WO2021148377A1 - Sécurité contre la manipulation à l'aide de tolérances spécifiques au dispositif - Google Patents

Sécurité contre la manipulation à l'aide de tolérances spécifiques au dispositif Download PDF

Info

Publication number
WO2021148377A1
WO2021148377A1 PCT/EP2021/051009 EP2021051009W WO2021148377A1 WO 2021148377 A1 WO2021148377 A1 WO 2021148377A1 EP 2021051009 W EP2021051009 W EP 2021051009W WO 2021148377 A1 WO2021148377 A1 WO 2021148377A1
Authority
WO
WIPO (PCT)
Prior art keywords
uwb
signal
communication device
data
variations
Prior art date
Application number
PCT/EP2021/051009
Other languages
German (de)
English (en)
Inventor
Olaf Dressel
Ilya Komarov
Original Assignee
Bundesdruckerei Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bundesdruckerei Gmbh filed Critical Bundesdruckerei Gmbh
Priority to EP21700931.5A priority Critical patent/EP4094462A1/fr
Publication of WO2021148377A1 publication Critical patent/WO2021148377A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/108Source integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Definitions

  • the invention relates to a method for tamper protection of a UWB communication device, UWB communication devices for tamper protection and a UWB monitoring system with one or more UWB communication devices for manipulation protection.
  • the invention is based on the object of creating a method for improved manipulation protection for UWB-based monitoring systems.
  • Embodiments include a method for tamper protection of a first UWB communication device which is configured to send a UWB signal for communication by means of UWB within a UWB monitoring system for monitoring a spatial area.
  • the procedure includes:
  • Extracting signal variations from the transmitted UWB signal wherein the extracted signal variations include one or more device-specific signal variations that are individual for the transmitting first UWB communication device, wherein the extracted signal variations are limited to a tolerance range of the transmitted UWB signal, wherein a data coding of the data transmitted by the UWB signal remains unaffected by signal variations that are limited to the tolerance range of the transmitted UWB signal,
  • Embodiments can have the advantage that a manipulation protection of the UWB communication device based on characteristic, individual properties of the corresponding UWB communication device, which are expressed in the form of corresponding device-specific signal variations in UWB signals that the UWB communication device.
  • characteristic properties can be, for example, hardware properties of the UWB communication device and / or properties of an individual environment of the UWB communication device, which influence the UWB signals sent by the UWB communication device within the tolerance range.
  • the resulting device-specific signal variations represent a fingerprint or "transmission footprint" of the UWB communication device.
  • the hardware properties of the UWB communication device result, for example, from a combination of manufacturing tolerances of the individuals involved in generating and sending the UWB signal.
  • the UWB communication device Since these manufacturing tolerances are essentially random and can also depend on interactions between the hardware components used, they cannot be reproduced, or at least cannot be reproduced with reasonable effort.
  • the combination of the corresponding manufacturing tolerances therefore represents a "physical unclonable function" (PUF) of the UWB communication device, which results in a non-reproducible device-specific signal variations of the UWB communication device.
  • PUF physical unclonable function
  • the PUF's influence on the UWB signal is limited to the Tolerance range of the transmitted UWB signal, ie it does not affect the data transmitted with the UWB signal or their coding.
  • the tolerance range is used as an additional information layer of the transmitted UWB signal on the device-specific signal variations resulting from the PUF Embodiments can therefore have the advantage of providing effective protection against attempts at manipulation using cloned UWB communication devices in the UWB monitoring system.
  • the validation of the device-specific signal variations can be used to determine whether this is the case i the sending UWB communication device is the original device or whether it has been modified and / or cloned.
  • the tolerance range defines a permissible parameter range within which parameters of a transmitted UWB signal may vary without influencing or changing the data encoded in the UWB signal.
  • a “physical unclonable function” or “PUF” is to be understood as a function that is made up of physical structures, in particular microstructures, of hardware components of the UWB communication device, which are very difficult or impossible to produce in a targeted manner.
  • Unclonability ie non-copier, preferably means physical and mathematical non-copier.
  • Physical non-copyability means that it is impossible to reproduce a certain PUF structure in the same form.
  • Mathematical non-copierability means that it is impossible to mathematically / computer-technically predict or calculate the UWB signal in its form modified by the PUF.
  • the interactions of the influencing variables in the course of the manufacturing process and the interactions of the hardware components with their manufacturing tolerances are too complex to be able to predict the modification of the UWB signal.
  • the combination of physical and mathematical non-copying makes a PUF particularly secure and "non-copying".
  • the device-specific signal variations of the UWB communication device resulting from the PUF can therefore neither be physically reproduced nor mathematically calculated in advance.
  • a PUF is not variable over time, for example, that is, regardless of the point in time, the device-specific signal variations generated by the PUF of the UWB communication device are the same.
  • Embodiments can have the advantage that all or at least the most important components of a UWB monitoring system, which are UWB communication devices, i.e. which are configured to send a UWB signal, can be effectively protected against manipulation.
  • the present method can be used for an "auto integrity check" by the sending UWB communication device itself, in which the UWB communication device and / or a security module comprised by the UWB communication device checks whether the hardware configuration of the UWB communication device has changed
  • the present method can also be used for a remote test by one or more other components of the UWB monitoring system that receive the transmitted UWB signal. This remote test can also be used to determine whether the hardware configuration of the UWB communication device has been changed
  • the method can be used on both sides to secure mobile, portable UWB communication devices, such as UWB tokens, as well as stationary, permanently installed UWB communication devices.
  • the spatial area is, for example, a restricted-access spatial area, for example a restricted-access security area.
  • the restricted-access spatial area is, for example, delimited from the surroundings and, as intended, can only be entered via one or more entrances or exits.
  • the restricted-access spatial area is an indoor area.
  • UWB Ultra Wideband
  • UWB refers to the wireless transmission of electromagnetic pulse-shaped signals over a plurality of parallel radio channels with low transmission powers, e.g. up to a maximum of 1 mW.
  • UWB is based on the generation of pulses with the shortest possible pulse duration, which is why the spectrum emitted or received via the UWB antenna is larger or wider, the shorter the pulse duration, according to the Ge set of the Fourier transformation.
  • the product of the temporal and spectral width of the pulse is constant.
  • the total transmission power of a few milliwatts or less is based on such a large frequency area distributed so that no interference is to be expected for the radio operation of narrowband transmission methods. It is therefore difficult or impossible to see that a transmission with UWB is taking place at all.
  • a UWB signal appears much more like noise. This enables communication that can hardly be located and which can be used in the same frequency range as conventional transmission methods.
  • UWB does not use a fixed carrier frequency which is modulated. Rather, data transmission takes place, for example, based on pulse phase modulation or pulse position modulation ("Pulse-Position Modulation" / PPM) using a plurality of individual pulses. Another possibility for data transmission using UWB is modulation of the polarity and / or amplitude of the pulses. If the times of the individual pulses differ sufficiently, several UWB transmission channels can be operated in the same spatial area without mutual interference.
  • UWB systems can provide useful bit rates up to the Gbit / s range, for example.
  • the ranges of UWB transmissions can range from a few meters to a hundred meters, for example.
  • the UWB technology also enables a radar method to be implemented using UWB radar sensors.
  • an electromagnetic alternating field with a large bandwidth is generated, the field strengths of which are small. Depending on the nature of objects in the range of the electromagnetic alternating field, this will deform the alternating field.
  • the resulting field can be detected by a UWB sensor. With knowledge of both the output field and the resulting field, conclusions can be drawn about the cause of the detected deformation and also about the type and geometry of the object or objects in the range of the electromagnetic alternating field.
  • UWB radar sensors work, for example, on frequencies between BO MHz and 12.4 GHz. Depending on the application, resolutions from centimeters to a few millimeters can be achieved with working bandwidths of 5 GHz.
  • short pulses are sent out and compared with the pulse patterns reflected by the object or objects. This allows geometric parameters such as distance, thickness, length, position, body shape, movement and / or speed to be determined. Also, objects can get through clothing and Walls through, can be detected. The properties of the propagation medium for the electromagnetic fields are assumed to be known.
  • UWB can prevent tracking of mobile devices, since devices communicating via UWB, such as UWB tokens, cannot be localized without knowledge of the UWB coding used. Furthermore, the relatively short range of UWB ensures that remote tracking and / or eavesdropping can be effectively prevented.
  • the UWB coding offers independent, instantaneous encryption of the transmitted data, which is thus protected against eavesdropping.
  • UWB has a high resistance to interference signals ("jamming"). Due to these special technical properties that are advantageous for safety applications, a monitoring system can be implemented using UWB, which provides a high level of process protection can also guarantee the sensor data located or used therein, but in particular also in connection with person-related sensor data of participants. In particular, a high level of security of the data transmission by means of UWB can be ensured.
  • a UWB sensor is understood to be a sensor or anchor that is configured to transmit recorded data, e.g. sensor data, by means of UWB.
  • a UWB sensor such as a UWB radar sensor or a UWB localization sensor, can be configured to acquire sensor data by means of UWB.
  • a UWB sensor can configure the sensor data by means of a UWB-independent method, for example an optical, acoustic, chemical, thermal, electromagnetic and / or vibration-based method.
  • the UWB sensors are configured for data transmission exclusively by means of UWB.
  • one or more of the UWB sensors can additionally be configured to transmit captured data by means of a wired data connection.
  • some of the UWB sensors of the UWB monitoring system are configured to transmit captured data by means of a wired data connection.
  • all of the UWB sensors of the UWB monitoring system are configured for the transmission of recorded data by means of a wired data connection.
  • Sensor data is understood to mean data acquired by means of one of the UWB sensors, ie, for example, optical, acoustic, chemical, thermal, electromagnetic and / or vibration-based data.
  • the sensor data are recorded by the UWB Transmit sensors within the UWB monitoring system using UWB.
  • one or more of the UWB sensors can also be configured to transmit captured data by means of a wired data connection.
  • the sensor data can also be data that were recorded by the UWB sensors by means of UWB.
  • the sensor data is sensor data from a UWB radar sensor or a UWB localization sensor.
  • the device-specific signal variations from the extracted signal variations comprise one or more signal variations which are characteristic of individual hardware properties of the transmitting first UWB communication device.
  • the device-specific signal variations include, for example, individual intrinsic properties of the UWB communication device, such as a combination of manufacturing tolerances of the hardware components of the UWB communication device involved in generating and sending the UWB signal.
  • the device-specific signal variations comprised by the extracted signal variations include one or more signal variations which are characteristic of individual properties of the environment within the spatial area from which the first UWB communication device sends the UWB signal.
  • Embodiments can furthermore have the advantage that environmental influences which define an environment provided for the use of the UWB communication device or the transmission of the UWB signal. If the environment of the UWB communication device is changed in the course of manipulation, e.g. if the UWB communication device is used in a different position than the intended position within the spatial area, this can be recognized using the UWB signal.
  • UWB communication devices such as UWB localization sensors or UWB radar sensors, which can monitor each other.
  • UWB radar sensors Another possibility is the extended evaluation of the incoming UWB signal, especially in the case of delayed incoming signal reflections, such as in the case of a UWB radar, from which information about the environment can be read.
  • the device-specific signal variations comprise device-specific amplitude variations of the transmitted UWB signal.
  • Embodiments can have the advantage that device-specific properties, such as hardware properties, can result in amplitude variations of the UWB signal. These amplitude variations can be used to effectively check the integrity of the UWB communication device.
  • the device-specific signal variations are, for example, within an additional information layer in relation to the amplitudes of the data coding. Over the very broad frequency range used in the UWB, amplitudes that are always the same cannot be achieved; rather, device-specific variations occur. After decoding the data transmitted with the signal, the respective amplitude or the respective signal level can be calculated back to the offset that has occurred.
  • two directly adjacent signals can each logically deliver "1", but the actual amplitude is not identical for both signals, for example 1.0 V, but possibly 0.8 V and 0.99 V. As long as both values are within the tolerance range for a logical "1", they are decoded as a logical "1".
  • the device-specific signal variations comprise device-specific frequency variations of the transmitted UWB signal.
  • Embodiments can have the advantage that device-specific properties, such as hardware properties, can result in frequency variations of the UWB signal. These frequency variations can be used for an effective integrity check of the UWB communication device.
  • the method is carried out by a second UWB communication device of the UWB monitoring system in the course of receiving the transmitted UWB signal by the second UWB communication device, which has access to the stored reference values of the device-specific signal variations.
  • Embodiments can have the advantage that the integrity of the UWB communication device sending the UWB signal can be checked remotely by one or more further UWB communication devices that are independent of this.
  • the stored reference values of the device-specific signal variations are assigned to a device ID, the data transmitted with the transmitted UWB signal including the device ID of the first UWB communication device.
  • the device-specific signal variations can also be used to authenticate the sending UWB communication device, during which it can be checked whether the sending UWB communication device is actually the one identified with the device ID UWB communication device.
  • the method is carried out by the first UWB communication device in the course of sending the UWB signal, the stored reference values of the device-specific signal variations being stored in a memory of the first UWB communication device.
  • Embodiments can have the advantage that the sending UWB communication device enables an “auto integrity check” whereby the corresponding UWB communication device can check itself for manipulations.
  • the UWB signal is subject to the fewest external influences immediately when it is sent, ie device-specific signal variations can be extracted and evaluated most easily at this point in time.
  • the method is carried out by a security module of the first UWB communication device.
  • the stored reference values of the device-specific signal variations are stored in a memory of the security module.
  • the method further comprises, upon unsuccessful validation of the extracted signal variations, outputting a manipulation warning signal.
  • Embodiments can have the advantage that effective protection against manipulation can be provided. If a possible manipulation is suspected, i.e. the integrity of the UWB communication device cannot be confirmed, this is indicated.
  • a UWB communication device is understood to mean an electronic device which is configured for wireless communication by means of UWB.
  • the first UWB communication device is a mobile, portable UWB token of the UWB monitoring system.
  • a UWB token is a hardware token in the form of a mobile portable electronic device that is configured for wireless communication by means of UWB.
  • a UWB token can also be configured to determine position data based on a transit time measurement and triangulation of UWB signals, which it receives from localization sensors of the UWB monitoring system.
  • the UWB token can be designed as a document, in particular a value or security document.
  • a "document” is understood to mean paper-based and / or plastic-based documents, such as electronic identification documents, in particular passports, ID cards, visas as well as driver's licenses, vehicle documents, vehicle documents, company ID cards, health cards or other ID documents as well as chip cards, means of payment, in particular banknotes, bank cards and credit cards, waybills or other credentials.
  • electronic identification documents in particular passports, ID cards, visas as well as driver's licenses
  • vehicle documents vehicle documents, company ID cards, health cards or other ID documents as well as chip cards
  • means of payment in particular banknotes, bank cards and credit cards, waybills or other credentials.
  • the first UWB communication device is a UWB localization sensor which is configured to determine position data of a mobile, portable UWB token within the spatial area.
  • the determination of the position data takes place using a transit time measurement of the transmitted th UWB signal between the UWB location sensor and the mobile portable UWB token.
  • the determination is based on triangulation using a plurality of UWB location sensors, such as three or four.
  • the first UWB communication device is a UWB radar sensor which is configured to detect physical bodies within the spatial area using the transmitted UWB signal.
  • the UWB signal sent is a UWB radar signal.
  • the first UWB communication device is a UWB sensor which is configured to acquire sensor data and to transmit the acquired sensor data by means of the transmitted UWB signal within the UWB monitoring system.
  • the acquired sensor data include optical, acoustic, chemical, thermal, electromagnetic and / or vibration-based sensor data.
  • the first UWB communication device is a UWB transceiver which is configured to forward UWB signals within the UWB monitoring system.
  • the transmitted UWB signal is a forwarded UWB signal.
  • the first UWB communication device is a control module of the UWB monitoring system.
  • the transmitted UWB signal is a control signal from the control module for controlling the UWB monitoring system.
  • Embodiments can have the advantage that each component of the UWB monitoring system that sends UWB signals can be effectively protected against manipulation.
  • the method further comprises:
  • Embodiments can have the advantage that it can be ensured that person-related sensor data, insofar as they are recorded by the UWB sensors, are not made available as a result of the anonymization or are only made available in such a form that no conclusions can be drawn about the identity of the persons to which the personal data are related.
  • the anonymization includes, in particular, changing personal sensor data in such a way that individual information about personal or factual circumstances can no longer be assigned to a specific or identifiable natural person or can only be assigned a disproportionately large amount of time, costs and manpower.
  • the change includes, for example, a content-related redesign of recorded personal sensor data up to the deletion of the same.
  • deletion denotes, for example, making personal sensor data unrecognizable through to complete removal of the corresponding personal sensor data from a memory for storing acquired sensor data.
  • the memory can be, for example, a local or a central memory of the UWB monitoring system.
  • the exception event comprises an unsuccessful validation of the extracted signal variations of the transmitted UWB signal.
  • Embodiments can have the advantage that in the event of a suspicion of manipulation, the anonymization of the person-related sensor data can be temporarily suspended and an effective check can be made as to whether, where, what type of manipulation is present.
  • Personal sensor data denote sensor data which enable a person to be identified or can be assigned to a person to whom the personal sensor data are related.
  • personal sensor data are, for example, individual items of information about personal or factual circumstances of a specific or identifiable natural person recorded by means of one of the UWB sensors.
  • the person-related sensor data include visual sensor data, such as video and / or photo data, on the basis of which a person can be recognized. This is particularly the case when a person's face can be recognized on the basis of the video and / or photo data.
  • An anonymization filter is configured to selectively anonymize personal data.
  • the anonymization filter can be configured to anonymize sensor data which are recorded by certain UWB sensors or a certain type of UWB sensors of the UWB monitoring system. These are, for example, video and / or image data that are recorded using a surveillance camera and on which individual persons can be identified.
  • An exception event denotes an anomaly in the recorded sensor data, ie a data constellation which is not to be expected under predefined operating conditions.
  • the anomaly can be an emergency situation, such as a fire he or unauthorized entry into and / or movement within the spatial area.
  • the suspension of anonymization is limited to person-related sensor data that are recorded by UWB sensors that have a predefined reference to the detected exception event.
  • UWB sensors for whose personal sensor data anonymization is suspended, are assigned to the same spatial section of the spatial area as the UWB sensor or sensors in whose recorded sensor data the exceptional event is detected .
  • Embodiments can have the advantage that the suspension of anonymization is not only limited in time, but also spatially. This means that unnecessary suspension of anonymization, e.g. for personal data that has nothing to do with the exceptional event, can be avoided.
  • the predefined reference additionally or alternatively consists in the fact that UWB sensors, for whose personal sensor data anonymization is suspended, are assigned to predefined spatial sections of the spatial area.
  • the corresponding spatial sections are, for example, entrances and exits to an area with restricted access.
  • a possible unauthorized intrusion into the restricted-access area or in the event of a possible emergency, such as a fire alarm it can be advantageous to record who is entering and / or leaving the restricted-access area or who is trying to enter the restricted-access area and / or leave.
  • the anonymization of all person-related sensor data recorded by the UWB monitoring system is temporarily suspended.
  • Embodiments can have the advantage that it can be ensured that no personal sensor data relevant and / or necessary for handling and / or rectification of the exceptional event are missing due to the anonymization.
  • the anonymization by the anonymization filter includes deleting at least part of the personal sensor data.
  • the temporary suspension of anonymization includes storing the personal sensor data, which are recorded within a limited time window.
  • Embodiments can have the advantage that in the event of deletion, ie complete removal of personal sensor data from local and / or central memories of the UWB monitoring system, it can be ensured that no one can gain access to this data. However, if an exception event occurs, only For this special case, personal sensor data, such as video and / or image data, are stored for a limited time. According to embodiments, the stored data are provided for the purpose of data analysis, in particular for the purpose of identifying persons to whom the stored personal sensor data are related.
  • the storage is a time-limited storage.
  • the stored personal sensor data are deleted again after their evaluation and / or upon termination of the exceptional situation.
  • the storage is permanent storage.
  • the limited time window begins with the detection of the exceptional event. According to embodiments, the limited time window ends when a predetermined period of time has elapsed or the detection of the exceptional event ends.
  • Embodiments can have the advantage that the storage of the personal sensor data remains limited in time to a time window which is related to the detected exception event. For example, it can be assumed that only personal sensor data recorded in this time window are relevant in the context of the detected exceptional event.
  • the limited time window ends, for example, when the exceptional event is no longer detected or can no longer be detected.
  • the exceptional event can be detected, for example, in the form of a detection of smoke by a UWB sensor of the monitoring system designed as a smoke alarm. If the exceptional event is no longer detected, ie no more smoke is detected, the suspension of anonymization, for example, is ended.
  • the predetermined period of time can have a length of seconds and / or minutes, for example.
  • the deletion of the personal sensor data takes place in each case by the UWB sensor that detects the personal sensor data to be deleted.
  • the storage of the person-related sensor data in each case comprises a transmission of the person-related sensor data by the UWB sensor detecting the person-related sensor data to be stored, at least partially and / or completely by means of UWB to a storage module of the UWB monitoring system.
  • the storage of the person-related sensor data each includes a transmission of the person-related sensor data by the UWB sensor, which detects the person-related sensor data to be saved, at least partially and / or completely by means of a wired data connection to a memory module of the UWB monitoring system.
  • Embodiments can have the advantage that, in the event of direct deletion by the capturing UWB sensor, it can be ensured that the person-related sensor data to be deleted within the monitoring system do not go beyond the capturing UWB sensor. As a result, it can be effectively prevented that someone can gain access to the personal sensor data in an unauthorized manner.
  • Embodiments can also have the advantage that the personal sensor data stored in the memory module can be used, if necessary, to handle and / or remedy the exceptional event. For example, the stored personal sensor data can be analyzed in order to determine which people are and / or could be involved in the exceptional event.
  • the memory module can be a local memory module of a plurality of memory modules distributed decentrally via the UWB monitoring system or a central memory module of the UWB monitoring system.
  • the anonymization by the anonymization filter comprises an encryption of at least part of the personal sensor data.
  • the time-limited suspension of anonymization includes a time-limited provision of the corresponding person-related sensor data in unencrypted form.
  • Embodiments can have the advantage that, by encrypting the person-related sensor data, access to the person-related sensor data can be effectively prevented.
  • access to already recorded personal sensor data can be made possible by means of decryption become.
  • the personal sensor data is only made available for a limited time in decrypted form.
  • the encryption of the personal sensor data takes place in each case by the UWB sensor that records the personal sensor data to be encrypted.
  • Embodiments can have the advantage that the personal sensor data are encrypted directly when they are recorded and, in the UWB monitoring system, are only further processed in encrypted form. Encryption can take place, for example, with a public cryptographic key of an asymmetric key pair, so that it can be decrypted by an owner of the associated secret cryptographic key of the corresponding asymmetric key pair.
  • the corresponding owner is, for example, a central or decentralized control module of the UWB monitoring system.
  • the secret cryptographic keys are stored, for example, in a protected memory area of a memory module which is assigned to the corresponding control module.
  • the control module provides all UWB sensors or at least all UWB sensors configured for capturing personal sensor data with a uniform public cryptographic key for encryption.
  • the control module provides all UWB sensors or at least all UWB sensors configured to detect personal sensor data with an individual public cryptographic key assigned to the corresponding UWB sensors for encryption.
  • the control module provides the UWB sensors or at least the UWB sensors configured for capturing personal sensor data in groups with an individual public cryptographic key assigned to the corresponding group for encryption.
  • the groups can be divided so that they each include UWB sensors which are assigned to the same spatial section of the spatial area, which are the same type of UWB sensor or which are configured to record the same type of person-related sensor data .
  • the provision of the person-related sensor data in unencrypted form comprises a suspension of the encryption of the person-related sensor data that are recorded within a limited time window.
  • Embodiments can have the advantage that the effort for decrypting the corresponding person-related sensor data can be avoided and these person-related sensor data also remain unencrypted.
  • providing the person-related sensor data in unencrypted form includes decryption encrypted personal sensor data, which are recorded within the limited time window.
  • Embodiments can have the advantage that the person-related sensor data are stored exclusively in encrypted form even in the event of an exceptional event. A provision of the personal sensor data in unencrypted form can thus be effectively limited in time.
  • the limited time window begins a predetermined period of time before the detection of the exception event or with the detection of the exception event. According to embodiments, the limited time window ends when a predetermined period of time has elapsed after the detection of the exceptional event or when the detection of the exceptional event ends.
  • Embodiments can have the advantage that the provision of the person-related sensor data in unencrypted form remains limited in time to a time window which is related to the detected exception event. For example, it can be assumed that only personal sensor data recorded in this time window are relevant in the context of the detected exceptional event. According to embodiments, the limited time window ends, for example, when the exceptional event is no longer detected or can no longer be detected. In the event of a possible fire as an exceptional event, the exceptional event can, for example, be detected in the form of a smoke detection by a UWB sensor of the monitoring system designed as a smoke alarm. If the exceptional event is no longer detected, that is to say no more smoke is detected, the suspension of encryption is ended, for example.
  • the suspension of the encryption is ended. Otherwise, the suspension is repeated or continued again for the predetermined period of time.
  • Further prerequisites include, for example, logging a confirmation in the UWB monitoring system that the exceptional event has been checked and that no further measures are necessary or that all necessary measures have been taken.
  • the further prerequisites can include, for example, logging a confirmation in the UWB monitoring system that the suspension of the encryption is not and / or no longer necessary.
  • the predetermined period of time can have a length of seconds and / or minutes, for example.
  • a start of the limited time window a predetermined period of time before the detection of the exceptional event can have the advantage that relevant personal sensor data that were recorded in advance of the exceptional event can also be provided in unencrypted form.
  • the UWB monitoring system is further configured for
  • Embodiments can have the advantage that recorded sensor data, in particular personal sensor data, are only made available to persons who are authorized to do so.
  • a release of sensor data such as data on the position and / or other data, takes place, for example, according to an authorization profile of the inquirer.
  • an effective data protection layer can be integrated into the UWB monitoring system.
  • Proof of authorization can be provided, for example, in the form of an authorization certificate.
  • the request is received and checked, for example, by a decentralized or central control module of the UWB monitoring system. In the event of a successful test, the corresponding control module also releases it, for example.
  • the requested sensor data are sent in response to the request to the sender of the request or displayed on a display device of the UWB monitoring system.
  • the requested sensor data is transmitted, for example, in encrypted form; in particular, it can be done using end-to-end encryption.
  • the recorded sensor data are divided into categories and the checking of the authorization verification includes checking whether the authorization verification authorizes access to sensor data of the category to which the requested sensor data is assigned.
  • Embodiments can have the advantage that authorizations can be granted by category so that proof of authorization can be restricted to one or more of the categories.
  • the recorded personal sensor data are divided into categories and the anonymization is suspended, for example depending on the type of the detected exceptional event, selectively only for one or more selected categories.
  • the access authorization of the credentials is extended for a limited time to the detection of the exception event.
  • An expansion Proof of authorization means that, with a given proof of authorization, more categories may be viewed in the event that an exceptional event is detected than if no exceptional event is detected. According to execution forms, the scope of the expansion depends on the type of exception event detected. According to embodiments, in the event of an exception event being detected, the access authorization for all valid credentials for access to at least one category of sensor data is extended to all categories of sensor data for a limited period of time.
  • Embodiments can have the advantage that, for example, depending on the sensitivity of the sensor data, different credentials are required for access to the corresponding sensor data and it is thus possible to control who is granted access rights to the recorded sensor data of the UWB monitoring system and to what extent. In this way, the data release can be adapted to the current risk situation, for example through the authorization profile of the inquirer.
  • the acquired sensor data are each assigned original IDs.
  • a prerequisite for the successful verification of the credentials includes a valid confirmation of the credentials for access to the requested sensor data by one or more entities assigned to the original IDs of the requested sensor data.
  • Embodiments can have the advantage that an authorization by one or more entities assigned to the origin IDs, i.e. the origin, of the requested sensor data is necessary for access to the acquired sensor data.
  • the original IDs each identify the UWB sensor that recorded the corresponding sensor data and / or the UWB token that was sensed by the corresponding sensor data.
  • the corresponding entities are each the corresponding UWB sensors, UWB tokens or users or administrators who are assigned to the corresponding UWB sensors or UWB tokens.
  • each localized position ie detected sensor data for the localization of UWB tokens
  • UWB token is impressed with secure information from the UWB token, so that the origin and owner of the corresponding sensor data are always known.
  • inquiries regarding a position or data of a UWB token must first always be approved by the UWB token concerned or a carrier and / or representative of the same.
  • the type, time, location, recipient and / or use of the released sensor data are logged.
  • Embodiments can have the advantage that, on the basis of the corresponding protocols, it is possible to precisely understand what is happening with the recorded sensor data, in particular who has access to them.
  • the logging takes place in a blockchain.
  • a blockchain can have the advantage that it provides a forgery-proof storage structure for storing the data to be logged.
  • the UWB monitoring system comprises one or more pre-trained machine learning modules, which are each trained to recognize exceptional events on the basis of anomalies in the recorded sensor data.
  • Embodiments can have the advantage that an automated detection of exception events is made possible.
  • the plurality of UWB sensors comprises a plurality of localization sensors which are configured to determine the position of UWB tokens within the spatial area. The position is determined using transit time measurements of UWB signals between UWB tokens and / or localization sensors.
  • Embodiments can have the advantage that the UWB tokens can be used to effectively monitor where authorized persons are within the spatial area. For example, every person who enters the spatial area, e.g. a restricted-access spatial area, receives a corresponding UWB token. If data relating to an assignment of a token ID to a specific person is not stored or is cryptographically secured, e.g. in encrypted form, the monitoring of the UWB token enables anonymous monitoring of the carriers of the UWB tokens. For example, a necessary prerequisite for decrypting the data for assignment is the detection of an exception event.
  • UWB tokens are localized, for example, by means of triangulation using at least two or three localization sensors in the form of UWB antennas.
  • the triangulation signals can be sent by the UWB token and / or by the UWB antennas.
  • the triangulation signals can be evaluated by the UWB token and / or the UWB antennas and / or an evaluation module of the monitoring system.
  • the UWB monitoring system sends an activation code.
  • the UWB tokens are activated when entering a transmission range of the UWB monitoring system upon receipt of the activation code and deactivated upon receipt of the activation code when the transmission range of the UWB monitoring system is not received.
  • Embodiments can have the advantage that the UWB token only actively sends signals using UWB within the spatial area or within the transmission range of the UWB monitoring system and is therefore detectable at all.
  • activating the UWB tokens includes activating the sending of UWB signals by the respective UWB token, in particular activating the sending of UWB signals to the monitoring system. Activation makes the corresponding UWB token visible to the surveillance system.
  • deactivating the UWB tokens includes deactivating the sending of UWB signals by the respective UWB token, in particular deactivating the sending of UWB signals to the monitoring system. Deactivating this makes the corresponding UWB token invisible to the surveillance system.
  • access authorizations to and / or residence permits in a spatial area are verified using the UWB tokens.
  • Embodiments can have the advantage that by means of the UWB tokens not only movements of the carriers within a restricted access spatial area can be tracked, but it can also be checked whether an access authorization and / or residence authorization to or in the restricted access spatial area and / or certain spatial sections of the same is present. Based on this, it can be recognized whether a carrier of a UWB token is legitimately staying in the restricted-access spatial area and / or a spatial section thereof.
  • access barriers such as doors to the restricted-access spatial area and / or a spatial section thereof, can automatically open when a carrier of a UWB token with valid access authorizations approaches the access barrier.
  • different access authorizations may be necessary for different spatial sections of the restricted-access spatial area.
  • access authorizations and / or residence authorizations are evidenced by possession of the UWB token.
  • An authorization certificate is a digital certificate which assigns an access authorization and / or residence authorization to a UWB token and / or a user of the corresponding UWB token.
  • an authorization certificate defines access authorizations and / or residence authorizations, comprises a public cryptographic key of an asymmetric cryptographic key pair assigned to the UWB token, a token ID, information on the issuer of the authorization certificate and / or a digital signature of an issuer.
  • the issuer can be, for example, an external instance, a decentralized or centralized control module of the UWB monitoring system or another UWB token which itself has the granted access authorizations and / or residence authorizations.
  • Access authorizations and / or residence authorizations can be established, for example, using the authorization certificate in conjunction with a signature of the UWB token using a private cryptographic key of the asymmetric cryptographic key pair assigned to the UWB token. Using the public cryptographic key provided by the authorization certificate, the signature can be checked and consequently the possession of the private cryptographic key on the part of the UWB token can be verified.
  • the authorization certificate defines, for example, access authorizations and / or residence authorizations granted by the issuer of the authorization certificate for the owner of the private cryptographic key.
  • the access authorizations and / or residence authorizations are limited in time. For example, a time limit is defined by an expiration date and / or an expiration time of the authorization certificate.
  • the detection of the exception event comprises detecting a number of people in the spatial area, for example an access-restricted spatial area, using the UWB sensors, which are at least locally based on the number of the number detected using the UWB tokens in the spatial area differs from authorized persons.
  • Embodiments can have the advantage that attempts to gain access to the restricted-access spatial area or sections thereof without access authorization and / or attempts to monitor movement by the UWB monitoring system within the restricted-access spatial area can be effectively detected.
  • each of the UWB tokens is assigned to a user.
  • the UWB tokens contain, for example, one or more reference values for person-related sensor data for authenticating the assigned user, ie authentication data, saved.
  • Evidence of access authorization and / or residence authorization using one of the UWB tokens includes, for example, a confirmation of authentication of the user assigned to the corresponding UWB token by the UWB token.
  • the authentication by the UWB token includes, for example, a local validation of authentication data by the UWB token using the one or more reference values stored in the UWB token.
  • the UWB tokens each include, for example, a sensor for detecting the authentication data.
  • the authentication data of the user are recorded, for example, in each case by a sensor of the UWB tokens.
  • the authentication data is recorded, for example, by a local sensor of the UWB monitoring system and sent to the UWB token for validation.
  • the authentication data recorded is sent in encrypted form.
  • the reference values are stored in encrypted form and the local validation of the authentication data recorded takes place in encrypted form.
  • the authentication data comprise biometric data of the user, which are recorded using a biometric sensor.
  • Biometric data can include, for example: DNA data, fingerprint data, body geometry data / anthropometric data, such as face, hand, ear geometry, palm line structure data, vein structure data, such as hand vein structure data, iris data, retinal data, voice recognition data, nail bed pattern, tooth pattern data.
  • the authentication data comprise behavior-based data of the user.
  • Behavior-based data are data that are based on an intrinsic behavior of the user and can include, for example: movement patterns, gait patterns, arm, hand, finger movement patterns, lip movement patterns.
  • Using behavior-based data to authenticate the user can have the advantage that the user can continue his usual, characteristic behavior for the purpose of authentication without requiring additional actions that are atypical for him. In particular, the user does not have to interrupt his usual behavior.
  • the behavior-based data is, for example, movement data that is recorded using an authentication sensor configured as a movement sensor.
  • the motion sensor can for example comprise an acceleration sensor.
  • a movement can be calculated, for example, by integration using measured acceleration values that are recorded by the acceleration sensor become.
  • the motion sensor can, for example, also detect its position in space and / or changes in the position.
  • the motion sensor includes a gyroscope.
  • the movement data detected by the movement sensor are, for example, acceleration, inclination and / or position data.
  • the recorded movement data is, for example, data on movements of the UWB token, which are caused by the fact that the user carries the UWB token with him, for example on his body. Due to the characteristic movements of the user, the UWB token is moved along in a way that is characteristic of the user. This is the case even if the user is not actively interacting with the UWB token, e.g. not using a user interface of the UWB token, such as a key, a keyboard, a touch screen, a microphone.
  • a user interface of the UWB token such as a key, a keyboard, a touch screen, a microphone.
  • the UWB token comprises a classification module which is configured to recognize one or more generic movement patterns using movement data.
  • the movement patterns can be, for example, gross and / or fine motor movements of the UWB token, as are characteristic of an individual user using the UWB token, such as being carried along and / or on the body.
  • the classification module is pre-trained for recognizing the generic movement patterns using training data sets with movement data from a user cohort.
  • the user is registered as a user of the UWB token in the course of a learning phase.
  • the learning phase includes the acquisition of movement data of the user by an authentication sensor in the form of a movement sensor of the UWB token and extraction of one or more reference values characteristic of the user to be registered.
  • behavior-based authentication of a user using the UWB token comprises the following steps:
  • the test criterion can include, for example, that there is a sufficiently high level of correspondence between the recorded movement data and one or more reference values stored for the registered user. Furthermore, the test criterion can include that the recorded movement data and / or the one or more reference values used do not exceed a maximum age.
  • the aforementioned steps of acquiring the movement data, entering the movement data and generating the classification result are carried out repeatedly one after the other. Furthermore, in addition to the step of generating the classification results, the following step is carried out:
  • the generation of an authentication signal includes, for example: in response to an authentication request, accessing the memory of the UWB token to read out the stored classification result, for example the most recently saved classification result,
  • captured movement data can be used in the event of a successful authentication of the user to adapt and / or improve the reference values stored for the corresponding user.
  • the authentication is knowledge-based.
  • the authentication data include a personal password of the user.
  • the password can be, for example, an alphanumeric string.
  • the authentication is possession-based.
  • the authentication data comprise signed data of one or more further electronic devices assigned to the user, in particular mobile portable electronic devices.
  • the corresponding electronic devices are, for example, smart devices that the user carries with them, such as smartphones, smartwatches, smart glasses, phablets, tablets, smart bands, smart key chains, smart cards, etc. These electronic devices send a range-limited signal, which signals their presence.
  • the signal includes an ID of the corresponding electronic device.
  • the signal is signed with a cryptographic signature key of the corresponding electronic device.
  • the signal can be, for example, a Bluetooth or a UWB signal. If a UWB signal is used, the plurality of electronic devices is a plurality of UWB tokens.
  • the ser For a successful authentication of the user it may be necessary that the ser carries a certain number of electronic devices assigned to him. An electronic device may be stolen, but the higher the number of electronic devices required for successful authentication, the lower the probability that they will be carried by a user other than the registered user, for example as a result of theft.
  • each of the UWB tokens is assigned to a user.
  • One or more reference values for personal sensor data for authenticating the assigned user are stored in each of the UWB tokens.
  • the proof of an access authorization and / or residence authorization using one of the UWB tokens includes a confirmation of an authentication of the user assigned to the corresponding UWB token by the UWB token.
  • the authentication by the UWB token comprises a local validation of person-related sensor data by the UWB token using the one or more reference values stored in the UWB token.
  • UWB sensors such as impact sound sensors, motion detectors, light barriers or gas detectors, detect the presence of a person in a spatial section of the spatial area in which no UWB token is detected, this is an indication of an attempt at unauthorized entry.
  • differences in the movement patterns of UWB tokens and detected persons can indicate unauthorized activities, for example if a UWB token is resting in one place while the recorded sensor data is used to detect movements of a person.
  • an exception event includes, for example, the detection of a number of persons who at least locally exceeds the number of persons with access authorization or the recorded UWB tokens.
  • the detection of the exception event comprises detecting a UWB token in a spatial section of the spatial area, for example an access-restricted spatial area for which the corresponding UWB token has no access authorization.
  • the detection of the exceptional event comprises the acquisition of non-personal sensor data which exceed a predefined threshold value.
  • Embodiments can have the advantage, in particular, that emergency situations can be effectively recognized, such as a fire using a smoke alarm figured UWB sensor or a break-in using a UWB sensor configured as broken glass.
  • emergency situations can be effectively recognized, such as a fire using a smoke alarm figured UWB sensor or a break-in using a UWB sensor configured as broken glass.
  • increased physical activity and a simultaneous rise in temperature can initially be interpreted as an unclear exceptional event that can lead to a dangerous situation.
  • the plurality of UWB sensors comprises sensors for acquiring optical, acoustic, chemical, thermal, electromagnetic and / or vibration-based sensor data.
  • Embodiments can have the advantage that, using the corresponding sensors, a large number of different sensor data can be recorded and thus a large number of different situations or circumstances within the spatial area can be recognized.
  • the UWB sensors include, for example, one or more UWB radar sensors, glass break sensors, impact sound sensors, gas sensors, motion detectors, video sensors, infrared sensors, temperature sensors and / or smoke sensors.
  • Position data of the UWB tokens are recorded, for example, by means of the localization sensors.
  • Sensor data which are indicative of the presence of a person can be recorded using UWB radar, high frequency radiation, microwave radiation, Doppler radar, laser, ultrasound, infrasound, infrared radiation, vibration measurements or gas concentration measurements, for example.
  • a person If a person is in the detection area of a sensor, it reflects, scatters or interrupts, for example, radiation or waves emitted by the sensor, such as UWB radar, high-frequency radiation, microwave radiation, Doppler radar, laser beams, ultrasound, or generates measurable radiation, waves or other influences, such as infrared radiation, vibrations, e.g. impact sound, infrasound or changes in gas concentration, e.g. an increase in the carbon dioxide concentration.
  • the UWB monitoring system comprises a digital radio network with a mesh topology, which is configured to transmit the detected sensor data using UWB.
  • Embodiments can have the advantage that captured sensor data can be effectively transmitted via the UWB monitoring system. Furthermore, a mesh topology offers a high level of failure safety, since data transmission via alternative routes is still possible in the event of failure of individual components of the mesh topology. In addition, if a partial area of the mesh topology fails, operation with the remaining part of the mesh topology can be maintained. According to embodiments can have the advantage that in the UWB-based radio network with a mesh topology position data for several and / or all network nodes, ie UWB sensors and / or UWB tokens, can be provided or determined. Position data can be determined, for example, using a triangulation method based on transit time measurements of UWB signals.
  • the position data can be relative and / or absolute position data.
  • position data for at least one or more stationary reference points must be known.
  • Embodiments can have the advantage that a position-based routing method can be used for targeted forwarding of data in the UWB-based radio network with mesh topology in order to use the position data determined by UWB to find a shortest or otherwise best path between a source node and a To determine target nodes within the radio network.
  • one or more of the UWB sensors are configured as UWB transceivers for forwarding UWB transmission signals.
  • the UWB monitoring system comprises, in addition to the UWB sensors, one or more UWB transceivers which are configured to forward the UWB transmission signals.
  • Embodiments can have the advantage that forwarding of data by means of UWB can be implemented in an effective manner using the UWB sensors and / or additional UWB transceivers.
  • Embodiments also include a UWB communication device which is configured to send a UWB signal for communication by means of UWB within a UWB monitoring system for monitoring a spatial area.
  • the UWB communication device comprises a memory with program instructions stored therein, a processor for executing the program instructions and a UWB communication interface for sending the UWB signal.
  • the execution of the program instructions by the processor causes the processor to control the UWB communication device to:
  • the corresponding UWB communication device is configured to execute one or more of the previously described embodiments of the method for protecting against manipulation of the corresponding UWB communication device.
  • the UWB communication device comprises a security module which comprises the processor and the memory.
  • a "security module” provides cryptographic core routines in the form of cryptographic program instructions with cryptographic algorithms, for example for signature creation and verification, key generation, key negotiation, encryption and decryption of data and random number generation, and can serve as a secure memory for cryptographic key material .
  • the security module are signed, such as program components and / or hardware components that can carry a digital signature.
  • the operating system, a configuration file and / or a memory of the security module can be digitally signed.
  • the security module Before using the security module, it is checked whether the signature or the signatures are valid. If one of the signatures is not valid, the use of the security module and / or the electronic system secured by the security module, i.e. the UWB communication device, is blocked.
  • a security module can include means for cryptographic data security, in particular in the protected memory area, such as a random number generator, a generator for cryptographic keys, a hash generator, an encryption / decryption module, a signature module, certificates and / or an or several non-migratable cryptographic keys.
  • the security module is designed as a so-called tamper proof module or trusted platform module (TPM), which is also referred to as a tamper resistant module (TRM).
  • TPM trusted platform module
  • TRM tamper resistant module
  • the UWB communication device is signed, such as program components and / or hardware components that can carry a digital signature.
  • the operating system tem, a configuration file and / or a mass storage medium of the computer system can be digitally signed.
  • the TRM checks whether the signature or signatures are valid. If one of the signatures is not valid, the TRM blocks the use of the computer system.
  • a TPM comprises a microcontroller according to the TCG specification as in ISO / IEC 11889, which provides basic security functions.
  • a security module can also include a protected processor or microcontroller, i.e. a microcontroller with physically restricted access options.
  • the security module can have additional measures against misuse, in particular against unauthorized access to data in the memory of the security module.
  • a security module includes sensors for monitoring the status of the security module and its surroundings in order to detect deviations from normal operation, which can indicate manipulation attempts.
  • Corresponding sensor types include, for example, a clock frequency sensor, a temperature sensor, a voltage sensor and / or a light sensor.
  • Clock frequency sensors, temperature sensors and voltage sensors detect, for example, deviations in clock frequency, temperature and / or voltage upwards or downwards from a predefined normal range.
  • a security module can comprise non-volatile memories with a protected memory area.
  • the means for protecting the security module against unauthorized manipulation include mechanical means, for example intended to prevent the security module or its parts from being opened, or which render the security module unusable if an attempt is made to intervene, for example by losing data entry.
  • mechanical means for example intended to prevent the security module or its parts from being opened, or which render the security module unusable if an attempt is made to intervene, for example by losing data entry.
  • safety-critical parts of the safety module can be cast in epoxy resin for this purpose, an attempt to remove a relevant component from the epoxy resin leads to the inevitable destruction of this component.
  • the means for protecting against unauthorized manipulation ensures the trustworthiness of the security module, that is, its function as a "trust anchor", through technical measures.
  • the security module is configured and included by a trustworthy institution, such as a trust center
  • the means for protecting against unauthorized manipulation can ensure that security-relevant functions of the security module are not modified.
  • the security module of the corresponding UWB communication device is configured to carry out one or more of the previously described embodiments of the method for protecting against manipulation of the corresponding UWB communication device.
  • Embodiments also include a UWB communication device which is configured to receive a UWB signal for communication by means of UWB within a UWB monitoring system for monitoring a spatial area.
  • the UWB communication device comprises a memory with program instructions stored therein, a processor for executing the program instructions and a UWB communication interface for sending the UWB signal.
  • the execution of the program instructions by the processor causes the processor to control the UWB communication device to:
  • the extracted signal variations are limited to a tolerance range of the received UWB signal, whereby a data coding of the data transmitted by the UWB signal remains unaffected by signal variations which are limited to the tolerance range of the received UWB signal,
  • the corresponding UWB communication device is configured to execute one or more of the previously described embodiments of the method for securing manipulation of the UWB communication device which sends the UWB signal.
  • Embodiments also include UWB monitoring system for monitoring a spatial area, which comprises one or more of the above-described embodiments of UWB communication devices.
  • the UWB monitoring system is configured to each of the previously described embodiments of the method for securing a manipulation or several of the UWB communication devices of the UWB monitoring system.
  • FIG. 1 shows a flow chart of an exemplary method for securing against manipulation of a UWB communication device
  • Figures 2 schematic diagrams of exemplary UWB signals in time and frequency domains
  • FIG. 3 schematic diagrams of exemplary UWB data encodings
  • FIG. 4 schematic diagrams of exemplary UWB communication devices in the form of a mobile, portable UWB token
  • FIG. 5 schematic diagrams of exemplary UWB communication devices in the form of a stationary UWB localization sensor
  • FIG. 6 schematic diagrams of exemplary UWB communication devices in the form of a stationary UWB radar sensor
  • FIG. 7 schematic diagrams of exemplary UWB communication devices in the form of a stationary UWB sensor
  • FIGS. 8 schematic diagrams of exemplary UWB communication devices in the form of a stationary UWB control module
  • FIG. 9 is a schematic diagram of an exemplary UWB communication device
  • Figure 10 is a schematic diagram of an exemplary UWB monitoring system
  • FIG. 11 shows a flow diagram of an exemplary method for controlling a UWB monitoring system
  • FIG. 12 shows a flow diagram of an exemplary method for controlling a UWB monitoring system.
  • FIG. 1 shows an exemplary method for protecting against manipulation of a UWB communication device.
  • signal variations are extracted from a UWB signal sent by the UWB communication device, the extracted signal variations including one or more device-specific signal variations which are individual for the sending UWB communication device.
  • This extraction can be carried out, for example, by a UWB communication device receiving the UWB signal or by the sending UWB communication device itself.
  • the extracted signal variations are limited to a tolerance range of the transmitted UWB signal, which does not affect the data coding of the data transmitted by the UWB signal.
  • the data encoded in the UWB signal i.e. logical information
  • an idealized parameter of the UWB signal is assigned to each logical bit.
  • Realistic UWB signals include parameters within a tolerance range around these idealized parameters. The idealized parameters and consequently the signal variations around these idealized parameters can be determined on the basis of the logical information.
  • the extracted signal variations are validated using one or more reference values of the device-specific signal variations stored for the first UWB communication device. In this case, it is checked in block 504 whether the validation was successful, i.e. whether the extracted device-specific signal variations correspond sufficiently to the stored reference values. If the validation of the extracted signal variations is successful, i.e. if they have a sufficient match, the integrity of the UWB communication device is confirmed in block 506. If the validation of the extracted signal variations is unsuccessful, i.e. if they do not match sufficiently, a manipulation warning signal is output in block 508. In addition, functions of the UWB communication device can also be blocked, for example.
  • FIGS. 2A and 2B show exemplary UWB signals in the time domain and in the frequency domain, respectively.
  • FIG. 2A shows a schematic diagram of a UWB signal, for example "1 0 1", by generating pulses 402 with the shortest possible pulse duration in the time domain 400.
  • the spectrum 406 shown in FIG. 2B corresponds to the laws of Fourier transformation. which is emitted or received via the UWB antenna gen becomes larger or broader in the frequency domain 404, the shorter the pulse duration of the pulses 402. The product of the temporal and spectral width of the pulse is constant.
  • the UWB signal is transmitted, the entire transmission power is distributed over such a large frequency range that no interference is to be expected for the radio operation of narrowband transmission methods. It is therefore difficult or impossible to tell that a transmission with UWB is taking place at all.
  • a UWB signal appears rather like statistical noise.
  • FIG. 3A shows exemplary UWB data encodings.
  • Data transmitted by means of UWB are coded according to a UWB data coding scheme.
  • a UWB data coding scheme defines modulation parameters for the pulses used for transmission.
  • the modulation parameters define how pulses are to be modulated so that they transmit information and therefore data.
  • UWB technology uses a wide range of the electromagnetic spectrum from, for example, 3 to 9 GHz and simultaneously transmits a type of bit pattern on a large number of channels, which is coded according to a specific UWB data coding scheme. If a communication partner knows the UWB data coding scheme used, he or she can detect an offered UWB communication channel and participate in the communication.
  • UWB data coding schemes are now used simultaneously for coding several simultaneous communication channels, these simultaneous communication channels can be maintained in parallel.
  • UWB data coding methods are used: pulse position modulation, pulse polarity modulation, pulse amplitude modulation, orthogonal pulse shape modulation.
  • Embodiments can have the advantage that an effective and / or efficient coding method is provided.
  • Pulse position modulation or pulse phase modulation refers to modulation for data transmission using discrete-time sampled signals. A pulse is shifted in time position, ie phase, relative to a constant reference clock. This phase shift encodes the The data to be transmitted during the period and the amplitude of the pulse remain the same.
  • UWB communications or UWB communications channels can be operated in the same spatial area without mutual interference.
  • pulse polarity modulation the polarity of the transmitted pulses is modulated or changed. This polarity modulation encodes the data to be transmitted.
  • pulse amplitude modulation the amplitude of the transmitted pulses is modulated or changed. This amplitude modulation encodes the data to be transmitted.
  • An orthogonal Pu Isform modulation uses two orthogonal UWB pulse shapes, which are also polarity modulated. In the case of such a modulation, the pulses can be sent continuously as a continuous stream, whereby the bit rate is equal to the pulse rate can.
  • modulation data bits are scrambled or chopped or whitened in order to make the occurrence of ones and zeros random.
  • FIG. 3A four exemplary, identical time intervals 414 are shown.
  • the data "1 1 00" are to be coded.
  • the first line 410 an exemplary UWB data coding according to a UWB data coding scheme is shown, which is based on ON-OFF keying as the coding method.
  • a pulse 402 is within one of the time intervals 414 a "1", no pulse within a time interval 414 is a "0".
  • device-specific signal variations can occur, for example in the form of amplitude variations of the pulse within an amplitude tolerance range DA.
  • an exemplary UWB data coding according to a UWB- Data coding scheme is shown, which is based on a pulse position modulation (PPM) as the coding method.
  • PPM pulse position modulation
  • a pulse 402 within one of the time interval 414 at a first position is a "1”
  • a pulse 402 within a time interval 414 at a relative to the first position is shifted second Position is a "0".
  • device-specific signal variations can b
  • in the form of frequency variations of the pulses occur within a frequency tolerance range AF.
  • BSPK binary phase shift keying
  • a pulse 402 within one of the time interval 414 with a first polarity is a “1”
  • a pulse 402 within a time interval 414 with a polarity mirrored relative to the first polarity is a “0”.
  • device-specific signal variations can occur, for example, in the form of amplitude variations of the pulse within an amplitude tolerance range DA.
  • the fourth line 413 an exemplary UWB data coding according to a UWB data coding scheme is shown, which is based on a pulse amplitude modulation (PAM) as the coding method.
  • PAM pulse amplitude modulation
  • a pulse 402 within one of the time intervals 414 with a first amplitude is a "1"
  • a pulse 402 within a time interval 414 with a second amplitude different from the first amplitude, for example smaller, is a "0"
  • device-specific signal variations can occur, for example, in the form of amplitude variations of the pulses within an amplitude tolerance range DA.
  • the pulses 402 can be sent continuously as a continuous stream.
  • the transmitted bit rate can be the same as the pulse rate.
  • FIG. 4A shows an exemplary UWB communication device which is configured as a mobile, portable UWB token 112.
  • the UWB token 112 includes a processor 1B0, a memory 132 and a UWB antenna 134.
  • the processor 130 is configured to control the UBW token 112 by executing program instructions which are stored in the memory 132, for example.
  • a token ID can also be stored in memory 132, which can be sent along with UWB signals from UWB token 112 for identification of UWB token 112.
  • the UBW token 112 is configured to send and receive UWB signals via a UWB communication interface 134. For example, the UBW token 112 sends UWB signals which include a time stamp and / or the token ID.
  • UWB token 112 can be localized and / or identified by UWB monitoring system 100.
  • the UWB token 112 can itself be configured to extract and validate its own device-specific signal variations, ie an "auto integrity check", of its own UWB signals, and / or to extract and validate device-specific signal variations in UWB signals from other UBW communication devices For this purpose, for example, corresponding reference values are stored in the memory 132. As shown in FIG.
  • FIG. 5A shows an exemplary UWB communication device which is configured as a stationary UWB localization sensor 110.
  • the UBW localization sensor 110 comprises a processor 120 which executes program instructions that are stored, for example, in a memory 124 of the UBW sensor 110, and controls the UBW sensor 110 in accordance with the program instructions.
  • the UWB localization sensor 110 further comprises a sensor element 122 for evaluating UWB signals for transit time measurements.
  • the UWB localization sensor 110 sends and / or receives UWB signals by means of a UWB communication interface 126 configured as a UWB antenna.
  • the UWB communication interface 126 can also be configured for UWB communication with other components of the UWB monitoring system.
  • the UWB localization sensor 110 can itself be configured to extract and validate its own device-specific signal variations, ie an "auto integrity check", of its own UWB signals, and / or to extract and validate device-specific signal variations in UWB signals from other UBW
  • corresponding reference values are stored in the memory 124.
  • a processor 120 ' for executing program instructions stored in memory 124'.
  • reference values for validating the device-specific signal variations for example, are stored in the memory 124 '.
  • FIG. 6A shows an exemplary UWB communication device which is configured as a stationary UWB radar sensor 110.
  • the UBW radar sensor 110 comprises a processor 120 which executes program instructions that are stored, for example, in a memory 124 of the UBW sensor 110, and controls the UBW sensor 110 in accordance with the program instructions.
  • the UWB radar sensor 110 further comprises a sensor element 122 for evaluating UWB radar signals.
  • the UWB radar sensor 110 sends and receives UWB radar signals by means of a UWB communication interface 126 configured as a UWB radar antenna.
  • the UWB communication interface 126 can also be configured for UWB communication with other components of the UWB monitoring system.
  • the UWB radar sensor 110 can itself be configured to extract and validate its own device-specific signal variations, ie an "auto integrity check", of its own UWB signals, and / or to extract and validate device-specific signal variations in UWB signals from other UBW communication devices For this purpose, for example, corresponding reference values are stored in the memory 124. As shown in FIG. 6B, the UWB radar sensor 110 'can also execute a security module 121 with a memory 124' and a processor 120 'for extracting and / or validating device-specific signal variations of program instructions which are stored in the memory 124 '. Furthermore, reference values for validating the device-specific signal variations, for example, are stored in the memory 124'.
  • FIG. 7A shows an exemplary UWB communication device which is configured as a stationary UWB sensor 110.
  • the UBW sensor 110 comprises a processor 120 which executes program instructions that are stored, for example, in a memory 124 of the UBW sensor 110, and controls the UBW sensor 110 in accordance with the program instructions.
  • the UBW sensor 110 further comprises a sensor element 122, which is configured, for example, to acquire optical, acoustic, chemical, thermal, electromagnetic and / or vibration-based sensor data.
  • the detected sensor data can include person-related sensor data, for example, depending on the sensor element 122 used.
  • the UWB sensor 110 further comprises an anonymization filter 123 for anonymizing the person-related sensor data, otherwise not.
  • the anonymization 123 can include, for example, deleting the recorded personal sensor data from the memory 124.
  • the anonymization can include, for example, an encryption of the recorded personal sensor data.
  • the UWB sensor 110 includes a UWB antenna configured as a UWB antenna. Communication interface 126 for sending and receiving data using UWB.
  • the UWB sensor 110 can itself be configured for extracting and validating its own device-specific signal variations, ie an "auto integrity check", of its own UWB signals, and / or for extracting and validating device-specific signal variations in UWB signals from other UBW
  • corresponding reference values are stored in the memory 124.
  • reference values for validating the device-specific signal variations are stored in the memory 124'.
  • the UWB sensor 110 can, for example, additionally include a communication interface for wired data transmission.
  • FIG. 8A shows an exemplary UWB communication device which is configured as a stationary UWB control module 116.
  • the UBW control module 116 comprises a processor 120 which executes program instructions that are stored, for example, in a memory 124 of the UBW control module 116, and controls the UBW control module 116 in accordance with the program instructions. By executing the program instructions, the UBW control module 116 also controls the UWB monitoring system.
  • the UBW control module 116 comprises a UWB communication interface 126 configured as a UWB antenna for sending UWB control signals and receiving data by means of UWB.
  • the UBW control module 116 can comprise an anonymization filter 123 for anonymizing personal sensor data.
  • the anonymization 123 can include, for example, deleting the recorded personal sensor data from the memory 124. Furthermore, the anonymization can include, for example, an encryption of the recorded personal sensor data.
  • the UBW control module 116 can itself be configured to extract and validate its own device-specific signal variations, ie an "auto integrity check", of its own UWB control signals, and / or to extract and validate device-specific signal variations in UWB signals from other UBW communication devices For this purpose, for example, corresponding reference values are stored in the memory 124. As shown in FIG Execution of program instructions which are stored in the memory 124 '. Furthermore, reference values for validating the device-specific signal variations, for example, are stored in the memory 124'. FIG.
  • the UWB communication device 111 comprises a processor 120 which executes program instructions, for example in a memory 124 of the UWB communication device 111 are stored, and the UWB communication device 111 controls according to the program instructions.
  • the UWB communication device 111 is configured as a transceiver for forwarding UWB signals.
  • the UWB communication device 111 can itself be configured to extract and validate its own device-specific signal variations, ie an "auto integrity check", of its own UWB control signals, and / or to extract and validate device-specific signal variations in UWB signals from other UBW communication devices
  • corresponding reference values are stored in the memory 124.
  • the UWB communication device 111 for extracting and / or validating device-specific signal variations can also have a security module with a memory and a processor for executing program instructions which are stored in the memory of the security module
  • reference values for validating the device-specific signal variations are stored in the memory of the security module.
  • FIG. 10 shows an exemplary UWB monitoring system 100 for monitoring a spatial area 102, for example a restricted-access spatial area.
  • the spatial area 102 is a restricted-access spatial area
  • this restricted-access spatial area is, for example, delimited from the surroundings and can only be accessed via one or more entrances or exits 104 as intended.
  • the spatial area is an indoor area within a building.
  • the spatial area can also include an outdoor area outside of a building.
  • this outdoor area can be a restricted-access area that is fenced off.
  • a fence can for example comprise a fence, a wall and / or a hedge.
  • a restricted-access spatial area 102 can, for example, be subdivided into a plurality of spatial sections 106, which themselves can only be entered via one or more entrances or exits 108 as intended.
  • the UWB monitoring system 100 comprises a plurality of UWB sensors 110 distributed over the spatial area 102.
  • the UWB sensors 110 are used to acquire sensor data, such as position data, movement data, image data, sound data, vibration data, temperature data, structural data, Gas concentration data, particle concentration data etc. configured. Furthermore, the UWB sensors 110 are ready for a transmission of the detected sensor data by means of UWB, ie via a device provided by the UWB monitoring system 100. put UWB network, configured.
  • the UWB sensors 110 can be configured as UWB transceivers for forwarding UWB transmission signals within the monitoring system 100.
  • the UWB monitoring system 100 can comprise one or more UWB transceivers 111, which are configured to forward the UWB transmission signals.
  • the UWB network implemented by the monitoring system 100 is, for example, a digital radio network with a mesh topology which is configured to transmit the sensed sensor data using UWB.
  • a transmission of sensor data takes place within the UWB-based radio network with mesh topology using a position-based routing method.
  • data transmission from the UWB sensors 110 takes place exclusively by means of UWB.
  • one or more of the UWB sensors 110 are additionally configured for an at least partially and / or completely wired transmission of the sensed sensor data.
  • all UWB sensors 110 are additionally configured for an at least partially and / or completely wired transmission of the sensed sensor data.
  • UWB radar functionality can also be integrated and / or implemented for the detection of people who do not carry a UWB token.
  • the UWB sensors 110 include, for example, anonymization filters that are configured to filter the sensed sensor data. In the course of filtering, personal sensor data is anonymized. Personal sensor data include, for example, image data on which people can be identified.
  • the filtered sensor data are transmitted to a control module 116 via the UWB network, for example.
  • the control module 116 can be a central control module or a decentralized control module.
  • the control module 116 is configured, for example, to evaluate the sensor data captured by the UWB sensors 110 in order to detect exceptional events, such as a dangerous situation or unauthorized access to the spatial area 102 the personal sensor data is temporarily suspended.
  • the control module 116 is further configured, for example, to receive requests for captured sensor data, to check credentials for access to the corresponding sensor data and, in the event of a successful check, to grant access to the requested sensor data.
  • access to personal sensor data is also granted, for example, the anonymization of which is temporarily suspended.
  • the credentials can be based, for example, on authorization certificates and / or authorization profiles of the inquirers, which define the access authorizations of the inquirers.
  • an authorization profile assigned to a user and / or UWB token for example, all are and / or UWB token assigned access authorizations are stored.
  • the scope of the granted access authorization can depend, for example, on whether an exceptional situation is detected.
  • the monitoring system 100 can furthermore be configured to locate UWB tokens 112 within the spatial area 102 using UWB sensors.
  • UBW localization signals 107 are used, for example, which are sent from the UWB antennas 110 to the corresponding UWB tokens 112 and vice versa.
  • the relative positions of the UBW tokens 112 to the permanently installed UWB antennas 110 and thus the positions of the UBW tokens 112 in the spatial area 102 can be precisely determined by means of triangulation, for example.
  • the UWB tokens 112 identify, for example, users or carriers with access authorization to the spatial area 102 if this is an access-restricted spatial area. Furthermore, the UWB tokens 112 can define carrier-specific access authorizations if different access authorizations are necessary for individual spatial sections of the spatial area 102. The UWB token 112 can thus be used to determine where persons with access authorization are located. If people are detected to whom no UWB token 112 can be assigned, this is an indication of an attempt at unauthorized entry, which is detected, for example, as an exceptional event.
  • FIG. 11 shows an exemplary method for controlling a UWB monitoring system.
  • sensor data are recorded in a spatial area by UWB sensors of the UWB monitoring system.
  • the recorded sensor data can include personal sensor data.
  • the acquired sensor data are filtered using anonymization filters of the UWB sensors.
  • Personal sensor data are anonymized. Such an anonymization includes, for example, deleting or encrypting the sensor data to be anonymized.
  • the recorded and filtered sensor data are evaluated to detect an exceptional event. This is done, for example, by a central or decentralized control module of the UWB monitoring system.
  • a time-limited suspension of the anonymization of the person-related sensor data for example by the control module.
  • the UWB monitoring system receives a request for the release of sensed sensor data.
  • a verification of authorization included in the request for access to the requested sensor data is checked.
  • the proof of authorization can be, for example, an authorization certificate or an identifier of a stored authorization profile of the inquirer.
  • access to the requested sensor data is enabled. For example, the requested sensor data are sent to the inquirer or displayed on a local display device of the monitoring system.

Abstract

L'invention concerne un procédé de sécurisation contre la manipulation d'un dispositif de communication UWB (110, 110', 111, 111', 112, 112', 116, 116') qui est configuré pour transmettre un signal UWB pour une communication au moyen d'UWB dans un système de surveillance UWB (100) pour surveiller une zone tridimensionnelle (102). Le procédé consiste : • à extraire, à partir du signal UWB émis, des variations de signal qui sont limitées à une plage de tolérance du signal UWB transmis, les variations de signal extraites comprenant une ou plusieurs variations de signal spécifiques au dispositif, • à valider les variations de signal extraites à l'aide d'une ou plusieurs valeurs de référence des variations de signal spécifiques au dispositif stockées pour le dispositif de communication UWB (110, 110', 111, 111', 112, 112', 116, 116'), • lors de la validation réussie des variations de signal extraites, à confirmer l'intégrité du dispositif de communication UWB (110, 110', 111, 111', 112, 112', 116, 116').
PCT/EP2021/051009 2020-01-24 2021-01-19 Sécurité contre la manipulation à l'aide de tolérances spécifiques au dispositif WO2021148377A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP21700931.5A EP4094462A1 (fr) 2020-01-24 2021-01-19 Sécurité contre la manipulation à l'aide de tolérances spécifiques au dispositif

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102020101732.4A DE102020101732A1 (de) 2020-01-24 2020-01-24 Manipulationssicherung anhand von gerätspezifischen Toleranzen
DE102020101732.4 2020-01-24

Publications (1)

Publication Number Publication Date
WO2021148377A1 true WO2021148377A1 (fr) 2021-07-29

Family

ID=74191772

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2021/051009 WO2021148377A1 (fr) 2020-01-24 2021-01-19 Sécurité contre la manipulation à l'aide de tolérances spécifiques au dispositif

Country Status (3)

Country Link
EP (1) EP4094462A1 (fr)
DE (1) DE102020101732A1 (fr)
WO (1) WO2021148377A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014009981A1 (fr) * 2012-07-12 2014-01-16 Datalogic S.P.A. Synchronisation d'un système de localisation en temps réel à bande ultra-large (uwb)
US20150077282A1 (en) * 2013-09-17 2015-03-19 Farrokh Mohamadi Real-time, two dimensional (2-d) tracking of first responders with identification inside premises
WO2016059451A1 (fr) * 2014-10-15 2016-04-21 Continental Automotive Gmbh Procédé et système de détection d'attaque par relais pour système pase
US20160349362A1 (en) * 2015-05-08 2016-12-01 5D Robotics, Inc. Mobile localization using sparse time-of-flight ranges and dead reckoning
EP3471068A1 (fr) * 2017-10-13 2019-04-17 Bundesdruckerei GmbH Système distribué de génération des données à caractère personnel, procédé et produit programme informatique

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102017114010A1 (de) 2017-06-23 2019-02-21 PHYSEC GmbH Verfahren zur Prüfung der Integrität einer dedizierten physikalischen Umgebung zum Schutz von Daten

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014009981A1 (fr) * 2012-07-12 2014-01-16 Datalogic S.P.A. Synchronisation d'un système de localisation en temps réel à bande ultra-large (uwb)
US20150077282A1 (en) * 2013-09-17 2015-03-19 Farrokh Mohamadi Real-time, two dimensional (2-d) tracking of first responders with identification inside premises
WO2016059451A1 (fr) * 2014-10-15 2016-04-21 Continental Automotive Gmbh Procédé et système de détection d'attaque par relais pour système pase
US20160349362A1 (en) * 2015-05-08 2016-12-01 5D Robotics, Inc. Mobile localization using sparse time-of-flight ranges and dead reckoning
EP3471068A1 (fr) * 2017-10-13 2019-04-17 Bundesdruckerei GmbH Système distribué de génération des données à caractère personnel, procédé et produit programme informatique

Also Published As

Publication number Publication date
DE102020101732A1 (de) 2021-07-29
EP4094462A1 (fr) 2022-11-30

Similar Documents

Publication Publication Date Title
CA2729193C (fr) Systeme de controle de l'acces fonde sur le comportement
DE112018000759T5 (de) Systeme und verfahren zur verwaltung des zugangs zu einem fahrzeug oder einem anderen objekt unter verwendung von umgebungsdaten
EP2515496A1 (fr) Système et procédé de génération de confiance chez des utilisateurs de réseaux de données
AT506619B1 (de) Verfahren zur zeitweisen personalisierung einer kommunikationseinrichtung
JP2017512044A (ja) 生体認証に基づく携帯型本人確認装置
EP3336735B1 (fr) Création d'une base de données pour une authentification multifactorielle dynamique
EP3246839B1 (fr) Contrôle d'accès comprenant un appareil radio mobile
EP3422243B1 (fr) Token d'identification au microcontrôleur securisé
CN112905965A (zh) 一种基于区块链的金融大数据处理系统
CN116962076A (zh) 基于区块链的物联网零信任系统
EP3855403B1 (fr) Système de surveillance uwb permettant de surveiller la présence d'un utilisateur
US20050002530A1 (en) Method and a system for control of unauthorized persons
WO2021148377A1 (fr) Sécurité contre la manipulation à l'aide de tolérances spécifiques au dispositif
DE102017006200A1 (de) Verfahren, Hardware und System zur dynamischen Datenübertragung an ein Blockchain Rechner Netzwerk zur Abspeicherung Persönlicher Daten um diese Teils wieder Blockweise als Grundlage zur End zu Endverschlüsselung verwendet werden um den Prozess der Datensammlung über das Datenübertragungsmodul weitere Daten in Echtzeit von Sensoreinheiten dynamisch aktualisiert werden. Die Blockmodule auf dem Blockchaindatenbanksystem sind unbegrenzt erweiterbar.
WO2021148373A1 (fr) Système de surveillance uwb
WO2021148408A1 (fr) Détection d'une présence d'un jeton uwb inconnu
DE102020101735A1 (de) UWB-Kommunikation mit einer Mehrzahl von UWB-Datenkodierungsschemata
WO2021148375A1 (fr) Système de surveillance à protection contre les pannes
WO2021148401A1 (fr) Gestion d'autorisation au moyen de jetons à bande ultra large
EP3336736B1 (fr) Jeton auxiliaire id destiné à l'authentification mulifacteur
EP3336732A1 (fr) Authentification d'utilisateur à l'aide de plusieurs caractéristiques
WO2005038633A1 (fr) Procede et dispositif pour securiser et surveiller des donnees protegees
WO2021148381A1 (fr) Jeton à bande ultra-large
DE102012216396A1 (de) Ermitteln einer IT-Berechtigungsinformation unter Verwendung eines mechanischen Schlüssels
CN107480485A (zh) 信息安全设备的恢复出厂设置系统及其方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21700931

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2021700931

Country of ref document: EP

Effective date: 20220824