Search Results

Vehicle Security means protecting potential threats, unintended malfunction and illegal tuning. In addition, it has become a more important issue on an automotive system as it is directly connected to the driver and pedestrian's life. Automotive industry significantly needs to enhance security policies to prevent attacks from hackers. Nevertheless, in some systems, performance still has to be considered at first when security functions are implemented. Especially, in case of Engine Management System (EMS), fast engine synchronization for starting should be considered as the first priority. This paper is intended to show an approach to design efficient secure boot implementation for EMS. At the beginning of this paper, the concept of secure boot is explained and several use cases are introduced according to execution modes, such as the foreground and background secure boot modes. As a next step, engine starting process by EMS is explained.

Cyber security is becoming increasingly critical in the car industry. Not only the entry points to the external world in the car need to be protected against potential attack, but also the on-board communication in the car require to be protected against attackers who may try to send unauthorized CAN messages. However, the current CAN network was not designed with security in mind. As a result, the extra measures have to be taken to address the key security properties of the secure CAN communication, including data integrity, authenticity, confidentiality and freshness. While integrity and authenticity can be achieved by using a relatively straightforward algorithms such as CMAC (Cipher-based Message Authentication Code) and Confidentiality can be handled by a symmetric encryption algorithm like AES128 (128-bit Advanced Encryption Standard), it has been recognized to be more challenging to achieve the freshness of CAN message.

Currently major investments by Tier1 and vehicle manufacturers are made to implement and optimize safety critical automotive systems according to the ISO standard 26262 “Road vehicles functional safety”. The ISO 26262 standard describes methods to detect the safety critical faults of a system designed according to the rules of functional safety, but it does not describe how an actual implementation shall look like. Development of ISO 26262 standard compliant systems concentrates on optimizing and improving cost and performance in a competitive environment. More competitive and practical implementations use fewer additional hardware and software resources for safety control and error detection and have higher performance with less overhead. Microcontrollers already have implemented many safety related hardware functions, so called safety mechanisms to mitigate safety critical risks.

In this paper, we propose a hardware and a software design method considering functional safety for an electro-mechanical brake (EMB) control system which is used as a brake actuator in a brake-by-wire (BBW) system. A BBW system is usually composed of electro-mechanical calipers, a pedal simulator, and a control system. This simple by-wire structure eliminates the majority of bulky hydraulic brake devices such as boosters and master cylinders. The other benefit of a BBW system is its direct and independent response; this leads to enhanced controllability, thus resulting in not only improved basic braking performance but also considerably easier cooperative regenerative braking in hybrid, fuel-cell, and electric cars. The importance of a functional safety based approach to EMB electronic control unit (ECU) design has been emphasized because of its safety critical functions, which are executed with the aid of many electric actuators, sensors, and application software.

The migration of many vehicle security features from mechanical solutions (lock and key) to electronic-based systems (transponder and RF transceiver) has led to the need for purely electrically operated locking mechanisms. One such example is a steering column lock, which locks and unlocks the steering wheel movement via a reversible electric motor. The safety case for this system (in respect to ISO26262) is highly complex, as there is no single safe state of the steering column lock hardware because there is a wider system-level interlock required. The employed control platform uses ASIL D capable multicore microcontroller hardware, together with the first implementation of AutoSAR® version 4.0 operating system to demonstrate a real-world usage of the newly specified encapsulation and monitoring mechanisms using the multicore extensions of AutoSAR and those of PharOS.

With the introduction of the ISO26262 automotive safety standard there is a burden of proof to show that the processing elements in embedded microcontroller hardware are capable of supporting a certain diagnostic coverage level, depending on the required Automotive Safety Integrity Level (ASIL). The current mechanisms used to provide actual metrics of the Built-in Self Tests (BIST) and Lock Step comparators use Register Transfer Level (RTL) simulations of the internal processing elements which force faults into individual nodes of the design and collect diagnostic coverage results. Although this mechanism is robust, it can only be performed by semiconductor suppliers and is costly. This paper describes a new solution whereby the microcontroller is synthesized into a large Field Programmable Gate Array (FPGA) with a test controller on the outside.

The aim of this paper is to compile the state of the art of engine control and develop scenarios for improvements in a number of applications of engine control where the pace of technology change is at its most marked. The first application is control of downsized engines with enhancement of combustion using direct injection, variable valve actuation and turbo charging. The second application is electrification of the powertrain with its impact on engine control. Various architectures are explored such as micro, mild, full hybrid and range extenders. The third application is exhaust gas after-treatment, with a focus on the trade-off between engine and after-treatment control. The fourth application is implementation of powertrain control systems, hardware, software, methods, and tools. The paper summarizes several examples where the performance depends on the availability of control systems for automotive applications.

As the automotive industry quickly moves towards hybridized and electrified vehicles, the optimal integration of power electronics in these vehicles will have a significant impact not only on the cost, performance, reliability, and durability; but ultimately on customer acceptance and market success of these technologies. If properly executed with the right cost, performance, reliability and durability, then both the industry and the consumer will benefit. It is because of these interdependencies that the pace and scale of success, will hinge on effective collaboration. This collaboration will be built around the convergence of automotive and industrial technology. Where real time embedded controls mixes with high power and voltage levels. The industry has already seen several successful collaborations adapting power electronics to the automotive space in target vehicles.

It is the beginning of a new age: multicore technology from the PC desktop market is now also hitting the automotive domain after several years of maturation. New microcontrollers with two or more main processing cores have been announced to provide the next step change in available computing power while keeping costs and power consumption at a reasonable level. These new multicore devices should not be confused with the specialized safety microcontrollers using two redundant cores to detect possible hardware failures which are already available. Nor should they be confused with the heterogeneous multicore solutions employing an additional support core to offload a single main processing core from real-time tasks (e.g. handling peripherals).

Prototyping of a complete powertrain controller is not generally permissible due to the large number of subsystems involved and the resources required in making the design a reality. The availability of a complete control system reference design at an early stage in the lifecycle can greatly enhance the quality of the system definition and allows early ideas to be prototyped in the application environment. This paper describes the implementation of such a reference design for a gasoline engine and gearbox management control system, integrated into robust housing which can be used for development in a prototype vehicle. The paper also outlines the powertrain subsystems involved, discusses how the system partitioning is achieved, shows the implementation of the partitioning into the physical hardware, and concludes with presenting the system benefits which can be realized.

Braking systems require a high system safety level: New safety concepts need to be implemented by reducing the system complexity. Microcontrollers with special safety functions are available with implemented features, self detecting and compensating different types of faults. Today usually two microcontrollers are used to check each other. Power devices provide microcontroller supplies and drive motors and valves; internally the functions are supervised to avoid incorrect system behaviour due to wrong voltages, currents, missing loads or other malfunctions. Bus interfaces, signal conditioning and interfaces for high voltage signals are integrated into the power system ICs. Latest BIPOLAR-CMOS-DMOS power technologies enable the power semiconductors to integrate logic functions.

Infineon proposes a Quasi-Autonomous Gate Driver (QAGD) to manage an electrically actuated component, whether electromechanical, electromagnetic, or electrohydraulic. This paper examines some current control strategies that can be implemented within the QAGD, such as: Synchronous Sampling (SYSA), Hysteresis, Improved Synchronous Sampling-Hysteresis (ISSH), Suboscillation, Suboscillation with Back EMF Feedforward (SBEF) and Synchronous Control in Rotation Coordinates (SCRC). Analysis and simulation of these strategies indicate their advantages and disadvantages, which are then summarized in a comparison chart, from which the best solution for a given application can be determined. The QAGD IC proposed by Infineon adopts this solution by integrating the current controller and the driver unit for the MOSFETs in a single package. The inverter function can therefore be implemented using one QAGD and several MOSFETs, which greatly simplify the system and decrease the costs.

Today's body and convenience applications in general directly control actuators and sensors from a single central electronic control unit (ECU). Future systems will be made of subsystem-clusters communicating via a local Class/A communication bus. This enables modular system design to reduce system complexity. For these types of new distributed applications the LIN bus is currently the most promising communication protocol. To allow a seamless migration from existing centralized to these next generation clustered system developers require software and hardware products for a homogenous and transparent LIN bus communication.

The objective of this SAE paper is to discuss a power stage partitioning which will provide a cost effective and flexible Infineon Technologies solution to control future E-Valve applications. To fulfil environmental demands, E-Valve applications will enable car manufacturers to: Dynamically reduce the number of working cylinders according to the drivers' torque requirements Have an efficient and variable control over the engine load in various conditions Dispense with throttles and exhaust recirculation valves The paper will describe: 1 The integration of the 4 MosFET and the future technology development required for the next system optimization. 2 Gate driver integration (3 different scenarios): Analog Interfacing between the μcontroller and the MosFETs with an integrated protection functionality (Scenario A).

Today's requirements for engine management controllers are increasing in various aspects. Stronger emission standards and diagnosis requirements demand more complex control algorithms, faster system response times, better usage of sensor information throughout the system and higher accuracy of actuator stimuli. Despite that, new solutions are needed to answer the requirement for higher cost effectiveness, flexibility and reusability. The trade-off between cost and functionality is constantly being reviewed when choosing the right microcontroller to operate with an ECU. Integration of more complex and flexible functionality into the microcontroller helps to reduce the need for custom ASICs and thus reduce the overall system cost. In order to reduce the demands on CPU throughput within the microcontroller, manufacturers have introduced smart peripherals that off-load some of the work of the CPU into the peripherals.

Recent trends in field bus applications, especially in the automotive section, show a very high demand for data exchange between decentralised, intelligent functional units and modules. These functional units can be grouped together to power train applications or body/convenience applications. In many cases, the coupling of local modules is done with one or more independent bus systems. The actual design and the partitioning of the modules strongly depend on application-specific requirements, such as the total amount of data to be transferred or the maximum of the tolerated latency in data delivery. A very powerful and fast field bus is the CAN bus (Controller Area Network), which supports transfers with data rates up to 1 Mbits/s. Due to the higher transmission speed and the standardized functionality, CAN is a very interesting alternative to and improvement on bus systems based on other protocols.

The demands of the automotive market are decreasing the time-to-market required from the initial concept of new control systems to their implementation. The goal of automotive companies is to constantly reduce the development time to reap the full economic and strategic benefits of being quicker to market. The target is to reach a development time of less than 12 months for some applications. At the same time, the complexity of these new systems is growing almost exponentially. While new techniques like model-based control design with executable specifications, rapid control prototyping and hardware-in-the-loop simulation have helped significantly streamline the development process, the new strategies are still being transferred to the production target by hand. During an early project phase, automotive customers also need to explore different silicon architectures provided by semiconductor manufacturers to select the vendors who can offer the best solution at the lowest price.

The increasing legal requirements for safety, emission reduction, fuel economy and onboard diagnostic systems are forcing the market to increase complexity. This complexity must not be a reason for slowing down the introduction of new systems. For efficiency, car manufacturers and system suppliers want to focus on their core competencies and leave the micro-controller complexity to silicon vendors. Competition forces system suppliers to jump to the most “function/cost” effective solution. For this reason it is very dangerous to move in the direction of specific solutions which require a large amount of effort to modify. Therefore the market goes in the direction of standards with clear interfaces. The approach presented overcomes these obstacles by introducing a Configurable I/O System (CIOS) layer. The CIOS encompasses basic software driver objects for engine management systems encapsulating the standard sensors and actuators.

This paper describes the first single-core 32-bit microcontroller-DSP architecture, TriCore, optimized for real-time embedded systems, an OSEK/VDX Real-Time Operating System (RTOS) and an open, integrated development tools platform to allow a development downflow for high-level Computer Aided Software Engineering (CASE) design entry and simulation/validation, rapid prototyping down to the target hardware for calibration and debugging and the up-flow by feeding the data collected from the target Electronic Control Unit (ECU) for system analysis and debugging all the way back to the entry CASE level. Also described are the different features of the new 32-Bit microcontroller-DSP, which speeds up the execution of embedded control applications and simultaneously reduce memory demand.