EP3686080B1 - Procédé de commande sécurisée d'une installation technique ferroviaire et noeud de réseau d'un réseau de données - Google Patents
Procédé de commande sécurisée d'une installation technique ferroviaire et noeud de réseau d'un réseau de données Download PDFInfo
- Publication number
- EP3686080B1 EP3686080B1 EP20150501.3A EP20150501A EP3686080B1 EP 3686080 B1 EP3686080 B1 EP 3686080B1 EP 20150501 A EP20150501 A EP 20150501A EP 3686080 B1 EP3686080 B1 EP 3686080B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- state
- input
- distributed database
- stored
- network node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims description 23
- 241001236093 Bulbophyllum maximum Species 0.000 description 1
Images
Classifications
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B61—RAILWAYS
- B61L—GUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
- B61L15/00—Indicators provided on the vehicle or train for signalling purposes
- B61L15/0072—On-board train data handling
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B61—RAILWAYS
- B61L—GUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
- B61L27/00—Central railway traffic control systems; Trackside control; Communication systems specially adapted therefor
- B61L27/40—Handling position reports or trackside vehicle data
Definitions
- the invention relates to a method for the safe operation of a railway system, in which a state of at least one line element of the railway system or a value representative of the state is stored.
- the states of elements of the external signal box system are recorded. These elements are, for example, light signals, switches, axle counters and the like. A defined status of these elements is, for example, the displayed signal aspect or the set point position.
- the states of the elements of the interlocking system are recorded and z. B. verified for safe operation or safe display.
- the states of the elements serve, for example, as a basis for safe route setting by the interlocking computers and for safe display in the interlocking computers. For safe operation and display, it must be ensured that the operator, such as a dispatcher, only sees the states that are actually set. Since erroneous information about the states could have serious consequences for the operator, a great deal of effort may have been required to date to ensure safe operation.
- a distributed database also known as distributed ledger technology, is a database distributed across multiple locations, regions or participants. All participants in this decentralized database can view all records. The technology provides an auditable history of all information stored in the specific records.
- each participant processes and verifies a transaction or piece of information, thereby creating a record of that item and creating a consensus as to its veracity.
- a distributed database can be embodied in one of several ways, for example as a blockchain.
- a blockchain i.e. a block chain, is usually understood to be a continuously expandable list of data records called blocks, which are linked together using cryptographic processes. Each block typically contains a cryptographically secure hash value of the previous block and, if necessary, a time stamp and other transaction data.
- the blockchain is generated by a so-called miner and distributed to all participants in the distributed database.
- this changed status or the value of the route element that is representative of the changed status is stored in the distributed database according to the invention in such a way that the change is recognizable, at least in sufficient time.
- Each new record of a changed state contains a current timestamp, which makes it easy to recognize a change from an earlier point in time.
- a blockchain is used as a distributed database, the changed state can be appended to the existing blockchain in a new block and distributed to all participants. The old states can still be read out in the previous blocks.
- the operator is requested by at least one first input and a second input later than the first input by at least one operator and the operator is only executed if the state stored in the distributed database changes or the representative value of the state of the track element has not changed between the first input and the second input.
- the first input is made at the beginning of an operator action and the second input concludes the operator action.
- This embodiment ensures that the states of the route elements have not changed during the operator action. If a change is found between the first and second input, the execution of the operator action can be blocked and a new check by the operator can be requested.
- the status or the representative value of the status can be stored in a blockchain.
- Blockchain technology is a special embodiment of a distributed database in which changed states are stored and distributed in a block of the blockchain.
- a blockchain offers a very high level of security, since the blocks with the states cannot be changed later, and is therefore very trustworthy.
- the status stored in the distributed database or a representative value of the status can be checked using a proof-of-authority method, in particular using a PKI - Public Key Infrastructure , be verifiable.
- the PKI makes it possible to check whether the saved state or states were set by a trustworthy participant, namely the miner.
- a very specific computer can be authorized to create new blocks. This computer uses its PKI so that the other computers in the data network recognize from the PKI that the authorized and trustworthy computer created the data.
- the invention also relates to a network node of a data network in a railway system with at least one memory having the features of claim 4.
- the network node is designed as part of a distributed database in which a status of at least a route element of the railway system or a value that is representative of the condition is stored, and the network node is designed to store a changed status or a value of the route element that is representative of the changed status in the distributed database in such a way that the change can be identified.
- the network node is designed to operate the railway technical system by at least one first input and a second input subsequent to the first input by at least one operator, with the operation only being carried out if no change in the status and the representative value of the state of the link element was detected between the first input and the second input.
- the invention also relates to a railway system with at least one data network, having the features of patent claim 5.
- the data network has at least one network node.
- the route elements 3 are intended to be part of an external signal box system here, for example.
- the route elements 3 can be, for example, light signals, points, axle counting devices, track circuits or the like.
- the railway system 1 also includes various network nodes 4 which are connected to one another and form the data network 2 .
- the network nodes 4 in turn are formed by various computing devices, such as an operating and display computer 5, an interlocking computer 6 and several element computers 7.
- the operating and display computer 5 is arranged, for example, in a control center of the railway system 1 and controls the display of the railway system 1 in this control center.
- the signal box computer 6 is designed for the usual signal box tasks and the elements computer 7 are part of the line elements and z. B. also provided for controlling this.
- the network nodes 4 together form a distributed database 8, which is a blockchain here, for example, which is distributed to each network node.
- the blockchain is therefore available on all network nodes 4 .
- the method according to the invention for operating the system 1 is described below: During operation of the railway system 1, the states of the track elements 3 change continuously. Each time the status of a route element 3 changes, the new, current status of the route elements 3 and in particular the element computers 7 is passed on to the interlocking computer 6 .
- the interlocking computer 6 is in the exemplary embodiment in figure 1 designed to, for the new, changed state of the route element 3 a new block of create blockchain.
- the interlocking computer 6 thus takes over the task of the so-called miner, which creates or calculates new blocks of the blockchain, appends them to the existing blockchain and distributes them.
- the interlocking computer 6 verifies the new block using the proof-of-authority method.
- a PKI Public Key Infrastructure
- the interlocking computer 6 validates the new block with its personal key.
- the interlocking computer 6 By using the proof-of-authority method, it is possible for the interlocking computer 6 to send the new block with the changed status of the route element 3 within a relatively small time window of z. B. maximum 5 seconds created and distributed. This is an advantage over the alternative proof-of-work method, which would require more computing power and time.
- the current status or the new blockchain is then distributed to all network nodes 4 .
- the current states of the route elements 3 are thus always stored in the blockchain and can be read out by all network nodes 4 . If the status changes, the current status is saved in the blockchain together with the current time. That is, the new state flows into a new block and is distributed as a new or updated blockchain.
- the operating and display computer 5 in the control center of the railway system graphically displays the status of the route elements 3 for the operator.
- the operator is, for example, a dispatcher.
- FIG. 2 shows this graphic display with the reference number 9.
- the status of the route elements 3 at the respective point in time is in 2 shown with reference numeral 10.
- the blockchain of the distributed database 8 with the history of the various states of the route elements 3 stored therein is shown with reference numeral 11 .
- the safe operation of the railway system 1 by an operator in the control center is shown schematically in 3 shown.
- the operator starts a so-called command-release required operation of the railway system 1 by a first input, for example by a separate keystroke.
- the operator enters the operation into the operation and display computer 5 and confirms at the end of the operation, ie with a time delay, with a second input, for example again by pressing a separate button.
- step 13 in 3 checked by the control and display computer 5 and/or by the interlocking computer 6 whether one of the states of the route elements 3 has changed between the first and the second input.
- the period of time between the first and second input is greater than 5 seconds and thus larger than the time window for creating a new block. This ensures that when the state changes, a new block is calculated, appended, signed and distributed before the second input is made. An unnoticed change of status is therefore not possible.
- step 14 in 3 the operation is executed if the state has not changed between the first and second input. However, in step 14, the service is rejected if a state change between the first and second inputs is detected. Thus, the previously necessary test steps from the prior art are no longer necessary.
- all network nodes 4 can check the respective states of the route elements 3 by accessing the blockchain.
- the status information in the distributed database 8 can also be used for diagnostic purposes.
- a diagnostic computer (not shown) can also be integrated into the data network 2 for this purpose.
- the method according to the invention makes it possible to dispense with some test steps that are customary today when operating the railway system 1 and the operator input, as a result of which the implementation is significantly less complicated and less complex. As in 3 shown, only a few process steps are required for this.
Landscapes
- Engineering & Computer Science (AREA)
- Mechanical Engineering (AREA)
- Train Traffic Observation, Control, And Security (AREA)
- Electric Propulsion And Braking For Vehicles (AREA)
Claims (5)
- Procédé de commande sécurisé d'une installation (1) de la technique des chemins de fer,dans lequel on met en mémoire, dans une base (8) de données répartie, un état d'au moins un élément (3) de voie de l'installation (1) de la technique des chemins de fer ou une valeur représentative de cet état,caractérisé en ce quesi l'état de l'élément (3) de voie se modifie, on met en mémoire cet état modifié ou la valeur représentative de cet état modifié de l'élément (3) de voie dans la base (8) de données répartie, de manière à pouvoir détecter la modification, dans lequel le service est demandé par au moins une première entrée et par une deuxième entrée postérieure à la première entrée par au moins un opérateur, et le service n'est effectué que si l'état mis en mémoire dans la base (8) de données répartie ou la valeur représentative de l'élément (3) de voie ne s'est pas modifié entre la première entrée et la deuxième entrée.
- Procédé suivant la revendication 1,
caractérisé en ce que
l'on met en mémoire l'état ou la valeur représentative de cet état dans une blockchain. - Procédé suivant l'une des revendications précédentes,
caractérisé en ce que
l'on peut vérifier l'état mis en mémoire dans la base (8) de données répartie ou une valeur représentative de cet état, au moyen d'un procédé proof of authority, en particulier au moyen d'une infrastructure PKI à clé publique. - Noeud (4) d'un réseau (2) de données d'une installation (1) de la technique des chemins de fer, comprenant au moins une mémoire, dans lequel le noeud (4) du réseau est constitué comme partie d'une base (8) de données répartie, dans laquelle un état d'au moins un élément (3) de voie de l'installation (1) de la technique des chemins de fer ou une valeur représentative de cet état est mis en mémoire,
caractérisé en ce que
le noeud (4) du réseau est constitué pour mettre en mémoire un état modifié ou une valeur représentative de cet état modifié de l'élément (3) de voie dans la base de données répartie, de manière à pouvoir détecter la modification, et le noeud (4) du réseau est constitué pour le service de l'installation (1) de la technique des chemins de fer par au moins une première entrée et une deuxième entrée postérieure à la première entrée par au moins un opérateur, dans lequel le service n'est effectué que si, au moyen d'une lecture dans la base de donnée répartie, il n'a pas été constaté de modification de l'état ou de la valeur représentative de cet état de l'élément (3) de voie entre la première entrée et la deuxième entrée. - Installation (1) de la technique des chemins de fer comprenant un réseau (2) de données,
caractérisée en ce que
le réseau (2) de données a au moins un noeud (4) de réseau suivant la revendication 4.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102019200777.5A DE102019200777A1 (de) | 2019-01-23 | 2019-01-23 | Verfahren zum sicheren Bedienen einer eisenbahntechnischen Anlage und Netzwerkknoten eines Datennetzwerks |
Publications (3)
Publication Number | Publication Date |
---|---|
EP3686080A1 EP3686080A1 (fr) | 2020-07-29 |
EP3686080C0 EP3686080C0 (fr) | 2023-08-16 |
EP3686080B1 true EP3686080B1 (fr) | 2023-08-16 |
Family
ID=69143459
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP20150501.3A Active EP3686080B1 (fr) | 2019-01-23 | 2020-01-07 | Procédé de commande sécurisée d'une installation technique ferroviaire et noeud de réseau d'un réseau de données |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP3686080B1 (fr) |
DE (1) | DE102019200777A1 (fr) |
ES (1) | ES2962845T3 (fr) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AT524500B1 (de) * | 2020-12-04 | 2023-02-15 | Plasser & Theurer Export Von Bahnbaumaschinen Gmbh | Verfahren und System zum Betreiben einer Schienenverkehrsanlage |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102015218971A1 (de) * | 2015-09-30 | 2017-03-30 | Siemens Aktiengesellschaft | Sicherungsverfahren für ein Gleisstreckennetz |
-
2019
- 2019-01-23 DE DE102019200777.5A patent/DE102019200777A1/de not_active Withdrawn
-
2020
- 2020-01-07 ES ES20150501T patent/ES2962845T3/es active Active
- 2020-01-07 EP EP20150501.3A patent/EP3686080B1/fr active Active
Also Published As
Publication number | Publication date |
---|---|
EP3686080A1 (fr) | 2020-07-29 |
ES2962845T3 (es) | 2024-03-21 |
EP3686080C0 (fr) | 2023-08-16 |
DE102019200777A1 (de) | 2020-07-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE2853239C2 (fr) | ||
WO2018137856A1 (fr) | Procédés et dispositif pour la création et l'exécution assistées par ordinateur d'une fonction de commande | |
WO2011107068A2 (fr) | Système de communication pour la détermination orientée processeur, l'enregistrement, la transmission et la préparation de données | |
EP3686080B1 (fr) | Procédé de commande sécurisée d'une installation technique ferroviaire et noeud de réseau d'un réseau de données | |
EP0856792A2 (fr) | Méthode pour l'affichage sûr d'un image sur un ecran | |
EP1638246B1 (fr) | Méthode d'échange des données cryptographiques | |
DE102004051130A1 (de) | Verfahren und Automatisierungssystem zum Bedienen und/oder Beobachten mindestens eines Feldgerätes | |
DE102018202626A1 (de) | Verfahren zur rechnergestützten Parametrierung eines technischen Systems | |
AT522276B1 (de) | Vorrichtung und Verfahren zur Integritätsprüfung von Sensordatenströmen | |
EP3703333B1 (fr) | Procédé, dispositif et système de traitement d'au moins une information dans une installation technique de sécurité | |
EP3826226A1 (fr) | Procédé d'enregistrement de trajets pour une installation technique ferroviaire et participant d'enregistrement | |
EP3586261B1 (fr) | Procédé d'accès sécurisé à des données | |
DE1966991A1 (de) | Ausfallgesicherte datenverarbeitungsanlage | |
DE102019005545A1 (de) | Verfahren zum Betreiben eines Maschinendatenkommunikationsnetzwerks, sowie Maschinendatenkommunikationsnetzwerk | |
EP3771613B1 (fr) | Procédé et dispositif de commande d'une installation technique ferroviaire | |
EP3619885A1 (fr) | Procédé de gestion de clés asymétrique, basé sur une chaîne de blocs et installation relative à la sécurité | |
DE19843048C2 (de) | Verfahren für einen Softwarezugriffswechsel in einem Netzwerkknoten eines Telekommunikationsnetzwerkes sowie ein zum Durchführen eines solchen Verfahrens geeigneter Netzwerkknoten | |
EP0823687A1 (fr) | Réseau d'ordinateurs et procédé d'approbation des plans de construction | |
WO2021052708A1 (fr) | Système et procédé de gestion de données d'un appareil de terrain de la technique d'automatisation de manière sécurisée contre la manipulation | |
EP3893065A1 (fr) | Procédé de mise en uvre basée sur le paiement d'une fonction à mettre en uvre d'un appareil de terrain, appareil de terrain correspondant et unité de service | |
EP4339066A1 (fr) | Modèle dynamique pour véhicule ferroviaire | |
EP3889710A1 (fr) | Système de guidage d'une installation technique | |
DE1762570C3 (fr) | ||
EP3786027A1 (fr) | Procédé de fonctionnement de véhicules dans une zone de conduite | |
EP3800517A1 (fr) | Système d'automatisation redondant, procédé de création d'un tel système d'automatisation, programme informatique et support lisible par ordinateur |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20210105 |
|
RBV | Designated contracting states (corrected) |
Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: GRANT OF PATENT IS INTENDED |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: B61L 27/40 20220101ALI20230217BHEP Ipc: B61L 27/00 20060101ALI20230217BHEP Ipc: B61L 15/00 20060101AFI20230217BHEP |
|
INTG | Intention to grant announced |
Effective date: 20230313 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE PATENT HAS BEEN GRANTED |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP Ref country code: DE Ref legal event code: R096 Ref document number: 502020004685 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D Free format text: LANGUAGE OF EP DOCUMENT: GERMAN |
|
U01 | Request for unitary effect filed |
Effective date: 20230828 |
|
U07 | Unitary effect registered |
Designated state(s): AT BE BG DE DK EE FI FR IT LT LU LV MT NL PT SE SI Effective date: 20230904 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20231117 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20231216 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230816 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20231116 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20231216 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230816 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20231117 |
|
U20 | Renewal fee paid [unitary effect] |
Year of fee payment: 5 Effective date: 20240119 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230816 |
|
REG | Reference to a national code |
Ref country code: ES Ref legal event code: FG2A Ref document number: 2962845 Country of ref document: ES Kind code of ref document: T3 Effective date: 20240321 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230816 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230816 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230816 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230816 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20240212 Year of fee payment: 5 |