Search

EP-4738152-A1 - VEHICLE SYSTEM, METHOD OF SETTING A CONTROL SYSTEM IN A SECURE MODE, COMPUTER PROGRAM, COMPUTER-READABLE MEDIUM, CONTROL ARRANGEMENT, AND VEHICLE

EP4738152A1EP 4738152 A1EP4738152 A1EP 4738152A1EP-4738152-A1

Abstract

A vehicle system (10) is disclosed comprising a first memory section (m1) storing tamper-proof data, a second memory section (m2) storing updateable data, a control system (20) configured to perform various functions of a host vehicle (2) based on the updateable data stored in the second memory section (m2) when the control system (20) is operating in a default mode, an input unit (5) incorporated into the host vehicle (2), and a control arrangement (21). The control arrangement (21) is configured to set the control system (20) in a secure mode in response to a manual manipulation of the input unit (5), wherein the secure mode constitutes a mode in which the control system (20) is blocked from using the updateable data stored in the second memory section (m2). The present disclosure further relates to a method (100) of setting a control system (20) of a vehicle (2) in a secure mode, a computer program, a computer-readable medium (200), a control arrangement (21), and a vehicle (2).

Inventors

  • THEKKILAKATTIL, Abhilash

Assignees

  • Scania CV AB

Dates

Publication Date
20260506
Application Date
20241030

Claims (18)

  1. A vehicle system (10) comprising: - a first memory section (m1) storing tamper-proof data, - a second memory section (m2) storing updateable data, - a control system (20) configured to perform various functions of a host vehicle (2) based on the updateable data stored in the second memory section (m2) when the control system (20) is operating in a default mode, - an input unit (5) incorporated into the host vehicle (2), and - a control arrangement (21), wherein the control arrangement (21) is configured to set the control system (20) in a secure mode in response to a manual manipulation of the input unit (5), wherein the secure mode constitutes a mode in which the control system (20) is configured to perform various functions of the host vehicle (2) based on the tamper-proof data stored in the first memory section (m1) and is blocked from using the updateable data stored in the second memory section (m2).
  2. The vehicle system (10) according to claim 1, wherein the various functions performed based on the tamper-proof data includes basic vehicle functions, such as basic driving functions, which allows the host vehicle (2) to be operated.
  3. The vehicle system (10) according to claim 1 or 2, wherein the tamper-proof data allows the control system (20) to perform the various functions without the need for receiving data from a sender (c2) external to the host vehicle (2).
  4. The vehicle system (10) according to any one of the preceding claims, wherein the control system (20) is configured to perform various functions of the host vehicle (2) based on input from a first set (S1) of sensors (s1, s2, s3) of the host vehicle (2) when operating in the default mode and is configured to perform various functions of the host vehicle (2) based on input from a second set (S2) of sensors (s3) when operating in the secure mode, and wherein the second set (S2) of sensors (s3) comprises fewer sensors (s3) than the first set (S1) of sensors (s1, s2, s3).
  5. The vehicle system (10) according to claim 4, wherein the second set (S2) of sensors (s3) is a subset of the first set (S1) of sensors (s1, s2, s3).
  6. The vehicle system (10) according to any one of the preceding claims, wherein the control system (20) is configured to perform a first set of functions of the host vehicle (2) when operating in the default mode and is configured to perform a second set of functions of the host vehicle (2) when operating in the secure mode, wherein the second set of functions is a subset of the first set of functions.
  7. The vehicle system (10) according to any one of the preceding claims, wherein the first memory section (m1) is incorporated into the host vehicle (2).
  8. The vehicle system (10) according to any one of the preceding claims, wherein the input unit (5) comprises at least one of a switch, a button, a touch sensitive screen, a keypad, or a key receptacle.
  9. The vehicle system (10) according to any one of the preceding claims, wherein the vehicle system (10) is configured such that the control system (20) is blocked from being transitioned from the secure mode to the default mode by any other means than by manual manipulation of the input unit (5) or physical manipulation of the vehicle system (10).
  10. The vehicle system (10) according to any one of the preceding claims, wherein the control arrangement (21) is configured to transition the control system (20) from the default mode to the secure mode in response to a first type of manual manipulation of the input unit (5), and is configured to transition the control system (20) from the secure mode to the default mode in response to a second type of manual manipulation of the input unit (5), wherein the second type of manipulation is different from the first type of manipulation.
  11. The vehicle system (10) according to any one of the preceding claims, wherein the tamper-proof data stored in the first memory section (m1) is non-updateable.
  12. The vehicle system (10) according to any one of the preceding claims, wherein the first memory section (m1) is a read only memory.
  13. A method (100) of setting a control system (20) of a vehicle (2) in a secure mode, wherein the method (100) is performed by a control arrangement (21), and wherein the vehicle (2) comprises a vehicle system (10) and an input unit (5) incorporated into the vehicle (2), wherein the vehicle system (10) comprises a first memory section (m1) storing tamper-proof data and a second memory section (m2) storing updateable data, and wherein the control system (20) is configured to perform various functions of the vehicle (2) based on the updateable data stored in the second memory section (m2) when the control system (20) is operating in a default mode, and wherein the method (100) comprises the step of: - setting (110) the control system (20) in a secure mode in response to a manual manipulation of the input unit (5), wherein the secure mode constitutes a mode in which the control system (20) is configured to perform various functions of the vehicle (2) based on the tamper-proof data stored in the first memory section (m1) and is blocked from using the updateable data stored in the second memory section (m2).
  14. A computer program comprising instructions which, when the program is executed by a control arrangement (21) of a vehicle (2), cause the control arrangement (21) to carry out the method (100) according claim 13.
  15. A computer-readable medium (200) comprising instructions which, when executed by a control arrangement (21) of a vehicle (2), cause the control arrangement (21) to carry out the method (100) according claim 13.
  16. A control arrangement (21) configured to set a control system (20) of a vehicle (2) in a secure mode, wherein the vehicle (2) comprises a vehicle system (10) and an input unit (5) incorporated into the vehicle (2), wherein the vehicle system (10) comprises a first memory section (m1) storing tamper-proof data and a second memory section (m2) storing updateable data, and wherein the control system (20) is configured to perform various functions of the vehicle (2) based on the updateable data stored in the second memory section (m2) when the control system (20) is operating in a default mode, and wherein the control arrangement (21) is configured to: - set the control system (20) in a secure mode in response to a manual manipulation of the input unit (5), wherein the secure mode constitutes a mode in which the control system (20) is configured to perform various functions of the vehicle (2) based on the tamper-proof data stored in the first memory section (m1) and is blocked from using the updateable data stored in the second memory section (m2).
  17. A vehicle (2) comprising a vehicle system (10) according to any one of the claims 1-12 or a control arrangement (21) according to claim 16.
  18. The vehicle (2) according to claim 17, wherein the vehicle (2) is a heavy wheeled vehicle (2), such as a truck or a bus.

Description

TECHNICAL FIELD The present disclosure relates to a vehicle system comprising a control system configured to perform various functions of a host vehicle based on data stored in memory sections. The present disclosure further relates to a method of setting a control system of a vehicle in a secure mode, a computer program, a computer-readable medium, a control arrangement configured to set a control system of a vehicle in a secure mode, and a vehicle comprising a vehicle system. BACKGROUND Modern vehicles are increasingly reliant on complex software systems and are often connected to the internet and/or other external networks. Vehicles that heavily depend on such software systems are sometimes referred to as Software Defined Vehicles (SDVs). This shift from hardware-driven to software-driven functionality allows these vehicles to evolve continuously over time. Through remote software updates, vehicle performance can be enhanced, new features can be introduced, and issues can be resolved without the need for physical modifications. This capability to update software remotely adds significant value, as it enables manufacturers to refine vehicle operations post-production and respond to market demands more efficiently, ensuring that vehicles remain technologically up to date throughout their lifecycle. The control systems within these vehicles are typically configured to perform various functions based on updateable data stored in designated memory sections. These functions can include both basic and advanced operations that are important to the vehicle's performance, safety, and user experience. Examples of such functions include engine management, electronic braking systems that ensure precise and responsive braking control, and steering systems that assist or fully automate vehicle manoeuvring. In addition, advanced driver assistance systems (ADAS) play a vital role in enhancing road safety by providing automated features like lane-keeping assistance, adaptive cruise control, and emergency braking. These systems are essential not only for the safe and efficient operation of the vehicle but also for improving the overall driving experience. As indicated above, the reliance on updateable data and connectivity to external networks offers numerous advantages, such as increased flexibility, faster deployment of new features, and the ability to fix issues remotely. However, these advantages also expose vehicles to potential vulnerabilities, as the same connectivity that enables remote updates can be exploited by malicious actors. If the updateable data used by these control systems is compromised or altered, whether by unauthorized access, software corruption, or other malicious activities, the vehicle may behave unpredictably. The consequences of such behaviour can lead to significant safety and performance risks. As vehicles become more integrated with external networks and utilize a broad range of software technologies, they become susceptible to unauthorized access and cyber-attacks, which can affect not just individual vehicles but entire fleets of vehicles. In a fleet setting, this vulnerability can be particularly concerning, as attacks could simultaneously disrupt large numbers of vehicles, leading to significant operational downtime, widespread societal impact and financial loss. SUMMARY It is an object of the present invention to overcome, or at least alleviate, at least some of the above-mentioned problems and drawbacks. The object is achieved by the subject-matter of the appended independent claim(s). According to a first aspect of the present disclosure, the object is achieved by a vehicle system comprising a first memory section storing tamper-proof data, a second memory section storing updateable data, and a control system configured to perform various functions of a host vehicle based on the updateable data stored in the second memory section when the control system is operating in a default mode. The vehicle system further comprises an input unit incorporated into the host vehicle, and a control arrangement. The control arrangement is configured to set the control system in a secure mode in response to a manual manipulation of the input unit, wherein the secure mode constitutes a mode in which the control system is configured to perform various functions of the host vehicle based on the tamper-proof data stored in the first memory section and is blocked from using the updateable data stored in the second memory section. In this manner, the vehicle system can provide a safe and secure fallback for performing various functions even if the updateable data is compromised or altered, or is suspected to be compromised or altered, whether by unauthorized access, software corruption, or other malicious activities. That is, by performing various functions of the host vehicle based on the tamper-proof data stored in the first memory section upon operating in the secure mode, and blocking the use of the upd