EP1975900A2 - Method and device to send and verify messages with a unique code or a message verification value - Google Patents

Abstract

The method involves receiving a message, where the message has a unique code or a message verifying value that depends on the code. Another unique code is received independent of the message. The message is verified based on the codes on it validation. The message is recognized as valid, when the codes agree with each other, when the value agrees with another message verification value, which is based on the latter code, or when third unique code determined based on the latter code agrees with the former code. Independent claims are also included for the following: (1) a verifying device for verifying a message (2) a transmission method for transmitting a message (3) a transmission station comprising a transmission unit.

Description

Test method, test apparatus, transmission method for transmitting messages, transmitting apparatus, transmission method for transmitting one-time identifications, transmitting station and system

The invention relates to a test method and a test device for checking a message. The invention further relates to a transmission method and a transmission device for transmitting a message. The invention further relates to a transmission method and a transmitting station for transmitting one-time identifications. The invention further relates to a system.

Data collected by vehicles can be transmitted by radio as messages to other vehicles. The messages include, for example, a black ice or accident warning. For example, the messages are transferable from vehicle to vehicle with a limited number of transmissions, i.e., hops. Such transmission of messages is also called flooding or flooding. It should be prevented that the messages can be manipulated or restored. For this purpose, a respective recipient of the message must be able to verify this.

The object of the invention is to provide a test method, a test apparatus, a transmission method for broadcasting messages, a transmission apparatus, a transmission method for broadcasting one-time indications, a transmitting station and a system which enables a simple and reliable checking of messages.

The object is solved by the features of the independent claims. Advantageous developments of the invention are characterized in the subclaims.

According to a first aspect, the invention is characterized by a test method and an associated test device for checking a message, which is a first one-time identifier or comprises a first message check value determined as a function of the first one-time identifier. The message is received by radio. A radio-broadcast second one-time identifier is received independently of the message. The message is checked for validity depending on the first one-time identifier and the second one-time identifier. The message is recognized as valid if the first one-time flag and the second one-time flag match, or if the first message check value matches a second message check value determined depending on the second one-time flag, or if a third one-time flag determined by the second one-time flag matches the first one One-time identification matches. Otherwise, the message is detected as invalid.

The first and the second one-time identifier are designed, for example, as a nonce and in particular as a cryptographic nonce. Such a nonce is, for example, a number and / or letter combination which is intended for one-time use and is designed, for example, as a random number or pseudorandom number. The first and the second one-time identification have in particular a temporally and spatially limited validity. The spatial validity is predetermined, for example, by a reception range of the radio-broadcasting one-time identification, but may also be specified differently. The temporal validity results, for example, by a change in the radio-broadcast single-time identification in a predetermined time interval, so that different one-time identifications can be received at different times.

The advantage is that a respective recipient of the message can very easily check the validity of the message in terms of the spatial and temporal scope and thus in relation to the timeliness and relevance of the message. If the sender of the message and the recipient of the message have received the same one-time ID and the sender protects his message with this one-time ID, for example, in the form of the first one-time flag or the first message check value, the correspondence of the first and second one-time codes or the first and second message check values, or the third and the first one-time IDs, indicates that the sender of the message is in the vicinity the same one-time identifier knows as the receiver, and therefore the message can be relevant and that the message is up-to-date, that is, the message is not yet obsolete.

In this way, a simple and reliable protection against replay attacks, so-called replay attacks, and before so-called wormhole attacks possible. Wormhole attacks propagate messages unauthorized spatially away from their scope. Because the one-time identifications have only a spatially limited validity range, messages can simply be identified as invalid if the first one-time code or the first message check value of the message is the second one-time code received by the recipient of the message or the second message check value determined by the recipient deviates from the third one-time identifier determined by the receiver. The sender and recipient are then located in different geographical areas and receive different one-time identifications. It is also advantageous that no synchronized clocks or position determination units are required for the checkability of the message. This makes checking easy and inexpensive.

The one-time identifiers, in particular the first one-time identifier and the second one-time identifier, are preferably broadcast by trusted infrastructure units, for example by state-controlled broadcasting stations spaced spatially apart, for example along or near streets. In particular, the message comprises traffic information, for example traffic flow information or safety-relevant traffic information. The message has been sent out, for example, by one of the transmitting stations or by a vehicle. The test apparatus is arranged in particular in a vehicle and in particular a motor vehicle and is designed to inform the driver of the vehicle of the traffic information received by means of the message or to take it into account when planning the route.

In an advantageous embodiment, geographical area information about the first one-time code and / or the second one-time code is determined. Furthermore, a current geographical position of a receiver of the message currently executing this checking method, that is to say the checking device, is determined. The message is checked for validity depending on the geographic area information and the determined current geographic location. The message is recognized as valid if the determined current geographic location is within a geographic area dictated by geographic area information. Otherwise the message will be recognized as invalid. This has the advantage that the validation area can be checked particularly precisely and independently of the reception area of the one-time identification.

In this context, it is advantageous if application information about the first one-time code and / or the second one-time code is determined and a size of the geographical area is predefined depending on the application information. The advantage is that different geographical areas can be specified very simply for different applications. For example, for traffic flow information such as construction site information, congestion information or information about road closures may be provided a larger geographical area than for safety-related traffic information such as black ice, accident or fog warnings.

In a further advantageous embodiment, the geographical Area information and / or the application information of the first one-time identifier and / or the second one-time identifier attached. This has the advantage that the respective information is thus immediately available and so checking the message can be done very easily.

In a further advantageous embodiment, the geographical area information and / or the application information is retrieved from a server for the first one-time identification and / or for the second one-time identification. The server can be reached, for example, via an Internet connection or can be reached via the respective transmitting station. The advantage is that so only a very small volume of data per one-time recognition must be received, but the information is available on request to the server if required. However, the information does not always have to be broadcast with the respective one-time code.

In a further advantageous embodiment, the first one-time code and / or the second one-time code is accompanied by a respective identifier check value which was determined as a function of the first one-time code or the second one-time code. A validity of the first one-time code or the second one-time code is checked depending on a key known to the respective recipient of the message and depending on the first one-time code or the second one-time code. The message is only recognized as valid if the validity of the first one-time code or the second one-time code has been established. This has the advantage that the one-time identification and thus also the message can be reliably verified.

In a further advantageous embodiment, the third one-time identification is determined by a recursive application of a predetermined calculation rule one or more times depending on the second one-time identification. This has the advantage that the first one-time identification can also be easily checked even if the first one-time identification of the message is not also known as second one-time identification was received, however an older one-time identification is available. Such a check is possible if the one-time identifications broadcast in chronological succession are not independent of one another but are taken from an identification list which can also be referred to as a "hash chain".

In a further advantageous embodiment, the message recognized as valid is transmitted by radio. The advantage is that the message can be very easily distributed and thus the range of the message and in particular the traffic information that carries them, can be increased.

According to a second aspect, the invention is characterized by a transmission method and a corresponding transmission device for transmitting a message. A radio-broadcast one-time signal is received. The message is added to the received one-time identifier or a message check value, which is determined depending on the received one-time identifier. The message is sent by radio.

The one-time identification is designed, for example, as a nonce and in particular as a cryptographic nonce. Such a nonce is, for example, a number and / or letter combination which is intended for one-time use and is designed, for example, as a random number or pseudorandom number. The one-time identification has, in particular, a temporally and spatially limited validity. The spatial validity is predetermined, for example, by a reception range of the radio-broadcasting one-time identification, but may also be specified differently. The temporal validity results, for example, by a change in the radio-broadcast single-time identification in a predetermined time interval, so that different one-time identifications can be received at different times.

The advantage is that a particular recipient of the message very simply the validity of the message in terms of spatial and temporal scope and thus in terms of the timeliness and relevance of the message can check. If the sender of the message, i.e., the sender, and the recipient of the message have received the same one-time identifier and the sender protects his message with this one-time identifier, for example in the form of the one-time identifier or the message check value, then the match is the one-time identifier or message check value the message with the one-time identification received by the receiver independently of the message or the message check value determined by the receiver depending on this one-time identification that the sender of the message, ie the sending device, is in the vicinity of the recipient since he knows the same one-time identification as the sender, and the message may therefore be relevant and that the message is up to date, that is, the message is not out of date.

In this way, a simple and reliable protection against replay attacks, so-called replay attacks, and before so-called wormhole attacks possible. Wormhole attacks propagate messages unauthorized spatially away from their scope. By virtue of the fact that the one-time identifications have only a spatially limited validity range, messages can simply be recognized as invalid by the respective recipient of the message if the one-time identifier of the message or the associated message check value of the message is recognized by the one-time identifier received by the recipient of the message or by the the message check value determined by the receiver deviates. The sender and recipient are then located in different geographical areas and receive different one-time identifications. It is also advantageous that no synchronized clocks or position detection units are required for the verifiability of the message by the respective receiver. This makes checking easy and inexpensive.

The one-time identifiers are preferably broadcasted by trusted infrastructure units, for example, by state-controlled broadcasting stations that are spatially spaced apart, for example, along or near streets. In particular, the message comprises traffic information, for example traffic flow information or safety-relevant traffic information. The transmitting device is arranged in particular in a vehicle and in particular a motor vehicle, but may also be arranged in a transmitting station.

According to a third aspect, the invention is characterized by a transmission method and a corresponding transmitting station for transmitting one-time identifications. In each case at least one one-time identification is determined in a predetermined time interval, wherein the respective one-time identification is determined individually and unambiguously for the transmitting station and for the respective time interval. The at least one one-time signal is broadcast by radio.

The respective at least one one-time identification is broadcast in particular by broadcasting. Broadcasting means the transmission of information of all kinds via electromagnetic waves, which information is intended for the public and can be received by anyone.

The respective one-time identifier is designed, for example, as a nonce and in particular as a cryptographic nonce. Such a nonce is, for example, a number and / or letter combination which is intended for one-time use and is designed, for example, as a random number or pseudorandom number. The one-time identification has, in particular, a temporally and spatially limited validity. The spatial validity is predetermined, for example, by a reception range of the radio-broadcasting one-time identification, but may also be specified differently. Since transmitting stations are arranged spatially spaced from each other and the respective one-time identification indiviuell and unique for each transmitting station is determined, given by the respective one-time identification a spatial assignment to the respective transmitting station. The temporal validity results from a change in the radio-broadcast single-time identification in the predetermined time interval, so that different one-time identifications can be received at different times.

The advantage is that the respective one-time identification can be used to protect messages and to make verifiable. A respective recipient of the message can easily check the validity of the message in terms of the spatial and temporal scope and thus in terms of the timeliness and relevance of the message. If the sender of the message and the recipient of the message have received the same one time code and the sender protects his message with this one time code, for example in the form of the one time code or a message check value, then the match of the one time code or the message check value of the message matches that of the one Receiver independent of the message received one-time signal or determined by the receiver depending on this one-time message check value that the sender of the message resides in the vicinity of the recipient, since he knows the same one-time identification as the sender, and the message can therefore be relevant and that the message is up to date, that is, the message is not out of date.

In this way, a simple and reliable protection against replay attacks, so-called replay attacks, and before so-called wormhole attacks possible. Wormhole attacks propagate messages unauthorized spatially away from their scope. Because the one-time identifiers have only a limited area of validity, messages can simply be recognized as invalid by the respective recipient of the message if the message of the message or the associated message check value of the message is received by the recipient Message received one-time identification or deviates from the message check value determined by the receiver. The sender and recipient are then located in different geographical areas and receive different one-time identifications. It is also advantageous that no synchronized clocks or position detection units are required for the verifiability of the message by the respective receiver. This makes checking easy and inexpensive.

The transmitting station is preferably a trustworthy infrastructure unit, which is controlled by the state, for example. For example, transmitting stations are spaced apart from one another, for example along or near roads. In particular, the message comprises traffic information, for example traffic flow information or safety-relevant traffic information. The transmitting station further has a time measuring unit for specifying the predetermined time interval and a transmitting unit for emitting the respective one-time code.

In an advantageous embodiment of the third aspect, the respective one-time identification is determined by selecting a respectively next list entry of an identification list whose list entries are respectively generated by recursively applying a predetermined calculation rule depending on a predetermined start identifier. Such a list of identifiers can also be referred to as a "hash chain". In this way, the one-time identifiers are easily and reliably ascertainable and can be easily checked by a recipient of the respective one-time identifier if the latter already has an older one-time identifier of the identifier list that was previously broadcast.

In a further advantageous embodiment of the third aspect, the respective one-time identification is determined as a random value or pseudorandom value. This is very easy.

In a further advantageous embodiment of the third aspect, the respectively determined one-time identifier is repeatedly transmitted for a predetermined period of time, which is longer than the predetermined time interval. This results in a temporal overlap of the validity of successive one-time identifications. This makes higher reliability possible with changing reception conditions. Furthermore, some older messages are still verifiable.

In a further advantageous embodiment of the third aspect, at least one one-time identification is received by an adjacent transmitting station and additionally broadcast. This results in a spatial overlap of the validity of one-time identifications. This makes higher reliability possible with changing reception conditions.

In a further advantageous embodiment of the third aspect, messages are received, checked and possibly transmitted, the respective message comprising a first one-time code or a first message check value determined as a function of the first one-time code and checking the respective message depending on the first one time code and at least one of One-time identification of the transmitting station and / or the adjacent transmitting station is performed. The respective message is sent out only if the first one-time identifier and the at least one of the one-time identifiers of the transmitting station or the adjacent transmitting station match or if the first message check value matches a second message check value which depends on the at least one of the one-time identifiers of the transmitting station and / or the adjacent transmitting station is determined. This has the advantage that the messages can have a longer range.

In a further advantageous embodiment of the third aspect, the respective one-time identification is accompanied by geographical area information and / or application information and / or a validity period. This is one Particularly precise verification of the spatial and / or temporal validity range regardless of the receiving range of the one-time identification possible. Furthermore, very different geographic areas can be specified for different applications, for example for traffic flow information a larger geographical area than for safety-relevant traffic information.

In a further advantageous embodiment of the third aspect, the respective one-time identification is accompanied by a respective identification check value, which is determined as a function of the respective one-time identification. This has the advantage that the respective one-time identifier can be checked easily and reliably.

According to a fourth aspect, the invention is characterized by a system comprising at least two transmitting stations according to the third aspect and at least two testing and / or transmitting devices according to the first and the second aspect. Advantageous embodiments and advantages of the system correspond to those of the first to third aspects.

Figur 1

ein Senden und Weiterleiten von Einmalkennungen zwischen Sendestationen und Fahrzeugen,

Figur 2

ein Senden und Weiterleiten von Nachrichten zwischen Sendestationen und Fahrzeugen,

Figur 3

durch verschiedene Sendestationen abgedeckte geographische Gebiete,

Figur 4

ein schematischer Aufbau einer Nachricht,

Figur 5

ein Ablaufdiagramm eines Programms zum Aussenden von Einmalkennungen,

Figur 6

ein Ablaufdiagramm eines Programms zum Aussenden von Nachrichten und

Figur 7

ein Ablaufdiagramm eines Programms zum Prüfen von empfangenen Nachrichten.

Embodiments of the invention are explained below with reference to the schematic drawings. Show it:

FIG. 1

sending and forwarding one-time identifications between sending stations and vehicles,

FIG. 2

sending and forwarding messages between transmitting stations and vehicles,

FIG. 3

geographical areas covered by different broadcasting stations,

FIG. 4

a schematic structure of a message,

FIG. 5

a flow diagram of a program for sending one-time identifications,

FIG. 6

a flowchart of a program for sending messages and

FIG. 7

a flowchart of a program for checking received messages.

Elements of the same construction or function are provided across the figures with the same reference numerals.

A system comprises at least a first transmitting station STAT1 and a second transmitting station STAT2 and at least two testing devices PV and / or transmitting devices SV (FIG. Figures 1 and 2 ). The transmitting stations are spaced apart from each other, for example along a street. The distance of the transmitting stations is preferably a few 10 meters, some 100 meters or even one or more kilometers. Preferably, the transmitting stations are located in a city closer together, that is, for example, at a distance of some 10 or a few 100 meters, as outside the city, where they may be located at a distance of some 100 meters or kilometers. Preferably, the transmitting stations are stationary, that is stationary. However, the transmitting stations can also be designed to be mobile and arranged, for example, on a vehicle. The transmitting stations each comprise a transmitting unit SE and a time measuring unit ZME.

The transmitting stations are designed to emit single-time indications EK, which have a spatially and temporally limited validity. In a predetermined time interval ZI, which is predetermined by means of the time measuring unit ZME, the respective transmitting station determines a respectively individual and unique one-time identification EK and radiates it by means of the transmitting unit SE by radio. For example, the first transmitting station STAT1 emits a one-time signal EK_GEO1 for a first geographical area GEO1. Accordingly, the second transmitting station STAT2 sends a one-time signal EK_GE02 for second geographic area GE02. The one-time flag EK_GE01 for the first geographic area GEO1 and the one-time flag EK_GE02 for the second geographic area GE02 are different from each other. The one-time identifiers EK are designed, for example, as a nonce and in particular as a cryptographic nonce. Such a cryptographic nonce is, for example, a number and / or letter combination for a single use. Such a nonce is designed, for example, as a random number or as a pseudorandom number, but may also be designed differently, for example as a consecutive number.

The testing device PV and / or the transmitting device SV are preferably formed together in a unit and arranged in a vehicle. In Figures 1 and 2 For example, a first vehicle F1, a second vehicle F2, a third vehicle F3, a fourth vehicle F4, and a fifth vehicle F5 are illustrated, each of which includes the testing device PV and / or the transmitting device SV. The testing device PV and the transmitting device SV are designed to receive the one-time identifications EK, which are emitted by the respective transmitting stations. Due to the limited range of the transmitting stations, the respectively associated one-time identifications EK can be received directly in a limited receiving area around the respective transmitting station. However, it can also be provided to forward the received one-time identifications EK to other vehicles in order to increase the reception area for the respective one-time identification EK. Preferably, a number of retransmissions is limited to other vehicles, so that also the distribution area for the respective one-time signal EK remains limited.

In the in FIG. 1 In the example shown, the first vehicle F1, the second vehicle F2 and the third vehicle F3 each receive the one-time identifier EK_GE01 for the first geographical area GE01. The fourth vehicle F4 receives the one-time identifier EK_GE02 for the second geographical area GE02. The second vehicle F2 sends the one-time signal received by it EK_GEO1 for the first geographical area GEO1 to the fifth vehicle F5 and this sends this on to the fourth vehicle F4. The fourth vehicle F4 sends the one-time signal EK_GE02 for the second geographical area GE02 received by it to the third vehicle F3 and the fifth vehicle F5. Furthermore, the third vehicle F3 also sends the one-time signal EK_GEO1 received by it for the first geographical area GEO1 to the fourth vehicle F4.

FIG. 2 shows the sending of messages N by the transmitting stations and the vehicles. The messages N include, for example, traffic flow information or safety-relevant traffic information. The traffic flow information includes, for example, traffic jam warnings, indications of construction sites or road closures, and the like. The safety-relevant traffic information includes, for example, black ice warnings, accident warnings or fog warnings. Such messages N are preferably sent from vehicle to vehicle and distributed in this way. Such a way of spreading news N is also called flooding or flooding. Furthermore, such messages N can also be received by the transmitting stations and sent out again. In this way, it is ensured that a large number of vehicles in the geographic area GEO of the respective transmitting station and possibly adjacent geographical areas GEO can receive the messages N.

In the in FIG. 2 As shown, the fourth vehicle F4 transmits a message N received by the second transmitting station STAT2 and the third vehicle F3. The third vehicle F3 sends this message N or its own message N to the first transmitting station STAT1. The first transmitting station STAT1 sends out this message N again. The message N transmitted by the first transmitting station STAT1 is received by the first vehicle F1 and by the second vehicle F2. The second vehicle F2 transmits this or a separate message N, which is received by the fifth vehicle F5.

In order to prevent manipulation of the messages N and to ensure that the messages N are up-to-date and relevant to the respective geographic area GEO, the respective message N comprises the one-time identifier EK of the original sender of the message N or a message check value NP determined depending on this one-time code EK. The respective recipient of the message N can check the message as a function of the one-time code EK which is coded in the message N or the message check value NP and depending on the one-time code EK received independently of the message N.

The one-time identifier EK is preferably accompanied by an identifier test value KP, which was determined as a function of the one-time identifier EK. The identifier check value KP is designed, for example, as a digital signature and can be checked by a key that is known to the respective recipient of the one-time identifier EK or the message N. By the identification check value KP, the authenticity of the one-time identifier EK can be checked. However, the identification check value KP can also be designed differently.

For the respective one-time identifier EK, further information can be provided which are attached to it and are broadcast with it or which can be requested by request to a server SERV. For example, a geographical area information GEO_INF is provided which describes a spatial validity range of the respective one-time identifier EK. For example, the geographical area information GEO_INF is specified as a predetermined radius around the respective location of the transmitting station emitting the respective one-time code EK. However, the geographic area information GEO_INF can also be specified differently.

Furthermore, an application information ANW_INF can be provided, which specifies an area of application of the respective one-time identifier EK. For example, the application information allows ANW_INF a distinction in traffic flow information and in safety-relevant traffic information. For example, the geographical area GEO, in which the respective one-time identifier EK has validity, is predefined depending on the application information ANW_INF. For example, it is provided that a size of the geographical area GEO is greater for traffic flow information than for safety-relevant traffic information. However, the respective geographic area GEO can also be specified differently.

FIG. 3 shows a plan view of three transmitting stations, the first transmitting station STAT1, the second transmitting station STAT2 and a third transmitting station STAT3. For each of the transmitting stations, the associated geographical area GEO is marked in the form of a circle around the location of the respective transmitting station. The first geographical area GEO1 is assigned to the first transmitting station STAT1, the second geographical area GE02 is assigned to the second transmitting station STAT2, and a third geographical area GE03 is assigned to the third transmitting station STAT3. In the in FIG. 3 As shown, the first and second geographic areas GE01, GE02 are overlapped. As a result of the spatial overlapping of the geographical areas GEO, it is achieved that in an overlapping area both the respective one-time identifier EK_GEO1 for the first geographical area GEO1 of the first transmitting station STAT1 and the respective one-time ID EK_GEO2 for the second geographical area GE02 of the second transmitting station STAT2 are valid. Thus, no abrupt change of the one-time IDs EK takes place in the adjoining areas when the respective vehicle travels from one of the geographical areas GEO to a neighboring geographical area GEO. However, the geographic areas GEO can also be predetermined without overlapping, as in FIG. 3 is exemplified for the third geographic area GE03. Furthermore, it can be provided that transmitting stations also send one-time identifications EK of adjacent transmitting stations in order to increase the reception area for the respective one-time signal EK and to make the transition from the one geographical area GEO into the neighboring geographical area GEO.

Corresponding to the spatial overlapping of the geographical areas GEO, it may also be provided that the validity period of the respective one-time identifier EK in the respective geographical area GEO overlap each other, so that at least two one-time identifications EK are simultaneously valid in the respective geographical area GEO. As a result, there is always a slightly older valid one-time identifier EK available, with the help of some older messages N are verifiable.

In each of the geographical areas GEO, another one-off identifier EK which is unique for the respective geographical area GEO and the respective validity period is valid. In the first geographical area GEO the one-time identifier EK_GEO1 is valid for the first geographical area GEO1, in the second geographical area GE02 the one-time identifier is valid for the second geographical area GE02 and in the third geographical area GE03 is a one-time identifier EK_GE03 for the third geographical area GE03 valid.

FIG. 4 shows an exemplary structure of a message N comprising a plurality of fields of different content. The message N comprises data DAT, which may also be referred to as user data. The data DAT include, for example, the traffic flow information or the safety-relevant traffic information. Preferably, the message N also has a sender identification SID, so that the sender of the message N is identifiable.

Furthermore, the message N comprises the one-time identifier EK of the sender of the message N and / or the message check value NP determined depending on the one-time identifier EK of the sender. The message check value NP can be designated, for example, in the form of a message authentication code, which can also be referred to as "message authentication code", or MAC for short. be determined. For example, the one-time identifier EK can be used as the key for determining the message check value NP. The message check value NP is formed, for example, as a function of the data DAT and possibly also dependent on the sender identification SID and / or further fields of the message N. In this way, a manipulation of the message N can be detected. It is also possible to check whether a valid one-time identifier EK was used for determining the message check value NP if the respective recipient of the message N also knows the one-time identifier EK that was used for determining the message check value NP.

However, independently of the one-time code EK, another message check value may also be provided in the message N, which is embodied, for example, as an error check value, for example according to a cyclic redundancy check or CRC for short, or as a message authentication code, for example according to an AES CBC-MAC or HMAC-SHA1, or as a digital signature, for example as an RSA signature according to PKCS # 1 or as a DSA signature. The further message check value may refer to all fields of the message N, except for the field comprising the further message check value, or may refer to a part of the fields of the message N, for example the data DAT and the sender identifier SID.

The message N may also contain the additional information optionally attached to the one-time identification EK, that is to say, for example, the geographical area information GEO_INF and / or the application information ANW_INF and / or the identification check value KP. The message N may also include further information or data. Furthermore, an order of the information and data in the message N may be different from that in the message FIG. 4 shown.

FIG. 5 shows a flowchart of a program for broadcasting Einmalkennungen EK by the respective transmitting station. The program starts in a step S1. In a step S2 in each case at least one one-time identifier EK is determined in a predetermined time interval ZI. The respectively determined one-time identifier EK is determined individually and unambiguously for the respective transmitting station and for the respective time interval. The predetermined time interval ZI preferably has an order of magnitude of seconds or minutes. However, the predetermined time interval ZI can also be specified differently depending on requirements.

The one-time identifier EK is preferably determined as a nonce and in particular as a cryptographic nonce, for example as a random number, pseudorandom number or else as an element of a so-called "hash chain". Such a "hash chain" is an identification list whose list entries each comprise a one-time identifier. The list entries of the identification list are determined on the basis of a predetermined start identifier by recursively applying a predetermined calculation rule. This predetermined calculation rule represents an irreversible mathematical operation, so that consecutive list entries, ie one-time identifications EK, can only be calculated in one direction from the predefined start identifier. By applying the given calculation rule, it is possible to calculate from any list entry a list entry having a greater distance from the predefined start identifier, but not a list entry having a smaller distance from the predefined start identifier. A large distance to the given start identifier compared to a small distance means that the given calculation rule was applied more frequently recursively.

When determining the respective one-time identification EK from such an identification list, the respectively next list entry is then selected which has a smaller distance to the predefined start identifier. The identification list and in particular the start identifier are preferably known only to the respective transmitting station, but not the respective testing device PV in the vehicles. However, preferably predetermined calculation rule also the testers PV known. In this way, a younger one-time identification EK can be checked on the basis of an older one-time identification EK, for example by the testing device PV of the respective recipient, if the younger and the older one-time identification EK originate from the same identification list. For checking purposes, the prescribed calculation rule must be recursively applied once or several times to the younger one-time identifier EK in order to obtain the older one-time identifier EK as the result.

In a third step S3, if necessary, the one-time identifier EK 'of an adjacent transmitting station is received. In a step S4 it can be provided that the geographic area information GEO_INF and / or the application information ANW_INF or also other information, for example with respect to the time validity, are added to the determined one-time code EK. Furthermore, the identifier check value KP can be determined and attached to the determined one-time identifier EK. In a step S5, the one-time identifier EK is optionally broadcast together with the geographical area information GEO_INF and / or the application information ANW_INF and / or the further information and / or the identifier check value KP. Furthermore, the optionally received one-time identification EK 'of the neighboring transmitting station is additionally broadcast.

Furthermore, further steps may be provided for receiving, checking and, if necessary, sending messages N. In a step S6, it is provided that messages N are received which are sent by vehicles or neighboring transmitting stations, for example. However, it may also be provided to receive messages N or the associated data DAT from a traffic data infrastructure which makes this information available centrally for several or all transmitting stations.

In a step S7, the received messages N can be checked. The respective received message N includes a first one-time identifier EK1 of the original sender of the message N or a first message check value NP1 determined as a function of the first one-time identifier EK1. The checking of the respective message N takes place as a function of the first one-time code EK1 and at least one of the one-time identifications EK of the transmitting station and / or of the adjacent transmitting station. If appropriate, a respective second message check value NP2 is determined as a function of the respective message N and the one-time identification EK of the transmitting station and / or of the adjacent transmitting station.

In a step S8, it is checked whether the first one-time code EK1 and the at least one of the one-time identifications EK of the transmitting station or the adjacent transmitting station match or whether the first message check value NP1 matches the second message check value NP2. If so, then the message N may be sent out in a step S9 and the program terminated in a step S10. However, if the conditions in step S8 are not satisfied, then the program is ended in step S10. Preferably, the program is continued in step S2, so that the one-time identifications EK are generated in the predetermined time interval ZI. The determination and broadcasting of the one-time identifications EK and the receiving, checking and transmission of the messages N can also take place in a different order and in particular also in parallel with one another.

FIG. 6 shows a flowchart of a program for sending messages N. The program is executed, for example by the transmitting device SV. The program starts in a step S11. In a step S12, the one-time signal EK radiated by radio through one of the transmitting stations is received. A step S13 may be provided for determining the message check value NP depending on the message N to be sent and the received one-time identifier EK. In a step S14, the one-time identifier EK and / or the determined message check value NP are added to the message N. In a step S15, the message N is transmitted by radio. The The program ends in a step S16 and is repeated, for example, for each message N to be sent.

FIG. 7 shows a flowchart of a program for checking messages N, which comprise a first one-time signal EK1 or a first message check value NP1 determined on the basis of the first one-time code EK1. The first one-time code EK1 or the first message check value NP1 correspond in this case, in particular, to the one-time code EK or the message check value NP, which is generated by the transmitting device SV of the respective message N according to the method described in FIG FIG. 6 was added.

The program starts in a step S20 and is executed by the test apparatus PV, for example. In a step S21, the respective message N is received. In a step S22, a radio-broadcast second single-time identification EK2 is received independently of the message N. The received second one-time identifier EK2 corresponds in particular to the one-time identifier EK, which is transmitted by one of the transmitting stations according to the method described in US Pat FIG. 5 program broadcast.

In a step S23, the message N is checked as a function of the first one-time code EK1 and the second one-time code EK2. For checking, a step S24 may be provided, in which a third one-time identification EK3 is determined as a function of the second one-time identification EK2. The third one-time identification EK3 is preferably determined by applying the predetermined calculation rule once or several times if the first and the second single-time identification EK1, EK2 were determined by one of the transmission stations from the identification list. Furthermore, a step S25 may be provided to determine the second message check value NP2 depending on the message N and the second one-time code EK2 if the message N comprises the first message check value NP1.

Furthermore, a step S26 may be provided for evaluation and checking the geographical area information GEO_INF and / or application information ANW_INF possibly contained in the message N. For this purpose, for example, a current geographical position POS of the vehicle is determined. Furthermore, the geographical area GEO is determined as a function of the geographical area information GEO_INF and possibly the application information ANW_INF, for which the first one-time code EK1 is valid.

In a step S27 it is checked whether the first one-time identifier EK1 matches the second one-time identifier EK2 and / or whether the third one-time identifier EK3 matches the first one-time identifier EK1 and / or if the first message check value NP1 matches the second message check value NP2 and / or ob the current geographical position POS lies within the geographical area GEO, in which the first one-time identifier EK1 is valid. Furthermore, it may be provided to check the identification check value KP, which may have been attached to the first one-time identification EK1 and / or the second one-time identification EK2.

If the respectively relevant condition is fulfilled in step S27, then the message N is recognized as valid in a step S28 and, if appropriate, sent out again in a step S29, for example to other vehicles or transmitting stations. The program is ended in a step S30. However, if the conditions in the step S27 are not satisfied, then the message N is recognized as invalid in the step S31 and the program is ended in the step S30. The program is preferably executed again for each received message N.

By means of temporally and spatially changing one-time identifications EK, the temporal relevance and the spatial relevance of messages N can be ascertained in a simple manner. The fact that the one-time IDs EK are not generated predictable, high security and reliability is possible. This is especially true when the one-time inputs EK by Trusted infrastructure units or transmitting stations, such as a traffic data infrastructure, are broadcast and each protected by an identification check KP. Unauthorized manipulations of the one-time codes EK or messages N are so easily recognizable. In particular, vehicle-to-vehicle communication can be protected by the received one-time IDs EK without requiring synchronized clocks or position-determining units in the vehicles, such as GPS. Furthermore, it is not necessary in this way that in each case between two vehicles or between a vehicle and a transmitting station, a bidirectional communication connection must be established to send messages N protected against unauthorized manipulation and / or to be able to receive. The communication can thus take place spontaneously by simply sending out the respective message N without prior contact with potential recipients of the message N.

Claims (21)

Test method for checking a message (N) which comprises a first one-time code (EK1) or a first message check value (NP1) determined on the basis of the first one-time code (EK1), in which the message (N) is received by radio, - A radio-broadcast second one-time signal (EK2) is received independently of the message (N) and the message (N) is checked for validity as a function of the first one-time code (EK1) and the second one-time code (EK2) and the message (N) is recognized as valid if the first one-time code (EK1) and the second one-time code (EK2 ) or when the first message check value (NP1) coincides with a second message check value (NP2), which is determined as a function of the second one - time code (EK2), or if a third one - time code (EK3) determined by the second one - time code (EK2) coincides with the the first one-time identifier (EK1) matches, and the message (N) is otherwise recognized as invalid. Test method according to claim 1, in which a geographical area information (GEO_INF) is determined for the first one-time code (EK1) and / or for the second one-time code (EK2), a current geographical position (POS) of a receiver of the message (N) currently executing this method is determined, and - The message (N) depending on the geographical area information (GEO_INF) and the determined current geographical position (POS) is checked for validity and the message (N) is recognized as valid if the determined current geographical position (POS) within a geographical area (GEO), which is given as a function of the geographical area information (GEO_INF), and the message (N) is otherwise recognized as invalid. Test method according to claim 2, in which - An application information (ANW_INF) to the first one-time identifier (EK1) and / or to the second one-time identifier (EK2) is determined and - a size of the geographical area (GEO) depending on the application information (ANW_INF) is given. Test method according to one of claims 2 or 3, wherein the geographical area information (GEO_INF) and / or the application information (ANW_INF) of the first one-time identifier (EK1) and / or the second one-time identifier (EK2) is attached. Test method according to one of claims 2 or 3, in which the geographical area information (GEO_INF) and / or the application information (ANW_INF) is retrieved by a server (SERV) for the first one-time code (EK1) and / or for the second one-time code (EK2). , Test method according to one of the preceding claims, in which - the first one-time identifier (EK1) and / or the second one-time identifier (EK2) is accompanied by a respective identifier test value (KP) which was determined as a function of the first one-time identifier (EK1) or the second one-time identifier (EK2), a validity of the first one-time code (EK1) or the second one-time code (EK2) is checked as a function of a key known to the respective recipient of the message (N) and depending on the first one-time code (EK1) or the second one-time code (EK2) and - The message (N) is recognized as valid only if the validity of the first one-time signal (EK1) or the second one-time signal (EK2) was detected. Test method according to one of the preceding claims, in which the third one-time identifier (EK3) is determined by a recursive application of a predetermined calculation rule one or more times depending on the second one-time identifier (EK2). Test method according to one of the preceding claims, in which the acknowledged as valid message (N) is transmitted by radio. Test device for checking a message (N) which comprises a first one-time code (EK1) or a first message check value (NP1) determined as a function of the first one-time code (EK1) for receiving the message (N) by radio, - For receiving a radiated by radio second one-time signal (EK2) regardless of the message (N) and - For checking the message (N) depending on the first one-time signal (EK1) and the second one-time signal (EK2) on their validity, wherein the message (N) is recognized as valid when the first one-time signal (EK1) and the second one-time signal ( EK2) or when the first message check value (NP1) coincides with a second message check value (NP2), which is determined as a function of the second one-time code (EK2), or if a third one-time code (EK3) determined with the second one-time code (EK2) the first one-time identifier (EK1) matches, and the message (N) is otherwise recognized as invalid. Transmission method for sending a message (N), in which a radio-broadcast one-time signal (EK) is received, - the message (N) the received one-time signal (EK) or a message check value (NP), which is determined depending on the received one-time signal (EK) is added, and - The message (N) is sent by radio. Transmitting device for sending a message (N), which is formed for receiving a broadcast one-time signal (EK) by radio, for adding the received one-time code (EK) or a message check value (NP), which is determined as a function of the received one-time code (EK), to the message (N) and - To send the message (N) by radio. Transmission method for transmitting one-time identifications (EC) by a transmitting station, in which - In each case at least one one-time identifier (EK) in a predetermined time interval (ZI) is determined, wherein the respective one-time signal (EK) is determined individually and unambiguously for the transmitting station and for the respective time interval, and - The respective at least one one-time signal (EK) is radiated by radio. A transmission method according to claim 12, wherein the respective one-time identification (EK) is determined by selecting a respective next list entry of an identification list whose list entries are respectively generated by recursively applying a predetermined calculation rule depending on a predetermined start identifier. A transmission method according to claim 12, wherein the respective one-time identifier (EK) is determined as a random value or pseudorandom value. Transmission method according to one of Claims 12 to 14, in which the respective one-time identification (EK) determined in each case is transmitted repeatedly for a predefined period of time which is longer than the predetermined time interval (ZI). Transmission method according to one of Claims 12 to 15, in which at least one one-time identification (EK) is received by an adjacent transmitting station and additionally transmitted. Transmission method according to one of Claims 12 to 16, in which messages (N) are received, checked and if necessary transmitted, the respective message (N) being a first one-time code (EK1) or a first message check value determined as a function of the first one-time code (EK1) (NP1) and the checking of the respective message (N) depending on the first one-time identification (EK1) and at least one of the one-time identifications (EK) of the transmitting station and / or the adjacent transmitting station is performed and the respective message (N) is only transmitted if the first one-time code (EK1) and the at least one of the one-time identifiers (EK) of the transmitting station or the adjacent transmitting station match, or if the first message check value (NP1) matches a second message check value (NP2) which depends on the at least one of the one-time indications (EK) EK) of the transmitting station and / or the adjacent transmitting station is determined. Transmission method according to one of Claims 12 to 17, in which the respective one-time identification (EK) is accompanied by geographical area information (GEO_INF) and / or application information (ANW_INF) and / or a period of validity. A transmission method according to any one of claims 12 to 18, wherein
the respective one-time identification (EK) is accompanied by a respective identification check value (KP), which is determined as a function of the respective one-time identification (EK). Transmitting station, which has a time measuring unit (ZME) and a transmitting unit (SE) and which is formed - For determining in each case at least one one-time signal (EK) in a predetermined time interval (ZI), which is specified by means of the time measuring unit (ZME), wherein the respective one-time signal (EK) is determined individually and unambiguously for the transmitting station and for the respective time interval, and - For radiating the respective at least one one-time signal (EK) by means of the transmitting unit (SE) by radio. System comprising at least two transmitting stations according to claim 20 and at least two testing and / or transmitting devices (SV, PV) according to claim 9 or 11.

Images