EP2872373A2 - Exécution d'une commande dans un système de signalisation - Google Patents

Exécution d'une commande dans un système de signalisation

Info

Publication number
EP2872373A2
EP2872373A2 EP13762760.0A EP13762760A EP2872373A2 EP 2872373 A2 EP2872373 A2 EP 2872373A2 EP 13762760 A EP13762760 A EP 13762760A EP 2872373 A2 EP2872373 A2 EP 2872373A2
Authority
EP
European Patent Office
Prior art keywords
captcha
input
information
signal system
transmitted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP13762760.0A
Other languages
German (de)
English (en)
Inventor
Frank RENPENNING
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens Mobility GmbH
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Publication of EP2872373A2 publication Critical patent/EP2872373A2/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L7/00Remote control of local operating means for points, signals, or track-mounted scotch-blocks
    • B61L7/06Remote control of local operating means for points, signals, or track-mounted scotch-blocks using electrical transmission
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L11/00Operation of points from the vehicle or by the passage of the vehicle
    • B61L11/08Operation of points from the vehicle or by the passage of the vehicle using electrical or magnetic interaction between vehicle and track
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L27/00Central railway traffic control systems; Trackside control; Communication systems specially adapted therefor
    • B61L27/70Details of trackside communication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L19/00Arrangements for interlocking between points and signals by means of a single interlocking device, e.g. central control
    • B61L19/06Interlocking devices having electrical operation
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L21/00Station blocking between signal boxes in one yard
    • B61L21/04Electrical locking and release of the route; Electrical repeat locks

Definitions

  • the invention relates to a method for performing an operation in a signal system of a railway system, and corresponding devices (operating unit and Signalsys ⁇ TEM).
  • a so-called CAPTCHA method is known (see eg http://de.wikipedia.org/wiki/Captcha).
  • CAPTCHA is an Ak ⁇ ronym for "Completely Automated Public Turing test to participate Computers and Humans Apart", which means in German:
  • CAPTCHAs are used to decide whether the counterpart is a human or a machine. Usually this is done to Che ⁇ fen whether entries have been made in Internet forms on humans or machines (robots, bots short) because robots can be misused here.
  • a transaction number is a one-time password, e.g. consists of decimal digits and is used for example in online banking.
  • a control unit eg a signal box, a control center for Switzerland- influencing systems such as a radio block center, a
  • Vehicle equipment of train control systems, etc. serves in certain cases to bypass the security function of the signaling system under the responsibility of the operator (eg Dispatcher).
  • This method is referred to, inter alia, as an auxiliary operation or as a command-release method (KF method).
  • KF method command-release method
  • auxiliary operation e.g. unintentional triggering, falsification or loss or undesired repetition of operations.
  • auxiliary operations may also occur due to automation of auxiliary operator actions; For example, macros or automated processes in the operator station system can trigger such unwanted auxiliary operations.
  • the object of the invention is to provide the reasons stated above drawbacks to be avoided and in particular an effi cient and safe approach for an auxiliary operation from a non-secure workstation system or from a non-secure operating unit as a component of the operating ⁇ station system of.
  • This object is achieved according to the features of the independent claims.
  • Preferred embodiments are insbeson ⁇ particular the dependent claims.
  • the object is achieved by a method for performing ⁇ guide an operator in a signal system of a rail system,
  • the operation on the side of the signal ⁇ system is executed (eg caused), if the received input corresponds to the contents of the CAPTCHA correctly.
  • the CAPTCHA may in particular be any depicting ⁇ development that is visible and can be converted into a string for the people with this string per ⁇ but is poorly by a machine or not automatically recognized.
  • the CAPTCHA represents for example alphanumeric characters, symbols and / or characters of different size and orientation in front of different backgrounds at different positions, for example, partially distorted represents wherein more characters that are not to be detected, also Darge ⁇ be established to impede the automatic detection or impossible to do.
  • Known algorithms for generating such a CAPTCHA can be used for the present approach.
  • the present approach is based on such a CAPTCHA insofar as an automated input can thus be excluded with a predefinable security, or an input made by an operator can also be recognized as such via a communication interface.
  • the signaling system is e.g. a unit of a railway system in which an action for setting the railway system or a component of the railway system can take place.
  • the railway system can have several signal systems. It is also possible that the signal system is executed distributed over several units.
  • the operating unit can be part of an operator station system.
  • This operator station system can be part of a control system that has a secure or unsecured connection to the signaling system.
  • the connection can be designed to be structurally and / or technically secure. For example, in the latter case, a transmission can take place by means of a signature and / or an encryption.
  • the connection may comprise a wireless and / or a wired communication interface.
  • the control unit can be portable or it can be part of a fixed terminal.
  • the operation comprises at least one of the following actions: - a command input, the corruption may bypass the Si ⁇ reliability of the signal system,
  • CAPTCHA basie ⁇ rend created on a string.
  • the Informati on ⁇ includes a transaction number.
  • CAPTCHA is created based on a transaction number.
  • a transaction number is used only once per period of time (e.g., for a given validity period) or generally only once. This ensures that no repeated entries can be made.
  • CAPTCHA represents the transaction number that the operator must recognize and enter. It is also possible for the transaction number to be represented, for example, as text (for example as ASCII text) and the CAPTCHA comprises the representation of alphanumeric characters. The operator should now enter the characters displayed in the CAPTCHA together with the transaction number, if appropriate in different fields of an input mask provided for this purpose. If the CAPTCHA is on the side of the sig- nalsystems recognized as correct, it is possible to carry out the operatio ⁇ tion.
  • the information comprises a text.
  • the text may include alphanumeric characters, symbols and / or special characters. It is also possible that the text comprises only a subset of the possible characters, e.g. no national special characters.
  • the information comprises an image or a symbol which is associated in particular with the operation or represents it.
  • the operator may be given an indication of the operation and / or the CAPTCHA.
  • the signal system performs the operation if the input confirms the contents of the CAPTCHA and if the input is received before expiration ei ⁇ ner time on the signal system.
  • One embodiment is that the information is transmitted to the operating unit and a timer is started, the timer specifying the time duration which may elapse until the input to the signal system is to be received.
  • An alternative embodiment is that if the input does not correspond to the content of the CAPTCHA, the signal system does not perform the operation, and in particular triggers an error message and / or an alarm
  • An input is detectable based on an information received from the signal system and this input is transferable to the signal system, wherein the received information on a display unit is at least partially representable, wherein the received information comprises a CAPTCHA generated based on the operation and transmitted from the signaling system.
  • the device is in particular a control unit.
  • an operation can be received by an operating unit
  • a CAPTCHA is generated based umfas ⁇ sent
  • the information is transferable to the operating unit
  • the signal system performs the operation, if an input confirms the contents of the CAPTCHA, wherein the input from the operating unit can be transmitted.
  • the presented solution further comprises a computer program product directly loadable into a memory of a digita ⁇ len computer, comprising program code portions which are suitable to carry out the steps of the described herein procedural ⁇ proceedings.
  • a computer program product directly loadable into a memory of a digita ⁇ len computer, comprising program code portions which are suitable to carry out the steps of the described herein procedural ⁇ proceedings.
  • ei ⁇ nes computer-readable storage medium for example an arbitrary memory comprising executable by a computer instruc ⁇ solutions (for example in the form of program code) that are adapted so that the computer to perform steps of the method described herein.
  • Fig.l is a schematic flow diagram illustrating the implementation of an auxiliary operation
  • a schematic representation of information comprising a CAPTCHA, a graphic and a text.
  • CAPTCHA CAPTCHA
  • auxiliary service an operator from finally and if necessary only once is performed diener by a loading ⁇ .
  • the CAPTCHA can be such tonege ⁇ is that it supports the operator also from an ergonomic standpoint.
  • the corruption may bypass the Si ⁇ reliability of the signal system, an auxiliary redistribution of infrastructure elements (eg switches),
  • FIG. 1 shows a schematic flow diagram illustrating the performance of an auxiliary operation
  • the operator selects a corresponding auxiliary operation on an operating unit 101 or enters this in the form of text commands.
  • This auxiliary operation is transmitted to a signal system 102 in a step 103.
  • the transmission is in this case, for example, not gesi ⁇ chert.
  • the transmission could be corrupted by out ⁇ cases or undefined states (eg not at all, partially or repeatedly transferred).
  • the transmission can also be signed and / or encrypted transmitted.
  • the received Hilfsbe ⁇ dienung is processed into a CAPTCHA, for example based on a unique transaction number (see. Step 104).
  • the CAPTCHA is transmitted in a step 105 to the Be ⁇ service unit 101 and displayed to the operator.
  • a time window can be determined within which to wait for a (valid) response. If the time period associated with the time window has expired, for example, no input is accepted and / or accepted by the operator - see also (4).
  • the operator checks whether the CAPTCHA describes the auxiliary operation desired by the user or - possibly textually or graphically - is associated with the desired auxiliary operation. For example, a text and / or an image may additionally be displayed (cf.
  • Step 106) or the auxiliary operation be ⁇ writes or identified. If there is no association with the desired auxiliary operation, it is an error, the operator aborts the auxiliary operation and / or indicates the error. If there is an association with the desired auxiliary operation, the operator enters the transaction number in plain text (see step 106) and confirms that the auxiliary operation can be carried out
  • Step 107 (possibly signed and / or encrypted) transmitted to the signal system 102.
  • the transaction number is collected (the received confirmation of the operator respectively) ⁇ emp. It is checked in a step 108 whether the confirmation is received in the given time window and correct. If these conditions are met, the auxiliary operation is performed in a step 109.
  • the CAPTCHA can have different configurations aufwei ⁇ sen.
  • the CAPTCHA itself may be combined with text and graphics, such as the content of the
  • the CAPTCHA can create a transaction Show number in a way that can only be recognized by the operator (not a machine). When the operator enters the transaction number shown in the CAPTCHA, he indicates to the signal system that the auxiliary service is from him.
  • the CAPTCHA may also have pictograms that visualize the auxiliary operation and help the operator identify the auxiliary operation. This allows the operator to easily identify if there is an error. In this way it is possible to reduce the likelihood of erroneous input while satisfying advantageous ergonomic requirements for the operator.
  • the information 201 may include a graphic (e.g., image, icon, icon, bitmap, etc.) 203 and / or text 204.
  • a graphic e.g., image, icon, icon, bitmap, etc.
  • Auxiliary operation with a transaction number as a bitmap on the basis of the defined auxiliary operations is stored as a compressed graphic.
  • the operating unit can be part of a control system; It is also possible that the operating unit is an ei ⁇ gen driving component or integrated in another component of the railway system as the control system.
  • auxiliary operation e.g. the following functions are provided (regardless of the order chosen below): (a) A dialog system for visualizing CAPTCHAs received in compressed graphics format.
  • the interface between the signal ⁇ system and the control unit comprise a data transmission by means of a secure protocol that is supported by both the signal system and the control unit.
  • the secure protocol is independent of the physical transmission channel.
  • the transmission of the CAPTCHA as a compressed graphic can be done in a PNG or JPG format. Accordingly, uncompressed graphics can also be used.
  • the transmission of the feedback from the operator can (possibly encrypted) in text form (eg as ASCII text).

Landscapes

  • Engineering & Computer Science (AREA)
  • Mechanical Engineering (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Train Traffic Observation, Control, And Security (AREA)
  • Input From Keyboards Or The Like (AREA)

Abstract

L'invention concerne l'exécution d'une commande dans un système de signalisation. Il est proposé en se basant sur une commande (auxiliaire) d'une unité de commande qui est dirigée sur un système de signalisation de produire à partir du système de signalisation une information qui comporte un CAPTCHA et de transmettre cette information à l'unité de commande. Là, un opérateur entre la suite de signes représentés dans le CAPTCHA, en particulier un numéro de transaction qui est transmis au système de signalisation à titre de confirmation. Si l'entrée est correcte, la commande est exécutée. Cela offre l'avantage de pouvoir garantir qu'une telle entrée ne provient pas d'une machine mais uniquement de l'opérateur. Cela permet d'empêcher de manière efficace et sûre des commandes automatisées indésirables.
EP13762760.0A 2012-09-10 2013-09-04 Exécution d'une commande dans un système de signalisation Withdrawn EP2872373A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102012215959.2A DE102012215959A1 (de) 2012-09-10 2012-09-10 Durchführung einer Bedienung in einem Signalsystem
PCT/EP2013/068222 WO2014037364A2 (fr) 2012-09-10 2013-09-04 Exécution d'une commande dans un système de signalisation

Publications (1)

Publication Number Publication Date
EP2872373A2 true EP2872373A2 (fr) 2015-05-20

Family

ID=49182211

Family Applications (1)

Application Number Title Priority Date Filing Date
EP13762760.0A Withdrawn EP2872373A2 (fr) 2012-09-10 2013-09-04 Exécution d'une commande dans un système de signalisation

Country Status (5)

Country Link
EP (1) EP2872373A2 (fr)
CN (1) CN104619572A (fr)
DE (1) DE102012215959A1 (fr)
HK (1) HK1207609A1 (fr)
WO (1) WO2014037364A2 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102016213189A1 (de) * 2016-07-19 2018-01-25 Thales Deutschland Gmbh Verfahren zum Betrieb eines automatischen Sicherungssystems, Vorrichtung zum Deaktivieren einer Sicherheitsmaßnahme eines automatischen Sicherungssystems, sowie sicherheitskritisches System

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8145914B2 (en) * 2005-12-15 2012-03-27 Microsoft Corporation Client-side CAPTCHA ceremony for user verification
US7552467B2 (en) * 2006-04-24 2009-06-23 Jeffrey Dean Lindsay Security systems for protecting an asset
CN100401797C (zh) * 2006-05-29 2008-07-09 中国移动通信集团公司 业务请求发起流程的鉴权方法
DE102010015285A1 (de) * 2010-04-14 2011-10-20 Siemens Aktiengesellschaft Verfahren und Vorrichtung zur Bestätigung eines betriebssicheren Zustandes eines sicherheitskritischen Systems
DE102010052666B4 (de) * 2010-11-26 2019-01-03 Trustonic Ltd. Verfahren zur sicheren mobilen Transaktionsdurchführung
CN102624705B (zh) * 2012-02-21 2015-09-30 西南石油大学 一种智能图像验证方法及系统

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
None *
See also references of WO2014037364A2 *

Also Published As

Publication number Publication date
WO2014037364A3 (fr) 2014-11-06
WO2014037364A2 (fr) 2014-03-13
DE102012215959A1 (de) 2014-03-13
CN104619572A (zh) 2015-05-13
HK1207609A1 (en) 2016-02-05

Similar Documents

Publication Publication Date Title
EP2900581B1 (fr) Procédé pour remettre un système de sécurité d'une installation d'ascenseur
DE102008021030B4 (de) Verfahren zum Betreiben eines Fahrzeugs sowie entsprechende Vorrichtung und entsprechendes Fahrzeug
EP1784791A1 (fr) Billet electronique
DE102011090135A1 (de) Vorrichtung und Verfahren für eine sicherheitsrelevante Eingabe über ein Anzeigegerät mit Berührungseingabe
WO2017121602A1 (fr) Procédé pour vérifier un classement de sécurité d'un appareil au moyen d'un certificat numérique, premier et deuxième appareil et dispositif d'émission de certificat
EP2551828B1 (fr) Procédé et système de transmission de données de contrôle entre un appareil d'enregistrement de données de véhicule et un appareil de contrôle
EP3688958B1 (fr) Système et procédé de transmission sécurisée de données
EP1027784B2 (fr) Procede pour la signature numerique d'un message
WO2011128210A1 (fr) Procédé et dispositif pour la validation d'un état de fonctionnement sûr d'un système critique pour la sécurité
DE102017202024B4 (de) Verfahren zum Koppeln eines portablen, mobilen Nutzergeräts mit einem in einem Kraftfahrzeug verbauten Fahrzeuggerät sowie Servervorrichtung
WO2016074789A1 (fr) Procédé de vérification de la validité d'un ticket ; dispositif mobile
EP2872373A2 (fr) Exécution d'une commande dans un système de signalisation
WO2001046785A2 (fr) Procede et dispositif permettant de verifier un fichier
DE19747603C2 (de) Verfahren zum digitalen Signieren einer Nachricht
EP3139354A2 (fr) Procede de reglage d'un mode de fonctionnement d'un systeme de securite
DE102014218191A1 (de) Verfahren zum Betreiben eines Verkehrsleitsystems
EP2715681B1 (fr) Procédé de génération d'un code de déblocage à usage unique, actuellement valide pour un verrou électronique
DE202004013762U1 (de) Elektronisches Ticket
DE102021118667A1 (de) Verfahren und System zur Steuerung von Funktionen eines Fahrzeugs mit einem mobilen Endgerät
WO2020057918A1 (fr) Utilisation d'une interface utilisateur d'un système d'information de passager et/ou d'un système de divertissement
EP3758320A1 (fr) Appareils et procédé de vérification d'appareils
EP3753800B1 (fr) Procédé d'entrée pour commandes d'exploitation critiques en termes de sécurité et système d'exploitation
EP3100895B1 (fr) Procede et systeme d'informations destines a un conducteur de vehicule automobile concernant la disponibilite d'une liaison de communication
DE102017202086A1 (de) Authentifikationseinrichtung, Authentifikationssystem und Verfahren zur Authentifikation eines Nutzers eines Fahrzeugs
DE102005041837B4 (de) Elektronisches Ticket

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20150213

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAX Request for extension of the european patent (deleted)
RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: SIEMENS AKTIENGESELLSCHAFT

17Q First examination report despatched

Effective date: 20180327

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: SIEMENS MOBILITY GMBH

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20181009