The present invention relates to a method of accessing a device in a communications network in a motor vehicle via an external device and/or a gateway.
Conventionally, a gateway is used when an external device accesses a communications network in a motor vehicle to prevent negative effects on the availability and stability of a communications network and the components connected to the communications network. The gateway thus assumes security functions.
According to the method of the present invention for accessing a communications network in a motor vehicle via an external device and the gateway according to the present invention, a data protection and security function may be achieved in a simple manner by a software element which is transcribed to the external device by the gateway. This allows the gateway to be less complex, because communication between the external device and the device to be controlled is determined by the software element. This is related to the fact that the security functions for accessing a certain device of the communications network are distributed to the software element to thereby relieve the load on the gateway. In addition, such a system has a distributed intelligence and thus the individual components are less complex. A distributed intelligence means that not all of the security functions are concentrated in the gateway or another function or another device. For each device which permits access by an external device, there is a software element to assume these security functions. The security function and thus the intelligence constituting the security are distributed to the various software elements. This increases the degree of distribution of the intelligence in the communications network.
The gateway inquires directly or via a system manager as to the possibility of accessing the requested device. As an alternative, the inquiry may also be sent directly to the device requested. This information is thus not concentrated in the gateway, so the gateway design may be simplified.
In addition, increased security may be achieved through encryption of the data transmitted to and from the external device and the particular device queried in the communications network. This may make it difficult for this communication to be intercepted.
The software element transcribed to the external device has a specified validity period. This results in the software element not being available for an indefinite period of time, which increases security against abuse of the transcribed software element. Since the external device must initiate a new inquiry after the validity period has elapsed, the access authorization is checked again. This may be accomplished automatically through a cyclic inquiry to the gateway or to the system manager or to the device requested. This makes it possible to prevent further use of the transcribed software element, for example, in the case of unauthorized access.
In addition, the software element may be created using a platform-independent programming language, so the software element will be capable of running in any hardware environment. However, if the software element is created with a platform-specific programming language, the software element may run more rapidly and efficiently on the corresponding external devices. A platform-specific programming language suitable for precisely this external device may be used.
In addition, the software element is created for a device connected to the communications network of the vehicle by using a control module and data of this device. This permits an adaptive procedure which yields a self-configurable communications network.
In addition, the communications network may be operated as a bus system, so that additional components are easily connectable. A bus system may minimize wiring complexity, for example, if the bus system is designed according to the IEEE 1394 standard. This is a serial bus developed for automotive engineering. There are many applications of the method according to the present invention for accessing a device in a communications network in a motor vehicle via an external device.
The external device may have means for communication with the gateway and/or means for using the software element, making it possible to utilize the method according to the present invention.
Example embodiments of the present invention are illustrated in the drawings and explained in detail in the following description.
In the automotive industry, multimedia components are being integrated into motor vehicles to an increasing extent. However, more and more portable and thus external devices are accessing devices connected to a communications network in the vehicle. For example, one may wish to compare an address database with a corresponding database in the motor vehicle with the help of a portable digital assistant. Other examples include transcribing data, for example, audio and/or multimedia data or navigation data created on a home computer.
However, to prevent negative effects on the availability and stability of the communications network, access by these external devices may be accomplished via a gateway. A gateway is a module, implemented either through hardware or software, interconnecting two different communications networks or communication components. Security functions, for example, may be provided in such a gateway, so that access to a communications network does not have unwanted effects.
Therefore, a method of accessing a device in a communications network in a motor vehicle via an external device may be implemented according to the present invention, the gateway of the communications network handling the access inquiry of an external device in such a way that the gateway checks on whether access to a requested device within the communications network is possible, and if this is the case, then a software element is transmitted to the external device to permit communication with the device requested. If no access is possible, the external device is informed of this fact.
The depicted communications network has a gateway 4 having an antenna 3 for sending and receiving and a system manager 5 connected to the gateway via a first data input/output. System manager 5 is connected via its second data input/output to a bus system 6 to which a CD player 9 is also connected via its data input/output. Other components may also be connected to bus system 6, such as other multimedia components such as a navigation device or a car radio. Devices connected to bus 6 have bus controllers which regulate communications over the bus.
As depicted, bus 6 may be a bus system according to IEEE 1394 standard. According to this standard, various devices or nodes are connected via an optical fiber or a cable having four to six strands. A node may optionally be designed, for example, as an end piece or as a relay node. It is therefore possible to construct a suitable topology of the communications network. A node processes the information, which is provided with its own address. All information received by the node at a port may be sent by the node via its other ports if a plurality of such ports are present, as is the case with a relay node. According to IEEE 1394, the communications network is self-configuring, i.e., after a restart, all the nodes in the communications network send information about themselves to the communications network. A MOST bus may also be used as an alternative.
A gateway 8 is connected to bus system 6 via a data input/output. Gateway 8 is the interface between bus system 6 and another bus system 10. Gateway 8 is responsible for data transfer between these two bus systems. A positioning device 7, for example, is connected to bus system 10 here.
System manager 5, which may be either a separate unit having its own hardware and software or a software program on a computer in the motor vehicle, controls components such as CD player 9 and positioning device 7. If there are no software elements for controlling these components, system manager 5 generates a software element which allows such control by using a control module and data stored in the particular device. However, these software elements may also be used by other devices to control the particular devices. System manager 5 may ensure that two devices do not simultaneously access a device to be controlled.
The software element may be created by using a platform-independent code, so the software element will run on any hardware platform, or the software element may be created by using a platform-specific code, so that such a software element is created for certain external devices, e.g., a personal digital assistant, to run rapidly and without error on this particular device. This may provide that only certain devices may access the communications network in the motor vehicle. Such devices include a personal digital assistant, a laptop, a notebook, and a cellular telephone, for example.
If control by an external device is not possible, then in method step 17, external device 1 is notified that access is impossible. This may be due, for example, to a general non-availability of the device, or the external device may not be authorized to have access. In an inquiry by external device 1, the external device logs on. In certain devices or in all devices, a code query may be provided to prevent unauthorized access. This code query may also be performed by a chip which makes the communications network in the motor vehicle receptive as a whole to external access. To do so, the chip may be either inserted into external device 1 or into a device of the communications network to permit authorized access and operation, similar to the use of a keycard with car radios today.
However, if access to CD player 9 via external device 1 is possible, then in method step 14, a software element that permits control of CD player 9 by external device 1 is transmitted from gateway 4 to external device 1. The software element is an executable data file usable only for communication with CD player 9. If there is no software element for CD player 9, system manager 5 is able to generate such a software element by using a control module and data stored in CD player 9. It is thus possible to generate the software element as needed and to save on memory resources.
Then in method step 15, control of CD player 9 by external device 1 may be implemented via the software element transmitted. A check is performed in method step 16 to determine whether the software element is still valid. If this is the case, then in method step 15, the control of CD player 9 is continued. However, if the validity of the software element has expired, the system jumps back to method step 11 to make another request for control of CD player 9. Such a validity period may amount to one hour, for example.
The request after expiration of the validity period may also be performed cyclically in that external device 1 performs the check either at gateway 4 or system manager 5 or the device requested, for example, CD player 9. Then the validity period may be contained not in the software element itself, but instead in an instance in the communications network, which greatly increases security. This may be seen with regard to manipulation of the validity period. If the determination of the validity period occurs in the communications network, an arbitrary change in the validity period is far more difficult than if the determination of the validity period takes place in external device 1. Manipulation may be simpler in the latter case.
In communication between external device 1 and CD player 9, the data may also be encrypted and/or decrypted by external device 1 and CD player 9. Encryption data may be transmitted with the software element to advantage, and the encryption may be linked to authorization for access to the communications network. This may make it more difficult for the communication to be intercepted. The specified validity period may also be waived to reduce data traffic and create greater freedom for a user.
If a platform-independent code is used for the software element, then, for example, Java may be used. If a platform-specific code is used, then it may be suitable to use codes for Palm OS or Windows CE, for example, because these are operating systems designed for operation of portable devices, such as those mentioned above as embodiments for external device 1.
Number | Date | Country | Kind |
---|---|---|---|
100 22 422.9 | May 2000 | DE | national |
This application is a continuation of U.S. patent application Ser. No. 10/276,028 filed Apr. 29, 2003, which is a National Phase Application of PCT International Application No. PCT/DE01/01384, filed on Apr. 7, 2001, and which claims priority to German Patent Application No. 100 22 422.9 filed May 9, 2000, all of which are hereby expressly incorporated herein by reference in their entirety.
Number | Date | Country | |
---|---|---|---|
Parent | 10276028 | Apr 2003 | US |
Child | 12985969 | US |