WO2013056797A2 - Dispositif de transmission et procédé de transmission sûre d'un signal de capteur à une cible de transmission, ainsi que véhicule automobile - Google Patents

Dispositif de transmission et procédé de transmission sûre d'un signal de capteur à une cible de transmission, ainsi que véhicule automobile Download PDF

Info

Publication number
WO2013056797A2
WO2013056797A2 PCT/EP2012/004257 EP2012004257W WO2013056797A2 WO 2013056797 A2 WO2013056797 A2 WO 2013056797A2 EP 2012004257 W EP2012004257 W EP 2012004257W WO 2013056797 A2 WO2013056797 A2 WO 2013056797A2
Authority
WO
WIPO (PCT)
Prior art keywords
transmission
sensor signal
sensor
transmission path
designed
Prior art date
Application number
PCT/EP2012/004257
Other languages
German (de)
English (en)
Other versions
WO2013056797A3 (fr
Inventor
Reinhard Hofmann
Stanislav Lincer
Original Assignee
Audi Ag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Audi Ag filed Critical Audi Ag
Publication of WO2013056797A2 publication Critical patent/WO2013056797A2/fr
Publication of WO2013056797A3 publication Critical patent/WO2013056797A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H03ELECTRONIC CIRCUITRY
    • H03MCODING; DECODING; CODE CONVERSION IN GENERAL
    • H03M13/00Coding, decoding or code conversion, for error detection or error correction; Coding theory basic assumptions; Coding bounds; Error probability evaluation methods; Channel models; Simulation or testing of codes
    • H03M13/03Error detection or forward error correction by redundancy in data representation, i.e. code words containing more digits than the source words
    • H03M13/05Error detection or forward error correction by redundancy in data representation, i.e. code words containing more digits than the source words using block codes, i.e. a predetermined number of check bits joined to a predetermined number of information bits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/004Arrangements for detecting or preventing errors in the information received by using forward error control
    • H04L1/0056Systems characterized by the type of code used
    • H04L1/0057Block codes
    • HELECTRICITY
    • H03ELECTRONIC CIRCUITRY
    • H03MCODING; DECODING; CODE CONVERSION IN GENERAL
    • H03M13/00Coding, decoding or code conversion, for error detection or error correction; Coding theory basic assumptions; Coding bounds; Error probability evaluation methods; Channel models; Simulation or testing of codes
    • H03M13/03Error detection or forward error correction by redundancy in data representation, i.e. code words containing more digits than the source words
    • H03M13/05Error detection or forward error correction by redundancy in data representation, i.e. code words containing more digits than the source words using block codes, i.e. a predetermined number of check bits joined to a predetermined number of information bits
    • H03M13/13Linear codes
    • H03M13/15Cyclic codes, i.e. cyclic shifts of codewords produce other codewords, e.g. codes defined by a generator polynomial, Bose-Chaudhuri-Hocquenghem [BCH] codes
    • H03M13/151Cyclic codes, i.e. cyclic shifts of codewords produce other codewords, e.g. codes defined by a generator polynomial, Bose-Chaudhuri-Hocquenghem [BCH] codes using error location or error correction polynomials
    • H03M13/1515Reed-Solomon codes

Definitions

  • the invention relates to a transmission device and a method for the secure transmission of a sensor signal of a sensor to a transmission signal that evaluates and / or processes the sensor signal over a transmission path.
  • the invention relates to a motor vehicle with such a transmission device.
  • sensor data for further processing is frequently transmitted as a sensor signal to a transmission target which evaluates and / or processes the sensor signal, for example a control device or directly an actuator.
  • a transmission target which evaluates and / or processes the sensor signal
  • the demands on the reliability and safety of the transmission of the sensor signal increase.
  • a battery management system in a motor vehicle.
  • high-voltage batteries such as those used in hybrid and electric vehicles, usually have permissible operating intervals for operating variables, for example the temperature and the voltage. Outside these allowable operating intervals, problems can occur. Consequently, the operating variables are measured, transmitted to a control unit and evaluated. From the evaluation results in a corresponding control of the battery or other components of the battery management system. It is inevitably important that the integrity and reliability of the sensor signal is ensured.
  • a transmission path is provided which at least partially
  • CONFIRMATION COPY Bus for example, a CAN bus includes.
  • the sensor signal is picked up by the sensor and fed first, in particular after digitization via an analog-to-digital converter (ADC), to a processing chain which comprises at least the CAN transceiver (or other bus transceiver) designed as software means within the sensor control device.
  • ADC analog-to-digital converter
  • the data are transferred to the bus, in particular the CAN bus, in order to be received in the transmission destination, in particular a further control unit, by another CAN transceiver (or in general a bus transceiver).
  • the processing or evaluation then follows via further software means.
  • the invention is therefore based on the object of specifying a possibility for increasing the transmission reliability to the transmission target, which does not place such high demands on the sensor-side software.
  • a sensor-side Hardware encoding means are provided at the beginning of the transmission path and a transmission destination decoding device at the end of the transmission path, wherein the encoding means for impressing at least one safety information on the sensor signal and the decoding device for extracting and checking the safety information and for detecting a faulty transmission in a deviation indicative review formed is.
  • the safety information is dependent on the sensor data contained in the sensor signal, which adds a redundancy to the signal.
  • An example of such security information is a checksum, which will be discussed in more detail below.
  • the coding device is designed as a modulator and the decoding device as a demodulator. Modulators and demodulators are widely available and inexpensive as hardware components. It is preferred in this case if the coding device is designed for pulse width modulation of the sensor signal. In this case, therefore, a PWM generator is provided, which is excited by the sensor signal and generates a pulse-width-modulated sensor signal which represents the value of the measured, in particular of the still analog sensor signal.
  • the frequency of the pulse-width-modulated sensor signal forms the additionally existing safety information, that is, the decoding device, in this case the demodulator, checks whether a correct pulse-width-modulated sensor signal is present on the basis of the modulation frequency.
  • the coding device is designed as a checksum means adding a checksum as security information and / or a coding means based on a Reed-Solomon code which is connected downstream of an analog-to-digital converter for the sensor signal.
  • a checksum can be added to the sensor signal as safety information, for example by using an FPGA designed to determine and add the checksum as the coding device or concrete checksum means.
  • Reed-Solomon codes are basically known coding methods that work with blocks of symbols, which usually consist of eight bits each. Reed-Solomon codes offer good error correction properties and relatively simple decoding algorithms exist. With this type of coding, however, it should be noted that a digital sensor signal must be present, thus the function of an analog-to-digital converter (ADC) can not be checked, so that a reliable ADC should be used here.
  • ADC analog-to-digital converter
  • a second transmission path from the sensor to the transmission destination is provided for transmitting the uncoded sensor signal. It is therefore proposed to transmit the uncoded signal as well.
  • the decoding device is designed to further check the transmission by comparing the uncoded sensor signal with the decoded sensor signal. This means that the uncoded sensor signal can be used for a plausibility check.
  • it is particularly advantageous for the additional uncoded transmission of the sensor signal that, for special applications, additional delays in state transitions of the sensor signal, which can occur due to the coding / decoding, are avoided.
  • the activation and deactivation of a headlight as a function of a sensor signal so the switching from "light off” to "light on” is not critical. Because “light on” is a safer state than "light off”. Thus, the uncoded, directly transmitted sensor signal can also be used directly here, and a faster reaction can be made possible. However, when it comes to the transition "light on” to "light off", a higher reliability of the sensor signal is required after, for example, a night driving disabling the headlights would be unfavorable and less secure. For this transition, therefore, the transmitted with the safety information, checked sensor signal is used in each case.
  • the decoding device is designed as a software means which corresponds in particular to a safety-related standard.
  • the further processing and / or evaluation of the sensor signal to take place anyway higher demands on the functional safety are made and the local software is basically robust and reliable developed, for example according to a certain ASIL level
  • this can also be implemented for the decoding device as a software means.
  • each software means of the transmission target that is to say in particular a control device and / or an actuator, is designed according to this standard. This is often a requirement for controllers that all software agents meet the same ASIL security level or the like.
  • the transmission link is a bus, in particular a CAN bus or a FlexRay bus or a LIN bus.
  • bus systems are often used in motor vehicles to exchange data between different vehicle systems or software devices.
  • the present invention relates to a motor vehicle, comprising at least one sensor receiving a sensor signal, a transmission destination for the sensor data, in particular a control device and / or an actuator, and a transmission device according to the invention.
  • All statements regarding the transmission device according to the invention can be analogously transferred to the motor vehicle according to the invention, so that even with this said advantages can be achieved.
  • the sensor may be, for example, a temperature sensor and / or a voltage sensor for a high-voltage battery and / or individual cells of a high-voltage battery and the transmission target to a controller for a battery management system.
  • other critical transmission links within the motor vehicle according to the inventive ausgestaltbar are examples of critical transmission links within the motor vehicle according to the inventive ausgestaltbar.
  • the concept of the sensor in the context of the method according to the invention can be widely understood as any device that receives a sensor signal by a type of measurement, for example, communication devices or the like, the example wireless transmission as the Sensor signal received.
  • the transmission target in particular a control unit, can be designed to directly evaluate the uncoded sensor signal, if it is with regard to switching is evaluated in a safe operating mode and / or a safe operating state. This has already been explained in more detail with regard to the transmission device.
  • the present invention also relates to a method for the secure transmission of a sensor signal of a sensor to a sensor signal evaluating and / or processing transmission destination over a transmission path, which is characterized in that at the beginning of the transmission path by a hardware encoding device at least one safety information on the sensor signal is impressed and at the end of the transmission path by a decoding device, the security information is extracted and checked, wherein in a deviation of the security information indicating check a faulty transmission is detected.
  • the transmission target and / or actuators controlled by the transmission target on the basis of the sensor signal are switched to a safe operating mode and / or a safe operating state.
  • the uncoded sensor signal is transmitted to the transmission destination via a second transmission path, the uncoded sensor signal being evaluated directly at the transmission destination when it is evaluated with regard to switching to a safe operating mode and / or a safe operating state becomes.
  • this procedure can lead to a faster response given certain state changes leading to safe states on account of the sensor signal.
  • FIG. 1 is a schematic diagram of a motor vehicle according to the invention
  • Fig. 2 is a schematic diagram of a transmission device according to the invention.
  • Fig. 3 is a schematic diagram of the alternative realization of a coding.
  • FIG. 1 shows a schematic diagram of a motor vehicle 1 according to the invention. It is a hybrid vehicle which has a high-voltage battery 2, to which a battery management system 3 is assigned.
  • the high-voltage battery 2 comprises a plurality of lithium-ion cells whose operating state is constantly checked by the battery management system 3.
  • temperature sensors 4 and voltage sensors 5 are provided, of which only one is shown for the sake of simplicity. Of course, other sensors can be provided.
  • the data of the sensors 4, 5 are to be evaluated in a central control unit 6 of the battery management system 3. Consequently, the sensor signals recorded by the sensors 4, 5 must be transmitted to the control unit 6 as transfer destination as reliably and error-free as possible.
  • respective transmission devices 7 according to the invention are provided for the sensors 4, 5, which are to be explained in more detail with regard to FIG. 2.
  • FIG. 2 therefore shows a schematic diagram of essential components of the transmission device 7 in the example of the temperature sensor 4. This is obviously associated with a separate control unit 8, which is connected via a CAN bus 9 as part of the transmission path 10.
  • a coding device 11 in the present case a modulator 12, is provided on the sensor side in the control unit 8.
  • the modulator 12 is a pulse width modulation generator (PWM generator), which converts the measured sensor signal into a pulse width modulated sensor signal having a specific frequency.
  • PWM generator pulse width modulation generator
  • the modulator 12 is implemented entirely as hardware.
  • the pulse width modulated sensor signal is then forwarded according to the arrow 13 to the non-safety-critical to be implemented software 14 of the control unit 8 of the sensor 4.
  • the software 14 includes in particular a CAN transceiver, which prepares the data for transport via the CAN bus 9 and transfers it to the CAN bus 9.
  • the transmission path 10 can thus be provided as a so-called “gray channel”, ie a non-safety-critical communication connection between two modules, here the coding device 1 and the to be discussed later decoding device 18, which are regarded as safety-critical.
  • Data sent via a "gray channel” can be influenced by errors within the transmission path 10, so that these errors must be decoded on the basis of the safety-related receiver, in this case specifically the decoding device 18.
  • a corresponding receiving software 15 queries the pulse width modulated sensor signal from the CAN bus 9 and also includes a CAN transceiver. From there, the pulse-width-modulated received sensor signal according to the arrow 6 is forwarded to a demodulator 17 implemented as a software means, which consequently forms the decoding device 18.
  • control unit 6 all software means of the control unit 6 have been developed according to a safety standard that applies to the entire control unit 6 except the transmission path 10, in particular an ASIL stage of the control unit 6 accordingly.
  • the decoding device 18, the connection to an evaluation software means 20, the evaluation software means 20 and the output are security-critical.
  • the demodulator 17 serves two purposes. Firstly, it demodulates the pulse width modulated received sensor signal again, so that a transmitted demodulated sensor signal is obtained, arrow 19. On the other hand, however, it checks whether a correct modulation, which corresponds to the modulation frequency as safety information, is present. If the safety information, in this case the frequency, deviates, a faulty transmission is detected by the demodulator 17 and measures are taken by the control unit 6 to transfer the high-voltage battery 2 to a safe state, ie a state in which it is ensured the corresponding operating variable - here the temperature - moves within a permissible interval and / or the corresponding lithium-ion cell is completely deactivated. If a faulty transmission is detected, then at least with respect to the sensor 4, a safe operating state or a safe operating mode brought about.
  • the transmitted demodulated sensor signal is evaluated by the evaluation software means 20, which can generate corresponding actuator signals, for example operating parameters to be set for the high-voltage battery 2, arrow 21.
  • a second transmission path can also be realized, cf. Arrows 22, 23, on which the sensor signal is transmitted directly via the CAN bus 9, that means without adding any security information.
  • the demodulator 17 can be designed to also make a comparison between the directly transmitted sensor signal and the received demodulated sensor signal for checking the presence of a faulty transmission, so that a further plausibility check is possible.
  • the directly transmitted sensor signal which was thus not modulated and demodulated, are always used directly as an input for the evaluation software means 20, if it is about achieving a safer operating state or operating mode anyway. Because then an error can only lead to a generally safer state, which is not disadvantageous at first, but avoids time delays due to the modulation and demodulation, if only the signal transmitted in a secure manner was used.
  • FIG. 3 shows a possibility for realizing an alternative exemplary embodiment, in which a safety information dependent on the sensor signal itself is impressed on the sensor signal.
  • the sensor signal while in the embodiment according to FIG. 2 the analog sensor signal has been modulated directly, is first fed there to an analog-to-digital converter 24 before it is output by the checksum means 25. formed coding device 11 is forwarded.
  • the function of the ADC 24 is not checked, since only for the digitized sensor signal a checksum can be determined.
  • the checksum means 25 can be embodied, for example, as an FPGA, which means that it is again implemented entirely by hardware.
  • the checksum means 25 may also be a Reed-Solomon code based encoder.
  • the transmission device 7 according to the invention can also be used in other areas of a motor vehicle where reliable, secure transmission of sensor signals is required, for example in the case of activation and deactivation of a sensor signal determining the headlight like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Physics & Mathematics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Theoretical Computer Science (AREA)
  • Electric Propulsion And Braking For Vehicles (AREA)
  • Arrangements For Transmission Of Measured Signals (AREA)

Abstract

Dispositif de transmission (7) pour la transmission sûre d'un signal produit par un capteur (4, 5) à une cible de transmission destinée à évaluer et/ou à traiter le signal de capteur, via un trajet de transmission (10), en particulier dans un véhicule automobile (1). Un dispositif matériel de codage (11) est situé côté capteur au début du trajet de transmission (10) et un dispositif de décodage (18) est situé du côté de la cible de transmission au bout du trajet de transmission (10), le dispositif de codage (11) étant conçu pour inclure au moins une information de sécurité dans le signal de capteur et le dispositif de décodage (18) étant conçu pour extraire et vérifier l'information de sécurité et pour constater une transmission erronée en cas de vérification révélant un écart.
PCT/EP2012/004257 2011-10-20 2012-10-11 Dispositif de transmission et procédé de transmission sûre d'un signal de capteur à une cible de transmission, ainsi que véhicule automobile WO2013056797A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE201110116642 DE102011116642A1 (de) 2011-10-20 2011-10-20 Übertragungseinrichtung und Verfahren zur sicheren Übertragung eines Sensorsignals an ein Übertragungsziel und Kraftfahrzeug
DE102011116642.8 2011-10-20

Publications (2)

Publication Number Publication Date
WO2013056797A2 true WO2013056797A2 (fr) 2013-04-25
WO2013056797A3 WO2013056797A3 (fr) 2013-08-15

Family

ID=47177867

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2012/004257 WO2013056797A2 (fr) 2011-10-20 2012-10-11 Dispositif de transmission et procédé de transmission sûre d'un signal de capteur à une cible de transmission, ainsi que véhicule automobile

Country Status (2)

Country Link
DE (1) DE102011116642A1 (fr)
WO (1) WO2013056797A2 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102013204891B4 (de) * 2013-03-20 2021-03-25 Robert Bosch Gmbh Verfahren zur Rekonstruktion von Messdaten
DE102020214694A1 (de) 2020-11-23 2022-05-25 Robert Bosch Gesellschaft mit beschränkter Haftung Verfahren und Vorrichtung zum Überprüfen einer Vollständigkeit eines Anzeigeinhalts beim Übertragen zumindest einer Anzeigeinformation für ein Fahrzeug

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100201580B1 (ko) * 1991-04-02 1999-06-15 후루까와 준노스께 다중전송시스템
DE69428930T2 (de) * 1993-02-15 2002-06-27 Honda Motor Co Ltd Verfahren und Vorrichtung zur Übertragung von Daten
JP3288390B2 (ja) * 1997-02-19 2002-06-04 シーメンス アクチエンゲゼルシヤフト 自動車用ブレーキ装置及び電気的に制御される自動車ブレーキ装置におけるデータの伝達のための方法
DE10250920B4 (de) * 2002-10-31 2005-05-04 Siemens Ag Ausgabeeinheit, Empfangseinheit, Anordnung zur Datenübertragung in einem Kraftfahrzeug sowie Verfahren dazu
EP1943781A1 (fr) * 2005-11-03 2008-07-16 Continental Teves AG & Co. oHG Circuit de commutation de signal mixte destine a un systeme de commande ou de regulation electronique securise

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
None

Also Published As

Publication number Publication date
WO2013056797A3 (fr) 2013-08-15
DE102011116642A1 (de) 2013-04-25

Similar Documents

Publication Publication Date Title
EP2882626B1 (fr) Procédé et dispositif pour la surveillance d'un tronçon de ligne délimité par deux unités de capteurs de comptage d'essieux
DE10152235B4 (de) Verfahren zum Erkennen von Fehlern bei der Datenübertragung innerhalb eines CAN-Controllers und ein CAN-Controller zur Durchführung dieses Verfahrens
DE10113917A1 (de) Verfahren und Vorrichtung zur Überwachung von Steuereinheiten
DE102006017302B4 (de) Verfahren und System zur Kontrolle einer Signalübertragung eines elektrischen Pedals
WO2010127996A1 (fr) Système de commande pour faire fonctionner de manière fiable au moins un composant fonctionnel
EP2613462B1 (fr) Procédé destiné à la surveillance d'un émetteur et émetteur correspondant
DE10311364A1 (de) Vorrichtung zum Erlangen von Fahrzeugradinformationen und Vorrichtung zum Verarbeiten der Radinformationen
WO2017021060A1 (fr) Procédé et système de transmission sans effet rétroactif de données entre réseaux
DE102013200535A1 (de) Verfahren und Vorrichtung zum Betrieb eines Kommunikationsnetzwerks insbesondere eines Kraftfahrzeugs
DE102018220605B4 (de) Kraftfahrzeugnetzwerk und Verfahren zum Betreiben eines Kraftfahrzeugnetzwerks
WO2013056797A2 (fr) Dispositif de transmission et procédé de transmission sûre d'un signal de capteur à une cible de transmission, ainsi que véhicule automobile
DE10054745B4 (de) Verfahren zur sicheren Übertragung von Sensorsignalen und Vorrichtung zum Ausführen des Verfahrens
DE102018112584A1 (de) Konfigurierbare Sensorvorrichtung und Verfahren zur Überwachung ihrer Konfiguration
WO2011085861A2 (fr) Procédé et dispositif pour empêcher un véhicule d'accélérer de manière intempestive
DE102018218837B4 (de) Radgeschwindigkeitssensorsystem, ein das Radgeschwindigkeitssensorsystem enthaltendes Fahrzeug und Verfahren zum Verarbeiten von Radgeschwindigkeitssignalen
WO2020234465A1 (fr) Poste participant pour un système de bus série et procédé de communication dans un système de bus série
DE102012110712B4 (de) Verfahren und System zur Funktionsprüfung einer Fehlererkennungseinheit einer CAN-Bus-Controllereinheit
DE102007058071A1 (de) Verfahren und Vorrichtung zur Plausibilisierung einer Auswertung von sicherheitsrelevanten Signalen für ein Kraftfahrzeug
EP1300316B1 (fr) Configuration de véhicule
DE102013200525A1 (de) Verfahren und Vorrichtung zum Betrieb eines Kommunikationsnetzwerks insbesondere eines Kraftfahrzeugs
EP3591986B1 (fr) Assemblage de circuit
EP2575282B1 (fr) Dispositif et procédé de réception d'un télégramme sécurisé
WO2016034477A1 (fr) Message d'erreur comprenant un niveau d'impulsion inférieur au niveau d'alimentation en énergie
EP2960632B1 (fr) Procede et dispositif de preparation de valeurs de mesure de capteur generees par des capteurs disposes cote vehicule automobile
EP3587214B1 (fr) Dispositif de commande de balises

Legal Events

Date Code Title Description
DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
122 Ep: pct application non-entry in european phase

Ref document number: 12784437

Country of ref document: EP

Kind code of ref document: A2