EP2423885A1 - Device and method for monitoring the function of a road toll system - Google Patents
Device and method for monitoring the function of a road toll system Download PDFInfo
- Publication number
- EP2423885A1 EP2423885A1 EP10450129A EP10450129A EP2423885A1 EP 2423885 A1 EP2423885 A1 EP 2423885A1 EP 10450129 A EP10450129 A EP 10450129A EP 10450129 A EP10450129 A EP 10450129A EP 2423885 A1 EP2423885 A1 EP 2423885A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- data
- toll
- processor element
- signature
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B15/00—Arrangements or apparatus for collecting fares, tolls or entrance fees at one or more control points
- G07B15/06—Arrangements for road pricing or congestion charging of vehicles or vehicle users, e.g. automatic toll systems
- G07B15/063—Arrangements for road pricing or congestion charging of vehicles or vehicle users, e.g. automatic toll systems using wireless information transmission between the vehicle and a fixed station
Definitions
- the present invention relates to a device and a method for monitoring the operation of a road toll system comprising at least one vehicle device recording its position in the form of raw position data and a stationary proxy computer which receives the raw position data from the vehicle device and generates toll-related toll data by toll map matching.
- Such road toll systems are also referred to as thin-client systems.
- the vehicle device also called on-board unit or OBU, can be carried out cost-effectively with low computing power ("thin-client"), because the compute-intensive toll card matching, i. the comparison of the position data with the toll collection relevant geographical elements, e.g. on a suitably prepared or suitable digital road map, is outsourced to powerful stationary proxy computer of the road toll system.
- Thin-client OBUs determine their position, for example, by means of satellite navigation or radio localization in terrestrial radio beacon or mobile networks.
- thin-client toll systems bring significant benefits to the individual user due to the low cost of a thin-client OBU, they have the disadvantage for the operator of the road toll toll system that a continuous secure function check ("secure monitoring") is not possible is: For example the reliability of toll card matching in the proxy computer for the toll operator unverifiable and therefore difficult or impossible for system suppliers.
- Thick-client toll systems possible: In these toll systems costly thick-client OBUs are used, which over have their own toll card material and high computing power to carry out their own toll card reconciliation and send the card-adjusted toll data to a central system. For such systems, concept considerations are known to provide the toll data calculated by the thick-client OBUs with a signature issued by the toll operator and installed in the OBU to ensure the authenticity of the data to the toll collection operator's central system. This solution requires high-performance OBUs that can perform the authentication functions required by the toll operator and is not suitable for traditional thin-client systems.
- the invention has as its object to provide a secure monitoring solution for thin-client road toll systems, which combines the advantages of operator security of signing thick-client systems with the cost advantages of thin-client systems.
- a device of the type mentioned which is characterized according to the invention by at least a first equipped with a signature and cryptographically access secured processor element, on the one hand, the raw position data or extracted therefrom route data from the vehicle unit and on the other hand the toll card data is received from the proxy computer and configured to plausibilize the card-compensated toll data against the raw item data or the route data extracted therefrom and output it with a signature if successful.
- the invention thus provides a continuous certification solution for toll data generated by thin-client OBUs.
- An equipped with a signature and cryptographically access secured processor element is set "Trusted element" for the toll operator, which can be equipped with a trusted signature, such as a certificate of a trusted issuing office, and secured for its sole access.
- Trusted element for the toll operator, which can be equipped with a trusted signature, such as a certificate of a trusted issuing office, and secured for its sole access.
- Processor elements of this type can be inexpensively manufactured as single-chip modules, as they are widely used in SIM cards, smart cards, etc.
- the plausibility check according to the invention of the card-compensated toll data compared to the position or route data requires only a low computing power of the trusted element, as readily available from commercially available SIM or chip card processor elements can be applied.
- the term "plausibility check” is understood to mean a rough check or an approximate comparison as to whether the toll data generated by the proxy computer can originate from the position data or from the route data extracted therefrom, ie are plausible : For example, area-related toll data can be made plausible by a check is made as to whether the underlying position data lies in the area of the toll data. If the toll data is based on a distance traveled or a travel time, the plausibility can be checked, for example, by means of a rough accumulation of the distances lying between individual positions of the position data.
- the first processor element is arranged in the proxy computer of the toll operator.
- the processor element can be directly in the control of the operator (or a trusted third party) and can also be executed operator-specifically.
- An alternative preferred embodiment of the invention for a road toll system the proxy computer, the card-balanced Toll data sent back to the vehicle unit, characterized in that the first processor element is arranged in the vehicle unit.
- This solution has the advantage that the processor element can work together with different proxy computers of different toll operators. It also certifies the toll data submitted by a thin-client OBU in the same manner as that obtainable from a traditional certified thick-client OBU.
- the first processor element is inserted into the vehicle device in a modularly exchangeable manner, for example in the manner of a SIM card.
- third-party manufactured thin-client OBUs are equipped by the operator with processor elements of his confidence.
- the processor element may either match the raw position data or route data extracted therefrom with the toll data.
- route data extracted from the position data is used, i. the vehicle device is designed to extract route data from the raw position data and to send it to the first processor element, which makes the card-adjusted toll data plausible with respect to the extracted route data.
- the processor element serving the certification for the toll operator thus does not experience the position position of the OBU but only excerpts or generalizations of the same, as far as the movement history of the user is concerned Data abuse protects.
- the extracted route data from the raw position data are preferably accumulated travel distances or travel times, from which no direct conclusions can be drawn about the individual movements of the user with his vehicle device.
- a further preferred embodiment of the invention is characterized by at least a second equipped with a signature and cryptographically access secured processor element which is arranged in the vehicle unit and adapted to generate said extracted route data from the raw position data and with its signature Provided.
- a signature and cryptographically access secured processor element which is arranged in the vehicle unit and adapted to generate said extracted route data from the raw position data and with its signature Provided.
- the second processor element is used in the vehicle unit modular interchangeable, and particularly preferably, the first and the second processor element may even be ident.
- a further particularly advantageous embodiment of the invention is characterized in that the vehicle device is designed to provide the extracted route data provided with the signature on an interface for interrogation by a roadside infrastructure.
- the processor element or "trusted element” simultaneously also enables a "secure freezing service” for the position data or path data continuously extracted therefrom in the vehicle device.
- Roadside infrastructure such as toll bills, control vehicles, etc., can in this way obtain trusted control data from passing vehicle equipment.
- the invention provides a method for monitoring the operation of a road toll system of the type mentioned, which is plausibilized in a equipped with a signature and cryptographically secured processor element, the card-adjusted toll data of the proxy computer against the raw position data of the vehicle unit or extracted therefrom route data and be issued with a successful plausibility with the signature provided.
- said plausibility check preferably takes place in a processor element of the vehicle unit.
- the route data is extracted from the raw position data and the plausibility of the map-matched toll data in the processor element with respect to the extracted route data.
- the extracted route data is preferably distances or travel times which are accumulated from the position data.
- the extracted route data is generated from the raw position data and provided with the signature in the same or another processor element equipped with a signature and secured cryptographically.
- the extracted route data provided with the signature is provided in the vehicle device for interrogation by a roadside infrastructure.
- Fig. 1 shows a device and a method for secure function monitoring ("secure monitoring") in the context of a schematically illustrated road toll system 1.
- the road toll system 1 comprises a plurality of vehicle devices or O-BUs 2 (only one OBU representatively shown) in the form of thin clients which continuously determine their own geographical position in a manner known per se, eg by means of satellite navigation or radio localization in a network of radio beacons, mobile radio stations, etc.
- the positions determined by an OBU 2 are referred to as "raw" position data ( "position fix tracks”) 3 recorded in a memory of the OBU.
- the position data 3 can be supplemented or improved by the combination of the sensor data of various sensors of the vehicle in which the OBU 2 is installed, such as speedometer, compass or acceleration measurement data, as known to those skilled in the art.
- the OBUs 2 can be connected via a radio interface 4 e.g. dedicated short range communication (DSRC) standard associated with roadside equipment (RSE) 5, such as DSRC radio beacons, wireless local aerea network (WNA), wireless access in a vehicle (WAVE) base stations environment) etc., which they pass on their way and to which they can transmit a copy of the position data 3 for control purposes.
- DSRC dedicated short range communication
- RSE roadside equipment
- WNA wireless local aerea network
- WAVE wireless access in a vehicle
- the OBUs 2 are also connected to (at least) a proxy computer 7 of the road toll system 1, to which they - continuously or in batches, eg periodically or in case of need - their Transmit position data 3.
- the proxy computer 7 has a high computing power, eg in the form of a server farm, and extensive land or toll card material to perform a map matching between the raw position data 3 on the one hand and given geographical positions such as road progressions, virtual toll collection points, etc.
- the accuracy of the position determination of the OBU 2 is improved because scattering or position fixes can each be assigned to correct positions in a road network.
- the accuracy of the raw position data 3 with respect to the distance traveled ("driven distance") in conventional GPS determination could be about ⁇ 5%, whereas it could have an accuracy of ⁇ 1% after the map matching in the proxy computer 7.
- the card-adjusted, improved position data of this type are used in the proxy computer 7 as the basis for card-adjusted toll data 8.
- these toll data do not permit any individual conclusions to be drawn about the individual positions of the position data 3, since they represent a summarizing or "abstract-anonymous" evaluation of the same, for example in the form of the traveled sections of a road network, depending on the principle and embodiment of the toll system or the distance traveled ("driven distance") or travel time.
- the latter can e.g. for toll-related charging of toll roads ("pay as you drive”) or time-dependent charging of paid parking lots, etc.
- the card-adjusted toll data 8 can optionally be provided in the proxy computer 7 with such toll information.
- the card-matched, location-anonymized toll data 8 are from the proxy computer 7 in the embodiment of Fig. 1 sent back to the OBU 2, see arrow 8 '.
- anonymity for the sensitive position data 3 and thus the path of the vehicle can be ensured in this way.
- the OBU 2 generates independently of the proxy computer 7 - without toll card matching and only with simple calculation means, u.zw. preferably with a processor element 13 to be described later in detail - a rough estimate of the toll data, subsequently referred to as route data 9 extracted from the position data 3.
- the route data 9 serve to be able to carry out a plausibility check of the toll data 8 generated by the proxy computer 7.
- the route data are accordingly comparable to the toll data 8, albeit far less accurately because they are based on the unrefined, raw position data 3. If the toll data 8 reproduces, for example, the distance traveled ("driven distance") or travel time, then the route data 9 extracted from the OBU 2 from the position data 3 is likewise a distance traveled or travel time calculated therefrom.
- the accuracy of the route data 9 is, for example, ⁇ 5% and that of the toll data 8 is, for example, ⁇ 1%.
- the toll data 8 can not be directly compared with the route data 9 due to these differences in accuracy, however, it can be made plausible, ie it can be checked whether the toll data 8 is plausible on the basis of the route data 9.
- a specially protected processor element 10 is provided in the OBU 2, e.g. can be used by the toll operator itself in the OBU 2, for example in the form of a SIM or smart card.
- the processor element 10 is cryptographically secured at hardware level, so that, for example, only the toll operator has access to the data and programs contained therein.
- the processor element 10 thus represents a trusted element for the toll operator and satisfies similarly high security requirements, such as those imposed on the SIM cards, credit cards, bank cards, etc., integrated single-chip processors.
- the cryptographically secured processor element 10 is further provided in a manner known per se with a cryptographic signature 10 ', e.g. a cryptographic certificate, i. e. a cryptographic data element 10 ', which can be added by the processor element 10 all its data outputs to their authenticity to the issuing authority of the signature or certificate, e.g. the toll operator to prove.
- a cryptographic signature 10 ' e.g. a cryptographic certificate
- i. e. a cryptographic data element 10 ' which can be added by the processor element 10 all its data outputs to their authenticity to the issuing authority of the signature or certificate, e.g. the toll operator to prove.
- the described plausibility comparison of the toll data 8 with the route data 9 is performed.
- high computing power is not necessary, as is required, for example, for the toll card matching in the proxy computer 7, because here only e.g. a rough estimation calculation between a precisely in the toll data 8 and in the route data 9 inaccurately specified distance must be performed.
- the plausibility check in the processor element 10 can therefore be carried out with the computing power available in a simple trusted element single-chip processor.
- the processor element 10 Upon successful plausibility of the toll data 8, the processor element 10 provides it with its signature 10 '. and outputs it as signed toll data 11, see path 11 '.
- the signed toll data 11 can be sent back by the processor element 10 of the OBU 2, for example via the radio interface 6 to the proxy computer 7 and forwarded by the latter to a central computer 12 of the road toll system 1, see path 11 '.
- they can also be sent directly from the OBU 2 to the central computer 12, u.zw. both "online” eg via the radio interface 4 or 6 as well as “offline” via a data carrier.
- the processor element 10 plausibility checks and signs or certifies the toll data 8 arriving in a continuous stream individually or continuously in sections.
- the OBU 2 could dispense with the extraction of the route data 9 from the position data 3 and the position data 3 could be fed directly to the processor element 10.
- the processor element 10 plausibility checks the toll data 8 directly relative to the position data 3, the processor element 10 then having to perform increased computation steps or perform a more simplified plausibility check, e.g. only checks whether individual positions from the position data 3 fall in a specified in the toll data 8 area toll, USW.
- a second cryptographically access-secured processor element (“trusted element”) 13 is provided in the OBU 2 in order to extract the route data 9 from the position data 3.
- the processor element 13 is provided with its own signature 13 ', with which it provides the track data 9 generated by it (signed).
- the route data 9 signed by the processor element 13 can be queried by the infrastructure in the OBU 2 5 are provided via the interface 4.
- the processor element (“trusted element”) 13 provides a "secure freezing service” for the position data 3 or the route data 9 extracted therefrom.
- the signing or certification of the route data 9 ensures that the data queried via the interface 4 Route data 9 from a correspondingly trustworthy computing element, u.zw. Processor element ("trusted element") 13, generated and signed.
- the first and second processor elements 10, 13 may also be one and the same physical processor element Fig. 2 is this not possible.
- like reference characters designate like elements as in FIG Fig. 1 and it is only compared to the differences Fig. 1 received.
- the first processor element 10 is therefore arranged in the proxy computer 7 or connected thereto, and the OBU 2 sends here in addition to the raw position data 3 and the extracted route data 9 to the proxy computer 7, see arrow 9 '.
- the route data 9 can optionally be generated again from the second, arranged in the OBU 2 processor element 13 from the raw position data 3 and signed with the signature 13 ', so that the proxy computer 7 and the first processor element 10 can be sure that the route data 9 were correctly extracted in the OBU 2.
- the signed route data 9 can be provided again from the OBU 2 via the interface 4 for control queries.
- the first processor element 10 in the proxy computer 7 now again plausibility checks the toll card data 8, which have been card-matched in the proxy computer 7, with respect to the (optionally signed) route data 9 and provides them in the case of plausibility with his signature 10 'to issue signed toll data 11 (arrow 11 ").
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Business, Economics & Management (AREA)
- Finance (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Devices For Checking Fares Or Tickets At Control Points (AREA)
- Traffic Control Systems (AREA)
Abstract
Description
Die vorliegende Erfindung betrifft eine Vorrichtung und ein Verfahren zur Funktionsüberwachung eines Straßenmautsystems, das zumindest ein seine Position in Form von rohen Positionsdaten aufzeichnendes Fahrzeuggerät und einen stationären Proxyrechner umfaßt, der die rohen Positionsdaten vom Fahrzeuggerät empfängt und daraus durch Mautkartenabgleich kartenabgeglichene Mautdaten erzeugt.The present invention relates to a device and a method for monitoring the operation of a road toll system comprising at least one vehicle device recording its position in the form of raw position data and a stationary proxy computer which receives the raw position data from the vehicle device and generates toll-related toll data by toll map matching.
Derartige Straßenmautsysteme werden auch als Thin-client-Systeme bezeichnet. Das Fahrzeuggerät, auch On-board-Unit bzw. OBU genannt, kann kostengünstig mit geringer Rechenleistung ("thin-client") ausgeführt werden, weil der rechenintensive Mautkartenabgleich, d.h. der Abgleich der Positionsdaten mit für die Mauterhebung relevanten geographischen Elementen z.B. auf einer entsprechend vorbereiteten oder geeigneten digitalen Straßenkarte, in leistungsfähige stationäre Proxyrechner des Straßenmautsystems ausgelagert ist. Thin-Client-OBUs ermitteln dabei ihre Position beispielsweise mit Hilfe von Satellitennavigation oder Funklokalisierung in terrestrischen Funkbaken- oder Mobilfunknetzen.Such road toll systems are also referred to as thin-client systems. The vehicle device, also called on-board unit or OBU, can be carried out cost-effectively with low computing power ("thin-client"), because the compute-intensive toll card matching, i. the comparison of the position data with the toll collection relevant geographical elements, e.g. on a suitably prepared or suitable digital road map, is outsourced to powerful stationary proxy computer of the road toll system. Thin-client OBUs determine their position, for example, by means of satellite navigation or radio localization in terrestrial radio beacon or mobile networks.
Auch wenn Thin-client-Mautsysteme für den einzelnen Benutzer aufgrund der geringen Kosten einer Thin-client-OBU erhebliche Vorteile bringen, haben sie für den Betreiber des Stra-βenmautsystems den Nachteil, daß eine durchgehende sichere Funktionsüberprüfung ("secure monitoring") nicht möglich ist: So ist z.B. die Zuverlässigkeit des Mautkartenabgleichs im Proxyrechner für den Mautbetreiber nicht nachprüfbar und damit auch für Systemlieferanten schwer oder nicht nachweisbar.Although thin-client toll systems bring significant benefits to the individual user due to the low cost of a thin-client OBU, they have the disadvantage for the operator of the road toll toll system that a continuous secure function check ("secure monitoring") is not possible is: For example the reliability of toll card matching in the proxy computer for the toll operator unverifiable and therefore difficult or impossible for system suppliers.
Hingegen ist eine solche Funktionsüberwachung bei sog. Thick-client-Mautsystemen möglich: Bei diesen Mautsystemen werden kostspielige Thick-client-OBUs eingesetzt, welche über ihr eigenes Mautkartenmaterial und hohe Rechenleistung verfügen, um selbst den Mautkartenabgleich durchzuführen und die kartenabgeglichenen Mautdaten an ein Zentralsystem abzusetzen. Für solche Systeme sind Konzeptüberlegungen bekannt, die von den Thick-client-OBUs berechneten Mautdaten mit einer vom Mautbetreiber ausgegebenen und in der OBU installierten Signatur zu versehen, um die Authentizität der Daten gegenüber dem Zentralsystem des Mautbetreibers zu gewährleisten. Diese Lösung erfordert OBUs mit hoher Rechenleistung, welche die vom Mautbetreiber geforderten Authentifizierungsfunktionen ausführen können, und ist für herkömmliche Thin-client-Systeme nicht geeignet.By contrast, such a function monitoring in so-called. Thick-client toll systems possible: In these toll systems costly thick-client OBUs are used, which over have their own toll card material and high computing power to carry out their own toll card reconciliation and send the card-adjusted toll data to a central system. For such systems, concept considerations are known to provide the toll data calculated by the thick-client OBUs with a signature issued by the toll operator and installed in the OBU to ensure the authenticity of the data to the toll collection operator's central system. This solution requires high-performance OBUs that can perform the authentication functions required by the toll operator and is not suitable for traditional thin-client systems.
Die Erfindung setzt sich zum Ziel, eine Secure-Monitoring-Lösung für Thin-client-Straßenmautsysteme zu schaffen, welche die Vorteile der Betreibersicherheit von signierenden Thick-client-Systemen mit den Kostenvorteilen von Thin-client-Systemen verbindet.The invention has as its object to provide a secure monitoring solution for thin-client road toll systems, which combines the advantages of operator security of signing thick-client systems with the cost advantages of thin-client systems.
Dieses Ziel wird in einem ersten Aspekt der Erfindung mit einer Vorrichtung der eingangs genannten Art erreicht, die sich gemäß der Erfindung durch zumindest ein erstes mit einer Signatur ausgestattetes und kryptographisch zugangsgesichertes Prozessorelement auszeichnet, welches einerseits die rohen Positionsdaten oder daraus extrahierte Streckendaten vom Fahrzeuggerät und anderseits die kartenabgeglichenen Mautdaten vom Proxyrechner empfängt und dafür ausgebildet ist, die kartenabgeglichenen Mautdaten gegenüber den rohen Positions- bzw. den daraus extrahierten Streckendaten zu plausibilisieren und bei erfolgreicher Plausibilisierung mit seiner Signatur versehen auszugeben.This object is achieved in a first aspect of the invention with a device of the type mentioned, which is characterized according to the invention by at least a first equipped with a signature and cryptographically access secured processor element, on the one hand, the raw position data or extracted therefrom route data from the vehicle unit and on the other hand the toll card data is received from the proxy computer and configured to plausibilize the card-compensated toll data against the raw item data or the route data extracted therefrom and output it with a signature if successful.
Die Erfindung schafft damit erstmals eine durchgehende Zertifizierungslösung für von Thin-client-OBUs erzeugte Mautdaten. Ein mit einer Signatur ausgestattetes und kryptographisch zugangsgesichertes Prozessorelement stellt ein "trusted element" für den Mautbetreiber dar, welches mit einer ihm vertrauenswürdigen Signatur, z.B. einem Zertifikat einer vertrauenswürdigen Ausgabestelle, ausgestattet und für seinen alleinigen Zugang gesichert werden kann. Prozessorelemente dieser Art können kostengünstig als Single-Chip-Module hergestellt werden, wie sie bei SIM-Karten, Chipkarten usw. in breitem Umfang verwendet werden. Im Gegensatz zu dem bei Thick-client-OBUs erforderlichen Kartenabgleich in der OBU erfordert die erfindungsgemäße Plausibilitätsprüfung der kartenabgeglichenen Mautdaten gegenüber den Positions- bzw. Streckendaten eine nur geringe Rechenleistung des Trusted Elements, wie sie von handelsüblichen SIM- bzw. Chipkarten-Prozessorelementen ohne weiteres aufgebracht werden kann.For the first time, the invention thus provides a continuous certification solution for toll data generated by thin-client OBUs. An equipped with a signature and cryptographically access secured processor element is set "Trusted element" for the toll operator, which can be equipped with a trusted signature, such as a certificate of a trusted issuing office, and secured for its sole access. Processor elements of this type can be inexpensively manufactured as single-chip modules, as they are widely used in SIM cards, smart cards, etc. In contrast to the map matching in the OBU required for thick-client OBUs, the plausibility check according to the invention of the card-compensated toll data compared to the position or route data requires only a low computing power of the trusted element, as readily available from commercially available SIM or chip card processor elements can be applied.
Unter dem Begriff "Plausibilisieren" wird in der vorliegenden Beschreibung eine grobe Überprüfung bzw. ein ungefährer Vergleich verstanden, ob die vom Proxyrechner erstellten Mautdaten den Positionsdaten bzw. daraus extrahierten Streckendaten entspringen können, d.h. plausibel sind: So lassen sich beispielsweise gebietsbezogene Mautdaten plausibilisieren, indem überprüft wird, ob die zugrundegelegenen Positionsdaten in dem Gebiet der Mautdaten liegen. Wenn die Mautdaten auf einer zurückgelegten Wegstrecke oder Wegzeit beruhen, kann die Plausibilität z.B. mit Hilfe einer überschlagsmäßigen Kumulierung der zwischen einzelnen Positionen der Positionsdaten liegenden Entfernungen geprüft werden.In the present description, the term "plausibility check" is understood to mean a rough check or an approximate comparison as to whether the toll data generated by the proxy computer can originate from the position data or from the route data extracted therefrom, ie are plausible : For example, area-related toll data can be made plausible by a check is made as to whether the underlying position data lies in the area of the toll data. If the toll data is based on a distance traveled or a travel time, the plausibility can be checked, for example, by means of a rough accumulation of the distances lying between individual positions of the position data.
In einer ersten bevorzugten Ausführungsform der Erfindung ist das erste Prozessorelement im Proxyrechner des Mautbetreibers angeordnet. Dadurch kann das Prozessorelement direkt in der Verfügungsgewalt des Betreibers (oder eines vertrauenswürdigen Dritten) stehen und auch betreiberspezifisch ausgeführt werden.In a first preferred embodiment of the invention, the first processor element is arranged in the proxy computer of the toll operator. As a result, the processor element can be directly in the control of the operator (or a trusted third party) and can also be executed operator-specifically.
Eine alternative bevorzugte Ausführungsform der Erfindung für ein Straßenmautsystem, dessen Proxyrechner die kartenabgeglichenen Mautdaten zurück an das Fahrzeuggerät sendet, zeichnet sich dadurch aus, daß das erste Prozessorelement im Fahrzeuggerät angeordnet ist. Diese Lösung hat den Vorteil, daß das Prozessorelement mit verschiedenen Proxyrechnern unterschiedlicher Mautbetreiber zusammenarbeiten kann. Darüber hinaus sind dadurch die von einer Thin-client-OBU abgegebenen Mautdaten in derselben Art und Weise zertifiziert, wie sie von einer herkömmlichen zertifizierten Thick-client-OBU erhaltbar sind.An alternative preferred embodiment of the invention for a road toll system, the proxy computer, the card-balanced Toll data sent back to the vehicle unit, characterized in that the first processor element is arranged in the vehicle unit. This solution has the advantage that the processor element can work together with different proxy computers of different toll operators. It also certifies the toll data submitted by a thin-client OBU in the same manner as that obtainable from a traditional certified thick-client OBU.
Besonders günstig ist es, wenn das erste Prozessorelement in das Fahrzeuggerät modular austauschbar eingesetzt ist, beispielsweise in der Art einer SIM-Karte. Dadurch können z.B. von Drittlieferanten gefertigte Thin-client-OBUs vom Betreiber mit Prozessorelementen seines Vertrauens ausgestattet werden.It is particularly favorable when the first processor element is inserted into the vehicle device in a modularly exchangeable manner, for example in the manner of a SIM card. Thereby, e.g. third-party manufactured thin-client OBUs are equipped by the operator with processor elements of his confidence.
Wie bereits erörtert, kann das Prozessorelement entweder die rohen Positionsdaten oder daraus extrahierte Streckendaten mit den Mautdaten abgleichen. Bevorzugt werden aus den Positionsdaten extrahierte Streckendaten verwendet, d.h. das Fahrzeuggerät ist dafür ausgebildet, aus den rohen Positionsdaten Streckendaten zu extrahieren und an das erste Prozessorelement zu senden, welches die kartenabgeglichenen Mautdaten gegenüber den extrahierten Streckendaten plausibilisiert. Dies stellt einen Zugewinn an Vertraulichkeit ("privacy") dar: Das dem Mautbetreiber zur Zertifizierung dienende Prozessorelement erfährt damit nicht die rohen Positionsdaten der OBU ("position fix track"), sondern nur Auszüge bzw. Verallgemeinerungen derselben, was die Bewegungshistorie des Benutzers vor Datenmißbrauch schützt.As already discussed, the processor element may either match the raw position data or route data extracted therefrom with the toll data. Preferably, route data extracted from the position data is used, i. the vehicle device is designed to extract route data from the raw position data and to send it to the first processor element, which makes the card-adjusted toll data plausible with respect to the extracted route data. This represents a gain in privacy. The processor element serving the certification for the toll operator thus does not experience the position position of the OBU but only excerpts or generalizations of the same, as far as the movement history of the user is concerned Data abuse protects.
Zu diesem Zweck sind bevorzugt die extrahierten Streckendaten aus den rohen Positionsdaten akkumulierte Wegstrecken oder Wegzeiten, aus welchen sich keine direkten Rückschlüsse auf die einzelnen Bewegungen des Benutzers mit seinem Fahrzeuggerät ziehen lassen.For this purpose, the extracted route data from the raw position data are preferably accumulated travel distances or travel times, from which no direct conclusions can be drawn about the individual movements of the user with his vehicle device.
Bei Verwendung solcher Streckendaten zeichnet sich eine weitere bevorzugte Ausführungsform der Erfindung durch zumindest ein zweites mit einer Signatur ausgestattetes und kryptographisch zugangsgesichertes Prozessorelement aus, das im Fahrzeuggerät angeordnet und dafür ausgebildet ist, die genannten extrahierten Streckendaten aus den rohen Positionsdaten zu erzeugen und mit seiner Signatur zu versehen. Dadurch kann eine zusätzliche Funktionsüberwachungsstufe eingeführt werden, welche auch den Schritt der Extrahierung der Streckendaten umfaßt.When using such route data, a further preferred embodiment of the invention is characterized by at least a second equipped with a signature and cryptographically access secured processor element which is arranged in the vehicle unit and adapted to generate said extracted route data from the raw position data and with its signature Provided. Thereby, an additional function monitoring stage can be introduced, which also includes the step of extracting the route data.
Bevorzugt ist auch das zweite Prozessorelement in das Fahrzeuggerät modular austauschbar eingesetzt, und besonders bevorzugt können das erste und das zweite Prozessorelement sogar ident sein.Preferably, the second processor element is used in the vehicle unit modular interchangeable, and particularly preferably, the first and the second processor element may even be ident.
Eine weitere besonders vorteilhafte Ausführungsform der Erfindung zeichnet sich dadurch aus, daß das Fahrzeuggerät dafür ausgebildet ist, die mit der Signatur versehenen extrahierten Streckendaten auf einer Schnittstelle zur Abfrage durch eine straßenseitige Infrastruktur bereitzustellen. Dadurch ermöglicht das Prozessorelement bzw. "trusted element" gleichzeitig auch einen "secure freezing service" für die im Fahrzeuggerät fortlaufend anfallenden Positions- bzw. daraus extrahierten Streckendaten. Straßenseitige Infrastruktur wie Mautbaken, Kontrollfahrzeuge usw. können auf diese Weise vertrauenswürdige ("trusted") Kontrolldaten von passierenden Fahrzeuggeräten einholen.A further particularly advantageous embodiment of the invention is characterized in that the vehicle device is designed to provide the extracted route data provided with the signature on an interface for interrogation by a roadside infrastructure. As a result, the processor element or "trusted element" simultaneously also enables a "secure freezing service" for the position data or path data continuously extracted therefrom in the vehicle device. Roadside infrastructure such as toll bills, control vehicles, etc., can in this way obtain trusted control data from passing vehicle equipment.
In einem zweiten Aspekt schafft die Erfindung ein Verfahren zur Funktionsüberwachung eines Straßenmautsystems der genannten Art, welches sich dadurch auszeichnet, daß in einem mit einer Signatur ausgestatteten und kryptographisch zugangsgesicherten Prozessorelement die kartenabgeglichenen Mautdaten des Proxyrechners gegenüber den rohen Positionsdaten des Fahrzeuggeräts oder daraus extrahierten Streckendaten plausibilisiert und bei erfolgreicher Plausibilisierung mit der Signatur versehen ausgegeben werden.In a second aspect, the invention provides a method for monitoring the operation of a road toll system of the type mentioned, which is plausibilized in a equipped with a signature and cryptographically secured processor element, the card-adjusted toll data of the proxy computer against the raw position data of the vehicle unit or extracted therefrom route data and be issued with a successful plausibility with the signature provided.
Wenn der Proxyrechner die kartenabgeglichenen Mautdaten zurück an das Fahrzeuggerät sendet, erfolgt das genannte Plausibilisieren bevorzugt in einem Prozessorelement des Fahrzeuggeräts.If the proxy computer sends the card-compensated toll data back to the vehicle unit, said plausibility check preferably takes place in a processor element of the vehicle unit.
Gemäß einem weiteren Merkmal der Erfindung werden im Fahrzeuggerät aus den rohen Positionsdaten die Streckendaten extrahiert und im Prozessorelement die kartenabgeglichenen Mautdaten gegenüber den extrahierten Streckendaten plausibilisiert.According to a further feature of the invention, in the vehicle device, the route data is extracted from the raw position data and the plausibility of the map-matched toll data in the processor element with respect to the extracted route data.
Dabei sind bevorzugt die extrahierten Streckendaten Wegstrecken oder Wegzeiten, die aus den Positionsdaten akkumuliert werden.In this case, the extracted route data is preferably distances or travel times which are accumulated from the position data.
Besonders günstig ist es, wenn in demselben oder einem weiteren mit einer Signatur ausgestatteten und kryptographisch zugangsgesicherten Prozessorelement die extrahierten Streckendaten aus den rohen Positionsdaten erzeugt und mit der Signatur versehen werden.It is particularly advantageous if the extracted route data is generated from the raw position data and provided with the signature in the same or another processor element equipped with a signature and secured cryptographically.
Bevorzugt werden die mit der Signatur versehenen extrahierten Streckendaten im Fahrzeuggerät für eine Abfrage durch eine straßenseitige Infrastruktur bereitgestellt.Preferably, the extracted route data provided with the signature is provided in the vehicle device for interrogation by a roadside infrastructure.
Hinsichtlich weiterer Merkmale und Vorteile des erfindungsgemäßen Verfahrens wird auf die obigen Ausführungen zur erfindungsgemäßen Vorrichtung verwiesen.With regard to further features and advantages of the method according to the invention, reference is made to the above statements on the device according to the invention.
Die Erfindung wird nachstehend anhand von in den beigeschlossenen Zeichnungen dargestellten Ausführungsbeispielen näher erläutert. In den Zeichnungen zeigt
-
Fig. 1 ein Blockschaltbild einer ersten Vorrichtung der Erfindung, in dem gleichzeitig die Datenflüsse des erfindungsgemäßen Verfahrens dargestellt sind; und -
Fig. 2 ein Blockschaltbild einer zweiten Ausführungsform der Vorrichtung der Erfindung, welches gleichzeitig die Datenflüsse einer zweiten Ausführungsform des erfindungsgemäßen Verfahrens wiedergibt.
-
Fig. 1 a block diagram of a first device of the invention, in which the data flows of the inventive method are simultaneously shown; and -
Fig. 2 a block diagram of a second embodiment of the device of the invention, which simultaneously the data flows a second embodiment of the method according to the invention.
Die OBUs 2 können über eine Funkschnittstelle 4 z.B. nach dem DSRC-Standard (dedicated short range communication) mit einer straßenseitigen Infrastruktur 5 (roadside equipment, RSE) in Verbindung stehen, beispielsweise DSRC-Funkbaken, WLAN-Accesspoints (wireless local aerea network), WAVE-Basisstationen (wireless access in a vehicle environment) usw., die sie auf ihrem Weg passieren und an welche sie eine Kopie der Positionsdaten 3 zu Kontrollzwecken übermitteln können.The OBUs 2 can be connected via a
Über dieselbe Funkschnittstelle 4 oder über eine weitere Funkschnittstelle 6, z.B. eine Datenverbindung in einem Mobilfunknetz, stehen die OBUs 2 ferner mit (zumindest) einem Proxyrechner 7 des Straßenmautsystems 1 in Verbindung, welchem sie - fortlaufend oder stapelweise, z.B. periodisch oder im Anlaßfall - ihre Positionsdaten 3 übermitteln. Der Proxyrechner 7 verfügt über eine hohe Rechenleistung, z.B. in Form einer Serverfarm, und umfangreiches Land- bzw. Mautkartenmaterial, um einen Kartenabgleich ("map matching") zwischen den rohen Positionsdaten 3 einerseits und vorgegebenen geographischen Positionen wie Straßenverläufen, virtuellen Mauterhebungsstellen usw. durchzuführen. Durch diesen Mautkartenabgleich wird die Genauigkeit der Positionsbestimmung der OBU 2 verbessert, weil streuende bzw. abweichende Positionsbestimmungen (position fixes) jeweils korrekten Positionen in einem Straßennetz zugeordnet werden können. Beispielsweise könnte die Genauigkeit der rohen Positionsdaten 3 hinsichtlich der zurückgelegten Wegstrecke ("driven distance") bei herkömmlicher GPS-Bestimmung etwa ± 5% betragen, wogegen sie nach dem Kartenabgleich im Proxyrechner 7 eine Genauigkeit von ± 1% aufweisen könnte.Via the
Die derart kartenabgeglichenen, verbesserten Positionsdaten werden im Proxyrechner 7 als Grundlage für kartenabgeglichen Mautdaten 8 verwendet. Diese Mautdaten lassen in der Regel keine individuellen Rückschlüsse mehr auf die einzelnen Positionen der Positionsdaten 3 zu, denn sie stellen je nach Prinzip und Ausführungsform des Mautsystems eine zusammenfassende bzw. abstrahierende und "ortsanonymisierte" Auswertung derselben dar, beispielsweise in Form der befahrenen Streckenabschnitte eines Straßennetzes oder der zurückgelegten Wegstrecke ("driven distance") oder Wegzeit. Letztere können z.B. zur wegeabhängigen Vergebührung von Mautstraßen ("pay as you drive") oder zeitabhängigen Vergebührung von gebührenpflichtigen Parkplätzen usw. verwendet werden. Die kartenabgeglichenen Mautdaten 8 können im Proxyrechner 7 optional mit solchen Mautgebühreninformationen versehen werden.The card-adjusted, improved position data of this type are used in the
Die kartenabgeglichenen, ortsanonymisierten Mautdaten 8 werden vom Proxyrechner 7 in der Ausführungsform von
Um diesen Vorgang für einen Mautbetreiber, welcher die Mautdaten 8 zur Vergebührung benötigt, in seiner Funktionsweise nachprüfbar zu machen und die Systemfunktionalität ihm gegenüber gewährleisten zu können, dienen die folgenden Vorrichtungen und Verfahren.In order to be able to verify the operation of this procedure for a toll operator, who needs the
Die OBU 2 erzeugt unabhängig vom Proxyrechner 7 - ohne Mautkartenabgleich und nur mit einfachen Rechenmitteln, u.zw. bevorzugt mit einem später noch ausführlich beschriebenen Prozessorelement 13 - eine grobe Schätzung der Mautdaten, in weiterer Folge als aus den Positionsdaten 3 extrahierte Streckendaten 9 bezeichnet. Die Streckendaten 9 dienen dazu, eine Plausibilitätsprüfung der vom Proxyrechner 7 erzeugten Mautdaten 8 durchführen zu können. Die Streckendaten sind demgemäß mit den Mautdaten 8 vergleichbar, wenn auch weit weniger genau, weil sie ja auf den unverbesserten, rohen Positionsdaten 3 beruhen. Wenn die Mautdaten 8 z.B. die zurückgelegte Wegstrecke ("driven distance") bzw. Wegzeit wiedergeben, dann sind die von der OBU 2 aus den Positionsdaten 3 extrahierten Streckendaten 9 ebenfalls eine daraus berechnete zurückgelegte Wegstrecke bzw. Wegzeit. In dem zuvor genannten Beispiel von GPS-bestimmten Positionsdaten 3 und mautkartenabgeglichenen Mautdaten 8 ist die Genauigkeit der Streckendaten 9 z.B. ± 5% und jene der Mautdaten 8 z.B. ± 1%.The
Die Mautdaten 8 können aufgrund dieser Genauigkeitsunterschiede damit zwar nicht direkt mit den Streckendaten 9 verglichen werden, jedoch gegenüber diesen plausibilisiert werden, d.h. es kann geprüft werden, ob die Mautdaten 8 auf Grundlage der Streckendaten 9 plausibel sind.Although the
Zu diesem Zweck ist in der OBU 2 ein speziell geschütztes Prozessorelement 10 vorgesehen, das z.B. vom Mautbetreiber selbst in die OBU 2 eingesetzt werden kann, beispielsweise in Form einer SIM- oder Chipkarte. Das Prozessorelement 10 ist auf Hardwareniveau kryptographisch zugangsgesichert, sodaß beispielsweise nur der Mautbetreiber Zugang zu den darin enthaltenen Daten und Programmen hat. Das Prozessorelement 10 stellt damit ein für den Mautbetreiber vertrauenswürdiges Element ("trusted element") dar und erfüllt ähnlich hohe Sicherheitsanforderungen, wie sie beispielsweise an die auf SIM-Karten, Kreditkarten, Bankkarten usw. integrierten Single-Chip-Prozessoren gestellt werden.For this purpose, a specially protected
Das kryptographisch zugangsgesicherte Prozessorelement 10 ist ferner in an sich bekannter Weise mit einer kryptographischen Signatur 10', z.B. einem kryptographischen Zertifikat, ausgestattet, d.h. einem kryptographischen Datenelement 10', welches vom Prozessorelement 10 all seinen Datenausgaben hinzugefügt werden kann, um deren Authentizität gegenüber der Ausgabestelle der Signatur bzw. des Zertifikats, z.B. dem Mautbetreiber, nachweisen zu können.The cryptographically
In dem Prozessorelement 10 wird der geschilderte Plausibilitätsvergleich der Mautdaten 8 mit den Streckendaten 9 durchgeführt. Für diesen Plausibilitätsvergleich ist keine hohe Rechenleistung - wie sie etwa für den Mautkartenabgleich im Proxyrechner 7 erforderlich ist - notwendig, weil hier lediglich z.B. eine grobe Abschätzungsrechnung zwischen einer in den Mautdaten 8 genau und in den Streckendaten 9 ungenau angegebenen Wegstrecke durchgeführt werden muß. Die Plausibilitäts- überprüfung im Prozessorelement 10 kann daher mit der in einem einfachen Trusted-Element-Single-Chip-Prozessor zur Verfügung stehenden Rechenleistung durchgeführt werden.In the
Bei erfolgreicher Plausibilisierung der Mautdaten 8 versieht das Prozessorelement 10 diese mit seiner Signatur 10' und gibt sie als signierte Mautdaten 11 aus, siehe Pfad 11'. Die signierten Mautdaten 11 können vom Prozessorelement 10 der OBU 2 beispielsweise wieder über die Funkschnittstelle 6 an den Proxyrechner 7 zurückgesandt und von diesem an einen Zentralrechner 12 des Straßenmautsystems 1 weitergeleitet werden, siehe Pfad 11'. Alternativ können sie auch direkt von der OBU 2 an den Zentralrechner 12 abgesetzt werden, u.zw. sowohl "online" z.B. über die Funkschnittstelle 4 oder 6 als auch "offline" über einen Datenträger.Upon successful plausibility of the
Auf diese Weise plausibilisiert und signiert bzw. zertifiziert das Prozessorelement 10 die in einem fortlaufenden Strom einlangenden Mautdaten 8 jeweils einzeln oder fortlaufend abschnittsweise.In this way, the
In einer alternativen, vereinfachten Ausführungsform könnte die OBU 2 auf die Extraktion der Streckendaten 9 aus den Positionsdaten 3 verzichten und die Positionsdaten 3 könnten dem Prozessorelement 10 direkt zugeführt werden. In diesem Fall plausibilisiert das Prozessorelement 10 die Mautdaten 8 direkt gegenüber den Positionsdaten 3, wobei das Prozessorelement 10 dann vermehrte Rechenschritte ausführen muß oder eine stärker vereinfachte Plausibilisierung durchführt, z.B. lediglich überprüft, ob einzelne Positionen aus den Positionsdaten 3 in eine in den Mautdaten 8 angegebenen Gebietsmaut fallen, USW.In an alternative, simplified embodiment, the
In einer bevorzugten Ausführungsform wird in der OBU 2 ein zweites kryptographisch zugangsgesichertes Prozessorelement ("trusted element") 13 vorgesehen werden, um aus den Positionsdaten 3 die Streckendaten 9 zu extrahieren. Das Prozessorelement 13 ist mit einer eigenen Signatur 13' ausgestattet, mit welcher es die von ihm erzeugten Streckendaten 9 versieht (signiert).In a preferred embodiment, a second cryptographically access-secured processor element ("trusted element") 13 is provided in the
Die vom Prozessorelement 13 signierten Streckendaten 9 können überdies in der OBU 2 zur Abfrage durch die Infrastruktur 5 über die Schnittstelle 4 bereitgestellt werden. Dadurch leistet das Prozessorelement ("trusted element") 13 einen "secure freezing service" für die Positionsdaten 3 bzw. die daraus extrahierten Streckendaten 9. Die Signierung bzw. Zertifizierung der Streckendaten 9 gewährleistet gegenüber der Infrastruktur 5, daß die über die Schnittstelle 4 abgefragten Streckendaten 9 von einem entsprechend vertrauenswürdigen Rechenelement, u.zw. Prozessorelement ("trusted element") 13, erzeugt und signiert wurden.Moreover, the
In
In der Ausführungsform von
Das erste Prozessorelement 10 im Proxyrechner 7 plausibilisiert nun wieder die im Proxyrechner 7 kartenabgeglichenen Mautdaten 8 gegenüber den (optional signierten) Streckendaten 9 und versieht sie im Plausibilisierungsfall mit seiner Signatur 10', um signierte Mautdaten 11 auszugeben (Pfeil 11").The
Die Erfindung ist nicht auf die dargestellten Ausführungsformen beschränkt, sondern umfaßt alle Varianten und Modifikationen, die in den Rahmen der angeschlossenen Ansprüche fallen.The invention is not limited to the illustrated embodiments, but includes all variants and modifications that fall within the scope of the appended claims.
Claims (16)
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PT104501291T PT2423885E (en) | 2010-08-06 | 2010-08-06 | Device and method for monitoring the function of a road toll system |
PL10450129T PL2423885T3 (en) | 2010-08-06 | 2010-08-06 | Device and method for monitoring the function of a road toll system |
DK10450129.1T DK2423885T3 (en) | 2010-08-06 | 2010-08-06 | Apparatus and method for function monitoring of a toll system |
SI201030489T SI2423885T1 (en) | 2010-08-06 | 2010-08-06 | Device and method for monitoring the function of a road toll system |
EP10450129.1A EP2423885B1 (en) | 2010-08-06 | 2010-08-06 | Device and method for monitoring the function of a road toll system |
ES10450129.1T ES2441815T3 (en) | 2010-08-06 | 2010-08-06 | Device and method to monitor the operation of a road toll system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP10450129.1A EP2423885B1 (en) | 2010-08-06 | 2010-08-06 | Device and method for monitoring the function of a road toll system |
Publications (2)
Publication Number | Publication Date |
---|---|
EP2423885A1 true EP2423885A1 (en) | 2012-02-29 |
EP2423885B1 EP2423885B1 (en) | 2013-10-16 |
Family
ID=43288032
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP10450129.1A Not-in-force EP2423885B1 (en) | 2010-08-06 | 2010-08-06 | Device and method for monitoring the function of a road toll system |
Country Status (6)
Country | Link |
---|---|
EP (1) | EP2423885B1 (en) |
DK (1) | DK2423885T3 (en) |
ES (1) | ES2441815T3 (en) |
PL (1) | PL2423885T3 (en) |
PT (1) | PT2423885E (en) |
SI (1) | SI2423885T1 (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2665044A1 (en) * | 2012-05-16 | 2013-11-20 | Kapsch TrafficCom AG | Method for measuring the capacity of a toll system |
EP2752821A2 (en) | 2013-01-02 | 2014-07-09 | Albert Kuiper | Enhancement of enforcing road user charging |
EP2814003A1 (en) * | 2013-06-03 | 2014-12-17 | Continental Automotive GmbH | Method for operating a motor vehicle toll system and motor vehicle toll system |
EP2811467A3 (en) * | 2013-06-04 | 2014-12-31 | Toll Collect GmbH | Method and devices for error detection in a toll system |
EP2922031A1 (en) * | 2014-12-09 | 2015-09-23 | Toll Collect GmbH | Method and devices for error detection in a toll system |
WO2015121410A3 (en) * | 2014-02-13 | 2015-11-05 | Continental Automotive Gmbh | Toll detection device for detecting a toll for a motor vehicle |
WO2020259933A1 (en) * | 2019-06-26 | 2020-12-30 | Volkswagen Aktiengesellschaft | Method, computer program, and device for processing data detected by a motor vehicle |
EP2757533B1 (en) * | 2013-01-18 | 2021-02-24 | Aselsan Elektronik Sanayi ve Ticaret Anonim Sirketi | System and method for tracking driving hours online with electronic signature |
US11290885B2 (en) | 2018-12-19 | 2022-03-29 | Rohde & Schwarz Gmbh & Co. Kg | Communication system and method |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
ES2930015T3 (en) * | 2014-11-17 | 2022-12-05 | Kapsch Trafficcom Ag | Method and apparatus for reliable recording in a highway toll system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006015792A1 (en) * | 2004-08-06 | 2006-02-16 | Daimlerchrysler Ag | System, on-board terminal, and off-board central unit for collecting tolls |
WO2009001303A1 (en) * | 2007-06-26 | 2008-12-31 | Nxp B.V. | Road toll system |
EP2017790A2 (en) * | 2007-07-16 | 2009-01-21 | Charles Graham Palmer | Position-based charging |
-
2010
- 2010-08-06 PT PT104501291T patent/PT2423885E/en unknown
- 2010-08-06 PL PL10450129T patent/PL2423885T3/en unknown
- 2010-08-06 DK DK10450129.1T patent/DK2423885T3/en active
- 2010-08-06 EP EP10450129.1A patent/EP2423885B1/en not_active Not-in-force
- 2010-08-06 ES ES10450129.1T patent/ES2441815T3/en active Active
- 2010-08-06 SI SI201030489T patent/SI2423885T1/en unknown
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006015792A1 (en) * | 2004-08-06 | 2006-02-16 | Daimlerchrysler Ag | System, on-board terminal, and off-board central unit for collecting tolls |
WO2009001303A1 (en) * | 2007-06-26 | 2008-12-31 | Nxp B.V. | Road toll system |
EP2017790A2 (en) * | 2007-07-16 | 2009-01-21 | Charles Graham Palmer | Position-based charging |
Non-Patent Citations (3)
Title |
---|
"Electronic fee collection - Application interface definition for autonomous systems - Part 1 : Changing", ISO TECHNICAL SPECIFICATION,, no. ISO/TS 17575-1, 15 June 2010 (2010-06-15), pages I - VIII,1, XP008130463 * |
EXPERT GROUP 12: "Security aspects of the EETS", EG 12 FINAL REPORT V1.0 5APR07,, no. v1.0, 5 April 2007 (2007-04-05), pages 1 - 86, XP007916364 * |
VIS J: "An example of a view on EETS trust and privacy in GNSS based toll systems", REPORT MINISTRY OF TRANSPORT, PUBLIC WORKS AND WATER MANAGEMENT THE NETHERLANDS,, 15 December 2009 (2009-12-15), pages 1 - 28, XP007916365 * |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2665044A1 (en) * | 2012-05-16 | 2013-11-20 | Kapsch TrafficCom AG | Method for measuring the capacity of a toll system |
EP2752821A2 (en) | 2013-01-02 | 2014-07-09 | Albert Kuiper | Enhancement of enforcing road user charging |
EP2757533B1 (en) * | 2013-01-18 | 2021-02-24 | Aselsan Elektronik Sanayi ve Ticaret Anonim Sirketi | System and method for tracking driving hours online with electronic signature |
EP2814003A1 (en) * | 2013-06-03 | 2014-12-17 | Continental Automotive GmbH | Method for operating a motor vehicle toll system and motor vehicle toll system |
EP2811467A3 (en) * | 2013-06-04 | 2014-12-31 | Toll Collect GmbH | Method and devices for error detection in a toll system |
EP2811468A3 (en) * | 2013-06-04 | 2015-04-29 | Toll Collect GmbH | Method and device for error detection in a toll system |
EP2811466A3 (en) * | 2013-06-04 | 2015-04-15 | Toll Collect GmbH | Method and devices for error detection in a toll system |
WO2015121410A3 (en) * | 2014-02-13 | 2015-11-05 | Continental Automotive Gmbh | Toll detection device for detecting a toll for a motor vehicle |
EP2922031A1 (en) * | 2014-12-09 | 2015-09-23 | Toll Collect GmbH | Method and devices for error detection in a toll system |
US11290885B2 (en) | 2018-12-19 | 2022-03-29 | Rohde & Schwarz Gmbh & Co. Kg | Communication system and method |
WO2020259933A1 (en) * | 2019-06-26 | 2020-12-30 | Volkswagen Aktiengesellschaft | Method, computer program, and device for processing data detected by a motor vehicle |
CN113994397A (en) * | 2019-06-26 | 2022-01-28 | 大众汽车股份公司 | Method, computer program and device for processing data detected by a motor vehicle |
CN113994397B (en) * | 2019-06-26 | 2024-04-02 | 大众汽车股份公司 | Method, computer-readable medium and device for processing data detected by a motor vehicle |
Also Published As
Publication number | Publication date |
---|---|
DK2423885T3 (en) | 2014-01-20 |
EP2423885B1 (en) | 2013-10-16 |
SI2423885T1 (en) | 2014-02-28 |
PL2423885T3 (en) | 2014-03-31 |
PT2423885E (en) | 2014-01-10 |
ES2441815T3 (en) | 2014-02-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2423885B1 (en) | Device and method for monitoring the function of a road toll system | |
EP0741891B2 (en) | Method and system for determining toll charges for traffic routes and/or areas | |
EP2860703B1 (en) | Method for checking toll transactions and components therefor | |
AT507031B1 (en) | METHOD AND DEVICE FOR HOLDING TOLL | |
DE102008012660A1 (en) | Server-based warning of dangers | |
EP1395957B1 (en) | Dual toll system | |
EP2038849B1 (en) | Method and apparatus for ensuring data protection during off-board toll metering | |
EP2624231A1 (en) | Devices and method for controlling a road toll system | |
EP3158362A2 (en) | Method for verifying the plausibility of gnss position signals | |
EP1630747A2 (en) | Toll collection system and method | |
EP2994890B1 (en) | Method and device for providing data for toll charging and toll system | |
EP1655700A2 (en) | Method and system for road tax determination | |
WO2003038763A1 (en) | Device for temporarily overcoming the loss of a satellite navigation signal, for satellite navigation-based dual toll systems | |
DE19744419A1 (en) | Vehicle on-board equipment to detect and evaluate road and vehicle information | |
WO2016062712A1 (en) | Method and onboard unit (obu) for toll recording | |
EP3355249B1 (en) | Method for allocating a vehicle to a parking space, data processing system and vehicle | |
DE102014116756A1 (en) | Device for collecting a vehicle toll | |
EP3279870A1 (en) | Data processing device, system and method for verifying performance of a specified function of a position determination device | |
EP1920411B1 (en) | Test method for detecting deviations in geoobjects | |
WO2007073748A1 (en) | System and method for determining the tolls for road sections and/or regions which are subject to a toll | |
EP2665044B1 (en) | Method for measuring the capacity of a toll system | |
DE102009042470A1 (en) | Arrangement for collecting toll charge of lorry on highway roads, has edge lines for arrangement of position of vehicle to tracks by traffic lane, where toll charges are detected and stored according to different toll lanes | |
DE102005059284A1 (en) | Method for determining corrected current position data, in particular for determining current vehicle positions | |
EP3113119B1 (en) | Method for tracking vehicles which are liable for a toll in a toll system | |
DE10205162A1 (en) | Device for determining user charges |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
17P | Request for examination filed |
Effective date: 20110607 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME RS |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R079 Ref document number: 502010005060 Country of ref document: DE Free format text: PREVIOUS MAIN CLASS: G07B0015000000 Ipc: G07B0015060000 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: G07B 15/06 20110101AFI20130211BHEP |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
INTG | Intention to grant announced |
Effective date: 20130513 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D Free format text: NOT ENGLISH |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D Free format text: LANGUAGE OF EP DOCUMENT: GERMAN |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: REF Ref document number: 636812 Country of ref document: AT Kind code of ref document: T Effective date: 20131115 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 502010005060 Country of ref document: DE Effective date: 20131212 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: NV Representative=s name: PATWIL AG, CH |
|
REG | Reference to a national code |
Ref country code: PT Ref legal event code: SC4A Free format text: AVAILABILITY OF NATIONAL TRANSLATION Effective date: 20140106 |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: T3 |
|
REG | Reference to a national code |
Ref country code: DK Ref legal event code: T3 Effective date: 20140113 |
|
REG | Reference to a national code |
Ref country code: SE Ref legal event code: TRGR |
|
REG | Reference to a national code |
Ref country code: ES Ref legal event code: FG2A Ref document number: 2441815 Country of ref document: ES Kind code of ref document: T3 Effective date: 20140206 |
|
REG | Reference to a national code |
Ref country code: NO Ref legal event code: T2 Effective date: 20131016 |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG4D |
|
REG | Reference to a national code |
Ref country code: SK Ref legal event code: T3 Ref document number: E 15489 Country of ref document: SK |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20131016 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20140216 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20131016 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20131016 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20131016 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20131016 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R026 Ref document number: 502010005060 Country of ref document: DE |
|
PLBI | Opposition filed |
Free format text: ORIGINAL CODE: 0009260 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20131016 |
|
26 | Opposition filed |
Opponent name: SIEMENS AKTIENGESELLSCHAFT Effective date: 20140715 |
|
PLAX | Notice of opposition and request to file observation + time limit sent |
Free format text: ORIGINAL CODE: EPIDOSNOBS2 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20131016 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R026 Ref document number: 502010005060 Country of ref document: DE Effective date: 20140715 |
|
REG | Reference to a national code |
Ref country code: HU Ref legal event code: AG4A Ref document number: E020796 Country of ref document: HU |
|
PLBB | Reply of patent proprietor to notice(s) of opposition received |
Free format text: ORIGINAL CODE: EPIDOSNOBS3 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20131016 Ref country code: LU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20140806 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: MM4A |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 6 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20140806 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20131016 |
|
PLCK | Communication despatched that opposition was rejected |
Free format text: ORIGINAL CODE: EPIDOSNREJ1 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R100 Ref document number: 502010005060 Country of ref document: DE |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20131016 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20131016 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20140117 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20131016 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 7 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: NL Payment date: 20160819 Year of fee payment: 7 |
|
PLBN | Opposition rejected |
Free format text: ORIGINAL CODE: 0009273 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: OPPOSITION REJECTED |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: CH Payment date: 20160819 Year of fee payment: 7 Ref country code: DK Payment date: 20160819 Year of fee payment: 7 Ref country code: IT Payment date: 20160825 Year of fee payment: 7 Ref country code: GB Payment date: 20160819 Year of fee payment: 7 Ref country code: NO Payment date: 20160824 Year of fee payment: 7 |
|
27O | Opposition rejected |
Effective date: 20160625 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: CZ Payment date: 20160805 Year of fee payment: 7 Ref country code: SI Payment date: 20160725 Year of fee payment: 7 Ref country code: SK Payment date: 20160805 Year of fee payment: 7 Ref country code: PL Payment date: 20160729 Year of fee payment: 7 Ref country code: PT Payment date: 20160804 Year of fee payment: 7 Ref country code: HU Payment date: 20160823 Year of fee payment: 7 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: BE Payment date: 20160819 Year of fee payment: 7 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 8 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: ES Payment date: 20170928 Year of fee payment: 8 Ref country code: DE Payment date: 20170822 Year of fee payment: 8 Ref country code: FR Payment date: 20170822 Year of fee payment: 8 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: AT Payment date: 20170822 Year of fee payment: 8 Ref country code: SE Payment date: 20170821 Year of fee payment: 8 |
|
REG | Reference to a national code |
Ref country code: DK Ref legal event code: EBP Effective date: 20170831 Ref country code: NO Ref legal event code: MMEP |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MM Effective date: 20170901 |
|
GBPC | Gb: european patent ceased through non-payment of renewal fee |
Effective date: 20170806 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CZ Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170806 Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170831 Ref country code: NO Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170831 Ref country code: HU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170807 Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170831 |
|
REG | Reference to a national code |
Ref country code: SK Ref legal event code: MM4A Ref document number: E 15489 Country of ref document: SK Effective date: 20170806 |
|
REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20170831 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SK Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170806 Ref country code: PT Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20180206 Ref country code: SI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170807 |
|
REG | Reference to a national code |
Ref country code: SI Ref legal event code: KO00 Effective date: 20180410 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NL Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170901 Ref country code: MK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20131016 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GB Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170806 Ref country code: DK Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170831 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170831 Ref country code: IT Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170806 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20131016 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: PL Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170806 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R119 Ref document number: 502010005060 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: SE Ref legal event code: EUG |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MM01 Ref document number: 636812 Country of ref document: AT Kind code of ref document: T Effective date: 20180806 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AT Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20180806 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20180807 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190301 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20180831 |
|
REG | Reference to a national code |
Ref country code: ES Ref legal event code: FD2A Effective date: 20190918 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: ES Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20180807 |