The present invention relates to the remote control of functionalities of a vehicle, particularly of a motor vehicle, by a mobile terminal. In particular, the invention relates to a control system for a vehicle, to a vehicle itself having such a control system, to a vehicle management system, and also to a method for operating a mobile terminal and to a corresponding computer program. The mobile terminal can be used to remotely control, particularly to remotely trigger, using a mobile terminal, functionalities of a vehicle that are determined on said vehicle, which has previously been selected, particularly reserved, using the vehicle management system.
Information technology and telecommunications engineering today provides a multiplicity of different radio-based communication technologies by which data can be transmitted efficiently and at ever increasing data rates over various distances. In this context, such technologies are also being used increasingly in connection with modern vehicle engineering, particularly in the automotive sector.
Against this background, the prior art discloses solutions, for example, that involve a short-range, cryptographically encrypted radio link between a vehicle key and the vehicle being used to unlock the vehicle when the key is in proximity to the vehicle, particularly in this case in a particular position relative to the vehicle, without this requiring the key to be mechanically inserted into a vehicle lock (this is also referred to by the key word “Keyless Entry”).
The iBeacon technology from Apple Inc., which is based on the Bluetooth® Low Energy standard (BT 4.0 or “BLE”) or future follow-up generations therefor, provides an example of an inexpensive solution, which is also beneficial from the point of view of power consumption, to identifying items using a small radio chip (tagging) that regularly transmits information packets unidirectionally. By measuring the reception power on reception of such information packets on a suitable receiver, for example a mobile terminal, such as a smartphone, it is possible, besides simply being able to receive the information packet, to derive an at least coarse estimate of the distance between the transmitter (tag) and the receiver too. On this basis, the applicant is familiar, within the company, with a locating technology in which a vehicle key or another item to be located in the vehicle itself or in the environment thereof can be located using radio technology, with bidirectional communication being set up between the item to be located (key) and the vehicle. This locating technology, which allows zone-based location of items in the vehicle or in the environment thereof using Bluetooth® technology, is described particularly in the German patent application DE 10 2014 217 504.6, which is hereby included herein in its entirety by way of reference.
Moreover, in recent years, vehicle reservation solutions have increasingly been developed that allow a vehicle, for example a rental car, to be reserved via the internet. For this purpose, most of these systems require prior registration of a user making the reservation in order to establish a business relationship with the operator of the vehicle or of the vehicle reservation solution.
The international patent application WO 2010/144490 A1 describes a reservation solution of this kind in which a mobile communication device is used in order to send a radio signal to a receiver in a reserved vehicle, wherein the signal contains identification information that identifies the user of the terminal to the vehicle. The terminal has a display apparatus having input capability that the user can use to send a request to the vehicle to control a particular function of the vehicle.
Furthermore, the international patent application WO 02/01508 A1 discloses an automatic rental system for a vehicle fleet, which rental system is provided with a central automatic fleet management system. The latter can use data connections to communicate with local data processing systems that are installed in each vehicle of the fleet. Moreover, each of the vehicles has a configurable user interface provided on it for potential renters, said user interface being accessible from outside the vehicle, being connected to the local data processing system and being able to be used to rent the vehicle in conjunction with the fleet management system.
The American patent application US 2013/0325521 A1 describes a rental system for vehicles in which a computer system is provided in each vehicle for rent. This computer system can be used to receive identification information, originating from a central remote reservation computer system and containing an identity of a driver for the vehicle, and to unlock the respective vehicle if the identity of the driver can be confirmed. This can be done particularly on the basis of the identity of a portable computer device of the driver that communicates with the computer system of the vehicle via a radio link.
Against this background, the invention is based on the object of providing an even more improved solution to managing, particularly reserving, and subsequently controlling a correspondingly managed vehicle using a mobile terminal.
A first aspect of the invention relates to a control system for a vehicle, particularly a controller. The vehicle may particularly be a motor vehicle. The control system has a control unit, a first communication interface for the communication link to a remote vehicle management system, a second communication device for the communication link to a mobile terminal and at least one control interface for actuating one or more vehicle components for providing associated vehicle functionalities. In this case, the control unit is set up:
to use the first communication interface to obtain identification information from the vehicle management system;
to use the second communication interface to output a first identifier that the identification information contains;
to use the second communication interface to obtain a second identifier from a mobile terminal;
to check whether the second identifier corresponds to the first identifier according to a first predetermined rule; and
if this is the case, to trigger or alter at least one predetermined vehicle functionality by actuating one or more vehicle components associated with the at least one vehicle functionality via the at least one control interface as appropriate.
A “vehicle” within the context of the invention is intended to be understood to mean any kind of vehicle that can be used to transport one or more persons and/or cargo. In particular, an automobile, a truck, a motorcycle, a bus, a bicycle or a trailer for one of the vehicles cited above is a vehicle within the context of the invention. This particularly also applies to the traction unit and the cars of a train, to a watercraft or an aircraft, particularly an airplane.
A “control system” within the context of the invention is intended to be understood to mean a system consisting of multiple components that is provided for integration into a vehicle, particularly a motor vehicle, and is set up to actuate one or more other vehicle components in terms of control or regulation using appropriate signals. In particular, a control system may be what is known as a controller of a vehicle.
A “control unit” within the context of the invention is intended to be understood to mean a component of a control system that is set up to obtain data and to evaluate said data, or to process them further, and particularly to take this as a basis for generating control signals for actuating other vehicle components. The control unit may particularly be formed by one or more processors on which one or more computer programs can run, the computer program(s) in turn being able to be stored in a memory. Instead of this or in addition, the control unit can particularly also contain “hardwired” circuit logic.
A “communication link” within the context of the invention is intended to be understood to mean a communications connection for transmitting information, particularly data. In particular, a communication link can be provided by electrical signals, optical signals or wirelessly by radio signals, the information to be transmitted being impressed on the signals (signal modulation). The appropriate methods are well known to a person skilled in the art from communications engineering.
A “communication interface” within the context of the invention is intended to be understood to mean an apparatus of a technical entity, particularly of a control system, that can be used to provide a communication link to at least one other technical entity directly, or indirectly via at least one interposed communication device (for example a radio interface or a gateway). In particular, there may be a communication interface physically by virtue of a connecting apparatus to an electrically conductive or optical or wireless connection. Furthermore, the communication interface can have the capacity for data processing or conditioning that can be used to transmit data or other information in a predetermined manner at the transmitter end and to process said data or information at the receiver end. This can be accomplished particularly by what are known as communication protocols. As such, apparatuses for connecting a technical entity, particularly a controller, to bus systems (e.g. CAN, MOST, etc.) or other communication networks (e.g. Ethernet, mobile radio, WLAN, Bluetooth®) and in this case particularly to the Internet are also “communication interfaces” in the aforementioned sense, for example.
A “control interface” within the context of the invention is intended to be understood to mean a communication interface that is set up to send data for controlling or regulating other system components, particularly vehicle components, to said system components via an appropriate communication link and optionally also to receive data or other signals emanating from said system components. Where reference is made here to a first and a second communication interface, these may be embodied either separately or as a single joint interface, with different communication links being able to be provided by the same communication interface in the latter case. Similarly, when they are implemented, one or more control interfaces may be coincident among one another or with a communication interface at least in part.
A “mobile terminal” within the context of the invention is intended to be understood to mean a portable electronic device that has at least one communication device for setting up an in particular wireless communication link, and furthermore has a processor on which a computer program can run. In particular, modern cell phones, including what are known as “smartphones”, and portable computers, particularly what are known as “tablet computers” or “smart watches”, having the aforementioned functionality are “mobile terminals” within the context of the invention.
Within the context of the invention, “remote control” and “remote triggering” of vehicle functionalities by a mobile terminal are intended to be understood to mean, in particular, indirect control that involves the mobile terminal establishing a communication link to the control unit of the control system of the vehicle, which control unit subsequently actuates the at least one vehicle component governing the respective vehicle functionality.
An “identifier” within the context of the invention is intended to be understood to mean a piece of information, particularly a characteristic feature, symbol or a totality of characteristic features or symbols for explicitly identifying something. In particular, data and signals, for example characteristic bit sequences or modulated radio signals that can be used to identify a source or a transmitter of the or signals, are “identifiers” within the context of the invention. The check to determine whether the second identifier corresponds to the first identifier according to a first predetermined rule may particularly involve checking whether the two identifiers match or can be converted into one another according to a predetermined, in particular mathematical, operation or are correlated with one another according to a prescribed correlation specification, particularly such that an associated correlation coefficient is on the other side of a predetermined threshold. In a variant, it is also possible for the first and second identifiers, in analogy to the known cryptographic RSA method, to be a pair of keys corresponding to one another (private and public keys in the RSA analogy).
The control system according to the invention can be used to control or regulate one or more functionalities of a vehicle via a mobile terminal if previously both the control system in the vehicle and the terminal have obtained, particularly from a vehicle management system, appropriate identification information that allow the control system to identify the terminal. In this case, the communication between the control system and the mobile terminal can advantageously take place using a generally used radio technology without the need for a proprietary solution in order to ensure the requisite security of the data transmission. Furthermore, widely used conventional mobile terminals can be used without the need for specific terminals. It is therefore possible to use such devices in the possession of the user of the solution without the operator of a reservation system or of a vehicle rental facility, for example, needing to purchase or provide specific terminals.
In comparison with conventional identification of a mobile terminal to the vehicle, a security advantage can also be obtained, since the functionalities of the vehicle are triggered only if the terminal has the identification information output by the vehicle management system and transmits said identification information at least in part in the form of an identifier to the vehicle. Finally, control of the vehicle in order to trigger appropriate functionalities by the mobile terminal following reception of the identification information also requires no active operator control of the terminal and no interaction with the vehicle by the user, although they are optionally still possible.
Preferred embodiments of the control system and the developments thereof are described below, said developments each being able to be combined arbitrarily with one another and with the other aspects of the invention described below, unless this is expressly ruled out.
According to a first preferred embodiment, the control unit is moreover set up to predetermine the at least one vehicle functionality, at least inter alia, on the basis of the identification information. In particular, the identification information may contain the specification of which vehicle functionalities are intended to be enabled or else disabled for control by the mobile terminal or in what parameter ranges (e.g. volume range for an audible signal) a particular functionality can be operated, or indeed cannot, so that the control system can implement this as appropriate and hence allows selected control by the terminal. In this manner, it is particularly possible for control of the vehicle to be personalized, the user of the vehicle being able to be assigned appropriate personal identification information that can be transmitted to the control system, which identification information can differ from user to user. In addition, it is possible for further criteria, for example limitations on functionalities in respect of security aspects, in addition to the identification information, to form a basis for predetermination of the vehicle functionalities. Such further criteria may already be present in the control unit, for example in a memory.
According to a further preferred embodiment, the control system moreover has a locating apparatus that is set up to obtain a signal transmitted by a mobile terminal, and to use the signal to perform location of the mobile terminal in the local environment of the vehicle and to transmit a position of the terminal ascertained in the process to the control unit. In this case, the control unit is moreover set up to determine the at least one vehicle functionality, at least inter alia, on the basis of the position of the terminal ascertained during location. The locating can in this case be determined particularly on the basis of the signal strength of the received signal or the time profile of said signal strength. It is also possible for multiple antennas or receivers arranged at different locations to be used in order to establish propagation time differences and to infer distances and directions therefrom in order to deduce the at least approximate position of the terminal from the received signals. In this manner, the control unit also has the approximate position of the mobile terminal available, which can be used, inter alia, to make control of the vehicle functionalities also dependent on the absolute position or the relative position of the terminal in relation to the vehicle, and, by way of example, to trigger unlocking of a locking system of the vehicle only when the terminal is already in direct proximity to the vehicle.
In a preferred development of this embodiment, the locating apparatus is moreover set up to perform zone-based location of the terminal, which involves the position of the terminal being associated with a particular predetermined zone in the local environment of the vehicle. Such a locating system is described particularly in the aforementioned German patent application DE 10 2014 217 504.6. In this case, the control unit is moreover set up to determine the at least one vehicle functionality, at least inter alia, on the basis of the zone associated with the position of the terminal during location. In this manner, the vehicle functionalities to be controlled can also be selected and prioritized by the control unit depending on the identified zone in which the terminal is located or a chronological sequence of multiple such zones. In particular, this can be effected, in a first variant, such that when the terminal, and hence its user, approaches from an exterior environment of the vehicle into a direct near field of the vehicle (for example when an ascertained distance of the terminal from the vehicle is below a predefined threshold x), the doors of said vehicle are unlocked. In a further variant, the trunk can be deliberately unlocked when the terminal approaches the trunk of the vehicle from the exterior environment thereof. In yet a further variant, this can be effected such that when the terminal approaches the vehicle in a zone situated to the side thereof, only one or more doors on this side of the vehicle are unlocked, particularly only after the terminal has stayed there for a predetermined time. This particularly allows specific coordination of the functionalities of the vehicle that are to be controlled, in particular triggered, by the terminal to the needs of the user.
According to a further preferred embodiment, the at least one vehicle functionality comprises at least one of the following:                activation of at least one illuminant of the vehicle;        termination of the output, particularly transmission, of the first identifier;        unlocking of a locking system of the vehicle, optionally additionally with active opening of the vehicle closure secured with the locking system;        deactivation of an engine immobilizer of the vehicle;        output of an audible or visual signal;        activation of an infotainment installation, particularly of a car radio;        starting of an engine or of another actuator of the vehicle.        
In particular, the vehicle functionalities can comprise what is known as a welcome presentation, which involves the at least one illuminant and/or an audible or visual signal being used by the vehicle, under the control of the control unit, to react to the approach of the mobile terminal in order to catch the attention of or to greet an approaching user. The vehicle closures secured with a locking system may be particularly doors, windows or trunk lids or doors of the vehicle. Other possible actuators of the vehicle are, inter alia, mechanisms for opening a top, for extending recessed headlights or for opening a sliding roof.
In this way, many and diverse options, including combinations of the aforementioned functionalities, can be made available, this being able to be used particularly for personalization, where vehicle functions for remote control or remote triggering can be selected by the mobile terminal of the user on a user-specific basis.
According to a further preferred embodiment, the identification information contains a cryptographic key and the control unit is moreover set up to act as a terminal station of a bidirectional communication link that runs via the second communication interface and is encrypted by means of the key, with the mobile terminal as a remote terminal station. In this manner, it is possible for a secure communication channel to be set up between the control system, particularly the control unit thereof, and the mobile terminal (pairing) and used in order to interchange information between the two parties in a secure manner. Hence, the security of the information transmission, particularly of information that can lead to the unlocking of locking installations of the vehicle or to deactivation of the engine immobilizer of the latter, can be increased by this secure channel and interception and possibly unauthorized use of information transmitted via the channel by unauthorized third parties can be hampered.
According to a first variant of this embodiment, the control unit is moreover set up to initiate setup of the encrypted communication link after it has obtained the second identifier via the second communication interface and the result of the check was that the second identifier corresponds to the first identifier according to the first predetermined rule. In this manner, the vehicle can use the control unit to take the initiative for setting up a secure communication channel to the terminal if, on the basis of an applicable result of the check, there is the certainty that the terminal has previously been authorized for the remote control or remote triggering of functionalities with the vehicle. Since the terminal has likewise obtained the key from the vehicle management system, it can act as a remote station for the encrypted channel and can communicate with the vehicle via the latter in secure fashion.
According to a second variant of this embodiment, the control unit is moreover set up:                to produce a random piece of information and to send it to the mobile terminal via the encrypted communication link,        to use the encrypted communication link to receive a third identifier from the mobile terminal, to check whether the third identifier corresponds to the random piece of information according to a second predetermined rule, and        only if this is also the case, to trigger or alter the at least one predetermined vehicle functionality by actuating one or more vehicle components associated with the at least one vehicle functionality via the at least one control interface as appropriate.        
In this case, a piece of “random information” is intended to be understood to mean a piece of information, particularly a bit sequence or a signal, that is produced by the control unit artificially, particularly according to an algorithm, for example a known random algorithm. What is known as “pseudo-random information” in the technical terminology is also “random information” within the context of the invention. According to this variant, the certainty that the mobile terminal is actually a device authorized for the remote control or remote triggering of functionalities of the vehicle can be increased even further by cumulatively introducing a further check that needs to be passed before the vehicle functionalities can be triggered or altered.
In a third vaiant of this embodiment, which can be used as an alternative or in addition to one or more of the aforementioned variants, the control unit is moreover set up to use the encrypted communication link to receive a fourth identifier from the mobile terminal, and to send a fifth identifier, corresponding thereto according to a third predetermined rule, to the mobile terminal via the encrypted communication link. According to this variant, the additional security check described in this embodiment can be initiated by the mobile terminal, whereupon the control system reacts accordingly. In respect of said checks according to the second and third predetermined rules, the statements already made regarding the check according to the first predetermined rule apply accordingly. The applicable rules can be predetermined particularly by configuration or programming of the control unit or of the mobile terminal.
According to a further preferred embodiment, the control unit is moreover set up:                to use the at least one control interface to receive a sensor signal from at least one sensor of the vehicle;        to check whether the received sensor signal satisfies a predetermined criterion; and        only if this is also the case, to trigger or alter the at least one predetermined vehicle functionality by actuating one or more vehicle components associated with the at least one vehicle functionality via the at least one control interface as appropriate.        
In this case, the sensor may particularly be a sensor that is provided and suitable for detecting an action, for example a movement by the user. This may particularly be a conventional interaction with the vehicle, such as grasping a door handle or a foot gesture in a spatial area beneath the trunk, for example. This allows security to be increased even further, and it is particularly possible to avoid (at least as yet) unintentional remote triggering, or remote triggering unnoticed by the user, of vehicle functionalities.
According to a further preferred embodiment, the control unit may moreover be set up to check whether a signal received from the mobile terminal indicates that the user has used the terminal to make a predetermined input or movement, and only if this is also the case, to trigger or alter the at least one predetermined vehicle functionality by actuating one or more vehicle components associated with the at least one vehicle functionality via the at least one control interface as appropriate. Hence, security with regard to correct authentication of an authorized terminal can be increased even further. This embodiment, in which a particular user activity takes place on the terminal rather than on the vehicle, can also increase security even further, and it is particularly possible to avoid (at least as yet) unintentional remote triggering, or remote triggering unnoticed by the user, of vehicle functionalities. This embodiment can also be used cumulatively with respect to the one described immediately above, although normally one of the two is sufficient to attain the advantages cited here.
A second aspect of the invention relates to a vehicle, particularly a motor vehicle, that has a control system according to the first aspect of the invention and also vehicle components for providing associated vehicle functionalities. In this case, the control system is connected to the vehicle components via its at least one control interface. In order to avoid repetition, reference is made to the preceding description relating to the first aspect of the invention, which is relevant in equal measure here.
A third aspect of the invention relates to a vehicle management system having at least one data processing unit and also a computer program having instructions that, when executed on the at least one data processing unit, prompt the latter to carry out the following steps:                electronic provision, via a communication network, of information that represents at least one option for the selection and management of a selected vehicle;        reception of management data transmitted via the communication network that represent a selection and management of a vehicle according to the at least one option and also an identity or network address of a mobile terminal;        production of identification information that contains a first identifier, a second identifier and a cryptographic key;        sending of the identification information to the vehicle identified by the management data and to the mobile terminal, in each case via an appropriate communication link.        
In this case, “management” of the vehicle within the context of the invention may be particularly reservation of the vehicle for a user, as can be used for rental vehicles (including “car sharing”), for example. As such, a user can use the communication network, which may be the internet, in particular, to have a selection of vehicles displayed to him, for example via an appropriate web page, and to specify an applicable selection of a vehicle and also of one or more desired vehicle functionalities or settings that are intended to be remotely controlled or remotely triggered via a mobile terminal of the user and to transmit said selection to the vehicle management system. This can be accomplished particularly by appropriate inputs on said web page or by an appropriate electronic message to the vehicle management system. The latter then produces the identification information, which is transmitted both to the reserved vehicle and to the mobile terminal of the user, so that the identification method described above can be carried out between the vehicle or the control unit and the terminal. The vehicle functionalities can be used particularly to draw the attention of a user approaching the vehicle to the vehicle in order to easily find the latter, for example in a parking garage or a car park having a multiplicity of vehicles. Furthermore, allowing convenient vehicle access, without the need for manual interaction with the vehicle, by remotely triggered unlocking of the vehicle is also a preferred application of the invention.
A fourth aspect of the invention relates to a method for operating a mobile terminal that has one or more communication devices for wireless communication with a remote party and a user interface for capturing inputs from a user and for outputting information to the user. In this case, the method comprises the following steps:                output of information on the user interface, which information represents at least one option for the selection and management of a vehicle;        capture of a user input on the user interface for the selection and management of a vehicle corresponding to one of the options;        sending of data denoting the selection and management of the vehicle to a vehicle management system according to the third aspect of the invention via the communication device;        reception, via the communication device, of identification information that has been sent by the vehicle management system and contains a first identifier, a second identifier and a cryptographic key;        reception, by one of the communication devices, of the first identifier transmitted by the reserved vehicle; and        transmission of the second identifier via one of the communication devices.        
In this case, the first three cited steps are used for selecting a vehicle and managing it on the mobile terminal, said management particularly in terms of selection of desired vehicle functionalities, and transmission thereof to a vehicle management system according to the invention. The fourth step is used for receiving the information required for identification to the vehicle control system from the vehicle management system, and the last two steps are finally used to perform this identification in order to be able to remotely trigger or remotely control the desired vehicle functionalities on the basis thereof.
In a variant of the method, after the identification information has been received, transmission of the second identifier is triggered according to one of the following criteria or according to a combination thereof:                immediately or at a defined interval of time after the identification information has been received;        after the physical distance of the terminal from the selected vehicle drops below a predetermined threshold value (geofencing); or        after the first identifier has been received on the terminal.        
In this case, geofencing can, in particular, be effected preferably such that the mobile terminal has a locating functionality of its own, for example position finding by means of a satellite navigation system (GPS, Galileo, Glonass, etc.), in order to be able to establish its own position thereby, and that the position of the vehicle, which likewise has a position finding system, is transmitted from the latter to the vehicle management system from that on to the mobile terminal. Direct transmission of the vehicle position from the vehicle to the mobile terminal is also additionally or alternatively possible.
In this manner, the behavior of the mobile terminal can be configured variably, particularly such that energy is expended for transmitting the second identifier only when it has been recognized that there is an increased likelihood of there being a successful identification, particularly on the basis of the arrival within a physical distance of the vehicle or the successful reception of the first identifier. Since mobile terminals are normally battery operated, this can increase battery life and hence the period of availability of the mobile terminal without recharging.
Finally, a fifth aspect of the invention relates to a computer program for operating a mobile terminal, having instructions that, when executed on the mobile terminal, prompt it to carry out the method according to the fourth aspect of the invention. The computer program may be available particularly in the form of what is known as an application (“app”) that can be loaded onto the mobile terminal particularly via the internet, for example from one of the known “app stores”, such as “App Store” from the Apple company or “Google Play Store” from the Google company, for example. In this manner, users can use their personal mobile terminals in order to bring about personalized remote triggering or remote control of vehicle functionalities, particularly as part of a vehicle reservation, in conjunction, according to the invention, with the vehicle or the control system thereof and a vehicle management system.
Other objects, advantages and novel features of the present invention will become apparent from the following detailed description of one or more preferred embodiments when considered in conjunction with the accompanying drawings.