EP2766813A1 - Method for operating an it system, and it system - Google Patents
Method for operating an it system, and it systemInfo
- Publication number
- EP2766813A1 EP2766813A1 EP12783147.7A EP12783147A EP2766813A1 EP 2766813 A1 EP2766813 A1 EP 2766813A1 EP 12783147 A EP12783147 A EP 12783147A EP 2766813 A1 EP2766813 A1 EP 2766813A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- processing unit
- state
- program
- program part
- depending
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/079—Root cause analysis, i.e. error or fault diagnosis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
Definitions
- the invention relates to a method for operating an information technology system which has at least a first processing unit and a second processing unit which are connected to one another. Furthermore, the invention relates to the information technology system.
- a plurality of software programs are designed in such a way that, for execution of the software program, a respective program part of the software program has to be executed by different computer units. This may be due, for example, to the fact that a performance of a computing unit is not sufficient and / or special security functions are performed by a computing unit which is specially designed for this purpose.
- the need for frequent updates of the software and the desire to provide sufficient protection for the computer unit software also create a need for computer systems that allow for secure and reliable software upgrade. Particularly in the case of control devices for a motor vehicle, for example in the case of a digital tachograph, the requirements for manipulation security of the software and for reliable software upgrading are particularly high.
- the object underlying the invention is to provide a method for operating an information technology system and the information technology system, which enable reliable operation of the information technology system.
- the object is solved by the features of the independent claims.
- Advantageous developments of the invention are characterized in the subclaims.
- the invention is characterized by a method for operating an information technology system.
- the information technology system comprises at least a first processing unit and a second processing unit which are in communication with each other.
- the first processing unit and the second processing unit are formed into a common execution of an application program.
- the first processing unit is assigned a first memory in which a first program unit of the application program executable by the first processing unit is stored, and the second processing unit is assigned a second memory in which a second program portion of the application program executable by the second processing unit is stored.
- the first processing unit and the second processing unit are each assigned an installation routine which is designed to control an update of the first program part or of the second program part.
- the method comprises the following steps: Depending on a state of the respective installation routine and depending on a respective update progress of the first program part or the second program part during an update of the application program, the first processing unit is assigned an actual state from a predetermined set of possible states and the second processing unit, a second actual state from the predetermined set of possible states. After a restart of the system or as soon as a successful storage of the first program part and the second program part or an error in the storage of the first program part and / or the second program part is detected, depending on the actual state of the first processing unit and the actual state the second processing unit respectively predetermined processing steps in a predetermined order by the first and the second processing unit executed.
- the first and second program parts may each comprise program code and / or program data.
- the successful storage of the first and second program part may in this case also include, for example, that the first and / or second processing unit has successfully verified the integrity of the first and second program part.
- the set of possible states comprises a first state, which represents a first or a second valid program part and a respective inactive program routine, a second state, which represents a first and a second valid program part and a respective active program routine, and a third state, which represents a first or a second invalid program part and a respective active program routine of the first and the second processing unit.
- the second processing unit may return to the first state, or the first processing unit must switch to the second state. If the first processing unit is in the first state and the second processing unit is in the third state, the first processing unit must change to the second state. If the first processing unit is in the second state and the second processing unit is in the first state, the second processing unit can change to the second state, or the first processing unit must return to the first state. In all other cases, the respective actual states remain the same.
- the first processing unit first returns to the second state insofar as it does not already have it, and then the second processing unit changes to the first state.
- two binary flags are respectively used to characterize the actual state of the first processing unit and the actual state of the second processing unit, wherein a respective first binary flag, depending on its binary state, an inactive or active installation routine of the first processing unit or the second processing unit and a respective second binary flag depending on its binary state, a valid or an invalid first program part or second Pro represents part of the program.
- the predetermined processing steps in the predetermined order of the first and the second processing unit executed.
- an evaluation of the binary states is very simple and technically possible with little effort.
- the binary states of the respective first and second binary flags are reset to the binary state in a predetermined order depending on the binary states of the respective first and second binary flags. representing a valid program part or an inactive installation routine.
- the resetting of the first and second binary flags in the predetermined order makes it possible for a multiplicity of state combinations, which the first and second processing units can have, at any time during the operation of the information technology system to ensure that the information technology system is executable, that is, the first and second program part are valid and thus each executable or the respective installation routine is active or the respective installation routine can be at least restarted.
- the first processing unit is designed to start the update. initiate the application program and / or initiate an application program update.
- the first processing unit is configured to initiate a start of the update of the application program and / or to initiate an end of the update of the application program. This can advantageously contribute to ensuring that the information technology system can be better protected against manipulations, for example software manipulations.
- the second processing unit is designed to decide whether the update of the application program is started and / or terminated.
- the second processing unit is adapted to decide whether an update of the application program may be started and / or stopped or not. This can advantageously contribute to ensuring that the information technology system can be better protected against manipulations, for example software manipulations.
- the second processing unit is designed to verify an integrity of the first program part and / or the second program part. This makes it possible, for example, to check the integrity and / or unchanging nature of the first and / or the second program part.
- the invention is characterized by an information technology system comprising at least a first processing unit and a second processing unit.
- the first and second processing units communicate with each other and are adapted to a common execution of an application program.
- the first processing unit is assigned a first memory in which a first program part of the application program which can be executed by the first processing unit is stored is.
- the second processing unit is assigned a second memory in which a second program part of the application program which can be executed by the second processing unit is stored.
- the first processing unit and the second processing unit are each assigned an installation routine which is designed to control an update of the first program part or of the second program part.
- the first processing unit is designed to allocate an actual state from a predefined set of possible states depending on a state of the installation routine assigned to it and depending on an updating progress of the first program part during an update of the application program.
- the second processing unit is designed to allocate an actual state from the predetermined set of possible states depending on a state of the installation routine assigned to it and depending on an update progress of the second program part during the update of the application program.
- the first processing unit and the second processing unit are further configured, after a restart of the system or as soon as a successful storage of the first program part and the second program part or an error in the storage of the first program part and / or the second program part is detected, depending on the actual state of the first processing unit and the actual state of the second processing unit to execute predetermined processing steps in a predetermined order.
- Advantageous embodiments of the first aspect also apply to the second aspect.
- the information technology system is designed as a digital tachograph and the first processing unit comprises an application controller and the second processing unit a safety controller.
- the digital Tachograph in such a way that a tamper-proof and reliable operation of the digital tachograph is possible, both during an update of the application program as well as a malfunction and / or interruption of the update of the application program as well as a targeted and / or unexpected restart (also referred to as reset) the first and / or second processing unit.
- a system blockage due to an inconsistent state of the first program part and the second program part and / or the installation routine can be avoided.
- FIG. 1 shows a simplified block diagram of an information technology system
- Figures 2a and 2b each possible combinations of respective binary flags
- Figures 3a and 3b is a flow chart of a program and another program for operating the information technology system.
- FIG. 1 shows an exemplary embodiment of an information technology system 10.
- the information technology system 10 may comprise, for example, an embedded system (also referred to as an embedded system).
- the information technology system 10 may be comprised of a digital tachograph of a vehicle.
- the information technology system 10 comprises at least a first processing unit CM and a second processing unit SM.
- the first processing unit CM may, for example, comprise an application controller
- the second processing unit SM may comprise, for example, a security controller.
- the first processing unit CM and the second processing unit SM communicate with each other.
- the first CM and second processing units SM are formed into a common execution of an application program.
- the first processing unit CM is assigned a first memory in which a first program part of the application program which can be executed by the first processing unit CM is stored.
- the second processing unit SM is assigned a second memory in which a second program part of the application program executable by the second processing unit SM is stored.
- the first processing unit CM and the second processing unit SM are each assigned an installation routine SUC1, SUC2, which is designed to control an update of the first program part or of the second program part.
- the respective installation routines SUC1, SUC2 can be started, for example, from the application program.
- the second processing unit SM may be configured to verify the integrity of the first program part and / or the second part of the program.
- the first processing unit CM is designed to start the updating of the
- the first Processing unit CM can for this purpose have an interface IF, via which the first processing unit CM can communicate with external devices.
- the second processing unit SM has no external interface via which the second processing unit SM can be externally accessed.
- the first CM and second processing unit SM can, for example, cooperate in such a way that the second processing unit SM can communicate only as a function of the first processing unit CM.
- the second processing unit SM may be configured to decide whether to start and / or stop updating the application program. Such a decision may be, for example, dependent on a successful authentication of an administrator on the second processing unit SM.
- the application program is characterized as invalid as soon as only a part of the first program part and / or second program part is changed and the information technology system 10 is formed such that the application program characterized as invalid can not be executed.
- the updating of the application program can be aborted as long as the first program part and the second program part have not yet been changed, not even partially.
- the background to the fact that the update can not be aborted after a single change is typically that the program part has been overwritten in the respective memory area and the old software is no longer stored on the respective processing unit and thus can not be locally restored.
- the application program when the application program is updated after a successful
- the application program is actively characterized as being valid, and thus becomes executable for the information technology system 10, when the first and the second program part are being listened to.
- the successful storage of the first and second program part may also include, for example, that the first CM and / or second processing unit SM has successfully verified the integrity of the first and second program part, for example by checking an electronic signature.
- the first processing unit CM is adapted, depending on a state of its associated installation routine SUCL and depending on an update progress of the first program part during an update of the application program to assign an actual state of a predetermined set of possible states.
- the second processing unit SM is designed to allocate an actual state from the predetermined set of possible states depending on a state of the installation routine SUC2 assigned to it and depending on an update progress of the second program part during the update of the application program.
- the first processing unit CM and the second processing unit SM are designed to be recognized after a restart of the system 10 or as soon as a successful storage of the first program part and the second program part or an error in the storage of the first program part and / or the second program part is detected the predetermined state of the first processing unit CM and the actual state of the second processing unit SM each predetermined processing steps in a predetermined order to execute.
- the set of possible states can include a first state ZA, which contains a first or a second valid program part and a respective inactive program routine. ne SUC1, SUC2 represents.
- the set may further comprise a second state ZSUCa, which represents a first or a second valid program part and a respective active program routine SUC1, SUC2, and a third state ZSUCb, which has a first or a second invalid program part and a respective active program routine SUC1, SUC2 represents.
- Table 1 summarizes possible state combinations for the first processing unit CM and the second processing unit SM. Furthermore, in Table 1, possible measures for the respective state combinations are specified, which are executed by the first processing unit CM after a restart (also referred to as reset) in order to cancel a possible inconsistent state of the first and second program part and the respective installation routines SUC1, SUC2.
- a restart also referred to as reset
- Processing processing unit first processing unit means CM depending on the
- ZA ZSUCb CM has to start its installation routine SUC1, CM has already been given the authority of SM, her Installation routine SUC1 to start
- ZSUCa ZSUCa Either CM and SM start the execution of the first or the second part of the program or CM and SM continue the respective installation routine SUC1, SUC2
- the state combinations shown in Table 1 are, except for a critical state combination in which the first processing unit CM has the third state ZSUCb and the second processing unit SM has the first state ZA, for the information technology system 10 solvable.
- the information technology system 10 is able, with the exception of the critical state combination, to to transfer the first processing unit CM and the second processing unit SM into an actual state by suitable measures, so that the information technology system 10 is executable, ie the first and second program parts are valid and thus executable or the respective installation routine SUC1, SUC2 is active or the respective installation routine SUC1, SUC2 can at least be restarted.
- the critical state combination may be unsolvable, perhaps because the first processing unit CM, after the first part of the program has been partially overwritten by the update, after a restart is no longer bootable, and the application program would be responsible for the required authentication of an administrator for a new recording Update process to the second processing unit SM pass, but what they can not in the critical state combination. Due to the resulting deadlock, the system would be unusable.
- the first processing unit CM If the first processing unit CM is in the first state ZA and the second processing unit SM is in the third state ZSUCb, the first processing unit CM must transition to the second state ZSUCa. If the first processing unit CM is in the second state ZSUCa and the second processing unit SM is in the first state ZA, the second processing unit SM can change to the second state ZSUCa, or the first processing unit CM has to return to the first state ZA. In all other cases, the respective actual states remain the same.
- first the first processing unit CM returns to the second state ZSUCa insofar as it does not already have it, and then the second processing unit SM changes to the first state ZA replaced.
- the second processing unit SM does not immediately change from the second state ZSUCa or third ZSUCb to the first state ZA. Instead, the first processing unit CM has or returns to the second state ZSUCa. Thereafter, the second processing unit SM changes to the first state ZA.
- two binary flags CMU, CMI, SMU, SMI can be used to characterize the respective actual state of the first CM and second processing unit SM.
- a respective first binary flag CMU, SMU can represent an inactive or an active installation routine SUC1, SUC2 of the first CM or of the second processing unit SM, respectively.
- a respective second binary flag CMI, SMI can be deleted according to its binary state, _ sets a valid relationship example represent an invalid first program part or second part of the program.
- the installation routine SUCl of the first processing unit CM may be configured to assign the respective binary state _ deleted to the first CMU and second binary flag CMI of the first processing unit CM.
- the installation routine SUC2 of the second processing unit SM is designed, for example, to assign the first SMU and second binary flag SMI of the second processing unit SM the respective binary state _ deleted, _set.
- the respective first binary flag CMU, SMU is assigned a second binary state _set by the respective installation routine SUCL, SUC2 as soon as the installation routine SUCl of the first processing unit CM or the installation routine SUC2 of the second processing unit SM is active.
- the installation routine SCU1 of the first processing unit CM is started and the first binary flag SMU of the second processing unit SM becomes the second binary state
- the installation routine SCU2 of the second processing unit SM is started.
- the second binary state _set is assigned to the respective second binary flag CMI, SMI by the respective installation routine SUC1, SUC2 as soon as the first program part or the second program part becomes invalid due to a change in the first program part or the second program part.
- Figures 2a and 2b show in tabular form each possible combinations of the respective binary flags CMU, CMI, SMU, SMI and the respective possible state of the first processing unit CM or of the second processing unit SM.
- the fourth state Z_NA occurs here only artificially through the use of two binary flags CMU, CMI, SMU, SMI for the first CM or second processing unit SM and will not be considered further below.
- the first CM or the second processing unit SM could have the fourth state Z_NA only if there is an active and direct manipulation of the respective installation routines SUC1, SUC2 and / or a reset logic.
- the information technology system 10 would be in this case, for example, if at this time a restart (also referred to as reset), in a system blockade.
- the binary states, _set the respective first CMU , SMU and second binary flags CMI, SMI are reset to the first binary state, which represents a valid program part or an inactive installation routine SUC1, SUC2.
- the second processing unit SM assigns itself the first state ZA starting from the third state ZUCb.
- the change of the third state ZSUCb of the second processing unit SM into the first state ZA is triggered, for example, by the first processing unit CM and thus at least partially controlled.
- FIG. 3a shows a flow diagram of a program which is executed, for example, by the second processing unit SM.
- FIG. 3b shows a flowchart of a further program which is executed, for example, by the first processing unit CM.
- the two programs are used after a successful storage of the first and second program part, the binary flags CMU, CMI, SMU, SMI reset the predetermined order, so as to ensure that, for example, after a restart (also referred to as reset), which also arbitrary while the program update can take place, the information technology system 10 nevertheless has an executable operating state.
- the first processing unit CM is designed, for example, to send a plurality of requests to the second processing unit SM.
- the second processing unit SM is designed, for example, to send feedback messages to the requests of the first processing unit CM to the first processing unit CM.
- the first processing unit CM may be configured to send the following requests to the second processing unit SM.
- SUCStart This request causes the start of the installation routine SUC2 on the second processing unit SM, insofar as the second processing unit SUC2 processing unit SM allows the start of the installation routine SUC2.
- This request causes the termination of the installation routine SUC2 on the second processing unit SM, insofar as the second processing unit SM permits the termination of the installation routine SUC2 and the second program part is successfully stored.
- the first processing unit CM can check whether the installation routine SUC2 of the second processing unit SM is active.
- the first processing unit CM can check whether the second program part of the second processing unit SM has been successfully stored.
- the program (FIG. 3a) is started, for example, in a step S2_10.
- the program is started, for example, after the recognition of a successful storage of the first and second program part by the second processing unit SM.
- the program installation routine SUC2 of the second processing unit SM may be configured to recognize that the first program part and the second program part have been successfully stored.
- the first SUC1 and / or second program installation routine SUC2 may be formed when an error occurs during the storage of the first program part or of the second program part to signal an error message.
- the program installation routine SUC2 of the second processing unit SM may be configured to determine an integrity of the entire first program part and the second program part at the end of storage of the first and second program part. examples
- the program can be started.
- the second binary flag SMI is brought to the first binary state _ deleted.
- a signal is sent from the second processing unit SM to the first processing unit CM to signal that the respective program installation routine SUC1, SUC2 can be terminated.
- step S2_70 after the second processing unit SM has received the second command SUCStop sent by the first processing unit CM, the first binary flag SMU is switched over from the second binary state _set to the first binary state _delayed.
- step S2_90 the program is ended.
- the further program (FIG. 3b), which is executed by the first processing unit CM, is started, for example, in a step S1_40.
- the start of the further program is preferably carried out after the detection of the signal for signaling that the respective program installation routines SUC2, SUC1 sent by the second processing unit SM to the first processing unit CM can be terminated.
- a step Sl_50 the binary state of the second binary flag CMI of the first processing unit CM is switched, so that the first binary state _ has been cleared.
- the first processing unit sends the CM second command SUCStop to the second processing unit SM.
- the binary state of the first binary flag CMU of the first processing unit CM is switched so that it has the first binary state _delayed.
- the further program is ended.
- the error occurs at the second processing unit SM, it returns an error to the first processing unit CM.
- the first processing unit CM is therefore also known in this case that an error has occurred.
- the first processing unit CM sends the request SUCValid to the second processing unit SM and thus, together with its own second binary flag CMI, receives the information as to whether a return to the execution of the first and second program part, ie the execution of the application program, is permitted or not. If such a return is not allowed, in a second
- Step the respective installation routines SUC1, SUC2 restarted.
- the next step is the fourth step. If the return is permitted, in the second step, for example, a user can decide whether the application program or the respective installation routines SUC1, SUC2 should be restarted. If the application program is to be restarted, send in a third step, the first processing unit CM to the second processing unit SM, the request SUCStop and clears after positive feedback its own first binary flag CMU.
- a restart also referred to as a reset
- the application program is started or the respective installation routines SUC1, SUC2 are restarted.
- the information technology system 10 has the critical state combination.
- the respective first binary flag CMU, SMU decides whether the respective program part or the respective installation routine SUC1, SUC2 is started.
- Processing unit SM can not be deleted because the first binary flag SMI of the second processing unit SM still has the second binary state _set.
- the behavior of this implementation differs slightly in an error case from the embodiment described above, because the first processing unit CM still has no information about the validity of the second part of the program and can not offer the user a choice, either to an execution of the first and second part of the program or continue the update. This means that in case of error no distinction between the second state ZSUCa and the third state ZSUCb is more possible.
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102011084569.0A DE102011084569B4 (en) | 2011-10-14 | 2011-10-14 | Method for operating an information technology system and information technology system |
PCT/EP2012/070362 WO2013053934A1 (en) | 2011-10-14 | 2012-10-15 | Method for operating an it system, and it system |
Publications (1)
Publication Number | Publication Date |
---|---|
EP2766813A1 true EP2766813A1 (en) | 2014-08-20 |
Family
ID=47143849
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP12783147.7A Ceased EP2766813A1 (en) | 2011-10-14 | 2012-10-15 | Method for operating an it system, and it system |
Country Status (4)
Country | Link |
---|---|
US (1) | US9367297B2 (en) |
EP (1) | EP2766813A1 (en) |
DE (1) | DE102011084569B4 (en) |
WO (1) | WO2013053934A1 (en) |
Family Cites Families (35)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5487156A (en) * | 1989-12-15 | 1996-01-23 | Popescu; Valeri | Processor architecture having independently fetching issuing and updating operations of instructions which are sequentially assigned and stored in order fetched |
US8213431B2 (en) * | 2008-01-18 | 2012-07-03 | The Boeing Company | System and method for enabling wireless real time applications over a wide area network in high signal intermittence environments |
EP0706275B1 (en) * | 1994-09-15 | 2006-01-25 | International Business Machines Corporation | System and method for secure storage and distribution of data using digital signatures |
JP3730740B2 (en) * | 1997-02-24 | 2006-01-05 | 株式会社日立製作所 | Parallel job multiple scheduling method |
DE19716197A1 (en) * | 1997-04-18 | 1998-10-22 | Itt Mfg Enterprises Inc | Microprocessor system for safety-critical regulations |
DE19720618A1 (en) * | 1997-05-16 | 1998-11-19 | Itt Mfg Enterprises Inc | Microprocessor system for automotive control systems |
US6647301B1 (en) * | 1999-04-22 | 2003-11-11 | Dow Global Technologies Inc. | Process control system with integrated safety control system |
DE10008974B4 (en) * | 2000-02-25 | 2005-12-29 | Bayerische Motoren Werke Ag | signature methods |
US6792529B1 (en) * | 2000-04-11 | 2004-09-14 | Microsoft Corporation | Common feature mode for microprocessors in a multiple microprocessor system |
US7249247B2 (en) * | 2000-04-11 | 2007-07-24 | Microsoft Corporation | Common feature mode for microprocessors in a multiple microprocessor system |
JP2004514214A (en) | 2000-11-17 | 2004-05-13 | ビットフォン コーポレイション | System and method for updating and distributing information |
JP2002157137A (en) * | 2000-11-20 | 2002-05-31 | Nec Corp | Program updating system with communication function |
JP4276028B2 (en) * | 2003-08-25 | 2009-06-10 | 株式会社日立製作所 | Multiprocessor system synchronization method |
US7614055B2 (en) * | 2004-06-14 | 2009-11-03 | Alcatel-Lucent Usa Inc. | Selecting a processor to run an executable of a distributed software application upon startup of the distributed software application |
US9489496B2 (en) * | 2004-11-12 | 2016-11-08 | Apple Inc. | Secure software updates |
JP4448784B2 (en) * | 2005-03-15 | 2010-04-14 | 株式会社日立製作所 | Parallel computer synchronization method and program |
JP4471947B2 (en) * | 2005-04-28 | 2010-06-02 | Necエレクトロニクス株式会社 | Data processing apparatus and data processing method |
US9166904B2 (en) * | 2005-09-08 | 2015-10-20 | Cisco Technology, Inc. | Method and apparatus for transferring BGP state information during asynchronous startup |
DE102006023136A1 (en) * | 2006-05-17 | 2007-11-22 | Siemens Ag | Method and device for operating a digital tachograph and a data carrier |
US7925791B2 (en) * | 2006-07-17 | 2011-04-12 | The Math Works, Inc. | Recoverable error detection for concurrent computing programs |
JP5273045B2 (en) * | 2007-06-20 | 2013-08-28 | 富士通株式会社 | Barrier synchronization method, apparatus, and processor |
DE102007043262A1 (en) * | 2007-09-11 | 2009-03-12 | Continental Automotive Gmbh | Data processing device for an embedded system |
DE102007058163A1 (en) * | 2007-09-28 | 2009-04-23 | Continental Automotive Gmbh | Tachograph, toll-on-board unit, indicating instrument and system |
US8561052B2 (en) * | 2008-12-08 | 2013-10-15 | Harris Corporation | Communications device with a plurality of processors and compatibility synchronization module for processor upgrades and related method |
US8224885B1 (en) * | 2009-01-26 | 2012-07-17 | Teradici Corporation | Method and system for remote computing session management |
US10534644B2 (en) * | 2009-06-25 | 2020-01-14 | Wind River Systems, Inc. | Method and system for a CPU-local storage mechanism |
JP5428738B2 (en) * | 2009-10-16 | 2014-02-26 | 富士通株式会社 | Information processing apparatus and firmware update method |
JP5431111B2 (en) * | 2009-10-22 | 2014-03-05 | 株式会社日立製作所 | Information processing apparatus and system setting method |
DE102009051350A1 (en) * | 2009-10-30 | 2011-05-05 | Continental Automotive Gmbh | Method of operating a tachograph and tachograph |
DE102009056786A1 (en) * | 2009-12-03 | 2011-06-09 | Continental Automotive Gmbh | Mobile interface and system for controlling vehicle functions |
JP5494208B2 (en) * | 2010-05-12 | 2014-05-14 | 富士ゼロックス株式会社 | Image forming apparatus and control program therefor |
US20140157253A1 (en) * | 2011-03-31 | 2014-06-05 | Alcatel-Lucent India Limited | Retrofitting a processor cluster |
DE102011081421A1 (en) * | 2011-08-23 | 2013-02-28 | Siemens Ag | System for the secure transmission of data and procedures |
US8810454B2 (en) * | 2011-10-13 | 2014-08-19 | Microsoft Corporation | Power-aware tiered geofencing and beacon watchlists |
WO2013134959A1 (en) * | 2012-03-16 | 2013-09-19 | Qoros Automotive Co., Ltd. | Partial map updates |
-
2011
- 2011-10-14 DE DE102011084569.0A patent/DE102011084569B4/en active Active
-
2012
- 2012-10-15 EP EP12783147.7A patent/EP2766813A1/en not_active Ceased
- 2012-10-15 US US14/351,427 patent/US9367297B2/en not_active Expired - Fee Related
- 2012-10-15 WO PCT/EP2012/070362 patent/WO2013053934A1/en active Application Filing
Non-Patent Citations (1)
Title |
---|
See references of WO2013053934A1 * |
Also Published As
Publication number | Publication date |
---|---|
DE102011084569B4 (en) | 2019-02-21 |
WO2013053934A1 (en) | 2013-04-18 |
US20140298104A1 (en) | 2014-10-02 |
DE102011084569A1 (en) | 2013-04-18 |
US9367297B2 (en) | 2016-06-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE112014005412B4 (en) | Program update system and program update method | |
DE102019109672A1 (en) | CANCELLATION AFTER PARTIAL FAILURE IN MULTIPLE ELECTRONIC CONTROL UNITS BY OVER THE AIR UPDATE | |
EP1639603A2 (en) | Method for updating software of an electronic control device by flash programming via a serial interface and corresponding automatic state machine | |
DE112018006323T5 (en) | On-board update device, program and method for updating a program or data | |
DE112012005257T5 (en) | Control device and process monitoring method | |
EP2943748B1 (en) | Method and device for managing map data of a digital map for a navigation apparatus | |
WO2021233696A1 (en) | Method for the secure use of cryptographic material | |
EP3080950B1 (en) | Method and system for deterministic auto-configuration of a device | |
DE112013006868T5 (en) | Programmable logic control system and programmable logic controller | |
DE10340411B4 (en) | Device and method for the safe execution of a program | |
EP1792247B1 (en) | Method for operating a data transmission network using licence data and associated device network | |
DE102013021231A1 (en) | Method for operating an assistance system of a vehicle and vehicle control unit | |
EP2766813A1 (en) | Method for operating an it system, and it system | |
DE102021208459A1 (en) | Method for authentic data transmission between control units in a vehicle, arrangement with control units, computer program and vehicle | |
DE102021202935A1 (en) | Method and device for controlling a driving function | |
EP4018300A1 (en) | Configuration method for a railway signalling system and update system | |
DE102006024233B4 (en) | Method and apparatus for fault tolerance management of a software component | |
EP1953667A1 (en) | Interface monitoring device and method for monitoring an interface connection | |
DE102018209972A1 (en) | Method for updating software on a target device using an update device and method for processing a data packet and / or a differentiation information using a target device | |
DE102013202482A1 (en) | Error signal handling apparatus for use in electronic controller of heavy vehicle, has processing device outputting condition signal if error signal is received within given delay time, and otherwise omitting outputting of condition signal | |
DE102012221280A1 (en) | Data processing unit, control method and control program | |
EP3876123B1 (en) | Arrangement and operating method for a secure start-up of an electronic device | |
WO2023180069A1 (en) | Dynamic integrity monitoring of a container runtime environment executed on a host computer | |
EP4073650B1 (en) | Method for identifying and verifying control software of a rail vehicle | |
DE602005002485T2 (en) | Device for avoiding circuit errors in the presence of errors |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20140514 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
DAX | Request for extension of the european patent (deleted) | ||
17Q | First examination report despatched |
Effective date: 20150225 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R003 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20151017 |