US 11,657,715 B2
Method for providing a safe operation of subsystems within a safety critical system
Kai Höfig, Munich (DE)
Assigned to SIEMENS MOBILITY GMBH, Bayern (DE)
Appl. No. 16/636,353
Filed by Siemens Aktiengesellschaft, Munich (DE)
PCT Filed Jun. 18, 2018, PCT No. PCT/EP2018/066060
§ 371(c)(1), (2) Date Feb. 4, 2020,
PCT Pub. No. WO2019/029877, PCT Pub. Date Feb. 14, 2019.
Claims priority of application No. 17185954 (EP), filed on Aug. 11, 2017.
Prior Publication US 2020/0166933 A1, May 28, 2020
Int. Cl. G08G 1/16 (2006.01); H04L 9/08 (2006.01); G07C 5/00 (2006.01); G07C 5/08 (2006.01)
CPC G08G 1/162 (2013.01) [G07C 5/008 (2013.01); G07C 5/0816 (2013.01); H04L 9/0819 (2013.01)] 15 Claims
OG exemplary drawing
 
1. A method for providing a safe operation of subsystems within a safety critical system (SCS), the method comprising:
assessing a malfunction within a malfunctioning subsystem among the subsystems of the SCS;
sending, by the malfunctioning subsystem of the SCS, a malfunction signal via a communication unit of the malfunctioning subsystem to communication units of the other subsystems among the subsystems of the SCS, wherein the malfunction signal includes a cryptographic key being unique to the malfunctioning subsystem;
decrypting, by a control unit of each of the other subsystems of the SCS, the cryptographic key of the malfunction signal;
initiating collective safety management of the malfunctioning subsystem and the other subsystems when the decrypted cryptographic key is valid; and
communicating to the subsystems of the SCS that the cryptographic key of the malfunctioning subsystem is expired due to the sending of the malfunction signal;
wherein the cryptographic key is a one-time key such that it is not possible for the malfunctioning subsystem to send another valid malfunction signal to initiate another collective safety management until the malfunctioning subsystem receives a new cryptographic key.