Secured microcontroller architecture

US 6,981,176 B2
Filed: 02/14/2002
Issued: 12/27/2005
Est. Priority Date: 05/10/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A controller, comprising:

a primary processing unit;

a secondary processing unit coupled to the primary processing unit;

a common memory coupled to the primary and secondary processing units, the common memory containing a control algorithm, wherein the primary and secondary processing units are adapted to run the control algorithm;

a functional compare module coupled to the primary, processing unit and the secondary processing unit for comparing a primary output of the primary processing unit and a secondary output of the secondary processing units after the control algorithm has been run by the primary and secondary processing units; and

,at least one bus, wherein the common memory, primary and secondary processing units, and function compare module are coupled to the at least one bus, wherein the functional compare module is adapted to read signals on the at least one bus, generate a signature of the signals, compare the generated signature with a reference signal and detect a fault if the signals are not the same.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A microcontroller unit (MCU) having a primary, or main, processing unit, a secondary processing unit coupled to the primary processing unit, and a common memory coupled to the primary and secondary processing units is disclosed. A functional compare module is coupled to the primary processing unit and the secondary processing unit for comparing a primary output of the primary processing unit and a secondary output of the secondary processing units to detect a fault if the primary output and the secondary output are not the same. The invention provides a method for detecting a fault in the MCU including the steps of reading a control algorithm stored in the common memory by the primary processing unit, reading the control algorithm stored in the common memory by the secondary processing unit, comparing the primary output and the secondary output and responsively detecting a fault, if the primary output does not match the second output.

Citations

34 Claims

1. A controller, comprising:
- a primary processing unit;
  
  a secondary processing unit coupled to the primary processing unit;
  
  a common memory coupled to the primary and secondary processing units, the common memory containing a control algorithm, wherein the primary and secondary processing units are adapted to run the control algorithm;
  
  a functional compare module coupled to the primary, processing unit and the secondary processing unit for comparing a primary output of the primary processing unit and a secondary output of the secondary processing units after the control algorithm has been run by the primary and secondary processing units; and
  
  ,at least one bus, wherein the common memory, primary and secondary processing units, and function compare module are coupled to the at least one bus, wherein the functional compare module is adapted to read signals on the at least one bus, generate a signature of the signals, compare the generated signature with a reference signal and detect a fault if the signals are not the same.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A controller, as set forth in claim 1, wherein the functional compare module is adapted to detect a fault if the primary output and the secondary output are not the same.
  - 3. A controller, as set forth in claim 1, wherein the primary output and the secondary output are data.
  - 4. A controller, as set forth in claim 1, wherein the primary output and the secondary output are control signals.
  - 5. A controller, as set forth in claim 1, wherein the functional compare module is adapted to perform diagnostics upon startup of the controller.
  - 6. A controller, as set forth in claim 1, wherein the at least one bus includes an address bus, a data bus, and a control bus.
  - 7. A controller, as set forth in claim 1, wherein the primary processing unit is coupled to a system for control of the system, and wherein the secondary processing unit is adapted to control the system if a fault is detected in the primary processing unit.
  - 8. A controller, as set forth in claim 7, wherein the secondary processing unit is coupled to a second system for control of the second system.

9. A controller, comprising:
- a primary processing unit;
  
  a secondary processing unit coupled to the primary processing unit;
  
  a common memory coupled to the primary and secondary processing units, the common memory containing a control algorithm, wherein the primary and secondary processing units are adapted to run the control algorithm;
  
  a functional compare module coupled to the primary processing unit and the secondary processing unit for comparing a primary output of the primary processing unit and a secondary output of the secondary processing units after the control algorithm has been run by the primary and secondary processing units; and
  
  ,at least one peripheral module coupled to the primary processing unit, wherein the at least one peripheral nodule includes a built in self test circuit for detecting faults within the peripheral module, the built in self test circuit being coupled to the primary processing unit.

10. A method for detecting a fault in a controller, the controller including a primary processing unit, a secondary processing unit coupled to the primary processing unit, a common memory coupled to the secondary and primary processing units, and at least one peripheral module coupled to the primary processing unit, including the steps of:
- reading a control algorithm stored in the common memory by the primary processing unit;
  
  reading the control algorithm stored in the common memory by the secondary processing unit;
  
  comparing a primary output of the primary processing unit and a secondary output of the secondary processing unit and responsively detecting a fault; and
  
  ,detecting a fault within the peripheral module using a built in self test circuit coupled to the primary processing unit.
- View Dependent Claims (11, 12, 13)
- - 11. A method, as set forth in claim 10, wherein the primary output and the secondary output are data.
  - 12. A method, as set forth in claim 10, wherein the primary output and the secondary output are control signals.
  - 13. A method, as set forth in claim 10, including the step of performing diagnostics upon startup of the controller.

14. An apparatus for controlling a first system of a motor vehicle, comprising:
- a primary processing unit for performing a first set of functions with respect to the first system;
  
  a secondary processing unit coupled to the primary processing unit;
  
  a common memory coupled to the primary and secondary processing units, the common memory containing a control algorithm, wherein the primary and secondary processing units are adapted to run the control algorithm;
  
  a functional compare module coupled to the primary processing unit and the secondary processing unit for comparing a primary output of the primary processing unit and a secondary output of the secondary processing units after the control algorithm has been run by the primary and secondary processing units; and
  
  ,at least one bus, wherein the common memory, primary memory and secondary processing units, and function compare module are coupled to the at least one bus, wherein the functional compare module is adapted to read signals on the at least one bus, generate a signature of the signals, compare the generated signature with a reference signal and detect a fault if the signals are not the same.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 15. An apparatus, as set forth in claim 14, wherein the first system is a brake system.
  - 16. An apparatus, as set forth in claim 14, wherein the first system is a steering system.
  - 17. An apparatus, as set forth in claim 16, wherein the steering system is a steer by wire system.
  - 18. An apparatus, as set forth in claim 14, wherein the first system is an engine control system.
  - 19. An apparatus, as set forth in claim 14, wherein the functional compare module is adapted to detect a fault if the primary output and the secondary output are not the same.
  - 20. An apparatus, as set forth in claim 14, wherein the primary output and the secondary output are data.
  - 21. An apparatus, as set forth in claim 14, wherein the primary output and the secondary output are control signals.
  - 22. An apparatus, as set forth in claim 14, wherein the functional compare module is adapted to perform diagnostics upon startup of the apparatus.
  - 23. An apparatus, as set forth in claim 14, wherein the secondary processing unit is adapted to control the first system if a fault is detected in the primary processing unit.
  - 24. An apparatus, as set forth in claim 23, wherein the secondary processing unit is coupled to a second system for control of the second system.

25. An apparatus for controlling a first system of a motor vehicle, comprising:
- a primary processing unit for performing a first set of functions with respect to the first system;
  
  a secondary processing unit coupled to the primary processing unit;
  
  a common memory coupled to the primary and secondary processing units, the common memory containing a control algorithm, wherein the primary and secondary processing units are adapted to run the control algorithm;
  
  a functional compare module coupled to the primary processing unit and the secondary processing unit for comparing a primary output of the primary processing unit and a secondary output of the secondary processing units after the control algorithm has been run by the primary and secondary processing units; and
  
  ,at least one bus, wherein the common memory, primary and secondary processing units, and functional compare module are coupled to the at least one bus, wherein the functional compare module is adapted to read signals on the at least one bus, generate a signature of the signals, compare the generated signature with a reference signal and detect a fault if the signals are not the same.
- View Dependent Claims (26)
- - 26. An apparatus, as set forth in claim 25, wherein the at least one bus includes an address bus, a data bus, and a control bus.

27. A method for detecting a fault in a controller for use in a motor vehicle, the controller including a primary processing unit, a secondary processing unit coupled to the primary processing unit, at least one peripheral module coupled to the primary processing unit, and a common memory coupled to the secondary and primary processing units, including the steps of:
- reading a control algorithm stored in the common memory by the primary processing unit;
  
  reading the control algorithm stored in the common memory source by the secondary processing unit;
  
  comparing a primary output of the primary processing unit and a secondary output of the secondary processing unit and responsively detecting a fault; and
  
  ,detecting faults within the peripheral module using a built in self test circuit coupled to the primary processing unit.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34)
- - 28. A method, as set forth in claim 27, wherein the primary processing unit controls a brake system.
  - 29. A method, as set forth in claim 27, wherein the primary processing unit controls a steering system.
  - 30. A method, as set forth in claim 29, wherein the steering system is a steer by wire system.
  - 31. A method, as set forth in claim 27, wherein the primary processing unit controls an engine control system.
  - 32. A method, as set forth in claim 27, wherein the primary output and the secondary output are data.
  - 33. A method, as set forth in claim 27, wherein the primary output and the secondary output are control signals.
  - 34. A method, as set forth in claim 27, including the step of performing diagnostics upon startup of the controller.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Delphi Technologies, Inc. (BorgWarner Incorporated)
Inventors
Helm, Troy L., Fruehling, Terry L.
Primary Examiner(s)
Beausoliel, Robert
Assistant Examiner(s)
DUNCAN, MARC M

Application Number

US10/075,972
Publication Number

US 20020077782A1
Time in Patent Office

1,412 Days
Field of Search

714/10, 714/11, 714/13, 714/45, 714/25, 714/36, 701/76, 701/92, 701/33, 701/31, 701/43
US Class Current

714/11
CPC Class Codes

G06F 11/1008   in individual solid state d...

G06F 11/1641   where the comparison is not...

G06F 11/1654   where the output of only on...

Secured microcontroller architecture

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Secured microcontroller architecture

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links