 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 4
- 230000008569 process Effects 0.000 claims description 2
- 230000006870 function Effects 0.000 description 12
- 230000008901 benefit Effects 0.000 description 10
- 238000012545 processing Methods 0.000 description 10
- 238000011156 evaluation Methods 0.000 description 9
- 230000004913 activation Effects 0.000 description 6
- 238000001514 detection method Methods 0.000 description 5
- 238000012546 transfer Methods 0.000 description 5
- 230000001419 dependent effect Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 238000012423 maintenance Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000001131 transforming effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C5/00—Registering or indicating the working of vehicles
- G07C5/08—Registering or indicating performance data other than driving, working, idle, or waiting time, with or without registering driving, working, idle or waiting time
- G07C5/0841—Registering performance data
- G07C5/085—Registering performance data using electronic data carriers
- G07C5/0858—Registering performance data using electronic data carriers wherein the data carrier is removable
Definitions
- the invention relates to a tachograph and in particular a digital tachograph.
- Such a digital tachograph can be installed in a vehicle, in particular in a truck, for storing a driving speed of the vehicle and a travel time of the vehicle for a later evaluation of this data.
- the tachograph is safety certified and provides a secure environment for processing and storing the data.
- security-certified cryptographic algorithms are used to store the data securely, that is to say protected against manipulation.
- a method and apparatus for use control of a vehicle or multiple vehicles are disclosed.
- Various parameters are collected for the purpose of later use, which are representative of a use of the vehicle. Capturing requires prior use of a confidential identification code.
- the identification code also controls the possibility of operating the vehicle.
- the apparatus comprises a read / write device for reading or writing a chip card and a keyboard for inputting the identification code, with which the use of the chip card is authorized.
- DE 102 10 320 A1 is a method of dual recording for driving time control in trucks revealed.
- a driver chip card and a truck chip card can be inserted.
- Each driver receives a unique driver identification as proof of entitlement in the form of the driver chip card issued by the relevant authorities.
- each truck receives a truck identification as a proof of eligibility in Form of truck chip card, which is also issued by the authorities.
- both smart cards In order to drive, both smart cards must be inserted in the smart card reader / writer.
- the identifications which are stored on the respective chip card are transmitted in encrypted form to the chip card reader / writer.
- WO 97/13208 A1 is an electronic logbook disclosed.
- a removable module with non-volatile memory is used for storing secured data packets.
- a driver gains access by voice input or by entering a password or biometric feature after inserting the memory.
- Driver-specific data is used to decrypt a secret or private key of a key pair for public-key encryption.
- the data to be recorded is stored as the secure data packets with digital signatures formed by encrypting a digital hash value with the secret key.
- the tachograph includes a transfer module for transforming a request command into a form according to a data transfer protocol and for encrypting the protocol compliant data signals and passing them to a data signal interface.
- the request command passes through the data signal interface via data line to the sensor.
- a correspondingly reversed path with essentially inverse operations takes a data signal from the sensor to a data signal evaluation module of the tachograph.
- US 2003/0194088 A1 is a method of transferring data between components of system electronics of a mobile system.
- the components include and communicate via an encryption device or a decryption device through real-time encryption and decryption of the data.
- the object of the invention is to provide a tachograph that is easy and versatile.
- the invention is characterized by a tachograph comprising at least one chip card reading unit.
- the at least one chip card reading unit can be supplied with at least one chip card with secure memory and secure data transmission.
- At least one user-defined identification information that is independent of an identification information predetermined for a predetermined operation of the tachograph is securely stored on the at least one chip card.
- the tachograph is configured to authenticate the at least one smart card depending on the at least one user-defined identification information and secure data from the at least one Chip card to read and / or data saved on the at least one smart card.
- the invention is based on the recognition that the tachograph is designed to be very secure for its predetermined operation and that this security of the tachograph is not only useful for the predetermined operation of the tachograph, but is also advantageous for other applications.
- the specified operation of the tachograph is specified by an institution, in particular a state institution, and / or is prescribed by a statutory provision or regulation.
- the predetermined operation of the tachograph comprises in particular the safe storage of driving data for a later evaluation, in particular a driving speed and a driving time.
- the secure storage takes place so that the stored data is protected against unauthorized manipulation and that a manipulation of the data is reliably recognizable.
- the secure storage includes, for example, determining a digital signature of the data and possibly a digital encryption of the data.
- the secure memory includes, for example, a secure keystore and / or a secure memory.
- the data may also include the user-defined identification information or components thereof.
- the predetermined for the given operation of the tachograph identification information is specified by the institution and in particular the state institution and is stored for example on a so-called tachograph card or workshop card.
- the use of the tachograph card and the workshop card is limited to the specified operation of the tachograph or predetermined setup and maintenance of the tachograph in a workshop.
- the secure hardware and software of the tachograph can be independent of that for the given one Operation of the tachograph predetermined identification information for custom applications to use.
- Such a custom application is, for example, the secure storage of additional data by the tachograph, which are not required for the specified operation of the tachograph.
- the advantage is that for the custom applications that use the tachograph's secure and preferably security-certified hardware and software, there is no need to provide separate components or units that enable authentication and / or data to be securely read and / or data saved save. This can save costs.
- the user-defined identification information comprises, for example, at least one cryptographic key, in particular a private key for digital signing or for use with an asymmetric encryption and decryption algorithm or a key for use with a symmetric encryption and decryption algorithm, and / or at least one digital certificate and / or at least one user identifier, for example a customer identifier or workshop identifier, and / or at least one user group identifier.
- the user-defined identification information enables secure identification of, for example, a user, for example, a driver, a customer, a company or a workshop.
- the data that is stored securely stored by the at least one smart card and / or saved on the at least one smart card may also include the user-defined identification information or components thereof, such as the user ID or a public key for asymmetric encryption.
- the user-defined identification information may be provided, for example, by the company that uses the tachograph in one of its vehicles or by a vehicle manufacturer that equips the vehicle with the tachograph. can define independently of the predetermined for the given operation of the tachograph identification information and suitable for each intended application, for example, by its own digital certificate, own cryptographic keys, own user IDs and so on.
- the at least one chip card can be used, for example, for a secure reading out and transfer of configuration data of the tachograph, for example to another tachograph, without the need for the workshop card.
- the error rate of the configuration can be reduced in this way. It is also possible to register and store the presence of the at least one chip card in the chip card reading unit.
- the at least one user-defined identification information encodes at least one access right to at least one functional unit and / or at least one right of use of the at least one functional unit.
- the tachograph is designed to permit or prohibit access to at least one functional unit and / or use of the at least one functional unit, depending on the at least one user-defined identification information.
- the at least one functional unit may be encompassed by the tachograph or disposed externally to it in the vehicle.
- the at least one functional unit includes, for example, a secure memory in the tachograph, a data acquisition unit for securely acquiring and storing user-defined data in the tachograph, an immobilizer in the vehicle, a communication unit in the vehicle for, for example, transmitting data stored in the tachograph to a vehicle-external computing unit, for example via a radio link.
- the advantage is that the at least one functional unit can only be accessed by authorized users or user groups.
- the at least one functional unit can, for example, only be used by authorized users or user groups if the functional unit is enabled by the chip card with corresponding user-defined identification information.
- the security functionality of the at least one chip card and the tachograph with regard to authentication, storage and transmission of data can prevent abuse by unauthorized persons.
- the access right or the right to use comprises a time limit.
- the tachograph is designed to restrict an access time to the at least one functional unit or a service life of the at least one functional unit and / or to access the at least one functional unit or the use of the at least one functional unit only within one of the time limits to allow or prevent a given period of time.
- This has the advantage that the at least one functional unit can be released or locked for a limited time for access or use, for example, depending on the payment of a fee. This can provide additional functionality very easy and safe, that is protected against manipulation, be provided for a fee.
- the tachograph comprises at least one data interface for transmitting and / or receiving data to or from at least one functional unit of the vehicle.
- the tachograph is further configured to provide the at least one user-defined identification information or a component thereof to the at least one functional unit of the vehicle via the at least one data interface.
- the component of the user-defined identification information is, for example, the user identifier, the user group identifier and / or the public key. Provision is made for example by sending to the at least one functional unit, for example, depending on a predetermined event, for example, the insertion of the at least one smart card in the at least one smart card reading unit, or on request of at least one functional unit.
- the at least one functional unit of the vehicle depending on the user-defined identification information that is made available to the tachograph by the at least one chip card, provides its respective functionality in the vehicle.
- the user-defined identification information can be used, for example, for secure data transmission to or from the tachograph, to or from other functional units of the vehicle and / or to or from other units outside the vehicle, for example a personal computer.
- it can be provided to make it possible to check the presence of the at least one chip card in the tachograph by the at least one functional unit of the vehicle in this way. This can then provide their functionality, for example, only in the presence of at least one chip card for use available.
- a functional unit of the vehicle is, for example, an immobilizer.
- the tachograph is designed to provide the at least one user-defined identification information or the component thereof in a cryptographically verifiable manner by the at least one functional unit of the vehicle.
- the cryptographically verifiable provisioning comprises, for example, digitally signing the at least one user-defined identification information or the component thereof with the private key.
- the digital signature preferably comprises a time stamp and / or a sequence number.
- the digital signature is provided along with the at least one custom identification information or the component thereof.
- the at least one user-defined identification information or the component thereof can be easily and reliably checked by the at least one functional unit of the vehicle based on the digital signature and the public key, that is verifiable. As a result, the provision of the at least one user-defined identification information or the component thereof is reliably protected against manipulation.
- the tachograph comprises the at least one data interface for transmitting and / or receiving data to or from the at least one functional unit of the vehicle.
- the tachograph further comprises at least one provided for the predetermined operation of the tachograph cryptographic functional unit.
- the tachograph is configured to cryptographically process, by means of the at least one cryptographic functional unit, data that can be supplied to the tachograph from the at least one functional unit of the vehicle via the at least one data interface, depending on the at least one user-defined identification information for the at least one functional unit of the vehicle. or to safely store and / or safely provide.
- the cryptographic processing includes, for example, digitally signing and / or encrypting and / or decrypting and / or authenticating and / or negotiating a cryptographic key, in particular for use with a symmetric encryption and decryption algorithm, and / or secure storage and / or verification of the Integrity of data or related data structures and / or verification of the completeness of data and / or detection of so-called replay attacks and / or detection of changes in the data.
- the cryptographic functional unit is designed for the cryptographic processing of data. The advantage is that the secure hardware and software of the tachograph and in particular its cryptographic functional unit that meets high security requirements, not only by the tachograph itself usable, but also by the at least one functional unit of the vehicle is available.
- the negotiation of the cryptographic key comprises in particular the negotiation of a session key with limited validity.
- the negotiation is preferably done by using a private and a public key. Encrypting and / or decrypting data may also be dependent on such a session key. Furthermore, such a session key can also be used to determine a message authentication code.
- the invention is characterized by a tachograph comprising at least one data interface for transmitting and receiving data to or from at least one functional unit of a vehicle.
- the tachograph comprises at least one cryptographic functional unit provided for a predetermined operation of the tachograph.
- the tachograph is formed by means of the at least one cryptographic functional unit Data which can be supplied to the tachograph from the at least one functional unit of the vehicle via the at least one data interface for the at least one functional unit of the vehicle to be cryptographically processed and / or safely stored and / or securely provided.
- the cryptographic processing includes, for example, digitally signing and / or encrypting and / or decrypting and / or authenticating and / or negotiating a cryptographic key, in particular for use with a symmetric encryption and decryption algorithm, and / or secure storage and / or verification of the Integrity of data or related data structures and / or verification of the completeness of data and / or detection of so-called replay attacks and / or detection of changes in the data.
- the negotiation of the cryptographic key comprises in particular the negotiation of a session key with limited validity. The negotiation is preferably done by using a private and a public key. Encrypting and / or decrypting data may also be dependent on such a session key. Furthermore, such a session key can also be used to determine a message authentication code.
- the cryptographic functional unit is designed for the cryptographic processing of data.
- the invention is based on the recognition that the tachograph is designed to be very safe for its predetermined operation and that this safety of the tachograph is not only useful for the given operation of the tachograph, but also for other applications and in particular the at least one functional unit of the vehicle is advantageous .
- the specified operation of the tachograph is specified by an institution, in particular a state institution, and / or is prescribed by a statutory provision or regulation.
- the predetermined operation of the tachograph comprises in particular the safe storage of driving data for a later evaluation, in particular a driving speed and a driving time. The secure storage takes place so that the stored data is protected against unauthorized manipulation and that a manipulation of the data is reliably recognizable.
- the secure storage includes, for example, determining a digital signature of the data and possibly a digital encryption of the data.
- the secure memory includes, for example, a secure keystore and / or a secure memory. The signing and the encryption and decryption take place by means of the cryptographic functional unit.
- the advantage is that the secure hardware and software of the tachograph and in particular its cryptographic functional unit, which meets high security requirements, not only by the tachograph itself is usable, but also by the at least one functional unit of the vehicle is available. This can be safe and reliable. Furthermore, this can be particularly cost-effective because it does not require its own cryptographic functional unit.
- a tachograph TCO comprises at least one functional unit FE_TCO ( FIG. 1 ).
- the at least one functional unit FE_TCO of the tachograph TCO comprises in particular a computing unit CPU_TCO, a data acquisition unit DEE and at least one secure memory MEM_TCO.
- the at least one secure memory MEM_TCO comprises a secure key memory SMEM_TCO and / or a secure data memory DMEM_TCO.
- the secure key memory SMEM_TCO and the secure data memory DMEM_TCO can be configured separately or as a shared memory.
- the tachograph TCO can also comprise further functional units FE TCO, for example a real-time clock RTC.
- the real-time clock RTC is preferably arranged tamper-proof in the tachograph TCO and is designed to generate reliable and secure time stamps. The time stamps are particularly useful for a data recording of the data acquisition unit DEE.
- a wheel speed sensor RDS is arranged, which can be coupled to the tachograph TCO.
- the wheel speed sensor RDS is required for a given operation of the tachograph TCO, that is, in particular for the safe storage of driving data for a later evaluation, in particular a driving speed and a driving time.
- the data acquisition unit DEE is designed, for example, to detect the wheel speeds or travel speeds detected by the wheel speed sensor RDS and to store them safely in the secure data memory DMEM_TCO of the tachograph TCO for later evaluation, preferably together with the time stamps provided by the real time clock RTC.
- the tachograph TCO comprises at least one chip card reading unit CKLE. At least one chip card CK can be fed to the tachograph TCO via the at least one chip card reading unit CKLE.
- the at least one chip card CK may be a so-called tachograph card, which is required for the predetermined operation of the tachograph TCO, or may be a workshop card, for installation and maintenance work on the tachograph TCO is required in a workshop.
- the real-time clock RTC can only be set if the workshop card is inserted in the chip card reading unit CKLE.
- the at least one chip card CK can also be designed for a custom application. The custom application is independent of the specified operation of the tachograph TCO.
- the at least one chip card reading unit CKLE may comprise a mechanical interlock with which the respective chip card in the respective chip card reading unit CKLE is secured against being removed. This can prevent the at least one chip card CK from being removed without authorization.
- the at least one chip card CK comprises a computing unit CPU_CK and at least one secure memory MEM_CK.
- the secure memory MEM_CK of the at least one chip card CK comprises a secure key memory SMEM_CK and / or a secure data memory DMEM_CK.
- the secure key memory SMEM_CK and the secure data memory DMEM_CK can be designed separately or as a shared memory.
- At least one cryptographic key and optionally at least one certificate and optionally further cryptographic data are stored in the secure key memory SMEM_TCO of the tachograph TCO and in the secure key memory SMEM_CK of the at least one chip card CK. These are stored particularly securely in the secure key memory SMEM_TCO of the tachograph TCO and in the secure key memory SMEM_CK of the at least one chip card CK, that is, in particular protected against manipulation and / or against unauthorized access.
- the at least one cryptographic key which can be stored in the secure key memory SMEM_TCO of the tachograph TCO or in the secure key memory SMEM_CK of the at least one chip card CK is in particular a private key. which can be used for asymmetric encryption and / or for determining a digital signature.
- the secure data memory DMEM_TCO of the tachograph TCO and the secure data memory DMEM_CK the at least one smart card CK is particularly provided for securely storing data that are digitally signed, for example by means of the private key and whose integrity by means of the digital signature and a public key is verifiable.
- the data stored in the secure data memory DMEM_TCO of the tachograph TCO or in the secure data memory DMEM_CK of the at least one chip card CK is thus protected against manipulation.
- the secure memory MEM_TCO of the tachograph TCO and / or the secure memory MEM_CK of the at least one chip card CK can also be embodied differently.
- the secure memory MEM TCO of the tachograph TCO and / or the secure memory MEM_CK of the at least one chip card CK may alternatively or additionally also be electrically and / or mechanically protected against unauthorized access or manipulation.
- a predetermined identification information is securely stored in the secure memory MEM_CK of the at least one chip card CK of the tachograph card and the workshop card.
- This predetermined identification information is output, for example, by an institute, in particular by a governmental institute, and enables a clear and reliable identification of the tachograph card or of the workshop card in relation to the tachograph TCO.
- the predetermined identification information is prescribed in particular by law or regulation and may be used exclusively for the purposes prescribed by law or regulation.
- At least one chip card CK is provided, which instead of the predetermined identification information a user-defined identification information IDI.
- the user-defined identification information IDI can be defined by the manufacturer of the tachograph TCO or the at least one chip card CK or by a user of the tachograph TCO or the respective chip card CK.
- the user is a company that uses the tachograph TCO in one of his vehicles. Defining includes, for example, creating a digital certificate and / or a cryptographic key pair for asymmetric encryption.
- the user-defined identification information can also be designed differently.
- the user-defined identification information IDI is also securely stored in the secure memory MEM_CK of the at least one chip card CK.
- the user-defined identification information IDI is independent and definable by the predetermined identification information.
- the at least one chip card CK which includes the user-defined identification information IDI, can be used for applications for which the predetermined identification information may not be used.
- the company using the tachograph TCO in one of its vehicles has the option of having at least one digital certificate and / or at least one cryptographic key and / or at least one cryptographic key pair and / or at least one identifier, for example a user identifier, as needed and to generate or generate suitable for the respective application to create self-defined identities in the form of the user-defined identification information IDI and to use for their own purposes, regardless of the predetermined operation of the tachograph TCO.
- the user-defined identification information IDI can also include or encode further information, for example at least one access right and / or right of use, possibly with a time limit.
- Tachograph TCO has secure and preferably security certified hardware that provides a secure environment for data processing and storage.
- the tachograph TCO is also suitable for securely storing cryptographic keys and digital certificates and other data.
- the tachograph TCO is designed to execute secure and preferably security-certified cryptographic algorithms in order, for example, to enable the secure storage of data, for example by determining and storing a digital signature of the data.
- the tachograph TCO comprises a cryptographic functional unit, which is formed, for example, by or encompassed by the arithmetic unit CPU_TCO of the tachograph TCO.
- the tachograph TCO further comprises at least one data interface DS.
- the tachograph TCO can be coupled to at least one functional unit FE_KFZ of a vehicle via the at least one data interface DS by arranging the tachograph TCO.
- a functional unit FE_KFZ of the vehicle is, for example, an immobilizer.
- the at least one functional unit FE_KFZ of the vehicle is not absolutely necessary for the predetermined operation of the tachograph TCO.
- the wheel speed sensor RDS and possibly other components or units of the vehicle required for the specified operation of the tachograph TCO do not constitute a functional unit FE of the vehicle in the context of this document.
- the tachograph TCO is via its at least one data interface DS, for example via a bus system, for example via a CAN bus, coupled to the at least one functional unit FE vehicle of the vehicle.
- the coupling can also be designed differently.
- FIG. 2 shows a first functional diagram.
- a first chip card CK1 is shown, which as a user-defined identification information IDI a workshop identifier WID as a user ID, a user group identifier GID and a Access range ZB includes.
- the workshop identifier WID is intended to identify a workshop.
- the first chip card CK1 can therefore also be referred to as a custom workshop card.
- the custom workshop card is accredited by the manufacturer of the tachograph.
- the advantage is that, by means of the workshop identifier WID and / or the user group identifier GID and / or the access area ZB, workshops can be equipped individually with user-defined access rights independently of, for example, legal requirements or regulations.
- the use of the custom workshop card is not tied to a few, predetermined workshops, but can be awarded to any garage, for example, by the company that uses the tachograph TCO in one of his vehicles.
- Configuration data KONF can also be stored or stored on the first chip card CK1.
- the tachograph TCO is preferably configurable as a function of the configuration data KONF stored on the first chip card CK1.
- a current configuration of the tachograph TCO can be stored on the first chip card CK1 in the form of the configuration data KONF. This makes it possible to transfer the configuration data KONF from the tachograph TCO to another tachograph or to a plurality of further tachographs.
- Which parts or regions of the configuration of the tachograph TCO in the form of the configuration data KONF can be stored on the first chip card CK1 and / or can be modified by the configuration data KONF stored on the first chip card CK1 can be predetermined as a function of the user-defined identification information IDI.
- the first chip card CK1 is introduced into the chip card reading unit CKLE of the tachograph TCO, then a mutual authentication AUTH of the first chip card CK1 and the tachograph TCO is performed.
- the authentication takes place depending on the user-defined identification information IDI.
- the workshop identifier WID is authenticated.
- the user-defined identification information IDI is transmitted from the first smart card CK1 to the tachograph TCO by secure reading SL.
- secure reading SL for example, a digital signature of the digital data is transmitted together with the transmitted data.
- the tachograph TCO can detect the integrity of the data and prevent any manipulation of the data.
- a first access control ZK1 takes place.
- the first access permission ZE1 relates, for example, to the parts or regions of the configuration of the tachograph TCO which can be modified by the configuration data KONF stored on the first chip card CK1 or which can be stored on the first chip card CK1 in the form of the configuration data KONF.
- the first access permission ZE1 relates to a write right to those parts or areas of the configuration that are not required for the given operation of the tachograph, that is, parts or areas of configuration that are optional.
- the first access permission ZE1 may also relate to the at least one functional unit FE_TCO of the tachograph TCO and / or the at least one functional unit FE_KFZ of the vehicle.
- the configuration data KONF can be read from the first chip card CK1 by secure reading and / or writing SLS and transmitted to the tachograph TCO or transmitted from the tachograph TCO to the first chip card CK1 and stored thereon.
- the secure reading and / or writing SLS preferably also takes place by providing and checking a digital signature or a message authentication code of the transmitted configuration data KONF.
- the message authentication code can also be referred to as Message Authentication Code, or MAC for short. This ensures the integrity of the transmitted configuration data KONF.
- a second access control ZK2 takes place.
- a second access permission ZE2 is granted for access to the parts or areas of the configuration that may be read and / or modified.
- the configuration data KONF can be reliably transmitted from the tachograph TCO to at least one further tachograph, or the configuration data KONF can be transmitted from the at least one further tachograph to the tachograph TCO.
- This makes it very easy to transfer the configuration possible when replacing the tachograph TCO in the vehicle.
- a safe and simple configuration of customer-specific functions in the field is possible.
- the tachograph TCO automatically configures itself after inserting the first chip card CK1 into the chip card reading unit CKLE in accordance with the configuration data KONF stored thereon. Configuring the tachograph TCO is thus particularly easy and reliable.
- a second chip card CK2 can be provided, which can be fed to the tachograph TCO via the at least one chip card reading unit CKLE.
- the second chip card CK2 represents an access control card for optional functions of the tachograph TCO and / or the vehicle.
- the second chip card CK2 comprises a function identifier FID and preferably an activation period AZR.
- the function identifier FID identifies at least one of the functional units FE TCO of the tachograph TCO and / or functional units FE_KFZ of the vehicle.
- the activation period AZR encodes the time limitation of the access right or the right of use of the at least one functional unit FE_TCO of the tachograph TCO and / or functional unit FE_KFZ of the vehicle identified by the function identifier FID. Through the activation period AZR is given an access duration to the respective functional unit or a service life of the respective functional unit.
- the tachograph TCO is designed to allow or prevent the use of the respective functional unit or the access to the respective functional unit only within the time period predetermined by the time limit.
- the tachograph TCO performs the authentication AUTH of the second chip card CK2.
- the function identifier FID and the activation period AZR are transmitted by the secure reading SL from the second chip card CK2 to the tachograph TCO.
- the tachograph TCO performs a third access control ZK3.
- a usage permit NE is granted or denied depending on the function identifier FID and the activation period AZR.
- the third access control ZK3 is further checked whether the predetermined by the activation period AZR period for the use of at least one identified by the function identifier FID functional unit is still running or has already expired. Accordingly, the use of this at least one functional unit is allowed or prevented. For example, after payment of a corresponding fee by means of the second chip card CK2, at least one optional and / or customer-specific function of the tachograph TCO or of the vehicle can be enabled for a predetermined period of time, for example one year.
- FIG. 3 shows a second functional diagram.
- a third smart card CK3 identifies, for example, a driver of the vehicle, a company, a vehicle manufacturer or another identity.
- the third smart card CK3 therefore represents an individual customer identification card or user identification card.
- the third chip card CK3 comprises the user-defined identification information IDI, which comprises a customer identifier KID as the user identifier and at least one cryptographic customer key KS.
- This custom Identification information IDI can be used, for example, to encrypt data depending on the at least one customer key KS and / or to decrypt and / or digitally sign.
- Such user-defined identification information IDI can also be stored in the secure memory MEM_TCO of the tachograph TCO, so that for the benefit of the user-defined identification information IDI, the third chip card CK3 does not have to be plugged into the chip card reading unit CKLE.
- the third chip card CK3 can be used, for example, when setting up the tachograph TCO, to transmit the user-defined identification information IDI to the tachograph TCO and store it in it.
- the tachograph TCO performs the authentication AUTH of the third chip card CK3. This authenticates the customer ID KID.
- the at least one customer key KS includes, for example, a private and a public key for asymmetric encryption. However, the at least one customer key KS can also be designed differently.
- the secure reading SL transmits the at least one customer key KS and in particular the public key to the tachograph TCO.
- the tachograph TCO is preferably designed to provide an identification service IDD.
- the customer identifier KID and / or the at least one customer key KS or components thereof can be provided by the identification service IDD of the at least one functional unit FE_KFZ of the vehicle and thus the user depends on the customer identifier KID and the at least one customer key KS be identified with respect to the at least one functional unit FE_KFZ of the vehicle.
- it can be provided to perform a data acquisition DE for the customer identifier KID.
- timestamps of the real-time clock RTC are preferably recorded and recorded.
- the customer identifier KID can also be provided secured via the at least one data interface DS, that is to say, for example, together with an associated digital signature.
- the respective functional unit FE_KFZ of the vehicle can check the integrity of the customer identifier KID.
- the customer identifier KID and / or the customer key KS and in particular the public key can be sent via the at least one data interface DS to all functional units FE_KFZ of the vehicle or sent on request by one of the functional units FE_KFZ the vehicle to this.
- the at least one functional unit FE_KFZ of the vehicle which uses the customer identifier KID, is in particular an identification-dependent functional unit IDFE, which, for example, allows access to or use of this only in the presence of a predetermined customer identifier KID.
- the identification-dependent functional unit IDFE may only be used by a predefined company or a predefined user, for example a predefined driver.
- Such a functional unit FE_KFZ of the vehicle is, for example, the immobilizer.
- a third access permission ZE3 is granted or denied, for example the immobilizer is deactivated or activated.
- the tachograph TCO can also provide a cryptographic data processing service KDVD for the cryptographic processing of data for the at least one functional unit FE_KFZ of the vehicle and in particular for a safety-based and / or safety-providing functional unit SFE.
- the cryptographic data processing service KDVD is configured, for example, to encrypt or decrypt data and / or to digitally sign or verify signed data and / or to generate or to generate the message authentication code on request of the at least one functional unit FE_KFZ of the vehicle and in particular the safety-based and / or safety-providing functional unit SFE to verify.
- a signature service SIG for generating and checking digital signatures
- an encryption and decryption service KRYPT for encrypting and decrypting data
- an internal authentication service IAUTH and an external authentication service EAUTH are provided for mutually authenticating the tachograph TCO and the respective functional unit FE_KFZ of the A vehicle or for authenticating an off-board system, for example a personal computer in the company, which is for example, for a data exchange with the vehicle by a radio link coupled thereto.
- the security-based and / or security-providing functional unit issues or denies a fourth access permission ZE4 depending on the customer identifier KID.
- a fourth access permission ZE4 depending on the customer identifier KID.
- an electronic seal is thereby formed that allows the access or use of the security-based and / or security-providing functional unit SFE only to the user who has already used the security-based and / or security-providing functional unit SFE at least once before.
- the safety-based and / or safety-providing functional unit SFE can be designed to exchange data with a vehicle-external unit, for example with the personal computer, via the radio link or else via a cable connection. For this purpose, encrypting or decrypting or signing the data may be required or advantageous. Furthermore, it can be provided to store data securely.
- these can be transmitted to the tachograph TCO.
- the data can be stored in the tachograph TCO, in particular in the secure data memory DMEM_TCO, stored or signed by the signature service SIG and / or encrypted by the encryption and decryption service KRYPT be transmitted back to the security-based and / or security-providing functional unit SFE, then to store this in this.
- the authentication AUTH, the first, second and third access control ZK1, ZK2, ZK3, the identification service IDD and the cryptographic data processing service KDVD and the safe reading SL and the secure reading and / or writing SLS are formed by the at least one functional unit FE_TCO of the tachograph TCO or are performed by these, in particular by the cryptographic functional unit, which is formed for example by the arithmetic unit CPU_TCO of the tachograph TCO, which cooperates with the secure memory MEM_TCO.
- the digital signature comprises a time stamp, which can be generated, for example, by the real-time clock RTC, and / or a sequence number.
- a time stamp which can be generated, for example, by the real-time clock RTC, and / or a sequence number.
- the same high level of safety and reliability can be achieved for custom applications as for the specified operation of the tachograph TCO.
- the advantage is that no additional unit in the vehicle and / or in the at least one functional unit FE vehicle of the vehicle must be provided for this purpose.
- the use of the tachograph TCO with the custom identification information IDI for custom applications is thus particularly cost-effective.
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Time Recorders, Dirve Recorders, Access Control (AREA)
- Traffic Control Systems (AREA)
- Storage Device Security (AREA)
- Lock And Its Accessories (AREA)
Claims (5)
- Tachygraphe,- lequel comprend au moins une unité de lecture de carte à puce (CKLE), à laquelle peut être acheminée au moins une carte à puce (CK) ayant une mémoire sécurisée (MEM_CK) et à transmission de données sécurisée, sur laquelle est enregistrée de manière sécurisée au moins une information d'identification définie par l'utilisateur (IDI), qui est définie par le fabricant du tachygraphe ou de l'au moins une carte à puce (CK) ou par une entreprise qui utilise le tachygraphe (TCO) dans l'un des ses véhicules, laquelle est indépendante d'une information d'identification prédéfinie par un organisme officiel pour un fonctionnement prédéfini du tachygraphe (TCO), et- lequel est configuré pour authentifier l'au moins une carte à puce (CK) en fonction de l'au moins une information d'identification définie par l'utilisateur (IDI) et lire les données de manière sécurisée depuis l'au moins une carte à puce (CK) et/ou enregistrer les données de manière sécurisée sur l'au moins une carte à puce (CK),- lequel comporte au moins une interface de données (DS) servant à émettre et/ou à recevoir des données vers ou depuis au moins une unité fonctionnelle (FE_KFZ) d'un véhicule,- lequel comporte au moins une unité fonctionnelle cryptographique conçue pour le fonctionnement prédéfini du tachygraphe (TCO) et- lequel est configuré pour traiter de manière cryptographique et/ou enregistrer de manière sécurisée et/ou fournir de manière sécurisée, au moyen de l'au moins une unité fonctionnelle cryptographique, des données qui peuvent être acheminées au tachygraphe (TCO) depuis l'au moins une unité fonctionnelle (FE_KFZ) du véhicule par le biais de l'au moins une interface de données (DS) en fonction de l'au moins une information d'identification définie par l'utilisateur (IDI) pour l'au moins une unité fonctionnelle (FE_KFZ) du véhicule.
- Tachygraphe selon la revendication 1,- avec lequel l'au moins une information d'identification définie par l'utilisateur (IDI) code au moins un droit d'accès à au moins une unité fonctionnelle et/ou au moins un droit d'utilisation de l'au moins une unité fonctionnelle et- lequel est configuré pour autoriser ou interdire un accès à au moins une unité fonctionnelle et/ou une utilisation de l'au moins une unité fonctionnelle en fonction de l'au moins une information d'identification définie par l'utilisateur (IDI).
- Tachygraphe selon la revendication 2,- avec lequel le droit d'accès ou le droit d'utilisation comprend une limitation dans le temps et- lequel est configuré pour, en fonction de la limitation dans le temps, restreindre une durée d'accès à l'au moins une unité fonctionnelle ou une durée d'utilisation de l'au moins une unité fonctionnelle et/ou autoriser ou empêcher l'accès à l'au moins une unité fonctionnelle ou l'utilisation de l'au moins une unité fonctionnelle seulement au sein d'une période prédéfinie par la limitation dans le temps.
- Tachygraphe selon l'une des revendications précédentes,- lequel comporte au moins une interface de données (DS) servant à émettre et/ou recevoir des données vers ou depuis au moins une unité fonctionnelle (FE_KFZ) d'un véhicule et- lequel est configuré pour fournir l'au moins une information d'identification définie par l'utilisateur (IDI) ou une composante de celle-ci à l'au moins une unité fonctionnelle (FE_KFZ) du véhicule par le biais de l'au moins une interface de données (DS).
- Tachygraphe selon la revendication 4, lequel est configuré pour fournir l'au moins une information d'identification définie par l'utilisateur (IDI) ou une composante de celle-ci à l'au moins une unité fonctionnelle (FE_KFZ) du véhicule sous forme cryptographique vérifiable par celle-ci.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102007004645A DE102007004645A1 (de) | 2007-01-25 | 2007-01-25 | Tachograph |
PCT/EP2008/050396 WO2008090057A1 (fr) | 2007-01-25 | 2008-01-15 | Tachygraphe |
Publications (2)
Publication Number | Publication Date |
---|---|
EP2115703A1 EP2115703A1 (fr) | 2009-11-11 |
EP2115703B1 true EP2115703B1 (fr) | 2018-12-26 |
Family
ID=39287725
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP08707898.6A Active EP2115703B1 (fr) | 2007-01-25 | 2008-01-15 | Tachygraphe |
Country Status (5)
Country | Link |
---|---|
US (1) | US20090327760A1 (fr) |
EP (1) | EP2115703B1 (fr) |
CN (1) | CN101589409B (fr) |
DE (1) | DE102007004645A1 (fr) |
WO (1) | WO2008090057A1 (fr) |
Families Citing this family (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102006048029B4 (de) * | 2006-10-09 | 2008-10-02 | Continental Automotive Gmbh | Verfahren und Vorrichtung zur Übertragung von Daten zwischen einem Fahrtschreiber und einer Datenverarbeitungseinrichtung |
DE102008006840A1 (de) * | 2008-01-30 | 2009-08-13 | Continental Automotive Gmbh | Datenübertragungsverfahren und Tachographensystem |
DE102008047433A1 (de) * | 2008-09-15 | 2010-03-25 | Continental Automotive Gmbh | Verfahren zum Freischalten von Funktionen eines Tachographen |
JP5330952B2 (ja) * | 2009-09-30 | 2013-10-30 | 富士通テン株式会社 | 表示装置、ドライブレコーダ、表示方法及びプログラム |
DE102009051350A1 (de) | 2009-10-30 | 2011-05-05 | Continental Automotive Gmbh | Verfahren zum Betreiben eines Tachographen und Tachograph |
EP2362355A1 (fr) * | 2010-02-22 | 2011-08-31 | Stoneridge Electronics AB | Tachygraphe personnalisable |
EP2362356B1 (fr) | 2010-02-22 | 2018-07-25 | Stoneridge Electronics AB | Tachygraphe |
US20110225259A1 (en) * | 2010-03-12 | 2011-09-15 | GM Global Technology Operations LLC | System and method for communicating software applications to a motor vehicle |
EP2431947A1 (fr) * | 2010-09-06 | 2012-03-21 | Gemalto SA | Procédé de sécurisation des systèmes électroniques de tachygraphes |
FR2973136A1 (fr) * | 2011-03-25 | 2012-09-28 | France Telecom | Verification de l'integrite de donnees d'un equipement embarque dans un vehicule |
WO2013056740A1 (fr) * | 2011-10-20 | 2013-04-25 | Continental Automotive Gmbh | Tachygraphe numérique |
DE102013209505A1 (de) * | 2013-05-22 | 2014-11-27 | Continental Automotive Gmbh | Tachograph, Tachographenchipkarte und Tachographensystem |
DE102015207713A1 (de) * | 2015-04-27 | 2016-10-27 | Continental Automotive Gmbh | Verfahren und Vorrichtung zum Konfigurieren einer Fahrzeugeinheit |
DE102019210440A1 (de) * | 2019-07-15 | 2021-01-21 | Continental Automotive Gmbh | Verfahren zum Betreiben einer Kraftfahrzeuggeschwindigkeitssensorvorrichtung, Kraftfahrzeuggeschwindigkeitssensorvorrichtung und Kraftfahrzeug mit einer Kraftfahrzeuggeschwindigkeitssensorvorrichtung |
DE102020216530A1 (de) * | 2020-12-23 | 2022-06-23 | Continental Automotive Gmbh | Tachographensystem für ein Kraftfahrzeug, Kraftfahrzeug und Verfahren zum Betreiben eines Tachographensystems |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2612319B1 (fr) * | 1987-03-09 | 1992-05-29 | Pollen Inf | Procede et dispositif de controle de l'utilisation d'un ou de plusieurs vehicules |
DE4338556A1 (de) * | 1993-11-08 | 1995-05-11 | Mannesmann Ag | Einrichtung zur Aufzeichnung von Fahrtrouteninformationen |
FR2734110B1 (fr) * | 1995-05-12 | 1997-06-20 | Thomson Csf | Procede et systeme pour la securisation de la transmission de donnees entre un capteur et un enregistreur |
WO1997013208A1 (fr) * | 1995-10-06 | 1997-04-10 | Scientific-Atlanta, Inc. | Livre de bord electronique pour vehicules |
US6198996B1 (en) * | 1999-01-28 | 2001-03-06 | International Business Machines Corporation | Method and apparatus for setting automotive performance tuned preferences set differently by a driver |
DE10008974B4 (de) * | 2000-02-25 | 2005-12-29 | Bayerische Motoren Werke Ag | Signaturverfahren |
DE10210320B4 (de) * | 2001-04-24 | 2006-11-02 | International Business Machines Corp. | Duale Aufzeichnung zur Fahrtzeitenkontrolle bei Lastkraftwagen |
DE10213658B4 (de) * | 2002-03-27 | 2005-10-13 | Robert Bosch Gmbh | Verfahren zur Datenübertragung zwischen Komponenten der Bordelektronik mobiler Systeme und solche Komponenten |
CN2739714Y (zh) * | 2004-08-25 | 2005-11-09 | 广州市银光电子工业公司 | 能够识别和记录驾驶员身份的汽车行驶记录仪 |
DE102004043052B3 (de) * | 2004-09-06 | 2006-01-19 | Siemens Ag | Verfahren zur Manipulationserkennung an einer Anordnung mit einem Sensor |
CN100489915C (zh) * | 2005-08-25 | 2009-05-20 | 财团法人工业技术研究院 | 电动车辆管理装置与方法 |
-
2007
- 2007-01-25 DE DE102007004645A patent/DE102007004645A1/de not_active Ceased
-
2008
- 2008-01-15 US US12/524,282 patent/US20090327760A1/en not_active Abandoned
- 2008-01-15 EP EP08707898.6A patent/EP2115703B1/fr active Active
- 2008-01-15 CN CN200880003257.5A patent/CN101589409B/zh active Active
- 2008-01-15 WO PCT/EP2008/050396 patent/WO2008090057A1/fr active Application Filing
Non-Patent Citations (1)
Title |
---|
None * |
Also Published As
Publication number | Publication date |
---|---|
DE102007004645A1 (de) | 2008-07-31 |
WO2008090057A1 (fr) | 2008-07-31 |
CN101589409A (zh) | 2009-11-25 |
CN101589409B (zh) | 2012-12-05 |
EP2115703A1 (fr) | 2009-11-11 |
US20090327760A1 (en) | 2009-12-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2115703B1 (fr) | Tachygraphe | |
EP2454704B1 (fr) | Methode pour lir des attributes de un jeton d'identite | |
DE102018115347B4 (de) | Erstellen einer Fahrzeugbescheinigung unter Verwendung einer Blockchain | |
EP1127756B1 (fr) | Procédé d'autorisation avec certificat | |
EP1128242B1 (fr) | Méthode de signature | |
EP3078218B1 (fr) | Contrôle d'accès et d'utilisation pour un véhicule automobile | |
DE102008042262B4 (de) | Verfahren zur Speicherung von Daten, Computerprogrammprodukt, ID-Token und Computersystem | |
EP2195790B1 (fr) | Système comprenant un tachygraphe et une unité de péage embarquée comme partenaires de communication des données | |
EP1959606B1 (fr) | Unité de protection | |
EP2338147B1 (fr) | Appareil électronique pour véhicule à moteur, véhicule à moteur, procédé d'affichage de données sur un dispositif d'affichage d'un véhicule à moteur et produit programme d'ordinateur | |
DE102006015212B4 (de) | Verfahren zum Schutz eines beweglichen Gutes, insbesondere eines Fahrzeugs, gegen unberechtigte Nutzung | |
EP2304642B1 (fr) | Procédé pour lire les attributs depuis un jeton id | |
EP2332313B1 (fr) | Méthode de mémorisation de données, produit logiciel, jeton d'identification et système d'ordinateur | |
EP2349786B1 (fr) | Dispositif d'affichage pour véhicule à moteur, système électronique pour véhicule à moteur, véhicule à moteur, procédé d'affichage de données et produit-programme d'ordinateur | |
EP4357945A2 (fr) | Procédé de lecture d'un attribut à partir d'un jeton id | |
DE102007058975A1 (de) | Bordnetz eines Kraftfahrzeugs mit einem Master Security Modul | |
EP1399797B1 (fr) | Unite de commande | |
EP3902707A1 (fr) | Concept pour fournir un signal de clé ou un signal d'immobilisation pour un véhicule | |
WO2013056740A1 (fr) | Tachygraphe numérique | |
EP1126655A1 (fr) | Méthode d'authentification de hardware et de software dans un réseau | |
EP1652337B1 (fr) | Procede pour signer une quantite de donnees dans un systeme a cle publique et systeme de traitement de donnees pour la mise en oeuvre dudit procede | |
EP3319003A1 (fr) | Procédé et système d'authentification d'un appareil de télécommunication mobile sur un système informatique de service et appareil de télécommunication mobile | |
EP2169579B1 (fr) | Procédé et dispositif d'accès à un document lisible sur machine | |
DE102009008184B4 (de) | Prüfen einer Authentisierung eines Besitzers eines portablen Datenträgers | |
EP1987466B1 (fr) | Procédé pour garantir l'autorité sur l'activation d'applications dans un module de sécurité |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20090825 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): DE FR SE |
|
DAX | Request for extension of the european patent (deleted) | ||
17Q | First examination report despatched |
Effective date: 20161109 |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
INTG | Intention to grant announced |
Effective date: 20180907 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): DE FR SE |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 502008016532 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: SE Ref legal event code: TRGR |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 502008016532 Country of ref document: DE |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
26N | No opposition filed |
Effective date: 20190927 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R084 Ref document number: 502008016532 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R081 Ref document number: 502008016532 Country of ref document: DE Owner name: CONTINENTAL AUTOMOTIVE TECHNOLOGIES GMBH, DE Free format text: FORMER OWNER: CONTINENTAL AUTOMOTIVE GMBH, 30165 HANNOVER, DE |
|
P01 | Opt-out of the competence of the unified patent court (upc) registered |
Effective date: 20230522 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R081 Ref document number: 502008016532 Country of ref document: DE Owner name: CONTINENTAL AUTOMOTIVE TECHNOLOGIES GMBH, DE Free format text: FORMER OWNER: CONTINENTAL AUTOMOTIVE TECHNOLOGIES GMBH, 30165 HANNOVER, DE |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20240131 Year of fee payment: 17 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: SE Payment date: 20240119 Year of fee payment: 17 Ref country code: FR Payment date: 20240124 Year of fee payment: 17 |