Patent Application
20250234188
The present invention relates to a method for authenticating a motor vehicle at a hydrogen fuel pump. The present invention also relates to a corresponding device, a corresponding computer program, and a corresponding machine-readable storage medium.
A hydrogen filling station has fuel pumps, nozzles, and pumps that can be used to replenish the energy supply of fuel cell vehicles or other mobile hydrogen consumers. In the prior art, for example, liquid hydrogen (LH2) is offered at a temperature of up to −253° C. and a pressure of up to 16.5 bar and gaseous hydrogen (GH2) at a temperature of 20° C. and a pressure of 250 or 350 bar or a temperature of −40° C. and a pressure of 700 bar.
DE102019219826A1 relates to a method for refueling a vehicle with a hydrogen tank containing gaseous hydrogen. The method is carried out in the following method steps: The vehicle enters a refueling area. A refueling step is carried out on the vehicle. An initial tank temperature check is then carried out on the contents of the at least one hydrogen tank. If the temperature of the tank contents of the at least one hydrogen tank exceeds a temperature limit, the vehicle is transferred to a cool-down area. After a cooling phase, a second tank temperature check is carried out there. If the tank temperature is below a temperature limit, the tank pressure is checked. If the tank pressure in the at least one hydrogen tank is below a tank pressure limit value, the vehicle is transferred to the refueling area for further refueling; if the tank pressure is within the tank pressure limit value, refueling ends.
The invention provides a method for authenticating a motor vehicle at a hydrogen fuel pump, a corresponding device, a corresponding computer program, and a corresponding storage medium according to the independent claims.
The approach according to the invention is based on the realization that refueling a vehicle at a hydrogen filling station is a controlled process. Data must therefore be exchanged between the vehicle and the fuel pump during the refueling process. The refueling process is monitored and controlled by the fuel pump throughout its entire duration; the vehicle supplies the tank data required for this, e.g., its temperature.
If this data exchange takes place via a radio link, the assignment between vehicle and fuel pump is of crucial importance. For safety reasons, any confusion in this respect must be ruled out. This poses a challenge at a gas station with several pumps, as it is difficult to determine the exact location of the vehicle using known standards for wireless networks such as Bluetooth, WLAN, or ZigBee.
In the event of a mix-up, the integrity of the vehicle tank would be jeopardized by the incorrect assignment of data between the vehicle and the fuel pump. Damage to this in turn could result in an uncontrolled escape of hydrogen and injury to filling station customers and operating personnel.
Against this background, one advantage of the solution according to the invention is that it ensures reliable location-dependent assignment of the vehicle to the fuel pump and secure data exchange between the two participants. An intermediary in the form of a mobile phone with an NFC radio interface is used for this purpose.
The measures listed in the dependent claims and described below enable advantageous further developments and improvements of the basic idea stated in the independent claim. In addition to the key used for authentication, the mobile phone can retrieve the name of the wireless computer network (extended service set identifier, ESSID) that can be used to contact the vehicle from the vehicle. In this way, this radio network can remain “invisible”, so to speak, and only allow clients to log in who know its ESSID. This hardens the system against snarfing attacks.
Exemplary embodiments of the invention are shown in the drawings and explained in more detail in the following description. The following is shown in the figures:
The hydrogen fuel pump 11 has an NFC transceiver 15 and a wireless computer network 16. The latter term is used here in a broad sense and comprises wireless local area networks (WLANs) according to the IEEE 802.11 protocol family as well as wireless personal area networks (WPANs) according to the ZigBee or EnOcean standards and Bluetooth piconets.
For its part, the mobile phone 12 has an NFC transceiver 15 and a mobile application (app).
Finally, like the hydrogen filling station 11, the motor vehicle 13 has an NFC transceiver 15 and access to the wireless computer network 16.
The actual authentication process is now explained using
In a first step (process 21), the driver holds the mobile phone 12 to an NFC field in the interior (14—
In a second step (process 22), the mobile phone 12 uses its NFC transceiver 15 to establish a link to the central control unit of the motor vehicle 13 with the aid of the app and retrieves a temporary encryption key and the name of the radio network used by the motor vehicle 13, which are stored in the app and displayed to the vehicle driver together with the expiration date.
In a third step (process 23), after leaving the vehicle 13, the driver holds the mobile phone 12 to a corresponding NFC field of the hydrogen fuel pump 11 and uses the app to initiate the transfer of the encryption key and the name of the vehicle radio network.
If this transfer (23) is successfully completed, which is acknowledged by a notification from the app, the hydrogen fuel pump 11 builds up an encrypted link to the central control unit of the motor vehicle 13 via the wireless computer network 16 in a fourth step (process 24). As soon as this link is established, the hydrogen fuel pump 11 starts refueling and regulates it by means of the link. After its transfer (23) to the hydrogen fuel pump 11, but at the latest when the key expires, it is automatically deleted from the mobile phone 12.
After refueling, the hydrogen fuel pump 11 terminates the link via the wireless computer network 16. The encryption key loses its validity and is deleted by the central control unit of the vehicle 13.
The identification (21) of the motor vehicle 13 can also take place only once by means of the NFC transceiver 15 and—comparable to the pairing of Bluetooth devices via NFC tag—serve to build up a permanent encrypted radio link between the mobile phone 12 and the motor vehicle 13 via the wireless computer network 16. In this case, the vehicle driver explicitly requests a new encryption key in the app.
Another variant for retrieving (22) the temporary encryption key involves replacing the NFC field with a DataMatrix code on the inside of the side compartment. In this embodiment, the motor vehicle 13 is identified (21) by scanning the code using the mobile phone 12, whereupon the app builds up an encrypted radio link between the mobile phone 12 and the central control unit of the motor vehicle 13 via the wireless computer network 16 in order to retrieve the temporary encryption key. After the retrieval (22), this radio link is terminated again.
The data recorded during refueling can be stored in the cloud by the central control unit of the vehicle 13 via an LTE link and used by service providers for billing or diagnostics, e.g., to predict the service life of the hydrogen tank.
This method (20) can, for example, be implemented in software or hardware or in a hybrid form of software and hardware, for example in the mobile phone 12.
| Number | Date | Country | Kind |
|---|---|---|---|
| 10 2021 211 584.5 | Oct 2021 | DE | national |
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/EP2022/076664 | 9/26/2022 | WO |
