NIS-2 compliant IT system for secure sensor data processing and validation

The system addresses the lack of data protection in conventional monitoring systems by integrating a cryptographic validation module in a decentralized DAG to ensure tamper-proof audit trails, meeting NIS-2 IT security standards.

DE202026000087U1Active Publication Date: 2026-06-11ZANNI GRP INHABER ANDREAS ZANNI E K

Patent Information

Authority / Receiving Office
DE · DE
Patent Type
Utility models
Current Assignee / Owner
ZANNI GRP INHABER ANDREAS ZANNI E K
Filing Date
2026-01-12
Publication Date
2026-06-11

AI Technical Summary

Technical Problem

Conventional monitoring systems for critical infrastructure rainwater buffers do not provide sufficient data protection against manipulation and fail to meet the stringent IT security requirements mandated by the NIS-2 Implementation Act.

Method used

A system integrating a cryptographic validation module that signs sensor data immutably in a decentralized directed acyclic graph (DAG) and uses a modular registry structure to link physical module parameters with digital data, ensuring tamper-proof audit trails.

Benefits of technology

The system provides comprehensive and cyber-resilient monitoring that meets NIS-2 IT security requirements by creating an immutable audit trail for sensor data.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 00000000_0000_ABST
    Figure 00000000_0000_ABST
Patent Text Reader

Abstract

System for secure sensor data processing and validation, comprising an input layer for filtering data traffic (10), an isolated processing layer (30) for evaluating sensor data, and a cryptographic validation layer (40), characterized in that the sensor data are stored immutably in a decentralized ledger (60) by a dedicated validation module (42) using a digital signature, wherein a modular registry structure (34) links physical parameters of infrastructure components with the digital sensor data.
Need to check novelty before this filing date? Find Prior Art

Description

[0001] The invention relates to a system for processing sensor data, in particular for controlling and validating conditions in critical infrastructure structures. The system is preferably used in combination with modular rainwater retention modules, as described in the utility models "Civil Engineering Floodwater Collection System" (No. 20 2021 002 498.0) and "Building Element for Structural Applications" (No. 20 2025 000 597.9). Background of the invention

[0002] Due to the increasing frequency of extreme weather events, cities and municipalities face the challenge of efficiently buffering large volumes of rainwater. While the physical structure of such buffers is technically addressed by the aforementioned utility models (Ref. No. 20 2021 002 498.0 and Ref. No. 20 2025 000 597.9), new legal requirements, particularly the NIS-2 Implementation Act, additionally mandate comprehensive and cyber-resilient monitoring of these systems. However, conventional monitoring systems do not offer sufficient data protection against manipulation and only inadequately meet the IT security requirements for critical infrastructures. Description of the invention

[0003] The invention is therefore based on the objective of providing a system that combines the physical flood protection of the aforementioned components with tamper-proof digital documentation and control. This objective is achieved by a modular system in which incoming sensor data from an IoT network (50) are transmitted via a proxy manager (10) to an isolated data processing unit (30). A key feature of the invention is the integration of a cryptographic validation module (42), which signs the sensor data and stores it immutably in a decentralized directed acyclic graph (DAG) (60). By using a modular registry structure for the configuration data (34), the specific physical parameters of the modules, for example, a net capacity of approximately 14 m³, are defined. 3or a mass of approximately 5 tons, directly linked to the digital sensor data. This creates a tamper-proof audit trail that technically meets the IT security requirements of NIS-2. Drawings Fig. Figure 1 shows a schematic representation of the system architecture and data flow from the physical sensor input to the decentralized data storage. Detailed description of an exemplary implementation

[0004] An embodiment of the invention is described by reference to the Fig.1. External data traffic is initially filtered by a proxy manager (10). The user interface (20) serves for the visualization and administration of the system. The actual data processing takes place in an isolated data processing unit (30), which receives data from an IoT network (50) via a dedicated TTN-IOTA connection unit (32). This sensor data is compared with configuration data (34), which contains the specific properties of the components according to Ref. 20 2025 000 597.9. Subsequently, the data is processed by a data processing and logic module (36). To ensure data integrity, the data is transferred to a service module (40). There, an IOTA validation process, using a digital IOTA wallet (42), signs the data records and transfers them to a directed acyclic graph (DAG) (60). Reference symbol list 10 Proxy Management 20 User interface / Administration interface 30 Data processing unit 32 TTN-IOTA connection unit 34 Configuration data 36 Data processing and logic module / TTN-to-IOTA bridge 40 Service Module 42 IOTA validation process / IOTA wallet 50 IoT network 60 Directed Acyclic Graph (DAG)

Claims

[1] System for secure sensor data processing and validation, comprising an input layer for filtering data traffic (10), an isolated processing layer (30) for evaluating sensor data, and a cryptographic validation layer (40), characterized by , that the sensor data are immutably stored in a decentralized ledger (60) by a dedicated validation module (42) using a digital signature, wherein a modular registry structure (34) links physical parameters of infrastructure components with the digital sensor data. [2] System according to claim 1, characterized by , that the processing layer (30) is operated in a container-based virtualization environment to ensure logical separation between data acquisition, data processing and data validation. [3] System according to claim 1 or 2, characterized by, that the validation layer (40) is set up to generate a tamper-proof audit trail in accordance with the IT security requirements for critical infrastructures (NIS-2). [4] System according to any one of the preceding claims, characterized by , that the system has interfaces to external IoT networks (50) and that the physical parameters stored in the registry structure (34) include features of building modules, in particular those according to utility models No. 20 2021 002 498.0 or No. 20 2025 000 597.9.