• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The invention relates to a method for assisting the driving of a vehicle comprising at least one assistance mode, said method being implemented by a control unit of a driving assistance system, said unit control unit being connected to an actuation module, comprising a plurality of actuators able to control components of the vehicle, via a first network and a second network, said method comprising a step of: - Reception (300) and processing of the data coming from the actuation module via the first network, In response to a detection (301) of a malfunction on the first network, the steps of: - Triggering (302) of a phase of taking over by the driver of the vehicle, - Emission (303) of a command, intended for the actuation module to control the taking into account of commands coming from the second network, - Reception (304) and data processing from the actuation module by through the second network.
    公开号:FR3071800A1
    申请号:FR1759050
    申请日:2017-09-29
    公开日:2019-04-05
    发明作者:Alban Le Chaffotec;Laurent Legras;Xavier Oudin;Barbara Cervelle
    申请人:PSA Automobiles SA;
    IPC主号:
    专利说明:

    Method for assisting in driving a vehicle during a network failure and associated system
    The present invention relates to the field of driver assistance systems for motor vehicles.
    Driver assistance systems are now widely used in recent motor vehicles and are developing rapidly.
    We know, for example, adaptive cruise control, better known by the acronym ACC (for "Adaptive Cruise Control" or "Autonomous Cruise Control"). Such an assistance mode automatically adjusts the speed in order to maintain a constant safety interval with the vehicle preceding the user from the information collected on this vehicle (in particular the distance and the approach speed) using one or more radar, lidar or infrared sensors.
    Also known, in particular from American patent application US 2013/0096767, dynamic systems for involuntary line crossing. The latter, generally designated under the acronyms ALKA (for “Active Lane Keep Assist”), LKAS (for “Lane Keep Assistance System), ALA (for“ Active Lane Assist) or ALC (for “Active Lane Control”) detect lines of markings on the ground using optical sensors and / or cameras, and intervene dynamically on the vehicle when the latter deviates from its lane. In such a case, the driving assistance system will then automatically correct the direction of the vehicle and / or activate the braking.
    The driving assistance modes mentioned above can each be activated independently via a dedicated control button, located for example on the steering wheel, on a steering wheel control arm or even on the vehicle dashboard.
    Recently, new driver assistance systems have appeared in high-end motor vehicles.
    This is particularly the case for traffic jam assistants (better known by the acronym TJC for “Traffic Jam Driver”) intended to relieve the driver in situations of heavy traffic or traffic jams (speed below 50/70 km / h) on roads with separate carriageways (motorways and expressways). The latter are capable of automatically regulating the speed to a stop in order to maintain a desired distance from the vehicle in front while ensuring steering control, so that the driver can let go of the steering wheel and the pedals to go about d 'other activites.
    The autonomous operation of a motor vehicle is regulated by standards aimed in particular at imposing a minimum level of safety on vehicle functions. The safety levels are designated ASIL for Automotive Safety Integrity Level in English. The security levels include ASIL A, ASIL B, ASIL C, ASIL D, in ascending order of security.
    The level of safety is assigned on the basis of various elements, such as, for example, the occurrence of a dangerous situation, its frequency, the consequences of damage linked to such a situation, the ability to manage the dangerous situation, etc. Also, the more a function has a high level of security, for example an ASIL D level, the more complex and expensive the function will be to implement in order to minimize the risks. In general, the autonomous operation of a vehicle - typically requires an ASIL D security level to guarantee maximum safety for the occupants of the vehicle in the event of dangerous situations.
    Thus, such a system must be capable of continuing to operate in the presence of a malfunction, in particular of the communication network in the equipment until the vehicle is taken back by the driver or until the vehicle is made safe.
    Document DE102015210531 discloses a method for detecting a transmission error in a motor vehicle. This process makes it possible to detect "babbling idiot" type errors. However, nothing is planned to maintain the operation of the vehicle during such an error, in particular when the latter implements an autonomous assistance mode.
    The object of the invention is therefore to remedy the aforementioned problem by proposing a method and a device for driving assistance allowing a secure recovery of a vehicle when a network error, in particular of the "babbling idiot" type. >, has been detected.
    To this end, it more specifically proposes a method for assisting the driving of a vehicle comprising at least one assistance mode, said method being implemented by a control unit (30) of an assistance system for driving, said control unit (30) being connected to an actuation module (40), comprising a plurality of actuators capable of controlling vehicle components, via a first network (101) and d a second network (102), said method comprising a step of:
    - Reception (300) and processing of data from the actuation module via the first network (101), said method being characterized in that it comprises, in response to a detection (301) of a malfunction on the first network (101), steps of:
    - Triggering (302) of a recovery phase of the vehicle by the driver
    - Issuance (303) of an order, intended for the actuation module (40) to control the taking into account of orders originating from the second network (102),
    - Reception (304) and processing of data from the actuation module via the second network (102).
    The use of a second network, redundant the first network, allows in the event of a fault in the first network, giving the driver time to take control of his vehicle. The control module and the actuation module continue to communicate via the second network and ignore the data circulating on the first network, this data being potentially altered by the malfunction.
    According to a characteristic of the invention, the malfunction detected is of the "silly babbling" type in which a computer connected to said first network arbitrarily transmits data on said first network, so that its operation is disturbed or even blocked. The invention allows the vehicle to continue to operate in autonomous mode during the recovery phase, even if one of the networks has a "silly babbling" type dysfunction.
    According to a characteristic of the invention, the actuation module comprises a plurality of actuators capable of controlling at least one of the components of the following vehicle: the direction, the acceleration and the braking.
    Advantageously, the method according to the invention further comprises, in response to a detection of a malfunction on the second network, a step of initiating a phase of recovery of the vehicle by the driver. When the second network is reached by a malfunction, and therefore the vehicle is still operating perfectly in nominal mode, the recovery phase is still triggered because the redundancy is no longer properly ensured.
    Advantageously, the assistance mode provides both control of the lateral and longitudinal movement of the vehicle.
    Advantageously, the duration of the recovery phase is between 5 and 10 seconds.
    Advantageously, the first network comprises a first gateway, the actuation module being connected to the first gateway via a first link, said first gateway being connected to the control module via a second link. .
    Advantageously, the second network comprises a second gateway, the actuation module being connected to the second gateway by means of a third link, said second gateway being connected to the control module by means of a fourth link.
    The invention also relates to a vehicle driving assistance system comprising at least one assistance mode, a control unit connected to an actuation module comprising a plurality of actuators capable of controlling vehicle components , via a first network and a second network, said system comprising:
    Means for receiving and processing data from the actuation module via the first network, said system being characterized in that it further comprises means configured for, in response to detection of a malfunction on the first network:
    Trigger a recovery phase of the vehicle by the driver of the vehicle,
    Receive and process data from the actuation module through the second network.
    The invention also relates to a vehicle characterized in that it comprises a system according to the invention.
    Other characteristics and advantages of the invention will appear on examining the detailed description below, and the attached drawings, in which:
    - Figure 1 shows a functional diagram of an automated driver assistance system for vehicle;
    - Figure 2 illustrates an embodiment of a system according to the invention;
    - Figure 3 shows a diagram illustrating the method according to the invention.
    0 The accompanying drawings may not only serve to complete the invention, but also contribute to its definition, if necessary.
    The vehicle implements at least one assistance mode, for example for driving in a traffic jam, ensuring both the lateral and longitudinal movement of the vehicle in situations of heavy traffic or traffic jams (speed below a threshold value predetermined (for example between 50 and 70 km / h) and on roads with separate carriageways and in which the driver is not required to keep his eyes fixed on the road and can go about other occupations because the guidance can be maintained over a period of a few seconds (included for example
    0 between 5 and 10 s) before the driver picks up the vehicle.
    Referring to Figure 1, the automated driving assistance system 1 includes a driver monitoring module 10, a β module
    driving context evaluation unit 20, a steering unit 30, an actuation module for driving assistance modes 40, as well as an information and warning module 50.
    The driver monitoring module 10 comprises for example 5 a sub-module 11 for detecting the presence of the driver's hands on the steering wheel 10, as well as a sub-module 12 for detecting that of his feet on the pedals. acceleration, braking and clutch. The driver monitoring module 10 may also include a camera pointed towards the driver's face so as to determine his level of attention and / or the direction of his gaze.
    The driving context evaluation module 20 comprises a plurality of sensors, for example a camera oriented towards the front of the vehicle and delivering data making it possible to determine the type of road taken (motorway, expressway or secondary road) from of i5 certain characteristic parameters such as the width of the lane, the markings on the ground (color, width and spacing of the lines) and the possible presence of a barrier or a median of separation between the two directions of traffic . The analysis of the data provided by these sensors also makes it possible to establish the level of fluidity of road traffic.
    0 The module 20 also includes a plurality of sensors measuring certain internal driving parameters such as the instantaneous speed of the vehicle and the steering angle of the steering wheel.
    The data collected by the two driver monitoring 10 and driving context assessment 20 modules are routed in real time to the control unit 30 to which these two modules are connected.
    The control unit 30 comprises a computer 31 as well as a storage module 32 comprising non-volatile memory of EEPROM or FLASH type and random access memory.
    The non-volatile memory stores a process of assistance to the
    0 driving the motor vehicle, the flowchart of which is shown in FIG. 3.
    All the information contained in this non-volatile memory can be updated by means of communication or means of reading a data medium.
    The control unit 30 is connected to the actuation module 40 to which it is capable of transmitting the order to activate or deactivate one of the driving assistance modes.
    The actuation module 40 comprises a plurality of actuators able to control certain vehicle components such as the steering, acceleration, braking and the gearbox to ensure the implementation of the various driving assistance modes with which the vehicle is fitted.
    îo Figure 2 shows a schematic representation of a system according to the invention. The system has first and second networks.
    The control unit 30 is connected to the actuation module 40 via a first network, called the nominal network, and via a second network, called the backup network. The control unit 30 is also connected to the driving context evaluation module 20 which includes a plurality of sensors.
    Different types of network can be used to connect the actuation module 40 to the control module. We can cite by way of example and in a non-exhaustive manner:
    0 - CAN HS: standard network used by all car manufacturers.
    This network is constructed with a pair of unshielded twisted wires and is used mainly to transmit parameters with periodicities up to 10 ms of 8 bytes per frame.
    - CAN FD (for Flexible Data): Evolution of the previous network allowing 25 to reach data rates of 2Mb / s.
    - Flexray 10 Mb / s This network is deterministic and can be configured in redundancy in order to increase the level of security carried by the physical layer.
    The nominal network is used during normal operation of the
    0 vehicle. In other words, the nominal network is the network used by default if no failure is detected on one of the devices on the network. In the example, each of the actuators of the actuation module 40 is connected to the control module by means of a Flexray type link.
    Advantageously, each of the actuators is connected to a first gateway 101.2 via a first link 101.1, said first gateway 101.2 being connected to the control module 30 via a second link 101.3.
    The backup network is used in particular when a nominal network malfunction is detected. Advantageously, the type of network used for the first network is different from that used for the second network.
    îo This characteristic makes it possible to avoid common modes between the two networks. It is recalled that in the field of engineering, a common mode (or common mode failure in English) designates a plurality of malfunctions in a system, caused by a single malfunction.
    For example, if the first network is of the Flexray type, the second network can be CAN or Ethernet type or a combination of the two.
    Advantageously, each of the actuators is connected to a second gateway 102.2 by means of a third link 102.1,
    0 said second gateway 102.2 being connected to the control module 30 by means of a fourth link 102.3.
    The first 101.2 and the second 102.2 gateways are used to route the data exchanged between the devices.
    If the first 101 (resp. The second 102) network is homogeneous, then the first 101.2 (resp. The second 102.2) gateway acts as a router.
    On the other hand, if the first 101 (resp. The second 102) network is inhomogeneous, then the first 101.2 (resp. The second 102.2) gateway also makes it possible to convert the packets circulating on the first 101.1 (resp.
    0 the third 102.1) link in packets circulating on the second 101.3 (resp. The fourth 102.3) link (and vice versa).
    In the types of networks described above, a problem called the "babbling idiot" (or babbling idiot in English) expression which means, that a terminal begins to transmit arbitrarily, even if a signal is already present on the network and that for that it disturbs even blocks the network.
    This type of problem is generally due to a malfunction of a network node (a computer, a gateway or any other equipment connected to the network). This malfunction may be of a hardware nature, for example a short circuit at the communication port, or of a software nature.
    Advantageously, the computers of the actuation module or of the control unit transmit continuously on the two networks 101, 102.
    This feature makes it easy and quick to switch from the first network to the second network when an error is detected.
    Referring to FIG. 3, the method comprises: a step of reception 300 and processing of the data coming from the actuation module 40 by means of the first network 101.
    This step corresponds to normal (or nominal) operation of the system according to the invention. The control module 30 and the actuation module 40 communicate via the first network 101.
    The method also includes a step 301 of detecting a malfunction on the first network 101. As explained above, the malfunction is in particular a malfunction of the “silly babbling” type, the detection methods of which are known to those skilled in the art .
    In response to such detection, the method further comprises a step 302 of triggering a phase of recovery of the vehicle by the driver. The duration of the recovery phase is advantageously between 5 and 10 seconds, for example 10 seconds. When redundancy is no longer ensured, the autonomous mode must be deactivated while allowing the driver to regain control of the vehicle in a secure manner.
    The control module 30 indicates to the actuation module 40 that the second network 102 must now be used to transfer the data in hot redundancy.
    In response to this detection step 301, the method further comprises a step of receiving 304 and processing the data coming from the actuation module via the second network 102. The control module is able to take into account the data from the second network 102 and no longer the data from the first network 101.
    Advantageously, the driving assistance method according to the invention further comprises, in response to a detection of a malfunction on the second network 102, a step of initiating a recovery phase by hand. driver of the vehicle via alert means.
    As indicated above, when there is a failure on the networks, the autonomous mode must be deactivated while allowing the driver to regain control of the vehicle in a secure manner. The vehicle continues its nominal operation on the first network 102. However, the recovery phase is triggered. This results in a deactivation of the autonomous mode either by the recovery in hand of the customer or by a stopping of the vehicle in the way in the event of non recovery in the hand of the customer.
    权利要求:
    Claims (10)
    [1" id="c-fr-0001]
    1. Method for assisting the driving of a vehicle comprising at least one assistance mode, said method being implemented by a control unit (30) of a driving assistance system, said unit for control (30) being connected to an actuation module (40), comprising a plurality of actuators capable of controlling vehicle components, via a first network (101) and a second network (102 ), said method comprising a step of:
    - Reception (300) and processing of data from the actuation module via the first network (101), said method being characterized in that it comprises, in response to a detection (301) of a malfunction on the first network (101), steps of:
    - Triggering (302) of a recovery phase by the driver of the vehicle,
    - Reception (304) and processing of data from the actuation module via the second network (102).
    [2" id="c-fr-0002]
    2. A driving assistance method according to claim 1, characterized in that the detected malfunction is of the “silly babbling” type in which a computer connected to said first network arbitrarily transmits data on said first network, so that its operation is disturbed or even blocked.
    [3" id="c-fr-0003]
    3. Driving assistance method according to one of the preceding claims, characterized in that the actuation module (40) comprises a plurality of actuators capable of controlling at least one of the components of the following vehicle: the steering, acceleration and braking.
    [4" id="c-fr-0004]
    4. A driving assistance method according to one of the preceding claims, characterized in that it further comprises, in response to a detection of a malfunction on the second network (102), a step of triggering a recovery phase of the vehicle by the driver.
    [5" id="c-fr-0005]
    5. Driving assistance method according to one of the preceding claims, characterized in that the assistance mode provides both control of the lateral and longitudinal movement of the vehicle.
    [6" id="c-fr-0006]
    6. Driving assistance method according to one of the preceding claims, characterized in that the duration of the recovery phase is between 5 and 10 seconds.
    [7" id="c-fr-0007]
    7. Driving assistance method according to one of the preceding claims, characterized in that the first network (101) comprises a first gateway (101.2), the actuation module (40) being connected to the first gateway ( 101.2) via a first link (101.1), said first gateway (101.2) being connected to the control module (30) via a second link (101.3).
    [8" id="c-fr-0008]
    8. A driving assistance method according to one of the preceding claims, characterized in that the second network (102) comprises a second gateway (102.2), the actuation module (40) being connected to the second gateway ( 102.2) via a third link (102.1), said second gateway (102.2) being connected to the control module (30) via a fourth link (102.3).
    [9" id="c-fr-0009]
    9. Assistance system for driving a vehicle comprising at least one assistance mode, a control unit (30) connected to an actuation module (40) comprising a plurality of actuators capable of controlling organs of the vehicle, via a first network (101) and a second network (102), said system comprising:
    - Reception means (30) and processing of data coming from the actuation module via the first network (101), said system being characterized in that it further comprises means 5 configured for, in response to detection of a malfunction on the first network (101):
    - Initiate a recovery phase of the vehicle by the driver of the vehicle,
    - Receive and process data from the actuation module îo via the second network (102).
    [10" id="c-fr-0010]
    10. Vehicle characterized in that it comprises a system according to the preceding claim.
    类似技术:
    公开号 | 公开日 | 专利标题
    EP3687877A1|2020-08-05|Method for assisting in the driving of a vehicle when there is a network failure and associated system
    EP3242823B1|2018-10-03|Architecture for a driving assistance system with conditional automation
    FR3040959B1|2019-11-22|METHOD AND SYSTEM FOR MANAGING A MOTOR VEHICLE
    JP2019194845A|2019-11-07|Disaster mitigation system for connected vehicles with hidden vehicle functionality
    FR3041916A1|2017-04-07|METHOD OF MAINTAINING DRIVER'S VIGILANCE IN A VEHICLE DURING AN AUTOMATED DRIVING PHASE
    EP3400158B1|2020-04-22|Method for controlling an automated driving assistance system of a motor vehicle
    FR3041778A1|2017-03-31|MOTOR VEHICLE RECOVERY ASSISTING METHOD
    FR3065935A1|2018-11-09|SECURED TRANSITION STEERING METHOD OF A DRIVING ASSISTANCE SYSTEM FOR A MOTOR VEHICLE.
    FR3067901B1|2019-06-28|METHOD FOR MANAGING MEDIA APPLICATIONS IN A VEHICLE WITH AN AUTOMATED DRIVING SYSTEM
    EP3344508A1|2018-07-11|Method for assisting a driver in transitioning from a first autonomous mode to a second autonomous mode
    FR3045546A1|2017-06-23|METHOD OF TRANSMITTING VISUAL ROAD VISUAL SIGNALING DURING COMPLETELY AUTOMATED DRIVING PHASE.
    EP3448711B1|2020-04-15|Automated driving system for a motor vehicle provided with an advanced visual communication interface
    EP3900409A1|2021-10-27|Method and device for assisting a driver communicating with a remote interlocutor
    FR3073803A1|2019-05-24|METHOD FOR ASSISTING THE DRIVING OF A VEHICLE DURING A FAILURE OF EQUIPMENT AND ASSOCIATED SYSTEM
    FR3037026A1|2016-12-09|METHOD FOR THE ACTIVATION OF AN INDEPENDENT MODE IN RESPONSE TO AN INTENTION DETECTION
    EP3513294B1|2021-04-21|Device for controlling the reinitialization of a computer on board an automobile
    FR3086075A1|2020-03-20|ELECTRONIC MONITORING SYSTEM FOR A SELF-CONTAINED VEHICLE, METHOD AND COMPUTER PROGRAM THEREOF
    WO2017006015A1|2017-01-12|Driver assistance method that suggests a driving position according to a driving situation
    EP3627270A1|2020-03-25|Electronic device for determining a trajectory of emergency stopping of an autonomous vehicle, associated vehicle and method
    EP3683779A1|2020-07-22|Platform and method for supervising an infrastructure for transport vehicles, associated vehicle, transport system and computer program
    FR3102601A1|2021-04-30|Method for managing a driving assistance function.
    WO2020193295A1|2020-10-01|Method for ensuring that a vehicle can safely pass a traffic light
    FR3081416A1|2019-11-29|METHOD FOR DETECTING A DEFECT OF A SENSOR EQUIPPED WITH A PARTIALLY OR FULLY AUTONOMOUS MOTOR VEHICLE.
    WO2022053338A1|2022-03-17|Method for secure display of information in a vehicle
    FR3089931A1|2020-06-19|Method and device for assisting a driver receiving a call from a remote party
    同族专利:
    公开号 | 公开日
    WO2019063899A1|2019-04-04|
    FR3071800B1|2021-04-02|
    US20200223453A1|2020-07-16|
    EP3687877A1|2020-08-05|
    CN111386218A|2020-07-07|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    FR2995161A1|2012-09-05|2014-03-07|Bosch Gmbh Robert|Gateway module for use in gateway unit to connect sub-networks of communication network of vehicle, has specific circuit for processing and transmitting data from sub-network to another sub-network by considering communication protocols|
    DE102015108286A1|2014-06-02|2015-12-03|Ford Global Technologies, Llc|Redundancy for automatic vehicle operation|
    DE102015110958A1|2014-07-11|2016-01-14|Ford Global Technologies, Llc|Outage management in a vehicle|
    FR3031406A1|2015-01-05|2016-07-08|Valeo Schalter & Sensoren Gmbh|ARCHITECTURE FOR CONDITIONAL AUTOMATION DRIVING ASSISTANCE SYSTEM|
    DE102011084611A1|2011-10-17|2013-04-18|Robert Bosch Gmbh|Method and apparatus for lane departure control|
    DE102015210531A1|2015-06-09|2016-12-15|Robert Bosch Gmbh|Method for detecting a faulty transmission of information in a motor vehicle|EP3721130A4|2019-02-18|2021-03-31|Nikola Corporation|Communication systems and methods for hydrogen fueling and electric charging|
    CN112298208A|2020-10-21|2021-02-02|长城汽车股份有限公司|Automatic driving transverse auxiliary control method and transverse auxiliary system|
    CN113022588A|2021-03-10|2021-06-25|北京百度网讯科技有限公司|Control system, control method, device, and storage medium for autonomous vehicle|
    法律状态:
    2019-04-05| PLSC| Publication of the preliminary search report|Effective date: 20190405 |
    2019-08-20| PLFP| Fee payment|Year of fee payment: 3 |
    2020-08-19| PLFP| Fee payment|Year of fee payment: 4 |
    2021-08-19| PLFP| Fee payment|Year of fee payment: 5 |
    优先权:
    申请号 | 申请日 | 专利标题
    FR1759050|2017-09-29|
    FR1759050A|FR3071800B1|2017-09-29|2017-09-29|DRIVING ASSISTANCE PROCESS OF A VEHICLE IN THE EVENT OF A FAILURE OF A NETWORK AND ASSOCIATED SYSTEM|FR1759050A| FR3071800B1|2017-09-29|2017-09-29|DRIVING ASSISTANCE PROCESS OF A VEHICLE IN THE EVENT OF A FAILURE OF A NETWORK AND ASSOCIATED SYSTEM|
    CN201880063820.1A| CN111386218A|2017-09-29|2018-09-10|Method for assisting driving a vehicle during a network failure and related system|
    EP18782103.8A| EP3687877A1|2017-09-29|2018-09-10|Method for assisting in the driving of a vehicle when there is a network failure and associated system|
    PCT/FR2018/052205| WO2019063899A1|2017-09-29|2018-09-10|Method for assisting in the driving of a vehicle when there is a network failure and associated system|
    US16/644,447| US20200223453A1|2017-09-29|2018-09-10|Method for assisting in the driving of a vehicle when there is a network failure and associated system|
    [返回顶部]