VEHICLE PLATFORM, VEHICLE CONTROL INTERFACE BOX, AND AUTONOMOUS DRIVING SYSTEM

Abstract

When a power status of a vehicle makes transition regardless of control by an autonomous driving system while the autonomous driving system is controlling a power mode of a vehicle platform, the autonomous driving system is notified that transition was caused by a driver input. A VP is configured such that an ADS is mountable thereon. The VP includes a base vehicle and a VCIB. The VCIB interfaces between the base vehicle and the ADS. Then, the VCIB provides a signal that indicates a driver input onto a start/stop button for switching between on and off of the base vehicle to the ADS.

Description

This nonprovisional application is based on Japanese Patent Application No. 2021-157538 filed with the Japan Patent Office on Sep. 28, 2021, the entire contents of which are hereby incorporated by reference.

BACKGROUND

Field

The present disclosure relates to a vehicle platform configured such that an autonomous driving system is mountable thereon, a vehicle control interface box that interfaces between a vehicle platform and an autonomous driving system mounted on the vehicle platform, and an autonomous driving system configured as being mountable on a vehicle platform.

Description of the Background Art

Japanese Patent Laying-Open No. 2018-132015 discloses a vehicle incorporating an autonomous driving system. The vehicle incorporates a motive power system, a power supply system, and the autonomous driving system. The motive power system manages motive power of the vehicle in a centralized manner. The power supply system manages charging power or discharged power of a battery mounted on the vehicle and supply of electric power to various vehicle-mounted devices in a centralized manner. The autonomous driving system carries out autonomous driving control of the vehicle in a centralized manner. An engine ECU of the motive power system, a power supply ECU of the power supply system, and an autonomous driving ECU of the autonomous driving system are communicatively connected to one another over a vehicle-mounted network.

SUMMARY

An autonomous driving system developed by an autonomous driving system developer may externally be attached to a vehicle. In this case, autonomous driving is carried out under vehicle control in accordance with a command from the externally attached autonomous driving system.

In such a vehicle, an interface for various commands and signals exchanged between the externally attached autonomous driving system and the vehicle is important. When a driver input (an operation by a user) for switching between on and off of a vehicle is provided while the externally attached autonomous driving system is controlling a power mode of a vehicle platform, a power status of the vehicle may make transition regardless of control by the autonomous driving system. Consequently, an unintended malfunction may be caused.

The present disclosure was made to solve a problem as above, and an object thereof is to prevent an unintended malfunction from being caused in a vehicle platform on which an autonomous driving system is mounted when a power status of a vehicle makes transition regardless of control by the autonomous driving system while the autonomous driving system is controlling a power mode of the vehicle platform.

Another object of the present disclosure is to prevent an unintended malfunction from being caused in a vehicle control interface box that interfaces between a vehicle platform and an autonomous driving system mounted on the vehicle platform when a power status of a vehicle makes transition regardless of control by the autonomous driving system while the autonomous driving system is controlling a power mode of the vehicle platform.

Another object of the present disclosure is to prevent an unintended malfunction from being caused in an autonomous driving system mounted on a vehicle platform when a power status of a vehicle makes transition regardless of control by the autonomous driving system while the autonomous driving system is controlling a power mode of the vehicle platform.

A vehicle platform in the present disclosure is configured such that an autonomous driving system is mountable thereon. The vehicle platform includes a vehicle and a vehicle control interface box. The vehicle control interface box interfaces between the vehicle and the autonomous driving system. The vehicle control interface box provides a signal that indicates a driver input onto a button for switching between on and off of the vehicle to the autonomous driving system.

With the configuration above, the signal that indicates the driver input onto the button is transmitted to the autonomous driving system. This signal represents the fact that transition of the power status of the vehicle has been caused by the driver input. Therefore, the autonomous driving system can be notified that transition of the power status of the vehicle has been caused by the driver input.

A vehicle control interface box in the present disclosure interfaces between a vehicle included in a vehicle platform on which an autonomous driving system is mountable and the autonomous driving system. The vehicle control interface box includes a processor and a memory. A program executed by the processor is stored in the memory. The processor provides a signal that indicates a driver input onto a button for switching between on and off of the vehicle to the autonomous driving system in accordance with the program.

An autonomous driving system in the present disclosure is configured as being mountable on a vehicle platform. The vehicle platform includes a vehicle and a vehicle control interface box that interfaces between the vehicle and the autonomous driving system. The autonomous driving system includes a compute assembly and a communication module. The communication module communicates with the vehicle control interface box. The compute assembly is programmed to receive a signal that indicates a driver input onto a button for switching between on and off of the vehicle from the vehicle control interface box through the communication module.

When the compute assembly receives the signal that indicates the driver input a prescribed number of times or more within a prescribed time period, the compute assembly may determine that the button is held.

With the configuration above, the vehicle platform can notify the autonomous driving system that the button is held.

The foregoing and other objects, features, aspects and advantages of the present disclosure will become more apparent from the following detailed description of the present disclosure when taken in conjunction with the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram showing overview of a vehicle 10 according to an embodiment of the present disclosure.

FIG. 2 is a diagram showing in further detail, a configuration of an ADK (ADS) and a VP shown in FIG. 1.

FIG. 3 is a diagram for illustrating a value that a driver input signal can take.

FIG. 4 is a diagram showing exemplary variation in value of the driver input signal.

FIG. 5 is a flowchart showing exemplary processing performed in association with pushing of a start/stop button.

FIG. 6 is a diagram showing switching of a value of a driver input signal SS when the start/stop button is pressed by a driver a prescribed number of times or more within a prescribed time period while the start/stop button is held.

FIG. 7 is a diagram showing exemplary processing performed in association with the start/stop button being held.

FIG. 8 is a diagram showing an overall structure of an Autono-MaaS vehicle.

FIG. 9 is a diagram showing a system architecture of the Autono-MaaS vehicle.

FIG. 10 is a diagram showing a typical workflow in the ADS.

FIG. 11 is a diagram showing relation between a front wheel steer angle rate limitation and a velocity.

FIG. 12 is a state machine diagram of the power mode.

FIG. 13 is a diagram showing details of shift change sequences.

FIG. 14 is a diagram showing immobilization sequences.

FIG. 15 is a diagram showing standstill sequences.

FIG. 16 is a state machine diagram of an autonomy state.

FIG. 17 is a diagram showing an authentication process.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

An embodiment of the present disclosure will be described below in detail with reference to the drawings. The same or corresponding elements in the drawings have the same reference characters allotted and description thereof will not be repeated.

Embodiment

FIG. 1 is a diagram showing overview of a vehicle 10 according to an embodiment of the present disclosure. Referring to FIG. 1, vehicle 10 includes an autonomous driving kit (which is denoted as “ADK” below) 200 and a vehicle platform (which is denoted as “VP” below) 120. ADK 200 is configured as being attachable to (mountable on) VP 120. ADK 200 and VP 120 are configured to communicate with each other through a vehicle control interface box 111 (which will be described later) mounted on VP 120.

VP 120 can carry out autonomous driving in accordance with control requests (commands) from ADK 200. Though FIG. 1 shows VP 120 and ADK 200 at positions distant from each other, ADK 200 is actually attached to a rooftop or the like of a base vehicle 100 (which will be described later) included in VP 120. ADK 200 can also be removed from VP 120. While ADK 200 is not attached, VP 120 can travel by driving by a driver (user). In this case, VP 120 carries out travel control (travel control in accordance with an operation by a user) in a manual mode.

ADK 200 includes an autonomous driving system (which is denoted as “ADS” below) 202 for autonomous driving of vehicle 10 (base vehicle 100). For example, ADS 202 creates a driving plan of vehicle 10. Then, ADS 202 outputs various commands (control requests) for travel of vehicle 10 in accordance with the created driving plan to VP 120 in accordance with an application program interface (API) defined for each command. ADS 202 receives various signals indicating statuses (vehicle statuses) of VP 120 from VP 120 in accordance with the API defined for each signal. Then, ADS 202 has the received vehicle status reflected on creation of the driving plan. A detailed configuration of ADS 202 will be described later.

VP 120 includes base vehicle 100 and vehicle control interface box (which is denoted as “VCIB” below) 111.

Base vehicle 100 carries out various types of vehicle control in accordance with a control request from ADK 200 (ADS 202). Base vehicle 100 includes various systems and various sensors for controlling the vehicle. Specifically, base vehicle 100 includes an integrated control manager 115, a brake system 121, a steering system 122, a powertrain system 123, an active safety system 125, a body system 126, wheel speed sensors 127A and 127B, a pinion angle sensor 128, a camera 129A, and radar sensors 129B and 129C.

Integrated control manager 115 includes a processor and a memory, and integrally controls the systems (brake system 121, steering system 122, powertrain system 123, active safety system 125, and body system 126) involved with operations of the vehicle.

Brake system 121 is configured to control a braking apparatus provided in each wheel. The braking apparatus includes, for example, a disc brake system (not shown) that is operated with a hydraulic pressure regulated by an actuator.

Wheel speed sensors 127A and 127B are connected to brake system 121. Wheel speed sensor 127A detects a rotation speed of a front wheel and outputs a detection value thereof to brake system 121. Wheel speed sensor 127B detects a rotation speed of a rear wheel and outputs a detection value thereof to brake system 121.

Brake system 121 generates a braking command to a braking apparatus in accordance with a prescribed control request outputted from ADK 200 through VCIB 111 and integrated control manager 115. Brake system 121 then controls the braking apparatus based on the generated braking command. Integrated control manager 115 can calculate a speed of the vehicle (vehicle speed) based on the rotation speed of each wheel.

Steering system 122 is configured to control a steering angle of a steering wheel of the vehicle with a steering apparatus. The steering apparatus includes, for example, rack-and-pinion electric power steering (EPS) that allows adjustment of a steering angle by an actuator.

Pinion angle sensor 128 is connected to steering system 122. Pinion angle sensor 128 detects an angle of rotation of a pinion gear (a pinion angle) coupled to a rotation shaft of the actuator included in the steering apparatus and outputs a detection value thereof to steering system 122.

Steering system 122 generates a steering command to the steering apparatus in accordance with a prescribed control request outputted from ADK 200 through VCIB 111 and integrated control manager 115. Then, steering system 122 controls the steering apparatus based on the generated steering command.

Powertrain system 123 controls an electric parking brake (EPB) system provided in at least one of a plurality of wheels, a parking lock (P-Lock) system provided in a transmission of base vehicle 100, and a propulsion system including a shift apparatus for selecting a shift range. A detailed configuration of powertrain system 123 will be described later with reference to FIG. 2.

Active safety system 125 detects an obstacle (a pedestrian, a bicycle, a parked vehicle, a utility pole, or the like) in front or in the rear of the vehicle with the use of camera 129A and radar sensors 129B and 129C. Active safety system 125 determines whether or not vehicle 10 may collide with the obstacle based on a distance between vehicle 10 and the obstacle and a direction of movement of vehicle 10. Then, when active safety system 125 determines that there is possibility of collision, it outputs a braking command to brake system 121 through integrated control manager 115 so as to increase braking force of the vehicle.

Body system 126 is configured to control, for example, components such as a direction indicator, a horn, and a wiper (none of which is shown), depending on a traveling state of vehicle 10 or an environment around vehicle 10. Body system 126 controls each component in accordance with a prescribed control request outputted from ADK 200 through VCIB 111 and integrated control manager 115.

VCIB 111 is configured to communicate with ADS 202 of ADK 200 over a controller area network (CAN). VCIB 111 receives various control requests from ADS 202 or outputs a status of VP 120 to ADS 202 by executing a prescribed API defined for each communicated signal. When VCIB 111 receives the control request from ADS 202, it outputs a control command corresponding to the control request to a system corresponding to the control command through integrated control manager 115. VCIB 111 obtains various types of information on base vehicle 100 from each system through integrated control manager 115 and outputs the status of base vehicle 100 as the vehicle status to ADS 202.

Vehicle 10 may be adopted as one of constituent elements of a mobility as a service (MaaS) system. The MaaS system further includes, for example, a data server and a mobility service platform (MSPF) (neither of which is shown), in addition to vehicle 10.

The MSPF is an integrated platform to which various mobility services are connected. Autonomous driving related mobility services are connected to the MSPF. In addition to the autonomous driving related mobility services, mobility services provided by a ride-share company, a car-sharing company, a rent-a-car company, a taxi company, and an insurance company may be connected to the MSPF. Various mobility services including mobility services can use various functions provided by the MSPF by using APIs published on the MSPF, depending on service contents.

VP 120 further includes a data communication module (DCM) (not shown) as a communication interface (I/F) to wirelessly communicate with a data server of the MaaS system. The DCM outputs various types of vehicle information such as a speed, a position, or an autonomous driving state to the data server. The DCM receives from the autonomous driving related mobility services through the MSPF and the data server, various types of data for management of travel of an autonomous driving vehicle including vehicle 10 in the mobility services.

The MSPF publishes APIs for using various types of data on vehicle statuses and vehicle control necessary for development of the ADK. Various mobility services can use various functions provided by the MSPF depending on service contents, by using the APIs published on the MSPF. For example, the autonomous driving related mobility services can obtain operation control data of an autonomous driving vehicle that communicates with the data server or information stored in the data server from the MSPF by using the APIs published on the MSPF. The autonomous driving related mobility services can transmit data for managing an autonomous driving vehicle including vehicle 10 to the MSPF by using the API.

FIG. 2 is a diagram showing in further detail, a configuration of ADK 200 (ADS 202) and VP 120 shown in FIG. 1. Referring to FIG. 2, ADS 202 of ADK 200 includes a compute assembly 210, a human machine interface (HMI) 230, sensors for perception 260, sensors for pose 270, and a sensor cleaning 290.

Compute assembly 210 includes a memory and a processor, and communication modules 210A and 210B. A program executable by the processor is stored in the memory. The processor performs various types of processing in accordance with the program stored in the memory. Communication modules 210A and 210B are configured to communicate with VCIB 111. During autonomous driving of vehicle 10, compute assembly 210 obtains information indicating an environment around the vehicle and information indicating a pose, a behavior, and a position of vehicle 10 from various sensors (which will be described later), and obtains a vehicle status from VP 120 through VCIB 111 and sets a next operation (acceleration, deceleration, or turning) of vehicle 10. Then, compute assembly 210 outputs various commands for realizing the set next operation to VCIB 111 in VP 120. Compute assembly 210 is configured to control a power mode of VP 120 while ADK 200 is attached to VP 120. Though the power mode of VP 120 is not necessarily identical to the power status of base vehicle 100, it is consistent with the power status of base vehicle 100 in the absence of a driver input onto a start/stop button 130 (which will be described later).

HMI 230 presents information to a user and accepts an operation by the user during autonomous driving, during driving requiring an operation by the user, or at the time of transition between autonomous driving and driving requiring an operation by the user. HMI 230 is constructed to be connected to an input and output apparatus (not shown) such as a touch panel display provided in VP 120.

Sensors for perception 260 are sensors that perceive an environment around the vehicle. Sensors for perception 260 include, for example, at least one of laser imaging detection and ranging (LIDAR), a millimeter-wave radar, and a camera.

The LIDAR refers to a distance measurement apparatus that measures a distance based on a time period from emission of pulsed laser beams (infrared rays) until return of the laser beams reflected by an object. The millimeter-wave radar is a distance measurement apparatus that measures a distance or a direction to an object by emitting radio waves short in wavelength to the object and detecting radio waves that return from the object. The camera is arranged, for example, on a rear side of a room mirror in a compartment and used for shooting the front of vehicle 10. As a result of image processing by artificial intelligence (AI) or an image processing processor onto images or video images shot by the camera, another vehicle, an obstacle, or a human in front of vehicle 10 can be recognized. Information obtained by sensors for perception 260 is outputted to compute assembly 210.

Sensors for pose 270 are sensors that detect a pose, a behavior, or a position of vehicle 10. Sensors for pose 270 include, for example, an inertial measurement unit (IMU) and a global positioning system (GPS).

The IMU detects, for example, an acceleration in a front-rear direction, a lateral direction, and a vertical direction of vehicle 10 and an angular speed in a roll direction, a pitch direction, and a yaw direction of vehicle 10. The GPS detects a position of vehicle 10 based on information received from a plurality of GPS satellites that orbit the Earth. Information obtained by sensors for pose 270 is outputted to compute assembly 210.

Sensor cleaning 290 removes soiling attached to various sensors. Sensor cleaning 290 removes soiling attached to a lens of the camera or a portion from which laser beams or radio waves are emitted, for example, with a cleaning solution or a wiper.

VCIB 111 interfaces between base vehicle 100 and ADS 202. VCIB 111 includes a VCIB 111A and a VCIB 111B. Each of VCIBs 111A and 111B includes an electronic control unit (ECU). The ECU includes a processor such as a not-shown central processing unit (CPU) and a memory (a read only memory (ROM) and a random access memory (RAM)). A program executable by the processor is stored in the ROM. The processor performs various types of processing in accordance with the program stored in the ROM.

VCIBs 111A and 111B are communicatively connected to communication modules 210A and 210B of ADS 202, respectively. VCIB 111A and VCIB 111B are also communicatively connected to each other. Though VCIB 111B is equivalent in function to VCIB 111A, it is partially different in a plurality of systems connected to the VCIBs that make up VP 120.

VCIBs 111A and 111B each relay control requests and vehicle statuses between ADS 202 and VP 120. Specific description will be given representatively for VCIB 111A. VCIB 111A receives various control requests outputted from ADS 202 in accordance with an API defined for each control request. Then, VCIB 111A generates a command corresponding to the received control request and outputs the command to a system of base vehicle 100 corresponding to the control request. The control request (control command) received by VCIB 111A from ADS 202 includes a power mode command provided by ADS 202 to control the power mode of VP 120. ADS 202 can control the power mode of VP 120 based on this power mode command.

VCIB 111A receives vehicle information provided from each system of VP 120 and transmits (provides) information (signal) indicating the vehicle status of VP 120 to ADS 202 in accordance with an API defined for each vehicle status. The information indicating the vehicle status may be information identical to the vehicle information provided from each system of VP 120 or may be information extracted from the vehicle information to be used for processing performed by ADS 202. In the present embodiment, the vehicle status transmitted from VCIB 111 to ADS 202 includes a status of start/stop button 130 (which will be described later). This vehicle status may include the power status of base vehicle 100.

As VCIBs 111A and 111B equivalent in function relating to an operation of at least one of (for example, braking or steering) systems are provided, control systems between ADS 202 and VP 120 are redundant. Thus, when some kind of failure occurs in a part of the system, the function (turning or stopping) of VP 120 can be maintained by switching between the control systems as appropriate or disconnection of a control system where failure has occurred.

Brake system 121 includes brake systems 121A and 121B. Steering system 122 includes steering systems 122A and 122B. Powertrain system 123 includes an EPB system 123A, a P-Lock system 123B, and a propulsion system 124.

VCIB 111A is communicatively connected to brake system 121A, steering system 122A, EPB system 123A, P-Lock system 123B, propulsion system 124, body system 126, and start/stop button 130 through a communication bus. VCIB 111B is communicatively connected to brake system 121B, steering system 122B, P-Lock system 123B, and start/stop button 130 through a communication bus.

Brake systems 121A and 121B are configured to control a plurality of braking apparatuses provided in wheels. Brake system 121B may be equivalent in function to brake system 121A, or one of brake systems 121A and 121B may be configured to independently control braking force of each wheel during travel of the vehicle and the other thereof may be configured to control braking force such that equal braking force is generated in the wheels during travel of the vehicle.

Brake systems 121A and 121B each generate a braking command to the braking apparatus in accordance with a control request received from ADS 202 through VCIB 111. For example, brake systems 121A and 121B control the braking apparatus based on a braking command generated in one of the brake systems, and when a failure occurs in that brake system, the braking apparatus is controlled based on a braking command generated in the other brake system.

Steering systems 122A and 122B are configured to control a steering angle of a steering wheel of vehicle 10 with a steering apparatus. Steering system 122B is similar in function to steering system 122A.

Steering systems 122A and 122B each generate a steering command to the steering apparatus in accordance with a control request received from ADS 202 through VCIB 111. For example, steering systems 122A and 122B control the steering apparatus based on the steering command generated in one of the steering systems, and when a failure occurs in that steering system, the steering apparatus is controlled based on a steering command generated in the other steering system.

EPB system 123A is configured to control the EPB. The EPB is provided separately from the braking apparatus, and fixes a wheel by an operation of an actuator. The EPB, for example, activates a drum brake for a parking brake provided in at least one of a plurality of wheels to fix the wheel with an actuator, or activates a braking apparatus to fix a wheel with an actuator capable of regulating a hydraulic pressure to be supplied to the braking apparatus separately from brake systems 121A and 121B.

EPB system 123A controls the EPB in accordance with a control request received from ADS 202 through VCIB 111.

P-Lock system 123B is configured to control a P-Lock apparatus. The P-Lock apparatus fits a protrusion provided at a tip end of a parking lock pawl, a position of which is adjusted by an actuator, into a tooth of a gear (locking gear) provided as being coupled to a rotational element in the transmission of base vehicle 100. Rotation of an output shaft of the transmission is thus fixed and the wheel is fixed.

P-Lock system 123B controls the P-Lock apparatus in accordance with a control request received from ADS 202 through VCIB 111. When the control request from ADS 202 includes a request to set the shift range to a parking range (P range), P-Lock system 123B activates the P-Lock apparatus, and when the control request includes a request to set the shift range to a shift range other than the P range, it deactivates the P-Lock apparatus.

Propulsion system 124 is configured to switch a shift range with the use of a shift apparatus and to control driving force of vehicle 10 in a direction of movement of vehicle 10 that is generated from a drive source. Switchable shift ranges include, for example, the P range, a neutral range (N range), a forward travel range (D range), and a rearward travel range (R range). The drive source includes, for example, a motor generator and an engine.

Propulsion system 124 controls the shift apparatus and the drive source in accordance with a control request received from ADS 202 through VCIB 111.

Active safety system 125 is communicatively connected to brake system 121A. As described above, active safety system 125 detects an obstacle (an obstacle or a human) in front of the vehicle by using camera 129A and radar sensor 129B, and when it determines that there is possibility of collision based on a distance to the obstacle, it outputs a braking command to brake system 121A so as to increase braking force.

Body system 126 controls components such as a direction indicator, a horn, or a wiper in accordance with a control request received from ADS 202 through VCIB 111.

Start/stop button 130 is a button (switch) for switching between on and off of base vehicle 100 (in other words, switching the power status of base vehicle 100). Start/stop button 130 is also referred to as a “power switch” or an “ignition switch.” Start/stop button 130 is mounted on base vehicle 100 as a button to be pressed by the driver (user).

A status of start/stop button 130 includes an on status and an off status. The on status refers to such a status that start/stop button 130 is pressed by the driver (a pressed status). In other words, the on status refers to a status that the driver input onto this button is present. The off status refers to a status that start/stop button 130 is not pressed by the driver (a non-pressed status). In other words, the off status refers to a status that the driver input onto this button is absent. A signal SA represents a status of start/stop button 130 and it is provided from start/stop button 130 to VCIB 111. Specifically, while start/stop button 130 is in the on status, signal SA is at the H level (logic high). When start/stop button 130 is in the off status, signal SA is at the L level (logic low).

In the present embodiment, exemplary autonomous drive of vehicle 10 (base vehicle 100) at what is called Level 4 or lower is assumed. It is assumed that, during such autonomous driving, the driver input (pushing) onto start/stop button 130 is enabled. Therefore, the driver input provided based on the driver's intention causes transition (change) of the power status of base vehicle 100. Consequently, the power status of base vehicle 100 may make transition regardless of control by ADS 202 while ADS 202 is controlling the power mode of VP 120.

On the other hand, it is assumed that the driver input onto start/stop button 130 is disabled during autonomous driving (full driving automation) of vehicle 10 at what is called Level 5. In other words, start/stop button 130 is held. Therefore, during full driving automation of vehicle 10, this driver input does not cause transition of the power status of base vehicle 100. An example where start/stop button 130 is held will be described later in a modification of the embodiment.

For example, when an autonomous mode (an autonomous driving mode) is selected as an autonomous state by an operation by the user onto HMI 230 in vehicle 10 configured above, autonomous driving is carried out. During autonomous driving, ADS 202 initially creates a driving plan as described above. Examples of the driving plan include a plan to continue straight travel, a plan to turn left/right at a prescribed intersection on a predetermined travel path, and a plan to change a travel lane.

ADS 202 calculates a controllable physical quantity (an acceleration, a deceleration, and a wheel steer angle) necessary for operations of vehicle 10 in accordance with the created driving plan. ADS 202 splits the physical quantity for each execution cycle time of the API. ADS 202 outputs a control request representing the split physical quantity to VCIB 111 by means of the API. Furthermore, ADS 202 obtains a vehicle status (an actual direction of movement of the vehicle and a state of fixation of the vehicle) from VP 120 and creates again the driving plan on which the obtained vehicle status is reflected. ADS 202 thus allows autonomous driving of vehicle 10.

While ADS 202 (ADK 200) is externally attached to VP 120, autonomous driving of vehicle 10 (base vehicle 100) is carried out under vehicle control in accordance with a command from compute assembly 210 of ADS 202.

When a driver input (pushing of start/stop button 130) for switching between on and off of base vehicle 100 is provided while ADS 202 is controlling the power mode of VP 120, the power status of base vehicle 100 may make transition regardless of control by ADS 202. Consequently, the power mode of VP 120 becomes inconsistent with the power status of base vehicle 100, and hence an unintended malfunction may be caused. Therefore, ADS 202 is desirably notified that transition of the power status of base vehicle 100 has been caused by the driver input (that is, this transition is based on the driver's intention).

VCIB 111 according to the present embodiment provides a driver input signal SS indicating the status of start/stop button 130 to ADS 202. Specifically, the processor of VCIB 111 provides driver input signal SS to ADS 202 in accordance with the program stored in the memory of VCIB 111. Compute assembly 210 of ADS 202 is programmed to receive driver input signal SS from VCIB 111 through communication modules 210A and 210B.

Driver input signal SS includes a signal S0 and a signal S1. Signal S0 indicates absence of the driver input (pushing) onto start/stop button 130. Signal S1 indicates the driver input onto start/stop button 130. In this embodiment, for the sake of simplification of description, driver input signal SS is assumed as being the same as signal SA provided from start/stop button 130 to VCIB 111. Specifically, signal S0 is the same as signal SA at the L level and signal S1 is the same as signal SA at the H level.

According to the configuration above, when the driver input onto start/stop button 130 is provided, signal S1 is transmitted to ADS 202. Signal S1 represents that transition of the power status of base vehicle 100 has been caused by the driver input onto start/stop button 130. Therefore, ADS 202 can be notified that transition of the power status of base vehicle 100 has been caused by the driver input.

FIG. 3 is a diagram for illustrating a value that driver input signal SS can take. Referring to FIG. 3, driver input signal SS can take any one of values from 0 to 2. These values are set by VCIB 111.

Value 0 represents off (the non-pressed status) of start/stop button 130. When driver input signal SS has the value 0, driver input signal SS is signal S0.

Value 1 represents on (the pressed status) of start/stop button 130. When driver input signal SS has the value 1, driver input signal SS is signal S1.

Value 2 represents occurrence of some unhealthy situation in a power supply of VP 120. In the description below, it is assumed that this unhealthy situation does not occur and the value of driver input signal SS is set to any one of 0 and 1.

FIG. 4 is a diagram showing exemplary variation in value of driver input signal SS. In FIG. 4, the ordinate represents the value of driver input signal SS and the abscissa represents time.

Referring to FIG. 4, during a period from time t0 to time t1, start/stop button 130 is in the off status. Therefore, driver input signal SS has the value 0 (signal S0).

When the driver presses start/stop button 130 (an on operation) at time t1, the status of start/stop button 130 switches from the off status to the on status. Therefore, the value of driver input signal SS switches from 0 to 1.

During a period from time t1 to time t2, the driver presses start/stop button 130. During this period, the value of driver input signal SS is maintained at 1 (signal S1).

When start/stop button 130 is thus pressed, the driver may be desiring transition of the power status of base vehicle 100. Therefore, driver input signal SS (signal S1) having the value 1 represents the driver's desire for transition of the power status of base vehicle 100.

When signal S1 is provided, ADS 202 may estimate the power status of base vehicle 100 desired by the driver and control the power mode of VP 120 to be consistent with the estimated power status. By way of example, when signal S1 is provided while base vehicle 100 is in a Ready-ON status, ADS 202 estimates that the driver desires transition of the power status of base vehicle 100 to a power off status. The power off status refers to a status that each system (ECU) of base vehicle 100 is off. Then, ADS 202 controls the power mode of VP 120 to a sleep (Sleep) mode to be consistent with the power status (power off status) of base vehicle 100 resulting from transition.

When the driver no longer presses start/stop button 130 at time t2, the status of start/stop button 130 switches from the on status to the off status. Therefore, the value of driver input signal SS switches from 1 to 0. Thereafter, in this example, the value of driver input signal SS is kept at 0 (signal S0).

FIG. 5 is a flowchart showing exemplary processing performed in association with pushing of start/stop button 130.

Referring to FIG. 5, the processor of VCIB 111 determines whether or not start/stop button 130 has been turned on in accordance with signal SA from start/stop button 130 (step S10). Specifically, the processor determines whether signal SA provided from start/stop button 130 to VCIB 111 is at the L level or the H level.

When start/stop button 130 is off (NO in step S10), the processor of VCIB 111 provides signal S0 indicating absence of the driver input onto start/stop button 130 to ADS 202 (step S15). In the present embodiment, signal S0 is the same as signal SA at the L level and it is provided to ADS 202 during the period from time t0 to time t1 and a period after time t2 in FIG. 4.

When start/stop button 130 is on (YES in step S10), the processor of VCIB 111 provides signal S1 indicating the driver input onto start/stop button 130 to ADS 202 (step S20). In the present embodiment, signal S1 is the same as signal SA at the H level and it is provided to ADS 202 during the period from time t1 to time t2 in FIG. 4. Compute assembly 210 of ADS 202 receives signal S0 or signal S1 from VCIB 111 through communication modules 210A and 210B (step S40). Which of these signals compute assembly 210 receives is different depending on a result in the processing in step S10.

When ADS 202 receives signal S1 in step S40, it may control the power mode of VP 120 to be consistent with the power status of base vehicle 100 resulting from transition.

As set forth above, VP 120 according to the present embodiment includes base vehicle 100 and VCIB 111. VCIB 111 provides signal S1 indicating the driver input onto start/stop button 130 to ADS 202.

With the configuration above, when the driver input (pushing) onto start/stop button 130 is provided, signal S1 is transmitted to ADS 202. Signal S1 represents that transition of the power status of base vehicle 100 has been caused by the driver input. Therefore, when the power status of base vehicle 100 makes transition regardless of control by ADS 202 while ADS 202 is controlling the power mode of VP 120, ADS 202 can be notified that transition of the power status of base vehicle 100 has been caused by the driver input. Then, ADS 202 can determine that transition of the power status of base vehicle 100 has been caused by the driver input.

Inconsistency between the power mode of VP 120 and the power status of base vehicle 100 may cause an unintended malfunction. In contrast, in the present embodiment, even though they are inconsistent with each other, ADS 202 can determine that transition of the power status of base vehicle 100 has been caused by the driver input (that is, based on the driver's intention). Then, ADS 202 can carry out various types of control (for example, control to change the power mode of VP 120 such that the power mode of VP 120 is consistent with the power status of base vehicle 100, with highest priority being placed on the driver's intention), for example, so as not to cause the malfunction above.

Furthermore, ADS 202 can confirm absence of a security problem such as hacking of the power status of base vehicle 100 from the outside of vehicle 10, based on a result of determination above.

Modification of Embodiment

While ADS 202 is controlling the power mode of VP 120, start/stop button 130 may be held such that the power status of base vehicle 100 is not affected by the driver input onto start/stop button 130 (for example, during full driving automation). At that time, compute assembly 210 of ADS 202 is preferably able to determine that start/stop button 130 is held.

In the embodiment described above, the value of driver input signal SS (FIG. 3) is assumed as being set to any one of 0 to 2 (more specifically, 0 or 1). To which of these values driver input signal SS is set does not indicate whether or not start/stop button 130 is held.

In this modification, compute assembly 210 of ADS 202 determines that start/stop button 130 is held when it receives signal S1 a prescribed number of times or more within a prescribed time period, which will be described in detail below.

FIG. 6 is a diagram of switching of the value of driver input signal SS when the driver presses start/stop button 130 a prescribed number of times or more within a prescribed time period while start/stop button 130 is held.

Referring to FIG. 6, during a period from time t10 to time t11, start/stop button 130 is off. Therefore, the value of driver input signal SS remains at 0 (signal S0).

When the driver presses start/stop button 130 (an on operation) at time t11, the value of driver input signal SS switches from 0 to 1 (signal S0 switches to signal S1). On the other hand, in this example, start/stop button 130 is held. Therefore, the power status of base vehicle 100 does not make transition (vary) in spite of pushing of start/stop button 130 by the driver.

During a period from time t11 to time t12, the driver performs the on operation, and at time t12, this operation ends (signal S1 switches to signal S0). During this period, the power status of base vehicle 100 does not make transition.

In this example, the driver attempts to vary the power status of base vehicle 100 with his/her own intention also after time t12. Specifically, the driver presses start/stop button 130 over and over again during a period from time t12 to time t14 and a period from time t14 to time t16 as during the period from time t10 to time 12. Consequently, VCIB 111 receives signal S1 three times (corresponding to N times in the figure) within a prescribed time period PP. In the present embodiment, the prescribed number of times is assumed as two. Therefore, the three times is larger than the prescribed number of times.

Compute assembly 210 of ADS 202 determines that it has received signal S1 the prescribed number of times or more within prescribed time period PP. Then, compute assembly 210 determines that the reason why it received signal S1 over and over again is because the driver input was provided over and over again in such a situation that the driver input onto start/stop button 130 had not varied the power status of base vehicle 100. Then, compute assembly 210 determines that start/stop button 130 is held.

FIG. 7 is a diagram showing exemplary processing performed in association with start/stop button 130 being held.

Referring to FIG. 7, compute assembly 210 of ADS 202 determines whether or not it has received signal S1 the prescribed number of times or more within prescribed time period PP (step S105).

When compute assembly 210 has not received signal S1 the prescribed number of times or more (NO in step S105), it quits the process in FIG. 7. When compute assembly 210 has received signal S1 the prescribed number of times or more (YES in step S105), it determines that start/stop button 130 is held (step S110).

As set forth above, in this modification, when compute assembly 210 of ADS 202 has received signal S1 the prescribed number of times or more within prescribed time period PP, it determines that start/stop button 130 is held.

VP 120 can thus notify ADS 202 that start/stop button 130 is held. Even when driver input signal SS does not have another value (a value different from 0 or 1 in FIG. 3) indicating whether or not start/stop button 130 is held, compute assembly 210 can determine that start/stop button 130 is held.

Example

API Specification for TOYOTA Vehicle Platform

Ver. 1.1

Records of Revision

Date of Revision	ver.	Overview of Revision	Reviser
2020 May 23	1.0	Creating a new material	TOYOTA MOTOR Corp.
2021 Apr. 14	1.1	The figure of Front Wheel Steer Angle Rate	TOYOTA MOTOR Corp.
		Limitation is updated.
		Explanation of Standstill Status is added.

Table of Contents

1. Introduction

• • 1.1. Purpose of this Specification
  • 1.2. Target Vehicle
  • 1.3. Definition of Term

2. Structure

• • 2.1. Overall Structure of Autono-MaaS Vehicle
  • 2.2. System Structure of Autono-MaaS Vehicle

3. Application Interfaces

• • 3.1. Typical Usage of APIs
  • 3.2. APIs for Vehicle Motion Control
    • 3.2.1. API List for Vehicle Motion Control
    • 3.2.2. Details of Each API for Vehicle Motion Control
  • 3.3. APIs for BODY Control
    • 3.3.1. API List for BODY Control
    • 3.3.2. Details of Each API for BODY Control
  • 3.4. APIs for Power Control
    • 3.4.1. API List for Power Control
    • 3.4.2. Details of Each API for Power Control
  • 3.5. APIs for Failure Notification
    • 3.5.1. API List for Failure Notification
    • 3.5.2. Details of Each API for Failure Notification
  • 3.6. APIs for Security
    • 3.6.1. API List for Security
    • 3.6.2. Details of Each API for Security

4. API Guides to Control Toyota Vehicles

• • 4.1. APIs for Vehicle Motion Control
    • 4.1.1. API List for Vehicle Motion Control
    • 4.1.2. API Guides in Details for Vehicle Motion Control
  • 4.2. APIs for BODY Control
    • 4.2.1. API List for BODY Control
  • 4.3. APIs for Power Control
  • 4.3.1. API List for Power Control
  • 4.4. APIs for Failure Notification
    • 4.4.1. API List for Failure Notification
  • 4.5. APIs for Security
    • 4.5.1. API List for Security
    • 4.5.2. API Guides in Details for Security

1. Introduction

1.1. Purpose of this Specification

This document is an API specification of vehicle control interface for Autono-MaaS vehicles and contains outline, the way to use and note of APIs.

1.2. Target Vehicle

This specification is applied to the Autono-MaaS vehicles defined by [Architecture Specification for TOYOTA Vehicle Platform attached with Automated Driving System].

1.3. Definition of Term

TABLE 1
Definition of Term
Term Definition
ADS  Autonomous Driving System
ADK  Autonomous Driving Kit
VP   Vehicle Platform
VCIB Vehicle Control Interface Box.
     This is an ECU for the interface and the signal
     converter between ADS and VP’s sub systems.
PCS  Pre-Collision Safety

2. Structure

2.1. Overall Structure of Autono-MaaS Vehicle

The overall structure of Autono-MaaS is shown (FIG. 8).

2.2. System Structure of Autono-MaaS Vehicle

System Architecture is shown in FIG. 9.

3. Application Interfaces

3.1. Typical Usage of APIs

In this section, Typical Usage of APIs is described.

A typical workflow of APIs is as follows (FIG. 10). The following example assumes CAN for physical communication.

3.2. APIs for vehicle motion control

In this section, the APIs for vehicle motion control are described.

3.2.1. API List for Vehicle Motion Control

3.2.1.1. Inputs

TABLE 3
Input APIs for vehicle motion control
Signal Name	Description	Redundancy
Propulsion Direction	Request for shift change from/to forward	N/A
Command	(D range) to/from back (R range)
Immobilization	Request for turning on/off WheelLock	Applied
Command
Standstill Command	Request for keeping on/off stationary	Applied
Acceleration Command	Request for acceleration/deceleration	Applied
Front Wheel Steer Angle	Request for front wheel steer angle	Applied
Command
Vehicle Mode Command	Request for changing from/to manual	Applied
	mode to/from Autonomous Mode
High Dynamics	Request for increasing braking response performance*	Applied
Command
*Reaction time in VP upon a request from ADK

3.2.1.2 Outputs

TABLE 4
Output APIs for vehicle motion control
Signal Name	Description	Redundancy
Propulsion Direction Status	Current shift status	N/A
Immobilization Status	Status of immobilization (i.e. EPB and Shift P)	Applied
Standstill Status	Standstill status	N/A
Estimated Gliding Acceleration	Estimated vehicle acceleration/deceleration when throttle is	N/A
	fully closed
Estimated maximum acceleration	Estimated maximum acceleration	Applied
Estimated maximum deceleration	Estimated maximum deceleration	Applied
Front wheel steer angle	Front wheel steer angle	Applied
Front wheel steer angle rate	Front wheel steer angle rate	Applied
Front wheel steer angle rate limitation	Road wheel angle rate limit	Applied
Estimated maximum lateral	Estimated max lateral acceleration	Applied
acceleration
Estimated maximum lateral	Estimated max lateral acceleration rate	Applied
acceleration rate
Intervention of accelerator pedal	This signal shows whether the accelerator pedal is	N/A
	depressed by a driver (intervention)
Intervention of brake pedal	This signal shows whether the brake pedal is depressed by a	N/A
	driver (intervention)
Intervention of steering wheel	This signal shows whether the steering wheel is turned by a	N/A
	driver (intervention)
Intervention of shift lever	This signal shows whether the shift lever is controlled by a	N/A
	driver (intervention)
Wheel speed pulse (front left)	Pulse from wheel speed sensor (Front Left Wheel)	N/A
Wheel rotation direction (front left)	Rotation direction of wheel (Front Left)	N/A
Wheel speed pulse (front right)	Pulse from wheel speed sensor (Front Right Wheel)	N/A
Wheel rotation direction (front right)	Rotation direction of wheel (Front Right)	N/A
Wheel speed pulse (rear left)	Pulse from wheel speed sensor (Rear Left Wheel)	Applied
Wheel rotation direction (Rear left)	Rotation direction of wheel (Rear Left)	Applied
Wheel speed pulse (rear right)	Pulse from wheel speed sensor (Rear Right Wheel)	Applied
Wheel rotation direction (Rear right)	Rotation direction of wheel (Rear Right)	Applied
Traveling direction	Moving direction of vehicle	Applied
Vehicle velocity	Estimated longitudinal velocity of vehicle	Applied
Longitudinal acceleration	Estimated longitudinal acceleration of vehicle	Applied
Lateral acceleration	Sensor value of lateral acceleration of vehicle	Applied
Yawrate	Sensor value of yaw rate	Applied
Slipping Detection	Detection of tire glide/spin/skid	Applied
Vehicle mode state	State of whether Autonomous Mode, manual mode	Applied
Readiness for autonomization	Situation of whether the vehicle can transition to Autonomous	Applied
	Mode or not
Failure status of VP functions for	This signal is used to show whether VP functions have some	Applied
Autonomous Mode	failures mode when a vehicle works as Autonomous Mode.
PCS Alert Status	Status of PCS (Alert)	N/A
PCS Preparation Status	Status of PCS (Prefill)	N/A
PCS Brake/PCS Brake Hold Status	Status of PCS (PB/PBH)	N/A
ADS/PCS arbitration status	ADS/PCS arbitration status	N/A

3.2.2. Details of Each API for Vehicle Motion Control

3.2.2.1. Propulsion Direction Command

Request for shift change from/to forward (D range) to/from back (R range)

Values

	Value	Description	Remarks
	0	No Request
	2	R	Shift to R range
	4	D	Shift to D range
	other	Reserved

Remarks

• • Available only when Vehicle mode state=“Autonomous Mode.”
  • Available only when a vehicle is stationary (Traveling direction=“standstill”).
  • Available only when brake is applied.

3.2.2.2. Immobilization Command

Request for turning on/off WheelLock

Values

The following table shows a case where EPB and Shift P are used for immobilization.

Value	Description	Remarks
0	No Request
1	Applied	EPB is turned on and shift position is changed
		to “P”
2	Released	EPB is turned off and shift position is changed
		to the value of Propulsion Direction Command

Remarks

• • This API is used for parking a vehicle.
  • Available only when Vehicle mode state=“Autonomous Mode.”
  • Changeable only when the vehicle is stationary (Traveling direction=“standstill”).
  • Changeable only while brake is applied.

3.2.2.3. Standstill Command

Request for applying/releasing brake holding function

Values

Value	Description	Remarks
0	No Request
1	Applied	Brake holding function
		is allowed.
2	Released

Remarks

• • This API is used for choosing a status of whether the brake holding function is allowed.
  • Available only when Vehicle mode state=“Autonomous Mode.”
  • Acceleration Command (deceleration request) has to be continued until Standstill Status becomes “Applied”.

3.2.2.4. Acceleration Command

Request for acceleration

Values

Estimated maximum deceleration to Estimated maximum acceleration [m/s²]

Remarks

• • Available only when Vehicle mode state=“Autonomous Mode.”
  • Acceleration (+) and deceleration (—) request based on Propulsion Direction Status direction.
  • The upper/lower limit will vary based on Estimated maximum deceleration and Estimated maximum acceleration.
  • When acceleration more than Estimated maximum acceleration is requested, the request is set to Estimated maximum acceleration.
  • When deceleration more than Estimated maximum deceleration is requested, the request is set to Estimated maximum deceleration.
  • In case where a driver operates a vehicle (over-ride), the requested acceleration may not be achieved.
  • When PCS simultaneously works, VP should choose minimum acceleration (maximum deceleration).

3.2.2.5. Front Wheel Steer Angle Command

Values

Value	Description	Remarks
	[unit: rad]

Remarks

• • Available only when Vehicle mode state=“Autonomous Mode”
  • Left is positive value (+). Right is negative value (−).
  • Front wheel steer angle is set to value (0) when the vehicle is going straight.
  • This request is set as a relative value from the current one to prevent misalignment of “Front Wheel Steer Angle” from being accumulated.
  • The request value should be set within Front wheel steer angle rate limitation.
  • In case where a driver operates a vehicle (over-ride), the requested Front Wheel Steer Angle may not be achieved.

3.2.2.6. Vehicle Mode Command

Request for changing from/to manual mode to/from Autonomous Mode

Value	Description	Remarks
0	No Request
1	Request For Autonomy
2	Deactivation Request	means transition
		request to manual mode

Remarks

N/A

3.2.2.7. High Dynamics Command

If ADK would like to increase braking response performance* of VP, High Dynamics Command should be set to “High”.

*Reaction time in VP upon a request from ADK

Values

Value	Description	Remarks
0	No Request
1	High
2-3	Reserved

Remarks

N/A

3.2.2.8. Propulsion Direction Status

Current shift Status

Values

Value	Description	Remarks
0	Reserved
1	P
2	R
3	N
4	D
5	Reserved
6	Invalid value

Remarks

• • If VP does not know the current shift status, this output is set to “Invalid Value.”

3.2.2.9. Immobilization Status

Each immobilization system status

Values

The following table shows a case where EPB and Shift P are used for immobilization.

Value
Shift	EPB	Description	Remarks
0	0	Shift set to other than P, and
		EPB Released
1	0	Shift set to P and EPB Released
0	1	Shift set to other than P, and
		EPB applied
1	1	Shift set to P and EPB Applied

Remarks

• • N/A

3.2.2.10. Standstill Status

Status of Standstill

Values

Value	Description	Remarks
0	Released
1	Applied
2	Reserved
3	Invalid value

Remarks

• • N/A

3.2.2.11. Estimated Gliding Acceleration

Acceleration calculated in VP in case that throttle is closed, considering slope, road load and etc.

Values

[unit: m/s²]

Remarks

• • When the Propulsion Direction Status is “D”, acceleration for forward direction shows a positive value.
  • When the Propulsion Direction Status is “R”, acceleration for reverse direction shows a positive value.

3.2.2.12. Estimated Maximum Acceleration

Acceleration calculated in VP in case that throttle is fully open, considering slope, road load and etc.

Values

[unit: m/s²]

Remarks

• • When the Propulsion Direction Status is “D”, acceleration for forward direction shows a positive value.
  • When the Propulsion Direction Status is “R”, acceleration for reverse direction shows a positive value.

3.2.2.13. Estimated Maximum Deceleration

Maximum deceleration calculated in VP in case that brake in VP is requested as maximum, considering slope, road load and etc.

Values

[unit: m/s²]

Remarks

• • When the Propulsion Direction Status is “D”, deceleration for forward direction shows a negative value.
  • When the Propulsion Direction Status is “R”, deceleration for reverse direction shows a negative value.

3.2.2.14. Front wheel steer angle

Values

Value	Description	Remarks
Minimum Value	Invalid value
others	[unit: rad]

Remarks

• • Left is positive value (+). Right is negative value (−).
  • This signal should show invalid value until VP can calculate correct value or when the sensor is invalid/failed.

3.2.2.15. Front wheel steer angle rate

Front wheel steer angle rate

Values

	Value	Description	Remarks
	Minimum Value	Invalid value
	others	[unit: rad/s]

Remarks

• • Left is positive value (+). Right is negative value (−).
  • This signal should show invalid value until VP can calculate correct value or when Front wheel steer angle shows the minimum value.

3.2.2.16. Front wheel steer angle rate limitation

The limit of the Front wheel steer angle rate

Values

[unit: rad/s]

Remarks

The limitation is calculated from the “vehicle speed—steering angle rate” map as shown in following Table 5 and FIG. 11.

A) At a low speed or stopped situation, use fixed value (0.751 [rad/s]).

B) At a higher speed, the steering angle rate is calculated from the vehicle speed using 3.432 m/s³.

TABLE 5
“vehicle speed - steering angle rate” map
Velocity [km/h]	0.0	36.0	40.0	67.0	84.0
Front Wheel Steer	0.751	0.751	0.469	0.287	0.253
Angle Rate
Limitation [rad/s]

3.2.2.17. Estimated maximum lateral acceleration

Values

[unit: m/s²] (fixed value: 3.432)

Remarks

• • Maximum lateral acceleration defined for VP.

3.2.2.18. Estimated maximum lateral acceleration rate

Values

[unit: m/s³] (fixed value: 3.432)

Remarks

• • Maximum lateral acceleration rate defined for VP.

3.2.2.19. Intervention of accelerator pedal

This signal shows whether the accelerator pedal is depressed by a driver (intervention).

Values

Value	Description	Remarks
0	Not depressed
1	depressed
2	Beyond autonomy
	acceleration

Remarks

• • When a position of accelerator pedal is higher than a defined threshold, this signal is set to “depressed”.
  • When the requested acceleration calculated from a position of accelerator pedal is higher than the requested acceleration from ADS, this signal is set as “Beyond autonomy acceleration.”

3.2.2.20. Intervention of brake pedal

This signal shows whether the brake pedal is depressed by a driver (intervention).

Values

Value	Description	Remarks
0	Not depressed
1	depressed
2	Beyond autonomy
	deceleration

Remarks

• • When a position of brake pedal is higher than the defined threshold value, this signal is set to “depressed”.
  • When the requested deceleration calculated from a position of brake pedal is higher than the requested deceleration from ADS, this signal is set as “Beyond autonomy deceleration”.

3.2.2.21. Intervention of steering wheel

This signal shows whether the steering wheel is operated by a driver (intervention).

Values

Value	Description	Remarks
0	Not turned
1	ADS and driver
	collaboratively work
2	Only by human driver

Remarks

• • In “Intervention of steering wheel=1”, considering the human driver's intent, EPS system drives the steering with the Human driver collaboratively.
  • In “Intervention of steering wheel=2”, considering the human driver's intent, the steering request from ADS is not achieved. (The steering will be driven by human driver.)

3.2.2.22. Intervention of shift lever

This signal shows whether the shift lever is controlled by a driver (intervention)

Values

Value	Description	Remarks
0	OFF
1	ON	Controlled (moved to
		any shift position)

Remarks

• • N/A

3.2.2.23. Wheel speed pulse (front left), Wheel speed pulse (front right), Wheel speed pulse (rear left), Wheel speed pulse (rear right)

Values

Value	Description	Remarks
Maximum Value in	Invalid value	The sensor is invalid.
transmission bits
others	ticks [unit: —]	The number of pulses
		per one round wheel
		depends on VP.

Remarks

• • A pulse value is integrated at the pulse falling timing.
  • This wheel speed sensor outputs 96 pulses with a single rotation.
  • Regardless of invalid/failure of wheel speed sensor, wheel speed pulse will be updated.
  • When “1” is subtracted from a pulse value which shows “0”, the value changes to “0×FF”. When “1” is added to a pulse value which shows “0×FF”, the value changes to “0”.
  • Until the rotation direction is determined just after ECU is activated, a pulse value will be added as the rotation direction is “Forward”.
  • When detected forward rotation, a pulse value will be added.
  • When detected reverse rotation, a pulse value will be subtracted.

3.2.2.24. Wheel rotation direction (front left), Wheel rotation direction (front right), Wheel rotation direction (Rear left), Wheel rotation direction (Rear right)

Values

Value	Description	Remarks
0	Forward
1	Reverse
2	Reserved
3	Invalid value	The sensor is invalid.

Remarks

• • “Forward” is set until the rotation direction is determined after VP is turned on.

3.2.2.25. Traveling direction

Moving direction of vehicle

Values

Value	Description	Remarks
0	Forward
1	Reverse
2	Standstill
3	Undefined

Remarks

• • This signal shows “Standstill” when four wheel speed values are “0” during a constant time.
  • When shift is changed right after vehicle starts, it is possible to be “Undefined”.

3.2.2.26. Vehicle velocity

Estimated longitudinal velocity of vehicle

Values

Value	Description	Remarks
Maximum Value in	Invalid value	The sensor is
transmission bits		invalid.
others	Velocity [unit: m/s]

Remarks

• • The value of this signal is a positive value when both forward direction and reverse direction.

3.2.2.27. Longitudinal acceleration

Estimated longitudinal acceleration of vehicle

Values

Value	Description	Remarks
Minimum Value in	Invalid value	The sensor is
transmission bits		invalid.
others	Acceleration [unit: m/s2]

Remarks

• • Acceleration (+) and deceleration (—) value based on Propulsion Direction Status direction.

3.2.2.28. Lateral acceleration lateral acceleration of vehicle

Values

Value	Description	Remarks
Minimum Value in	Invalid value	The sensor is
transmission bits		invalid.
others	Acceleration [unit: m/s2]

Remarks

• • A positive value shows counterclockwise. A negative value shows clockwise.

3.2.2.29. Yaw rate

Sensor value of yaw rate

Values

Value	Description	Remarks
Minimum Value in	Invalid value	The sensor is
transmission bits		invalid.
others	Yaw rate [unit: deg/s]

Remarks

• • A positive value shows counterclockwise. A negative value shows clockwise.

3.2.2.30. Slipping Detection

Detection of tire glide/spin/skid

Values

Value	Description	Remarks
0	Not Slipping
1	Slipping
2	Reserved
3	Invalid value

Remarks

• • This signal is determined as “Slipping” when any of the following systems has been activated.
    • ABS (Anti-lock Braking System)
    • TRC (TRaction Control)
    • VSC (Vehicle Stability Control)
    • VDIM (Vehicle Dynamics Integrated Management)

3.2.2.31. Vehicle mode state

Autonomous or manual mode

Values

	Value	Description	Remarks
	0	Manual Mode	The mode starts from Manual mode.
	1	Autonomous Mode

Remarks

• • The initial state is set to “Manual Mode.”

3.2.2.32. Readiness for autonomization

This signal shows whether a vehicle can change to Autonomous Mode or not

Values

Value	Description	Remarks
0	Not Ready For Autonomous
	Mode
1	Ready For Autonomous Mode
3	Invalid	The status is not determined yet.

Remarks

• • N/A

3.2.2.33. Failure status of VP functions for Autonomous Mode

This signal is used to show whether VP functions have some failures mode when a vehicle works as Autonomous Mode.

Values

Value	Description	Remarks
0	No fault
1	Fault
3	Invalid	The status is not determined yet.

Remarks

• • N/A

3.2.2.34. PCS Alert Status

Values

Value	Description	Remarks
0	Normal
1	Alert	Request alert from PCS system
3	Unavailable

Remarks

N/A

3.2.2.35. PCS Preparation Status

Prefill Status as the preparation of PCS Brake

Values

Value	Description	Remarks
0	Normal
1	Active
3	Unavailable

Remarks

• • “Active” is a status in which PCS prepares brake actuator to shorten the latency from a deceleration request issued by PCS.
  • When a value turns to “Active” during Vehicle mode state=“Autonomous Mode,” “ADS/PCS arbitration status” shows “ADS”.

3.2.2.36. PCS Brake/PCS Brake Hold Status

Values

Value	Description	Remarks
0	Normal
1	PCS Brake
2	PCS Brake Hold
7	Unavailable

Remarks

N/A

3.2.2.37. ADS/PCS arbitration status

Arbitration status

Values

Value	Description	Remarks
0	No Request
1	ADS	ADS
2	PCS	PCS Brake or PCS Brake Hold
3	Invalid value

Remarks

• • When acceleration requested by PCS system in VP is smaller than one requested by ADS, the status is set as “PCS”.
  • When acceleration requested by PCS system in VP is larger than one requested by ADS, the status is set as “ADS”.

3.3. APIs for BODY control

3.3.1. API List for BODY control

3.3.1.1. Inputs

TABLE 6
Input APIs for BODY Control
		Redun-
Signal Name	Description	dancy
Turnsignal command	Command to control the turnsignallight mode of	N/A
	the vehicle platform
Headlight command	Command to control the headlight mode of the	N/A
	vehicle platform
Hazardlight command	Command to control the hazardlight mode of the	N/A
	vehicle platform
Horn pattern command	Command to control the pattern of horn ON-time	N/A
	and OFF-time per cycle of the vehicle platform
Horn cycle command	Command to control the number of horn	N/A
	ON/OFF cycles of the vehicle platform
Continuous horn command	Command to control of horn ON of the vehicle	N/A
	platform
Front windshield wiper command	Command to control the front windshield wiper	N/A
	of the vehicle platform
Rear windshield wiper command	Command to control the rear windshield wiper	N/A
	mode of the vehicle platform
HVAC (1st row) operation	Command to start/stop 1st row air conditioning	N/A
command	control
HVAC (2nd row) operation	Command to start/stop 2nd row air conditioning	N/A
command	control
Target temperature (1st left)	Command to set the target temperature around	N/A
command	front left area
Target temperature (1st right)	Command to set the target temperature around	N/A
command	front right area
Target temperature (2nd left)	Command to set the target temperature around	N/A
command	rear left area
Target temperature (2nd right)	Command to set the target temperature around	N/A
command	rear right area
HVAC fan (1st row) command	Command to set the fan level on the front AC	N/A
HVAC fan (2nd row) command	Command to set the fan level on the rear AC	N/A
Air outlet (1st row) command	Command to set the mode of 1st row air outlet	N/A
Air outlet (2nd row) command	Command to set the mode of 2nd row air outlet	N/A
Air recirculation command	Command to set the air recirculation mode	N/A
AC mode command	Command to set the AC mode	N/A

3.3.1.2. Outputs

TABLE 7
Output APIs for BODY Control
		Redun-
Signal Name	Description	dancy
Turnsignal status	Status of the current turnsignallight	N/A
	mode of the vehicle platform
Headlight status	Status of the current headlight mode of	N/A
	the vehicle platform
Hazardlight status	Status of the current hazardlight mode	N/A
	of the vehicle platform
Horn status	Status of the current horn of the vehicle	N/A
	platform
Front windshield	Status of the current front windshield	N/A
wiper status	wiper mode of the vehicle platform
Rear windshield	Status of the current rear windshield	N/A
wiper status	wiper mode of the vehicle platform
HVAC (1st row) status	Status of activation of the 1st row HVAC	N/A
HVAC (2nd row) status	Status of activation of the 2nd row HVAC	N/A
Target temperature	Status of set temperature of 1st row left	N/A
(1st left) status
Target temperature	Status of set temperature of 1st row right	N/A
(1st right) status
Target temperature	Status of set temperature of 2nd row left	N/A
(2nd left) status
Target temperature	Status of set temperature of 2nd row	N/A
(2nd right) status	right
HVAC fan (1st row) status	Status of set fan level of 1st row	N/A
HVAC fan (2nd row) status	Status of set fan level of 2nd row	N/A
Air outlet (1st row) status	Status of mode of 1st row air outlet	N/A
Air outlet (2nd row) status	Status of mode of 2nd row air outlet	N/A
Air recirculation status	Status of set air recirculation mode	N/A
AC mode status	Status of set AC mode	N/A
Seat occupancy	Seat occupancy status in 1st right seat	N/A
(1st right) status
Seat belt (1st left) status	Status of driver’s seat belt buckle switch	N/A
Seat belt (1st right)	Status of passenger’s seat belt buckle	N/A
status	switch
Seat belt (2nd left)	Seat belt buckle switch status in 2nd left	N/A
status	seat
Seat belt (2nd right)	Seat belt buckle switch status in 2nd	N/A
status	right seat
Seat belt (3rd left)	Seat belt buckle switch status in 3rd left	N/A
status	seat
Seat belt (3rd center)	Seat belt buckle switch status in 3rd	N/A
status	center seat
Seat belt (3rd right)	Seat belt buckle switch status in 3rd	N/A
status	right seat

3.3.2. Details of Each API for BODY Control

3.3.2.1. Turnsignal command

Request to control turn-signal

Values

Value	Description	Remarks
0	OFF
1	Right	Right blinker ON
2	Left	Left blinker ON
3	Reserved

Remarks

• • N/A

3.3.2.2. Headlight command

Request to control headlight

Values

Value	Description	Remarks
0	No Request	Keep current mode
1	TAIL mode request	Side lamp mode
2	HEAD mode request	Lo mode
3	AUTO mode request	Auto mode
4	HI mode request	Hi mode
5	OFF Mode Request
6-7	Reserved

Remarks

• • This command is valid when headlight mode on the combination switch=“OFF” or “Auto mode=ON.”
  • Driver operation overrides this command.

3.3.2.3. Hazardlight command

Request to control hazardlight

Values

Value	Description	Remarks
0	No Request
1	ON

Remarks

• • Driver operation overrides this command.
  • Hazardlight is ON while receiving “ON” command.

3.3.2.4. Horn pattern command

Request to choose a pattern of ON-time and OFF-time per cycle

Values

Value	Description	Remarks
0	No request
1	Pattern 1	ON-time: 250 ms OFF-time: 750 ms
2	Pattern 2	ON-time: 500 ms OFF-time: 500 ms
3	Pattern 3	Reserved
4	Pattern 4	Reserved
5	Pattern 5	Reserved
6	Pattern 6	Reserved
7	Pattern 7	Reserved

Remarks

N/A

3.3.2.5. Horn cycle command

Request to choose the number of ON and OFF cycles

Values

0 to 7 [−]

Remarks

N/A

3.3.2.6. Continuous horn command

Request to turn on/off horn

Values

Value	Description	Remarks
0	No request
1	ON

Remarks

• • This command's priority is higher than 3.3.2.4 Horn pattern and 3.3.2.5 Horn cycle command.
  • Horn is “ON” while receiving “ON” command.

3.3.2.7. Front windshield wiper command

Request to control front windshield wiper

Values

Value	Description	Remarks
0	OFF mode request
1	Lo mode request
2	Hi mode request
3	Intermittent mode request
4	Auto mode request
5	Mist mode request	One-time wiping
6, 7	Reserved

Remarks

• • This command is valid when front windshield wiper mode on a combination switch is “OFF” or “AUTO”.
  • Driver input overrides this command.
  • Windshieldwiper mode is kept while receiving a command.
  • Wiping speed of intermittent mode is fixed.

3.3.2.8. Rear windshield wiper command

Request to control rear windshield wiper

Values

Value	Description	Remarks
0	OFF mode request
1	Lo mode request
2	Reserved
3	Intermittent mode request
4-7	Reserved

Remarks

• • Driver input overrides this command
  • Windshieldwiper mode is kept while receiving a command.
  • Wiping speed of intermittent mode is fixed.

3.3.2.9. HVAC (1st row) operation command

Request to start/stop 1st row air conditioning control

Values

Value	Description	Remarks
0	No request
1	ON
2	OFF

Remarks

• • N/A

3.3.2.10. HVAC (2nd row) operation command

Request to start/stop 2nd row air conditioning control

Values

Value	Description	Remarks
0	No request
1	ON
2	OFF

Remarks

• • N/A

3.3.2.11. Target temperature (1st left) command

Request to set target temperature in front left area

Values

Value	Description	Remarks
0	No request
60 to 85 [unit: ° F.] (by 1.0° F.)	Target temperature

Remarks

• • In case ° C. is used in VP, value should be set as ° C.

3.3.2.12. Target temperature (1st right) command

Request to set target temperature in front right area

Values

Value	Description	Remarks
0	No request
60 to 85 [unit: ° F.] (by 1.0° F.)	Target temperature

Remarks

• • In case ° C. is used in VP, value should be set as ° C.

3.3.2.13. Target temperature (2nd left) command

Request to set target temperature in rear left area

Values

Value	Description	Remarks
0	No request
60 to 85 [unit: ° F.] (by 1.0° F.)	Target temperature

Remarks

• • In case ° C. is used in VP, value should be set as ° C.

3.3.2.14. Target temperature (2nd right) command

Request to set target temperature in rear right area

Values

Value	Description	Remarks
0	No request
60 to 85 [unit: ° F.] (by 1.0° F.)	Target temperature

Remarks

• • In case ° C. is used in VP, value should be set as ° C.

3.3.2.15. HVAC fan (1st row) command

Request to set fan level of front AC

Values

Value	Description	Remarks
0	No request
1 to 7 (Maximum)	Fan level

Remarks

• • If you would like to turn the fan level to 0 (OFF), you should transmit “HVAC (1st row) operation command=OFF.”
  • If you would like to turn the fan level to AUTO, you should transmit “HVAC (1st row) operation command=ON.”

3.3.2.16. HVAC fan (2nd row) command

Request to set fan level of rear AC

Values

Value	Description	Remarks
0	No request
1 to 7 (Maximum)	Fan level

Remarks

• • If you would like to turn the fan level to 0 (OFF), you should transmit “HVAC (2nd row) operation command=OFF.”
  • If you would like to turn the fan level to AUTO, you should transmit “HVAC (2nd row) operation command=ON.”

3.3.2.17. Air outlet (1st row) command Request to set 1st row air outlet mode

Values

Value	Description	Remarks
0	No Operation
1	UPPER	Air flows to upper body
2	U/F	Air flows to upper body and feet
3	FEET	Air flows to feet
4	F/D	Air flows to feet and windshield defogger

Remarks

• • N/A

3.3.2.18. Air outlet (2nd row) command

Request to set 2nd row air outlet mode

Values

Value	Description	Remarks
0	No Operation
1	UPPER	Air flows to upper body
2	U/F	Air flows to the upper body and feet
3	FEET	Air flows to feet.

Remarks

• • N/A

3.3.2.19. Air recirculation command

Request to set air recirculation mode

Values

Value	Description	Remarks
0	No request
1	ON
2	OFF

Remarks

• • N/A

3.3.2.20. AC mode command

Request to set AC mode

Values

Value	Description	Remarks
0	No request
1	ON
2	OFF

Remarks

• • N/A

3.3.2.21. Turnsignal status

Values

Value	Description	Remarks
0	OFF
1	Left
2	Right
3	Invalid

Remarks

N/A

3.3.2.22. Headlight status

Values

Value	Description	Remarks
0	OFF
1	TAIL
2	Lo
3	Reserved
4	Hi
5-6	Reserved
7	Invalid

Remarks

N/A

3.3.2.23. Hazardlight status

Values

Value	Description	Remarks
0	OFF
1	Hazard
2	Reserved
3	Invalid

Remarks

N/A

3.3.2.24. Horn status

Values

Value	Description	Remarks
0	OFF
1	ON
2	Reserved
3	Invalid

Remarks

In the case that 3.3.2.4 the Horn Pattern Command is active, the Horn status is “1” even if there are OFF periods in some patterns.

3.3.2.25. Front windshield wiper status

Values

Value	Description	Remarks
0	OFF
1	Lo
2	Hi
3	INT
4-5	Reserved
6	Fail
7	Invalid

Remarks

N/A

3.3.2.26. Rear windshield wiper status

Values

Value	Description	Remarks
0	OFF
1	Lo
2	Reserved
3	INT
4-5	Reserved
6	Fail
7	Invalid

Remarks

N/A

3.3.2.27. HVAC (1st row) status

Values

Value	Description	Remarks
0	OFF
1	ON

Remarks

• • N/A

3.3.2.28. HVAC (2nd row) status

Values

Value	Description	Remarks
0	OFF
1	ON

Remarks

• • N/A

3.3.2.29. Target Temperature (1st left) status

Values

Value	Description	Remarks
0	Lo	Max cold
60 to 85 [unit: ° F.]	Target temperature
100	Hi	Max hot
FFh	Unknown

Remarks

• • In case ° C. is used in VP, value should be set as ° C. 3.3.2.30. Target Temperature (1st right) status

Values

Value	Description	Remarks
0	Lo	Max cold
60 to 85 [unit: ° F.]	Target temperature
100	Hi	Max hot
FFh	Unknown

Remarks

• • In case ° C. is used in VP, value should be set as ° C.

3.3.2.31. Target Temperature (2nd left) status

Values

	Value	Description	Remarks
	0	Lo	Max cold
	60 to 85 [unit: ° F.]	Target temperature
	100	Hi	Max hot
	FFh	Unknown

Remarks

• • In case ° C. is used in VP, value should be set as ° C.

3.3.2.32. Target Temperature (2nd right) status

Values

	Value	Description	Remarks
	0	Lo	Max cold
	60 to 85 [unit: ° F.]	Target temperature
	100	Hi	Max hot
	FFh	Unknown

Remarks

• • In case ° C. is used in VP, value should be set as ° C.

3.3.2.33. HVAC fan (1st row) status

Values

	Value	Description	Remarks
	0	OFF
	1 to 7	Fan Level
	8	Undefined

Remarks

• • N/A

3.3.2.34. HVAC fan (2nd row) status

Values

	Value	Description	Remarks
	0	OFF
	1 to 7	Fan Level
	8	Undefined

Remarks

• • N/A

3.3.2.35. Air outlet (1st row) status

Values

Value	Description	Remarks
0	ALL OFF
1	UPPER	Air flows to upper body
2	U/F	Air flows to upper body and feet
3	FEET	Air flows to feet.
4	F/D	Air flows to feet and windshield defogger operates
5	DEF	Windshield defogger
7	Undefined

Remarks

• • N/A

3.3.2.36. Air outlet (2nd row) status

Values

	Value	Description	Remarks
	0	ALL OFF
	1	UPPER	Air flows to upper body
	2	U/F	Air flows to upper body and feet
	3	FEET	Air flows to feet.
	7	Undefined

Remarks

• • N/A

3.3.2.37. Air recirculation status

Values

	Value	Description	Remarks
	0	OFF
	1	ON

Remarks

• • N/A

3.3.2.38. AC mode status

Values

	Value	Description	Remarks
	0	OFF
	1	ON

Remarks

• • N/A

3.3.2.39. Seat occupancy (1st right) status

Values

Value	Description	Remarks
0	Not occupied
1	Occupied
2	Undecided	In case of IG OFF or communication disruption to
		seat sensor
3	Failed

Remarks

• • When there is luggage on the seat, this signal may be set as “Occupied”.

3.3.2.40. Seat belt (1st left) status

Values

Value	Description	Remarks
0	Buckled
1	Unbuckled
2	Undetermined	In case where sensor does not work just after
		IG-ON
3	Fault of a switch

Remarks

N/A

3.3.2.41. Seat belt (1st right) status

Values

Value	Description	Remarks
0	Buckled
1	Unbuckled
2	Undetermined	In case where sensor does not work just after
		IG-ON
3	Fault of a switch

Remarks

N/A

3.3.2.42. Seat belt (2nd left) status

Values

Value	Description	Remarks
0	Buckled
1	Unbuckled
2	Undetermined	In case where sensor does not work just after
		IG-ON
3	Reserved

Remarks

• • cannot detect sensor failure

3.3.2.43. Seat belt (2nd right) status

Values

Value	Description	Remarks
0	Buckled
1	Unbuckled
2	Undetermined	In case where sensor does not work just after
		IG-ON
3	Reserved

Remarks

• • cannot detect sensor failure

3.3.2.44. Seat belt (3rd left) status

Values

Value	Description	Remarks
0	Buckled
1	Unbuckled
2	Undetermined	In case where sensor does not work just after
		IG-ON
3	Reserved

Remarks

• • cannot detect sensor failure

3.3.2.45. Seat belt (3rd center) status

Values

Value	Description	Remarks
0	Buckled
1	Unbuckled
2	Undetermined	In case where sensor does not work just after
		IG-ON
3	Reserved

Remarks

• • cannot detect sensor failure

3.3.2.46. Seat belt (3rd right) status

Values

	Value	Description	Remarks
	0	Buckled
	1	Unbuckled
	2	Undetermined	In case where sensor does not
			work just after IG-ON
	3	Reserved

Remarks

• • cannot detect sensor failure

3.4. APIs for Power control

3.4.1. API List for Power control

3.4.1.1. Inputs

TABLE 8
Input APIs for Power control
Signal Name	Description	Redundancy
Power mode command	Command to control the power	N/A
	mode of VP

3.4.1.2. Outputs

TABLE 9
Output APIs for Power control
Signal Name	Description	Redundancy
Power mode status	Status of the current power	N/A
	mode of VP

3.4.2. Details of each API for Power control

3.4.2.1. Power mode command

Request to control power mode

Values

	Value	Description	Remarks
	0	No request
	1	Sleep	Turns OFF the vehicle
	2	Wake	Turns ON VCIB
	3	Reserved	Reserved for data expansion
	4	Reserved	Reserved for data expansion
	5	Reserved	Reserved for data expansion
	6	Drive	Turns ON the vehicle

Remarks

• • The state machine diagram of the power modes is shown in FIG. 12.

[Sleep]

Vehicle power off condition. In this mode, the main battery does not supply power to each system, and neither VCIB nor other VP ECUs are activated.

[Wake]

VCIB is awake by the auxiliary battery. In this mode, ECUs other than VCIB are not awake except for some of the body electrical ECUs.

[Driving Mode]

Vehicle power on condition. In this mode, the main battery supplies power to the whole VP and all the VP ECUs including VCIB are awake.

3.4.2.2. Power mode status

Values

	Value	Description	Remarks
	0	Reserved
	1	Sleep
	2	Wake
	3	Reserved
	4	Reserved
	5	Reserved
	6	Drive
	7	Unknown	means unhealthy situation
			would occur

Remarks

• • VCIB will transmit [Sleep] as Power Mode Status continuously for 3000 [ms] after executing the sleep sequence. And then, VCIB will shut down.
  • ADS should stop transmitting signals to VCIB while VCIB is transmitting [Sleep].

3.5. APIs for Failure Notification

3.5.1. API List for Failure Notification

3.5.1.1. Inputs

TABLE 10
Input APIs for Failure Notification
	Signal Name	Description	Redundancy
	N/A	N/A	N/A

3.5.1.2. Outputs

TABLE 11
Output APIs for Failure Notification
Signal Name	Description	Redundancy
Request for ADS operation	Applied
Impact detection signal	N/A
Performance deterioration of	Applied
brake system
Performance deterioration of	N/A
propulsion system
Performance deterioration of shift	N/A
control system
Performance deterioration of	Applied
immobilization system
Performance deterioration of	Applied
steering system
Performance deterioration of	Applied
power supply system
Performance deterioration of	Applied
communication system

3.5.2. Details of each API for Failure Notification

3.5.2.1. Request for ADS Operation

Values

	Value	Description	Remarks
	0	No request
	1	Need maintenance
	2	Need to be back to garage
	3	Need to stop immediately
	Others	Reserved

Remarks

• • This signal shows a behavior which the ADS is expected to do according to a failure which happened in the VP.

3.5.2.2. Impact detection signal

Values

	Value	Description	Remarks
	0	Normal
	5	Crash detection with activated
		airbag
	6	Crash detection with shut off high
		voltage circuit
	7	Invalid value
	Others	Reserved

Remarks

• • When the event of crash detection is generated, the signal is transmitted 50 consecutive times every 100 [ms]. If the crash detection state changes before the signal transmission is completed, the high signal of priority is transmitted.

Priority: crash detection>normal

• • Transmits for 5 s regardless of ordinary response at crash, because the vehicle breakdown judgment system shall be sent a voltage OFF request for 5 s or less after crash in HV vehicle.

Transmission interval is 100 ms within fuel cutoff motion delay allowance time (1 s) so that data can be transmitted more than 5 times.

In this case, an instantaneous power interruption is taken into account.

3.5.2.3. Performance deterioration of brake system

Values

	Value	Description	Remarks
	0	Normal	—
	1	Deterioration detected	—

Remarks

• • N/A

3.5.2.4. Performance deterioration of propulsion system

Values

	Value	Description	Remarks
	0	Normal	—
	1	Deterioration detected	—

Remarks

• • N/A

3.5.2.5. Performance deterioration of shift control system

Values

	Value	Description	Remarks
	0	Normal	—
	1	Deterioration detected	—

Remarks

• • N/A

3.5.2.6. Performance deterioration of immobilization system

Values

	Value	Description	Remarks
	0	Normal	—
	1	Deterioration detected	—

Remarks

• • N/A

3.5.2.7. Performance deterioration of Steering system

Values

	Value	Description	Remarks
	0	Normal	—
	1	Deterioration detected	—

Remarks

• • N/A

3.5.2.8. Performance deterioration of power supply system

Values

	Value	Description	Remarks
	0	Normal	—
	1	Deterioration detected	—

Remarks

• • N/A

3.5.2.9. Performance deterioration of communication system

Values

	Value	Description	Remarks
	0	Normal	—
	1	Deterioration detected	—

Remarks

• • N/A

3.6. APIs for Security

3.6.1. API List for Security

3.6.1.1. Inputs

TABLE 12
Input APIs for Security
Signal Name	Description	Redundancy
Door Lock (front) command	Command to control both	N/A
	1st doors lock
Door Lock (rear) command	Command to control both	N/A
	2nd doors and trunk lock
Central door lock command	Command to control the	N/A
	all door lock
Device Authentication	This is the 8th byte from	N/A
Signature the 1st word	the 1st byte of the
	Signature value.
Device Authentication	This is the 16th byte from	N/A
Signature the 2nd word	the 9th byte of the
	Signature value.
Device Authentication	This is the 24th byte from	N/A
Signature the 3rd word	the 17th byte of the
	Signature value.
Device Authentication	This is the 32th byte from	N/A
Signature the 4th word	the 25th byte of the
	Signature value.

3.6.1.2. Outputs

TABLE 13
Output APIs for Security
Signal Name	Description	Redundancy
Door lock (1st	Status of the current	N/A
left) status	1st-left door lock
Door lock (1st	Status of the current	N/A
right) status	1st-right door lock
Door lock (2nd	Status of the current	N/A
left) status	2nd-left door lock
Door lock (2nd	Status of the current	N/A
right) status	2nd-right door lock
Trunk Lock status	Status of the current	N/A
	trunk (back door) lock
Central door	Status of the current	N/A
lock status	all door lock
Alarm system status	Status of the current	N/A
	vehicle alarm
Device Authentication	This is the 8th byte from the 1st	N/A
Seed the 1st word	byte of the Seed value.
Device Authentication	This is the 16th byte from the 9th	N/A
Seed the 2nd word	byte of the Seed value.
Trip Counter	This counter is incremented in	N/A
	units of trips by the Freshness
	Value management master ECU.
Reset Counter	This counter is incremented	N/A
	periodically by the Freshness
	Value management master ECU.
1st Left Door	Status of the current 1st-left door	N/A
Open Status	open/close of the vehicle platform
1st Right Door	Status of the current 1st-right door	N/A
Open Status	open/close of the vehicle platform
2nd Left Door	Status of the current 2nd-left door	N/A
Open Status	open/close of the vehicle platform
2nd Right Door	Status of the current 2nd-right door	N/A
Open Status	open/close of the vehicle platform
Trunk Status	Status of the current trunk door	N/A
	open of the vehicle platform
Hood Open Status	Status of the current hood	N/A
	open/close of the vehicle platform

3.6.2. Details of Each API for Security

3.6.2.1. Door Lock (front) command, Door Lock (rear) command

Values

	Value	Description	Remarks
	0	No Request
	1	Lock	Not supported in Toyota VP
	2	Unlock
	3	Reserved

Remarks

• • If ADK requests for unlocking front side, both front doors are unlocked.
  • If ADK requests for unlocking rear side, both 2nd row and trunk doors are unlocked.
  • If ADK requests for locking any door, it should use “Central door lock command.”

(The functionality for individual locking is not supported in Toyota VP.)

3.6.2.2. Central door lock command

Request to control all doors' lock

Values

	Value	Description	Remarks
	0	No Request
	1	Lock (all)
	2	Unlock (all)
	3	Reserved

Remarks

• • N/A

3.6.2.3. Device Authentication Signature the 1st word, Device Authentication Signature the 2nd word, Device Authentication Signature the 3rd word, Device Authentication Signature the 4th word, Device Authentication Seed the 1st word, Device Authentication Seed the 2nd word

Device Authentication Signature the 1st word is presented in from 1st to 8th bytes of the signature.

Device Authentication Signature the 2nd word is presented in from 9th to 16th bytes of the signature.

Device Authentication Signature the 3rd word is presented in from 17th to 24th bytes of the signature.

Device Authentication Signature the 4th word is presented in from 25th to 32nd bytes of the signature.

Device Authentication Seed the 1st word is presented in from 1st to 8th bytes of the seed.

Device Authentication Seed the 2nd word is presented in from 9th to 16th bytes of the seed.

3.6.2.4. Door lock (1st left) status

Values

	Value	Description	Remarks
	0	Reserved
	1	Locked
	2	Unlocked
	3	Invalid

Remarks

• • N/A

3.6.2.5. Door lock (1st right) status

Values

	Value	Description	Remarks
	0	Reserved
	1	Locked
	2	Unlocked
	3	Invalid

Remarks

• • N/A

3.6.2.6. Door lock (2nd left) status

Values

	Value	Description	Remarks
	0	Reserved
	1	Locked
	2	Unlocked
	3	Invalid

Remarks

• • N/A

3.6.2.7. Door lock (2nd right) status

Values

	Value	Description	Remarks
	0	Reserved
	1	Locked
	2	Unlocked
	3	Invalid

Remarks

• • N/A

3.6.2.8. Door lock status of all doors

Values

	Value	Description	Remarks
	0	Reserved
	1	All Locked
	2	Anything Unlocked
	3	Invalid

Remarks

• • In case any doors are unlocked, “Anything Unlocked.”
  • In case all doors are locked, “All Locked.”

3.6.2.9. Alarm system status

Values

Value	Description	Remarks
0	Disarmed	Alarm System is not activated.
1	Armed	Alarm System is activated without alarming.
2	Active	Alarm System is activated, and the alarm is
		beeping.
3	Invalid

Remarks

N/A

3.6.2.9.1. Trip Counter

This counter is incremented in a unit of trips by the Freshness Value management master ECU.

Values

0—FFFFh

Remarks

• • This value is used to create a Freshness value.
  • For details, please refer to the other material [the specification of Toyota's MAC module].

3.6.2.9.2. Reset Counter

This counter is incremented periodically by the Freshness Value management master ECU.

Values

0—FFFFFh

Remarks

• • This value is used to create a Freshness value.
  • For details, please refer to the other material [the specification of Toyota's MAC module].

3.6.2.10. 1st Left Door Open Status Status of the current 1st-left door open/close of the vehicle platform

Values

	Value	Description	Remarks
	0	Reserved
	1	Open
	2	Closes
	3	Invalid

Remarks

• • N/A

3.6.2.11. 1st Right Door Open Status

Status of the current 1st-right door open/close

Values

	Value	Description	Remarks
	0	Reserved
	1	Open
	2	Close
	3	Invalid

Remarks

N/A

3.6.2.12. 2nd Left Door Open Status

Status of the current 2nd-left door open/close

Values

	Value	Description	Remarks
	0	Reserved
	1	Open
	2	Close
	3	Invalid

Remarks

N/A

3.6.2.13. 2nd Right Door Open Status

Status of the current 2nd-right door open/close

Values

	Value	Description	Remarks
	0	Reserved
	1	Open
	2	Close
	3	Invalid

Remarks

N/A

3.6.2.14. Trunk Status

Status of the current trunk door open/close

Values

Value	Description	Remarks
0	Reserved
1	Open
2	Close
3	Invalid

Remarks

N/A

3.6.2.15. Hood Open Status

Status of the current hood open/close

Values

Value	Description	Remarks
0	Reserved
1	Open
2	Close
3	Invalid

Remarks

N/A

4. API Guides to control Toyota Vehicles

This section shows in detail the way of using APIs for Toyota vehicles.

4.1. APIs for Vehicle Motion Control

4.1.1. API List for Vehicle Motion Control

Input and output APIs for vehicle motion control are shown in Table 14 and Table 15, respectively. Usage guides of some APIs are presented in the following sections as indicated in each table.

4.1.1.1. Inputs

TABLE 14
Input APIs for Vehicle Motion Control
			Usage
Signal Name	Description	Redundancy	Guide
Propulsion	Request for shift change	N/A	4.1.2.1
Direction	from/to forward (D range)
Command	to/from back (R range)
Immobilization	Request for turning on/off	Applied	4.1.2.2
Command	WheelLock
Standstill	Request for keeping on/off	Applied	4.1.2.3
Command	stationary
Acceleration	Request for	Applied	4.1.2.1
Command	acceleration/deceleration		4.1.2.2
			4.1.2.3
			4.1.2.4
Front Wheel Steer	Request for front wheel	Applied	4.1.2.5
Angle Command	steer angle
Vehicle Mode	Request for changing from/to	Applied	4.1.2.6
Command	manual mode to/from
	Autonomous Mode
High Dynamics	Request for increasing braking	Applied	—
Command	response performance*
*Reaction time in VP upon a request from ADK

4.1.1.2. Outputs

TABLE 15
Output APIs for Vehicle Motion Control
			Usage
Signal Name	Description	Redundancy	Guide
Propulsion	Current shift status	N/A	—
Direction
Status
Immobilization	Status of immobilization	Applied	4.1.2.2
Status	(e.g. EPB and Shift P)		4.1.2.3
Standstill Status	Standstill status	N/A	4.1.2.3
Estimated Gliding	Estimated vehicle	N/A	—
Acceleration	acceleration/deceleration
	when throttle is fully
	closed
Estimated maximum	Estimated maximum	Applied	—
acceleration	acceleration
Estimated maximum	Estimated maximum	Applied	—
deceleration	deceleration
Front wheel steer	Front wheel steer angle	Applied	4.1.2.5
angle
Front wheel steer	Front wheel steer angle	Applied	—
angle rate	rate
Front wheel steer	Road wheel angle rate	Applied	—
angle rate limitation	limit
Estimated maximum	Estimated max lateral	Applied	—
lateral acceleration	acceleration
Estimated maximum	Estimated max lateral	Applied	—
lateral acceleration	acceleration rate
rate
Intervention of	This signal shows whether	N/A	4.1.2.4
accelerator pedal	the accelerator pedal is
	depressed by a driver
	(intervention)
Intervention of	This signal shows whether	N/A	—
brake pedal	the brake pedal is depressed
	by a driver (intervention)
Intervention of	This signal shows whether	N/A	4.1.2.5
steering wheel	the steering wheel is turned
	by a driver (intervention)
Intervention of	This signal shows whether	N/A	—
shift lever	the shift lever is controlled
	by a driver (intervention)
Wheel speed pulse	Pulse from wheel speed	N/A	—
(front left)	sensor (Front Left Wheel)
Wheel rotation	Rotation direction of wheel	N/A	—
direction	(Front Left)
(front left)
Wheel speed pulse	Pulse from wheel speed	N/A	—
(front right)	sensor (Front Right Wheel)
Wheel rotation	Rotation direction of wheel	N/A	—
direction	(Front Right)
(front right)
Wheel speed pulse	Pulse from wheel speed	Applied	—
(rear left)	sensor (Rear Left Wheel)
Wheel rotation	Rotation direction of wheel	Applied	—
direction	(Rear Left)
(Rear left)
Wheel speed pulse	Pulse from wheel speed	Applied	—
(rear right)	sensor (Rear Right Wheel)
Wheel rotation	Rotation direction of	Applied	—
direction	wheel (Rear Right)
(Rear right)
Traveling direction	Moving direction of	Applied	4.1.2.1
	vehicle		4.1.2.3
Vehicle velocity	Estimated longitudinal	Applied	4.1.2.2
	velocity of vehicle
Longitudinal	Estimated longitudinal	Applied	—
acceleration	acceleration of vehicle
Lateral	Sensor value of lateral	Applied	—
acceleration	acceleration of vehicle
Yawrate	Sensor value of Yaw rate	Applied	—
Slipping Detection	Detection of tire	Applied	—
	glide/spin/skid
Vehicle mode state	State of whether	Applied	4.1.2.6
	Autonomous Mode, manual
	mode or others
Readiness for	Situation of whether the	Applied	4.1.2.6
autonomization	vehicle can transition to
	Autonomous Mode or not
Failure status of	This signal is used to show	Applied	—
VP functions for	whether VP functions have
Autonomous Mode	some failures mode when
	a vehicle works as
	Autonomous Mode.
PCS Alert Status	Status of PCS (Alert)	N/A	—
PCS Preparation	Status of PCS (Prefill)	N/A	—
Status
PCS Brake/PCS	Status of PCS (PB/PBH)	N/A	—
Brake Hold Status
ADS/PCS	ADS/PCS arbitration status	N/A	—
arbitration status

4.1.2. API guides in Details for Vehicle Motion Control

4.1.2.1. Propulsion Direction Command

Please refer to 3.2.2.1 for value and remarks in detail.

FIG. 13 shows shift change sequences in detail.

First deceleration is requested by Acceleration Command and the vehicle is stopped. When Traveling direction is set to “standstill”, any shift position can be requested by Propulsion Direction Command. (In FIG. 13, “D”→“R”).

Deceleration has to be requested by Acceleration Command until completing shift change.

After shift position is changed, acceleration/deceleration can be chosen based on Acceleration Command.

While Vehicle mode state=Autonomous Mode, driver's shift lever operation is not accepted.

4.1.2.2. Immobilization Command

Please refer to 3.2.2.2 for value and remarks in detail.

FIG. 14 shows how to activate/deactivate immobilization function.

Deceleration is requested with Acceleration Command to make a vehicle stop. When Vehicle velocity goes to zero, Immobilization function is activated by Immobilization Command=“Applied”. Acceleration Command is set to Deceleration until Immobilization Status is set to “Applied”.

When deactivating Immobilization function, Immobilization Command=“Released” has to be requested and simultaneously Acceleration Command has to be set as deceleration until confirming Immobilization Status=“Released”.

After Immobilization function is deactivated, the vehicle can be accelerated/decelerated based on Acceleration Command.

4.1.2.3. Standstill Command

Please refer to 3.2.2.3 for value and remarks in detail.

In case where Standstill Command is set as “Applied”, brakehold function can be ready to be used and brakehold function is activated in a condition where a vehicle stops and Acceleration Command is set as Deceleration (<0). And then Standstill Status is changed to “Applied”. On the other hand, in case where Standstill Command is set as “Released”, brakehold function is deactivated.

FIG. 15 shows standstill sequences.

To make a vehicle stop, deceleration is requested with Acceleration Command.

When the vehicle stops for a while, Traveling direction is changed to “standstill”. Even during Standstill status=“Applied”, deceleration shall be requested with Acceleration Command.

If you want the vehicle to move forward, Acceleration Command is set as Acceleration (>0). Then brake hold function is released and the vehicle is accelerated.

4.1.2.4. Acceleration Command

Please refer to 3.2.2.4 for value and remarks in detail.

The below shows how a vehicle behaves when an acceleration pedal is operated.

In case where the accelerator pedal is operated, a maximum acceleration value of either 1) one calculated from accelerator pedal stroke or 2) Acceleration Command input from ADK is chosen. ADK can see which value is selected by checking Intervention of accelerator pedal.

The below shows how a vehicle behaves when a brake pedal is operated.

Deceleration value in the vehicle is the sum of 1) one calculated from the brake pedal stroke and 2) one requested from ADK.

4.1.2.5. Front Wheel Steer Angle Command

Please refer to 3.2.2.5 for value and remarks in detail.

The below shows the way of using Front Wheel Steer Angle Command.

Front Wheel Steer Angle Command is set as a relative value from Front wheel steer angle.

For example, in case where Front wheel steer angle=0.1 [rad] and a vehicle goes straight;

If ADK would like to go straight, Front Wheel Steer Angle Command should be set to 0+0.1=0.1[rad].

If ADK requests to steer by −0.3 [rad], Front Wheel Steer Angle Command should be set to −0.3+0.1=−0.2 [rad].

The below shows how a vehicle behaves when a driver operates the steering.

A maximum value is selected either from 1) one calculated from steering wheel operation by the driver or 2) one requested by ADK.

Note that Front Wheel Steer Angle Command is not accepted if the driver strongly operates the steering wheel. This situation can be found by Intervention of steering wheel flag.

4.1.2.6. Vehicle Mode Command

The state machine of mode transition for Autono-MaaS vehicle is shown in FIG. 16.

The explanation of each state is shown as follows.

State    Description
Manual   A vehicle begins with this state and is under a control
         of a human driver.
         ADK cannot give any controls (except some commands)
         to VP.
         Power mode status and Vehicle mode state are in the
         followings:
         Power mode status = Wake or Drive
         Vehicle mode state = Manual Mode
Autonomy ADK can communicate to VP after authentication is
         successful.
         VP is under the control of the ADK as a result of being
         issued “Request for Autonomy.”
         Power mode status and Vehicle mode state are in
         the followings:
         Power mode status = Drive
         Vehicle mode state = Autonomous Mode

The explanation of each transition is shown as follows.

Transition Conditions
a          When the following conditions are established, the mode
           will be transitioned from Manual to Autonomy:
           The ADK is authenticated,
           Power mode status = Drive,
           Readiness for autonomization = Ready For Autonomy
           Vehicle Mode Command = Request For Autonomy.
b          When the following conditions are established, the mode
           will be transitioned from Autonomy to Manual:
           Vehicle Mode Command = Deactivation Request.

4.2. APIs for BODY Control

4.2.1. API List for BODY Control

4.2.1.1. Inputs

TABLE 16
Input APIs for BODY Control
			Usage
Signal Name	Description	Redundancy	Guide
Turnsignal	Command to control the	N/A	—
command	turnsignallight mode of
	the vehicle platform
Headlight	Command to control the	N/A	—
command	headlight mode of the
	vehicle platform
Hazardlight	Command to control the	N/A	—
command	hazardlight mode of the
	vehicle platform
Horn pattern	Command to control the	N/A	—
command	pattern of horn ON-time
	and OFF-time per cycle
	of the vehicle platform
Horn cycle	Command to control the	N/A	—
command	number of horn ON/OFF
	cycles of the vehicle
	platform
Continuous horn	Command to control of	N/A	—
command	horn ON of the vehicle
	platform
Front windshield	Command to control the	N/A	—
wiper command	front windshield wiper
	of the vehicle platform
Rear windshield	Command to control the	N/A	—
wiper command	rear windshield wiper
	mode of the vehicle
	platform
HVAC (1st row)	Command to start/stop 1st	N/A	—
operation command	row air conditioning control
HVAC (2nd row)	Command to start/stop 2nd	N/A	—
operation command	row air conditioning control
Target temperature	Command to set the target	N/A	—
(1st left)	temperature around front
command	left area
Target temperature	Command to set the target	N/A	—
(1st right)	temperature around front
command	right area
Target temperature	Command to set the target	N/A	—
(2nd left)	temperature around rear
command	left area
Target temperature	Command to set the target	N/A	—
(2nd right)	temperature around rear
command	right area
HVAC fan	Command to set the fan	N/A	—
(1st row)	level on the front AC
command
HVAC fan	Command to set the fan	N/A	—
(2nd row)	level on the rear AC
command
Air outlet	Command to set the mode	N/A	—
(1st row)	of 1st row air outlet
command
Air outlet	Command to set the mode	N/A	—
(2nd row)	of 2nd row air outlet
command
Air recirculation	Command to set the air	N/A	—
command	recirculation mode
AC mode command	Command to set the AC	N/A	—
	mode

4.2.1.2. Outputs

TABLE 17
Output APIs for BODY Control
			Usage
Signal Name	Description	Redundancy	Guide
Turnsignal	Status of the current	N/A	—
status	turnsignallight mode of the
	vehicle platform
Headlight	Status of the current	N/A	—
status	headlight mode of the
	vehicle platform
Hazardlight	Status of the current	N/A	—
status	hazardlight mode of the
	vehicle platform
Horn status	Status of the current horn	N/A	—
	of the vehicle platform
Front windshield	Status of the current front	N/A	—
wiper status	windshield wiper mode of
	the vehicle platform
Rear windshield	Status of the current rear	N/A	—
wiper status	windshield wiper mode of
	the vehicle platform
HVAC	Status of activation of the	N/A	—
(1st row) status	1st row HVAC
HVAC	Status of activation of the	N/A	—
(2nd row) status	2nd row HVAC
Target temperature	Status of set temperature of	N/A	—
(1st left) status	1st row left
Target temperature	Status of set temperature of	N/A	—
(1st right) status	1st row right
Target temperature	Status of set temperature of	N/A	—
(2nd left) status	2nd row left
Target temperature	Status of set temperature of	N/A	—
(2nd right) status	2nd row right
HVAC fan	Status of set fan level of	N/A	—
(1st row) status	1st row
HVAC fan	Status of set fan level of	N/A	—
(2nd row) status	2nd row
Air outlet	Status of mode of 1st row	N/A	—
(1st row) status	air outlet
Air outlet	Status of mode of 2nd row	N/A	—
(2nd row) status	air outlet
Air recirculation	Status of set air	N/A	—
status	recirculation mode
AC mode status	Status of set AC mode	N/A	—
Seat occupancy	Seat occupancy status in	N/A	—
(1st right) status	1st left seat
Seat belt	Status of driver's seat	N/A	—
(1st left) status	belt buckle switch
Seat belt	Status of passenger's	N/A	—
(1st right) status	seat belt buckle switch
Seat belt	Seat belt buckle switch	N/A	—
(2nd left) status	status in 2nd left seat
Seat belt	Seat belt buckle switch	N/A	—
(2nd right) status	status in 2nd right seat

4.3. APIs for Power Control

4.3.1. API List for Power Control

4.3.1.1. Inputs

TABLE 18
Input APIs for Power Control
			Usage
Signal Name	Description	Redundancy	Guide
Power mode command	Command to control the	N/A	—
	power mode of VP

4.3.1.2. Outputs

TABLE 19
Output APIs for Power Control
			Usage
Signal Name	Description	Redundancy	Guide
Power mode status	Status of the current power	N/A	—
	mode of VP

4.4. APIs for Failure Notification

4.4.1. API List for Failure Notification

4.4.1.1. Inputs

TABLE 20
Input APIs for Failure Notification
				Usage
	Signal Name	Description	Redundancy	guide
	N/A	—	—	—

4.4.1.2. Outputs

TABLE 21
Output APIs for Failure Notification
			Usage
Signal Name	Description	Redundancy	guide
Request for ADS Operation	—	Applied	—
Impact detection signal	—	N/A	—
Performance deterioration	—	Applied	—
of Brake system
Performance deterioration	—	N/A	—
of Propulsion system
Performance deterioration	—	N/A	—
of Shift control system
Performance deterioration	—	Applied	—
of Immobilization system
Performance deterioration		Applied	—
of Steering system
Performance deterioration		Applied	—
of Power supply system
Performance deterioration		Applied	—
of Communication system

4.5. APIs for Security

4.5.1. API List for Security

Input and output APIs for Security are shown in Table 22 and Table 23, respectively. Usage guides of some APIs are presented in the following sections as indicated in each table.

4.5.1.1. Inputs

TABLE 22
Input APIs for Security
			Usage
Signal Name	Description	Redundancy	Guide
Door Lock (front)	Command to control 1st	N/A	—
command	both doors lock
Door Lock (rear)	Command to control 2nd	N/A	—
command	both doors and trunk
	lock
Central door lock	Command to control the	N/A	—
command	all door lock
Device Authentication	This is the 8th byte from	N/A	4.5.2.1
Signature the 1st	the 1st byte of the
word	Signature value.
Device Authentication	This is the 16th byte	N/A	4.5.2.1
Signature the 2nd	from the 9th byte of the
word	Signature value.
Device Authentication	This is the 24th byte	N/A	4.5.2.1
Signature the 3rd	from the 17th byte of the
word	Signature value.
Device Authentication	This is the 32th byte	N/A	4.5.2.1
Signature the 4th	from the 25th byte of the
word	Signature value.

4.5.1.2. Outputs

TABLE 23
Output APIs for Security
			Usage
Signal Name	Description	Redundancy	Guide
Door lock (1st	Status of the current	N/A	—
left) status	1st-left door lock
Door lock (1st	Status of the current	N/A	—
right) status	1st-right door lock
Door lock (2nd	Status of the current	N/A	—
left) status	2nd-left door lock
Door lock (2nd	Status of the current	N/A	—
right) status	2nd-right door lock
Central door lock	Status of the current all	N/A	—
status	door lock
Alarm system status	Status of the current	N/A	—
	vehicle alarm
Device Authentication	This is the 8th byte	N/A	—
Seed the 1st word	from the 1st byte of the
	Seed value.
Device Authentication	This is the 16th byte	N/A	—
Seed the 2nd word	from the 9th byte of the
	Seed value.
Trip Counter	This counter is	N/A	—
	incremented in units
	of trips by the
	Freshness Value
	management master
	ECU.
Reset Counter	This counter is	N/A	—
	incremented periodically
	by the Freshness Value
	management master
	ECU.
1st Left Door Open	Status of the current	N/A	—
Status	1st-left door open/close
	of the vehicle platform
1st Right Door Open	Status of the current	N/A	—
Status	1st-right door open/close
	of the vehicle platform
2nd Left Door Open	Status of the current	N/A	—
Status	2nd-left door open/close
	of the vehicle platform
2nd Right Door Open	Status of the current	N/A	—
Status	2nd-right door open/close
	of the vehicle platform
Trunk Status	Status of the current	N/A	—
	trunk door open of the
	vehicle platform
Hood Open Status	Status of the current	N/A	—
	hood open/close of the
	vehicle platform

4.5.2. API guides in Details for Security

4.5.2.1. Device Authentication Protocol

Device authentication is applied when the VCIB is activated from “Sleep” mode.

After the authentication succeeds, the VCIB can start to communicate with ADK.

Authentication process is as shown in FIG. 17 Authentication Process.

Authentication Specification

	Item	Specification	Note
	Encryption algorithms	AES	FIPS 197
	Key length	128 bit	—
	Block cipher modes of operation	CBC	SP 800-38A
	Hash algorithms	SHA-256	FIPS 180-4
	Seed length	128 bit	—
	Signature length	256 bit	—

Though an embodiment of the present disclosure has been described, it should be understood that the embodiment disclosed herein is illustrative and non-restrictive in every respect. The scope of the present disclosure is defined by the terms of the claims and is intended to include any modifications within the scope and meaning equivalent to the terms of the claims.

Claims

1. A vehicle platform on which an autonomous driving system is mountable, the vehicle platform comprising: a vehicle; anda vehicle control interface box that interfaces between the vehicle and the autonomous driving system, whereinthe vehicle control interface box provides a signal that indicates a driver input onto a button for switching between on and off of the vehicle to the autonomous driving system.

2. A vehicle control interface box that interfaces between a vehicle included in a vehicle platform on which an autonomous driving system is mountable and the autonomous driving system, the vehicle control interface box comprising: a processor; anda memory in which a program executed by the processor is stored, whereinthe processor provides a signal that indicates a driver input onto a button for switching between on and off of the vehicle to the autonomous driving system in accordance with the program.

3. An autonomous driving system configured as being mountable on a vehicle platform, the vehicle platform including a vehicle and a vehicle control interface box that interfaces between the vehicle and the autonomous driving system, the autonomous driving system comprising: a compute assembly; anda communication module that communicates with the vehicle control interface box, whereinthe compute assembly is programmed to receive a signal that indicates a driver input onto a button for switching between on and off of the vehicle from the vehicle control interface box through the communication module.

4. The autonomous driving system according to claim 3, wherein when the compute assembly receives the signal that indicates the driver input a prescribed number of times or more within a prescribed time period, the compute assembly determines that the button is held.