An In-Vehicle Distributed Technique for Remote Programming of Vehicles' Embedded Software

The Engineering Meetings Board has approved this paper for publication. It has successfully completed SAE's peer review process under the supervision of the session organizer. This process requires a minimum of three (3) reviews by industry experts. Positions and opinions advanced in this paper are those of the author(s) and not necessarily those of SAE. The author is solely responsible for the content of the paper. A process is available by which discussions will be printed with the paper if it is published in SAE Transactions. Persons wishing to submit papers to be considered for presentation or publication by SAE should send the manuscript or a 300 word abstract to Secretary, Engineering Meetings Board, SAE. ABSTRACT From time to time vehicles need to have their software modules updated for various reasons, such as the introduction of new features in vehicles, the need for changing the navigation map, the need for fine tuning various features of the vehicles, and many others. The software in a vehicle's electronic control unit (ECU) can be updated either at a service station or remotely via wireless links. Remote software update has many advantages: it can save consumers valuable time by not requiring them to bring their vehicles to service stations; software in multiple vehicles can be updated in parallel to save auto companies time and money; software in all recall vehicles can be updated in a timely manner, and so on. There are two main issues related to the remote software update operation. One issue is the bandwidth required for the update operation, and the other issue is the security of the communication links. In another paper we addressed the security issue of the communication links. The cost of bandwidth can be reduced significantly by taking care of multiple vehicles in parallel (multicast process) rather than taking care of one vehicle at a time (unicast process). We explained the multicast update process in a different paper. Programming an ECU's embedded software requires erasing the ECU's flash memory and then reprogramming the ECU. Erasing the flash memory requires some time, during which the wireless link will remain idle. However, if the wireless link is released while the ECU is erasing its flash memory, then it will take some time to reestablish the link between the vehicle and the remote server. Thus, some bandwidth will be wasted one way or the other. This paper presents an in-vehicle …