Patent Application
20240416973
The invention relates to a rail vehicle wheel sensor provided with secure communication and configuration.
Rail vehicle wheel sensors represent an essential component of the train presence detection systems which use axle counting.
Numerous innovations in this field have resulted in the creation of the solutions providing the expected level of functional safety and maintainability.
Present wheel sensors, besides their basic function of reliably detecting the passage of a rail vehicle, are provided with built-in circuits allowing for configuration and monitoring that can be implemented remotely.
For the purpose of wheel detection, techniques using the magnetic field change during the passage of a wheel are commonly used, whereas for the purpose of transferring the wheel presence signal, one of the basic techniques is a known current loop system which enables transmission over relatively long distances (over 10 km) with high resistance to interference, what is particularly advantageous in the field of trackside devices. For the purpose of the wheel presence signal transmission through the mentioned current loop, interface systems are employed, whose task is to convert internal signals generated by the sensors into current signals having suitable parameters, for example in the range of 0-20 mA, in order to reliably transmit them over long distances.
Additional functions, such as configuring, monitoring and testing the sensor, are on the other hand subject to continuous improvement through the use of microprocessor systems with embedded software that provide, among others, communication of the sensor internal systems with its environment, in particular with systems determining the expected sensor configuration and with internal test systems, as well as with systems that monitor the state of the sensor and its environment.
An exemplary solution disclosed in PL237273 enables communication with a wheel sensor provided with a sensor and sensor environment monitoring system.
An exemplary solution disclosed in PL229783 discloses a system for automatic testing the correct operation of induction sensors.
Exemplary solutions relating to tuning of a wheel sensor, in particular of its systems associated with wheel detection, are described i.a. in EP3168110B1 and EP1479587B1.
EP2998185A1 indicates a possibility of encrypting signals between trackside devices and an external system. However, this solution neither specifically concerns current loop systems nor discloses a system structure enabling the use of encryption in such a configuration.
In practice, the configuration of a wheel sensor involves the determination of suitable configuration parameter values, including suitable software versions in the course of the production process. Exemplary configuration parameters may include e.g.:
Moreover, the determination of suitable configuration parameter values takes place after the installation of a wheel sensor at the final destination of its operation and in the process of its maintenance. The basic configuration procedure after installing a wheel sensor is such tuning of its internal detection systems to obtain the assumed operating conditions such as, among others, the expected detectivity level and the expected resting level of the output signal when a wheel is not present over the sensor.
The tuning operation of a wheel sensor has an influence on the train detection reliability and has to be performed with due diligence. At the same time the above operation is expected to be possibly simple and to need no professional qualifications or specialized equipment. Fulfilment of the above requirement supports ease of installation but it creates a potential risk of third party actions, especially in places where the access to track infrastructure is not sufficiently protected.
An important limitation of the solutions that are known and have been used so far in this regard is a relatively low level of cybersecurity. The practical approaches to provide an expected level of cybersecurity until now have been based on 2 pillars: restricting access to devices only to authorised personnel and using the so-called security by obscurity by employing dedicated tools and complicated procedures known only to specialists. However, the above methods are insufficient in the light of growing demands in the field of cybersecurity.
Another issue which is important in applications requiring high level of cybersecurity is to ensure the secure transfer of information associated with the monitoring of the sensor and its environment and with the internal testing of the wheel sensor.
An object of the invention is a solution providing security of communication with a wheel sensor using a current loop and security of its configuration both during its production and after it has been installed in the tracks and during its operation. The above object has been solved by employing structure related solutions in a wheel sensor with the use of a cryptographic device capable of safely storing at least one secret being impossible to read from outside, in the form of a secret cryptographic key, and by employing known cryptographic techniques (algorithms) providing secure communication with the wheel sensor, in particular authentication and authorisation. Additionally, after extending by a sensor operation and sensor environment monitoring system and using a test system providing an automatic operability verification of the wheel sensor systems, the disclosed solution significantly increases the maintainability of the sensor with the fulfilment of the cybersecurity requirements.
The object of the invention is solved by a wheel sensor assembly and a wheel detection device according to claims 1 and 13, respectively. Advantageous variants of the invention are described in dependent claims.
According to the present invention a wheel sensor assembly is provided that comprises a rail vehicle wheel detection system and a two-wire interface in the form of a current loop, by means of which the wheel detection system is connected to an external device, wherein the wheel sensor assembly is characterised in that it comprises a wheel detection configuration system connected to the wheel detection system, used to configure the wheel detection system and comprising at least one analog or digital circuit, and the output state of which changes the mode of operation of the wheel detection system by changing its operating parameters; an authorisation and configuration system capable of storing at least one secret, used for secure communication with the external device and for forwarding configuration commands to the wheel detection configuration system connected thereto; a communication converter system used for the signal conversion between the authorisation and configuration system and the wheel sensor interface; a wheel sensor supply voltage conversion system connected to the input of the authorisation and configuration system via the communication converter system in order to forward signals from the external device; a voltage summation and voltage-to-sensor-output-current conversion system used for summing voltages at the two inputs thereof and for producing an output signal of the wheel sensor assembly in the form of a current signal; an output signal permission system acting as an intermediary in connecting an output signal of the wheel detection system and output signals of the authorisation and configuration system to the inputs of the voltage summation and voltage-to-sensor-output-current conversion system; and a power supply system used to supply power to at least one system within the wheel sensor assembly.
As the wheel sensor assembly, therefore, an assembly of the individual listed systems of the wheel sensor is to be understood, wherein the functions, connections and cooperation of these systems enable solving the above-mentioned object. Among the systems listed, the wheel detection system should be understood as a system, the output signal of which changes when a rail vehicle wheel passes in its vicinity. In particular this is a system generating its own electromagnetic field which changes when a rail vehicle wheel passes over the sensor and this change causes a change in the output signal of the sensor, allowing the presence of a rail vehicle wheel to be detected. However, a person skilled in the art will notice that other systems could also be used as the systems of the wheel sensor, if they provide the required function and are technically capable for use in the solution described herein, including e.g. mechanical sensors, optical sensors etc. as well. Depending on the context, the terms “wheel sensor”, “wheel sensor assembly” or “sensor” in short used in this specification may be used interchangeably.
As the external device in the context of the present solution, a system or a device communicating with the wheel sensor should be understood. For example, the external device can be in the form of an evaluation system which has the task of processing information from the wheel sensor for the needs of a track section occupancy system. Another external device may be a service device used in the maintenance process for technically verifying the wheel sensor and its tuning after it has been installed in the track.
The presented solution has the feature of natural separation of the functions associated with providing functional safety realised by the wheel detection system and the wheel detection configuration system from the functions associated with providing secure communication and configuring (security) realised by the authorisation and configuration system and the communication converter system. At the same time the interface of the wheel sensor, including the output signal permission system, the voltage summation and the voltage-to-sensor-output-current conversion system, the power supply system and the supply voltage conversion system, ensures the correct connection with the external device, fulfilling both safety and security requirements. Such arrangement of the sensor allows for simple and safe extension thereof by providing additional functionalities, such as sensor and sensor environment monitoring and automatic testing.
The authorisation and configuration system is, used for secure communication with external devices and for forwarding verified and authorised configuration commands to the wheel detection configuration system. The signal conversion between the authorisation and configuration system of the wheel sensor and a sensor interface module is provided by the communication converter system.
The interface of the wheel sensor provides power supply to the systems of the wheel sensor assembly and physical interfaces providing communication of the wheel sensor with the environment implemented by a current output for output signals and by a voltage input for input signals. The interface includes the power supply system for the wheel sensor systems, the wheel sensor supply voltage conversion system that initially converts an input voltage signal, the voltage summation and voltage-to-sensor-output-current conversion system used for producing an output signal of the wheel sensor assembly.
In one preferred embodiment of the wheel sensor assembly according to the invention, the authorisation and configuration system comprises a logic circuit connected to a non-volatile memory circuit and to a cryptographic circuit capable of storing at least one secret in the form of a secret cryptographic key, without the possibility of reading the secret from the outside, wherein the logic circuit, being destined to encode and decode transmitted information and to verify the authorisation of the external device to configure the wheel detection system, uses the cryptographic keys stored in the cryptographic circuit.
In another preferred embodiment of the wheel sensor assembly according to the invention, the logic circuit is configured to store, in the non-volatile memory circuit, information on the successfully performed authorisation verification process during an attempt to access the wheel detection configuration system, as well as on the unsuccessfully performed authorisation verification process during an attempt to access the wheel detection configuration system, wherein to the successive entries an identifier is added that unambiguously determines the order of the stored information.
In yet another embodiment of the wheel sensor assembly according to the invention, the output signal permission system comprises a first key circuit controlled by the authorisation and configuration system by means of a first key circuit control signal, such that, depending on the state of the first key circuit control signal, either the output of the wheel detection system providing the internal wheel presence signal or a determined voltage value, is delivered to the first input of the voltage summation and voltage-to-sensor-output-current conversion system, where the determined voltage value is below the level of the internal wheel presence signal while a wheel is present over the wheel detection system; and a second key circuit controlled by a communication permission system by means of a second key circuit control signal, such that, depending on the state of the second key circuit control signal, either the output of the authorisation and configuration system for sending signals to the external device, or a determined voltage value is delivered to the second input of the voltage summation and voltage-to-sensor-output-current conversion system, where the determined voltage value is 0, wherein the communication permission system controls the second key circuit in such a way it continuously monitors the frequency band of the signal at the output of the first key circuit and in case the frequency band of the signal exceeds a predetermined level, said signal is delivered to the output of the second key circuit.
In yet another embodiment of the wheel sensor assembly according to the invention, a sensor and sensor environment monitoring system, to which at least one internal signal of the wheel sensor assembly and at least one sensor for monitoring environmental operating conditions of the wheel sensor assembly are connected, is connected by means of a digital connection to the authorisation and configuration system, preferably integrated into it.
Preferably, in particular at least one internal signal of the wheel detection system is provided to the sensor and sensor environment monitoring system, and the at least one sensor is used in particular for monitoring environmental operating conditions of the wheel detection system.
Sensors for measuring vibrations and/or temperature and/or humidity are preferably used as said at least one sensor but other sensor types can be used as well.
In yet another embodiment of the wheel sensor assembly according to the invention, the wheel detection system comprises a generator circuit comprising a resonant circuit with an arrangement of coils, the output of which is connected to an amplifier circuit. In this specific realisation of the wheel detection system, the above-mentioned operating parameters changed by the wheel detection configuration system are operating parameters of the generator circuit and/or of the amplifier circuit. The arrangement of coils belonging the generator circuit is preferably formed by at least two coils connected in an opposing manner in order to eliminate interferences.
In yet another embodiment of the wheel sensor assembly according to the invention, a wheel sensor test system is connected by means of a digital connection to the authorisation and configuration system, preferably integrated into it, wherein a wheel simulation system in the form of a test coil situated near the arrangement of coils belonging to the generator circuit is connected to the wheel sensor test system, wherein when a current flows through the test coil, it causes a reaction of the generator circuit similar to that caused by a wheel passing over the wheel sensor.
In yet another embodiment of the wheel sensor assembly according to the invention, the authorisation and configuration system, the sensor and sensor environment monitoring system, the wheel sensor test system and the wheel detection configuration system are integrated into one common system.
In yet another embodiment of the wheel sensor assembly according to the invention, the wheel sensor assembly has modular design, wherein the wheel detection system and the wheel detection configuration system form a wheel detection module; the authorisation and configuration system and the communication converter system form a secure communication and wheel sensor configuration module; the output signal permission system, the power supply system, the wheel sensor supply voltage conversion system and the voltage summation and voltage-to-sensor-output-current conversion system form a wheel sensor interface module. Depending on the application, modules may also comprise other system combinations.
According to the present invention, a rail vehicle wheel detection device is further provided that comprises two or more sensor assemblies having the described structure. Two or more wheel sensor assemblies are arranged one after another along a rail and connected in parallel to the same external device by means of separate current loops. Preferably, two or more wheel sensor assemblies are contained in a common housing. Containing two or more wheel sensor assemblies provides, among others, redundancy enabling the correct detection of a railway vehicle wheel, even in case of a failure or errors of one of the systems. Taking into consideration signals from two or more wheel sensor assemblies furthermore allows wider processing possibilities of such signals in the external device, for example in order to detect the travel direction of a rail vehicle, its speed etc.
As a result of such design, the wheel sensor assembly according to the invention provides the security of communication with the wheel sensor as well as security of its configuration both during its production and after it has been installed in the tracks and during its operation. Additionally, after extending by the sensor operation and sensor environment monitoring system and using a test system providing an automatic operability verification of the wheel sensor systems, the disclosed solution significantly increases the maintainability of the sensor with the fulfilment of the cybersecurity requirements.
The invention is explained in more detail in embodiments and in the drawing, wherein:
A wheel sensor assembly ZCK presented in
The wheel detection module MDK comprises a generator circuit G comprising a resonant circuit with an arrangement of coils connected in an opposing manner in order to eliminate interferences, the output of which is connected 1 to the input of an amplifier circuit W having adjustable amplification characteristics. A wheel detection configuration system UKDK provides, by means of signal 2, a suitable working point of the generator circuit G by changing its operating frequency or by changing the resonant frequency of the resonant circuit. The wheel detection configuration system UKDK also provides, by means of signal 3, an amplification characteristics shape of the amplifier circuit W.
The wheel detection configuration system UKDK is controlled by signal 4 developed by an authorisation and configuration system UA based on the commands received from the external device SO.
A secure communication and wheel sensor configuration module MBCK comprises the authorisation and configuration system UA, capable of storing at least one secret SK, used for secure communication with the external device SO and for forwarding configuration commands to the wheel detection configuration system UKDK connected thereto as well as a communication converter system UM used for the signal conversion between the authorisation and configuration system UA and the sensor interface module MKZ.
The authorisation and configuration system UA, forming part of the secure communication and wheel sensor configuration module MBCK, comprises, as shown in
The authentication process is performed in accordance with the needs of a given application and the expected security level. A message authentication code is normally used, whose parameters can be configured by selecting from the known methods such as MD5, SHA-1 or those belonging to the group of SHA-2. In special cases the authorisation process may also be performed with the use of a digital signature preferably using ECC certificates (Elliptic curve cryptography) or, in special cases, RSA certificates.
The encryption of the transferred information is also performed in accordance with the needs of a given application and the expected security level. AES-128 encryption is normally used which in special cases may be replaced by a more complex algorithm, e.g. AES-256.
The configuration commands are transferred to the wheel sensor assembly ZCK with the use of changes in the sensor supply voltage. A voltage signal supplied at the power input of the sensor, after being processed in the wheel sensor interface module MKZ by the supply voltage conversion system UKU, is forwarded to the authorisation and configuration system UA by means of the communication converter system UM converting the voltage signal 8 to a digital signal 5. The communication converter system UM also provides conversion of the output digital signal 5 of the authorisation and configuration system UA to an analog form 7 which is converted to an output current signal in the wheel sensor interface module MKZ.
Due to the cybersecurity requirements, the configuration commands comprise information on the expected configuration and sender and on the sender's authorisation to configure the sensor, which information are encoded with the use of the cryptographic key known to the authorisation system and being stored as a hidden secret SK in the cryptographic circuit UKR in such a way it is possible to unequivocally decode transferred information and to identify the sender. The authorisation and configuration system UA performs the analysis of the configuration command with the use of the logical circuit UL and, in case the analysis result of the configuration command confirms sender's authorisation to configure the wheel sensor, the configuration signals 4 are transferred to the wheel detection configuration system UKDK which cause a configuration change of the wheel detection module MDK. Information associated with the operation of the authorisation and configuration system UA are stored in the non-volatile memory circuit NVM forming part of the authorisation and configuration system UA, allowing the past events to be retrieved, wherein to the successive entries an identifier is added that unambiguously determines the order of the stored information. In particular, in case the analysis result does not confirm sender's authorisation to configure the wheel sensor, information about occurring such a situation is stored in the non-volatile memory circuit NVM.
Referring again to
As shown in
A sensor and sensor environment monitoring system UMCO shown in
The sensor and sensor environment monitoring system UMCO acquires and evaluates in a quasi-continuous manner signals associated with the operation of the wheel sensor assembly ZCK and with the environmental conditions such as vibration, temperature and humidity in the sensor environment, and then forwards them by means of a digital connection to the authorisation and configuration system UA, wherein both systems UMCO and UA are preferably integrated with each other. In particular, monitoring of the environmental conditions may relate the wheel detection system UWK.
The information are then transferred to the external device SO using the secure communication ensured by the secure communication and wheel sensor configuration module MBCK.
As shown in
The wheel sensor test system UT checks the correct operation of the wheel sensor systems by causing a current to flow through the test coil CTST in a controlled manner and by observing the responses of the systems in the form of changes in the output signal of the amplifier W and/or in the output current of the wheel sensor. The test procedure is started automatically, at defined intervals or on request from the external device SO via the authorisation and configuration system UA. Information on the check result are transferred from the wheel sensor test system UT to the external device SO using the secure communication ensured by the secure communication and wheel sensor configuration module MBCK.
The systems described in examples 1, 2 and 3 are simultaneously used. As a result, an advanced wheel sensor assembly is achieved, equipped with the internal secure configuration systems, the internal test system and the internal sensor and sensor environment monitoring system with the provision of secure communication with the external device SO.
Aa schematic block diagram of a wheel detection device DWK is illustrated in
Although the above examples describe specific implementation variants of the invention, the invention is not limited to those variants but only by the claims. A person skilled in the art will easily notice possible changes, modifications and adaptations that can be made without departing from the scope of the invention defined by claims. In particular, without departing from the scope of the invention, the individual systems being parts of the wheel sensor assembly can be integrated with each other in various combinations, e.g. one integrated system can simultaneously perform several functions specific to several systems. Similarly, depending on requirements, individual systems can be grouped into modules, so that individual modules comprise one or more systems. Moreover, individual systems, whether they are integrated into common systems or grouped into modules, can be spatially distributed, e.g., such that the individual systems and/or modules are spatially separated from each other with connections provided between them.
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/PL2021/050073 | 10/19/2021 | WO |
