(19)
(11)EP 3 219 575 B1

(12)EUROPEAN PATENT SPECIFICATION

(45)Mention of the grant of the patent:
04.11.2020 Bulletin 2020/45

(21)Application number: 16305296.2

(22)Date of filing:  17.03.2016
(51)International Patent Classification (IPC): 
B61L 27/00(2006.01)
B61L 15/00(2006.01)

(54)

METHOD FOR SECURING THE EXCHANGE OF AUTHENTICATION KEYS AND ASSOCIATED KEY MANAGEMENT MODULE

VERFAHREN ZUR SICHERUNG DES AUSTAUSCHS VON AUTHENTIFIZIERUNGSSCHLÜSSELN UND ZUGEHÖRIGES SCHLÜSSELVERWALTUNGSMODUL

PROCÉDÉ POUR SÉCURISER UN ÉCHANGE DE CLÉS D'AUTHENTIFICATION ET MODULE DE GESTION DE CLÉS ASSOCIÉES


(84)Designated Contracting States:
AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

(43)Date of publication of application:
20.09.2017 Bulletin 2017/38

(73)Proprietor: ALSTOM Transport Technologies
93400 Saint-Ouen (FR)

(72)Inventors:
  • RADOMIAK, Andre
    3001 Heverlee (BE)
  • MAGDELYNS, Xavier
    5380 Cortil-Wodon (BE)
  • FOSSION, Stéphanie
    5032 Bothey (BE)
  • BAGLIVO, Stephano
    40054 Budrio (IT)

(74)Representative: Lavoix 
2, place d'Estienne d'Orves
75441 Paris Cedex 09
75441 Paris Cedex 09 (FR)


(56)References cited: : 
EP-A1- 1 533 971
US-A1- 2004 236 965
DE-A1-102011 006 772
  
      
    Note: Within nine months from the publication of the mention of the grant of the European patent, any person may give notice to the European Patent Office of opposition to the European patent granted. Notice of opposition shall be filed in a written reasoned statement. It shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention).


    Description


    [0001] The present invention concerns a method for securing the exchange of authentication keys used for symmetric data encryption communication between at least two communication modules.

    [0002] The present invention also concerns a key management module performing this method.

    [0003] At least one of said two communication modules is comprised in trackside equipment associated to a train control system and the other is an onboard communication module embedded in a railroad vehicle.

    [0004] The invention is notably used for a train control system implemented according to the European Train Control System (ETCS) standard. The invention particularly relates to level 2 or 3 of the ETCS standard.

    [0005] The document DE 10 2011 006 772 A1 discloses a system and method for a key management of a train control system.

    [0006] As known in the art, the ETCS standard allows the communication between trackside equipment and the railroad vehicle moving along the corresponding track. Trackside equipment is notably presented by Radio Block Centre (RBC) and Eurobalises distributed along the tracks and making it possible for example to control the speed and movement of the railroad vehicle.

    [0007] In ETCS level 2 or 3, the communication between trackside equipment (e.g. RBC) and the railroad vehicle is based on a safe protocol called Euroradio protocol and constructed over the GSM-R standard and in particular, over its circuit switching or packet switching (e.g. GPRS) extension for data transmission.

    [0008] To ensure a safe and secured interface between railroad communication modules, the Euroradio protocol for such type of communication makes use of symmetric authentication techniques (e.g. without data encryption).

    [0009] In particular, the Euroradio protocol allows the authentication of transmitting data by symmetric authentication keys, called KMAC keys ("Key Management Authentication Code"). The authentication keys are known by each railroad communication module and shall remain secret to ensure the required safety and security level.

    [0010] To maintain such safety and security level, it is known in the art that a regular updating of the authentication keys mitigates the disclosure of these KMAC keys by a malicious party. To this end, new authentication keys may be regularly transmitted by a key management module to each railroad communication module.

    [0011] To keep secret the authentication keys during their distribution to their end user, namely the trackside or onboard communication module, the authentication keys are transmitted in a message encrypted using transportation keys, called also KTRANS ("Key for TRANsport").

    [0012] The transportation keys are known only by the authority that issued it, the key management module, and the communication module. This last module is the recipient of the message containing the authentication keys.

    [0013] However, such method for securing the distribution of transportation keys (KTRANS for ETCS) is not completely satisfying.

    [0014] Particularly, the confidentiality of initialization (i.e. first distribution of the transportation key into the communication modules) and its update are based on a human procedure, hence opening potential weakness on the transportation key disclosure. Moreover, a secured human procedure requires a heavy and constraining procedure that jeopardizes the regular update of the transportation key, leading to a degradation of the security level with time.

    [0015] One aim of the invention is to provide a method for securing the exchange of authentication keys having a security level which does not degrade with time.

    [0016] To this end, the invention concerns a method for securing the distribution of authentication keys according to claim 1.

    [0017] According to embodiments, the method is according to any of claims 2 to 6.

    [0018] The present invention concerns also a key management module for securing the distribution of authentication keys according to claim 7.

    [0019] The invention will be better understood, upon reading of the following description, taken solely as an example, and made in reference to the following drawings, in which:
    • figure 1 is a schematic view of a railroad vehicle traveling on a railroad track and managed by a train control system, the train control system comprising a key management module according to the invention;
    • figure 2 is a schematic view of the key management module of figure 1; and
    • figure 3 is a general flow chart of steps of the method according to the invention. A railroad vehicle 10 travelling on a railroad track 12 is illustrated on figure 1.


    [0020] The vehicle 10 is for example a passenger train.

    [0021] In general case, the term "railroad vehicle" refers to any guided vehicle, i.e. any vehicle capable of travelling on a railroad track.

    [0022] The vehicle 10 comprises notably a plurality of onboard systems 13, allowing the control of the vehicle 10, and an onboard communication module 14, able to provide a wireless communication between the onboard systems 13 and exterior systems, such as a control system 18, as it will be explained below.

    [0023] The movement of the vehicle 10 on the railroad track 12 is managed by a train control system 18.

    [0024] The train control system 18 is implemented preferably according to the European Train Control System standard, which is usually denoted as ETCS standard, more preferably in its level 2 or 3.

    [0025] The train control system 18 comprises a control center 20, located away from the railroad track 12, and trackside equipment 22 distributed along the railroad track 12 or concentrated and connected to the control center 20 by a suitable network 24.

    [0026] Trackside equipment 22 comprises notably a plurality of trackside entities, 26A to 26N. Each trackside entity 26A to 26N is associated to a section of the railroad track 12 and able to collect and transmit to the control center 20 at least some data relative to the vehicle 10 when it is moving on the associated section.

    [0027] Each trackside entity 26A to 26N is further able to communicate with the railroad vehicle 10 over a wireless bi-directional link, in order to exchange data related for example to the authorized speed of movement on the associated section, movement permissions on this section, etc., in one direction, and the position of the vehicle, etc., in the other direction.

    [0028] In particular, each trackside entity 26A to 26N comprises a railroad communication module 28A to 28N performing the data exchange with the control center 20 and with the onboard communication module 14 of the vehicle 10.

    [0029] The wireless communication between the communication modules 28A to 28N and 14 is constructed over the GSM-R standard and in particular, over its circuit switching or packet switching (e.g. GPRS) extension for data transmission.

    [0030] Data transmission between modules 28A to 28N and 14 is a data transmission using a symmetric data authentication technique.

    [0031] This data transmission responds to a required safety level, defined by railroad authorities.

    [0032] When the train control system 18 is implemented according to the ETCS standard, the authentication data transmission between the modules 28A to 28N and 14 or between 28A to 28N over the network 24 is implemented according to the Euroradio protocol known in the art and used in the ETCS standard.

    [0033] The railroad communication modules 28A to 28N are implemented in a similar way. Thus, only the railroad communication module 28A will be explained in details below.

    [0034] The control center 20 manages the trackside equipment 22 in function of the data collected by the trackside entities 26A to 26N.

    [0035] The control center 20 comprises a key management module 34 distributing the symmetric keys to the railroad communication modules 28A to 28N and the onboard communication module 14.

    [0036] The key management module 34 and the communication modules 28A and 14 are illustrated more in details on figure 2.

    [0037] In reference to figure 2, the key management module 34 comprises a first transceiver 41 for a direct wireless communication with the onboard communication module 14 of the vehicle 10, a second transceiver 42 for the communication with the railroad communication module 28A of the trackside entity 26A via the network 24, and a key server 43, providing symmetric keys for wireless communication link between the railroad communication modules 28A to 28N and the onboard communication module 14 or wired communication between 28A to 28N.

    [0038] In one embodiment of the invention, the key management module 34 is connected to a certification authority module 44, also called remote controller, able to deliver and to verify certificates at the purpose of the communication modules 28A,14 and key management module 34. The remote controller is, for example, able to deliver a certificate including a public key for the asymmetric cryptographic technique to each key manager 48, 51.

    [0039] The railroad communication module 28A comprises a first transceiver 46 for wireless communication with the onboard communication module 14, a second transceiver 47 for communication with the key management module 34, via network 24, and a key manager 48 allowing the encrypted and/or authenticated data transmission for wireless communication between the railroad communication modules 28A to 28N and the onboard communication module 14 or wired communication between modules 28A to 28N over network 24. The transceiver 47 communicates also with the certification authority module 44 for the reception or verification of certificates at the purpose of the key manager 48

    [0040] The onboard communication module 14 of the vehicle 10 comprises a transceiver 50 for wireless communication both with the railroad communication module 28A of the trackside entity 26A and the key management module 34 of the control center 20 and the certification authority module 44, and a key manager 51 allowing the encrypted or authenticated data transmission for wireless communication between the railroad communication modules 28A to 28N and the onboard communication module 14 or the certification authority module 44 directly, when this module 44 has an embedded communication module, or via the key management module 34 otherwise.

    [0041] To perform a symmetric data authentication technique for the exchange of data between one railroad communication modules 28A to 28N and the onboard communication module 14, or between modules 28A to 28N, each key manager 48, 51 of each communication module 28A, 14 comprises a same plurality of authentication keys used to encrypt or authenticate data transmitted between these modules.

    [0042] Thus, for example, data transmitted from the onboard communication module 14 to the railroad communication module 28A is encrypted or authenticated by the transceiver 50 using one or several authentication keys stored in both key managers 48, 51.

    [0043] When the first transceiver 46 of the railroad communication module 28A receives this data, it authenticates the data using the same authentication keys.

    [0044] When the train control system 18 is implemented according to the ETCS standard, the authentication keys are called KMAC keys ("Key Management Authentication Code").

    [0045] The authentication keys are generated by the key server 43 of the key management module 34.

    [0046] The authentication keys are then distributed by the key server 43 to each communication module 28A, 14 according to a method 100 for securing the exchange of authentication keys according to the invention.

    [0047] Each key manager 48, 51 is further able to generate a public key and an associated private key for implement an asymmetric cryptographic technique as it will be explained by the method 100.

    [0048] The method 100 will be described hereinafter in reference to figure 3 presenting a general flow chart of its steps.

    [0049] Initially, the authentication keys are generated by the key server 43.

    [0050] During the step 109, the remote controller 44 delivers a certificate including a public key for the asymmetric cryptographic technique to each key manager 48, 51.

    [0051] Then, the step 109 is repeated for each railroad communication module 28A of the trackside entity 26A.

    [0052] Then, during step 110, the key server 43 generates one or several transportation keys. A transportation key is generated for each communication module 28A, 14.

    [0053] The transportation keys are used to encrypt or decrypt messages containing the authentication keys exchanged between the control center 20 and the corresponding communication module, using a symmetric cryptographic technique as it will be explained below.

    [0054] It shall be noted that the transportation keys may be different for different communication modules 28A and 14, but they are all known by the key server 43.

    [0055] During the next step 120, the key server 43 transmits the generated transportation keys to the corresponding communication modules 28A, 14 via the first or the second transceiver 41, 42 using an asymmetric data cryptographic technique.

    [0056] In particular, this step 120 includes several sub-steps.

    [0057] During the first sub-step 121, the first transceiver 41 of the key management module 34 initializes a securing connection with the onboard communication module 14 according for example to the TLS (Transport Layer Security) protocol. The TLS protocol is defined for example in the RFC 6176 document.

    [0058] In particular, during this sub-step 121, the first transceiver 41 and the transceiver 50 initialize a connection using a handshaking technique.

    [0059] Then, the first transceiver 41 exchanges certificates from the transceiver 50 of the onboard communication module 14. The certificates include in particular a public key generated by the key manager 51 of the onboard communication module 14.

    [0060] In one embodiment of the invention, the remote controller 44 verifies the certificate and if its authentication is not successful, reinitializes the connection with the transceiver 50.

    [0061] During the next sub-step 122, the first transceiver 41 encrypts the transportation keys generated for the onboard communication module 14 using a session key derived from the public key of the received certificate.

    [0062] During the next sub-step 123, the first transceiver 41 transmits the encrypted message to the transceiver 50 of the onboard communication module 14. The transceiver 50 decrypts this message using the session key established in sub-step 122.

    [0063] Then, the steps 121 to 123 are repeated in a similar way in order to transmit the corresponding transportation keys to the railroad communication module 28A of the trackside entity 26A. In this case, the sub-steps 121 to 123 are performed by the second transceiver 42 of the key management module 34.

    [0064] During the next step 130, for the transmission of new authentication keys to a recipient communication module, the first or the second transceiver, 41 or 42, generates a message containing the new authentication keys, the message contained authentication keys being encrypted according to a symmetric cryptographic technique similar to the symmetric cryptographic technique used for the communication between the railroad communication modules 28A and the onboard communication module 14. This encryption is performed using the transportation keys specific of the recipient communication module.

    [0065] Then, the first or the second transceivers 41, 42 transmits this message to the recipient communication modules 28A and 14, which decrypts it using the transportation keys. The extracted new authentication key is stored into the key managers 48 or 51.

    [0066] An authentication key is thus stored in both key managers 48 and 51 and can be further used for the encrypted data transmission between the communication modules 28A and 14 or between 28A and 28N.

    [0067] The method 100 is repeated each time a transportation key update is necessary. This allows maintaining the required security level of the encrypted data transmission with time.

    [0068] The method according to the invention provides a transportation keys initialization and update in a particularly simple way. The initialization and update can be done remotely and does not need a local intervention on the remote equipment, trackside or trainborne.

    [0069] The invention further ensures the required safety and security level of the train control system and is particularly useful to mitigate the risk of transportation keys disclosure.


    Claims

    1. Method (100) for securing the distribution of authentication keys used for symmetric data authenticated communication between at least a first and a second communication modules (14, 28A, ..., 28N), the first communication module (28A, ..., 28N) being comprised in trackside equipment (22) associated to a train control system (18) and the second communication module (14) being onboard a railroad vehicle (10) travelling on a track (12) managed by said train control system (18), said train control system (18) comprising a control center (20), located away from the railroad track (12),
    the method (100) comprising a step (130) of transmitting an authentication key to at least one communication module (14, 28A, ..., 28N) among the first and second communication modules, the transmission being performed by a symmetric data encryption communication between a key server (43) comprised in a key management module (34) of said control center (20) and said communication module (14, 28A, ..., 28N), using a transportation key known by said communication module (14, 28A, ..., 28N),
    the method (100) further comprising a preliminary step (120) of transmitting the transportation key to said communication module (14, 28A, ..., 28N), the preliminary transmission being performed by an asymmetric data encryption communication between the key server (43) and said communication module (14, 28A, ..., 28N) using a public key generated by said communication module (14, 28A, ..., 28N),
    the method (100) being characterised in that the preliminary step (120) of transmitting the transportation key comprises the following sub-steps:

    - receiving (121) from said communication module (14, 28A, ..., 28N), a certificate including a public key;

    - encrypting (122) the transportation key into an encrypted message using said public key;

    - transmitting (123) the encrypted message including the transportation key to said communication module (14, 28A, ..., 28N), the encrypted message being decrypted by said communication module (14, 28A, ..., 28N) using a session key derived from said public key.


     
    2. Method (100) according to claim 1, wherein the preliminary step (120) of transmitting the transportation key is performed using a Transport Layer Security (TLS) protocol.
     
    3. Method (100) according to claim 2, wherein the preliminary step (120) of transmitting the transportation key comprises a remote authentication of the certificate.
     
    4. Method (100) according to anyone of the preceding claims, wherein the train control system (18) is implemented according to an European Train Control System standard.
     
    5. Method (100) according to claim 4, wherein the communication between any communication modules (14, 28A, ..., 28N) is a wireless or wired communication according to an Euroradio protocol.
     
    6. Method (100) according to anyone of the preceding claims, further comprising a step (109) of delivering to each communication module (14, 28A, ..., 28N) a certificate including a public key for the asymmetric data encryption communication, said step being implemented before the preliminary step (120) of transmitting the transportation key.
     
    7. Key management module (34) configured to secure the distribution of authentication keys used for symmetric data authenticated communication between at least a first and a second communication modules (14, 28A, ..., 28N), the first communication module (28A, ..., 28N) being comprised in trackside equipment (22) associated to a train control system (18) and the second communication module (14) being onboard a railroad vehicle (10) travelling on a track (12) managed by said train control system (18), said train control system (18) comprising a control center (20), located away from the railroad track (12),
    the key management module (34) being configured to transmit an authentication key to at least one communication module (14, 28A, ..., 28N) among the first and second communication modules, the transmission being performed by a symmetric data encryption communication between a key server (43) being comprised in the key management module (34) of said control center (20) and said communication module (14, 28A, ..., 28N), using a transportation key known by said communication module (14, 28A, ..., 28N),
    the key management module (34) being further configured to transmit the transportation key to said communication module (14, 28A, ..., 28N), the transmission being performed by an asymmetric data encryption communication between the key server (43) and said communication module (14, 28A, ..., 28N) using a public key generated by said communication module (14, 28A, ..., 28N),
    characterised in that the transmission of the transportation key comprises:

    - receiving from said communication module (14, 28A, ..., 28N), a certificate including a public key;

    - encrypting the transportation key into an encrypted message using said public key;

    - transmitting the encrypted message including the transportation key to said communication module (14, 28A, ..., 28N), the encrypted message being decrypted by said communication module (14, 28A, ..., 28N) using a session key derived from said public key.


     


    Ansprüche

    1. Verfahren (100) zum Sichern der Verteilung von Authentifizierungsschlüsseln, die für die symmetrische authentifizierte Datenkommunikation zwischen mindestens einem ersten und einem zweiten Kommunikationsmodul (14, 28A, ..., 28N) verwendet werden, wobei das erste Kommunikationsmodul (28A, ..., 28N) in einer streckenseitigen Einrichtung (22) enthalten ist, die einem Zugsteuerungssystem (18) zugeordnet ist, und das zweite Kommunikationsmodul (14) sich an Bord eines Schienenfahrzeugs (10) befindet, das auf einem von dem Zugsteuerungssystem (18) verwalteten Gleis (12) fährt, wobei das Zugsteuerungssystem (18) ein Kontrollzentrum (20) aufweist, das sich entfernt von dem Zuggleis (12) befindet,
    wobei das Verfahren (100) einen Schritt (130) der Übertragung eines Authentifizierungsschlüssels an mindestens ein Kommunikationsmodul (14, 28A, ..., 28N) von dem ersten und dem zweiten Kommunikationsmodul aufweist, wobei die Übertragung durch eine symmetrische Datenverschlüsselungs-Kommunikation zwischen einem SchlüsselServer (43), der in einem Schlüsselverwaltungsmodul (34) des Steuerzentrums (20) enthalten ist, und dem Kommunikationsmodul (14, 28A, ..., 28N) unter Verwendung eines dem Kommunikationsmodul (14, 28A, ..., 28N) bekannten Transportschlüssels durchgeführt wird,
    wobei das Verfahren (100) außerdem einen vorbereitenden Schritt (120) der Übertragung des Transportschlüssels an das Kommunikationsmodul (14, 28A, ..., 28N) aufweist, wobei die vorbereitende Übertragung durch eine asymmetrische Datenverschlüsselungs-Kommunikation zwischen dem Schlüsselserver (43) und dem Kommunikationsmodul (14, 28A, ..., 28N) unter Verwendung eines öffentlichen Schlüssels durchgeführt wird, der von dem Kommunikationsmodul (14, 28A, ..., 28N) erzeugt wird,
    wobei das Verfahren (100) dadurch charakterisiert ist, dass
    der vorbereitende Schritt (120) der Übertragung des Transportschlüssels die folgenden Unterschritte aufweist:

    - Empfangen (121) eines Zertifikats, das einen öffentlichen Schlüssel enthält, von dem Kommunikationsmodul (14, 28A, ..., 28N);

    - Verschlüsseln (122) des Transportschlüssels in eine verschlüsselte Nachricht unter Verwendung des öffentlichen Schlüssels;

    - Übertragen (123) der verschlüsselten Nachricht, die den Transportschlüssel enthält, an das Kommunikationsmodul (14, 28A, ..., 28N), wobei die verschlüsselte Nachricht durch das Kommunikationsmodul (14, 28A, ..., 28N) unter Verwendung eines von dem öffentlichen Schlüssel abgeleiteten Sitzungsschlüssels entschlüsselt wird.


     
    2. Verfahren (100) nach Anspruch 1, wobei der vorbereitende Schritt (120) der Übertragung des Transportschlüssels unter Verwendung eines Transport Layer Security (TLS)-Protokolls durchgeführt wird.
     
    3. Verfahren (100) nach Anspruch 2, wobei der vorbereitende Schritt (120) des Übertragens des Transportschlüssels eine Fernauthentifizierung des Zertifikats aufweist.
     
    4. Verfahren (100) nach einem der vorhergehenden Ansprüche, wobei das Zugsteuerungssystem (18) gemäß einer europäischen Norm für Zugsteuerungssysteme implementiert wird.
     
    5. Verfahren (100) nach Anspruch 4, wobei die Kommunikation zwischen jeglichen Kommunikationsmodulen (14, 28A, ..., 28N) eine drahtlose oder drahtgebundene Kommunikation gemäß einem Euroradio-Protokoll ist.
     
    6. Verfahren (100) gemäß irgendeinem der vorhergehenden Ansprüche, das weiterhin einen Schritt (109) der Lieferung eines Zertifikats, das einen öffentlichen Schlüssel für die asymmetrische Datenverschlüsselungskommunikation enthält, an jedes Kommunikationsmodul (14, 28A, ..., 28N) aufweist, wobei dieser Schritt vor dem vorbereitenden Schritt (120) der Übertragung des Transportschlüssels implementiert wird.
     
    7. Schlüsselverwaltungsmodul (34), eingerichtet zum Sichern der Verteilung von Authentifizierungsschlüsseln, die für die authentifizierte symmetrische Datenkommunikation zwischen mindestens einem ersten und einem zweiten Kommunikationsmodul (14, 28A, ..., 28N) verwendet werden, wobei das erste Kommunikationsmodul (28A, ..., 28N) in einer streckenseitigen Einrichtung (22) enthalten ist, die einem Zugsteuerungssystem (18) zugeordnet ist, und das zweite Kommunikationsmodul (14) sich an Bord eines Schienenfahrzeugs (10) befindet, das auf einem von dem Zugsteuerungssystem (18) verwalteten Gleis (12) fährt, wobei das Zugsteuerungssystem (18) ein Kontrollzentrum (20) aufweist, das sich entfernt von dem Zuggleis (12) befindet,
    wobei das Schlüsselverwaltungsmodul (34) eingerichtet ist, einen Authentifizierungsschlüssel an mindestens ein Kommunikationsmodul (14, 28A, ..., 28N) von dem ersten und dem zweiten Kommunikationsmodul zu übertragen, wobei die Übertragung durch eine symmetrische Datenverschlüsselungs-Kommunikation zwischen einem Schlüsselserver (43), der in dem Schlüsselverwaltungsmodul (34) des Steuerzentrums (20) enthalten ist, und dem Kommunikationsmodul (14, 28A, ..., 28N) unter Verwendung eines dem Kommunikationsmodul (14, 28A, ..., 28N) bekannten Transportschlüssels durchgeführt wird,
    wobei das Schlüsselverwaltungsmodul (34) ferner eingerichtet ist, den Transportschlüssel an das Kommunikationsmodul (14, 28A, ..., 28N) zu übertragen, wobei die Übertragung durch eine asymmetrische Datenverschlüsselungs-Kommunikation zwischen dem Schlüsselserver (43) und dem Kommunikationsmodul (14, 28A, ..., 28N) unter Verwendung eines öffentlichen Schlüssels erfolgt, der von dem Kommunikationsmodul (14, 28A, ..., 28N) erzeugt wird, erfolgt,
    dadurch charakterisiert, dass die Übertragung des Transportschlüssels aufweist:

    - Empfangen eines Zertifikats, das einen öffentlichen Schlüssel enthält, von dem Kommunikationsmodul (14, 28A, ..., 28N);

    - Verschlüsseln des Transportschlüssels in eine verschlüsselte Nachricht unter Verwendung des öffentlichen Schlüssels;

    - Übertragen der verschlüsselten Nachricht, die den Transportschlüssel enthält, an das Kommunikationsmodul (14, 28A, ..., 28N), wobei die verschlüsselte Nachricht durch das Kommunikationsmodul (14, 28A, ..., 28N) unter Verwendung eines von dem öffentlichen Schlüssel abgeleiteten Sitzungsschlüssels entschlüsselt wird.


     


    Revendications

    1. Procédé (100) pour la sécurisation de la distribution de clés d'authentification utilisées pour une communication authentifiée par des données symétriques entre au moins un premier et un deuxième modules de communication (14, 28A..., 28N), le premier module de communication (28A..., 28N) étant compris dans un équipement de bord de voie (22) associé à un système de contrôle de train (18) et le deuxième module de communication (14) étant embarqué dans un véhicule ferroviaire (10) se déplaçant sur une voie (12) gérée par ledit système de contrôle de train (18), ledit système de contrôle de train (18) comprenant un centre de contrôle (20), situé loin de la voie ferroviaire (12),
    le procédé (100) comprenant une étape (130) de transmission d'une clé d'authentification pour au moins un module de communication (14, 28A..., 28N) parmi les premier et deuxième modules de communication, la transmission étant effectuée par une communication à cryptage de données symétrique entre un serveur de clés (43) compris dans un module de gestion de clés (34) dudit centre de contrôle (20) et ledit module de communication (14, 28A..., 28N) à l'aide d'une clé de transport connue dudit module de communication (14, 28A..., 28N),
    le procédé (100) comprenant en outre une étape préliminaire (120) de transmission de la clé de transport audit module de communication (14, 28A..., 28N), la transmission préliminaire étant effectuée par une communication à cryptage de données asymétrique entre le serveur de clés (43) et ledit module de communication (14, 28A..., 28N) à l'aide d'une clé public générée par ledit module de communication (14, 28A..., 28N),
    le procédé (100) étant caractérisé en ce que l'étape préliminaire (120) de transmission de la clé de transport comprend les sous-étapes suivantes :

    - réception (121), en provenance dudit module de communication (14, 28A..., 28N), d'un certificat comprenant une clé publique ;

    - cryptage (122) de la clé de transport en un message crypté à l'aide de ladite clé publique ;

    - transmission (123) du message crypté comprenant la clé de transport audit module de communication (14, 28A..., 28N), le message crypté étant décrypté par ledit module de communication (14, 28A..., 28N) à l'aide d'une clé de session dérivée de ladite clé publique.


     
    2. Procédé (100) selon la revendication 1, dans lequel l'étape préliminaire (120) de transmission de la clé de transport est effectuée à l'aide d'un protocole Transport Layer Security (TLS).
     
    3. Procédé (100) selon la revendication 2, dans lequel l'étape préliminaire (120) de transmission de la clé de transport comprend une authentification à distance du certificat.
     
    4. Procédé (100) selon l'une des revendications précédentes, dans lequel le système de contrôle de train (18) est implémenté selon un standard European Train Control System.
     
    5. Procédé (100) selon la revendication 4, dans lequel la communication entre tous les modules de communication (14, 28A..., 28N) est une communication sans fil ou filaire selon un protocole Euroradio.
     
    6. Procédé (100) selon l'une des revendications précédentes, comprenant en outre une étape (109) de remise à chaque module de communication (14, 28A..., 28N) d'un certificat comprenant une clé publique pour la communication à cryptage de données asymétrique, ladite étape étant implémentée avant l'étape préliminaire (120) de transmission de la clé de transport.
     
    7. Module de gestion de clés (34) conçu pour sécuriser la distribution de clés d'authentification utilisées pour une communication authentifiée par des données symétriques entre au moins un premier et un deuxième modules de communication (14, 28A..., 28N), le premier module de communication (28A..., 28N) étant compris dans un équipement de bord de voie (22) associé à un système de contrôle de train (18) et le deuxième module de communication (14) étant embarqué dans un véhicule ferroviaire (10) se déplaçant sur une voie (12) gérée par ledit système de contrôle de train (18), ledit système de contrôle de train (18) comprenant un centre de contrôle (20) situé loin de la voie ferroviaire (12),
    le module de gestion de clés (34) étant conçu pour transmettre une clé d'authentification à au moins un module de communication (14, 28A..., 28N) parmi les premier et deuxième modules de communication, la transmission étant effectuée par une communication à cryptage de données symétrique entre un serveur de clés (43) compris dans le module de gestion de clés (34) dudit centre de contrôle (20) et ledit module de communication (14, 28A..., 28N), à l'aide d'une clé de transport connue dudit module de communication (14, 28A..., 28N),
    le module de gestion de clés (34) étant en outre conçu pour transmettre la clé de transport audit module de communication (14, 28A..., 28N), la transmission étant effectuée par une communication à cryptage de données asymétrique entre le serveur de clés (43) et ledit module de communication (14, 28A..., 28N) à l'aide d'une clé publique générée par ledit module de communication (14, 28A..., 28N),
    caractérisé en ce que la transmission de la clé de transport comprend :

    - la réception, en provenance dudit module de communication (14, 28A..., 28N), d'un certificat contenant une clé publique ;

    - le cryptage de la clé de transport en un message crypté à l'aide de ladite clé publique ;

    - la transmission du message crypté contenant la clé de transport audit module de communication (14, 28A..., 28N), le message crypté étant décrypté par ledit module de communication (14, 28A..., 28N) à l'aide d'une clé de session dérivée de ladite clé publique.


     




    Drawing











    Cited references

    REFERENCES CITED IN THE DESCRIPTION



    This list of references cited by the applicant is for the reader's convenience only. It does not form part of the European patent document. Even though great care has been taken in compiling the references, errors or omissions cannot be excluded and the EPO disclaims all liability in this regard.

    Patent documents cited in the description