JP5594255B2 - Vehicle network communication management device - Google Patents

Description

  The present invention relates to a communication management device for a vehicle network that manages communication of a vehicle network connected to an external network or an information terminal through wired communication or wireless communication.

  Vehicles such as automobiles in recent years include electronic control devices that constitute navigation systems, electronic control devices that electronically control various in-vehicle devices such as engines and brakes, and devices such as meters that display various vehicle states. Many electronic control devices such as an electronic control device to be controlled are mounted. In the vehicle, these electronic control devices are electrically connected by a communication line to form a vehicle network, and various vehicle data are exchanged between the electronic control devices via the vehicle network. ing.

  Furthermore, recently, development of a system that connects a vehicle network and a network outside the vehicle and enables transmission / reception of various information between these networks is also underway. In this system, for example, an engine start request is transmitted from the information terminal owned by the driver to the vehicle network via a network outside the vehicle. Then, when the engine control device connected to the vehicle network receives this start request, the engine is started through the engine control device. As described above, it is possible to remotely control the vehicle, monitor the vehicle state, and the like through communication between the vehicle network and a network outside the vehicle.

  On the other hand, under such circumstances where the vehicle network can be accessed from the outside, it is also assumed that unauthorized data is input into the vehicle network due to an unauthorized operation (unauthorized access) by an unauthorized user or the like who does not have a valid usage right. Is done. Therefore, for example, as described in Patent Document 1, prior to wireless communication between an in-vehicle device connected to a vehicle network and an information terminal owned by a user, encryption of data transmitted from the information terminal and It has also been proposed to verify the validity of an information terminal through mutual authentication using decryption. According to the device described in Patent Document 1, it is possible to prevent an information terminal without a legitimate authority from being network-connected to the in-vehicle device, and thus to obtain illegal data in the vehicle network via the in-vehicle device. Will be suppressed.

JP 2003-152717 A

  By the way, in order to verify the validity of the data input to the in-vehicle device connected to the vehicle network in this way through mutual authentication by encryption and decryption of the data, encryption processing and decryption involving complicated operations are performed. Processing is required. For this reason, not only a device for executing these encryption processing and decryption processing is required, but an increase in calculation load accompanying execution of the encryption processing and decryption processing is inevitable.

  Further, as described above, the vehicle network is a dedicated network formed in the vehicle in order to exchange vehicle data between a plurality of electronic control devices. Therefore, if data that is not captured by the vehicle network may be captured from the outside, the communication load increases, and transmission / reception of the original vehicle data between the electronic control units may be hindered. It might be.

  The present invention has been made in view of such circumstances, and an object of the present invention is to provide a vehicle capable of maintaining the reliability of communication as a vehicle network through the restriction of external data input while having a simple configuration. The object is to provide a network communication management device.

  Hereinafter, means for solving the above-described problems and the effects thereof will be described.

The invention according to claim 1 is a vehicle network in which vehicle data is transmitted and received between a plurality of vehicle-mounted control devices and external data can be input from outside the vehicle through wired communication or wireless communication. A communication management device for a vehicle network for managing data, which monitors a transmission status of vehicle data transmitted to the vehicle network and external data input from the outside, and transmits the monitored status of the data and external data A communication management unit that regulates transmission of external data to the vehicle network in accordance with a load exerted on the vehicle network, and the communication management unit includes rewrite data for rewriting data of the in-vehicle control device. In this case, the gist is to execute a process of temporarily relaxing the transmission restriction of the external data.

  The vehicle network is generally used for exchanging vehicle data between the in-vehicle control devices, but is also used for transmission / reception of rewrite data for data rewriting possessed by each in-vehicle control device, so-called reprogramming data. This rewritten data is also usually input to the vehicle network as external data from outside the vehicle network.

  Therefore, as described above, when the external data input to the vehicle network is rewrite data of the in-vehicle control device, the rewrite data has a high priority to be transmitted to the in-vehicle control device connected to the vehicle network. Assuming that the data is data, a process of relaxing transmission restrictions on external data is executed. For this reason, transmission control of unnecessary rewrite data necessary for maintaining the function of the in-vehicle control device is suppressed, and transmission / reception of rewrite data via the vehicle network can be performed accurately.

The invention according to claim 2 is a vehicle network in which vehicle data is transmitted and received between a plurality of in-vehicle control devices and external data can be input from outside the vehicle through wired communication or wireless communication. A communication management device for a vehicle network for managing data, which monitors a transmission status of vehicle data transmitted to the vehicle network and external data input from the outside, and transmits the monitored status of the data and external data A communication management unit that regulates transmission of external data to the vehicle network according to a load exerted on the vehicle network, the communication management unit according to a transmission state of vehicle data of the vehicle network to be monitored The gist is to variably set the execution period for external data transmission restriction.

  The transmission status of vehicle data by the vehicle network, in other words, the load on the vehicle network changes depending on the traveling state of the vehicle, and the vehicle network is temporarily in a high load state, or the vehicle network load is high. A case where the load state continues for a predetermined period is assumed.

  Therefore, as described above, if the execution period of the external data transmission restriction by the communication management unit is variably set according to the external data transmission state by the vehicle network, for example, the vehicle network is in a high load state. If this period is temporary, temporary transmission restriction according to this period is executed. As a result, the transmission restriction of external data is released early, and transmission of external data to the vehicle network can be permitted at an early stage.

  Moreover, according to the said structure, when the period when a vehicle network will be in a high load state is continued for a long period of time, long-term transmission control according to this period is performed, for example. For this reason, once it is determined that the vehicle network is in a high load state and this high load state continues for a predetermined period, transmission restriction is executed only for a period according to the transmission state of the vehicle data. Therefore, until the load of the vehicle network is reduced, the transmission restriction of the external data is executed based on the transmission restriction execution time once set, and the external data is kept until the load of the vehicle network is reduced. It is possible to accurately suppress transmission to the vehicle network.

The invention according to claim 3 is a vehicle network in which vehicle data is transmitted and received between a plurality of vehicle-mounted control devices and external data can be input from outside the vehicle through wired communication or wireless communication. A communication management device for a vehicle network for managing data, which monitors a transmission status of vehicle data transmitted to the vehicle network and external data input from the outside, and transmits the monitored status of the data and external data And a communication management unit that regulates transmission of external data to the vehicle network in accordance with a load on the vehicle network, and the communication management unit transmits and receives the vehicle data as an event occurs in the vehicle. When event data to be started is transmitted to the vehicle network, until the event ends, the And summarized in that to perform transmission regulation parts data.

  Vehicle data transmitted / received via the vehicle network is, for example, data that is periodically transmitted / received between the in-vehicle control devices, or temporarily transmitted / received between the occurrence of a predetermined event and the end of the event. There is event data to be played. The event data usually has a temporary transmission time, but the vehicle network tends to be in a high load state while the event data is transmitted and received. In addition, such event data is usually highly urgent data that needs to be transmitted and received between the in-vehicle control devices due to changes in the running state of the vehicle, and this data is surely transmitted to the in-vehicle control device to be transmitted. Need to be sent to.

  Therefore, as described above, when event data is transmitted to the vehicle network, external data transmission restriction is executed until the event that caused the event data transmission ends. As a result, even if the vehicle network becomes a high load state due to the occurrence of the event, until the event ends, that is, until the vehicle network transitions from the high load state to the low load state at the end of the event. The transmission of external data to the vehicle network is suppressed. As a result, the event data can be reliably transmitted and received.

The invention according to claim 4 is a vehicle network in which vehicle data is transmitted and received between a plurality of in-vehicle control devices and external data can be input from outside the vehicle through wired communication or wireless communication. A communication management device for a vehicle network for managing data, which monitors a transmission status of vehicle data transmitted to the vehicle network and external data input from the outside, and transmits the monitored status of the data and external data Includes a communication management unit that regulates transmission of external data to the vehicle network according to a load exerted on the vehicle network, and the communication management unit includes one or a plurality of types periodically transmitted to the vehicle network. A periodic transmission list in which identifiers, data lengths, and transmission cycles of data are registered, along with the occurrence of an event in the vehicle An event transmission list in which identifiers and data lengths of one or more types of data transmitted to the vehicle network are registered, and the transmission status of the vehicle network is monitored with reference to the periodic transmission list and the event transmission list This is the gist.

  Usually, since the standard of the in-vehicle control device that is the main subject of transmission of vehicle data can be specified in advance, the identifier, data length, and transmission cycle of the vehicle data transmitted and received between the in-vehicle control devices are set for each in-vehicle control device. It is possible to specify based on a standard or the like.

Therefore, as in the above configuration, a transmission frame list and an event transmission list are provided in the communication management unit. And the monitoring of the transmission state of the vehicle data by a communication management part is performed through reference with these transmission frame lists and event transmission lists. For this reason, for example, the communication management unit can identify the type, the data length, and the transmission cycle of the vehicle data through the verification of the identifier of the vehicle network transmitted and received via the vehicle network. Therefore, it is possible to predict the increase / decrease in the load on the vehicle network based on the type, data length, and transmission cycle of the specified vehicle data, and to specify the transmission status of vehicle data by the vehicle network in more detail. Become. This makes it possible to more accurately execute external data transmission regulation through vehicle data monitoring.
According to a sixth aspect of the present invention, in the communication management device for a vehicle network according to any one of the first to fourth aspects, the communication management unit predicts when the external data is transmitted to the vehicle network. When the usage rate of the vehicle network to be used exceeds a predetermined threshold value indicating the high load state of the vehicle network, the gist is to execute the transmission restriction of the external data.
According to the above configuration, when the external data transmission is restricted, the usage rate of the vehicle network when the external data input to the communication management unit is transmitted to the vehicle network is predicted. When the predicted usage rate exceeds a predetermined threshold value indicating a high load state of the vehicle network, external data transmission restriction is executed, and no external data is transmitted to the vehicle network. As a result, not only the load of the vehicle network being monitored but also the transmission restriction based on the usage rate of the vehicle network that is expected to increase when external data is transmitted is executed. As a result, excessive increase in the usage rate of the vehicle network due to the external data being input to the vehicle network is appropriately suppressed. In addition, this makes it possible to maintain the network load within the range of the usage rate that should be regulated, such as the usage rate “30%” that is normally required in CAN (Control Area Network). Communication management according to the characteristics of the vehicle network to be applied is performed.
A seventh aspect of the present invention is the vehicle network communication management device according to any one of the first to sixth aspects, wherein the communication management unit is configured to transmit the vehicle data at a transmission interval or per unit time. The gist is to monitor the transmission state of the vehicle data based on the above and monitor the transmission interval of the external data or the transmission data amount per unit time when the external data is input.
The load on the vehicle network correlates with the transmission interval of vehicle data transmitted / received to / from the vehicle network and the data amount (message amount) of vehicle data transmitted per unit time. In addition, the load that the external data exerts on the vehicle network is also the transmission interval and amount of transmission data when the external data is input to the communication management unit, in other words, the external data is transmitted to the vehicle network. It correlates with the transmission interval and transmission data amount.
Therefore, according to the above configuration, it is possible to accurately determine the load that the vehicle data and the external data exert on the vehicle network based on the transmission interval and the transmission data amount of the vehicle data and the transmission interval and the transmission data amount of the external data. Thus, it is possible to accurately execute transmission regulation based on those loads.
The invention according to claim 8 is the vehicle network communication management device according to any one of claims 1 to 7, wherein the communication management unit is configured to control the input of the external data as the transmission restriction of the external data. At least one of discarding, temporary transmission suspension of input external data, stop of reception of input external data, and communication adjustment for adapting the transmission amount of external data to be transmitted to the vehicle network to the load of the vehicle network The main point is to execute.
According to the above configuration, even when external data is input to the communication management unit, when the vehicle network is in a high load state, for example, the input external data is discarded, so that the external data is input to the vehicle network. Priority is given to transmission / reception of vehicle data communicated in the vehicle network without being transmitted.
Further, according to the above configuration, when the vehicle network is in a high load state, for example, the input external data is temporarily held, and when the load on the vehicle network is reduced, the vehicle network is temporarily held and external Data is transmitted to the vehicle network. Accordingly, it is possible to transmit the external data input to the communication management unit to the vehicle network while suppressing an increase in the load on the vehicle network due to the input of the external data.
Similarly, according to the above configuration, when the vehicle network is in a high load state, for example, reception of external data by the communication management unit is stopped, and external data is prevented from being taken into the communication management unit. As a result, when the vehicle network is in a high load state, input of external data to the communication management unit itself is suppressed, and transmission of external data to the vehicle network via the communication management unit is restricted.
Further, according to the above configuration, even if a slight load is applied to the vehicle network, external data is transmitted to the vehicle network within a range in which the communication function of the vehicle network can be maintained. In other words, the amount of external data transmitted to the vehicle network is adjusted in a manner that is inversely proportional to the load on the vehicle network and within a range in which the vehicle data communication function of the vehicle network can be maintained. This makes it possible to adjust the transmission amount of external data according to the load of the vehicle network, and to transmit and receive vehicle data and external data via this vehicle network in a mode that makes the most of the communication function of the vehicle network. Can be realized.

  A ninth aspect of the present invention is the vehicle network communication management device according to any one of the first to eighth aspects, wherein the communication management unit includes an external network mounted on a vehicle and the vehicle network. The gist of the invention is that the transmission restriction of the external data is executed through the monitoring of the transmission state of the external data transmitted through the external network.

  According to the above configuration, the communication management unit is provided between the vehicle network and the external network that captures external data including rewrite data of the in-vehicle control device and guides the captured external data to the vehicle network. Provided. When the external data is monitored by the communication management unit, the external data communication restriction is executed through the monitoring of the transmission status of the external data transmitted via the external network. For this reason, it is possible to specify the load that the external data exerts on the network based on the transmission cycle when the external data is actually transmitted through the network, the amount of transmission data per unit time, and the like. This makes it possible to accurately estimate the load when the external data is transmitted to the vehicle network.

  According to a tenth aspect of the present invention, in the communication management device for a vehicle network according to any one of the first to ninth aspects, the communication management unit is provided in the vehicle as a connector to which an external diagnostic device is connected. The present invention is provided between the data link connector and the vehicle network.

  Generally, a data link connector (DLC) connected to a vehicle network is provided in an exposed state in the vehicle interior. In addition, this DLC is usually used for connecting a device such as a diagnostic device in a diagnosis using a diagnostic tool at a dealer, for example.

  On the other hand, recently, by connecting an information terminal to the DLC, the vehicle data flowing through the vehicle network can be acquired from the information terminal, or conversely, various data can be output from the information terminal to the vehicle network. Tend to be used. When an unauthorized information terminal is connected to the DLC, or when an application registered in the information terminal is infected with a virus or the like, unauthorized data may be taken into the vehicle network via the DLC. is assumed. Further, even if the information terminal connected to the DLC is in a normal state, it is assumed that a large amount of data is transmitted from the information terminal to the vehicle network via the DLC depending on the user's operation.

  Therefore, according to the above configuration, external data input through a DLC that is provided in an exposed state and is connected to an external information terminal or the like serving as a transmission source of external data is highly likely. Even in this case, it is possible to accurately execute the transmission restriction. As a result, it is possible to accurately control the transmission of external data input from the outside via the DLC.

  The gist of an eleventh aspect of the present invention is the vehicle network communication management device according to any one of the first to tenth aspects, wherein the vehicular network comprises a control area network.

  As the vehicle network, a control area network (CAN) is often adopted, and in the control area network, various types of vehicle data are exchanged when various events occur. Further, in such a control area network, it is difficult to retransmit the vehicle data to the transmission target even if the vehicle data is not transmitted to the in-vehicle control device to be transmitted due to its characteristics. Therefore, when transmitting / receiving vehicle data via such a control area network, it is necessary to accurately manage the load of the vehicle network and maintain the vehicle data transmission / reception function of the vehicle network.

  In this regard, according to the above configuration, even in a control area network that is highly versatile and particularly required to maintain the transmission / reception function, the transmission / reception function by the control area network is provided through the external data transmission function. It becomes possible to maintain accurately.

  The gist of a twelfth aspect of the present invention is the communication management device for a vehicle network according to any one of the first to tenth aspects, wherein the vehicle network is made of FlexRay.

  The above-mentioned FlexRay is usually applicable to a vehicle network of a control system among vehicle networks configured by a control system, a body system, and an information system. According to such FlexRay, it is possible to send and receive vehicle data at a higher speed compared to a control area network, etc., but when the communication load of the FlexRay increases, the vehicle data is accurately transmitted. It is difficult to send and receive.

  In this regard, according to the above configuration, even when FlexRay is adopted as the vehicle network, various vehicle data can be smoothly and reliably transmitted and received through external data transmission regulation.

The block diagram which shows schematic structure with the network configuration of the vehicle in which the communication management part and the communication management part are installed about 1st Embodiment of the communication management apparatus of the vehicle network concerning this invention. It is a figure assuming transfer control of external data based only on the load of external data, (a) is a figure which shows the transmission condition of the data of the CAN bus and external network before the transfer of external data to the CAN bus. FIG. 6B is a diagram illustrating a transmission state of data on the CAN bus and the external network after transfer of external data to the CAN bus. (A) is a figure which shows an example of the transmission condition of the external data in the external network monitored by the external data monitoring part. (B) is a figure which shows an example of the transmission interval of the external data monitored by the external data monitoring part. (C) is a figure which shows an example of the transmission data amount per unit time of the external data monitored by the external data monitoring part. (A) is a figure which shows an example of the transmission condition of the vehicle data in the CAN bus monitored by the vehicle data monitoring part. (B) is a figure which shows an example of the transmission interval of the vehicle data monitored by the vehicle data monitoring part. (C) is a figure which shows an example of the transmission data amount per unit time of the vehicle data monitored by the vehicle data monitoring part. The flowchart which shows an example of the transmission control procedure of the external data by the communication management part of this Embodiment. The block diagram which shows schematic structure with the network configuration of the vehicle in which the communication management part and the communication management part are installed about 2nd Embodiment of the communication management apparatus of the vehicle network concerning this invention. The block diagram which shows schematic structure with the network configuration of the vehicle in which the communication management part and the communication management part are installed about 3rd Embodiment of the communication management apparatus of the vehicle network concerning this invention. The figure which shows an example of the transmission data amount per unit time of the external data monitored by the external data monitoring part about other embodiment of the communication management apparatus of the vehicle network concerning this invention.

(First embodiment)
Hereinafter, a first embodiment of a vehicle network communication management device according to the present invention will be described with reference to FIGS. In the present embodiment, transmission / reception of signals between in-vehicle control devices is performed via a CAN (control area network) in which various types of communication data are exchanged by an event trigger method.

  As shown in FIG. 1, the communication management device of the present embodiment receives external data from a plurality of in-vehicle control devices (ECUs) 100 that control various in-vehicle devices mounted on a vehicle C and various information terminals. It is comprised by the communication management part 200 provided between the data link connectors (DLC) 300. FIG.

  The in-vehicle control device 100 includes, for example, an instrument control device that controls a display mode of a speedometer provided on an instrument panel in a vehicle interior, an engine control device that controls the operating state of the engine based on an accelerator pedal depression amount by the driver, and a driver. The brake control device is configured to control the brake based on the depression amount of the brake pedal. Each in-vehicle control device 100 is connected to a CAN bus 110 which is a communication line constituting a control area network (CAN) which is a vehicle network. For example, each in-vehicle control device 100 connected to the CAN bus 110 controls various in-vehicle devices according to the vehicle operation by the driver of the vehicle C, the traveling environment of the vehicle C, and the like. The vehicle data including the amount and the control amount of the brake is transmitted / received between the in-vehicle control devices 100 via the CAN bus 110. The vehicle data is converted into one or a plurality of data frames which are a transfer file format in the CAN bus 110 and transmitted / received on the CAN bus 110. Each data frame has a data structure including, for example, an ID (identifier) used to identify data contents and a transmission node, a data field capable of transmitting data of up to 8 bytes, and the like. .

  On the other hand, the vehicle C is provided with a DLC 300 to which an external diagnostic device is connected when the vehicle C is diagnosed. The DLC 300 is provided at the lower part of the instrument panel, for example, and is electrically connected to an external network 310 connected to the CAN bus 110. That is, the DLC 300 is connected to the CAN bus 110 to which the in-vehicle control device 100 is connected via the external network 310. When diagnosing the vehicle C, an external diagnostic device is connected to the DLC 300, and for example, the diagnostic data is converted into a data frame that is a transfer file format in the CAN bus 110, and then the converted data is converted. The frame is transmitted to the in-vehicle control device 100 to be transmitted via the external network 310 and the CAN bus 110. In addition, vehicle data transmitted to the CAN bus 110 via the external network 310 and the DLC 300 is acquired by an external diagnostic device. Note that the external network 310 is configured by, for example, a communication line of the same standard as the CAN bus 110, and the amount of data that can be transmitted and received by the external network 310 is the same as that of the CAN bus 110.

  In addition, when the DLC 300 needs to be updated or modified in a control program such as an application program or control data incorporated in each in-vehicle control device 100, rewrite data for reprogramming (data rewriting) is provided. It is also used when taken into the vehicle C. When the data is rewritten by the in-vehicle control device 100, the rewritten data is input to the DLC 300 inside the vehicle C, and the input rewritten data is a target of rewriting via the external network 310 and the CAN bus 110. It is transmitted to the control device 100.

  Furthermore, the information terminal etc. which the driver of the vehicle C owns are connected to DLC300 of this Embodiment, for example. Further, when using services such as various applications used in the information terminal, various data for using the service in the information terminal and the vehicle C are input into the vehicle C via the DLC 300. Then, the data input to the inside of the vehicle C is also transmitted to the in-vehicle control device 100 to be transmitted via the external network 310 and the CAN bus 110.

  By the way, when various data (external data) captured via the DLC 300 is transmitted to the CAN bus 110 via the external network 310, the usage rate of the CAN bus 110 increases accordingly. The load on the CAN bus 110 increases. For this reason, when a large amount of external data is transmitted to the CAN bus 110, transmission / reception of vehicle data that should be originally transmitted / received via the CAN bus 110 is hindered.

  On the other hand, as illustrated in FIG. 2A, a predetermined threshold value that allows input to the CAN bus 110 is provided for the external data D1, and the data amount is equal to or less than the threshold value to the CAN bus 110. Permitting transmission of external data D1 can also be considered. However, as illustrated in FIG. 2B, the load on the CAN bus 110 may increase depending on the transmission state of the vehicle data F1 on the CAN bus 110 only by monitoring the data amount of the external data D1. . That is, since the vehicle data F1 is normally transmitted by broadcast on the CAN bus 110, the vehicle data F1 tends to be transmitted to the CAN bus 110 on a regular basis. Further, in the CAN bus 110, the transmission cycle, the data amount, and the like of the vehicle data F1 transmitted to the CAN bus 110 dynamically change due to the state of the vehicle C and the like. Therefore, as shown in FIGS. 2A and 2B, only by monitoring the external data D1 input from the outside and restricting the input of the external data D1, the CAN bus 110 becomes highly loaded. It is difficult to suppress this and maintain the transmission / reception function of the vehicle data F1 by the CAN bus 110.

  Therefore, in the present embodiment, as shown in FIG. 1, the communication management unit 200 provided between the CAN bus 110 and the DLC 300 executes transmission regulation of external data captured from the DLC 300. In the present embodiment, since the vehicle data is broadcast and flows on the CAN bus 110, all the vehicle data transmitted and received between the in-vehicle control devices 100 is transmitted to the communication management unit 200 connected to the CAN bus 110. Is entered.

  The communication management unit 200 according to the present embodiment includes a vehicle data monitoring unit 210 that monitors the transmission status of vehicle data via the CAN bus 110. In addition, the communication management unit 200 includes an external data monitoring unit 220 that monitors the transmission status of external data output from an external diagnostic device or information terminal connected to the DLC 300 and transmitted via the external network 310. Yes.

  The vehicle data monitoring unit 210 monitors, for example, an ID of vehicle data transmitted to the CAN bus 110, a transmission interval of the vehicle data, a transmission amount (message amount) of the vehicle data per unit time, and the monitoring result. Is appropriately output to a control determination unit 230 that performs transmission control of external data based on the signal. Further, the vehicle data monitoring unit 210 obtains a usage rate indicating the load of the CAN bus 110 based on the transmission interval and transmission amount of the vehicle data transmitted to the CAN bus 110, and a signal indicating the obtained usage rate is a control determination unit. 230. Note that the vehicle data monitoring unit 210, for example, based on a value obtained by dividing the transmission data amount of the vehicle data actually transmitted to the CAN bus 110 by the data amount that can be transmitted to the maximum by the CAN bus 110. The usage rate of 110 is obtained.

  The external data monitoring unit 220 is connected to the external network 310, for example, and receives external data transmitted via the DLC 300 and the external network 310. Based on the external data reception status, the external data transmission status by the external network 310 is monitored, and a signal indicating the monitoring result is appropriately output to the control determination unit 230.

  The control determination unit 230 according to the present embodiment performs transmission control of external data based on the monitoring results of the vehicle data monitoring unit 210 and the external data monitoring unit 220. Routing information indicating the path of the CAN bus 110 and the CAN bus 110 are heavily loaded. The threshold value used as a reference when determining whether or not the file is stored is referred to by referring to the registered storage area 240.

  In the storage area 240, for example, a load reference value serving as a determination criterion when determining whether the CAN bus 110 is in a high load state is registered. In the present embodiment, for example, information indicating a usage rate of about “30%” recommended in the standard of the control area network is registered as the load reference value. In the storage area 240, routing information that is information indicating the path of the CAN bus 110 is registered.

  Then, the control determination unit 230 refers to the storage area 240, for example, the usage rate of the CAN bus 110 input from the vehicle data monitoring unit 210 is approximately “30” which is the load reference value registered in the storage area 240. % ”Is determined. Further, the control determination unit 230 recognizes whether or not external data is transmitted to the communication management unit 200 via the DLC 300 and the external network 310 based on the monitoring result by the external data monitoring unit 220, and the external data Recognize the transmission period and data amount. Then, the control determination unit 230 determines that the usage rate of the CAN bus 110 has already exceeded about “30%” with the transmission / reception of the vehicle data and that the external data is being transmitted to the communication management unit 200. For example, a control command for discarding the external data transmitted to the communication management unit 200 is output to the transmission regulation unit 250 that executes the transmission regulation of the external data. The control determination unit 230 also outputs a control command to the transmission restriction unit 250 to stop the reception of external data for a predetermined time.

  On the other hand, even if the usage rate of the CAN bus 110 to be monitored is within about “30%”, the control determination unit 230 is still receiving external data to the communication management unit 200 via the DLC 300 and the external network 310. The usage rate of the CAN bus 110 that is expected to increase when the external data is transmitted to the CAN bus 110 is calculated. When the control determination unit 230 determines that the calculated usage rate of the CAN bus 110 exceeds the load reference value of about “30%”, for example, the control determination unit 230 discards the external data transmitted to the communication management unit 200. A control command to the effect is output to the transmission restricting unit 250. The control determination unit 230 also outputs a control command to the transmission restriction unit 250 to stop the reception of external data for a predetermined time.

  When a control command for discarding external data is input from the control determination unit 230, the transmission restriction unit 250 discards the external data received by the external data monitoring unit 220 in accordance with the control command. Let That is, when the usage rate of the CAN bus 110 has already exceeded about “30%”, or when the usage rate of the CAN bus 110 has been predicted to exceed about “30%” due to the input of external data. The external data transmitted to the communication management unit 200 is once discarded, and this external data is not transmitted to the CAN bus 110. For this reason, in a state where the load on the CAN bus 110 is high or an increase in the load on the CAN bus 110 is predicted, external data transmitted via the DLC 300 and the external network 310 is transmitted to the CAN bus 110. And prohibiting an excessive increase in the load on the CAN bus 110 is suppressed. In addition, when a control command for stopping the reception of external data is input from the control determination unit 230, the transmission restriction unit 250 stops the reception of external data by the external data monitoring unit 220 for a predetermined time according to the control command. . For this reason, for example, until the amount of vehicle data transmitted / received via the CAN bus 110 decreases, in other words, until the CAN bus 110 in a high load state transitions to a low load state, Input to the communication management unit 200 is suppressed. For example, on the image display unit of the information terminal connected to the DLC 300, an image indicating an external data transmission error, an image prompting retransmission of the external data after a predetermined period of time, and the like are displayed.

  On the other hand, even if external data is transmitted to the CAN bus 110, the transmission restriction unit 250 can maintain the usage rate of the CAN bus 110 after transmission of the external data within, for example, about “30%”. Do not enforce transmission restrictions. As a result, the external data transmitted via the DLC 300 and the external network 310 and received by the external data monitoring unit 220 is transferred to the CAN bus 110.

Next, how external data is monitored by the external data monitoring unit 220 according to the present embodiment will be described with reference to FIG.
As shown in FIG. 3A, for example, it is assumed that external data is input from an information terminal connected to the DLC 300, and data frames Da to Df obtained by converting the external data are transmitted to the external network 310.

  First, when the external data monitoring unit 220 receives the data frames Da to Df transmitted via the external network 310, the external data monitoring unit 220 recognizes that the external data has been input into the vehicle C via the DLC 300.

  Also, the external data monitoring unit 220 measures the transmission intervals of the data frames Da to Df, for example, thereby measuring the transmission intervals Δtd of the data frames Da to Df by the external network 310 as shown in FIG. Ask for. Then, the external data monitoring unit 220 outputs a signal indicating the obtained transmission interval Δtd to the control determination unit 230. On the other hand, as shown in FIG. 3C, the external data monitoring unit 220 measures the number of data frames in the period T1, for example, based on the reception status of the data frames Da to Df, thereby causing an external network 310. The amount of transmission data per unit time of the external data transmitted via is obtained. Then, the external data monitoring unit 220 outputs a signal indicating the obtained transmission data amount to the control determination unit 230.

  For example, when a Dos attack in which a large amount of external data is transmitted to the inside of the vehicle C via the DLC 300 is performed, the transmission interval Δtd of the external data in the external network 310 is set so that the vehicle data travels on the CAN bus 110. It becomes shorter than the transmission interval when flowing. Similarly, the data amount per unit time of external data in the external network 310 is also larger than the data amount per unit time when the vehicle data flows on the CAN bus 110. Therefore, in the control determination unit 230 of the present embodiment, the transmission interval when the vehicle data flows on the CAN bus 110 and the data amount per unit time, and the transmission interval and unit time of the external data flowing on the external network 310. It is possible to grasp whether or not the external data input through the DLC 300 is a Dos attack by comparing the amount of data.

  The external data monitoring by the external data monitoring unit 220 is performed by the external data monitoring unit 220 monitoring the reception status of external data by the communication management unit 200, for example. Further, such monitoring by the external data monitoring unit 220 is performed at a predetermined time interval, for example, at a time interval shorter than the minimum value of the external data transmission interval that can be transmitted to the external network 310. Is called.

Next, a vehicle data monitoring mode by the vehicle data monitoring unit 210 according to the present embodiment will be described with reference to FIG.
As shown in FIG. 4A, for example, when data frames Fa to Fe in which vehicle data is converted are transmitted from each in-vehicle control device 100, for example, the data frames Fa to Fe are provided in the middle of the CAN bus 110. Is transmitted to each in-vehicle control device 100 via the communication management unit 200. Then, the vehicle data monitoring unit 210 monitors the transmission status of the vehicle data via the CAN bus 110 by monitoring the data frames Fa to Fe passing through the communication management unit 200.

  Further, the vehicle data monitoring unit 210 measures the transmission interval Δtf of each detected data frame Fa to Fe as shown in FIG. 4B through monitoring of the CAN bus 110. Then, the vehicle data monitoring unit 210 outputs a signal indicating the measured transmission interval Δtf to the control determination unit 230. On the other hand, the vehicle data monitoring unit 210 monitors the vehicle data by the CAN bus 110 by measuring the number of data frames in the period T2, for example, as shown in FIG. The amount of transmission data per unit time is obtained. Then, the vehicle data monitoring unit 210 outputs a signal indicating the obtained transmission data amount to the control determination unit 230. Further, for example, the vehicle data monitoring unit 210 obtains the usage rate of the CAN bus 110 based on the measured transmission interval Δtf of the data frames Fa to Fe and the transmission data amount, and controls and determines a signal indicating the obtained usage rate. Output to the unit 230.

The operation of the vehicle network communication management apparatus according to the present embodiment will be described below with reference to FIG.
As shown in FIG. 5, when an information terminal or the like is connected to the DLC 300 and external data of a predetermined data amount is transmitted to the DLC 300 and the external network 310 by the information terminal, the external data transmitted to the external network 310 is transmitted. Is received by the external data monitoring unit 220 (step S101). Then, the external data monitoring unit 220 obtains a transmission interval of external data and a transmission data amount per unit time based on the reception status of the external data, and outputs a signal indicating the obtained transmission interval and transmission data amount of the external data. It outputs to the control judgment part 230.

  Next, the control determination unit 230 monitors the vehicle data by the vehicle data monitoring unit 210, the usage rate of the CAN bus 110, the transmission interval of the vehicle data flowing on the CAN bus 110, and the transmission data of the vehicle data per unit time. A signal indicating the quantity is acquired (step S102).

  The control determination unit 230 determines whether or not the usage rate of the CAN bus 110 acquired from the vehicle data monitoring unit 210 is, for example, about “30%” or less indicating a high load state of the CAN bus 110, that is, whether or not the load reference value or less. Is determined (step S103).

  When the usage rate of the CAN bus 110 is about “30%” or less, the control determination unit 230 receives the external data monitoring unit 220 based on the monitoring results of the vehicle data monitoring unit 210 and the external data monitoring unit 220. The usage rate of the CAN bus 110 that is expected to increase when external data is transmitted to the CAN bus 110 is obtained (step S103: YES, S104). Next, the control determination unit 230 determines whether or not the obtained usage rate is, for example, about “30%” or less (step S105).

  Then, the control determination unit 230 determines that the usage rate of the CAN bus 110 is maintained within about “30%” even if the external data received by the external data monitoring unit 220 is transmitted to the CAN bus 110 (step S105). : YES), the external data received by the external data monitoring unit 220 is transferred to the CAN bus 110 (step S106).

  On the other hand, if it is determined in step S103 that the usage rate of the CAN bus 110 exceeds about “30%”, the external data received by the external data monitoring unit 220 is assumed that the CAN bus 110 is already in a high load state. Is discarded (step S103: NO, S107). Similarly, even if the usage rate of the CAN bus 110 is about “30%” or less, the usage rate of the CAN bus 110 is reduced to “about” by transmitting the external data received by the external data monitoring unit 220 to the CAN bus 110. When it is predicted that it will exceed “30%”, the external data received by the external data monitoring unit 220 is discarded (steps S105: NO, S107).

  Further, after the external data is discarded, the external data monitoring unit 220 stops receiving the external data for a predetermined period, and the external data transmitted through the DLC 300 and the external network 310 is transmitted to the external data monitoring unit 220 (communication). Incorporation into the management unit 200) is stopped (steps S108 and S109).

  Thus, when a predetermined period has elapsed (step S109: YES), for example, when external data is retransmitted from an information terminal connected to the DLC 300, monitoring of external data on the external network 310 side and CAN bus 110 side again. The vehicle data is monitored. Based on the load on the CAN bus 110, the necessity of input of external data to the CAN bus 110 is determined.

As described above, according to the vehicle network communication management device of the present embodiment, the following effects can be obtained.
(1) The vehicle data monitoring unit 210 monitors the transmission status of vehicle data transmitted to the CAN bus 110, which is a vehicle network, and the external data monitoring unit 220 monitors external data input from the outside. Then, the transmission of the external data to the CAN bus 110 is regulated according to the transmission status of the vehicle data and the external data and the load that the external data exerts on the CAN bus 110. For this reason, when the vehicle data which should be transmitted / received by the CAN bus 110 increase, external data is not taken in to the CAN bus 110, and it suppresses that the traffic of the CAN bus 110 is saturated. Thus, while it is possible to input external data into the CAN bus 110, it is possible to ensure the vehicle data transmission / reception function by the CAN bus 110 through this external data transmission restriction. For this reason, for example, even if a Dos attack in which a large amount of illegal data is sent to the CAN bus 110 is performed, the data is input to the CAN bus 110 through the transmission restriction of the large amount of illegal data. It is suppressed. As a result, external data transmitted from the outside can be input into the CAN bus 110, but a Dos attack on the CAN bus 110 to which each in-vehicle control device 100 necessary for controlling the vehicle C is connected is suppressed. Thus, the security as the CAN bus 110 can be improved.

  (2) The vehicle data monitoring unit 210 monitors the usage rate of the CAN bus 110. When the usage rate of the CAN bus 110 that is expected to increase when the external data is transmitted to the CAN bus 110 exceeds a predetermined threshold value indicating a high load state of the CAN bus 110, the external data by the transmission restriction unit 250 It was decided to implement transmission restrictions. For this reason, not only the load of the CAN bus 110 being monitored but also the transmission regulation based on the usage rate of the CAN bus 110 that is expected to increase when external data is transmitted. As a result, an excessive increase in the usage rate of the CAN bus 110 due to the external data being input to the CAN bus 110 is appropriately suppressed. Further, by setting, for example, about “30%” recommended in the CAN bus 110 standard as the threshold value, the usage rate of the CAN bus 110 is reduced to about “30” while the external data can be input to the CAN bus 110. % ". As a result, transmission / reception of vehicle data by the CAN bus 110 can be performed without causing transmission delay, transmission failure, and the like, and accurate communication management based on the characteristics of the CAN bus 110 is performed.

  (3) The vehicle data monitoring unit 210 monitors the transmission interval of the vehicle data and the transmission data amount per unit time, and the external data monitoring unit 220 monitors the transmission interval of the external data and the transmission data amount per unit time. It was. This makes it possible to accurately determine the load that the vehicle data and the external data have on the CAN bus 110 based on the transmission interval and the transmission data amount of the vehicle data and the transmission interval and the transmission data amount of the external data. It is possible to accurately execute the transmission control of external data based on the load.

  (4) As the external data transmission restriction by the transmission restriction unit 250, the external data received by the external data monitoring unit 220 is discarded. Even if external data is input to the communication management unit 200, when the CAN bus 110 is in a high load state, the input external data is discarded, so that the external data is not transmitted to the CAN bus 110, and CAN It becomes possible to prioritize transmission / reception of vehicle data being communicated on the bus 110.

  (5) As the transmission restriction of external data by the transmission restriction unit 250, the reception stop of the external data input to the external data monitoring unit 220 is executed for a predetermined period. As a result, after it is determined that there is no room for the CAN bus 110 to take in external data, the external data is not taken into the communication management unit 200, and it is necessary to discard the external data according to the load on the CAN bus 110. Nor.

  (6) The communication management unit 200 is disposed between the CAN bus 110 and the external network 310. Then, the transmission restriction of the external data by the transmission restriction unit 250 is executed through monitoring the transmission state of the external data transmitted through the external network 310. For this reason, the external data transmitted via the external network 310 is transmitted to the CAN bus 110 via the communication management unit 200, and the transmission control of the external data by the communication management unit 200 is accurately executed. It becomes possible to do. For this reason, the load that the external data exerts on the CAN bus 110 is specified based on the transmission cycle when the external data is actually transmitted via the external network 310, the amount of transmission data per unit time, and the like. It becomes possible. This makes it possible to accurately estimate the load when the external data is transmitted to the CAN bus 110.

  (7) The communication management unit 200 is provided between the DLC 300 provided in the vehicle and the CAN bus 110 as a connector to which an external diagnostic device is connected. For this reason, transmission of external data that is provided in the vehicle interior in an exposed state and that is input via the DLC 300 that can easily connect an external information terminal and the vehicle network is restricted. As a result, it is possible to accurately execute transmission restrictions on external data input from the outside via the DLC 300.

  (8) As the vehicle network, the CAN bus 110 including a control area network was targeted. For this reason, even for a control area network that is highly versatile as a vehicle network and that has a particularly high need to maintain a transmission / reception function, the transmission / reception function by the control area network is accurately determined through the external data transmission function. Can be maintained.

(Second Embodiment)
Next, the second embodiment of the vehicle network communication management device according to the present invention will be described with reference to FIG. 6, which is a diagram corresponding to FIG. 1, focusing on the differences from the first embodiment. To explain. The basic configuration of the vehicle network communication management apparatus according to the present embodiment is the same as that of the first embodiment, and this embodiment is substantially the same as the first embodiment. These elements are denoted by the same reference numerals, and redundant descriptions are omitted.

  As shown in FIG. 6, the control determination unit 230 </ b> A constituting the communication management unit 200 </ b> A of the present embodiment reprograms control data and control data such as application programs incorporated in the in-vehicle control device 100. A rewrite data determination unit 231 that determines whether or not the data is rewrite data for (data rewrite) is provided. In addition, the control determination unit 230A according to the present embodiment changes the reference load reference value when determining whether to transfer external data to the CAN bus 110 when externally input data is rewritten data. The load reference value changing unit 232 is provided.

  In addition, when updating or correcting a control program or control data incorporated in the in-vehicle control device 100, a dedicated device is connected to the DLC 300, and rewrite data is input from the connected device. Note that, for example, an ID indicating that the data is rewrite data for rewriting the data of the in-vehicle control device 100 is given in advance to the rewrite data.

  When a dedicated device is connected to the DLC 300 and rewrite data is transmitted from the connected device, the rewrite data is transmitted to the communication management unit 200A via the external network 310 to be transmitted to the external data monitoring unit 220. Is monitored by The external data monitoring unit 220 monitors the transmission interval of rewrite data and the amount of transmission data per unit time, and outputs the monitoring result to the control determination unit 230A. In addition, when the external data monitoring unit 220 according to the present embodiment recognizes the ID given to the rewritten data, the external data monitoring unit 220 outputs a signal indicating the recognized ID to the control determination unit 230A.

  Then, in the control determination unit 230A of the present embodiment, when a signal indicating an ID is input from the external data monitoring unit 220, the rewrite data determination unit 231 causes external data to be monitored by the external data monitoring unit 220. It is determined whether the data is rewritten data. In addition, the rewrite data determination unit 231 according to the present embodiment converts the external data into rewrite data by collating the ID recognized by the external data monitoring unit 220 with, for example, the rewrite data ID registered in advance in the storage area 240A. It is determined whether or not. Then, the rewrite data determination unit 231 outputs the determination result to the load reference value change unit 232.

  When the determination result that the external data is rewritten data is input from the rewritten data determining unit 231, the load reference value changing unit 232 executes the external data transmission restriction in order to relax the transmission restriction on the rewritten data. A process for changing the load reference value, which is a reference for determining whether or not the load is received, is executed. When the external data is rewritten data, the load reference value changing unit 232 according to the present embodiment sets the usage rate of the CAN bus 110 set as a reference value for determining whether or not to execute transmission restriction to, for example, “30% ”Is temporarily increased from“ 40% ”to“ 40% ”.

  When the transmission restriction unit 250 restricts the transmission of rewrite data, whether the usage rate of the CAN bus 110 exceeds “40%” and whether the CAN is predicted after the rewrite data is transferred to the CAN bus 110. Whether or not transfer data can be transferred is determined based on whether or not the usage rate of the bus 110 exceeds “40%”.

  As a result, when the usage rate of the CAN bus 110 is within “40%” and the usage rate of the CAN bus 110 predicted after the transfer of rewrite data to the CAN bus 110 is within “40%”, Rewrite data input from the outside is transferred to the CAN bus 110. The rewritten data transferred to the CAN bus 110 is transmitted to the in-vehicle control device 100 to be rewritten, and the data incorporated in the in-vehicle control device 100 is rewritten.

  Note that even if the load reference value changing unit 232 changes the load reference value once based on the determination result of the rewrite data determination unit 231, when external data different from the rewrite data is newly input, the usage rate once increased. For example, a process of returning (load reference value) from “40%” to the initial value “30%” is executed. Thus, the transmission restriction execution standard by the transmission restriction unit 250 is dynamically changed according to whether or not the external data is rewritten data.

  As described above, according to the communication management device for a vehicle network according to the present embodiment, the effects (1) to (8) can be obtained, and the following effects can be further obtained.

  (9) A configuration in which the control determination unit 230A is provided with a rewrite data determination unit 231 that determines whether external data is rewrite data for rewriting the control program or control data incorporated in the in-vehicle control device 100. It was. In addition, the control determination unit 230A is provided with a load reference value changing unit 232 that changes the load reference value when data input from the outside is rewritten data. For this reason, when the data input from the outside is rewrite data, the transmission restriction by the transmission restriction unit 250 is relaxed so that the rewrite data is transferred to the CAN bus 110 with priority over other external data. Thereby, it is possible to suppress unnecessary transmission restriction of data necessary for data rewriting of the in-vehicle control device 100, and it is possible to accurately execute transmission / reception of rewriting data via the CAN bus 110.

(Third embodiment)
Next, referring to FIG. 7, which is a diagram corresponding to FIG. 1, focusing on the differences from the first embodiment, in the third embodiment of the vehicle network communication management apparatus according to the present invention. To explain. The basic configuration of the vehicle network communication management apparatus according to the present embodiment is the same as that of the first embodiment, and this embodiment is substantially the same as the first embodiment. These elements are denoted by the same reference numerals, and redundant descriptions are omitted.

  As shown in FIG. 7, the control determination unit 230B constituting the communication management unit 200B of the present embodiment includes a vehicle data type identification unit 233 that identifies the type of vehicle data transmitted and received between the in-vehicle control devices 100, A transmission restriction time setting unit 234 that sets an execution period of transmission restriction of external data according to the identification result by the vehicle data type identification unit 233 is provided.

  That is, the vehicle data transmitted / received between the in-vehicle control devices 100 usually includes, for example, periodic data periodically transmitted at a predetermined cycle such as temperature data indicating the outdoor temperature of the vehicle C. Exists. Whether or not the vehicle data is regular data can be identified based on an ID given in advance to the vehicle data when transmitting the vehicle data.

  Therefore, in the storage area 240B of the present embodiment, in order to identify whether or not the vehicle data is regular data, identifiers and data lengths of one or more types of regular data that can be transmitted to the CAN bus 110, and A regular transmission list indicating a transmission cycle is registered in advance.

  Further, the vehicle data usually includes a change in the state of the vehicle C caused by the vehicle C approaching a predetermined traffic element or various operations performed by the driver. There is event data that requires temporary transmission and reception. As the event data, for example, when the vehicle C approaches a predetermined traffic element such as a curve, transmission / reception is performed between the control device that controls the navigation system mounted on the vehicle C and each in-vehicle control device 100. There is necessary data and data that needs to be transmitted / received by each in-vehicle control device 100 due to a deceleration operation or an acceleration operation performed by the driver. And such event data generate | occur | produces with various events, such as the approach to the traffic element of the vehicle C, and each vehicle-mounted control apparatus 100 after the event is complete | finished, such as the vehicle C passing a traffic element. Data that does not need to be transmitted / received between. Whether or not the vehicle data is such event data and the type of the event data can be identified based on an ID given in advance to the vehicle data when transmitting the vehicle data.

  Therefore, in the storage area 240B of the present embodiment, event data that can be transmitted to the CAN bus 110 so that it can be determined whether or not the vehicle data is event data and the type of event data can be identified. An event transmission list indicating an identifier, a data length, and a transmission cycle of one or more types of data is registered in advance.

  When the external data transmission restriction is performed by the communication management unit 200B according to the present embodiment, first, the vehicle data type identification unit 233 is given to the vehicle data to be monitored through monitoring by the vehicle data monitoring unit 210. Get an ID.

  The vehicle data type identification unit 233 refers to the periodic transmission list and the event transmission list registered in the storage area 240B based on the acquired ID, so that the vehicle that is monitored by the vehicle data monitoring unit 210 Whether the data type is regular data or event data is identified. Further, the vehicle data type identification unit 233 identifies the data length and transmission cycle of the vehicle data whose type has been identified through reference to the regular transmission list and the event transmission list. Then, the vehicle data type identification unit 233 outputs this identification result to the transmission restriction time setting unit 234.

  The transmission restriction time setting unit 234 sets the execution time of external data transmission restriction based on the type, transmission cycle, and data length of the vehicle data input from the vehicle data type identification unit 233. For example, when the vehicle data flowing on the CAN bus 110 is event data generated in association with an event in the vehicle C, the transmission restriction time setting unit 234 predicts the time required until the end of the event, and this prediction This time is determined as the execution time of the external data transmission restriction. When setting the execution time of the transmission restriction, for example, when the event data is data generated when the traveling vehicle C approaches a certain traffic element, the vehicle C passes through the traffic element. Is set as an execution time of transmission restriction. In addition, the transmission restriction execution time is determined based on, for example, the transmission period and data length of event data identified through reference to the storage area 240B. Similarly, when the vehicle data flowing on the CAN bus 110 is regular data, for example, the transmission restriction execution time is based on the transmission period and data length of the regular data identified through reference to the storage area 240B. Determined.

  In this way, the communication management unit 200B executes the transmission restriction based on the execution time determined by the vehicle data type identification unit 233 when restricting the transmission of external data. Thereby, for example, the period during which reception of external data is stopped in steps S108 and S109 shown in FIG. 5 is variably set to a value determined by the transmission restriction time setting unit 234. In this way, transmission restrictions according to the type of vehicle data, transmission cycle, and the like are executed.

  As a result, when it is predicted that the period during which the CAN bus 110 is in a high load state is temporary, for example, the reception of external data is temporarily stopped according to this period. Accordingly, when the transmission restriction of the external data by the transmission restriction unit 250 is released at an early stage and even the external data transfer condition is satisfied, the transfer of the external data to the CAN bus 110 can be permitted at an early stage.

  On the other hand, when the period during which the CAN bus 110 is in a high load state is predicted to continue for a long period of time, for example, the reception of external data is stopped for a long period according to this period. For this reason, once it is determined that the CAN bus 110 is in a high load state and this high load state continues for a predetermined period, the transmission restriction of external data is executed for a period corresponding to the transmission state of the vehicle data. The Therefore, reception of external data is stopped based on the transmission restriction execution time once set until the load on the CAN bus 110 decreases. As a result, during the period in which the reception of external data is stopped, it is not necessary to execute the processing shown in steps S101 to S105 in FIG. 5 and the calculation load on the communication management unit 200B is reduced. Become. In addition, this makes it possible to stop the reception of external data by the communication management unit 200B until the load on the CAN bus 110 is reduced, and accurately suppress transmission of this external data to the CAN bus 110. It becomes possible.

  As described above, according to the communication management device for a vehicle network according to the present embodiment, the effects (1) to (8) can be obtained, and the following effects can be further obtained.

  (10) The execution period according to the transmission restriction of the external data is variably set according to the transmission state of the vehicle data of the CAN bus 110. As a result, it is possible to execute transmission restriction according to the transmission state of the vehicle data, and it is possible to execute accurate transmission restriction corresponding to the transmission state of the vehicle data.

  (11) When the event data that starts transmission / reception in response to the occurrence of an event in the vehicle is transmitted to the vehicle network as the vehicle data, the transmission restriction unit 250 restricts the transmission of external data until the event ends. It was decided to execute. For this reason, even if the CAN bus 110 becomes a high load state due to the occurrence of an event in the vehicle C, the CAN bus 110 is changed from the high load state to the low load until the event ends, that is, as the event ends. Until the state transitions, external data is suppressed from being transmitted to the CAN bus 110. Thus, it is possible to reliably execute transmission / reception of event data between the in-vehicle control devices 100 through external data transmission regulation based on the occurrence of an event in the vehicle C.

  (12) The storage area 240B is provided with a periodic transmission list in which the ID, data length, and transmission period of the regular data are registered, and an event transmission list in which the ID of the event data and the data length are registered. Further, through reference to the periodic transmission list and the event transmission list, the vehicle data type identification unit 233 for identifying the type of vehicle data, the data length, the transmission cycle, etc., and external data according to the identification result by the vehicle data type identification unit 233 A transmission restriction time setting unit 234 for determining the transmission restriction execution time is provided in the control determination unit 230B. Therefore, based on the type, data length, and transmission cycle of the vehicle data identified by the vehicle data type identification unit 233, the increase or decrease of the load on the CAN bus 110 is predicted, or the transmission status of the vehicle data via the CAN bus 110 is determined. It becomes possible to specify in more detail. This makes it possible to more accurately execute external data transmission regulation through vehicle data monitoring.

  (13) The transmission restriction time determined by the transmission restriction time setting unit 234 is reflected in the external data reception stop period by the external data monitoring unit 220. For this reason, until the CAN bus 110 that has been in a high load state is predicted to transition to a low load state with the end of the event in the vehicle C, the external data monitoring unit 220 does not store the external data. Reception is stopped. Thereby, the external data is not transferred to the CAN bus 110 until the event in the vehicle C ends and the CAN bus 110 is in a low load state. As a result, the reception of external data is stopped until the transmission restriction time set by the transmission restriction time setting unit 234 elapses, so that the external data is monitored and the external data is given to the CAN bus 110. There is no need to perform calculations such as load prediction.

(Other embodiments)
In addition, each said embodiment can also be implemented with the following forms.
In each of the above embodiments, the process shown in FIG. 5 is performed in predetermined data units. For example, the processes of steps S101 to S108 may be executed in units of data frames.

  In each of the above-described embodiments, external data transmission regulation is performed according to the load exerted on the CAN bus 110 by external data input via the DLC 300 and the external network 310 and the vehicle data transmission status on the CAN bus 110. Went. Further, prior to this external data transmission restriction, for example, the above-mentioned communication management function is used for identifying the external data ID and data length input from the outside and filtering the external data identified as not conforming to the CAN bus 110. You may provide in the part 200, 200A, 200B. As a result, it is possible to execute the necessity of transmission restriction on the external data filtered in advance, and only external data that conforms to the CAN bus 110 is transferred from the communication management unit 200, 200A, 200B to the CAN bus 110. It becomes possible to transfer.

  In the third embodiment, whether the vehicle data is regular data or event data is determined by comparing the vehicle data ID with the event transmission list registered in the storage area 240B. For example, when it is possible to identify whether the vehicle data is event data based on an identifier assigned to the vehicle data, the event transmission list and the regular transmission list in the storage area 240B are omitted. It is good also as a structure. In this case, for example, as shown in FIG. 8 as a diagram corresponding to FIG. 4B, based on detection of an identifier Ib indicating that each data frame Fia to Fic is event data, Each data frame Fia-Fic is identified as event data. Then, when a predetermined number of data frames Fia to Fic to which this identifier Ib is assigned are detected during a predetermined period Δtf2, the transmission of external data is restricted assuming that the load on the CAN bus 110 increases with the occurrence of an event. You may make it do.

  In each of the embodiments described above, the external data received by the external data monitoring unit 220 is discarded and the reception of the external data input to the external data monitoring unit 220 is stopped as external data transmission restrictions. Not limited to this, for example, a storage area capable of temporarily storing external data received by the external data monitoring unit 220 is provided in the communication management unit 200, and the external data monitoring unit 220 has received when restricting transmission of external data. External data may be stored in the storage area. Then, transmission suspension for transmitting external data stored in the storage area to the CAN bus 110 may be executed when the load of the vehicle data is reduced. In this case, the external data input via the DLC 300 is transmitted to the CAN bus 110 after the CAN bus 110 is in a low load state, and the external data input via the DLC 300 is It is possible to accurately transmit to the CAN bus 110. Further, the present invention is not limited to this, and communication adjustment that adapts the transmission amount of external data to be transmitted to the CAN bus 110 to the load of the CAN bus 110 may be executed as the external data transmission restriction. In this case, when it is predicted that the load of the CAN bus 110 exceeds the load reference value by transferring the external data to the CAN bus 110, the transmission cycle and unit time of the external data received by the external data monitoring unit 220 The amount of data transmitted per hit is adjusted and the external data is transferred to the CAN bus 110. As a result, external data is gradually transferred to the CAN bus 110 within a range where the load on the CAN bus 110 is within the load reference value, and the surplus portion is reduced while keeping the load on the CAN bus 110 within the load reference value. It is possible to transfer used external data.

  In each of the above embodiments, the vehicle data monitoring unit 210 monitors the usage rate of the CAN bus 110, the transmission interval of the vehicle data, and the transmission data amount per unit time, and the external data monitoring unit 220 transmits the external data transmission interval. The amount of transmission data per unit time was monitored. For example, the vehicle data monitoring unit 210 may monitor only one of the usage rate of the CAN bus 110, the transmission interval of the vehicle data, and the transmission data amount per unit time. Similarly, the external data monitoring unit 220 may monitor either the external data transmission interval or the transmission data amount per unit time. Even in this case, the vehicle data and the external data are based on the usage rate of the CAN bus 110, the transmission interval of the vehicle data, or the transmission data amount per unit time, and the transmission interval of the vehicle data or the transmission data amount per unit time. The transmission restriction based on the load on the CAN bus 110 can be executed. In addition, for example, only the ID assigned to the vehicle data or the external data may be monitored, and the data length or transmission cycle of the vehicle data or the external data may be monitored based on the monitored ID. In short, it is only necessary to be able to monitor the load of the CAN bus 110 accompanying the transmission / reception of vehicle data and the load of external data, and the elements to be monitored by the vehicle data monitoring unit 210 and the external data monitoring unit 220 can be appropriately changed.

  In each of the above embodiments, “30%” is defined as the usage rate of the CAN bus 110, which is an execution standard for external data transmission restriction. Not limited to this, the usage rate of the CAN bus 110 that is the execution standard of the external data transmission restriction may be a usage rate that can maintain the communication function of the CAN bus 110, and may be “29%” or less, It may be “31%” or more.

  In each of the above embodiments, the vehicle data monitoring unit 210 monitors the usage rate of the CAN bus 110. When the usage rate of the CAN bus 110 that is expected to increase when the external data is transmitted to the CAN bus 110 exceeds a predetermined threshold value indicating a high load state of the CAN bus 110, the external data by the transmission restriction unit 250 It was decided to implement transmission restrictions. For example, the amount of data that can be smoothly transmitted by the CAN bus 110 is defined in advance. When the total amount of the vehicle data and the external data exceeds the specified amount of data, the external data by the transmission restriction unit 250 is determined. The transmission restriction may be executed. In short, the load reference value serving as a reference for executing the transmission restriction of external data by the transmission restriction unit 250 may be any one that reflects the load on the CAN bus 110 and can be changed as appropriate.

  The communication management unit 200 is provided between the DLC 300 provided in the vehicle and the CAN bus 110 as a connector to which an external diagnostic device is connected. The arrangement position of the communication management unit 200 is not limited to this. The external data is transmitted to the CAN bus 110 according to the load that the external data exerts on the vehicle data before the external data is transmitted to the CAN bus 110. Any position can be used as long as it can be suppressed, and the position can be changed as appropriate.

  In each of the above embodiments, the DLC 300 and the communication management unit 200 are provided with the external network 310 provided inside the vehicle C. However, the configuration is not limited to this, and the configuration may be such that the external network 310 is omitted and the communication management unit 200 is directly connected to the DLC 300. Then, based on the reception status of the external data input from the DLC 300 to the communication management unit 200, the load that the external data exerts on the CAN bus 110 may be obtained.

  In each of the above embodiments, the external data is monitored by the external data monitoring unit 220, and thus the information terminal connected to the DLC 300 is detected. For example, “CAN High” (or “CAN Low”) that is the host of the external network 310 is maintained at “L” level by a pull-down resistor, and pulled to the connection portion of the information terminal connected to the DLC 300. It is good also as a structure which provides an up resistance. In this case, “CAN High” maintained at the “L” level is changed to “H” level by connecting the connecting portion of the information terminal to the DLC 300, and the information terminal is connected to the DLC 300 based on this change. It is possible to detect that is connected. Then, for example, the vehicle data and the external data are monitored by the communication management unit 200 on the condition that it is detected that the information terminal or the like is connected to the DLC 300 through such a change from “L” level to “H”. In other words, external data transmission restriction may be executed. As a result, only under the high probability that external data is transmitted from the outside, processing necessary for both data and external data monitoring and external data transmission regulation is performed. Based on this, it is possible to realize the transmission regulation of external data.

  In each of the above embodiments, the external data can be input from an information terminal or the like that can be connected to the DLC 300. Not only this but it replaces with DLC300, and it is good also as composition which provides communication part which can carry out radio communications with an external information terminal etc. in vehicle C. Even in this case, transmission / reception of vehicle data by the CAN bus 110 can be smoothly performed through transmission restriction on external data input from the outside through wireless communication. In this case, for example, one-way communication in which data for confirming connection with the communication target device is transmitted from the communication unit to the communication target device is periodically executed to detect whether the communication target device is connected. It may be. For example, on the condition that it is detected that communication with the communication target device is established, vehicle data and external data are monitored by the communication management unit 200, and transmission control of external data is executed. It may be. As a result, only under the high probability that external data is transmitted from the outside, processing necessary for both data and external data monitoring and external data transmission regulation is performed. Based on this, it is possible to realize the transmission regulation of external data. In addition, for example, a response indicating that connection confirmation data has been received from the communication target device that has received the connection confirmation data to the communication unit is transmitted from the communication unit to the communication target device. You may make it perform the bidirectional | two-way communication which returns data and the data for authentication. In this case, it is possible to more accurately recognize the presence of a communication target device that is a transmission source of external data, and it is possible to verify the communication target device based on authentication data. As a result, the security for the CAN bus 110 is further improved.

  -The CAN bus 110 was adopted as the vehicle network. The vehicle network is not limited to this, and any vehicle network that can transmit vehicle data and external data may be used. For example, FlexRay can be adopted as the vehicle network. Even in this case, smooth and reliable transmission / reception of various types of vehicle data can be realized through transmission restrictions on external data. In addition, for example, IDB-1394 (registered trademark) can be adopted as a control-type vehicle network, and BEAN or LIN can be adopted as a body-type vehicle network. Similarly, an AVC-LAN can be adopted as an information vehicle network. Even in these cases, the vehicle data can be smoothly transmitted and received through the transmission restriction of the external data to the vehicle network. In addition, the present invention can be applied to any bus-type vehicle network.

  DESCRIPTION OF SYMBOLS 100 ... Vehicle-mounted control apparatus, 110 ... CAN bus, 200, 200A, 200B ... Communication management part, 210 ... Vehicle data monitoring part, 220 ... External data monitoring part, 230, 230A, 230B ... Control judgment part, 231 ... Rewrite data judgment , 232 ... Load reference value changing part, 233 ... Vehicle data type identification part, 234 ... Transmission restriction time setting part, 240, 240A, 240B ... Storage area, 250 ... Transmission restriction part, 300 ... Data link connector (DLC) ), 310 ... External network, C ... Vehicle, Da-Df ... External data, Fa-Fe ... Vehicle data, Fia-Fic ... Event data.

Claims (12)

Vehicle network communication for managing communication data in a vehicle network in which vehicle data is transmitted and received between a plurality of vehicle-mounted control devices and external data can be input from the outside of the vehicle through wired communication or wireless communication A management device,
Monitoring the transmission status of vehicle data transmitted to the vehicle network and external data input from the outside, and according to the transmission status of the data to be monitored and the load that external data exerts on the vehicle network A communication management unit that regulates transmission to the vehicle network ,
The communication of the vehicle network , wherein when the external data is rewrite data for rewriting data of the in-vehicle control device, the communication management unit executes a process of temporarily relaxing the transmission restriction of the external data Management device. Vehicle network communication for managing communication data in a vehicle network in which vehicle data is transmitted and received between a plurality of vehicle-mounted control devices and external data can be input from the outside of the vehicle through wired communication or wireless communication A management device,
Monitoring the transmission status of vehicle data transmitted to the vehicle network and external data input from the outside, and according to the transmission status of the data to be monitored and the load that external data exerts on the vehicle network A communication management unit that regulates transmission to the vehicle network ,
The communication management device for a vehicle network, wherein the communication management unit variably sets an execution period related to transmission control of the external data in accordance with a transmission status of vehicle data of the monitored vehicle network . Vehicle network communication for managing communication data in a vehicle network in which vehicle data is transmitted and received between a plurality of vehicle-mounted control devices and external data can be input from the outside of the vehicle through wired communication or wireless communication A management device,
Monitoring the transmission status of vehicle data transmitted to the vehicle network and external data input from the outside, and according to the transmission status of the data to be monitored and the load that external data exerts on the vehicle network A communication management unit that regulates transmission to the vehicle network ,
The communication management unit transmits the external data until the event ends when event data that is transmitted / received as an event in the vehicle is transmitted as the vehicle data to the vehicle network. A communication management device for a vehicle network, characterized by executing regulation . Vehicle network communication for managing communication data in a vehicle network in which vehicle data is transmitted and received between a plurality of vehicle-mounted control devices and external data can be input from the outside of the vehicle through wired communication or wireless communication A management device,
Monitoring the transmission status of vehicle data transmitted to the vehicle network and external data input from the outside, and according to the transmission status of the data to be monitored and the load that external data exerts on the vehicle network A communication management unit that regulates transmission to the vehicle network ,
The communication management unit includes a periodic transmission list in which identifiers, data lengths, and transmission periods of one or more types of data that are periodically transmitted to the vehicle network are registered, and an occurrence of an event in the vehicle. An event transmission list in which identifiers and data lengths of one or more types of data transmitted to the vehicle network are registered, and the transmission status of the vehicle network is monitored with reference to the periodic transmission list and the event transmission list A communication management device for a vehicle network. Vehicle network communication for managing communication data in a vehicle network in which vehicle data is transmitted and received between a plurality of vehicle-mounted control devices and external data can be input from the outside of the vehicle through wired communication or wireless communication A management device,
Monitoring the transmission status of vehicle data transmitted to the vehicle network and external data input from the outside, and according to the transmission status of the data to be monitored and the load that external data exerts on the vehicle network A communication management unit that regulates transmission to the vehicle network,
The communication management unit, when the external data exceeds a predetermined threshold utilization indicating the high load state of the vehicle network of a vehicle network which is expected when it is assumed to have been transmitted to the vehicle network, to the prediction A communication management device for a vehicle network, characterized by executing transmission restriction of external data used . The communication management unit is configured to control transmission of the external data when a usage rate of the vehicle network predicted when the external data is transmitted to the vehicle network exceeds a predetermined threshold indicating a high load state of the vehicle network. The vehicle network communication management device according to any one of claims 1 to 4 . The communication management unit monitors the transmission status of vehicle data based on the transmission interval of the vehicle data or the transmission data amount per unit time, and transmits the external data transmission interval or unit time when the external data is input. communication management apparatus for a vehicle network according to any one of claims 1 to 6 for monitoring the amount of data transmitted. The communication management unit, as the transmission restriction of the external data, discards the input external data, temporarily suspends the input external data, stops receiving the input external data, and transmits to the vehicle network The communication management device for a vehicle network according to any one of claims 1 to 7 , wherein at least one of communication adjustments for adapting a transmission amount of external data to a load of the vehicle network is executed. The communication management unit is connected between an external network mounted on a vehicle and the vehicle network, and transmits the external data through monitoring a transmission state of external data transmitted through the external network. The communication management apparatus for a vehicle network according to any one of claims 1 to 8, wherein the restriction is executed. The said communication management part is provided between the data link connector provided in the vehicle as a connector with which an external diagnostic apparatus is connected, and the said vehicle network. Vehicle network communication management device. The vehicle network communication management device according to any one of claims 1 to 10, wherein the vehicle network is a control area network. The vehicle network communication management device according to any one of claims 1 to 10, wherein the vehicle network is formed of FlexRay.

Images