Ethiiegreehis state: §E§§2§§42§4823 {A1} w- eerie»:
`sense
`
`(Tisssificatien:
`
`— seeperative: HOMES/0667; thiaéLt’iS/l 466; Hflé‘WEZ/GZ; H04‘W12/1t}
`
`
`Apeiieatien
`fliimhefi‘:
`
`Prierity
`numher(s):
`
`DE201410214823 20140729
`
`DE201410214823 20140729
`
`Abstraefi 0f EE102014214823 {A1}
`
`Fer exempie, s metiied for determining a deiey is prepesee in whisn at first senipenent (101) of a second cempenent
`{102) prevides a first message (“i 04) comprising a first identifier (chi), wherein the semen eemeenent (t :32) of the
`first Conteenent (t (33) ni‘evicies n seeene message (t (35) eemprising e seennti identifier {eth in which the secene
`eempenent {132) of the first cempenent (t (it) comprises a third message (19'?) eernprising first time infermetien (T2;
`t2, t3) Teaser} en a reeeptien time {t2} ei the first message (3 0d) and a trensmissien time (t3) cf the secenei message
`{135) tesether with a first ceded vat-tie (Mt), the first ceded veins being based on the first time intermatien (T2; t2, t3),
`wherein the first component (i €33) determines the deiey (V2) beset} en a trensmiesien tinte (it) etihe first message, :3
`reception time {t4} of the secene message and the first time infermetieh (T2; t2, t3.) and the the first component (t (31)
`entpeis the first time thi‘ermetten (72; :2. ts) are checked on the basis at the first ceded veins (Nit).
`
`\
`\v
`a ‘~~ \\\
`\ “xi-ix ~,..\
`'.-\\
`.-~
`s‘~\“~‘m‘\~‘\t~‘\\\“u‘\\t ~‘\s‘“s names <a‘}.\‘ <\‘}~‘\9\
`totsi‘e‘. t\tt\ Meets {Jaw Senses tee-s2 tee-tsetse
`
`[0.901] The invention relates to a method for determining a deeeieratien e vehicie and eerrespending devices. or
`Cemeenehts that are interconnected via a (communication) network,
`
`[0902} Systems inrtime synehrenizetien; 2, As NT?“ PTP, iEE-E 8625i): er derived systems are often neither in terms
`of safety requirements against technical errors stiii secured in terms of security requirements against rnaiisieus
`tempering
`
`[0903} A veiiieie (2. As passenger cars, trucks and i or metercyeies) typiesiiy ineiudes a network, for. B: at ieast one
`bus system, for exchanging infern’ietien between centre-i units efthe venieie, The network may be er ineiurie Ethernet.
`The intermatien may be any data, eg. 3. user data, centre! data or central data set.
`
`

`

`[0.904] T; e controiiers may be arranged in the vehicie so that they are reiativeiy easiiy accessible to an attacker. The
`attacker can infinence the network via the control unit or any connection of the network: For example. the oontroi unit
`can he removed and repiaoed by a manipuiated device. Aisc. a variety of intervening attacks ("mannin~the~middle"
`attacks) are pessihie, The attacker stands either ohysioaily or iogicatly between two (or more)- communication
`partners and has with his system oontroi over the traffic between two or more network participants and can view and
`manipuiate the information as desired. in this case, the attacker deceives the communication partners to he the
`respective counterpart {of i-i'ttp:r'r’dewikipedia.orgiwikiih‘iahvinutheui‘v‘iiddieAAngrifh.
`
`{oops} The present document therefore addresses the teohnio ‘ problem of making access to an Ethernet network of
`
` cl.“
`a vehioie such that in a co
`efficient manner access by unauthorized persons {inoiuding by means of a man~in~the~
`middie attack) is avoided can.
`
`[0906} A Message Authentication Code (MAC) is aiso known. which is used to obtain certainty about the origin of
`data or messages and to verify their integrity
`
`A iviAC aigorithm for creating a MAC reguires as input parameters the data to be protected and a secret irey (cf. Eg
`httpa'ide.wikipedia.orgi'wiitiiltnessa gene.uihenticatioh___Code).
`
`[OddTi In orde‘to use systems fortime synchronization as the oasis ferthe function of oritioai vehicle functions,
`however, a ioacitup with regard to safety (technicai errors} or security {maiicious manipuiation) is necessary.
`
`[9508} The ohieot oi the invention is to avoid the ahovementiohed disadvantages and in particular to provide an
`efficient soiution for securing a time synchronization against attacks.
`
`[@3081 This oioiect is achieved according to the features ofthe independent claims.
`
`Further deveiopments of the invention wiil become apparent from the dependent etaims
`
`[0010] To achieve the object, a method is provided for determining a delay, in which a first component of a second
`
`component provides a first message comprising a fir
`t identifier, in which the second component of the first
`component provides a second message comprising a second identifier. wherein the second component cftne first
`component provides a third message comprising first time information hased on a time of receipt of the first message
`and a time of transmission ctthe second message together with a first encoded vaide, the first encoded vaiue based
`on the first time information, « the first component determines the deiay based on a transmission time ofthe first
`message, a reception time of the second message and the first time information. and ~ wherein the first component
`checks the first time information based on the first encoded vaiue.
`
`[0911} The checking comprises in particuiar a check of a vaiidity and ,' or authenticity.
`
`The enumeration oftne above steps does not dictate a mandatory order.
`
`For examoie, the check. may he made before. after or simnitaneousiy with the determination o‘ithe delay.
`
`[0012] it shontd he noted here that the cheek may inciude a check as to whether the data ohiained are correct and
`whether they are from the source provided. ie are authentic.
`
`[3013} The first time information may inoiiide, for exampie, the reception time ofthe first message and the
`transmission time of the second message or a difference 'oetween both times.
`
`
`[@3141 A further deveiopment is that the first encoded vaiue is additionaiiy based on the first identifier and on the
`secend identiiier.
`
`[0915} The identifiers can he used to ensure that the messages have only a iimited vaiidity.
`
`ifthe identifier contains a time information can 21
`
`B. a vorgepeioene fixed time period are added, from which this message is then no ionger vaiid.
`
`

`

`Aiternativeiy, a sequence of vaiidity can be coded into the identifier, The identifier may in particular include a
`combination of an identification and a time information. Aiso the identifier itself can be encrypted or determined by
`means of a (cryptographic) one—way or hash function.
`
`[Gfltfii Providing the message may eg B. by transmitting the message or the message may he in a shared memory
`(2. B. as shared memory) are stored. in this case, the addressee retrieves the message from the memory; the
`addressee can regniariy checit the memory for new messages or he informed that messages are avaiiaple to him.
`Thus. the provisioning inoiudes hoth the active transmission ottransmitterto receiver (push mechanism} and a
`mechanism in which the receiver fetch the messages (pull mechanism).
`
`[hat 7"] Another deveiopment is that the first coded vaiue is determined by: means of at ieast one ofthe following
`functions: a hash function; _ a eryoiographic hash function; u a oneiway function; A ’virAC algorithm; ~ a symmetric
`encryption: ~ asymmetric encryption; ~ an asymmetric signature.
`
`[@3181 in particuiar, it is a deveiopment that the first identifier otthe first component based on one of the foiiowing
`information or
`
`\faioes are determined: — an identification ofthe creating network component; - an identification of at ieast one
`network component; - a date information comprising 2.. For example; at least one ofthe foiiowihg information: day;
`month, year, time. hour. minute, second; — a random numioer; ~ a number unique in the system; - a vaiidity
`information.
`
`[0919} it is also a deveiopment that the second identifier otthe second component based on one of the toiiowing
`information or Vaine. are determined: , an identification ofthe creating network component; « an identification of at
`least one network component: ~ a date information comprising 2:. For exarnoie, at ieast one otthe following
`information: day. month, year, time. hour. minnte, second; - a random nomher; « a number unique in the system; - a
`validity information.
`
`[0920} Further, it is a fnrther deveiopn’rent that the first component ofthe second component provides a fourth
`message, the fourth message comprising the delay and a second encoded value. the second encoded vaiue based
`on the de ay,
`
`[0921} in the context of an additional development. the second encoded vaiue is determined 'oy means of at ieast one
`o the following functions: a hash function; ~ a cryptographic hash function; u a onevway function; A that: aigorithm; m a
`symmetric encryption: ~ asymmetric encryption; — an asymmetric signature.
`
`[9522} A next development is that the fourth message ofthe second component: is provided if the verification oithe
`first time information was successful.
`
`[@3231 An embodiment is that the fourth message additionaiiy comprises the trai'ismission time oithe first message
`and in which the second encoded vaiue is additionaiiy based on the transmission time ofthe first message.
`
`[0924} An alternative embodiment is that the second component checks the deiay and the transmission time ofthe
`first message hased on the second encoded voice, and it the check was sticcessfui, a system time of the second
`component based on the trai'ismission time otthe first message and i or the doiay wiii 'oe changed.
`
`[9525} For exampie, the system time is an absolute or relative clock that is provided by the approach suggested here.
`
`in oarticuiar, the ciooks of the components ihvoived are synchronised with each other.
`
`[ooze] A heat embodiment is that the change of the system time of the second component at predetermined times, in
`particuiar regulariy or irreguiarlv, is performed
`
`[002?] Also, it is a configuration that the system time of the second component is not changed iithe check. based on
`the second encoded value was unsuccessfui.
`
`

`

`[0.928] A deveiopment consists in that the first component and the second component are coupled to one another via
`a network, in partichiar a has system orthe Ethernet.
`
`[0929} An additionai empodiment is that the first component and the second component are controi devices of a
`vehicie.
`
`[9530} Another embodiment is that the first component is 2 time synchronization master and the second component is
`('7:
`a iient.
`
`[@3311 it is also a possihiiity that the first component and I or the second component comprise a hardware and I or
`software component.
`
`[0932} The ahove ohject is aiso achieved by means of a vehicie having a first component and a second component, ~
`in which the first component ofthe second component provides a first message comprising a first identifier, - wherein
`the second component ofthe first component comprises a second message comprising a second identifier, wherein
`the second component ofthe first component provide. a third message comprising first time information based on a
`time of receipt of the first message and a time of transmission of the second message together with a first encoded
`value, the first encoded value on the first time information - wherein the first component determines a deiay based on
`a transmission time oftne first message. a reception time of the second message and the first time information, and -
`wherein the first component ohecits the first time information ioased on the first encoded value.
`
`.>
`
`message comprising a first identifier is provided to a client component. a second message comprising a second
`identifier is received from the ciient component. the ciient component receives a third message comprising first time
`information based on a time of receipt of the first message and a time of transmission of the second message
`together with a first encoded vaine, the first encoded vaiue based on the firs time information: on a transmission time
`of the first message, a reception time of the second message and the first time information, wherein the first time
`information is checked based on the first encoded vaiue.
`
`[@3341 Furthermore, the oioiect is achieved toy means of a ciient component which is set tip in such a way that a first
`message comprising a first identifier is received from a master component, the master component is provided with a
`second message comprising a second identifier, i‘diaster component, a third message comprising a first time
`information is provided hased on a reception time ofthe first message and a transmission time ofthe second
`message togethe‘with a first coded vaiue, wherein the first coded value based on the first time information. ~ so that
`of the master Component a deiay is determined based on a transmission time ofthe first message a reception time
`
`o: the second message and the first time information, wherein the master component, the first time information is
`checked foased on the first encoded yaihe.
`
`[0935} It shonid he understood that the methods, devices and systems described herein may he used aione as well
`as in combination with other methods, devices and syst >ms descriioed in this document.
`
`Aiso, any aspects of the methods, devices, and systems described herein may be combined in a variety of ways.
`
`in particiiiar, the featnres ot' the claims can he combined differentiy with each other.
`
`[£3536] Embodiments of the invention are illustrated and explained below with reference to the draWing.
`
`[ddfii’i it shows:
`
`[@3381 1 shows a flow chart for determining a deiay time and for setting, in particular synchronization, a system time,
`wherein in particiiiar safety and security aspects are taken into account.
`
`[0939} By way of example. a communication between two communication partners is described, which is transmitted
`over a network, for.
`
`As an Ethernet of a vehicie, are conne'ted to each othe‘ and can exchange messages.
`
`

`

`in a system Tertime synehrenizetiena TirsT cemmunicatien partner is referred Te as a master ands eeend
`cemrn-Ttnicetinn partner as a client.
`
`A iarge hiini'cercei‘ ciiehTs can ecmmiinieaTe with ene masTeTT.
`
`[0040] T e eemmunieatieh partners are, for exampie, eentrel units of a vehieie, which via the network (eg.
`
`B. a bus system) are interconnected
`
`\
`Aiso the cLTmrn-Ttnicati-LTn partner may he a iegicai-Lihrtinna(in; at a hardware device that may exchange
`messages with at least she eTher':egical TgicTTiehaiiTg,T er harctwreLteT/iLe.
`
`“: shews an exemplary diagram iiitistrating a message exchange between a master “:01 and a silent 10:2
`[0041} Fig.
`fer seTTinga sysTeTh T the.
`
`[0042] Based en The Tiew siTcwh ih PEG, 1, The cliehT 102 may synchrehize tiTe :Tysterhti-me ih the same: s with The
`master ‘lt‘ri white maintaining secLiriTy requirements
`
`in ,oarTuzti:'th The approachTeresenTeei here cansgnr‘icanTy reduce the risk LTT it she! ssTni rtizthwinTThe~rtTiLiciie aTTeck.
`
`[3043: PrTTeera'ciy The iiiiistrated syhehrenizaTicn LaiT he eerie-mied ence cr seveerai Times i iTeLess ary reguiarty aT
`predetermined Times. in crcier To counteract a divergence of the system times LtTthe matsTei T01 and Lliertt: 02,
`
`[0044] By means of a message T03 ("Time syrtchrenizatinn request"), the chem: 102 requests a Time synchrehizeticrt
`Trem the master lGi.
`
`[0045} The matsTel T01 ieLeives The messaLgeT1003 and responds wiTh a message 104 (“SyneT’iTOi’iiZEititfitii
`ihiTiaiizaTien“).
`
`This message 104 contains an identifier Lint.
`
`Furthermore the master Tm measures and states atimet‘: LTTLendirig-the message-0-4.
`
`it shetiiLi he noted that the time it is determined by the master TOT fer exthripie orti y aTTer The messztge n34 has
`been sent.
`
`[0040} The client 102 receives the message TOT:— meaL tires and stores a tirheTZ at reception, and transmits a
`ssege 105 ("synchronization deiay request") togetheT wiTh an identifier eh2 To The master “:01.
`
`Furthermore, The client ”:02 measures and stores a Time L. of sending the message 105
`
`it sitcuid he noted that the Time t3 is determined by The eiient 102, int exampie, oniy after the message 105 has been
`
`[004?]T Te eiiehT TUB deTeeTmihes in a step 106 a time delay T2 between reeeT'TI'ihg the message iii-Ti and sending The
`105a cLerding to T2 : t3‘T2
`
`[0048} Furthermore. The silent ”:02 Transmits a message ‘i 07 (”Feiiew~up syhehrenizatien delay request“) Te the
`master 101 .
`
`The message T0? comprises The Time he 33; T2a MAC Mt based en-ThetinTT. delay T2 The TirsT identiTierch’i and
`the second identifier chz i.
`
`hit (T2, chi, ch2).
`
`[004s] Fer examhie. te creaTe a MAC, :2: {secTeT) key known it) The master 1an and the eliehT 102 is used.
`
`WitiTcut This key; TT is ncT pcssihie {or very likely) Ter ah aTTaL'TLerTc crcritiee the vaine Mt.
`
`

`

`On The other hand, the master “:O‘i can verify the value hit by generating a MAC; with its key and the parameters T‘i,
`chi and oh: known to it.
`
`ifine MAC thus gene‘ated coincides with the va: tie M1 the :naster101 can assunte with high probability thaT thetE :ne
`cieiay T2 originates from the ciicnt 132 and not from an attacker.
`
`[9550} The master tdi receives the message 155.
`
`Further; the master 1:3": measures and stores a time tz‘i of receiving the message 155.
`
`[5551} In step‘i :35 the master 1m determEries a timede ay T1 hetweenThe sending oft he message-1:54 and the
`receipteitheihessage 5iJ5 accenziinttto ”it :tfuii.
`
`[0952} Furthern’iore; the master i=3": can determine a deiay V22 otthe comm:inicaTi or: en:mprisi ng-the transmission and
`reception directions according to V2 = T‘i~T2.
`
`[9553} T.ie master id‘i transmits a message 108 (”delay verification") to the ciient 102.
`
`The message 10.8 comprises - the deiay V'Z, _ the time ti , A a eras hi2 based on the delay, V2 and the time t1,
`
`hi2 {V2} it).
`
`[0554} The ciient 102 receives the message 108 and can check the authenticity otthe deiay V3 and the time t1 based
`on the eras n12.
`
`it it Turns enT that the MAC: M2 couid he successfully checked then in a step 115, a time counter that maps a system
`time is set within the eiient 'i 02 based on the time t'i. thienaiiy this time counter can be corrected by means at the
`deiay V2. 2. B. by a vaiue V212
`
`[@3551 Depending on anaccuracy of the time base of the ciient 19?. and depending on accuracy requirements and the
`determined delay V22 thesynchren:zation ottheystem time can he initiated again. in particular, it is oessihie that
`this synchronization otthe *system timeisstarted regulariy cr irregdiarly.
`
`[0056} it shehid he noted that other cryptographic tom:ticns eneway hi:nctiens. hash-functions etc may he used
`instead otthe function for creating the MAC.
`in particular. a common secret between each two network components
`or between multiple network compenenTs can he nseei Tor encryption AlTernatively, iT is oossihie to use asymmetric
`encryption in which one itey pair per network component enapies both encryption and authentication.
`
`[tid5TiThe identitierch1 may he an-indiHiduai Valuerteterniieci iyythe master has ed on at ie astone predetermined
`criterion. For exampie the-identifier ch1 may' be based on one ot the tc-ilowino information or Vaincs are determined:
`an identification ottheorreati-rig net‘uJerk component m an identification of at least erie net‘uJerk component; m a date
`information cempris ing 2 For c-xampie at ieastone ot the following information: day inont-h. year time, hour, minute,
`second; — a random num'oe r: ~ a number unique in the systeem; — a validity information
`
`[@3581 The same appiies tn the identifier ch2. which is determined by the ciient “:02.
`
`[5055} On the icasis or” the identifiers, it is possible to iiniit the vaiidity of a message in time and thus to prevent an
`attacker from using this message again after the vaiidity expires successtuiiy in the network.
`
`For exampie. the receipt of a message whose validity has expired can he discarded or an error message or an aiarm
`can be generated.
`
`[0550} Thus. the approach presented here allows the oiient 1132 to verify that it is communicating with a trusted
`master 151. Further, master ”:01 and client 152 may mutuaiiyr authenticate anei verity that the synchronization
`messages have not been inadvertentiy or lntentionaiiy manipuiated in content or deiayed more than expected.
`
`

`

`[0.961] T e concept presented here offers protection against technical errors as wait as against ntaiicious
`manipulation
`
`[0922} This concept can he efticientiy eern'oined with estahiished time synchronization coneeots.
`
`Existing mechanisms can he supplemented or further used.
`
`LiST 0F REFERENCE NUMBERS
`
`‘ldi first component, master (eg. 8. control unit of a venicie) 102 second component, client (1. Vehicie controi unit)
`103 Message ("Time Synchronization Request") 104 Message ("initialization of {Time} Synchronization") 125
`Message ("Syhohronlzation Deiay Request") ldo Stet:- for Ereterniining T2 ‘1 t)? Message (”Foiiowwtio Synchronization
`Delay Request") 1138 Message ("Delay Verification“) 109 Step for determining Ti and V2 1": 0 Step for setting the
`system time at the eiieht t’i to t4 Time (time)- T1 Time de ay T2 Time de ay V2 Delay hit MAC: vaiue hi2 MAC: vaiue
`en‘t 1D ch2 lD
`
`QUQTES iNCLtJi-Zfi iN THE DESCRiPTlON
`
`[0923} This list otihe documents iisted by the applicant has been generated antemaiioaiiy and is ineiuded solely for
`the better information ofthe reader. The iist is not part cithe German patent or Utility niedei aooiicaticn. The DPMA
`accepts no liability for any errors or omissions.
`
`Cited nonnnstent literature
`
`[@3841 lEEE 802.1X httlcn’ien.wikioedia.orgiwiitirlti’landn~the~lviiddie—Attack
`httjou'i'en.wikipedia,org/wikirh'iessagefleuihentieationmtlede
`
`rm a we we: sin-WW an s we \
`st» :\\~“§§§¥t\§ Qt“ mots tea Setters
`
`
`1, Method tor determining a deiay. ~ in which a first component (it‘ll) of a second component (192) provides a first
`message (the) comprising a first identifier {chi}, ~ in which the second component (1 02} of the first component (101 ‘)
`provides a second message (‘i 05) cor‘horisihg a second identifier (chz). wherein the second component (102)- ot' the
`first component (€01) comprises a third message (107) comprising first time information (T2; t2 t3) based on a
`reception time {t2} of the first message (1134) and a transmission time (t3) of the second message (105) together with
`a first coded veiue (Nit), wherein the first coded value on the first time information T2; t2, t3} based on a
`transmission time {ti} of the first message. a reception time (t4) cfthe second message and the first time information
`(T2; t2. t3) and n at d em the first component (101)- the first time information (T2: t2 i3) are checked on the basis of
`the first ceded vaiue (Mt).
`
`2 The method of stain: 1, wherein the first encoded seine (hit) is additionally Tossed on the first identifier (chi) and
`the second identifier (chat.
`
`3. Method according to one cfthe preceding claims. in which the first encoded value (hill) is determined by means of
`at ieast one of the following functions: a hash function: ~ 3 cryptographic hash function: ~ a one—way function; A MAC
`aidorlthm, symmetric encryption; _ asymmetric encryption A an asymmetric signature algorithm,
`
`4. Method according to one of the preceding claims, wherein the first identifier ofthe first component based on one of
`the fciiewing information or
`
`Veiues are determined: _ an identification or“ the meeting network component; - an identification of at ieast one
`network component; ~ a date information comprising 2.
`
`For example, at least one cfthe foiiewing information: day, month, year, time, hour, minute, second: ~ a random
`number; - a number unique in the system; ~ a vaiidity information.
`
`

`

`5. Method according to one of the preceding ciaims, wherein the second identifier ofthe second component based on
`one of the ioiiowing information or Vaiiies are determined: ~ an identification of the creating network component; u an
`identification of at ieast one network component; ~ a date information comprising 2. For exampie, at ieast one ofthe
`foilcwing information: day, month, year, time, nour. minute, second; , a random number; n a number unique in the
`system; - a vaiidity informatioi'r
`
`{-3, The method of any one of the preceding claims, wherein the first component (101) of the second component (102)-
`provides a fourth message (108}. the fourth message (108) comprising the deiay (V2) and a second encoded value
`(hi2) , wherein the second coded value (M2) is based on the deiay (V2).
`
`?. Method according to one of the preceding ciaims, in which the second encoded vaiue {M2} is determined by
`means of at ieast one of the following functions: a hash function; v a cryptographic hash function; A a oneuway
`function; A MAC aigorithm. symmetric encryption; — asymmetric encryption. ~ an asymmetric signature aigorithm.
`
`8. Method according to one of Cisims 5 cr 7; in which the fourth message {108) ofthe second component (102} is
`provided ifthe checking otthe first time information (T2: t2, to) was successful,
`
`9. Method according to one of Ciaims 8 to 8, in which the fourth message (108) additionaiiy comprises the
`transmission time (t1) of the first message (1 {34) and in which the second encoded vaiue {hi2} additionaiiy
`corresponds to the transmission time (t1) of the first message {104).
`
`10. Method according to ciaim Q, wherein the second component (10:2)- checi<s the deiay (ft/Z) and the transmission
`time (t1) otthe first message (1134) on the basis ofthe second ooded value (ME) and, ifthe checking was successfui.
`a time counter the second component 0:32) is changed based on the transmission time {t1} otthe first message (tori):
`and i or the deiay {V2}.
`
`1‘]. Method according to Claim it), in which the change in the system time oithe second component is carried out at
`predetermined times, in oartictiiar regniariy or irregulariy.
`
`12‘ Method according to one of Ciaims 10 or 1 i, in which the system time ofthe second component is not changed if
`the check based on the second coded vaine was unsuccessful,
`
`13, Method according to one otthe preceding claims, wherein the first component and the second component via a
`network, in particular a has system ortne Ethernet are coupled together.
`
`14. Method according to one ofthe preceding claims, in which the first component and the second component are
`control devices of a vehicie.
`
`15, Method according to one of the preceding claims, in which the first component is a time synchrohiaation master
`and the second component is a ciient.
`
`16. Method according to one of the preceding claims, wherein the first component and ,r or the second component
`comprises a hardware and i or software component.
`
`17‘ Vehicle having a first component (101) and a second component (1t) ), ~ in which the first component (101) of the
`second component {1&2} provide, a first message (Edit) comprising a first identifier (chi), « wherein the second
`component (102)- of the first component (‘1 Gt) provides a second message (105} comprising a second identifier {ch2},
`- wherein the second component (102) ottne first component (101) comprises a third message (10?) comprising a
`first message Providing time information (T2; t2, t3} based on a reception time (t2)- of the first message (134} and a
`transmission time (t3) of the second message (105) together with a first encoded vaine (Mt), the first encoded value
`(T2) Mt} is based on the first time information {T2; t2, t3), - whe‘ein the first component (1&1) determines a deiay
`{V2} based on a transmission time (t1) of the first message, a reception time (t4) oi the second message and the first
`3 information (TEE: t2, t3) and — in which the first component (tot) checks the first time information (T2; t2, t3) on the
`oasis of the first coded vaitie (Mt }.
`
`

`

`18. Master component (101), which is set up in such a way that — a first message (194) comprising a first identifier
`(ehi) is provided to a ciient component {i {)2)‘ v a second message from the ciieht eomponent (102} 155) comprising a
`second identifier (ch22; — from the ciient component (102) a third message (11)?) comprising a first time information
`(T212, t3): based on a reception time (i2) oftne first message (“34)- and a transmission time (t3) otthe second
`message (€05)
`together with a first ceded value (Mi), the first ceded value (Mt) being based en the first time
`information (T2; t2. t3). ~ 3 deiay (V2) is determined based on a transmission time (ti) ottiie first message; a
`reception time {t4} of the second message and tire first time information (T2; t2, t3}, wherein the first time information
`(T2; t2. t3) is coded based en the first \faiue {M1} is checked
`
`‘i gt Giient component (132) which is set an in such a i a}: that ~ a first message (194) comprising a first identifier (chi)
`is received by a master component (101}, - a second message (master component (i at; 105) comprising a second
`identifier (ehZ), ~ the master component (tot) tas a third message (id?) comprising first time information (T2; i2, t3)
`based on a reception time {t2} oftne first message (1134) and a transmission time (t3) ettne second message (105)
`together with a first ceded vaiue (iii/ii); the first ceded vaitse (Putt) being based on the first time information (T2: t2 i3);
`Master component (1 fit) a delay (VZ) can be determined based on a transmission time (ti) otthe first message
`(104}. a reception time (t4) cf the second message (105) and the first time information (T2: t2, t3); wherein from the
`master component (191) the first time into rntatien (T2; t2, t3) is checked on the basis ot the first coded \jaitie (Nit).
`
`