This invention relates to a method and a distributed, real-time computer architecture for safeguarding the integrity and authenticity, and furthermore the confidentiality of real-time data maintained in the system.
The increasing dissemination of embedded systems and their connection to the interne requires innovative methods and architectures to ensure data security in these systems. The present invention discloses a method and an architecture that guarantee the integrity and authenticity, and furthermore the confidentiality of real-time data in embedded systems within the boundary conditions that are characteristic for these systems.
The boundary conditions that are characteristic for embedded systems are:                The main problem with security in embedded systems is guaranteeing the authenticity and integrity of the data, but not nearly so much as their confidentiality.        Real-time data must be processed in a timely manner with minimal delay to minimize downtime in the system and so as not to degrade the quality of control.        The resources available for the encryption of real-time data are often limited        It must be assumed that the maintenance personnel are not always trustworthy.        Effort devoted to the administration of security must be kept to the minimum possible.        
The present method for ensuring the authenticity and integrity of real-time data was developed from consideration of the following principles:                It is assumed that all communication channels are publicly accessible (e.g., through wireless connections, where they can be accessed without much effort) and thus are not secure.        The security mechanisms should produce no time delay in the processing of real-time data, so that processing quality will not be negatively affected. The computing time for safeguarding real-time data in real-time processes should be relatively short.        Real-time data often have a limited validity period. The period of time during which real-time data must be handled confidentially will affect the necessary effort required for their encrypting.        It is assumed that staff members who maintain the embedded system cannot always be considered trustworthy. The security mechanisms must also function when the maintenance personnel are not trustworthy.        