Externally reprogrammable vehicular microcomputer with hardware lock-out of unauthorized memory modifications

US 4,751,633 A
Filed: 03/11/1985
Issued: 06/14/1988
Est. Priority Date: 03/20/1984
Status: Expired due to Term

First Claim

Patent Images

1. An externally reprogrammable computer system, responsive to an external programming unit (P,1), for an automotive vehicle (5) having a control unit (2) includinga microprocessor or computer (23);

a non-volatile, read-only programmable memory (EEPROM) (25) permanently connected to the computer (23) and addressed by the computer for entry of data into the memory and for retrieval of data from the memory for carrying out computation operations by the computer,means (24) interconnecting said microprocessor and memory;

means (26) transmitting operating data from the vehicle to the computer (23);

means (27) for transmitting computed data from the computer to the vehicle, for controlling vehicle operations in accordance with the computed data,the computer receiving the operating data and computing the control data based on the received operating data and on data stored in said memory (25),comprisingreprogramming authorization and transmission means (13,11,12,21,22) includingan interface (3, 11,

12) connecting the external programming unit (1) to the microprocessor (23) in the control unit (2) and signaling said programming unit when data have been accurately transmitted over the interface;

means in said memory (25) making said memory normally non-responsive to writing instructions from said microprocessor and to any stray voltages on said means (24) interconnecting said microprocessor and memory; and

a release-enable bus (13) coupled from said external programming unit (1) through said interface to the memory (25) and authorizing writing of new program data into the memory only when said external programming unit has received from said interface (3) an "accurate transmission" signal.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To prevent change of data in a non-volatile programmable, ready-only memory (25) forming, together with a microprocessor (23) a control unit, for example for an automotive vehicle, while permitting programming of the memory from an external programming unit (P, 1), an interface (3, 11, 12) is provided through which a release-enable bus (13) also passes, data being transmitted in accordance with a predetermined characteristic--even or odd parity--, the parity correctness being checked. If the parity is correct, an "enter" signal is provided on the release-enable bus for storing the data; if not, retransmission is attempted for a predetermined number of time, and if it cannot be correctly effected, a malfunction indication output signal is generated.

Citations

16 Claims

1. An externally reprogrammable computer system, responsive to an external programming unit (P,1), for an automotive vehicle (5) having a control unit (2) includinga microprocessor or computer (23);
- a non-volatile, read-only programmable memory (EEPROM) (25) permanently connected to the computer (23) and addressed by the computer for entry of data into the memory and for retrieval of data from the memory for carrying out computation operations by the computer,means (24) interconnecting said microprocessor and memory;
  
  means (26) transmitting operating data from the vehicle to the computer (23);
  
  means (27) for transmitting computed data from the computer to the vehicle, for controlling vehicle operations in accordance with the computed data,the computer receiving the operating data and computing the control data based on the received operating data and on data stored in said memory (25),comprisingreprogramming authorization and transmission means (13,11,12,21,22) includingan interface (3, 11,
  
  12) connecting the external programming unit (1) to the microprocessor (23) in the control unit (2) and signaling said programming unit when data have been accurately transmitted over the interface;
  
  means in said memory (25) making said memory normally non-responsive to writing instructions from said microprocessor and to any stray voltages on said means (24) interconnecting said microprocessor and memory; and
  
  a release-enable bus (13) coupled from said external programming unit (1) through said interface to the memory (25) and authorizing writing of new program data into the memory only when said external programming unit has received from said interface (3) an "accurate transmission" signal.
- View Dependent Claims (2, 3, 4, 5)
- - 2. System according to claim 1, wherein the control unit (2) is located within a closed housing;
    - and wherein said interface (3, 11,
      
      12) includes a separable plug-connection to permit separation of the programming unit (1) electrically and mechanically from the interface and the control unit, the interface being secured to the housing.
  - 3. System according to claim 1, wherein the interface provides for serial transmission of at least one of:
    - data words;
      
      command words through the interface.
  - 4. System according to claim 3, wherein the control unit (2) comprises a further interface element (21) having a serial input coupled to the interface (3) and a parallel output (22) coupled to the computer (23).
  - 5. System according to claim 1, wherein the memory (25) comprises at least one of:
    - an electronically erasable programming read-only memory (EEPROM);
      
      a non-volatile random access memory (NVRM).

6. Method of assuring data integrity in the memory (25) of an on-board vehicular microcomputer system, forming a part of a control unit (2), before and during programming thereof by a separate external programming unit (1), said control unit (2) having a computer or microprocessor (23),a memory (25) connected in data exchange relation with said microprocessor (23),an interface (3, 11, 12) connected during operation to said external programming unit (1),a data bus (11, 12), interconnecting said interface (3) and said microprocessor (23), anda release-enable bus (13) interconnecting said interface and said memory, said memory (25) responding to writing signals only when said release-enable bus is energized and "locking out" writing signals at all other times, comprising the steps oftransmitting, on said data bus, between the programming unit (1) and the computer, data having a predetermined characteristic;
- analyzing the data, in that one (2) of the units which is receiving data, for correctness of the characteristic; and
  
  providing on said data bus (12), selectively;
  
  (a) if the characteristic is correct, a "correct" signal;
  
  (b) enabling the release-enable bus (13) for storage of the data in the memory (25) only if said correct signal is present; and
  
  (c) continuing transmission of data;
  
  or(d) if the characteristic is incorrect, an "error" signal to that one of the units which was transmitting the data; and
  
  (e) entering an "error transmission" subroutine until correctness of the characteristic is detected and terminating transmission if, after a predetermined number of incorrect transmissions, no correct characteristic is detected.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 7. Method according to claim 6, wherein the data transmission through said interface (3, 11, 12) includes back-and-forth transmission of signals representative of whether the characteristics are proper for the type of transmission in accordance with a predetermined code, so that transmission between the units is in the form of an interplay, or "handshake" sequence.
  - 8. Method according to claim 6, wherein the data bus includes a data transmission bus (11) and an "acknowledgement" bus (12);
    - and wherein the transmission of data from the programming unit (1) to the control unit (2) is transmitted over the data transmission bus (11), and data transmission from the control unit to the programming unit (1) is carried over the acknowledgement bus (12).
  - 9. Method according to claim 6, wherein said data transmission bus comprises a bidirectional bus and a control bus indicating the direction of transmission from the programming unit (1) to the control unit (2) or reverse, respectively.
  - 10. Method according to claim 6, wherein said characteristic comprises a predetermined code representative of parity;
    - and wherein command data transmitted from the programming unit (1) to the control unit (2) have a parity which differs from parity of data and addresses transmitted from the programming unit to the control unit for processing in the computer (23) and storage in the memory (25), respectively.
  - 11. Method according to claim 6, including the step of testing, in that one of the units which is the receiving unit of data (e.g., 2), a received data block for bit errors;
    - and wherein, upon detection of a bit error, the "error" subroutine comprises;
      
      requesting retransmission of the data block;
      
      retesting the transmitted data;
      
      upon detection of correctness, enabling the release-enable bus, orupon continued detection of error, repeating retransmission for said predetermined number of times;
      
      and, if, after the predetermined number of times have not resulted in correct transmission, providing said "malfunction" output.
  - 12. Method according to claim 6, including the steps of retransmitting from the control unit (2) to the programming unit (1) the data stored in the memory (25) after entry of data therein;
    - comparing the data read from the memory (25) and retransmitted to the programming unit (1) with the data originally sent from the programming unit (1);
      
      and, upon detection of non-equality, providing a malfunction or "error" output signal.
  - 13. Method according to claim 6, including the steps of retransmitting the data stored in the memory after entry of data therein from the programming unit (1) to the programming unit;
    - comparing the data read from the memory and retransmitted to the programming unit (1) with the data sent therefrom;
      
      repeating retransmission of data from the memory to the programming unit and retesting the data for correctness;
      
      continuing to repeat retransmission of data and testing for a predetermined number of times and, if after said predetermined number of times, correctness of stored data is not determined, providing a malfunction output signal.
  - 14. Method according to claim 6, wherein the computer is coupled to means (26) for transmitting sensed operating data from a vehicle to the computer (23) and to means (27) for transmitting computed operation control data from the computer to the vehicle in accordance with data computed by the computer based on received sensed operating data and operating data retrieved from the memory, including the steps ofproviding the sensed operating data under standard conditions;
    - comparing the derived data with desired, or command data under said standard conditions;
      
      determining deviation of the sensed data from the command data, and forming a correction constant or correction factor;
      
      and entering the correction constant or correction factor in the memory (25).
  - 15. Method according to claim 14, wherein, in operation of the vehicle, data retrieved by the computer for computing the operation control data include said correction constant or factor for calibration and weighing of the retrieved data by said correction constant or factor.
  - 16. Method according to claim 15, including the step of storing a plurality of correction constants or factors in dependence on a plurality of standard conditions relating to an operating parameter of the vehicle;
    - and including the step of interpolating the respective constants or factors if the sensed operating data are related to a parameter at a value intermediate of two adjacent standard conditions for which the correction constants or factors were determined.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Robert Bosch GmbH
Original Assignee
Robert Bosch GmbH
Inventors
Hersel, Walter, Mayer, Dieter, Henn, Michael, Hertzler, Siegfried, Jautelat, Rudiger, Meyer, Klaus-Gerd, Mezger, Manfred, Kirschner, Michael, Jundt, Werner, Kaiser, Gunther
Primary Examiner(s)
NOT, DEFINED
Assistant Examiner(s)
Ure, Michael J.

Application Number

US06/710,171
Time in Patent Office

1,191 Days
Field of Search

364/200 MS File, 364/900 MS File, 364/431.12, 371/32, 371/49
US Class Current

714/18
CPC Class Codes

F02D 41/249   Methods for preventing the ...

F02D 41/266   the computer being backed-u...

G05B 19/0426   Programming the control seq...

G05B 2219/23215   Check data validity in ram,...

G05B 2219/23345   Memory is eeprom

G05B 2219/25153   Checking communication

G05B 2219/25154   Detect error, repeat transm...

G05B 2219/25178   Serial communication, data,...

G06F 11/1402   Saving, restoring, recoveri...

G06F 13/4213   with asynchronous protocol

G06F 8/654   using techniques specially ...

G11C 16/102   External programming circui...

Externally reprogrammable vehicular microcomputer with hardware lock-out of unauthorized memory modifications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Externally reprogrammable vehicular microcomputer with hardware lock-out of unauthorized memory modifications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links