JP7235791B2 - Battery exchange device, control method and program for battery exchange device - Google Patents

Description

The present invention relates to a battery exchange device, a control method for a battery exchange device, and a program.

Patent Literature 1 describes a battery management system that allows the battery exchange service to continue at the battery exchange when the battery exchange goes offline due to a network failure or the like. In the technique described in Patent Document 1, since the battery pack being rented is associated with the user of the lending destination, it is only necessary to register the user information in the battery pack that is rented out first, and user authentication is performed in the battery exchange. no need to do Further, in the technology described in Patent Document 1, when the battery exchanger is online, the management server updates the lending order list each time the battery is replaced based on the return lending list received from the battery exchanger. It is updated and sent to the battery exchanger.

In addition, in the technology described in Patent Document 1, when the battery exchanger is offline, the return lending list cannot be transmitted. Each time, the lending order of the battery pack is moved up and the battery pack to be paid out is set. When the communication between the battery exchanger and the management server is restored, the battery exchanger transmits a return lending list to the management server, and the management server checks the borrowed battery packs and lending destination users based on the received return lending list. Update the management information that associates with.

By the way, Patent Literature 1 does not describe how user authentication is performed when the battery exchanger is online and when the battery exchanger is offline. If the user authentication performed when the battery exchanger is online and the user authentication performed when the battery exchanger is offline are the same, the user authentication performed when the battery exchanger is offline (for example, a disaster when the battery changer is online, the battery pack can only be used by a user who can use it when the battery exchanger is online. In the event of a disaster, it would be desirable for the battery pack to be used by users other than those who can use the battery pack while the battery exchanger is online.

In addition, a battery exchange service that has been equipped with a detachable battery unit and enables replacement of a low battery unit with a charged battery unit at the battery station to realize long continuous driving. It has been known. In the battery exchange service, the battery station and the management server work together to manage the rental of the battery through communication. be.

WO2019/163682

However, with the conventional technology, only users who have used the battery exchange service in the past can use it, so there is a problem that people who need energy cannot use it when they need it, such as during a disaster. Thus, the conventional technology limits the availability of removable batteries.

SUMMARY OF THE INVENTION It is an object of the present invention to provide a battery exchange device, a control method for the battery exchange device, and a program that can expand the availability of removable batteries. one.

A battery exchange device, a control method for a battery exchange device, and a program according to the present invention employ the following configurations.
(1): A battery exchange device according to an aspect of the present invention is a battery exchange device that includes an authentication processing unit and dispenses a detachable battery to a user on condition that the authentication processing unit succeeds in authentication, The authentication processing unit normally enters a first state in which authentication is performed by a first authentication method, and when a predetermined event occurs, enters a second state in which authentication is performed by a second authentication method having an authentication level lower than that of the first authentication method. It is a transition.

(2): In the aspect of (1) above, the predetermined event is a disaster, further comprising a detection unit for detecting the occurrence of the disaster, and the authentication processing unit detects the occurrence of the disaster by the detection unit. In this case, the state is shifted to the second state.

(3): In the aspect (1) or (2) above, the second authentication method is an authentication method using biometric information of the user.

(4): In the aspect of (3) above, the biometric information is face image information or fingerprint information of the user.

(5): In any one of the aspects (1) to (4) above, the second authentication method uses information that can be acquired using short-range wireless communication with a mobile terminal device owned by the user. authentication method.

(6): In any one of the aspects (1) to (5) above, the device further comprises a notification unit that notifies the mobile terminal device of the user that the battery exchange device is in the second state. be.

(7): In any one of the above aspects (1) to (6), the writing unit writes the user's personal information to the removable battery when the removable battery is dispensed in the second state. is further provided.

(8): In the aspect of (7) above, the personal information is information acquired for authentication by the second authentication method.

(9): In any one of the aspects (1) to (8) above, in the second state, the authentication processing unit receives information acquired from the different user for authentication by the second authentication method. and if there is overlap, the detachable battery is not handed out to the user.

(10): In a control method for a battery exchange device according to another aspect of the present invention, a computer installed in a battery exchange device dispenses a detachable battery to a user on condition that authentication is successful, and normally, the first A first state in which authentication is performed by the authentication method is entered, and when a predetermined event occurs, a transition is made to a second state in which authentication is performed by a second authentication method having a lower authentication level than the first authentication method.

(11): A program according to another aspect of the present invention causes a computer installed in a battery exchange device to dispense a detachable battery to a user on the condition that authentication succeeds, and normally, the first authentication method is used. A first state for authentication is made, and when a predetermined event occurs, a transition is made to a second state for authentication by a second authentication method having a lower authentication level than the first authentication method.

According to the aspects (1), (10), and (11), when the predetermined event occurs, the detachable battery is authenticated by the second authentication method with a low authentication level, and the state is shifted to the second state in which the detachable battery is discharged. It can expand the availability of electric batteries.

According to the aspect (2), since the state is shifted to the second state in the event of a disaster when the need for using the removable battery increases, it is possible to further effectively expand the availability of the removable battery.

According to aspects (3) and (4), convenience can be enhanced by using biometric information that does not need to be prepared in advance in the second authentication method.

According to the aspect (5), in the second authentication method, convenience can be improved by using a portable terminal device that many users probably have.

According to the aspect (6), since the user is notified that the removable battery can be used relatively easily, it is possible to more effectively expand the availability of the removable battery.

According to aspects (7) and (8), since the personal information of the user of the removable battery is written in the removable battery and the removable battery is discharged, the removable battery discharged with authentication at a low authentication level users can be reliably identified later.

According to the aspect (9), repeated payouts by the same user can be suppressed.

3 is a diagram showing an example of a usage environment of the battery exchange device 200; FIG. 1 is a diagram showing an example of a configuration of an electric vehicle 10; FIG. 1 is a diagram showing an example of a configuration of a removable battery 100; FIG. 1 is a diagram showing an example of a configuration of a battery exchange device 200; FIG. 3 is a diagram showing an example of a configuration of a management server 300; FIG. 3 is a diagram showing an example of contents of a user information management table 362. FIG. FIG. 13 is a diagram showing an example of the contents of a battery exchange device state table 364; FIG. FIG. 10 is a flowchart for explaining the flow of processing executed by the battery exchange device 200 when the first example of the second authentication processing is adopted; FIG. FIG. 10 is a flowchart for explaining the flow of processing executed by the battery exchange device 200 when a second example of the second authentication processing is adopted; FIG. 10 is a flowchart for explaining the flow of processing executed by the battery exchange device 200, reflecting option processing 1; 10 is a flowchart for explaining the flow of processing executed by the battery exchange device 200, reflecting option processing 2;

Embodiments of a battery exchange device, a control method for a battery exchange device, and a program according to the present invention will be described below with reference to the drawings.

[overall structure]
FIG. 1 is a diagram showing an example of the usage environment of the battery exchange device 200. As shown in FIG. Battery exchange device 200 is connected to network NW. A management server 300 and a terminal device 400 are also connected to the network NW. The network NW includes, for example, the Internet, cellular network, Wi-Fi network, WAN (Wide Area Network), LAN (Local Area Network), Bluetooth (registered trademark), and the like. The terminal device 400 may be a mobile terminal device such as a smart phone or a tablet terminal, a stationary computer, or one included in the battery exchange device 200 . Hereinafter, each component will be described in order.

The battery exchange device 200 is a device that charges and exchanges the removable battery 100 that is the driving source of the electric vehicle 10 . The battery exchange device 200 may also discharge the detachable battery 100 for system linkage or the like. A plurality of battery exchange devices 200 each having four slots 210 (two of them 200-1 and 200-2 in the figure) are arranged and used, for example. This form is just an example. In the following description, when the battery exchange device 200-1 and the battery exchange device 200-2 are not distinguished from each other, the symbols following the hyphen are omitted. Battery exchange device 200 includes slot 210 and shutter device 220 .

Slot 210 is a mechanism for receiving and charging removable battery 100 . The slot 210 is formed in any shape, such as a concave portion into which the removable battery 100 is inserted, a dish-like shape in which the removable battery 100 is placed, or the like. Although one set of battery exchange devices 200 is shown in the figure, a plurality of such sets may be present. Slot 210 may be provided with a light 212 to indicate the presence of removable battery 100 to be removed by the user.

The shutter device 220 incorporates, for example, a linear motor mechanism, and drives the shutter 222 in the D direction in the figure. As a result, the shutter device 220 switches between a state in which the shutter 222 partially or entirely covers the slot 210 and a state in which the slot 210 is exposed. Below, the state of covering is sometimes expressed as "closed" and the state of being exposed is sometimes expressed as "open." The form of the shutter device 220 is not limited to this, and any shutter device having similar functions may be used. In the example of FIG. 1, the shutter device 220 of the battery exchange device 200-1 is in an exposed state, and the shutter device 222 of the battery exchange device 200-2 is in a state where the shutter 222 entirely covers the slot 210. FIG. It is preferable that the shutter 222 blocks the slot 210 from the outside air with a certain degree of airtightness in the covered state, because it can prevent the entry of dust and theft.

[Electric vehicle 10]
FIG. 2 is a diagram showing an example of the configuration of the electric vehicle 10. As shown in FIG. The electric vehicle 10 is a vehicle in which a detachable battery 100 is detachable. The electric vehicle 10 is, for example, a straddle-type vehicle that runs with the driving force of an electric motor driven by electric power supplied from a power storage unit 120 (described later) of the detachable battery 100 . The electric vehicle 10 is not limited to a saddle-ride type vehicle, and may be a vehicle of another type such as a four-wheel vehicle. Although FIG. 2 shows that the electric vehicle 10 is capable of mounting two removable batteries 100 , the electric vehicle 10 may be capable of mounting any number of removable batteries 100 . Also, the electric vehicle 10 may be, for example, a hybrid electric vehicle that runs by being driven by a combination of the removable battery 100 and an internal combustion engine such as a diesel engine or a gasoline engine.

The electric vehicle 10 includes, for example, a battery connection unit 12, a vehicle control unit 14, a driving force output device 16, a vehicle sensor 18, an HMI (Human Machine Interface) 20, and an electric vehicle GNSS (Global Navigation Satellite System). and a receiver 22 .

The battery connection portion 12 is electrically connected to a connection portion 150 (described later) of the removable battery 100 when the removable battery 100 is attached to the electric vehicle 10 . The battery connection unit 12 is, for example, a connection terminal (battery terminal) of a power line for receiving power supply from the removable battery 100, or a communication line for performing data communication between the removable battery 100 and the vehicle control unit 14. connection terminals, etc.

The vehicle control unit 14 acquires a measurement result from the vehicle sensor 18, and acquires a value (SOC: State Of Charge) representing the state of charge of the power storage unit 120 from a BMU (Battery Management Unit) 110 (described later) of the removable battery 100. and acquires the position of the electric vehicle 10 from the GNSS receiver 22 . Based on the acquired data, the vehicle control unit 14 controls the driving force output device 16 according to the operation of an operator (not shown) or by autonomous traveling. The vehicle control unit 14 may transmit the position information of the electric vehicle 10 acquired from the GNSS receiver 22 to the removable battery 100 via the battery connection unit 12 .

The driving force output device 16 includes, for example, an electric motor, an inverter, and an ECU (Electronic Control Unit) that controls the inverter. The ECU controls the power supplied from the removable battery 100 to the electric motor, for example, by controlling the inverter. Thereby, the ECU controls the driving force (torque) that the electric motor outputs to the driving wheels. Further, the driving force output device 16 operates the electric motor as a regenerative brake, converts the braking energy of the driving wheels into electrical energy, and can charge the removable battery 100 .

The vehicle sensor 18 includes a speed sensor, an acceleration sensor, a rotational speed sensor, an odometer, and various other sensors mounted on the electric vehicle 10 . Vehicle sensor 18 outputs the measurement result to vehicle control unit 14 .

The HMI 20 outputs various types of information to the user of the electric vehicle 10 and accepts input operations by the occupant. The HMI 20 includes, for example, a HUD (Head Up Display), various display devices such as a meter display unit (a touch panel may be used), a speaker, and the like.

The GNSS receiver 22 measures the position of the electric vehicle 10 based on radio waves coming from GNSS satellites such as GPS satellites.

[Removable battery 100]
FIG. 3 is a diagram showing an example of the configuration of the removable battery 100. As shown in FIG. Removable battery 100 includes, for example, BMU 110 , power storage unit 120 , measurement sensor 130 , storage unit 140 , and connection unit 150 .

BMU 110 performs control of charging and discharging of power storage unit 120, cell balancing, detection of abnormality in power storage unit 120, derivation of cell temperature of power storage unit 120, derivation of charge/discharge current of power storage unit 120, estimation of SOC of power storage unit 120, and the like. I do. BMU 110 causes storage unit 140 to store, as battery state information, abnormality or failure of power storage unit 120 ascertained based on the measurement result of measurement sensor 130 .

The power storage unit 120 is, for example, an assembled battery in which a plurality of cells are connected in series. A single battery that constitutes the power storage unit 120 is, for example, a lithium-ion secondary battery (LIB), a nickel-metal hydride battery, an all-solid battery, or the like.

Measurement sensor 130 is a voltage sensor, a current sensor, a temperature sensor, or the like for measuring the state of charge of power storage unit 120 . The measurement sensor 130 outputs measurement results such as measured voltage, current, and temperature to the BMU 110 .

The storage unit 140 (memory) includes, for example, a non-volatile storage device such as flash memory (including devices such as NV-RAM that retain information by internal power supply). Storage unit 140 stores battery state information. Also, the storage unit 140 may store a battery ID assigned to the removable battery 100 . Further, the recognition information acquired from the electric vehicle 10 may be stored in the storage unit 140 . The recognition information is the number of removable batteries 100 mounted on the electric vehicle 10, that is, "the number of removable batteries 100 returned when the user returns the removable batteries 100 to the battery exchange device 200." ” is recognizable information. The recognition information may directly indicate the number of removable batteries 100 or may be vehicle type information of the electric vehicle 10 . Further, the recognition information may be the vehicle ID of the electric vehicle 10 or may be user identification information (user ID). In addition, personal information of the user of the removable battery 100 may be written in the storage unit 140 .

The connection portion 150 is electrically connected to the battery connection portion 12 when the removable battery 100 is attached to the electric vehicle 10 . In addition, when the removable battery 100 is accommodated in the slot 210 of the battery exchange device 200, the connection unit 150 is electrically connected to the battery exchange device 200, receives power supply from the battery exchange device 200, and operates as a power storage unit. Charge 120. The connection portion 150 includes, for example, a connection terminal (battery terminal) for a power line, a connection terminal for a communication line, and the like so as to correspond to the battery connection portion 12 and the connection portion 240 (described later).

[Battery exchange device 200]
FIG. 4 is a diagram showing an example of the configuration of the battery exchange device 200. As shown in FIG. Battery exchange device 200 includes, in addition to slot 210 and shutter device 220 shown in FIG. 270, a writing unit 290, and a display unit 295 (indicated by reference numerals “295-1” and “295-2” in FIG. 1).

The processing unit 270 includes, for example, an upload unit 272, a charging control unit 274, an authentication processing unit 276, a notification unit 278, and a control unit 280. The authentication processing section 276 may include a detection section 276A. These functional units are realized, for example, by a hardware processor such as a CPU (Central Processing Unit) executing a program (software). Further, some or all of the functions may be realized by hardware such as LSI (Large Scale Integration), ASIC (Application Specific Integrated Circuit), FPGA (Field-Programmable Gate Array), GPU (Graphics Processing Unit). Alternatively, it may be implemented by cooperation of software and hardware. The program is stored in a non-primary storage medium such as flash memory or HDD (Hard Disk Drive). Each unit of the processing unit 270 writes the processing result to a storage unit (storage device, storage medium) such as a random access memory (RAM), flash memory, register, HDD, etc., and performs processing while referring to the written information.

The lock unit 230 can switch each of the plurality of removable batteries 100 mounted in the plurality of slots 210 between a dispensable (removable) state and a dispensable (removable) state. In other words, the lock unit 230 switches between a state in which the removable battery 100 can be dispensed (dischargeable state) and a state in which the detachable battery 100 cannot be dispensed (discharge-impossible state). For example, the lock portion 230 has a claw portion that can be engaged with a concave portion of the removable battery 100, and the above function is achieved by driving the claw portion.

A connecting portion 240 is provided at the bottom of each of the plurality of slots 210 . Connecting portion 240 is electrically connected to connecting portion 150 of removable battery 100 when removable battery 100 is attached to slot 210 . The connection unit 240 performs, for example, a power line connection terminal (battery terminal) for supplying power to the removable battery 100, and data communication (for example, serial communication) between the removable battery 100 and the vehicle control unit 14. Includes connection terminals for communication lines, etc. The connection unit 240 may acquire the recognition information from the storage unit 140 of the removable battery 100 via the connection terminal of the communication line, and output it to the processing unit 270 (control unit 280). A lock portion 230 and a connection portion 240 are provided for each slot 210 .

Charging portion 242 is connected to power storage portion 120 of removable battery 100 via connecting portion 240 . The charging portion 242 may be provided for each of the plurality of connection portions 240 or may be provided as a common configuration for the plurality of connection portions 240 . A power supply (not shown) for supplying power to power storage unit 120 is connected to charging unit 242 . The power supply is, for example, a commercial power supply. Charging unit 242 converts the power supplied from the power source into direct current and supplies the direct current to power storage unit 120 . That is, the charging section 242 charges the removable battery 100 .

The reading unit 250 reads authentication information and other information from a user card, which is an example of a medium held by a user. Authentication information includes, for example, a user ID. The user card is, for example, a contactless IC card. Alternatively, the user card may be a contact IC card. Also, the medium owned by the user may be an electronic device such as a smart phone. Further, the mode in which the reading unit 250 acquires the authentication information is not limited to acquiring the authentication information through communication, and may be a mode in which information is optically read from a code image such as a QR code (registered trademark). Alternatively, the user-specific information may be read by various biometric authentications. The reading unit 250 may acquire the above-described recognition information in addition to the authentication information, and output it to the processing unit 270 (control unit 280). The contents of the recognition information are also as described above.

Further, the reading unit 250 may optically read the biological information of the user of the removable battery 100, for example. The biometric information of the user of the removable battery 100 read by the reading unit 250 includes, for example, facial image information and fingerprint information of the user of the removable battery 100 . The biometric information of the user of the removable battery 100 read by the reading unit 250 is used for authentication (described later) by a second authentication method performed by the authentication processing unit 276 .

In addition, the communication unit 260 performs near-field wireless communication with a medium owned by the user of the removable battery 100 (for example, a mobile terminal device such as the smartphone described above), so that the communication unit 260 can use the removable battery 100. Predetermined information may be acquired from a medium owned by the user. Short-range wireless communication performed by the communication unit 260 and a medium owned by the user of the removable battery 100 includes, for example, RF-ID (Radio Frequency Identification), DSRC (Dedicated Short Range Communications), and NFC (Near Field Communication). , Bluetooth, UWB (Ultra Wide Band), ZigBee (registered trademark), and the like. The predetermined information that the communication unit 260 acquires from the medium owned by the user of the removable battery 100 through short-range wireless communication between the communication unit 260 and the medium owned by the user of the removable battery 100 includes: , for example, information registered as registration information in an application (for example, an application that gives the medium an electronic money payment function) installed on the medium (for example, a mobile terminal device), the phone of the medium (for example, a mobile terminal device) number, MAC (Media Access Control) address of the medium, personal information other than biometric information of the owner of the medium (user of the removable battery 100), and the like. The personal information other than the biometric information of the user of the removable battery 100 includes, for example, the user's name, date of birth, contact information (address, e-mail address, etc.), place of work, and the like. The predetermined information acquired by the communication unit 260 is used for authentication (described later) by the second authentication method performed by the authentication processing unit 276 in the event of a disaster in which the level of authentication is lower than normal.

The communication unit 260 communicates with the management server 300 via the network NW, and performs short-range wireless communication with a medium owned by the user of the removable battery 100 .

For example, the upload unit 272 of the processing unit 270 counts the number of detachable batteries 100 (the number of charged batteries) that have completed charging (or have been charged to a desired SOC) at an arbitrary timing, and counts the number of batteries together with the device ID. Send to the management server 300 . The arbitrary timing is, for example, the timing when the number of charged batteries changes.

Charging control unit 274 controls charging unit 242 to charge power storage unit 120 based on the SOC of power storage unit 120 and the like obtained from removable battery 100 via a signal line. The SOC of power storage unit 120 is, for example, sequentially transmitted to charging control unit 274 , and charging control unit 274 outputs the battery ID and SOC of removable battery 100 to upload unit 272 in association with each other.

The authentication processing unit 276 performs authentication by the first authentication method during normal times (when no disaster has occurred). The first authentication method is, for example, instructing the communication unit 260 to transmit the user ID read by the reading unit 250 to the management server 300, and receiving a message from the management server 300 via the communication unit 260 that the authentication information is correct. This is a method of judging that the authentication is successful when the information of When the authentication is successful, the authentication processing unit 276 outputs information to the effect that the authentication is successful to the control unit 280 . When control unit 280 acquires information indicating that the authentication has succeeded, control unit 280 switches from a state in which detachable battery 100 cannot be dispensed (discharge disabled state) to a state in which detachable battery 100 can be dispensed (discharge enabled state). Note that the flow of authentication by such a first authentication method is merely an example, and different forms of authentication may be performed as the first authentication process.

Further, when a predetermined event occurs, the authentication processing unit 276 shifts to a second state in which authentication is performed by a second authentication method having a lower authentication level than the first authentication method. A predetermined event is, for example, a disaster such as a natural disaster or a power outage. "Lower authentication level than the first authentication method" means, for example, an authentication method that omits communication with the management server 300, and is an authentication method that does not check whether the user is a user whose user ID has been registered in advance. . When the state is switched to the second state, the authentication processing unit 276 outputs information indicating that the authentication was successful to the control unit 280 when the authentication by the second authentication method is successful. As a result, when a predetermined event such as a disaster occurs, the removable battery 100 can be used even by a user other than the user whose user ID is registered in advance. The second authentication method is, as will be described below, a method of determining successful authentication when sufficient information is obtained to later identify the user who has received the removable battery 100. . Information sufficient to identify the user later is read by the reading unit 250 or acquired by the communication unit 260 .

The authentication processing unit 276 may include a detection unit 276A that detects occurrence of a predetermined event such as a disaster. The detection unit 276A detects when the communication between the communication unit 260 and the management server 300 is interrupted, when the G sensor detects that an earthquake of a predetermined scale or more has occurred, and when the temperature sensor detects an extremely high or low temperature. Alternatively, it detects that a predetermined event has occurred when an authorized operator performs a predetermined operation on a switch or the like (not shown).

When the authentication processing unit 276 (the battery exchange device 200) is switched to the second state, the notification unit 278 notifies the user's portable terminal device that the removable battery 100 is easily dispensed, for example, together with the position of the battery exchange device 200. Notify the information that it is possible. The notification unit 278 uses the push notification function of the application program of the mobile terminal device to perform the above notification. Further, the notification unit 278 may cause the display unit 295 to display similar information when the authentication processing unit 276 (the battery exchange device 200) is switched to the second state.

Control unit 280 controls the entire battery exchange apparatus 200 including shutter device 220 and lock unit 230 . Upon receiving notification of successful authentication from authentication processing unit 276, control unit 280 changes shutter device 220 and lock unit 230 from a state in which detachable battery 100 cannot be removed to a state in which detachable battery 100 can be removed. do.

[Example of second authentication method]
In a first example of the second authentication method, the authentication processing unit 276 performs authentication using the user's biometric information (for example, face image information, fingerprint information, etc.) read by the reading unit 250 . In this example, the authentication processing unit 276 determines that the authentication has succeeded when the reading unit 250 reads the biometric information of the user who is going to receive the dispensing of the removable battery 100 with an accuracy that can be checked later. You can judge. On the other hand, if the reading unit 250 cannot read the biometric information of the user who is going to receive the dispensing of the removable battery 100 with accuracy that can be checked later, the authentication processing unit 276 determines that the authentication has succeeded. do not.

In the second example of the second authentication method, the authentication processing unit 276 uses predetermined information (described above) acquired from the mobile terminal device through short-range wireless communication between the communication unit 260 and the mobile terminal device. authentication. The authentication processing unit 276 may determine that the authentication has succeeded when an information set of one of several predetermined patterns can be acquired as the predetermined information. On the other hand, if the communication unit 260 cannot acquire the necessary information set as the predetermined information, the authentication processing unit 276 does not determine that the authentication has succeeded.

In the third example of the second authentication method, even if the user ID read by the reading unit 250 cannot be checked by communicating with the management server 300 to confirm whether or not it is a registered user ID, the user ID is required as the user ID. If the data is in a proper format, it is determined that the authentication has succeeded.

[Option processing in the second state]
Option process 1: When the removable battery 100 is removed in the second state, the writing unit 290 stores the user's personal information acquired for authentication by the second authentication method in the storage unit of the removable battery 100. 140 may be written. The user's personal information is biological information of the user of the removable battery 100 read by the reading unit 250 or predetermined information acquired by the communication unit 260 .

Option process 2: In the second state, the authentication processing unit 276 accumulates in the storage unit the user's personal information acquired for authentication by the second authentication method, and stores it within a predetermined period (1 day to 1 It may be determined whether or not the personal information is duplicated for about a week), and if the personal information is duplicated, it may be determined that the authentication has not been successful. For example, if the removable battery 100 is removed with certain personal information around noon on a certain day, and the same personal information is acquired in the evening of the same day, the authentication processing unit 276 will Control is performed so that the battery 100 is not discharged. This can prevent the same user from borrowing multiple removable batteries 100 in a short period of time.

[Management server 300]
FIG. 5 is a diagram showing an example of the configuration of the management server 300. As shown in FIG. The management server 300 includes, for example, a server communication section 310 , a management section 320 , a site provision section 330 and an image generation section 340 . For example, it is implemented by a hardware processor such as a CPU executing a program (software). Moreover, some or all of the functions may be realized by hardware such as LSI, ASIC, FPGA, GPU, etc., or may be realized by cooperation of software and hardware. The management server 300 also includes a server storage unit 360 . The server storage unit 360 is RAM, HDD, flash memory, or the like.

The server communication unit 310 communicates with the battery exchange device 200, the terminal device 400, and the like via the network NW.

The management unit 320 manages user authentication during replacement of the removable battery 100 using the user information management table 362 during normal times (when no disaster has occurred). FIG. 6 is a diagram showing an example of the contents of the user information management table 362. As shown in FIG. The user information management table 362 includes user IDs, statuses such as being rented or being authenticated, and battery IDs being rented (assuming that a maximum of four detachable batteries 100 are given out to one user). are associated information. When the user ID acquired from the battery exchange device 200 is registered in the user information management table 362, the management unit 320 causes the server to transmit information indicating that the authentication information (user ID) is correct to the battery exchange device 200. The communication unit 310 is instructed. Further, when the battery ID acquired from the battery exchange device 200 is registered in the user information management table 362 as corresponding to the user ID, the management unit 320 provides information indicating that the authentication for post-confirmation was successful. to the battery exchange device 200 .

The management unit 320 further updates the battery exchange device state table 364 based on the upload information acquired from the battery exchange device 200 . FIG. 7 is a diagram showing an example of the contents of the battery exchange device status table 364. As shown in FIG. The battery exchange device status table 364 is, for example, information in which the number of charged batteries in the battery exchange device 200 indicated by the device ID and the position of the battery exchange device 200 are associated with each device ID. When the upload information includes the remaining time required for charging each removable battery 100 as described above, the battery exchange device status table 364 includes the number of removable batteries 100 being charged and the remaining time for each removable battery 100. Time information may be added.

The site providing unit 330 has, for example, a web server function. Upon receiving a request from the terminal device 400, the site providing unit 330 transmits information (for example, a web page) for displaying the corresponding content (image) on the display unit of the terminal device 400 using the server communication device 310. Send to device 400 .

FIG. 8 is a flowchart for explaining the flow of processing executed by the battery exchange device 200 when the first example of the second authentication processing described above is adopted. First, for example, the control unit 280 of the battery exchange device 200 determines whether it is a normal time or a disaster (step S10). In the above determination, the control unit 280 determines that it is normal when the communication unit 260 can communicate with the management server 300 via the network NW, and when the communication unit 260 cannot communicate with the management server 300, a disaster occurs. It may be determined that it is at the time of occurrence. In another example, when the communication unit 260 receives a disaster notification from the management server 300, it is determined that a disaster has occurred, and when the communication unit 260 does not receive a disaster notification from the management server 300, it is determined that it is normal You may In still another example, the control unit 280 may determine whether it is a normal time or a disaster based on the measurement result of the seismic intensity meter built into the battery exchange device 200 .

For example, when the control unit 280 determines that it is normal time, the reading unit 250 reads the user information written in the user card of the user of the removable battery 100 (the person who intends to receive the payment of the removable battery 100). The ID is read (step S11). Next, the authentication processing unit 276 uses the user ID read in step S11 to determine whether or not the state in which the removable battery 100 cannot be dispensed can be switched to the state in which the detachable battery 100 can be dispensed. (Authentication for which the level of authentication has not been lowered) is performed (step S12). If the authentication using the user ID is successful in step S12, the lock unit 230 of the battery exchange device 200 switches from the state in which the removable battery 100 cannot be dispensed to the state in which the detachable battery 100 can be dispensed. (step S13).

For example, when the control unit 280 determines in step S10 that a disaster has occurred, the authentication processing unit 276 lowers the level of authentication from that in normal times (step S14). Next, the reading unit 250 reads biometric information (for example, face image information, fingerprint information, etc.) of the user of the removable battery 100 (person who intends to receive the payment of the removable battery 100) (step S15). Next, the authentication processing unit 276 uses the biometric information of the user of the removable battery 100 read in step S15 to change the state in which the removable battery 100 cannot be dispensed to the state in which the detachable battery 100 can be dispensed. Authentication (authentication with a lowered level of authentication) used to determine whether switching is possible is performed (step S16). If the authentication using the biometric information of the user of the removable battery 100 is successful in step S16 (that is, by using the biometric information of the user of the removable battery 100 read in step S15, the detachable battery 100 user can be identified (i.e., can be traced later)), the locking unit 230 of the battery exchange device 200 changes the state from which the detachable battery 100 cannot be dispensed. Switching to a state in which the removable battery 100 can be dispensed is performed (step S17).

FIG. 9 is a flowchart for explaining the flow of processing executed by the battery exchange device 200 when the second example of the second authentication processing described above is adopted. First, for example, the control unit 280 of the battery exchange device 200 determines whether or not the communication unit 260 can communicate with the management server 300 via the network NW during normal times or when a disaster occurs. It is determined whether there is (step S20).

For example, when the control unit 280 determines that it is normal time, the reading unit 250 reads the user information written in the user card of the user of the removable battery 100 (the person who intends to receive the payment of the removable battery 100). The ID is read (step S21). Next, the authentication processing unit 276 uses the user ID read in step S21 to determine whether or not the state in which the removable battery 100 cannot be dispensed can be switched to the state in which the detachable battery 100 can be dispensed. (Authentication for which the level of authentication has not been lowered) is performed (step S22). If the authentication using the user ID is successful in step S22, the lock unit 230 of the battery exchange device 200 switches from the state in which the removable battery 100 cannot be dispensed to the state in which the detachable battery 100 can be dispensed. (step S23).

For example, if the control unit 280 determines in step S20 that a disaster has occurred, the authentication processing unit 276 lowers the level of authentication from that in normal times (step S24). Next, the communication unit 260 notifies a medium (for example, a mobile terminal device, etc.) owned by the user of the removable battery 100 of information indicating that the level of authentication performed by the authentication processing unit 276 has been lowered. (Step S25). The process of step S25 may be similarly performed in other examples shown in FIGS. Next, the communication unit 260 performs short-range wireless communication with the medium, and acquires predetermined information (for example, information registered as registration information in an application installed in the mobile terminal device) from the medium (step S26). ). Next, the authentication processing unit 276 uses the predetermined information acquired in step S26 to determine whether or not the state in which the removable battery 100 cannot be dispensed can be switched to the state in which the detachable battery 100 can be dispensed. authentication (authentication with a lowered level of authentication) is performed (step S27). If authentication using the predetermined information is successful in step S27 (that is, by using the predetermined information acquired in step S26, the user of the removable battery 100 can be identified (that is, tracked later). If the authentication processing unit 276 determines that it is possible), the lock unit 230 of the battery exchange device 200 switches from a state in which the removable battery 100 cannot be dispensed to a state in which the detachable battery 100 can be dispensed. (step S28).

FIG. 10 is a flowchart for explaining the flow of processing executed by the battery exchange device 200, reflecting the option processing 1 described above. First, for example, the control unit 280 of the battery exchange device 200 determines whether or not the communication unit 260 can communicate with the management server 300 via the network NW during normal times or when a disaster occurs. It is determined whether there is (step S30).

For example, when the control unit 280 determines that it is normal time, the reading unit 250 reads the user information written in the user card of the user of the removable battery 100 (the person who intends to receive the payment of the removable battery 100). The ID is read (step S31). Next, the authentication processing unit 276 uses the user ID read in step S31 to determine whether or not the state in which the removable battery 100 cannot be dispensed can be switched to the state in which the detachable battery 100 can be dispensed. (Authentication for which the level of authentication has not been lowered) is performed (step S32). If the authentication using the user ID is successful in step S32, the lock unit 230 of the battery exchange device 200 switches from the state in which the removable battery 100 cannot be dispensed to the state in which the detachable battery 100 can be dispensed. (step S33).

For example, when the control unit 280 determines in step S30 that a disaster has occurred, the authentication processing unit 276 lowers the level of authentication from that in normal times (step S34). Next, the reading unit 250 reads the biometric information of the user of the removable battery 100 (the person who wants to receive the payout of the removable battery 100), or the communication unit 260 reads the biometric information of the user of the removable battery 100. acquires predetermined information from the mobile terminal device by performing short-range wireless communication with the mobile terminal device owned by the mobile terminal device (step S35). Next, the authentication processing unit 276 uses the information read or acquired in step S35 to determine whether or not the state in which the removable battery 100 cannot be dispensed can be switched to the state in which the detachable battery 100 can be dispensed. Authentication to be used (authentication with a lower level of authentication) is performed (step S36). If the authentication using the biometric information or the predetermined information of the user of the removable battery 100 is successful in step S36 (that is, if the biometric information read in step S35 or the predetermined information obtained If the authentication processing unit 276 determines that the user of the type battery 100 can be identified (that is, can be tracked later), the writing unit 290 reads the biometric information read in step S35 or the acquired Predetermined information is written in the storage unit 140 of the removable battery 100 that is ready for dispensing (step S37). Next, the locking unit 230 of the battery exchange device 200 switches from the state in which the removable battery 100 cannot be dispensed to the state in which the detachable battery 100 can be dispensed (step S38).

FIG. 11 is a flowchart for explaining the flow of processing executed by the battery exchange device 200, reflecting the option processing 2 described above. First, for example, the control unit 280 of the battery exchange device 200 determines whether or not the communication unit 260 can communicate with the management server 300 via the network NW during normal times or when a disaster occurs. It is determined whether there is (step S40).

For example, when the control unit 280 determines that it is normal time, the reading unit 250 reads the user information written in the user card of the user of the removable battery 100 (the person who intends to receive the payment of the removable battery 100). The ID is read (step S41). Next, the authentication processing unit 276 uses the user ID read in step S41 to determine whether or not the state in which the removable battery 100 cannot be dispensed can be switched to the state in which the detachable battery 100 can be dispensed. (Authentication for which the level of authentication has not been lowered) is performed (step S42). If the authentication using the user ID is successful in step S42, the lock unit 230 of the battery exchange device 200 switches from the state in which the removable battery 100 cannot be dispensed to the state in which the detachable battery 100 can be dispensed. (Step S43).

For example, if the control unit 280 determines in step S40 that a disaster has occurred, the authentication processing unit 276 lowers the level of authentication from that in normal times (step S44). Next, the reading unit 250 reads the biometric information of the user of the removable battery 100 (the person who wants to receive the payout of the removable battery 100), or the communication unit 260 reads the biometric information of the user of the removable battery 100. obtains predetermined information from the mobile terminal device by performing short-range wireless communication with the mobile terminal device owned by the mobile terminal device (step S45). Next, for example, the authentication processing unit 276 uses the biometric information read in step S45 or the acquired predetermined information to check whether or not there is duplication of dispensing of the removable battery 100 (step S45). For example, the authentication processing unit 276 uses the biometric information read by the reading unit 250 or the information acquired by the communication unit 260 at a lower authentication level. 100-1st has been dispensed, and a person who intends to receive dispensation of the second detachable battery 100-2nd using the information used for authentication of the first detachable battery 100-1st appears, for example, the authentication processing unit 276 determines that there is duplication of dispensing of the removable battery 100 .

If there is a duplication of dispensing of the removable battery 100, the lock unit 230 keeps the second removable battery 100-2nd in a dispensable state (step S47).

If there is no overlap in the dispensing of the removable battery 100, the locking unit 230 locks the removable battery 100 (the first removable battery 100-1st for the person who wants to receive the dispensing of the removable battery 100). The state is switched from the dispensable state to the dispensable state (step S48).

According to the embodiments described above, it is possible to expand the applicability of the detachable battery.

The above embodiment can be expressed as follows.
a storage device storing a program;
A battery replacement device comprising a hardware processor,
By the hardware processor executing the program stored in the storage device,
Provide the user with a detachable battery, subject to successful authentication,
Normally, it is in the first state in which authentication is performed by the first authentication method,
When a predetermined event occurs, transition to a second state in which authentication is performed by a second authentication method having a lower authentication level than the first authentication method,
A battery exchange device configured to:

As described above, the mode for carrying out the present invention has been described using the embodiments, but the present invention is not limited to such embodiments at all, and various modifications and replacements can be made without departing from the scope of the present invention. can be added.

10 Electric vehicle 100 Removable battery 120 Storage unit 140 Storage unit 150 Connection unit 200 Battery exchange device 210 Slot 220 Shutter device 230 Lock unit 240 Connection unit 242 Charging unit 250 Reading unit 260 Communication unit 270 Processing unit 272 Uploading unit 274 Charging control unit 276 authentication processing unit 276A detection unit 278 notification unit 280 control unit 290 writing unit 295 display unit 300 management server

Claims (11)

A battery exchange device comprising an authentication processing unit and dispensing a detachable battery to a user on condition that authentication by the authentication processing unit succeeds,
The authentication processing unit
Normally, it is in the first state in which authentication is performed by the first authentication method,
When a predetermined event occurs, transition to a second state in which authentication is performed by a second authentication method having a lower authentication level than the first authentication method,
further comprising a notification unit that notifies the mobile terminal device of the user that the battery exchange device is in the second state;
Battery exchange device. A battery exchange device comprising an authentication processing unit and dispensing a detachable battery to a user on condition that authentication by the authentication processing unit succeeds,
The authentication processing unit
Normally, it is in the first state in which authentication is performed by the first authentication method,
When a predetermined event occurs, transition to a second state in which authentication is performed by a second authentication method having a lower authentication level than the first authentication method,
further comprising a writing unit that writes personal information of the user to the removable battery when the removable battery is dispensed in the second state;
Battery exchange device. The personal information is information acquired for authentication by the second authentication method,
The battery exchange device according to claim 2 . A battery exchange device comprising an authentication processing unit and dispensing a detachable battery to a user on condition that authentication by the authentication processing unit succeeds,
The authentication processing unit
Normally, it is in the first state in which authentication is performed by the first authentication method,
When a predetermined event occurs, transition to a second state in which authentication is performed by a second authentication method having a lower authentication level than the first authentication method,
In the second state, the authentication processing unit checks whether or not there is duplication in the information acquired from the different users for authentication by the second authentication method, and if there is duplication, the use not handing out the removable battery to a person,
Battery exchange device. the predetermined event is a disaster,
Further equipped with a detection unit that detects the occurrence of a disaster,
The authentication processing unit transitions to the second state when the detection unit detects the occurrence of the disaster.
The battery exchange device according to any one of claims 1 to 4 . The second authentication method is an authentication method using the user's biometric information,
The battery exchange device according to any one of claims 1 to 5 . The biometric information is face image information or fingerprint information of the user,
The battery exchange device according to claim 6 . The second authentication method is an authentication method using information that can be acquired using short-range wireless communication with a mobile terminal device owned by the user,
The battery exchange device according to any one of claims 1 to 7 . The computer installed in the battery exchange device
Provide the user with a detachable battery, subject to successful authentication,
Normally, it is in the first state in which authentication is performed by the first authentication method,
When a predetermined event occurs, transition to a second state in which authentication is performed by a second authentication method having a lower authentication level than the first authentication method,
notifying the mobile terminal device of the user that the battery exchange device is in the second state;
A control method for a battery exchange device. The computer installed in the battery exchange device
Provide the user with a detachable battery, subject to successful authentication,
Normally, it is in the first state in which authentication is performed by the first authentication method,
When a predetermined event occurs, transition to a second state in which authentication is performed by a second authentication method having a lower authentication level than the first authentication method,
writing personal information of the user to the removable battery when the removable battery is dispensed in the second state;
A control method for a battery exchange device. The computer installed in the battery exchange device
Provide the user with a detachable battery, subject to successful authentication,
Normally, it is in the first state in which authentication is performed by the first authentication method,
When a predetermined event occurs, transition to a second state in which authentication is performed by a second authentication method having a lower authentication level than the first authentication method,
In the second state, it is checked whether or not there is duplication in the information acquired from the different users for authentication by the second authentication method, and if there is duplication, the detachable battery is sent to the user. does not pay out the
A control method for a battery exchange device.

Images