WO2019110231A1 - Système et procédé destinés à actualiser des modules logiciels d'au moins un véhicule ferroviaire - Google Patents

Système et procédé destinés à actualiser des modules logiciels d'au moins un véhicule ferroviaire Download PDF

Info

Publication number
WO2019110231A1
WO2019110231A1 PCT/EP2018/080449 EP2018080449W WO2019110231A1 WO 2019110231 A1 WO2019110231 A1 WO 2019110231A1 EP 2018080449 W EP2018080449 W EP 2018080449W WO 2019110231 A1 WO2019110231 A1 WO 2019110231A1
Authority
WO
WIPO (PCT)
Prior art keywords
rail vehicle
external server
server unit
software modules
subsystems
Prior art date
Application number
PCT/EP2018/080449
Other languages
German (de)
English (en)
Inventor
Georg Lohneis
Original Assignee
Siemens Mobility GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Mobility GmbH filed Critical Siemens Mobility GmbH
Publication of WO2019110231A1 publication Critical patent/WO2019110231A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L15/00Indicators provided on the vehicle or vehicle train for signalling purposes ; On-board control or communication systems
    • B61L15/0018Communication with or on the vehicle or vehicle train
    • B61L15/0027Radio-based, e.g. using GSM-R
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L15/00Indicators provided on the vehicle or vehicle train for signalling purposes ; On-board control or communication systems
    • B61L15/0081On-board diagnosis or maintenance
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B61RAILWAYS
    • B61LGUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
    • B61L27/00Central railway traffic control systems; Trackside control; Communication systems specially adapted therefor
    • B61L27/50Trackside diagnosis or maintenance, e.g. software upgrades
    • B61L27/57Trackside diagnosis or maintenance, e.g. software upgrades for vehicles or vehicle trains, e.g. trackside supervision of train conditions

Definitions

  • the invention relates to a system for updating software modules of at least one rail vehicle, as well as a method for updating software modules and a communication device.
  • mechanical and electronic components are software-controlled or monitored. Program errors or security gaps can be detected during the operation of these components. If, for example, a security leak is detected on a device in a rail vehicle, it is necessary to install an update of the software on the corresponding device or components. For this, a new version of the software must be created and extensively tested. As the software can usually be very complex, extensive and in many cases also relevant to security, this process can be tedious. However, security holes need to be fixed as quickly as possible, otherwise there is a risk that the vulnerability will be exploited. Furthermore, it is necessary that an update of the software must be installed quickly on many rail vehicles. Usually, installations of updates to rail vehicles are carried out manually and via wired communication means.
  • the object of the invention is to propose a system, a method and a communication device for accelerated and simplistic updating of at least one software used in rail vehicles testify.
  • a system for updating software modules of at least one rail vehicle is provided.
  • the system includes an in-vehicle communication device for transmitting and receiving data from at least two subsystems, at least two subsystems for generating and processing data, and at least two operating components each having at least one software module for controlling the at least two subsystems.
  • the at least one external server unit of the system comprises a data memory for storing and providing software modules of the at least two subsystems and a vehicle external communication device for performing a data transmission with an in-vehicle communication device for updating the software modules of the at least one rail vehicle.
  • the respective subsystems of the at least one rail vehicle have operating components which can control and monitor the respective subsystems via software modules.
  • the operating components can be computers, integrated circuits, microcontrollers and the like.
  • the corresponding operating software or software is not designed in one piece, but consists of software modules.
  • Each operating component of a Subsystem of the rail vehicle may have a software module or multiple software modules.
  • the software modules can be independently replaced or updated.
  • the respective software modules are interconnected via corresponding interfaces and can perform functions across modules.
  • the software modules can communicate with each other and perform common functions.
  • the subsystems of the rail vehicle may be, for example, radio systems, control devices, air conditioning systems and the like.
  • the in-vehicle communication device may establish a data-carrying wireless communication connection with the on-vehicle communication device of the at least one external server unit.
  • Connection can be, for example, a Wi-Fi connection or a mobile connection.
  • the at least one external server unit has a data memory on which the respective software modules of the subsystems of the at least one rail vehicle are stored. These software modules are kept in the data memory and can be used, for example, to reset a software module.
  • security vulnerabilities occur in individual software modules, which can be technically easily adapted or exchanged.
  • no changes which can limit checking and testing the change to individual software modules.
  • no changes in functionality occur.
  • the updated software modules are backwards compatible.
  • the respective operating components of the subsystems of the rail vehicle can have an update function.
  • a request can be sent to the at least one external server unit in which a search is made for current ren software modules in the at least one external server unit.
  • the update function can be implemented in particular into the operating components if a data-conducting connection between the corresponding operating component in the at least one rail vehicle and the at least one stationary external server unit can be established.
  • the modules are easier to replace than a one-piece device software.
  • an automatic adjustment of the software modules of the respective operating components of the subsystems can be realized. This can be done, for example, by switching on the corresponding subsystems of the at least one rail system. be carried out vehicle. In particular, an automatic installation of the respective new software modules can be carried out if current versions or updates of the software modules are available.
  • an update of the affected software modules can be installed quickly and automatically on all relevant operating components of all rail vehicles in the event of a detected security gap.
  • the at least two subsystems are connected to the communication device directly or indirectly via at least one subsystem in a data-conducting manner.
  • the at least two subsystems are connected to the communication device directly or indirectly via at least one subsystem in a data-conducting manner.
  • not all subsystems must have a direct data-conducting connection to the communication device of the at least one rail vehicle.
  • the number of cables used in the rail vehicle can be reduced.
  • the at least two subsystems are spatially spaced or adjacent to one another.
  • the subsystems can be positioned, for example, in different areas of the at least one rail vehicle.
  • subsystems may also be fastened directly adjacent to one another in the at least one rail vehicle. Especially in the area of the cab of the vehicle
  • Rail vehicle many subsystems and in particular operating components of the subsystems can be arranged in a relatively small space.
  • the data memory of the at least one external server unit at least one software module of at least one subsystem in a current version.
  • all software modules of the subsystems of the at least one rail vehicle are stored on the data memory.
  • updates or updated software modules can be stored on the external server units in the event of security gaps or program errors.
  • the rail vehicles are then updated from the external server units. This can be implemented, for example, during a stay at a train station or during maintenance work. As a result, a centralized update method of rail vehicles can be realized.
  • the data transmission is a wireless data transmission.
  • an update of software modules can be performed automatically. Manual installation of updates via wired communication links can therefore be omitted.
  • At least one subsystem via a vehicle bus system with the in-vehicle communication device data-conducting a related party.
  • Data can also be transmitted via the existing vehicle bus system in rail vehicles.
  • the vehicle bus system can thus be used for data-conducting connection of subsystems to the in-vehicle communication
  • the update function of the operating components can hereby check whether software modules of newer versions are stored for the corresponding subsystems in the data memory of the at least one external server unit and installs the most current software modules as required or if current software modules were provided in the data memory. According to a further aspect of the invention, a method for updating software modules with a system according to the invention is provided.
  • a request for comparing version information of at least one software module by at least one operating component of a subsystem of the at least one rail vehicle is sent via an in-vehicle communication device to a vehicle external communication device of at least one external server unit.
  • the at least one software module of the at least one subsystem is updated via a data transmission by the at least one external server unit.
  • the data transmission is formed based on a wireless communication connection between the in-vehicle communication device of the at least one rail vehicle and the off-board communication device of the at least one external server unit.
  • an update function can be performed by the operating component.
  • preferably current software-based and hardware-based version information of the subsystems and the operating components or the software modules used can be transmitted to the at least one external server unit. If a newer version of at least one component or software module on the land side or the at least one external server unit is present in a corresponding data memory, this software module is sent to the at least one rail vehicle. In the at least one rail vehicle corresponding current software modules or installation files for updating the Softwaremodu le to the requesting subsystems are passed on and installed there.
  • gaps can be responded quickly and relevant software modules can be updated, in particular in the event of identified security gaps.
  • the updating process can be accelerated in this case if the method between the at least one rail vehicle and the at least one external Ser unit is implemented automatically.
  • the at least one software module of a subsystem of the at least one rail vehicle is changed by the updating or replaced by a more recent software module provided by the data memory of the at least one external server unit. Since the different software modules of a subsystem are independent of each other, one or more subsystems can be flexibly adapted and completely replaced depending on an existing problem.
  • the data transmission of the at least one software module between the at least one external server unit and the at least one rail vehicle is carried out encrypted. Before transferring a software module, it can be encrypted with a certificate. Alternatively or additionally, the wireless communication connection between the at least one external server unit and the at least one rail vehicle can be executed encrypted, so that secure transmission of software modules is ensured.
  • the data transmission of the at least one software module is between the at least one external server unit and the at least one rail vehicle chert by a checksum gesi. This allows the transmitted software modules to be checked for integrity at requesting operating components. As a result, transmission errors in particular can be detected and a renewed transmission of the software modules can be requested.
  • the request for comparing version information of at least one software module of at least one subsystem of the at least one rail vehicle to the at least one external server unit is performed when the at least one subsystem is activated or cyclically.
  • the request can be made when switching on a reference system.
  • the request can also be executed with a first-time activation of the subsystems after a break in operation of the at least one rail vehicle.
  • the at least two software modules in parallel to each other via the data transmission between the at least one rail vehicle and the min least one external server unit updated.
  • the software modules can be installed and updated parallel to each other, whereby the update process can be speeded up.
  • an updating of at least one software module by the data transmission between the at least one rail vehicle and the at least one external server unit is performed automatically during a warm-up phase or a start of the at least one rail vehicle. It can be carried out here by an automatic installation or an automatic replacement of the latest software modules when the at least one rail vehicle starts up. A manual or dog update is not necessary.
  • the object of the invention is achieved by a communication device for a railway vehicle, which is installed in a railway vehicle, which is installed in a railway vehicle, which is installed in a railway vehicle, which is installed in a railway vehicle, which is installed in a railway vehicle, which is installed in a railway vehicle, which is installed in a railway vehicle, which is installed in a railway vehicle, which is installed in a railway vehicle, which is installed in a railway vehicle, which is installed in a communication device for a railway vehicle, which is
  • FIG. 1 shows a schematic representation of a system 1 according to the invention for carrying out the method according to an embodiment of the invention.
  • a rail vehicle 2 and an external server unit 4 is provided.
  • the number of rail vehicles 2 and the external server units 4 is not limited by the illustration.
  • the rail vehicle 2 has an in-vehicle communication device 6.
  • the in-vehicle communication device 6 is configured here as a wireless communication device 6 for establishing a mobile radio connection 7 to a communication device 8 of the external server unit 4.
  • the in-vehicle communication device 6 is directly data-conducting connected to a first subsystem 10.
  • the first subsystem 10 is here, for example, a radio system 10.
  • the radio system 10 has an operating component, not shown, which has two software modules 12 for controlling and monitoring the radio system.
  • the software modules 12 SW_S1_K1_V1 and SW_S1_K2_V1 of the first subsystem 10 have the version number VI.
  • an update 14 SW_Update_V2 was requested by the external server unit 4 and loaded into the radio system 10.
  • SW_S1_K1_V1 be updated to a second version SW_S1_K1_V2.
  • the rail vehicle 2 has a second subsystem 16.
  • the second subsystem 16 is, for example, a door control 16 of the rail vehicle 2.
  • the second subsystem 16 is data-conducting via a vehicle bus system 18 to the first subsystem 10.
  • the second subsystem 16 is indirectly connected to the in-vehicle communication device 6 in a data-conducting manner.
  • the operating component of the second subsystem 16 has three software modules 12 SW_S2_K1_V1, SW_S2_K2_V1 and SW_S2_K3_V1.
  • the subsystems 10, 16 may, upon activation of the rail vehicle 2 via the communication device 6, directly or indirectly request a version information of the Software modules 12 and the subsystems 10, 16 to the communication tion device 8 of the server unit 4 send.
  • the external server unit 4 it is checked whether more up-to-date software modules 12 are present in a data memory 20 of the external server unit 4.
  • up-to-date software modules 12 or updates 14 are present, they can be sent, for example in the form of packages, to the respective subsystems 10 and installed there or used to update software modules 12.

Abstract

L'invention concerne un système destiné à actualiser des modules logiciels d'au moins un véhicule ferroviaire, pourvu d'au moins un véhicule ferroviaire et d'au moins une unité externe de serveur, le ou les véhicules ferroviaires comportant un dispositif de communication interne au véhicule destiné à envoyer et à recevoir des données d'au moins deux sous-systèmes, au moins deux sous-systèmes destinés à produire et à traiter des données et au moins deux composants d'actionnement pourvus respectivement d'un module logiciel destiné à commander les au moins deux sous-systèmes ; et l'unité ou les unités externes de serveur comportant une banque de données destinée à classer et à préparer des modules logiciels des au moins deux sous-systèmes, un dispositif de communication externe destiné à établir une transmission de données avec un dispositif de communication interne au véhicule destiné à actualiser les modules logiciels du ou des véhicules ferroviaires. L'invention concerne en outre un procédé.
PCT/EP2018/080449 2017-12-08 2018-11-07 Système et procédé destinés à actualiser des modules logiciels d'au moins un véhicule ferroviaire WO2019110231A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102017222267.0 2017-12-08
DE102017222267.0A DE102017222267A1 (de) 2017-12-08 2017-12-08 System und Verfahren zum Aktualisieren von Softwaremodulen mindestens eines Schienenfahrzeugs

Publications (1)

Publication Number Publication Date
WO2019110231A1 true WO2019110231A1 (fr) 2019-06-13

Family

ID=64477087

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2018/080449 WO2019110231A1 (fr) 2017-12-08 2018-11-07 Système et procédé destinés à actualiser des modules logiciels d'au moins un véhicule ferroviaire

Country Status (2)

Country Link
DE (1) DE102017222267A1 (fr)
WO (1) WO2019110231A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014088567A1 (fr) * 2012-12-05 2014-06-12 Bendix Commercial Vehicle Systems Llc Procédés et appareil pour la mise à jour de composants de logiciel en coordination avec des modes opérationnels d'un véhicule automobile
DE102015107189A1 (de) * 2014-05-20 2015-11-26 Ford Global Technologies, Llc Modulschnittstelle für Fahrzeugaktualisierungen
WO2017124174A1 (fr) * 2016-01-22 2017-07-27 2236008 Ontario Inc. Mise à jour d'une unité de commande dans un véhicule

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014088567A1 (fr) * 2012-12-05 2014-06-12 Bendix Commercial Vehicle Systems Llc Procédés et appareil pour la mise à jour de composants de logiciel en coordination avec des modes opérationnels d'un véhicule automobile
DE102015107189A1 (de) * 2014-05-20 2015-11-26 Ford Global Technologies, Llc Modulschnittstelle für Fahrzeugaktualisierungen
WO2017124174A1 (fr) * 2016-01-22 2017-07-27 2236008 Ontario Inc. Mise à jour d'une unité de commande dans un véhicule

Also Published As

Publication number Publication date
DE102017222267A1 (de) 2019-06-13

Similar Documents

Publication Publication Date Title
DE112014005412B4 (de) Programmaktualisierungssystem und Programmaktualisierungsverfahren
DE10131395B4 (de) Verfahren zum Übertragen von Software- Modulen
WO2012149951A1 (fr) Système destiné à réaliser un diagnostic portant sur un composant dans un véhicule
WO2017108407A1 (fr) Procédé de modification d'appareils de commande de sûreté et/ou de sécurité dans un véhicule automobile, et dispositif associé
EP3123687B1 (fr) Méthode d'authorisation dans un réseau de véhicule
DE112016005669T5 (de) Bord-Kommunikationseinrichtung, Bord-Kommunikationssystem und Verfahren zum Verbieten spezieller Verarbeitungen für ein Fahrzeug
EP3452901A1 (fr) Procédé et système pour mettre à jour le logiciel d'un détecteur de véhicule à moteur
WO2019096840A1 (fr) Procédé et système pour mettre à jour un logiciel de véhicule
EP1891605A1 (fr) Procede de communication entre un vehicule automobile et une unite de diagnostic
EP2109041A1 (fr) Procédé d'actualisation automatique de logiciels
WO2019137773A1 (fr) Protection d'une actualisation de logiciel d'un appareil de commande d'un moyen de locomotion
EP3741094A1 (fr) Système de commande pour un véhicule à moteur, procédé pour faire fonctionner le système de commande ainsi que véhicule à moteur comprenant un tel système de commande
DE102013001412A1 (de) Verfahren zur Steuerung einer Kommunikation zwischen einer Diagnosestelle eines Fahrzeugs und einem Fahrzeugnetz sowie entsprechende Steuerung für ein Fahrzeug
EP3384411B1 (fr) Dispositif de transmission d'une instruction fonctionnelle entre un véhicule automobile et un dispositif extérieur au véhicule, et dispositif d'interface et système
DE112020001126T5 (de) Fahrzeugsteuergerät
WO2019110231A1 (fr) Système et procédé destinés à actualiser des modules logiciels d'au moins un véhicule ferroviaire
EP3724758B1 (fr) Procédé pour exécuter une mise à jour d'une application logicielle dans un appareil qui est en cours de fonctionnement, ainsi qu'appareil et véhicule automobile
DE102020214922A1 (de) Verfahren zum Testen einer Anwendung für Fahrzeuge
EP1642185A1 (fr) Procede d'authentification de composantes de logiciel pouvant etre notamment chargees dans un appareil de commande d'automobile
DE102014010089A1 (de) Verfahren zur Autorisierung in einem drahtlosen Fahrzeug-Netzwerk
WO2019242996A1 (fr) Procédé de mise à jour de logiciels sur un appareil de visée
DE102019211118A1 (de) Verfahren zum Testen eines Kraftfahrzeugs
WO2022184407A1 (fr) Procédé pour faire fonctionner un dispositif de commande et dispositif de commande
DE102016008613A1 (de) Verfahren zum Installieren eines Steuerprogramms eines Steuergeräts eines Kraftfahrzeugs und Einsetzvorrichtung
WO2023025562A1 (fr) Procédé, serveur d'accès à distance, dispositif de communication et système d'accès à distance à un véhicule

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18808235

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18808235

Country of ref document: EP

Kind code of ref document: A1