Method to ensure safety integrity of a microprocessor over a distributed network for automotive applications
First Claim
1. A processor integrity system in a vehicle, the system comprising:
- m main processor modules that control at least m respective functions of the vehicle, where m is an integer greater than one; and
a monitoring processor module that controls at least one function of the vehicle, that communicates with the m main processor modules over a distributed vehicle network, that selectively transmits a first query to at least one of the m main processor modules over the distributed vehicle network, that receives a first answer from at least one of the m main processor modules over the distributed vehicle network, that selectively transmits a second query to at least one of the m main processor modules if the first answer does not match a first expected answer, that receives a second answer from the at least one of the m main processor modules over the distributed vehicle network, and that sends a request for remedial action for at least one of the m main processor modules to a remedial action module if the second answer does not match a second expected answer,wherein the first query and the second query are different and the first expected answer and second expected answer are different.
4 Assignments
0 Petitions
Accused Products
Abstract
A processor integrity system in a vehicle includes m main processor modules that control at least m respective functions of the vehicle, where m is n integer greater than or equal to one. A monitoring processor module controls at least one function of the vehicle, communicates with the m main processor modules over a distributed vehicle network, selectively transmits a query to at least one of the m main processor modules over the distributed vehicle network, receives an answer from the at least one of the m main processor modules over the distributed vehicle network, that verifies integrity of the at least one of the m main processor modules based on the answer.
8 Citations
17 Claims
-
1. A processor integrity system in a vehicle, the system comprising:
-
m main processor modules that control at least m respective functions of the vehicle, where m is an integer greater than one; and a monitoring processor module that controls at least one function of the vehicle, that communicates with the m main processor modules over a distributed vehicle network, that selectively transmits a first query to at least one of the m main processor modules over the distributed vehicle network, that receives a first answer from at least one of the m main processor modules over the distributed vehicle network, that selectively transmits a second query to at least one of the m main processor modules if the first answer does not match a first expected answer, that receives a second answer from the at least one of the m main processor modules over the distributed vehicle network, and that sends a request for remedial action for at least one of the m main processor modules to a remedial action module if the second answer does not match a second expected answer, wherein the first query and the second query are different and the first expected answer and second expected answer are different. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A processor integrity method in a vehicle, the method comprising:
-
controlling at least m respective functions of the vehicle using m respective main processor modules, where m is an integer greater than one; controlling at least one function of the vehicle using a monitoring processor module; communicating with the m main processor modules over a distributed vehicle network using the monitoring processor module; selectively transmitting a first query from the monitoring processor module to at least one of the m main processor modules over the distributed vehicle network; receiving a first answer from the at least one of the m main processor modules at the monitoring processor module over the distributed vehicle network; comparing the first answer to a first expected answer that is based on the first query to verify the integrity of the at least one of the m main processor modules using the monitoring processor module; transmitting a second query to the at least one of the m main processor modules if the first answer does not match the first expected answer, wherein the first query and the second query are different; receiving a second answer from the at least one of the m main processor modules over the distributed vehicle network; and sending a request for remedial action for the at least one of the m main processor modules to a remedial action module if the second answer does not match a second expected answer, wherein the first expected answer and the second expected answer are different. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
Specification