SIGYN II 2009-2012

SIGYN II 2009-2012Partners and sub projectsPartners:• Volvo Cars• Alkit communication• SP• EIS by Semcon• Chalmers• Viktoriainstitutet

Sub projects:

1. Academy & Administration

2. Security cOncept and IT Architecture (SOTA)

3. Safety Analysis and concept for Diagnostics and software Download (SADD)

4. TrAfic Control and Test car mAnagement (TACTA)

5. Connected car Impact on Repair shops and After sales (CIRA)

SIGYN II

Safety and Security concept cover all parts.

Synchronousremote session

WirelessDiagnostics & SWDL

Remote asynchronousDiagnostics & SWDL

Remote SWDL task & result

Remote Diagnostic task & result

Remote data measurement task & result

Vehicle state of health

Studies concepts for remote diagnostics and SWDL with focus on Safety & Security

Remote onlineDiagnostics

Date created: [YYYY-MM-DD]Issuer: [Name] [CDS ID], [Organisation], [Name of Doc], Security Class: Proprietary 3Date created: [YYYY-MM-DD]Issuer: [Name] [CDS ID], [Organisation], [Name of Doc], Security Class: Proprietary 3

Vehicle diagnostics and software download has been performed during decades in workshops with no or little concern of System Safety, so why start considering System Safety in this project?

Because of the addition of the term ”Remote” • Previously the diagnostic client was always physically attached to the

vehicle via the OBD-connector (and became de-attached before the vehicle left the workshop)

• Soon the diagnostic client will be built into the vehicle (thus never de-attached)

In addition, there will be occasions when the workshop mechanic have no visual overview of the vehicle when performing remote diagnostics

SIGYN II Safety Analysis

Scope of analysisIssues covered by the Safety analysis

What can be done with remote diagnostics?

Diagnostic Readout Services• Are only able to readout information (signals, DTCs etc.) from the vehicle

• Does not affect ECUs operation

Diagnostic Control Services• May write data affecting ANY vehicle function, overruling the vehicle user intention

• Has the ability to set the vehicle in programming mode (SWDL)

I.e. unexpected diagnostic control could in worst case manipulate brakes, turn-off headlights etc. while the vehicle moves! Functional safety has to be considered!

Date created: [YYYY-MM-DD]Issuer: [Name] [CDS ID], [Organisation], [Name of Doc], Security Class: Proprietary 4

1) Remote Diagnostics & SWDL

2) Local

2) Remote

3) Synchronous3) Asynchronous

4) Vehicle user and the diagnostic operator are part of the system under consideration.

Conducting risk analysisIn SIGYN II different conventional methods, such as FMECA/HAZOP/FTA, have been applied…


The conclusions are that there are risks both caused by potential system malfunction and in normal operation, but the analysis becomes too extensive. A systematic approach was applied where the analysis was subdivided into:

1. Safety Analysis in normal operation, SIGYN II analysis method developed

2. Hazard and risk Assessment ISO 26262

Client activates EPB, caused by failure

Client move seats when children is inside vehicle, no failure

Client activates seat heat, caused by failure

Client sets vehicle it prog, no failure

Client switch off all lamps, caused by failureVehicle parked

Vehicle moves

Night

Freeway

Trafic jam

Snow

Indicator manipulation, no failure

Slope

Speed > 90 km/h

etc.etc.

etc.

etc.

Analysis Result: Functional Safety Concept (FSC) Remote diagnostic services shall be classified as either safe or risk related • NO restrictions applies for safe diagnostic services (readout or control)

• Risk related services can only be executed after the following conditions are fulfilled:


The above applies only for vehicles that are not located in a designated area (e.g. workshop or factory) The vehicle user shall always be able to abort any ongoing remote diagnostics

• Confirms consent and controls when diagnostics start

b) Defined vehicle conditions are fulfilled:

• ‘Vehicle not moving’ is always a mandatory condition

• SWDL requires additional conditions than other diagnostics

a) An initiation sequence is performed which secures that a vehicle user:

• Is informed about the effects of the script/services

• Is present at the car (by action)

Technical Safety Concept (TSC)

There are several different ways for implementing the FSC into a real vehicle. The decision of which implementation to use must be based on deep knowledge of the in-vehicle electric architecture and a cost/benefit estimation which has not been within the scope of SIGYN II.

Different proposals of technical safety concepts regarding a general requirement allocation were made, which all had more or less pros and cons.

The overall result of the safety analysis is a concept containing both methodologies and proposals.

.


ARTKO

SIGYN II Research 2009-2012• AE Remote diagnostics

• Remote online diagnostic read out

• Vehicle state of Health

• Remote SWDL• Remote parameter settings and data measurement• Remote online diagnostic control

• Remote SWDL & parameter setting campaign

SIGYN functions:• Vehicle data collection• Synchronous workshop diagnostics• Vehicle data measurement & callibration• Remote SWDL

Road map Remote diagnostics & SWDL

Coming FFI application Remote vehicle data collection and visalization.


Remote data collection & visualization

Remote data collection and visualization

Frequency

Time on Task

2009 2010 2011 2012 2013

AE projects for base technologies 2009-2011: • WLAN (b/g/n) inc. Ethernet • SWDL Next generation

AE projects for base technologies 2011-2013: • Make concepts remote (AE 2011-2013)• Vehicle information security (AE 2011-2013)

Security concept

Safety concept

RemoteServices

Documents

SIGYN II 2009-2012