JP4533270B2 - Control device for automobile and abnormality monitoring method thereof - Google Patents

Description

The present invention relates to an automobile control device and an abnormality monitoring method configured by a plurality of control units, and in particular, when a control unit in a communication system fails, the failure is detected and failure monitoring is performed to provide fail-safety. The present invention relates to an automobile control device and an abnormality monitoring method.

Conventionally, in an automobile communication system control device composed of a plurality of control units, when an abnormality occurs in each control unit, each control unit itself lights up a warning lamp in hardware and causes a failure to the user. The system is made fail-safe by notifying the fact that the control signal is transmitted to the actuator or by cutting off the power supply to the actuator control unit in hardware. In addition, the abnormality of the communication signal has ensured reliability by configuring a redundant system by combining a specific important control signal with a hardware signal and comparing it with the communication signal.

  As for the monitoring method of the control unit at the level between CPUs, the method shown in Patent Document 1 and the like, and as the backup method, the method shown in Patent Document 2 and the like, and the microcomputer (CPU) of the peripheral IC are used. As a method for monitoring an abnormality, the method disclosed in Patent Document 3 is publicly known.

JP-A-11-190251 JP-A-8-147001 JP 2001-312325 A

  As communication control devices have become widespread in all fields of industry, the opportunities for using devices as distributed control have increased greatly. For example, taking an automobile as an example, a warning provided in a meter for transmitting to a driver that an abnormality has occurred in a certain control unit, even in a conventional communication control system composed of a plurality of control units. The lamp is turned on by each control unit that has caused the abnormality in hardware.

  However, if this changes to the concept of distributed control, the meter unit is incorporated into the communication system, and an abnormal signal is transmitted from the abnormal unit to the meter unit on the communication signal. The meter unit detects the abnormal signal and turns on the warning lamp. Light. Further, in an ACC (Adaptive Cruise Control) system, the ACC control unit does not directly drive the throttle actuator or the brake actuator in a hardware manner to control the vehicle travel, but the engine control unit or the brake control unit respectively. A torque command value and a brake fluid pressure command value are transmitted via a communication bus, and the throttle and brake are driven based on data received by each control unit.

  The problem here is that the communication data exchanged between the constituent units of these communication system control devices is sent and received via the microcomputers in the respective control units. This means that there may be a case where a mode in which an abnormality in the control unit cannot be accurately transmitted to another control unit due to a failure of the unit occurs and the system operates with a control abnormality.

The present invention has been made in view of the above-described problems, and the object of the present invention is to reliably detect the failure in any failure case and allow other control units to detect the presence of the failure unit. is to provide an abnormality monitoring method of a motor vehicle control device and a motor vehicle control device capable of performing fail-safe accurately.

To achieve the above object, an automotive control apparatus according to the present invention is a motor vehicle control device of the distributed control system ing a plurality of control units are communicably connected to the bidirectional by a communications bus, said The control unit operates in accordance with an abnormality detection means that detects an abnormality when an abnormality occurs and generates an abnormality detection signal, and an abnormality detection signal generated by the abnormality detection means, and is transmitted at a transmission cycle defined by the control unit. have a communication signal cutoff means cuts off the transmission of the communication signal including the monitoring data composed of specified data length that, the motor vehicle control device, the reception state of the communication signal at the other control units other than the abnormality detection The communication signal blocking means is configured to detect abnormality of the control unit by the other control unit. By the communication interface of the communication unit of the control unit to the sleep mode, it is characterized by blocking the transmission of the communication signal from the control unit of the abnormality detection.

According to the vehicle control apparatus of the present invention , abnormality detection is performed when abnormality occurs by the abnormality detection means in the control unit, an abnormality detection signal is generated when abnormality is detected, and the communication signal blocking means is operated by this abnormality detection signal. The transmission of the communication signal including the monitoring data having the defined data length transmitted at the transmission cycle defined by the control unit is blocked by the communication signal blocking means. Thereby, the control apparatus for motor vehicles discriminate | determines abnormality occurrence of the said control unit by the said other control unit from the reception state of the said communication signal in control units other than abnormality detection. The communication signal blocking means blocks the transmission of the communication signal from the abnormality detection control unit by setting the communication interface of the communication unit of the abnormality detection control unit to the sleep mode. When transitioning to the sleep mode, the signal output from the control unit is stopped from being placed on the communication bus.

  The control unit in the communication system control device according to the present invention has a main CPU, a monitoring IC for monitoring the operation of the main CPU, and a power supply IC having a function of detecting a constant voltage abnormality, and the abnormality detecting means is the monitoring unit. An IC and the power supply IC are included. In a communication system control device using a CAN (Control Area Network) communication system, the control unit has a CAN controller CPU and a CAN driver as a communication interface.

  In the communication system control device according to the present invention, when an abnormality occurs, the control unit for detecting an abnormality cuts off transmission of a communication signal. The occurrence of an abnormality in the control unit can be identified, and another control unit that has identified the occurrence of the abnormality operates a warning means connected to the control unit to inform the operator of the occurrence of the abnormality, The operation of the actuator to be controlled can be stopped.

The communication signal blocking means in the vehicle control apparatus according to the present invention blocks the communication line, blocks the transmission of the communication signal, blocks the transmission line of the communication unit of the abnormality detection control unit, and communicates the communication interface of the abnormality detection control unit. By shutting off the power supply to the communication unit, the transmission of communication signals from the control unit for detecting an abnormality is cut off.

In order to achieve the above object, an abnormality monitoring method for a vehicle control device according to the present invention is a distributed control system vehicle control device comprising a plurality of control units connected to be able to communicate bidirectionally via a communication bus. In the control unit, the control unit detects an abnormality in the unit , transmits a communication signal including monitoring data having a specified data length transmitted at a specified transmission cycle, and detects the abnormality. The other control unit identifies the occurrence of an abnormality in the control unit from the reception state of the communication signal in the other control unit, and when the abnormality is detected, the communication interface of the communication unit of the control unit that detects the abnormality is set to the sleep mode. It is characterized by blocking the transmission of the communication signal transmitted from the control unit of the abnormality detected by

According to the abnormality monitoring method for an automobile control device according to the present invention, the transmission of the communication signal from the abnormality detection control unit is cut off, and this is recognized from the reception state of the communication signal in the other control unit. The other control unit identifies the occurrence of an abnormality in the control unit, and by setting the communication interface of the communication unit of the abnormality detection control unit to the sleep mode, the transmission of the communication signal from the abnormality detection control unit is blocked.

  According to the communication system control device abnormality monitoring method of the present invention, when an abnormality occurs, the warning means of the control unit that has identified the abnormality occurrence of the control unit is operated to notify the operator, and the abnormality occurrence is identified for failsafe. The operation of the actuator controlled by the controlled unit is stopped.

The abnormality monitoring method for an automotive control device according to the present invention is configured to shut off a communication line when an abnormality is detected, or to interrupt a transmission line of a communication unit of an abnormality detection control unit, or to detect an abnormality when an abnormality is detected. Thus to cut off the power supply to the communication interface of the communication unit of the control unit, to cut off the transmission of the communication signal from the control unit of the abnormality detection.

In the distributed control system using communication as a medium, the present invention can reliably detect the failure in any failure case, and can detect the presence of the failure unit in other units and accurately provide fail-safe. . Then, by setting the communication interface of the communication unit of the abnormality detection control unit to the sleep mode, transmission of communication signals from the abnormality detection control unit is blocked.

DESCRIPTION OF EXEMPLARY EMBODIMENTS Hereinafter, preferred embodiments of the invention will be described with reference to the drawings.
FIG. 1 shows an example of the configuration of a communication system control device for an automobile according to an embodiment of the present invention. The communication system control device has a plurality of control units 10A, 10B to 10N. The control units 10A, 10B to 10N are communicably connected to each other via the communication bus 100, send and receive data to and from each other, and are connected to the outputs of the control units 10A, 10B to 10N, warning lamps 42, The motor 43 and the like are controlled.
In this embodiment, for the sake of explanation, it is assumed that the control unit (unit A) 10A is a failed control unit. Since the control units 10A, 10B to 10N have substantially the same configuration, the control unit 10A will be described here.

  The control unit 10A is connected to the main CPU 11, the monitoring IC 12 that monitors the calculation result of the main CPU 11, the power supply IC 13, the input interface unit 14 that detects the switch signal, the output interface unit 15 that outputs a signal to the actuator 41, and the communication bus 100. And a communication driver 16 for transmitting and receiving communication signals.

  The main CPU 11 includes an input port 17 that inputs a signal from the input interface unit 14, an output port 18 that outputs a signal to the output interface unit 15, a communication port 19 that transmits and receives communication signals to the communication driver 16, and a monitoring IC 12. A parallel port 20 for parallel connection, a P_RUN signal output terminal 21, and a RESET signal input terminal 22.

A three-input AND circuit 30 is provided between the output port 18 of the main CPU 11 and the output interface unit 15. The 3-input AND circuit 30 selectively blocks transmission of the actuator drive signal from the output port 18 to the output interface unit 15.
A communication signal blocking means 31 is provided between the communication port 19 of the main CPU 11 and the communication driver 16. The communication signal blocking means 31 is closed when the output of the 2-input AND circuit 32 is at “H” level, and is opened when it is at “L” level.

  The power supply IC 13 is connected to a constant voltage output terminal 26, a constant voltage abnormality output terminal 27, a P_RUN signal input terminal 28 for inputting a run signal from the P_RUN signal output terminal 21 of the main CPU 11, and a RESET signal input terminal 22 of the main CPU 11. A RESET signal output terminal 29 for outputting a reset signal is provided. The run signal output from the main CPU 11 is monitored, and when an abnormality is confirmed, a reset signal is output from the RESET signal output terminal 29 to the main CPU 11 and is sent to the main CPU 11. Apply a reset.

  When the output of the constant voltage abnormality output terminal 27 (constant voltage abnormality output signal) of the power supply IC 13 is input to the 3-input AND circuit 30 and the 2-input AND circuit 32, the output constant voltage of the power supply IC 13 becomes an abnormal value. In this case, the operations of the main CPU 11 and the monitoring IC 12 become unstable and there is a possibility that a normal determination operation cannot be obtained. Therefore, the abnormality detection signal changes from “H” level to “L” level.

  As a result, when the output constant voltage of the power supply IC 13 becomes an abnormal value, a signal input from the main CPU 11 to the output interface unit 15 to drive the actuator 41 is transmitted by the 3-input AND circuit 30 and the communication driver. The signal from the communication port 19 input to 16 is blocked by the signal blocking means 31 to make it fail-safe.

  The monitoring IC 12 includes a parallel port 23 for parallel connection with the main CPU 11, a P_RUN signal input terminal 24 for inputting a run signal from the P_RUN signal output terminal 21 of the main CPU 11, and a system for outputting a system shut signal as an abnormality detection signal. And a shut signal output terminal 25.

  In the monitoring IC 12, the system shut signal at the system shut signal output terminal 25 is input to the 3-input AND circuit 30 and the 2-input AND circuit 32, and the run signal is input from the main CPU 11 to the P_RUN signal input terminal 24. When the operation result of the register is compared and an abnormality is recognized, the system shut signal (abnormality detection signal) is lowered from the “H” level to the “L” level.

  Thus, when an abnormality is recognized by the monitoring IC 12, a signal input from the main CPU 11 to the output interface unit 15 to drive the actuator 41 is input to the communication driver 13 through the three-input AND circuit 30. The signal from 19 is blocked by the signal blocking means 31 to make it fail-safe.

  Here, an operation in which a communication signal is interrupted by a constant voltage abnormality signal or a system shut signal output from the power supply IC 13 or the monitoring IC 12, and the other control units 10B, 10C, etc. detect this and perform a fail-safe operation. 2 and FIG.

FIG. 2 shows an example of communication data transmitted and received by the communication control system shown in FIG. Each communication data is provided with a unique ID number, and a data length, a transmission cycle, and a transmission / reception unit are defined for each communication data.
It is assumed that 4-bit data of data ID 123 is transmitted from the control unit (unit A) 10A to the control unit (unit B) 10B and the control unit (unit C) 10C. When this is viewed from the control units 10B and 10C side, the data of the data ID 123 is updated every 4 bits at a cycle of 100 ms and monitored by the control units 10B and 10C.

  Assume that the constant voltage output deviates from the specified value and the constant voltage abnormality output becomes “L” due to the abnormality of the power supply IC 13. Then, even if the control signal input from the main CPU 11 of the control unit 10A to the output interface unit 15 of the unit A is under control of the output port 18 and is “H”, the output of the output interface unit 15 is 3 Since the input logical product circuit 30 takes the product logic with the constant voltage abnormality output from the power supply IC 13, the control signal is cut off and the operation of the actuator 41 is stopped.

  Similarly, the communication signal blocking means 31 is also blocked by a logical product by the two-input circuit 32 when the constant voltage abnormality output signal of the power supply IC 13 becomes “L”. No communication signal is transmitted at all. Then, the control units 10B, 10C... 10N cannot recognize the data with the data ID 123 at all.

  The control unit 10B repeatedly executes the unit B / fail-safe processing routine as shown in FIG. 3 with a predetermined time period. In this fail safe processing routine, it is determined whether or not the data of ID123 is updated according to a preset communication cycle (step S11).

  As a means for determining whether or not the data has been updated, the data counter is incremented for each reception cycle, and the data is monitored for determination, or the prescribed data is calculated (for example, added) for each communication cycle. In general, a method of determining whether or not a predetermined calculation value (addition value) is obtained in a certain cycle is used.

In the data update determination, if the data has been updated normally (Yes at Step S11), a process of turning off the warning lamp 42 or turning off the warning lamp 42 is executed (Step S12).
On the other hand, if there is an abnormality in the data update (No at Step S11), the warning lamp 42 is turned on (Step S13), and the driver (operator) is notified of the abnormality by turning on the warning lamp 42.

  Similarly, the control unit 10C repeatedly executes the unit C fail-safe processing routine as shown in FIG. 4 with a predetermined time period, and the ID 123 data is updated according to a preset communication period. It is determined whether or not there is (step S21).

  In the data update determination, if the data is updated normally (Yes at Step S21), the drive of the motor 43 is permitted (Step S22). If there is an abnormality in the data update (No at Step S21), the drive of the motor 43 is performed. Is prohibited, the motor 43 is forcibly stopped (step S23), and fail safe is applied.

As described above, in the communication control system, when an abnormality occurs, the transmission data of the control unit on the control signal transmission side (for example, the control unit 10A) that is the source of the abnormality is blocked by the communication signal blocking means 31, and The control unit (for example, the control units 10B and 10C) detects that the data update has been blocked. Thereby, fail-safe operation can be performed reliably.
What is important when blocking communication is that the blocking logic on the blocking side must be fixed on the recessive side so as not to block communication between other units.

  Next, some embodiments of the communication signal blocking means 31 satisfying this will be described with reference to FIGS. Hereinafter, the control unit in which an abnormality has occurred is referred to as an abnormal unit 50, and the other control units are referred to as other units 90.

  FIG. 5 is a first example of the present embodiment. Among communication protocols, in a CAN (Control Area Network) communication system that is spreading in the industry including automobiles, a CAN controller CPU 51 and a communication interface are used. The embodiment of the type which interrupts | blocks the line between the certain CAN drivers 52 is shown. The CAN controller CPU 51 and the CAN driver 52 are connected by serial communication lines CAN-Rx and CAN-Tx.

In the abnormality unit 50, when the failure determination means 53 detects a constant voltage abnormality, a system shut signal, or another abnormality signal, the failure determination means 53 outputs an "H" level failure detection signal (FAIL signal).
Then, by the switching operation of the transistor switching circuit 54, the serial communication line CAN-Tx output from the CAN controller 51 and connected to the CAN driver 52 is fixed to “L” level, and the CAN driver 52 always outputs no signal. It becomes a state. This state is detected by the other unit 90 connected on the communication bus (CAN bus) 100, and fail safe is executed.

  The other unit 90 also includes a CAN controller CPU 91 and a CAN driver 92, and the CAN driver 52 of the abnormal unit 50 and the CAN driver 92 of the other unit 90 are connected to each other by CAN-H terminals and CAN-L terminals.

When the CAN driver 52 of the abnormal unit 50 is always in the no-signal output state, the other unit 90 lights the warning lamp 96 connected to the output interface unit 95 of the own unit.
In this embodiment, it is possible to configure a circuit for blocking communication inside the unit without using an expensive device such as a high-side driver, so that the cost is not increased significantly.

The second embodiment shown in FIG. 6 has a high side driver 55 provided in the power supply circuit of the CAN driver 52 of the abnormal unit 50, and the high side driver 55 supplies the power of the CAN driver 52 (constant voltage Vcc). ).
Also in this embodiment, when the failure determination unit 53 detects a constant voltage abnormality, a system shut signal, or another abnormality signal in the abnormality unit 50, the failure determination unit 53 outputs an "H" level failure detection signal.

  Then, the state of the high side driver 55 that supplies power to the CAN driver 52 is changed by the switching operation of the transistor switching circuit 54, the power supply to the CAN driver 52 is stopped, and the CAN driver 52 is always in a no-signal output state. Become. This state is detected by another unit 90 connected on the communication bus 100, and fail-safe is executed as in the first embodiment of FIG.

  In this embodiment, the CAN driver 52 is disconnected by the high-side driver 55 instead of the line disconnection between the CAN controller CPU 51 and the CAN driver 52. However, although the cost is high, the CAN controller CPU 51 and the CAN driver 52 It is no longer necessary to insert a resistor or the like in the serial communication line between the terminals, and the design matters are not changed due to a communication speed delay or the like. This embodiment corresponds to high-grade specifications for high-speed communication.

  The third example shown in FIG. 7 is an embodiment in which the communication bus (CAN bus) 100 is disconnected outside the abnormal unit 50. In this embodiment, a relay switch 61 is provided on the communication bus 100. The relay switch 61 opens and closes when the transistor switching circuit 54 of the abnormal unit 50 is turned on / off.

Also in this embodiment, when the failure determination unit 53 detects a constant voltage abnormality, a system shut signal, or another abnormality signal in the abnormality unit 50, the failure determination unit 53 outputs an "H" level failure detection signal.
Then, by the switching operation of the transistor switching circuit 54, the relay switch 61 on the communication bus 100 connected from the CAN driver 52 to the other unit 90 outside the unit is opened, and the communication bus 100 is cut off by the relay switch 61.

As a result, there is no transmission data from the abnormal unit 50 on the communication bus 100, and a no-signal output state occurs. This state is detected by the other unit 90 connected on the communication bus 100, and fail-safe is executed as in the embodiment of FIG.
In this embodiment, since the relay switch 61 is added outside the unit, the existing control unit is used and the unit itself is not required to be redesigned.

  In the fourth embodiment shown in FIG. 8, the bias line b of the switching transistor 57 in the output stage of the CAN-Tx register 56 of the CAN controller CPU 51 ′ is independently brought out of the CPU package, and the bias line is supplied by the switching circuit 54. Control the voltage of b.

Also in this embodiment, when the failure determination unit 53 detects a constant voltage abnormality, a system shut signal, or another abnormality signal in the abnormality unit 50, the failure determination unit 53 outputs an "H" level failure detection signal.
Then, the bias operation to the output stage of the CAN-Tx register 56 built in the CAN controller CPU 51 ′ is cut off by the switching operation of the transistor switching circuit 54, and the CAN driver 52 is always in a no-signal output state. This state is detected by the other unit 90 connected on the communication bus 100, and fail-safe is executed as in the embodiment of FIG.
In this embodiment, the CAN controller CPU 51 'merely pulls out the bias line b of the output stage of the CAN-Tx register 56 to the outside, and no other devices or parts are required, so that the cost is not increased.

  The fifth example shown in FIG. 9 is an embodiment using a CAN driver 52 ′ incorporating a sleep / standby function. As is well known, the sleep / standby function is a system that is originally in a state where the system is stopped and various data such as data on the RAM are stored and the system is started again with the data. This function is set to reduce power consumption.

When the sleep / standby terminal becomes L level, the CAN driver 52 ′ enters the sleep / standby mode, stops outputting any data on the CAN bus (communication bus 100), and reads data from the CAN controller CPU 51. (Reading data on the CAN bus) only.
High / low of the sleep / standby terminal of the CAN driver 52 ′ is performed by the transistor switching circuit 54.

In the abnormality unit 50, when the failure determination means 53 detects a constant voltage abnormality, a system shut signal, and other abnormality signals, and the failure determination means 53 outputs a "H" level failure detection signal, the switching operation of the transistor switching circuit 54 is performed. As a result, the sleep / standby terminal of the CAN driver 52 ′ becomes L level. As a result, the CAN driver 52 ′ transitions to the sleep / standby mode, and stops loading the CAN-Rx signal output from the CAN controller CPU 51 onto the communication bus 100. Therefore, there is no transmission data from the abnormal unit 50 on the communication bus 100, and a no-signal output state occurs. This state is detected by the other unit 90 connected on the communication bus 100, and fail-safe is executed as in the embodiment of FIG.
In this embodiment, the existing CAN driver 52 ′ with a built-in sleep / standby function can be used, and no other devices or parts are required, so that the cost is not increased.

  As mentioned above, although one embodiment (5 examples) of the present invention was explained in full detail, the present invention is not limited to the above-mentioned embodiment, and is in the range which does not deviate from the spirit of the present invention described in the claim. Various changes can be made in the design.

1 is a schematic block diagram showing an embodiment of a communication system control device according to the present invention. The data table for description of the communication system control apparatus regarding one Embodiment of this invention. The flowchart of the fail safe process of the communication type | system | group control apparatus regarding one Embodiment of this invention. The flowchart of the fail safe process of the communication type | system | group control apparatus regarding one Embodiment of this invention. 1 is a schematic block diagram illustrating a first example of an embodiment of a communication system control device according to the present invention. The schematic block diagram which shows one Embodiment (2nd Example) of the communication type | system | group control apparatus by this invention. The schematic block diagram which shows one Embodiment (3rd Example) of the communication type | system | group control apparatus by this invention. The schematic block diagram which shows one Embodiment (4th Example) of the communication type | system | group control apparatus by this invention. The schematic block diagram which shows one Embodiment (5th Example) of the communication type | system | group control apparatus by this invention.

Explanation of symbols

10A, 10B, 10N ... control unit, 11 ... main CPU, 12 ... monitoring IC, 13 ... power supply IC, 16 ... communication driver, 31 ... communication signal blocking means, 41 ... 1 actuator, 42 ... warning lamp, 43 ... motor, 50: Abnormal unit, 51, 51 '... CAN controller CPU, 52, 52' ... CAN driver, 53 ... Fail judging means, 54 ... Transistor switching circuit, 55 ... High side driver, 61 ... Relay switch, 90 ... Other unit, 91 ... CAN controller CPU, 92 ... CAN driver, 96 ... warning lamp

Claims (5)

A vehicle control device for a distributed control system composed of a plurality of control units connected so as to be capable of two-way communication via a communication bus,
Each control unit is
An abnormality detection means for detecting an abnormality when an abnormality occurs in its own control unit and generating an abnormality detection signal;
Operated by the abnormality detection signal generated by the abnormality detecting means, the transmission of the communication signal including the monitoring data composed of specified data length is transmitted at the transmission cycle defined by its control unit to another control unit A communication signal blocking means for blocking;
A first actuator operation stop means that operates according to the abnormality detection signal generated by the abnormality detection means, and that interrupts the output of the drive signal to the actuator connected to its own control unit to stop the operation of the actuator; ,
The reception state of the communication signals from other control units, and the abnormality occurrence identifying means for identifying the occurrence of abnormality in the other control units,
When the abnormality occurrence identifying means identifies the occurrence of an abnormality in the other control unit, the output of the drive signal to the actuator connected to its own control unit is interrupted to stop the operation of the actuator. An actuator operation stop means,
The abnormality detection means has a monitoring IC for monitoring the operation of the main CPU of its own control unit, and a power supply IC having a function of detecting a constant voltage abnormality,
It said communication signal cutoff means, self control units distributed control system automotive control device, characterized by blocking the transmission of the communication signal by transitioning the communication interface of the communication unit in the sleep mode. The first actuator operation stop means has a logic circuit that blocks the output of the actuator drive signal from the main CPU based on at least one of an abnormality detection signal from the monitoring IC and an abnormality detection signal from the power supply IC. And
The communication signal blocking means includes a logic circuit that causes the communication interface to transition to a sleep mode based on at least one of an abnormality detection signal from the monitoring IC and an abnormality detection signal from the power supply IC. 2. A control apparatus for an automobile having a distributed control system according to 1. 3. The distributed control system according to claim 2 , wherein each control unit performs communication using a CAN communication system , and has a CAN controller CPU and a CAN driver as a communication interface . Automotive control device. 4. The distributed control system automotive control device according to claim 1 , wherein the abnormality occurrence identification unit includes a warning unit. 5. Characterized in that said communication signal cutoff means, it shifts the communication interface of the communication unit of the own control unit to the sleep mode, or by blocking the power supply to the communication interface, to block the transmission of the communication signal The automobile control device for a distributed control system according to any one of claims 1 to 4 .

Images