WO2018051654A1 - In-vehicle electronic control device - Google Patents

In-vehicle electronic control device Download PDF

Info

Publication number
WO2018051654A1
WO2018051654A1 PCT/JP2017/027365 JP2017027365W WO2018051654A1 WO 2018051654 A1 WO2018051654 A1 WO 2018051654A1 JP 2017027365 W JP2017027365 W JP 2017027365W WO 2018051654 A1 WO2018051654 A1 WO 2018051654A1
Authority
WO
WIPO (PCT)
Prior art keywords
electronic control
control device
data
vehicle electronic
circuit
Prior art date
Application number
PCT/JP2017/027365
Other languages
French (fr)
Japanese (ja)
Inventor
光法 鍬田
正史 斉藤
Original Assignee
日立オートモティブシステムズ株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日立オートモティブシステムズ株式会社 filed Critical 日立オートモティブシステムズ株式会社
Priority to JP2018539555A priority Critical patent/JP6664501B2/en
Publication of WO2018051654A1 publication Critical patent/WO2018051654A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R16/00Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
    • B60R16/02Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
    • B60R16/023Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for transmission of signals between vehicle parts or subsystems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]

Definitions

  • the present invention relates to an on-vehicle electronic control device.
  • a gateway device for a vehicle that can reduce a burden on a user when adding a device with a simple configuration is known (for example, see Patent Document 1).
  • the purpose is driving support that recognizes the environment around the vehicle using various radars, cameras, etc., recognizes the operation of the vehicle based on the recognized environmental information, and controls various control devices such as the engine and the brake.
  • various control devices such as the engine and the brake.
  • An on-vehicle electronic control device is also known.
  • in-vehicle electronic controls such as an in-vehicle electronic control device that controls various control devices such as engines and brakes, and an in-vehicle electronic control device that controls devices such as meters that display various states of the vehicle.
  • the device is installed. And in a vehicle, these each vehicle-mounted electronic control apparatuses are connected by the communication line, and form the network. Various data is transmitted and received between the on-vehicle electronic control devices via this network.
  • gateway device that is connected to such a network and handles transmission / reception of information
  • an in-vehicle electronic control device for driving support that controls various control devices such as an engine and a brake.
  • the security access function is applied at the authentication location at the time of registration of the routing table with respect to this security, but since it does not have the encryption function itself, it is externally applied. Network communication data could be analyzed.
  • Gateway devices and various types of engines, brakes, etc. It is essential to increase the speed of an on-vehicle electronic control device for the purpose of driving support for controlling the control device.
  • An object of the present invention is to provide an in-vehicle electronic control device capable of speeding up data transfer while improving the security of data to be transferred.
  • the present invention provides a receiving unit that receives first data including a first identifier, a first circuit that specifies a transfer destination corresponding to the first identifier, and encrypts the first data. And a second circuit that converts the second data into second data, and a transmission unit that transmits the second data to the transfer destination.
  • ECU Electronic Control Unit
  • the in-vehicle electronic control device of the present embodiment has a driving support function as an example in addition to the gateway function.
  • the same numerals indicate the same parts.
  • FIG. 1 schematically shows the configuration of the ECU 100.
  • a plurality of in-vehicle networks 250, 260, 270, 280 (hereinafter referred to as networks) are connected to the ECU 100.
  • the network generally uses CAN (Controller Area Network) as a communication protocol, but a different protocol may be used.
  • CAN Controller Area Network
  • ECU 11 and ECU 12 are connected to the network 250 as BUS1.
  • These ECU groups include body ECUs such as power window ECUs and seat belt ECUs.
  • An ECU 21 and an ECU 22 are connected to the network 260 as BUS2.
  • These ECU groups are composed of power train ECUs such as an engine control ECU and a brake control ECU.
  • ECU 31 and ECU 32 are connected to the network 270 as BUS3.
  • These ECU groups include chassis ECUs such as a power steering control ECU and a suspension control ECU.
  • An ECU 41 and an ECU 42 are connected to the network 280 as the BUS 4.
  • These ECU groups are composed of multimedia ECUs such as a car navigation ECU and an audio control ECU.
  • the standard frame transfer time T is 110 us (microseconds) as shown in the following equation (1).
  • a power supply (VB) 200 supplied from a battery and an alternator driven by an engine is supplied to a custom IC 202 inside the ECU 100 and supplied to a power supply circuit 204 inside the custom IC 202.
  • the power supply circuit 204 generates a positive power supply voltage (VCC) to be supplied to signal-related elements such as the control unit 212 that controls signal processing.
  • the CPU 206 cooperates with the memory 230 to control the operation of the ECU 100.
  • the FailSafe circuit 208 monitors internal errors of the custom IC 202.
  • the WDT circuit 210 (WatchDog-Timer) has a function of detecting whether the CPU 206 has runaway.
  • the CPU 206 is arranged in an ASIC (Application Specific Integrated Circuit), but may be configured as an individual IC.
  • ASIC Application Specific Integrated Circuit
  • the area 216 includes an encryption / decryption unit 220, a memory 222 configured by a nonvolatile memory such as a flash memory, and a communication I / F 218.
  • the communication I / F 218 connects the control unit 212, the encryption unit / decryption unit 220, and the memory 222 to each other.
  • the encryption unit / decryption unit 220 (second circuit) encrypts the received data (first data) and converts it into transfer data (second data).
  • the encryption / decryption unit 220 (second circuit) is configured by a logic circuit, and transfers data (second data) from a key used for encryption and received data (first data). It has the 1st calculation part to calculate. Since calculation is performed by a logic circuit (hardware), data to be transferred can be encrypted at high speed.
  • the encryption method of the encryption unit / decryption unit 220 may be a common key method or a public key method.
  • the private key is stored in the ECU 100 of this embodiment, it is desirable for security to store the connection in the custom IC 202 in the restricted area 216.
  • a routing table 300 defining a transfer destination of communication data is stored.
  • the memory 222 storage device
  • the ID specifying unit 214 has a function of searching which ID in the routing table 300 matches the ID of the received data.
  • the ID specifying unit 214 is configured by hardware. This makes it possible to process an ID search, which has taken a long time in software processing, at a high speed, thereby realizing a more reliable ECU.
  • the CPU 206 is connected with an interrupt line from the control unit 212. For example, when the received ID from the ID specifying unit 214 matches the ID stored in the routing table 300, this interrupt line notifies the CPU 206 by generating an interrupt, and can be processed at an appropriate timing. . In addition, even when encryption / decryption is completed, processing can be performed at an appropriate timing by generating an interrupt.
  • the transfer processing unit 224 transfers communication data based on the control from the CPU 206 and the routing table 300 that defines the transfer destination. At this time, the transfer processing unit 224 has a function of converting to a protocol of a corresponding network when the connected network is configured with a different protocol.
  • the transfer processing unit 224 and the ID specifying unit 214 constitute a circuit C1 (first circuit) that specifies a transfer destination corresponding to the ID (first identifier) of the received data.
  • gateway function at least the reception ID search location
  • software load of the gateway function can be greatly reduced.
  • the software load is reduced, it is possible to implement software for driving support.
  • the gateway function and the driving support function can be configured (implemented) with a single in-vehicle electronic control device, it is possible to improve performance in terms of security and speed as compared to separate in-vehicle electronic control devices. Become.
  • the communication I / F 226 includes a data transmission / reception circuit.
  • the communication I / F 226 functions as a reception unit that receives data (first data) including an ID (first identifier) and a transmission unit that transmits data (second data) to a transfer destination.
  • External load drive circuit I / F 228 is a circuit that drives, for example, an LED.
  • the ECU can alert the occupant by blinking the LED when the distance to the vehicle ahead is too close.
  • FIG. 2 is a configuration diagram of the routing table 300 shown in FIG.
  • the first two digits “0x” of the address and ID mean a hexadecimal number.
  • ID second identifier
  • transfer destination is stored in the storage area corresponding to the address.
  • the information on decryption, encryption, and event / periodic transmission is information for the ID, and the CPU 206 determines the operation based on the above information.
  • the event / periodic transmission information is, for example, a parameter indicating a vehicle or a state around the vehicle.
  • the ECU 100 vehicle-mounted electronic control device
  • the gateway function and the driving support function can be realized by one ECU 100.
  • the address indicates the head address of each ID on the routing table.
  • 16 bytes are assigned to one ID. Since this routing table 300 is different for each vehicle, for example, it can be adapted to various vehicles by being rewritten during a shipping test.
  • FIG. 3 is a circuit diagram of the ID specifying unit 214 shown in FIG.
  • the ID specifying unit 214 searches for an address in the routing table 300.
  • a search method for example, there is a method of searching for a match with the ID of the received data by sequentially searching for the address of each ID in the routing table.
  • the ID identification unit 214 mainly includes a reference ID selection unit 301 and a comparator 322. As shown below, the reference ID selection unit 301 selects a reference ID for comparison with the ID of received data.
  • the multiplier 308 receives a routing table ID address size number 306 (16 BYTE in this embodiment) and a constant CNT that increases by one.
  • the constant CNT that increases by 1 starts from the initial value 0, and increases by 1 by the incrementer 304 and the adder 302.
  • the adder 312 receives the routing table head address 310 and the output value from the multiplier 308.
  • the routing table head address 310 is “0x0000”.
  • the adder 312 sequentially outputs the addresses of the routing table 300 as “0x0000”, “0x0010”,.
  • the reference ID selection unit 301 (selection circuit) is composed of a logic circuit, and calculates a reference address from the routing table head address 310 and the routing table ID address size number 306 (storage area size). Units (adder 302, incrementer 304, multiplier 308, adder 312). Since the address to be referred to by the logic circuit (hardware) is calculated, the processing speed can be improved.
  • the address output from the adder 312 is input to the selector 314.
  • the selector 314 selects information (record) corresponding to the address from the routing table 300.
  • the selector 314 (first selector) selects information stored in the storage area corresponding to the address to be referenced.
  • the ID selector 318 selects only the ID from the information (record) selected by the selector 314 among the information in the routing table 300. In other words, the ID selector 318 (second selector) selects an ID (second identifier) from the information selected by the selector 314 (first selector).
  • the reference ID selection unit 301 (selection circuit) is composed of a logic circuit, and selects a reference ID (second identifier) from the routing table 300 in the memory 222 (storage device). Since the ID is selected (searched) by the logic circuit (hardware), the processing speed can be improved. The above is the description of the reference ID selection unit 301.
  • the comparator 322 compares the ID (second identifier) of an address selected by the ID selector 318 with the ID 320 (first identifier) of the received data.
  • the output of the comparator 322 becomes HI (High) and is input to the CPU 206 as a reception interrupt.
  • the output of the comparator 322 also serves as a trigger for the match ID information storage register 324, and the information in the routing table 300 at the address of the matched ID is stored in the match ID information storage register 324.
  • the ID specifying unit 214 is not limited to this embodiment, and may be configured by a logic circuit generated in a hardware language such as PLD (Programmable Logic Device) or FPGA (Field Programmable Gate Array).
  • PLD Programmable Logic Device
  • FPGA Field Programmable Gate Array
  • the circuit C1 (first circuit) for specifying the transfer destination and the encryption / decryption unit 220 (second circuit) are arranged in one ASIC.
  • the gateway function and the encryption function can be realized by one ASIC.
  • FIG. 4 is a diagram showing a control flowchart of the CPU of this embodiment.
  • a power supply (VB) 200 is supplied to the custom IC 202 inside the ECU 100 and supplied to the power supply circuit 204 inside the custom IC 202.
  • the power supply circuit 204 generates a positive power supply voltage (VCC) to be supplied to signal-related elements such as the control unit 212 that controls signal processing, and starts operation (400).
  • VCC positive power supply voltage
  • the CPU 206 is reset (402). Thereafter, the CPU 206 starts normal operation (404).
  • the CPU 206 confirms whether a reception interrupt has occurred (406). When the ECU 100 receives communication data and the ID specifying unit has a matching ID in the routing table 300, a reception interrupt is generated. If no receive interrupt has occurred, it will continue to wait.
  • Received ID information is acquired from the match ID information storage register 324, and it is determined whether the transfer destination is a CPU (ECU 100) (408). If the transfer destination is not equal to the CPU, the gateway operation is started (410). Next, it is confirmed whether encryption is to be performed (412). When the encryption execution information is read from the coincidence ID information storage register 324 and encrypted, the encryption is started (420). After the start of encryption, the generation of an encryption completion interrupt is confirmed (422). If not, continue to wait. When an encryption completion interrupt occurs, transfer destination information is acquired from the match ID information storage register 324, transfer starts (432), and control ends (434).
  • gateway function As mentioned above, hardware processing of the gateway function (at least the location where received IDs are searched), which previously took time, can improve the processing speed and greatly reduce the software load of the gateway function. I can do it. When the software load is reduced, it is possible to implement software for driving support.
  • the gateway function and the driving support function can be configured (implemented) with a single in-vehicle electronic control device, it is possible to improve the performance in terms of security and speed as compared with the configuration of separate control devices.
  • FIG. 5 is a flowchart showing the control of the driving support operation of the present embodiment.
  • the driving support operation is started (500), for example, it is determined whether the inter-vehicle distance from the front is equal to or less than a threshold value (502). If the value is below the threshold, the LED is turned on for warning, and the passenger is alerted (504). If the inter-vehicle distance is equal to or greater than the threshold, the control is terminated as it is (506).
  • the present invention is not limited to the above-described embodiment, and various design changes can be made without departing from the spirit of the present invention described in the claims.
  • the above-described embodiment has been described in detail for easy understanding of the present invention, and is not necessarily limited to one having all the configurations described.
  • a part of the configuration of an embodiment can be replaced with the configuration of another embodiment, and the configuration of another embodiment can be added to the configuration of an embodiment.
  • control lines and information lines indicate what is considered necessary for the explanation, and not all the control lines and information lines on the product are necessarily shown. Actually, it may be considered that almost all the components are connected to each other.
  • an in-vehicle electronic control device connected to a plurality of vehicle networks, information is received from the vehicle network, and communication is performed based on a communication ID of the received reception information, transfer path information of the communication ID, and an operation setting value.
  • a transfer destination specifying unit that specifies a vehicle network of a transfer destination corresponding to the ID, and an encryption unit (encryption / decryption) that encrypts information to be transferred to the transfer destination network.
  • a vehicle electronic control device comprising: a transfer unit that transfers the received information to the transfer destination.
  • the transfer destination specifying unit is configured as a logic circuit, a reference ID selection unit that generates reference ID information, a comparator that compares the ID of the received information and the reference ID, And the reference ID selection unit is constituted by a logic circuit.
  • the encryption unit includes a calculation unit that performs calculation according to a predetermined procedure on a common key used for encryption and information received from the vehicle network, and the calculation unit is a logic circuit. It is comprised as follows.
  • the vehicle electronic control apparatus characterized by the above-mentioned.
  • the reference ID selection unit has a function of calculating an ID address based on an initial address setting unit of a routing table and a next ID address size number of the routing table, and the address calculation unit is a logic circuit.
  • a vehicle electronic control device comprising:
  • the communication ID, the transfer route information, and the operation setting value of the received reception information are registered in a routing table.
  • the vehicle electronic control device is a driving support electronic control device.
  • On-vehicle electronic control device 200 ... Power source 202 ... Custom IC 204 ... Power supply circuit 206 ... CPU 208... FailSafe circuit 210... WDT circuit 212... Control unit 214... ID specifying unit 216. 220 ... Encryption / decryption unit 222 ... Memory 224 ... Transfer processing unit 226 ... Communication I / F 228 ... External load drive circuit I / F 250, 260, 270, 270 ... in-vehicle network 300 ... routing table 301 ... reference ID selection unit 302 ... adder 304 ... incrementer 306 ... ID address size number 308 ... multiplier 310 ... start address 312 ... adder 314 ... selector 318 ... ID selector 320 ... received ID 322 ... Comparator 324 ... Match ID information storage register

Abstract

Provided is an in-vehicle electronic control device with which it is possible to speed up data transfer while enhancing security of the data to be transferred. An ECU 100 (in-vehicle electronic control device) is provided with a communication interface 226, a circuit C1 (first circuit), and an encryption/decryption unit 220 (second circuit). The communication interface 226 (reception unit) receives data (first data) including identification (first identifier). The circuit C1 (first circuit) specifies a transfer destination corresponding to the identification (first identifier) of the received data. The encryption/decryption unit 220 (second circuit) encrypts the received data (first data) and converts said data into transfer data (second data). The communication interface 226 (transmission unit) transmits the transfer data (second data) to the transfer destination.

Description

車載電子制御装置In-vehicle electronic control unit
 本発明は、車載電子制御装置に関する。 The present invention relates to an on-vehicle electronic control device.
 本技術分野の背景技術として、「簡易な構成で、装置の追加の際に、ユーザの負担を軽減できる車両用ゲートウェイ装置」が知られている(例えば、特許文献1参照)。 As a background art in this technical field, “a gateway device for a vehicle that can reduce a burden on a user when adding a device with a simple configuration” is known (for example, see Patent Document 1).
 また、従来、各種レーダ、カメラ等を用いて車両周辺の環境を認識し、認識した環境情報に基づいて自車両の動作を認識し、エンジンやブレーキ等の各種制御装置を制御する運転支援を目的とした車載電子制御装置も知られている。 Conventionally, the purpose is driving support that recognizes the environment around the vehicle using various radars, cameras, etc., recognizes the operation of the vehicle based on the recognized environmental information, and controls various control devices such as the engine and the brake. An on-vehicle electronic control device is also known.
特開2014-146997号公報Japanese Unexamined Patent Publication No. 2014-146997
 近年の自動車等の車両には、エンジンやブレーキ等の各種制御装置を制御する車載電子制御装置、車両の各種状態を表示するメータ等の機器を制御する車載電子制御装置など、多数の車載電子制御装置が搭載されている。そして、車両内では、それら各車載電子制御装置が通信線により接続され、ネットワークを形成している。このネットワークを介して各車載電子制御装置間での各種データの送受信が行われている。 In vehicles such as automobiles in recent years, there are many in-vehicle electronic controls such as an in-vehicle electronic control device that controls various control devices such as engines and brakes, and an in-vehicle electronic control device that controls devices such as meters that display various states of the vehicle. The device is installed. And in a vehicle, these each vehicle-mounted electronic control apparatuses are connected by the communication line, and form the network. Various data is transmitted and received between the on-vehicle electronic control devices via this network.
 また、こうしたネットワークに接続され、情報の送受信を担うゲートウェイ装置、及び、エンジンやブレーキ等の各種制御装置を制御する運転支援を目的とした車載電子制御装置に関しては、特に高いセキュリティが要求されている。 In addition, particularly high security is required for a gateway device that is connected to such a network and handles transmission / reception of information, and an in-vehicle electronic control device for driving support that controls various control devices such as an engine and a brake. .
 前記特許文献1に記載のような、ゲートウェイ装置の場合、このセキュリティに関して、ルーティングテーブル登録時の認証箇所でセキュリティアクセス機能を応用しているが、自分自身に暗号化機能を持たないため、外部からネットワークの通信データを解析される可能性があった。 In the case of the gateway device as described in Patent Document 1, the security access function is applied at the authentication location at the time of registration of the routing table with respect to this security, but since it does not have the encryption function itself, it is externally applied. Network communication data could be analyzed.
 さらに、安全に車の挙動を制御するためには、各ネットワーク間で情報を共有し、各ネットワーク間の情報伝達を遅延なく行うことが必要であり、ゲートウェイ装置、及び、エンジンやブレーキ等の各種制御装置を制御する運転支援を目的とした車載電子制御装置の高速化が必須となっている。 Furthermore, in order to safely control the behavior of the vehicle, it is necessary to share information between each network and to communicate information between each network without delay. Gateway devices and various types of engines, brakes, etc. It is essential to increase the speed of an on-vehicle electronic control device for the purpose of driving support for controlling the control device.
 本発明の目的は、転送するデータのセキュリティを向上しつつ、データの転送を高速化することができる車載電子制御装置を提供することにある。 An object of the present invention is to provide an in-vehicle electronic control device capable of speeding up data transfer while improving the security of data to be transferred.
 上記目的を達成するために、本発明は、第1識別子を含む第1データを受信する受信部と、前記第1識別子に対応する転送先を特定する第1回路と、前記第1データを暗号化して第2データに変換する第2回路と、前記第2データを前記転送先へ送信する送信部と、を備える。 In order to achieve the above object, the present invention provides a receiving unit that receives first data including a first identifier, a first circuit that specifies a transfer destination corresponding to the first identifier, and encrypts the first data. And a second circuit that converts the second data into second data, and a transmission unit that transmits the second data to the transfer destination.
 本発明によれば、転送するデータのセキュリティを向上しつつ、データの転送を高速化することができる。上記した以外の課題、構成及び効果は、以下の実施形態の説明により明らかにされる。 According to the present invention, it is possible to increase the speed of data transfer while improving the security of data to be transferred. Problems, configurations, and effects other than those described above will be clarified by the following description of embodiments.
車載電子制御装置の構成を示すブロック図である。It is a block diagram which shows the structure of a vehicle-mounted electronic control apparatus. ルーティングテーブルの一例を示す構成図である。It is a block diagram which shows an example of a routing table. ID特定部の一例を示す回路図である。It is a circuit diagram which shows an example of ID identification part. 制御フローチャートの一例を示す図である。It is a figure which shows an example of a control flowchart. 運転支援動作フローチャートの一例を示す図である。It is a figure which shows an example of a driving assistance operation | movement flowchart.
 以下、図面を用いて、本発明の実施形態による車載電子制御装置(ECU:Electronic Control Unit)の構成及び動作について説明する。本実施形態の車載電子制御装置は、ゲートウェイ機能に加え、一例として運転支援機能を有する。なお、各図において、同一符号は同一部分を示す。 Hereinafter, the configuration and operation of an on-vehicle electronic control unit (ECU: Electronic Control Unit) according to an embodiment of the present invention will be described with reference to the drawings. The in-vehicle electronic control device of the present embodiment has a driving support function as an example in addition to the gateway function. In each figure, the same numerals indicate the same parts.
 図1に、ECU100の構成を概略的に示す。ECU100には、複数の車内用ネットワーク250、260、270、280(以下ネットワーク)が接続されている。ネットワークは通信プロトコルとして、CAN(Controller Area Network)が一般的に用いられるが、異なるプロトコルを用いても良い。 FIG. 1 schematically shows the configuration of the ECU 100. A plurality of in- vehicle networks 250, 260, 270, 280 (hereinafter referred to as networks) are connected to the ECU 100. The network generally uses CAN (Controller Area Network) as a communication protocol, but a different protocol may be used.
 ネットワーク250には、BUS1としてECU11、ECU12が接続される。これらのECU群は、パワーウィンド用ECU、シートベルト用ECU等のボディ系ECUで構成される。ネットワーク260には、BUS2としてECU21、ECU22が接続される。これらのECU群は、エンジン制御ECUや、ブレーキ制御ECU等のパワートレイン系ECUで構成される。 ECU 11 and ECU 12 are connected to the network 250 as BUS1. These ECU groups include body ECUs such as power window ECUs and seat belt ECUs. An ECU 21 and an ECU 22 are connected to the network 260 as BUS2. These ECU groups are composed of power train ECUs such as an engine control ECU and a brake control ECU.
 ネットワーク270には、BUS3としてECU31、ECU32が接続される。これらのECU群は、パワーステアリング制御ECUや、サスペンション制御ECU等のシャシー系ECUで構成される。ネットワーク280には、BUS4としてECU41、ECU42が接続される。これらのECU群は、カーナビゲーションECUや、オーディオ制御ECU等のマルチメディア系ECUで構成される。 ECU 31 and ECU 32 are connected to the network 270 as BUS3. These ECU groups include chassis ECUs such as a power steering control ECU and a suspension control ECU. An ECU 41 and an ECU 42 are connected to the network 280 as the BUS 4. These ECU groups are composed of multimedia ECUs such as a car navigation ECU and an audio control ECU.
 一般的にCANの標準フレームによると、通信データ(データフィールド)が1BYTEの場合、標準フレームの情報量は、全体で55BITとなる。一般的な通信レート500KBPSで計算を実施すると、標準フレームの転送時間Tは、以下の式(1)に示すように110us(マイクロ秒)となる。 Generally, according to the standard frame of CAN, when the communication data (data field) is 1 BYTE, the information amount of the standard frame is 55BIT as a whole. When calculation is performed at a general communication rate of 500 KBPS, the standard frame transfer time T is 110 us (microseconds) as shown in the following equation (1).
Figure JPOXMLDOC01-appb-M000001
Figure JPOXMLDOC01-appb-M000001
 したがって、110us以内に転送を実施することが出来れば、データの取りこぼしがなく、信頼性の高いゲートウェイ機能を提供できる。 Therefore, if transfer can be carried out within 110us, there is no data loss and a highly reliable gateway function can be provided.
 図1に示すように、バッテリと、エンジンにより駆動されるオルタネーターから供給される電源(VB)200は、ECU100内部のカスタムIC202に供給され、カスタムIC202内部の電源回路204に供給される。 As shown in FIG. 1, a power supply (VB) 200 supplied from a battery and an alternator driven by an engine is supplied to a custom IC 202 inside the ECU 100 and supplied to a power supply circuit 204 inside the custom IC 202.
 電源回路204は信号処理をつかさどる制御部212等の信号系の素子に供給する正電源電圧(VCC)を生成する。CPU206はメモリ230と協働し、ECU100の動作を制御する。FailSafe回路208はカスタムIC202の内部エラーを監視する。また、WDT回路210(WatchDog-Timer)はCPU206が暴走したか否かを検出する機能を持つ。 The power supply circuit 204 generates a positive power supply voltage (VCC) to be supplied to signal-related elements such as the control unit 212 that controls signal processing. The CPU 206 cooperates with the memory 230 to control the operation of the ECU 100. The FailSafe circuit 208 monitors internal errors of the custom IC 202. The WDT circuit 210 (WatchDog-Timer) has a function of detecting whether the CPU 206 has runaway.
 上記CPU206は、本実施形態では、ASIC(Application Specific Integrated Circuit)内に配置されているが、個別のICとして構成されてもよい。 In the present embodiment, the CPU 206 is arranged in an ASIC (Application Specific Integrated Circuit), but may be configured as an individual IC.
 カスタムIC202内の接続を制限された領域216では、取得したデータを所定の演算に従って暗号化/復号化が実施される。領域216は、暗号部/復号部220、フラッシュメモリ等の不揮発性メモリで構成されるメモリ222、及び通信I/F218を備える。
通信I/F218は、制御部212、暗号部/復号部220、メモリ222を相互に接続する。 In the area 216 where the connection in the custom IC 202 is restricted, the acquired data is encrypted / decrypted according to a predetermined operation. The area 216 includes an encryption / decryption unit 220, a memory 222 configured by a nonvolatile memory such as a flash memory, and a communication I / F 218.
The communication I / F 218 connects the control unit 212, the encryption unit / decryption unit 220, and the memory 222 to each other.
 ここで、暗号部/復号部220(第2回路)は、受信したデータ(第1データ)を暗号化して転送用のデータ(第2データ)に変換する。詳細には、暗号部/復号部220(第2回路)は、論理回路で構成され、暗号化に使用される鍵と受信したデータ(第1データ)から転送用のデータ(第2データ)を計算する第1計算部を有する。論理回路(ハードウェア)で計算を行うため、転送するデータを高速に暗号化することができる。 Here, the encryption unit / decryption unit 220 (second circuit) encrypts the received data (first data) and converts it into transfer data (second data). Specifically, the encryption / decryption unit 220 (second circuit) is configured by a logic circuit, and transfers data (second data) from a key used for encryption and received data (first data). It has the 1st calculation part to calculate. Since calculation is performed by a logic circuit (hardware), data to be transferred can be encrypted at high speed.
 暗号部/復号部220の暗号方式は、共通鍵方式としてもよいし、公開鍵方式としてもよい。秘密鍵を本実施形態のECU100内に保存する場合は、カスタムIC202内の接続を制限された領域216内に保存することがセキュリティ上望ましい。 The encryption method of the encryption unit / decryption unit 220 may be a common key method or a public key method. When the private key is stored in the ECU 100 of this embodiment, it is desirable for security to store the connection in the custom IC 202 in the restricted area 216.
 メモリ222内には、通信データの転送先を定義しているルーティングテーブル300が記憶される。換言すれば、メモリ222(記憶装置)は、ID(第2識別子)及びID(第2識別子)に対応する転送先の組合せを複数記憶する。 In the memory 222, a routing table 300 defining a transfer destination of communication data is stored. In other words, the memory 222 (storage device) stores a plurality of combinations of IDs (second identifiers) and transfer destinations corresponding to the IDs (second identifiers).
 ID特定部214は、受信したデータのIDが上記ルーティングテーブル300のどのIDと一致するかを検索する機能を持つ。本実施形態では、このID特定部214をハードウェアで構成する。これにより、ソフト処理では時間がかかっていたIDの検索を高速に処理することができるため、より信頼性の高いECUを実現可能となる。 The ID specifying unit 214 has a function of searching which ID in the routing table 300 matches the ID of the received data. In the present embodiment, the ID specifying unit 214 is configured by hardware. This makes it possible to process an ID search, which has taken a long time in software processing, at a high speed, thereby realizing a more reliable ECU.
 CPU206には、制御部212から割り込み線が接続されている。この割り込み線は、例えば、ID特定部214から受信IDとルーティングテーブル300に記憶されるIDが一致した場合に割り込みを発生させることでCPU206に通知し、適切なタイミングで処理することが可能となる。また、暗号/復号が完了した場合にも割り込みを発生させることで適切なタイミングで処理を可能とする。 The CPU 206 is connected with an interrupt line from the control unit 212. For example, when the received ID from the ID specifying unit 214 matches the ID stored in the routing table 300, this interrupt line notifies the CPU 206 by generating an interrupt, and can be processed at an appropriate timing. . In addition, even when encryption / decryption is completed, processing can be performed at an appropriate timing by generating an interrupt.
 転送処理部224は、CPU206からの制御及び転送先を定義しているルーティングテーブル300に基づき、通信データの転送を実施する。この際、転送処理部224は、接続されているネットワークが異なるプロトコルで構成されている場合、該当するネットワークのプロトコルに変換する機能を持つ。 The transfer processing unit 224 transfers communication data based on the control from the CPU 206 and the routing table 300 that defines the transfer destination. At this time, the transfer processing unit 224 has a function of converting to a protocol of a corresponding network when the connected network is configured with a different protocol.
 ここで、転送処理部224とID特定部214は、受信したデータのID(第1識別子)に対応する転送先を特定する回路C1(第1回路)を構成する。 Here, the transfer processing unit 224 and the ID specifying unit 214 constitute a circuit C1 (first circuit) that specifies a transfer destination corresponding to the ID (first identifier) of the received data.
 上記のように、ゲートウェイ機能(少なくとも、受信IDの検索箇所)をハードウェア化することにより、処理速度を向上することができ、ゲートウェイ機能によるソフトウェア負荷を大幅に低減することが出来る。ソフトウェア負荷が低減することにより、運転支援用のソフトウェアを実装することが可能となる。 As described above, hardware processing of the gateway function (at least the reception ID search location) can improve the processing speed, and the software load of the gateway function can be greatly reduced. When the software load is reduced, it is possible to implement software for driving support.
 また、暗号機能もハードウェアで構成することにより、同時に高セキュリティを保つことが可能となる。 Also, by configuring the cryptographic function with hardware, it is possible to maintain high security at the same time.
 さらに、ゲートウェイ機能と運転支援機能を1つの車載電子制御装置で構成(実現)できることにより、別々の車載電子制御装置に構成するよりも、セキュリティ面、速度面において、性能を向上することが可能となる。 Furthermore, since the gateway function and the driving support function can be configured (implemented) with a single in-vehicle electronic control device, it is possible to improve performance in terms of security and speed as compared to separate in-vehicle electronic control devices. Become.
 通信I/F226は、データ送受信回路で構成されている。換言すれば、通信I/F226は、ID(第1識別子)を含むデータ(第1データ)を受信する受信部及びデータ(第2データ)を転送先へ送信する送信部として機能する。 The communication I / F 226 includes a data transmission / reception circuit. In other words, the communication I / F 226 functions as a reception unit that receives data (first data) including an ID (first identifier) and a transmission unit that transmits data (second data) to a transfer destination.
 外部負荷駆動回路I/F228は、例えばLEDなどを駆動する回路である。ECUでは、前方車両との距離が近づきすぎたりする場合にLEDを点滅させることによって乗員に注意を促すことができる。 External load drive circuit I / F 228 is a circuit that drives, for example, an LED. The ECU can alert the occupant by blinking the LED when the distance to the vehicle ahead is too close.
 次に、図2を用いて、ルーティングテーブル300について説明する。図2は、図1に示したルーティングテーブル300の構成図である。 Next, the routing table 300 will be described with reference to FIG. FIG. 2 is a configuration diagram of the routing table 300 shown in FIG.
 図2の例では、アドレス、ID、転送元、転送先、復号情報、暗号情報、イベント/周期送信の情報がある。例えば、アドレス「0x0000」の行(レコード)は、ECUがID=000の通信データを受信した時に、その転送元はBus1(ネットワーク250)であり、該当データをBus2、3、4(ネットワーク260、270、280)に転送することを示している。 In the example of FIG. 2, there are address, ID, transfer source, transfer destination, decryption information, encryption information, and event / periodic transmission information. For example, in the row (record) of the address “0x0000”, when the ECU receives communication data with ID = 000, the transfer source is Bus 1 (network 250), and the corresponding data is Bus 2, 3, 4 ( network 260, 270, 280).
 なお、図2において、アドレス及びIDの先頭2桁「0x」は16進数であることを意味している。ID(第2識別子)及び転送先の組合せは、アドレスに対応する記憶領域にそれぞれ記憶される。 In FIG. 2, the first two digits “0x” of the address and ID mean a hexadecimal number. The combination of ID (second identifier) and transfer destination is stored in the storage area corresponding to the address.
 復号、暗号、イベント/周期送信の情報は、IDに対する情報であり、CPU206は上記情報により動作を判断する。換言すれば、イベント/周期送信の情報は、例えば、車両又は前記車両の周囲の状態を示すパラメータである。ECU100(車載電子制御装置)は、転送先がECU100である場合に、イベント/周期送信の情報(パラメータ)に基づいて運転を支援する制御を行う。これにより、1つのECU100でゲートウェイ機能と運転支援機能を実現することができる。 The information on decryption, encryption, and event / periodic transmission is information for the ID, and the CPU 206 determines the operation based on the above information. In other words, the event / periodic transmission information is, for example, a parameter indicating a vehicle or a state around the vehicle. When the transfer destination is the ECU 100, the ECU 100 (vehicle-mounted electronic control device) performs control that supports driving based on information (parameters) of event / periodic transmission. Thereby, the gateway function and the driving support function can be realized by one ECU 100.
 また、アドレスはルーティングテーブル上の各IDの先頭アドレスを示す。本実施形態では、1つのIDに対して16BYTEを割り当てている。本ルーティングテーブル300は、車両ごとに異なるため、例えば、出荷試験時に書き換えることで様々な車両に対応可能となる。 Also, the address indicates the head address of each ID on the routing table. In this embodiment, 16 bytes are assigned to one ID. Since this routing table 300 is different for each vehicle, for example, it can be adapted to various vehicles by being rewritten during a shipping test.
 次に、図3を用いて、ID特定部214について説明する。図3は、図1に示したID特定部214の回路図である。ID特定部214は、ルーティングテーブル300のアドレスを検索する。検索方法として、例えば、ルーティングテーブルの各IDのアドレスを順番に検索することによって、受信データのIDと一致するものを検索する方法がある。 Next, the ID specifying unit 214 will be described with reference to FIG. FIG. 3 is a circuit diagram of the ID specifying unit 214 shown in FIG. The ID specifying unit 214 searches for an address in the routing table 300. As a search method, for example, there is a method of searching for a match with the ID of the received data by sequentially searching for the address of each ID in the routing table.
 図3に示すように、ID特定部214は、主として、参照ID選択部301、比較器322を備える。参照ID選択部301は、以下に示すように、受信データのIDと比較を行うための参照IDを選択する。 As shown in FIG. 3, the ID identification unit 214 mainly includes a reference ID selection unit 301 and a comparator 322. As shown below, the reference ID selection unit 301 selects a reference ID for comparison with the ID of received data.
 まず、ルーティングテーブル300の各アドレスを選択する方法を述べる。 First, a method for selecting each address in the routing table 300 will be described.
 乗算器308には、ルーティングテーブルIDアドレスサイズ数306(本実施形態では16BYTE)と、1ずつ増加する定数CNTが入力される。この1ずつ増加する定数CNTは、初期値0から開始し、インクリメンタ304と加算器302によって、1ずつ増加する。 The multiplier 308 receives a routing table ID address size number 306 (16 BYTE in this embodiment) and a constant CNT that increases by one. The constant CNT that increases by 1 starts from the initial value 0, and increases by 1 by the incrementer 304 and the adder 302.
 加算器312には、ルーティングテーブル先頭アドレス310と乗算器308からの出力値が入力される。図2の例では、ルーティングテーブル先頭アドレス310は、「0x0000」である。その結果、加算器312は、「0x0000」、「0x0010」、・・・のように順次、ルーティングテーブル300のアドレスを出力する。 The adder 312 receives the routing table head address 310 and the output value from the multiplier 308. In the example of FIG. 2, the routing table head address 310 is “0x0000”. As a result, the adder 312 sequentially outputs the addresses of the routing table 300 as “0x0000”, “0x0010”,.
 このように、参照ID選択部301(選択回路)は、論理回路で構成され、ルーティングテーブル先頭アドレス310とルーティングテーブルIDアドレスサイズ数306(記憶領域のサイズ)から参照するアドレスを計算する第2計算部(加算器302、インクリメンタ304、乗算器308、加算器312)を有する。論理回路(ハードウェア)で参照するアドレスを計算するため、処理速度を向上することができる。 As described above, the reference ID selection unit 301 (selection circuit) is composed of a logic circuit, and calculates a reference address from the routing table head address 310 and the routing table ID address size number 306 (storage area size). Units (adder 302, incrementer 304, multiplier 308, adder 312). Since the address to be referred to by the logic circuit (hardware) is calculated, the processing speed can be improved.
 セレクタ314には、加算器312から出力されるアドレスが入力される。セレクタ314は、ルーティングテーブル300からアドレスに対応する情報(レコード)を選択する。換言すれば、セレクタ314(第1セレクタ)は、参照するアドレスに対応する記憶領域に記憶される情報を選択する。 The address output from the adder 312 is input to the selector 314. The selector 314 selects information (record) corresponding to the address from the routing table 300. In other words, the selector 314 (first selector) selects information stored in the storage area corresponding to the address to be referenced.
 IDセレクタ318は、ルーティングテーブル300の情報のうち、セレクタ314によって選択された情報(レコード)からIDのみを選択する。換言すれば、IDセレクタ318(第2セレクタ)は、セレクタ314(第1セレクタ)によって選択された情報からID(第2識別子)を選択する。 The ID selector 318 selects only the ID from the information (record) selected by the selector 314 among the information in the routing table 300. In other words, the ID selector 318 (second selector) selects an ID (second identifier) from the information selected by the selector 314 (first selector).
 すなわち、参照ID選択部301(選択回路)は、論理回路で構成され、参照するID(第2識別子)をメモリ222(記憶装置)内のルーティングテーブル300から選択する。論理回路(ハードウェア)でIDを選択(検索)するため、処理速度を向上することができる。以上が、参照ID選択部301の説明となる。 That is, the reference ID selection unit 301 (selection circuit) is composed of a logic circuit, and selects a reference ID (second identifier) from the routing table 300 in the memory 222 (storage device). Since the ID is selected (searched) by the logic circuit (hardware), the processing speed can be improved. The above is the description of the reference ID selection unit 301.
 比較器322は、IDセレクタ318により選択されたあるアドレスのID(第2識別子)と、受信したデータのID320(第1識別子)とを比較する。 The comparator 322 compares the ID (second identifier) of an address selected by the ID selector 318 with the ID 320 (first identifier) of the received data.
 仮にあるアドレスのIDが受信したデータのID320と一致した場合、比較器322の出力=HI(High)となり、CPU206に受信割り込みとして入力される。同時に、比較器322の出力は一致ID情報保存レジスタ324のトリガにもなっており、一致したIDのアドレスのルーティングテーブル300の情報が一致ID情報保存レジスタ324に保存される。 If the ID of a certain address matches the ID 320 of the received data, the output of the comparator 322 becomes HI (High) and is input to the CPU 206 as a reception interrupt. At the same time, the output of the comparator 322 also serves as a trigger for the match ID information storage register 324, and the information in the routing table 300 at the address of the matched ID is stored in the match ID information storage register 324.
 ID特定部214は、本実施形態に限定されるものではなく、例えば、PLD(Programmable Logic Device)やFPGA(Field Programmable Gate Array)などハードウェア言語で生成される論理回路で構成されても良い。 The ID specifying unit 214 is not limited to this embodiment, and may be configured by a logic circuit generated in a hardware language such as PLD (Programmable Logic Device) or FPGA (Field Programmable Gate Array).
 本実施形態では、転送先を特定する回路C1(第1回路)と暗号部/復号部220(第2回路)は、1つのASIC内に配置される。これにより、1つのASICでゲートウェイ機能と暗号化機能を実現することができる。 In this embodiment, the circuit C1 (first circuit) for specifying the transfer destination and the encryption / decryption unit 220 (second circuit) are arranged in one ASIC. Thereby, the gateway function and the encryption function can be realized by one ASIC.
 次に、図4を用いて、ECU100のゲートウェイ機能を説明する。図4は、本実施形態のCPUの制御フローチャートを示す図である。 Next, the gateway function of the ECU 100 will be described with reference to FIG. FIG. 4 is a diagram showing a control flowchart of the CPU of this embodiment.
 電源(VB)200がECU100内部のカスタムIC202に供給され、カスタムIC202内部の電源回路204に供給される。電源回路204は信号処理をつかさどる制御部212等の信号系の素子に供給する正電源電圧(VCC)を生成し、動作を開始する(400)。次に、CPU206をリセットする(402)。その後、CPU206は通常動作を開始する(404)。 A power supply (VB) 200 is supplied to the custom IC 202 inside the ECU 100 and supplied to the power supply circuit 204 inside the custom IC 202. The power supply circuit 204 generates a positive power supply voltage (VCC) to be supplied to signal-related elements such as the control unit 212 that controls signal processing, and starts operation (400). Next, the CPU 206 is reset (402). Thereafter, the CPU 206 starts normal operation (404).
 CPU206は受信割り込み発生の有無を確認する(406)。ECU100に通信データの受信があり、かつID特定部により、ルーティングテーブル300中に一致IDがあった場合、受信割り込みが発生する。受信割り込みが発生していない場合、待機し続ける。 The CPU 206 confirms whether a reception interrupt has occurred (406). When the ECU 100 receives communication data and the ID specifying unit has a matching ID in the routing table 300, a reception interrupt is generated. If no receive interrupt has occurred, it will continue to wait.
 受信割り込みが発生した場合、次のステップに移行する。一致ID情報保存レジスタ324から受信IDの情報を取得し、転送先がCPU(ECU100)かどうかの判断を実施する(408)。転送先≠CPUの場合、ゲートウェイ動作を開始する(410)
 次に暗号化を実施するか確認を行う(412)。一致ID情報保存レジスタ324から暗号化実施の情報を読み出し、暗号化する場合、暗号化を開始する(420)。暗号化開始後、暗号完了割り込みの発生を確認する(422)。発生していない場合、待機し続ける。暗号完了割り込みが発生した場合、一致ID情報保存レジスタ324から転送先情報を取得し、転送を開始し(432)、制御を終了(434)する。 When a reception interrupt occurs, the process proceeds to the next step. Received ID information is acquired from the match ID information storage register 324, and it is determined whether the transfer destination is a CPU (ECU 100) (408). If the transfer destination is not equal to the CPU, the gateway operation is started (410).
Next, it is confirmed whether encryption is to be performed (412). When the encryption execution information is read from the coincidence ID information storage register 324 and encrypted, the encryption is started (420). After the start of encryption, the generation of an encryption completion interrupt is confirmed (422). If not, continue to wait. When an encryption completion interrupt occurs, transfer destination information is acquired from the match ID information storage register 324, transfer starts (432), and control ends (434).
 暗号化確認(412)で暗号化を実施しない場合、復号化実施の確認(414)を行う。一致ID情報保存レジスタ324から復号化実施の情報を読み出し、復号化する場合、復号化を開始する(416)。復号化開始後、復号完了割り込みの発生を確認する(418)。発生していない場合、待機し続ける。復号完了割り込みが発生した場合、一致ID情報保存レジスタ324から転送先情報を取得し、転送を開始し(432)、制御を終了(434)する。 If encryption is not performed in the encryption confirmation (412), confirmation of decryption is performed (414). When the decryption execution information is read from the match ID information storage register 324 and decrypted, decryption is started (416). After the decoding is started, the generation of a decoding completion interrupt is confirmed (418). If not, continue to wait. When a decoding completion interrupt occurs, transfer destination information is acquired from the match ID information storage register 324, transfer is started (432), and control is ended (434).
 転送先=CPUの場合、復号化実施の確認(424)を行う。一致ID情報保存レジスタ324から復号化実施の情報を読み出し、復号化する場合、復号化を開始する(426)。
復号化開始後、復号完了割り込みの発生を確認する(428)。発生していない場合、待機し続ける。復号完了割り込みが発生した場合、運転支援動作を開始する(430)。運転支援動作に関しては、後述する。運転支援動作を終了後、一致ID情報保存レジスタ324から転送先情報を取得し、転送を開始し(432)、制御を終了(434)する。 When the transfer destination = CPU, confirmation of execution of decryption (424) is performed. When the decryption execution information is read from the match ID information storage register 324 and decrypted, decryption is started (426).
After the decoding is started, the generation of the decoding completion interrupt is confirmed (428). If not, continue to wait. When a decoding completion interrupt occurs, the driving support operation is started (430). The driving support operation will be described later. After completing the driving support operation, transfer destination information is acquired from the coincidence ID information storage register 324, transfer is started (432), and control is ended (434).
 上記のように、従来時間のかかっていた、ゲートウェイ機能(少なくとも、受信IDの検索箇所)をハードウェア化することにより、処理速度を向上することができ、ゲートウェイ機能によるソフトウェア負荷を大幅に低減することが出来る。ソフトウェア負荷が低減することにより、運転支援用のソフトウェアを実装することが可能となる。 As mentioned above, hardware processing of the gateway function (at least the location where received IDs are searched), which previously took time, can improve the processing speed and greatly reduce the software load of the gateway function. I can do it. When the software load is reduced, it is possible to implement software for driving support.
 また、暗号機能もハードウェアで構成することにより、同時に高セキュリティを保つことが可能となる。 Also, by configuring the cryptographic function with hardware, it is possible to maintain high security at the same time.
 さらに、ゲートウェイ機能と運転支援機能を1つの車載電子制御装置で構成(実現)できることにより、別々の制御装置に構成するよりも、セキュリティ面、速度面において、性能を向上することが可能となる。 Furthermore, since the gateway function and the driving support function can be configured (implemented) with a single in-vehicle electronic control device, it is possible to improve the performance in terms of security and speed as compared with the configuration of separate control devices.
 次に、図5を用いて、ECU100の運転支援機能を説明する。図5は、本実施形態の運転支援動作の制御を示すフローチャートである。まず、運転支援動作が開始(500)された後に、例えば前方との車間距離が閾値以下か否かの判定を行う(502)。閾値以下の場合、警告のため、LEDを点灯し、乗員に注意を促す(504)。車間距離が閾値以上の場合はそのまま制御を終了する(506)。 Next, the driving support function of the ECU 100 will be described with reference to FIG. FIG. 5 is a flowchart showing the control of the driving support operation of the present embodiment. First, after the driving support operation is started (500), for example, it is determined whether the inter-vehicle distance from the front is equal to or less than a threshold value (502). If the value is below the threshold, the LED is turned on for warning, and the passenger is alerted (504). If the inter-vehicle distance is equal to or greater than the threshold, the control is terminated as it is (506).
 以上説明したように、本実施形態によれば、転送するデータのセキュリティを向上しつつ、データの転送を高速化することができる。 As described above, according to the present embodiment, it is possible to increase the speed of data transfer while improving the security of data to be transferred.
 なお、本発明は、前記の実施形態に限定されるものではなく、特許請求の範囲に記載された本発明の精神を逸脱しない範囲で、種々の設計変更を行うことができるものである。例えば、前記した実施形態は本発明を分かりやすく説明するために詳細に説明したものであり、必ずしも説明した全ての構成を備えるものに限定されるものではない。また、ある実施形態の構成の一部を他の実施形態の構成に置き換えることが可能であり、また、ある実施形態の構成に他の実施形態の構成を加えることも可能である。また、各実施形態の構成の一部について、他の構成の追加・削除・置換をすることが可能である。 The present invention is not limited to the above-described embodiment, and various design changes can be made without departing from the spirit of the present invention described in the claims. For example, the above-described embodiment has been described in detail for easy understanding of the present invention, and is not necessarily limited to one having all the configurations described. Further, a part of the configuration of an embodiment can be replaced with the configuration of another embodiment, and the configuration of another embodiment can be added to the configuration of an embodiment. In addition, it is possible to add, delete, and replace other configurations for a part of the configuration of each embodiment.
 また、制御線や情報線は説明上必要と考えられるものを示しており、製品上必ずしも全ての制御線や情報線を示しているとは限らない。実際には殆ど全ての構成が相互に接続されていると考えてもよい。 Also, the control lines and information lines indicate what is considered necessary for the explanation, and not all the control lines and information lines on the product are necessarily shown. Actually, it may be considered that almost all the components are connected to each other.
 なお、本発明の実施形態は、以下の態様であってもよい。 In addition, the following aspects may be sufficient as embodiment of this invention.
 (1)複数の車両ネットワークに接続される車載電子制御装置において、前記車両ネットワークから情報を受信し、当該受信した受信情報の通信IDと前記通信IDの転送経路情報、動作設定値に基づき、通信IDに応じて該当する転送先の車両ネットワークを特定する転送先特定部と、前記転送先のネットワークへ転送する情報を暗号化する暗号化部(暗号/復号)とを有し、暗号化された前記受信情報を前記転送先に転送する転送部とを有する車両電子制御装置。 (1) In an in-vehicle electronic control device connected to a plurality of vehicle networks, information is received from the vehicle network, and communication is performed based on a communication ID of the received reception information, transfer path information of the communication ID, and an operation setting value. A transfer destination specifying unit that specifies a vehicle network of a transfer destination corresponding to the ID, and an encryption unit (encryption / decryption) that encrypts information to be transferred to the transfer destination network. A vehicle electronic control device comprising: a transfer unit that transfers the received information to the transfer destination.
 (2)(1)において、前記転送先特定部は、論理回路として構成され、参照ID情報を生成する参照ID選択部と、前記受信情報のIDと前記参照IDとを比較する比較器と、を有し、前記参照ID選択部が論理回路で構成されていることを特徴とする車両電子制御装置。 (2) In (1), the transfer destination specifying unit is configured as a logic circuit, a reference ID selection unit that generates reference ID information, a comparator that compares the ID of the received information and the reference ID, And the reference ID selection unit is constituted by a logic circuit.
 (3)(1)において、前記暗号化部は、暗号化に使用する共通鍵及び前記車両ネットワークから受信した情報を所定の手続きに従い計算を実施する演算部を有し、前記演算部が論理回路として構成されていることを特徴とする車両電子制御装置。 (3) In (1), the encryption unit includes a calculation unit that performs calculation according to a predetermined procedure on a common key used for encryption and information received from the vehicle network, and the calculation unit is a logic circuit. It is comprised as follows. The vehicle electronic control apparatus characterized by the above-mentioned.
 (4)(2)において、前記参照ID選択部はルーティングテーブルの初期アドレス設定部と、ルーティングテーブルの次IDアドレスサイズ数に基づきIDアドレスを演算する機能を有し、前記アドレス演算部は論理回路で構成されることを特徴とする車両電子制御装置。 (4) In (2), the reference ID selection unit has a function of calculating an ID address based on an initial address setting unit of a routing table and a next ID address size number of the routing table, and the address calculation unit is a logic circuit. A vehicle electronic control device comprising:
 (5)(1)~(4)において、受信した受信情報の通信IDと転送経路情報、動作設定値はルーティングテーブルに登録されることを特徴とした車両電子制御装置。 (5) In the vehicle electronic control device according to (1) to (4), the communication ID, the transfer route information, and the operation setting value of the received reception information are registered in a routing table.
 (6)(1)~(5)において前記転送先情報特定部と、前記暗号化部を、一つのASIC内に構成したことを特徴とする車両電子制御装置
 (7)(1)~(6)の何れかにおいて、車両電子制御装置は、運転支援用電子制御装置であることを特徴とする車両電子制御装置。 (6) The vehicle electronic control device according to (1) to (6), wherein the transfer destination information specifying unit and the encryption unit are configured in one ASIC in (1) to (5). ), The vehicle electronic control device is a driving support electronic control device.
100…車載電子制御装置
200…電源
202…カスタムIC
204…電源回路
206…CPU
208…FailSafe回路
210…WDT回路
212…制御部
214…ID特定部
216…カスタムIC202内の接続を制限された領域
218…通信I/F
220…暗号部/復号部
222…メモリ
224…転送処理部
226…通信I/F
228…外部負荷駆動回路I/F
250、260、270、270…車内用ネットワーク
300…ルーティングテーブル
301…参照ID選択部
302…加算器
304…インクリメンタ
306…IDアドレスサイズ数
308…乗算器
310…先頭アドレス
312…加算器
314…セレクタ
318…IDセレクタ
320…受信ID
322…比較器
324…一致ID情報保存レジスタ 100: On-vehicle electronic control device 200 ... Power source 202 ... Custom IC
204 ... Power supply circuit 206 ... CPU
208... FailSafe circuit 210... WDT circuit 212... Control unit 214... ID specifying unit 216.
220 ... Encryption / decryption unit 222 ... Memory 224 ... Transfer processing unit 226 ... Communication I / F
228 ... External load drive circuit I / F
250, 260, 270, 270 ... in-vehicle network 300 ... routing table 301 ... reference ID selection unit 302 ... adder 304 ... incrementer 306 ... ID address size number 308 ... multiplier 310 ... start address 312 ... adder 314 ... selector 318 ... ID selector 320 ... received ID
322 ... Comparator 324 ... Match ID information storage register

Claims (7)

  1.  第1識別子を含む第1データを受信する受信部と、
     前記第1識別子に対応する転送先を特定する第1回路と、
     前記第1データを暗号化して第2データに変換する第2回路と、
     前記第2データを前記転送先へ送信する送信部と、
     を備えることを特徴とする車載電子制御装置。     A receiving unit for receiving first data including a first identifier;
    A first circuit for specifying a transfer destination corresponding to the first identifier;
    A second circuit for encrypting and converting the first data into second data;
    A transmission unit for transmitting the second data to the transfer destination;
    An on-vehicle electronic control device comprising:
  2.  請求項1に記載の車載電子制御装置であって、
     第2識別子及び前記第2識別子に対応する前記転送先の組合せを複数記憶する記憶装置を備え、
     前記第1回路は、
     論理回路で構成され、参照する前記第2識別子を前記記憶装置から選択する選択回路と、
     前記第1識別子と前記第2識別子を比較する比較器と、を有する
     ことを特徴とする車載電子制御装置。     The on-vehicle electronic control device according to claim 1,
    A storage device that stores a plurality of combinations of the second identifier and the transfer destination corresponding to the second identifier;
    The first circuit includes:
    A selection circuit that is configured by a logic circuit and that selects the second identifier to be referenced from the storage device;
    A vehicle-mounted electronic control device comprising: a comparator that compares the first identifier with the second identifier.
  3.  請求項2に記載の車載電子制御装置であって、
     前記第2回路は、
     論理回路で構成され、暗号化に使用される鍵と前記第1データから前記第2データを計算する第1計算部を有する
     ことを特徴とする車載電子制御装置。     The on-vehicle electronic control device according to claim 2,
    The second circuit includes:
    An in-vehicle electronic control device comprising a first calculation unit configured by a logic circuit and calculating the second data from a key used for encryption and the first data.
  4.  請求項2に記載の車載電子制御装置であって、
     前記第2識別子及び前記転送先の組合せは、
     アドレスに対応する記憶領域にそれぞれ記憶され、
     前記選択回路は、
     論理回路で構成され、1つの前記アドレスと前記記憶領域のサイズから参照する前記アドレスを計算する第2計算部を有する
     ことを特徴とする車載電子制御装置。     The on-vehicle electronic control device according to claim 2,
    The combination of the second identifier and the transfer destination is:
    Each is stored in the storage area corresponding to the address,
    The selection circuit includes:
    An in-vehicle electronic control device comprising a second calculation unit configured by a logic circuit and calculating the address to be referred to from one address and the size of the storage area.
  5.  請求項4に記載の車載電子制御装置であって、
     前記選択回路は、
     参照する前記アドレスに対応する前記記憶領域に記憶される情報を選択する第1セレクタと、
     前記第1セレクタによって選択された情報から前記第2識別子を選択する第2セレクタと、を備える
     ことを特徴とする車載電子制御装置。     The on-vehicle electronic control device according to claim 4,
    The selection circuit includes:
    A first selector for selecting information stored in the storage area corresponding to the address to be referred to;
    An on-vehicle electronic control device comprising: a second selector that selects the second identifier from information selected by the first selector.
  6.  請求項4に記載の車載電子制御装置であって、
     前記第1回路と前記第2回路は、
     1つのASIC内に配置される
     ことを特徴とする車載電子制御装置。     The on-vehicle electronic control device according to claim 4,
    The first circuit and the second circuit are:
    An in-vehicle electronic control device, which is arranged in one ASIC.
  7.  請求項4に記載の車載電子制御装置であって、
     前記第1データは、
     車両又は前記車両の周囲の状態を示すパラメータを含み、
     前記車載電子制御装置は、
     前記転送先が前記車載電子制御装置である場合に、前記パラメータに基づいて運転を支援する制御を行う
     ことを特徴とする車載電子制御装置。     The on-vehicle electronic control device according to claim 4,
    The first data is:
    Including parameters indicating the vehicle or the surrounding conditions of the vehicle,
    The in-vehicle electronic control device is
    When the transfer destination is the in-vehicle electronic control device, control for supporting driving is performed based on the parameter. The in-vehicle electronic control device.
PCT/JP2017/027365 2016-09-16 2017-07-28 In-vehicle electronic control device WO2018051654A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2018539555A JP6664501B2 (en) 2016-09-16 2017-07-28 In-vehicle electronic control unit

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2016-181230 2016-09-16
JP2016181230 2016-09-16

Publications (1)

Publication Number Publication Date
WO2018051654A1 true WO2018051654A1 (en) 2018-03-22

Family

ID=61619520

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2017/027365 WO2018051654A1 (en) 2016-09-16 2017-07-28 In-vehicle electronic control device

Country Status (2)

Country Link
JP (1) JP6664501B2 (en)
WO (1) WO2018051654A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005099170A1 (en) * 2004-04-05 2005-10-20 Nippon Telegraph And Telephone Corporation Packet encryption substituting device, method thereof, and program recording medium
JP2013070229A (en) * 2011-09-22 2013-04-18 Sanken Electric Co Ltd Power supply device and program
JP2013201510A (en) * 2012-03-23 2013-10-03 Denso Corp System and device for vehicle data communication

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004343626A (en) * 2003-05-19 2004-12-02 Sumitomo Electric Ind Ltd On-vehicle communication system, on-vehicle apparatus, and encryption method
JP5598164B2 (en) * 2010-08-26 2014-10-01 トヨタ自動車株式会社 Computer system
JP5830923B2 (en) * 2011-04-28 2015-12-09 株式会社オートネットワーク技術研究所 Information processing system
JP5900007B2 (en) * 2012-02-20 2016-04-06 株式会社デンソー VEHICLE DATA COMMUNICATION AUTHENTICATION SYSTEM AND VEHICLE GATEWAY DEVICE
JP2014182571A (en) * 2013-03-19 2014-09-29 Denso Corp On-vehicle electronic control device program rewriting system and on-vehicle relay device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005099170A1 (en) * 2004-04-05 2005-10-20 Nippon Telegraph And Telephone Corporation Packet encryption substituting device, method thereof, and program recording medium
JP2013070229A (en) * 2011-09-22 2013-04-18 Sanken Electric Co Ltd Power supply device and program
JP2013201510A (en) * 2012-03-23 2013-10-03 Denso Corp System and device for vehicle data communication

Also Published As

Publication number Publication date
JPWO2018051654A1 (en) 2019-02-21
JP6664501B2 (en) 2020-03-13

Similar Documents

Publication Publication Date Title
US11314661B2 (en) Hardware security for an electronic control unit
CN109479000B (en) Reuse system, key generation device, data security device, vehicle-mounted computer, reuse method, and storage medium
JP6573819B2 (en) Fraud detection rule update method, fraud detection electronic control unit and in-vehicle network system
CN107431625B (en) Gateway device, in-vehicle network system, and transfer method
JP6618480B2 (en) Update management method, update management system, and control program
WO2016134610A1 (en) Road train data authentication method and on-board terminal
US20160344703A1 (en) Controller area network (can) device and method for operating a can device
US9672025B2 (en) Encryption for telematics flashing of a vehicle
US20220276855A1 (en) Method and apparatus for processing upgrade package of vehicle
CN108781164B (en) Communication network system, vehicle, counter value notification node, and counter value sharing method
US10997298B2 (en) Processing apparatus, and semiconductor integrated circuit and boot method therefor
EP3124331B1 (en) Controller area network (can) device and method for operating a can device
US11228602B2 (en) In-vehicle network system
US20200220724A1 (en) Key management device, and communication apparatus
US20220231995A1 (en) Secured communication from within non-volatile memory device
JP7412506B2 (en) Fraud detection rule update method, fraud detection electronic control unit and in-vehicle network system
WO2018051654A1 (en) In-vehicle electronic control device
CN110312232B (en) Vehicle communication system and vehicle communication method
CN113300947B (en) Gateway device, in-vehicle network system, and transfer method
US11750573B2 (en) System for transmitting and receiving data based on vehicle network and method therefor
WO2017216874A1 (en) Key management device, key management program, and key sharing method
US20230004376A1 (en) Center, ota master, method, non-transitory storage medium, and vehicle
WO2021005978A1 (en) Arithmetic device and data transmission method
JP2023085958A (en) On-vehicle device, program, and information processing method
KR20170119467A (en) Apparatus for in-vehicle communication and data encryption method thereof

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 2018539555

Country of ref document: JP

Kind code of ref document: A

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17850560

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17850560

Country of ref document: EP

Kind code of ref document: A1