IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0760718
(2010-04-15)
|
등록번호 |
US-8639925
(2014-01-28)
|
우선권정보 |
DE-10 2009 002 396 (2009-04-15) |
발명자
/ 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
3 인용 특허 :
1 |
초록
▼
A method for protecting a sensor and data of the sensor from manipulation, as well as a sensor to that end; in the course of the authentication, a random number being sent by a control unit to the sensor; in order to recognize manipulation of the sensor data, the sensor data from the sensor to the c
A method for protecting a sensor and data of the sensor from manipulation, as well as a sensor to that end; in the course of the authentication, a random number being sent by a control unit to the sensor; in order to recognize manipulation of the sensor data, the sensor data from the sensor to the control unit being provided with a cryptographic integrity protection; and to prevent replay attacks, additional time-variant parameters being added to the sensor data, the sensor data, together with the integrity protection and the added time-variant parameters, being sent by the sensor to the control unit. In this context, after the authentication of the sensor, the random number or a part of the random number or a number obtained from the random number by a function is utilized for the time-variant parameters.
대표청구항
▼
1. A method for protecting a sensor device and sensor data of the sensor device from manipulation, the method comprising: sending, by a control unit, to the sensor device, and during authentication of the sensor device, a first data packet including a first time-variant parameter concatenated with a
1. A method for protecting a sensor device and sensor data of the sensor device from manipulation, the method comprising: sending, by a control unit, to the sensor device, and during authentication of the sensor device, a first data packet including a first time-variant parameter concatenated with an identity of the control unit;receiving, by the control unit, a second data packet, the second data packet having been generated by the sensor device by: encrypting the first data packet using a key of determined bit length, wherein, when a bit length of the first data packet is less than the bit length of the key, the encrypting includes padding the first data packet with additional bits; and concatenating a first determined number of bits of the encrypted first data packet with an identity of the sensor device; comparing, by the control unit, the second data packet with a calculated value of the first determined number of bits of the encrypted first data packet; andreceiving, by the control unit, the sensor data, together with an integrity protection value, the integrity protection value having been generated by the sensor device based on a second time-variant parameter generated from a second determined number of bits of the first time-variant parameter;wherein one of a random number, a part of the random number, and a number obtained from the random number by a function is utilized as the time-variant parameters in the authentication of the sensor device. 2. The method of claim 1, wherein the time-variant parameters are altered in each step of a transaction authentication. 3. The method of claim 2, wherein the alteration of the time-variant parameters corresponds to a stepwise incrementation. 4. The method of claim 1, wherein the sensor device is authenticated according to a challenge-response method. 5. The method of claim 1, wherein the integrity of the sensor data is protected according to a message authentication code (“MAC”) method. 6. The method of claim 5, wherein a one-key message authentication code (“OMAC”) method or an encrypted message authentication code (“EMAC”) method is used as the MAC method. 7. The method of claim 1, wherein the time-variant parameters are realized by time stamps, sequence counters or random numbers. 8. The method of claim 1, wherein the first determined number of bits are most significant bits of the encrypted first data packet, and the second determined number of bits are least significant bits of the first time-variant parameter. 9. A control unit comprising: a processor configured to:send to a sensor device, during authentication of the sensor device, a first data packet including a first time-variant parameter concatenated with an identity of the control unit;receive a second data packet having been generated by the sensor device by:encrypting the first data packet using a key of determined bit length, wherein, when a bit length of the first data packet is less than the bit length of the key, the encrypting includes padding the first data packet with additional bits; andconcatenating a first determined number of bits of the encrypted first data packet with an identity of the sensor device;compare the second data packet with a calculated value of the first determined number of bits of the encrypted first data packet; andreceive from the sensor device sensor data together with an integrity protection value, the integrity protection value having been generated by the sensor device based on a second time-variant parameter generated from a second determined number of bits of the first time-variant parameter;wherein one of a random number, a part of the random number, and a number obtained from the random number by a function is utilized as the time-variant parameters. 10. The control unit of claim 9, wherein the sensor device has an arrangement for altering the time-variant parameters in each step of a transaction authentication. 11. The control unit of claim 10, wherein the alteration of the time-variant parameters corresponds to a stepwise incrementation. 12. The control unit of claim 9, wherein the first determined number of bits are most significant bits of the encrypted first data packet, and the second determined number of bits are least significant bits of the first time-variant parameter.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.