In the automotive technology sector, conventionally, malfunctions of components of the motor vehicle are detected and such malfunctions are responded to. Conventionally, the operation of the vehicle under emergency conditions in such a situation is continued, or else, the driving operation is terminated in a safe manner. In the conventional safety concepts for control units in the automotive sector, the response to the occurrence of a dangerous malfunctions usually consists of turning off the faulty system, especially in the case of malfunctions in the drive train or the engine area. This usually leads to a termination of the driving operation. Malfunctioning components having a sporadically occurring fault may also be reactivated, e.g., by turning the ignition off and on. If the sporadically occurring fault is no longer present upon reactivation, the system may be put into operation again, possibly with certain restrictions.
In the case of permanent faults that are not directly safety-relevant or dangerous, however, the affected system may continue to be operated under certain conditions, e.g., with a warning signal to the driver. According to the currently prevailing safety concept, however, the system either is switched off automatically, or its operation is continued automatically with an appropriate warning to the driver.
The disadvantage of the conventional systems is that it cannot be reliably ascertained whether the driver has actually become aware of the warning, since, for example, the ignition operation cannot be distinguished from the conventional use during normal operation. In addition, the conventional safety concept does not take into account that certain faults, given corresponding knowledge of the driver, do not constitute a danger, or else, a controllable danger, so that it is possible to safely operate the vehicle nevertheless, in an operation under emergency conditions.