Redundant hardware and software architecture for autonomous vehicles
US-2021394770-A1 · Dec 23, 2021 · US
Redundant hardware and software architecture for autonomous vehicles
US12428004B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12428004-B2 |
| Application number | US-202318390966-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 20, 2023 |
| Priority date | Jun 23, 2020 |
| Publication date | Sep 30, 2025 |
| Grant date | Sep 30, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A redundant hardware and software architecture can be designed to enable vehicles to be operated in an autonomous mode while improving the reliability and/or safety of such vehicles. A system for redundant architecture can include a set of at least two redundant sensors coupled to a vehicle and configured to provide timestamped sensor data to each of a plurality of computing unit (CU) computers. The CU computers can process the sensor data simultaneously based on at least a time value indicative of an absolute time or a relative time and based on the timestamped sensor data. The CU computers provide to a vehicle control unit (VCU) computer at least two sets of outputs configured to instruct a plurality of devices in a vehicle and cause the vehicle to be driven.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of autonomous vehicle operation, comprising: storing periodically emergency trajectory information, each piece of emergency trajectory information indicating a predicted trajectory of a vehicle over a distance from a location of the vehicle to bring the vehicle to complete stop; receiving, by a computer located in the vehicle, a message indicative of an error or fault condition associated with each of at least two other computers located in the vehicle; obtaining, in response to receiving the message from each of the at least two other computers, an up-to-date stored piece of the emergency trajectory information to bring the vehicle to complete stop; obtaining, from at least two sensors coupled to the vehicle, at least two images of a region towards which the vehicle is being driven; determining, based on at least one image from the at least two sensors and the emergency trajectory information, a set of output values that control a plurality of devices in the vehicle to bring the vehicle to complete stop; and causing the vehicle to be brought to complete stop by sending a set of commands that instruct the plurality of devices, wherein the set of commands are based on the set of output values, wherein each piece of the emergency trajectory information indicates the predicted trajectory over a pre-determined future length of time larger than a period for storing the emergency trajectory information, from the location of the vehicle. 2. The method of claim 1 , further comprising: determining, in response to receiving the message from each of the at least two other computers, not to send any of two sets of output values received from the at least two other computers to operate the plurality of devices. 3. The method of claim 1 , wherein the message is received from the at least two other computers at different times. 4. The method of claim 1 , wherein the set of output values include a value that indicate to turn on emergency lights on the vehicle. 5. The method of claim 1 , wherein the at least two sensors are different from another set of sensors that are communicably coupled to the at least two other computers located in the vehicle. 6. The method of claim 1 , wherein the set of output values that control the plurality of devices are formatted or translated from another set of output values using a database stored in the vehicle. 7. The method of claim 1 , wherein the error or fault condition indicates that a computation load for each of the at least two other computers exceeded a limit. 8. A non-transitory computer readable program storage medium having code stored thereon, the code, when executed by a processor, causing the processor to implement a method, comprising: storing periodically emergency trajectory information, each piece of emergency trajectory information indicating a predicted trajectory of a vehicle over a distance from a location of the vehicle to bring the vehicle to complete stop; receiving, by a computer located in the vehicle, a message indicative of an error or fault condition associated with each of at least two other computers located in the vehicle; obtaining, in response to receiving the message from each of the at least two other computers, an up-to-date stored piece of the emergency trajectory information to bring the vehicle to complete stop; obtaining, from at least two sensors coupled to the vehicle, at least two images of a region towards which the vehicle is being driven; determining, based on at least one image from the at least two sensors and the emergency trajectory information, a set of output values that control a plurality of devices in the vehicle to bring the vehicle to complete stop; and causing the vehicle to be brought to complete stop by sending a set of commands that instruct the plurality of devices, wherein the set of commands are based on the set of output values, wherein each piece of the emergency trajectory information indicates the predicted trajectory over a pre-determined future length of time larger than a period for storing the emergency trajectory information, from the location of the vehicle. 9. The non-transitory computer readable program storage medium of claim 8 , wherein the method further comprises: determining, in response to receiving the message from each of the at least two other computers, not to send any of two sets of output values received from the at least two other computers to operate the plurality of devices. 10. The non-transitory computer readable program storage medium of claim 8 , wherein the message is received from the at least two other computers at different times. 11. The non-transitory computer readable program storage medium of claim 8 , wherein the set of output values include a value that indicate to turn on emergency lights on the vehicle. 12. The non-transitory computer readable program storage medium of claim 8 , wherein the at least two sensors are different from another set of sensors that are communicably coupled to the at least two other computers located in the vehicle. 13. The non-transitory computer readable program storage medium of claim 8 , wherein the set of output values that control the plurality of devices are formatted or translated from another set of output values using a database stored in the vehicle. 14. An apparatus for autonomous vehicle operation comprising a processor, configured to implement a method, comprising: storing periodically emergency trajectory information, each piece of emergency trajectory information indicating a predicted trajectory of a vehicle over a distance from a location of the vehicle to bring the vehicle to complete stop; receiving, by a computer located in the vehicle, a message indicative of an error or fault condition associated with each of at least two other computers located in the vehicle; obtaining, in response to receiving the message from each of the at least two other computers, an up-to-date stored piece of emergency trajectory information to bring the vehicle to complete stop; obtaining, from at least two sensors coupled to the vehicle, at least two images of a region towards which the vehicle is being driven; determining, based on at least one image from the at least two sensors and the emergency trajectory information, a set of output values that control a plurality of devices in the vehicle to bring the vehicle to complete stop; and causing the vehicle to be brought to complete stop by sending a set of commands that instruct the plurality of devices, wherein the set of commands are based on the set of output values, wherein each piece of the emergency trajectory information indicates the predicted trajectory over a pre-determined future length of time larger than a period for storing the emergency trajectory information, from the location of the vehicle. 15. The apparatus of claim 14 , wherein the processor is further configured to: determine, in response to the message received from each of the at least two other computers, not to send any of two sets of output values received from the at least two other computers to operate the plurality of devices. 16. The apparatus of claim 14 , wherein the message is received from the at least two other computers at different times. 17. The apparatus of claim 14 , wherein the set of output values include a value that indicate to turn on emergency lights on the vehicle.
Assignees
Inventors
Classifications
Radar; Laser, e.g. lidar · CPC title
Image sensing, e.g. optical camera · CPC title
exterior to a vehicle by using sensors mounted on the vehicle · CPC title
related to the vehicle · CPC title
by employing degraded modes, e.g. reducing speed, in response to suboptimal conditions · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12428004B2 cover?
- A redundant hardware and software architecture can be designed to enable vehicles to be operated in an autonomous mode while improving the reliability and/or safety of such vehicles. A system for redundant architecture can include a set of at least two redundant sensors coupled to a vehicle and configured to provide timestamped sensor data to each of a plurality of computing unit (CU) computers…
- Who is the assignee on this patent?
- Tusimple Inc
- What technology area does this patent fall under?
- Primary CPC classification B60W50/023. Mapped technology areas include Operations & Transport.
- When was this patent published?
- Publication date Tue Sep 30 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).