| 摘要 |
The invention relates to a method for sending messages (M1, M2, M3) with integrity protection by using a hash chain of successive values (h1, h2, h3), wherein the values (h0, h1, h2) in the hash chain are valid in the converse order in which they have been produced in successive validity periods (I0, I1, I2). According to the invention, a cryptographic checksum (MIC1, MIC2, MIC3) for a message (M1, M2, M3) that is to be sent is generated in the validity period (I0, I1, I2) of a respective value (h1, h2, h3) by using the respective value (h0, h1, h2). This involves ascertaining for the message (M1, M2, M3) to be sent a category (k1, k2, k3) which characterizes the message (M1, M2, M3) and from which, together with the currently valid value (h0, h1, h2), a key (h21, h22, h03) is derived by means of a key derivation function (KDF), said key being used to produce the checksum (MIC1, MIC2, MIC3) for the message (M1, M2, M3). Finally, the checksum is sent together with the message (M1, M2, M3). The invention is distinguished in that message-specific checksums are used in combination with a hash chain for integrity protection. This allows different applications, for example, to provide integrity protection by using the same hash chain. The method according to the invention can be used in a data network for industrial automation and/or for energy automation and/or in a sensor network, for example. |
