The present invention relates generally to programming of electronic control units (ECUs) in vehicles. More particularly the invention relates to an arrangement which enable access to a specification file in a memory unit using a special type of key, particularly useful for a motor vehicle. The invention also relates to a method of accessing such a specification file using a special key, a computer program adapted to control the method and a computer readable medium with control for the operations.
In order to improve the efficiency and flexibility, the automotive industry has developed towards an increased use of network solutions for controlling various kinds of units and processes in the vehicles. For instance, the Controller Area Network (CAN), the Time Triggered CAN (TTCAN), the FlexRay, the Media Oriented System Transport (MOST) and the ByteFlight standards specify means of accomplishing these types of networks in trucks, busses and other motor vehicles. By means of a CAN, or a similar network, a very large number of vehicle functions may be accomplished based on relatively few ECUs. Namely, by combining resources from two or more ECUs a flexible and efficient overall vehicular design is obtained. Moreover, multiple networks in a vehicle may be interconnected, so that ECUs belonging to different networks in the vehicle may exchange information. Typically, an ECU is used also to accomplish this bridging between the networks.
Naturally, in service and repair situations as well as when a vehicle is modified or rebuilt, it may be necessary to change or update control parameters, software etc in the ECUs. Therefore, it is generally essential that an external access be provided to the relevant ECUs and their memories, i.e. that a computer, which is normally not located on board the vehicle, can be connected to the vehicle when for example the vehicle visits a workshop.
The prior art includes various examples of solutions which allow an external computer access to a memory of an ECU. For instance, U.S. Pat. No. 5,787,367 describes a system for providing a secured programming/reprogramming of an onboard vehicle system. An interface tool here interconnects a selected onboard computer system and an authorized database. Thereby, after having performed a password and identification check, the interface tool establishes an encrypted connection between the selected onboard computer system and the authorized database, which is a central network resource. As a result, the authorized database may transfer data to the onboard computer system.
U.S. Pat. No. 5,521,588 discloses a solution according to which a local programming of a control device in a vehicle is accomplished. An external test device here transfers the contents of a data carrier to a vehicle configuration memory of a central control device in the vehicle. This transfer is performed via a plug-in connection to the central control device. The described programming is preferably carried out in connection with replacement, or so-called retrofitting, of a control device, such that old vehicle configuration data are overwritten with relevant current data.
The document I. Kreuz et al., “Exact Configuration Onboard—Onboard Documentation of Electrical and Electronic Systems consisting of ECUs, Data Busses and Software”, Daimler-Chrysler AG, ERA Conference 1999, Coventry, p. 5.2.1 ff, 1999 describes a solution wherein data regarding the exact configuration onboard (ECO) of a particular vehicle is stored in a central ECU of this vehicle. Thereby, any after sales departments may obtain technical information relevant for service, repair or extension operations by plugging in an external computer to the central ECU and reading out the vehicle's ECO.
Thus, there exist alternative means to read out and modify various data in devices and control units of a vehicle. However, none of the known solutions is fully satisfying, since flexibility cannot be provided while ensuring data authenticity. An encrypted online connection to a central resource, of course, vouches for the integrity of the data that is to be stored in a vehicular module. However, such a connection requirement renders the overall system vulnerable and relatively inflexible.
On the other hand, a strictly local solution, may indeed be flexible. Nevertheless, since no authentication system or corresponding security features are provided, the system becomes very vulnerable. Namely, without access restrictions, anyone may feed in any kind of data into the vehicular modules, and therefore the data quality may deteriorate drastically.