Server equipment
By identifying and invalidating unnecessary private information areas through server devices, the problem of privacy information leakage when service content changes is solved, thus achieving a higher level of privacy protection.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- TOYOTA JIDOSHA KK
- Filing Date
- 2024-12-20
- Publication Date
- 2026-07-02
Smart Images

Figure 2026109966000001_ABST
Abstract
Description
Technical Field
[0001] This disclosure relates to a server device.
Background Art
[0002] Patent Document 1 discloses a vehicle device that transmits vehicle information to an information center.
Prior Art Documents
Patent Documents
[0003]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0004] In order to provide a predetermined service, it may be necessary to collect privacy information such as passenger information from a vehicle. Since the necessary privacy information varies depending on the content of the service, when the content of the service is changed, in the changed service, some data areas of the privacy information that have been collected so far may become unnecessary. From the perspective of privacy protection, it is necessary to prevent the unnecessary data areas of the privacy information from being transmitted outside the vehicle. If the unnecessary data areas of the privacy information are transmitted outside the vehicle, there is a risk that privacy protection will decline.
[0005] An object of this disclosure is to prevent the transmission of unnecessary privacy information and improve privacy protection.
[0006] A server device according to an embodiment of this disclosure is a server device that provides a service to a user, and in the server device that collects privacy information from a vehicle in providing the service, When the content of the service is changed, the control unit identifies data areas that are no longer needed to provide the changed service from among the multiple data areas included in the privacy information collected from the vehicle to provide the service before the change, and notifies the vehicle of a command to invalidate the identified data areas. [Effects of the Invention]
[0007] This disclosure can improve privacy protection. [Brief explanation of the drawing]
[0008] [Figure 1] This is a schematic diagram illustrating an example of a system according to the embodiments of this disclosure. [Figure 2] This is a diagram illustrating the data structure of privacy information according to the embodiments of this disclosure. [Modes for carrying out the invention]
[0009] The embodiments of this disclosure will be described below with reference to the figures.
[0010] In each figure, identical or corresponding parts are denoted by the same reference numerals. In the description of this embodiment, the description of identical or corresponding parts will be omitted or simplified as appropriate.
[0011] Referring to Figure 1, the configuration of the system 10 according to this embodiment will be described.
[0012] The system 10 according to this embodiment comprises a server device 20, a vehicle VH, and a terminal 30. The server device 20 can communicate with the vehicle VH and the terminal 30 via a network 40 such as the Internet. The vehicle VH can communicate with the terminal 30 via the network 40.
[0013] Server device 20 is installed in a data center. Server device 20 is a computer such as a server belonging to a cloud computing system or other computing system.
[0014] A vehicle VH is any type of automobile, such as a gasoline car, diesel car, HV, PHV, EV, or FCV. "HV" is an abbreviation for hybrid vehicle. "PHV" is an abbreviation for plug-in hybrid vehicle. "EV" is an abbreviation for electric vehicle. "FCV" is an abbreviation for fuel cell vehicle. A vehicle VH may be driven by a driver or its operation may be automated to any level. The level of automation may be one of levels 1 to 5 in the SAE classification. "SAE" is an abbreviation for Society of Automotive Engineers. A vehicle VH is equipped with communication devices such as a DCM and control devices such as an ECU. "DCM" is an abbreviation for Data Communication Module. "ECU" is an abbreviation for Engine Control Unit.
[0015] Terminal 30 is held and used by user U1. Terminal 30 is, for example, a mobile device such as a mobile phone, smartphone, or tablet, or a PC. "PC" is an abbreviation for personal computer.
[0016] The outline of this embodiment will be described with reference to Figure 1.
[0017] Some privacy information that was initially anticipated to be necessary during development may become unnecessary after the service is actually launched. In this case, unnecessary privacy information will be handled. Handling privacy information requires the utmost care, and privacy information transmitted from vehicles to the center must always be minimized (only necessary privacy information is handled). Therefore, a mechanism to prevent the transmission of unnecessary information is required.
[0018] The server device 20 provides services to the user U1. When providing the service, the server device 20 collects privacy information D1 from the vehicle VH. The vehicle VH is, for example, the vehicle of the user U1. When the content of the service is changed, the server device 20 identifies, among the multiple data areas included in the privacy information D1 collected from the vehicle VH for providing the previous service, the data areas that have become unnecessary for providing the changed service. The server device 20 notifies the vehicle VH of an instruction to invalidate the identified data areas. Upon receiving the notification, the vehicle VH thereafter invalidates the identified data areas and transmits the privacy information D1' outside the vehicle.
[0019] According to the present embodiment, when a data area including a data area for which privacy information has become unnecessary is included, the data area is invalidated and transmitted outside the vehicle. Therefore, privacy protection is improved.
[0020] Referring to FIG. 1, the configuration of the server device 20 according to the present embodiment will be described.
[0021] The server device 20 includes a control unit 21, a storage unit 22, and a communication unit 23.
[0022] The control unit 21 includes at least one processor, at least one programmable circuit, at least one dedicated circuit, or a combination thereof. The processor is a general-purpose processor such as a CPU or GPU, or a dedicated processor specialized for specific processing. "CPU" is an abbreviation for central processing unit. "GPU" is an abbreviation for graphics processing unit. The programmable circuit is, for example, an FPGA. "FPGA" is an abbreviation for field-programmable gate array. The dedicated circuit is, for example, an ASIC. "ASIC" is an abbreviation for application specific integrated circuit. The control unit 21 executes processing related to the operation of the server device 20 while controlling each part of the server device 20.
[0023] The storage unit 22 includes at least one semiconductor memory, at least one magnetic memory, at least one optical memory, or a combination of at least two of these. The storage unit 22 functions as, for example, a main storage device, an auxiliary storage device, or a cache memory. In the storage unit 22, data used for the operation of the server device 20 and data obtained by the operation of the server device 20 are stored. In the present embodiment, the storage unit 22 stores a database DB in which the latest service content and the types of privacy information required to provide the service are registered in combination with the identifier of the user U1.
[0024] The communication unit 23 includes at least one communication interface. The communication unit 2接收用于服务器设备20操作的数据,并发送由服务器设备20的操作获得的数据。
[0025] It should be noted that there is an incorrect expression in the translation of . It should be "receives data used for the operation of the server device 20 and transmits data obtained by the operation of the server device 20." instead of the incorrect description provided.The functions of the server device 20 are realized by executing the program according to this embodiment on the processor acting as the control unit 21. In other words, the functions of the server device 20 are realized by software. The program causes the computer to perform the operations of the server device 20, thereby causing the computer to function as the server device 20. That is, the computer functions as the server device 20 by performing the operations of the server device 20 according to the program.
[0026] The program can be stored on a non-temporary computer-readable medium. Examples of non-temporary computer-readable mediums include flash memory, magnetic recording devices, optical discs, magneto-optical recording media, or ROM. The program can be distributed, for example, by selling, transferring, or lending portable media such as SD cards, DVDs, or CD-ROMs containing the program. "SD" is an abbreviation for Secure Digital. "DVD" is an abbreviation for digital versatile disc. "CD-ROM" is an abbreviation for compact disc read only memory. The program may also be distributed by storing it in server storage and transferring it from the server to other computers. The program may also be provided as a program product.
[0027] The operation of the system 10 according to this embodiment will be described with reference to Figures 1 and 2. This operation corresponds to the method according to this embodiment.
[0028] In the first step, the control unit 21 of the server device 20 collects privacy information D1 from the vehicle VH. As an example, the control unit 21 collects location information and vehicle control information of the vehicle VH as privacy information D1. The location information of the vehicle VH is acquired by the DCM using GPS. "GPS" is an abbreviation for Global Positioning System. Vehicle control information is acquired by the ECU, for example. Vehicle control information includes, for example, engine status, speed, fuel consumption, brake usage, etc. Privacy information D1 may also include occupant information of the vehicle VH. Occupant information includes, for example, the occupant's name, age, gender, seat position, and riding time, etc.
[0029] In the second step, the control unit 21 of the server device 20 determines whether the content of the service provided to user U1 has changed. The determination of whether the content of the service has changed may be performed by any procedure. Changes in the content of the service include, for example, revisions to the service content by the service provider. In addition, user U1 may change the service they have contracted to to another service. When the content of the service changes, the changed content of the service is combined with user U1's identifier and registered in the database DB as the latest service content. The control unit 21 retrieves the latest service content linked to user U1's identifier from the database DB and compares it with the service content currently provided to user U1. For example, suppose the services currently provided are "Service A" and "Service B," and the latest services registered in the database DB are "Service A" and "Service C." In this case, the control unit 21 determines that the content of the service has changed ("Service B" has been changed to "Service C"). The second step is repeated until it is determined that the content of the service has changed.
[0030] In the third step, the control unit 21 of the server device 20 identifies the data areas that are no longer needed to provide the modified service from among the multiple data areas contained in the privacy information D1 that was collected from the vehicle VH to provide the modified service. In this embodiment, the data areas of the necessary privacy information are associated with each service and stored in the storage unit 22. The control unit 21 refers to the storage unit 22 to determine the type of privacy information required for the service to be provided. As a specific example, Figure 2 shows the privacy information D1 that was collected from the vehicle VH to provide "Service A" and "Service B" as the modified service, and the privacy information D1' that will be collected from the vehicle VH to provide "Service A" and "Service C" as the modified service. Note that "specific example" is not limiting to this disclosure, but is an example to help understand this embodiment. As shown in Figure 2, the privacy information D1 includes a header followed by data areas A1, B1, A2, B2, B3, and B4. In the example in Figure 2, data areas A1, B1, and A2 are privacy information for Service A. Data areas B1, B2, B3, and B4 contain privacy information for Service B. Furthermore, data areas B1, B2, and B4 also contain privacy information for Service C. As can be seen in Figure 2, data area B1 is a data area commonly required for the provision of Services A, B, and C. Data areas B2 and B4 are commonly required for the provision of Services B and C, but are not required for the provision of Service A. Additionally, data area B3 is required for the provision of Service B, but is not required for the provision of Service C. In this specific example, the control unit 21 compares data areas A1, A2, B1, B2, B3, and B4, which are included in the privacy information D1 collected to provide the services before the change ("Service A" and "Service B"), with data areas A1, A2, B1, B2, and B4, which are required to provide the services after the change ("Service A" and "Service C"). Then, "Data Area B3," which was necessary for providing Service B but is not necessary for providing Service C, is identified as an unnecessary data area.In Figure 2, unnecessary data areas (data area B3) are shown by hatching.
[0031] In the fourth step, the control unit 21 of the server device 20 notifies the vehicle VH of a command to invalidate the data area identified in the third step. For example, suppose that data area B3 was identified in the third step. In this case, the control unit 21 communicates with the DCM, which is a communication device installed in the vehicle VH, via the communication unit 23, and sends a command to the vehicle VH to invalidate data area B3, one of the multiple data areas included in the privacy information D1.
[0032] In step 5, the DCM, acting as the communication device of the vehicle VH, receives a command transmitted from the server device 20 in step 4. The DCM disables any unnecessary data areas from the data areas included in the privacy information D1. For example, suppose a command is received to disable data area B3 from among the multiple data areas included in the privacy information D1. In this case, the DCM disables data area B3 as an unnecessary data area. Specifically, the DCM disables data area B3 by overwriting all bits of it with "0" or "1".
[0033] In step 6, the DCM of the vehicle VH sends the privacy information D1', after the unnecessary data area has been disabled, to the server device 20. In the example in Figure 2, when providing the modified service A / C, the DCM sends the privacy information D1', with data area B3 disabled, to the server device 20. Based on the privacy information D1' sent from the vehicle VH, the server device 20 provides the modified service to user U1.
[0034] According to this embodiment, when the server device 20 receives privacy information D1 transmitted outside the vehicle from the vehicle's DCM, if it contains unnecessary data areas, it identifies those areas and notifies the vehicle's DCM of those data areas. The DCM that receives the notification then transmits privacy information D1' with the identified data areas disabled outside the vehicle. For example, if the center has acquired privacy information such as occupant information, and at some point that information item becomes unnecessary, the center instructs the vehicle to disable the item. As a result, it is possible to suppress the transmission of unnecessary privacy information to the center. Therefore, privacy protection is improved.
[0035] This disclosure is not limited to the embodiments described above. For example, multiple blocks described in the block diagram may be combined, or a single block may be divided. Instead of executing multiple steps described in the flowchart in chronological order as described, they may be executed in parallel or in a different order, depending on the processing capacity of the device performing each step, or as necessary. Other modifications are possible without departing from the spirit of this disclosure. [Explanation of Symbols]
[0036] 10 Systems 20 Server Devices 21 Control Unit 22 Memory section 23 Communications Department 30 devices 40 Networks VH Vehicle U1 User D1, D1' Privacy Information
Claims
[Claim 1] A server device that provides services to users, and in providing the said services, collects privacy information from vehicles, A server device comprising a control unit that, when the content of the service is changed, identifies data areas that are no longer needed to provide the changed service from among multiple data areas included in the privacy information collected from the vehicle to provide the service before the change, and notifies the vehicle of a command to invalidate the identified data areas.