WO2022203098A1 - 고립된 사용자컴퓨팅부를 갖는 제어시스템 및 그 제어방법 - Google Patents
고립된 사용자컴퓨팅부를 갖는 제어시스템 및 그 제어방법 Download PDFInfo
- Publication number
- WO2022203098A1 WO2022203098A1 PCT/KR2021/003672 KR2021003672W WO2022203098A1 WO 2022203098 A1 WO2022203098 A1 WO 2022203098A1 KR 2021003672 W KR2021003672 W KR 2021003672W WO 2022203098 A1 WO2022203098 A1 WO 2022203098A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- computing unit
- control
- information
- user computing
- security
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 35
- 230000009471 action Effects 0.000 claims abstract description 19
- 238000004364 calculation method Methods 0.000 claims description 12
- 230000002093 peripheral effect Effects 0.000 claims description 6
- 238000001514 detection method Methods 0.000 claims description 4
- 238000004590 computer program Methods 0.000 claims 1
- 230000002159 abnormal effect Effects 0.000 abstract description 13
- 238000012544 monitoring process Methods 0.000 abstract 1
- 238000004891 communication Methods 0.000 description 46
- 238000004422 calculation algorithm Methods 0.000 description 17
- 238000013473 artificial intelligence Methods 0.000 description 13
- JTIJZYSPRDTGGH-UHFFFAOYSA-L disodium;2-nitro-5-sulfonatosulfanylbenzoate Chemical compound [Na+].[Na+].[O-]C(=O)C1=CC(SS([O-])(=O)=O)=CC=C1[N+]([O-])=O JTIJZYSPRDTGGH-UHFFFAOYSA-L 0.000 description 11
- 230000006870 function Effects 0.000 description 10
- 238000003384 imaging method Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000008034 disappearance Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 6
- 230000007257 malfunction Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 230000001133 acceleration Effects 0.000 description 5
- 230000008520 organization Effects 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 206010000117 Abnormal behaviour Diseases 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 238000009795 derivation Methods 0.000 description 2
- 230000009977 dual effect Effects 0.000 description 2
- 238000010191 image analysis Methods 0.000 description 2
- RZVHIXYEVGDQDX-UHFFFAOYSA-N 9,10-anthraquinone Chemical compound C1=CC=C2C(=O)C3=CC=CC=C3C(=O)C2=C1 RZVHIXYEVGDQDX-UHFFFAOYSA-N 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000036632 reaction speed Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Definitions
- the present invention relates to computer hardware and software technology for improving stability and robustness of control systems used in fields such as automobiles, robots, railways, aerospace and plants.
- control program In control systems used in various fields such as automobiles, robots, railways, aerospace, and plants, the control program is generally executed on a control computer consisting of CPU, memory and I/O devices, and is control and monitor Therefore, if the control program operates incorrectly, the controlled device, system, or plant may stop or operate abnormally, resulting in loss of life or enormous financial damage.
- the computer of the control device can be connected to a plurality of other control devices connected through a communication network for distributed control or continuous operation, but structurally it is very similar to a general-purpose computer.
- the OS and base programs have a structure in which control programs are executed.
- problems may arise from being hacked, driving off the path due to unexpected abnormal behavior of the AI algorithm, or other unintended behavior or behavior not appropriate for the situation.
- the autonomous driving control system stops completely or malfunctions due to an abnormality in the AI algorithm or hacking and does not respond to the driver's commands, the vehicle may have an accident and, in the worst case, the occupant may die.
- Voting is a method of managing one input/output signal or information through multiple paths, for example, by reading one input signal through three different paths and 'voting' by a majority vote (e.g. 3:0, 2:1, etc.) How to determine the input value.
- a majority vote e.g. 3:0, 2:1, etc.
- control structure proposed in the present invention can prevent abnormal operations that generate abnormal execution results (output signals) by misusing normal functions by AI or control system operators, and enables immediate response, greatly improving the stability of the entire device or system. .
- a control system having an isolated user computing part includes a user computing part, a security computing part, a communication interface, and a control input/output part.
- the user computing unit is composed of a CPU, memory, and peripheral circuits, and executes a user program (ie, control program) to generate preliminary control information (controlled device control signal) using a control algorithm, input information, and other system status information. do.
- the input information is information read from the control input/output unit by the security computing unit, and is provided to the user computing unit through a communication interface.
- the system state information may be generated by itself or may be provided by the security computing unit.
- the secure computing unit is composed of another CPU, memory, and peripheral circuits, and provides input information input from the controlled device through the control input/output unit to the user computing unit through a communication interface.
- the preliminary control information generated by the user computing unit is transmitted through the communication interface, and the information such as input information, system state information, control algorithm, and the user's setting information are analyzed together to generate system check information.
- This system check information is compared with the system status determination standard information set by the user, and when the system status is within the normal range, the preliminary control information is output as control information as it is without change to the control input/output unit. Executes the security measures set by the user.
- the user computing unit and the secure computing unit communicate through a communication interface, and the control input/output unit is connected only to the secure computing unit.
- the control input/output unit may be configured to process physical input/output signals.
- the control input/output unit may be configured to function as a digital input/output module or an analog input/output module of a programmable logic controller (PLC).
- PLC programmable logic controller
- the control input/output unit may be configured as a data communication device and connected to a communication port of the controlled device. At this time, the input/output information will be transmitted or received according to the communication protocol.
- the communication interface can be implemented by combining a circuit that directly connects the CPU to the CPU through high-speed communication, a DPRAM (Dual Port RAM) connected to each system bus, data registers, and a logic circuit that connects each other with an interrupt signal.
- a DPRAM Dynamic RAM
- the secure computing unit of the control system may be configured to include a secure input/output unit.
- the security input/output unit may be configured to process physical input/output signals. In this case, it may be configured to function like a digital input/output module or an analog input/output module of PLC.
- the security input/output unit may be configured as a data communication device and connected to the communication port of the security control device. In this case, in an emergency situation, the status of the entire system is reported to the third party or organization entrusted with the control authority using the security input/output unit, or the third party or organization issues a command to the security computing unit using the security control device and performs emergency response. It is possible to control the entire system by downloading a program for
- the security computing unit executes the security program to record data and signals input and output to the user computing unit, and continuously monitors and analyzes it, thereby preventing the user computing unit from operating outside the normal range and damaging the stability of the entire system. have. More specifically, the security computing unit plays a role in tracking the control operation result of the user computing unit and taking appropriate security measures or restoring the system to a normal state by controlling the stability of the system when there is a risk of being compromised.
- Preliminary control information receiving step in which the security computing unit receives the preliminary control information from the user computing unit using a communication interface
- the security action execution step includes a security information providing step of selectively providing user setting information, system check information, system state information, input information, control information, etc. to the security control device through the security input/output unit, and information provided with the security control device It consists of a security command application step of issuing a security command to the security computing unit through the security input/output unit based on the security control device
- the security computing unit receives the preliminary control information transmitted from the user computing unit, immediately outputs the control information as it is, and periodically performs the above steps. In this case, if the above steps are performed, the same control information is output twice consecutively if there is no problem. there is no problem at all
- the calculation operation performed in the step of deriving the system check information may be performed in a different manner to increase the accuracy of the calculation result, or may be performed in parallel to shorten the calculation time. That is, after verifying the result by comparing the preliminary control information generated by the security computing unit with the preliminary control information generated and provided by the user computing unit in the same manner as the control operation step performed by the user computing unit, the result is verified using the control algorithm, input information, The system status information and user's setting information can be used to transform the security program of the security computing unit in a way that creates system check information.
- the calculation time may be shortened in such a way that the secure computing unit performs an operation procedure that does not require the preliminary control information provided by the user computing unit in parallel, and the user computing unit performs the remaining operation procedures after the user computing unit provides the control preliminary information.
- the system state information may include past values of information indicating the state of the system.
- control programs are generally executed on a control computer consisting of CPU, memory and I/O devices, Control and monitor the entire plant. Therefore, if the control program operates incorrectly, the entire device or system to be controlled may stop or operate abnormally, resulting in loss of life or enormous financial damage.
- the control structure proposed in the present invention can prevent abnormal operations that generate abnormal execution results (output signals) by misusing normal functions by AI or control system operators, and enables immediate response, greatly improving the stability of the entire device or system. .
- the security computing unit is constantly inspected for abnormal operation.
- the system can be operated stably by directly controlling the input/output device.
- FIG. 1 is a conceptual configuration diagram of a control system according to the present invention.
- FIG. 2 is a detailed configuration diagram of a control system according to the present invention.
- FIG. 3 is a flowchart for explaining the operation of the control system shown in FIG. 1 .
- FIG. 4 is a block diagram of a modified embodiment of the control system shown in FIG. 2 .
- the present invention is basically a newly expanded technology to apply the computer structure proposed in the prior Patent Publication No. 10-2018-0123815 (name: computer with an isolated user computing unit) of the present inventor (Duk-Woo Kim) to the control system.
- the user computing unit is isolated from the input/output device, and the input/output is performed through the security management computing unit (a concept similar to the secure computing unit of the present invention).
- the present invention proposes a specific and novel method and structure for extending the above-mentioned prior publication patent to a control system in order to improve the stability and robustness of the control system.
- FIG. 1 is a conceptual configuration diagram of a control system having an isolated user computing unit according to the present invention.
- the control system of the present invention includes a user computing unit 100 and a secure computing unit 200 each having a dedicated CPU.
- the controlled device 400 encompasses detailed devices constituting the control system, and may be implemented differently depending on the application target of the control system, but basically an electrical or electronic signal or data including the same is directly input/output, It is connected to the control input/output unit 300 using a communication device.
- the plurality of controlled devices 400 it is also possible for the plurality of controlled devices 400 to be connected to the control input/output unit 300 .
- a driving device, a steering device, a driving assistance device, etc. are connected to the control input/output unit 300 , and AI programs and data in charge of autonomous driving are managed and executed by the user computing unit 100 .
- the user computing unit 100 is isolated from the controlled device 400 and the control input/output unit 300 . Similar to the prior art, the user computing unit 100 has a CPU and executes a user program (ie, a control program) for controlling the controlled device 400 . That is, information (input information to be described later) such as a state signal and a sensor detection signal of the controlled device 400 is processed to output a signal for controlling the controlled device 400. In the case of a vehicle, an acceleration signal, a deceleration signal, A control signal (ie, control information) such as an attitude control signal and a braking signal is generated.
- a user program ie, a control program
- the secure computing unit 200 has an independent CPU and executes a security program. That is, data input/output is relayed between the controlled device 400 and the user computing unit 200 , or a security measure preset by the user is performed on the controlled device 400 .
- the security computing unit 200 records, continuously monitors and analyzes data and signals input/output to and from the user computing unit 100, so that the user computing unit 100 operates outside the normal range, resulting in stability of the entire system. prevent damage to That is, the security computing unit 200 tracks the control operation result of the user computing unit 100 and controls the stability of the system when there is a risk of damage, takes appropriate security measures or restores the system to a normal state. do.
- FIG. 2 shows a detailed configuration diagram for implementing the concept of the control system shown in FIG. 1 .
- the user computing unit 100 is composed of a CPU 110 , a memory 120 , and other peripheral circuits 130 , and executes a user program (ie, a control program) 140 to input information and other systems according to a control algorithm.
- Control information (control signal) is generated from the status information.
- the input information is provided by the secure computing unit 200 through the communication interface 500 , and the system state information may be generated by the user computing unit 100 itself or may be provided by the secure computing unit 200 .
- the input information is information such as a state signal and a sensor detection signal of the controlled device 400 received from the controlled device 400
- the control information is an output for controlling the controlled device 400 .
- a signal in the case of a vehicle, it is a control signal such as an acceleration signal, a deceleration signal, an attitude control signal, and a braking signal.
- the control information created by the user computing unit 100 is not yet finally determined to be transmitted to the controlled device 400 to control the controlled device 400 , it will be referred to as 'preliminary control information'.
- the communication interface 500 is responsible for mutual communication between the user computing unit 100 and the secure computing unit 200 , and the CPU 110 of the user computing unit 100 and the CPU 210 of the secure computing unit 200 .
- ) can be implemented as a circuit that directly connects with high-speed communication.
- it can be implemented by combining dual port RAM (DPRAM) connected to each system bus, data registers, and logic circuits interconnected by interrupt signals.
- DPRAM dual port RAM
- the secure computing unit 200 is composed of another independent CPU 210 , a memory 220 , and a peripheral circuit 230 .
- the CPU 210 executes the security program 240 to provide input information input from the controlled device 400 through the control input/output unit 300 to the user computing unit 100 through the communication interface 500 .
- the CPU 210 receives the preliminary control information generated by the user computing unit 100 through the communication interface 500 and analyzes the input information, system state information, control algorithm information, and user setting information together to provide system check information. create The CPU 210 compares this system check information with the system state determination reference information preset by the user, and when the state of the control system is within the normal range, the control input/output unit 300 without changing the preliminary control information as control information. ), and if it is not within the normal range, the security measures set by the user are performed.
- the control input/output unit 300 is not connected to the user computing unit 100 but is connected only to the secure computing unit 200 .
- the control input/output unit 300 may be configured to process physical input/output signals.
- the control input/output unit 300 may be configured to function as a digital input/output module or an analog input/output module of a programmable logic controller (PLC).
- PLC programmable logic controller
- the control input/output unit 300 may be configured as a data communication device and connected to a communication port of the controlled device 400 . At this time, the input/output information will be transmitted or received according to the communication protocol.
- FIG. 3 is a detailed task processing flowchart of the control system having the isolated user computing unit shown in FIG. 2 .
- the secure computing unit 200 creates user setting information.
- the user setting information is used to derive system check information later, and is set by the user.
- the user setting information may include various types of information to be used for system state determination reference information.
- input/output limit value communication data amount (traffic per hour), composition and type of communication data packet, communication target (peer, destination) range, time variation range of output value, interlocking constraints, CPU temperature, etc. may be included.
- the driving route information to the destination can be user-set information, and the tolerance for deviating from the driving route, maximum driving speed, acceleration ratio, deceleration ratio, inter-vehicle distance, etc. can also be user set. information can be In addition, the security control program that safely parks the car on the roadside and stops it when a security situation occurs when the car deviates from the driving route can be set information.
- the flight path to the destination in the case of a passenger plane, the tolerance in case of deviation from the flight path, and the safety distance between the front and rear obstacles can be user setting information.
- the user setting information may include an operation area, movement speed, and a safe distance from obstacles or humans.
- the security computing unit 200 sets reference information for determining the system state of the controlled device 400 (hereinafter, 'system state determination reference information').
- This system state determination reference information is information that serves as a reference when comparing with the system check information to determine the system state later, and is set by the user. This system state determination reference information may be part or all of the user setting information.
- the security computing unit 200 sets a security action to be performed when it is determined that the system state of the controlled device 400 is outside the normal range. This security measure is also set by the user and can generally be set in the form of a security action program.
- the security measure may be to warn the pilot when the plane deviates from the route and to report it to the control center on the ground through the security input/output unit 600 to be described later.
- the airplane if the airplane approaches within the minimum safe distance from the obstacle in front, it warns the pilot of the occurrence of a security situation, ignores the preliminary control information provided by the user computing unit, and outputs the control information generated according to the security control program set by the user as the final output information. This may be to automatically control the airplane to get out of the obstacle, maintain the altitude, and report this to the ground control center to wait for further orders.
- the controlled device 400 outputs information such as a status signal and a signal detected by the sensor, and this information is transmitted to the security computing unit 200 as input information through the control input/output unit 300 . is transmitted (s50).
- the secure computing unit 200 provides the received input information to the user computing unit 100 .
- the input information is transmitted from the secure computing unit 200 to the user computing unit 100 through the communication interface 500 as described with reference to FIG. 2 .
- the user computing unit 100 generates preliminary control information by executing a user program (control program) for controlling the controlled device 400 using the received input information.
- the preliminary control information is control information for controlling the controlled device 400 and is information that has not yet been determined.
- the control information may include both an output signal and communication data.
- the preliminary control information generated by the user computing unit 100 is transmitted to the secure computing unit 200 . Even at this time, the preliminary control information is transmitted from the user computing unit 100 to the secure computing unit 200 through the communication interface 500 described in FIG. 2 (hereinafter, the user computing unit 100 and the secure computing unit 200). The description that data exchange is performed through the communication interface 500 will be omitted.)
- the security computing unit 200 executes the security program 240 to obtain the user setting information, the input information received through the control input/output unit 300, the control algorithm, and the preliminary control received from the user computing unit 100 Using the information, system check information is derived.
- the system check information may include various types of information related to user setting information.
- the current location of the vehicle in the case of an autonomous vehicle, the current location of the vehicle, the current speed of the vehicle, history information that reports whether there has been a case where the inter-vehicle distance was within the minimum safe distance, and acceleration/deceleration history information may be included.
- the input value, output value, communication data of the system the integrity information of the operating system of the user computing unit 100, the integrity information of the control program of the user computing unit 100, the memory state of the user computing unit 100 (checksum error) Whether or not, usage information, etc.), the CPU temperature of the user computing unit 100 , CPU usage, and the number of programs executed in the user computing unit 100 may be included.
- the system check information may include not only a current state but also a change in a state that changes over time.
- the calculation operation performed in the present system check information deriving step can be performed in a different way to increase the accuracy of the calculation result, or it can be performed in parallel to shorten the calculation time. That is, in the same manner as the control operation step performed by the user computing unit 100, the preliminary control information directly generated by the security computing unit 200 is compared with the preliminary control information generated and provided by the user computing unit 100. After verifying the result, the security program of the security computing unit 200 may use the control algorithm, input information, system state information, and user setting information to create system check information. Alternatively, the security computing unit 200 performs an operation procedure that does not require preliminary control information provided by the user computing unit 100 in parallel, and the user computing unit 100 provides the control preliminary information and then performs the rest of the operation procedure. In this way, the calculation time can be shortened.
- the security computing unit 200 compares the derived system check information with the system state determination reference information set by the user to determine the operating state (ie, system state) of the controlled device 400 .
- All or part of the user setting information may be used as the system state determination reference information.
- user-set information such as driving route information to a destination, maximum allowable error in case of deviation from the driving route, maximum driving speed, acceleration ratio, deceleration ratio, and inter-vehicle distance can be user-set information. It is possible to use only the path information and the maximum allowable error as the system state determination criterion information.
- the current position included in the system status information is compared with the driving route information. If the current position of the vehicle is on the driving route within the maximum allowable error, the vehicle state is judged to be within the normal range. is judged
- s110 When the security computing unit 200 determines that the state of the system is within the normal range in the system state determination step (s100), the preliminary control information generated by the user computing unit 100 is finally controlled by the control input/output unit 300 convey as information.
- the controlled device 400 receives the final control information and performs a corresponding operation.
- a security measure (eg, a security action program) set by the user in advance (s30) carry out
- the security measures preset by the user may be a series of control programs or a combination of single control information. Security measures can be initiated automatically or manually.
- the security measure is to instruct the user computing unit 100 to attempt restoration for a certain period of time for restoration of the user computing unit 100 or to initially reset the operating system and application program of the user computing unit 100 according to the severity of the state information. It may be to restore and reset (reboot) to a state. This can be implemented by applying a hardware reset signal or a non-maskable interrupt (NMI) signal to the user computing unit 100 .
- NMI non-maskable interrupt
- security measures can be performed in stages automatically or manually by reflecting the information provided by the third control system or controller (committee) connected through the communication network.
- a visual, audible, or haptic alarm is provided to the operator or supervisor of the system to notify them of the automatic initiation of the security measure or to enable them to manually execute the security measure.
- various means may be provided so that security measures can be performed by downloading a new security action program to the security computing unit.
- FIG. 4 is a block diagram of a modified embodiment of the control system shown in FIG.
- the security input/output unit 600 is included or connected to the security computing unit 200 .
- the security input/output unit 600 may be configured to process physical input/output signals. In this case, it may be configured to function as a digital input/output module or an analog input/output module of a programmable logic controller (PLC).
- PLC programmable logic controller
- the security input/output unit 600 may be configured as a data communication device and connected to a communication port of the security control device 650 .
- the security input/output unit 600 is used to report the status of the entire system to a third party or organization entrusted with control authority in an emergency situation, or the third party or organization uses the security control device 650 to use the security computing unit It is possible to control the entire system by issuing a command to 200 and downloading a program for emergency response.
- the security input/output unit 600 cannot be used by the user computing unit 100 .
- the security computing unit 200 drives a corresponding security action program to safely move the vehicle to the roadside, park the vehicle, and then connect the security input/output unit 600 . It can be used to notify the police or other relevant persons.
- the security computing unit 200 of the present invention provides flight information (altitude, direction, state of wings, wind speed, radar). Information, etc.) and various information that can determine the intention of the pilot (engine power, status of the wings, position of the control stick, etc.), it can be calculated that the plane is descending rapidly. And by analyzing the input/output information including the position of the control rod, it is possible to calculate that it will collide with the building in front after some time. In addition, it is possible to recognize that the airplane can fly without colliding with a building only by changing the control input including the control stick in the current state.
- the security computing unit 200 immediately recognizes that there is a problem with the user computing unit 100 or the pilot, ignores the pilot's control input, and maintains the flight state under ground control according to a preset security action program or Automatic emergency landing can be performed.
- the above can be applied even when the pilot is absent (absent).
- the security computing unit 200 reviews the route departure time or degree of departure, reports it to the control center, excludes the pilot under the control of the control center, returns the plane to the route, and executes the following command It can wait or make an automatic emergency landing. That is, by analyzing the real-time flight data of the pilot corresponding to the user computing unit 100 , the security computing unit 200 may detect and control an abnormal situation.
- the security computing unit 200 detects abnormalities in the operation (execution result and output) of the user computing unit 100 to the passengers, the operator, or the control center. It is possible to notify and make the vehicle stop or continue operating under the control of the passenger or the control center. For example, assuming that the control system of an autonomous driving vehicle is hacked with AI, the control system after hacking transmits the conversation in the vehicle to the hacker according to the hacker's intention, changes the route, or even completely deviates the route to bridge the vehicle. It can also fall down.
- control system having the isolated user computing unit 100 of the present invention is applied, even if the conversation contents are transmitted by hacking, the input and output devices are managed by the security computing unit 200, so the transmission attempt is notified to the passenger. can be restrained
- the security computing unit 200 provides vehicle driving information (speed, wheel alignment state, road state, engine output state, steering wheel position, etc.) ) and the minimum safety distance set by the user to prevent a sudden change of direction, thereby protecting the vehicle and passengers from hacker attacks.
- vehicle driving information speed, wheel alignment state, road state, engine output state, steering wheel position, etc.
- the system is a security computing unit 200 resetting the user computing unit 100 in a way that the user computing unit (100) can be initialized or restored normally.
- An autonomous vehicle generally consists of a steering system, a driving device (including engine/motor and braking system), an autonomous driving computer (including ECU), GPS, imaging device, radar, and driver interface. Also, in general, the steering device, driving device, GPS, imaging device, radar, and driver interface will all be directly connected to the input device and output device of the autonomous driving computer. Therefore, the autonomous driving computer outputs appropriate control signals (control information) to the steering and driving devices using the information (input information) provided by GPS and radar and the information from the analysis of images such as the front and rear of the vehicle input to the imaging device. It will drive the route set by the user.
- the autonomous driving computer will be composed of the control input/output unit 300, the security computing unit 200, the communication interface 500 and the user computing unit 100 among the control system according to the present invention, and the steering device; A driving device, a GPS, an imaging device, a radar, a driver interface, etc. become the controlled devices 400 .
- the security input/output unit 600 and the security control device 650 are selectively connectable. Therefore, the artificial intelligence program responsible for autonomous driving is executed as a user program in the user computing unit 100 , and the security program is executed in the security computing unit 200 , and the control input/output unit 300 includes the steering device, driving device, and GPS. , imaging device, radar, and driver interface are connected. That is, the user computing unit 100 is connected through the control input/output unit 300 and the secure computing unit 200 . In some cases, a part of the control input/output unit 300 may be used exclusively by the security computing unit 200 .
- the driver has set a destination and routed through the driver interface. Also, suppose that the information and security measures (security program) for security control are set in the security control module of the security computing unit 200 so that the driver 'immediately stops at the roadside when deviating from the path by more than 100m'.
- the autonomous driving AI program executed in the user computing unit 100 from the time the vehicle starts until it reaches the destination reads information (input information) from various devices of the vehicle using input and output means and executes the autonomous driving algorithm.
- the vehicle is controlled by generating and outputting a signal (control information) for operating the controlled device.
- the security computing unit 200 of the autonomous driving computer reads information from the control input/output unit 300 and outputs the information to the control input/output unit 300 according to the request of the user computing unit 100 .
- the read information is provided to the user computing unit 100
- the information (preliminary control information) output by the user computing unit 100 is checked with a security program and then transmitted to the control input/output unit 300 .
- the security computing unit 200 performs an input information providing step (s60) of providing input information of an input device connected to various devices of the vehicle to the user computing unit 100 .
- the current status information of the vehicle steering and driving devices, GPS location information, lane and vehicle/obstacle information provided as a result of front/rear images or image analysis, distance and location information of the front obstacle provided from radar, and received from the driver interface Driver input information and the like are transmitted to the autonomous driving AI program being executed in the user computing unit 100 .
- a preliminary control information receiving step (s80) in which the security computing unit 200 receives preliminary control information from the user computing unit 100 is performed.
- the preliminary control information is generated by executing an autonomous driving algorithm based on the information input by the autonomous driving AI program of the user computing unit 100, which is steering device and driving device control information, GPS control information, and image device control information. , radar control information, user interface control information, and the like.
- the security computing unit 200 performs the system check information derivation step (s90) of creating the system check information.
- the user setting information is route information to the destination.
- the current location information of the vehicle read from the GPS is required, so the system check information is based on the route information and the current location information.
- the system state determination step (s100) of comparing the system check information with the system state determination reference information set by the user is performed.
- the system status determination criterion set by the user is 'deviates from the route by more than 100m', so compare the route information with the current location information and check whether there is a difference of 100m or more.
- the final control information is output to the control input/output unit 300 (s110), and when it is determined that the state of the system is not within the normal range, the user A security control step (s130) of executing security measures is performed.
- the preliminary control information generated by the user computing unit 100 is transferred to various controlled devices of the vehicle as final control information. is transmitted
- the security action program for security measures is executed. Since the security measure is 'immediately stopping the vehicle on the side of the road', the security computing unit 200 displays 'stopped out of the route' on the driver interface, and current status information of the vehicle steering and driving devices, GPS location information , the security measures execution step is executed with reference to the lane and vehicle/obstacle information provided as a result of the front and rear images or image analysis, and the distance and location information of the front obstacle provided from the radar. In this process, when the security action program is executed, steering device and driving device control information, GPS control information, image device control information, radar control information, and user interface control information are generated. It is provided to 300 to control the vehicle.
- the security computing unit 200 controls the vehicle until the security measures are completed regardless of the operation of the user computing unit 100 .
- the vehicle is controlled until the action of stopping the vehicle by analyzing the surrounding vehicle and the vehicle in real time and moving the vehicle to the roadside is completed.
- the driver may give a command to stop the security measures to the security computing unit 200 using the driver interface.
- 'a security measure that immediately stops the vehicle on the roadside when the route and the current vehicle location differ by 100m or more' is performed. It can also be performed as a security measure.
- the security computing unit 200 outputs the control information (ie, preliminary control information) generated by the user computing unit 100 to various devices of the vehicle, and the user in a state entrusted to the user computing unit 100 to control the vehicle. Through the interface, it is possible to inform that the vehicle has deviated more than 100m from the route and receive instructions from the driver.
- the aforementioned autonomous driving algorithm program and security control program can be executed simultaneously, but in an autonomous driving computer having a single CPU, if the autonomous driving algorithm runs high, the security control program cannot be executed or is slow There is always the possibility of being executed and causing an accident.
- the security computing unit 200 intervenes to drive the vehicle in a reliable and stable manner. The possibility of accidents can be greatly reduced as it is managed under the control of
- passenger aircraft include steering devices (including wings and wheels), driving devices (including engines and brakes, etc.), flight computers, GPS, imaging devices, measuring devices (various sensors), radar, satellite communication devices, pilot interfaces, etc. It has a flight system consisting of At this time, it is assumed that the various devices are connected to the input and output units of the flight computer, and the hydraulic devices that control the engine or the wing are also connected through a communication network and driven electronically. Therefore, the flight computer uses the pilot's control signal transmitted from the pilot interface and the information (input information) provided by various devices to output the appropriate control signal (control information) to the steering and driving devices to control the wing and engine to control the passenger plane. will cause it to fly the set route.
- the various devices are connected to the input and output units of the flight computer, and the hydraulic devices that control the engine or the wing are also connected through a communication network and driven electronically. Therefore, the flight computer uses the pilot's control signal transmitted from the pilot interface and the information (input information) provided by various devices to output the appropriate control signal (control information
- the flight computer is a control system configured according to the present invention, the user computing unit 100 isolated from the control input/output unit 300, and the communication interface and security control module (program) connected to the user computing unit 100 It consists of a secure computing unit 200 having a. Therefore, the flight control program in charge of flight is executed as a user program in the user computing unit 100, the security control module program is executed in the security computing unit 200, and the controlled device 400 is provided in the control input/output unit 300. As a result, the various devices are connected.
- the user computing unit 100 is connected to the secure computing unit 200 through a communication interface, and the control input/output unit 300 is connected to the secure computing unit 200 . In some cases, a part of the control input/output unit 300 may be used exclusively by the security computing unit 200 .
- the pilot or navigator sets the route by inputting information about the destination through the pilot interface.
- a government agency in charge of air operation for example, the Transportation Safety Board (NTSB) sets the security control module to 'immediately switch to automatic navigation flight and report it to the NTSB through a satellite communication device if it deviates more than 100km from the planned flight path'.
- information for control and security measures security action program
- the flight control program executed in the user computing unit 100 until it reaches the destination reads information from various devices of the aircraft using the control input/output unit 300 and receives the pilot's input to the pilot interface.
- the flight control algorithm By executing the flight control algorithm to generate and output signals to control various devices, the aircraft is actually operated.
- the security computing unit 200 of the flight computer provides information read from the input device or outputs the information to the output device according to the request of the user computing unit 100 .
- the security computing unit 200 provides the read information as input information to the user computing unit 100 , and the information output by the user computing unit 100 is checked as a security program and then transmitted to the control input/output unit 300 .
- the security computing unit 200 performs an input information providing step (s60) of providing input information of an input device connected to various devices of the airplane to the user computing unit 100 .
- the current status information of the steering device including the status of each wing of the airplane, the current status information of the driving devices such as engines, the status information such as altitude, air pressure, wind direction, wind speed, temperature input from the measuring device, GPS location information, radar
- the distance and position information of the front obstacle provided from the pilot interface, the pilot input information received from the pilot interface, and the like are transmitted to the flight control program running in the user computing unit 100 .
- a preliminary control information receiving step (s80) in which the security computing unit 200 receives preliminary control information from the user computing unit 100 is performed.
- the preliminary control information is generated by executing a flight algorithm based on the information input by the flight control program of the user computing unit 100 (s70).
- the preliminary control information includes steering device such as wings and driving device control information such as an engine, measurement device control information, GPS control information, imaging device control information, radar control information, pilot interface control information, and the like.
- the system check information derivation step (s90) in which the security control module program of the security computing unit 200 creates the system check information by using the preliminary control information, the input information, and the user setting information is performed.
- the user of the secure computing unit 200 is NTSB
- the setting information is route information to the destination.
- the system check information is configured based on the route information and the current location information.
- a system state determination step (s100) of comparing the system check information with the system state determination reference information set by the user is performed.
- the system state determination standard information set by the user in the security computing unit 200 is 'the maximum error that can deviate from the flight path is 100 km', so based on the path information and the current location information, the flight path differs by more than 100 km. check
- the final control information is output to the control input/output unit 300 . If it is determined that the state of the system is not within the normal range, a security action execution step (s130) of executing a security action preset by the user is performed.
- the security computing unit 200 displays 'deviates route and reports the situation to NTSB' on the pilot interface, and the airliner is in autopilot flight mode flight, and reports the current status information of various devices, GPS location information, cockpit image, and distance and location information of obstacles provided by radar to NTSB using satellite communication device.
- the NTSB can communicate with the pilot by checking the status of the passenger plane provided by the safety management computer.
- communication may not be possible if the pilot has turned off both the device for transmitting the location of the plane and the communication device.
- the airliner equipped with the control system to which the present invention is applied has all the status information including the location information of the airplane even if the pilot turns off the device for transmitting the location of the airplane.
- the disappearance can be prevented by reporting the plane's location to the authorities and completely ruling out the pilot's intentions.
- the NTSB can use the safety management computer to control an airplane like an unmanned drone and force it to land at a nearby airport.
- the user of the security computing unit 200 detects malicious manipulation of a user (in this embodiment, a pilot) of the user computing unit 100 .
- the ability to recognize and respond immediately will ensure that the plane is placed under the control of the aviation safety officer in a reliable and reliable manner.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Mathematical Physics (AREA)
- Safety Devices In Control Systems (AREA)
- Programmable Controllers (AREA)
- Debugging And Monitoring (AREA)
- Traffic Control Systems (AREA)
Abstract
Description
Claims (14)
- 제1CPU 및 주변회로로 구성되고, 피제어장치로부터 전달받은 입력정보를 이용하여 피제어장치를 제어하는 제어프로그램을 실행하여 제어정보를 생성하는 사용자컴퓨팅부;제2CPU 및 주변회로로 구성되고, 피제어장치로부터 전달받은 상기 입력정보와, 제어프로그램, 시스템 상태정보, 및 사용자컴퓨팅부로부터 제공받은 상기 제어정보를 이용하여 시스템점검정보를 만들고, 이 시스템점검정보를 시스템상태 결정을 위한 기준정보와 비교하고, 피제어장치의 동작 상태가 정상범위 이내라고 결정된 경우에는 상기 제어정보를 피제어장치로 출력하고 정상범위 밖이라고 결정된 경우에는 보안조치를 수행하는 보안컴퓨팅부; 및피제어장치와 연결되는 제어입출력부를 포함하되,상기 제어입출력부는 상기 보안컴퓨팅부로만 연결되고 상기 입력정보는 상기 제어입출력부로부터 상기 보안컴퓨팅부가 읽어들여 상기 사용자컴퓨팅부에 제공하는 것을 특징으로 하는, 고립된 사용자컴퓨팅부를 갖는 제어시스템.
- 제1항에 있어서,상기 입력정보는 피제어장치의 상태 신호 및 센서 감지 신호 중 적어도 하나를 포함하고;상기 제어정보는 피제어장치를 제어하기 위한 제어신호를 포함하는, 고립된 사용자컴퓨팅부를 갖는 제어시스템.
- 제1항에 있어서, 상기 시스템점검정보는상기 사용자컴퓨팅부가 생성하여 제공한 제어정보와 상기 보안컴퓨팅부가 생성한 제어정보를 비교하여 결과를 검증한 후 상기 시스템점검정보를 도출하는 것을 특징으로 하는, 고립된 사용자컴퓨팅부를 갖는 제어시스템.
- 제1항에 있어서, 상기 시스템점검정보는상기 보안컴퓨팅부가, 상기 사용자컴퓨팅부로부터 제공되는 제어정보가 필요없는 연산절차를 병렬로 진행하고 상기 사용자컴퓨팅부가 제어정보를 제공한 후에 나머지 연산절차를 수행하여 도출되는 것을 특징으로 하는, 고립된 사용자컴퓨팅부를 갖는 제어시스템.
- 제1항에 있어서, 상기 보안조치는 상기 사용자컴퓨팅부의 운영체제 또는 응용 프로그램을 초기 상태로 복원 또는 리셋하는 것을 특징으로 하는, 고립된 사용자컴퓨팅부를 갖는 제어시스템.
- 제1항에 있어서, 상기 보안조치의 수행시에 알람이 출력되는 것을 특징으로 하는, 고립된 사용자컴퓨팅부를 갖는 제어시스템.
- 제1항에 있어서, 상기 제어시스템의 상태를 외부로 보고하거나 상기 보안컴퓨팅부가 수행할 명령이나 컴퓨터프로그램을 외부로부터 수신하는 보안입출력부를 추가로 포함하는, 고립된 사용자컴퓨팅부를 갖는 제어시스템.
- 청구항 1에 기재된 고립된 사용자컴퓨팅부를 갖는 제어시스템에서 수행되는 제어방법으로서,입력정보를 보안컴퓨팅부를 통해서 사용자컴퓨팅부에 제공하는 입력정보 제공단계;사용자컴퓨팅부로부터 보안컴퓨팅부가 제어정보를 전달받는 제어정보수신단계;상기 제어정보와 상기 입력정보를 이용하여 보안컴퓨팅부가 시스템점검정보를 만드는 시스템점검정보 도출단계;상기 도출된 시스템점검정보와 사전에 설정된 시스템상태판단정보를 비교하는 시스템상태결정단계;상기 시스템상태결정단계에서 시스템의 상태가 정상범위라고 판단하는 경우 상기 제어정보를 출력하는 최종제어정보제공단계; 및상기 시스템상태결정단계에서 시스템의 상태가 정상범위가 아닌 것으로 판단되는 경우에 보안제어프로그램을 실행하는 보안조치실행단계를 포함하는, 고립된 사용자컴퓨팅부를 갖는 제어시스템에서의 제어방법.
- 제8항에 있어서,상기 입력정보는 피제어장치의 상태 신호 및 센서 감지 신호 중 적어도 하나를 포함하고,상기 제어정보는 피제어장치를 제어하기 위한 제어신호를 포함하는, 고립된 사용자컴퓨팅부를 갖는 제어시스템에서의 제어방법.
- 제8항에 있어서, 상기 시스템점검정보 도출단계에서상기 사용자컴퓨팅부가 생성하여 제공한 제어정보와 상기 보안컴퓨팅부가 생성한 제어정보를 비교하여 결과를 검증한 후 상기 시스템점검정보를 도출하는 것을 특징으로 하는, 고립된 사용자컴퓨팅부를 갖는 제어시스템에서의 제어방법.
- 제8항에 있어서, 상기 시스템점검정보 도출단계에서상기 보안컴퓨팅부가, 상기 사용자컴퓨팅부가 제공한 제어정보가 필요없는 연산절차를 병렬로 진행하고 상기 사용자컴퓨팅부가 제어정보를 제공한 후에 나머지 연산절차를 수행하여 도출되는 것을 특징으로 하는, 고립된 사용자컴퓨팅부를 갖는 제어시스템에서의 제어방법.
- 제8항에 있어서, 상기 보안조치실행단계는외부에 시스템점검정보, 시스템상태정보, 입력정보, 및 제어정보 중 적어도 하나를 제공하는 보안정보제공단계; 및외부로부터 제공된 정보를 바탕으로 상기 보안컴퓨팅부에 보안명령을 내리는 보안명령인가단계를 포함하는, 고립된 사용자컴퓨팅부를 갖는 제어시스템에서의 제어방법.
- 제8항에 있어서, 상기 입력정보 제공단계에서 입력정보가 상기 보안컴퓨팅부를 통해서 사용자컴퓨팅부에 제공될 때마다, 상기 제어정보수신단계, 시스템점검정보도출단계, 시스템상태결정단계, 최종제어정보제공단계, 및 보안조치실행단계가 수행되는, 고립된 사용자컴퓨팅부를 갖는 제어시스템에서의 제어방법.
- 제8항에 있어서, 상기 입력정보 제공단계에서 입력정보가 사전설정된 회수만큼 상기 보안컴퓨팅부를 통해서 사용자컴퓨팅부에 제공된 후에, 상기 제어정보수신단계, 시스템점검정보도출단계, 시스템상태결정단계, 최종제어정보제공단계, 및 보안조치실행단계가 수행되는, 고립된 사용자컴퓨팅부를 갖는 제어시스템에서의 제어방법.
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP21933326.7A EP4227842A4 (en) | 2021-03-24 | 2021-03-24 | CONTROL SYSTEM WITH ISOLATED USER COMPUTING UNIT AND CONTROL METHOD THEREOF |
JP2023524516A JP2024518005A (ja) | 2021-03-24 | 2021-03-24 | 孤立したユーザコンピューティング部を有する制御システムおよびその制御方法 |
CN202180076934.1A CN116547662A (zh) | 2021-03-24 | 2021-03-24 | 具有孤立的用户计算部的控制系统及其控制方法 |
US18/034,179 US20230409704A1 (en) | 2021-03-24 | 2021-03-24 | Control system having isolated user computing unit and control method therefor |
PCT/KR2021/003672 WO2022203098A1 (ko) | 2021-03-24 | 2021-03-24 | 고립된 사용자컴퓨팅부를 갖는 제어시스템 및 그 제어방법 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/KR2021/003672 WO2022203098A1 (ko) | 2021-03-24 | 2021-03-24 | 고립된 사용자컴퓨팅부를 갖는 제어시스템 및 그 제어방법 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022203098A1 true WO2022203098A1 (ko) | 2022-09-29 |
Family
ID=83395828
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2021/003672 WO2022203098A1 (ko) | 2021-03-24 | 2021-03-24 | 고립된 사용자컴퓨팅부를 갖는 제어시스템 및 그 제어방법 |
Country Status (5)
Country | Link |
---|---|
US (1) | US20230409704A1 (ko) |
EP (1) | EP4227842A4 (ko) |
JP (1) | JP2024518005A (ko) |
CN (1) | CN116547662A (ko) |
WO (1) | WO2022203098A1 (ko) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006094480A (ja) * | 2004-08-25 | 2006-04-06 | Maspro Denkoh Corp | セキュリティシステム |
KR20170013513A (ko) * | 2015-07-28 | 2017-02-07 | 이정석 | 원격 방범용 멀티제어장치 |
JP2018526691A (ja) * | 2015-08-31 | 2018-09-13 | ニューマン エイチ−アール コンピュータ デザイン,エルエルシーNewman H−R Computer Design,Llc | ハッキング耐性のあるコンピュータ設計 |
KR20180123815A (ko) | 2017-05-10 | 2018-11-20 | 김덕우 | 고립된 사용자컴퓨팅부를 갖는 컴퓨터 |
KR20210115822A (ko) * | 2020-03-16 | 2021-09-27 | 주식회사 우리기술 | 고립된 사용자컴퓨팅부를 갖는 제어시스템 및 그 제어방법 |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2016196285A (ja) * | 2015-04-03 | 2016-11-24 | 株式会社デンソー | 走行制御装置及び走行制御方法 |
EP3523169B1 (en) * | 2016-10-06 | 2021-07-14 | Red Bend Ltd. | Systems and methods for handling a vehicle ecu malfunction |
US10308242B2 (en) * | 2017-07-01 | 2019-06-04 | TuSimple | System and method for using human driving patterns to detect and correct abnormal driving behaviors of autonomous vehicles |
-
2021
- 2021-03-24 EP EP21933326.7A patent/EP4227842A4/en active Pending
- 2021-03-24 CN CN202180076934.1A patent/CN116547662A/zh active Pending
- 2021-03-24 WO PCT/KR2021/003672 patent/WO2022203098A1/ko active Application Filing
- 2021-03-24 JP JP2023524516A patent/JP2024518005A/ja active Pending
- 2021-03-24 US US18/034,179 patent/US20230409704A1/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006094480A (ja) * | 2004-08-25 | 2006-04-06 | Maspro Denkoh Corp | セキュリティシステム |
KR20170013513A (ko) * | 2015-07-28 | 2017-02-07 | 이정석 | 원격 방범용 멀티제어장치 |
JP2018526691A (ja) * | 2015-08-31 | 2018-09-13 | ニューマン エイチ−アール コンピュータ デザイン,エルエルシーNewman H−R Computer Design,Llc | ハッキング耐性のあるコンピュータ設計 |
KR20180123815A (ko) | 2017-05-10 | 2018-11-20 | 김덕우 | 고립된 사용자컴퓨팅부를 갖는 컴퓨터 |
KR20210115822A (ko) * | 2020-03-16 | 2021-09-27 | 주식회사 우리기술 | 고립된 사용자컴퓨팅부를 갖는 제어시스템 및 그 제어방법 |
Non-Patent Citations (1)
Title |
---|
See also references of EP4227842A4 |
Also Published As
Publication number | Publication date |
---|---|
EP4227842A1 (en) | 2023-08-16 |
EP4227842A4 (en) | 2023-12-06 |
US20230409704A1 (en) | 2023-12-21 |
CN116547662A (zh) | 2023-08-04 |
JP2024518005A (ja) | 2024-04-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109358591B (zh) | 车辆故障处理方法、装置、设备及存储介质 | |
US11136044B2 (en) | Vehicle control device | |
CN108628692B (zh) | 用于控制自主受控对象的容错方法 | |
US20190283768A1 (en) | Control system and improved control method for the autonomous control of a motor vehicle | |
KR20200017579A (ko) | 차량의 주행 제어 장치 및 방법 | |
WO2013116139A1 (en) | Methods and systems for aircraft health and trend monitoring | |
US11173922B2 (en) | Vehicle control device and vehicle control system | |
CN113247022A (zh) | 一种自动驾驶冗余控制系统及方法 | |
US5560570A (en) | Automatic piloting device for aerodynes | |
KR102416612B1 (ko) | 고립된 사용자컴퓨팅부를 갖는 제어시스템 및 그 제어방법 | |
WO2022203098A1 (ko) | 고립된 사용자컴퓨팅부를 갖는 제어시스템 및 그 제어방법 | |
CN113412218A (zh) | 旨在集成在现有飞行器中的采集和分析设备 | |
US11745748B2 (en) | Method and device for operating an automatically driving vehicle | |
US20200361478A1 (en) | Vehicle control device and electronic control system | |
US20220281498A1 (en) | Railway vehicle and control method and system therefor, and train control and management system | |
CN114625155B (zh) | 自动驾驶软件三重冗余管理系统及方法 | |
CN113260563B (zh) | 用于集成在现有飞行器中的替换驾驶系统 | |
CN114056351A (zh) | 自动驾驶方法及装置 | |
Zhang | Vehicle health monitoring for AVCS malfunction management | |
CN112051859A (zh) | 一种基于afdx网络的空中交通飞行器的航电系统 | |
US11809180B2 (en) | Method for controlling a motor vehicle remotely | |
US11834151B2 (en) | System for configuring an aircraft in a single-pilot mode or a two-pilot mode | |
US20240149911A1 (en) | Dual control systems and methods for operating an autonomous vehicle | |
KR20230098414A (ko) | C-its 기반 비정형 주행환경에서의 자율주행 운행 시스템 및 방법 | |
WO2021101013A1 (ko) | 리셋의 기능 안전을 결정하는 방법 및 그 방법을 수행하는 전자 장치 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21933326 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2023524516 Country of ref document: JP |
|
ENP | Entry into the national phase |
Ref document number: 2021933326 Country of ref document: EP Effective date: 20230512 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 202180076934.1 Country of ref document: CN |
|
NENP | Non-entry into the national phase |
Ref country code: DE |