Method for executing security-relevant and non-security-relevant software components on a hardware platform
    1.
    发明授权
    Method for executing security-relevant and non-security-relevant software components on a hardware platform 有权
    在硬件平台上执行安全相关和非安全相关的软件组件的方法

    公开(公告)号:US08880827B2

    公开(公告)日:2014-11-04

    申请号:US13501915

    申请日:2010-10-12

    IPC分类号: G06F12/14 G06F11/30 G06F21/74

    CPC分类号: G06F21/74 G06F2221/2105

    摘要: A method for executing safety-relevant and non-safety-relevant software components on a hardware platform comprising a computer, memory and a monitoring component that operates independently of the computer. The safety-relevant software component erects a memory protection against access of a non-safety-relevant function to at least one area of the memory of the safety-relevant function before execution of the non-safety-relevant software component, so that the non-safety-relevant software component does not have access to the areas of the memory being used for safety-relevant components. After the return from the non-safety-relevant component, the memory protection is deactivated and the monitoring function monitors the safety-relevant function for its proper operation.

    摘要翻译: 一种用于在硬件平台上执行安全相关和非安全相关的软件组件的方法,包括独立于计算机操作的计算机,存储器和监控组件。 安全相关软件组件在执行非安全相关软件组件之前,建立了对非安全相关功能访问安全相关功能的存储器的至少一个区域的存储器保护, 安全相关软件组件无法访问用于安全相关组件的内存区域。 从非安全相关组件返回后,存储器保护被禁用,监控功能监控安全相关功能,使其正常工作。

    METHOD FOR EXECUTING SECURITY-RELEVANT AND NON-SECURITY-RELEVANT SOFTWARE COMPONENTS ON A HARDWARE PLATFORM
    2.
    发明申请
    METHOD FOR EXECUTING SECURITY-RELEVANT AND NON-SECURITY-RELEVANT SOFTWARE COMPONENTS ON A HARDWARE PLATFORM 有权
    在硬件平台上执行安全相关和非安全相关软件组件的方法

    公开(公告)号:US20120210085A1

    公开(公告)日:2012-08-16

    申请号:US13501915

    申请日:2010-10-12

    IPC分类号: G06F12/14

    CPC分类号: G06F21/74 G06F2221/2105

    摘要: A method for executing safety-relevant and non-safety-relevant software components on a hardware platform comprising a computer, memory and a monitoring component that operates independently of the computer. The safety-relevant software component erects a memory protection against access of a non-safety-relevant function to at least one area of the memory of the safety-relevant function before execution of the non-safety-relevant software component, so that the non-safety-relevant software component does not have access to the areas of the memory being used for safety-relevant components. After the return from the non-safety-relevant component, the memory protection is deactivated and the monitoring function monitors the safety-relevant function for its proper operation.

    摘要翻译: 一种用于在硬件平台上执行安全相关和非安全相关的软件组件的方法,包括独立于计算机操作的计算机,存储器和监控组件。 安全相关软件组件在执行非安全相关软件组件之前,建立了对非安全相关功能访问安全相关功能的存储器的至少一个区域的存储器保护, 安全相关软件组件无法访问用于安全相关组件的内存区域。 从非安全相关组件返回后,存储器保护被禁用,监控功能监控安全相关功能,使其正常工作。

    Method for secure dynamic bandwidth allocation in a TT ethernet
    4.
    发明授权
    Method for secure dynamic bandwidth allocation in a TT ethernet 有权
    在TT以太网中进行安全动态带宽分配的方法

    公开(公告)号:US08464056B2

    公开(公告)日:2013-06-11

    申请号:US12936093

    申请日:2009-04-02

    申请人: Stefan Poledna

    发明人: Stefan Poledna

    IPC分类号: H04L9/32

    CPC分类号: H04L12/40136 H04L12/413

    摘要: A communication method for transmitting TT Ethernet messages is a distributed real-time system, including a plurality of node computers. Each node computer has an Ethernet controller, which by way of a data line is directly connected to a port of a TTE star coupler, said port being uniquely associated with the node computer. A plurality of TTE star couplers are connected among each other by way of one or more data lines to form a TTE network. A TTE message scheduler dynamically calculates the conflict-free schedules for a number of time-controlled messages and signs the schedule provided for each node with a secret part of a public-key signature before it transmits said schedule to the corresponding node computer. Each node computer integrates the signed periodic schedule, which is transmitted to the node computer in the form of a TTE message header of an ETE message, into each dynamically calculated TTE message. The TTE star couplers check whether each dynamically calculated TTE message contains an authentically signed schedule.

    摘要翻译: 用于发送TT以太网消息的通信方法是包括多个节点计算机的分布式实时系统。 每个节点计算机都有一个以太网控制器,通过数据线直接连接到TTE星形耦合器的端口,所述端口与节点计算机唯一相关联。 多个TTE星形耦合器通过一条或多条数据线相互连接,形成TTE网络。 TTE消息调度器在向所述对应的节点计算机发送所述调度之前,动态地计算多个时间控制的消息的无冲突的调度并且向每个节点提供具有公开密钥签名的秘密部分的调度。 每个节点计算机将以ETE消息的TTE消息头的形式发送到节点计算机的签名的周期性调度集成到每个动态计算的TTE消息中。 TTE星形耦合器检查每个动态计算的TTE消息是否包含真实签名的时间表。

    METHOD AND DEVICE FOR FAULT-TOLERANT, TIME-CONTROLLED REAL-TIME COMMUNICATION
    5.
    发明申请
    METHOD AND DEVICE FOR FAULT-TOLERANT, TIME-CONTROLLED REAL-TIME COMMUNICATION 有权
    用于容错,时间控制的实时通信的方法和设备

    公开(公告)号:US20130086432A1

    公开(公告)日:2013-04-04

    申请号:US13639456

    申请日:2011-04-07

    IPC分类号: G06F11/00

    摘要: The aim of the present invention is that of establishing a fault-tolerant global time in a fault-tolerant communication system of a distributed real-time system. For this purpose, a fault-tolerant message switching unit is provided, which is composed of four independent switching units. These four independent switching units jointly establish a fault-tolerant time. The terminal systems are connected to a fault-tolerant message switching unit via two independent fail-silent communication channels, so that the clock synchronization and network connections are preserved, even if a part of the fault-tolerant switching unit or of a communication channel fails.

    摘要翻译: 本发明的目的是在分布式实时系统的容错通信系统中建立容错全球时间。 为此,提供了由四个独立的交换单元组成的容错消息交换单元。 这四个独立的交换单元共同建立了容错时间。 终端系统经由两个独立的故障无声通信信道连接到容错消息交换单元,使得即使部分容错交换单元或通信信道出现故障,也能保持时钟同步和网络连接 。

    TIME-CONTROLLED SECURE COMMUNICATION
    6.
    发明申请
    TIME-CONTROLLED SECURE COMMUNICATION 有权
    时间控制的安全通信

    公开(公告)号:US20090086763A1

    公开(公告)日:2009-04-02

    申请号:US12162198

    申请日:2006-06-30

    IPC分类号: H04J3/00

    摘要: The invention relates to a method for transmitting messages via a time-controlled communication system (ZK) between a number of IP cores, with each IP core having an information-processing subsystem (IVS) and a network controller (NK), with each NK having at least two interfaces, an interface for the ZK and a second interface for the IVS, characterised in that a distinction is drawn between privileged and non-privileged messages of the ZK, and where the transmission parameters relating to the ZK of a port of the NK, such as the periodically recurring transmission time of a time-controlled message and the maximum transmission duration after each transmission time, can be set exclusively by a privileged message via the ZK or directly by a privileged entity (privileged IP core), and where each NK intends to send a message starts to transmit the message autonomously exactly at the time of the next transmission time, and ends the transmission process at the latest after the assigned maximum transmission duration has elapsed. The invention additionally relates to a system-on-chip (SoC) for carrying out a method such as this.

    摘要翻译: 本发明涉及一种用于经由多个IP核之间的时间控制通信系统(ZK)发送消息的方法,每个IP核具有信息处理子系统(IVS)和网络控制器(NK),每个NK 具有至少两个接口,用于ZK的接口和用于IVS的第二接口,其特征在于,在ZK的特权消息和非特权消息之间划分描述,并且其中与ZK的端口的ZK相关的传输参数 诸如时间控制消息的周期性循环传输时间和每个传输时间之后的最大传输持续时间的NK可以由特权消息经由ZK或直接由特权实体(特权IP核)专门设置,以及 其中每个NK打算发送消息开始在下一个发送时间时自动发送消息,并且在分配的最大值之后最后结束发送处理 传输持续时间已过。 本发明还涉及一种用于执行诸如此的方法的片上系统(SoC)。

    System on chip fault detection
    7.
    发明授权
    System on chip fault detection 有权
    系统片上故障检测

    公开(公告)号:US08732522B2

    公开(公告)日:2014-05-20

    申请号:US13383011

    申请日:2010-07-07

    申请人: Stefan Poledna

    发明人: Stefan Poledna

    IPC分类号: G06F11/00

    摘要: The invention relates to a method for fault identification in a System-on-Chip (SoC) consisting of a number of IP cores, wherein each IP core is a fault containment unit, and where the IP cores communicate with one another by means of messages via a Network-on-Chip, and wherein an excellent IP core provides a TRM (Trusted Resource Monitor), wherein a faulty control message which is sent from one non-privileged IP core to another non-privileged IP core is identified and projected by an (independent) fault container unit, as a result of which this faulty control message cannot cause any failure of the message receiver.

    摘要翻译: 本发明涉及一种由多个IP核构成的片上系统(SoC)中的故障识别方法,其中每个IP核是故障容纳单元,并且其中IP核通过消息彼此通信 并且其中优秀的IP内核提供TRM(可信资源监视器),其中从一个非特权IP核发送到另一非特权IP核的故障控制消息被识别并由 一个(独立的)故障容器单元,因此该故障控制消息不会导致消息接收器的任何故障。

    SYSTEM ON CHIP FAULT DETECTION
    8.
    发明申请
    SYSTEM ON CHIP FAULT DETECTION 有权
    芯片故障检测系统

    公开(公告)号:US20120124411A1

    公开(公告)日:2012-05-17

    申请号:US13383011

    申请日:2010-07-07

    申请人: Stefan Poledna

    发明人: Stefan Poledna

    IPC分类号: G06F11/00

    摘要: The invention relates to a method for fault identification in a System-on-Chip (SoC) consisting of a number of IP cores, wherein each IP core is a fault containment unit, and where the IP cores communicate with one another by means of messages via a Network-on-Chip, and wherein an excellent IP core provides a TRM (Trusted Resource Monitor), wherein a faulty control message which is sent from one non-privileged IP core to another non-privileged IP core is identified and projected by an (independent) fault container unit, as a result of which this faulty control message cannot cause any failure of the message receiver.

    摘要翻译: 本发明涉及一种由多个IP核构成的片上系统(SoC)中的故障识别方法,其中每个IP核是故障容纳单元,并且其中IP核通过消息彼此通信 并且其中优秀的IP内核提供TRM(可信资源监视器),其中从一个非特权IP核发送到另一非特权IP核的故障控制消息被识别并由 一个(独立的)故障容器单元,因此该故障控制消息不会导致消息接收器的任何故障。

    Time-controlled secure communication
    9.
    发明授权
    Time-controlled secure communication 有权
    时间控制的安全通信

    公开(公告)号:US08301885B2

    公开(公告)日:2012-10-30

    申请号:US12162198

    申请日:2006-06-30

    IPC分类号: H04L9/32

    摘要: A method for transmitting messages via a time-controlled communication system (ZK) between a number of IP cores is provided. Each IP core has an information-processing subsystem (IVS) and a network controller (NK). Each NK has at least two interfaces, one for the ZK and a one for the IVS, wherein a distinction is drawn between privileged and non-privileged messages of the ZK, and where the transmission parameters relating to the ZK of a port of the NK, such as the periodically recurring transmission time of a message and the maximum transmission duration after each transmission time, can be set by a privileged message via the ZK or directly by a privileged entity. Each NK intending to transmit a message starts to transmit the message autonomously exactly at the time of the next set transmission time and interrupts the transmission process no later than the assigned maximum transmission duration has elapsed.

    摘要翻译: 提供了一种通过时间控制的通信系统(ZK)在多个IP核之间传送消息的方法。 每个IP核具有信息处理子系统(IVS)和网络控制器(NK)。 每个NK具有至少两个接口,一个用于ZK,一个用于IVS,其中在ZK的特权和非特权消息之间划分描述,并且其中与NK的端口的ZK相关的传输参数 ,例如消息的周期性循环发送时间和每个发送时间之后的最大发送持续时间,可以通过ZK的特权消息或直接由特权实体来设置。 想要发送消息的每个NK开始在下一个设置的传输时间时自动地发送消息,并且不迟于分配的最大传输持续时间已经过去中断传输过程。

    Autocratic low complexity gateway/ guardian strategy and/or simple local guardian strategy for flexray or other distributed time-triggered protocol
    10.
    发明授权
    Autocratic low complexity gateway/ guardian strategy and/or simple local guardian strategy for flexray or other distributed time-triggered protocol 有权
    专利低复杂度网关/监护策略和/或简单的本地保护策略,用于flexray或其他分布式时间触发协议

    公开(公告)号:US08204037B2

    公开(公告)日:2012-06-19

    申请号:US12198611

    申请日:2008-08-26

    IPC分类号: H04J3/24

    摘要: A special node is used in a distributed time-triggered cluster. The special node comprises protocol functionality to establish a time base to use in communicating with a plurality of end nodes and to source timing-related frames to the plurality of end nodes in accordance with the distributed time-triggered communication protocol. The protocol functionality establishes the time base without regard to any timing-related frame sourced from any of the plurality of end nodes. In one embodiment, the protocol functionality of the special node is implemented in a low complexity manner. In one embodiment, the cluster comprises a star topology and the special node performs at least one of semantic filtering and rate enforcement. In another embodiment, the cluster comprises a bus or peer-to-peer topology and each end node is coupled to the communication channel using a low-complexity special local bus guardian.

    摘要翻译: 在分布式时间触发的群集中使用特殊节点。 特殊节点包括协议功能,以建立用于与多个终端节点通信的时基,并根据分布式时间触发通信协议向多个终端节点发送与时序相关的帧。 协议功能建立时基,而不考虑来自多个终端节点中的任一个的任何与时序有关的帧。 在一个实施例中,以低复杂度方式实现特殊节点的协议功能。 在一个实施例中,集群包括星形拓扑,并且特殊节点执行语义过滤和速率实施中的至少一个。 在另一个实施例中,群集包括总线或对等拓扑,并且每个端节点使用低复杂度的特殊本地总线监控器耦合到通信信道。