Search

EP-4737198-A1 - CHARGE CONTROL METHOD, CHARGE CONTROL DEVICE, AND PROGRAM

EP4737198A1EP 4737198 A1EP4737198 A1EP 4737198A1EP-4737198-A1

Abstract

A charge control method according to the present disclosure is used in a charge control device communicably connected to each of an electric vehicle and a charging facility, determines, based on software information including at least firmware information of an electronic control device mounted on the electric vehicle, presence or absence of a security risk to a plurality of driving control functions of the electric vehicle arising from firmware, and whether a second driving control function enables traveling and the security risk of the electric vehicle is avoidable after at least one driving control function having the security risk is disabled, and when the second driving control function enables traveling and the security risk is avoided after the at least one driving control function is disabled, permits power supply of a power supply apparatus of the charging facility to the electric vehicle after disabling the at least one driving control function.

Inventors

  • TASAKI, Hajime
  • YAMAGUCHI, TAKAHIRO
  • HAGA, TOMOYUKI

Assignees

  • Panasonic Intellectual Property Management Co., Ltd.

Dates

Publication Date
20260506
Application Date
20240222

Claims (7)

  1. A charge control method used in a charge control device communicably connected to each of an electric vehicle and a power supply apparatus configured to charge the electric vehicle, the charge control method comprising: performing, based on software information including at least firmware information of an electronic control device mounted on the electric vehicle, a first determination to determine presence or absence of a security risk to a plurality of driving control functions of the electric vehicle arising from firmware of the electronic control device, and a second determination to determine, when a determination result of the first determination indicates presence of the security risk, whether after at least one driving control function having the security risk from among the plurality of the driving control functions is disabled, a second driving control function from among the plurality of the driving control functions enables traveling and the security risk of the electric vehicle is avoidable; and permitting power supply of the power supply apparatus to the electric vehicle after disabling the at least one driving control function when the second driving control function enables traveling and the security risk is avoidable after the at least one driving control function is disabled.
  2. The charge control method according to claim 1, comprising: when the second driving control function enables traveling and the security risk is avoidable after the at least one driving control function is disabled, outputting notification information indicating whether to disable the at least one driving control function to a driver; and when acquiring notification information indicating agreement to disable the at least one driving control function from the driver, outputting instruction information for disabling the at least one driving control function to the electric vehicle.
  3. The charge control method according to claim 1 or 2, comprising: when a determination result of the first determination indicates presence of the security risk and when the second determination indicates that the security risk is avoidable, setting power supply time at which power supply is started with a predetermined waiting time; performing the first determination again by the power supply time; when the determination result of the first determination becomes absence of the security risk by the power supply time, permitting power supply to the electric vehicle without disabling the at least one driving control function; and when the determination result of the first determination does not become the absence of the security risk by the power supply time, disabling the at least one driving control function and permitting power supply of the power supply apparatus to the electric vehicle.
  4. The charge control method according to claim 1, comprising: when the second driving control function enables traveling and the security risk is avoidable after the at least one driving control function is disabled, outputting instruction information for disabling the at least one driving control function; and when acquiring a notification indicating that the at least one driving control function has been disabled from the electric vehicle, permitting power supply of the power supply apparatus to the electric vehicle.
  5. The charge control method according to claim 1, comprising: in the first determination, further determining, based on the software information, presence or absence of a security risk of the electric vehicle to a charging function arising from firmware of the electronic control device; when a determination result of the first determination indicates presence of the security risk to the charging function and when the security risk is avoidable by degrading a function of the power supply apparatus, determining a degradation mode to degrade the function of the power supply apparatus according to a type of the security risk; and controlling power supply of the power supply apparatus to the electric vehicle in the determined degradation mode.
  6. A charge control device communicably connected to each of an electric vehicle and a power supply apparatus configured to charge the electric vehicle, the charge control device comprising: a determination unit configured to perform, based on software information including at least firmware information of an electronic control device mounted on the electric vehicle, a first determination to determine presence or absence of a security risk to a plurality of driving control functions of the electric vehicle arising from firmware of the electronic control device, and a second determination to determine, when a determination result of the first determination indicates presence of the security risk, whether after at least one driving control function having the security risk from among the plurality of the driving control functions is disabled, a second driving control function from among the plurality of the driving control functions enables traveling and the security risk of the electric vehicle is avoidable; and a control unit configured to permit power supply of the power supply apparatus to the electric vehicle after disabling the at least one driving control function when the second driving control function enables traveling and the security risk is avoidable after the at least one driving control function is disabled.
  7. A program for causing a computer communicably connected to each of an electric vehicle and a power supply apparatus configured to charge the electric vehicle to execute: performing, based on software information including at least firmware information of an electronic control device mounted on the electric vehicle, a first determination to determine presence or absence of a security risk to a plurality of driving control functions of the electric vehicle arising from firmware of the electronic control device, and a second determination to determine, when a determination result of the first determination indicates presence of the security risk, whether after at least one driving control function having the security risk from among the plurality of the driving control functions is disabled, a second driving control function from among the plurality of the driving control functions enables traveling and the security risk of the electric vehicle is avoidable; and permitting power supply of the power supply apparatus to the electric vehicle after disabling the at least one driving control function when the second driving control function enables traveling and the security risk is avoidable after the at least one driving control function is disabled.

Description

TECHNICAL FIELD The present disclosure relates to a charge control method, a charge control device, and a program. BACKGROUND ART A technology is known that protects a plurality of in-vehicle computers such as electronic control units (ECUs) for controlling a vehicle, from a security risk affecting vehicle control such as unauthorized communication. CITATION LIST Patent Literature Patent Literature 1: JP 2020-065243 APatent Literature 2: JP 2020-125036 A SUMMARY OF INVENTION PROBLEM TO BE SOLVED BY THE INVENTION Under such circumstances, an in-vehicle computer to which the latest update patch is not applied has a risk that the safeties of a vehicle and a driver are threatened, for example, a security risk against which measures are not taken is exploited for unauthorized operation of a function of the vehicle. One of the problems to be solved by the present disclosure is to protect an electric vehicle connected to a charging facility upon power supply, from a security risk arising from the electric vehicle. MEANS FOR SOLVING PROBLEM A charge control method according to an aspect of the present disclosure is used in a charge control device communicably connected to each of an electric vehicle and a power supply apparatus configured to charge the electric vehicle, and includes: performing, based on software information including at least firmware information of an electronic control device mounted on the electric vehicle, a first determination to determine presence or absence of a security risk to a plurality of driving control functions of the electric vehicle arising from firmware of the electronic control device, and a second determination to determine, when a determination result of the first determination indicates presence of the security risk, whether after at least one driving control function having the security risk from among the plurality of the driving control functions is disabled, a second driving control function from among the plurality of the driving control functions enables traveling and the security risk of the electric vehicle is avoidable; and permitting power supply of the power supply apparatus to the electric vehicle after disabling the at least one driving control function when the second driving control function enables traveling and the security risk is avoidable after the at least one driving control function is disabled. EFFECT OF THE INVENTION According to the present disclosure, it is possible to protect the electric vehicle connected to the charging facility upon power supply, from the security risk arising from the electric vehicle. BRIEF DESCRIPTION OF DRAWINGS FIG. 1 is a diagram illustrating an exemplary configuration of a charging system according to a first embodiment;FIG. 2 is a diagram illustrating an exemplary configuration of a charging facility according to the first embodiment;FIG. 3 is a diagram illustrating an exemplary configuration of a charging station management terminal according to the first embodiment;FIG. 4 is a diagram illustrating an exemplary configuration of a charging station management server according to the first embodiment;FIG. 5 is a diagram illustrating an exemplary configuration of a charge control unit according to the first embodiment;FIG. 6 is a diagram illustrating an exemplary configuration of an electric vehicle according to the first embodiment;FIG. 7 is a diagram illustrating an exemplary configuration of a vehicle management server according to the first embodiment;FIG. 8 is a diagram illustrating an example of vehicle software configuration information according to the first embodiment;FIG. 9 is a diagram illustrating an example of vehicle management information according to the first embodiment;FIG. 10A is a flowchart illustrating an example of a power supply process triggered by vehicle detection, performed in the charge control unit according to the first embodiment;FIG. 10B is a flowchart illustrating an example of the power supply process triggered by vehicle detection, performed in the charge control unit according to the first embodiment;FIG. 11 is a flowchart illustrating an example of a verification process for reconnecting a power supply apparatus to a facility communication network, performed in the charge control unit according to the first embodiment;FIG. 12 is a sequence diagram illustrating an example of a power supply process triggered by vehicle detection, performed in the charging system according to the first embodiment;FIG. 13 is a sequence diagram illustrating an example of a verification process for reconnecting the power supply apparatus to the facility communication network, performed in the charging system according to the first embodiment;FIG. 14 is a diagram illustrating an exemplary configuration of a charging system according to a second embodiment;FIG. 15 is a flowchart illustrating an example of a power supply process triggered by a charge reservation, performed in a charge control unit and a reservati