A control system for an unmanned vehicle includes a control processing unit which receives input signals from one or more sensors and supplies output signals to one or more actuators. Processing modules are divided into a plurality of successively linked stages. In a first stage, multiple processing
A control system for an unmanned vehicle includes a control processing unit which receives input signals from one or more sensors and supplies output signals to one or more actuators. Processing modules are divided into a plurality of successively linked stages. In a first stage, multiple processing modules produce substantially equivalent payload data when operating correctly. Message cryptography units generate cryptographically signed messages containing the payload data. In a second stage, a voting cryptography unit receives and examines the cryptographically signed messages, and applies voting logic to derive a validated payload data for use by the respective processing module of the second stage.
대표청구항▼
1. A control system for an unmanned vehicle, the control system comprising: a control processing unit arranged to receive input signals from one or more sensors and to supply output signals to one or more actuators, the control processing unit comprising a plurality of processing modules which are a
1. A control system for an unmanned vehicle, the control system comprising: a control processing unit arranged to receive input signals from one or more sensors and to supply output signals to one or more actuators, the control processing unit comprising a plurality of processing modules which are arranged into a plurality of stages, wherein the stages are successively linked with outputs from a plurality of the processing modules in a preceding first stage being coupled to inputs of one or more of the processing modules in a subsequent second stage, the first stage configured to receive the input signals from the one or more sensors, the second stage configured to receive the outputs of the first stage;wherein, in the first stage, the plurality of the processing modules produce substantially equivalent payload data and each of the processing modules includes a message cryptography unit which generates cryptographically signed messages containing a source field representing a message source at the first stage, a destination field representing a message destination at the second stage, and the payload data, the message cryptography unit configured to generate a digital signature based at least in part on the message source at the first stage, the message destination at the second stage, and the payload data, wherein the cryptographically signed messages include the digital signature, andwherein, in the second stage, each of the one or more processing modules comprises a voting cryptography unit which receives the cryptographically signed messages from the plurality of processing modules of the first stage, examines the cryptographically signed messages to verify whether the cryptographically signed messages include the message source at the first stage and the message destination at the second stage, and applies voting logic to derive a validated payload data from the cryptographically signed messages for use by the processing module of the second stage. 2. The control system of claim 1, wherein each of the processing modules is a physical hardware component which is separately removable and replaceable within the control system. 3. The control system of claim 1, wherein the processing modules are provided with at least double modular redundancy within each stage. 4. The control system of claim 1, wherein each processing module of the subsequent second stage comprises a processor unit arranged to support one or more logical processing applications which use the validated payload data from the voting cryptography unit of the processing module. 5. The control system of claim 1, wherein the control processing unit comprises a plurality of the processing modules arranged into at least a third stage which is successively linked to the second stage, wherein the processing modules of the second stage each further comprise the message cryptography unit generating the cryptographically signed messages containing the payload data of the processing module and each of the processing modules of the third stage comprises the voting cryptography unit which derives the validated payload data from the cryptographically signed messages for use by the processing module. 6. The control system of claim 1, wherein each of the message cryptography units produces a message stream comprising the cryptographically signed messages, and wherein each of the voting cryptography units in the processing modules of the subsequent stage is arranged to receive a plurality of the message streams from a plurality of the message cryptography units in the processing modules of the preceding stage. 7. The control system of claim 6, wherein the control processing unit comprises a plurality of communications networks, wherein the processing modules within each stage are coupled at their inputs to each of the communications networks and at their outputs to a respective one of the communications networks, each of the communications networks carrying the message streams from the processing modules in the preceding stage to a plurality of the processing modules in a subsequent stage. 8. The control system of claim 1, wherein the message cryptography units are arranged to generate outgoing cryptographically signed messages including a time stamp field containing a time stamp, and each of the voting cryptography units includes a time synchronisation unit arranged to validate the time stamp of incoming cryptographically signed messages. 9. An unmanned aerial vehicle comprising the control system of claim 1. 10. A control method for an unmanned vehicle, the method comprising: receiving input signals from one or more sensors;processing the input signals by a plurality of processing modules which are arranged into a plurality of stages, wherein the stages are successively linked with outputs from a plurality of the processing modules in a preceding first stage being coupled to inputs of one or more of the processing modules in a subsequent second stage, the first stage configured to receive the input signals from the one or more sensors, the second stage configured to receive the outputs of the first stage;producing substantially equivalent payload data by the plurality of the processing modules in the first stage and generating cryptographically signed messages containing a source field representing a message source at the first stage, a destination field representing a message destination at the second stage, and the payload data by a message cryptography unit in each of the processing modules of the first stage, the message cryptography unit configured to generate a digital signature based at least in part on the message source at the first stage, the message destination at the second stage, and the payload data, wherein the cryptographically signed messages include the digital signature;receiving the cryptographically signed messages by a voting cryptography unit in each processing module of the second stage from the plurality of processing modules of the first stage;examining the cryptographically signed messages by the voting cryptography unit in each processing module of the second stage to verify whether the cryptographically signed messages include the message source at the first stage and the message destination at the second stage;applying voting logic to cryptographically signed messages by the voting cryptography unit in each processing module of the second stage to derive a validated payload data from the cryptographically signed messages for use by the processing module of the second stage;generating an output signal using the validated payload data; andsupplying the output signals to one or more actuators. 11. The control method of claim 10, further comprising: sending a message stream comprising the cryptographically signed messages by each of the message cryptography units of the processing modules of the first stage; andreceiving the message streams by each of the voting cryptography units in the processing modules of the subsequent stage. 12. The control method of claim 11, further comprising carrying the message streams over a plurality of communications networks, wherein the processing modules within each stage are coupled at their inputs to each of the communications networks and at their outputs to a respective one of the communications networks, each of the communication networks carrying the message streams from the processing modules in the preceding stage to a plurality of the processing modules in a subsequent stage. 13. The control method of claim 10, further comprising passing the payload data substantially unidirectionally through the control processing unit between the plurality of stages. 14. The control method of claim 10, further comprising cryptographically examining the cryptographically signed messages and raising a failure alert condition when the cryptographically signed messages fail the cryptographic examination and/or examining the payload data in the cryptographically signed messages and raising a failure alert condition when the payload data is inconsistent between the messages. 15. The control method of claim 10, further comprising encoding or encrypting at least part of the payload data within the messages using a cryptographic key. 16. A non-transitory computer-readable storage medium having instructions recorded thereon which cause a computer device to perform a control process for an unmanned vehicle, the process comprising: receiving input signals from one or more sensors;processing the input signals by a plurality of processing modules which are arranged into a plurality of stages, wherein the stages are successively linked with outputs from a plurality of the processing modules in a preceding first stage being coupled to inputs of one or more of the processing modules in a subsequent second stage, the first stage configured to receive the input signals from the one or more sensors, the second stage configured to receive the outputs of the first stage;producing substantially equivalent payload data by the plurality of the processing modules in the first stage and generating cryptographically signed messages containing a source field representing a message source at the first stage, a destination field representing a message destination at the second stage, and the payload data by a message cryptography unit in each of the processing modules of the first stage, the message cryptography unit configured to generate a digital signature based at least in part on the message source at the first stage, the message destination at the second stage, and the payload data, wherein the cryptographically signed messages include the digital signature;receiving the cryptographically signed messages by a voting cryptography unit in each processing module of the second stage from the plurality of processing modules of the first stage;examining the cryptographically signed messages by the voting cryptography unit in each processing module of the second stage to verify whether the cryptographically signed messages include the message source at the first stage and the message destination at the second stage;applying voting logic to cryptographically signed messages by the voting cryptography unit in each processing module of the second stage to derive a validated payload data from the cryptographically signed messages for use by the processing module of the second stage;causing generation of an output signal using the validated payload data; andcausing the output signals to be supplied to one or more actuators. 17. The non-transitory computer-readable storage medium of claim 16, the process further comprising: sending a message stream comprising the cryptographically signed messages by each of the message cryptography units of the processing modules of the first stage; andreceiving the message streams by each of the voting cryptography units in the processing modules of the subsequent stage. 18. The non-transitory computer-readable storage medium of claim 17, the process further comprising carrying the message streams over a plurality of communications networks, wherein the processing modules within each stage are coupled at their inputs to each of the communications networks and at their outputs to a respective one of the communications networks, each of the communication networks carrying the message streams from the processing modules in the preceding stage to a plurality of the processing modules in a subsequent stage. 19. The non-transitory computer-readable storage medium of claim 16, the process further comprising passing the payload data substantially unidirectionally through the control processing unit between the plurality of stages. 20. The non-transitory computer-readable storage medium of claim 16, the process further comprising at least one of: cryptographically examining the cryptographically signed messages and raising a failure alert condition when the cryptographically signed messages fail the cryptographic examination and/or examining the payload data in the cryptographically signed messages and raising a failure alert condition when the payload data is inconsistent between the messages; andencoding or encrypting at least part of the payload data within the messages using a cryptographic key.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (3)
Gruere Yves M,FRX ; DeMichel Laurent A,FRX ; Le Gall Herve L,FRX, Microprocessor based reliability system applicable, in particular, to the field of rail transport.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.