• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    A method of updating a computer of an on-board vehicle system, via a landed mobile device wirelessly connected to said on-board system, said method comprising the following steps: A. Recovery by the landed mobile device of an information of availability of an update file intended for the on-board vehicle computer, from a remote server, B. Downloading by the mobile device disembarked of said update intended for the computer of the on-board vehicle system , C. Installation of the update by the mobile device landed on the calculator of the on-board vehicle system.
    公开号:FR3067136A1
    申请号:FR1754745
    申请日:2017-05-30
    公开日:2018-12-07
    发明作者:Sylvain Patureau Mirand;Moulay Abdelaziz El Aabid;Zakaria Lamghari
    申请人:Peugeot Citroen Automobiles SA;
    IPC主号:
    专利说明:

    ® PROCESS FOR UPDATING AN ON-VEHICLE COMPUTER.
    FR 3 067 136 - A1
    @) Method for updating a computer of an on-board vehicle system, by means of a landed mobile device connected wirelessly to said on-board system, said method comprising the following steps:
    A. Recovery by the landed mobile device of availability information from an update file intended for the on-board vehicle computer, from a remote server,
    B. Download by the mobile device landed of said update intended for the on-board vehicle system computer,
    C. Installation of the update by the mobile device landed on the on-board vehicle system computer.

    The present invention relates generally to a method for updating an on-board computer of a vehicle.
    Modern vehicles are provided with an on-board system comprising one or more computers intended to control vehicle functions, such as safety functions, engine management functions or comfort functions.
    It is known in the prior art update methods involving the downloading by a maintenance technician of an update for a computer on a computer and the installation of the update by a wired connection between the vehicle's on-board system and the computer. However, this type of process has the disadvantage of limiting the speed of diffusion of an update as well as the number of vehicles actually updated, since it involves the passage of the vehicle in a maintenance center.
    In view of these drawbacks, document US 2016/0378457 discloses a method for wirelessly updating an on-board computer by a connection between the on-board system of the vehicle and a remote server via an off-board mobile device such as 'a smartphone. The disembarked mobile device thus plays the role of a gateway or modem simply passing the update information between the vehicle's on-board computer and the remote server, without taking part in the actual updating process.
    In return, this method has the particular disadvantage of requiring synchronization of the remote server with the vehicle on-board computer, which makes this method unreliable and sensitive to external disturbances. In addition, it requires a complex software architecture of the embedded system since all of the operations
    - 2 necessary for updating the on-board computer are carried out by the on-board computer itself. This complex software architecture is expensive to design and manufacture and not very flexible since it cannot be modified during the lifetime of the vehicle.
    An object of the present invention is to respond to the drawbacks of the document of the prior art mentioned above and in particular, to propose a robust updating method allowing a simplified architecture of the on-board vehicle system.
    [0007] For this, a first aspect of the invention relates to a method for updating a computer of an on-board vehicle system, by means of a landed mobile device connected wirelessly to said on-board system, said method comprising the following steps:
    A. Retrieval by the landed mobile device of availability information of an update intended for the on-board vehicle computer, from a remote server,
    B. Download by the mobile device landed of said update intended for the on-board vehicle system computer,
    C. Installation of the update by the mobile device landed on the computer of the on-board vehicle system [0008] The use of a mobile device landed as a pivot between the computer to be updated and the remote server to carry out update operations therefore authorizes an update process in asynchronous mode, that is to say one that does not require a direct connection between the vehicle on-board system and the remote server. The method according to the present invention is therefore robust, reliable and comfortable for the user. In addition, it allows a simplified on-board system architecture due to the fact that process operations are supported by the unloaded mobile device.
    Advantageously, step A of recovering an update file comprises an operation A2 of comparison between the version number of the update and the version number of the computer software, and the method update is stopped if the version number of the computer software update is equal to or higher than the version number of the update.
    Thus the unnecessary update download by another landed mobile device is avoided, which avoids unnecessary power consumption and saturation of the bandwidth of mobile networks or wifi.
    Advantageously, the downloading step B comprises an operation B2 of generating an update file and a license file based on information from the vehicle computer. This operation makes it possible to obtain a secure file and / or suitable for the computer to be updated.
    Advantageously, step C of applying the update comprises an operation C4 of checking the integrity and security of the update file and of the license file. This operation makes it possible to limit or avoid attempts to hack or unauthorized modification of calculator software.
    Advantageously, step C of installation of the update includes an operation C2 of inhibiting the functions of the on-board system and switching to update mode. This operation avoids any danger or discomfort associated with updating a computer.
    Advantageously, step C of installation of the update to the computer includes a C3 download operation of the update file and the license file by the on-board system from the landed mobile device. This wireless operation is practical for the user and allows you to use any type of mobile device landed for the general public, such as a smart phone or a touch pad.
    A last aspect of the invention is a motor vehicle comprising at least one on-board system comprising a computer adapted to be updated by a method according to the first aspect of the invention.
    Other characteristics and advantages of the present invention will appear more clearly on reading the following detailed description of an embodiment of the invention given by way of non-limiting example and illustrated by the accompanying drawings, wherein :
    Figure 1 is a schematic representation of an updating method according to the present invention Figure 2 is a diagram of the main steps of the method according to Figure 1.
    The present invention generally relates to an updating method for a computer of an on-board vehicle system, for example a private, utility, military, heavy goods vehicle or vehicle for specialized use. An on-board system comprises one or more computers intended to control vehicle functions, such as safety functions, engine management functions or comfort functions.
    These computers each include one or more memory units, one or more logical units, one or more communication units and software to operate them. It is sometimes desirable to modify this software by an update in order to correct faults, security breaches or to add new functions or parameters. The term “update” is thus understood both for a file comprising a complete calculator software replacing the older version calculator software and both for a file comprising software making modifications to the software of without completely replacing it. In addition, an update also includes the files and information necessary for its installation and securing.
    A landed mobile device used by the present process means any device capable on the one hand of local wireless communication with an on-board vehicle system, for example of the Bluetooth, Wifi or NFC type, and on the other hand capable of connecting to the Internet, for example via a 3G, 4G or Wifi network. For example, it can be a smart phone or smartphone, a tablet or touch screen slate or even a multimedia player. This landed mobile device preferably operates thanks to an operating system allowing the installation and use of mobile applications, for example Google Android ™, Apple iOS ™ or Microsoft Windows ™. Alternatively, an on-land mobile device dedicated to this process and natively integrating the mobile application can also be used.
    The term "mobile application" therefore means for any program or software usable on the landed mobile device according to the present invention and making it possible to implement the present method. For example, this mobile application will be designed and / or published by the vehicle manufacturer, importer or reseller.
    Figure 1 shows a schematic view of an updating method according to the present invention, in which a computer of the on-board system of a vehicle 10 is updated by the landed mobile device 20 in the form of a smart phone using files and information sent and obtained by the landed mobile device 20 from a remote server accessible on the Internet 30.
    Thus, the landed mobile device 20 serves as a pivot between the computer of the vehicle to be updated and the remote server by performing update operations asynchronously and thus simplifying the architecture of the vehicle on-board system 10.
    The steps of the present updating method are detailed with a view to FIG. 2.
    - 6 In a first step A, update availability information is retrieved.
    Thus, during operation A1, update information is retrieved by the mobile application installed on the landed mobile device. For example, this information can be retrieved by a push type notification, that is to say "push" from the remote server to the mobile application of the landed mobile device connected to the Internet, for example using linked push technology. the operating system of the landed mobile device. Alternatively, the mobile application can connect to the remote server regularly over the Internet to determine if an update is available. Alternatively, or in addition to the two previous methods, a message can be sent to the user by email or text message (SMS) in order to encourage them to start the mobile application and to implement the updating process. day according to the present invention.
    For example, this update information includes one or more information on this update, such as its publication date, its size, its version number, etc. This A1 operation therefore requires Internet access, but not necessarily connection to the vehicle's on-board system.
    During operation A2, the mobile application connects to the vehicle's on-board system in order to retrieve at least one piece of software version number information from the computer to be updated. Optionally, computer software configuration information can also be retrieved during this operation A2. Based on the version number of the calculator software, a comparison is made with the version number of the update by the mobile application, so as to at least determine whether the update available is more recent than the calculator software. If the update available on the remote server is not more recent than the computer software, the update process is stopped.
    - 7 Optionally, the version number can include information on the identity of the computer so as to determine during the same step A2 if the update is installable to the on-board system of said vehicle and / or to the specific type of the on-board system computer.
    This operation A2 therefore requires only a connection to the vehicle's on-board system, for example when the user is traveling on board with a landed mobile device such as a smart phone connected to the vehicle's on-board system.
    During operation A3, once the update is determined in operation A2 as being more recent than the computer software and / or installable on this computer, the mobile application makes a request d permission to download to the user.
    To do this, a notification can be displayed on the screen of the connected mobile device, or a dialog window inviting the user to authorize the download of the update, to refuse it or to shift it to a more opportune moment. Thus, the user remains in control of the update process and can perform this step according to his availability and according to his Internet connection without being close to the vehicle. For example, a user who does not have an unlimited data connection by 3G / 4G will be able to download the update once in the presence of a Wi-Fi connection, for example at home, without a connection to the vehicle on-board system is required.
    In a second step B of the present method, the download of the computer update is carried out by the mobile application. For this, the user must have authorized the download in the previous step A3 and the landed mobile device must be connected to the Internet.
    Thus, in a first operation B1, a unique identification number (NIU or UIN according to the English acronym) of the computer to be updated as well as the software version number of the
    -8 calculator to update are sent to the remote server through the Internet connection of the landed mobile device, for example via a secure connection of SSL or HTTPS type.
    In a second operation B2, an update file and a license file are prepared by the update server. The license file is prepared on the basis of the NIU of the calculator and the version number of the calculator software, in order firstly to ensure that the update corresponds to the calculator and the software to be updated and on the other hand to allow a security of the update file thanks to the license file. The update file can thus be secure and in particular encrypted, that is to say encrypted, asymmetrically or symmetrically and the license file can contain the information necessary for decryption, that is to say decryption of the file. update, such as a private key and / or an authentication certificate. In addition, the license file can be encrypted and contain information necessary to verify the integrity of the update file and / or its own integrity such as a fingerprint from a hash function and / or information necessary for the installation of the update to the computer such as an identification token or token.
    In a third operation B3, the update and license files, prepared during the previous operation B2, are downloaded to the mobile device landed by the mobile application, for example through a 3G / 4G connection or Wifi on the Internet. For this operation, a connection from the landed mobile device to the vehicle's on-board system is not necessary. Once this step B3 has been successfully carried out, an Internet connection of the landed mobile device is no longer required before the last operation C7 of the third step C of installation of the update to the computer.
    In addition, the download operation B3 can include an optional operation B3 ’to perform a verification of the integrity and / or the authenticity of the files received, for example on the basis of a fingerprint
    -9 from a hash function and a certificate issued by a certification authority. In the event of an error during this operation, the operation to download the update from the remote server is restarted.
    In a fourth operation B4, a request for authorization to install the update is made by the mobile installation of the landed mobile device intended for the user. For example, a notification appears on the screen of the dismounted mobile device inviting to start the update step, or else a dialog box appears on the screen of the dismounted mobile device inviting the user to authorize the step d installation of the update to the computer. Optionally, a second authorization may be required by the vehicle on-board system via an on-board device, for example a touch screen linked to the vehicle's multimedia system.
    The third step C of the present method consists of installing the update to the vehicle computer, the files of which were downloaded in the second step B. This third step assumes that the previous steps A and C have been successfully completed.
    In a first operation C1, the mobile application of the disembarked mobile device is connected to the on-board system of the vehicle in order to check the state of the vehicle and to determine an opportune moment to install the update. For example, this opportune moment may include a stationary vehicle situation and a minimum battery level. However, other parameters can be taken into account such as a location of the vehicle, for example near the home, time information (date and time) or any other type of information.
    This operation C1 can be done immediately after the operation B4 of authorization request for the installation of the update or can be offset in time, for example according to update programming information provided by the user during operation B4.
    If operation C1 cannot be performed immediately after operation B4, the mobile application tracks the state of the vehicle and informs the user
    -10 during an optional CT operation as soon as the calculator is ready to receive the installation of the update, and possibly requests a new authorization.
    During operation C2, the mobile application installed on the landed mobile device inhibits the functions of the on-board system, in particular the functions made unavailable by the installation of the update to the computer or else functions intended to prevent any use of the vehicle, in the event that a computer critical for the safety and / or operation of the vehicle is updated. For example, closing the vehicle doors can be prevented to encourage the user with the landed mobile device to stay inside or near the vehicle. In addition, starting of the vehicle engine can be prevented. From a technical point of view, the vehicle's on-board system or at least the computer to be updated is placed in an update mode in which the receipt of authorization token is inhibited and the orders received are no longer interpreted . The on-board system is therefore placed in the queue to receive the update file and the license file.
    During operation C3, the update file and the license file are downloaded by the mobile application from the landed mobile device on which these files are stored to the vehicle's on-board system. On this occasion, identification verifications can be carried out by the on-board system in order to verify that the on-board mobile device is legitimate for carrying out this operation, for example by an identification token system. In addition, any other information or file necessary for the update is transmitted to the computer during this step. In the event of an error during this verification operation, a request can be sent to the mobile application to start this C3 download step again. For example, only one new attempt is made.
    - 11 [0044] During operation C4, a security and integrity check is performed by the computer on the update file as well as on the license file downloaded in the second step, based on the information received of the landed mobile device. This operation includes the possible decryption of the update file and / or the license file, the verification of their integrity by using a hash function and comparison with the fingerprints provided by the remote server, as well as the verification of an authentication certificate allowing to validate the signature of the update file. A certification authority can thus be used to transmit, generate and verify certificates, for example by the transmission of certificate revocation lists.
    This C4 operation therefore aims to verify that the update file is intact, that is to say uncorrupted, authentic, that is to say from an authorized remote server; and appropriate, that is to say adapted to the computer to be updated.
    If the C4 operation fails, the computer issues a request to the mobile application to start the C3 operation again to download the update and / or license files and an alert can be sent immediately or later to the remote server by the landed mobile device for tracking purposes.
    During operation C5, the update is applied to the computer, that is to say that the computer software is modified or replaced by the update, so as to correct faults or defects and / or add functions or parameters. Once the update has been applied, the computer software is restarted on the updated software.
    During operation C6, the mobile application of the landed mobile terminal checks the version number of the calculator software and compares it to the version number of the update file downloaded on the landed mobile terminal, so as to validate the correct installation of the update to the computer. If the two version numbers match, the user is
    - 12 informed by a notification or a dialog window that the update process is successful. In addition, the NIU number and the software version number are sent to the remote server to confirm the success of the update process. Otherwise, the user is notified that the update process has failed and must be repeated.
    Alternatively, if the update is inconsistent, if the computer is unable to restart on the updated software or in the event of a computer error, the previous computer software, not updated, may have been saved for example on the landed mobile device or within the on-board vehicle system, and thus be reinstalled to allow normal operation of the vehicle.
    Thus, the updating method according to the present invention uses a landed mobile device as a pivot, that is to say to provide download, verification, security and human interface functions- machine, between the remote server and the on-board vehicle system. This allows an asynchronous update process, that is to say without permanent connection between the remote server and the vehicle on-board system and thus a significant robustness of the update process. In addition, the on-board vehicle system may include a simplified architecture due to the functions linked to the remote update method on the connected mobile device.
    It will be understood that various modifications and / or improvements obvious to those skilled in the art can be made to the various embodiments of the invention described in the present description without departing from the scope of the invention. In particular, reference is made to the download operations B3 and C3, in which a download failure, for example due to a bad connection, too long transfer time or the extinction of the landed mobile device starts a specific scenario in which the user is notified of the download failure and a new download attempt is made immediately or at a later time.
    权利要求:
    Claims (7)
    [1" id="c-fr-0001]
    1. Method for updating a computer of an on-board vehicle system, by means of a landed mobile device connected wirelessly to said on-board system, said method comprising the following steps:
    A. Retrieval by the landed mobile device of availability information of an update intended for the on-board vehicle computer, from a remote server,
    B. Download by the mobile device landed of said update intended for the on-board vehicle system computer,
    C. Installation of the update by the mobile device landed on the on-board vehicle system computer.
    [2" id="c-fr-0002]
    2. update method according to the preceding claim, characterized in that step A of recovering an update file comprises an operation A2 of comparison between the version number of the update and the number of version of the computer software, and in that the updating process is stopped if the version number of the update of the computer software is equal to or higher than the version number of the update.
    [3" id="c-fr-0003]
    3. updating method according to the preceding claim, characterized in that the downloading step B comprises an operation B2 of generating an update file and a license file on the basis of information from the vehicle computer.
    [4" id="c-fr-0004]
    4. Updating method according to the preceding claim, characterized in that step C of applying the update comprises an operation C4 of checking the integrity and security of the update file and of the file. Licence.
    [5" id="c-fr-0005]
    5. Updating method according to any one of the preceding claims, characterized in that step C of installing the update comprises an operation C2 of inhibiting the functions of the on-board system and switching to setting mode. up to date.
    5 6. update method according to any one of the preceding claims, characterized in that step C of installing the update to the computer comprises an operation C3 of downloading the update file and the file license by the on-board system from the unloaded mobile device.
    [6" id="c-fr-0006]
    10
    [0007]
    7. Motor vehicle comprising at least one on-board system comprising a computer adapted to be updated by a method according to any one of the preceding claims.
    类似技术:
    公开号 | 公开日 | 专利标题
    EP3269108B1|2021-05-26|Method for secure transmission of a virtual key and method for authentication of a mobile terminal
    EP2178016B1|2018-03-07|Method of operating on-board equipment, associated equipment and aircraft containing such equipment
    FR3067136A1|2018-12-07|METHOD FOR UPDATING A VEHICLE ONBOARD COMPUTER
    EP3348085A1|2018-07-18|Method for loading a virtual key in a user terminal and associated user terminal
    FR2989799A1|2013-10-25|METHOD FOR TRANSFERRING A DEVICE TO ANOTHER RIGHTS OF ACCESS TO A SERVICE
    EP2735969B1|2019-09-04|Electronic assembly including a deactivation module
    FR3030850A1|2016-06-24|METHOD FOR CONTROLLING ACCESS TO AT LEAST ONE FUNCTIONALITY OF A MOTOR VEHICLE
    FR3031212A1|2016-07-01|ELECTRONIC UNIT, METHOD IMPLEMENTED IN SUCH AN ELECTRONIC UNIT, METHOD OF SHARING A TIME BASE BETWEEN A SERVER AND AN ELECTRONIC UNIT, AND METHOD OF SYNCHRONIZING A SERVER AND AN ELECTRONIC UNIT
    CA2941313A1|2015-09-17|Method of controlling access to a reserve zone with control of the validity of an access entitlement installed in the memory of a mobile terminal
    EP3532973A1|2019-09-04|Method for installing a certificate in a vehicle computer, associated computer and system
    WO2016132078A1|2016-08-25|Method of securing access to at least one functionality of a motor vehicle by a mobile terminal
    EP3317800B1|2020-05-13|Method of managing profiles in a secure element
    FR3075536A1|2019-06-21|METHOD FOR AUTHENTICATING AN ELECTRONIC DEVICE BY AN ELECTRONIC UNIT EQUIPPED WITH A VEHICLE
    WO2017182597A1|2017-10-26|Method for connecting an electronic appliance to a vehicle on-board system, associated electronic appliance and vehicle on-board system
    EP3667530A1|2020-06-17|Secure access to encrypted data from a user terminal
    FR3024265A1|2016-01-29|METHOD OF SECURING A RESTITUTION OPERATION OF A VEHICLE SHARED BY A PLURALITY OF USERS
    WO2021014064A1|2021-01-28|Method and device for updating software of an onboard computer of a vehicle, comprising a runtime memory, a backup memory and a control memory
    FR3099264A1|2021-01-29|Method and device for updating the software of an on-board computer of a vehicle, comprising an execution memory and a backup memory
    FR3099265A1|2021-01-29|Method and device for updating the software of an on-board computer of a vehicle, comprising an execution memory, a backup memory and a control memory
    FR3093887A1|2020-09-18|Process for issuing, to a nomadic device, an access authorization to a connected computer of a vehicle
    EP3899765A1|2021-10-27|Reinitialization of an application secret by way of the terminal
    EP3185189A1|2017-06-28|Method and system for providing service with verification of the suitability between a vehicle receiving the service and a user
    FR3096153A1|2020-11-20|Method and device for returning to a state prior to a software update of a remote vehicle computer
    FR3109001A1|2021-10-08|Secure process for inhibiting the recording of electronic equipment faults with a view to updating a vehicle component by the end customer
    FR3100071A1|2021-02-26|Method and device for updating the software of an on-board computer of a vehicle, comprising an execution memory and a backup memory
    同族专利:
    公开号 | 公开日
    FR3067136B1|2020-08-14|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    US20070287439A1|2004-12-14|2007-12-13|Bayerische Motoren Werke Aktiengesellschaft|System for using at least one mobile terminal in a motor vehicle using an updating device|
    US20090119657A1|2007-10-24|2009-05-07|Link Ii Charles M|Methods and systems for software upgrades|
    EP2706457A1|2012-09-06|2014-03-12|Delphi Technologies, Inc.|Vehicle software update via vehicle entertainment unit|
    US20140282467A1|2013-03-14|2014-09-18|Ford Global Technologies, Llc|Method and Apparatus for Multiple Vehicle Software Module Reflash|FR3091608A1|2019-01-04|2020-07-10|Psa Automobiles Sa|Method and device for updating an electronic control unit|
    FR3110732A1|2020-05-25|2021-11-26|Psa Automobiles Sa|Software update method for a vehicle|
    FR3111212A1|2020-06-09|2021-12-10|Psa Automobiles Sa|Updating a vehicle application via a smartphone application|
    法律状态:
    2018-04-23| PLFP| Fee payment|Year of fee payment: 2 |
    2018-12-07| PLSC| Search report ready|Effective date: 20181207 |
    2019-04-19| PLFP| Fee payment|Year of fee payment: 3 |
    2020-04-22| PLFP| Fee payment|Year of fee payment: 4 |
    2021-04-21| PLFP| Fee payment|Year of fee payment: 5 |
    优先权:
    申请号 | 申请日 | 专利标题
    FR1754745|2017-05-30|
    FR1754745A|FR3067136B1|2017-05-30|2017-05-30|UPDATE PROCESS OF A VEHICLE ON-BOARD COMPUTER|FR1754745A| FR3067136B1|2017-05-30|2017-05-30|UPDATE PROCESS OF A VEHICLE ON-BOARD COMPUTER|
    [返回顶部]