Patent Application
20060130033
The invention relates to a method for providing a software module to an automotive vehicle control unit. Further, the invention relates to a method for enabling a software module in an automotive vehicle control unit. Still further, the invention relates to a method for providing access to a software module for use in an automotive vehicle control unit. Also, the invention relates to computer programs comprising program instructions for executing these methods.
Currently, the use of computer systems in automotive vehicles is rapidly increasing, the computer systems being used for controlling an increasing amount of software modules in automotive vehicles, such as engine- and ignition control, airbag systems, anti-lock brake systems, electronic stability systems, instrument and/or display panels, anti theft security systems, central locking, electric windows, etc. With the ever increasing amount of software modules which are controlled by such on-board computers, the rapid development of electronic components for such on-board computers and the current world-wide car market in which a large number of different manufacturers is introducing on the market an ever increasing amount of new car models, the amount of different on-board vehicle computers which are installed in current vehicles is rapidly increasing. Commonly each microcomputer in the vehicle is equipped with its own software which is stored in a memory, such as a memory chip, which is accessible to the microcomputer.
Currently, the need emerges for providing an efficient mechanism for allowing service outlets, garages, and dealers to upgrade or reprogram software to be used by such computer system in the automotive vehicle. It is know to replace a memory means, such as semiconductor chip, e.g. an EPROM, in which the software is loaded, by an other one which comprises updated software, however this requires that the software is on stock at the dealer or service outlet, or alternatively will lead to a long lead time for obtaining the software. As service stations, such as car dealers, for servicing automotive vehicles, more and more tend to provide maintenance and repair services for several makes of automotive vehicles, the amount of different software modules required by a service station is rapidly increasing. Thus, memory chips which contain outdated software modules are frequently thrown away, which forms a waist of materials and electronic components, or alternatively need to be recycled by sending them back to the manufacturer which involves a substantial logistic and administrative organisation with associated costs. Further, delivery times for obtaining a new memory chip by a service outlet are long, as, at the moment when a new memory chip is required, first an order has to be placed at a distributor or a manufacturer of the automotive vehicle, after which the memory chip which has been ordered will be delivered by post, express service, etc. In general, the consequence of the above drawbacks is that service outlets for servicing automotive vehicles either spend unnecessary costs for ordering every new memory chip with software module which becomes available, and thus have available a large amount of memory chips which are hardly used, or frequently face the problem that an appropriate memory chip for a specific vehicle appears to be not on stock at the moment when such chip would be needed.
The invention intends to at least partly take away the problems of the prior art and to provide an easy, user-friendly, quick and safe method for providing a software module to an automotive vehicle control unit.
To achieve these and other goals, the method for providing a software module to an automotive vehicle control unit comprises the steps, by a programming device, of a) establishing a connection between a programmable memory of the vehicle control unit and the programming device, b) generating a request message, the request message comprising an software module identifier for identifying the software module, c) sending the request message from the programming device via a communication means to a server, d) receiving from the server an access message, enabling the programming device to access the software module and e) loading the software module, by the programming device, into the programmable memory of the vehicle control unit. Thus, the programmable memory can be loaded by the programming device with the software module. The steps according to the method can be performed locally, thus e.g. at the garage or service station, and make the software module available within a very short period of time. The programming device can e.g. comprise a computer system or a mobile telephone. Also the programming device can comprise a communication device, preferably a serial communication device for an on-board diagnosis and/or for Engine Control Unit (ECU) programming and/or reprogramming. Thus, a diagnostic instrument for e.g. serially reading out diagnostic and status information of the control unit, and programming or reprogramming operational parameters in the ECU, is comprised in the programming device. The programming device can comprise a Vehicle Communication Interface (VCI) for establishing communication with the vehicle control unit. Further, the programming device can be connected with at least the programmable memory of the vehicle control unit via a cable, connector or other wired or wireless communication means. Alternatively, it is possible that the programming device is comprised in the automotive vehicle control unit. The server can e.g. be placed at the manufacturers premises or the distributor of the automotive vehicle control unit respectively of the software modules, however can also be placed at any other convenient location. The server is connected to the programming device by a communication means, such as a telephone line, the internet, or any other suitable wired or wireless communication means which might be known as such. Security is increased as access to the software module is only enabled when a corresponding access message is sent by the server to the programming device. Thus, it is possible from the server to control and monitor the use of a particular software module. Also, in case that a user is not authorised to use a particular software module, sending the access message by the server can be disabled or an invalid access message can be transferred to the programming device. A user can for example select the software module which needs to be provided to the automotive vehicle control unit from a table, or overview on a display or by any other selection means which might be known per se, such as search software for searching a specific software module. With the method, a required software module can be quickly and easily provided to the automotive vehicle control unit by generating a request message identifying the software module, sending the request message to a server, the server in response to the request message generating an access message and sending the access message to the programming device, the programming device being now able to get access to a corresponding software module, upon which the software module is loaded into the programmable memory by the programming device. The request message can be sent to the server via a communication means, such as the internet, or by telephone or facsimile. For this purpose, the server can incorporate a fax server, voice response server or any other interactive communication means, however it is also possible that the information contained in the request message is entered into the server manually. The access message can be transferred from the server to the programming device via the internet, a telephone network or any other communication means. The access message can e.g. also be transferred by telephone and entered into the programming device or into the automotive vehicle control unit by any suitable input means, such as a keyboard of a computer which might be comprised in the programming device, a keyboard comprised in the automotive vehicle control unit, a barcode read by a barcode reader, etc. The automotive vehicle control unit can comprise an on-board control unit comprised in the vehicle, such as an engine- and ignition control unit (ECU), an anti-lock brake control unit, an airbag control unit, or any other control-, measurement-, or service unit which comprises a controlling device, such as a micro controller or any other computing unit. The automotive vehicle can comprise a car, a van, a truck, an MPV, an off the road vehicle etc. Further, it is possible that the method according to the inventor is applied with a control unit for a stationary engine.
Advantageously, the method comprises the further step of sending a confirmation message from the programming device to the server, after loading the software module in the programmable memory. The confirmation message, which is advantageously sent by the automotive vehicle control unit, provides for a confirmation to the server that the particular software module has been programmed into the vehicle control unit. The confirmation received by the server can be stored in a database enabling tracebility as to which software module has been downloaded when and by whom into which vehicle or vehicle control unit. The tracebility will assist in avoiding liability issues for the vehicle manufacturer.
Advantageously, step d) comprises the steps of d1) receiving from the server the access message comprising an access key, d2) deriving the access key from the access message, and d3) accessing the software module by the programming device using the access key. The access key can comprise any suitable access means, such as a password, a security code, access code, or any other suitable access means. In this manner, the software module, or a library of different software modules, can be available to the user, e.g. stored on a CDROM, downloadable from the internet, etc, while access to the software is only provided when an appropriate access key has been provided.
Advantageously, the access key comprises a decryption key, step d3) advantageously comprising the step of decrypting the software module with the decryption key. Thus, access to the software can be controlled in a very effective manner, as only when an appropriate decryption key is available, access to the software module is provided.
Advantageously, the method comprises the further step of g) charging, by the server, an amount to a user account for payment for the software module. Thus, upon receipt of a request message requesting access to a specific software module, an amount can be charged to a user account, the user thus paying for the software module requested.
Advantageously, step g) comprises the further step of g.1) checking, in a user account database, prior payments for a same user and g.2) determining a value of the amount based on the prior payments. Thus, pricing schemes can be set up by checking prior amounts charged to the same user and determining a value based on the previously charged amounts. It is for example possible to avoid multiple payments for a same software module, by setting the amount to zero in case that the same software module has already been requested and paid. Also, quantum discounts can be provided for users who request for and pay a certain, predetermined amount of software modules within a certain time frame.
Advantageously, the request message further comprises a destination identifier for identifying a destination for the software module. The destination identifier can advantageously be chosen from a group comprising a user identification, a vehicle identification, a programming device identification, a vehicle control unitidentification and/or a vehicle control unit memory identificaton. Thus, it is possible to provide a more detailed charging mechanism, as charging, and determining a height of the amount charged can further be based on a history of previous request messages and previous payments which are related to the same destination as the destination for the current request. Further, security and retraceability can be increased, as the destination for which the software module is requested (such as the user, the vehicle control unit, the programming device or a part thereof etc) is available at the server and can be stored in the server or in a memory which is accessible to the server. In particular in combination with the confirmation message described above, traceability will be excellent as the destination for the software module is known to the server, as well as confirmation of the loading of the software is provided.
Advantageously, the access message received in step d) further comprises a code number determined by the server and step d) comprises the further steps of d5) deriving the code number from the access message d6) storing the code number in the software module, the software module further comprising a code number calculation module for calculating the code number, for enabling the software module to verify if the code number calculated by the code number calculation module equals the code number stored in the software module. Thus, a further protection against unauthorised use of the software is provided. The software module comprises a code number as well as a code number calculation module. At a suitable moment, e.g. when starting the software module by the vehicle control unit, the software module first calculates the code number using the code number calculation module and then compares the calculated code number with the code number stored in the software module. If the code number stored in the software module is identical to the code number calculated by the code number calculation module, then the software is enabled, but in case that the code number calculation module provides a code number which does not correspond to the code number stored in the software, the software module is not enabled. The code number calculation module is advantageously adapted for calculating the code number using at least one input parameter comprising the destination identifier. Consequently, when use of the software module at a different destination is attempted, the calculation performed by the code number calculation module will result in calculation of a different code number, as the code number calculation module performs the calculation of the code number using the destination identifier as an input parameter. As a different destination identifier will result in a different code number, the code number stored in the software will not correspond to the code number calculated by the calculation module, which results in limited or no availability of the software module. Thus, unauthorised copying of the software module and unauthorised use of the software module at various destinations, such as various vehicle control units, vehicle communication interfaces etc. can be prevented. As the code number calculation module is comprised in the software module, it is possible to use different code number calculation modules for a variety of software modules, because the appropriate code number calculation module for the specific software module is comprised in each particular software module. In case that a third party for example has successfully retrieved the calculation algorithm used by the code number calculation module which is applied in a specific software module, this third party could eliminate the protection of the code number calculation module by calculating appropriate code numbers for a variety of destination identifiers and by storing each code number in a corresponding software module to be loaded without authorisation into a corresponding vehicle control unit etc. As however each software module can comprise a different code number calculation module making use of a different code number calculation algorithm, a different algorithm, and thus a different code number calculation module can be comprised in each different software module, which significantly impedes unauthorised use of various software modules, as for each particular software module providing a specific software module, the algorithm applied for calculating the code number in the code number calculation module used in that specific software module has to be retrieved. The code number calculation module can perform any kind of operation for calculating the code number, including logical, mathematical, and/or any suitable type of operation. Also, the code number calculation module can make use of one or more input parameters, comprising advantageously the destination identifier identifying the destination for the particular software module, however any other suitable type of input parameter can be used.
Advantageously, the method comprises the further steps of, by the server, before step d) providing a duplicate of the code number calculation tool to the server, calculating the code number in the server, and integrating the code number in the access message. Thus, the code number is calculated by a duplicate of the code number calculation tool (which comprises the same algorithm for calculating the code number as the code number calculation tool comprised in the software module), resulting in a possibility to individually calculate a code number upon receipt of a request message requesting a software module for a particular destination.
Advantageously, the software module comprises program instructions for, before enabling the software module in the automotive vehicle control unit, performing the steps of calculating the code number by the code number calculation module, comparing the code number calculated with the code number stored in the software module and enabling the software module only when the calculated code number equals the code number stored in the software module.
The software module can be read from a memory means, which advantageously is chosen from a group comprising an optically readable disk, a magnetically readable disk, a magnetically readable tape and a semiconductor memory. The software modules can thus be available for the user on a memory means, such as a CDROM, advantageously in encrypted form, and upon receipt of an appropriate access message, access to a particular software module is provided. Alternatively, it is possible that the software module can be downloaded from the internet or any other computer network.
The invention further comprises a method for enabling a software module in an automotive vehicle control unit, the software module having been provided to the instrument according to the method according to the invention, the method comprising the steps of calculating, in the automotive vehicle control unit, the code number by the code number calculation module, comparing the calculated code number with the code number stored in the software module, and enabling the software module only when the calculated code number equals the code number stored in the software module.
Further, the invention comprises a method for providing access to a software module for use in an automotive vehicle control unit having a programmable memory, the method comprising the steps of, in a server receiving, from a programming device, a request message requesting access to the software module, the request message comprising a software identification for identifying the software module and sending an access message comprising an access key enabling the automotive instrument to access the software module, from the server to the programming device.
The computer programs according to the invention comprise program instructions for executing the respective methods according to the invention.
Further advantages and features of the invention will become clear from a description of the appended drawing, showing non-limiting embodiments of the invention, in which:
When, in the automotive vehicle control unit, a start of the software module is requested, as indicated with step 40 in
Consequently, the invention provides a user-friendly, fast and secure way for providing a software module to an automotive vehicle control unit as a request for obtaining access to the software module is sent to a server, upon which the server provides an access message advantageously comprising an access key, such as a decryption key, enabling access to the software module. The server can determine validity of the request and can provide for a charging of an amount to a user account for payment of the software. An advantage of the system and method according to the invention is that the software can be distributed in advance, while use of the software is controlled via the access message as described above and payment for the software takes place when access to the software is provided. Thus, it is not required to send large files via the internet or another network, as the software itself, which comprises the software module, is already present on the CD-ROM, while only comparatively small messages need to be sent via the internet for providing access to the software.
By making use of the method and system according to the invention, as described in particular with reference to
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/NL03/00158 | 3/3/2003 | WO | 10/31/2005 |
