Patent application number | Description | Published |
20090086763 | TIME-CONTROLLED SECURE COMMUNICATION - The invention relates to a method for transmitting messages via a time-controlled communication system (ZK) between a number of IP cores, with each IP core having an information-processing subsystem (IVS) and a network controller (NK), with each NK having at least two interfaces, an interface for the ZK and a second interface for the IVS, characterised in that a distinction is drawn between privileged and non-privileged messages of the ZK, and where the transmission parameters relating to the ZK of a port of the NK, such as the periodically recurring transmission time of a time-controlled message and the maximum transmission duration after each transmission time, can be set exclusively by a privileged message via the ZK or directly by a privileged entity (privileged IP core), and where each NK intends to send a message starts to transmit the message autonomously exactly at the time of the next transmission time, and ends the transmission process at the latest after the assigned maximum transmission duration has elapsed. The invention additionally relates to a system-on-chip (SoC) for carrying out a method such as this. | 04-02-2009 |
20090141744 | AUTOCRATIC LOW COMPLEXITY GATEWAY/ GUARDIAN STRATEGY AND/OR SIMPLE LOCAL GUARDIAN STRATEGY FOR FlexRay OR OTHER DISTRIBUTED TIME-TRIGGERED PROTOCOL - A special node is used in a distributed time-triggered cluster. The special node comprises protocol functionality to establish a time base to use in communicating with a plurality of end nodes and to source timing-related frames to the plurality of end nodes in accordance with the distributed time-triggered communication protocol. The protocol functionality establishes the time base without regard to any timing-related frame sourced from any of the plurality of end nodes. In one embodiment, the protocol functionality of the special node is implemented in a low complexity manner. In one embodiment, the cluster comprises a star topology and the special node performs at least one of semantic filtering and rate enforcement. In another embodiment, the cluster comprises a bus or peer-to-peer topology and each end node is coupled to the communication channel using a low-complexity special local bus guardian. | 06-04-2009 |
20110066854 | METHOD FOR SECURE DYNAMIC BANDWIDTH ALLOCATION IN A TT ETHERNET - A communication method for transmitting TT Ethernet messages is a distributed real-time system, including a plurality of node computers. Each node computer has an Ethernet controller, which by way of a data line is directly connected to a port of a TTE star coupler, said port being uniquely associated with the node computer. A plurality of TTE star couplers are connected among each other by way of one or more data lines to form a TTE network. A TTE message scheduler dynamically calculates the conflict-free schedules for a number of time-controlled messages and signs the schedule provided for each node with a secret part of a public-key signature before it transmits said schedule to the corresponding node computer. Each node computer integrates the signed periodic schedule, which is transmitted to the node computer in the form of a TTE message header of an ETE message, into each dynamically calculated TTE message. The TTE star couplers check whether each dynamically calculated TTE message contains an authentically signed schedule. | 03-17-2011 |
20120210085 | METHOD FOR EXECUTING SECURITY-RELEVANT AND NON-SECURITY-RELEVANT SOFTWARE COMPONENTS ON A HARDWARE PLATFORM - A method for executing safety-relevant and non-safety-relevant software components on a hardware platform comprising a computer, memory and a monitoring component that operates independently of the computer. The safety-relevant software component erects a memory protection against access of a non-safety-relevant function to at least one area of the memory of the safety-relevant function before execution of the non-safety-relevant software component, so that the non-safety-relevant software component does not have access to the areas of the memory being used for safety-relevant components. After the return from the non-safety-relevant component, the memory protection is deactivated and the monitoring function monitors the safety-relevant function for its proper operation. | 08-16-2012 |
20130086432 | METHOD AND DEVICE FOR FAULT-TOLERANT, TIME-CONTROLLED REAL-TIME COMMUNICATION - The aim of the present invention is that of establishing a fault-tolerant global time in a fault-tolerant communication system of a distributed real-time system. For this purpose, a fault-tolerant message switching unit is provided, which is composed of four independent switching units. These four independent switching units jointly establish a fault-tolerant time. The terminal systems are connected to a fault-tolerant message switching unit via two independent fail-silent communication channels, so that the clock synchronization and network connections are preserved, even if a part of the fault-tolerant switching unit or of a communication channel fails. | 04-04-2013 |
20140258776 | SYSTEM ON CHIP FAULT DETECTION - The invention relates to a method for fault identification in a System-on-Chip (SoC) consisting of a number of IP cores, wherein each IP core is a fault containment unit, and where the IP cores communicate with one another by means of messages via a Network-on-Chip, and wherein an excellent IP core provides a TRM (Trusted Resource Monitor), wherein a faulty control message which is sent from one non-privileged IP core to another non-privileged IP core is identified and projected by an (independent) fault container unit, as a result of which this faulty control message cannot cause any failure of the message receiver. | 09-11-2014 |
20150039929 | Method and Apparatus for Forming Software Fault Containment Units (SWFCUS) in a Distributed Real-Time System - The invention relates to a method for limiting the effects of software errors in a distributed real-time system in which a plurality of distributed application systems are executed simultaneously, wherein each application system forms an encapsulated software fault containment unit (SWFCU), wherein an SWFCU comprises the software of a distributed application system, said software being executed on one or more virtual computer nodes and one or more dedicated computer nodes, and exchanging messages via one or more encapsulated virtual communication systems, wherein a communication system consists of communication controllers, switching units and physical connections, and wherein the direct effects of a software error of an SWFCU remain limited to the SWFCU. | 02-05-2015 |
20150043360 | Method for Monitoring, at the Correct Time, TT Ethernet Messages - The invention relates to a method for monitoring, at the correct time, TTEthernet (TT) messages communicated by a TTEthernet switch (TTE switch) in a distributed real-time computer system. According to the invention, the TTE switch has a global time having precision P and accuracy A, and the TTE switch has a plurality of communication channels and one or more monitoring channels, and the TTE switch contains a selection data structure that specifies which TT message classes are to be monitored, and a copy of a TT message which belongs to a TT message class selected for monitoring is formed in the TTE switch and is transmitted by the TTE switch via a monitoring channel to a monitoring node, and the TTE switch subsequently autonomously transmits an ET message containing an identifier and the exact transmission time of the monitored TT message via a monitoring channel to a monitoring node. | 02-12-2015 |
20150046603 | Method for Combining Results of Periodically Operating EDP Components at the Correct Time - A system and method for combining results of a multiplicity of periodically operating components of a distributed computer system at the correct time, wherein the components communicate solely by means of messages via at least one communication system, and wherein each component has a global time with the precision P. Each component is unambiguously associated with one of n hierarchical levels wherein the durations of the periods of the components are an integer multiple of one another, and wherein the phase of transmitting each message is synchronized with the corresponding phase of receiving each transmitted message within each longest period of the entire distributed computer system even if the transmitting components and the receiving components are arranged on different hierarchical levels and are spatially distributed. | 02-12-2015 |
20150063362 | Method and Switching Unit for the Reliable Switching of Synchronization of Messages - The invention relates to a method for the reliable switching of synchronisation messages in a distributed computer system consisting of a number of node computers, wherein the management of a transparent clock conforming to IEEE Standard 1588 is supported, wherein a switching unit consists of four separate FCUs, specifically an input system EIN, two independent switching systems VER1 and VER2, and an output system AUS, and wherein a message arriving at EIN from a transmitting node computer is forwarded immediately in unmodified form from EIN directly to the two independent switching systems VER1 and VER2, and wherein VER1 provides the event of the arrival of the message with a timestamp, analyses the message and switches said message to (an) output port(s) associated with an address field of the message, and wherein VER1 opens the message and modifies a TIC field within the message in order to determine the delay period of the message in VER1, and wherein VER1 closes the message again by re-calculating a CRC field of the modified message and forwarding the closed message to AUS, and wherein VER2 provides the event of the arrival of the message with a timestamp, analyses the message and switches said message to the output port(s) associated with the address field of the message, and wherein VER2 opens the message and modifies the TIC field within the message in order to determine the delay period of the message in VER2, and wherein VER2 closes the message again by re-calculating the CRC field of the modified message and forwarding the closed message to AUS, and wherein AUS checks whether the content of the message delivered from VER1 matches the content of the message delivered from VER2, and wherein AUS checks whether the interval between the moment of receipt of the message delivered from VER1 and the moment of receipt of the message delivered from VER2 is smaller than a first interval determined a priori, referred to hereinafter as the interval_1, and whether the absolute value of the difference of the delay values stored in the two TIC fields is smaller than a second interval known a priori, referred to hereinafter as the interval_2, and wherein, in the case that one of these checks is negative, AUS interrupts the transmission of the message that is outbound via the addressed output ports or changes the outbound message in such a way that each message receiver identifies the incoming message as faulty. | 03-05-2015 |
20150078399 | Method and Apparatus for Consistent Modification of the Schedules in a Time-Controlled Switch - The invention relates to a method for dynamic modification of the schedules in a time-controlled switch for relaying time-controlled messages in a real-time computer system, wherein at least one active schedule and at least one new schedule are stored at a point in time in a switch, wherein, at a specified changeover time in the active interval of a sparse time base, the active schedule is deactivated and a new schedule is activated. | 03-19-2015 |