WO2018135096A1 - Control system, server device, control method, and computer program - Google Patents

Control system, server device, control method, and computer program Download PDF

Info

Publication number
WO2018135096A1
WO2018135096A1 PCT/JP2017/040091 JP2017040091W WO2018135096A1 WO 2018135096 A1 WO2018135096 A1 WO 2018135096A1 JP 2017040091 W JP2017040091 W JP 2017040091W WO 2018135096 A1 WO2018135096 A1 WO 2018135096A1
Authority
WO
WIPO (PCT)
Prior art keywords
command
vehicle
identification information
server device
unit
Prior art date
Application number
PCT/JP2017/040091
Other languages
French (fr)
Japanese (ja)
Inventor
竹森 敬祐
誠一郎 溝口
Original Assignee
Kddi株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kddi株式会社 filed Critical Kddi株式会社
Publication of WO2018135096A1 publication Critical patent/WO2018135096A1/en

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R16/00Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
    • B60R16/02Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
    • B60R16/023Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for transmission of signals between vehicle parts or subsystems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]

Definitions

  • the present invention relates to a control system, a server device, a control method, and a computer program.
  • Non-Patent Document 1 discloses a security technique for an in-vehicle control system configured by connecting a plurality of ECUs to a CAN (Controller Area Network).
  • Keisuke Takemori, “Protection of in-vehicle control systems based on secure elements-Organizing and considering elemental technologies”, IEICE, IEICE Technical Report, vol.vol114, no. 508, pp. 73-78, 2015 March Japanese Industrial Standard, JIS D4901, “Vehicle Identification Number (VIN)”
  • the present invention has been made in consideration of such circumstances, and can improve safety when performing maintenance work such as a vehicle such as an automobile, a control system, a server device, a control method, and It is an object to provide a computer program.
  • One aspect of the present invention includes a terminal device, a server device, and a command reception unit provided in a vehicle, and the terminal device transmits a command transmission request message for requesting transmission of a command executed in the vehicle.
  • the server device authenticates an authentication request message received from the vehicle, and authentication identification information is sent to the vehicle that has passed the authentication.
  • the control system includes a vehicle communication unit that transmits the authentication request message to the server device, and a vehicle notification unit that notifies the authentication identification information, and the terminal device. Includes a terminal input unit for inputting authentication identification information, the command request unit transmits the authentication identification information input by the terminal input unit to the server device, and the command control unit receives the command request unit from the command request unit.
  • the command request unit transmits the authentication identification information input by the terminal input unit to the server device
  • the command control unit receives the command request unit from the command request unit.
  • the command based on the command transmission request message is transmitted to the vehicle.
  • said authentication identification information received from the command request unit does not match the authentication identification information transmitted to the vehicle does not transmit the commands based on the command transmission request message to the vehicle is a control system.
  • the server device authenticates the authentication request message received from the terminal device, and authenticates the terminal device that has passed the authentication.
  • the command control unit includes: When the received authentication identification information matches the authentication identification information transmitted to the terminal device, the command based on the command transmission request message is sent to the vehicle.
  • the server device includes vehicle identification information of the vehicle or user identification information received from the terminal device, or
  • the control system includes a recording unit that records the command transmitted to the vehicle in association with both the vehicle identification information and the user identification information.
  • the command control unit includes vehicle identification information or user identification information, or vehicle identification information and user identification information.
  • a command generation unit that generates the command based on the command transmission request message using the parameter group stored in the parameter table in association with both user identification information received from the terminal device System.
  • One aspect of the present invention includes a server device, a command request unit provided in a vehicle, and a command reception unit provided in the vehicle, wherein the command request unit transmits a command executed in the vehicle.
  • a requesting command transmission request message is transmitted to the server device, and the server device includes a command control unit that transmits the command to the vehicle based on the command transmission request message, and the command receiving unit includes the command receiving unit, A control system that receives the command from a server device.
  • One aspect of the present invention is a server device including a command control unit that transmits a command executed in a vehicle to the vehicle based on a command transmission request message received from a terminal device.
  • One aspect of the present invention is a server device including a command control unit that transmits a command executed by the vehicle to the vehicle based on a command transmission request message received from the vehicle.
  • One aspect of the present invention is a control method for a control system including a terminal device, a server device, and a command receiving unit provided in a vehicle, wherein the terminal device transmits a command executed in the vehicle.
  • a command transmission request message for requesting to the server device the server device transmitting the command to the vehicle based on the command transmission request message, and the command receiving unit from the server device to the A control method for receiving a command.
  • One aspect of the present invention is a control method for a control system including a server device, a command request unit provided in a vehicle, and a command reception unit provided in the vehicle, wherein the command request unit is the vehicle.
  • a command transmission request message for requesting transmission of a command to be executed is transmitted to the server device, the server device transmits the command to the vehicle based on the command transmission request message, and the command receiving unit A control method for receiving the command from the server device.
  • One aspect of the present invention is a computer program for causing a computer of a server device to execute a process of transmitting a command to be executed in a vehicle to the vehicle based on a command transmission request message received from a terminal device It is.
  • One aspect of the present invention is a computer program for causing a computer of a server device to execute a process of transmitting a command to be executed in the vehicle to the vehicle based on a command transmission request message received from the vehicle. It is.
  • the present invention it is possible to improve the safety when performing work such as maintenance of a vehicle such as an automobile.
  • control system 1 It is a schematic structure figure of control system 1 concerning one embodiment. It is a schematic block diagram of the server apparatus 30 which concerns on one Embodiment. It is a schematic block diagram of the terminal device 50 which concerns on one Embodiment. It is a schematic block diagram of the control apparatus 70 which concerns on one Embodiment. It is a sequence chart which shows Example 1-1 of the control method which concerns on one Embodiment. It is a sequence chart which shows Example 1-2 of the control method which concerns on one Embodiment. It is a schematic structure figure of control system 1a concerning one embodiment. It is a sequence chart which shows Example 2-1 of the control method which concerns on one Embodiment. It is a sequence chart which shows Example 2-2 of the control method which concerns on one Embodiment.
  • control system 1b It is a schematic block diagram of the control system 1b which concerns on one Embodiment. It is a schematic block diagram of the control apparatus 70 which concerns on one Embodiment. It is a sequence chart which shows Example 3 of the control method which concerns on one Embodiment. It is a schematic block diagram of the command control part 38 which concerns on one Embodiment. It is a figure which shows the structural example of the parameter table 84 which concerns on one Embodiment.
  • FIG. 1 is a schematic configuration diagram of a control system 1 according to the first embodiment.
  • the control system 1 includes a server device 30, a terminal device 50, and a control device 70.
  • the control device 70 is provided in the automobile 10.
  • the automobile 10 includes a communication interface 12, a control device 70, a gateway device (GW) 16, and a plurality of ECUs (electronic control devices) 18.
  • GW gateway device
  • the ECU 18 is an in-vehicle computer provided in the automobile 10.
  • the ECU 18 has a control function such as engine control of the automobile 10. Examples of the ECU 18 include an ECU having an engine control function, an ECU having a handle control function, and an ECU having a brake control function.
  • the gateway device 16 has a data security (security) function applied to the ECU 18 mounted on the automobile 10. Note that any ECU mounted on the automobile 10 may function as the gateway device 16.
  • the gateway device 16 and the plurality of ECUs 18 are connected to a communication network (hereinafter referred to as an in-vehicle network) 17 provided in the automobile 10.
  • the in-vehicle network 17 may be, for example, CAN (Controller Area Network). CAN is known as one of communication networks mounted on vehicles.
  • the gateway device 16 exchanges data with each ECU 18 via the in-vehicle network 17.
  • the ECU 18 exchanges data with other ECUs 18 via the in-vehicle network 17.
  • a communication network other than CAN is provided in the automobile 10, data exchange between the gateway device 16 and the ECU 18, and between the ECUs 18 via the communication network other than CAN. Exchange of data may be performed.
  • the automobile 10 may include a LIN (Local Interconnect Network).
  • the automobile 10 may include CAN and LIN.
  • the automobile 10 may include an ECU 18 connected to the LIN.
  • the gateway device 16 may be connected to CAN and LIN.
  • the gateway device 16 exchanges data with the ECU 18 connected to the CAN via the CAN, and exchanges data with the ECU 18 connected to the LIN via the LIN. Good.
  • the ECUs 18 may exchange data via the LIN.
  • the in-vehicle computer system of the automobile 10 is configured by connecting a gateway device 16 and a plurality of ECUs 18 to an in-vehicle network 17.
  • the gateway device 16 monitors communication between the inside and the outside of the in-vehicle computer system of the automobile 10.
  • the ECU 18 communicates with an external device of the in-vehicle computer system via the gateway device 16.
  • the in-vehicle network 17 may include a plurality of buses (communication lines), and the plurality of buses may be connected to the gateway device 16.
  • the plurality of buses may be connected to the gateway device 16.
  • one ECU 18 or a plurality of ECUs 18 is connected to one bus.
  • the communication interface 12 communicates with an external device of the automobile 10.
  • the communication interface 12 may perform wireless communication or may perform wired communication.
  • the communication interface 12 may be a wireless communication interface such as a mobile communication network, a wireless LAN (Local Area Network), or a short-range wireless communication.
  • the communication interface 12 may be a wired communication interface such as a wired LAN or a universal serial bus (Universal Serial Bus: USB).
  • the communication interface 12 may include both a wireless communication interface and a wired communication interface.
  • the communication interface 12 may be a diagnostic port of the automobile 10.
  • an OBD (On-board Diagnostics) port may be used as a diagnostic port of the automobile 10.
  • the communication interface 12 communicates with the server device 30 via the communication path 102.
  • the control device 70 is connected to the communication interface 12 and the gateway device 16.
  • the control device 70 communicates with the server device 30 via the communication interface 12.
  • the control device 70 communicates with the ECU 18 via the gateway device 16.
  • the server device 30 communicates with the communication interface 12 of the automobile 10 via the communication path 102.
  • the server device 30 communicates with the control device 70 of the automobile 10 via the communication interface 12 of the automobile 10.
  • the communication path 102 may be a wireless communication path, a wired communication path, or a wireless communication path and a wired communication path.
  • the communication path 102 may be a communication path of a wireless communication network used by the communication interface 12.
  • the communication path 102 may be a communication path including a communication network such as the Internet and a wireless communication network used by the communication interface 12.
  • the server device 30 and the communication interface 12 may be connected by a dedicated line such as a VPN (Virtual Private Network) line.
  • the server device 30 and the automobile 10 may be connected by a communication cable.
  • the server device 30 and the communication interface 12 of the automobile 10 may be connected by a communication cable.
  • the server device 30 and the diagnostic port of the automobile 10 may be connected by a communication cable.
  • the server device 30 and the automobile 10 may be configured to communicate via a wired or wireless communication network.
  • the server device 30 and the automobile 10 may be connected by a wired or wireless LAN.
  • the server device 30 communicates with the terminal device 50 via the communication path 104.
  • the communication path 104 may be a wireless communication path, a wired communication path, or may be configured by a wireless communication path and a wired communication path.
  • the server device 30 and the terminal device 50 may be connected by a communication cable.
  • the server device 30 and the terminal device 50 may be configured to perform communication via a wired or wireless communication network.
  • the server device 30 and the terminal device 50 may be connected by a wired or wireless LAN.
  • FIG. 2 is a schematic configuration diagram of the server device 30 according to the present embodiment.
  • the server device 30 includes a communication unit 32, an authentication unit 34, a recording unit 36, and a command control unit 38.
  • the communication unit 32 communicates with the automobile 10 via the communication path 102.
  • the communication unit 32 communicates with the terminal device 50 via the communication path 104.
  • the authentication unit 34 performs authentication of the other party who accesses the server device 30.
  • the command control unit 38 performs control such as transmission of commands executed in the automobile 10.
  • the recording unit 36 records commands executed by the automobile 10.
  • the function of the server device 30 is realized by a CPU (Central Processing Unit) provided in the server device 30 executing a computer program.
  • the server device 30 may be configured using a general-purpose computer device, or may be configured as a dedicated hardware device.
  • FIG. 3 is a schematic configuration diagram of the terminal device 50 according to the present embodiment.
  • the terminal device 50 includes a communication unit 52, an operation unit 54, a display unit 56, and a command request unit 58.
  • the communication unit 52 communicates with the server device 30 via the communication path 104.
  • the operation unit 54 is configured by an input device such as a numeric keypad, and performs data input according to a user operation.
  • the display unit 56 is composed of a display device such as a liquid crystal display device, and performs data display.
  • the terminal device 50 may include a touch panel capable of both data input and data display as a device having both functions of the operation unit 54 and the display unit 56.
  • the command request unit 58 requests the server device 30 to transmit a command to be executed by the automobile 10.
  • the function of the terminal device 50 is realized by the CPU provided in the terminal device 50 executing a computer program.
  • the terminal device 50 may be configured using a general-purpose computer device or may be configured as a dedicated hardware device. Further, as the terminal device 50, a mobile communication terminal device such as a smartphone, a tablet computer device (tablet PC), a stationary personal computer device, or the like may be used.
  • FIG. 4 is a schematic configuration diagram of the control device 70 according to the present embodiment.
  • the control device 70 includes a communication unit 72, an operation unit 74, a display unit 76, and a command reception unit 78.
  • the communication unit 72 communicates with the server device 30 via the communication interface 12.
  • the operation unit 74 is composed of an input device such as a numeric keypad, and performs data input according to a user operation.
  • the display unit 76 is composed of a display device such as a liquid crystal display device, and performs data display.
  • the control device 70 may include a touch panel capable of both data input and data display as a device having both functions of the operation unit 74 and the display unit 76.
  • the command receiving unit 78 receives a command from the server device 30.
  • control device 70 The function of the control device 70 is realized by a CPU provided in the control device 70 executing a computer program. Note that the control device 70 may be configured using a general-purpose computer device, or may be configured as a dedicated hardware device.
  • control device 70 may be realized using another computer device mounted on the automobile 10.
  • the control device 70 may be realized using an infotainment device mounted on the automobile 10.
  • infotainment device examples include those having a navigation function, a location information service function, a multimedia playback function such as music and video, a voice communication function, a data communication function, and an Internet connection function.
  • infotainment device is generally called, for example, an in-vehicle infotainment (IVI) system.
  • the function of the control device 70 may be realized by a CPU provided in the infotainment device executing a computer program for realizing the function of the control device 70.
  • the operation unit 74 and the display unit 76 of the control device 70 may be an input device and a display device included in the infotainment device.
  • a touch panel included in the infotainment device may be used for the operation unit 74 and the display unit 76 of the control device 70.
  • the control method according to the present embodiment includes a stage of authenticating a worker who performs maintenance work on the automobile 10 (authentication phase) and a stage where the worker performs maintenance work on the automobile 10 (maintenance phase).
  • the maintenance work of the automobile 10 is performed at the time of production of the automobile 10 at an automobile manufacturing company, or at the time of maintenance of the automobile 10 at an automobile maintenance factory, an automobile dealer, or the like.
  • the command executed in the automobile 10 may be a command used in maintenance work of the automobile 10, for example.
  • FIG. 5 is a sequence chart showing Example 1-1 of the control method according to the present embodiment.
  • the communication unit 32 of the server device 30 and the communication unit 52 of the terminal device 50 perform encrypted communication using an encryption key shared in advance.
  • the encryption communication path between the server apparatus 30 and the terminal device 50 is made.
  • the communication unit 32 of the server device 30 and the communication unit 72 of the control device 70 perform encrypted communication using an encryption key shared in advance.
  • the encryption communication path between the server apparatus 30 and the control apparatus 70 is made.
  • https hypertext transfer protocol secure
  • the server device 30 and the terminal device 50 transmit and receive data through an encrypted communication path between the server device 30 and the terminal device 50.
  • the server device 30 and the control device 70 of the automobile 10 transmit and receive data via an encrypted communication path between the server device 30 and the control device 70.
  • the authentication phase of the control method example 1-1 will be described.
  • the terminal device 50 and the control device 70 of the automobile 10 log in to the server device 30.
  • Step S11 The operator inputs a user identification information ID and a password PWD for logging in to the server device 30 through the operation unit 74 of the control device 70 of the automobile 10.
  • the communication unit 72 of the control device 70 sends a log-in request message including the vehicle identification number (Vehicle Identification Number: VIN) of the automobile 10 and the user identification information ID and password PWD input by the operation unit 74 to the server device 30.
  • the login request message corresponds to the authentication request message.
  • the vehicle identification number corresponds to the vehicle identification information.
  • the communication unit 72 corresponds to the vehicle communication unit.
  • the vehicle identification number (VIN) is described in Non-Patent Document 2, for example.
  • the vehicle identification number VIN of the automobile 10 may be stored in the control device 70 in advance, or the vehicle identification number VIN may be notified from the outside to the control device 70 at a predetermined opportunity.
  • the ECU 18 having the engine control function of the automobile 10 stores the vehicle identification number VIN of the automobile 10
  • the ECU 18 notifies the control device 70 of the vehicle identification number VIN of the automobile 10 after the ECU 18 is started. May be.
  • the vehicle identification number VIN of the automobile 10 for example, the vehicle identification number VIN managed by the automobile manufacturer or automobile dealer of the automobile 10 may be supplied to the control device 70.
  • the automobile manufacturer of the automobile 10 may be provided with a database of the vehicle identification number VIN, and the vehicle identification number VIN may be notified from the database to the control device 70 of the automobile 10 by communication.
  • the authentication unit 34 of the server device 30 authenticates the login request message received from the control device 70 of the automobile 10.
  • a set of the user identification information ID and the password PWD is registered in the server device 30 in advance.
  • the authentication unit 34 holds a set of user identification information ID and password PWD registered in the server device 30.
  • the authentication unit 34 compares the set of user identification information ID and password PWD included in the login request message with the set of user identification information ID and password PWD registered in the server device 30. As a result of this comparison, if the two match, the authentication for the login request message is passed, and if the two do not match, the authentication for the login request message fails.
  • Authentication for a login request message refers to authentication for a set of user identification information ID and password PWD included in the login request message.
  • the recording unit 36 records the vehicle identification number VIN included in the login request message in association with the user identification information ID included in the login request message. Thereafter, the process proceeds to step S12.
  • the processing in FIG. 5 is terminated. If the authentication for the login request message fails, the login from the control device 70 of the automobile 10 to the server device 30 has failed. If the authentication for the login request message fails, the recording unit 36 records the login failure in association with the user identification information ID included in the login request message. If the authentication for the login request message fails, the server device 30 may execute a predetermined error process.
  • the authentication unit 34 of the server device 30 returns a login success message OK including the authentication identification information Tk to the control device 70 of the automobile 10 that has transmitted the login request message that has passed the authentication.
  • the authentication identification information Tk is identification information regarding the success of the current login for the user identification information ID included in the login request message that has passed the authentication.
  • the authentication unit 34 generates authentication identification information Tk as disposable identification information (one-time password).
  • the authentication unit 34 holds the authentication identification information Tk in association with the user identification information ID included in the login request message that has passed authentication. This authentication identification information Tk is referred to as verification authentication identification information Tk.
  • the login from the control device 70 of the automobile 10 to which the login success message OK is returned to the server device 30 is successful.
  • the recording unit 36 records the successful login in association with the user identification information ID included in the login request message that has passed the authentication.
  • the communication unit 72 of the control device 70 of the automobile 10 displays the authentication identification information Tk included in the login success message OK received from the server device 30 on the display screen of the display unit 76.
  • the worker recognizes the authentication identification information Tk displayed on the display screen of the display unit 76.
  • Display unit 76 corresponds to a vehicle notification unit.
  • reporting part should just have the function to alert
  • the vehicle notification unit may notify the authentication identification information Tk by voice.
  • reporting part may alert
  • Step S13 The operator inputs the authentication identification information Tk and the user identification information ID and password PWD for logging in to the server device 30 through the operation unit 54 of the terminal device 50.
  • the command request unit 58 of the terminal device 50 transmits a login request message including the user identification information ID, the password PWD, and the authentication identification information Tk input by the operation unit 54 to the server device 30.
  • the operation unit 54 corresponds to a terminal input unit.
  • the authentication unit 34 of the server device 30 authenticates the login request message received from the terminal device 50.
  • the authentication unit 34 compares the set of user identification information ID and password PWD included in the login request message with the set of user identification information ID and password PWD registered in the server device 30. As a result of this comparison, if the two match, the authentication for the login request message is passed, and if the two do not match, the authentication for the login request message fails.
  • the server device 30 may execute a predetermined error process.
  • the authentication unit 34 further holds the authentication identification information Tk included in the login request message and the user identification information ID included in the login request message.
  • the verification authentication identification information Tk is compared. As a result of the comparison, if the two match, the verification of the authentication identification information Tk included in the login request message has passed, and if the two do not match, the verification of the authentication identification information Tk included in the login request message has failed. Pass.
  • the recording unit 36 When the verification of the authentication identification information Tk included in the login request message is acceptable, the recording unit 36 indicates that the verification of the authentication identification information Tk is successful in the user identification information ID included in the login request message. Record in association. Thereafter, the process proceeds to step S14.
  • the process of FIG. If at least one of the authentication for the login request message or the verification of the authentication identification information Tk included in the login request message fails, the login from the terminal device 50 to the server device 30 is unsuccessful.
  • the recording unit 36 indicates that the verification of the authentication identification information Tk is unsuccessful, and the user identification information included in the login request message. Record in association with the ID.
  • the server device 30 may execute a predetermined error process.
  • Step S ⁇ b> 14 The authentication unit 34 of the server device 30 passes the authentication for the login request message and the verification of the authentication identification information Tk included in the login request message to the terminal device 50 that is the transmission source of the login request message. , A login success message OK is returned. The login from the terminal device 50 to which the login success message OK is returned to the server device 30 is successful.
  • the recording unit 36 records the successful login in association with the user identification information ID included in the login request message that has passed the authentication.
  • the maintenance phase of the control method example 1-1 will be described.
  • the server device 30 executes the procedure of the maintenance phase for the control device 70 and the terminal device 50 of the automobile 10 that are the counterparts who returned the login success message OK in the authentication phase.
  • the terminal device 50 and the control device 70 of the automobile 10 to which the authentication unit 34 of the server device 30 has returned the login success message OK in the authentication phase are continuing to log in to the server device 30 based on the user identification information ID.
  • the recording unit 36 of the server device 30 records the user identification information ID and the vehicle identification number VIN of the automobile 10 in association with each other.
  • Step S ⁇ b> 21 The command request unit 58 of the terminal device 50 transmits a command transmission request message for requesting transmission of a command executed by the automobile 10 to the server device 30.
  • the command that the command requesting unit 58 requests to send to the server device 30 by the command transmission request message may be a command designated by the operator through the operation unit 54 or may be set in advance as maintenance work content. .
  • Step S ⁇ b> 22 The command control unit 38 of the server device 30 transmits a command to the control device 70 of the automobile 10 based on the command transmission request message received from the terminal device 50.
  • the recording unit 36 records the command transmitted from the command control unit 38 to the control device 70 of the automobile 10 in association with the user identification information ID.
  • the command receiving unit 78 of the control device 70 of the automobile 10 receives a command from the server device 30.
  • the command receiving unit 78 transfers the command received from the server device 30 to the in-vehicle device of the automobile 10 that executes the command. Examples of the in-vehicle device of the automobile 10 that executes a command include the gateway device 16 and the ECU 18. Note that the control device 70 may execute the command received by the command receiving unit 78 from the server device 30.
  • Step S ⁇ b> 23 The command receiving unit 78 of the control device 70 of the automobile 10 receives a command execution result from the command transfer destination in-vehicle device.
  • the command receiving unit 78 transmits the command execution result to the server device 30.
  • the recording unit 36 of the server device 30 records the execution result of the command received from the control device 70 of the automobile 10 in association with the user identification information ID.
  • Step S24 The command control unit 38 of the server device 30 transmits the execution result of the command received from the control device 70 of the automobile 10 to the terminal device 50 that is the transmission source of the command transmission request message.
  • the command request unit 58 of the terminal device 50 displays the execution result of the command received from the server device 30 on the display screen of the display unit 56. The worker recognizes the execution result of the command displayed on the display screen of the display unit 56.
  • FIG. 6 is a sequence chart showing Example 1-2 of the control method according to the present embodiment.
  • the server device 30 and the terminal device 50 transmit and receive data via an encrypted communication path between the server device 30 and the terminal device 50.
  • the server device 30 and the control device 70 of the automobile 10 transmit and receive data via an encrypted communication path between the server device 30 and the control device 70.
  • the difference between the control method example 1-2 and the control method example 1-1 will be mainly described.
  • the authentication phase of the control method example 1-2 will be described.
  • the order in which the terminal device 50 and the control device 70 of the automobile 10 log in to the server device 30 is opposite to the authentication phase of the control method example 1-1.
  • Step S11a The operator inputs the user identification information ID and the password PWD for logging in to the server device 30 through the operation unit 54 of the terminal device 50.
  • the command request unit 58 of the terminal device 50 transmits a login request message including the user identification information ID input by the operation unit 54 and the password PWD to the server device 30.
  • the authentication unit 34 of the server device 30 authenticates the login request message received from the terminal device 50.
  • the authentication unit 34 compares the set of user identification information ID and password PWD included in the login request message with the set of user identification information ID and password PWD registered in the server device 30. As a result of this comparison, if the two match, the authentication for the login request message is passed, and if the two do not match, the authentication for the login request message fails.
  • step S12a If the authentication for the login request message is successful, the process proceeds to step S12a. On the other hand, if the authentication for the login request message is unsuccessful, the process of FIG. 6 ends. If the authentication for the login request message fails, the login from the terminal device 50 to the server device 30 has failed. If the authentication for the login request message fails, the recording unit 36 records the login failure in association with the user identification information ID included in the login request message. If the authentication for the login request message fails, the server device 30 may execute a predetermined error process.
  • Step S12a The authentication unit 34 of the server device 30 returns a login success message OK including the authentication identification information Tk to the terminal device 50 that has transmitted the login request message that has passed the authentication.
  • the authentication identification information Tk is identification information regarding the success of the current login for the user identification information ID included in the login request message that has passed the authentication.
  • the authentication unit 34 generates authentication identification information Tk as disposable identification information (one-time password).
  • the authentication unit 34 holds the authentication identification information Tk in association with the user identification information ID included in the login request message that has passed authentication. This authentication identification information Tk is referred to as verification authentication identification information Tk.
  • the login from the terminal device 50 to which the login success message OK is returned to the server device 30 is successful.
  • the recording unit 36 records the successful login in association with the user identification information ID included in the login request message that has passed the authentication.
  • the command request unit 58 of the terminal device 50 displays the authentication identification information Tk included in the login success message OK received from the server device 30 on the display screen of the display unit 56.
  • the worker recognizes the authentication identification information Tk displayed on the display screen of the display unit 56.
  • the display unit 56 corresponds to a terminal notification unit.
  • reporting part should just have the function to alert
  • the terminal notification unit may notify the authentication identification information Tk by voice.
  • the terminal notification unit may notify the authentication identification information Tk by printing.
  • Step S ⁇ b> 13 a The worker inputs the authentication identification information Tk, the user identification information ID for logging in to the server device 30, and the password PWD through the operation unit 74 of the control device 70 of the automobile 10.
  • the communication unit 72 of the control device 70 transmits a login request message including the vehicle identification number VIN of the automobile 10 and the user identification information ID, the password PWD, and the authentication identification information Tk input by the operation unit 74 to the server device 30.
  • the operation unit 74 corresponds to a vehicle input unit.
  • the authentication unit 34 of the server device 30 authenticates the login request message received from the control device 70 of the automobile 10.
  • the authentication unit 34 compares the set of user identification information ID and password PWD included in the login request message with the set of user identification information ID and password PWD registered in the server device 30. As a result of this comparison, if the two match, the authentication for the login request message is passed, and if the two do not match, the authentication for the login request message fails.
  • the server device 30 may execute a predetermined error process.
  • the authentication unit 34 further holds the authentication identification information Tk included in the login request message and the user identification information ID included in the login request message.
  • the verification authentication identification information Tk is compared. As a result of the comparison, if the two match, the verification of the authentication identification information Tk included in the login request message has passed, and if the two do not match, the verification of the authentication identification information Tk included in the login request message has failed. Pass.
  • the recording unit 36 When the verification of the authentication identification information Tk included in the login request message is acceptable, the recording unit 36 indicates that the verification of the authentication identification information Tk is successful in the user identification information ID included in the login request message. Record in association. Thereafter, the process proceeds to step S14a.
  • the process of FIG. When at least one of the authentication for the login request message or the verification of the authentication identification information Tk included in the login request message fails, the login from the control device 70 of the automobile 10 to the server device 30 has failed. is there.
  • the recording unit 36 indicates that the verification of the authentication identification information Tk is unsuccessful, and the user identification information included in the login request message. Record in association with the ID.
  • the server device 30 may execute a predetermined error process.
  • Step S14a The authentication unit 34 of the server device 30 controls the automobile 10 that is the transmission source of the login request message that has passed both the authentication for the login request message and the verification of the authentication identification information Tk included in the login request message.
  • a login success message OK is returned to the device 70.
  • the login from the control device 70 of the automobile 10 to which the login success message OK is returned to the server device 30 is successful.
  • the recording unit 36 records the successful login in association with the user identification information ID included in the login request message that has passed the authentication.
  • the maintenance phase of the control method example 1-2 will be described.
  • the maintenance phase of the control method example 1-2 is the same as the maintenance phase of the control method example 1-1.
  • steps S21 to S24 are performed as in the maintenance phase of the control method example 1-1.
  • FIG. 7 is a schematic configuration diagram of a control system 1a according to the second embodiment.
  • the server device 30 can apply the configuration of FIG.
  • the terminal device 50 can apply the configuration of FIG.
  • the configuration of FIG. 4 can be applied to the control device 70.
  • the control system 1a of FIG. 7 according to the second embodiment will be described mainly with respect to differences from the control system 1 of FIG. 1 according to the first embodiment.
  • the server device 30 and the control device 70 of the automobile 10 communicate with each other via the terminal device 50.
  • the server device 30 communicates with the terminal device 50 via the communication path 104.
  • the terminal device 50 communicates with the communication interface 12 of the automobile 10 via the communication path 106.
  • the communication path 106 may be a wireless communication path, a wired communication path, or a wireless communication path and a wired communication path. May be.
  • the server device 30 communicates with the control device 70 of the automobile 10 via the terminal device 50 and the communication interface 12 of the automobile 10.
  • the control method according to this embodiment includes an authentication phase and a maintenance phase, as in the first embodiment.
  • FIG. 8 is a sequence chart showing an example 2-1 of the control method according to the present embodiment.
  • the server device 30 and the terminal device 50 transmit and receive data via the encryption communication path between the server device 30 and the terminal device 50.
  • the server device 30 and the control device 70 of the automobile 10 transmit and receive data via an encrypted communication path between the server device 30 and the control device 70.
  • communication data transmitted and received between the server device 30 and the control device 70 is transmitted via the terminal device 50.
  • the communication unit 52 of the terminal device 50 has a function of relaying communication data transmitted and received between the server device 30 and the control device 70.
  • the authentication phase of the control method example 2-1 will be described.
  • the authentication phase of the control method example 2-1 is the same as that of the control method example 1-1 of the first embodiment.
  • steps S11 to S14 are performed.
  • the maintenance phase of the control method example 2-1 will be described.
  • the maintenance phase of the control method example 2-1 is the same as the maintenance phase of the control method example 1-1 of the first embodiment.
  • steps S21 to S24 are performed as in the maintenance phase of the control method example 1-1.
  • FIG. 9 is a sequence chart showing an example 2-2 of the control method according to the present embodiment. 9, parts corresponding to the respective steps in FIG. 6 according to the control method example 1-2 of the first embodiment are denoted by the same reference numerals.
  • the server device 30 and the terminal device 50 transmit and receive data via the encryption communication path between the server device 30 and the terminal device 50.
  • the server device 30 and the control device 70 of the automobile 10 transmit and receive data via an encrypted communication path between the server device 30 and the control device 70.
  • the communication data transmitted and received between the server device 30 and the control device 70 is transmitted via the terminal device 50 as in the control method example 2-1.
  • the communication unit 52 of the terminal device 50 has a function of relaying communication data transmitted and received between the server device 30 and the control device 70.
  • the authentication phase of the control method example 2-2 will be described.
  • the authentication phase of the control method example 2-2 is the same as that of the control method example 1-2 of the first embodiment.
  • steps S11a to S14a are performed.
  • the maintenance phase of the control method example 2-2 will be described.
  • the maintenance phase of the control method example 2-2 is the same as the maintenance phase of the control method example 1-2 of the first embodiment (the maintenance phase of the control method example 1-1).
  • steps S21 to S24 are performed as in the maintenance phase of the control method example 1-2 (the maintenance phase of the control method example 1-1).
  • the terminal device 50 transmits a command transmission request message to the server device 30.
  • the server device 30 transmits a command to the automobile 10 based on the command transmission request message received from the terminal device 50.
  • the automobile 10 executes the command received from the server device 30.
  • the server apparatus 30 can manage the command performed with the motor vehicle 10, the safety
  • the recording unit 36 records the command transmitted to the automobile 10 in association with the user identification information ID logged into the server device 30 and the vehicle identification number VIN of the automobile 10 on which the command is executed. For this reason, it is possible to grasp which worker (user identification information) has performed what operation (command execution) on which automobile 10 (vehicle identification number).
  • FIG. 10 is a schematic configuration diagram of a control system 1b according to the third embodiment. 10, parts corresponding to those in FIG. 1 are given the same reference numerals.
  • the server device 30 can apply the configuration of FIG.
  • the control system 1b of FIG. 10 according to the third embodiment will be described mainly with respect to differences from the control system 1 of FIG. 1 according to the first embodiment.
  • the control system 1b shown in FIG. FIG. 11 is a schematic configuration diagram of the control device 70 according to the present embodiment. In FIG. 11, the same reference numerals are given to portions corresponding to the respective portions in FIG. 4.
  • a control device 70 shown in FIG. 11 further includes a command requesting unit 58 in addition to the configuration of FIG.
  • the control device 70 of the automobile 10 includes the command request unit 58 included in the terminal device 50 in the control system 1 illustrated in FIG. 1.
  • the control method according to this embodiment includes an authentication phase and a maintenance phase, as in the first embodiment.
  • FIG. 12 is a sequence chart illustrating a third example of the control method according to the present embodiment.
  • the server device 30 and the control device 70 of the automobile 10 transmit and receive data via an encrypted communication path between the server device 30 and the control device 70.
  • step S11 is performed as in the authentication phase of the control method example 1-1.
  • step S11 when the authentication for the login request message transmitted from the control device 70 of the automobile 10 to the server device 30 is successful, the process proceeds to step S12b.
  • Step S12b The authentication unit 34 of the server device 30 returns a login success message OK to the control device 70 of the automobile 10 that has transmitted the login request message that has passed the authentication.
  • the login from the control device 70 of the automobile 10 to which the login success message OK is returned to the server device 30 is successful.
  • the recording unit 36 records the successful login in association with the user identification information ID included in the login request message that has passed the authentication.
  • the maintenance phase of the control method example 3 will be described.
  • the server device 30 executes the procedure of the maintenance phase for the control device 70 of the automobile 10 that is the partner that has returned the login success message OK in the authentication phase.
  • the control device 70 of the automobile 10 to which the authentication unit 34 of the server device 30 has returned the login success message OK in the authentication phase is continuing to log in to the server device 30 using the user identification information ID.
  • the recording unit 36 of the server device 30 records the user identification information ID and the vehicle identification number VIN of the automobile 10 in association with each other.
  • Step S ⁇ b> 21 a The command request unit 58 of the control device 70 of the automobile 10 transmits a command transmission request message for requesting transmission of a command executed in the automobile 10 to the server device 30.
  • the command that the command requesting unit 58 requests to send to the server device 30 by a command transmission request message may be a command specified by the operator using the operation unit 74 or may be set in advance as maintenance work content. .
  • Step S ⁇ b> 22 The command control unit 38 of the server device 30 transmits a command to the control device 70 of the vehicle 10 based on the command transmission request message received from the control device 70 of the vehicle 10.
  • the recording unit 36 records the command transmitted from the command control unit 38 to the control device 70 of the automobile 10 in association with the user identification information ID.
  • the command receiving unit 78 of the control device 70 of the automobile 10 receives a command from the server device 30.
  • the command receiving unit 78 transfers the command received from the server device 30 to the in-vehicle device of the automobile 10 that executes the command. Note that the control device 70 may execute the command received by the command receiving unit 78 from the server device 30.
  • Step S ⁇ b> 23 The command receiving unit 78 of the control device 70 of the automobile 10 receives a command execution result from the command transfer destination in-vehicle device.
  • the command receiving unit 78 transmits the command execution result to the server device 30.
  • the recording unit 36 of the server device 30 records the execution result of the command received from the control device 70 of the automobile 10 in association with the user identification information ID.
  • Step S24a The command control unit 38 of the server device 30 transmits the execution result of the command received from the control device 70 of the automobile 10 to the control device 70 of the automobile 10 that is the transmission source of the command transmission request message.
  • the command request unit 58 of the control device 70 of the automobile 10 causes the execution result of the command received from the server device 30 to be displayed on the display screen of the display unit 76.
  • the worker recognizes (views) the execution result of the command displayed on the display screen of the display unit 76.
  • the automobile 10 transmits a command transmission request message to the server device 30.
  • Server device 30 transmits a command to vehicle 10 based on the command transmission request message received from vehicle 10.
  • the automobile 10 executes the command received from the server device 30.
  • the server apparatus 30 can manage the command performed with the motor vehicle 10, the safety
  • the recording unit 36 records the command transmitted to the automobile 10 in association with the user identification information ID logged into the server device 30 and the vehicle identification number VIN of the automobile 10 on which the command is executed. For this reason, it is possible to grasp which worker (user identification information) has performed what operation (command execution) on which automobile 10 (vehicle identification number).
  • the recording unit 36 may record the command transmitted to the automobile 10 in association with the vehicle identification number VIN of the automobile 10 or the user identification information ID received from the automobile 10. Alternatively, the recording unit 36 may record the command transmitted to the automobile 10 in association with both the vehicle identification number VIN of the automobile 10 and the user identification information ID received from the automobile 10.
  • FIG. 13 is a schematic configuration diagram of the command control unit 38 according to the fourth embodiment.
  • the command control unit 38 illustrated in FIG. 13 may be applied to the control systems 1, 1a, and 1b of the above-described embodiments.
  • the command control unit 38 includes a command generation unit 82, a parameter table 84, and a display control unit 86.
  • the parameter table 84 stores a parameter group used for generating a command to be executed in the automobile 10.
  • the command generation unit 82 uses the parameter group stored in the parameter table 84 to generate a command based on the command transmission request message.
  • the command control unit 38 transmits the command generated by the command generation unit 82 to the control device 70 of the automobile 10.
  • FIG. 14 is a diagram illustrating a configuration example of the parameter table 84 according to the present embodiment.
  • the parameter table 84 stores a parameter group (parameter set) used for generating a command executed in the automobile 10.
  • the parameter table 84 stores parameter sets in association with vehicle identification numbers (VIN) or user identification information (user IDs).
  • the parameter table 84 stores a parameter set in association with both the vehicle identification number (VIN) and user identification information (user ID).
  • the parameter set_a is stored in the parameter table 84 in association with both the user identification information UID_a and the vehicle identification number VIN_a.
  • the parameter set_a is when the user identification information for logging in to the server device 30 is “UID_a” and the vehicle identification number of the command destination vehicle 10 is “VIN_a” (when the parameter set use condition a is satisfied).
  • the command generation unit 82 generates a command based on the command transmission request message using the parameter set_a when the parameter set use condition a is satisfied.
  • the parameter set_b is stored in the parameter table 84 in association with the user identification information UID_b.
  • the parameter set_b is a parameter set that is allowed to be used when the user identification information for logging in to the server device 30 is “UID_b” (when the parameter set use condition b is satisfied).
  • the command generation unit 82 generates a command based on the command transmission request message using the parameter set_b when the parameter set use condition b is satisfied.
  • the parameter set_c is stored in the parameter table 84 in association with the vehicle identification number VIN_c.
  • the parameter set_c is a parameter set that is permitted to be used when the vehicle identification number of the automobile 10 that is the command transmission destination is “VIN_c” (when the parameter set use condition c is satisfied).
  • the command generation unit 82 generates a command based on the command transmission request message using the parameter set_c when the parameter set use condition c is satisfied.
  • An expiration date may be set for the parameter set.
  • the parameter set in which the expiration date is set is a parameter set that is allowed to be used only within the expiration date.
  • the command generation unit 82 uses the parameter set for which the expiration date is set only within the expiration date.
  • Vehicle identification number can be specified to cause the control device 70 of the automobile 10 to execute a command generated using a specific parameter set.
  • a command can be generated and applied to an automobile 10 having a specific vehicle identification number using a parameter set limited to a certain range of parameter values.
  • a command is generated using a parameter set limited to a certain range of parameter values for a combination of an operator with specific user identification information and an automobile 10 with a specific vehicle identification number, and the command is applied. be able to.
  • the parameter set may include parameters for setting a range of functions that can be performed by the automobile 10, a range of performance that can be performed by the automobile 10, and the like.
  • the parameter table 84 is configured so that a parameter set having parameters for setting functions and performances according to the specific area is applied to the automobile 10 (vehicle identification number) sold in the specific area. Can be mentioned.
  • the display control unit 86 controls display data displayed on the display screen of the display unit 56 of the terminal device 50 or the display screen of the display unit 76 of the control device 70 of the automobile 10.
  • the display control unit 86 has a function of providing a web page, and displays a web page on the display screen of the display unit 56 of the terminal device 50 or the display screen of the display unit 76 of the control device 70 of the automobile 10.
  • the web page includes a login screen to the server device 30 (user identification information and password input screen or authentication identification information, user identification information and password input screen).
  • an input screen for a command transmission request can be cited as a Web page.
  • a browsing screen for command execution results can be cited as a Web page.
  • the control device 70 of the vehicle 10 includes the command receiving unit 78, and the command receiving unit 78 of the control device 70 receives the command received from the server device 30 as the ECU 18 of the vehicle 10 that executes the command.
  • the gateway device 16 of the automobile 10 includes the command receiving unit 78, and the command receiving unit 78 of the gateway device 16 transfers the command received from the server device 30 to an in-vehicle device such as the ECU 18 of the automobile 10 that executes the command. May be.
  • the in-vehicle device such as the ECU 18 of the automobile 10 includes a command receiving unit, and the server device 30 transmits the command to the in-vehicle device such as the ECU 18 of the automobile 10 that executes the command, and the vehicle 10 that executes the command
  • the command receiving unit of the in-vehicle device such as the ECU 18 may receive the command from the server device 30.
  • the above-described embodiment may be applied to the automobile 10 in, for example, an automobile manufacturing factory, a maintenance factory, a sales shop, or the like.
  • an automobile is taken as an example of a vehicle, but the present invention can also be applied to other vehicles such as a motorbike and a railway vehicle.
  • a computer program for realizing the functions of each device described above may be recorded on a computer-readable recording medium, and the program recorded on the recording medium may be read into a computer system and executed.
  • the “computer system” may include an OS and hardware such as peripheral devices.
  • “Computer-readable recording medium” refers to a flexible disk, a magneto-optical disk, a ROM, a writable nonvolatile memory such as a flash memory, a portable medium such as a DVD (Digital Versatile Disc), and a built-in computer system.
  • a storage device such as a hard disk.
  • the “computer-readable recording medium” means a volatile memory (for example, DRAM (Dynamic DRAM) in a computer system that becomes a server or a client when a program is transmitted through a network such as the Internet or a communication line such as a telephone line. Random Access Memory)), etc., which hold programs for a certain period of time.
  • the program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium.
  • the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.
  • the program may be for realizing a part of the functions described above. Furthermore, what can implement
  • the present invention it is possible to improve the safety when performing work such as maintenance of a vehicle such as an automobile.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Mechanical Engineering (AREA)
  • Information Transfer Between Computers (AREA)
  • Small-Scale Networks (AREA)

Abstract

A control system provided with a terminal device, a server device, and a command reception unit provided in a vehicle, wherein the terminal device is provided with a command request unit that transmits, to the server device, a command transmission request message requesting transmission of a command to be executed in the vehicle, the server device is provided with a command control unit that transmits the command to the vehicle on the basis of the command transmission request message, and the command reception unit receives the command from the server device.

Description

制御システム、サーバ装置、制御方法、及びコンピュータプログラムControl system, server device, control method, and computer program
 本発明は、制御システム、サーバ装置、制御方法、及びコンピュータプログラムに関する。
 本願は、2017年1月19日に、日本に出願された特願2017-007571号に基づき優先権を主張し、その内容をここに援用する。 The present invention relates to a control system, a server device, a control method, and a computer program.
This application claims priority on January 19, 2017 based on Japanese Patent Application No. 2017-007571 filed in Japan, the contents of which are incorporated herein by reference.
 従来、自動車は、ECU(Electronic Control Unit:電子制御装置)を有し、ECUによってエンジン制御等の機能を実現する。ECUは、コンピュータの一種であり、コンピュータプログラムによって所望の機能を実現する。複数のECUをCAN(Controller Area Network)に接続して構成される車載制御システムについてのセキュリティ技術が例えば非特許文献1に記載されている。 Conventionally, an automobile has an ECU (Electronic Control Unit), and functions such as engine control are realized by the ECU. The ECU is a kind of computer and realizes a desired function by a computer program. For example, Non-Patent Document 1 discloses a security technique for an in-vehicle control system configured by connecting a plurality of ECUs to a CAN (Controller Area Network).
 自動車の保守等の作業を行う際の安全性を向上させることが一つの課題であった。 Improving safety when performing work such as car maintenance was an issue.
 本発明は、このような事情を考慮してなされたものであり、自動車等の車両の保守等の作業を行う際の安全性を向上させることができる、制御システム、サーバ装置、制御方法、及びコンピュータプログラムを提供することを課題とする。 The present invention has been made in consideration of such circumstances, and can improve safety when performing maintenance work such as a vehicle such as an automobile, a control system, a server device, a control method, and It is an object to provide a computer program.
(1)本発明の一態様は、端末装置と、サーバ装置と、車両に備わるコマンド受信部とを備え、前記端末装置は、前記車両で実行されるコマンドの送信を要求するコマンド送信要求メッセージを、前記サーバ装置に送信するコマンド要求部を備え、前記サーバ装置は、前記コマンド送信要求メッセージに基づいて、前記コマンドを前記車両に送信するコマンド制御部を備え、前記コマンド受信部は、前記サーバ装置から前記コマンドを受信する、制御システムである。
(2)本発明の一態様は、上記(1)の制御システムにおいて、前記サーバ装置は、前記車両から受信した認証要求メッセージに対して認証を行い、前記認証が合格した前記車両に認証識別情報を送信する認証部を備え、前記制御システムは、前記認証要求メッセージを前記サーバ装置に送信する車両通信部と、前記認証識別情報を報知する車両報知部と、を前記車両に備え、前記端末装置は、認証識別情報を入力する端末入力部を備え、前記コマンド要求部は、前記端末入力部により入力された認証識別情報を前記サーバ装置に送信し、前記コマンド制御部は、前記コマンド要求部から受信した認証識別情報が前記車両に送信した認証識別情報に一致した場合には、前記コマンド送信要求メッセージに基づいた前記コマンドを前記車両に送信し、前記コマンド要求部から受信した認証識別情報が前記車両に送信した認証識別情報に一致しない場合には、前記コマンド送信要求メッセージに基づいた前記コマンドを前記車両に送信しない、制御システムである。
(3)本発明の一態様は、上記(1)の制御システムにおいて、前記サーバ装置は、前記端末装置から受信した認証要求メッセージに対して認証を行い、前記認証が合格した前記端末装置に認証識別情報を送信する認証部を備え、前記コマンド要求部は、前記認証要求メッセージを前記サーバ装置に送信し、前記端末装置は、前記認証識別情報を報知する端末報知部を備え、前記制御システムは、認証識別情報を入力する車両入力部と、前記車両入力部により入力された認証識別情報を前記サーバ装置に送信する車両通信部と、を前記車両に備え、前記コマンド制御部は、前記車両から受信した認証識別情報が前記端末装置に送信した認証識別情報に一致した場合には、前記コマンド送信要求メッセージに基づいた前記コマンドを前記車両に送信し、前記車両から受信した認証識別情報が前記端末装置に送信した認証識別情報に一致しない場合には、前記コマンド送信要求メッセージに基づいた前記コマンドを前記車両に送信しない、制御システムである。
(4)本発明の一態様は、上記(1)から(3)のいずれかの制御システムにおいて、前記サーバ装置は、前記車両の車両識別情報若しくは前記端末装置から受信したユーザ識別情報、又は、前記車両識別情報と前記ユーザ識別情報との両方に関連付けて、前記車両に送信した前記コマンドを記録する記録部を備える、制御システムである。
(5)本発明の一態様は、上記(1)から(4)のいずれかの制御システムにおいて、前記コマンド制御部は、車両識別情報若しくはユーザ識別情報、又は、車両識別情報とユーザ識別情報との両方に関連付けて、前記コマンドの生成に使用されるパラメータ群を格納するパラメータテーブルと、前記車両の車両識別情報若しくは前記端末装置から受信したユーザ識別情報、又は、前記車両の車両識別情報と前記端末装置から受信したユーザ識別情報との両方に関連付けて前記パラメータテーブルに格納される前記パラメータ群を使用して、前記コマンド送信要求メッセージに基づいた前記コマンドを生成するコマンド生成部と、を備える制御システムである。
(6)本発明の一態様は、上記(1)から(5)のいずれかの制御システムにおいて、前記コマンド受信部は、前記コマンドの実行結果を前記前記サーバ装置に送信し、前記コマンド制御部は、前記コマンドの実行結果を前記端末装置に送信する、制御システムである。 (1) One aspect of the present invention includes a terminal device, a server device, and a command reception unit provided in a vehicle, and the terminal device transmits a command transmission request message for requesting transmission of a command executed in the vehicle. A command request unit that transmits to the server device, the server device includes a command control unit that transmits the command to the vehicle based on the command transmission request message, and the command reception unit includes the server device. A control system that receives the command from
(2) According to one aspect of the present invention, in the control system according to (1), the server device authenticates an authentication request message received from the vehicle, and authentication identification information is sent to the vehicle that has passed the authentication. The control system includes a vehicle communication unit that transmits the authentication request message to the server device, and a vehicle notification unit that notifies the authentication identification information, and the terminal device. Includes a terminal input unit for inputting authentication identification information, the command request unit transmits the authentication identification information input by the terminal input unit to the server device, and the command control unit receives the command request unit from the command request unit. When the received authentication identification information matches the authentication identification information transmitted to the vehicle, the command based on the command transmission request message is transmitted to the vehicle. And, when said authentication identification information received from the command request unit does not match the authentication identification information transmitted to the vehicle does not transmit the commands based on the command transmission request message to the vehicle is a control system.
(3) According to one aspect of the present invention, in the control system according to (1), the server device authenticates the authentication request message received from the terminal device, and authenticates the terminal device that has passed the authentication. An authentication unit that transmits identification information, the command request unit transmits the authentication request message to the server device, the terminal device includes a terminal notification unit that reports the authentication identification information, and the control system includes: A vehicle input unit that inputs authentication identification information; and a vehicle communication unit that transmits the authentication identification information input by the vehicle input unit to the server device. The command control unit includes: When the received authentication identification information matches the authentication identification information transmitted to the terminal device, the command based on the command transmission request message is sent to the vehicle. And Shin, if the authentication identification information received from the vehicle does not match the transmitted authentication identification information to the terminal apparatus does not transmit the commands based on the command transmission request message to the vehicle is a control system.
(4) According to one aspect of the present invention, in the control system according to any one of (1) to (3), the server device includes vehicle identification information of the vehicle or user identification information received from the terminal device, or The control system includes a recording unit that records the command transmitted to the vehicle in association with both the vehicle identification information and the user identification information.
(5) One aspect of the present invention is the control system according to any one of (1) to (4), wherein the command control unit includes vehicle identification information or user identification information, or vehicle identification information and user identification information. A parameter table storing a parameter group used for generating the command in association with both, vehicle identification information of the vehicle or user identification information received from the terminal device, or vehicle identification information of the vehicle and the vehicle A command generation unit that generates the command based on the command transmission request message using the parameter group stored in the parameter table in association with both user identification information received from the terminal device System.
(6) According to one aspect of the present invention, in the control system according to any one of (1) to (5), the command reception unit transmits an execution result of the command to the server device, and the command control unit Is a control system that transmits the execution result of the command to the terminal device.
(7)本発明の一態様は、サーバ装置と、車両に備わるコマンド要求部と、前記車両に備わるコマンド受信部と、を備え、前記コマンド要求部は、前記車両で実行されるコマンドの送信を要求するコマンド送信要求メッセージを、前記サーバ装置に送信し、前記サーバ装置は、前記コマンド送信要求メッセージに基づいて、前記コマンドを前記車両に送信するコマンド制御部を備え、前記コマンド受信部は、前記サーバ装置から前記コマンドを受信する、制御システムである。 (7) One aspect of the present invention includes a server device, a command request unit provided in a vehicle, and a command reception unit provided in the vehicle, wherein the command request unit transmits a command executed in the vehicle. A requesting command transmission request message is transmitted to the server device, and the server device includes a command control unit that transmits the command to the vehicle based on the command transmission request message, and the command receiving unit includes the command receiving unit, A control system that receives the command from a server device.
(8)本発明の一態様は、端末装置から受信したコマンド送信要求メッセージに基づいて、車両で実行されるコマンドを前記車両に送信するコマンド制御部、を備えるサーバ装置である。 (8) One aspect of the present invention is a server device including a command control unit that transmits a command executed in a vehicle to the vehicle based on a command transmission request message received from a terminal device.
(9)本発明の一態様は、車両から受信したコマンド送信要求メッセージに基づいて、前記車両で実行されるコマンドを前記車両に送信するコマンド制御部、を備えるサーバ装置である。 (9) One aspect of the present invention is a server device including a command control unit that transmits a command executed by the vehicle to the vehicle based on a command transmission request message received from the vehicle.
(10)本発明の一態様は、端末装置と、サーバ装置と、車両に備わるコマンド受信部とを備える制御システムの制御方法であって、前記端末装置が、前記車両で実行されるコマンドの送信を要求するコマンド送信要求メッセージを、前記サーバ装置に送信し、前記サーバ装置が、前記コマンド送信要求メッセージに基づいて、前記コマンドを前記車両に送信し、前記コマンド受信部が、前記サーバ装置から前記コマンドを受信する、制御方法である。 (10) One aspect of the present invention is a control method for a control system including a terminal device, a server device, and a command receiving unit provided in a vehicle, wherein the terminal device transmits a command executed in the vehicle. A command transmission request message for requesting to the server device, the server device transmitting the command to the vehicle based on the command transmission request message, and the command receiving unit from the server device to the A control method for receiving a command.
(11)本発明の一態様は、サーバ装置と、車両に備わるコマンド要求部と、前記車両に備わるコマンド受信部とを備える制御システムの制御方法であって、前記コマンド要求部が、前記車両で実行されるコマンドの送信を要求するコマンド送信要求メッセージを、前記サーバ装置に送信し、前記サーバ装置が、前記コマンド送信要求メッセージに基づいて、前記コマンドを前記車両に送信し、前記コマンド受信部が、前記サーバ装置から前記コマンドを受信する、制御方法である。 (11) One aspect of the present invention is a control method for a control system including a server device, a command request unit provided in a vehicle, and a command reception unit provided in the vehicle, wherein the command request unit is the vehicle. A command transmission request message for requesting transmission of a command to be executed is transmitted to the server device, the server device transmits the command to the vehicle based on the command transmission request message, and the command receiving unit A control method for receiving the command from the server device.
(12)本発明の一態様は、サーバ装置のコンピュータに、端末装置から受信したコマンド送信要求メッセージに基づいて、車両で実行されるコマンドを前記車両に送信する、処理を実行させるためのコンピュータプログラムである。 (12) One aspect of the present invention is a computer program for causing a computer of a server device to execute a process of transmitting a command to be executed in a vehicle to the vehicle based on a command transmission request message received from a terminal device It is.
(13)本発明の一態様は、サーバ装置のコンピュータに、車両から受信したコマンド送信要求メッセージに基づいて、前記車両で実行されるコマンドを前記車両に送信する、処理を実行させるためのコンピュータプログラムである。 (13) One aspect of the present invention is a computer program for causing a computer of a server device to execute a process of transmitting a command to be executed in the vehicle to the vehicle based on a command transmission request message received from the vehicle. It is.
 本発明によれば、自動車等の車両の保守等の作業を行う際の安全性を向上させることができるという効果が得られる。 According to the present invention, it is possible to improve the safety when performing work such as maintenance of a vehicle such as an automobile.
一実施形態に係る制御システム1の概略構成図である。It is a schematic structure figure of control system 1 concerning one embodiment. 一実施形態に係るサーバ装置30の概略構成図である。It is a schematic block diagram of the server apparatus 30 which concerns on one Embodiment. 一実施形態に係る端末装置50の概略構成図である。It is a schematic block diagram of the terminal device 50 which concerns on one Embodiment. 一実施形態に係る制御装置70の概略構成図である。It is a schematic block diagram of the control apparatus 70 which concerns on one Embodiment. 一実施形態に係る制御方法の例1-1を示すシーケンスチャートである。It is a sequence chart which shows Example 1-1 of the control method which concerns on one Embodiment. 一実施形態に係る制御方法の例1-2を示すシーケンスチャートである。It is a sequence chart which shows Example 1-2 of the control method which concerns on one Embodiment. 一実施形態に係る制御システム1aの概略構成図である。It is a schematic structure figure of control system 1a concerning one embodiment. 一実施形態に係る制御方法の例2-1を示すシーケンスチャートである。It is a sequence chart which shows Example 2-1 of the control method which concerns on one Embodiment. 一実施形態に係る制御方法の例2-2を示すシーケンスチャートである。It is a sequence chart which shows Example 2-2 of the control method which concerns on one Embodiment. 一実施形態に係る制御システム1bの概略構成図である。It is a schematic block diagram of the control system 1b which concerns on one Embodiment. 一実施形態に係る制御装置70の概略構成図である。It is a schematic block diagram of the control apparatus 70 which concerns on one Embodiment. 一実施形態に係る制御方法の例3を示すシーケンスチャートである。It is a sequence chart which shows Example 3 of the control method which concerns on one Embodiment. 一実施形態に係るコマンド制御部38の概略構成図である。It is a schematic block diagram of the command control part 38 which concerns on one Embodiment. 一実施形態に係るパラメータテーブル84の構成例を示す図である。It is a figure which shows the structural example of the parameter table 84 which concerns on one Embodiment.
 以下、図面を参照し、本発明の実施形態について説明する。なお、以下に示す実施形態では、車両として自動車を例に挙げて説明する。 Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the following embodiment, a vehicle will be described as an example of a vehicle.
[第1実施形態]
 図1は、第1実施形態に係る制御システム1の概略構成図である。図1において、制御システム1は、サーバ装置30と、端末装置50と、制御装置70とを備える。制御装置70は自動車10に備わる。自動車10は、通信インタフェース12と、制御装置70と、ゲートウェイ装置(GW)16と、複数のECU(電子制御装置)18とを備える。 [First Embodiment]
FIG. 1 is a schematic configuration diagram of a control system 1 according to the first embodiment. In FIG. 1, the control system 1 includes a server device 30, a terminal device 50, and a control device 70. The control device 70 is provided in the automobile 10. The automobile 10 includes a communication interface 12, a control device 70, a gateway device (GW) 16, and a plurality of ECUs (electronic control devices) 18.
 ECU18は、自動車10に備わる車載コンピュータである。ECU18は、自動車10のエンジン制御等の制御機能を有する。ECU18として、例えば、エンジン制御機能を有するECU、ハンドル制御機能を有するECU、ブレーキ制御機能を有するECUなどがある。ゲートウェイ装置16は、自動車10に搭載されたECU18に適用されるデータのセキュリティ(保安)の機能を有する。なお、自動車10に搭載されたいずれかのECUをゲートウェイ装置16として機能させてもよい。 The ECU 18 is an in-vehicle computer provided in the automobile 10. The ECU 18 has a control function such as engine control of the automobile 10. Examples of the ECU 18 include an ECU having an engine control function, an ECU having a handle control function, and an ECU having a brake control function. The gateway device 16 has a data security (security) function applied to the ECU 18 mounted on the automobile 10. Note that any ECU mounted on the automobile 10 may function as the gateway device 16.
 ゲートウェイ装置16と複数のECU18は、自動車10に備わる通信ネットワーク(以下、車載ネットワークと称する)17に接続される。車載ネットワーク17は、例えば、CAN(Controller Area Network)であってもよい。CANは車両に搭載される通信ネットワークの一つとして知られている。ゲートウェイ装置16は、車載ネットワーク17を介して、各ECU18との間でデータを交換する。ECU18は、車載ネットワーク17を介して、他のECU18との間でデータを交換する。 The gateway device 16 and the plurality of ECUs 18 are connected to a communication network (hereinafter referred to as an in-vehicle network) 17 provided in the automobile 10. The in-vehicle network 17 may be, for example, CAN (Controller Area Network). CAN is known as one of communication networks mounted on vehicles. The gateway device 16 exchanges data with each ECU 18 via the in-vehicle network 17. The ECU 18 exchanges data with other ECUs 18 via the in-vehicle network 17.
 なお、車両に搭載される通信ネットワークとして、CAN以外の通信ネットワークを自動車10に備え、CAN以外の通信ネットワークを介して、ゲートウェイ装置16とECU18との間のデータの交換、及び、ECU18同士の間のデータの交換が行われてもよい。例えば、LIN(Local Interconnect Network)を自動車10に備えてもよい。また、CANとLINとを自動車10に備えてもよい。また、自動車10は、LINに接続するECU18を備えてもよい。また、ゲートウェイ装置16は、CANとLINとに接続されてもよい。また、ゲートウェイ装置16は、CANを介して該CANに接続されるECU18との間でデータを交換し、また、LINを介して該LINに接続されるECU18との間でデータを交換してもよい。また、ECU18同士が、LINを介してデータを交換してもよい。 In addition, as a communication network mounted on a vehicle, a communication network other than CAN is provided in the automobile 10, data exchange between the gateway device 16 and the ECU 18, and between the ECUs 18 via the communication network other than CAN. Exchange of data may be performed. For example, the automobile 10 may include a LIN (Local Interconnect Network). Further, the automobile 10 may include CAN and LIN. Further, the automobile 10 may include an ECU 18 connected to the LIN. The gateway device 16 may be connected to CAN and LIN. Further, the gateway device 16 exchanges data with the ECU 18 connected to the CAN via the CAN, and exchanges data with the ECU 18 connected to the LIN via the LIN. Good. Further, the ECUs 18 may exchange data via the LIN.
 自動車10の車載コンピュータシステムは、ゲートウェイ装置16と複数のECU18とが車載ネットワーク17に接続されて構成される。ゲートウェイ装置16は、自動車10の車載コンピュータシステムの内部と外部の間の通信を監視する。ECU18は、ゲートウェイ装置16を介して、車載コンピュータシステムの外部の装置と通信を行う。 The in-vehicle computer system of the automobile 10 is configured by connecting a gateway device 16 and a plurality of ECUs 18 to an in-vehicle network 17. The gateway device 16 monitors communication between the inside and the outside of the in-vehicle computer system of the automobile 10. The ECU 18 communicates with an external device of the in-vehicle computer system via the gateway device 16.
 なお、車載ネットワーク17の構成として、車載ネットワーク17が複数のバス(通信線)を備え、該複数のバスがゲートウェイ装置16に接続されてもよい。この場合、一つのバスに、一つのECU18又は複数のECU18が接続される。 As a configuration of the in-vehicle network 17, the in-vehicle network 17 may include a plurality of buses (communication lines), and the plurality of buses may be connected to the gateway device 16. In this case, one ECU 18 or a plurality of ECUs 18 is connected to one bus.
 通信インタフェース12は、自動車10の外部の装置と通信を行う。通信インタフェース12は、無線通信を行ってもよく、又は、有線通信を行ってもよい。例えば、通信インタフェース12は、移動通信網、無線LAN(Local Area Network)若しくは近距離無線通信等の無線通信インタフェースであってもよい。又は、通信インタフェース12は、有線LAN若しくはユニバーサル・シリアル・バス(Universal Serial Bus:USB)等の有線通信インタフェースであってもよい。また、通信インタフェース12は、無線通信インタフェースと有線通信インタフェースとの両方を備えてもよい。又は、通信インタフェース12は、自動車10の診断ポートであってもよい。自動車10の診断ポートとして、例えばOBD(On-board Diagnostics)ポートが使用されてもよい。 The communication interface 12 communicates with an external device of the automobile 10. The communication interface 12 may perform wireless communication or may perform wired communication. For example, the communication interface 12 may be a wireless communication interface such as a mobile communication network, a wireless LAN (Local Area Network), or a short-range wireless communication. Alternatively, the communication interface 12 may be a wired communication interface such as a wired LAN or a universal serial bus (Universal Serial Bus: USB). The communication interface 12 may include both a wireless communication interface and a wired communication interface. Alternatively, the communication interface 12 may be a diagnostic port of the automobile 10. For example, an OBD (On-board Diagnostics) port may be used as a diagnostic port of the automobile 10.
 通信インタフェース12は、通信路102を介してサーバ装置30と通信を行う。制御装置70は、通信インタフェース12とゲートウェイ装置16とに接続されている。制御装置70は、通信インタフェース12を介してサーバ装置30と通信を行う。制御装置70は、ゲートウェイ装置16を介してECU18と通信を行う。 The communication interface 12 communicates with the server device 30 via the communication path 102. The control device 70 is connected to the communication interface 12 and the gateway device 16. The control device 70 communicates with the server device 30 via the communication interface 12. The control device 70 communicates with the ECU 18 via the gateway device 16.
 サーバ装置30は、通信路102を介して自動車10の通信インタフェース12と通信を行う。サーバ装置30は、自動車10の通信インタフェース12を介して自動車10の制御装置70と通信を行う。 The server device 30 communicates with the communication interface 12 of the automobile 10 via the communication path 102. The server device 30 communicates with the control device 70 of the automobile 10 via the communication interface 12 of the automobile 10.
 通信路102は、無線通信路であってもよく、又は、有線通信路であってもよく、又は、無線通信路と有線通信路とから構成されてもよい。例えば、通信路102は、通信インタフェース12が利用する無線通信ネットワークの通信路であってもよい。又は、通信路102は、インターネット等の通信ネットワークと、通信インタフェース12が利用する無線通信ネットワークとから構成される通信路であってもよい。また、例えば、サーバ装置30と通信インタフェース12との間がVPN(Virtual Private Network)回線等の専用回線で接続されてもよい。 The communication path 102 may be a wireless communication path, a wired communication path, or a wireless communication path and a wired communication path. For example, the communication path 102 may be a communication path of a wireless communication network used by the communication interface 12. Alternatively, the communication path 102 may be a communication path including a communication network such as the Internet and a wireless communication network used by the communication interface 12. Further, for example, the server device 30 and the communication interface 12 may be connected by a dedicated line such as a VPN (Virtual Private Network) line.
 また、サーバ装置30と自動車10とが通信ケーブルで接続されてもよい。例えば、サーバ装置30と自動車10の通信インタフェース12とが通信ケーブルで接続されてもよい。例えば、サーバ装置30と自動車10の診断ポートとが通信ケーブルで接続されてもよい。又は、サーバ装置30と自動車10とは、有線又は無線の通信ネットワークを介して通信を行うように構成されてもよい。例えば、サーバ装置30と自動車10とが、有線又は無線のLANで接続されてもよい。 Further, the server device 30 and the automobile 10 may be connected by a communication cable. For example, the server device 30 and the communication interface 12 of the automobile 10 may be connected by a communication cable. For example, the server device 30 and the diagnostic port of the automobile 10 may be connected by a communication cable. Alternatively, the server device 30 and the automobile 10 may be configured to communicate via a wired or wireless communication network. For example, the server device 30 and the automobile 10 may be connected by a wired or wireless LAN.
 サーバ装置30は、通信路104を介して端末装置50と通信を行う。通信路104は、無線通信路であってもよく、又は、有線通信路であってもよく、又は、無線通信路と有線通信路とから構成されてもよい。例えば、サーバ装置30と端末装置50とが通信ケーブルで接続されてもよい。又は、サーバ装置30と端末装置50とは、有線又は無線の通信ネットワークを介して通信を行うように構成されてもよい。例えば、サーバ装置30と端末装置50とが、有線又は無線のLANで接続されてもよい。 The server device 30 communicates with the terminal device 50 via the communication path 104. The communication path 104 may be a wireless communication path, a wired communication path, or may be configured by a wireless communication path and a wired communication path. For example, the server device 30 and the terminal device 50 may be connected by a communication cable. Alternatively, the server device 30 and the terminal device 50 may be configured to perform communication via a wired or wireless communication network. For example, the server device 30 and the terminal device 50 may be connected by a wired or wireless LAN.
 図2は、本実施形態に係るサーバ装置30の概略構成図である。図2において、サーバ装置30は、通信部32と、認証部34と、記録部36と、コマンド制御部38とを備える。通信部32は、通信路102を介して、自動車10と通信を行う。通信部32は、通信路104を介して、端末装置50と通信を行う。認証部34は、サーバ装置30にアクセスする相手の認証を行う。コマンド制御部38は、自動車10で実行されるコマンドの送信等の制御を行う。記録部36は、自動車10で実行されるコマンド等を記録する。 FIG. 2 is a schematic configuration diagram of the server device 30 according to the present embodiment. In FIG. 2, the server device 30 includes a communication unit 32, an authentication unit 34, a recording unit 36, and a command control unit 38. The communication unit 32 communicates with the automobile 10 via the communication path 102. The communication unit 32 communicates with the terminal device 50 via the communication path 104. The authentication unit 34 performs authentication of the other party who accesses the server device 30. The command control unit 38 performs control such as transmission of commands executed in the automobile 10. The recording unit 36 records commands executed by the automobile 10.
 サーバ装置30の機能は、サーバ装置30が備えるCPU(Central Processing Unit:中央演算処理装置)がコンピュータプログラムを実行することにより実現される。なお、サーバ装置30として、汎用のコンピュータ装置を使用して構成されてもよく、又は、専用のハードウェア装置として構成されてもよい。 The function of the server device 30 is realized by a CPU (Central Processing Unit) provided in the server device 30 executing a computer program. Note that the server device 30 may be configured using a general-purpose computer device, or may be configured as a dedicated hardware device.
 図3は、本実施形態に係る端末装置50の概略構成図である。図3において、端末装置50は、通信部52と、操作部54と、表示部56と、コマンド要求部58とを備える。通信部52は、通信路104を介して、サーバ装置30と通信を行う。操作部54は、例えばテンキー等の入力デバイスから構成され、ユーザの操作に応じたデータ入力を行う。表示部56は、例えば液晶表示装置等の表示デバイスから構成され、データ表示を行う。又は、端末装置50は、操作部54と表示部56との両方の機能を有するデバイスとして、データ入力とデータ表示の両方が可能なタッチパネルを備えてもよい。コマンド要求部58は、自動車10で実行されるコマンドの送信をサーバ装置30に要求する。 FIG. 3 is a schematic configuration diagram of the terminal device 50 according to the present embodiment. In FIG. 3, the terminal device 50 includes a communication unit 52, an operation unit 54, a display unit 56, and a command request unit 58. The communication unit 52 communicates with the server device 30 via the communication path 104. The operation unit 54 is configured by an input device such as a numeric keypad, and performs data input according to a user operation. The display unit 56 is composed of a display device such as a liquid crystal display device, and performs data display. Alternatively, the terminal device 50 may include a touch panel capable of both data input and data display as a device having both functions of the operation unit 54 and the display unit 56. The command request unit 58 requests the server device 30 to transmit a command to be executed by the automobile 10.
 端末装置50の機能は、端末装置50が備えるCPUがコンピュータプログラムを実行することにより実現される。なお、端末装置50として、汎用のコンピュータ装置を使用して構成されてもよく、又は、専用のハードウェア装置として構成されてもよい。また、端末装置50として、スマートフォン等の携帯通信端末装置、タブレット型のコンピュータ装置(タブレットPC)、据置き型のパーソナルコンピュータ装置などが利用されてもよい。 The function of the terminal device 50 is realized by the CPU provided in the terminal device 50 executing a computer program. The terminal device 50 may be configured using a general-purpose computer device or may be configured as a dedicated hardware device. Further, as the terminal device 50, a mobile communication terminal device such as a smartphone, a tablet computer device (tablet PC), a stationary personal computer device, or the like may be used.
 図4は、本実施形態に係る制御装置70の概略構成図である。図4において、制御装置70は、通信部72と、操作部74と、表示部76と、コマンド受信部78とを備える。通信部72は、通信インタフェース12を介して、サーバ装置30と通信を行う。操作部74は、例えばテンキー等の入力デバイスから構成され、ユーザの操作に応じたデータ入力を行う。表示部76は、例えば液晶表示装置等の表示デバイスから構成され、データ表示を行う。又は、制御装置70は、操作部74と表示部76との両方の機能を有するデバイスとして、データ入力とデータ表示の両方が可能なタッチパネルを備えてもよい。コマンド受信部78は、サーバ装置30からコマンドを受信する。 FIG. 4 is a schematic configuration diagram of the control device 70 according to the present embodiment. In FIG. 4, the control device 70 includes a communication unit 72, an operation unit 74, a display unit 76, and a command reception unit 78. The communication unit 72 communicates with the server device 30 via the communication interface 12. The operation unit 74 is composed of an input device such as a numeric keypad, and performs data input according to a user operation. The display unit 76 is composed of a display device such as a liquid crystal display device, and performs data display. Alternatively, the control device 70 may include a touch panel capable of both data input and data display as a device having both functions of the operation unit 74 and the display unit 76. The command receiving unit 78 receives a command from the server device 30.
 制御装置70の機能は、制御装置70が備えるCPUがコンピュータプログラムを実行することにより実現される。なお、制御装置70として、汎用のコンピュータ装置を使用して構成されてもよく、又は、専用のハードウェア装置として構成されてもよい。 The function of the control device 70 is realized by a CPU provided in the control device 70 executing a computer program. Note that the control device 70 may be configured using a general-purpose computer device, or may be configured as a dedicated hardware device.
 また、制御装置70は、自動車10に搭載された他のコンピュータ装置を利用して実現されてもよい。例えば、自動車10に搭載されたインフォテイメント(Infotainment)機器を利用して制御装置70が実現されてもよい。インフォテイメント機器として、例えば、ナビゲーション機能、位置情報サービス機能、音楽や動画などのマルチメディア再生機能、音声通信機能、データ通信機能、インターネット接続機能などを有するものが挙げられる。インフォテイメント機器は、例えば、一般に、車載インフォテイメント(In-Vehicle Infotainment:IVI)システムと称される。制御装置70の機能は、インフォテイメント機器が備えるCPUが、制御装置70の機能を実現させるためのコンピュータプログラムを実行することにより実現されてもよい。また、制御装置70の操作部74と表示部76とは、インフォテイメント機器が備える入力デバイスと表示デバイスとであってもよい。例えば、インフォテイメント機器が備えるタッチパネルが、制御装置70の操作部74と表示部76とに利用されてもよい。 Also, the control device 70 may be realized using another computer device mounted on the automobile 10. For example, the control device 70 may be realized using an infotainment device mounted on the automobile 10. Examples of the infotainment device include those having a navigation function, a location information service function, a multimedia playback function such as music and video, a voice communication function, a data communication function, and an Internet connection function. The infotainment device is generally called, for example, an in-vehicle infotainment (IVI) system. The function of the control device 70 may be realized by a CPU provided in the infotainment device executing a computer program for realizing the function of the control device 70. In addition, the operation unit 74 and the display unit 76 of the control device 70 may be an input device and a display device included in the infotainment device. For example, a touch panel included in the infotainment device may be used for the operation unit 74 and the display unit 76 of the control device 70.
 次に図5、図6を参照して本実施形態に係る制御方法を説明する。本実施形態に係る制御方法は、自動車10の保守作業を行う作業者の認証を行う段階(認証フェーズ)と、作業者が自動車10の保守作業を行う段階(保守フェーズ)とから構成される。自動車10の保守作業は、自動車製造会社での自動車10の生産時、又は、自動車整備工場や自動車販売店等での自動車10の保守時に実施される。自動車10の保守作業には様々な項目が存在する。自動車10の保守作業として、例えば、自動車10の各種の診断、ECU18のプログラムや設定データのインストール及び更新、ECU18の初期化などが挙げられる。自動車10で実行されるコマンドは、例えば、自動車10の保守作業で使用されるコマンドであってもよい。 Next, a control method according to the present embodiment will be described with reference to FIGS. The control method according to the present embodiment includes a stage of authenticating a worker who performs maintenance work on the automobile 10 (authentication phase) and a stage where the worker performs maintenance work on the automobile 10 (maintenance phase). The maintenance work of the automobile 10 is performed at the time of production of the automobile 10 at an automobile manufacturing company, or at the time of maintenance of the automobile 10 at an automobile maintenance factory, an automobile dealer, or the like. There are various items in the maintenance work of the automobile 10. Examples of maintenance work of the automobile 10 include various diagnoses of the automobile 10, installation and updating of programs and setting data of the ECU 18, initialization of the ECU 18, and the like. The command executed in the automobile 10 may be a command used in maintenance work of the automobile 10, for example.
<制御方法の例1-1>
 図5を参照して本実施形態に係る制御方法の例1-1を説明する。図5は、本実施形態に係る制御方法の例1-1を示すシーケンスチャートである。図5において、サーバ装置30の通信部32と端末装置50の通信部52とは、予め共有する暗号鍵を使用して暗号通信を行う。これにより、サーバ装置30と端末装置50との間の暗号通信路ができる。
 また、サーバ装置30の通信部32と制御装置70の通信部72とは、予め共有する暗号鍵を使用して暗号通信を行う。これにより、サーバ装置30と制御装置70との間の暗号通信路ができる。なお、暗号通信路の一例として、https(hypertext transfer protocol secure)通信が行われてもよい。 <Example of control method 1-1>
An example 1-1 of the control method according to the present embodiment will be described with reference to FIG. FIG. 5 is a sequence chart showing Example 1-1 of the control method according to the present embodiment. In FIG. 5, the communication unit 32 of the server device 30 and the communication unit 52 of the terminal device 50 perform encrypted communication using an encryption key shared in advance. Thereby, the encryption communication path between the server apparatus 30 and the terminal device 50 is made.
Further, the communication unit 32 of the server device 30 and the communication unit 72 of the control device 70 perform encrypted communication using an encryption key shared in advance. Thereby, the encryption communication path between the server apparatus 30 and the control apparatus 70 is made. As an example of the encryption communication path, https (hypertext transfer protocol secure) communication may be performed.
 以下の説明において、サーバ装置30と端末装置50とは、サーバ装置30と端末装置50との間の暗号通信路によりデータを送受する。サーバ装置30と自動車10の制御装置70とは、サーバ装置30と制御装置70との間の暗号通信路によりデータを送受する。 In the following description, the server device 30 and the terminal device 50 transmit and receive data through an encrypted communication path between the server device 30 and the terminal device 50. The server device 30 and the control device 70 of the automobile 10 transmit and receive data via an encrypted communication path between the server device 30 and the control device 70.
(認証フェーズ)
 制御方法の例1-1の認証フェーズを説明する。認証フェーズでは、端末装置50と自動車10の制御装置70とがサーバ装置30にログインを行う。 (Authentication phase)
The authentication phase of the control method example 1-1 will be described. In the authentication phase, the terminal device 50 and the control device 70 of the automobile 10 log in to the server device 30.
(ステップS11)作業者は、自動車10の制御装置70の操作部74により、サーバ装置30にログインするためのユーザ識別情報IDとパスワードPWDとを入力する。制御装置70の通信部72は、自動車10の車両識別番号(Vehicle Identification Number:VIN)と、操作部74により入力されたユーザ識別情報ID及びパスワードPWDとを含むログイン要求メッセージを、サーバ装置30に送信する。ログイン要求メッセージは、認証要求メッセージに対応する。車両識別番号は車両識別情報に対応する。通信部72は車両通信部に対応する。 (Step S11) The operator inputs a user identification information ID and a password PWD for logging in to the server device 30 through the operation unit 74 of the control device 70 of the automobile 10. The communication unit 72 of the control device 70 sends a log-in request message including the vehicle identification number (Vehicle Identification Number: VIN) of the automobile 10 and the user identification information ID and password PWD input by the operation unit 74 to the server device 30. Send. The login request message corresponds to the authentication request message. The vehicle identification number corresponds to the vehicle identification information. The communication unit 72 corresponds to the vehicle communication unit.
 車両識別番号(VIN)については、例えば非特許文献2に記載されている。自動車10の車両識別番号VINは、予め制御装置70に格納されてもよく、又は、所定の契機で外部から制御装置70に車両識別番号VINが通知されてもよい。 The vehicle identification number (VIN) is described in Non-Patent Document 2, for example. The vehicle identification number VIN of the automobile 10 may be stored in the control device 70 in advance, or the vehicle identification number VIN may be notified from the outside to the control device 70 at a predetermined opportunity.
 例えば、自動車10のエンジン制御機能を有するECU18が該自動車10の車両識別番号VINを格納している場合、該ECU18の起動後に該ECU18から制御装置70に該自動車10の車両識別番号VINが通知されてもよい。 For example, when the ECU 18 having the engine control function of the automobile 10 stores the vehicle identification number VIN of the automobile 10, the ECU 18 notifies the control device 70 of the vehicle identification number VIN of the automobile 10 after the ECU 18 is started. May be.
 又は、自動車10の車両識別番号VINとして、例えば自動車10の自動車製造会社や自動車販売店などで管理されている車両識別番号VINが制御装置70に供給されてもよい。例えば、自動車10の自動車製造会社が車両識別番号VINのデータベースを備え、該データベースから通信により車両識別番号VINが自動車10の制御装置70に通知されてもよい。 Alternatively, as the vehicle identification number VIN of the automobile 10, for example, the vehicle identification number VIN managed by the automobile manufacturer or automobile dealer of the automobile 10 may be supplied to the control device 70. For example, the automobile manufacturer of the automobile 10 may be provided with a database of the vehicle identification number VIN, and the vehicle identification number VIN may be notified from the database to the control device 70 of the automobile 10 by communication.
 サーバ装置30の認証部34は、自動車10の制御装置70から受信したログイン要求メッセージに対して認証を行う。ユーザ識別情報ID及びパスワードPWDの組は、予め、サーバ装置30に登録される。認証部34は、サーバ装置30に登録されたユーザ識別情報ID及びパスワードPWDの組を保持する。認証部34は、ログイン要求メッセージに含まれるユーザ識別情報ID及びパスワードPWDの組と、サーバ装置30に登録されたユーザ識別情報ID及びパスワードPWDの組とを比較する。この比較の結果、両者が一致する場合にはログイン要求メッセージに対する認証が合格であり、両者が不一致の場合にはログイン要求メッセージに対する認証が不合格である。ログイン要求メッセージに対する認証とは、ログイン要求メッセージに含まれるユーザ識別情報IDとパスワードPWDとの組についての認証のことを指す。 The authentication unit 34 of the server device 30 authenticates the login request message received from the control device 70 of the automobile 10. A set of the user identification information ID and the password PWD is registered in the server device 30 in advance. The authentication unit 34 holds a set of user identification information ID and password PWD registered in the server device 30. The authentication unit 34 compares the set of user identification information ID and password PWD included in the login request message with the set of user identification information ID and password PWD registered in the server device 30. As a result of this comparison, if the two match, the authentication for the login request message is passed, and if the two do not match, the authentication for the login request message fails. Authentication for a login request message refers to authentication for a set of user identification information ID and password PWD included in the login request message.
 ログイン要求メッセージに対する認証が合格である場合には、記録部36は、当該ログイン要求メッセージに含まれる車両識別番号VINを、当該ログイン要求メッセージに含まれるユーザ識別情報IDに関連付けて記録する。その後、ステップS12に進む。 If the authentication for the login request message is successful, the recording unit 36 records the vehicle identification number VIN included in the login request message in association with the user identification information ID included in the login request message. Thereafter, the process proceeds to step S12.
 一方、ログイン要求メッセージに対する認証が不合格である場合には、図5の処理を終了する。ログイン要求メッセージに対する認証が不合格である場合には、自動車10の制御装置70からサーバ装置30へのログインは失敗である。ログイン要求メッセージに対する認証が不合格である場合には、記録部36は、該ログイン失敗を、ログイン要求メッセージに含まれるユーザ識別情報IDに関連付けて記録する。ログイン要求メッセージに対する認証が不合格である場合には、サーバ装置30は所定のエラー処理を実行してもよい。 On the other hand, if the authentication for the login request message is unsuccessful, the processing in FIG. 5 is terminated. If the authentication for the login request message fails, the login from the control device 70 of the automobile 10 to the server device 30 has failed. If the authentication for the login request message fails, the recording unit 36 records the login failure in association with the user identification information ID included in the login request message. If the authentication for the login request message fails, the server device 30 may execute a predetermined error process.
(ステップS12)サーバ装置30の認証部34は、認証が合格したログイン要求メッセージの送信元の自動車10の制御装置70に、認証識別情報Tkを含むログイン成功メッセージOKを返信する。認証識別情報Tkは、認証が合格したログイン要求メッセージに含まれるユーザ識別情報IDについて、今回のログインの成功に関する識別情報である。
 認証部34は、使い捨ての識別情報(ワンタイムパスワード)として、認証識別情報Tkを生成する。認証部34は、認証識別情報Tkを、認証が合格したログイン要求メッセージに含まれるユーザ識別情報IDに関連付けて保持する。この認証識別情報Tkを検証用認証識別情報Tkと称する。ログイン成功メッセージOKが返信された自動車10の制御装置70からサーバ装置30へのログインは成功である。記録部36は、該ログイン成功を、認証が合格したログイン要求メッセージに含まれるユーザ識別情報IDに関連付けて記録する。 (Step S12) The authentication unit 34 of the server device 30 returns a login success message OK including the authentication identification information Tk to the control device 70 of the automobile 10 that has transmitted the login request message that has passed the authentication. The authentication identification information Tk is identification information regarding the success of the current login for the user identification information ID included in the login request message that has passed the authentication.
The authentication unit 34 generates authentication identification information Tk as disposable identification information (one-time password). The authentication unit 34 holds the authentication identification information Tk in association with the user identification information ID included in the login request message that has passed authentication. This authentication identification information Tk is referred to as verification authentication identification information Tk. The login from the control device 70 of the automobile 10 to which the login success message OK is returned to the server device 30 is successful. The recording unit 36 records the successful login in association with the user identification information ID included in the login request message that has passed the authentication.
 自動車10の制御装置70の通信部72は、サーバ装置30から受信したログイン成功メッセージOKに含まれる認証識別情報Tkを、表示部76の表示画面に表示させる。作業者は、表示部76の表示画面に表示された認証識別情報Tkを認識する。表示部76は、車両報知部に対応する。 The communication unit 72 of the control device 70 of the automobile 10 displays the authentication identification information Tk included in the login success message OK received from the server device 30 on the display screen of the display unit 76. The worker recognizes the authentication identification information Tk displayed on the display screen of the display unit 76. Display unit 76 corresponds to a vehicle notification unit.
 なお、車両報知部は、人が認識できる出力方法によって、認証識別情報Tkを報知する機能を有すればよい。例えば、車両報知部は、音声により認証識別情報Tkを報知してもよい。又は、車両報知部は、印字により認証識別情報Tkを報知してもよい。 In addition, the vehicle alerting | reporting part should just have the function to alert | report authentication identification information Tk by the output method which a person can recognize. For example, the vehicle notification unit may notify the authentication identification information Tk by voice. Or a vehicle alerting | reporting part may alert | report authentication identification information Tk by printing.
(ステップS13)作業者は、端末装置50の操作部54により、認証識別情報Tkと、サーバ装置30にログインするためのユーザ識別情報ID及びパスワードPWDとを入力する。端末装置50のコマンド要求部58は、操作部54により入力されたユーザ識別情報ID、パスワードPWD及び認証識別情報Tkを含むログイン要求メッセージを、サーバ装置30に送信する。操作部54は、端末入力部に対応する。 (Step S13) The operator inputs the authentication identification information Tk and the user identification information ID and password PWD for logging in to the server device 30 through the operation unit 54 of the terminal device 50. The command request unit 58 of the terminal device 50 transmits a login request message including the user identification information ID, the password PWD, and the authentication identification information Tk input by the operation unit 54 to the server device 30. The operation unit 54 corresponds to a terminal input unit.
 サーバ装置30の認証部34は、端末装置50から受信したログイン要求メッセージに対して認証を行う。認証部34は、ログイン要求メッセージに含まれるユーザ識別情報ID及びパスワードPWDの組と、サーバ装置30に登録されたユーザ識別情報ID及びパスワードPWDの組とを比較する。この比較の結果、両者が一致する場合にはログイン要求メッセージに対する認証が合格であり、両者が不一致の場合にはログイン要求メッセージに対する認証が不合格である。 The authentication unit 34 of the server device 30 authenticates the login request message received from the terminal device 50. The authentication unit 34 compares the set of user identification information ID and password PWD included in the login request message with the set of user identification information ID and password PWD registered in the server device 30. As a result of this comparison, if the two match, the authentication for the login request message is passed, and if the two do not match, the authentication for the login request message fails.
 ログイン要求メッセージに対する認証が不合格である場合には、図5の処理を終了する。ログイン要求メッセージに対する認証が不合格である場合には、サーバ装置30は所定のエラー処理を実行してもよい。 If the authentication for the login request message is unsuccessful, the processing in FIG. If the authentication for the login request message fails, the server device 30 may execute a predetermined error process.
 ログイン要求メッセージに対する認証が合格である場合には、認証部34は、さらに、当該ログイン要求メッセージに含まれる認証識別情報Tkと、当該ログイン要求メッセージに含まれるユーザ識別情報IDに関連付けて保持している検証用認証識別情報Tkとを比較する。この比較の結果、両者が一致する場合にはログイン要求メッセージに含まれる認証識別情報Tkの検証が合格であり、両者が不一致の場合にはログイン要求メッセージに含まれる認証識別情報Tkの検証が不合格である。 If the authentication for the login request message is successful, the authentication unit 34 further holds the authentication identification information Tk included in the login request message and the user identification information ID included in the login request message. The verification authentication identification information Tk is compared. As a result of the comparison, if the two match, the verification of the authentication identification information Tk included in the login request message has passed, and if the two do not match, the verification of the authentication identification information Tk included in the login request message has failed. Pass.
 ログイン要求メッセージに含まれる認証識別情報Tkの検証が合格である場合には、記録部36は、認証識別情報Tkの検証が合格であることを、当該ログイン要求メッセージに含まれるユーザ識別情報IDに関連付けて記録する。その後、ステップS14に進む。 When the verification of the authentication identification information Tk included in the login request message is acceptable, the recording unit 36 indicates that the verification of the authentication identification information Tk is successful in the user identification information ID included in the login request message. Record in association. Thereafter, the process proceeds to step S14.
 一方、ログイン要求メッセージに含まれる認証識別情報Tkの検証が不合格である場合には、図5の処理を終了する。ログイン要求メッセージに対する認証又はログイン要求メッセージに含まれる認証識別情報Tkの検証のうち、少なくともいずれか一方が不合格である場合には、端末装置50からサーバ装置30へのログインは失敗である。ログイン要求メッセージに含まれる認証識別情報Tkの検証が不合格である場合には、記録部36は、認証識別情報Tkの検証が不合格であることを、当該ログイン要求メッセージに含まれるユーザ識別情報IDに関連付けて記録する。また、ログイン要求メッセージに含まれる認証識別情報Tkの検証が不合格である場合には、サーバ装置30は所定のエラー処理を実行してもよい。 On the other hand, if the verification of the authentication identification information Tk included in the login request message fails, the process of FIG. If at least one of the authentication for the login request message or the verification of the authentication identification information Tk included in the login request message fails, the login from the terminal device 50 to the server device 30 is unsuccessful. When the verification of the authentication identification information Tk included in the login request message is unsuccessful, the recording unit 36 indicates that the verification of the authentication identification information Tk is unsuccessful, and the user identification information included in the login request message. Record in association with the ID. In addition, when the verification of the authentication identification information Tk included in the login request message fails, the server device 30 may execute a predetermined error process.
(ステップS14)サーバ装置30の認証部34は、ログイン要求メッセージに対する認証と当該ログイン要求メッセージに含まれる認証識別情報Tkの検証との両方が合格した当該ログイン要求メッセージの送信元の端末装置50に、ログイン成功メッセージOKを返信する。ログイン成功メッセージOKが返信された端末装置50からサーバ装置30へのログインは成功である。記録部36は、該ログイン成功を、認証が合格したログイン要求メッセージに含まれるユーザ識別情報IDに関連付けて記録する。 (Step S <b> 14) The authentication unit 34 of the server device 30 passes the authentication for the login request message and the verification of the authentication identification information Tk included in the login request message to the terminal device 50 that is the transmission source of the login request message. , A login success message OK is returned. The login from the terminal device 50 to which the login success message OK is returned to the server device 30 is successful. The recording unit 36 records the successful login in association with the user identification information ID included in the login request message that has passed the authentication.
(保守フェーズ)
 制御方法の例1-1の保守フェーズを説明する。サーバ装置30は、認証フェーズでログイン成功メッセージOKを返信した相手である自動車10の制御装置70と端末装置50とを対象にして、保守フェーズの手順を実行する。サーバ装置30の認証部34が認証フェーズでログイン成功メッセージOKを返信した相手である端末装置50と自動車10の制御装置70とは、ユーザ識別情報IDにより、サーバ装置30にログイン継続中である。サーバ装置30の記録部36は、ユーザ識別情報IDと、自動車10の車両識別番号VINとを関連付けて記録している。 (Maintenance phase)
The maintenance phase of the control method example 1-1 will be described. The server device 30 executes the procedure of the maintenance phase for the control device 70 and the terminal device 50 of the automobile 10 that are the counterparts who returned the login success message OK in the authentication phase. The terminal device 50 and the control device 70 of the automobile 10 to which the authentication unit 34 of the server device 30 has returned the login success message OK in the authentication phase are continuing to log in to the server device 30 based on the user identification information ID. The recording unit 36 of the server device 30 records the user identification information ID and the vehicle identification number VIN of the automobile 10 in association with each other.
(ステップS21)端末装置50のコマンド要求部58は、自動車10で実行されるコマンドの送信を要求するコマンド送信要求メッセージを、サーバ装置30に送信する。コマンド要求部58がコマンド送信要求メッセージによりサーバ装置30に送信を要求するコマンドは、作業者が操作部54により指定したコマンドであってもよく、又は、保守作業内容として予め設定されていてもよい。 (Step S <b> 21) The command request unit 58 of the terminal device 50 transmits a command transmission request message for requesting transmission of a command executed by the automobile 10 to the server device 30. The command that the command requesting unit 58 requests to send to the server device 30 by the command transmission request message may be a command designated by the operator through the operation unit 54 or may be set in advance as maintenance work content. .
(ステップS22)サーバ装置30のコマンド制御部38は、端末装置50から受信したコマンド送信要求メッセージに基づいて、コマンドを、自動車10の制御装置70に送信する。記録部36は、コマンド制御部38が自動車10の制御装置70に送信したコマンドを、ユーザ識別情報IDに関連付けて記録する。自動車10の制御装置70のコマンド受信部78は、サーバ装置30からコマンドを受信する。コマンド受信部78は、サーバ装置30から受信したコマンドを、該コマンドを実行する自動車10の車載装置に転送する。コマンドを実行する自動車10の車載装置として、例えば、ゲートウェイ装置16と、ECU18とが挙げられる。なお、コマンド受信部78がサーバ装置30から受信したコマンドを、制御装置70が実行してもよい。 (Step S <b> 22) The command control unit 38 of the server device 30 transmits a command to the control device 70 of the automobile 10 based on the command transmission request message received from the terminal device 50. The recording unit 36 records the command transmitted from the command control unit 38 to the control device 70 of the automobile 10 in association with the user identification information ID. The command receiving unit 78 of the control device 70 of the automobile 10 receives a command from the server device 30. The command receiving unit 78 transfers the command received from the server device 30 to the in-vehicle device of the automobile 10 that executes the command. Examples of the in-vehicle device of the automobile 10 that executes a command include the gateway device 16 and the ECU 18. Note that the control device 70 may execute the command received by the command receiving unit 78 from the server device 30.
(ステップS23)自動車10の制御装置70のコマンド受信部78は、コマンド転送先の車載装置からコマンドの実行結果を受信する。コマンド受信部78は、コマンドの実行結果をサーバ装置30に送信する。サーバ装置30の記録部36は、自動車10の制御装置70から受信したコマンドの実行結果を、ユーザ識別情報IDに関連付けて記録する。 (Step S <b> 23) The command receiving unit 78 of the control device 70 of the automobile 10 receives a command execution result from the command transfer destination in-vehicle device. The command receiving unit 78 transmits the command execution result to the server device 30. The recording unit 36 of the server device 30 records the execution result of the command received from the control device 70 of the automobile 10 in association with the user identification information ID.
(ステップS24)サーバ装置30のコマンド制御部38は、自動車10の制御装置70から受信したコマンドの実行結果を、コマンド送信要求メッセージの送信元の端末装置50に送信する。端末装置50のコマンド要求部58は、サーバ装置30から受信したコマンドの実行結果を、表示部56の表示画面に表示させる。作業者は、表示部56の表示画面に表示されたコマンドの実行結果を認識する。 (Step S24) The command control unit 38 of the server device 30 transmits the execution result of the command received from the control device 70 of the automobile 10 to the terminal device 50 that is the transmission source of the command transmission request message. The command request unit 58 of the terminal device 50 displays the execution result of the command received from the server device 30 on the display screen of the display unit 56. The worker recognizes the execution result of the command displayed on the display screen of the display unit 56.
<制御方法の例1-2>
 図6を参照して本実施形態に係る制御方法の例1-2を説明する。図6は、本実施形態に係る制御方法の例1-2を示すシーケンスチャートである。図6において、図5の各ステップに対応する部分には同一の符号を付している。以下の説明において、制御方法の例1-1と同様に、サーバ装置30と端末装置50とは、サーバ装置30と端末装置50との間の暗号通信路によりデータを送受する。サーバ装置30と自動車10の制御装置70とは、サーバ装置30と制御装置70との間の暗号通信路によりデータを送受する。以下、制御方法の例1-2について、制御方法の例1-1と異なる点を主に説明する。 <Example of control method 1-2>
An example 1-2 of the control method according to the present embodiment will be described with reference to FIG. FIG. 6 is a sequence chart showing Example 1-2 of the control method according to the present embodiment. In FIG. 6, portions corresponding to the respective steps in FIG. In the following description, similarly to Example 1-1 of the control method, the server device 30 and the terminal device 50 transmit and receive data via an encrypted communication path between the server device 30 and the terminal device 50. The server device 30 and the control device 70 of the automobile 10 transmit and receive data via an encrypted communication path between the server device 30 and the control device 70. In the following, the difference between the control method example 1-2 and the control method example 1-1 will be mainly described.
(認証フェーズ)
 制御方法の例1-2の認証フェーズを説明する。制御方法の例1-2の認証フェーズは、制御方法の例1-1の認証フェーズとは、端末装置50と自動車10の制御装置70とがサーバ装置30にログインを行う順番が逆である。 (Authentication phase)
The authentication phase of the control method example 1-2 will be described. In the authentication phase of the control method example 1-2, the order in which the terminal device 50 and the control device 70 of the automobile 10 log in to the server device 30 is opposite to the authentication phase of the control method example 1-1.
(ステップS11a)作業者は、端末装置50の操作部54により、サーバ装置30にログインするためのユーザ識別情報IDとパスワードPWDとを入力する。端末装置50のコマンド要求部58は、操作部54により入力されたユーザ識別情報IDとパスワードPWDとを含むログイン要求メッセージを、サーバ装置30に送信する。 (Step S11a) The operator inputs the user identification information ID and the password PWD for logging in to the server device 30 through the operation unit 54 of the terminal device 50. The command request unit 58 of the terminal device 50 transmits a login request message including the user identification information ID input by the operation unit 54 and the password PWD to the server device 30.
 サーバ装置30の認証部34は、端末装置50から受信したログイン要求メッセージに対して認証を行う。認証部34は、ログイン要求メッセージに含まれるユーザ識別情報ID及びパスワードPWDの組と、サーバ装置30に登録されたユーザ識別情報ID及びパスワードPWDの組とを比較する。この比較の結果、両者が一致する場合にはログイン要求メッセージに対する認証が合格であり、両者が不一致の場合にはログイン要求メッセージに対する認証が不合格である。 The authentication unit 34 of the server device 30 authenticates the login request message received from the terminal device 50. The authentication unit 34 compares the set of user identification information ID and password PWD included in the login request message with the set of user identification information ID and password PWD registered in the server device 30. As a result of this comparison, if the two match, the authentication for the login request message is passed, and if the two do not match, the authentication for the login request message fails.
 ログイン要求メッセージに対する認証が合格である場合には、ステップS12aに進む。一方、ログイン要求メッセージに対する認証が不合格である場合には、図6の処理を終了する。ログイン要求メッセージに対する認証が不合格である場合には、端末装置50からサーバ装置30へのログインは失敗である。ログイン要求メッセージに対する認証が不合格である場合には、記録部36は、該ログイン失敗を、ログイン要求メッセージに含まれるユーザ識別情報IDに関連付けて記録する。ログイン要求メッセージに対する認証が不合格である場合には、サーバ装置30は所定のエラー処理を実行してもよい。 If the authentication for the login request message is successful, the process proceeds to step S12a. On the other hand, if the authentication for the login request message is unsuccessful, the process of FIG. 6 ends. If the authentication for the login request message fails, the login from the terminal device 50 to the server device 30 has failed. If the authentication for the login request message fails, the recording unit 36 records the login failure in association with the user identification information ID included in the login request message. If the authentication for the login request message fails, the server device 30 may execute a predetermined error process.
(ステップS12a)サーバ装置30の認証部34は、認証が合格したログイン要求メッセージの送信元の端末装置50に、認証識別情報Tkを含むログイン成功メッセージOKを返信する。認証識別情報Tkは、認証が合格したログイン要求メッセージに含まれるユーザ識別情報IDについて、今回のログインの成功に関する識別情報である。認証部34は、使い捨ての識別情報(ワンタイムパスワード)として、認証識別情報Tkを生成する。認証部34は、認証識別情報Tkを、認証が合格したログイン要求メッセージに含まれるユーザ識別情報IDに関連付けて保持する。この認証識別情報Tkを検証用認証識別情報Tkと称する。ログイン成功メッセージOKが返信された端末装置50からサーバ装置30へのログインは成功である。記録部36は、該ログイン成功を、認証が合格したログイン要求メッセージに含まれるユーザ識別情報IDに関連付けて記録する。 (Step S12a) The authentication unit 34 of the server device 30 returns a login success message OK including the authentication identification information Tk to the terminal device 50 that has transmitted the login request message that has passed the authentication. The authentication identification information Tk is identification information regarding the success of the current login for the user identification information ID included in the login request message that has passed the authentication. The authentication unit 34 generates authentication identification information Tk as disposable identification information (one-time password). The authentication unit 34 holds the authentication identification information Tk in association with the user identification information ID included in the login request message that has passed authentication. This authentication identification information Tk is referred to as verification authentication identification information Tk. The login from the terminal device 50 to which the login success message OK is returned to the server device 30 is successful. The recording unit 36 records the successful login in association with the user identification information ID included in the login request message that has passed the authentication.
 端末装置50のコマンド要求部58は、サーバ装置30から受信したログイン成功メッセージOKに含まれる認証識別情報Tkを、表示部56の表示画面に表示させる。作業者は、表示部56の表示画面に表示された認証識別情報Tkを認識する。表示部56は、端末報知部に対応する。 The command request unit 58 of the terminal device 50 displays the authentication identification information Tk included in the login success message OK received from the server device 30 on the display screen of the display unit 56. The worker recognizes the authentication identification information Tk displayed on the display screen of the display unit 56. The display unit 56 corresponds to a terminal notification unit.
 なお、端末報知部は、人が認識できる出力方法によって、認証識別情報Tkを報知する機能を有すればよい。例えば、端末報知部は、音声により認証識別情報Tkを報知してもよい。又は、端末報知部は、印字により認証識別情報Tkを報知してもよい。 In addition, the terminal alerting | reporting part should just have the function to alert | report authentication identification information Tk by the output method which a person can recognize. For example, the terminal notification unit may notify the authentication identification information Tk by voice. Alternatively, the terminal notification unit may notify the authentication identification information Tk by printing.
(ステップS13a)作業者は、自動車10の制御装置70の操作部74により、認証識別情報Tkと、サーバ装置30にログインするためのユーザ識別情報ID及びパスワードPWDとを入力する。制御装置70の通信部72は、自動車10の車両識別番号VINと、操作部74により入力されたユーザ識別情報ID、パスワードPWD及び認証識別情報Tkを含むログイン要求メッセージを、サーバ装置30に送信する。操作部74は、車両入力部に対応する。 (Step S <b> 13 a) The worker inputs the authentication identification information Tk, the user identification information ID for logging in to the server device 30, and the password PWD through the operation unit 74 of the control device 70 of the automobile 10. The communication unit 72 of the control device 70 transmits a login request message including the vehicle identification number VIN of the automobile 10 and the user identification information ID, the password PWD, and the authentication identification information Tk input by the operation unit 74 to the server device 30. . The operation unit 74 corresponds to a vehicle input unit.
 サーバ装置30の認証部34は、自動車10の制御装置70から受信したログイン要求メッセージに対して認証を行う。認証部34は、ログイン要求メッセージに含まれるユーザ識別情報ID及びパスワードPWDの組と、サーバ装置30に登録されたユーザ識別情報ID及びパスワードPWDの組とを比較する。この比較の結果、両者が一致する場合にはログイン要求メッセージに対する認証が合格であり、両者が不一致の場合にはログイン要求メッセージに対する認証が不合格である。 The authentication unit 34 of the server device 30 authenticates the login request message received from the control device 70 of the automobile 10. The authentication unit 34 compares the set of user identification information ID and password PWD included in the login request message with the set of user identification information ID and password PWD registered in the server device 30. As a result of this comparison, if the two match, the authentication for the login request message is passed, and if the two do not match, the authentication for the login request message fails.
 ログイン要求メッセージに対する認証が不合格である場合には、図6の処理を終了する。ログイン要求メッセージに対する認証が不合格である場合には、サーバ装置30は所定のエラー処理を実行してもよい。 If the authentication for the login request message is unsuccessful, the processing in FIG. If the authentication for the login request message fails, the server device 30 may execute a predetermined error process.
 ログイン要求メッセージに対する認証が合格である場合には、認証部34は、さらに、当該ログイン要求メッセージに含まれる認証識別情報Tkと、当該ログイン要求メッセージに含まれるユーザ識別情報IDに関連付けて保持している検証用認証識別情報Tkとを比較する。この比較の結果、両者が一致する場合にはログイン要求メッセージに含まれる認証識別情報Tkの検証が合格であり、両者が不一致の場合にはログイン要求メッセージに含まれる認証識別情報Tkの検証が不合格である。 If the authentication for the login request message is successful, the authentication unit 34 further holds the authentication identification information Tk included in the login request message and the user identification information ID included in the login request message. The verification authentication identification information Tk is compared. As a result of the comparison, if the two match, the verification of the authentication identification information Tk included in the login request message has passed, and if the two do not match, the verification of the authentication identification information Tk included in the login request message has failed. Pass.
 ログイン要求メッセージに含まれる認証識別情報Tkの検証が合格である場合には、記録部36は、認証識別情報Tkの検証が合格であることを、当該ログイン要求メッセージに含まれるユーザ識別情報IDに関連付けて記録する。その後、ステップS14aに進む。 When the verification of the authentication identification information Tk included in the login request message is acceptable, the recording unit 36 indicates that the verification of the authentication identification information Tk is successful in the user identification information ID included in the login request message. Record in association. Thereafter, the process proceeds to step S14a.
 一方、ログイン要求メッセージに含まれる認証識別情報Tkの検証が不合格である場合には、図6の処理を終了する。ログイン要求メッセージに対する認証又はログイン要求メッセージに含まれる認証識別情報Tkの検証のうち、少なくともいずれか一方が不合格である場合には、自動車10の制御装置70からサーバ装置30へのログインは失敗である。ログイン要求メッセージに含まれる認証識別情報Tkの検証が不合格である場合には、記録部36は、認証識別情報Tkの検証が不合格であることを、当該ログイン要求メッセージに含まれるユーザ識別情報IDに関連付けて記録する。また、ログイン要求メッセージに含まれる認証識別情報Tkの検証が不合格である場合には、サーバ装置30は所定のエラー処理を実行してもよい。 On the other hand, if the verification of the authentication identification information Tk included in the login request message fails, the process of FIG. When at least one of the authentication for the login request message or the verification of the authentication identification information Tk included in the login request message fails, the login from the control device 70 of the automobile 10 to the server device 30 has failed. is there. When the verification of the authentication identification information Tk included in the login request message is unsuccessful, the recording unit 36 indicates that the verification of the authentication identification information Tk is unsuccessful, and the user identification information included in the login request message. Record in association with the ID. In addition, when the verification of the authentication identification information Tk included in the login request message fails, the server device 30 may execute a predetermined error process.
(ステップS14a)サーバ装置30の認証部34は、ログイン要求メッセージに対する認証と当該ログイン要求メッセージに含まれる認証識別情報Tkの検証との両方が合格した当該ログイン要求メッセージの送信元の自動車10の制御装置70に、ログイン成功メッセージOKを返信する。ログイン成功メッセージOKが返信された自動車10の制御装置70からサーバ装置30へのログインは成功である。記録部36は、該ログイン成功を、認証が合格したログイン要求メッセージに含まれるユーザ識別情報IDに関連付けて記録する。 (Step S14a) The authentication unit 34 of the server device 30 controls the automobile 10 that is the transmission source of the login request message that has passed both the authentication for the login request message and the verification of the authentication identification information Tk included in the login request message. A login success message OK is returned to the device 70. The login from the control device 70 of the automobile 10 to which the login success message OK is returned to the server device 30 is successful. The recording unit 36 records the successful login in association with the user identification information ID included in the login request message that has passed the authentication.
(保守フェーズ)
 制御方法の例1-2の保守フェーズを説明する。制御方法の例1-2の保守フェーズは、制御方法の例1-1の保守フェーズと同じである。制御方法の例1-2の保守フェーズにおいて、制御方法の例1-1の保守フェーズと同様に、ステップS21からステップS24までが実施される。 (Maintenance phase)
The maintenance phase of the control method example 1-2 will be described. The maintenance phase of the control method example 1-2 is the same as the maintenance phase of the control method example 1-1. In the maintenance phase of the control method example 1-2, steps S21 to S24 are performed as in the maintenance phase of the control method example 1-1.
[第2実施形態]
 図7は、第2実施形態に係る制御システム1aの概略構成図である。図7において、図1の各部に対応する部分には同一の符号を付している。サーバ装置30は、図2の構成を適用できる。端末装置50は、図3の構成を適用できる。制御装置70は、図4の構成を適用できる。以下、第2実施形態に係る図7の制御システム1aについて、第1実施形態に係る図1の制御システム1と異なる点を主に説明する。 [Second Embodiment]
FIG. 7 is a schematic configuration diagram of a control system 1a according to the second embodiment. In FIG. 7, portions corresponding to the respective portions in FIG. The server device 30 can apply the configuration of FIG. The terminal device 50 can apply the configuration of FIG. The configuration of FIG. 4 can be applied to the control device 70. Hereinafter, the control system 1a of FIG. 7 according to the second embodiment will be described mainly with respect to differences from the control system 1 of FIG. 1 according to the first embodiment.
 図7に示す制御システム1aでは、サーバ装置30と自動車10の制御装置70とは、端末装置50を介して通信を行う。サーバ装置30は、通信路104を介して端末装置50と通信を行う。端末装置50は、通信路106を介して自動車10の通信インタフェース12と通信を行う。通信路106は、第1実施形態に係る通信路102と同様に、無線通信路であってもよく、又は、有線通信路であってもよく、又は、無線通信路と有線通信路とから構成されてもよい。サーバ装置30は、端末装置50と自動車10の通信インタフェース12とを介して、自動車10の制御装置70と通信を行う。 7, the server device 30 and the control device 70 of the automobile 10 communicate with each other via the terminal device 50. The server device 30 communicates with the terminal device 50 via the communication path 104. The terminal device 50 communicates with the communication interface 12 of the automobile 10 via the communication path 106. Similarly to the communication path 102 according to the first embodiment, the communication path 106 may be a wireless communication path, a wired communication path, or a wireless communication path and a wired communication path. May be. The server device 30 communicates with the control device 70 of the automobile 10 via the terminal device 50 and the communication interface 12 of the automobile 10.
 次に図8、図9を参照して本実施形態に係る制御方法を説明する。本実施形態に係る制御方法は、第1実施形態と同様に、認証フェーズと保守フェーズとから構成される。 Next, a control method according to the present embodiment will be described with reference to FIGS. The control method according to this embodiment includes an authentication phase and a maintenance phase, as in the first embodiment.
<制御方法の例2-1>
 図8を参照して本実施形態に係る制御方法の例2-1を説明する。図8は、本実施形態に係る制御方法の例2-1を示すシーケンスチャートである。図8において、第1実施形態の制御方法の例1-1に係る図5の各ステップに対応する部分には同一の符号を付している。制御方法の例2-1においては、制御方法の例1-1と同様に、サーバ装置30と端末装置50とは、サーバ装置30と端末装置50との間の暗号通信路によりデータを送受する。サーバ装置30と自動車10の制御装置70とは、サーバ装置30と制御装置70との間の暗号通信路によりデータを送受する。但し、サーバ装置30と制御装置70との間で送受される通信データは、端末装置50を介して伝送される。端末装置50の通信部52は、サーバ装置30と制御装置70との間で送受される通信データを中継する機能を有する。 <Example of control method 2-1>
An example 2-1 of the control method according to the present embodiment will be described with reference to FIG. FIG. 8 is a sequence chart showing an example 2-1 of the control method according to the present embodiment. In FIG. 8, parts corresponding to the respective steps in FIG. 5 according to the control method example 1-1 of the first embodiment are denoted by the same reference numerals. In the control method example 2-1, similarly to the control method example 1-1, the server device 30 and the terminal device 50 transmit and receive data via the encryption communication path between the server device 30 and the terminal device 50. . The server device 30 and the control device 70 of the automobile 10 transmit and receive data via an encrypted communication path between the server device 30 and the control device 70. However, communication data transmitted and received between the server device 30 and the control device 70 is transmitted via the terminal device 50. The communication unit 52 of the terminal device 50 has a function of relaying communication data transmitted and received between the server device 30 and the control device 70.
(認証フェーズ)
 制御方法の例2-1の認証フェーズを説明する。制御方法の例2-1の認証フェーズは、第1実施形態の制御方法の例1-1と同じである。制御方法の例2-1の認証フェーズにおいて、制御方法の例1-1の認証フェーズと同様に、ステップS11からステップS14までが実施される。 (Authentication phase)
The authentication phase of the control method example 2-1 will be described. The authentication phase of the control method example 2-1 is the same as that of the control method example 1-1 of the first embodiment. In the authentication phase of the control method example 2-1, similarly to the authentication phase of the control method example 1-1, steps S11 to S14 are performed.
(保守フェーズ)
 制御方法の例2-1の保守フェーズを説明する。制御方法の例2-1の保守フェーズは、第1実施形態の制御方法の例1-1の保守フェーズと同じである。制御方法の例2-1の保守フェーズにおいて、制御方法の例1-1の保守フェーズと同様に、ステップS21からステップS24までが実施される。 (Maintenance phase)
The maintenance phase of the control method example 2-1 will be described. The maintenance phase of the control method example 2-1 is the same as the maintenance phase of the control method example 1-1 of the first embodiment. In the maintenance phase of the control method example 2-1, steps S21 to S24 are performed as in the maintenance phase of the control method example 1-1.
<制御方法の例2-2>
 図9を参照して本実施形態に係る制御方法の例2-2を説明する。図9は、本実施形態に係る制御方法の例2-2を示すシーケンスチャートである。図9において、第1実施形態の制御方法の例1-2に係る図6の各ステップに対応する部分には同一の符号を付している。制御方法の例2-2においては、制御方法の例1-2と同様に、サーバ装置30と端末装置50とは、サーバ装置30と端末装置50との間の暗号通信路によりデータを送受する。サーバ装置30と自動車10の制御装置70とは、サーバ装置30と制御装置70との間の暗号通信路によりデータを送受する。但し、制御方法の例2-1と同様に、サーバ装置30と制御装置70との間で送受される通信データは、端末装置50を介して伝送される。端末装置50の通信部52は、サーバ装置30と制御装置70との間で送受される通信データを中継する機能を有する。 <Example of control method 2-2>
An example 2-2 of the control method according to the present embodiment will be described with reference to FIG. FIG. 9 is a sequence chart showing an example 2-2 of the control method according to the present embodiment. 9, parts corresponding to the respective steps in FIG. 6 according to the control method example 1-2 of the first embodiment are denoted by the same reference numerals. In the control method example 2-2, as in the control method example 1-2, the server device 30 and the terminal device 50 transmit and receive data via the encryption communication path between the server device 30 and the terminal device 50. . The server device 30 and the control device 70 of the automobile 10 transmit and receive data via an encrypted communication path between the server device 30 and the control device 70. However, the communication data transmitted and received between the server device 30 and the control device 70 is transmitted via the terminal device 50 as in the control method example 2-1. The communication unit 52 of the terminal device 50 has a function of relaying communication data transmitted and received between the server device 30 and the control device 70.
(認証フェーズ)
 制御方法の例2-2の認証フェーズを説明する。制御方法の例2-2の認証フェーズは、第1実施形態の制御方法の例1-2と同じである。制御方法の例2-2の認証フェーズにおいて、制御方法の例1-2の認証フェーズと同様に、ステップS11aからステップS14aまでが実施される。 (Authentication phase)
The authentication phase of the control method example 2-2 will be described. The authentication phase of the control method example 2-2 is the same as that of the control method example 1-2 of the first embodiment. In the authentication phase of the control method example 2-2, similarly to the authentication phase of the control method example 1-2, steps S11a to S14a are performed.
(保守フェーズ)
 制御方法の例2-2の保守フェーズを説明する。制御方法の例2-2の保守フェーズは、第1実施形態の制御方法の例1-2の保守フェーズ(制御方法の例1-1の保守フェーズ)と同じである。制御方法の例2-2の保守フェーズにおいて、制御方法の例1-2の保守フェーズ(制御方法の例1-1の保守フェーズ)と同様に、ステップS21からステップS24までが実施される。 (Maintenance phase)
The maintenance phase of the control method example 2-2 will be described. The maintenance phase of the control method example 2-2 is the same as the maintenance phase of the control method example 1-2 of the first embodiment (the maintenance phase of the control method example 1-1). In the maintenance phase of the control method example 2-2, steps S21 to S24 are performed as in the maintenance phase of the control method example 1-2 (the maintenance phase of the control method example 1-1).
 上述した第1実施形態及び第2実施形態によれば、端末装置50がコマンド送信要求メッセージをサーバ装置30に送信する。サーバ装置30は端末装置50から受信したコマンド送信要求メッセージに基づいて、コマンドを自動車10に送信する。自動車10は、サーバ装置30から受信したコマンドを実行する。これにより、サーバ装置30は自動車10で実行されるコマンドを管理することができるので、自動車10の保守等の作業を行う際の安全性を向上させることができる。例えば、不適当なコマンドが自動車10で実行されることを防ぐ効果が得られる。 According to the first embodiment and the second embodiment described above, the terminal device 50 transmits a command transmission request message to the server device 30. The server device 30 transmits a command to the automobile 10 based on the command transmission request message received from the terminal device 50. The automobile 10 executes the command received from the server device 30. Thereby, since the server apparatus 30 can manage the command performed with the motor vehicle 10, the safety | security at the time of work, such as a maintenance of the motor vehicle 10, can be improved. For example, an effect of preventing an inappropriate command from being executed in the automobile 10 can be obtained.
 また、記録部36が、サーバ装置30にログインしたユーザ識別情報IDと、コマンドが実行される自動車10の車両識別番号VINとに関連付けて、自動車10に送信したコマンドを記録する。このため、どの作業者(ユーザ識別情報)がどの自動車10(車両識別番号)にどのような作業(コマンドの実行)を行ったかを把握することができる。 Also, the recording unit 36 records the command transmitted to the automobile 10 in association with the user identification information ID logged into the server device 30 and the vehicle identification number VIN of the automobile 10 on which the command is executed. For this reason, it is possible to grasp which worker (user identification information) has performed what operation (command execution) on which automobile 10 (vehicle identification number).
 なお、記録部36は、自動車10の車両識別番号VIN若しくは端末装置50から受信したユーザ識別情報IDに関連付けて、自動車10に送信したコマンドを記録してもよい。又は、記録部36は、自動車10の車両識別番号VINと端末装置50から受信したユーザ識別情報IDとの両方に関連付けて、自動車10に送信したコマンドを記録してもよい。
[第3実施形態]
 図10は、第3実施形態に係る制御システム1bの概略構成図である。図10において、図1の各部に対応する部分には同一の符号を付している。サーバ装置30は、図2の構成を適用できる。以下、第3実施形態に係る図10の制御システム1bについて、第1実施形態に係る図1の制御システム1と異なる点を主に説明する。 The recording unit 36 may record the command transmitted to the automobile 10 in association with the vehicle identification number VIN of the automobile 10 or the user identification information ID received from the terminal device 50. Alternatively, the recording unit 36 may record the command transmitted to the automobile 10 in association with both the vehicle identification number VIN of the automobile 10 and the user identification information ID received from the terminal device 50.
[Third Embodiment]
FIG. 10 is a schematic configuration diagram of a control system 1b according to the third embodiment. 10, parts corresponding to those in FIG. 1 are given the same reference numerals. The server device 30 can apply the configuration of FIG. Hereinafter, the control system 1b of FIG. 10 according to the third embodiment will be described mainly with respect to differences from the control system 1 of FIG. 1 according to the first embodiment.
 図10に示す制御システム1bは、端末装置50を備えていない。図11は、本実施形態に係る制御装置70の概略構成図である。図11において、図4の各部に対応する部分には同一の符号を付している。図11に示す制御装置70は、図4の構成に加えてさらにコマンド要求部58を備える。図10に示す制御システム1bでは、図1の制御システム1において端末装置50が備えるコマンド要求部58を、自動車10の制御装置70が備える。 10 does not include the terminal device 50. The control system 1b shown in FIG. FIG. 11 is a schematic configuration diagram of the control device 70 according to the present embodiment. In FIG. 11, the same reference numerals are given to portions corresponding to the respective portions in FIG. 4. A control device 70 shown in FIG. 11 further includes a command requesting unit 58 in addition to the configuration of FIG. In the control system 1b illustrated in FIG. 10, the control device 70 of the automobile 10 includes the command request unit 58 included in the terminal device 50 in the control system 1 illustrated in FIG. 1.
 次に図12を参照して本実施形態に係る制御方法を説明する。本実施形態に係る制御方法は、第1実施形態と同様に、認証フェーズと保守フェーズとから構成される。 Next, a control method according to this embodiment will be described with reference to FIG. The control method according to this embodiment includes an authentication phase and a maintenance phase, as in the first embodiment.
<制御方法の例3>
 図12を参照して本実施形態に係る制御方法の例3を説明する。図12は、本実施形態に係る制御方法の例3を示すシーケンスチャートである。図12において、図5の各ステップに対応する部分には同一の符号を付している。以下の説明において、制御方法の例1-1と同様に、サーバ装置30と自動車10の制御装置70とは、サーバ装置30と制御装置70との間の暗号通信路によりデータを送受する。 <Example 3 of control method>
An example 3 of the control method according to the present embodiment will be described with reference to FIG. FIG. 12 is a sequence chart illustrating a third example of the control method according to the present embodiment. In FIG. 12, portions corresponding to the respective steps in FIG. In the following description, similarly to the control method example 1-1, the server device 30 and the control device 70 of the automobile 10 transmit and receive data via an encrypted communication path between the server device 30 and the control device 70.
(認証フェーズ)
 制御方法の例3の認証フェーズを説明する。制御方法の例3の認証フェーズでは、自動車10の制御装置70がサーバ装置30にログインを行う。制御方法の例3の認証フェーズにおいて、制御方法の例1-1の認証フェーズと同様に、ステップS11が実施される。ステップS11において、自動車10の制御装置70からサーバ装置30に送信されたログイン要求メッセージに対する認証が合格である場合には、ステップS12bに進む。 (Authentication phase)
The authentication phase of the control method example 3 will be described. In the authentication phase of Example 3 of the control method, the control device 70 of the automobile 10 logs into the server device 30. In the authentication phase of the control method example 3, step S11 is performed as in the authentication phase of the control method example 1-1. In step S11, when the authentication for the login request message transmitted from the control device 70 of the automobile 10 to the server device 30 is successful, the process proceeds to step S12b.
(ステップS12b)サーバ装置30の認証部34は、認証が合格したログイン要求メッセージの送信元の自動車10の制御装置70に、ログイン成功メッセージOKを返信する。ログイン成功メッセージOKが返信された自動車10の制御装置70からサーバ装置30へのログインは成功である。記録部36は、該ログイン成功を、認証が合格したログイン要求メッセージに含まれるユーザ識別情報IDに関連付けて記録する。 (Step S12b) The authentication unit 34 of the server device 30 returns a login success message OK to the control device 70 of the automobile 10 that has transmitted the login request message that has passed the authentication. The login from the control device 70 of the automobile 10 to which the login success message OK is returned to the server device 30 is successful. The recording unit 36 records the successful login in association with the user identification information ID included in the login request message that has passed the authentication.
(保守フェーズ)
 制御方法の例3の保守フェーズを説明する。サーバ装置30は、認証フェーズでログイン成功メッセージOKを返信した相手である自動車10の制御装置70を対象にして、保守フェーズの手順を実行する。サーバ装置30の認証部34が認証フェーズでログイン成功メッセージOKを返信した相手である自動車10の制御装置70は、ユーザ識別情報IDにより、サーバ装置30にログイン継続中である。サーバ装置30の記録部36は、ユーザ識別情報IDと、自動車10の車両識別番号VINとを関連付けて記録している。 (Maintenance phase)
The maintenance phase of the control method example 3 will be described. The server device 30 executes the procedure of the maintenance phase for the control device 70 of the automobile 10 that is the partner that has returned the login success message OK in the authentication phase. The control device 70 of the automobile 10 to which the authentication unit 34 of the server device 30 has returned the login success message OK in the authentication phase is continuing to log in to the server device 30 using the user identification information ID. The recording unit 36 of the server device 30 records the user identification information ID and the vehicle identification number VIN of the automobile 10 in association with each other.
(ステップS21a)自動車10の制御装置70のコマンド要求部58は、自動車10で実行されるコマンドの送信を要求するコマンド送信要求メッセージを、サーバ装置30に送信する。コマンド要求部58がコマンド送信要求メッセージによりサーバ装置30に送信を要求するコマンドは、作業者が操作部74により指定したコマンドであってもよく、又は、保守作業内容として予め設定されていてもよい。 (Step S <b> 21 a) The command request unit 58 of the control device 70 of the automobile 10 transmits a command transmission request message for requesting transmission of a command executed in the automobile 10 to the server device 30. The command that the command requesting unit 58 requests to send to the server device 30 by a command transmission request message may be a command specified by the operator using the operation unit 74 or may be set in advance as maintenance work content. .
(ステップS22)サーバ装置30のコマンド制御部38は、自動車10の制御装置70から受信したコマンド送信要求メッセージに基づいて、コマンドを、自動車10の制御装置70に送信する。記録部36は、コマンド制御部38が自動車10の制御装置70に送信したコマンドを、ユーザ識別情報IDに関連付けて記録する。自動車10の制御装置70のコマンド受信部78は、サーバ装置30からコマンドを受信する。コマンド受信部78は、サーバ装置30から受信したコマンドを、該コマンドを実行する自動車10の車載装置に転送する。なお、コマンド受信部78がサーバ装置30から受信したコマンドを、制御装置70が実行してもよい。 (Step S <b> 22) The command control unit 38 of the server device 30 transmits a command to the control device 70 of the vehicle 10 based on the command transmission request message received from the control device 70 of the vehicle 10. The recording unit 36 records the command transmitted from the command control unit 38 to the control device 70 of the automobile 10 in association with the user identification information ID. The command receiving unit 78 of the control device 70 of the automobile 10 receives a command from the server device 30. The command receiving unit 78 transfers the command received from the server device 30 to the in-vehicle device of the automobile 10 that executes the command. Note that the control device 70 may execute the command received by the command receiving unit 78 from the server device 30.
(ステップS23)自動車10の制御装置70のコマンド受信部78は、コマンド転送先の車載装置からコマンドの実行結果を受信する。コマンド受信部78は、コマンドの実行結果をサーバ装置30に送信する。サーバ装置30の記録部36は、自動車10の制御装置70から受信したコマンドの実行結果を、ユーザ識別情報IDに関連付けて記録する。 (Step S <b> 23) The command receiving unit 78 of the control device 70 of the automobile 10 receives a command execution result from the command transfer destination in-vehicle device. The command receiving unit 78 transmits the command execution result to the server device 30. The recording unit 36 of the server device 30 records the execution result of the command received from the control device 70 of the automobile 10 in association with the user identification information ID.
(ステップS24a)サーバ装置30のコマンド制御部38は、自動車10の制御装置70から受信したコマンドの実行結果を、コマンド送信要求メッセージの送信元の自動車10の制御装置70に送信する。自動車10の制御装置70のコマンド要求部58は、サーバ装置30から受信したコマンドの実行結果を、表示部76の表示画面に表示させる。作業者は、表示部76の表示画面に表示されたコマンドの実行結果を認識(閲覧)する。 (Step S24a) The command control unit 38 of the server device 30 transmits the execution result of the command received from the control device 70 of the automobile 10 to the control device 70 of the automobile 10 that is the transmission source of the command transmission request message. The command request unit 58 of the control device 70 of the automobile 10 causes the execution result of the command received from the server device 30 to be displayed on the display screen of the display unit 76. The worker recognizes (views) the execution result of the command displayed on the display screen of the display unit 76.
 上述した第3実施形態によれば、自動車10がコマンド送信要求メッセージをサーバ装置30に送信する。サーバ装置30は自動車10から受信したコマンド送信要求メッセージに基づいて、コマンドを自動車10に送信する。自動車10は、サーバ装置30から受信したコマンドを実行する。これにより、サーバ装置30は自動車10で実行されるコマンドを管理することができるので、自動車10の保守等の作業を行う際の安全性を向上させることができる。例えば、不適当なコマンドが自動車10で実行されることを防ぐ効果が得られる。 According to the third embodiment described above, the automobile 10 transmits a command transmission request message to the server device 30. Server device 30 transmits a command to vehicle 10 based on the command transmission request message received from vehicle 10. The automobile 10 executes the command received from the server device 30. Thereby, since the server apparatus 30 can manage the command performed with the motor vehicle 10, the safety | security at the time of work, such as a maintenance of the motor vehicle 10, can be improved. For example, an effect of preventing an inappropriate command from being executed in the automobile 10 can be obtained.
 また、記録部36は、サーバ装置30にログインしたユーザ識別情報IDと、コマンドが実行される自動車10の車両識別番号VINとに関連付けて、自動車10に送信したコマンドを記録する。このため、どの作業者(ユーザ識別情報)がどの自動車10(車両識別番号)にどのような作業(コマンドの実行)を行ったかを把握することができる。 Further, the recording unit 36 records the command transmitted to the automobile 10 in association with the user identification information ID logged into the server device 30 and the vehicle identification number VIN of the automobile 10 on which the command is executed. For this reason, it is possible to grasp which worker (user identification information) has performed what operation (command execution) on which automobile 10 (vehicle identification number).
 なお、記録部36は、自動車10の車両識別番号VIN若しくは自動車10から受信したユーザ識別情報IDに関連付けて、自動車10に送信したコマンドを記録してもよい。又は、記録部36は、自動車10の車両識別番号VINと自動車10から受信したユーザ識別情報IDとの両方に関連付けて、自動車10に送信したコマンドを記録してもよい。 The recording unit 36 may record the command transmitted to the automobile 10 in association with the vehicle identification number VIN of the automobile 10 or the user identification information ID received from the automobile 10. Alternatively, the recording unit 36 may record the command transmitted to the automobile 10 in association with both the vehicle identification number VIN of the automobile 10 and the user identification information ID received from the automobile 10.
[第4実施形態]
 図13は、第4実施形態に係るコマンド制御部38の概略構成図である。図13に示すコマンド制御部38は、上述した各実施形態の制御システム1,1a,1bに適用されてもよい。図13において、コマンド制御部38は、コマンド生成部82と、パラメータテーブル84と、表示制御部86とを備える。 [Fourth Embodiment]
FIG. 13 is a schematic configuration diagram of the command control unit 38 according to the fourth embodiment. The command control unit 38 illustrated in FIG. 13 may be applied to the control systems 1, 1a, and 1b of the above-described embodiments. In FIG. 13, the command control unit 38 includes a command generation unit 82, a parameter table 84, and a display control unit 86.
 パラメータテーブル84は、自動車10で実行されるコマンドの生成に使用されるパラメータ群を格納する。コマンド生成部82は、パラメータテーブル84に格納されるパラメータ群を使用して、コマンド送信要求メッセージに基づいたコマンドを生成する。コマンド制御部38は、コマンド生成部82が生成したコマンドを、自動車10の制御装置70に送信する。 The parameter table 84 stores a parameter group used for generating a command to be executed in the automobile 10. The command generation unit 82 uses the parameter group stored in the parameter table 84 to generate a command based on the command transmission request message. The command control unit 38 transmits the command generated by the command generation unit 82 to the control device 70 of the automobile 10.
 図14は、本実施形態に係るパラメータテーブル84の構成例を示す図である。図14において、パラメータテーブル84は、自動車10で実行されるコマンドの生成に使用されるパラメータ群(パラメータセット)を格納する。パラメータテーブル84は、車両識別番号(VIN)又はユーザ識別情報(ユーザID)に関連付けてパラメータセットを格納する。又は、パラメータテーブル84は、車両識別番号(VIN)とユーザ識別情報(ユーザID)との両方に関連付けてパラメータセットを格納する。 FIG. 14 is a diagram illustrating a configuration example of the parameter table 84 according to the present embodiment. In FIG. 14, the parameter table 84 stores a parameter group (parameter set) used for generating a command executed in the automobile 10. The parameter table 84 stores parameter sets in association with vehicle identification numbers (VIN) or user identification information (user IDs). Alternatively, the parameter table 84 stores a parameter set in association with both the vehicle identification number (VIN) and user identification information (user ID).
 例えば、ユーザ識別情報UID_aと車両識別番号VIN_aとの両方に関連付けてパラメータセット_aがパラメータテーブル84に格納される。パラメータセット_aは、サーバ装置30へのログインのユーザ識別情報が「UID_a」であり且つコマンド送信先の自動車10の車両識別番号が「VIN_a」である場合(パラメータセット使用条件aを満たす場合)に、使用が許可されるパラメータセットである。コマンド生成部82は、パラメータセット使用条件aを満たす場合に、パラメータセット_aを使用して、コマンド送信要求メッセージに基づいたコマンドを生成する。 For example, the parameter set_a is stored in the parameter table 84 in association with both the user identification information UID_a and the vehicle identification number VIN_a. The parameter set_a is when the user identification information for logging in to the server device 30 is “UID_a” and the vehicle identification number of the command destination vehicle 10 is “VIN_a” (when the parameter set use condition a is satisfied). , A set of parameters that are allowed to be used. The command generation unit 82 generates a command based on the command transmission request message using the parameter set_a when the parameter set use condition a is satisfied.
 例えば、ユーザ識別情報UID_bに関連付けてパラメータセット_bがパラメータテーブル84に格納される。パラメータセット_bは、サーバ装置30へのログインのユーザ識別情報が「UID_b」である場合(パラメータセット使用条件bを満たす場合)に、使用が許可されるパラメータセットである。コマンド生成部82は、パラメータセット使用条件bを満たす場合に、パラメータセット_bを使用して、コマンド送信要求メッセージに基づいたコマンドを生成する。 For example, the parameter set_b is stored in the parameter table 84 in association with the user identification information UID_b. The parameter set_b is a parameter set that is allowed to be used when the user identification information for logging in to the server device 30 is “UID_b” (when the parameter set use condition b is satisfied). The command generation unit 82 generates a command based on the command transmission request message using the parameter set_b when the parameter set use condition b is satisfied.
 例えば、車両識別番号VIN_cに関連付けてパラメータセット_cがパラメータテーブル84に格納される。パラメータセット_cは、コマンド送信先の自動車10の車両識別番号が「VIN_c」である場合(パラメータセット使用条件cを満たす場合)に、使用が許可されるパラメータセットである。コマンド生成部82は、パラメータセット使用条件cを満たす場合に、パラメータセット_cを使用して、コマンド送信要求メッセージに基づいたコマンドを生成する。
 なお、パラメータセットに対して、有効期限が設定されてもよい。有効期限が設定されたパラメータセットは、有効期限内にのみ、使用が許可されるパラメータセットである。コマンド生成部82は、有効期限が設定されたパラメータセットについては、有効期限内にのみ、当該パラメータセットを使用する。 For example, the parameter set_c is stored in the parameter table 84 in association with the vehicle identification number VIN_c. The parameter set_c is a parameter set that is permitted to be used when the vehicle identification number of the automobile 10 that is the command transmission destination is “VIN_c” (when the parameter set use condition c is satisfied). The command generation unit 82 generates a command based on the command transmission request message using the parameter set_c when the parameter set use condition c is satisfied.
An expiration date may be set for the parameter set. The parameter set in which the expiration date is set is a parameter set that is allowed to be used only within the expiration date. The command generation unit 82 uses the parameter set for which the expiration date is set only within the expiration date.
 本実施形態によれば、パラメータテーブル84によって、作業者(ユーザ識別情報)若しくはコマンドが実行される自動車10(車両識別番号)、又は、作業者(ユーザ識別情報)とコマンドが実行される自動車10(車両識別番号)との両方を指定して、特定のパラメータセットを使用して生成されたコマンドを、自動車10の制御装置70に実行させることができる。例えば、特定の車両識別番号の自動車10に対して、ある範囲のパラメータ値に限定したパラメータセットを使用してコマンドを生成し、該コマンドを適用することができる。例えば、特定のユーザ識別情報の作業者に対して、ある範囲のパラメータ値に限定したパラメータセットを使用してコマンドを生成し、該コマンドを適用することができる。例えば、特定のユーザ識別情報の作業者と特定の車両識別番号の自動車10との組合せに対して、ある範囲のパラメータ値に限定したパラメータセットを使用してコマンドを生成し、該コマンドを適用することができる。 According to this embodiment, the vehicle (vehicle identification number) in which the operator (user identification information) or the command is executed or the vehicle 10 in which the command is executed with the worker (user identification information) according to the parameter table 84. (Vehicle identification number) can be specified to cause the control device 70 of the automobile 10 to execute a command generated using a specific parameter set. For example, a command can be generated and applied to an automobile 10 having a specific vehicle identification number using a parameter set limited to a certain range of parameter values. For example, it is possible to generate a command using a parameter set limited to a certain range of parameter values and apply the command to an operator of specific user identification information. For example, a command is generated using a parameter set limited to a certain range of parameter values for a combination of an operator with specific user identification information and an automobile 10 with a specific vehicle identification number, and the command is applied. be able to.
 パラメータセットは、自動車10の実施可能な機能の範囲や、自動車10の実施可能な性能の範囲などを設定するパラメータを有していてもよい。例えば、特定の地域で販売される自動車10(車両識別番号)に対して、該特定の地域に合わせた機能や性能を設定するパラメータを有するパラメータセットを適用するように、パラメータテーブル84を構成することが挙げられる。 The parameter set may include parameters for setting a range of functions that can be performed by the automobile 10, a range of performance that can be performed by the automobile 10, and the like. For example, the parameter table 84 is configured so that a parameter set having parameters for setting functions and performances according to the specific area is applied to the automobile 10 (vehicle identification number) sold in the specific area. Can be mentioned.
 表示制御部86は、端末装置50の表示部56の表示画面又は自動車10の制御装置70の表示部76の表示画面に表示される表示データの制御を行う。例えば、表示制御部86は、ウェブ(Web)ページの提供機能を有し、端末装置50の表示部56の表示画面又は自動車10の制御装置70の表示部76の表示画面に、Webページを表示させる制御を行う。例えば、Webページとして、サーバ装置30へのログイン画面(ユーザ識別情報及びパスワードの入力画面、又は、認証識別情報、ユーザ識別情報及びパスワードの入力画面)が挙げられる。例えば、Webページとして、コマンドの送信要求の入力画面が挙げられる。例えば、Webページとして、コマンドの実行結果の閲覧画面が挙げられる。 The display control unit 86 controls display data displayed on the display screen of the display unit 56 of the terminal device 50 or the display screen of the display unit 76 of the control device 70 of the automobile 10. For example, the display control unit 86 has a function of providing a web page, and displays a web page on the display screen of the display unit 56 of the terminal device 50 or the display screen of the display unit 76 of the control device 70 of the automobile 10. To control. For example, the web page includes a login screen to the server device 30 (user identification information and password input screen or authentication identification information, user identification information and password input screen). For example, an input screen for a command transmission request can be cited as a Web page. For example, a browsing screen for command execution results can be cited as a Web page.
 以上、本発明の実施形態について図面を参照して詳述してきたが、具体的な構成はこの実施形態に限られるものではなく、本発明の要旨を逸脱しない範囲の設計変更等も含まれる。
 なお、上述した実施形態では、自動車10の制御装置70にコマンド受信部78を備え、制御装置70のコマンド受信部78が、サーバ装置30から受信したコマンドを、該コマンドを実行する自動車10のECU18等の車載装置に転送したが、これに限定されない。例えば、自動車10のゲートウェイ装置16にコマンド受信部78を備え、ゲートウェイ装置16のコマンド受信部78が、サーバ装置30から受信したコマンドを、該コマンドを実行する自動車10のECU18等の車載装置に転送してもよい。例えば、自動車10のECU18等の車載装置がコマンド受信部を備え、サーバ装置30は、コマンドを、該コマンドを実行する自動車10のECU18等の車載装置に送信し、該コマンドを実行する自動車10のECU18等の車載装置のコマンド受信部がサーバ装置30から該コマンドを受信してもよい。 As mentioned above, although embodiment of this invention was explained in full detail with reference to drawings, the specific structure is not restricted to this embodiment, The design change etc. of the range which does not deviate from the summary of this invention are included.
In the above-described embodiment, the control device 70 of the vehicle 10 includes the command receiving unit 78, and the command receiving unit 78 of the control device 70 receives the command received from the server device 30 as the ECU 18 of the vehicle 10 that executes the command. However, the present invention is not limited to this. For example, the gateway device 16 of the automobile 10 includes the command receiving unit 78, and the command receiving unit 78 of the gateway device 16 transfers the command received from the server device 30 to an in-vehicle device such as the ECU 18 of the automobile 10 that executes the command. May be. For example, the in-vehicle device such as the ECU 18 of the automobile 10 includes a command receiving unit, and the server device 30 transmits the command to the in-vehicle device such as the ECU 18 of the automobile 10 that executes the command, and the vehicle 10 that executes the command The command receiving unit of the in-vehicle device such as the ECU 18 may receive the command from the server device 30.
 上述した実施形態は、例えば、自動車の製造工場や整備工場、販売店等において、自動車10に適用してもよい。 The above-described embodiment may be applied to the automobile 10 in, for example, an automobile manufacturing factory, a maintenance factory, a sales shop, or the like.
 上述した実施形態では、車両として自動車を例に挙げたが、原動機付自転車や鉄道車両等の自動車以外の他の車両にも適用可能である。 In the above-described embodiment, an automobile is taken as an example of a vehicle, but the present invention can also be applied to other vehicles such as a motorbike and a railway vehicle.
 また、上述した各装置の機能を実現するためのコンピュータプログラムをコンピュータ読み取り可能な記録媒体に記録して、この記録媒体に記録されたプログラムをコンピュータシステムに読み込ませ、実行するようにしてもよい。なお、ここでいう「コンピュータシステム」とは、OSや周辺機器等のハードウェアを含むものであってもよい。
 また、「コンピュータ読み取り可能な記録媒体」とは、フレキシブルディスク、光磁気ディスク、ROM、フラッシュメモリ等の書き込み可能な不揮発性メモリ、DVD(Digital Versatile Disc)等の可搬媒体、コンピュータシステムに内蔵されるハードディスク等の記憶装置のことをいう。 In addition, a computer program for realizing the functions of each device described above may be recorded on a computer-readable recording medium, and the program recorded on the recording medium may be read into a computer system and executed. Here, the “computer system” may include an OS and hardware such as peripheral devices.
“Computer-readable recording medium” refers to a flexible disk, a magneto-optical disk, a ROM, a writable nonvolatile memory such as a flash memory, a portable medium such as a DVD (Digital Versatile Disc), and a built-in computer system. A storage device such as a hard disk.
 さらに「コンピュータ読み取り可能な記録媒体」とは、インターネット等のネットワークや電話回線等の通信回線を介してプログラムが送信された場合のサーバやクライアントとなるコンピュータシステム内部の揮発性メモリ(例えばDRAM(Dynamic Random Access Memory))のように、一定時間プログラムを保持しているものも含むものとする。
 また、上記プログラムは、このプログラムを記憶装置等に格納したコンピュータシステムから、伝送媒体を介して、あるいは、伝送媒体中の伝送波により他のコンピュータシステムに伝送されてもよい。ここで、プログラムを伝送する「伝送媒体」は、インターネット等のネットワーク(通信網)や電話回線等の通信回線(通信線)のように情報を伝送する機能を有する媒体のことをいう。
 また、上記プログラムは、前述した機能の一部を実現するためのものであっても良い。
 さらに、前述した機能をコンピュータシステムにすでに記録されているプログラムとの組み合わせで実現できるもの、いわゆる差分ファイル(差分プログラム)であっても良い。 Further, the “computer-readable recording medium” means a volatile memory (for example, DRAM (Dynamic DRAM) in a computer system that becomes a server or a client when a program is transmitted through a network such as the Internet or a communication line such as a telephone line. Random Access Memory)), etc., which hold programs for a certain period of time.
The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.
The program may be for realizing a part of the functions described above.
Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.
 本発明によれば、自動車等の車両の保守等の作業を行う際の安全性を向上させることができるという効果が得られる。 According to the present invention, it is possible to improve the safety when performing work such as maintenance of a vehicle such as an automobile.
1,1a,1b…制御システム、10…自動車、12…通信インタフェース、16…ゲートウェイ装置、17…車載ネットワーク、18…ECU、30…サーバ装置、32,52,72…通信部、34…認証部、36…記録部、38…コマンド制御部、50…端末装置、54,74…操作部、56,76…表示部、58…コマンド要求部、70…制御装置、78…コマンド受信部、82…コマンド生成部、84…パラメータテーブル、86…表示制御部 DESCRIPTION OF SYMBOLS 1,1a, 1b ... Control system, 10 ... Automobile, 12 ... Communication interface, 16 ... Gateway apparatus, 17 ... In-vehicle network, 18 ... ECU, 30 ... Server apparatus, 32, 52, 72 ... Communication part, 34 ... Authentication part , 36 ... recording unit, 38 ... command control unit, 50 ... terminal device, 54, 74 ... operation unit, 56, 76 ... display unit, 58 ... command request unit, 70 ... control device, 78 ... command reception unit, 82 ... Command generation unit, 84 ... parameter table, 86 ... display control unit

Claims (13)

  1.  端末装置と、サーバ装置と、車両に備わるコマンド受信部とを備え、
     前記端末装置は、
     前記車両で実行されるコマンドの送信を要求するコマンド送信要求メッセージを、前記サーバ装置に送信するコマンド要求部を備え、
     前記サーバ装置は、
     前記コマンド送信要求メッセージに基づいて、前記コマンドを前記車両に送信するコマンド制御部を備え、
     前記コマンド受信部は、前記サーバ装置から前記コマンドを受信する、
     制御システム。     A terminal device, a server device, and a command receiver included in the vehicle;
    The terminal device
    A command transmission request message for requesting transmission of a command executed in the vehicle, to the server device;
    The server device
    Based on the command transmission request message, comprising a command control unit for transmitting the command to the vehicle,
    The command receiving unit receives the command from the server device;
    Control system.
  2.  前記サーバ装置は、前記車両から受信した認証要求メッセージに対して認証を行い、前記認証が合格した前記車両に認証識別情報を送信する認証部を備え、
     前記制御システムは、
     前記認証要求メッセージを前記サーバ装置に送信する車両通信部と、
     前記認証識別情報を報知する車両報知部と、を前記車両に備え、
     前記端末装置は、認証識別情報を入力する端末入力部を備え、
     前記コマンド要求部は、前記端末入力部により入力された認証識別情報を前記サーバ装置に送信し、
     前記コマンド制御部は、
     前記コマンド要求部から受信した認証識別情報が前記車両に送信した認証識別情報に一致した場合には、前記コマンド送信要求メッセージに基づいた前記コマンドを前記車両に送信し、
     前記コマンド要求部から受信した認証識別情報が前記車両に送信した認証識別情報に一致しない場合には、前記コマンド送信要求メッセージに基づいた前記コマンドを前記車両に送信しない、
     請求項1に記載の制御システム。     The server device includes an authentication unit that authenticates an authentication request message received from the vehicle and transmits authentication identification information to the vehicle that has passed the authentication,
    The control system includes:
    A vehicle communication unit that transmits the authentication request message to the server device;
    A vehicle notifying unit for notifying the authentication identification information; and
    The terminal device includes a terminal input unit for inputting authentication identification information,
    The command request unit transmits authentication identification information input by the terminal input unit to the server device,
    The command control unit
    If the authentication identification information received from the command request unit matches the authentication identification information transmitted to the vehicle, the command based on the command transmission request message is transmitted to the vehicle,
    If the authentication identification information received from the command request unit does not match the authentication identification information transmitted to the vehicle, the command based on the command transmission request message is not transmitted to the vehicle.
    The control system according to claim 1.
  3.  前記サーバ装置は、前記端末装置から受信した認証要求メッセージに対して認証を行い、前記認証が合格した前記端末装置に認証識別情報を送信する認証部を備え、
     前記コマンド要求部は、前記認証要求メッセージを前記サーバ装置に送信し、
     前記端末装置は、前記認証識別情報を報知する端末報知部を備え、
     前記制御システムは、
     認証識別情報を入力する車両入力部と、
     前記車両入力部により入力された認証識別情報を前記サーバ装置に送信する車両通信部と、を前記車両に備え、
     前記コマンド制御部は、
     前記車両から受信した認証識別情報が前記端末装置に送信した認証識別情報に一致した場合には、前記コマンド送信要求メッセージに基づいた前記コマンドを前記車両に送信し、
     前記車両から受信した認証識別情報が前記端末装置に送信した認証識別情報に一致しない場合には、前記コマンド送信要求メッセージに基づいた前記コマンドを前記車両に送信しない、
     請求項1に記載の制御システム。     The server device includes an authentication unit that authenticates an authentication request message received from the terminal device and transmits authentication identification information to the terminal device that has passed the authentication,
    The command request unit transmits the authentication request message to the server device,
    The terminal device includes a terminal notification unit that notifies the authentication identification information,
    The control system includes:
    A vehicle input unit for inputting authentication identification information;
    A vehicle communication unit that transmits authentication identification information input by the vehicle input unit to the server device;
    The command control unit
    If the authentication identification information received from the vehicle matches the authentication identification information transmitted to the terminal device, the command based on the command transmission request message is transmitted to the vehicle,
    If the authentication identification information received from the vehicle does not match the authentication identification information transmitted to the terminal device, the command based on the command transmission request message is not transmitted to the vehicle.
    The control system according to claim 1.
  4.  前記サーバ装置は、前記車両の車両識別情報若しくは前記端末装置から受信したユーザ識別情報、又は、前記車両識別情報と前記ユーザ識別情報との両方に関連付けて、前記車両に送信した前記コマンドを記録する記録部を備える、
     請求項1から3のいずれか1項に記載の制御システム。     The server device records the command transmitted to the vehicle in association with vehicle identification information of the vehicle, user identification information received from the terminal device, or both the vehicle identification information and the user identification information. With a recording unit,
    The control system according to any one of claims 1 to 3.
  5.  前記コマンド制御部は、
     車両識別情報若しくはユーザ識別情報、又は、車両識別情報とユーザ識別情報との両方に関連付けて、前記コマンドの生成に使用されるパラメータ群を格納するパラメータテーブルと、
     前記車両の車両識別情報若しくは前記端末装置から受信したユーザ識別情報、又は、前記車両の車両識別情報と前記端末装置から受信したユーザ識別情報との両方に関連付けて前記パラメータテーブルに格納される前記パラメータ群を使用して、前記コマンド送信要求メッセージに基づいた前記コマンドを生成するコマンド生成部と、
     を備える請求項1から4のいずれか1項に記載の制御システム。     The command control unit
    A parameter table for storing a parameter group used to generate the command in association with vehicle identification information or user identification information, or both vehicle identification information and user identification information;
    The parameter stored in the parameter table in association with the vehicle identification information of the vehicle or the user identification information received from the terminal device, or both the vehicle identification information of the vehicle and the user identification information received from the terminal device A command generation unit that generates the command based on the command transmission request message using a group;
    The control system according to any one of claims 1 to 4, further comprising:
  6.  前記コマンド受信部は、前記コマンドの実行結果を前記前記サーバ装置に送信し、
     前記コマンド制御部は、前記コマンドの前記実行結果を前記端末装置に送信する、
     請求項1から5のいずれか1項に記載の制御システム。     The command receiving unit transmits the execution result of the command to the server device;
    The command control unit transmits the execution result of the command to the terminal device.
    The control system according to any one of claims 1 to 5.
  7.  サーバ装置と、車両に備わるコマンド要求部と、前記車両に備わるコマンド受信部と、を備え、
     前記コマンド要求部は、前記車両で実行されるコマンドの送信を要求するコマンド送信要求メッセージを、前記サーバ装置に送信し、
     前記サーバ装置は、
     前記コマンド送信要求メッセージに基づいて、前記コマンドを前記車両に送信するコマンド制御部を備え、
     前記コマンド受信部は、前記サーバ装置から前記コマンドを受信する、
     制御システム。     A server device, a command request unit provided in the vehicle, and a command reception unit provided in the vehicle,
    The command request unit transmits a command transmission request message for requesting transmission of a command executed in the vehicle to the server device,
    The server device
    Based on the command transmission request message, comprising a command control unit for transmitting the command to the vehicle,
    The command receiving unit receives the command from the server device;
    Control system.
  8.  端末装置から受信したコマンド送信要求メッセージに基づいて、車両で実行されるコマンドを前記車両に送信するコマンド制御部、
     を備えるサーバ装置。     Based on the command transmission request message received from the terminal device, a command control unit that transmits a command executed in the vehicle to the vehicle,
    A server device comprising:
  9.  車両から受信したコマンド送信要求メッセージに基づいて、前記車両で実行されるコマンドを前記車両に送信するコマンド制御部、
     を備えるサーバ装置。     Based on a command transmission request message received from the vehicle, a command control unit that transmits a command executed by the vehicle to the vehicle,
    A server device comprising:
  10.  端末装置と、サーバ装置と、車両に備わるコマンド受信部とを備える制御システムの制御方法であって、
     前記端末装置が、前記車両で実行されるコマンドの送信を要求するコマンド送信要求メッセージを、前記サーバ装置に送信し、
     前記サーバ装置が、前記コマンド送信要求メッセージに基づいて、前記コマンドを前記車両に送信し、
     前記コマンド受信部が、前記サーバ装置から前記コマンドを受信する、
     制御方法。     A control system control method comprising a terminal device, a server device, and a command receiving unit provided in a vehicle,
    The terminal device transmits a command transmission request message for requesting transmission of a command executed in the vehicle to the server device;
    The server device transmits the command to the vehicle based on the command transmission request message,
    The command receiving unit receives the command from the server device;
    Control method.
  11.  サーバ装置と、車両に備わるコマンド要求部と、前記車両に備わるコマンド受信部とを備える制御システムの制御方法であって、
     前記コマンド要求部が、前記車両で実行されるコマンドの送信を要求するコマンド送信要求メッセージを、前記サーバ装置に送信し、
     前記サーバ装置が、前記コマンド送信要求メッセージに基づいて、前記コマンドを前記車両に送信し、
     前記コマンド受信部が、前記サーバ装置から前記コマンドを受信する、
     制御方法。     A control method of a control system comprising a server device, a command request unit provided in a vehicle, and a command reception unit provided in the vehicle,
    The command request unit transmits a command transmission request message for requesting transmission of a command executed in the vehicle to the server device,
    The server device transmits the command to the vehicle based on the command transmission request message,
    The command receiving unit receives the command from the server device;
    Control method.
  12.  サーバ装置のコンピュータに、
     端末装置から受信したコマンド送信要求メッセージに基づいて、車両で実行されるコマンドを前記車両に送信する、
     処理を実行させるためのコンピュータプログラム。     On the server device computer,
    Based on the command transmission request message received from the terminal device, a command to be executed in the vehicle is transmitted to the vehicle.
    A computer program for executing processing.
  13.  サーバ装置のコンピュータに、
     車両から受信したコマンド送信要求メッセージに基づいて、前記車両で実行されるコマンドを前記車両に送信する、
     処理を実行させるためのコンピュータプログラム。     On the server device computer,
    Based on the command transmission request message received from the vehicle, a command executed in the vehicle is transmitted to the vehicle.
    A computer program for executing processing.
PCT/JP2017/040091 2017-01-19 2017-11-07 Control system, server device, control method, and computer program WO2018135096A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2017007571A JP6640128B2 (en) 2017-01-19 2017-01-19 Control system and control method
JP2017-007571 2017-01-19

Publications (1)

Publication Number Publication Date
WO2018135096A1 true WO2018135096A1 (en) 2018-07-26

Family

ID=62908331

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2017/040091 WO2018135096A1 (en) 2017-01-19 2017-11-07 Control system, server device, control method, and computer program

Country Status (2)

Country Link
JP (1) JP6640128B2 (en)
WO (1) WO2018135096A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2020086540A (en) * 2018-11-15 2020-06-04 Kddi株式会社 Maintenance server device, vehicle maintenance system, computer program and vehicle maintenance method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005512408A (en) * 2001-12-04 2005-04-28 モトローラ・インコーポレイテッド Method for enabling communication with a wireless communication device
JP2013203283A (en) * 2012-03-29 2013-10-07 Fujitsu Ten Ltd Device and system of vehicle control

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005512408A (en) * 2001-12-04 2005-04-28 モトローラ・インコーポレイテッド Method for enabling communication with a wireless communication device
JP2013203283A (en) * 2012-03-29 2013-10-07 Fujitsu Ten Ltd Device and system of vehicle control

Also Published As

Publication number Publication date
JP6640128B2 (en) 2020-02-05
JP2018116544A (en) 2018-07-26

Similar Documents

Publication Publication Date Title
JP6731887B2 (en) Maintenance system and maintenance method
JP6288219B1 (en) Communications system
KR102375777B1 (en) Payment authentication method, device and system for on-board terminal
WO2017217070A1 (en) System, certification authority, vehicle-mounted computer, vehicle, public key certificate issuance method, and program
US11265170B2 (en) Vehicle information collection system, vehicle-mounted computer, vehicle information collection device, vehicle information collection method, and computer program
KR20150074414A (en) Firmware upgrade method and system thereof
US20180270052A1 (en) Cryptographic key distribution
CN112055344B (en) Engineering machinery Bluetooth equipment identity authentication system and method
WO2020259169A1 (en) Authentication method, device, and system
JP2016092811A (en) Key management system, key management server device, management device, vehicle, key management method and computer program
US11882213B2 (en) Method for key generation upon request by a secure access device, using an electronic control unit of a vehicle
JP6260068B1 (en) Maintenance device, maintenance method, and computer program
JP6547180B2 (en) Communications system
WO2018135096A1 (en) Control system, server device, control method, and computer program
CN112261103A (en) Node access method and related equipment
JP2020088417A (en) Vehicle maintenance system, maintenance server device, authentication device, maintenance tool, computer program, and vehicle maintenance method
JP6905950B2 (en) Authentication methods and computer programs for terminal devices, automobiles, and remote-controlled terminals for automobiles
JP2020088836A (en) Vehicle maintenance system, maintenance server device, management server device, on-vehicle device, maintenance tool, computer program, and vehicle maintenance method
JP6218914B1 (en) Distribution system, data security device, distribution method, and computer program
WO2018100789A1 (en) Distribution system, key generation device, in-vehicle computer, data security device, distribution method and computer program
JP2020086540A (en) Maintenance server device, vehicle maintenance system, computer program and vehicle maintenance method
JP6949797B2 (en) Key management system, management server device, terminal device, computer program, and key management method
JP6464466B2 (en) Maintenance device, maintenance method, and computer program
JP6830877B2 (en) Distribution system, key generator, distribution method, and computer program
JP6470344B2 (en) Control device, control method, and computer program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17893321

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17893321

Country of ref document: EP

Kind code of ref document: A1