EP2727039A1 - Dispositif de véhicule et procédé servant à faire fonctionner le dispositif de véhicule - Google Patents

Dispositif de véhicule et procédé servant à faire fonctionner le dispositif de véhicule

Info

Publication number
EP2727039A1
EP2727039A1 EP12729145.8A EP12729145A EP2727039A1 EP 2727039 A1 EP2727039 A1 EP 2727039A1 EP 12729145 A EP12729145 A EP 12729145A EP 2727039 A1 EP2727039 A1 EP 2727039A1
Authority
EP
European Patent Office
Prior art keywords
unit
operating system
main operating
vehicle
partition
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP12729145.8A
Other languages
German (de)
English (en)
Inventor
Bernd Becker
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Continental Automotive GmbH
Original Assignee
Continental Automotive GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Continental Automotive GmbH filed Critical Continental Automotive GmbH
Publication of EP2727039A1 publication Critical patent/EP2727039A1/fr
Ceased legal-status Critical Current

Links

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R99/00Subject matter not provided for in other groups of this subclass
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode

Definitions

  • Vehicle unit and method for operating the vehicle unit are Vehicle unit and method for operating the vehicle unit
  • the invention relates to a vehicle unit for controlling vehicle functions, such as a central driving ⁇ imaging control unit, a multimedia-vehicle unit or the ⁇ same, and a method for operating this vehicle unit.
  • vehicle unit includes, as usual, to a micropro cessor ⁇ with an attached memory, is implemented on the microprocessor, a main operating system, which is also referred to as Main Operating System OS.
  • main operating system forms the interface of the hardware of the vehicle control unit to application programs (applications) implemented in the main system and / or optionally additionally implemented on the microprocessor, and user interactions via a user interface (user interface).
  • Such electronic vehicle units are increasingly used in vehicles, in which application programs are installed on the vehicle units, the components connected by Hardwarekompo-technikeinga ⁇ ben or to the vehicle unit, or both can be controlled.
  • Such open systems lead with some probability cause the Hauptbe ⁇ operating system and / or application programs on the vehicle ⁇ unit no longer function under certain conditions, for example due to errors in describing the connected in-vehicle unit memory.
  • Such problems can arise with too many rollback memory accesses to previous memory entries or programs' addition or deletion actions.
  • a Neuinstallati ⁇ on the main operating system and, where appropriate, the application programs is necessary.
  • the object of the present invention is to reduce the number of cases in which the repair Construction and sending the vehicle unit described above must be performed on a re ⁇ paraturservice.
  • the microprocessor is constructed in a microkernel architecture with separate partitions for a main operating system unit, a crypto unit and a supervision unit, wherein in the main operating system unit Hauptbe ⁇ operating system and, optionally, application programs incorporated ⁇ directed are, in the CRYPTO unit software certificates are ge ⁇ stores and a verification program is adapted to validation of certificates and software packages, and wherein in the supervision unit a monitoring program for monitoring the functions of the other partitions the microkernel architecture is provided.
  • the separate partitions with the programs set up on them operate independently of each other, the supervisory unit monitoring program monitoring the functions of the other partitions and preferably initiating a repair operation upon detection of an error, for example rewriting the failed partition in the microkernel architecture.
  • Flash serves to repair the system by returning it to the system's most recent stable state.
  • the microkernel architecture With separate partitions, it is therefore possible in the invention to use the Super Vision unit even if the main ⁇ operating system unit is faulty, so that by the Supervision unit repair of the entire system suc ⁇ gen, which had to be done conventionally by connecting a corresponding repair system at a repair service.
  • the monitoring program of the supervision unit can be realized, for example, as a kind of watchdog function, in particular for the main operating system unit.
  • the entire microkernel architecture is preferably implemented on exactly one microprocessor, on which all units of the various partitions are set up and on which all the functions assigned to the various units run by implementation of suitable programs.
  • the partition can be set up with the Haupt horrssys ⁇ tem unit to by an end user, examples example by a download and install new applications and / or firmware programs, be changeable.
  • Firmware programs can also include new Versio ⁇ nen of the main operating system in particular. It is possible according to both updates in ⁇ stalling and the partition completely re-writing ⁇ ben (Flashing), the main operating system is reinstalled in the vehicle unit. This represents a possible ⁇ ability to put the vehicle unit in a functional error again in a functional condition.
  • further partitions of the microkernel architecture in the microprocessor can be set up to be unchangeable by the end user. This may preferably concern all further partitions of the microkernel architecture, but in particular the crypto unit and the Supervision unit or the respective Partitio ⁇ nen with the crypto unit and the supervision unit.
  • the crypto unit can be set up to decrypt and / or check packages of software to be installed in the vehicle unit in the check program.
  • US 2009/0217136 Al already describes a memory device with a flash memory module and a controller contained in the memory device, which has its own microprocessor with an error correction module which is used in the storage or reading of data from the flash memory module performs a packetwise correction.
  • this 2009/0217136 proposes US AI an intrinsically ⁇ permanent microprocessor before, which is firmly associated with the memory unit, the memory unit may even be connected to a host computer system.
  • a realization of this function in the context of a microkernel architecture offers the advantage that a single microprocessor can be used, since the crypto unit according to the invention is also one of the microkernel architectures externally unchangeable partition is designed, which is here ⁇ secured against unwanted or deliberate manipulation and works particularly reliable in the context of the decryption and review of the main operating system and / or application software. In the context of this proposed architecture, it is not necessary to provide a separate processor and controller for this purpose.
  • the invention particularly important supervision unit is set up to initiate a recovery process for the partitions with the main operating system with the monitoring ⁇ program in case of failure in the main operating system.
  • the vehicle operating unit can thereby be operated particularly safely and reliably.
  • the basic version of a functioning main operating system with the essential application programs for example in the form of an image (image) can be stored in the flash memory connected to the vehicle ⁇ unit, which as a backup image of the partition of the main operating system by the supervision unit to ⁇ is written back.
  • the vehicle unit may be an interface for an ex- Have ternes storage medium, which is also controlled by the super vision unit.
  • This interface can be, for example, a USB interface, an interface for plugging in a Secure Digital Card (SD card), another data card or the like.
  • SD card Secure Digital Card
  • the super-vision unit or the implemented therein monitoring program on an emergency operating system which is adapted to drive necessary user interface such as a display, an input unit, and the like, as well as interfaces for an external storage medium and to execute the Reset factory ⁇ averaging method.
  • the micro-kernel architecture can (Kernel separation) may be formed with a separate partition for a policy unit as a so-called separation kernel, wherein the policy unit is as ⁇ to set up the communication between the individual partitions of the microkernel architecture be monitored and, if necessary, controlled.
  • the policy unit is as ⁇ to set up the communication between the individual partitions of the microkernel architecture be monitored and, if necessary, controlled.
  • the vehicle unit or the respective units of the various partitions of the microkernel architecture According to the invention set thereof for carrying out the following be written ⁇ method for operating the vehicle unit, or parts thereof.
  • the method is suitable Operator Op ⁇ ben a vehicle unit comprising a microprocessor on WEL ehern the prescribed microkernel architecture is fitted with the separate partitions for a main operating system unit, egg ⁇ ne crypto unit, and a Supvervisions unit.
  • the main operating system unit according to the invention, the main operating system and optionally application programs are set up. These can be changed by the user.
  • software certificates are stored and set up a verification program for checking certificates and complete software packages.
  • the invention provides in the microkernel architecture, and by the monitoring program of a supervision unit drive the main operating system and optionally EXISTING ⁇ dene application software during startup and / or the loading of the Main operating system or the vehicle ⁇ unit monitors and in case of deviations from a predetermined behavior, a recovery process for the main operating system is initiated.
  • the vehicle unit can be restarted in a failure and restored to an operational state, without a removal of the vehicle unit and rewriting the memory connected to the microprocessor for re-implementation of the main operating system software and the application programs are necessary.
  • a particularly advantageous embodiment of the method according to the invention is to detect deviations during startup and / or operation of the main operating ⁇ system a typical start time for a user interface (Human Machine Interface - HMI), which claimed by the Hauptbe ⁇ operating system computing time of the microprocessor and / or the storage claimed by the main operating system. For example, by comparing with predetermined limits for a normal operation monitored.
  • Such data can be easily monitored by the monitoring program in a kind of watchdog function, for example, by simulating a response of the user interface and till ⁇ queries and the operation of the microprocessor and the memory ⁇ place are monitored. This is possible under an inde ⁇ -ended process in the Super Vision unit easily without any errors in the partition of
  • Main operating system unit affect this function.
  • the recovery process is started may preferably be in the context of this recovery process, the Partiti ⁇ on the main operating system unit completely bringsschal ⁇ tet and discharged from the microkernel architecture.
  • the emergency operating system of the Su ⁇ pervisions unit then takes over the control of the user interface and / or an interface for the external storage medium to indicate the failure of the vehicle unit and a new implement the main operating system unit in the ent ⁇ speaking partition the micro-kernel To be able to carry out architecture.
  • the recovery process of the invention can be automated and / or Runaway ⁇ leading user-controlled. A particularly fast, automatic re ⁇ production of the defective partition can then be achieved if in the inventive method a writeback in the vehicle unit, for example, on the
  • Microprocessor connected memory stored backup images of the partition of the main operating system is done. After writing back such a backup image, the vehicle unit can be restarted, with the restart running the newly installed main operating system.
  • a serial number, a version identification ⁇ number or the like to be output to the user, to the user to select the appropriate main operating system, that is ei ⁇ ner appropriate firmware to allow a manufacturer's site in the Internet.
  • a serial number, a version identification ⁇ number or the like to be output to the user, to the user to select the appropriate main operating system, that is ei ⁇ ner appropriate firmware to allow a manufacturer's site in the Internet.
  • information can also be a suitable Internet link, particularly in the form of an html file that is output on the external Spei ⁇ chermedium that can be called ⁇ when connected to another computer system with an Internet connection directly up and download the appropriate main operating system.
  • the html file optionally with yes ⁇ vaScript shares, checks the size of the storage medium and stores an image file and / or an update file of the main operating system to be installed in a suitable directory.
  • an error reduction is achieved because a faulty installation of a wrong operating ⁇ system is avoided from the outset, without the installed in the vehicle unit crypto unit would have to grasp ⁇ accordingly.
  • a certifi cate ⁇ can be used here.
  • a check is carried out by the crypto unit.
  • serial number, hardware version, integrity, certificate or the like can be checked and, if necessary, a decryption can be carried out.
  • the presence checks an external storage medium to the image file and / or the update file and their in ⁇ stallation starts at presence immediately. Otherwise, the presence of the external memory is not checked. This also ensures that an update with the same software version does not occur several times, which can sometimes lead to an unstable system. After a successful reinstallation of the main operating system, also called flashing, then in the normal and usual way faster start mode is switched again.
  • main operating system also called flashing
  • the present invention also relates to a computer program product with program code means for setting up in a computer unit, which computer program product is characterized in that by the program code means when executing the computer program a microkernel architecture according to one of claims 1 to 6 and / or a method according to one of claims 7 to 12 is set up in the microprocessor of the vehicle unit.
  • FIG. 1 shows schematically the structure of a device according to the invention.
  • FIG. 2 shows a schematic sequence for operating a vehicle unit according to the present invention.
  • Fig. 1 the system partitioning of a memory connected to the microprocessor is shown on the the memory accesses the sequence of various programs in the partitions.
  • This partition is formed as a Separati ⁇ onskernel, which is a special variant of a microkernel architecture.
  • the various partitions 1, 2, 3, 4 implemented for the main operating system unit, the super-vision unit, the policy unit and the crypto unit in the same Mik ⁇ roratior with an attached memory, the different partitions run independently on the microprocessor and can also be executed in parallel.
  • the main operating system of the vehicle unit is installed, which can be changed by the end user, for example by downloading and installing new application programs or new Kleinbe ⁇ operating system software versions.
  • the partition 4 with the crypto unit is responsible for storing and validating certificates and checking the certificates of application software or complete software packages. All software certificates are installed inside Par ⁇ titionen 4 with the crypto unit without the other partitions 1, 2, 3 access to the partition 4 ben ha-. As a result, the security is increased according to the invention, because the crypto unit can not be changed by the user.
  • Partition 2 with the supervision unit for example, monitors the others with watchdog-like mechanisms
  • Partitions 1, 3, 4, and in particular the partition 1 with the main operating system unit which is responsible for the proper functioning of the vehicle unit.
  • This unit is so inventively responsible for detecting a non-function-onsstoryen main operating system and the introduction of a car ⁇ matic or user-interactive recovery process.
  • the partition 3 with the policy unit is a standard unit of a separation kernel and monitors rackingswei ⁇ se controls the communication between the different partitions 1, 2, 4. For example, checks whether a partition A send a message M to a partition B may.
  • the policy unit controls the access rights to physical volumes or flash partitions, and changes the budgets for processor power allocation to individual processes or storage space.
  • An essential concept of the present invention is now outsource responsible for the monitoring and restore the entire vehicle unit program code from the par ⁇ tition 1 with the main operating system unit in the partition 2 with the Supervision unit, said Par ⁇ tition 2 by the microkernel architecture is protected from interference or access from partition 1 while still running on the same microprocessor.
  • This function allows the monitoring function of a this usually provided external Mikrokon- is troller in the partition 2 of the Supervision Unit übertra ⁇ gen cooperating within the framework of their duties with the policy unit and the crypto unit.
  • the supervision unit, the crypto unit and the policy unit can replace the three different partitions 2 3 and 4 are also combined in a common partition, which according to the invention, however, differs from the partition 1 of the main operating system unit.
  • the partition 1 of the main operating system unit differs from the partition 1 of the main operating system unit.
  • a monitoring program runs in the super vision unit of the partition 2 in order to detect faults in the main operating system.
  • the Supervision Unit monitors the start of the main operation ⁇ system with regard to some detail functions. These detailed functions include important service functions and states of the main operating system.
  • HMI man-machine interface
  • angesteu ⁇ ert from the main operating system.
  • the function of the human-machine interface is checked by the supervision unit, for example by means of a fictitious input. If the man-machine interface after starting the vehicle unit after is not operational for a given time, this can be considered a failure of the main operating system.
  • the partition 1 of the main operating system can be regarded as faulty if an extraordinary loading ⁇ the processing power of the processor or an exceptional storage space requirement is determined. Excessive network traffic between the individual partitions of the separation kernel can also be seen as a characteristic of a faulty main operating system.
  • Main OS unit is completely powered off and unloaded from the microkernel architecture.
  • the a supervision unit then takes over under an emergency operating system, the remaining functions of the vehicle unit to which in particular also the response of the spot man-machine interface ⁇ belongs.
  • the supervision unit issues an error message to the end user via a screen of the human-machine interface.
  • An Internet link in particular an https link, with some details such as the serial number or a version identification number is output on the same screen on which the error message is displayed, so that the end user receives an up-to-date software package for the main operating system and / or the he requires application soft ⁇ ware can be downloaded from the Internet from a service side of the manufacturer of the vehicle unit.
  • the software download can be done by a conventional PC and on an external storage means, such as a USB memory stick done.
  • the supervision unit activates in the Emergency operating system the needed driver for external
  • the emergency operating system detects such an external storage means to egg ner interface, for example, when restarting the vehicle unit, the file system is searched for ei ⁇ nem software update package. Once such Pa ⁇ ket is detected, the hash value of the packet calculation ⁇ net, a signature is read and read the Locks ⁇ doubted software version and hardware compatibility of the package of the storage device and the partition 4 with the Crypto unit sent.
  • the crypto unit ⁇ checks the contents of the software package and gives the moni ⁇ toring unit feedback whether the software package for the present hardware is permitted. Furthermore, the Cryptoworks to-package can decrypt the software packets and provide for in ⁇ stallation.
  • the supervision unit performs a complete check on the blocks of the flash partitions used for the main operating system. Then it starts a reinstallation of the flash partition with the main operating system (flashing). After a successful installation in the partition 1, the main operating system unit, the vehicle starts generating unit at the next start with the new Radiosys ⁇ tem. In addition to error handling, they can also import targeted updates in this way, which can be triggered, for example, by a user input in the main operating system.
  • the super ⁇ visions unit chert a Launching an online link storage offered on a Schlos ⁇ Senen to the Vehicle Unit memory device in which already necessary information to Identifika ⁇ tion of the appropriate and required software are included. In this way, error entries are avoided.
  • a user-controllable method for operating the vehicle unit can be carried out, which allows the unit to be restored in the event of a software error without it having to be removed and sent to a special service point.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Mechanical Engineering (AREA)
  • Stored Programmes (AREA)
  • Debugging And Monitoring (AREA)

Abstract

L'invention concerne un procédé de commande de fonctions de véhicule et un dispositif de véhicule, équipé d'un microprocesseur et d'une mémoire raccordée à ce dernier et dans laquelle est implémenté un système d'exploitation principal qui forme l'interface du matériel avec les programmes d'application et les interactions de l'utilisateur. Le microprocesseur est intégré dans une architecture micronoyau avec des partitions séparées pour une unité de système d'exploitation principal, une unité cryptographique (4) et une unité de supervision (2). Le système d'exploitation principal est installé dans l'unité de système d'exploitation principal (1), tandis que des certificats de logiciels sont enregistrés dans l'unité cryptographique (4), dans laquelle est installé un programme de vérification servant à vérifier des certificats et des progiciels, l'unité de supervision (2) contenant un programme de surveillance servant à surveiller le fonctionnement des autres partitions de l'architecture micronoyau.
EP12729145.8A 2011-06-30 2012-06-25 Dispositif de véhicule et procédé servant à faire fonctionner le dispositif de véhicule Ceased EP2727039A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102011106078A DE102011106078A1 (de) 2011-06-30 2011-06-30 Fahrzeugeinheit und Verfahren zum Betreiben der Fahrzeugeinheit
PCT/EP2012/062203 WO2013000854A1 (fr) 2011-06-30 2012-06-25 Dispositif de véhicule et procédé servant à faire fonctionner le dispositif de véhicule

Publications (1)

Publication Number Publication Date
EP2727039A1 true EP2727039A1 (fr) 2014-05-07

Family

ID=46331337

Family Applications (1)

Application Number Title Priority Date Filing Date
EP12729145.8A Ceased EP2727039A1 (fr) 2011-06-30 2012-06-25 Dispositif de véhicule et procédé servant à faire fonctionner le dispositif de véhicule

Country Status (5)

Country Link
US (1) US9205809B2 (fr)
EP (1) EP2727039A1 (fr)
CN (1) CN103688268B (fr)
DE (1) DE102011106078A1 (fr)
WO (1) WO2013000854A1 (fr)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103836182A (zh) * 2014-03-28 2014-06-04 大陆汽车投资(上海)有限公司 配备液力变矩器的带式cvt的控制系统和方法
FR3025035B1 (fr) * 2014-08-22 2016-09-09 Jtekt Europe Sas Calculateur pour vehicule, tel qu’un calculateur de direction assistee, pourvu d’un enregistreur d’evenements integre
US9916931B2 (en) 2014-11-04 2018-03-13 Capacitor Science Incorporated Energy storage devices and methods of production thereof
DE102014224892A1 (de) * 2014-12-04 2016-06-09 Bayerische Motoren Werke Aktiengesellschaft Bereitstellen einer ersten Ablaufsteuerung anstelle einer zweiten Ablaufsteuerung im Fehlerfall
US9694765B2 (en) * 2015-04-20 2017-07-04 Hitachi, Ltd. Control system for an automotive vehicle
DE102015214054A1 (de) 2015-07-24 2017-01-26 Siemens Aktiengesellschaft Verfahren zum Betreiben einer Automatisierungskomponente
JP2018120422A (ja) * 2017-01-25 2018-08-02 ルネサスエレクトロニクス株式会社 車載通信システム、ドメインマスタ、及びファームウェア更新方法
US10798128B2 (en) * 2017-07-24 2020-10-06 Blackberry Limited Distributed authentication for service gating
US10942509B2 (en) 2018-01-19 2021-03-09 Ge Aviation Systems Llc Heterogeneous processing in unmanned vehicles
US11029985B2 (en) 2018-01-19 2021-06-08 Ge Aviation Systems Llc Processor virtualization in unmanned vehicles
CN108279603A (zh) * 2018-01-30 2018-07-13 风度(常州)汽车研发院有限公司 一种行车控制系统、方法及存储介质
DE102018213902A1 (de) * 2018-08-17 2020-02-20 Continental Automotive Gmbh Gegen Angriffe gesicherte Netzwerkschnittstelle
EP3742295A1 (fr) * 2019-05-23 2020-11-25 NXP USA, Inc. Annulation automatique de micrologiciel
CN111273883A (zh) * 2020-01-20 2020-06-12 北京远特科技股份有限公司 多操作系统的同屏显示方法、装置和终端设备
CN114625426B (zh) * 2020-12-09 2023-09-29 博泰车联网科技(上海)股份有限公司 一种硬隔离实现系统
DE102022003789A1 (de) 2022-10-14 2024-04-25 Mercedes-Benz Group AG Verfahren zum Ändern des Speicherinhalts eines Hauptspeichers eines Mikrocontrollers ohne separate Speicherverwaltungseinheit, Anwendung dessen, Mikrocontroller und Fahrzeug

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102007040094A1 (de) * 2007-08-24 2009-02-26 Continental Automotive Gmbh Verfahren und System zur reversiblen Durchführung von Konfigurationsänderungen

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7840763B2 (en) * 2004-03-12 2010-11-23 Sca Technica, Inc. Methods and systems for achieving high assurance computing using low assurance operating systems and processes
CN100394392C (zh) * 2005-12-09 2008-06-11 英业达股份有限公司 计算机程序还原模式自动启动控制方法及系统
US7877357B1 (en) * 2007-10-12 2011-01-25 Netapp, Inc. Providing a simulated dynamic image of a file system
DE102007062114A1 (de) 2007-12-21 2009-07-23 Opensynergy Gmbh Kraftfahrzeug-Steuervorrichtung
TWI381387B (zh) 2008-02-21 2013-01-01 Phison Electronics Corp 儲存裝置、控制器及其資料存取方法
CN101251813A (zh) * 2008-03-31 2008-08-27 宇龙计算机通信科技(深圳)有限公司 手机系统恢复装置及其方法
WO2010016172A1 (fr) * 2008-08-05 2010-02-11 三菱電機株式会社 Système embarqué
CN102426797B (zh) * 2011-11-16 2013-08-14 东南大学 客运车辆车载信息交互系统

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102007040094A1 (de) * 2007-08-24 2009-02-26 Continental Automotive Gmbh Verfahren und System zur reversiblen Durchführung von Konfigurationsänderungen

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
NILSSON D K ET AL: "A Framework for Self-Verification of Firmware Updates over the Air in Vehicle ECUs", 2008 IEEE GLOBECOM WORKSHOPS; 30 NOV.-4 DEC. 2008; NEW ORLEANS, LA, USA, IEEE, PISCATAWAY, NJ, USA, 30 November 2008 (2008-11-30), pages 1 - 5, XP031405600, ISBN: 978-1-4244-3061-1 *
See also references of WO2013000854A1 *

Also Published As

Publication number Publication date
CN103688268B (zh) 2017-10-10
US9205809B2 (en) 2015-12-08
WO2013000854A1 (fr) 2013-01-03
DE102011106078A1 (de) 2013-01-03
US20140142781A1 (en) 2014-05-22
CN103688268A (zh) 2014-03-26

Similar Documents

Publication Publication Date Title
WO2013000854A1 (fr) Dispositif de véhicule et procédé servant à faire fonctionner le dispositif de véhicule
EP1903436B1 (fr) Système informatique et procédé destiné à l'actualisation de codes de programmes
DE10213165B3 (de) Verfahren und Vorrichtung zum Übernehmen von Daten
DE102011075776A1 (de) Verfahren und System zum Aktualisieren eines gemeinsam genutzten Speichers
DE102011005209B4 (de) Programmanweisungsgesteuerte Instruktionsflusskontrolle
DE102012109617A1 (de) Verfahren zum Ersetzen eines öffentlichen Schlüssels eines Bootloaders
DE102015112040A1 (de) Verfahren und System zur Firmware-Aktualisierung einer Steuereinrichtung zur Prozesssteuerung
DE102012109614A1 (de) Fehlerbehebung bei Stapel-Korruption in eingebetteten Softwaresystemen
EP2527976B1 (fr) Mise à jour logicielle simultanée
WO2005004160A2 (fr) Procede permettant la mise a jour d'un logiciel d'appareil de commande electronique par une programmation flash via une interface serielle et un automate d'etat correspondant
DE102017209468A1 (de) Verfahren zum Zurücksetzen einer Software eines Fahrzeugsteuergeräts eines Fahrzeugs in einen ursprünglichen Zustand
EP3752911B1 (fr) Procédé pour l'installation d'un paquet de code de programme dans un appareil ainsi qu'appareil et véhicule à moteur
WO2004114131A1 (fr) Procede de rechargement d'un logiciel dans le secteur d'amorçage d'une memoire morte programmable
EP2394232B1 (fr) Dispositif et procédé empêchant l'utilisation et/ou la manipulation illicites de logiciels
DE102012217312B4 (de) Verfahren und System zur Aktualisierung von Code in Verarbeitungssystemen
EP3074862B1 (fr) Procédé pour le déroulement sûr d'un démarrage d'un système électronique
WO2021123024A1 (fr) Appareil comportant une interface et procédé de mise en œuvre d'un appareil comportant une interface
EP2596429B1 (fr) Procédé servant à éxecuter un programme de service, système informatique et produit de programme informatique
DE102009047974B4 (de) Verfahren zur Programmierung eines Steuergeräts
DE102021212994B3 (de) Verfahren zur Erkennung von auf eine Manipulation hindeutenden Anomalien während eines sicheren Startvorgangs einer softwaregesteuerten Vorrichtung
DE10357032A1 (de) Verfahren zum Nachladen einer Software in den Bootsektor eines programmierbaren Lesespeicher
DE102023100783A1 (de) Verfahren und Prozessorschaltung zum Ermitteln einer Enumerierung von Gerätefunktionen in einem PCI-Bus eines Fahrzeugs
DE102008010556A1 (de) Verfahren und Vorrichtung zum Speichern von Informationsdaten
EP2037360A2 (fr) Appareil de commande pour une mémoire de masses et procédé de préparation de données pour un processus de démarrage d'un ordinateur
DE102020207861A1 (de) Verfahren zur Durchführung einer abgesicherten Startsequenz eines Steuergeräts

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20140130

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20180515

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: CONTINENTAL AUTOMOTIVE GMBH

REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20201002