MOTOR VEHICLE WITH A DRIVING BEHAVIOR WHICH CAN BE MODIFIED AT A LATER STAGE USING AN APPLICATION PROGRAM
1 Assignment
0 Petitions
Accused Products
Abstract
A motor vehicle has a processor device to run application programs in a first communication zone and a storage device for vehicle control data, by which a driving behavior of the motor vehicle is determined. The storage device is arranged in a second communication zone of the motor vehicle. In order to allow a modification of the vehicle control data at a later stage using an application program and thus provide protection against an undesired manipulation of the vehicle control data, the first and the second communication zones are coupled by a monitoring device that forwards new data, which an application program is attempting to transmit from the first communication zone into the second communication zone, to the second communication zone only if the monitoring device has detected that the new data leads to a safe motor vehicle driving behavior defined by a specified safety criterion.
-
Citations
26 Claims
-
1-12. -12. (canceled)
-
13. A motor vehicle comprising:
-
a communication device to perform wireless data communication with a device outside the motor vehicle, the device outside the motor vehicle being at least one of a vehicle-external appliance and another motor vehicle; a processor device to execute application programs in a first communication zone, to perform data interchange between the application programs and the device outside the motor vehicle using the communication device; a memory device for vehicle control data that stipulate a driving behavior for the motor vehicle, the memory device being arranged in a second communication zone of the motor vehicle; and a monitoring device to couple the first and second communication zones to monitor new data, which one of the application programs attempts to transmit from the first communication zone to the second communication zone, to recognize whether the new data result in a safe driving behavior for the motor vehicle that is defined by a prescribed safety criterion, and to forward the new data to the second communication zone only if the new data result in the safe driving behavior, wherein the motor vehicle has at least one property selected from the group consisting of; the motor vehicle stores a plurality of preinstalled, selectable characteristic maps and the monitoring device takes the new data as a basis for enabling and activating at least one of the preinstalled characteristic maps for use as vehicle control data in the motor vehicle, the monitoring device performs a simulation for a driving behavior that results from the new data and forwards the new data only if the simulation shows that an admissible driving behavior is obtained in accordance with a predetermined plausibility criterion, and the motor vehicle contains a third communication zone, which is coupled to the first communication zone via the monitoring device, the third communication zone having a memory to store secret data, the secret data being at least one of vehicle-related secret data and person-related secret data, the secret data being for at least one of an online payment and an online service, the monitoring device permitting data access from the first communication zone to the third communication zone only with a valid authentication code. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method for monitoring action in vehicle control data that stipulate a driving behavior for a motor vehicle, comprising:
-
monitoring, using a monitoring device, a connection between a first communication zone, in which an application program that provides new data for altering the vehicle control data is executed, and a second communication zone, in which the vehicle control data are stored in a memory device; after recognizing an attempt to transmit the new data from the first communication zone to the second communication zone, checking the new data by the monitoring device for whether use of the new data as vehicle control data will result in a safe driving behavior for the motor vehicle that is defined by a safety criterion; and permitting, by the monitoring device, transmission of the new data to the second communication zone only if the new data will result in the safe driving behavior, wherein the method has at least one property selected from the group consisting of; the motor vehicle stores a plurality of preinstalled, selectable characteristic maps and the monitoring device takes the new data as a basis for enabling and activating at least one of the preinstalled characteristic maps for use as vehicle control data in the motor vehicle, the monitoring device performs a simulation for a driving behavior that results from the new data and forwards the new data only if the simulation shows that an admissible driving behavior is obtained in accordance with a predetermined plausibility criterion, and the motor vehicle contains a third communication zone, which is coupled to the first communication zone via the monitoring device, the third communication zone having a memory to store secret data, the secret data being at least one of vehicle-related secret data and person-related secret data, the secret data being for at least one of an online payment and an online service, the monitoring device permitting data access from the first communication zone to the third communication zone only with a valid authentication code. - View Dependent Claims (26)
-
Specification