Contemporary radio devices must provide several levels of functional security. In this context, a distinction is made between high-security architectures for computer systems for the generation of information security (Multiple Independent Levels of Security, acronym: MILS) and the safety levels for radio devices to be provided according to the invention (Multiple Independent Levels of Safety, acronym: MILSF). Radio devices with MILSF are found primarily in avionics and in the context of air traffic control (Air Traffic Control, acronym: ATC).
MILSFs are specified in several technical standards. In particular, examples for this are the standards IEC62304 or DIN EN60601 for medical technology; the standard EN50128 for railway technology; the standard IEC61508 for industry; the standard ISO26262 for the automobile industry; the standards DO-178B/C, ID-12B/C or DO-254 for avionics; and the standards DO-278A or ID-109A for ATC.
All of these standards define different levels of security which a radio device must provide in order to offer specific functionalities. Corresponding to the specific function, the security of the vehicle or aircraft in which the radio device is installed is at greater or lesser risk. Dependent upon the risk effects, different requirements are placed on the development process. A radio device which is operated according to one of the standards listed must be able to demonstrate these levels of security. Dependent upon these levels, different development methods are permitted or respectively prohibited, and accordingly, different obligations arise with regard to documentation and checking. In particular, in the case of aviation, these levels are also designated as development security levels (Design Assurance Level, acronym: DAL). In this context, the failure of a given function of the radio device is evaluated corresponding to a potentially occurring effect. The more serious the occurring effect can be, the higher the DAL will be according to which the relevant functionality of the radio device must be evaluated. In particular, a high evaluation level means a considerable effort and accordingly high costs for the development and manufacture of the radio device.
In principle, it is therefore desirable to evaluate a radio device with a high DAL, while the development effort for the radio device should be kept low.
A radio-device system which is constructed in a modular manner is proposed in DE 10 2007 033 914 A1. In this context, a distinction is made between two types of module. For a first type of module, no certification by an authorized certification authority is required. A second type of module comprises an emergency radio which must be certified by an authorized certification authority in order to be approved for specific applications.
In this context, it is problematic that the module which provides no certification is not authorized for a plurality of applications, so that these radio-device systems of the prior art can be used only with limitations for applications, especially in aviation, in the rail industry or in medical technology.
Furthermore, the radio device should also be capable of expansion for future functionalities, for example, of a new encryption method or an alternative waveform. If a certified radio device is expanded, it loses the certification and must be re-certified for the application. However, this is excessively effort-intensive, and the expandability of the radio device is accordingly dispensed with. As a result, these radio devices are fit for the future only with limitations and must necessarily be replaced in due course.
What is needed, therefore, is an approach for a radio device and a method for the transmission of information that can be manufactured with low development costs and low certification costs, and which provides for fulfilment of different radio standards and for simple and efficient reconfiguration/expansion for future applications.