EP1399813A2 - Procedes de transmission de modules logiciels - Google Patents

Procedes de transmission de modules logiciels

Info

Publication number
EP1399813A2
EP1399813A2 EP02743240A EP02743240A EP1399813A2 EP 1399813 A2 EP1399813 A2 EP 1399813A2 EP 02743240 A EP02743240 A EP 02743240A EP 02743240 A EP02743240 A EP 02743240A EP 1399813 A2 EP1399813 A2 EP 1399813A2
Authority
EP
European Patent Office
Prior art keywords
software modules
mobile
target
software
release
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP02743240A
Other languages
German (de)
English (en)
Inventor
Berthold Schloesser
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mercedes Benz Group AG
Original Assignee
DaimlerChrysler AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DaimlerChrysler AG filed Critical DaimlerChrysler AG
Publication of EP1399813A2 publication Critical patent/EP1399813A2/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • G06F8/64Retargetable
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/451Execution arrangements for user interfaces
    • G06F9/454Multi-language systems; Localisation; Internationalisation

Definitions

  • the invention relates to a method for transmitting software modules for target devices that are installed in a target device.
  • the target device is a mobile device, preferably a means of transport.
  • Software modules refer in particular to programs or parts of programs that are executed on board mobile devices and data for such programs or for devices.
  • Target devices refer to those devices on board a mobile device for the software modules are to be transferred, this includes in particular data processing devices.
  • Correct here refers to those software modules that are approved for the combination of target devices actually present in the vehicle. In particular, it cannot be ruled out that a software module from a manufacturer can change the actually existing overall configuration of devices on board the affected mobile device in an impermissible manner.
  • a method according to the preamble of claim 1 is known from DE 68920462 T2, the German translation of EP 333620 B1.
  • the task of DE 68920462 T2 is an on-line problem solution in a customer system by means of a central remote maintenance system.
  • a problem management database receives service requests as search arguments and provides solutions for troubleshooting. It contains entries that contain a large number of Combine components and symptoms as search arguments and problem solutions as output data.
  • the problem management database preferably consists of three separate units, namely a symptom exception table with entries for hardware components, an APAR table for software components with preliminary program corrections and an MTAR table with corrections for microcode.
  • the search arguments are preferably symptom sequences, formatted as reference keys, which identify field replaceable units (FRUs) and identify the number and exit point of a problem-solving process. For example, the symptom sequence consists of the two most likely errors.
  • the problem management database of DE 68920462 T2 requires symptoms that have been discovered as search arguments and exit points of problem determination methods.
  • a service request identifies a specific customer system and results of the problem determination process.
  • the problem management database is structured in such a way that its output data determine the problem solution.
  • the problem management database is necessarily complex and it takes some computing time to evaluate it.
  • a component can be disturbed by different errors, and an error on one component can cause errors on other components. Therefore, there are usually far more symptoms to be considered than there are components.
  • configuration data of the target device is accessed in DE 68920462 T2.
  • the configuration of the hardware and software components at the time of the fault is recorded.
  • This configuration data is preferably managed in a table by a resource manager system.
  • a resource manager system For mobile devices it is - e.g. B. due to scarce storage capacity on board - often not or only possible with effort, to keep such a table on board and to keep it up to date.
  • the table with the configuration does not match the actual configuration of the target device because a user or operator of the mobile device exchanges or supplements a target device.
  • Such an operator or user is usually not a DV specialist, but z. B. a driver. Therefore, it must not be assumed that a configuration table always contains the current configuration of the mobile device.
  • DE 19532067 C1 discloses a method and a device for programming operating data into vehicle components.
  • the data is sent from a central office to a requesting body, e.g. B. a motor vehicle.
  • the control center codes the data with an individual code related to the vehicle component.
  • the data is only decoded in the vehicle component itself. This protects the data from unauthorized access.
  • information about the identity of the vehicle, vehicle component and requesting system user is transmitted to the head office and the authorization is checked there.
  • DE 19750372 AI discloses a method for loading programs and / or data.
  • the programs and / or data 'to be downloaded from a server of a provider, wherein a radio connection between the target device and the server is established, the programs or data are transmitted via the after successful verification of the access authorization.
  • This method requires a transmitting and receiving device on board the vehicle. A lot of time is used if the software modules are extensive. The transmission time depends on the bandwidth of the radio connection. It increases in an unpredictable manner if the transmission link is overloaded or disrupted by high data traffic.
  • DE 4218804 AI discloses a device for displaying, processing and storing information in a motor vehicle.
  • the device comprises a mass storage device for the non-volatile storage of programs and data, interfaces for receiving information, an operating unit, a display unit and an operating system on which programs can run.
  • the device according to the invention allows functions of devices on board to be flexibly adapted and expanded. In one embodiment, it comprises a CD player.
  • the device can include means to prevent an unauthorized entry of data and to provide an authorized identifier for data to be entered. Such a release identifier can be checked, for example, using stored code. This device can check whether a software module is released for a specific user or a specific vehicle.
  • the control device comprises a system manager with a computer and a memory as well as devices for identifying a user.
  • the identification device includes a reading unit that a portable recording medium, for. B. a chip card, reads and checks whether the recording medium is valid and used correctly.
  • a program stored in the memory is only executed if the test is positive.
  • the user can still select specifications from control units and the specifications are stored on the recording medium. This allows the behavior of certain control units to be adapted to a specific authorized user.
  • US Pat. No. 6,009,363 discloses a computer system on board a vehicle, which comprises two logical units between which data can be exchanged, a data bit as a check bit indicating whether the other data transmitted into the vehicle is valid a way to put software modules on memory on board a vehicle record and check whether the data are transmitted correctly, ie without transmission errors.
  • the above-mentioned documents disclose methods to transmit software modules to a mobile device and to carry out authorization and release checks if necessary.
  • the tests relate to a single mobile device.
  • the method does not take into account the possibility that software modules can be transmitted to mobile devices with a wide range of variants.
  • the wealth of variants results, for example, from the fact that different target devices are installed in different examples of a family of mobile devices or that target devices are used in different versions.
  • the wealth of variants can lead to a huge number of different tests that cannot be defined and validated with reasonable effort.
  • it is not taken into account that a user or operator of a mobile device can renew or supplement a target device without the manufacturer of the mobile device being informed about this and can take this into account in a release check according to the prior art.
  • a wealth of variants and subsequent changes must be taken into account to ensure that the right software modules are transferred to every mobile device.
  • the invention has for its object to provide a method according to the preamble of claim 1, which also ensures that only the correct and no other software modules are transmitted when there are diverse families of target devices with target devices from different manufacturers or if the possibility of subsequent changes to individual target devices about which the control center is not informed must be taken into account. Furthermore, an apparatus for performing the method is to be provided. The object is achieved by a method according to claim 1 and by an apparatus according to claim 12. Advantageous refinements are specified in the subclaims.
  • Software modules for target devices are transmitted by the method according to claim 1.
  • the target devices are installed in a mobile device, in particular in a means of transport or transportation.
  • the software modules are stored on a mobile storage device, for example on a CD.
  • a data connection is established between the mobile storage device and the mobile device, e.g. B. by connecting a reader for CDs, which is built into the mobile device, via a data bus with a target device. This data connection is intended to transmit the software modules. It is checked which software modules are released for the mobile device.
  • Two types of type identifiers are set.
  • device type identifications are defined for target devices, and on the other hand, software type identifications for software modules.
  • software type identifications for software modules.
  • a software module is released for at least one target device type if the software module can be executed on each target device of the type.
  • the method according to the invention further provides that the type of at least one target device actually installed at the time of transmission is determined. For at least one software module, it is checked whether the software module has been released for the type of target device actually installed.
  • the software modules recognized as released are transmitted to the mobile device. They are preferably stored on board the mobile device, for example in the respective target device in a rewritable memory or in a central storage facility on board.
  • the method can be used in the same way for low-variant and for multi-variant families of mobile devices.
  • the correct and no other software modules are reliably selected and transmitted, even if there are several target devices from different manufacturers in the mobile device and these target devices come in different versions that require different software modules.
  • the release specifications are created for types of target devices and software modules, not for individual mobile devices. Therefore, the release specifications do not depend on the actual configuration of a mobile device.
  • Software modules for target devices from different manufacturers and for different versions of target devices can be stored on the same mobile memory device.
  • the mobile storage device can be used for every copy of a family of mobile devices without modification or adaptation, even with a large number of variants.
  • the correct software modules are also selected and transmitted if a user or operator of the mobile device has subsequently replaced a target device with a different one, or has subsequently added or removed a further target device. This is achieved in particular by determining which types of target devices are actually in the mobile device at the time of the transmission. It is no longer necessary to query a central database with configurations of mobile devices. The entries in such a central database can be outdated, e.g. B. because a target device was replaced by a different type, supplemented or removed without the corresponding entry being updated accordingly. With the aid of the invention, software modules can be transferred to the mobile device much faster than if the software modules were only sent from a central server to the mobile device at the time of the transfer.
  • a data transfer rate of 170 KByte / sec is achieved at a simple reading speed.
  • a DVD as another possible mobile storage device can even read at 500 KB / sec and more.
  • the method is significantly less susceptible to interference than transmission directly from a central to the mobile device. The time required for the transfer can already be predicted if only the data transfer rate from the mobile storage device to the mobile device is known.
  • the method can be used in different configurations for different applications, for example for those described below.
  • Target devices of this type were installed in various versions in numerous of the vehicles, different software modules have been released for these versions. All installed target devices should be provided with the respectively released software modules, e.g. B. to meet new legal requirements.
  • workshops and / or other service partners of the vehicle manufacturer are each provided with a data carrier on which the software modules for all variants of the target device are stored according to the invention.
  • the users of the vehicles in question are asked to visit one of these workshops.
  • the method according to the invention transmits the correct software modules, and it is excluded that software modules are transmitted that have not been released for the target devices of a particular vehicle. Since no data connection to a central office is established for the transmission, the transmission takes little time and does not depend on the availability of a long-distance traffic data network.
  • a function test is preferably carried out in the workshop to check whether the transfer has been successfully completed. It is reported back to a central configuration management system or a documentation system which software modules are on this vehicle after the transfer. This enables the vehicle manufacturer to meet its requirements for product documentation.
  • the additional functionality is provided by the fact that these software modules are transferred to the vehicle the.
  • the method according to the invention enables the vehicle manufacturer to offer an owner of the vehicle that the additional functionality is implemented at the beginning of use or at any time afterwards. This happens because the owner purchases a data carrier with the software modules and temporarily connects it to the vehicle.
  • the software modules are transmitted by the method according to the invention and the additional functionality is thereby realized without the vehicle having to be taken to a workshop or the target device having to be removed.
  • a system for voice output is installed in a vehicle, which outputs messages and information to the driver in natural language by reading aloud.
  • the driver selects in which language this should be done. Since he has the choice between many different languages and because the required data already requires a lot of storage space for reading out a natural language, it is uneconomical to permanently save all language data for each language offered in the vehicle.
  • the software modules in particular the language data and programs for all languages offered, are stored on a single data carrier. After selecting a language, the software modules required for output in this language are transferred to the vehicle. It is avoided that a separate data carrier must be kept ready for each language or that data or programs for a language other than the selected language are transmitted.
  • the procedure can be repeated at any time without visiting a workshop if output in another language is desired, for example because the vehicle has changed owners or drivers.
  • a frequent change of driver takes place, in particular, in vehicles that a car rental company lends by the hour or day, or in commercial vehicles of a transport company.
  • the software modules required for a system for voice input can be transmitted with an analog design. Such a system recognizes commands from the driver or also from a maintenance technician, which are spoken in natural language in order to control a device on board the vehicle.
  • the mobile memory device on which the software modules are stored preferably comprises
  • this is a 3.5 inch data carrier originally developed for MP3 data, and / or at least one DVD
  • a CD belonging to the mobile storage device is preferably completed after the storage of the software modules as ISO 9660 medium.
  • the mobile storage device is part of a portable computer, preferably a hard disk of the computer or a CD, which is inserted into a CD drive of the computer.
  • This portable computer is connected to the control device at least temporarily, for example via a commercially available parallel cable for data transmission.
  • a type identifier preferably consists of a part number and a version number.
  • the versions of a type all have the same function and can be interchanged, they are in particular upwards and downwards compatible.
  • the configuration according to claim 2 allows software modules to be transmitted to a plurality of mobile devices with different target devices. For example, some target devices are only present in some of these mobile devices, or are different in different mobile devices. types of target devices built in. Nevertheless, the same mobile storage device or a plurality of similar mobile storage devices are used for each of these mobile devices. For example, the mobile storage device will make as many copies as there are mobile devices. The evaluation of the release specifications ensures that the right software modules are transmitted to each mobile device despite different configurations.
  • memory areas are advantageously reserved for specific manufacturers.
  • a memory area for the software modules for target devices of this manufacturer is reserved for at least two manufacturers of target devices on the mobile memory device.
  • Software modules for target devices from a first manufacturer are stored at a first location on the mobile storage device
  • Software modules for target devices from a second manufacturer are stored at a second location on the mobile storage device
  • Approval specifications for the software modules for target devices of the first manufacturer combined with approval specifications for the software modules for target devices of the second manufacturer
  • the release specifications can be combined automatically.
  • the release specifications from the first manufacturer preferably have the same syntax as those from the second manufacturer.
  • the release specifications are stored, for example, in ASCII format, a binary format or preferably using the eXtended Markup Language (XML).
  • the release specifications are preferably stored on the mobile storage device (claim 4). This means that they are available for the approval tests without any further procedural steps at the time of the transfer.
  • Information on the location at which the software module is stored on the mobile storage device is preferably stored on the mobile storage device for at least one software module.
  • the location information includes a path for the software module and for each file of the software module a subpath relative to the path.
  • a start address of a memory area of this target device type is stored, preferably on the mobile memory device.
  • release specifications are stored in a configuration management system or a documentation system (claim 5).
  • the transmission of the software modules is controlled by a control device.
  • the release specifications are transmitted from the configuration management system or the documentation system to the control device.
  • This configuration has the advantage that the release specifications only need to be generated at the point in time at which the transmission of the software modules begins, that is to say, for example, after the mobile storage devices have been distributed to workshops.
  • a software module is released for a target device type under all circumstances, ie regardless of which other target devices are installed in the mobile device. However, target devices can be on board to influence each other. In another embodiment, therefore, a release is linked to a condition.
  • the software module is only released for the mobile device if the condition is met.
  • the release specifications include at least one condition for the release of a software module. The validity of the release condition is checked during the release check for this software module.
  • Such a release condition preferably consists of the presence and / or the absence of certain target device types and / or of certain software modules on board the mobile device. For example, a software module is only released for a target device type A if a target device of type B and no target device of type C is installed on board the mobile device.
  • a release condition is preferably a Boolean expression in which device type identifiers and / or software type identifiers occur.
  • a release condition is saved, for example, in the form of a table or a database.
  • One embodiment for release specifications consists in that an actual interface specification is specified for a software module and that the target interface specification expected by a target device type is also specified.
  • One or more actual interface specifications are specified for a software module, and one or more target interface specifications for a target device type.
  • the software module is only released for the target device type if the actual interface specifications are compatible with the target interface specifications.
  • Release specifications in which software type identifiers and device type identifications are used, are preferably combined with release specifications using actual and target interface specifications.
  • Interface specifications are e.g. B. from the programming languages C, C ++ and PASCAL under the names "Pro zedur declarations "and” method declarations "as well as from Java under the name” Interface ".
  • a simple example of a target interface specification is that the target device type expects a function called" Sort "which has a natural number n and a vector with n integers as input variables and a vector as output variable in which the n integers of the input vector are sorted in ascending order.
  • the interface specification does not specify which sorting method is used.
  • An actual interface specification, according to which a vector with n real numbers is sorted, is compatible with this target specification.
  • interface specifications are the specification of a TCP / IP stack and the specifications of functions for a transmission channel, e.g. B. an audio or video channel. These functions establish the connection to the transmission channel, open it, carry out a data transmission and close it again.
  • the interface specification can depend on the type of transmission method.
  • release specifications is based on an earliest release time, for example the day from which the software module is released.
  • the date from which this software module is released is specified.
  • the earliest release time is compared with the time at which software modules are transmitted to the mobile device.
  • the software module is rated as released at most if the transmission time is equal to or later than the earliest release time.
  • the release definitions are preferably evaluated using software and device type identifiers, because the comparison of times requires less computing time than an release check.
  • One embodiment of the method according to the invention is that a release check is carried out for each software module on the mobile device and each is checked as released. ben recognized software module is transmitted.
  • the embodiment according to claim 7 provides that a number of software modules is specified. Only the software modules of this set are considered for transmission, the rest not even if they are released.
  • a release check is carried out for each software module in the set. Each software module of the set identified as released is transferred from the mobile storage device to the mobile device. This makes it possible to use the same mobile memory device or several similar memory devices for the transmission of different software modules. A new quantity only needs to be specified for this.
  • the quantity is predetermined, for example, by identifying certain software modules on the mobile memory device (claim 8). All marked software modules belong to the set.
  • the identification is carried out, for example, by listing the software type identifications of the software modules to be identified.
  • the quantity is predetermined by identifying certain software modules in a configuration management system or a documentation system (claim 9).
  • the transmission is controlled by a control device.
  • the information as to which software modules belong to the set is transmitted from the configuration management system or the documentation system to the control device. For example, a number of software type identifiers are transmitted to the control device. This configuration makes it possible to determine the quantity only immediately before the transfer.
  • the embodiment according to one of claims 7 to 9 is particularly advantageous if at least one target device for a voice input or output system on board the belongs to mobile device.
  • software modules for different languages are stored on the mobile memory device (claim 10). The amount is determined by choosing a language. Definitions are preferably stored on the mobile memory device as to which software modules belong to which language. For example, a set of software type identifiers is listed for each language.
  • a correctness check is carried out in order to prevent a software module from being tampered with or manipulated, for example during storage on the mobile storage device or during transmission, or from using an unauthorized copy.
  • a signature is generated for at least one software module and stored on the mobile memory device.
  • the signature is preferably generated by treating the software module as a data stream and generating a hash value.
  • the signature is generated from this hash value with the help of a secret key. The signature therefore depends on the software module and the secret key.
  • a public key is stored on board the mobile device for at least one target device type.
  • the signature is checked with the help of this public key. Only if the test is positive is the software module recognized as not falsified and authorized.
  • the configuration described below can be used in particular when certain software modules are to be transmitted only when the user of the mobile device is authorized to own the software modules.
  • the software modules are only transferred if the user has paid a purchase price for them, but not if the user has unauthorizedly acquired the mobile storage device.
  • the embodiment provides that identification data of a user user are recorded. For example, a user types in a password. An authorization check is carried out for the user with the aid of the identification data, for example the typed-in password is compared with a stored one. At least one software module is only transferred if the authorization check delivers a positive result.
  • the software modules themselves are preferably not encrypted, because encryption would have to generate mobile storage devices specific to the vehicle.
  • encryption would have to generate mobile storage devices specific to the vehicle.
  • the software modules are protected, and a mobile storage device can still be used for different types and multiple copies of mobile devices.
  • At least one software module comprises audio and / or video data.
  • This audio and / or video data is used to explain the operation of the mobile device or a built-in target device to a user. For example, the operation of a device is explained to the user by means of a video film, or an explanatory text is read to him. Since this data, like all other data belonging to software modules, is subjected to a release check, it is ensured that only the correct audio and / or video data is transmitted, i.e. only data that relates to an actually installed target - Get the device.
  • a device for carrying out the method according to the invention comprises, according to claim 11, a reading device for reading in software modules and release specifications from a mobile storage device - and a control device for transmitting software modules from the mobile storage device controls to the mobile device and which checks which software modules are released for the mobile device.
  • the reading device for the mobile storage device is preferably present on board the mobile device, for example it is a CD reading device.
  • FIG. 1 shows an exemplary embodiment of the invention using CDs as mobile storage devices.
  • two motor vehicles 20.1 and 20.2 are supplied with software modules.
  • two CDs 30.1 and 30.2 are used as mobile storage devices with the software modules.
  • the two identical CDs are produced in a center 10, for example by copying. For example, they will be sent to the drivers of the two vehicles 20.1 and 20.2 or two workshops by post.
  • the software modules are transferred from CDs 30.1 and 30.2 to the two vehicles 20.1 and 20.2.
  • the CD readers implement a data connection 60 between the CDs 30.1 and 30.2 and the motor vehicles 20.1 and 20.2.
  • the invention is described using an exemplary embodiment in which two target devices on board a motor vehicle 20 are supplied with software modules: a central unit Speech output systems, e.g. B. Reads messages to the driver in natural language, and a control unit for the door system.
  • the central unit comprises a reading device for CDs and is connected to the control device via a data bus and to a control device, which controls and monitors the process of transmission, via a data connection.
  • the CDs 30 are used as a mobile storage device. These CDs can be written to once or several times (CD-R or CD-RW).
  • Some of the alternative embodiments for the mobile memory device 30 are DVDs, memory bars with a USB interface or a portable computer (laptop, palmtop).
  • the control device is located on board a vehicle 20.1, 20.2 or outside a vehicle 20.1, 20.2 and is then preferably only temporarily connected to the central unit.
  • the two target devices come from different manufacturers and come in different versions.
  • the voice output should be possible in several languages. For example, each language requires three software modules.
  • the software modules for all variants of the two target devices are saved on a CD.
  • the storage process is completed, for example, according to the ISO-9660 medium standard.
  • the type of target device and that of a software module are each identified by a part number, this is a sequence of numbers and letters that is unique within the product range of the vehicle manufacturer.
  • the variant is identified by a number with three digits.
  • a release file with the release information for software modules, which is evaluated when testing software modules A menu file which contains information with which a device in the system for voice output builds up a selection menu with which the user selects a language for voice output, and
  • An autostart file which specifies the software modules to be transferred in the event that neither a second set of software modules is specified by a configuration management system or a documentation system nor a user makes a selection.
  • these three files have fixed names, e.g. B. the three names CD_INFO.CDI, MENU. CDI and CONFIG. CDi; and are stored at a specific location on the mobile storage device.
  • the software modules are stored on the CD in paths (directories) of a file management system, which are known from many operating systems.
  • a path consists of several components, each of which is separated by a delimiter.
  • the vehicle manufacturer specifies the first four components of such a path, in the order of suppliers - regional validity of the software modules - type of software modules - versions.
  • release file the release information and storage locations of software modules are described according to a certain syntax, which is explained below using an example.
  • One principle is that a software module is only released for a type of target device if a corresponding release information is noted in the release file, otherwise not.
  • the release file contains the following lines: CD name 123456789-001
  • the software for the central unit comes from the supplier XY, the software for the door control unit from the suppliers AB (for the European market) and FG (for the US market).
  • Target device types and software modules are identified by part numbers that begin with HW or SW, followed by three or four digits. Versions are identified by three digits.
  • SW-212-001 denotes e.g. B. a software module with part number SW-212 and version number 001. Part numbers and versions are in square brackets []. Comment lines begin with a #.
  • the CD on which these software modules are stored itself has a part number and a version number, which is specified at the beginning after the keyword "CD name”.
  • the release file specifies, for example, that the software Module SW-212-001 is released for versions 001 and 002 of the target device with part number HW-2002 and the associated files are stored in the path / FG / USA / APPL / Vl.
  • the software modules SW-202, SW-212 and SW-222 are released, namely version 001.
  • version 002 of software module SW-3001 is for versions 001 and 002 of target device type HW -1002 and versions 001 and 002 of the target device type HW-2002 released.
  • the release file When evaluating the release file, the release file is searched for each target device that occurs in the vehicle. If the item number and version number of the target device type appear in the first line after an opening brace, all software modules named up to the next closing brace are released for this target device.
  • the search of the release file is preferably continued in blocks that begin with the keyword “common”.
  • a release file can be compiled automatically from information about releases, which are supplied by the individual suppliers of software modules, from the first four components of the path in which software modules are stored, and from assignments of software modules these paths and from the part number and version number of the CD.
  • Software modules from any number of suppliers for any target device can be stored on the CDs.
  • One embodiment of the invention provides that a central configuration management system or a documentation system specifies a second set of software modules that are transmitted to the vehicle. Each software module from this second set, which is released for at least one target device on board the vehicle, is transmitted. In this embodiment, the menu file and the autostart file are not required.
  • the information stored in the menu file is evaluated in order to explain the alternatives for a selection to a user.
  • This selection gives the user the option of selecting one or more groups of software modules without having to select individual files directly.
  • the central unit includes a component for human-machine interaction, by means of which a user selects an alternative from a given menu, e.g. B. by pressing a button or touch on the screen.
  • the user first selects one of several possible applications, e.g. For example, he selects between "voice output", "voice input” and “cancel” (the selection).
  • the "Style Guide”, that is, the information that defines the appearance of the menus, is stored, for example, in the central unit itself.
  • the menu items are stored on the CD and / or in the central unit. For example, the menu items "Voice output” and “Voice input” are stored on the CD, the standard menu item “Cancel”, however, in the central unit.
  • the alternative "voice output” is linked to information on a CD. For example, this link is established using the keyword “T2S” (text-to-speech).
  • the alternative "voice output” is through information contained in stored in the central unit, also linked with “T2S”, and information that is introduced with the keyword T2S is stored in the menu file on a CD.
  • the menu file contains, for example, the following lines:
  • Rows is defined as the selection menu for the versions
  • the CD reads the menu file and searches for T2S. It is checked whether there is a target device of version 001 or 002 of the type with the part number HW-1001 on board the vehicle.
  • the information is stored which, in the event that neither a number of software modules are specified by a configuration management system nor a user makes a selection, determine which software modules are to be transmitted.
  • An example illustrates the syntax of this file:
  • Do-Flash is a key word that introduces the block with the information about the software modules to be transferred. The following two determinations are made in this block:
  • the software module SW-101-001 is transferred first and then the software module SW-111-001, but only in the event that the logical condition between the keywords IF and THEN is fulfilled. The condition is met if
  • the configuration file for the software module SW-102-001 consists of the following lines: [SW-102-001]
  • the specifications of the storage locations in this file are path information relative to the storage location of the software module, in this example relative to / XY / USA / OS / Vl.
  • the definitions are automatically put together to a full path and file name, e.g. B. to / XY / USA / OS / Vl / DATA / USER / USER. DAT.
  • These lines stipulate that when the software module SW-102-001 is transferred, the files SETUP.EXE, INFO. TXT, CONTROLER.EXE, DRIVER.DLL, CONFIG.INI, DATA.DB2 and USER. DAT are transmitted in this order.
  • the security file contains the following lines: [SW-111-001];
  • This information defines the following: All files of the software module together are 6764 KByte in size. This information is z. B. used for a progress indicator when transferring. It is determined how many KByte have already been transferred, and by specifying in the configuration file it is known how many KByte to be transferred in total. The quotient indicates the work progress, the z. B. is displayed as a bar.
  • the CRC value in this example the hexadecimal number 4758A08C, is checked in particular to determine whether no transmission error occurred during transmission to the vehicle and storage on board the vehicle.
  • the software module has been released for two versions of target devices, namely for versions 001 and 002 of type HW-1001. Therefore, two different signatures are generated and saved in the file, namely one signature per version.
  • the signature for a version is preferably generated by treating the version as a data stream and generating a hash value.
  • the signature is generated from this hash value with the help of a secret key.
  • the signature therefore depends on the software module and the secret key. For example, 1024-bit encryption based on the Rivest-Shamir-Adleman algorithm (RSA encryption) is used to generate the signature.
  • RSA encryption Rivest-Shamir-Adleman algorithm
  • the generation of signatures is carried out on a computer that is strictly protected against unauthorized access and manipulation.
  • the supplier operates this computer and delivers the two versions and the two signatures to the manufacturer of the motor vehicle.
  • Another embodiment is that the supplier only delivers the two versions to the manufacturer and the latter himself generates the signatures.
  • the manufacturer transmits the signatures to the supplier, who then transfers the software modules to his target devices and uses the signature for an inspection.
  • a third embodiment consists of a certified trust center generating the signatures and managing the secret keys.
  • a public key is stored in a permanent, non-overwritable memory of the target device.
  • the public key can be read out, but it is protected against accidental as well as deliberate overwriting or falsification or deletion.
  • the supplier preferably provides the target device with the public key.
  • the signature is obtained after the transfer and before installing the software module using the public Key checked. This check ensures that the software module comes from a trustworthy source and has not been tampered with or manipulated.
  • software modules are checked for approval, selected if necessary and the files of the selected software modules recognized and approved are transferred.
  • software modules for the central unit and the door control unit are transferred from a CD.
  • the CD was previously inserted in a reader in the central unit.
  • the central unit, door control unit and a control device that regulates and monitors the transmission process are connected to one another and to other devices on board the vehicle via one or more data buses.
  • the control device is not installed on board the vehicle, but is connected to the data bus on board the vehicle for the transmission process.
  • a central configuration management system or a documentation system specifies a number of software modules which are taken into account when selecting the software modules to be transmitted.
  • the "Keyword Protocol 2000” (KWP2000), which is standardized by ISO 14230-1 and ISO 15765-1 to 15765-4 and VDA 14230-1 to VDA 14230-3, is preferably used for communication between the devices during transmission. Commands are encoded in KWP2000 by hexadecimal numbers, for example the command "ReadEDUIdentification” (reading a type identifier for a target device) by $ 1A, 86. Other transmission protocols are also suitable.
  • the vehicle is in a workshop while it is being transferred.
  • the following sequence is carried out during the transfer:
  • the control device is connected to the vehicle, it determines a vehicle identification that distinguishes the vehicle from all other vehicles of the manufacturer, and relocates all other devices on the data bus are connected to a diagnostic mode by broadcasting a corresponding message via the data bus. The devices cannot be activated in this diagnostic mode.
  • the control device determines the identification of any other device that is connected to the data bus. This identification includes the part number, the version number and, if necessary, a serial number of the device. This is done by sending a request via the data bus and each device giving its identification to the data bus.
  • the control device determines which software modules are already present on the target devices on board the vehicle. This also happens via request and response via data bus.
  • the control device determines the part number and the version number of the inserted CD by requesting the central unit.
  • the reader in the central unit checks whether a CD has been inserted correctly.
  • the central unit reads the release file.
  • a parser installed in the central unit determines the part number and the version number of the inserted CD and transmits this information via data bus to the control device.
  • the control device is connected to the central configuration management system. For example via an intranet, the control device transmits to the central system the part number and version number of the inserted CD and the part numbers and version numbers of the target devices and software modules determined on board the vehicle.
  • the central configuration management system has read access to the information as to which software modules are stored on the CD and which of these software modules are released for which target device types. It transmits a second set of software modules to the control device. The software modules mentioned in this second set are subsequently transferred.
  • the control device is separated from the central configuration management system and reconnected to the vehicle.
  • the control device again determines the part number and the version number of the inserted CD by requesting the central unit.
  • the renewed query takes into account the possibility that the previously inserted CD has been replaced or removed in the meantime. If another part number and version number is determined or it is determined that no CD has been inserted, a corresponding message is issued to ensure that the correct CD is inserted and read.
  • the control device puts all other devices on the data bus into a diagnostic mode.
  • the central unit is an “intelligent device”. It procures the software modules intended for it itself, as well as the configuration file and the security file for each of these software modules. For this purpose, it evaluates the information about the memory - location, which the control device also transmits to the central unit if required.
  • control device If a certain software module is not found on the CD or cannot be read, the control device generates a corresponding error message.
  • the relevant information is transmitted to the door control unit and saved there.
  • the door control unit also procures the software modules intended for it as well as the configuration files and the security files.
  • the control device verifies that in fact all software modules that are intended for the central unit have been stored in the central unit and does the same for the door control unit.
  • the control device causes the central unit to check the signature generated by the security file using the secret key from the security file using the public key that is stored in the central unit.
  • the central unit reports back the result of the test.
  • the control device causes the central unit to check the CRC value.
  • the central unit also reports this result.
  • the control device is reconnected to the central configuration management system. It transmits to the central system the vehicle identification as well as the part numbers and version numbers of the types of target devices that were determined on board the vehicle and the software modules that were successfully transferred to the vehicle.
  • a worker is required to insert the CD into the reader and remove it after the transfer is complete, and to connect the control device to the vehicle, to the central configuration management system and then back to the vehicle.
  • a software module can not only be divided into several files, but also over several segments, namely e.g. B. if the target device is a memory-addressed device according to the transmission protocol KWP2000. If a software module is divided into several segments, a main header for the software module and the first segment and a sub header for each further segment are preferably stored on the CD. For a software module with three segments, a main header and two sub headers are created.
  • the main header preferably includes the following information:
  • a sub header preferably includes the following information:

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Stored Programmes (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

L'invention concerne un procédé pour transmettre des modules logiciels destinés à des appareils cibles embarqués dans un dispositif mobile, notamment un moyen de transport. Dans un dispositif mémoire mobile tel qu'un CD sont mémorisées des informations indiquant quels modules logiciels sont homologués pour quels types d'appareils cibles dans les dispositifs mobiles. Avant d'être transmises, ces informations sont comparées à la configuration du dispositif mobile, le procédé assurant ainsi une grande sécurité opérationnelle. Ledit procédé peut être appliqué pour une transmission avec ou sans liaison entre le dispositif mobile et un système de gestion de configuration central ou un système de documentation.
EP02743240A 2001-06-28 2002-06-25 Procedes de transmission de modules logiciels Withdrawn EP1399813A2 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE10131394A DE10131394A1 (de) 2001-06-28 2001-06-28 Verfahren zum Übertragen von Software-Modulen
DE10131394 2001-06-28
PCT/EP2002/006995 WO2003003201A2 (fr) 2001-06-28 2002-06-25 Procedes de transmission de modules logiciels

Publications (1)

Publication Number Publication Date
EP1399813A2 true EP1399813A2 (fr) 2004-03-24

Family

ID=7689903

Family Applications (1)

Application Number Title Priority Date Filing Date
EP02743240A Withdrawn EP1399813A2 (fr) 2001-06-28 2002-06-25 Procedes de transmission de modules logiciels

Country Status (5)

Country Link
US (1) US20040260751A1 (fr)
EP (1) EP1399813A2 (fr)
JP (1) JP2004535637A (fr)
DE (1) DE10131394A1 (fr)
WO (1) WO2003003201A2 (fr)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10313389A1 (de) 2003-03-25 2004-10-07 Endress + Hauser Process Solutions Ag Verfahren zur Übertragung von Softwarecode von einer Steuereinheit zu einem Feldgerät der Prozessautomatisierungstechnik
KR100974419B1 (ko) 2003-07-04 2010-08-05 바이에리셰 모토렌 베르케 악티엔게젤샤프트 차량 제어 유닛에 로딩할 수 있는 소프트웨어 컴포넌트의인증 방법
DE10354107A1 (de) * 2003-07-04 2005-01-20 Bayerische Motoren Werke Ag Verfahren zur Authentifikation von insbesondere in ein Steuergerät eines Kraftfahrzeugs ladbaren Softwarekomponenten
DE10349153A1 (de) * 2003-10-15 2005-05-12 Volkswagen Ag Schalteinrichtung mit Zünd-/Anlassschalter
DE102004002911B3 (de) * 2004-01-20 2005-11-17 Siemens Ag Verfahren und System zum Austauschen von Daten zwischen Steuergeräten
US7506309B2 (en) * 2004-03-23 2009-03-17 General Motors Corporation Method for managing vehicle software configuration updates
WO2007013091A1 (fr) * 2005-07-25 2007-02-01 Trinity Future-In Pvt. Ltd Système électromécanique empêchant la duplication de logiciels
DE102006021358A1 (de) * 2006-04-18 2007-10-25 Daimlerchrysler Ag Verfahren zur benutzerindividuellen Konfiguration eines Fahrzeugprodukts, Fahrzeugprodukt, Server und Server-Client-System
DE102007010763A1 (de) 2007-03-06 2008-09-11 Zf Friedrichshafen Ag Verfahren zur adaptiven Konfigurationserkennung
DE102008035557A1 (de) * 2008-07-30 2010-02-04 Bayerische Motoren Werke Aktiengesellschaft Verfahren zum Einbringen von Daten, insbesondere eine Ablaufsteuerung, in mindestens ein erstes und ein zweites Steuergerät eines Kraftfahrzeugs
CN105187361B (zh) * 2014-06-19 2019-06-07 腾讯科技(深圳)有限公司 一种应用内容的推送方法及相关设备、系统
DE102016209750A1 (de) 2016-06-03 2017-12-07 Robert Bosch Gmbh Verfahren zur Aktualisierung von steuerungsrelevanten Daten in einem Speicher einer elektronischen Steuereinheit
DE102016221108A1 (de) 2016-10-26 2018-04-26 Volkswagen Aktiengesellschaft Verfahren zum Aktualisieren einer Software eines Steuergeräts eines Fahrzeugs
JP7457585B2 (ja) * 2020-06-16 2024-03-28 株式会社日立製作所 ソフトウェア照会情報管理システム、及びソフトウェア照会情報管理方法

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0644242B2 (ja) * 1988-03-17 1994-06-08 インターナショナル・ビジネス・マシーンズ・コーポレーション コンピュータ・システムにおける問題解決方法
DE3834962A1 (de) * 1988-10-13 1990-04-19 Siemens Ag Digitales programmiergeraet fuer hoergeraete
DE4218804A1 (de) * 1992-06-06 1993-12-09 Vdo Schindling Einrichtung zur Darstellung, Aufbereitung und Speicherung von Informationen in einem Kraftfahrzeug
US5894571A (en) * 1995-08-14 1999-04-13 Dell U.S.A., L.P. Process for configuring software in a build-to-order computer system
US5794164A (en) * 1995-11-29 1998-08-11 Microsoft Corporation Vehicle computer system
US6799037B1 (en) * 1996-12-12 2004-09-28 Verizon Airfone Inc. Method and apparatus for communication with a mobile unit
US6247128B1 (en) * 1997-07-22 2001-06-12 Compaq Computer Corporation Computer manufacturing with smart configuration methods
JPH11141394A (ja) * 1997-11-07 1999-05-25 Nissan Motor Co Ltd 車両制御用メモリ書き換え装置
DE19750372C2 (de) * 1997-11-14 2002-09-19 Bosch Gmbh Robert Verfahren zum Betreiben von datenverarbeitenden Geräten
JP2000089822A (ja) * 1998-09-16 2000-03-31 Mitsubishi Electric Corp 車両用電子制御システム
US6488585B1 (en) * 1998-10-14 2002-12-03 International Game Technology Gaming device identification method and apparatus
US6219836B1 (en) * 1998-10-14 2001-04-17 International Game Technology Program management method and apparatus for gaming device components
JP2000194539A (ja) * 1998-12-24 2000-07-14 Nec Corp ソフトウェアインストールシステムおよびソフトウェアインストール方法
GB2357600A (en) * 1999-12-23 2001-06-27 Ibm Hardware dependent software installation
US6918112B2 (en) * 2000-11-29 2005-07-12 Microsoft Corporation System and method to facilitate installation of components across one or more computers
US6981150B2 (en) * 2001-01-04 2005-12-27 Cummins, Inc. Apparatus and method for authorizing transfer of software into one or more embedded systems

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO03003201A2 *

Also Published As

Publication number Publication date
DE10131394A1 (de) 2003-02-06
US20040260751A1 (en) 2004-12-23
WO2003003201A3 (fr) 2003-12-24
JP2004535637A (ja) 2004-11-25
WO2003003201A2 (fr) 2003-01-09

Similar Documents

Publication Publication Date Title
WO2003003200A1 (fr) Procedes de transmission de modules logiciels
DE10256799B3 (de) Verfahren zur Programmierung von Flash-E-PROMs in einer mit einem Mikroprozessor ausgerüsteten Steuerelektronik für Straßenfahrzeuge
DE19836381C2 (de) Vorrichtung zur Installierung von Software auf einem Computersystem
DE69213809T2 (de) Verfahren und Vorrichtung zur Erzeugung von Kalibrierinformationen für ein elektronisches Motorsteuermodul
EP1399813A2 (fr) Procedes de transmission de modules logiciels
DE102008021030B4 (de) Verfahren zum Betreiben eines Fahrzeugs sowie entsprechende Vorrichtung und entsprechendes Fahrzeug
EP1346881A2 (fr) Méthode et dispositif de réception de données
EP1185026B2 (fr) Procédé de transmission de données
EP1532510A2 (fr) Procede de protection contre des manipulations effectuees sur un appareil de commande d'au moins un constituant de vehicule et appareil de commande
EP1723518A1 (fr) Actualisation et/ou elargissement de la fonctionnalite de la commande d'execution d'au moins une unite de commande
EP2041632B1 (fr) Reprogrammation d'unités électroniques de commande de véhicules au moyen de périphériques intégrés pour enregistreurs de données interchangeables
WO2001029638A2 (fr) Appareil electronique
EP1665031A2 (fr) Procede d'installation d'une composante programme
DE10238094B4 (de) Verfahren zum Schutz gegen Manipulationen in einem Steuergerät für mindestens eine Kfz-Komponente und Steuergerät
DE102022104321A1 (de) Center, aktualisierungsmanagementverfahren und nicht-transitorisches speichermedium
EP1817752A2 (fr) Procede pour personnaliser des cartes a puce
DE19922767A1 (de) Verfahren zum Installieren von Software und/oder zum Testen eines Computersystems
DE102005038462A1 (de) Verfahren und Vorrichtung zum Übertragen von Daten und/oder Softwaremodulen in ein Fahrzeug
DE60000149T2 (de) Mikrovorrichtungsverarbeitungsverfahren
WO2003021192A1 (fr) Procede, dispositif et produit informatique destines a actualiser des donnees appareil de commande
EP1597671A2 (fr) Procede d'installation d'un programme pret a tourner
WO2022117306A1 (fr) Procédé assurant la disponibilité de données de programme à partir d'une base de données
WO2024132503A1 (fr) Procédé et dispositif d'attribution individuelle d'au moins un diagramme de fonction de véhicule à au moins un véhicule
DE102022128289A1 (de) Leistungsabstimmung für elektronische steuereinheit
EP4187846A1 (fr) Commande d'un accès à un appareil

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20031213

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: DAIMLERCHRYSLER AG

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: DAIMLER AG

17Q First examination report despatched

Effective date: 20071218

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20080103