Bit Encoding For a Bus Communication System

TECHNICAL FIELD

This invention relates generally to electronic communications and more specifically to encoding or tagging individual bits of data sent via protocols for control networks.

BACKGROUND

Electronic devices communicate with each other in a variety of ways, often based upon the requirements of a given context. One such context is that of control systems. Unlike simple communication systems where the system merely allows for communication among the devices communicating on the system, control systems communicate for the purpose of explicit control over the modules connected to communicate over the control system. Such systems then allow other applications to run on the various modules. Those applications in a distributed embedded control system, however, should work in concert.

To provide that group control, most distributed embedded control systems are built around a communication protocol standard, examples of which include CAN (ISO 11898), SERCOS, FlexRay, EtherCAT, and Ethernet among others. Higher layer protocols are embedded on top of the communication standard to provide rules for data exchange among participating applications at Electronic Control Units participating in the control network, timing rules, sequence rules, and the like to facilitate communications between the distributed applications that are exchanging information. CANopen, DeviceNet, SDS, J1939, and NMEA 2000 are just a few examples of protocols that are layered on top of the CAN standard. Even meta protocols like CanKingdom are used, by which higher layer protocols can be constructed and optimized for specific distributed embedded control systems. A still further extension of CAN systems includes the CAN-FD protocol. Although the CAN-FD protocol's speed is increased over previous CAN-based systems, the maximum message length is still limited to 64 bytes. Such a system lacks in flexibility for system designers.

Between 1988 and 2017 the Ethernet protocol experienced significant growth and change. During this period the clock rate increased rapidly. In 1988 an Intel xx86 was clocked at 12.5 MHz and in 2004 almost 300 times faster, 3.46 GHz. Then the clock race slowed down in favor of increased number of cores so that in 2017 chips are clocked at 8 GHz and have more than 30 cores. The number of transistors per square unit increased 5000 times and the computing capacity increased 10,000-fold in these years. Ethernet has continuously taken advantage of this development but mainly for an increased bandwidth. The first thing to abandon was the bus technology. Ethernet has been applied on a number of physical media, but twisted pair is of most interest for distributed embedded control systems. The following table provides a short summary:

Ethernet

Year
standard
Description

(1987)
802.3e
1BASE5 1 Mbps over twisted pair in a star topology.

Bus topology was abandoned for future Ethernet

development.

1990
802.3i
10BASE-T 10 Mbps over twisted pair

1998
802.3y
100BASE-T2 100 Mbps over low quality twisted pair

1999
802.3ab
1000BASE-T Gigabit Ethernet over twisted pair

at 1 Gbps

2006
802.3an
10GBASE-T 10 Gigabit Ethernet over unshielded

twisted pair (UTP)

2015
802.bw
100BASE-T1 - 100 Mbps Ethernet over a single

twisted pair for automotive applications

2016
802.3bp
1000BASE-T1 - Gigabit Ethernet over a single twisted

pair, automotive & industrial environments

2016
802.3bz
2.5GBASE-T and 5GBASE-T - 2.5 Gigabit and 5

Gigabit Ethernet over Cat-5/Cat-6 twisted pair

Ethernet dropped the bus topology to gain bandwidth. The main problem with a bus topology is to maintain the impedance over the whole bus length as impedance shifts introduce signal reflections that can lead to bit errors. In a star topology, a point-to-point communication exists between every node and the hub. The 10BASE-T approach used Manchester coding, but it was soon realized that more sophisticated technologies had to be used to achieve higher bitrates. As the chip technology advanced, Ethernet took advantage by introducing data encoding, data scrambling, and forward error-correcting codes as well as using multiple pairs. Even the cables have been further developed to run Ethernet at 5 Gbps over four twisted pairs.

In contrast, not much has happened with CAN since 1988. The first CAN transceiver chips were released in 1994, and these chips improved over the years. In 2015 CAN-FD debuted with an extended data field and with the possibility of a higher bit rate, but far from the 100 Mbps possible with Ethernet over an unshielded twisted pair.

For some years now there has been a lot of talk in the industry that CAN is too slow and that more bandwidth is needed. Otherwise, Ethernet will be the solution for the future, and CAN will die. For an engineer, this is difficult to believe for the following two reasons: 1) modern fourth generation jet fighters are still using MIL-STD-1553 in their control systems, running at 1 Mbps and less efficient than CAN—does a car really need a faster control system than an inherently unstable jet?- and 2) a bit is a bit and a cable is a cable. The maximum bitrate in a system is ultimately restricted by the physical layer. The higher bitrate, the more advanced physical layer. CAN could run at the same bitrate as Ethernet if CAN was specified to use the same technology of the physical layer.

CAN was designed for embedded distributed control systems. Correctly used, advanced control systems will require a very limited bandwidth which in turn makes them dependable. Unfortunately, it is only in rare cases where its potential is being used. In most cases most of the bandwidth saving features are not taken advantage of. Instead there is an increasing demand for more bandwidth. But even infinite bandwidth and zero processing time would not be a solution as this will just increase the lines of code. We would just move the problem from bandwidth to verification and validation of code. So instead of looking at Ethernet as a replacement of CAN we should rather look at how we could enhance CAN with modern technology as well as how we could use CAN as is in a more efficient way. Ethernet has its place where we need to transfer a lot of information but timing is not crucial. CAN has it place for dependable control systems.

Additional background regarding certain prior teachings regarding such messaging protocols can be found in U.S. Pat. No. 7,711,880 titled Schematizing Of Messages In Distributed Control And Supervision, U.S. Pat. No. 7,472,216 titled Variable Oscillator For Generating Different Frequencies In A Controller Area Network (CAN), U.S. Pat. No. 7,899,936 titled Device In A Modularized System For Effecting Time-Stamping Of Events/Reference Events, and U.S. Pat. No. 7,478,234 titled Distributed Control And Monitoring System, each of which is incorporated by reference herein in their entireties.

Another problem is that of confirming message security. For instance, error detection in certain CAN implementations has been called into question because of the effect of stuff bits on the Hamming distance for data in a CAN packet.

SUMMARY

Generally speaking, pursuant to these various embodiments, tagging information is embedded within individual ones of the bits of the message packet to distinguish bits having the tagging information as being either message packet protocol overhead bits or bits from the message data portion. So configured, a receiving module can readily exclude protocol overhead bits from message data portion bits.

In one example, the message packet is sent using a first protocol such as a CAN protocol, and a second protocol is embedded into the first protocol in a way that modules supporting the second protocol may be aware of and utilize the second protocol whereas modules supporting only the first protocol may not be aware of the second protocol. Operation of modules using the second protocol does not disturb operation of the modules not configured to use or understand the second protocol. Use of the second protocol can be used to add additional information that can protect against various potential network vulnerabilities. For example, one solution to the problem of unreliable Hamming distances in CAN messages is to embed tagging information on particular bits of the message packet that allows receiving modules to distinguishes bits having the tagging information as being either message packet protocol overhead bits or bits from the message data portion. For example, each of a set of nodes (or every node) of the network can have a unique, dedicated identification code that it sends with every message sent from that node. The other nodes can confirm authenticity of a received message by confirming that the identification code received with the message corresponds to a known code for a network node.

In one particular example, the first protocol may be CAN protocol, and the second protocol is a protocol that embeds bits into portions of the CAN protocol. For example, bits of a CAN protocol typically include several bit quanta, and the CAN protocol operates by looking for particular signal levels at particular portions or bit quanta of the individual bits. By one approach, therefore, the second protocol can include sending additional information within the CAN message packet using bit quanta of bits of the CAN message packet other than the defined bit quanta. In another approach, bit lengths of the bits of a message packet can be varied to transmit additional data. In still another approach, voltage levels between maximum and minimum expected voltage values for the defined bit quanta of the message packet can be defined to transmit more than logical “0” and “1” for a given bit quantum other than the bit quantum set for data transmission for the primary protocol. Using any one or combination of these approaches to embedding additional information can be used to tag individual bits with tagging information that facilitates identification and rapid, accurate treatment of those bits.

Accordingly, through application of these methods of embedding more information into an otherwise standard protocol such as CAN or CAN-FD, better authentication of the primary protocol's message can be achieved. For example, the embedded protocol can also be used for improved error checking of the transmitted messages or embedding longer and more secure authentication codes or keys with the primary message. These and other benefits may become clearer upon making a thorough review and study of the following detailed description.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 comprises a block diagram of an example control network as configured in accordance with various embodiments of the invention;

FIG. 2 comprises a schematic of a CAN message;

FIG. 3 comprises a schematic of an example CAN time quantum;

FIG. 4 comprises a schematic of an example CAN bit;

FIG. 5 comprises a schematic of an example of embedding a second protocol message in a portion of a first protocol message, here a Prop_Seg portion of a CAN message, as configured in accordance with various embodiments of the invention;

FIG. 6 comprises a graph differential voltage values recognized by CAN modules;

FIG. 7 comprises graphs illustrating two example differential voltage ranges for a voltage modulation approach configured in accordance with various embodiments of the invention;

FIG. 8 comprises a schematic of an example portion of a message packet modified in accordance with various embodiments of the invention;

FIG. 9 comprises another schematic of an example portion of a message packet modified in accordance with various embodiments of the invention;

FIG. 10 comprises a schematic of three example bit quantum number variations in accordance with various embodiments of the invention;

FIG. 11 comprises a schematic of an example portion of a message packet modified in accordance with various embodiments of the invention;

FIG. 12 comprises a block diagram of an example control network having a star topology as configured in accordance with various embodiments of the invention;

FIG. 13 comprises a block diagram of an example communication device as configured in accordance with various embodiments of the invention.

Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions and/or relative positioning of some of the elements in the figures may be exaggerated relative to other elements to help to improve understanding of various embodiments of the present invention. Also, common but well-understood elements that are useful or necessary in a commercially feasible embodiment are often not depicted in order to facilitate a less obstructed view of these various embodiments. It will further be appreciated that certain actions and/or steps may be described or depicted in a particular order of occurrence while those skilled in the art will understand that such specificity with respect to sequence is not actually required. It will also be understood that the terms and expressions used herein have the ordinary technical meaning as is accorded to such terms and expressions by persons skilled in the technical field as set forth above except where different specific meanings have otherwise been set forth herein.

DETAILED DESCRIPTION

Generally speaking, bit tagging can be provided in embedded portions of a transmitted message. Network security is an increasing concern in all contexts. One perceived weakness of CAN-based systems is the use of stuff bits that can impact the reliability of error checking including impacting the Hamming distance used for error checking. This issue can be eliminated by tagging protocol overhead bits such as stuff bits so that receiving modules know to ignore such bits when error checking message data portions of a received packet.

In one such approach, the control network is configured such that one or more of the nodes are configured to transmit messages including a tagged bit embedded within the message. For instance, the message packet can be sent using the CAN protocol. To distinguish CAN protocol overhead bits that establish the messaging protocol among communicating modules from the variable data being carried within the message data portion of the message packet, individual ones of the bits can include tagging information that distinguishes overhead bits from message data bits. In various examples, the tagging information can be embedded into any one or more of bits after an arbitration field of the message packet, stuff bits embedded within the message packet, bits of a control field portion of the message packet, a CRC delimiter bit of the message packet, an end of frame portion of the message packet, or a last bit of an end of frame portion of the message packet. If the tagging information is placed in a stuff bit, in one example, the tagging information is embedded as a value embedded in a Prop_Sep portion of the stuff bit having an opposite value as that of the stuff bit to readily distinguish it from bits of the message data portion of the message packet. In this example, a receiving module can readily exclude this stuff bit from error checking calculations performed on the message data portion. The tagging information can be embedded in a bit using any of the methods described herein for embedding information within another messaging approach.

Referring now to the drawings, and in particular to FIG. 1, an illustrative system that is compatible with many of these teachings will now be presented. In FIG. 1, a control network 1000 is illustrated having various devices communicating over a bus 1005, but these teachings can apply to control networks having any of a variety of topologies. The communication device apparatus 1010 can be considered a module or node on the control network 1000 and include a communication port 1012 configured to connect to a control network 1000 according to the control network's topology. The communication device apparatus 1010 also includes a processing device 1014 operatively connected to the control network 1000 to control receiving and sending communications with other devices 1020, 1030, 1040, 1050, and 1060 over the control network 1000 via the communication port 1012. Those skilled in the art will recognize and appreciate that such a processor can comprise a fixed-purpose hard-wired platform or can comprise a partially or wholly programmable platform. All of these architectural options are well known and understood in the art and require no further description here.

An example implementation of embedding the second protocol message in the first protocol message will be described with reference to FIGS. 2-5 in the context of a CAN based system. The Controller Area Network (CAN) standard (International Standards Organization (ISO) 11898) is a commonly used protocol for distributed embedded control system although these general teachings can be applied on other protocols as well.

In this implementation, modules supporting the CAN protocol ISO 11898 can coexist with modules supporting a second protocol on the same bus by abstaining from taking advantage of one or more features of CAN. FIG. 2 shows some main characteristics of CAN. CAN is designed for a bus topology and works with two voltage levels, no voltage 101, representing the value “one,” and voltage 102 representing the value “zero.” This arrangement implies that a zero is dominant over a one; in other words, if a first transmitter transmits a one and a second transmitter a zero at the same time, then only the zero can be detected. An idle bus can be seen as a continuous stream of ones. A message 103 starts with a zero bit, the Start Of Frame (SOF) 104 followed by an Identifier 105 of eleven (Standard) or 29 (Extended) plus 2 protocol bits (totaling 31 bits) and a Remote Transmit Request (RTR) bit 106. The SOF and Identifier message portions constitute the Arbitration field 107 where bus collisions are resolved by bitwise arbitration. During the remaining part of the message 108 until the Acknowledgment bit (ACK) 109, there is only one transmitter on the bus because the other transmitters are controlled to not be active in response to these initial message portions; specifically, after the arbitrations portions of the message, ending with the RTR, only one transmitter will be sending while all other communication units will only receive bits per the protocol. This remaining part of the message 108 starts with a Control Field 110 with two dominant bits and a four-bit Data Length Code (DLC) 111 indicating the length of the following Data Field 112, which can contain no data (DLC=0) or up to eight bytes (DLC=8). In other words, the Data Field 112 of the standard CAN message can be from 0 to 64 bits long. The message is checked by a 15 bit CRC code placed in the sixteen bit CRC field 113, where the last bit is the CRC delimiter 114. The ACK field 115 contains the ACK bit 109 followed by a recessive bit, the ACK delimiter 116. The remaining part of the message 103 is the End Of Frame (EOF) field 117 containing seven consecutive recessive bits. Three recessive bits, the Intermission 118, have to pass before the bus is free for new messages.

According to the CAN specification (ISO 11898-1), a bit is constructed of time quanta. With reference to FIG. 3, a single bit quantum for the standard CAN message is depicted as time quantum 130, which is a fixed unit of time derived from the oscillator period 131 of the transmitter/receiver's clock. The time ticks 131 may alternatively be derived from a separate oscillator or clock. A programmable prescaler with integral values ranges from at least one to thirty-two to define the time quantum as a given number of a minimum time quantum. Accordingly, starting with the minimum time quantum, the time quantum shall have the length of Time quantum=m·minimum time quantum

where m is the value of the prescaler.

In operation, therefore, another example CAN bit 132 as illustrated in FIG. 4 is constructed of individual time quanta. The first time quantum is the Sync_Seg 133 followed by the Prop_Seg (Propagation Segment) 134 consisting of one up to at least eight time quanta. The propagation segment is defined according to a period of time to make sure a signal wave can propagate from the transmitter to the far end of the bus and back, which would also correspond to the amount of time needed for the furthest module on the control network to receive the message and respond. Accordingly, the Prop_Seg length is set to allow for the bit arbitration aspect of the CAN protocol to work. The final part of the CAN bit 132 includes the Phase Segments, Phase_Seg1 135 and Phase_Seg2 136. The phase segments are symmetrical, each having one or up to at least eight time quanta long. The phase segments take up the time skew between the different nodes in the system. A CAN bit should then be programmable from 4 to at least 25 time quanta.

All clocks in a CAN system are assumed to be unsynchronized. When a SOF 104 is transmitted, each module's bit-representation is synchronized to the falling edge 140, and each module counts the number of time quanta specified for Prop_Seg and Phase_Seg1. For example, the internal clock of a module that receives the falling edge can determine the timing of the expected sampling point within the resolution of that internal clock; i.e., by knowing the definition of the bits in the internal clock the module can calculate the location of the sampling point relative to the internal clock. In CAN this is typically done by time quanta unit where each time quanta is a number of local clock elements. The voltage of the signal is measured at the Sampling Point 141. If the voltage is still present, the module decides that a SOF is detected and the following voltage shifts are decoded according to the CAN specification. If there is no voltage at the Sampling Point 141, the falling edge is regarded as a glitch and ignored. This feature can be seen as a low pass filter, filtering out disturbances on the bus, for example, due to wave reflections. Such features make CAN dependable and forgiving in bad wiring installations.

More elaborate information about CAN can be found in the ISO standard 11898 and the article “The Configuration of the CAN Bit Timing” by Florian Hartwig and Armin Bassemir (Robert Bosch GmbH, Abt. K8/EIS), presented at 6th International CAN Conference 2nd to 4th November, Turin (Italy), published by CAN in Automation (CiA), Nürnberg Germany, which materials are incorporated by reference in their entireties herein.

With this background, portions of the message packet can be modified in certain defined ways to convey additional information beyond the data (e.g., zero or one) sent via a particular voltage at the sampling point for a given bit. In this way, a module can send an authentication identifier embedded within the message packet using a portion of the message packet other than the defined bit quanta. Receiving modules of the common control network receive the authentication identifier, for example, by extracting it from the defined modified portions of the message packet, and determine whether the message packet is an authorized message packet based on the authentication identifier.

The determination about whether the packet is an authorized message packet can be performed, for instance, by comparing the authentication identifier to a list of authentication identifiers of modules connected to the common control network. This list can be stored on a memory within the module or in a memory readily accessible by the receiving module. For example, a control module for the common control network may compare the authentication identifier to a list that it stores or to which the control module can refer.

In another approach, the receiving module compares the authentication identifier to the receiving module's authentication identifier and sends an error flag in response to determining that the authentication identifier matches the receiving module's authentication identifier. In this way, the receiving module detects an imposter that is trying to send messages on the common control network and alerts the network upon detection of such an imposter message.

The method of modifying the message packet can be any one or combination of a variety of methods. Turning to FIG. 5, one example approach is to modify a first protocol, here the CAN protocol, to embed a second, high speed protocol in portions of a standard CAN message. In such an approach, a processing device of a control network module can be configured to control the second protocol to use a bit rate higher than the first protocol's bit rate, for example, to control the second protocol to use a bit rate higher than the first protocol's bit rate. In other words, because each bit of the message packet includes several bit quanta other than the bit quanta defined for the sampling point to determine the logical value of the bit, the sending module can set a voltage value for the bit quanta other than the defined bit quanta to either the maximum expected voltage value or the minimum expected voltage values for the defined bit quanta. Examples of such an embedded protocol are described in U.S. Pat. Nos. 8,737,426 and 9,419,737, each of which is incorporated here by reference. The rate of bits in the second protocol is only limited by the clock resolution in the second protocol control logic. The number of bits in each time quanta can for example be 20 per 3 time quanta. In any event, the effect is that the processing device of a module is configured to implement the second protocol by adding bits inside of individual bit quanta of the first protocol. In other words, a CAN message packet can be defined by bits having a plurality of bit quanta, and data for the CAN message packet is defined by a signal level at defined bit quanta of a bit where the defined bit quanta are less than every bit quanta of a bit. For instance, a standard CAN bit uses defined bit quanta including a first bit quantum of a respective bit, which first bit quantum is a Sync_Seg bit, and a sample point bit quantum of the respective bit. That sample point is typically between the Phase_Seg1 and Phase_Seg2 portion of the bit as illustrated in FIG. 4. The remaining, undefined bit quanta are available for use in the second protocol. Thus, in one example, to embed the second protocol, the processing device is configured to send additional information within the CAN message packet using bit quanta of Prop-Seg bits of the CAN message packet other than the defined bit quanta checked by the nodes using the standard CAN message protocol.

More specifically, FIG. 5 shows an example CAN bit with a Propagation Segment 205 of eight time quanta and two phase segments 203 and 204 of one time quantum each. The bit starts with the Sync_Seg 202 where any voltage shift 201 is done during this time. The voltage level over the bit time is depicted by the bold line 206. The modules supporting the second protocol would use the Prop_Seg for an embedded high speed bit stream by sampling the voltage value of each time quantum and decode the value according to the CAN rules, where a sensed voltage is decoded as zero and no voltage as one. Modules supporting only the original CAN protocol would decode the falling edge 201 as a synchronization or resynchronization edge and ignore the following voltage shifts. The voltage level at the sample point 207 is dominant and the CAN module will decode the bit correctly to a zero. Modules supporting the second protocol would decode the sample points 210 to 217 as follows: 210=0; 211=1; 212=1; 213=1; 214=0; 215=0; 216=1; 217=0. Here, the processing device for the module is configured to use same voltage levels for signal designations for both the first protocol and the second protocol, although this is not necessary. Indeed, the processing device may instead be configured to implement the second protocol by adding bits inside of individual bit quanta of the first protocol not measured to be a particular level according to the first protocol. Also, although the width of the illustrated second protocol bits or sample points are illustrated as having the same width of first protocol sample points, other time lengths different from that of the first protocol sample points are possible. The number of second protocol bits place in the propagation segment is only limited by the physical layer performance and the clock resolution in the controller logic handling the second protocol.

In another modification, voltage levels other than and between those of the logical “zero” and “one” can be used to convey additional information. In this approach, a sending module sets a voltage value for the bit quanta other than the defined bit quanta to defined values other than and between maximum and minimum expected voltage values for the defined bit quanta. These other values are defined for the system to correspond to other logical values, e.g., “two,” to provide additional bandwidth for information within the message packet.

More specifically, for a CAN message, the Sync_Seg bit can include voltage modulation such as this. The Sync_Seg is regarded dominant by a CAN FD controller when it reads a differential voltage between 0.9 V and 5 V after sampling a recessive bit. This is a wide range that can be used for voltage modulation. FIG. 6 shows the detailed dominant voltage ranges according to the CAN standard. The CAN_H and CAN_L as well as the differential voltages could be used for modulating the Sync_Seg. FIG. 7 shows two example ways to modulate the differential voltage in three steps, with the respective ranges labeled with logic values S1, S2, and S3. In one, the differential voltage is set to three steps 1.5 V, 3.0 V, and 4.5 V that are within the CAN standard. A second, a more aggressive modulation uses steps of 3.3 V, 6.6 V, and 9.9 V. From a silicon implantation point of view, the voltage nominal levels 2.1 V, 3.5 V, and 4.9 V might be preferred as these levels could easily be discriminated at the levels 1.4 V, 2.8 V, and 4.2 V by diodes with 0.7 V voltage drop.

FIG. 8 shows an end of frame (EOF) portion of an example message packet with different modifications described herein. Here, the EOF includes logic values embedded with the differential values labeled with S1, S2, or S3 symbols according to FIG. 7. In this example, the sequence S3 S3 S1 S2 S2 S1 S3 generates a signal pattern that could be read as 2 2 0 1 1 0 2. With this approach, 7³=343 different patterns can be provide using this S symbol voltage modulation approach. In another approach, a byte worth of data could be embedded using just a two level voltage differentiation, say 2.25 V and 4.5 V, and extending this approach into the first intermission bit of the message packet. Where the transmitter keeps all nodes in synchronization, the S symbol, i.e., multi-level voltage level approach, could even be extended to the third intermission bit.

This voltage modulation approach can be extended to bits other than the Sync_Seg bit. For instance, the bits embedded in the Pro_Seg portion of a bit may be combined with the voltage modulation applied on the Sync_Seg in the S symbol approach described above. FIG. 9 shows an example on how to modulate these other bit portions to three levels 0, 1 and 2. Other levels could be chosen, e.g., two or four or more. The more levels, the more information that can be transmitted via the EOF and the two first intermission bits of a message packet. In illustrated example, four bits modulated with three voltage levels gives 9³⁶combinations. This equals a 57 bit binary. These modifications to the message packet can be combined into a five bit byte to get 9⁴⁵combinations, equivalent to a 71 bit binary. This is long enough for encryption keys and identification codes in many cases. The nominal bit chosen in the examples is the shortest. By extending the propagation segment to eight time quanta in the last example, this approach could carry a 128 bit binary. According to the CAN specification, it must be possible to program the nominal bit as shown below.

Parameter
Separate prescaler
Shared prescaler

Sync_Seg
1 time quantum(N)
1 time quantum(N)

Prop_Seg
1 to 48 time quanta(N)
1 to 96 time quanta(N)

Phase_Seg 1
1 to 16 time quanta(N)
1 to 32 time quanta(N)

Phase_Seg 2
2 to 16 time quanta(N)
2 to 32 time quanta(N)

SJW
1 to 16 time quanta(N)
1 to 32 time quanta(N)

The logic encoded using these approaches can be encoded using Manchester coding. This requires a doubling of the clock frequency. On the one hand this might be considered a disadvantage, but on the other hand an advantage because this includes use of an established standard (IEEE 802.3bw 100BASE-T-1 100 Mbit/s Ethernet over a single twisted pair for automotive applications).

Potential limits for the EOF encoding described herein are the same as for the CAN FD data bit rate, which depends on the combined quality of clocks, transceivers, and cables in the system. For implementing this approach in chips, the serial number of the chip or a random number may be transmitted as default, which allows for a system supervising node to detect if a module at a node in the system is exchanged. A receiving node also authenticates the transmitter. This, in combination with scheduling the message traffic, is often good enough to prevent system hacking.

In still another modification, the CAN protocol allows for some variation of the number of bit quanta within different portions of a bit as discussed below. With this option available, the control network's modules can be configured to recognize certain patterns in bit length changes as corresponding to certain logical values. U.S. Pat. No. 7,934,039 describes one approach to measuring the distance between flanks to an accuracy of one nanosecond, which supports such an approach to the message packet modification. Thus, a sending module can vary a number of bit quanta for the bits for the message packet, which the receiving modules will understand as conveying certain information.

FIG. 10 illustrates three variants of bit quanta number variation that can be used to transmit additional logic symbols, labeled here as “L” symbol variants. For symbol L1, the transmitter shortens the Phase Seg 2 by one time quantum. For symbol L2, the transmitter keeps the nominal bit length, and for symbol L3, the transmitter adds a time quantum to Phase_Seg 1. FIG. 11 shows how the L symbol approach can be applied at an EOF of the message packet, in this example providing the pattern L1, L2, L3, L2, L1, L3, L. Receiver modules find Bit 1 short and delete a bit quantum in Phase_Seg 2 in Bit 1. Bit 2 has a normal length. Bit 3 is one time quantum longer than the receivers expect, so they add a bit quantum to bit 4. Bit 5 is shorter than expected so receivers delete a time quantum in Phase_Seg 2. Bit 6 is longer than expected so the receivers add a bit quantum to Sync_Seg 1 in bit 7. The transmitter assigned L1 to Bit 7, but as the receivers have already added a time quantum to Phase_Seg1, they will sample at the falling edge. This may cause a bit failure. To avoid this situation, preferably a restriction logical restriction is added in the use of the L symbol whereby transitions from L3 to L1 are forbidden.

In another application, the L symbol, i.e., bit quantum number variation, can be used alone to create unique signal patterns in the EOF that will not disturb ordinary CAN FD modules. For EOF applications, we have 3⁷−2⁷=2059 patterns. If we extend into the two first intermission bits, there are 3⁹−2⁹=19171 patterns. The L symbol approach can be further applied to add more possible patterns by adding more time quanta to the nominal bit. According to the ISO 11898-1 2015 standard, it must be possible to choose the following values for CAN FD enabled controllers, which illustrates the number of possibilities for varying bit quanta numbers for conveying information:

Parameter
Separate prescaler
Shared prescaler

Phase_Seg 1
1 to 16 time quanta(N)
1 to 32 time quanta(N)

Phase_Seg 2
2 to 16 time quanta(N)
2 to 32 time quanta(N)

SJW
1 to 16 time quanta(N)
1 to 32 time quanta(N)

In yet another possible modification, the oscillator frequency used to keep the timing for each of the modules on the control network can be modified, which changes the total length in time for a given bit. For example, modern phase lock loop and voltage controlled oscillator technology can tightly control oscillator frequency to an accuracy of 0.02%, whereas the CAN standard only requires oscillator frequency accuracy of within 0.5%. Thus, through application of controlled variation of a sending module's oscillator frequency within this 0.02% to 0.5% range, the time length of a given bit can be modified in a defined manner such that a receiving module can determine the change in the received bit's time length and associate that change with a particular logic value.

So configured, message protocols with limited bandwidth can still take advantage of more robust message authentication techniques that were otherwise not possible because of the primary protocol's bandwidth limitations. One advantage to several of the above approaches is that the modifications to the message packet occur at the physical layer, i.e., the voltage present on the communication network physical layer. Thus, a given sending module's own unique physical attributes, i.e., delay, lag, oscillation profile, or the like, becomes part of that module's unique signature or fingerprint, which can provide a further authentication of a given message.

For example, the amount of bit time length modification provided by a given module may be slightly different from that of other modules using the same modification protocol. This slight difference can be learned and stored by the other modules on the common control network during a configuration mode for the network. Thus, any such physical layer unique properties can be included in the authentication process of a given message.

Also, to the extent that these modifications require time synchronization of the various modules on the control network, the primary protocol can be modified to include well placed falling flanks that force a high synchronization frequency for the modules. U.S. Pat. No. 8,897,319, incorporated by reference herein, describes in detail how the Sync_Seg of a bit can be manipulated within the rules of the CAN standard. In short, a dominant Sync_Seg can be sent at the start of every recessive bit, and a recessive Sync_Seg can be sent at every consecutive dominant bit (not the first one). Because in CAN FD every receiver shall make a hard resynchronization at the edge between the FDF bit and the following dominant res bit, a receiver could synchronize a counter to the start of each bit after the hard resynchronization at the end of the FDF bit. As the transmitter then is the only one transmitting until the ACK bit, it can transmit a Sync_Seg with the opposite sign rule in each bit and vary its respective length in respective following bits within the Prop_Seg. It can also vary the length of the bits within the limits given by the 0.5% oscillator tolerance requirement for CAN. In this way, the transmitter can generate a series of raising and falling flanks separated in time that forms a unique signature of itself.

The various protocols and modifications described herein may also be applied in different control network topologies. In one example illustrated in FIG. 12, a CAN-based control network 1400 has a star topology with an active hub device 1410 in the center. The active hub device 1410 is configured to connect to a plurality of CAN channels 1422, 1424, and 1426 of the control network 1400 and act as a gateway among two or more of the plurality of CAN channels 1422, 1424, and 1426. For example, the active hub device 1410 can be an ECU connected to communicate on each of the multiple CAN channels 1422, 1424, and 1426, each channel having its own modules 1412, 1414, 1415, 1416, 1417, 1430, 1431, 1432, 1433, 1460, and 1462. In another example, the active hub device 1410 could be three separate controllers only linked by software mapping messages or information between the three different buses. In still another example, the active hub device 1410 could also be a combined logic designed to transfer messages between the different buses more or less in real time. Additionally, the methods described herein can be implemented into so-called “bridge” devices that allow for use of CAN and CAN-FD modules on that same communication network such as described in U.S. Pat. App. Pub. No. 2016/0286010, which is incorporated by reference in its entirety herein.

In an additional alternative embodiment, the functionality or logic described in herein may be embodied in the form of code that may be executed in a separate processor circuit. If embodied in software, each block of functionality or logic may represent a module, segment, or portion of code that comprises program instructions to implement the specified logical function(s). The program instructions may be embodied in the form of source code that comprises human-readable statements written in a programming language or machine code that comprises numerical instructions recognizable by a suitable execution system such as a processor in a computer system or other system. The machine code may be converted from the source code. If embodied in hardware, each block may represent a circuit or a number of interconnected circuits to implement the specified logical function(s). Accordingly, a computer readable medium (being non-transitory or tangible) may store such instructions that are configured to cause a processing device to perform operations as described herein. One skilled in the art will understand the hardware approach to include field programmable gate arrays (FPGA), microcontrollers, and the like.

Turning to FIG. 13, a specific implementation of using a second protocol or modifying a message packet inside a CAN protocol will be described. Unlike specific implementations where a single processing device would prepare and send (and receive) both the first protocol and second protocol messages in a combined CAN/second protocol messages, two or more processing devices can act in parallel to handle different portions of the combined message. This aspect can be scalable where different processing devices are tasked with handling specific bit quanta or portions of a given sent or received message.

More specifically, in the example of FIG. 13, a communication device apparatus 1500 includes a communication port 1510 configured to connect to a control network 1511. A processing device for the communication device apparatus includes a first processing device 1500 configured to control the communication device apparatus for CAN communication arbitration and to control communication of the CAN message packet. The processing device also includes at least a second processing device 1505 and 1507 configured to control communication of at least a portion of the additional information over at least one of the bit quanta other than the defined bit quanta. In the illustrated example, the at least a second processing device includes separate processing devices 1505 and 1507, each configured to control communication of at least a portion of the additional information over a different one of the bit quanta other than the defined bit quanta. More or fewer processing devices can be so added, and different processing devices can have differing amounts or specific bit quanta assigned for analysis or generation.

In such an approach, the communication port 1510 is operatively connected to the first processing device 1500 to send the CAN message packet over the control network 1511 and the at least a second processing device 1505 to send the additional information over the control network 1511. Moreover, the communication port 1510 is configured to connect to the control network 1511 to receive CAN message packets transmitted over the control network 1511 and operatively connected to provide the received CAN message packet to the first processing device 1503 to read CAN message data and to provide the received CAN message packets to the at least a second processing device 1505, 1507 to read additional information in the CAN message packet. In the illustrated example, the communication port 1510 includes separate receiving (bus level indicator) 1513 and transmitting 1515 portions, although other configurations that substantially combine these aspects together are possible.

FIG. 13 further illustrates one example approach toward implementing a more precise clocking of the device to effect the ability to read and second data embedded within individual bits of a standard CAN message. In this example, a time event generator 1520 is operatively connected to at least two registers 1532 and 1632. The time event generator 1520 generates time ticks at a specific rate. The registers 1532 and 1632 are part of separate time counters 1530 and 1630. A first register 1532 of the at least two registers counts ticks received from the time event generator 1520 and in response to counting a first number of ticks to output a first trigger signal at output 1533 and resets. A second register 1632 of the at least two registers counts ticks received from the time event generator and in response to counting a second number of ticks to output a second trigger signal at an output 1633 and resets.

The first register 1532 provides the first trigger signal to the first processing device 1503 where the first trigger signal corresponds to a sampling time for the CAN message packet. The second register 1632 provides the second trigger signal to at least one of the at least second processing device 1505 where the second trigger signal corresponds to a sampling time for the additional information sent within the CAN message packet. In this manner, the registers 1532 and 1632 help the processing device track when to sense for voltage signals in a received packet or when to provide a signal in a sent packet. Sometimes these registers need to be reset to effect a resynchronization of the communication device apparatus with other communication modules on the control network 1511. In one approach, a reset device 1536 senses a start of frame and is connected to reset the at least two registers 1532 and 1534 in response to sensing the start of frame. In the illustrated approach, the reset device 1536, 1636 of each of the respective time counters 1530 and 1630 receives an output signal provided from the CAN bit recognizer module 1550 in response to sensing a start of frame signal on the control network 1511. Although the different registers used to provide time events for different sampling rates are illustrated in different modules 1530 and 1630, the registers need not be so separated in a given implementation.

Referring again to the example of FIG. 13, the time event generator 1520 includes an oscillator 1522 that outputs a time events 1524 to a TC 1526. The CAN standard defines a “time quantum” as follows: “The time quantum shall be a fixed unit of time derived from the oscillator period. There shall exist a programmable prescaler, with integral values, ranging at least from one (1) to thirty-two (32). Starting with the minimum time quantum, the time quantum shall have a length of: Time quantum=m*minimum time quantum, where m is the value of the prescaler.”

To define the time quanta, the TC 1526 includes a register 1528 that sets the limit for the LTime. Each time the register 1528 reaches its defined limit, it transmits a Time Quantum Event at its output 1529 and resets itself. The result is a stream of time-tick events, i.e., a stream of Time quanta 1525. The time event generator 1520 defines a LTD, programmable to span from 1 to 32 time events that can generate time quanta according to the CAN protocol. The LTC or time event generator 1520 is acting as a time-tick generator and feeding the time counter 1530 with time events. The time event generator 1520 and time counter 1530 form another local time counter 1539.

The time counter 1530 includes an event input 1537 that resets the counter 1530 in response to receiving an event. The first register 1532 in this example is programmable from 2 to 17 and transmits an event at the output 1533 when the first register 1532 reaches the programmed value. The second register 1534 is programmable from 1 to 8 and transmits an event at the output 1535 and resets the counter 1530 when the counter 1530 reaches the programmed value of the first register 1532 plus the programmed value of the second register 1534. According to the CAN specification, a CAN bit consists as a minimum of a Sync_Seg time quantum, one Prop_Seg time quantum, one Phase_Seg 1 time quantum, and one Phase_Seg 2 time quantum, i.e., four time quanta, and the maximum length is Sync_Seg plus 24 time quanta. The first register 1532 can be programmed to cover Sync_Seg plus Prop_Seg plus Phase_Seg 1, and the second register 1534 can be programmed to cover Phase_Seg 2. The local time counter 1539 will the count the number of time events representing a CAN bit and generate an event after Phase_Seg 1 and another one after Phase_Seg 2.

Such a local time counter 1539 is capable of supporting a CAN bit recognizer 1550 as well as a bus level indicator 1513. In the illustrated example, the bus level indicator 1513 has an event input 1514 that receives time events 1525 from the time event generator 1520. In response to receiving a time event from the time event generator 1520, the bus level indicator 1513 samples the bus voltage on the CAN bus control network 1511. If a voltage is detected, the bus level indicator 1513 transmits a voltage-event signal 1516 to an event input port 1551 of the bit recognizer 1550. If no voltage is detected, the bus level indicator 1513 sends a no-voltage-event signal 1517 to an event input port 1552 at the CAN bit recognizer 114. In this arrangement, therefore, the CAN bit recognizer 1550 receives either a voltage signal or a no-voltage event signal at each time-tick event generated by the time event generator 1520.

The CAN bit recognizer 1550 includes an event logic device 1553 and an event counter 1554 that counts time events 1525. The event logic device 1553 is operatively coupled to an input port 1555 connected to receive first register events from the time counter's 1530 first register 1532. When operating under the CAN specification, a bit's value is decided at the end of the Phase_Seg 1, in which case the first register 1532 stores a value that generates a first register event corresponding to an expected Sample Point Event for a given CAN bit. The first register event triggers the CAN bit recognizer 1550 to detect a voltage on the control network 1511 at the expected Sample Point Event, in response to which the event logic device 1553 outputs a recessive bit event (corresponding to a logic “one”) at output 1556 in response to determining a no-voltage event from the bus level detector 1513. If a voltage event is detected at the Sample Point, the event logic device 1553 outputs a dominant bit event (corresponding to a logic “zero”) at output 1557 unless the dominant bit event is a Start Of Frame event. A Start Of Frame event occurs upon detecting a logic “zero” after detecting ten or more consecutive Recessive Bits (logic “one”).

The event logic device 1553 is also triggered to detect a voltage in response to receiving a Start Of Frame register event signal from a Start Of Frame register 1534, which in this example is operatively connected to the first register 1532 and programmed to start counting time events in response to receiving an event from the first register 1532. After reaching the time event count programmed into the Start Of Frame register 1534, it outputs a Start Of Frame check event via an output 1535 to the event logic device 1553 to trigger the event logic device 1553 to check for a voltage corresponding to the start of frame for a bit following a sample point reading triggered by the first register 1532.

Generally speaking, the event logic detector 1553 is configured to recognize not only the recessive, dominant, and SOF bits by comparing voltage events, Sample Point events, and the number of time-tick events counted by the counter 1554. In response to detecting a Start of Frame event, the event logic detector 1553 generates a SOF Bit event signal at output 1558. These signals from outputs 1556, and 1557, and 1558 are received by a Protocol Logic Unit (PLU) 1560 that is configured to decode the bit stream received over the control network 1511 according to the CAN protocol.

Additional considerations can be made with respect to improving CAN bandwidth, for instance in comparison with or combined with Ethernet. First, the CAN bus structure was selected to reduce wiring and connector costs. Is that not relevant any longer?Secondly, CAN has three unique features that saves a lot of bandwidth: 1) Data consistency, 2) Predicable latency, and 3) Message avalanches at emergencies.

Regarding data consistency, broadcasting all messages and every receiver checks for correct reception before accepting the message. Data consistency is a mandatory requirement of any safe security system and this feature of CAN is a beautiful and elegant way to satisfy the requirement.

Regarding predictable latency, CAN can be scheduled in different ways, e.g., by token passing, message sequence, time, etc. and different types of schedules can be simultaneously combined. On top of that, unschedulable messages can be allowed to be transmitted at any time. Thanks to the collision resolution by bitwise arbitration, the maximum latency of any message can be predicted. Further, a node getting out of schedule will not destroy the communication, and the failing node can immediately be identified by the message identifier.

Regarding message avalanches at emergencies, by using CAN messages with no data for emergency messages, message avalanches at system failures can be easily avoided.

The following illustrates configurations that enhance CAN by using the hidden bandwidth that modern technology releases.

1. Continuously Checking the Signal Quality

At the lowest level, a CAN Controller samples at least every bit quantum, and the reading rate could be increased to ten times the clock frequency in new designs. By reading every sample we can get a quality value of every bit. Especially after every flank in the data field we get a measure of the cabling quality. Any disturbance big enough to change the bit value can be recorded and the transmitting node is known by the message identifier. The phase difference between the transmitter and receiver can also be measured. If VCOs are used, the oscillator frequency could be harmonized within the system, compensating for both short term and long term deviations.

2. Increasing the Bit Value Accuracy

According to the CAN specification, the bit value should be stable over the Phase_Seg 1 and Phase_Seg 2, and sampling of the value should be sampled in between the two. With modern technology we could oversample the Phase_Segs, for example, around 20 times, and read the bit value with a high accuracy.

3. Increasing the Clock Synchronization within the System

CAN Controllers resynchronize at every falling flank in a message. By placing a falling flank in the Sync_Seg of every bit, the CAN Controllers within a system can be kept in close synchronization.

4. Encoding Specific Arbitration Phase Bits

Current CAN Controllers are only looking for falling flanks and the voltage level at the sampling point. The rest of the bit is ignored. This fact can be used to encode specific bits according to the ISO 11898 protocol adding additional ways for error checking. High frequency bits can be added in the disregarded parts of the CAN bits in the arbitration phase and be coded according to new protocols for different purposes.

4.1 Encoding Stuff Bits

The Hamming distance in CAN messages has been disputed due to the stuff bits. This problem could be easily solved by applying two rules:

a) The identifier of a safety critical message should not contain any stuff bits.

b) The propagation segment of a stuff bit should have the opposite value of the stuff bit itself.

Because the bit stuffing bits are known by tagging them such that they cannot be mistaken for a data bit and vice versa, a Hamming distance of 6 is guaranteed.

4.2 Bit Embedded Signatures

“Intelligent” CAN transceivers can be configured to add signal patterns in the ignored part of the CAN bits after the identifier. This pattern could be analyzed by the receiver to authenticate the transmitter. Especially the EOF lends itself for such a purpose.

4.3 Embedded Encryption Key

An encryption key could be embedded in the bit portion ignored by CAN. An “intelligent” CAN transceiver/controller could preferably manage encryption and authority tasks as these are system specific tasks that should be hidden from the application.

4.4 a Complete Embedded Protocol

One or more complete protocols for different applications could be embedded in CAN frames. Specific identifiers could be assigned to different protocols within a system.

5. A Star Topology for CAN

CAN with a star topology is nothing new. Already in the early 90th there were CAN systems based on an optical star. A mature solution was presented in 1996 (FORTRESS, a CAN based development environment for real-time embedded applications, P. Vaes et. al.). A hub can be seen as a bus with zero length and the arbitration phase bitrate could then be increased to match the longest arm of the star. Once the arbitration is over, the bitrate could be increased to the capacity of the hub.

6. Combine Ethernet PHY and CAN in the Same Chip

100BASE T1 PHY is an advanced and complex chip such that incorporating CAN into the chip can be readily achieved. There is already a proposal for a new 10BASE T1, essentially a stripped down version of 100BASE T1, for industrial use. We may also see the original 100BASE T1 having a mode clocked down to 10 Mbps to allow for simpler cabling.

7. Dynamically Changing the Network Between CAN, 10BASE T1, and 100Base T1

Most CAN controllers today support three modes: 1) Run Mode, 2) Listen Only Mode (receiving messages, participating in the CAN error detection procedure but no transmission of messages), and 3) Silent Mode (receiving messages but not transmitting anything). By putting all CAN nodes but one into silent mode, we can have a point-to-point connection between this node and a connected tool. Then the tool can send a message to the node ordering it to shift to Ethernet mode. The tool and the node could then continue the communication by Ethernet at the maximum bitrate possible with the quality of the cabling. If the system layout is prepared for 100BASE T1, the communication would then run at 100 Mbps.

8. Dynamically Changing Protocols

With CAN as the superior protocol any unoccupied time in the network can be regarded as the CAN arbitration phase. Any communication is then started with the CAN SOF and identifier. Certain CAN identifiers could then be assigned to indicate that the corresponding time to the length of the CAN message will be used for an Ethernet coded message. After the CAN DLC field the transmitter and receiver will change to Ethernet and remaining nodes will turn into Error Silent Mode until the EOF is expected. The EOF could be coded in a similar way as discussed above for the stuff bit and transmitted by the Ethernet transmitting node. The EOF will then be recognized by all nodes guaranteeing that every node shifts back to CAN runtime mode at the same time. The Ethernet header could be stripped as Source, Destination, and Type are known a prioi by the communicating nodes.

A factor for a high bitrate is the quality of the cabling. The lower bitrate, the less important is the harness impedance. 1 Mbps is good enough for control purposes but encryption, authentication, and flashing may require a significantly higher bitrate and above that, quite different engineering skills. A layered architecture with the control at top and the other problems at a lower level would simplify the complex technology. At the top level, only CAN messages are seen by CAN supporting applications. Higher bitrate messages are hidden in the propagation segments of CAN bits in the arbitration phase excluding the CAN identifier field. Encryption keys and authentication codes can be embedded in the CAN messages. The CAN layer could be time scheduled in different ways where the CAN controllers are put into silent mode for a period of time, allowing the network to operate with another protocol for non-control information exchange. The high speed protocols will enforce better cables and a better cabling layout, and that in turn will make the CAN control system even more dependable than today.

Those skilled in the art will recognize that a wide variety of modifications, alterations, and combinations can be made with respect to the above described embodiments without departing from the scope of the invention, and that such modifications, alterations, and combinations are to be viewed as being within the ambit of the inventive concept.

Bit Encoding For a Bus Communication System

Information

Publication Number

Date Filed

Date Published

Inventors

Original Assignees

CPC

International Classifications

Abstract

Description

Claims

RELATED APPLICATION(S)

Provisional Applications (1)