EP4116944A1 - Steuereinheit und verfahren zum fernsteuern eines fahrtenschreibers - Google Patents

Steuereinheit und verfahren zum fernsteuern eines fahrtenschreibers Download PDF

Info

Publication number
EP4116944A1
EP4116944A1 EP22182196.0A EP22182196A EP4116944A1 EP 4116944 A1 EP4116944 A1 EP 4116944A1 EP 22182196 A EP22182196 A EP 22182196A EP 4116944 A1 EP4116944 A1 EP 4116944A1
Authority
EP
European Patent Office
Prior art keywords
tachograph
driver
vehicle
control unit
pairing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP22182196.0A
Other languages
English (en)
French (fr)
Inventor
Arne LOHAGE
Tobias GRUNDSTRÖM
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Scania CV AB
Original Assignee
Scania CV AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Scania CV AB filed Critical Scania CV AB
Publication of EP4116944A1 publication Critical patent/EP4116944A1/de
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C5/00Registering or indicating the working of vehicles
    • G07C5/008Registering or indicating the working of vehicles communicating information to a remotely located station
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C5/00Registering or indicating the working of vehicles
    • G07C5/08Registering or indicating performance data other than driving, working, idle, or waiting time, with or without registering driving, working, idle or waiting time
    • G07C5/0841Registering performance data
    • G07C5/085Registering performance data using electronic data carriers
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C5/00Registering or indicating the working of vehicles
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C5/00Registering or indicating the working of vehicles
    • G07C5/08Registering or indicating performance data other than driving, working, idle, or waiting time, with or without registering driving, working, idle or waiting time
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C7/00Details or accessories common to the registering or indicating apparatus of groups G07C3/00 and G07C5/00

Definitions

  • the present disclosure relates to techniques in the context of vehicles, and more specifically to methods, for use in a tachograph and in a control unit arranged in a vehicle, for remotely controlling the tachograph from the control unit.
  • the disclosure also relates to a control unit or tachograph configured to perform the corresponding methods, to a vehicle comprising the control unit, to a computer program and to a computer-readable medium.
  • Tachographs record information about driving time, speed and distance. Tachographs are used to make sure drivers and employers follow the rules on drivers' hours. Hence, the tachograph is a legal control unit in the sense that it is mandatory for vehicles to be equipped with such a unit (when not excluded from driver hours legislation). The driver is obliged to enter data into the tachograph, and it is currently done using buttons on the actual tachograph and viewing the display of the tachograph itself. It is well known that the user interface is not very user friendly and that many mistakes are made by the drivers when entering data into the tachograph.
  • the disclosure relates to a method for use in a control unit of a vehicle, for remotely controlling a tachograph arranged in the vehicle.
  • the method comprises communicating a pairing request and a pairing accept between the tachograph and the control unit to enter a paired state 202 where a secure connection is established between the tachograph and the control unit.
  • the method further comprises receiving, over the secure connection, a message identifying a driver card inserted in the tachograph, obtaining authentication data of a driver present in the vehicle, and authenticating the driver present in the vehicle by comparing the obtained authentication data with driver identity data of the inserted driver card obtained from a driver database.
  • the method finally comprises performing the steps of sending, over the secure connection, a verification confirming successful authentication of the driver present in the vehicle and entering a remote-control state in which the control unit is enabled to remotely control the tachograph via the secure connection, in response to the authenticating being successful.
  • the tachograph can be controlled from a user interface device of the vehicle, such as by an in-vehicle display. It will typically be a better alternative for the driver to use the in-vehicle display than a remote device. Hence, the driver may have a more friendly interface for some of the basic tachograph functions without direct interaction with the tachograph.
  • the driver present is authenticated it is assured that it is the holder of the driver card that also controls the tachograph.
  • communication between the tachograph and the vehicle can take place over the CAN, which is typically more secure than using a wireless connection like Bluetooth.
  • the obtaining authentication data comprises obtaining biometric authentication data of the driver using a sensor device arranged in the vehicle. In some embodiments the obtaining authentication data comprises receiving authentication data received via a user interface device arranged in the vehicle. Hence, man in the middle attacks are avoided as the driver identity is verified using hardware arranged in the driver cabin, using for example biometric authentication.
  • the obtaining authentication data comprises obtaining a driver profile of the driver present in the vehicle from the driver database, and applying the obtained driver profile when operating the tachograph in the remote-control state.
  • the applying comprises one or more of customizing display layout or customizing language setting based on the obtained driver profile of the authenticated driver.
  • control unit is in the remote-control state enabled to perform one or more functions associated with the tachograph from a user interface device arranged in the vehicle.
  • control unit is enabled to add, update, or delete a driver profile of the authenticated driver from the driver database, provide input to tachograph, control the tachograph to perform actions, such as ejecting driver card or starting printing, and/or display tachograph data on a user interface device arranged in the vehicle. Thereby, the driver does not need to interact directly with the tachograph.
  • the driver database is stored in the vehicle or in the control unit. In some embodiments a certain user permission level is required to add new drivers to the driver database. Hence, information about drivers that are authorized to drive the vehicle can be stored on-board or off-board and controlled for example by a vehicle manufacturer.
  • the communicated pairing request and/or the paring accept comprises an authenticated confirmation enabling the tachograph and/or the control unit to authorize the pairing. This enables the tachograph or control unit to evaluate any pairing request. Hence, pairing with untrusted devices is avoided.
  • the authenticated confirmation proves that pairing is performed using a certified tachograph pairing software and/or that pairing is approved by a user holding the certain user permission level. Hence, pairing may only be done by trusted user's such as by the vehicle manufacturer or authorized workshops.
  • the method comprises evaluating, based on the authenticated confirmation, whether pairing is allowed and entering a paired state in response to the evaluating indicating that pairing is performed using a certified tachograph pairing software and/or that pairing is approved by a user holding the certain user permission level. Hence, pairing can be rejected if initiated by others than the vehicle manufacturer or authorized service stations.
  • the communicating comprises sending, over the secure connection, a pairing accept in response to the evaluating indicating that pairing is allowed. Hence, the tachograph is informed that pairing is completed.
  • the method comprises detecting a first trigger to exit the remote-control state and re-entering the paired state in response to detecting the first trigger.
  • the remote state may be terminated for different reasons to avoid that the tachograph is remotely controlled when security is not confirmed.
  • the detecting the first trigger comprises one or more of receiving an instruction via a user interface device arranged in the vehicle, receiving, from the tachograph, a message indicating that a driver card has been removed, receiving a message from an off-board control device, and obtaining data, using a sensor arranged in the vehicle associated with driver presence in the vehicle.
  • the remote control may be automatically terminated when the driver leaves the vehicle.
  • the method comprises sending an instruction, over the secure connection, to exit the remote-control state, in response to detecting the first trigger.
  • the tachograph will then be informed such that the tachograph can also terminate the remote control.
  • the method comprises detecting a second trigger to exit the paired state entering an unpaired state in response to detecting the second trigger.
  • pairing may be terminated in different situations, for example when it is not secure to keep the pairing.
  • the detecting a second trigger comprises one or more of detecting interruption of the secure connection, receiving an instruction via a user interface device arranged in the vehicle, detecting expiry of a pairing timer, receiving message received from an off-board control device.
  • the pairing can be terminated when the connection is not verified or when a user, service centre or manufacturing instructs it.
  • pairing may be terminated in situations when security is jeopardised.
  • the method comprises sending, over the secure connection, an instruction to exit the paired state, in response to detecting the second trigger.
  • the tachograph will then be informed such that the tachograph can also enter the unpaired state.
  • the disclosure relates to a method for use in a tachograph arranged in a vehicle, for enabling remote control of the tachograph by a control unit of the vehicle.
  • the method comprises communicating a pairing request and a paring accept between the tachograph and the control unit to enter a paired state where a secure connection is established between the tachograph and the control unit.
  • the method also comprises sending a message identifying a driver card inserted in the tachograph over the secure connection and receiving, over the secure connection, a verification confirming successful authentication of a driver present in the vehicle.
  • the method further comprises entering a remote-control state in which remote the control unit is enabled to remotely control the tachograph via the secure connection, in response to receiving the message.
  • the disclosure relates to a computer program comprising instructions which, when the program is executed by a computer, cause the computer to carry out the method according to the first or second aspect.
  • the disclosure relates to a computer-readable medium comprising instructions which, when executed by a computer, cause the computer to carry out the method according to the first or second aspect.
  • the disclosure relates to a control unit configured to perform the method according to any one of the embodiments according to the first aspect.
  • the disclosure relates to a tachograph configured to perform the method according to any one of the embodiments according to the second aspect.
  • the disclosure relates to a vehicle comprising a tachograph according to the sixth aspect and/or the control unit according to the fifth aspect.
  • This disclosure is based on the insight that using a Bluetooth interface and a HMI originally intended for external devices, such as smartphones, may not be efficient to provide a good driver interface and working environment inside the cabin of a vehicle. Hence, this disclosure proposes solutions that further improve the driver interface and working environment for operating the tachograph from inside the cabin with maintained security.
  • DDU Digital Driver Unit
  • infotainment system and/or instrument cluster a digital Driver Unit
  • the proposed concept is based on the insight that by utilizing hardware arranged in the vehicle, security of the remote control can be assured. More specifically, the inventors have realized that if the control unit and the tachograph are paired to establish security and trust, it is possible to use hardware of the vehicle to authenticate the user to access the tachograph.
  • the methods involves pairing the control unit and the tachograph, for example over the CAN.
  • the pairing may be restricted such that it can only be performed by users having a certain competence, for example only by authorized service stations.
  • a secure connection is established between the tachograph and the control unit. This secure connection is not tied to one particular driver or driver card, but may be reused by several drivers.
  • the method further comprises authenticating, over the secure connection, a driver present in the vehicle, by comparing authentication data obtained using hardware in the vehicle with identity data corresponding to a driver card inserted in the tachograph. The driver is only allowed to control the tachograph from a user interface of the vehicle if such authentication is successful. However, no direct interaction between the driver and the tachograph, apart from inserting the driver card, is required.
  • identity data stored in a driver database which may be secure and/or anonym ized
  • the authentication is based on fingerprint detection, facial recognition, or similar biometric identification as a way (in addition to PIN code) to obtain biometric information before the driver is allowed to remotely control the tachograph with the DDU.
  • biometric identification a way (in addition to PIN code) to obtain biometric information before the driver is allowed to remotely control the tachograph with the DDU.
  • the driver can use for example a touch screen of a display or wheel buttons of the dashboard to control the tachograph.
  • security can be kept very high.
  • the proposed method considers security aspects relating to both the authenticity of the driver, the driver card, and the hardware.
  • Fig. 1 illustrates a vehicle 1, more specifically a truck, where the proposed technique may also be implemented.
  • the vehicle of Fig 1 is a manually operated vehicle 1.
  • the vehicle 1 is configured to be operated in an autonomous mode, where the vehicle can itself (e.g. under driver supervision) perform all driving tasks and monitor the driving environment.
  • the illustrated vehicle 1 of Fig. 1 comprises a control unit 10, a tachograph 20, a sensor device 30, a user interface device 40 and a driver database 50.
  • the vehicle 1 comprises a plurality of electrical systems and subsystems. For example, there are several Electrical Control Units, ECUs, connected to the vehicle controller area network, CAN.
  • ECUs Electrical Control Units
  • CAN vehicle controller area network
  • the tachograph 20 is one and the control unit 10 is another.
  • the control unit 10 is for example a DDU also known as the infotainment system and/or instrument cluster.
  • the DDU is an ECU that controls instrumentation that is typically displayed with a digital readout rather than with the traditional analogue gauges.
  • the control unit 10 is for example configured to control the user interface device 40.
  • the user interface device 40 may comprise a display and a data input mechanism, typically a touch screen.
  • the control unit 10 is configured to provide information to the driver and to receive input data from the driver via the user interface device 40.
  • the control unit is also configured to enable remote control of the tachograph 20 from the user interface device 40, as will be further explained in connection with the method of Fig. 4A and 4B .
  • the tachograph 20 is configured to measure the speed and driven distance, times (e.g. driving and resting time), position of the vehicle (e.g. using GNSS) and the driving status and driver's activities (e.g. driving/ loading/unloading).
  • the tachograph 20 typically also supports manual entry of data, for example specific conditions such as load/unload, start and end country, border crossing etc. may be manually entered. Tachographs also support manual entry of activity data such as work and resting time under controlled conditions.
  • a driver needs a driver card 21 (illustrated in Fig.5 ) to be allowed to drive this vehicle.
  • the driver card 21 comprises a driver identity of a corresponding driver.
  • Data recorded by the tachograph 20 is stored in internal memory and/or in the driver card 21. Data may also be displayed on a tachograph display or printed on paper. Furthermore, the tachograph 20 may detect events and faults and send warnings to the driver to warn about events and/or faults, such as that it is time to rest in accordance with national or regional regulations. The tachograph 20 is also configured to enable remote control of the tachograph 20 from the user interface device 40, as will be further explained in connection with the method of Fig.6 .
  • control unit 10 and the tachograph 20 are separate units, they are typically produced by different suppliers.
  • the control unit 10 and the tachograph 20 are configured to communicate over an interface, such as over the CAN.
  • the control unit 10 and the tachograph 20 are typically provided by digital certificates that enables encryption and authentication.
  • a digital certificate is an electronic document used to prove the ownership of a public key.
  • Digital certificates typically include a certified public key, identifying information about the entity that owns the public key, metadata relating to the digital certificate and a digital signature of the public key created by the issuer of the certificate.
  • the control unit 10 and the tachograph 20 may also be pre-configured by information about trusted units that they are allowed to connect to or to be paired with. For example, the tachograph may be pre-configured with a root certificate of a vehicle manufacturer, whereby it will consider all vehicles that have a certificate generated from this root certificate as trusted.
  • the sensor device 30 is configured to obtain biometric authentication data of the driver 2.
  • the sensor device 30 is for example a camera configured to enable face or iris detection or similar.
  • the sensor device 30 is a fingerprint sensor or other biometric sensor.
  • the driver database 50 comprises information about drivers that are authorized to drive the vehicle 1.
  • the driver database comprises driver name, driver card number, index of card number etc.
  • the driver database 50 also comprises authentication data of the drivers, such as PIN codes or biometric info, that enables authentication.
  • the driver database 50 also comprises driver specific settings, such as for example, display layout and driver selected language. The driver specific settings enable the possibilities to have a nice and user-friendly environment for the driver when remotely controlling the tachograph.
  • the database 50 is typically associated with certain access restrictions.
  • a certain user permission level is required to add new drivers to the driver database 50.
  • only trusted users are allowed to add users to the database.
  • the permission level is for example granted on a certificate of a user.
  • the permission is typically granted by a manufacturer of the vehicle 1 or similar, whereby access to the database 50 may be controlled. For example, only an authorized service station (holding a certain certificate) is allowed to add new drivers to the database.
  • Once a driver is added to the data base 50 the driver may be allowed to edit her/his own profile.
  • update of the database need to be done when the driver 2 has proved for the control unit 10 that it is the correct person who is in the driver seat. This is done either by biometric identification or PIN code and cross-referencing to the driver card ID number.
  • an authenticated driver 2 is permitted to modify her/his own user profile.
  • the driver database 50 is stored in the control unit 10. However, in alternative embodiments it is stored in elsewhere the vehicle 1 or off-board.
  • Fig. 2 is a state diagram illustrating different states of a connection between a control unit 10 and a tachograph 20.
  • the connection will have a state, and consequently both the tachograph 20 and the control unit 10 will also be assigned this state.
  • the connection will typically be in an unpaired state 201, where no secure connection is established between the control unit 10 and tachograph 20.
  • the tachograph will not accept any (or only a few) remote-control requests that come from the control unit 10.
  • the tachograph may send data to the control unit 10, but only data that does not require security.
  • connection Upon successful pairing, the connection will transition to a paired state 202, in which a secure connection has been established between the control unit 10 and the tachograph 20, but where remote control is not enabled, for example, because no driver card is inserted, or because the driver has not been authenticated.
  • a secure connection is for example a connection that is encrypted by one or more security protocols to ensure the security of data flowing between two or more nodes.
  • the connection is secure in the sense that both parties are authenticated, whereby it is assured that information comes from the authenticated sender.
  • the connection may transition to a remote-control state 203 (also referred to as a remote display mode), where the control unit 10 is able to remotely control the tachograph 20. This is done when a driver card 21 is inserted in the tachograph 20 and the driver present in the cabin 3 ( Fig. 1 ) is authenticated, as will be further described below.
  • the control unit 10 is enabled to perform one or more functions associated with the tachograph 20 from a user interface device 40 arranged in the vehicle 1.
  • the driver may provide input to tachograph 20, control the tachograph 20 to perform actions, such as ejecting driver card 21 or starting printing or displaying tachograph data on a user interface device 40 arranged in the vehicle 1.
  • the display function may here include protected user information that was not shown in other states 201, 202.
  • the database 50 could possibly be reached from the user interface device 40.
  • At least the driver 2 may be allowed to update her/his driver profile.
  • the driver may change language or layout.
  • the driver may also be allowed to delete her/his driver profile from the driver database 50.
  • the state of the connection may change back to the paired 202 or unpaired state 201, for example when a driver 2 leaves the vehicle 1 (and consequently removes the driver card 21) or due to security reasons that trigger unpairing.
  • Fig. 3A and 3B illustrates signaling between a tachograph and a control unit 10 arranged in a vehicle.
  • Fig. 4A and 4B are flow charts of the method for remotely controlling a tachograph arranged in the vehicle according to the first aspect.
  • Fig. 6 is a flowchart of the method, for use in a tachograph 20, for enabling remote control of the tachograph 20 by a control unit 10 of the vehicle 1 according to the second aspect.
  • the proposed methods may be implemented as a computer program comprising instructions which, when the program is executed by a computer (e.g. a processor in the control unit 10 or tachograph 20), cause the computer to carry out the method.
  • a computer e.g. a processor in the control unit 10 or tachograph 20
  • the computer program is stored in a computer-readable medium (e.g. a memory or a compact disc) that comprises instructions which, when executed by a computer, cause the computer to carry out the method.
  • the first part of the proposed methods relates to pairing the control unit 10 and the tachograph 20. This corresponds to a state transition from the unpaired state 201 to the paired state 202.
  • the control unit 10 and the tachograph 20 communicate with each other through an established connection. This implies that the devices have verified each other's identity using for example certificate exchange, which excluded pairing with untrusted devices.
  • the established connection may be encrypted, encoded or verified in any suitable manner, such that no external party can read or change data that is communicated.
  • Paring is typically initiated when either the control unit 10 or the tachograph 20 sends S11, S21 a pairing request.
  • the communication between the tachograph 20 and the control unit 20, typically takes place over the CAN, which is more secure than a wireless interface.
  • the pairing could be initiated either by the control unit 10 or by the tachograph 20.
  • the pairing request is either transmitted S21 by the control unit 10, or it is transmitted S11 by the tachograph 20.
  • the other party then receives and evaluates S12, S22 the pairing request. Pairing is completed when a pairing accept is transmitted S13, S23.
  • the control unit 20 and the tachograph enters S14, S24 the paired state 202.
  • the method for use in a control unit comprises communicating S21, S23 a pairing request and a pairing accept between the tachograph 20 and the control unit 10 to enter a paired state 202 where a secure connection is established between the tachograph 20 and the control unit 10.
  • the method for use in a tachograph comprises communicating S21, S23 a pairing request and a paring accept between the tachograph 20 and the control unit 10 to enter a paired state 202 where a secure connection is established between the tachograph 20 and the control unit 10.
  • the pairing procedure may in addition involve exchanging further messages in addition to the pairing request and pairing accept depending on implementation.
  • pairing is performed by a manufacturer before the vehicle 1 is put into use.
  • the pairing may the performed by an authorized service station, for example if the tachograph 20 is updated or exchanged.
  • the control unit 10 and/or the tachograph 20 may want to ascertain that pairing is allowed. In other words, that it is initiated by someone that has authority or permission. Permission may be assigned to digital certificates. This may be achieved by including authentication or authorization information in the pairing request and/or in the pairing response (or in an intermediate message).
  • the authentication information may be a signature or similar generated for example by certain software or a signature that is tied to a user identity, for example using a digital certificate that is granted the permission to perform tachograph pairing.
  • the communicated pairing request and/or the paring accept comprises an authenticated confirmation enabling the tachograph 20 and/or the control unit 10 to authorize the pairing.
  • the authentication may be a signature or symbol sequence or similar.
  • the authenticated confirmation proves that pairing is performed using a certified tachograph pairing software and/or that pairing is approved by a user holding the certain user permission level. In this way it is assured that the tachograph 20 is only paired by trusted control units 10.
  • the method for use in a control unit comprises evaluating S22, based on the authenticated confirmation, whether pairing is allowed and entering S24 a paired state 202 in response to the evaluating S22 indicating that pairing is performed using a certified tachograph pairing software and/or that pairing is approved by a user holding the certain user permission level.
  • the communicating comprises sending S23, over the secure connection, the pairing accept in response to the evaluating S22 indicating that pairing is allowed.
  • the method for use in a tachograph comprises evaluating S12, based on the authenticated confirmation, whether pairing is allowed and entering S14 a paired state 202 in response to the evaluating S12 indicating that pairing is performed using a certified tachograph pairing software and/or that pairing is approved by a user holding the certain user permission level.
  • the communicating comprises sending S13, over the secure connection, the pairing accepts in response to the evaluating S12 indicating that pairing is allowed.
  • the control unit 10 and the tachograph 20 are now paired and trust is established. This means that the tachograph considers the vehicle as trusted.
  • the second part of the proposed methods relates to verifying that the user that tries to control the tachograph 20 is actually a driver 2 present in the cabin 3 of the vehicle 1 and not someone else. The second part is for example initiated when a driver 2 inserts a driver card 21 in the tachograph 20.
  • the method for use in a tachograph 20 comprises detecting S15 that a driver card 21 has been inserted and sending S16 a message identifying the driver card 21 inserted in the tachograph 20 over the secure connection.
  • the method for use in a control unit ( Fig.
  • 4A , 4B comprises receiving S25, over the secure connection, a message identifying a driver card 21 inserted in the tachograph 20.
  • the message comprises for example a driver card identity or an identity number of the driver or any other information suitable to indicative of an identity of the driver 2.
  • the method for use in a control unit 10 comprises obtaining S26 authentication data of a driver present in the vehicle 1.
  • the authentication data may be either some data, for example a PIN, inserted using an input interface 40, such as a keyboard or touch screen.
  • the obtaining S26 authentication data comprises receiving S26b authentication data received via a user interface device 40 arranged in the vehicle 1.
  • biometric data may be used.
  • the obtaining S26 authentication data comprises obtaining S26a biometric authentication data of the driver using a sensor device 30 arranged in the vehicle 1.
  • the biometric data may be any feasible biometric data such as fingerprint data, face data, iris data.
  • the obtained authentication data is then compared with identity data stored in the data base 50.
  • driver identity data corresponding to the driver identity received from the tachograph 20 is obtained S27 (i.e. retrieved or read out) from the database 50.
  • a PIN inserted by a driver is compared with a PIN stored in the database.
  • a fingerprint provided by the driver present is compared with prerecorded user templates stored in the database 50.
  • the method for use in a control unit 10 comprises authenticating S28 the driver 2 present in the vehicle 1 by comparing the obtained authentication data with driver identity data of the inserted driver card obtained S27a from a driver database 50. In this way it is assured that the driver 2 present in the cabin 3 is the holder of the tachograph card 21 inserted in the tachograph 20.
  • the database 50 comprises more data in addition to the user identity data.
  • a driver profile of the driver is stored.
  • the method for use in a control unit 10 comprises obtaining S27b a driver profile of the driver 2 present in the vehicle from the driver database 50.
  • the control unit 10 informs the tachograph and activates the remote control. If authentication is unsuccessful, the method stops. Possibly the control unit 10 informs the tachograph 20 about the authentication failure. In any case a message may be displayed on the user interface device 50 to inform the user about the outcome.
  • the method for use in a control unit 10 comprises in response to the authenticating S28 being successful, performing the steps of sending S29, over the secure connection, a verification confirming successful authentication of the driver 2 present in the vehicle and entering S210 a remote-control state 203 in which the control unit 10 is enabled to remotely control the tachograph via the secure connection. In the same way the method for use in a tachograph ( Fig.
  • Example functions that a driver may access when remote control is enabled are for example "manual entries" as defined in the tachograph legislation, starting a printout, eject driver card 21 from the tachograph 20 and so on.
  • a user interface of the tachograph is presented on a user interface device 40 (for example a dashboard) of the vehicle 1.
  • the layout of the user interface can be customized based on a driver profile stored in the database 50.
  • the method for use in a control unit 10 comprises applying S211 the obtained driver profile when operating the tachograph in the remote-control state.
  • the applying S211 may comprise customizing display layout or customizing language setting based on the obtained driver profile of the authenticated driver.
  • the third part of the proposed methods (which continue in Fig. 3B , 4B ) relates to exiting the remote-control state 203 or the paired state 202. This may be done for different reasons. In other words, there may be different triggers that causes the control unit 10 or tachograph 20 to determine that remote control shall be ended or to unpair the control unit 10 and the tachograph 20. In some cases, the reason is that the driver 2 has left the vehicle 1. In such a situation the connection will typically re-enter the paired state 202 until a new driver 2 arrives. In other situations, for example if a software conflict indicative of a security threat is discovered, the connection may re-enter the unpaired state 201 in order to interrupt all communication associated with sensitive information.
  • the method for use in a control unit 10 comprises detecting S212 a first trigger to exit the remote-control state 203 and exiting S214 the remote-control state 203 response to detecting the first trigger.
  • the detected first trigger comprises receiving an instruction via a user interface device 40 arranged in the vehicle 1 or receiving S213, a message from the tachograph 20.
  • the message indicates for example that a driver card 21 has been removed.
  • the absence of a driver 2 is detected by the vehicle 1 itself, for example based on sensor data.
  • sensor data may indicate that the driver 2 has not been present for a predetermined amount of time or that another driver is identified who tries to use someone else's driver card. This might alone trigger the remote control to be interrupted immediately.
  • a warning may be sent to an off-board system for security reasons.
  • the off-board system may consider the driver card as "stolen” or "misused” and deletion of the driver from driver databases of other vehicles may be initiated.
  • the first trigger comprises obtaining data, using a sensor device 30 arranged in the vehicle 1 and associated with driver presence in the vehicle 1.
  • the first trigger may also comprise receiving a message from an off-board control device 60, for example from an off-board control device 60, such as a manufacturer server, that the remote control shall be terminated.
  • the method for use in a control unit 10 comprises sending S213 an instruction, over the secure connection, to exit the remote-control state, in response to detecting S212 the first trigger.
  • the method for use in a tachograph comprises receiving S19 an instruction, over the secure connection, to exit the remote-control state, and exiting S110, the remote-control state 203 in response to receiving S19 the message. The tachograph will then enter the paired state 202 or the unpaired state 201.
  • the remote control may also be terminated by the tachograph 20, for example by a user pushing a button on the tachograph 20.
  • the second trigger comprises receiving S19 an instruction from the tachograph 20, to exit the paired state, and re-entering the unpaired state.
  • the method for use in a tachograph comprises sending S216 an instruction, over the secure connection, to exit the paired state, and re-entering the unpaired state.
  • connection may also be triggered to exit the paired state 202.
  • the method for use in a control unit 10 comprises detecting S215 a second trigger to exit the paired state 202 entering S217 the unpaired state 202 in response to detecting the second trigger.
  • the second trigger comprises for example detecting interruption of the secure connection or detecting expiry of a pairing timer.
  • the second trigger comprises receiving message received from an off-board control device 60.
  • an off-board control device 60 For example, a manufacturer or other external party has discovered a possible attack or other security risk and therefore the connection should be interrupted and re-established.
  • the unpairing may also be initiated by a user.
  • the second trigger comprises receiving an instruction via a user interface device 40 arranged in the vehicle 1.
  • the method for use in a control unit 10 comprises sending S216, over the secure connection, an instruction to exit the paired state 202, in response to detecting S215 the second trigger.
  • the method for use in a tachograph comprises receiving S111 an instruction, over the secure connection, to exit the paired state, and re-entering S112, the unpaired state 201 in response to receiving S111 the message.
  • the unpairing may also be initiated by the tachograph 20, for example using a button on the tachograph 20.
  • the second trigger comprises receiving S111 an instruction from the tachograph.
  • the method for use in a tachograph comprises sending S216 an instruction, over the secure connection, to exit the paired state, and re-entering the unpaired state.
  • Fig. 5 illustrates a control unit 10 according to the fourth aspect in more detail and connected devices.
  • the control unit 10 is a "unit" in a functional sense.
  • the control unit 10 is a control arrangement comprising several physical control units (for example several ECUs) that operate in corporation.
  • the control unit 10 comprises one or more ECUs.
  • An ECU is basically a digital computer that controls one or more electrical systems (or electrical sub systems) of the vehicle 1 based on e.g. information read from sensors 13 and meters 14 placed at various parts and in different components of the vehicle 1.
  • ECU is a generic term that is used in automotive electronics for any embedded system that controls one or more functions of the electrical system or sub systems in a transport vehicle.
  • the vehicle 1 typically comprises a plurality of ECUs that communicate over a Controller Area Network, CAN, which in the future might be replaced by for example ethernet based solutions.
  • CAN Controller Area Network
  • at least some parts of the control unit 10 are implemented off-board.
  • the control unit 10, or more specifically the processor 101 of the control unit 10, is configured to cause the control unit 10 to perform all aspects of the method for use in a control unit 10 described above and below. This is typically done by running computer program code stored in the data storage or memory 102 in the processor 101 of the control unit 10.
  • the data storage 102 may also be configured to store semi-static vehicle parameters such as vehicle dimensions.
  • the control unit 10 may also comprise a communication interface 103 for communicating with other control units of the vehicle and/or with external systems.
  • the communication interface comprises a CAN bus and a wireless communication interface (such as a modem) using standard wireless and telecommunication techniques e.g. protocols standardized by 3GPP.
  • the communication interface enables communication with the tachograph 20, the sensor device 30, the user interface device 40 and the database (if not included in the control unit 10), typically over the CAN bus.
  • the communication interface may also be configured to enable communication with an off-board control device 60.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Time Recorders, Dirve Recorders, Access Control (AREA)
  • Traffic Control Systems (AREA)
EP22182196.0A 2021-07-05 2022-06-30 Steuereinheit und verfahren zum fernsteuern eines fahrtenschreibers Pending EP4116944A1 (de)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
SE2150872A SE545029C2 (en) 2021-07-05 2021-07-05 Control unit and method for remotely controlling a tachograph

Publications (1)

Publication Number Publication Date
EP4116944A1 true EP4116944A1 (de) 2023-01-11

Family

ID=82458763

Family Applications (1)

Application Number Title Priority Date Filing Date
EP22182196.0A Pending EP4116944A1 (de) 2021-07-05 2022-06-30 Steuereinheit und verfahren zum fernsteuern eines fahrtenschreibers

Country Status (2)

Country Link
EP (1) EP4116944A1 (de)
SE (1) SE545029C2 (de)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2426363A (en) * 2005-05-20 2006-11-22 Digy Holdings Ltd Digital tachograph system
US20080244735A1 (en) * 2005-11-18 2008-10-02 Fredrik Callenryd Identification and Computer Login of an Operator of a Vehicle

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2498742A (en) * 2012-01-25 2013-07-31 Haul It Nationwide Ltd Personal activity recording terminal and personnel management system
EP3349135A1 (de) * 2017-01-16 2018-07-18 DURA Automotive Holdings U.K., Ltd. Methode gestützt auf einen biometrischen authentisierungsprozess zur authorisierung eines fahrers, mindestens ein system des fahrzeugs zu aktivieren
US11084461B2 (en) * 2019-02-15 2021-08-10 Ford Global Technologies, Llc Vehicle data protection
GB2581533A (en) * 2019-02-25 2020-08-26 Continental Automotive Gmbh Method for authenticating a user to a digital tachograph of a vehicle by means of a mobile device, digital tachograph, mobile device and data base device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2426363A (en) * 2005-05-20 2006-11-22 Digy Holdings Ltd Digital tachograph system
US20080244735A1 (en) * 2005-11-18 2008-10-02 Fredrik Callenryd Identification and Computer Login of an Operator of a Vehicle

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ANONYMOUS: "Appendix 13 (ITS Interface) of Commission Implementing Regulation (EU) 2016/799 - consolidated text version 26-02-2020", >M1 COMMISSION IMPLEMENTING REGULATION) 02016R0799 - EN - 26, 26 February 2020 (2020-02-26), pages 31022020 - 2001, XP055977646, Retrieved from the Internet <URL:https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:02016R0799-20200226&from=EN> [retrieved on 20221103] *

Also Published As

Publication number Publication date
SE2150872A1 (en) 2023-01-06
SE545029C2 (en) 2023-03-07

Similar Documents

Publication Publication Date Title
CN109727358B (zh) 基于蓝牙钥匙的车辆分享系统
US11823509B2 (en) Method and system for securely authenticating an electronic device to a vehicle
US9064101B2 (en) Methods and systems for authenticating one or more users of a vehicle communications and information system
JP6827918B2 (ja) 生体情報に基づいて、ユーザの車両へのアクセスを容易にするためのシステムと方法
CN109830018B (zh) 基于蓝牙钥匙的车辆借用系统
US11167723B2 (en) Method for access management of a vehicle
CA2904947A1 (en) Vehicle occupant authentication system
JP2007210457A (ja) 車両自動設定装置及び設定方法
CN107026833A (zh) 用于授权机动车辆中的软件更新的方法
US11104299B2 (en) Electronic car key and communication system
EP2757533B1 (de) System und Verfahren zur Online-Verfolgung von Fahrstunden mit elektronischer Signatur
US10277404B2 (en) Communication system for the detection of a driving license
CN111831985A (zh) 利用身份识别设备提供车队系统的方法和装置
EP3907673A1 (de) Autorisierung von fahrzeugreparaturen
JP2005081995A (ja) 車載端末装置及び車両の運行管理システム
US20180307825A1 (en) Device, system, and method for secure replication of vehicle access devices
EP4116944A1 (de) Steuereinheit und verfahren zum fernsteuern eines fahrtenschreibers
CN111797376A (zh) 自动更新数据保存的自动废止期限的车辆生物识别系统
CN113763603B (zh) 信息处理装置、方法、计算机可读存储介质及便携终端
US20210158633A1 (en) Automatically tracking personal and business use of a vehicle
KR20230107350A (ko) 차량으로 비밀을 생성하는 방법 및 차량

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230516

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20230711

RBV Designated contracting states (corrected)

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR