Method for carrying out a safety function of a vehicle and system for carrying out the method

US 20150210258A1
Filed: 08/28/2013
Published: 07/30/2015
Est. Priority Date: 08/29/2012
Status: Active Grant

First Claim

Patent Images

1-12. -12. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a system and a method for performing a safety function of a vehicle, control signals are generated and transferred to a functional unit of the vehicle by a control unit. The safety function is performed by the functional unit in dependence on the control signals. Diagnostic tests are repeatedly performed at time intervals, the diagnostic tests being used to check if a fault that can interfere with the performance of the safety function is present. Metadata of the data are transferred to the control unit by the communication system, the metadata containing information about systems. This information is used to determine at least one reliability value of the data by the control unit. In dependence on the at least one reliability value, the control unit checks if the transferred data are sufficiently reliable for the performance of the safety function.

12 Citations

View as Search Results

24 Claims

1-12. -12. (canceled)

13. A method for carrying out, using one or more of electrical, electronic and/or programmable systems (3-13), a safety function of a vehicle (2), the method comprising:
- transmitting data necessary for carrying out the safety function to a control unit (4) of the vehicle (2) by at least one communication system (3);
  
  the control unit (4) generating control signals as a function of the transmitted data and transmitting the generated control signals to a functional unit (5) of the vehicle (2);
  
  the functional unit (5) carrying out the safety function as a function of the generated control signals;
  
  repeatedly carrying out diagnostic tests at time intervals, the diagnostic tests checking whether a fault that can adversely affect the carrying out of the safety function is present in one or more of the electrical, electronic and/or programmable systems (3-13);
  
  the communication system (3) transmitting metadata of the transmitted data to the control unit (4), wherein the metadata contains information about the one or more of the electrical, electronic and/or programmable systems (3-13);
  
  the control unit (4) determining at least one reliability value of the transmitted data using the metadata information, which value is dependent;
  
  on the probability of the occurrence of failures or faults which can adversely affect the carrying out of the safety function, andon the probability that an occurrence of these failures or faults will be detected by the diagnostic tests and/or by a driver of the vehicle (2) in time before the safety function is adversely affected; and
  
  the control unit (4) checking, as a function of the at least one reliability value, whether the transmitted data is sufficiently reliable for carrying out the safety function.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 14. The method as claimed in claim 13, wherein, if the data necessary for carrying out the safety function is not completely present or is not sufficiently reliable,the data transmitted to the control unit (4) is not used to actuate the functional unit (5), and/ora deactivation signal is sent to the functional unit (5) by the control unit (4), wherein, after reception of this deactivation signal, the functional unit goes automatically into a safety mode in which the safety function cannot be carried out, and/orthe data is transmitted to the control unit (4) again after a predefined waiting time period, wherein the data is in this way transmitted to the control unit (4) until the data is completely present and sufficiently reliable.
  - 15. The method as claimed in claim 13, further comprising:
    - the control unit (4) actuating a signal generator (17) of the vehicle (2) to signal to the driver whether the data necessary for carrying out the safety function is completely present and sufficiently reliable.
  - 16. The method as claimed in claim 15, wherein if the data necessary for carrying out the safety function is not completely present or not sufficiently reliable, the control unit (4) actuates the signal generator (17) to signal to the driver the instantaneous non-availability of the safety function.
  - 17. The method as claimed in claim 13,wherein the data is produced as a function of measurement signals of at least one measuring unit (12, 13).
  - 18. The method as claimed in claim 13,wherein the at least one reliability value is determined as a function of at least one of failure rates l_SPF, l_RF, l_MPF, l_MPF,L, l_MPF,P, l_MPF,D, wherein each of said failure rates specifies the mean number of failures occurring within a time unit in the electrical, electronic and/or programmable systems (3-13), wherein the respective failure rates each relate exclusively to the following types of failures:
    - l_SPF;
      
      failures which, even when they occur alone, can adversely affect the carrying out of the safety function and the occurrence of which is not checked by the diagnostic tests and therefore also cannot be detected by the diagnostic tests in time before the safety function is adversely affected;
      
      l_RF;
      
      failures which, even when they occur alone, can adversely affect the carrying out of the safety function and the occurrence of which is checked by the diagnostic tests but is not detected by the diagnostic tests in time before the safety function is adversely affected;
      
      l_MPF,L;
      
      failures which, when they occur or are present at the same time as other failures, can adversely affect the carrying out of the safety function and the occurrence of which is not checked by the diagnostic tests;
      
      l_MPF,D;
      
      failures which, when they occur or are present at the same time as other failures, can adversely affect the carrying out of the safety function and the occurrence of which is checked by the diagnostic tests and detected in time before the safety function is adversely affected;
      
      l_MPF,P;
      
      failures which, when they occur or are present at the same time as other failures, can adversely affect the carrying out of the safety function and the occurrence of which is detected in time by the driver of the vehicle (2).
  - 19. The method as claimed in claim 18, wherein at least one reliability value of the at least one reliability value of the data is determined as a function of at least one value of a diagnostic coverage (D_CRF)
  - 20. The method as claimed in claim 18, wherein at least one reliability value of the at least one reliability value of the data is determined as a function of the value of the metric (M_SPF,RF)
  - 21. The method as claimed in claim 18, wherein the metadata is already transmitted to the control unit (4) during a starting process of the vehicle (2), in particular before a start of a journey, wherein at least one reliability value of the at least one reliability value of the data is determined as a function of the value of the diagnostic coverage (DC_MPF,L)
  - 22. The method as claimed in claim 18, wherein the metadata is already transmitted to the control unit (4) during a starting process of the vehicle (2), in particular before a start of a journey, wherein at least one reliability value of the at least one reliability value of the data is determined as a function of the value of the metric (M_MPF,L)
  - 23. The method as claimed in claim 13,wherein the functional unit (5) is an active or passive protection device of the vehicle (2), wherein:
    - the functional unit (5) is an electronic brake system and the safety function is an automatic brake booster, and/orthe functional unit (5) is an emergency braking assistant and the safety function is an automatically triggered full-braking or partial-braking operation of the vehicle (2), and/orthe functional unit (5) is an avoidance assistant and the safety function is automatic driving around an obstacle, and/orthe functional unit (5) is an ESC unit and the safety function is automatic stabilization of the vehicle (2), in particular by braking one or more wheels of the vehicle (2) and/or by throttling the engine power of the vehicle (2), and/orthe functional unit (5) is an airbag system, and the safety function is triggering of the airbag.

24. A system (1) for carrying out a safety function of a vehicle (2), the system (1) comprising:
- the vehicle;
  
  a control unit (4) of the vehicle (2);
  
  a functional unit (5) of the vehicle; and
  
  a communication system configured to transmit data necessary for carrying out the safety function to the control unit (4) of the vehicle (2),wherein;
  
  the control unit (4) is configured to generate control signals as a function of the transmitted data and to transmit the control signals to the functional unit (5) of the vehicle (2),the functional unit (5) is configured to implement the safety function as a function of the control signals,the system (1) is configured to carry out diagnostic tests repeatedly at time intervals to check whether a fault that can adversely affect the carrying out of the safety function is present in one or more electrical, electronic and/or programmable systems of the system (1),the communication system is configured to transmit metadata of the transmitted data to the control unit (4),the metadata contains information of one or more of electrical, electronic and programmable systems (3-13) of the system (1),the control unit (4) is configured to determine at least one reliability value of the data as a function of the metadata information, which reliability value is dependenton the probability of the occurrence of faults which can adversely affect the carrying out of the safety function, andon the probability that an occurrence of these faults will be detected by means of the diagnostic tests and/or by a driver of the vehicle (2) in good time before the safety function is adversely affected, andthe control unit (4) is configured to check, as a function of the at least one reliability value, whether the transmitted data is sufficiently reliable for carrying out the safety function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Continental Automotive GmbH (Continental AG)
Original Assignee
Continental Automotive GmbH (Continental AG)
Inventors
Ross, Hans-Leo, Erdem, Bettina

Granted Patent

US 9,566,966 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

B60T 2270/406   Test-mode; Self-diagnosis

B60T 8/00   Arrangements for adjusting ...

B60T 8/885   using electrical circuitry

B60W 50/045   Monitoring control system p...

H04L 1/20   using signal quality detector

H04L 1/22   using redundant apparatus t...

Method for carrying out a safety function of a vehicle and system for carrying out the method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

12 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method for carrying out a safety function of a vehicle and system for carrying out the method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links