KR20240006878A - A vehicle network separation system and network separation method with external network blocking module - Google Patents

Abstract

A network separation system according to an embodiment of the present invention includes an electronic control module that controls the operation of the engine provided in the vehicle using electronic information transmitted by the engine sensor; a communication control module that controls communication between the electronic control module and an external network; a connection control module that controls a connection between the electronic control module and the communication control module to enable communication; and a trigger module for changing the operation mode of the connection control module. It includes, when in connected mode, the connection control module connects the external network and the electronic control module to enable communication through the communication control module, and when in blocking mode, communication between the communication control module and the external network is not possible. You can block it.

Description

Vehicle network separation system and network separation method equipped with external network blocking module {A VEHICLE NETWORK SEPARATION SYSTEM AND NETWORK SEPARATION METHOD WITH EXTERNAL NETWORK BLOCKING MODULE}

The present invention relates to a vehicle network separation system and network separation method equipped with a blocking module capable of blocking the vehicle's internal network and external network.

Cars are now becoming not just simple transportation devices but also a living space. Accordingly, automobile-related technological innovation is also rapidly evolving. Recently, automobile manufacturers are aiming to transform their launch lineup of electrified and internal combustion engine vehicles into connected cars.

In addition, a global forum is being held to resolve the climate crisis, and countries around the world are aiming to realize a carbon-neutral vision for an inclusive green recovery.

Accordingly, in order to reduce the exhaust gases produced by internal combustion engine vehicles, which generate power by exploding fuel in the engine, hybrid vehicles and now electric vehicles are attracting attention.

To realize the vision of carbon neutrality, various industries are making efforts to preserve the environment, and the automobile industry is also introducing eco-friendly vehicles with new technologies for the environment, such as electric vehicles and hydrogen electric vehicles. In addition, electric and hydrogen electric vehicles are introducing various smart technologies in addition to being eco-friendly.

A connected car, which means “connected car,” refers to a vehicle that connects information and communication technology and the car to enable two-way Internet and mobile Internet. Other vehicles or transportation and communication infrastructure can remotely connect to the car wirelessly to turn the engine on and off, and run the heater and navigation.

In addition, by connecting to the Internet network, e-mail, multimedia streaming, social network services (SNS), etc. can be provided, and information such as weather and news can be received in real time.

The connected car technologies announced in the Korea Information and Communication Society paper are as follows.

1. Entertainment - Provides entertainment features to the driver and passengers

2. Vehicle management - Functions that support drivers to reduce driving costs and increase convenience of use

3. Mobile management - features that help drivers reach their destination quickly and safely

4. Safety - A function that informs the driver of dangers outside and inside the car.

5. Driver assistance - full or partial autonomous driving function

6. Well-being – providing driver comfort

In addition, the global self-driving car market size is expected to increase from approximately KRW 8.5 trillion in 2020 to approximately KRW 1,334 trillion in 2035, and in Korea, it will increase from approximately KRW 150.9 billion to approximately KRW 26.1794 trillion during the same period, with an annual average of KRW 40 trillion. It is expected to show % growth.

However, because these connected cars are connected through a network, security issues regarding hacking may arise. For example, in 2015 in the United States, hackers demonstrated that they could hack a car located several kilometers away and manipulate it at will, and the hacking could cause loss of vehicle control, threatening the lives of passengers or violating privacy by leaking personal information. may occur.

Accordingly, various efforts are being made to solve the above-mentioned safety problem. In addition to the function of informing the driver of external and internal dangers in the car, connected cars use networks. Currently, Korea regulates data collection and use by broadly defining the scope, including personal location information, in accordance with the Personal Information Protection Act. I'm doing it.

However, when an external threat element intervenes during real-time communication, the external threat element can intervene from the outside of the car to the main module through the network, causing a problem that can immediately cause an accident involving the driver's life.

The present invention is intended to solve the above-mentioned problems, and seeks to provide a vehicle network separation system and network separation method equipped with an external network blocking module.

However, the technical challenges that this embodiment aims to achieve are not limited to the technical challenges described above, and other technical challenges may exist.

A network separation system according to an embodiment of the present invention includes an electronic control module that controls the operation of the engine provided in the vehicle using electronic information transmitted by the engine sensor; a communication control module that controls communication between the electronic control module and an external network; a connection control module that controls a connection between the electronic control module and the communication control module to enable communication; and a trigger module for changing the operation mode of the connection control module. It may include, when in a connected mode, the connection control module can connect the external network and the electronic control module to enable communication through the communication control module, and when in a blocking mode, the communication control module and the external network can be blocked from communicating.

In addition, the trigger module may be installed inside the vehicle and may be provided with a hardware switch unit that changes the operation mode of the connection control module by moving its position by an external force applied.

In addition, the network separation system includes an infotainment module installed inside the vehicle; The trigger module may be displayed in the form of an icon on the display unit of the infotainment module, and may further include a software switch unit that is activated by an external force to change the operation mode of the connection control module. You can.

Additionally, the trigger module can cause the connection control module to operate in a blocking mode when in an active mode, and can cause the connection control module to operate in a connected mode when it is in an inactive mode.

In addition, the trigger module may be changed to the active mode when an external force is applied in the inactive mode state, and if an external force is applied to the trigger module in the inactive mode state but a predetermined condition is satisfied, The inactive mode can be maintained.

Additionally, the predetermined condition may be a condition in which the speed of the vehicle is faster than the predetermined speed by a reference speed or a condition in which the movement of the vehicle's steering device differs by more than the reference movement compared to the movement of the predetermined steering device.

Additionally, when a predetermined emergency condition is satisfied, an emergency control module that physically blocks the connection between the electronic control module and the communication control module; It may further include, and the emergency control module may damage the communication control module to block the connection between the external network and the electronic control module.

In addition, the emergency control module includes an external force application unit that generates an electric signal by moving its position due to an acting external force, and a signal confirmation unit that checks whether a predetermined condition is satisfied based on the electric signal input by the external force application unit. and a current supply unit that supplies overcurrent to a power cutoff device provided in the communication control module according to the decision of the signal confirmation unit, and the predetermined emergency condition may be a condition in which the signal confirmation unit confirms a predetermined electric signal. there is.

In addition, the external force application unit may include an external force main body disposed inside the vehicle and a sign unit indicating a pattern of the predetermined electric signal in the external force main body.

In addition, the communication control module includes an unauthorized network detection module that detects abnormal access from an external network and notifies the driver; It may further include, wherein the electronic control module includes a notification module that detects abnormal operation of the engine provided in the vehicle and notifies the driver; may be further provided, and the predetermined emergency condition may be a condition of receiving an abnormal signal from the unauthorized network detection module or an abnormal signal from the notification module.

In addition, the communication control module includes a data transmission direction module capable of blocking the network according to the data transmission direction; It may be further provided, and in the inbound mode, the data transmission direction module ensures that data is transmitted only from the inside of the vehicle to the external network, and in the outbound mode, the data is transmitted only from the external network to the inside of the vehicle. You can.

A network separation method according to an embodiment of the present invention, comprising: a user applying an external force to a trigger module; Transmitting electronic information from the vehicle speed module and steering module to a condition determination module; checking whether the transmitted electronic information satisfies a predetermined condition set in the condition determination module; and changing the mode of the connection control module when the predetermined condition is not satisfied. It may include, if the predetermined condition is satisfied, notifying the user of an alarm; Changing the mode of the connection control module by the user reapplying an external force to the trigger module; and not changing the mode of the connection control module when the user does not re-apply an external force to the trigger module. may further include.

Additionally, a step of the user inputting a predetermined electrical signal to an external force application unit provided in the emergency control module;

Checking whether the electrical signal stored in the signal confirmation unit matches the electrical signal input by the user; When the electrical signals match, supplying overcurrent from a current supply unit provided in the emergency control module to a power cutoff device provided in the communication control module to cut off power to the communication control module; If the electrical signals match, initializing the electronic control module; and changing the connection control module to a blocking mode; It may include a step of not operating the emergency control module when the electrical signals do not match; may further include.

The vehicle network separation system and network separation method equipped with an external network blocking module according to the present invention maintains the integrity and stability of the vehicle by preventing external threats from accessing the internal network from the external network.

Additionally, it enables normal operation of electronic control modules related to vehicle driving and safety.

Additionally, when the driver loses control of the vehicle due to an external threat, the emergency control module can be activated to block the external network and provide a safe driving environment to the driver.

However, the effects of the present invention are not limited to the effects described above, and effects not mentioned can be clearly understood by those skilled in the art from this specification and the attached drawings.

1 is a network separation system according to an embodiment of the present invention.
Figure 2 is a conceptual diagram of a network separation system according to an embodiment of the present invention.
Figure 3 is a configuration diagram of a network separation system according to an embodiment of the present invention.
Figure 4 shows an emergency module control module provided by a network separation system according to an embodiment of the present invention.
Figure 5 is an operation diagram of a network separation system according to an embodiment of the present invention.
Figure 6 is an operation diagram of an emergency control module provided in a network separation system according to an embodiment of the invention.

Hereinafter, specific embodiments of the present invention will be described in detail with reference to the drawings. However, the spirit of the present invention is not limited to the presented embodiments, and those skilled in the art who understand the spirit of the present invention may add, change, or delete other components within the scope of the same spirit, or create other degenerative inventions or this invention. Other embodiments that are included within the scope of the invention can be easily proposed, but this will also be said to be included within the scope of the invention of the present application.

In addition, components having the same function within the scope of the same idea shown in the drawings of each embodiment will be described using the same reference numerals.

Figure 1 is a network separation system according to an embodiment of the present invention, Figure 2 is a conceptual diagram of a network separation system according to an embodiment of the present invention, and Figure 3 is a network separation system according to an embodiment of the present invention. This is the configuration diagram of the system.

Referring to Figures 1 to 3, the network separation system 10 according to an embodiment of the present invention includes a communication control module 400 that controls communication between the vehicle and an external network, and electronic data transmitted by the institution's sensor. An electronic control module 300 that uses information to control the operation of the engine provided in the vehicle, a connection control module 100 that controls the connection so that the electronic control module and the communication control module can communicate, and the connection control It may include a trigger module 200 to change the operation mode of the module.

In addition, the network separation system 10 may further include an emergency control module 700 capable of physically blocking the connection between the electronic control module and the communication control module.

In addition, the network separation system 10 includes an infotainment module 500 that can be installed inside the vehicle and shows a software switch unit that changes the operation mode of the connection control module by changing the icon state by an external force applied. More may be included.

Additionally, the network separation system 10 may further include a TCU module 600 capable of exchanging information through connection to an external network.

The network separation system 10 can communicate information with the vehicle's internal and external networks through a network.

Here, the network referred to in the present invention may be a core network integrated with a wired public network, a wireless mobile communication network, or a mobile Internet, etc., and may include TCP/IP protocol and various services existing at its upper layer, that is, HTTP (Hyper Text Transfer Protocol). ), HTTPS (Hyper Text Transfer Protocol Secure), Telnet, FTP (File Transfer Protocol), DNS (Domain Name System), and SMTP (Simple Mail Transfer Protocol). It is not limited to these examples, but can comprehensively mean a data communication network that can transmit and receive data in various forms.

The trigger module 200 is a hardware switch that changes the operation mode of the connection control module 100 by being moved by an external force installed inside the vehicle and on the display unit of the infotainment module 500 installed inside the vehicle. A software switch may be provided to change the operation mode of the connection control module 100 by changing the status of the icon by an external force applied in the form of an icon.

In addition, the trigger module 200 can cause the connection control module 100 to operate in a blocking mode when in an active mode, and allow the connection control module 100 to operate in a connected mode when it is in an inactive mode. .

Additionally, the trigger module 200 can change from the default inactive mode to the active mode, and can maintain the inactive mode when a predetermined condition is satisfied.

The above-mentioned predetermined condition may be a condition in which the predetermined speed and the speed of the vehicle differ by more than a reference speed, or the predetermined movement of the steering device and the movement of the vehicle's steering device differ by more than a standard movement.

In addition, the external force applied may mean that the user, the driver or passenger, manipulates the trigger module 200, may press the hardware switch, or may mean touching the icon that is the software switch.

The connection control module 100 can be connected to the trigger module 200 and can be configured into a connection mode and a blocking mode depending on the mode of the trigger module 200.

In the connection mode, the trigger module 200 may be in an inactive mode, and the external network and the electronic control module 300 may be communicatively connected through the communication control module 400.

When in the blocking mode, the trigger module 200 may be in an active mode and may disable communication between the communication control module 400 and the external network.

Additionally, the connection control module 100 may set the connection mode as the default.

The electronic control module 300 can control the operation of the engine provided in the vehicle using electronic information about the operating state of the engine transmitted by the sensor of the engine provided in the vehicle, and the vehicle speed module 310 , it may be provided with a steering device module 320, a notification module 330, a transmission/reception module 340, a condition judgment module 350, and an initialization module 360.

The electronic control module 300 may be connected to the communication control module 400 through the network.

The vehicle speed module 310 can receive the speed of the vehicle as electronic information, and transmit the received electronic information to the condition judgment module 350 using the transmission and reception module 340.

The speed of the vehicle may be measured as the rotational speed of the tires provided by the vehicle, and may mean that the vehicle is moving forward.

The steering device module 320 can receive the movement of the steering device provided by the vehicle as electronic information, and transmit the received electronic information to the condition judgment module 350 using the transmission and reception module 340. there is.

The steering device may be a device that allows the driver to arbitrarily change the direction of travel of the vehicle, and may be a device composed of a steering handle and a steering shaft that transmits the driver's steering force to the gear device.

Additionally, the steering device can rotate left and right, the left direction can be counterclockwise, and the right direction can be clockwise.

Additionally, movement of the steering device may mean that the steering device rotates in the left and right directions.

The notification module 330 collects information on the state of the engine transmitted through sensors provided in the electronic control devices of individual engines included in the vehicle and notifies the driver of the state of the engine, and can notify the driver of the state of the engine and abnormalities of the engine. It can detect motion and notify the driver.

Additionally, when the notification module 330 detects abnormal operation of the engine, the notification module 330 may transmit an abnormal signal to the signal confirmation unit 720.

The electronic control device of the above-mentioned engine may mean engine control, transmission control unit, vehicle body stability control (ESC), airbag control, tire pressure management (TPMS), etc.

Additionally, the abnormal operation of the engine may mean the operation of the engine that does not correspond to the user's operation of the vehicle.

For example, if the user presses the accelerator button more deeply, but the engine does not start to accelerate, the engine can be said to be operating abnormally.

The status of the individual organs may be displayed on the display unit of the infotainment module 500 and on the instrument panel of the vehicle.

Additionally, when an abnormal operation is detected, it may be displayed on the display unit of the infotainment module 500 and the instrument panel of the vehicle.

The transmitting and receiving module 340 is connected to the transmitting and receiving module 420 provided by the communication control module 400 and the network to transmit and receive information, and the electronic control module 300 is provided with the electronic device of the individual organization. Signals can be transmitted and received.

In addition, the transmitting and receiving module 340 is a communication module, and the communication module includes a cellular module, WiFi module, Bluetooth module, GNSS module, NFC module, RF module, 5G module, LTE module, NB-IOT module and/or LoRa module. It can be included.

However, it is not limited to this, and the modules included in the communication module can be changed in various ways at a level that is obvious to those skilled in the art.

The condition determination module 350 can determine whether to operate the trigger module 200 by comparing the above-mentioned predetermined conditions with the electronic signals transmitted by the vehicle speed module 310 and the steering module 320. .

The predetermined condition corresponding to the vehicle speed module 310 may be a condition in which the vehicle's speed is different from the predetermined speed by more than a reference speed, specifically, a faster condition.

The predetermined speed may be based on the speed limit determined for each road.

For example, the reference speed may be a value corresponding to 20% of a predetermined speed.

However, it is not limited to this, and the ratio that serves as a standard for calculating the reference speed can be modified in various ways at a level that is obvious to those skilled in the art.

For example, the road may be a residential area, a general road, a high-speed road, a highway, etc., and the speed limit set for each road may be determined by the Road Traffic Act.

Additionally, when the speed limit set by the Road Traffic Act is changed, the predetermined conditions may be changed by the change.

Specifically, when the vehicle is driven more than 20% above the speed limit of the road on which it is traveling, the trigger module 200 may not change from the inactive mode to the active mode even if the trigger module 200 is operated. .

The predetermined condition corresponding to the steering device module 320 may be a condition in which the motion of the steering device differs from the predetermined motion of the steering device by more than a reference motion.

The predetermined movement of the steering device can be calculated according to the movement path of the vehicle moving along the lane.

For example, a predetermined movement of the steering device may mean a rotation angle of the steering device.

For example, the reference movement may be an angle corresponding to 20% of the predetermined movement of the steering device.

However, it is not limited to this, and the ratio that serves as a standard for calculating the reference movement can be modified in various ways at a level that is obvious to those skilled in the art.

When an external force is applied to the trigger module 200 while the predetermined condition is satisfied, a warning notification is displayed on the display unit of the infotainment module 500 while the trigger module 200 is maintained in an inactive mode. It can be.

For example, the warning notification may be a notification message to the effect that the semi-autonomous driving mode is not provided.

The user can apply external force to the trigger module 200 again while recognizing the message displayed on the display unit of the infotainment module 500, which causes the trigger module 200 to change from the inactive mode to the active mode. It can be.

When the emergency control module 700 provided in the network separation system 10 is activated, the initialization module 360 sets the preset setting value so that the electronic control module 300 can be driven at the time of vehicle delivery. It can be initialized to the initial setting value.

When the emergency control module is activated, an external threat may intrude into the electronic control module 300 via the communication control module 400 through an external network.

When an external threat intrudes into the electronic control module 300, the driver of the vehicle may lose control of the electronic control module 300 related to driving and safety of the vehicle.

The communication control module 400 can control communication between the vehicle and an external network, and includes a protocol selection module 410, a transmission/reception module 420, a power cutoff device 430, a data transmission direction selection module 440, and an unauthorized network. A detection module 450 may be provided.

The protocol selection module 410 can select a specific protocol to connect or block the inside of the vehicle and the external network.

The protocol selection module 410 can connect an external network connected to the inside of the vehicle with a specific protocol selected by the user, and by selecting and connecting the specific protocol, the user can block external networks not selected, Through the above blocking, threats from external networks and user privacy can be protected.

The above-mentioned privacy may refer to contact information, email, and SNS information stored in the user's mobile device connected to the vehicle, and the mobile device includes a smart phone, laptop, tablet PC, PDA, and smart watch. , portable game console, digital camera, digital video camera, portable media player, e-book reader, pager, personal navigation device, etc.

In addition, the above-described protocol is a communication rule used by a communication system to exchange data, and based on the OSI 7-layer model, the protocols performed at each layer can be considered independent of each other.

The protocol selection module 410 can be selected by the driver and/or passenger manipulating the icon shown on the display unit of the infotainment module 500 to select a desired protocol.

However, it is not limited to this, and the type of protocol selected by the protocol selection module 440 can be changed in various ways as is obvious to those skilled in the art.

The transmitting and receiving module 420 can enable communication between the vehicle and an external network through connection to an external network, and is connected to the transmitting and receiving module 340 provided in the electronic control module 300 and the network to transmit information. Can send and receive.

In addition, the transmitting and receiving module 420 is a communication module, and the communication module includes a cellular module, WiFi module, Bluetooth module, GNSS module, NFC module, RF module, 5G module, LTE module, NB-IOT module and/or LoRa module. It can be included.

However, it is not limited to this, and the modules included in the communication module can be changed in various ways at a level that is obvious to those skilled in the art.

If overcurrent is supplied to the power cutoff device 430, the power cutoff device 430 may be damaged and power to the communication control module 400 may be cut off.

Additionally, the power cutoff device 430 may be a device that can be automatically damaged by overload current, and the device may be a fuse that can be easily replaced later.

Additionally, the power cutoff device 430 may be a low-voltage fuse capable of applying up to 1.1 times the rated current or a high-voltage fuse capable of applying up to 1.3 times the rated current.

By blocking the power of the communication control module 400 by the power cutoff device 430, the electronic control module 300 can be effectively protected from external threats in the event of an external hacking threat.

However, it is not limited to this, and the power cutoff device 430 can be changed in various ways at a level that is obvious to a person skilled in the art.

The data transmission direction selection module 440 can block the connection between the vehicle and an external network according to the data transmission direction.

Additionally, the data transmission direction selection module 440 may be configured in inbound mode and outbound mode.

In the inbound mode, the data transmission direction selection module 440 can transmit data only from the vehicle's internal network to the external network.

Additionally, in the outbound mode, the data transmission direction selection module 440 can transmit data only from the external network to the vehicle network direction. Data transmission between the vehicle and the external network may default to two-way transmission. In the inbound mode, the outbound mode direction may be blocked, and in the outbound mode, the inbound mode direction may be blocked.

Each mode of the data transmission direction selection module can be activated or deactivated by pressing a button inside the vehicle.

The unauthorized network detection module 450 can detect abnormal access from an external network and notify the driver.

Abnormal access to the external network may mean illegal access by an unauthorized external network and data that affects the operation of the vehicle as a threat to the external network.

Additionally, the detected abnormal approach may be displayed on the display unit of the infotainment module 500 and on an instrument panel located within the driver's field of view.

When the unauthorized network detection module 450 detects abnormal network access, the unauthorized network detection module 450 may transmit an abnormal signal to the signal verification unit 720.

The display unit of the infotainment module 500 may display the data transmission direction selected by the data transmission direction selection module 440, and may display a notification of an abnormal external network approach detected by the unauthorized network detection module 450. Users can be notified via

Additionally, the infotainment module 500 can provide entertainment functions such as movies, games, TV, SNS, navigation, and various services linked to mobile devices.

The TCU module 600 can exchange information through connection to an external network, send and receive e-mail within the vehicle, and use an Auto PC that can search various information through the Internet. You can. In addition, the user can remotely diagnose the vehicle through the network, use various information such as traffic and daily life information and emergency rescue using the auto PC equipped with a wireless modem, and make calls and messages to the office and acquaintances. You can.

Additionally, the infotainment module 500 and the TCU module 600 may be connected to the communication control module 400 using a network.

Figure 4 shows the emergency control module 700 provided in the network separation system 10 according to an embodiment of the present invention.

Referring to FIG. 4, the emergency control module 700 physically blocks the connection between the electronic control module 300 and the communication control module 400 in an emergency situation, that is, when a predetermined emergency condition is satisfied. It may include an external force application unit 710, a signal confirmation unit 720, and a current supply unit 730.

The emergency situation may be a situation where a threat element accesses through an external network and the user loses control of the vehicle, or the user's privacy is leaked.

The above threat may be abnormal access from an unauthorized network from an external network.

Additionally, a situation in which control of the vehicle is lost may be a state in which an external threat abnormally approaches through an external network and intrudes into the electronic control module 300 of the vehicle, preventing the user from arbitrarily operating the vehicle.

Additionally, the electronic control module 300 may malfunction, preventing the user from arbitrarily operating the vehicle.

In an emergency situation, predetermined emergency conditions may be satisfied.

The predetermined emergency condition may be a condition in which the signal confirmation unit 720 confirms a predetermined electrical signal.

The predetermined emergency condition may further include a condition for receiving an abnormal signal from the unauthorized network detection module 450 or an abnormal signal from the notification module 330.

Predetermined electrical signals can be distinguished based on the number of electrical signals and the length and length of the electrical signals.

For example, the number of electrical signals may refer to the number of electrical signals generated within a certain time.

For example, the length of an electrical signal can be divided into short or long. An electrical signal that lasts less than a predetermined time can be defined as short, and an electrical signal that lasts longer than a predetermined time can be defined as long.

As a specific example, for explanation purposes, 'ㆍ' may be referred to as a short electrical signal, and '-' may be referred to as a long electrical signal.

For example, the predetermined electrical signal may be '- - - ㆍ ㆍ'. However, it is not limited to this, and specific signals defined as predetermined electrical signals can be modified in various ways at a level that is obvious to those skilled in the art.

The external force applicator 710 may generate an electrical signal by moving its position due to an external force acting on it.

The external force may be an act of the user pressing the external force application unit 710.

Due to the above action, the external force application unit 710 may generate an electrical signal, and the electrical signal may be transmitted to the signal confirmation unit 720.

The external force application unit 710 may include an external force main body disposed inside the vehicle and a code unit representing a pattern of the predetermined electric signal in the external force main body.

The sign portion is displayed engraved or protruding on the upper surface of the external force main body, so that after the user views the external force main body, an external force can be applied to the external force main body to generate a predetermined electrical signal.

For example, if the predetermined electrical signal is '- - - ㆍ ㆍ', information '- - - ㆍ ㆍ' may be engraved or protruded on the upper surface of the external force main body.

For example, in order to prevent malfunction, the emergency control module 700 can be operated only when an electrical signal corresponding to a predetermined electrical signal in the signal confirmation unit 720 is applied to the external force application unit 710.

The signal confirmation unit 720 may check whether the electrical signal transmitted by the external force application unit 710 matches the electrical signal predetermined in the signal confirmation unit 720.

For example, a predetermined electrical signal may be stored in the signal confirmation unit 720 at the time the vehicle is shipped.

The signal confirmation unit 720 may not be connected to the vehicle's internal network and external network.

The signal confirmation unit 720 determines whether a predetermined emergency condition is satisfied, and if the predetermined emergency condition is satisfied, it may transmit a signal related to the overcurrent supply decision to the current supply unit 730.

An electrical signal that can correspond to the signal input to the external force application unit 710 can be set in advance.

The signal confirmation unit 720 may include internal memory and/or external memory.

For example, internal memory may include volatile memory (e.g., DRAM, SRAM, or SDRAM), non-volatile memory (e.g., one time programmable ROM (OTPROM), PROM, EPROM, EEPROM, mask ROM, flash ROM, flash memory, hard memory, etc. may include at least one of a drive, or solid state drive (SSD)

External memory may be a flash drive, such as compact flash (CF), secure digital (SD), Micro-SD, Mini-SD, extreme digital (xD), multi-media card (MMC), or memory stick. It may include etc.

The current supply unit 730 may supply overcurrent to the power cutoff device 430 provided in the communication control module 400.

Additionally, the current supply unit 730 may be connected to the signal confirmation unit 720 and the power cutoff device 430.

In addition, when the signal of the external force application unit 710 applied to the signal confirmation unit 720 matches the electrical signal stored in the signal confirmation unit 720, the current supply unit 730 is connected to the signal confirmation unit 720. Overcurrent can be supplied to the power cutoff device 730 by receiving a signal from.

The current supply unit 730 can supply a current greater than the rated current capacity allowed by the power cutoff device 430.

However, it is not limited to this, and the power cutoff device 430 allows the? And the size of the current supplied by the current supply unit 730 can be changed in various ways at a level that is obvious to those skilled in the art.

For this purpose, a separate battery module may be installed in the current supply unit 730.

Hereinafter, the operation process of the network separation system will be described in detail.

Hereinafter, detailed description may be omitted to the extent that it overlaps with the above-described content.

Figure 5 is an operation diagram of a network separation system according to an embodiment of the present invention, and Figure 6 is an operation diagram of an emergency control module provided in the network separation system according to an embodiment of the invention.

In the attached drawings, in order to more clearly express the technical idea of the present invention, components that are unrelated or less relevant to the technical idea of the present invention are briefly expressed or omitted.

In the above, the configuration and features of the present invention have been described based on the embodiments according to the present invention, but the present invention is not limited thereto, and various changes or modifications may be made within the spirit and scope of the present invention. It is obvious to those skilled in the art, and therefore, it is stated that such changes or modifications fall within the scope of the appended patent claims.

10: Network separation system 100: Connection control module
200: trigger module 300: electronic control module
400: Communication control module 500: Infotainment module
600: TCU module 700: Emergency control module

Claims (13)

an electronic control module that controls the operation of the engine provided in the vehicle using electronic information transmitted from the engine sensor;
a communication control module that controls communication between the electronic control module and an external network;
a connection control module that controls a connection between the electronic control module and the communication control module to enable communication; and
a trigger module for changing the operation mode of the connection control module; Including,
The connection control module is,
In the connected mode, the external network and the electronic control module are communicatively connected through the communication control module, and in the blocking mode, the communication control module and the external network are blocked from being communicable,
Network separation system.
According to clause 1,
The trigger module is,
Installed inside the vehicle,
Equipped with a hardware switch unit that changes the operation mode of the connection control module by being moved in position by an external force applied,
Network separation system.
According to clause 2,
Infotainment module installed inside the vehicle; It further includes,
The trigger module is,
Further comprising a software switch unit displayed in the form of an icon on the display unit of the infotainment module and activated by an applied external force to change the operation mode of the connection control module,
Network separation system.
According to any one of paragraphs 2 and 3,
The trigger module is,
When in active mode, the connection control module is operated in blocking mode,
When in inactive mode, the connection control module operates in connected mode,
Network separation system.
According to clause 4,
The trigger module is,
When an external force is applied to the trigger module in the inactive mode, the trigger module changes to the active mode,
The trigger module maintains the inactive mode when an external force is applied in the inactive mode but a predetermined condition is satisfied,
Network separation system.
According to clause 5,
The predetermined conditions are,
A condition in which the speed of the vehicle is faster than the predetermined speed or the reference speed or the movement of the vehicle's steering device differs by more than the reference movement compared to the movement of the predetermined steering device,
Network separation system.
According to clause 6,
An emergency control module that physically blocks the connection between the electronic control module and the communication control module when a predetermined emergency condition is satisfied; It further includes,
The emergency control module is,
Damaging the communication control module to block the connection between the electronic control module and an external network,
Network separation system.
In clause 7,
The emergency control module is,
An external force application unit that generates an electrical signal by being moved in position by an acting external force, a signal confirmation unit that checks whether a predetermined condition is satisfied based on the electric signal input by the external force application unit, and the decision of the signal confirmation unit. Equipped with a current supply unit that supplies overcurrent to the power cutoff device provided by the communication control module,
The predetermined emergency conditions are:
Conditions for the signal confirmation unit to confirm a predetermined electrical signal,
Network separation system.
According to clause 8,
The external force application unit,
Equipped with an external force main body disposed inside the vehicle and a code portion representing a pattern of the predetermined electric signal in the external force main body,
Network separation system.
According to clause 8,
The communication control module is,
An unauthorized network detection module that detects abnormal access from an external network and notifies the driver; It is further provided with,
The electronic control module is,
a notification module that detects abnormal operation of the engine provided in the vehicle and notifies the driver; Further comprising,
The predetermined emergency conditions are:
Further comprising the condition of receiving an abnormal signal from the unauthorized network detection module or an abnormal signal from the notification module,
Network separation system.
According to clause 1,
The communication control module is,
Data transmission direction module, which can block the network according to the data transmission direction; It is further provided with,
The data transmission direction module,
In inbound mode, data is transmitted only from the inside of the vehicle to the external network, and in outbound mode, data is transmitted only from the external network to the inside of the vehicle.
Network separation system.
In the network separation method using a network separation system,
A user applying an external force to the trigger module;
Transmitting electronic information from the vehicle speed module and steering module to a condition determination module;
checking whether the transmitted electronic information satisfies a predetermined condition set in the condition determination module; and
If the predetermined condition is not satisfied, changing the mode of the connection control module; Including,
If the predetermined condition is satisfied, notifying the user of an alarm;
Changing the mode of the connection control module by the user reapplying an external force to the trigger module; and
Not changing the mode of the connection control module when the user does not re-apply an external force to the trigger module; Containing more,
Network separation method.
According to clause 12,
A user inputting a predetermined electrical signal to an external force application unit provided in the emergency control module;
Checking whether the electrical signal stored in the signal confirmation unit matches the electrical signal input by the user;
When the electrical signals match, supplying overcurrent from a current supply unit provided in the emergency control module to a power cutoff device provided in the communication control module to cut off power to the communication control module;
If the electrical signals match, initializing the electronic control module; and
Changing the connection control module to a blocking mode; Including,
If the electrical signals do not match, the emergency control module does not operate; Containing more,
Network separation method.