JP5682959B2 - Information processing apparatus, information processing method, and program - Google Patents

Description

  The present invention relates to an information processing device, an information processing method, and a program, and in particular, an information processing device, an information processing method, and a program that allow a vehicle control program to be updated safely with a simple operation. About.

  Many control devices are mounted on vehicles such as private cars, trucks, buses, and motorcycles. Generally, the control device executes control based on a control program that defines control contents. Accordingly, when the control program needs to be changed due to a change in specifications or correction of a defect, an operation for updating the control program stored in the control device is required.

  Patent Document 1 proposes a method of rewriting a control program of a control device of a vending machine. In this method, a remote controller as a maintenance terminal and a memory card are connected to the vending machine, and the update program stored in the memory card is transferred to the control device in the vending machine in accordance with the operation of the maintenance terminal. Is done.

  In the case of changing the program of the vehicle control device, it is necessary to consider the safety of the vehicle due to the change of the control program. However, since the method of Patent Document 1 is not for the vehicle control device, It cannot be adopted as it is because no consideration is given to sex.

  As for the update of the vehicle control program, for example, there is a method proposed in Patent Document 2. However, since this method is a method for updating a program other than the control program related to the traveling of the vehicle, the program can be updated even when the vehicle is stopped in a state where the vehicle can travel. In the case of a control program related to the running of the vehicle, it is not disclosed how to update the program or the like while ensuring safety.

JP 2001-34822 A JP 2006-8126 A

  The present invention has been made in view of such a situation, and makes it possible to update a vehicle control program safely with a simple operation.

An information processing apparatus according to an aspect of the present invention is an information processing apparatus mounted on a vehicle, and receives an authentication match result of a portable device and an unlocking operation of the door of the vehicle, and unlocks the door of the vehicle. Was the unlock control means to be connected to a rewrite information storage device storing an update control program for rewriting the control program in the information processing device within a predetermined time from the unlocking operation of the vehicle door? Information storage device connection detection means for detecting whether or not the connection with the rewrite information storage device is detected within a predetermined time from the unlocking operation of the door of the vehicle , and further rewrite start operation information from the portable device when receiving, and a rewriting means for a control program stored in the information processing apparatus is rewritten to the updating control program.

In the information processing apparatus according to one aspect of the present invention, the authentication coincidence result of the portable device and the unlocking operation of the vehicle door are received, the unlocking operation of the vehicle door is performed, and a predetermined time from the unlocking operation of the vehicle door is performed. It is detected whether or not a rewrite information storage device storing an update control program for rewriting the control program in the information processing device is connected, and the rewrite is performed within a predetermined time from the unlocking operation of the vehicle door. After the connection with the information storage device is detected, when the rewrite start operation information is further received from the portable device, the control program stored in the information processing device is rewritten to the update control program.

  Only a person with a certified portable device can unlock the door of the vehicle. In order to update the control program, a person with an authenticated portable device is connected to a rewrite information storage device in which the update control program is stored within a predetermined time from the unlocking operation of the vehicle door. That's fine. Therefore, it is possible to update the control program in the information processing apparatus mounted on the vehicle with a simple operation and safely.

  The unlock control means is configured by, for example, a security control unit of a security management device that performs wireless communication with a portable device, and the information storage device connection detection unit is configured by, for example, a rewrite control unit of a rewrite control device that controls rewriting. The rewriting means is constituted by, for example, a nonvolatile memory rewriting unit of the control device to be rewritten, and each means is connected by, for example, a common communication line.

  The rewriting means may be further rewritten when rewrite start operation information is received from the portable device. Thereby, since only a person having an authenticated portable device can instruct rewriting, unauthorized rewriting by a person who is not permitted to use the vehicle can be prevented.

  The rewriting means may be configured not to rewrite when it is detected that ACC is off or IGN is on. This can prevent rewriting in a state that may affect the operation of the vehicle.

An information processing method according to an aspect of the present invention is an information processing method by an information processing device mounted on a vehicle, and receives an authentication match result of a portable device and an unlocking operation of the vehicle door, and the vehicle door Whether or not a rewrite information storage device storing an update control program for rewriting the control program in the information processing device is connected within a predetermined time from the unlocking operation of the vehicle door. And detecting the connection with the rewrite information storage device within a predetermined time after the unlocking operation of the vehicle door , and further receiving the rewrite start operation information from the portable device , the information processing Rewriting a control program stored in the apparatus to the update control program.

In the information processing method according to one aspect of the present invention, the authentication coincidence result of the portable device and the unlocking operation of the vehicle door are received, the unlocking operation of the vehicle door is performed, and a predetermined time from the unlocking operation of the vehicle door is performed. It is detected whether or not a rewrite information storage device storing an update control program for rewriting the control program in the information processing device is connected, and the rewrite is performed within a predetermined time from the unlocking operation of the vehicle door. After the connection with the information storage device is detected, when the rewrite start operation information is further received from the portable device, the control program stored in the information processing device is rewritten to the update control program.

  Thereby, it is possible to update the control program in the information processing apparatus mounted on the vehicle with a simple operation and safely.

According to one aspect of the present invention, a program as an information processing apparatus mounted on a vehicle is stored in a control program in the information processing apparatus within a predetermined time from the unlocking operation of the door of the vehicle after portable device authentication. It is detected whether or not a rewrite information storage device storing an update control program for rewriting is connected, and a connection with the rewrite information storage device is detected within a predetermined time from the unlocking operation of the vehicle door. After that, when rewriting start operation information is received from the portable device, a process including a step of rewriting the control program stored in the information processing apparatus with the control program for update is executed. It is.

In the program according to one aspect of the present invention, the control program in the information processing apparatus is rewritten in a computer as an information processing apparatus mounted on the vehicle within a predetermined time from the unlocking operation of the vehicle door after the portable device authentication. After detecting whether or not the rewrite information storage device storing the control program for update is connected, and detecting the connection with the rewrite information storage device within a predetermined time from the unlocking operation of the vehicle door , Furthermore, when the rewrite start operation information is received from the portable device, the control program stored in the information processing apparatus is rewritten to the update control program.

  Thereby, it is possible to update the control program in the information processing apparatus mounted on the vehicle with a simple operation and safely.

  According to one aspect of the present invention, a vehicle control program can be updated safely with a simple operation.

It is a block diagram which shows the structural example of one Embodiment of the information processing system to which this invention is applied. It is a block diagram which shows the detailed structural example of a security management apparatus. It is a block diagram which shows the detailed structural example of a rewriting control apparatus. It is a block diagram which shows the detailed structural example of a control apparatus. It is a block diagram which shows the detailed structural example of a rewriting information storage device. It is a figure explaining the information memorized by the non-volatile memory of the rewriting information storage device. It is a block diagram which shows the detailed structural example of a portable device. It is a figure which shows the external appearance structural example of a portable device. It is a figure explaining the whole processing flow of the rewriting process by an information processing system. It is a flowchart explaining the process of a rewriting control apparatus. It is a flowchart explaining the detail of a rewritable state confirmation process. It is a flowchart explaining the detail of a rewriting information type confirmation process. It is a flowchart explaining the process of a portable device. It is a flowchart explaining the process of a security management apparatus. It is a flowchart explaining the detail of a door related control process. It is a flowchart explaining the detail of a vehicle start control process. It is a flowchart explaining the detail of a rewriting operation corresponding | compatible process. It is a flowchart explaining the process of the rewriting object control apparatus. It is a flowchart explaining the detail of a rewritable state transfer process. It is a flowchart explaining the detail of a non-volatile memory rewriting process. It is a flowchart explaining the process of a rewriting information storage device. It is a figure which shows the other example of the rewriting data memorize | stored in the non-volatile memory 62 of a rewriting information storage device. It is a flowchart of the reception process of the control program for rewriting control apparatuses. It is a figure which shows the example of data of rewrite start operation definition information. It is a flowchart explaining rewriting start operation definition information reception processing. It is a block diagram which shows the other structural example of a rewriting information storage device. It is a block diagram which shows the other structural example of a rewriting information storage device.

[Configuration example of information processing system]
FIG. 1 is a block diagram showing a configuration example of an embodiment of an information processing system to which the present invention is applied.

  The information processing system 1 in FIG. 1 is a system that performs a rewriting process for rewriting a program of a predetermined control device mounted on a vehicle 11 such as various automobiles (for example, private cars, trucks, buses, etc.) and two-wheeled vehicles.

  The information processing system 1 in FIG. 1 remotely controls a vehicle 11 including at least a security management device 21, a rewrite control device 22, and control devices 23-1 to 23-N (N ≧ 2), a door lock of the vehicle 11, and the like. A portable portable device 12 that can be used, and a rewrite information storage device 13 that stores a control program as rewrite information. In the present embodiment, the control devices 23-1 to 23 -N are simply referred to as the control device 23 when it is not necessary to distinguish between them.

  In the vehicle 11, the security management device 21, the rewrite control device 22, and the control devices 23-1 to 23 -N are, for example, a common communication line such as a CAN (Controller Area Network) which is a kind of in-vehicle LAN (Local Area Network). 24 are connected to each other. The rewrite information storage device 13 can be connected to and disconnected from the common communication line 24 of the vehicle 11.

  The security management device 21 performs wireless communication with the portable device 12 and manages the security of the vehicle 11. Specifically, the security management device 21 receives the vehicle ID (Identification) for identifying the vehicle 11 stored in the portable device 12 from the portable device 12 by wireless communication, and matches the vehicle ID stored by itself. Depending on whether or not, it is authenticated whether the portable device 12 and the driver who owns it are regular users (drivers). Further, the security management device 21 unlocks the door according to the authentication result, or controls to lock the door when the portable device 12 (the driver who owns the mobile device 12) is away from the predetermined range of the vehicle 11. Also do.

  The rewrite control device 22 controls the entire rewrite process of the information processing system 1. For example, the rewrite control device 22 detects the connection of the rewrite information storage device 13 to the common communication line 24. When the rewrite information storage device 13 is connected to the common communication line 24, the type of rewrite information stored in the rewrite information storage device 13 is confirmed, and a rewrite start command is transmitted to the control device 23 to be rewritten. Then, the rewrite operation is executed.

  The control device 23 corresponds to, for example, an ECU (Electronic Control Unit) or the like, and controls a device (group) in one unit when the equipment in the vehicle 11 is classified into a plurality of units by function, arrangement, or the like. It is. The control device 23 is, for example, an engine control device, a fuel tank control device, an opening / closing part control device, or the like. Each control device 23 is assigned a control device ID for identifying the control device 23. In the present embodiment, a plurality of control devices 23 are provided, but the number of control devices 23 may be one and is arbitrary.

  The portable device 12 receives a user operation and transmits a signal (operation signal) corresponding to the user operation to the security management device 21 by wireless communication. In response to the ID transmission request from the security management device 21, the portable device 12 transmits the vehicle ID stored therein to the security management device 21 by wireless communication.

  The rewrite information storage device 13 stores data such as a control program to be updated therein and is required in response to a request from the rewrite control device 22 or the rewrite target control device 23 when connected to the common communication line 24. Data (including a program) is transmitted to the requested device via the common communication line 24.

  In the information processing system 1 configured as described above, there is a process (rewrite process) of rewriting data stored in the storage unit in the rewrite target control device 23 with the rewrite data stored in the rewrite information storage device 13. Done.

  Next, detailed configurations of the portable device 12, the rewrite information storage device 13, the security management device 21, the rewrite control device 22, and the control device 23 that constitute the information processing system 1 will be described with reference to FIGS. To do.

[Configuration Example of Security Management Device 21]
FIG. 2 is a block diagram illustrating a detailed configuration example of the security management device 21.

  The security management device 21 includes a rewrite control unit 31, a security control unit 32, an ID information storage unit 33, a wireless communication unit 34, a common communication line connection I / F (Interface) 35, and a log recording unit 36.

  The rewrite control unit 31 is in charge of processing in the security management device 21 among the rewriting processing performed in the information processing system 1. For example, the rewrite control unit 31 transmits operation information (rewrite start operation information) indicating rewrite start supplied from the portable device 12 by wireless communication in the rewrite process via the common communication line connection I / F 35. 22 to send.

  The security control unit 32 performs processing (control) related to the security of the vehicle 11. For example, the security control unit 32 receives the vehicle ID from the vehicle 11 by wireless communication, determines whether or not the vehicle ID matches the vehicle ID stored in the ID information storage unit 33, and possesses the portable device 12 and the portable device 12. Authenticates whether the driver is a legitimate user (driver). Further, for example, when the unlocking operation is performed by the authorized authorized user, the security control unit 32 unlocks the door or the portable device 12 (the driver who owns the vehicle 12) When away from the range, the door is locked.

  The ID information storage unit 33 stores the same vehicle ID as the vehicle ID stored in the portable device 12 owned by the authorized user (driver).

  The wireless communication unit 34 performs wireless communication with the portable device 12 under the control of the rewrite control unit 31 or the security control unit 32.

  The common communication line connection I / F 35 is a connection unit with the common communication line 24, and the rewrite control unit 31 or the security control unit 32 outputs the data supplied to the rewrite control device 22 to the common communication line 24 for rewrite control. Data supplied from the device 22 is acquired and supplied to the rewrite control unit 31 or the security control unit 32.

  The log recording unit 36 records (stores) the progress of the process performed in the rewriting process and the error content when an error occurs. By analyzing the information recorded in the log recording unit 36, the contents of the error can be known.

[Configuration Example of Rewrite Control Device 22]
FIG. 3 is a block diagram illustrating a detailed configuration example of the rewrite control device 22.

  The rewrite control device 22 includes a rewrite control unit 41, a RAM (Random Access Memory) 42, a common communication line connection I / F 43, and a log recording unit 44.

  The rewrite control unit 41 is in charge of processing in the rewrite control device 22 in the rewrite processing. The rewrite control device 22 exchanges predetermined data with the security management device 21, the control device 23, and the rewrite information storage device 13 via the common communication line connection I / F 43, and rewrite processing performed in the information processing system 1 The rewrite control unit 41 executes it.

  The RAM 42 appropriately stores data that needs to be temporarily stored at the time of execution when the rewrite control unit 41 executes rewrite control.

  The common communication line connection I / F 43 is a connection unit with the common communication line 24, and the rewrite control unit 41 outputs data supplied to other devices to the common communication line 24, and data supplied from other devices. Is supplied to the rewrite control unit 41.

  The log recording unit 44 records (stores) the progress of the process performed in the rewriting process and the error content when an error occurs. By analyzing the information recorded in the log recording unit 44, the contents of the error can be known.

[Configuration Example of Control Device 23]
FIG. 4 is a block diagram illustrating a detailed configuration example of the control device 23.

  The control device 23 includes a control unit 51, a nonvolatile memory rewriting unit 52, a nonvolatile memory 53, a RAM 54, a common communication line connection I / F 55, and a log recording unit 56.

  The control unit 51 controls one or more devices belonging to a unit that it is in charge of. What kind of control is performed is described in the control program stored in the nonvolatile memory 53, and the control unit 51 controls the control stored in the nonvolatile memory 53 at power-on or at a predetermined timing. Load and execute the program.

  The nonvolatile memory rewriting unit 52 is in charge of processing in the control device 23 in the rewriting processing. In the rewriting process, the rewriting control performed by the nonvolatile memory rewriting unit 52 is performed based on a nonvolatile memory rewriting execution program (FIG. 6) stored in the nonvolatile memory 53.

  The nonvolatile memory 53 stores the above-described nonvolatile memory rewrite execution program and control program. The non-volatile memory rewriting execution program is an execution program for rewriting the control program stored in the non-volatile memory 53, and the control program is a program that defines the control content of the control device 23. The nonvolatile memory rewrite execution program and the control program (FIG. 6) correspond to rewrite data that is acquired from the rewrite information storage device 13 and updated in the rewrite process.

  If the control unit 51 has a function of rewriting the control program stored in the nonvolatile memory 53, the nonvolatile memory rewriting unit 52 can be omitted.

  The RAM 54 appropriately stores data that needs to be temporarily stored at the time of execution when the control unit 51 and the nonvolatile memory rewriting unit 52 execute the control program and the nonvolatile memory rewrite execution program, respectively.

  The common communication line connection I / F 55 is a connection unit with the common communication line 24, and the control unit 51 outputs data supplied to the control target device in charge to the common communication line 24 and supplies it from the control target device. The acquired data is acquired and supplied to the control unit 51.

  In the rewriting process, the common communication line connection I / F 55 outputs the data supplied from the non-volatile memory rewriting unit 52 to the rewrite control device 22 to the common communication line 24 and the data supplied from the rewrite control device 22. Obtained and supplied to the nonvolatile memory rewriting unit 52.

  Further, the common communication line connection I / F 55 is supplied from the rewrite information storage device 13 by outputting data supplied from the nonvolatile memory rewrite unit 52 to the rewrite information storage device 13 to the common communication line 24 in the rewrite processing. Data is acquired and supplied to the nonvolatile memory rewriting unit 52 or the nonvolatile memory 53.

  The log recording unit 56 records (stores) the progress of the process performed in the rewriting process and the error content when an error occurs. By analyzing the information recorded in the log recording unit 56, the contents of the error can be known.

  Note that the log recording unit may be provided in any one of the security management device 21, the rewrite control device 22, and the control device 23, and the logs may be aggregated.

[Configuration Example of Rewrite Information Storage Device 13]
FIG. 5 is a block diagram illustrating a detailed configuration example of the rewrite information storage device 13.

  The rewrite information storage device 13 includes a CPU (Central Processing Unit) 61, a nonvolatile memory 62, a common communication line connection I / F 63, and a maintenance terminal connection connector 64.

  The CPU 61 can be composed of, for example, a one-chip CPU with a built-in ROM (Read Only Memory) and a RAM (Random Access Memory), and a rewrite information storage device in a rewrite process by a program stored in the built-in ROM. 13 is in charge of processing. For example, in response to a rewrite information type request from the rewrite control device 22, the CPU 61 transmits the rewrite data type stored in the nonvolatile memory 62 to the rewrite control device 22 via the common communication line connection I / F 63. To do. Further, the CPU 61 outputs rewrite data to the common communication line 24 via the common communication line connection I / F 63 in response to a rewrite data transmission request from the control device 23 to be rewritten.

  The non-volatile memory 62 stores a non-volatile memory rewrite execution program and a control program as rewrite information transferred to the control device 23 to be rewritten.

  The common communication line connection I / F 63 is a connection part to the common communication line 24, and inputs / outputs data exchanged with the rewrite control device 22 or the rewrite target control device 23 to the common communication line 24 under the control of the CPU 61. I do. The maintenance terminal connector 64 is a connector terminal of the same type as the connection connector when the maintenance terminal is connected to the common communication line 24. Since the rewrite information storage device 13 has the maintenance terminal connection connector 64, it can be connected to the common communication line 24 by connecting to the connection terminal prepared for the maintenance terminal.

  For example, the rewrite information storage device 13 can be configured by a palm-sized small casing. Further, the maintenance terminal can be provided with the function of the rewrite information storage device 13 described later, and the maintenance terminal can be used as the rewrite information storage device 13.

[Detailed example of rewrite information]
Next, information stored in the nonvolatile memory 62 of the rewrite information storage device 13 will be described with reference to FIG.

  The non-volatile memory 62 of the rewrite information storage device 13 stores target device identification information for identifying the rewrite target control device 23, a non-volatile memory rewrite execution program, and a control program.

  The target device identification information includes a control device ID indicating the control device 23 to be rewritten and version information indicating the version of the control program.

  The nonvolatile memory rewrite execution program stores, in order from the top, an ID indicating that the program is a nonvolatile memory rewrite execution program, a program write destination address, a program data length, and actual program data.

  In the control program, an ID indicating that it is a control program, a program write destination address, a program data length, and actual program data are stored in order from the top.

  Each of the target device identification information, the nonvolatile memory rewrite execution program, and the control program is stored as a file in a file system constructed on the nonvolatile memory 62, for example. In this case, the nonvolatile memory 62 stores three files.

  Each of the file names of the target device identification information, the nonvolatile memory rewrite execution program, and the control program may include a predetermined ID indicating rewrite data. Thereby, it is possible to immediately determine whether or not the data for rewriting is stored in the nonvolatile memory 62 of the rewriting information storage device 13.

  The file name can be a name that designates the timing of rewriting. For example, if a character string including a rewriting year and a rewriting date is used as a file name, rewriting can be permitted only on a predetermined date.

  The target device identification information, the nonvolatile memory rewriting execution program, and the control program may be configured and stored as one or two files.

[Configuration example of portable device 12]
FIG. 7 is a block diagram illustrating a detailed configuration example of the portable device 12.

  The portable device 12 includes an audio output unit 71, a display unit 72, operation buttons 73A to 73F, an operation button connection unit 74, an operation control unit 75, an ID information storage unit 76, and a wireless communication unit 77.

  The audio output unit 71 includes a speaker or the like, and outputs sounds such as a dial tone, a buzzer, and a melody, and a message under the control of the operation control unit 75.

  The display unit 72 is made up of an LCD (Liquid Crystal Display) or LED (Light Emitting Diode), etc., such as “Please start rewriting”, “Data is being updated”, etc. Display by way.

  The broken lines of the audio output unit 71 and the display unit 72 in FIG. 7 indicate that the audio output unit 71 and the display unit 72 are not essential and can be omitted.

  The operation buttons 73A to 73F are buttons operated by the user when instructing the vehicle 11 to perform a predetermined operation such as locking and unlocking the door. In this example, the operation unit that receives the user's operation is configured by the six operation buttons 73A to 73F, but the number of operation units is not limited to this.

  The operation button connection unit 74 acquires user operations performed by the operation buttons 73A to 73F as operation signals from the operation buttons 73A to 73F and supplies the operation signals to the operation control unit 75.

  The operation control unit 75 exchanges predetermined data (for example, vehicle ID and the like) with the security management device 21 via the wireless communication unit 77. In addition, the operation control unit 75 responds to the user operation performed with the operation buttons 73A to 73F acquired via the operation button connection unit 74 and the data supplied from the security management device 21, and the sound output unit 71. A sound (sound) is output from the display or a predetermined message is displayed on the display unit 72.

  The ID information storage unit 76 stores a vehicle ID that identifies the vehicle 11 associated with the portable device 12. The wireless communication unit 77 performs wireless communication with the security management device 21 under the control of the operation control unit 75.

[External appearance of portable device 12]
FIG. 8 shows an external configuration example of the portable device 12.

  An audio output unit 71, a display unit 72, and operation buttons 73 </ b> A to 73 </ b> F are provided on one surface as an operation surface of the portable device 12.

[Overall processing flow of rewrite processing]
Next, the overall processing flow of the rewriting process by the information processing system 1 will be described with reference to the flowchart of FIG.

  First, in step S11, when a driver or a user such as a worker who performs a rewriting process operates the portable device 12 to perform an unlocking operation of the door, in step S21, the portable device 12 The door unlocking operation signal is received and transmitted to the security management apparatus 21 by wireless communication together with the vehicle ID stored in the portable device 12.

  In step S41, the security management device 21 confirms that the vehicle ID transmitted from the portable device 12 by wireless communication matches the vehicle ID stored by itself, and unlocks the door. In step S <b> 41, the security management device 21 notifies the rewrite control device 22 of the door unlocking via the common communication line 24.

  In step S61, the rewrite control device 22 receives the door unlock notification notified from the security management device 21 via the common communication line 24, and confirms (recognizes) the door unlock.

  Next, when the user performs an operation of turning on ACC (Accessories) in step S12, the security management apparatus 21 turns on ACC in accordance with the operation in step S42. Note that “ACC (Accessories) ON” is a state in which only some predetermined electrical components in the vehicle 11 can be operated, and “IGN (Ignition) ON” described later refers to all the electrical components in the vehicle 11. The product is ready for operation.

  Next, in step S13, when the user connects the rewrite information storage device 13 to, for example, a connecting portion provided in an instrument panel portion of the vehicle 11, the rewrite information storage device 13 receives the vehicle 11 in step S101. Is connected to the common communication line 24, and the rewrite control device 22 is notified of the connection through the common communication line 24 in step S102.

  Note that the rewrite information storage device 13 may be directly (physically) connected to a connection portion in the vehicle 11 or may be connected to be communicable by wireless communication even if not physically connected. Good. In this case, the connection of the rewrite information storage device 13 is detected when the rewrite information storage device 13 exists within the communication range of the wireless communication unit of the rewrite control device 22 of the wireless communication partner.

  In step S62, the rewrite control device 22 receives the connection notification from the rewrite information storage device 13, detects the connection of the rewrite information storage device 13, and in step S63, from the confirmation of unlocking the door in step S61, Confirm that it is within the specified time. This is because, as will be described later in detail processing, the rewriting operation of the control program is executed only when the rewriting control device 22 is connected within a predetermined time after the door unlocking operation is performed. .

  When the connection of the rewrite information storage device 13 is within a predetermined time from the confirmation of unlocking the door, the rewrite control device 22 confirms that the vehicle 11 is in a rewritable state in step S64. In order for the vehicle 11 to be in a rewritable state, for example, it is necessary that ACC is on or IGN is off, and the rewrite control device 22 checks whether or not such a condition is satisfied. .

  When it is confirmed that the vehicle 11 is in a rewritable state, the rewrite control device 22 sends a rewrite information type request for requesting the type of information to be rewritten via the common communication line 24 in step S65. 13 to send.

  The rewrite information storage device 13 receives the rewrite information type request from the rewrite control device 22 in step S103, and transmits the rewrite information type to the rewrite control device 22 via the common communication line 24 in step S104.

  In step S 66, the rewrite control device 22 receives the rewrite information type transmitted from the rewrite information storage device 13 and confirms the type of rewrite data stored in the rewrite information storage device 13. Here, since the rewrite information type acquired includes target device identification information for identifying the rewrite target control device 23 shown in FIG. 6, the control device 23 is obtained by acquiring the rewrite information type. Which of −1 to 23-N is to be rewritten is specified.

  In step S <b> 67, the rewrite control device 22 transmits a portable device confirmation instruction for confirming whether the portable device 12 is registered in the vehicle 11 to the security management device 21 via the common communication line 24.

  In step S43, the security management device 21 receives the portable device confirmation instruction from the rewrite control device 22, and requests the portable device 12 to transmit ID by wireless communication.

  In step S22, the portable device 12 receives an ID transmission request from the security management device 21, and in step S23, the portable device 12 transmits the vehicle ID stored in the ID information storage unit 76 by wireless communication.

  In step S <b> 44, the security management device 21 receives the vehicle ID from the portable device 12 and confirms whether it matches the vehicle ID stored in its own ID information storage unit 33. When the security management device 21 confirms that the vehicle IDs match, the security management device 21 transmits the confirmation result to the rewrite control device 22 via the common communication line 24.

  When the rewrite control device 22 receives the confirmation result (mobile device confirmation OK) indicating that the vehicle IDs match in step S68, the rewrite control information request is sent to the rewrite information storage device 13 in step S69. 24. The rewrite permission information is data previously decided between the rewrite control device 22 and the rewrite information storage device 13 for determining whether or not rewrite with the rewrite data stored in the rewrite information storage device 13 is permitted. (Password).

  The rewrite information storage device 13 receives a request for rewrite permission information from the rewrite control device 22 in step S <b> 105, and transmits the rewrite permission information to the rewrite control device 22 through the common communication line 24 in step S <b> 106.

  When the rewrite control device 22 receives the rewrite permission information from the rewrite information storage device 13 in step S70, the rewrite control device 22 identifies all the control devices 23-1 to 23-N in the vehicle 11 in step S71. Request information.

  When all the control devices 23-1 to 23-N in the vehicle 11 receive the request for identification information from the rewrite control device 22 in step S91, the identification information (control device ID) of the own device is received in step S92. Send.

  In step S72, the rewrite control device 22 receives the identification information transmitted from each of the control devices 23-1 to 23-N, and in step S73, the received identification information of each control device 23 is specified in step S66. The identification information of the control device 23 to be rewritten is compared, and it is confirmed whether or not the control device 23 to be rewritten exists.

  Then, when the presence of the control device 23 to be rewritten is confirmed, the rewrite control device 22 requests rewrite start operation information from the security management device 21 in step S74.

  In step S <b> 45, the security management device 21 receives a request for rewrite start operation information from the rewrite control device 22 and transmits it to the portable device 12 as it is.

  In step S <b> 24, the portable device 12 receives a request for rewrite start operation information from the security management device 21, and performs processing for prompting the user to perform a rewrite start operation. The processing for prompting the rewrite start operation performed here is, for example, displaying a message “Please perform rewrite start operation” on the display unit 72, outputting a sound from the sound output unit 71, or outputting a buzzer. Process.

  By the process of prompting the rewrite start operation of the portable device 12, the user performs an operation of starting the rewrite in step S14. In the present embodiment, the operation to start rewriting is to operate the operation button 73 of the portable device 12 in a predetermined procedure, and what procedure is determined in advance and the user knows it. In step S25, the portable device 12 accepts a rewrite start operation by the user, and transmits rewrite start operation information indicating the operation.

  In step S <b> 46, the security management device 21 receives the rewrite start operation information from the portable device 12 by wireless communication and transmits it to the rewrite control device 22 via the common communication line 24.

  In step S75, the rewrite control device 22 receives the rewrite start operation information from the security management device 21 and determines that a rewrite start operation has been performed. In step S76, the rewrite control device 22 transmits a rewrite start command to the rewrite target control device 23 (hereinafter referred to as the rewrite target control device 23) via the common communication line 24.

  The rewrite target control device 23 receives a rewrite start command from the rewrite control device 22 in step S93, and shifts to a rewritable state in step S94. In step S95, the rewrite target control device 23 requests the rewrite information storage device 13 to transmit rewrite data.

  The rewrite information storage device 13 receives the rewrite data transmission request from the rewrite target control device 23 in step S107, and transmits the rewrite data to the rewrite target control device 23 via the common communication line 24 in step S108.

  The rewrite target control device 23 receives the rewrite data from the rewrite information storage device 13 in step S96, and rewrites the data in the nonvolatile memory 53 in the device with the received rewrite data in step S97.

  In addition to the update by the rewrite data of the rewrite target control device 23 described above (in parallel), the rewrite control device 22 transmits a rewrite start command to the rewrite target control device 23 as step S76, and then rewrites in step S77. The start is notified to the security management apparatus 21 via the common communication line 24.

  In step S47, the security management device 21 receives the rewrite start notification transmitted from the rewrite control device 22 via the common communication line 24 and indicating the start of rewrite. In step S48, the received rewrite start notification is received. Is transmitted to the portable device 12 by wireless communication.

  The portable device 12 receives the rewrite start notification from the security management device 21 in step S26, and displays a message indicating the start of rewrite on the display unit 72 in step S27. After the rewriting is started, for example, a message “Rewriting” is displayed on the display unit 72. In step S15, the user confirms the start of rewriting by looking at the message displayed on the display unit 72.

  When the rewrite target control device 23 finishes rewriting the data in the nonvolatile memory 53, which has been started as step S97, the rewrite target control device 23 sends a rewrite result notification to notify the rewrite result in step S98. The data is transmitted to the rewrite control device 22 via the common communication line 24. In step S99, the rewrite target control device 23 starts the updated program and returns to the normal control operation.

  In step S <b> 78, the rewrite control device 22 receives the rewrite result notification from the rewrite target control device 23 and transmits it to the security management device 21. In step S49, the security management device 21 receives the rewrite result notification from the rewrite control device 22, and further transmits it to the portable device 12 by wireless communication.

  The portable device 12 receives the rewrite result notification from the security management device 21 in step S28, and displays the rewrite result on the display unit 72 in step S29.

  The user confirms the rewriting result displayed on the display unit 72 in step S16, and removes the rewriting information storage device 13 from the vehicle 11 in step S17.

  Thus, the rewriting process by the information processing system 1 is completed.

  According to the above-described rewriting process, the security control unit 32 (unlocking control unit) of the security management device 21 receives the authentication match result of the portable device 12 and the unlocking operation of the door of the vehicle 11, and Unlock. The rewrite control unit 41 (information storage device connection detecting means) of the rewrite control device 22 stores an update control program for rewriting the control program in the control device 23 within a predetermined time from the unlocking operation of the vehicle door. It is detected whether the rewrite information storage device 13 is connected.

  When the connection with the rewrite information storage device 13 is detected within a predetermined time from the unlocking operation of the door of the vehicle 11, the non-volatile memory rewrite unit 52 (rewrite means) of the rewrite target control device 23 The control program stored in 23 is rewritten to an update control program.

  Therefore, since the minimum operation required for the user to rewrite the control program is only the unlocking operation of the door and the connection of the rewriting information storage device 13 within a predetermined time from the unlocking operation of the door. The control program can be easily rewritten without using a terminal.

  In addition, it is good also as a condition that the predetermined rewrite start operation was performed by the user for operation for a user to rewrite a control program. As a result, only the person who knows the predetermined rewrite start operation can rewrite, so that safety is improved.

  Further, in addition to determining whether or not the connection of the rewrite information storage device 13 is detected within a predetermined time from the unlocking of the door, the condition for turning on / off the ACC is added, and the connection of the rewrite information storage device 13 is detected when the ACC is off, Thereafter, it may be determined as a further condition that ACC is turned on. In this case, when the rewrite information storage device 13 is connected for another purpose after the ACC is turned on, it is possible to prevent unnecessary operations from waiting for a rewrite start operation of the control program.

  According to the above-described rewriting process, only a person having the portable device 12 having the same vehicle ID can instruct rewriting, and therefore, unauthorized rewriting by a person who is not permitted to use the vehicle 11 is prevented. Can do. The control program can be rewritten only within a predetermined time from the door unlocking operation, so that the control program can be rewritten to ensure safety. Moreover, when the owner of the vehicle 11 (the user who has the portable device 12) leaves the vehicle 11, it can be prevented from being rewritten illegally.

  In addition, since the rewriting is not executed in a state where the rewriting information storage device 13 is not connected, the control program is rewritten regardless of what operation the user (including those that attempt to rewrite illegally) performs. There is nothing. When the rewrite information storage device 13 is not connected, it is not necessary to perform an unnecessary determination process for rewriting the control program.

  Since the rewrite information type transmitted from the rewrite information storage device 13 is received and the target device identification information for identifying the rewrite target device is confirmed, a plurality of control devices 23-1 to 23 -N exist in the vehicle 11. Even in this case, it is not necessary to designate the control device 23 to be rewritten, so that the operation can be simplified.

  Since the rewrite result is displayed on the display unit 72 of the portable device 12, the user can check the rewrite result without a maintenance terminal. Note that the rewrite result may be displayed not on the display unit 72 of the portable device 12 but on the instrument panel or the audio device in the vehicle 11 by the security management device 21.

  As described above, according to the rewriting process, the control program for the vehicle 11 can be updated safely with a simple operation.

  Hereinafter, the rewriting process of the information processing system 1 will be described in more detail by explaining the process for each apparatus.

[Overall Processing Flow of Rewrite Control Device 22]
FIG. 10 is a flowchart for explaining the process of the rewrite control device 22 in the rewrite process.

  In step S121, the rewrite control device 22 first determines whether or not the door unlocking operation has been performed by the portable device 12, and the process is repeated until it is determined that the door unlocking operation has been performed.

  If it is determined in step S121 that the door has been unlocked, the process proceeds to step S122, and the rewrite control device 22 determines whether a predetermined time has elapsed after the door is unlocked.

  If it is determined in step S122 that the predetermined time has not yet elapsed after unlocking the door, the process proceeds to step S124, and the rewrite control device 22 determines whether or not the connection of the rewrite information storage device 13 has been detected. judge. If it is determined in step S124 that the connection of the rewrite information storage device 13 has not been detected, the process returns to step S122.

  On the other hand, if it is determined in step S122 that a predetermined time has elapsed after unlocking the door, the process proceeds to step S123, and the rewrite control device 22 records the door unlocking timeout error in the log recording unit 44. End the process.

  In the above steps S122 to S124, the rewrite control device 22 determines whether or not the connection of the rewrite information storage device 13 is detected before the predetermined time elapses after the door is unlocked. If the connection of the rewrite information storage device 13 is not detected before the time elapses, the rewrite process is terminated as a door unlocking time-out error.

  If the connection of the rewrite information storage device 13 is detected before the predetermined time elapses after the door is unlocked, it is determined in step S124 that the connection of the rewrite information storage device 13 has been detected, and the process proceeds to step S124. Proceed to S125.

  In step S125, the rewrite control device 22 executes a rewritable state confirmation process for confirming whether or not the state of the vehicle 11 is in a rewritable state. Details of this processing will be described later with reference to FIG.

  In step S126, the rewrite control device 22 determines whether or not the rewritable state is obtained as a result of the rewritable state confirmation process. If it is determined in step S126 that the rewritable state is not set, the process proceeds to step S127, and the rewrite control device 22 records the rewritable state error in the log recording unit 44 and ends the process.

  On the other hand, when it is determined in step S126 that the state is rewritable, the process proceeds to step S128, and the rewrite control device 22 rewrites the rewrite target control device 23 and rewrite information for confirming the type of information (data) to be rewritten. Execute type confirmation processing. Details of this process will be described later with reference to FIG. 12. In this process, it is confirmed whether the information to be rewritten is both the nonvolatile memory rewrite execution program and the control program, or only the control program. be able to.

  In step S 129, the rewrite control device 22 transmits a portable device confirmation instruction for confirming whether the portable device 12 is registered in the vehicle 11 to the security management device 21.

  In step S <b> 130, the rewrite control device 22 determines whether or not the portable device 12 has been registered in the vehicle 11, that is, whether or not there has been a notification of portable device confirmation OK from the security management device 21.

  If it is determined in step S130 that there is no portable device confirmation OK notification from the security management device 21, the process proceeds to step S131, and the rewrite control device 22 records the portable device response error in the log recording unit 44. The process ends.

  On the other hand, if it is determined in step S130 that the security management device 21 has notified the portable device confirmation OK, the process proceeds to step S132, and the rewrite control device 22 requests rewrite permission information from the rewrite information storage device 13. To do.

  In step S133, the rewrite control device 22 determines whether rewrite permission information has been received from the rewrite information storage device 13 in accordance with the requested rewrite permission information.

  If it is determined in step S133 that rewrite permission information has not been received from the rewrite information storage device 13, the process proceeds to step S134, and the rewrite control device 22 records a rewrite permission information error in the log recording unit 44. End the process.

  On the other hand, if it is determined in step S133 that rewrite permission information has been received from the rewrite information storage device 13, the process proceeds to step S135, and the rewrite control device 22 is connected to all the communication lines 24 connected. The control device identification information is requested to the control devices 23-1 to 23-N.

  In step S136, the rewrite control device 22 determines whether control device identification information has been transmitted from all the control devices 23-1 to 23-N. If it is determined in step S136 that at least one control device 23 has not transmitted control device identification information, the process proceeds to step S137, and the rewrite control device 22 sends a control device identification information reception error to the log recording unit 44. Record and finish the process.

  On the other hand, if it is determined in step S136 that control device identification information has been transmitted from all the control devices 23-1 to 23-N, the process proceeds to step S138, and the rewrite control device 22 controls the rewrite target control. It is determined whether the device 23 is present. In step S138, it is determined whether or not there is a control device 23 to be rewritten depending on whether or not control device identification information has been transmitted from the control device 23 to be rewritten recognized in the rewrite information type confirmation processing in step S128 described above. Can be determined.

  When it is determined in step S138 that there is no rewrite target control device 23, the process proceeds to step S139, and the rewrite control device 22 records the rewrite target detection error in the log recording unit 44 and ends the process.

  On the other hand, if it is determined in step S138 that there is a control device 23 to be rewritten, the process proceeds to step S140, and the rewrite control device 22 requests the security management device 21 for rewrite start operation information. The request for the rewrite start operation information to the security management device 21 becomes a display prompting the rewrite start operation on the portable device 12, and the rewrite start operation by the user is performed.

  In step S <b> 141, the rewrite control device 22 determines whether a rewrite start operation has been performed, that is, whether rewrite start operation information from the security management device 21 has been received.

  If it is determined in step S141 that the rewrite start operation has not been performed, the process proceeds to step S142, and the rewrite control device 22 records the rewrite start operation error in the log recording unit 44 and ends the process.

  On the other hand, if it is determined in step S141 that a rewrite start operation has been performed, the process proceeds to step S143, and the rewrite control device 22 transmits a rewrite start command to the rewrite target control device 23 (rewrite target control device 23). To do. In step S144, the rewrite control device 22 notifies the security management device 21 of the start of rewriting. Step S143 and step S144 can be performed simultaneously.

  In step S145, the rewrite control device 22 determines whether a rewrite result notification has been received from the rewrite target control device 23.

  If it is determined in step S145 that no rewrite result notification has been received from the rewrite target control device 23, the process proceeds to step S146 to determine whether or not a timeout has occurred. If it is determined in step S146 that no timeout has occurred, the process returns to step S145 again, and it is determined whether a rewrite result notification has been received from the rewrite target control device 23. If it is determined in step S146 that a timeout has occurred, the process proceeds to step S147, and the rewrite control device 22 records the rewrite result reception error in the log recording unit 44, and ends the process.

  On the other hand, when the rewrite result notification is received before the timeout occurs, it is determined in step S145 that the rewrite result notification is received from the rewrite target control device 23, and the process proceeds to step S148. A rewrite result notification is transmitted to the security management device 21 and the process is terminated.

[Detailed processing of rewritable status confirmation processing]
The flowchart of FIG. 11 shows the details of the rewritable state confirmation process executed as the process of step S125 described above.

  In this process, first, in step S161, the rewrite control device 22 determines whether ACC is on. If it is determined in step S161 that the ACC is not on, the rewrite control device 22 determines that the state of the vehicle 11 is an unrewritable state.

  On the other hand, if it is determined in step S161 that ACC is on, the process proceeds to step S163, and the rewrite control device 22 determines whether IGN is off. If it is determined in step S163 that the IGN is not OFF (ON), the process proceeds to step S164, and the rewrite control device 22 determines that the state of the vehicle 11 is the rewrite prohibited state.

  On the other hand, if it is determined in step S163 that IGN is OFF, the process proceeds to step S165, and the rewrite control device 22 determines whether other rewrite prohibition conditions are satisfied. Other rewrite prohibition conditions include, for example, a state in which a rewrite prohibition signal is output from at least one control device 23, a state in which the vehicle 11 is out of order, a state in which the voltage of the battery in the vehicle 11 is reduced, etc. A predetermined state that may affect the control program rewriting of the control device 23 can be set as a rewrite prohibition condition. In addition, when the user performs a rewrite start operation, the rewrite prohibition condition may be that the rewrite start operation is not the portable device 12 that has unlocked the door.

  If it is determined in step S165 that other rewrite prohibition conditions are satisfied, the process proceeds to step S166, and the rewrite control device 22 determines that the state of the vehicle 11 is in a rewrite prohibition condition, and the process is as shown in FIG. Return.

  On the other hand, if it is determined in step S165 that the other rewrite prohibition conditions are not satisfied, the process proceeds to step S167, and the rewrite control device 22 determines that the state of the vehicle 11 is a rewritable state, and the process is performed. Returning to FIG.

  As described above, it is possible to prevent rewriting in a state that may affect the operation of the vehicle 11 by detecting the case where at least ACC is on and IGN is off as a rewritable state. .

[Detailed processing of rewrite information type confirmation processing]
The flowchart of FIG. 12 shows the details of the rewrite information type confirmation process executed as the process of step S128 described above.

  In this process, first, in step S181, the rewrite control device 22 transmits a rewrite information type request for requesting the type of information to be rewritten to the rewrite information storage device 13, and has been transmitted in response to the request in step S182. Rewrite information type is received.

  In step S183, the rewrite control device 22 determines whether the received rewrite information type includes target device identification information, that is, identification information of the control device 23 to be rewritten.

  When it is determined in step S183 that the received rewrite information type does not include the target device identification information, the process proceeds to step S184, and the rewrite control device 22 records the target device identification information error in the log recording unit 44. The process ends.

  On the other hand, if it is determined in step S183 that the received rewrite information type includes the target device identification information, the process proceeds to step S185, and the rewrite control device 22 executes non-volatile memory rewrite for the received rewrite information type. Determine if there is a program.

  If it is determined in step S185 that the received rewrite information type does not include the nonvolatile memory rewrite execution program, the process proceeds to step S186, and the rewrite control device 22 determines that the nonvolatile memory rewrite execution program is not updated. Then, the process proceeds to step S187.

  On the other hand, if it is determined in step S185 that the received rewrite information type includes a non-volatile memory rewrite execution program, the process proceeds to step S187, and the rewrite control device 22 sets the received rewrite type to update control. Determine if there is a program.

  If it is determined in step S187 that the received rewrite information type does not have an update control program, the process proceeds to step S188, and the rewrite control device 22 records the rewrite data error in the log recording unit 44. The process ends.

  On the other hand, if it is determined in step S187 that the received rewrite information type includes an update control program, the process returns to FIG.

  As described above, it is determined whether or not the rewrite data (nonvolatile memory rewrite execution program and update control program) is stored in the rewrite information storage device 13 by the rewrite information type confirmation process. Therefore, for example, even when the same type information storage device storing other information is connected, it is possible to prevent data from being rewritten by mistake.

  If the nonvolatile memory rewrite execution program cannot be acquired, the existing nonvolatile memory rewrite execution program stored in the nonvolatile memory 53 is used, so that no data error occurs. However, if the control program for updating cannot be acquired, the purpose of the rewriting process cannot be achieved, and the process ends.

  The processing of the rewrite control device 22 is as described with reference to FIGS.

[Overall processing flow of portable device 12]
Next, the process of the portable device 12 in the rewriting process will be described with reference to the flowchart of FIG. The transmission / reception executed in FIG. 13 is performed by wireless communication with the security management device 21.

  First, in step S <b> 201, the portable device 12 accepts the user's door unlocking operation, and transmits a door unlocking operation signal (door unlocking command) to the security management device 21.

  In step S202, the portable device 12 determines whether or not an ID transmission request has been received, and repeats the processing in step S202 until the ID transmission request is received.

  If it is determined in step S202 that the ID transmission request has been received, the process proceeds to step S203, and the portable device 12 transmits the vehicle ID stored in the ID information storage unit 76 to the security management device 21. .

  The door unlocking operation may be performed by the user on the door of the vehicle 11 instead of the operation by the portable device 12. In this case, the portable device 12 performs processing from transmission of the vehicle ID in response to the ID transmission request.

  Next, in step S204, the portable device 12 determines whether or not a request for rewrite start operation information has been received, and repeats the process of step S204 until a request for rewrite start operation information is received.

  If it is determined in step S204 that a request for rewrite start operation information has been received, the process proceeds to step S205, and the portable device 12 starts rewrite to the user, such as “Please perform rewrite start operation”. A display prompting the operation is displayed on the display unit 72.

  Next, in step S206, the portable device 12 determines whether a rewrite start operation has been performed, and repeats the process of step S206 until it is determined that the rewrite start operation has been performed.

  If it is determined in step S206 that a rewrite start operation has been performed, the process proceeds to step S207, and the portable device 12 transmits rewrite start operation information corresponding to the performed rewrite start operation to the security management apparatus 21. To do.

  Next, in step S208, the portable device 12 determines whether or not a rewrite start notification has been received from the security management device 21, and repeats the processing in step S208 until it is determined that the rewrite start notification has been received.

  If it is determined in step S208 that a rewrite start notification has been received, the process proceeds to step S209, and the portable device 12 displays a display indicating the start of rewrite on the display unit 72. After the rewriting is started, for example, a message “Rewriting” is displayed on the display unit 72.

  Next, in step S210, the portable device 12 determines whether or not the rewrite result notification for notifying the rewrite result has been received from the security management device 21, and until it is determined that the rewrite result notification has been received. The process of S210 is repeated.

  If it is determined in step S210 that a rewrite result notification has been received, the process proceeds to step S211, and the portable device 12 displays the rewrite result on the display unit 72 and ends the process.

[Overall Processing Flow of Security Management Device 21]
FIG. 14 is a flowchart for explaining the processing of the security management device 21 in the rewriting processing. The process of FIG. 14 is repeatedly executed.

  First, in step S <b> 221, the security management device 21 determines whether or not an operation related to the door is performed by the user on the portable device 12. If it is determined in step S221 that no operation related to the door has been performed, the processing in the next step S222 is skipped.

  On the other hand, if it is determined in step S221 that an operation related to the door has been performed, the process proceeds to step S222, and the security management apparatus 21 executes a door-related control process described later with reference to FIG.

  In step S223, the security management device 21 determines whether an operation for controlling the start of the vehicle 11 has been performed by the user. If it is determined in step S223 that the operation for controlling the start of the vehicle 11 has not been performed, the process of the next step S224 is skipped.

  On the other hand, if it is determined in step S223 that an operation for controlling the start of the vehicle 11 has been performed, the process proceeds to step S224, and the security management device 21 executes a vehicle start control process described later with reference to FIG. .

  In step S <b> 225, the security management device 21 determines whether a portable device confirmation instruction for confirming whether the portable device 12 is registered in the vehicle 11 is received from the rewrite control device 22. If it is determined in step S225 that the portable device confirmation instruction has not been received, the processing in the next steps S226 to S229 is skipped.

  On the other hand, if it is determined in step S225 that the portable device confirmation instruction has been received, the process proceeds to step S226, and the security management device 21 requests the portable device 12 to transmit an ID and is transmitted in response to the request. Receive the coming vehicle ID.

  In step S227, the security management device 21 determines whether the registered vehicle ID of the portable device 12 has been received.

  If it is determined in step S227 that the registered vehicle ID of the portable device 12 has not been received, the process proceeds to step S228, and the security management device 21 transmits a portable device confirmation NG to the rewrite control device 22. .

  On the other hand, if it is determined in step S227 that the vehicle ID of the registered portable device 12 has been received, the process proceeds to step S229, and the security management device 21 transmits a portable device confirmation OK to the rewrite control device 22. .

  Next, in step S230, the security management device 21 determines whether a request for rewrite start operation information has been received from the rewrite control device 22. If it is determined in step S230 that a request for rewrite start operation information has not been received, the process of the next step S231 is skipped.

  On the other hand, if it is determined in step S230 that a request for rewrite start operation information has been received, the process proceeds to step S231, and the security management apparatus 21 transmits the received request for rewrite start operation information to the portable device 12 as it is. To do.

  Next, in step S232, the security management apparatus 21 determines whether there has been an operation related to rewriting in the portable device 12. Here, the operation related to rewriting is any of a rewrite start operation, a rewrite end confirmation operation, or a rewrite interruption operation. If it is determined in step S232 that there is no operation related to rewriting in the portable device 12, the process in step S233 is skipped.

  On the other hand, if it is determined in step S232 that there has been an operation related to rewriting in the portable device 12, the process proceeds to step S233, and the security management apparatus 21 executes a rewriting operation handling process described later with reference to FIG. .

  Next, in step S234, the security management device 21 determines whether or not a rewrite start notification indicating that rewrite has started has been received from the rewrite control device 22. If it is determined in step S234 that the rewrite start notification has not been received, the process of the next step S235 is skipped.

  On the other hand, if it is determined in step S234 that the rewrite start notification has been received, the process proceeds to step S235, and the security management device 21 transmits the received rewrite start notification to the portable device 12 by wireless communication.

  Next, in step S236, the security management device 21 determines whether or not a rewrite result notification indicating that rewriting has been completed is received from the rewrite control device 22. If it is determined in step S236 that the rewrite result notification has not been received, the processes in the next steps S237 and S238 are skipped.

  On the other hand, if it is determined in step S236 that the rewrite result notification has been received, the process proceeds to step S237, and the security management apparatus 21 transmits the received rewrite result notification to the portable device 12 by wireless communication. Furthermore, in step S238, the security management device 21 cancels the rewrite start operation setting and ends the process.

[Detailed processing of door-related control processing]
The flowchart of FIG. 15 shows the details of the door-related control process of the security management apparatus 21, which is executed as the process of step S222 described above.

  First, in step S251, the security management device 21 determines whether an operation for locking the door has been performed based on the operation signal received from the portable device 12.

  If it is determined in step S251 that an operation to lock the door has been performed, the process proceeds to step S252, and the security management apparatus 21 performs control to lock the door. On the other hand, if it is determined in step S251 that the operation for locking the door has not been performed, the process in step S252 is skipped.

  Next, in step S253, the security management device 21 determines whether an operation for unlocking the door has been performed based on the operation signal received from the portable device 12.

  If it is determined in step S253 that an operation to unlock the door has been performed, the process proceeds to step S254, and the security management device 21 performs control to unlock the door. In step S255, the door unlocking is rewritten. Notify the control device 22.

  On the other hand, when it is determined in step S253 that the operation for unlocking the door has not been performed, the processes in steps S254 and S255 described above are skipped.

  Next, in step S256, the security management device 21 determines whether a trunk open operation has been performed based on the operation signal received from the portable device 12.

  If it is determined in step S256 that the trunk opening operation has been performed, the process proceeds to step S257, and the security management device 21 performs control to open the trunk. On the other hand, if it is determined in step S256 that the trunk opening operation has not been performed, the process in step S257 described above is skipped.

  As described above, the door-related control process ends, and the process returns to FIG. Note that the door-related control process in FIG. 15 is a process when the user performs an operation related to the door using the portable device 12, and therefore, in FIG. Is called.

[Detailed processing of door-related control processing]
The flowchart of FIG. 16 shows the details of the vehicle start control process of the security management device 21 that is executed as the process of step S224 described above.

  First, in step S271, the security management apparatus 21 determines whether an operation for turning on ACC has been performed. If it is determined in step S271 that the operation to turn on ACC has not been performed, the process proceeds to step S277.

  On the other hand, if it is determined in step S271 that an operation to turn on ACC has been performed, the process proceeds to step S272, and the security management device 21 requests the portable device 12 to transmit a vehicle ID.

  In step S273, the security management device 21 determines whether a registered vehicle ID has been received, that is, whether the same vehicle ID as that stored in the ID information storage unit 33 has been received.

  If it is determined in step S273 that the registered vehicle ID has not been received, the process proceeds to step S274 to determine whether a timeout has occurred. If it is determined in step S274 that no timeout has occurred, the process returns to step S273. That is, the security management device 21 waits for reception of the registered vehicle ID until a timeout occurs.

  If it is determined in step S274 that a timeout has occurred, the process proceeds to step S275, the security management apparatus 21 records the portable device ID reception error in the log recording unit 36, and the process proceeds to step S277. .

  On the other hand, if it is determined in step S273 that the registered vehicle ID has been received, the process proceeds to step S276, and the security management apparatus 21 turns on ACC.

  Next, in step S277, the security management apparatus 21 determines whether an operation for turning on the IGN has been performed. If it is determined in step S277 that an operation to turn on IGN has not been performed, the process returns to FIG.

  On the other hand, if it is determined in step S277 that an operation to turn on IGN has been performed, the process proceeds to step S278, and the security management device 21 requests the portable device 12 to transmit a vehicle ID.

  In step S279, the security management device 21 determines whether or not a registered vehicle ID has been received.

  If it is determined in step S279 that no registered vehicle ID has been received, the process proceeds to step S280 to determine whether a timeout has occurred. If it is determined in step S280 that no timeout has occurred, the process returns to step S279. That is, the security management device 21 waits for reception of the registered vehicle ID until a timeout occurs.

  If it is determined in step S280 that a timeout has occurred, the process proceeds to step S281, and the security management apparatus 21 records the portable device ID reception error in the log recording unit 36, and the process returns to FIG. .

  On the other hand, if it is determined in step S279 that the registered vehicle ID has been received, the process proceeds to step S282, and the security management apparatus 21 turns on the IGN.

  Thus, the vehicle start control process is completed, and the process returns to FIG.

[Detailed processing of rewrite operation support processing]
The flowchart of FIG. 17 shows the details of the rewrite operation handling process of the security management apparatus 21 executed as the process of step S233 described above.

  First, in step S301, the security management apparatus 21 determines whether or not a rewrite start operation has been performed. If it is determined that a rewrite start operation has not been performed, the next step S302 is skipped.

  On the other hand, if it is determined in step S301 that a rewrite start operation has been performed, the process proceeds to step S302, and the security management device 21 notifies the rewrite control device 22 of the rewrite start operation.

  Next, in step S303, the security management apparatus 21 determines whether or not a rewrite completion confirmation operation has been performed. If it is determined that a rewrite completion confirmation operation has not been performed, the security management apparatus 21 skips the next step S304.

  On the other hand, if it is determined in step S303 that a rewrite completion confirmation operation has been performed, the process proceeds to step S304, and the security management device 21 notifies the rewrite control device 22 of the rewrite completion confirmation operation.

  Next, in step S305, the security management apparatus 21 determines whether or not a rewrite interruption operation has been performed. If it is determined that a rewrite interruption operation has not been performed, the security management apparatus 21 skips the next step S306.

  On the other hand, if it is determined in step S305 that the rewrite interruption operation has been performed, the process proceeds to step S306, and the security management device 21 notifies the rewrite control device 22 of the rewrite interruption operation.

  As described above, the rewrite operation handling process ends, and the process returns to FIG.

[Overall Processing Flow of Rewrite Target Control Device 23]
FIG. 18 is a flowchart for explaining processing of the rewrite target control device 23.

  First, in step S321, the rewrite target control device 23 determines whether or not an identification information request for requesting identification information has been received from the rewrite control device 22, and waits until it is determined that an identification information request has been received. To do.

  If it is determined in step S321 that the identification information request has been received, the process proceeds to step S322, and the rewrite target control device 23 transmits its own identification information to the rewrite control device 22.

  In step S323, the rewrite target control device 23 determines whether a rewrite start command has been received. If it is determined in step S323 that a rewrite start command has not been received, the process proceeds to step S324, and it is determined whether a timeout has occurred. If it is determined in step S324 that no timeout has occurred, the process returns to step S323. That is, the rewrite target control device 23 waits for reception of a rewrite start command until a timeout occurs.

  If it is determined in step S324 that a timeout has occurred, the process proceeds to step S325, and the rewrite target control device 23 records the rewrite start command reception error in the log recording unit 56, and ends the process.

  On the other hand, if it is determined in step S323 that a rewrite start command has been received, the process proceeds to step S326, and the rewrite target control device 23 enters a rewritable state that shifts to a rewritable state, which will be described later with reference to FIG. Run the migration process.

  Next, in step S327, the rewrite target control device 23 requests the rewrite information storage device 13 to transmit rewrite data.

  In step S328, the rewrite target control device 23 determines whether rewrite data has been received. If it is determined in step S328 that rewrite data has not been received, the process proceeds to step S329 to determine whether a timeout has occurred. If it is determined in step S329 that no timeout has occurred, the process returns to step S328. That is, the rewrite target control device 23 waits for reception of rewrite data until a timeout occurs.

  If it is determined in step S329 that a timeout has occurred, the process proceeds to step S330, the rewrite target control device 23 records the rewrite data reception error in the log recording unit 56, and ends the process.

  On the other hand, if it is determined in step S328 that rewrite data has been received, the process proceeds to step S331, and the rewrite target control device 23 acquires the rewrite data, and rewrites the data in the nonvolatile memory 53 in step S332. Executes a nonvolatile memory rewrite process for rewriting data. Details of the nonvolatile memory rewriting process will be described later with reference to FIG.

  When the nonvolatile memory rewriting process is completed, the rewrite target control device 23 can acquire the rewrite result, and the rewrite target control device 23 transmits a rewrite result notification to the rewrite control device 22 in step S333.

  In step S334, the rewrite target control device 23 activates the updated control program and ends the process.

[Detailed process of rewritable state transition process]
The flowchart of FIG. 19 shows the details of the rewritable state transition process executed as the process of step S326 described above.

  In this process, first, in step S351, the rewrite target control device 23 notifies each control target device in charge of control interruption.

  In step S352, the rewrite target control device 23 determines whether or not there is a response that can be interrupted from each device.

  If it is determined in step S352 that there is a response that cannot be interrupted from at least one device, the process proceeds to step S353, and the rewrite target control device 23 records the control interruption error in the log recording unit 56 and performs processing. Ends.

  On the other hand, if it is determined in step S352 that there is a response that can be interrupted from all the control target devices that the user is responsible for, the process proceeds to step S354, and the rewrite target control device 23 interrupts the control operation. The processing returns to FIG.

[Detailed processing of nonvolatile memory rewrite processing]
The flowchart of FIG. 20 shows details of the nonvolatile memory rewriting process executed as the process of step S332 described above.

  In this process, first, in step S371, the rewrite target control device 23 determines whether or not the rewrite data acquired in step S331 described above includes a nonvolatile memory rewrite execution program.

  If it is determined in step S371 that the nonvolatile memory rewrite execution program is not included, the process proceeds to step S372, and the rewrite target control device 23 rewrites the existing non-volatile memory stored in the non-volatile memory 53. The execution program is loaded into the RAM 54 and activated. That is, the non-volatile memory rewrite execution program can be updated together with the control program for update, but if no update is necessary, the existing non-volatile memory rewrite execution program stored in the non-volatile memory 53 Is activated.

  Note that the non-volatile memory rewrite execution program is not stored in the non-volatile memory 53, is always acquired and loaded from the rewrite information storage device 13, and if the non-volatile memory rewrite execution program cannot be acquired, a data error will occur. You may make it. In this case, the storage area of the nonvolatile memory 53 can be saved.

  On the other hand, if it is determined in step S371 that the nonvolatile memory rewrite execution program is included, the process proceeds to step S373, and the rewrite target control device 23 loads the acquired nonvolatile memory rewrite execution program into the RAM 54. Start up. That is, the acquired nonvolatile memory rewrite execution program is expanded on the RAM 54. Based on the updated nonvolatile memory rewrite execution program, the nonvolatile memory rewrite unit 52 rewrites the following update control program.

  In step S374, the nonvolatile memory rewriting unit 52 of the rewrite target control device 23 erases the data in the update area of the nonvolatile memory 53, that is, the area in which the control program is stored.

  In step S375, the non-volatile memory rewriting unit 52 writes the acquired control program for update into the area where the data in the non-volatile memory 53 is erased, that is, the area where the control program is stored.

  In step S376, the non-volatile memory rewriting unit 52 confirms the writing result of the update control program and determines whether or not the rewriting result is normal.

  If it is determined in step S376 that the rewrite result is not normal, the process proceeds to step S377, and the nonvolatile memory rewrite unit 52 sets the rewrite result as a write error, and the process returns to FIG.

  On the other hand, if it is determined in step S376 that the rewrite result is normal, the process proceeds to step S378, and the nonvolatile memory rewrite unit 52 sets the rewrite result to normal, and the process returns to FIG.

  As described above, when the rewrite target control device 23 receives the rewrite start command from the rewrite control device 22, the rewrite target control device 23 requests the rewrite information storage device 13 for the rewrite data, acquires it, and rewrites it. Therefore, it is not necessary for the rewrite control device 22 to acquire rewrite data from the rewrite information storage device 13 and transfer it to the rewrite target control device 23.

[Overall Processing Flow of Rewrite Information Storage Device 13]
FIG. 21 is a flowchart for explaining the process of the rewrite information storage device 13 in the rewrite process.

  First, in step S401, the rewrite information storage device 13 determines whether or not it is connected to the common communication line 24 of the vehicle 11, and waits until it is determined that it is connected to the common communication line 24.

  If it is determined in step S401 that the connection is made to the common communication line 24, the process proceeds to step S402, and the rewrite information storage device 13 notifies the rewrite control device 22 of the connection.

  Next, in step S403, the rewrite information storage device 13 determines whether a rewrite information type request has been received from the rewrite control device 22, and waits until it is determined that a rewrite information type request has been received.

  If it is determined in step S403 that a rewrite information type request has been received, the process proceeds to step S404, and the rewrite information storage device 13 transmits the rewrite information type to the rewrite control device 22.

  Next, in step S405, the rewrite information storage device 13 determines whether a request for rewrite permission information has been received from the rewrite control device 22, and waits until it is determined that a request for rewrite permission information has been received.

  If it is determined in step S405 that the request for rewrite permission information has been received, the process proceeds to step S406, and the rewrite information storage device 13 stores the rewrite permission information stored therein in advance in the rewrite control device 22. Send.

  Next, in step S407, the rewrite information storage device 13 determines whether a rewrite data transmission request has been received from the rewrite target control device 23, and waits until it is determined that a rewrite data transmission request has been received.

  If it is determined in step S407 that the rewrite data transmission request has been received, the process proceeds to step S408, and the rewrite information storage device 13 transmits the rewrite data transmission request to the rewrite target control device 23. The process ends.

  In the foregoing, the processing when the rewriting processing is viewed for each device of the information processing system 1 has been described.

  Next, a modified example of the above-described rewriting process will be described.

[Example in which the rewrite control device control program is also provided by the rewrite information storage device 13]
In the above-described embodiment, as described with reference to FIG. 6, the nonvolatile memory rewriting unit 52 of the rewrite target control device 23 executes the nonvolatile memory rewriting as the rewriting data. A program and a program executed by the control unit 51 of the rewrite target control device 23, and an update control program are recorded together with the target device identification information.

  The rewrite data stored in the non-volatile memory 62 of the rewrite information storage device 13 is a program for the rewrite control device 22 for controlling the entire rewrite process as shown in FIG. A control program executed by the rewrite control unit 41 may be included.

[Reception Processing of Control Program for Rewrite Control Device 22]
FIG. 23 shows a process of receiving the control program for the rewrite control device by the rewrite control device 22 executed when the control program for the rewrite control device 22 is stored in the nonvolatile memory 62 of the rewrite information storage device 13. It is a flowchart of.

  In this process, first, in step S <b> 421, the rewrite control device 22 requests the rewrite information storage device 13 to transmit a rewrite control device control program via the common communication line 24.

  In step S422, the rewrite control device 22 determines whether or not the rewrite control device control program has been received from the rewrite information storage device 13.

  If it is determined in step S422 that the rewrite control device control program has not been received, the process proceeds to step S423 to determine whether a timeout has occurred. If it is determined in step S423 that no timeout has occurred, the process returns to step S422. That is, the rewrite control device 22 waits for reception of the rewrite control device control program until a timeout occurs.

  If it is determined in step S423 that a timeout has occurred, the process proceeds to step S424, and the rewrite control device 22 records the rewrite control device control program reception error in the log recording unit 44 and ends the process. To do.

  On the other hand, if it is determined in step S422 that the rewrite control device control program has been received, the process proceeds to step S425, and the rewrite control device 22 loads the rewrite control device control program into the RAM 42 and starts it. The process is terminated.

  The rewrite control device control program reception processing by the rewrite control device 22 in FIG. 23 is, for example, in the overall processing flow in FIG. 9, before the processing in step S65, in the processing flow in the rewrite control device 22 in FIG. It can be inserted before the processing of step S128.

  The rewrite control device control program is also stored in the rewrite information storage device 13 and loaded into the RAM 42 and activated only when rewriting processing is performed. Therefore, it is possible to save a storage area such as a ROM (Read Only Memory) for storing the control program for the rewrite control device.

  In addition, the rewrite control device control program stored in the rewrite information storage device 13 is loaded and executed on the security management device 21 or the control device 23 that is not a rewrite target, and the security management device 21 or the rewrite target is used. The control device 23 that is not present may be operated as a rewrite control device. When the security management device 21 is operated as a rewrite control device, there is no need to exchange the security management device 21 and the rewrite control device 22 described with reference to FIG. Therefore, the control program has a simple configuration and the time required for the rewriting process can be shortened.

[Example in which rewrite start operation information is also provided by the rewrite information storage device 13]
In the above-described embodiment, the operation procedure performed in the portable device 12 to start rewriting of the control program is determined in advance, and the user has been described as performing a predetermined rewriting start operation.

  However, the rewrite information storage device 13 stores rewrite start operation definition information which is data defining an operation procedure for starting rewriting of the control program, and the rewrite control device 22 rewrites each time rewrite processing is executed. By providing the start operation definition information, the rewrite start operation can be changed to a desired operation procedure.

  FIG. 24 shows a data example of the rewrite start operation definition information.

  As described in the rewrite operation handling process in FIG. 17, the operations that can be performed by the user regarding the rewrite process are a rewrite start operation, a rewrite end confirmation operation, and a rewrite interruption operation. In the rewrite start operation definition information, an operation procedure is defined for each of these three operations.

  In the rewrite start operation definition information, for example, as shown in FIG. 24, a rewrite in which the position (memory address) of information defining the operations of the rewrite start operation, the rewrite end confirmation operation, and the rewrite interruption operation is recorded. The start operation information position, the rewrite completion confirmation operation information position, and the rewrite interruption operation information position are included.

  Then, following the rewrite start operation information position, the rewrite end confirmation operation information position, and the rewrite interruption operation information position, nine types of operation procedures are registered, the rewrite start operation information position, the rewrite end confirmation operation information position, Each rewrite interruption operation information position is a value indicating one of nine types of operation procedures.

  In the example of FIG. 9, the rewrite start operation information position indicates a position where “long press of the operation button 73A” is registered, and the rewrite start operation is set to “long press of the operation button 73A”. . Similarly, the rewrite end confirmation operation is set to “long press of the operation button 73B”, and the rewrite interruption operation is set to “long press of the operation button 73D”.

  FIG. 25 shows a flowchart of the rewrite start operation definition information receiving process for receiving the rewrite start operation definition information when the rewrite start operation definition information is stored in the rewrite information storage device 13.

  First, in step S441, the rewrite control device 22 requests the rewrite information storage device 13 to transmit rewrite start operation definition information via the common communication line 24.

  In step S442, the rewrite control device 22 determines whether or not the rewrite start operation definition information has been received from the rewrite information storage device 13.

  If it is determined in step S442 that the rewrite start operation definition information has not been received, the process proceeds to step S443 to determine whether a timeout has occurred. If it is determined in step S443 that no timeout has occurred, the process returns to step S442. That is, the rewrite control device 22 waits for reception of rewrite start operation definition information until a timeout occurs.

  If it is determined in step S443 that a timeout has occurred, the process proceeds to step S444, and the rewrite control device 22 records the rewrite start operation definition information reception error in the log recording unit 44 and ends the process. .

  On the other hand, if it is determined in step S442 that the rewrite start operation definition information has been received, the process proceeds to step S445, and the rewrite control device 22 performs the rewrite start operation based on the received rewrite start operation definition information. Set and finish the process.

  This process is performed, for example, before the process of step S74 for requesting the security management device 21 for rewrite start operation information in the overall process flow of FIG. 9, and in the process flow of the rewrite control apparatus 22 of FIG. Can be inserted before. In step S141 in FIG. 9, it is determined whether or not a rewrite start operation has been performed. The rewrite start operation here indicates whether or not the operation set in step S445 has been performed.

  As described above, the rewrite start operation definition information is stored in the rewrite information storage device 13 and transmitted to the rewrite control device 22, whereby the procedure such as the rewrite start operation can be changed after the vehicle 11 is shipped. Therefore, the degree of freedom of work increases, and procedures such as a rewrite start operation are not illegally known.

  In the above-described example, the example in which the rewrite start operation is performed on the portable device 12 has been described. However, the rewrite start operation is performed on an operation unit other than the portable device 12, such as an air conditioning setting unit or an audio device in the vehicle 11. May be performed. In this case, the rewrite start operation is determined by the security management device 21.

[Other Examples of Rewrite Information Storage Device 13]
Next, another example of the rewrite information storage device 13 will be described.

  In the above-described embodiment, as described with reference to FIGS. 5 and 21, the rewrite information storage device 13 has the CPU 111, determines whether the CPU 111 has received a rewrite data transmission request, and the like. Was sent.

  However, the rewrite information storage device 13 may not have a CPU for determining processing, but may simply have a storage area for storing rewrite data.

  FIG. 26 is a block diagram illustrating another example of the rewrite information storage device 13 and an example of the rewrite information storage device 13 that does not include a CPU that performs processing determination.

  In FIG. 26, a memory card (IC card) 101 corresponds to the rewrite information storage device 13.

  The memory card 101 is mounted in the memory card socket 112 of the rewrite information storage device mounting apparatus 102 that includes the CPU 111, the memory card socket 112, and the common communication line connection I / F 113.

  The CPU 111 of the rewrite information storage device 102 plays the same role as the CPU 61 of the rewrite information storage device 13 shown in FIG. 5, and the common communication line connection I / F 113 is common to the rewrite information storage device 13 shown in FIG. It plays the same role as the communication line connection I / F 63.

  In other words, the non-volatile memory 62 of the rewrite information storage device 13 shown in FIG. 5 can be separated as the memory card 101 in FIG. However, normally, a navigation device or an audio device attached to the vehicle 11 can be used as the rewrite information storage device mounting device 102, and the rewrite information storage device mounting device 102 is separately prepared for executing the rewriting process. do not have to.

  FIG. 27 is a block diagram illustrating another example of the rewrite information storage device 13 that is another example of the rewrite information storage device 13 that does not include a CPU that performs processing determination.

  In FIG. 27, the USB memory 121 corresponds to the rewrite information storage device 13.

  The USB memory 121 is attached to the USB connector 132 of the rewrite information storage device attachment device 122 that includes the CPU 131, the USB connector 132, and the common communication line connection I / F 133.

  The CPU 131 of the rewrite information storage device 122 plays the same role as the CPU 61 of the rewrite information storage device 13 shown in FIG. 5, and the common communication line connection I / F 133 is common to the rewrite information storage device 13 shown in FIG. It plays the same role as the communication line connection I / F 63.

  In other words, the nonvolatile memory 62 of the rewrite information storage device 13 shown in FIG. 5 can be separated as the USB memory 121 in FIG. However, normally, a navigation device or an audio device attached to the vehicle 11 can be used as the rewrite information storage device mounting device 122, and the rewrite information storage device mounting device 122 is separately prepared for executing the rewriting process. do not have to.

  26 and 27 are examples of the contact-type rewrite information storage device 13 that is physically connected by a connection terminal. However, the rewrite information storage device 13 that does not have a CPU can rewrite information by wireless communication. The storage device 122 may exchange rewrite data.

  For example, the security management device 21 having wireless communication means (wireless communication unit 34) with the portable device 12 is caused to function as the rewrite information storage device mounting device 102 shown in FIG. 26, and the memory card 101 in FIG. It is also possible to exchange rewrite data by wireless communication with the security management device 21 as the storage device mounting device 102.

  Therefore, communication between the rewrite information storage device 13 and the rewrite target control device 23 and the rewrite control device 22 in the vehicle 11 may be either wireless or wired.

  Each of the security management device 21, the rewrite control device 22, and the rewrite target control device 23 that performs the above-described rewrite processing may be configured as one information processing device.

  In this specification, the steps described in the flowchart are not necessarily processed in chronological order, but are performed in parallel or when they are called in chronological order according to the described order. It may be executed at a necessary timing.

  Further, in this specification, the system represents the entire apparatus constituted by a plurality of apparatuses.

  The embodiments of the present invention are not limited to the above-described embodiments, and various modifications can be made without departing from the scope of the present invention.

DESCRIPTION OF SYMBOLS 1 Information processing system 11 Vehicle 12 Portable machine 13 Rewrite information storage device 21 Security management device 22 Rewrite control device 23-1 thru | or 23-N Control device 24 Common communication line 31 Rewrite control part 32 Security control part 41 Rewrite control part 51 Control part 52 Nonvolatile Memory Rewriting Unit 53 Nonvolatile Memory 61 CPU
62 Nonvolatile memory

Claims (4)

An information processing apparatus mounted on a vehicle,
An unlock control means for receiving an authentication matching result of the portable device and an unlocking operation of the vehicle door, and unlocking the door of the vehicle;
Information storage for detecting whether or not a rewrite information storage device storing an update control program for rewriting the control program in the information processing device is connected within a predetermined time from the unlocking operation of the vehicle door Device connection detection means;
After the connection with the rewrite information storage device is detected within a predetermined time from the unlocking operation of the vehicle door, when the rewrite start operation information is further received from the portable device, it is stored in the information processing device. An information processing apparatus comprising: a rewriting unit that rewrites the control program being updated into the update control program. The information processing apparatus according to claim 1, wherein the rewriting unit does not rewrite when it is detected that ACC is off or IGN is on. An information processing method by an information processing device mounted on a vehicle,
Receiving the authentication match result of the portable device and the unlocking operation of the vehicle door, unlocking the door of the vehicle,
Detecting whether or not a rewrite information storage device storing an update control program for rewriting the control program in the information processing device is connected within a predetermined time from the unlocking operation of the vehicle door;
After the connection with the rewrite information storage device is detected within a predetermined time from the unlocking operation of the vehicle door, when the rewrite start operation information is further received from the portable device, it is stored in the information processing device. An information processing method including a step of rewriting a control program that has been updated to the control program for update. In a computer as an information processing device mounted on a vehicle,
Whether or not a rewrite information storage device storing an update control program for rewriting the control program in the information processing device is connected within a predetermined time from the unlocking operation of the vehicle door after the portable device authentication Detect
After the connection with the rewrite information storage device is detected within a predetermined time from the unlocking operation of the vehicle door, when the rewrite start operation information is further received from the portable device, it is stored in the information processing device. A program for executing a process including a step of rewriting an existing control program into the update control program.

Images