WO2022171433A1 - Procédé et dispositif de préparation d'un ravitaillement en carburant - Google Patents

Procédé et dispositif de préparation d'un ravitaillement en carburant Download PDF

Info

Publication number
WO2022171433A1
WO2022171433A1 PCT/EP2022/051683 EP2022051683W WO2022171433A1 WO 2022171433 A1 WO2022171433 A1 WO 2022171433A1 EP 2022051683 W EP2022051683 W EP 2022051683W WO 2022171433 A1 WO2022171433 A1 WO 2022171433A1
Authority
WO
WIPO (PCT)
Prior art keywords
refueling
participants
measurements
following features
comparison
Prior art date
Application number
PCT/EP2022/051683
Other languages
German (de)
English (en)
Inventor
Stephan Ludwig
Original Assignee
Robert Bosch Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Robert Bosch Gmbh filed Critical Robert Bosch Gmbh
Publication of WO2022171433A1 publication Critical patent/WO2022171433A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • H04W12/0471Key exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/001Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using chaotic signals
    • FMECHANICAL ENGINEERING; LIGHTING; HEATING; WEAPONS; BLASTING
    • F17STORING OR DISTRIBUTING GASES OR LIQUIDS
    • F17CVESSELS FOR CONTAINING OR STORING COMPRESSED, LIQUEFIED OR SOLIDIFIED GASES; FIXED-CAPACITY GAS-HOLDERS; FILLING VESSELS WITH, OR DISCHARGING FROM VESSELS, COMPRESSED, LIQUEFIED, OR SOLIDIFIED GASES
    • F17C2260/00Purposes of gas storage and gas handling
    • F17C2260/04Reducing risks and environmental impact
    • F17C2260/042Reducing risk of explosion
    • FMECHANICAL ENGINEERING; LIGHTING; HEATING; WEAPONS; BLASTING
    • F17STORING OR DISTRIBUTING GASES OR LIQUIDS
    • F17CVESSELS FOR CONTAINING OR STORING COMPRESSED, LIQUEFIED OR SOLIDIFIED GASES; FIXED-CAPACITY GAS-HOLDERS; FILLING VESSELS WITH, OR DISCHARGING FROM VESSELS, COMPRESSED, LIQUEFIED, OR SOLIDIFIED GASES
    • F17C2265/00Effects achieved by gas storage or gas handling
    • F17C2265/06Fluid distribution
    • F17C2265/065Fluid distribution for refueling vehicle fuel tanks
    • FMECHANICAL ENGINEERING; LIGHTING; HEATING; WEAPONS; BLASTING
    • F17STORING OR DISTRIBUTING GASES OR LIQUIDS
    • F17CVESSELS FOR CONTAINING OR STORING COMPRESSED, LIQUEFIED OR SOLIDIFIED GASES; FIXED-CAPACITY GAS-HOLDERS; FILLING VESSELS WITH, OR DISCHARGING FROM VESSELS, COMPRESSED, LIQUEFIED, OR SOLIDIFIED GASES
    • F17C2270/00Applications
    • F17C2270/01Applications for fluid transport or storage
    • F17C2270/0134Applications for fluid transport or storage placed above the ground
    • F17C2270/0139Fuel stations

Definitions

  • the present invention relates to a method for preparing a refueling.
  • the present invention also relates to a corresponding device, a corresponding computer program and a corresponding storage medium.
  • US2013139897A1 provides a system and method for safely filling hydrogen using real-time hydrogen tank expansion data.
  • the system includes an expansion measurement unit, an on-vehicle control unit, a service station-side control unit, and a wireless communication unit.
  • the expansion measuring unit is arranged on a hydrogen tank of the vehicle and measures the degree of expansion of the hydrogen tank and generates an output signal accordingly.
  • the on-board control unit converts the output signal into a wireless output signal.
  • the forecourt control unit stops hydrogen refilling by a hydrogen filling device when the wireless output signal indicates an unsafe level of tank expansion.
  • the wireless communication unit is provided to carry out wireless data communication between the vehicle-side control unit and the gas station-side control unit.
  • US2020276909A1, US10800281B2 and US2020346554A1 describe further communication systems and methods for hydrogen refueling and electrical charging.
  • US2018213376A1 discloses a method for configuring general V2X communication.
  • US8280046B2 relates to a method and system for deriving a cryptographic key using joint randomness not shared by others (JRNSO).
  • Communicating entities generate JRNSO bits from a channel impulse response (CIR) estimate, which are used to generate the key.
  • CIR channel impulse response
  • a master key, pairwise master key, or pairwise transition key can be generated using the JRNSO bits according to the Diffie-Hellman key derivation algorithm.
  • DE102015215569A1 presents a method for generating a shared secret between a first participant and a second participant in a network.
  • the first participant receives a first training sequence from the second participant via a communication connection between the first participant and the second participant.
  • the first participant determines at least one first value for at least one physical property of the communication connection and determines part of the shared secret depending on the first value.
  • the first value is compared with at least one threshold.
  • the first participant transmits the first training sequence to the second participant via the communication connection and adapts the transmission parameters of the first training sequence depending on the position of the first value relative to the threshold.
  • DE102018208061A1 discloses a method for evaluating a physically unclonable function (PUF). According to this method, measured values are obtained by means of the function, on the basis of which first reliability values are calculated by an algorithm and, in places, are linked contravalently to a received word stored at the factory. Using the first reliability values linked in this way, second reliability values are calculated by a forward error-correcting soft-in-soft-out decoder and fed back to the algorithm.
  • PHYSEC physical layer security
  • the invention provides a method for preparing a refueling, a corresponding device, a corresponding computer program and a corresponding machine-readable storage medium according to the independent claims.
  • the inventive approach is based on the finding that the accelerated refueling z. B. of hydrogen gas should take into account the thermodynamics of the refueling process and thus regulate the process closed. For reasons of (functional and general) safety, the maximum temperature and maximum pressure specified for the tank container must not be exceeded at any time.
  • Known methods for transmitting data from the vehicle to the fuel pump have various disadvantages in this regard.
  • a conventional unidirectional infrared connection between the vehicle and the fuel pump is severely impaired by scratches on the transmitting or receiving optics and by ice formation around the fuel nozzle or nozzle and is therefore affected by failures in practice, which makes accelerated refueling impossible.
  • such a unidirectional connection does not provide for a return channel from the fuel pump to the vehicle, so that the supported fueling processes cannot be called up and therefore no agreement can be reached on a process that is optimal for the present combination of vehicle and fuel pump.
  • the proposed method also takes into account the fact that metallic contacts, which are essential for wired communication, should be avoided when refueling with hydrogen, especially in the vicinity of the tank coupling, because any sparks here could ignite the hydrogen gas explosively.
  • wireless (radio-based) communication is therefore preferable to wired communication.
  • radio due to the unimpeded propagation of the radio waves, the use of radio involves special challenges that are overcome according to the invention.
  • a triggering event is required to activate the overall process.
  • the radio link must transmit data so reliably that the functional and general safety of the refueling can be guaranteed.
  • third parties who are within radio range of the vehicle or fuel pump should not be able to interfere with or manipulate the process, for example through jamming or overload attacks (denial of service, DoS).
  • DoS denial of service
  • the radio connection must be information and operationally secure before refueling.
  • the procedure described below achieves this goal regardless of the radio technology, tank station infrastructure and hardware used. It is also independent of the technology used for location determination and can be used for refueling any fuel (gaseous or liquid) as well as charging electric vehicles.
  • a basic idea of the approach according to the invention is that the participants use the physical transmission conditions prevailing between them or in relation to a reference station by means of PHYSEC as a common secret and use the latter to secure the refueling process in terms of information technology and functionality.
  • An advantage of this approach is that a vehicle can find the filling station or charging station that supplies it and identify it clearly and reliably, and vice versa. Coming from a Ambiguity resulting from the presence of a large number of vehicles and petrol pumps can be resolved in this way and increased functional safety requirements can be met.
  • PHYSEC method also has the cost advantage that no additional hardware components are required for protection in order to ensure IT security and functional security. Rather, it can be implemented with transmitters and receivers known per se, which are available on the market in large variety and are usually already provided in gas stations and—particularly semi-automated—vehicles and can be reused within the scope of a method according to the invention without any appreciable additional design effort.
  • the vehicle and fuel pump secure their radio communication - for example by exchanging a cryptographic key - with regard to possible tapping or manipulation attempts and other attacks by third parties, despite a jamming or denial of service attack, still rudimentary communicate with each other and maintain makeshift system operation or transmit a signal to meet functional safety requirements, e.g. B. a dead man or so-called keepalive signal. It is also conceivable that one partner is used as a secure relay station for the other to transfer data to a backend.
  • Figure 1 the preparation and initialization phase of a refueling.
  • FIG. 2 shows the flow chart of a method according to a first embodiment.
  • FIG. 3 schematically shows a control device according to a second embodiment.
  • a refueling scenario at a gas station where a fuel cell vehicle is to be refueled with gaseous hydrogen, for example, is considered as an example.
  • the method is applicable to all types of fuels (gaseous, liquid, cryogenic, etc.) and to charging electric vehicles.
  • a conventional, partially automated or autonomous refueling vehicle drives to the vehicle to be refueled and refuels it.
  • the method can be combined with any other method of IT security or functional safety.
  • characteristics of security features for example the values for pressure and temperature in the tank container, are transmitted via radio technology before, during or after the refueling process. It is conceivable that at least part of this data transmission will have to meet increased requirements for IT security and functional safety.
  • FIG. 1 shows the preparation (30) according to the invention for operating such a radio connection.
  • this preparation (30) can be in different Steps the proposed method can be used, especially when security features are to be transmitted via radio.
  • corresponding measurements can be made by both partners on their respective transmission channel to a common reference station, which - specifically for this purpose or as a by-product of another function - emits signals whose measurements by both partners only sufficiently match when the latter are close to each other .
  • a reference station may be a public facility such as a cell phone base station, which does not necessarily have to be located on the gas station premises.
  • the gas station itself expediently provides at least one such reference station.
  • the participants (A, B) estimate a specific number of channel parameters, possibly also over time.
  • channel parameters z. B. caused by the transmission channel phase shifts, attenuation and quantities derived therefrom in question.
  • the RSSI measured by both communication partners is a common indicator for the reception field strength of wireless communication applications and can be used for this purpose.
  • training sequences known to both participants (A, B) are transmitted between the participants (A, B) in a step 10 .
  • Steps 13 or 23 are then preferably followed by measures to reduce noise or errors, e.g. B. by using error-correcting codes.
  • the quantized channel parameters between the devices are then compared in steps 14 and 24, preferably using a public protocol. This is often necessary because measurement inaccuracies, noise, interference, etc. both devices generally did not initially determine identical parameter sets.
  • the comparison is carried out by exchanging information in step 20 and should be designed in such a way that a potential attacker who can overhear the exchanged data cannot readily infer the quantized channel parameters.
  • parity bits can be exchanged between the devices or error-correcting codes can also be used.
  • steps 15 or 25 a validation of the shared secret (e.g. an entropy estimation) and in steps 16 or 26 an improvement of the shared parameter set or the shared bit sequence determined in this way (e.g. by Compaction via hash value formation) can be carried out.
  • steps 15 or 25 a validation of the shared secret (e.g. an entropy estimation) and in steps 16 or 26 an improvement of the shared parameter set or the shared bit sequence determined in this way (e.g. by Compaction via hash value formation) can be carried out.
  • both devices determine a shared secret which is used as a security feature (17, 27) in preparation (30-FIG. 1) for refueling.
  • the transmission channels between the devices have sufficient fluctuations in their channel properties in order to be able to derive suitable channel parameters from them, which form the basis for generating a shared secret in the participants (A, B ) are suitable (in particular have sufficient random properties). These fluctuations can occur in particular in the time domain as well as in the frequency domain and, in the case of multi-antenna systems, also in the spatial domain.
  • the channel properties over short periods of time have a sufficiently high correlation that data transmissions can take place in both directions, from which the respective devices can estimate sufficiently the same channel properties despite the time offset in order to obtain sufficiently similar channel parameters from which the same shared secrets can be obtained.
  • the method (10-30) only needs to be carried out up to error reduction (13, 23). Then the two “distilled” ceremonies, as it were, can be compared. If these match, the participants (A, B) are sufficiently close to one another. Alternatively, the measured values can be correlated with one another before or after the quantization (12, 22) and the partners can be considered to be close to one another if there is sufficient correlation.
  • Vehicle and fuel pump check their proximity to each other by using the above Process (10-30) is carried out between each vehicle-fuel pump pair in mutual radio range. Pairs of vehicle and fuel pump that belong together in the sense of a possible refueling derive matching security features (17, 27).
  • An individual ID can be exchanged via the communication link established in this way. If the ID is universally unique, so can - e.g. B. by a database query - more information about capabilities and other characteristics of the vehicle or fuel pump can be retrieved. If a cryptographic feature is transmitted during radio transmission, e.g. B. a public key of an asymmetric encryption method, the parties can then authenticate each other by radio and authorize specific actions.
  • a session key for a symmetrical cryptosystem can be agreed for the establishment of an information-secure radio connection via PHYSEC.
  • an initial key or an initialization value (seed) can be transmitted by radio, from which a key for a symmetric cryptosystem can be derived using another secret known to both sides.
  • the partners can e.g. B. mutually prove by querying another trustworthy central database using the encryption described above that they have certain knowledge necessary for the refueling process, without disclosing the latter themselves.
  • the PHYSEC security feature (17, 27) can be linked directly to the information from the zero-knowledge protocol, thereby increasing the overall security of the method.
  • certificates with the help of which information is generated and transmitted over the radio channel, the other party can provide evidence that it or its system meets standardized functional safety requirements. 9.
  • a conventional challenge-response procedure can be initiated, after which z. B. using the encryption described above, the request (challenge) and response (response) is transmitted on the encrypted channel or one of the two is combined with the PHYSEC security feature (17, 27).
  • a keepalive mechanism can be implemented in which at least one side periodically transmits signals and the other side checks these signals and switches to a safe state if they fail to appear or deviate from a given reference signal.
  • the identification or other status information about the process can be shown on a display in the vehicle or on a display on the fuel pump.
  • the security feature (17, 27) used in the above applications can be obtained directly by the PHYSEC method (10-30).
  • the shortened method (10-13) can be used to confirm the spatial proximity between the participants (A, B) in order to then exchange a corresponding feature in a conventional manner over an open radio link.
  • PHYSEC security features (17, 27) can be derived one after the other, or a more extensive PHYSEC security feature (17, 27) in the form of a longer character string can be divided into a number of shorter character strings.
  • This method (10-30) can, for example, in software or hardware or in a mixed form of software and hardware, for example in one Be implemented control unit (40), as the schematic representation of Figure 3 illustrates.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Arrangements For Transmission Of Measured Signals (AREA)

Abstract

L'invention concerne un procédé de préparation (30) d'un ravitaillement en carburant, caractérisé par les caractéristiques suivantes : - des mesures (11, 21) sont prises dans chaque cas sur un canal de transmission par les participants (A, B), - une comparaison des mesures (11, 21) est effectuée entre les participants (A, B), et - si la comparaison fournit une correspondance suffisante des mesures (11, 21), la préparation (30) est amorcée.
PCT/EP2022/051683 2021-02-09 2022-01-26 Procédé et dispositif de préparation d'un ravitaillement en carburant WO2022171433A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102021201208.6A DE102021201208A1 (de) 2021-02-09 2021-02-09 Verfahren und Vorrichtung zum Vorbereiten einer Betankung
DE102021201208.6 2021-02-09

Publications (1)

Publication Number Publication Date
WO2022171433A1 true WO2022171433A1 (fr) 2022-08-18

Family

ID=80682253

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2022/051683 WO2022171433A1 (fr) 2021-02-09 2022-01-26 Procédé et dispositif de préparation d'un ravitaillement en carburant

Country Status (2)

Country Link
DE (1) DE102021201208A1 (fr)
WO (1) WO2022171433A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102021132182A1 (de) 2021-12-07 2023-06-07 Deutsche Bahn Aktiengesellschaft System und Verfahren zur Befüllungs-Steuerung eines Tankbehälters eines Fahrzeugs mit gasförmigem Wasserstoff aus einem Vorratsbehälter einer Versorgungsstation

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2193950A2 (fr) * 2008-12-05 2010-06-09 Robben & Wientjes OHG Protection de cuve et procédé contre le remplissage à plat d'un véhicule automobile
US8280046B2 (en) 2005-09-12 2012-10-02 Interdigital Technology Corporation Method and system for deriving an encryption key using joint randomness not shared by others
US20130139897A1 (en) 2011-12-01 2013-06-06 Kia Motors Corporation Real-time system for monitoring hydrogen tank expansion and a method for using same
DE102014209046A1 (de) * 2014-05-13 2015-11-19 Robert Bosch Gmbh Verfahren zur Generierung eines geheimen, kryptographischen Schlüssels in einem mobilen Endgerät
US20160221816A1 (en) * 2015-02-03 2016-08-04 Stephen F Pollock Vehicle Data and Fuel Management System
DE102015215569A1 (de) 2015-08-14 2017-02-16 Robert Bosch Gmbh Verfahren zur Generierung eines Geheimnisses zwischen Teilnehmern eines Netzwerkes sowie dazu eingerichtete Teilnehmer des Netzwerks
US20170338956A1 (en) * 2016-05-20 2017-11-23 Qatar University Method for generating a secret key for encrypted wireless communications
US20180213376A1 (en) 2015-07-13 2018-07-26 Intel Corporation Techniques to configure vehicle to anything communications
DE102018208061A1 (de) 2018-05-23 2019-11-28 Robert Bosch Gmbh Verfahren und Vorrichtung zur Nutzung einer physikalisch unklonbaren Funktion
US20200276909A1 (en) 2019-02-18 2020-09-03 Nikola Corporation Communications systems and methods for hydrogen fueling and electric charging

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8280046B2 (en) 2005-09-12 2012-10-02 Interdigital Technology Corporation Method and system for deriving an encryption key using joint randomness not shared by others
EP2193950A2 (fr) * 2008-12-05 2010-06-09 Robben & Wientjes OHG Protection de cuve et procédé contre le remplissage à plat d'un véhicule automobile
US20130139897A1 (en) 2011-12-01 2013-06-06 Kia Motors Corporation Real-time system for monitoring hydrogen tank expansion and a method for using same
DE102014209046A1 (de) * 2014-05-13 2015-11-19 Robert Bosch Gmbh Verfahren zur Generierung eines geheimen, kryptographischen Schlüssels in einem mobilen Endgerät
US20160221816A1 (en) * 2015-02-03 2016-08-04 Stephen F Pollock Vehicle Data and Fuel Management System
US20180213376A1 (en) 2015-07-13 2018-07-26 Intel Corporation Techniques to configure vehicle to anything communications
DE102015215569A1 (de) 2015-08-14 2017-02-16 Robert Bosch Gmbh Verfahren zur Generierung eines Geheimnisses zwischen Teilnehmern eines Netzwerkes sowie dazu eingerichtete Teilnehmer des Netzwerks
US20170338956A1 (en) * 2016-05-20 2017-11-23 Qatar University Method for generating a secret key for encrypted wireless communications
DE102018208061A1 (de) 2018-05-23 2019-11-28 Robert Bosch Gmbh Verfahren und Vorrichtung zur Nutzung einer physikalisch unklonbaren Funktion
US20200276909A1 (en) 2019-02-18 2020-09-03 Nikola Corporation Communications systems and methods for hydrogen fueling and electric charging
US10800281B2 (en) 2019-02-18 2020-10-13 Nikola Corporation Communications systems and methods for hydrogen fueling and electric charging
US20200346554A1 (en) 2019-02-18 2020-11-05 Nikola Corporation Communication systems and methods for hydrogen fueling and electric charging

Also Published As

Publication number Publication date
DE102021201208A1 (de) 2022-08-11

Similar Documents

Publication Publication Date Title
EP3157281B1 (fr) Procédé de communication protégée dans un véhicule
EP1326470B1 (fr) Méthode et appareil pour l'authentification d'un souscripteur dans un réseau de communications
DE102004032057A1 (de) Verfahren und Anordnung zum Generieren eines geheimen Sitzungsschlüssels
DE102011120968A1 (de) Erzeugen von sicheren Schlüsseln auf Anforderung
EP4128646B1 (fr) Utilisation d'une clé à sécurité quantique avec des dispositifs de type terminaux
DE102015220228A1 (de) Verfahren und System zur Absicherung einer erstmaligen Kontaktaufnahme eines Mobilgeräts mit einem Gerät
WO2022171433A1 (fr) Procédé et dispositif de préparation d'un ravitaillement en carburant
EP3662429A1 (fr) Procédé d'échange d'énergie
DE102013202234A1 (de) Vereinfachte Authentifizierung und Autorisierung für eine Energieübertragung mittels initialer Bindung
EP2011302B1 (fr) Procédé et système d'établissement d'une clé cryptographique sans risque de manipulation
WO2017162386A1 (fr) Procédé de transmission de messages dans un système ferroviaire ainsi qu'un tel système ferroviaire
DE112020001878T5 (de) Kommunikationssystem und Steuervorrichtung
EP2850860A1 (fr) Système de sécurité d'un compteur d'énergie servant à lutter contre un accès non autorisé
DE202015009326U1 (de) Autoschlüssel und Kommunikationssystem hierzu
DE102012209445A1 (de) Verfahren und Kommunikationssystem zur sicheren Datenübertragung
DE102021203531A1 (de) Verfahren und Vorrichtung zum Vorbereiten einer Betankung
DE102021201204A1 (de) Verfahren und Vorrichtung zum Vorbereiten einer Betankung
WO2021228537A1 (fr) Procédé de couplage d'un moyen d'authentification à un véhicule
DE102021203532A1 (de) Verfahren und Vorrichtung zum Vorbereiten einer Betankung
DE102021203530A1 (de) Verfahren und Vorrichtung zum Vorbereiten einer Betankung
DE102014209046A1 (de) Verfahren zur Generierung eines geheimen, kryptographischen Schlüssels in einem mobilen Endgerät
DE102021201215A1 (de) Verfahren zur Kommunikation zwischen einer Lade- oder Betankungseinrichtung und einem Fahrzeug
DE102018132979A1 (de) Abgesichertes und intelligentes Betreiben einer Ladeinfrastruktur
DE102021203535A1 (de) Verfahren zur drahtlosen Kommunikation zwischen mindestens einer Infrastrukturkomponente und mindestens einem Fahrzeug
DE102021203533A1 (de) Verfahren und Vorrichtung zum Vorbereiten einer Betankung

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22708350

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22708350

Country of ref document: EP

Kind code of ref document: A1