Method for protecting sensor data from manipulation and sensor to that end
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-009/32
H04L-009/00
H04L-009/12
H04L-029/08
출원번호
US-0498954
(2010-09-08)
등록번호
US-9100193
(2015-08-04)
우선권정보
DE-10 2009 045 133 (2009-09-29)
국제출원번호
PCT/EP2010/063168
(2010-09-08)
§371/§102 date
20120809
(20120809)
국제공개번호
WO2011/039037
(2011-04-07)
발명자
/ 주소
Newsome, James
Szerwinski, Robert
Hayek, Jan
출원인 / 주소
ROBERT BOSCH GMBH
대리인 / 주소
Kenyon & Kenyon LLP
인용정보
피인용 횟수 :
3인용 특허 :
1
초록▼
In a method for protecting sensor data from manipulation, in the context of an authentication of the sensor, a number used once is sent from a control unit to the sensor, the sensor generating with the use of the number used once a cryptographic authentication message and sending at least a first pa
In a method for protecting sensor data from manipulation, in the context of an authentication of the sensor, a number used once is sent from a control unit to the sensor, the sensor generating with the use of the number used once a cryptographic authentication message and sending at least a first part of the cryptographic authentication message to the control unit. In addition, the sensor data are provided with a cryptographic integrity protection, time-variant parameters being added to the sensor data and the sensor data being sent with the cryptographic integrity protection and the added time-variant parameters from the sensor to the control unit. For calculation of the initial parameters, at least a second part of the cryptographic authentication message is utilized.
대표청구항▼
1. A method for protecting a sensor from manipulation of sensor data, comprising: sending, in the context of an authentication of the sensor, a number used once from a control unit to the sensor;generating by the sensor with the use of the number used once a cryptographic authentication message;send
1. A method for protecting a sensor from manipulation of sensor data, comprising: sending, in the context of an authentication of the sensor, a number used once from a control unit to the sensor;generating by the sensor with the use of the number used once a cryptographic authentication message;sending at least a first part of the cryptographic authentication message to the control unit;providing sensor data with a cryptographic integrity protection, wherein at least a third part of the cryptographic authentication message is utilized for calculation of the cryptographic integrity protection;adding time-variant parameters to the sensor data, wherein at least a second part of the cryptographic authentication message is utilized for calculation of the time-variant parameters; andsending the sensor data with the cryptographic integrity protection and the added time-variant parameters from the sensor to the control unit. 2. The method as recited in claim 1, wherein the time-variant parameters are altered for each sensor data transaction between the sensor and the control unit. 3. The method as recited in claim 2, wherein the alteration of the time-variant parameters is a stepwise incrementation. 4. The method as recited in claim 2, wherein a current parameter is calculated from the second part of the cryptographic authentication message in each sensor data transaction, and the time-variant parameters for an n-th sensor data transaction are calculated from a difference between the current parameter and the second part of the cryptographic authentication message. 5. The method as recited in claim 4, wherein the current parameter is utilized for the calculation of the cryptographic integrity protection. 6. The method as recited in claim 4, wherein the authentication of the sensor is carried out in accordance with a challenge-response method. 7. The method as recited in claim 4, wherein the cryptographic integrity protection of the sensor data is carried out in accordance with a message authentication code method. 8. The method as recited in claim 7, wherein an OMAC method or an EMAC method is used as the message authentication code method. 9. The method as recited in claim 2, wherein the time-variant parameters are altered by one of time stamps, sequence counters, or random numbers. 10. The method as recited in claim 4, wherein the first part of the cryptographic authentication message and the second part of the cryptographic authentication message do not overlap, and wherein the first part of the cryptographic authentication message and the third part of the cryptographic authentication message do not overlap. 11. A sensor, comprising: an interface for receiving a number used once from a control unit; anda processing unit configured to control: generating by the sensor with the use of the number used once a cryptographic authentication message;sending at least a first part of the cryptographic authentication message to the control unit;providing sensor data with a cryptographic integrity protection, wherein at least a third part of the cryptographic authentication message is utilized for calculation of the cryptographic integrity protection;adding time-variant parameters to the sensor data, wherein at least a second part of the cryptographic authentication message is utilized for calculation of the time-variant parameters; andsending the sensor data with the cryptographic integrity protection and the added time-variant parameters from the sensor to the control unit. 12. The sensor as recited in claim 11, wherein the processing unit is further configured to alter the time-variant parameters in each sensor data transaction between the sensor and the control unit. 13. The sensor as recited in claim 12, wherein the alteration of the time-variant parameters is a stepwise incrementation. 14. The sensor as recited in claim 12, wherein the processing unit calculates: i) a current parameter from the second part of the cryptographic authentication message in each sensor data transaction; and ii) the time-variant parameters for an n-th sensor data transaction from a difference between the current parameter and the second part of the cryptographic authentication message. 15. A control unit, comprising: a processing unit configured for generating and sending a number used once to a sensor; andan interface for receiving from the sensor, in the context of an authentication of the sensor, at least a first part of a cryptographic authentication message generated with the use of the number used once;wherein the processing unit is further configured for: generating a cryptographic comparison authentication message;evaluating, in the context of the authentication of the sensor, the received first part of the cryptographic authentication message with the aid of the cryptographic comparison authentication message; andevaluating sensor data provided with a cryptographic integrity protection and time-variant parameters, wherein at least a second part of the cryptographic comparison authentication message is used for evaluation of the time-variant parameters, and wherein at least a third part of the cryptographic comparison authentication message is used for evaluation of the cryptographic integrity protection.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (1)
Ayaki, Yasushi; Iitsuka, Hiroyuki; Usuki, Naoshi, Communication apparatus.
Androulaki, Elli; De Caro, Angelo; Kramp, Thorsten; Kravitz, David W.; Sorniotti, Alessandro; Vukolic, Marko, Resisting replay attacks efficiently in a permissioned and privacy-preserving blockchain network.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.