PRODUCTS:

• RS485/RS422 to Ethernet Gateway
• MVB to Ethernet Gateway
• CAN to Ethernet Gateway

ENHANCED MEDIA CONVERSION GATEWAYS

Our proven gateway product range for media and protocol translation has been enhanced with cyber security features to be the best fit for your next train project and offers secure configuration and diagnostics.

Flexible Protocol Translation

• Versatile media converters to either connect a legacy bus (CAN/RS/MVB) component to the ECN or an Ethernet device to MVB/CAN/RS.
• Support for ethernet redundancy handling (dual homing)
• Standard mapping applications without the need to write a custom application
• Possibility for advanced mapping and services implementation based on customer requirements by our application engineering team or using our development library supporting process and message data.

Secure Maintenance

• Role based user access with remote authentication services (e.g. Radius client)
• SW integrity checks and secure, certificate based, firmware update procedures
• Encrypted communication to our web services via sftp/ssh/https

PRODUCTS:

• Secure Gateway

CONFIGURABLE HARDWARE & SOFTWARE FILTERS

Network separation through fixed static or dynamic IP packet filtering.

Hard coded hardware filters

• Directly implemented in the FPGA with no influence on the speed of data flow
• Can be configured with a configuration file, e.g. a text file, to allow greater flexibility. Possibility of locking the memory once the configuration file has been loaded

NIOS softcore filtering CPU

• CPU implemented in the FPGA, solely dedicated to package filtering
• Minimal influence on the package throughput
• Can be user-programmed in C

Properties

• Static, configurable filtering
• Dynamic filtering in dedicated CPU
• Up to 100 static filters, dynamic filter up to memory capacity

PRODUCTS:

• DIN-Rail Computer with Intel Atom Processor for Rolling Stock

DIN-Rail Computing Platform

The MC50M is the ideal basis for functions such as security gateway, wireless IoT gateway, predictive maintenance, ticketing system, or to act as a diagnostics server. This DIN-rail mountable module comes with three physically separate Ethernet ports. A secured vital network may be connected to the first port, an unsecured network (internet) to the second while the third port may be used for maintenance. In this use case the MC50M protects the vital train infrastructure from malicious traffic, viruses and malware. The MC50M may be extended with Serial Ports, an MVB or CAN bus interface or wireless communication interfaces such as LTE and WLAN.

Features:

• 3 Separate Ethernet ports with three MAC addresses - supporting cyber security applications
• Intel Atom E3900 series
• Up to 8 GB DDR3 RAM with ECC
• Trusted Platform Module
• M.2 NVMe slot for storage
• Gb Ethernet, USB 3.2 Gen 1x1, RS232, RS485/422, DisplayPort
• DIN-Rail, wall or 19" rack mounting
• Input voltage 24 V DC nom. or 48 V DC nom. with ignition
• Full range power supply 16 V DC to 60 V DC
• EN 50155 compliant (railways)
• -40 °C to +70 °C (+85 °C), fanless

PRODUCTS:

• Ethernet Remote I/O Module

SECURE WAKE-UP FUNCTION

Secure web front-end (HTTPS), that can be used for diagnostic purposes and to upload and execute firmware updates.

Secure ETH connection (ssh)

> Receiving wake-up trigger

< Confirm wake-up state

Secure communication protocols like HTTPS web server, SFTP file transfer, SSH CLI

• Authentication by password, public key or host based
• 2x digital outputs (24-110V); bi-directional solid state relay output with current limitation
• 2x digital inputs (24-110V); state, PWM or frequency input
• 2x2 analog inputs; voltage, current, resistance