1. Field of Invention
The present invention relates to a motor vehicle control device data transfer system and process. In particular, it relates to such a system and process for the transfer of data, subject to the risk of tampering, from a central data-processing unit at the motor vehicle manufacturer's to a motor vehicle data-processing unit, such as an electronic vehicle drive engine control device, in which tamper-free data transfer is guaranteed.
2. Description of Related Art
From the prior art, motor vehicles are known, in particular agricultural utility vehicles, such as agricultural tractors, with combustion engines, in particular Diesel engines. The individual component parts of these, such as the drive engine or immobilizer, are controlled by electronic control devices. With such vehicles it is necessary for these control devices to be programmed with data on completion of manufacture, in order to bring the vehicle into an operational state. With the example of a drive engine control device and an immobilizer control device, this means on the one hand that the immobilizer control device is programmed with features of permitted ignition keys. On the other, it means that the drive engine control device is programmed with a communication code for communicating with that immobilizer control device from which it will exclusively accept a start instruction. In order to prevent unauthorized use of the vehicle, it is necessary that this data transfer satisfies high security requirements and cannot be tampered with or compromised.
In addition to this, the drive engine control device is programmed with control data which in particular represents situation-dependent maximum torque values. These are, for example, functions which, depending on the present engine speed, impose a restriction on the maximum selectable desired torque of the drive engine in respect of different aspects, such as overheating protection, overload protection, emission, or performance class of the drive engine. In addition to this, drive engines of a model series are restricted differently in their performance, in order in this way to obtain models of drive engines which may be of the same structural design but are of different performance output. In order to prevent tampering with performance output or erroneous function of the drive engine by changing the programming of the drive engine control device, during operation of the vehicle a comparison is made between the control data and the reference data stored in the immobilizer control device. In order to prevent an unauthorized or illegal increase in performance output by tampering with the control data, it is necessary that this data transfer satisfies high security requirements and cannot be tampered with or compromised.
Such a secure transfer of this security-relevant data can be carried out relatively easily within a supervised area, such as the manufacturer's factory where the vehicle is made, in particular by organizational measures. However, if reprogramming of the electronic control devices of the vehicle becomes necessary due to a vehicle defect or error function, the vehicle has hitherto had to be taken to such a supervised area if the risk was to be excluded of third parties acquiring unauthorized access to the data to be transferred, or of unauthorized persons being able to tamper with the data transfer. This is the case, for example, if the immobilizer becomes blocked and prevents the operation of the vehicle. With agricultural utility vehicles in particular, which can only be transported with considerable effort, this leads to considerable trouble and costs.
The object of the present invention is to resolve this problem. In particular, it is the object of the present invention to provide a motor vehicle control device data transfer system and process which will allow control data to be transferred to control devices secure against tampering, even if the control devices are not taken to a supervised area.
The object is resolved by a system according to Claim 1 and a process according to Claim 16. Advantageous further embodiments are the subject matter of the sub-claims.