Fault-resilient automobile control system
First Claim
1. A fault-resilient automobile control system for an automobile having multiple electronic automobile components, each electronic automobile component having a local controller for controlling operation of the electronic automobile component, the automobile control system comprising:
- a master control unit electrically coupled to the electronic automobile components, the master control unit having a computer processor programmed to perform control tasks of the local controllers so that in an event that one of the local controllers fails, the master control unit controls the electronic automobile component in place of the failed local controller.
2 Assignments
0 Petitions
Accused Products
Abstract
A fault-resilient automobile control system integrates diverse and separate automobile components and provides fault-tolerance to component failure. The automobile control system includes a master control unit (MCU) electrically coupled via a primary data communications bus to the electronic automobile components. The MCU is master of the bus and manages data flow over the bus among the electronic automobile components. The MCU can be configured with a routing table to route data monitored in one component to one or more other components. The MCU is also capable of performing the same functions as those performed by local controllers at the electronic components. During initialization, driver software for all of the local controllers is downloaded and storded at the MCU. In the event that a local controller fails, the MCU executes the driver software for the failed controller to remotely control the electronic automobile component in place of the failed local controller. Switching logic is installed at each of the electronic components to selectively route data to the primary bus, circumventing the failed controller. The automobile control system has a secondary control unit (SCU) electrically coupled to the MCU via the primary bus. The SCU is a standalone computer that supports clients and other devices on a secondary support bus. The SCU is also configured to backup the MCU. During normal operation, the SCU is subordinate to and controlled by the MCU on the primary bus. In the event that the MCU fails, however, the SCU assumes control of the data communications network and manages the data flow among the electronic automobile components.
247 Citations
40 Claims
-
1. A fault-resilient automobile control system for an automobile having multiple electronic automobile components, each electronic automobile component having a local controller for controlling operation of the electronic automobile component, the automobile control system comprising:
a master control unit electrically coupled to the electronic automobile components, the master control unit having a computer processor programmed to perform control tasks of the local controllers so that in an event that one of the local controllers fails, the master control unit controls the electronic automobile component in place of the failed local controller. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
10. An automobile control system for an automobile having multiple electronic automobile components interconnected by a data communications network, each electronic automobile component having a local controller configured to perform one or more tasks, the automobile control system comprising:
-
a master control unit electrically coupled to the electronic automobile components via the data communications network, the master control unit having a computer processor programmed to manage data flow over the data communications network among the electronic automobile components; and the master control unit maintaining a routing table which the master control unit employs to route data detected by one electronic automobile component to one or more other electronic automobile components. - View Dependent Claims (11)
-
-
12. A fault-resilient automobile control system for an automobile having multiple electronic automobile components, each electronic automobile component having a local controller for controlling operation of the electronic automobile component, the automobile control system comprising:
-
a master control unit electrically coupled to the electronic automobile components, the master control unit having a computer processor programmed to manage data flow among the electronic automobile components and to perform the tasks of the local controllers in an event that one or more of the local controllers fails; and a secondary control unit electrically coupled to the master control unit, the secondary control unit having a computer processor programmed to manage the data flow among the electronic automobile components in an event that the master control unit fails. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A fault-resilient automobile control system for an automobile having multiple electronic automobile components interconnected by a data communications network, each electronic automobile component having a local controller configured to perform one or more tasks, the automobile control system comprising:
-
switching logic resident at ones of the electronic automobile components, the switching logic routing data to one of (1) the local controller of the electronic automobile component when the local controller is functioning properly or (2) the data communications network, circumventing the local controller, when the local controller is not functioning properly; and a master control unit coupled to the electronic automobile components via the data communication network, the master control unit having a computer processor programmed to perform the tasks of the local controllers; and in an event that a local controller of one of the electronic automobile components fails, the switching logic routes data to the master control unit via the data communication network bypassing the failed local controller and the master control unit performs the tasks of the failed local controller. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. A fault-resilient automobile control system for an automobile having multiple electronic automobile components interconnected by a data communications network, each electronic automobile component having a local controller configured to perform one or more tasks, the automobile control system comprising:
-
switching logic resident at ones of the electronic automobile components, the switching logic routing data to one of (1) the local controller of the electronic automobile component when the local controller is functioning properly or (2) the data communications network, circumventing the local controller, when the local controller is not functioning properly; a master control unit coupled to the electronic automobile components via the data communication network, the master control unit having a computer processor programmed to manage data flow among the electronic automobile components and to perform the tasks of the local controllers of the electronic automobile components; a secondary control unit electrically coupled to the master control unit, the secondary control unit having a computer processor programmed to manage the data flow among the electronic automobile components; in an event that a local controller of one of the electronic automobile components fails, the switching logic routes data to the master control unit via the data communication network and the master control unit performs the tasks of the failed local controller; and in an event that the master control unit fails, the secondary control unit manages the data flow among the electronic automobile components. - View Dependent Claims (28, 29, 30, 31, 32, 33)
-
- 34. For an electronic automobile component having a sensor which generates data and a controller which uses the data to control operation of the automobile component, a switching logic interfaced with the sensor and the controller to selectively route data to one of (1) the controller when the controller is functioning properly or (2) an external data bus, circumventing the controller, when the controller is not functioning properly.
-
37. A method for operating an automobile control system, comprising the following steps:
-
monitoring a plurality of local electronic controllers used to control associated automobile components; and in an event that one of the electronic controllers fails, remotely controlling the associated automobile component from a master control unit. - View Dependent Claims (38, 39, 40)
-
Specification