EP3248137A1 - Electronic control device - Google Patents
Electronic control deviceInfo
- Publication number
- EP3248137A1 EP3248137A1 EP15816687.6A EP15816687A EP3248137A1 EP 3248137 A1 EP3248137 A1 EP 3248137A1 EP 15816687 A EP15816687 A EP 15816687A EP 3248137 A1 EP3248137 A1 EP 3248137A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- partition
- firewall
- control device
- electronic control
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R16/00—Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
- B60R16/02—Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
- B60R16/023—Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for transmission of signals between vehicle parts or subsystems
- B60R16/0231—Circuits relating to the driving or the functioning of the vehicle
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/86—Secure or tamper-resistant housings
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0638—Organizing or formatting or addressing of data
- G06F3/0644—Management of space entities, e.g. partitions, extents, pools
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5061—Partitioning or combining of resources
- G06F9/5077—Logical partitioning of resources; Management or configuration of virtualized resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
Definitions
- the invention relates to an electronic Steuerungvorrich ⁇ tion, which can be used in particular as an "embedded controller" in motor vehicles.
- Electronic control devices can be used in motor vehicles for a wide variety of tasks. For example, they can be used to control driver assistance systems, comfort functions or safety devices such as airbags.
- the invention has the task ge ⁇ assumed friendship ⁇ provide an electronic control device, which has a particularly efficient protection on ⁇ .
- This is inventively achieved by an electronic Steue ⁇ tion device according to claim 1.
- Advantageous embodiments can be taken, for example, the dependent claims. The content of the claims is made by express reference to the content of the description.
- the invention relates to an electronic Steuerungvorrich ⁇ device. It has a number of application partitions, with each application partition running a particular application. It also has at least one firewall partition in which a firewall is executed. Furthermore, it has a number of secure interfaces that are configured to communicate with to the Steuerungsvor ⁇ direction external devices and / or on-board devices. The secure interfaces can only be controlled from the firewall partition. Furthermore, a number of virtual interfaces are provided, each designed for communication between the firewall partition and at least one application partition.
- the electronic control device By means of the electronic control device according to the invention, a particularly high level of security can be achieved since the respective applications can access the secured interfaces only via the virtual interfaces via the firewall. Even in the event that it should be possible for an attacker to replace, for example, an application without authorization, it can not still access make using this malicious software on the secured section ⁇ . For example, if the firewall detects data traffic that is atypical of what is actually expected in the respective partition, the firewall can block such traffic. Thus, both the control device can be protected from the environment, such as also the environment can be protected from the control device.
- the firewall itself can preferably be protected against unauthorized exchange or alteration because it is very simply programmed and thus has no weak points as potential attack points.
- a partition is understood to be, in particular, an area of a memory which is available to a specific application or even to a firewall.
- the partitions are typically so formed from ⁇ that is already ensured by hardware or software side that an application can run in a partition assigned read and write operations only and can that perform no other application on that partition read and write operations. Exceptions may be, for example, an overlap, which will be described below.
- the respective application or the firewall itself is stored in its associated partition.
- the interfaces may, for example, be formed in terms of hardware and enable communication with other devices, for example a CAN bus system, or also with on-board devices.
- the secure interfaces can be controlled exclusively from the firewall partition, which means in particular that data can only be output and / or read from the firewall partition.
- a virtual interface is understood to mean, in particular, an interpartition communications channel.
- the secure interfaces of the firewall partition are controlled such that data from the Firewall partition can be output from the secure interfaces. They can also be controlled such that data can be received from the firewall partition via the secure interfaces. In particular, it can be provided that they can be output or received exclusively from the firewall partition.
- the virtual interfaces each allow a transfer of data from at least one application partition to the firewall partition and / or from the firewall partition to at least one application partition.
- the virtual interfaces can be used advantageously for data exchange between application partitions and firewall partitions.
- the virtual interfaces can in particular be provided by the firewall partition. They may be designed for exclusive communication between a firewall partition and one or more application partitions.
- At least one of the virtual interfaces may be formed by an overlap of the firewall partition and at least one application partition. In such an overlap, at least one application as well as a firewall can typically write data and read from it. It should be understood that both a virtual interface as well as all virtual interfaces or any subset of the total existing virtual interfaces can be designed in such a way.
- at least one of the virtual interfaces is formed by means of a dedicated register which does not belong to an application partition and not to a firewall partition and which is dependent on at least one application partition and on the firewall partition.
- the firewall is designed to prevent a data flow between a virtual interface and a secure interface if the respective data flow according to a predetermined list is inadmissible.
- a blacklist principle in which data traffic is allowed in principle, unless it is explicitly classified as inadmissible by special rules, which may be stored in the list, for example.
- the firewall is designed to allow a data flow between a virtual interface and a secure interface only if the respective data flow is permitted according to a predetermined list. This corresponds to the reversal of the blacklist principle, which is also referred to as the whitelist principle.
- the data traffic is in principle inadmissible, unless it is explicitly allowed, for example through the list.
- the predetermined lists which may represent, for example, a blacklist or whitelist, may be system state dependent, such as normal operation, open diagnostic session, software update, or other possible conditions. Such system states can become .
- the blacklist principle and the whitelist principle can also be combined with each other. For example, depending on the system state, either the blacklist principle or the whitelist principle can be used.
- the firewall is designed to report a data flow between a virtual interface and a secure interface, if the respective data flow is to be reported according to a predetermined list.
- This can be used to monitor the data flow, for example by the fact that, for certain possibly conspicuous data samples, a report is made to a monitoring device or, for example, to the manufacturer or a fleet manager of a motor vehicle.
- the electronic control device further comprises a number of non-secure interfaces adapted to communicate with external devices or on-board devices external to the control device.
- the non-secure interfaces can be controlled directly from at least one application partition or can be controlled via the firewall partition in such a way that data exchanged between the application partition and the non-secure interface is in principle transmitted by the firewall. This makes it possible to prevent a check by the firewall in the case of uncritical interfaces, which, for example, can save computing time.
- ⁇ play as such a principle for non-critical generation may ral-purpose input / output (GPIO) pins are used.
- the firewall partition may be part of a plurality of firewall partitions, each firewall partition being associated with a number of secure interfaces. This allows you to split the monitoring task over multiple firewalls, with each firewall typically running in its own partition.
- the electronic control device can be designed in particular as an embedded controller. This allows Ver ⁇ application in typical applications in motor vehicles, examples play, for the initially described applications. Likewise, it can be designed as a cyber-physical device.
- the electronic control device has a memory management unit, MMU.
- the memory management unit can manage the partitions.
- a memory management unit can in particular implement an address virtualization. This may mean that the application works with virtual addresses that are decoupled from physical addresses.
- a mapping between virtual and physical addresses is managed by the Memory Management Unit. Addresses to which an application should not have access do not exist for this application.
- a memory protection unit, MPU can also be used.
- the Memory Protection Unit can also manage the partitions. All applications typically work with physical addresses, but with memory protection 0
- the electronic control device has an operating system.
- the operating system can prevent direct access to the secure interfaces from the application partitions.
- the operating system may also facilitate communication between different partitions, particularly by providing for overlapping of the respective partition or by providing a dedicated register.
- the operating system can also allocate computation time to different applications.
- the operating system can configure a memory management unit or a memory protection unit.
- the secure interfaces may, in particular, be one or more of the following interfaces:
- Serial Peripheral Interface SPI
- serial interface other, in particular serial interface.
- a frequency may be monitored with which individual pins may change their level.
- a frequency can be monitored in which messages may be sent or received to specific bus users (recognizable by chip select). Allowed operation codes of SPI messages or valid lengths of SPI messages can be specified. It can also be synchronized with GPIO if data exchange is synchronous with chip select control.
- a frequency can be monitored in which messages may be received or sent. Allowed IDs can be specified which may be sent or received. Allowed values within the messages can be checked. Furthermore, the correct protocol usage can be checked if a protocol is used.
- a frequency can be checked in which messages may be received or sent. Unauthorized ports or unauthorized receivers or senders can be blocked. Deep-packet filtering can also be used to verify correct protocol usage.
- UART a frequency can be checked in which messages may be received or sent. Likewise, the correct protocol usage can be checked.
- the microcontroller 10 has an interface part 100 and a partition part 200.
- a CAN interface 110, an SPI interface 120 and a GPIO interface 130 are implemented in the present case.
- a firewall partition 210, a first application partition 220 and a second application partition 230 are implemented in the partition part 200.
- the firewall partition 210 is running a firewall.
- a first application is executed in the first application partition 220.
- a second application is executed.
- the firewall running in the firewall partition 210 comprises a CAN driver 213, an SPI driver 215 and a GPIO driver 217. These drivers may communicate with the interfaces 110, 120, 130 of the interface portion 100 so that these interfaces 110, 120, address 130, so that a commu nication ⁇ is possible with external devices or with on-board devices. As can be seen in FIG. 1, the interfaces 110, 120, 130 can only be addressed via the drivers 213, 215, 217. This means in particular that they can only be addressed by the firewall partition 210. Direct access to the interfaces 110, 120, 130 from the two application partitions 220, 230 is not possible.
- the firewall further includes a CAN check module 212, an SPI check module 214, and a GPIO check module 216.
- the verification modules 212, 214, 216 are designed to to check traffic to drivers 213, 215, 217. In particular, they are designed to monitor respective traffic for whether suspicious or prohibited data is included. In this case, data traffic would be stopped immediately. This corresponds to the so-called blacklist principle, in which communication is generally allowed, but is prevented if certain rules or criteria are applied. Even in the event that it should be possible, for example, an attacker record a malicious software in one of the application partitions 220, 230, a potentially defective communi ⁇ cation could be suppressed to the outside of the firewall.
- the interfaces 110, 120, 130 which ultimately make the connection to the outside, can only be addressed by the firewall partition 210 and thus only data traffic comes to the outside or is received from the outside, which of a the verification modules 212, 214, 216 has been checked. As shown, it is also contemplated that SPI check module 214 and GPIO check module 216 may exchange data with each other.
- the first application partition 220 is designed such that the first application executing, for example, an algorithm 222 can access the CAN interface 110.
- a virtual CAN interface 224 is provided, which in the present case is designed as a register, which can be accessed both from the first application partition 220 and from the firewall partition 210. This allows the first application from its first application partition 220 to exchange data with the firewall in the firewall partition 210, which are then forwarded to the CAN interface 110, if no rules oppose it. The same applies when receiving data via the CAN interface 110.
- the second application which runs in the second application partition 230 and executes an algorithm 232, for example, can access the SPI interface 120 and the GPIO interface 130.
- a virtual SPI interface 234 and a virtual GPIO interface 236 are implemented, which in the present case are formed as registers, which can be accessed both from the second application partition 230 and from the firewall partition 210.
- this allows a data exchange between the second application partition 230 and the firewall partition 210, so that the second application can access the SPI interface 120 and the GPIO interface 130 from its second application partition, ie, can send data about it and data can receive over these.
- the corresponding traffic is monitored by the firewall in the firewall partition 210.
- communication between the SPI virtual interface 234 and the GPIO virtual interface 236 is also provided. In the present case, communication between the two applications in the application partitions 220, 230 is also possible.
- the firewall running in the firewall partition 210 is particularly easy to program so that it does not provide vulnerabilities that attackers could exploit. Thus, it is much less likely that an attacker will succeed in compromising the firewall in the firewall partition 210 than compromising one of the applications in the application partitions 220, 230. Even if the latter were to happen despite all precautionary measures, the firewall would still be functional, which due to the hardware-implemented mandatory requirement to run the data traffic through the firewall can intercept any harmful traffic. The claims belonging to the application do not constitute a waiver of the achievement of further protection.
- an electronic control device may in principle comprise processor means and memory means, wherein program code is stored in the memory means, in the execution of which the processor means behave in a defined manner.
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102015200801.0A DE102015200801A1 (en) | 2015-01-20 | 2015-01-20 | Electronic control device |
PCT/EP2015/078970 WO2016116207A1 (en) | 2015-01-20 | 2015-12-08 | Electronic control device |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3248137A1 true EP3248137A1 (en) | 2017-11-29 |
Family
ID=55025008
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP15816687.6A Pending EP3248137A1 (en) | 2015-01-20 | 2015-12-08 | Electronic control device |
Country Status (5)
Country | Link |
---|---|
US (1) | US20170374026A1 (en) |
EP (1) | EP3248137A1 (en) |
CN (1) | CN107004101A (en) |
DE (1) | DE102015200801A1 (en) |
WO (1) | WO2016116207A1 (en) |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0306211A3 (en) * | 1987-09-04 | 1990-09-26 | Digital Equipment Corporation | Synchronized twin computer system |
US6292718B2 (en) * | 1999-01-28 | 2001-09-18 | International Business Machines Corp. | Electronic control system |
US6292874B1 (en) * | 1999-10-19 | 2001-09-18 | Advanced Technology Materials, Inc. | Memory management method and apparatus for partitioning homogeneous memory and restricting access of installed applications to predetermined memory ranges |
US7171539B2 (en) * | 2002-11-18 | 2007-01-30 | Arm Limited | Apparatus and method for controlling access to a memory |
ATE492085T1 (en) * | 2003-01-28 | 2011-01-15 | Cellport Systems Inc | A SYSTEM AND METHOD FOR CONTROLLING APPLICATIONS' ACCESS TO PROTECTED RESOURCES WITHIN A SECURE VEHICLE TELEMATICS SYSTEM |
DE10319365A1 (en) * | 2003-04-29 | 2004-11-18 | Volkswagen Ag | Computer system for a vehicle and method for controlling the data traffic in such a computer system |
WO2005050381A2 (en) * | 2003-11-13 | 2005-06-02 | Commvault Systems, Inc. | Systems and methods for performing storage operations using network attached storage |
US20160277261A9 (en) * | 2006-12-29 | 2016-09-22 | Prodea Systems, Inc. | Multi-services application gateway and system employing the same |
US9081911B2 (en) * | 2011-05-31 | 2015-07-14 | Architecture Technology Corporation | Mediating communication of a universal serial bus device |
DE102011084254A1 (en) * | 2011-10-11 | 2013-04-11 | Zf Friedrichshafen Ag | Communication system for a motor vehicle |
EP2817761A2 (en) * | 2012-02-24 | 2014-12-31 | Missing Link Electronics Inc. | Partitioning systems operating in multiple domains |
CN102710669B (en) * | 2012-06-29 | 2016-03-02 | 杭州华三通信技术有限公司 | A kind of method that firewall policy controls and device |
-
2015
- 2015-01-20 DE DE102015200801.0A patent/DE102015200801A1/en active Pending
- 2015-12-08 CN CN201580058655.7A patent/CN107004101A/en not_active Withdrawn
- 2015-12-08 EP EP15816687.6A patent/EP3248137A1/en active Pending
- 2015-12-08 US US15/524,345 patent/US20170374026A1/en not_active Abandoned
- 2015-12-08 WO PCT/EP2015/078970 patent/WO2016116207A1/en active Application Filing
Non-Patent Citations (2)
Title |
---|
None * |
See also references of WO2016116207A1 * |
Also Published As
Publication number | Publication date |
---|---|
DE102015200801A1 (en) | 2016-07-21 |
WO2016116207A1 (en) | 2016-07-28 |
US20170374026A1 (en) | 2017-12-28 |
CN107004101A (en) | 2017-08-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3278529B1 (en) | Attack detection method, attack detection device and bus system for a motor vehicle | |
EP2981926B1 (en) | Data storage device for protected data exchange between different security zones | |
DE112019000485T5 (en) | SYSTEM AND PROCEDURE FOR PROVIDING SECURITY FOR IN-VEHICLE NETWORK | |
WO2006133774A1 (en) | Method and device enabling the component of a motor vehicle to reliably communicate with an external communication partner by means of a wireless communications connection | |
EP3625950B1 (en) | Data-processing device, complete entity, and method for operating a data-processing device or complete entity | |
EP3451624B1 (en) | Device and method for controlling a communication network | |
EP3262797B1 (en) | Motor vehicle communication network with switch device | |
WO2003015369A2 (en) | Method and computer system for securing communication in networks | |
DE102020201988A1 (en) | Device for processing data with at least two data interfaces and operating methods therefor | |
EP3655876B1 (en) | Single-chip system, method for operating a single-chip system, and motor vehicle | |
EP3417589A1 (en) | Reducing a possible attack on a weak point of a device via a network access point | |
EP3248137A1 (en) | Electronic control device | |
EP3813314B1 (en) | Securing system and method for filtering data traffic | |
EP2911363B1 (en) | Radio device with two radio units and method for transmitting information | |
DE102013221955A1 (en) | Security relevant system | |
EP1473614A2 (en) | Computer system for a vehicle and method controlling the data traffic in the computer system | |
DE102016008957A1 (en) | Direct access to bus signals in a motor vehicle | |
DE102016213164A1 (en) | Storage device, data transfer device and method for transferring data | |
EP3382976A1 (en) | Protective device, method and apparatus comprising a protection device for protecting a communication network associated with the device | |
DE102022107431B3 (en) | Method for retrofitting socks compatibility for at least one application in a motor vehicle and correspondingly equipped motor vehicle | |
EP3603011B1 (en) | Apparatuses and method for operating mobile radio communication with a track-mounted apparatus | |
WO2017148559A1 (en) | Method and analysis module for checking encoded data transfers | |
DE102013209914A1 (en) | Filtering a data packet by means of a network filter device | |
EP3395039A1 (en) | Apparatus and method for forwarding data packets | |
WO2021197822A1 (en) | Method for handling an anomaly in data, in particular in a motor vehicle |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20170821 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: CONTINENTAL TEVES AG & CO. OHG |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: CONTINENTAL TEVES AG & CO. OHG |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20191128 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: CONTINENTAL AUTOMOTIVE TECHNOLOGIES GMBH |