EP2381425A1 - Device and method for creating toll data from anonymous locations - Google Patents

Device and method for creating toll data from anonymous locations Download PDF

Info

Publication number
EP2381425A1
EP2381425A1 EP11005131A EP11005131A EP2381425A1 EP 2381425 A1 EP2381425 A1 EP 2381425A1 EP 11005131 A EP11005131 A EP 11005131A EP 11005131 A EP11005131 A EP 11005131A EP 2381425 A1 EP2381425 A1 EP 2381425A1
Authority
EP
European Patent Office
Prior art keywords
identifier
toll
location
oid
rid
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
EP11005131A
Other languages
German (de)
French (fr)
Other versions
EP2381425B1 (en
Inventor
Jasja Tijink
Jan Kersten
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kapsch TrafficCom AG
Original Assignee
Kapsch TrafficCom AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kapsch TrafficCom AG filed Critical Kapsch TrafficCom AG
Priority to PL11005131T priority Critical patent/PL2381425T3/en
Priority to SI200930303T priority patent/SI2381425T1/en
Publication of EP2381425A1 publication Critical patent/EP2381425A1/en
Application granted granted Critical
Publication of EP2381425B1 publication Critical patent/EP2381425B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B15/00Arrangements or apparatus for collecting fares, tolls or entrance fees at one or more control points
    • G07B15/06Arrangements for road pricing or congestion charging of vehicles or vehicle users, e.g. automatic toll systems
    • G07B15/063Arrangements for road pricing or congestion charging of vehicles or vehicle users, e.g. automatic toll systems using wireless information transmission between the vehicle and a fixed station
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C5/00Registering or indicating the working of vehicles
    • G07C5/008Registering or indicating the working of vehicles communicating information to a remotely located station

Definitions

  • the present invention relates to a method for generating location-anonymized toll data from the location records of a location-recording vehicle device with a unique identifier in a road toll system.
  • the invention further relates to a toll calculation server and a vehicle device for carrying out this method.
  • OBUs Vehicle devices for road toll systems are also referred to as "onboard units” or OBUs.
  • OBUs that can themselves determine and record their location, e.g. by means of a satellite navigation receiver, there are currently two different versions: so-called “thick client” OBUs calculate based on stored toll cards from their location records location-anonymized toll data and send them e.g. via a mobile network to a center of the road- ⁇ enmautsystems, which requires a complex distribution of toll cards to the OBUs and high processing power in the OBUs.
  • so-called “thin client” OBUs do not evaluate their location records themselves, but send them “raw” to the central office, which makes the map matching to generate toll data.
  • “Thin client” OBUs are therefore much simpler and less expensive, but worthy of discussion from a data protection point of view, because the road toll system's headquarters are aware of all the OBU's "movement profile", including stays in non-tolled locations.
  • the center waits for a clearing confirmation of the toll calculation server before assigning the local anonymized toll data received from the toll calculation server to a user identity received from the OBU, which deprives the authority over the disclosure of the OBU OBU ID and the risk of compromising data security harbors in itself.
  • the invention aims to overcome the disadvantages of the prior art, and more particularly to provide a method for generating toll data for "thin client" OBUs, which offers improved privacy and / or higher confidentiality for the user. This object is achieved by a method having the features of claim 1.
  • the invention is based on a completely novel, surprisingly simple concept for realizing privacy by design.
  • the OBU waits for a period of time to give the toll calculation server sufficient time to generate the toll data and the underlying location records Clear. Thereafter, the OBU can safely disclose their identity or identifier because there are no more location records in the system that would allow conclusions about the motion profile of the OBU.
  • a toll calculation server which is particularly suitable for the invention is characterized in that it has a buffer memory for recording the location records and means for periodically, preferably daily, deleting at least the oldest entries of the buffer memory in order to guarantee the deletion of the location records.
  • a particularly suitable for the invention vehicle device is characterized by release means, which after the passage of a predetermined period of time, said sender identification send under the identifier of the vehicle unit and thus reveal its identity.
  • the invention provides hardware-based confidentiality for the sensitive location record data.
  • Location records are stored centrally only for as long as necessary for their processing; afterwards they will be deleted automatically. Any concerns regarding a central traceability or creation of a movement profile of the vehicle equipment can be eliminated.
  • the invention does not cause increased traffic in the road toll system.
  • the assignment of the location-anonymized toll data to the identifier released by the vehicle device can take place both in the toll calculation server and in the central office. Accordingly, further variants of the method according to the invention are that the said releasing takes place to the toll calculation server which assigns the location-anonymised toll data to the identifier and sends it to a center of the toll system; or that the said releasing is done to a center of the toll system, which receives the location-anonymized toll data from the toll calculation server and assigns the identifier.
  • the location records in the toll calculation server may be encrypted and sent to the public key of an external archive location prior to being deleted.
  • an archival holding in the nature of a trustee or notary, should enjoy a high degree of trust for all concerned, i. for both the users and the system operator, and can therefore be consulted by any party in disputed cases.
  • the transmission and release preferably takes place from the vehicle device via a radio network, particularly preferably a mobile radio network.
  • a radio network particularly preferably a mobile radio network.
  • conventional "thin client" OBUs can be used which are equipped with a DSRC or mobile radio transceiver.
  • the location records of a vehicle unit are sent in data packets, which are each provided with the same sender IDs, which simplifies the evaluation, since the vehicle unit here - after waiting for the period or receipt of deletion confirmation - its identifier only with respect to a single Must disclose sender identification.
  • the location records of a vehicle device can be sent in data packets that are provided with changing sender IDs.
  • the confidentiality can be increased on the transmission interface.
  • data packets provided with alternating sender identifiers are additionally provided with linked packet identifiers which allow their association with each other, whereby the vehicle device needs to release its identifier only for the sender identification of the last data packet.
  • the identifier by which a vehicle device identifies can be both an identifier of the vehicle device itself and an identifier associated with the user of the vehicle device, e.g. an identifier of a user account for billing tolls in the road toll system.
  • the sender identifier used to send the location records to the toll calculation server may be both random and user-selectable code, further increasing transparency for the user.
  • the method of the invention is suitable for all types of self-locating vehicular devices, however they may determine their location, e.g. by detection of landmarks or identification of beacons, which is based on the vehicle device. It is particularly advantageous if the vehicle device determines its locations in a manner known per se by means of satellite navigation, for which purpose e.g. GPS-based "thin client" OBUs can be used.
  • an OBU 1 moves aboard a vehicle in the context of a road toll system with a control center 2.
  • the center 2 calculates toll road use of the OBU 1, eg driving on a toll road, entering an area subject to charges, staying on a paid parking, etc. appropriate user accounts, u. on the basis of toll data T, which are triggered by the location uses of the OBU 1, as known in the art.
  • the OBU 1 is of a self-locating "thin client" type and determines its location continuously, eg periodically, for example with the aid of a satellite navigation receiver, and records the so-determined positions (position fixes) p 1 , p 2 , p 3. (generally p i ) in an internal location record memory.
  • Each OBU 1 is provided with a unique identifier OID in the road toll toll system, for example a unique identifier of the OBU 1 itself and / or its user or an account of the latter. Knowing the identifier OID of an OBU 1 and its location records p i, it would be possible to deduce the movement profile of an OBU 1, which is prevented as follows.
  • the location records p i of the OBU 1 are - even if this is not mandatory - for ease of handling on individual data packets 3 divided.
  • the data packets 3 can with a packet identifier P i (see Fig. 2 ), for example a consecutive numbering, and a header (not shown) which contains, for example, metadata such as the number of location records p i contained in the data packet 3, a hash value thereof, etc.
  • the location records p i or data packets 3 are sent in a first step 4 of the OBU 1 to a toll calculation server 5, for example via a mobile network, u.zw. under a different from the identifier OID, as it were "anonymous" Sender ID RID.
  • the sender identifier RID is, for example, a user-selected code or a randomly generated value by the OBU 1. Alternatively - albeit with a correspondingly reduced anonymity - a temporary mobile network identification or temporary Internet address of the OBU 1 could be used as the sender identifier RID.
  • the toll calculation server 5 contains a "map matching" device 6, which assigns the received location records p i tolled places, routes or areas from a toll card database 6 'and determines associated tolls from the toll card database 6'.
  • the "map matching" device 6 calculates in this manner "location-anonymised” toll data T which does not permit any conclusion on the individual location records p i from the toll charges of the location records p i received for a sender identifier RID.
  • the toll data T are eg a single charge sum for all location records p i of all data packets 3 of a sender identifier RID.
  • the map-matching device 6 of the toll calculation server 5 is preceded by a buffer memory 7 in the form of a ring memory, in which all the local records p i or data packets 3 sent by OBUs 1 arrive in succession in order to be processed by the device 6. Due to the average workload of the device 6, therefore, a period of time can be set, within which at a certain time in the buffer memory 7 received location records p i have been converted to location anonymized toll data T and deleted by the arrival of new location records, the latter eg when the buffer memory as in Fig. 1 shown executed as a ring memory, which is automatically cyclically overwritten by incoming new data continuously.
  • the toll calculation server 5 may be archived for evidence purposes in a trustworthy encrypted form, the location records p i prior to the deletion, for example by encrypting them with the public key of an archive location 9 at this transmits (step 10).
  • the private key of the archive point 8, which is necessary for decrypting the location records p i may not be known to the user or the operator of the road toll system and only the operator of the archive point 9, which thus works as a notary or trustee for both sides.
  • the toll calculation server 5 then sends the calculated toll data T to the center 2 in step 8 under the sender ID RID.
  • the OBU 1 waits for the said period of time (step 11) and then releases its "identity", ie its identifier OID or price (step 12).
  • the release takes place in Fig. 1 in that the OBU 1 sends the sender identifier RID used by it under its identifier OID to the center 2.
  • the center 2 can thus allocate the toll data T received by the billing server 5 under the sender identifier RID to the identifier OID received from the OBU 1 for this sender identifier RID (step 13) in order to generate location-anonymized toll data T assigned to the OBU 1.
  • Fig. 2 shows various variants of components of the method of Fig. 1 ,
  • the assignment of the toll data T to the identifier OID is not done here in the center 2, but directly in the toll calculation server 5, in which the OBU 1 releases its identifier OID in step 12 to the toll calculation server 5 and the latter sends the result of the assignment 13 to the center 2 (step 14).
  • Fig. 2 shown that the OBU 1 - waiting for the arrival of an explicit confirmation 15 of the toll calculation server 5 on the successful deletion of the location records p i - instead of waiting for a time period 11.
  • the OBU 1 Upon receipt of the deletion confirmation 15, the OBU 1 reveals its identifier OID in step 12.
  • Fig. 2 also shows the variant that the individual data packets 3 can be provided with changing sender IDs RID i in order to make tracking on the interface 4 more difficult.
  • the OBU 1 can then immediately identify several of its last used sender IDs RID i with their identifier OID.
  • the OBU 1 identifies only the last sender identifier RID i of a linked data packet sequence with its identifier OID in step 12 because the toll calculation server 5 due to the packet chaining the previous sender ID RID i can open.
  • the toll calculation server 5 could also be linked Originators RID i continuously accruing toll data T i, for example, accumulate to a total fee and thereby only the last station ID, RID cancel always i. Also in this case, it is sufficient if the OBU 1 identifies only its last sender identifier RID i with its identifier OID in step 12.
  • Fig. 2 also the use of a stack as a buffer memory 7.
  • the stack memory 7 is, for example periodically deleted or removed its oldest entries after a predetermined period of time, they should not be timely have been processed, and / or the OBU 1 is always waiting for a deletion confirmation 16.

Abstract

The method involves transmitting location records from a thin-client onboard unit (1) to a toll calculation server (5) under a source identifier (RID) i.e. random value. Location anonymous toll data (T) is calculated from the records, and the records in the server are subsequently deleted. Waiting process for a preset time span (11) is carried out in the onboard unit. An identifier (OID) i.e. vehicle device identifier, associated to the source identifier is released from the onboard unit for associating the toll data to the associated identifier. Independent claims are also included for the following: (1) a toll calculation server for executing a method for creating location-anonymous toll data from location records (2) a location-recording vehicle device comprising an identifier for executing a method for creating location-anonymous toll data from location records.

Description

Die vorliegende Erfindung betrifft ein Verfahren zum Erzeugen von ortsanonymisierten Mautdaten aus den Ortsaufzeichnungen eines ortsaufzeichnenden Fahrzeuggeräts mit einer eindeutigen Kennung in einem Straßenmautsystem. Die Erfindung betrifft ferner einen Mautberechnungsserver und ein Fahrzeuggerät zur Durchführung dieses Verfahrens.The present invention relates to a method for generating location-anonymized toll data from the location records of a location-recording vehicle device with a unique identifier in a road toll system. The invention further relates to a toll calculation server and a vehicle device for carrying out this method.

Fahrzeuggeräte für Straßenmautsysteme werden auch als "onboard units" bzw. OBUs bezeichnet. OBUs, welche selbst ihren Ort bestimmen und aufzeichnen können, z.B. mittels eines Satellitennavigationsempfängers, gibt es derzeit in zwei verschiedenen Ausführungen: Sogenannte "thick client"-OBUs berechnen auf Grundlage von gespeicherten Mautkarten aus ihren Ortsaufzeichnungen ortsanonymisierte Mautdaten und senden diese z.B. über ein Mobilfunknetz an eine Zentrale des Stra-βenmautsystems, was eine aufwendige Distribution der Mautkarten an die OBUs und hohe Rechenleistung in den OBUs erfordert. Im Gegensatz dazu werten sogenannte "thin client"-OBUs ihre Ortsaufzeichnungen nicht selbst aus, sondern senden diese "roh" an die Zentrale, welche den Mautkartenabgleich ("map matching") vornimmt, um daraus Mautdaten zu erzeugen. "Thin client"-OBUs sind daher wesentlich einfacher und kostengünstiger aufgebaut, jedoch aus Sicht des Datenschutzes diskussionswürdig, weil die Zentrale des Straßenmautsystems die gesamten Ortsaufzeichnungen ("Bewegungsprofil") einer OBU erfährt, einschließlich von Aufenthalten an nicht-mautpflichtigen Orten.Vehicle devices for road toll systems are also referred to as "onboard units" or OBUs. OBUs that can themselves determine and record their location, e.g. by means of a satellite navigation receiver, there are currently two different versions: so-called "thick client" OBUs calculate based on stored toll cards from their location records location-anonymized toll data and send them e.g. via a mobile network to a center of the road-βenmautsystems, which requires a complex distribution of toll cards to the OBUs and high processing power in the OBUs. In contrast, so-called "thin client" OBUs do not evaluate their location records themselves, but send them "raw" to the central office, which makes the map matching to generate toll data. "Thin client" OBUs are therefore much simpler and less expensive, but worthy of discussion from a data protection point of view, because the road toll system's headquarters are aware of all the OBU's "movement profile", including stays in non-tolled locations.

In der WO 2008/000227 wurde daher bereits vorgeschlagen, die Ortsaufzeichnungen einer "thin client"-OBU unter einer anonymisierten Absenderkennung an einen speziellen Mautberechnungsserver zu senden, welcher das "map matching" durchführt und ortsanonymisierte Mautdaten an die OBU zurücksendet, die die OBU anschließend an die Zentrale absetzt. Aufgrund der beliebigen Architektur des Mautberechnungsservers ist bei diesem System die Einhaltung von Datenschutzauflagen schwierig zu kontrollieren. Überdies erzeugt diese Lösung zusätzlichen Datenverkehr im Straßenmautsystem.In the WO 2008/000227 For this reason, it has already been proposed to send the location records of a "thin client" OBU under an anonymized sender identification to a special toll calculation server which performs the "map matching" and returns location-anonymized toll data to the OBU, which then sends the OBU to the central office. Due to the arbitrary architecture of the toll calculation server is in this System compliance with data protection requirements difficult to control. Moreover, this solution generates additional traffic in the road toll system.

Aus der WO 2009/001303 A1 ist es bekannt, daß die Zentrale auf eine Löschbestätigung des Mautberechnungsservers wartet, bevor sie die vom Mautberechnungsserver erhaltenen ortsanonymisierten Mautdaten einer von der OBU erhaltenen Benutzeridentität zuordnet, was die Verfügungsgewalt über die Preisgabe der OBU-ID der OBU entzieht und die Gefahr einer Kompromittierung der Datensicherheit in sich birgt.From the WO 2009/001303 A1 it is known that the center waits for a clearing confirmation of the toll calculation server before assigning the local anonymized toll data received from the toll calculation server to a user identity received from the OBU, which deprives the authority over the disclosure of the OBU OBU ID and the risk of compromising data security harbors in itself.

Die Erfindung setzt sich zum Ziel, die Nachteile des Standes der Technik zu überwinden und insbesondere ein Verfahren zum Erzeugen von Mautdaten für "thin client"-OBUs zu schaffen, welches verbesserten Datenschutz bzw. höhere Vertraulichkeit für den Benutzer bietet. Dieses Ziel wird mit einem Verfahren mit den Merkmalen des Anspruchs 1 erreicht.The invention aims to overcome the disadvantages of the prior art, and more particularly to provide a method for generating toll data for "thin client" OBUs, which offers improved privacy and / or higher confidentiality for the user. This object is achieved by a method having the features of claim 1.

Die Erfindung beruht auf einem völlig neuartigen, überraschend einfachen Konzept zur Realisierung von Datenschutz auf hardwarenahem Niveau ("privacy by design"): Die OBU wartet eine Zeitspanne ab, um dem Mautberechnungsserver ausreichend Zeit zu geben, die Mautdaten zu erstellen und die zugrundeliegenden Ortsaufzeichnungen zu löschen. Danach kann die OBU gefahrlos ihre Identität bzw. Kennung preisgeben, weil keine Ortsaufzeichnungen mehr im System vorliegen, die Rückschlüsse auf das Bewegungsprofil der OBU erlauben würden.The invention is based on a completely novel, surprisingly simple concept for realizing privacy by design. The OBU waits for a period of time to give the toll calculation server sufficient time to generate the toll data and the underlying location records Clear. Thereafter, the OBU can safely disclose their identity or identifier because there are no more location records in the system that would allow conclusions about the motion profile of the OBU.

Ein für die Erfindung besonders geeigneter Mautberechnungsserver zeichnet sich dadurch aus, daß er einen Pufferspeicher zur Aufnahme der Ortsaufzeichnungen und Mittel zum periodischen, bevorzugt täglichen, Löschen zumindest der ältesten Einträge des Pufferspeichers aufweist, um die Löschung der Ortsaufzeichnungen zu garantieren.A toll calculation server which is particularly suitable for the invention is characterized in that it has a buffer memory for recording the location records and means for periodically, preferably daily, deleting at least the oldest entries of the buffer memory in order to guarantee the deletion of the location records.

Ein für die Erfindung besonders geeignetes Fahrzeuggerät zeichnet sich durch Freigabemittel aus, welche nach Verstreichen einer vorgegebenen Zeitspanne die genannte Absenderkennung unter der Kennung des Fahrzeuggeräts versenden und damit dessen Identität preisgeben.A particularly suitable for the invention vehicle device is characterized by release means, which after the passage of a predetermined period of time, said sender identification send under the identifier of the vehicle unit and thus reveal its identity.

Die Erfindung gewährleistet somit auf einfache und für Benutzer und Systembetreiber transparente Art und Weise hardwarebedingte Vertraulichkeit für die sensiblen Ortsaufzeichnungsdaten. Ortsaufzeichnungen werden zentral nur so lange aufbewahrt, wie es wie für ihre Verarbeitung notwendig ist; anschließend werden sie automatisch gelöscht. Jegliche Bedenken hinsichtlich einer zentralen Nachverfolgbarkeit bzw. Erstellung eines Bewegungsprofils der Fahrzeuggeräte können dadurch ausgeräumt werden. Darüber hinaus verursacht die Erfindung keinen erhöhten Datenverkehr im Straßenmautsystem.Thus, in a manner that is simple and transparent to users and system operators, the invention provides hardware-based confidentiality for the sensitive location record data. Location records are stored centrally only for as long as necessary for their processing; afterwards they will be deleted automatically. Any concerns regarding a central traceability or creation of a movement profile of the vehicle equipment can be eliminated. In addition, the invention does not cause increased traffic in the road toll system.

Das Zuordnen der ortsanonymisierten Mautdaten zu der vom Fahrzeuggerät freigegebenen Kennung kann sowohl im Mautberechnungsserver als auch in der Zentrale erfolgen. Demgemäß bestehen weitere Varianten des erfindungsgemäßen Verfahrens darin, daß das genannte Freigeben an den Mautberechnungsserver erfolgt, welcher die ortsanonymisierten Mautdaten der Kennung zuordnet und an eine Zentrale des Mautsystems sendet; oder daß das genannte Freigeben an eine Zentrale des Mautsystems erfolgt, welche die ortsanonymisierten Mautdaten vom Mautberechnungsserver erhält und der Kennung zuordnet.The assignment of the location-anonymized toll data to the identifier released by the vehicle device can take place both in the toll calculation server and in the central office. Accordingly, further variants of the method according to the invention are that the said releasing takes place to the toll calculation server which assigns the location-anonymised toll data to the identifier and sends it to a center of the toll system; or that the said releasing is done to a center of the toll system, which receives the location-anonymized toll data from the toll calculation server and assigns the identifier.

Falls gewünscht, können in jeder Ausführungsform die Ortsaufzeichnungen im Mautberechnungsserver vor dem Löschen mit dem öffentlichen Schlüssel einer externen Archivstelle verschlüsselt und an diese gesandt werden. Eine derartige Archivstelle sollte in der Art eines Treuhänders bzw. Notars für alle Beteiligten hohes Vertrauen genießen, d.h. sowohl für die Benutzer als auch den Systembetreiber, und kann damit in strittigen Fällen von jeder Seite konsultiert werden.If desired, in each embodiment, the location records in the toll calculation server may be encrypted and sent to the public key of an external archive location prior to being deleted. Such an archival holding, in the nature of a trustee or notary, should enjoy a high degree of trust for all concerned, i. for both the users and the system operator, and can therefore be consulted by any party in disputed cases.

Bevorzugt erfolgt das Senden und Freigeben vom Fahrzeuggerät aus über ein Funknetz, besonders bevorzugt ein Mobilfunknetz. Dadurch können z.B. herkömmliche "thin client"-OBUs eingesetzt werden, welche mit einem DSRC- oder Mobilfunk-Sendeempfänger ausgerüstet sind.The transmission and release preferably takes place from the vehicle device via a radio network, particularly preferably a mobile radio network. As a result, for example, conventional "thin client" OBUs can be used which are equipped with a DSRC or mobile radio transceiver.

Gemäß einer weiteren bevorzugten Ausführungsform der Erfindung werden die Ortsaufzeichnungen eines Fahrzeuggeräts in Datenpaketen versandt, die jeweils mit gleichen Absenderkennungen versehen sind, was die Auswertung vereinfacht, da das Fahrzeuggerät hier - nach Abwarten der Zeitspanne bzw. Erhalt der Löschbestätigung - seine Kennung lediglich hinsichtlich einer einzigen Absenderkennung preisgeben muß.According to a further preferred embodiment of the invention, the location records of a vehicle unit are sent in data packets, which are each provided with the same sender IDs, which simplifies the evaluation, since the vehicle unit here - after waiting for the period or receipt of deletion confirmation - its identifier only with respect to a single Must disclose sender identification.

Alternativ können die Ortsaufzeichnungen eines Fahrzeuggeräts in Datenpaketen versandt werden, die mit wechselnden Absenderkennungen versehen sind. Dadurch kann auf der Übertragungsschnittstelle die Vertraulichkeit erhöht werden.Alternatively, the location records of a vehicle device can be sent in data packets that are provided with changing sender IDs. As a result, the confidentiality can be increased on the transmission interface.

Bevorzugt sind mit wechselnden Absenderkennungen versehene Datenpakete zusätzlich mit verketteten Paketkennungen versehen, welche ihre Zuordnung zueinander gestatten, wodurch das Fahrzeuggerät seine Kennung nur zur Absenderkennung des letzten Datenpakets freizugeben braucht.Preferably, data packets provided with alternating sender identifiers are additionally provided with linked packet identifiers which allow their association with each other, whereby the vehicle device needs to release its identifier only for the sender identification of the last data packet.

Die Kennung, durch welche sich ein Fahrzeuggerät identifiziert, kann sowohl eine Kennung des Fahrzeuggeräts selbst als auch eine dem Benutzer des Fahrzeuggeräts zugeordnete Kennung sein, z.B. eine Kennung eines Benutzerkontos zur Abrechnung von Mautgebühren im Straßenmautsystem.The identifier by which a vehicle device identifies can be both an identifier of the vehicle device itself and an identifier associated with the user of the vehicle device, e.g. an identifier of a user account for billing tolls in the road toll system.

Die zum Senden der Ortsaufzeichnungen an den Mautberechnungsserver verwendete Absenderkennung kann sowohl ein Zufallswert als auch ein frei vom Benutzer wählbarer Code sein, was die Transparenz für den Benutzer noch weiter erhöht.The sender identifier used to send the location records to the toll calculation server may be both random and user-selectable code, further increasing transparency for the user.

Das Verfahren der Erfindung eignet sich für alle Arten von selbstlokalisierenden Fahrzeuggeräten, auf welche Weise auch immer diese ihren Ort bestimmen, z.B. durch Erkennung von Landmarken oder Identifikation von Baken, an denen sich das Fahrzeuggerät orientiert. Besonders vorteilhaft ist es, wenn das Fahrzeuggerät in an sich bekannter Weise seine Orte mittels Satellitennavigation bestimmt, wofür z.B. GPS-gestützte "thin client"-OBUs herangezogen werden können.The method of the invention is suitable for all types of self-locating vehicular devices, however they may determine their location, e.g. by detection of landmarks or identification of beacons, which is based on the vehicle device. It is particularly advantageous if the vehicle device determines its locations in a manner known per se by means of satellite navigation, for which purpose e.g. GPS-based "thin client" OBUs can be used.

Die Erfindung wird nachstehend anhand von in den beigeschlossenen Zeichnungen dargestellten Ausführungsbeispielen näher erläutert, deren Fig. 1 und 2 zwei verschiedene Ausführungsformen eines Straßenmautsystems in Blockschaltbildform zeigen.The invention will be described in more detail below with reference to exemplary embodiments illustrated in the attached drawings explained, whose Fig. 1 and 2 show two different embodiments of a road toll system in block diagram form.

Gemäß Fig. 1 bewegt sich eine OBU 1 an Bord eines Fahrzeugs im Rahmen eines Straßenmautsystem mit einer Zentrale 2. Die Zentrale 2 rechnet mautpflichtige Ortsnutzungen der OBU 1, z.B. das Befahren einer Mautstraße, das Eintreten in einen eintrittspflichtigen Bereich, das Verweilen auf einem gebührenpflichtigen Parkplatz usw. über entsprechende Benutzerkonten ab, u. zw. auf Grundlage von Mautdaten T, die durch die Ortsnutzungen der OBU 1 ausgelöst werden, wie in der Technik bekannt.According to Fig. 1 an OBU 1 moves aboard a vehicle in the context of a road toll system with a control center 2. The center 2 calculates toll road use of the OBU 1, eg driving on a toll road, entering an area subject to charges, staying on a paid parking, etc. appropriate user accounts, u. on the basis of toll data T, which are triggered by the location uses of the OBU 1, as known in the art.

Die OBU 1 ist von selbstlokalisierendem "thin client"-Typ und ermittelt fortlaufend, z.B. periodisch, ihren Ort, beispielsweise mit Hilfe eines Satellitennavigationsempfängers, und zeichnet die so ermittelten Orte ("position fixes") p1, p2, p3... (allgemein pi) in einem internen Ortsaufzeichnungsspeicher auf.The OBU 1 is of a self-locating "thin client" type and determines its location continuously, eg periodically, for example with the aid of a satellite navigation receiver, and records the so-determined positions (position fixes) p 1 , p 2 , p 3. (generally p i ) in an internal location record memory.

Jede OBU 1 ist mit einer eindeutigen Kennung OID im Stra-βenmautsystem versehen, beispielsweise einer eindeutigen Kennung der OBU 1 selbst und/oder ihres Benutzers bzw. eines Kontos des letzteren. In Kenntnis der Kennung OID einer OBU 1 und ihrer Ortsaufzeichnungen pi könnte auf das Bewegungsprofil einer OBU 1 geschlossen werden, was wie folgt verhindert wird.Each OBU 1 is provided with a unique identifier OID in the road toll toll system, for example a unique identifier of the OBU 1 itself and / or its user or an account of the latter. Knowing the identifier OID of an OBU 1 and its location records p i, it would be possible to deduce the movement profile of an OBU 1, which is prevented as follows.

Die Ortsaufzeichnungen pi der OBU 1 werden - auch wenn dies nicht zwingend ist - zur leichteren Handhabbarkeit auf einzelne Datenpakete 3 aufgeteilt. Die Datenpakete 3 können mit einer Paketkennung Pi (siehe Fig. 2), z.B. einer fortlaufenden Numerierung, und einem Header (nicht gezeigt) versehen werden, welcher beispielsweise Metadaten wie die Anzahl der im Datenpaket 3 enthaltenden Ortsaufzeichnungen pi, einen Hashwert derselben usw. enthält.The location records p i of the OBU 1 are - even if this is not mandatory - for ease of handling on individual data packets 3 divided. The data packets 3 can with a packet identifier P i (see Fig. 2 ), for example a consecutive numbering, and a header (not shown) which contains, for example, metadata such as the number of location records p i contained in the data packet 3, a hash value thereof, etc.

Die Ortsaufzeichnungen pi bzw. Datenpakete 3 werden in einem ersten Schritt 4 von der OBU 1 an einen Mautberechnungsserver 5 gesandt, beispielsweise über ein Mobilfunknetz, u.zw. unter einer von der Kennung OID verschiedenen, gleichsam "anonymen" Absenderkennung RID. Die Absenderkennung RID ist beispielsweise ein vom Benutzer frei gewählter Code oder ein von der OBU 1 zufällig generierter Wert. Alternativ könnte - wenn auch mit entsprechend verringerter Anonymität - eine temporäre Mobilfunknetz-Identifikation oder temporäre Internetadresse der OBU 1 als Absenderkennung RID verwendet werden.The location records p i or data packets 3 are sent in a first step 4 of the OBU 1 to a toll calculation server 5, for example via a mobile network, u.zw. under a different from the identifier OID, as it were "anonymous" Sender ID RID. The sender identifier RID is, for example, a user-selected code or a randomly generated value by the OBU 1. Alternatively - albeit with a correspondingly reduced anonymity - a temporary mobile network identification or temporary Internet address of the OBU 1 could be used as the sender identifier RID.

Der Mautberechnungsserver 5 enthält eine "map matching"-Einrichtung 6, welche die empfangenen Ortsaufzeichnungen pi mautpflichtigen Orten, Strecken oder Gebieten aus einer Mautkartendatenbank 6' zuordnet und zugehörige Mautgebühren aus der Mautkartendatenbank 6' ermittelt. Aus den Mautgebühren der zu einer Absenderkennung RID empfangenen Ortsaufzeichnungen pi berechnet die "map matching"-Einrichtung 6 auf diese Weise "ortsanonymisierte" Mautdaten T, welche keinen Rückschluß mehr auf die einzelnen Ortsaufzeichnungen pi erlauben. Die Mautdaten T sind z.B. eine einzige Gebührensumme für alle Ortsaufzeichnungen pi aller Datenpakete 3 einer Absenderkennung RID.The toll calculation server 5 contains a "map matching" device 6, which assigns the received location records p i tolled places, routes or areas from a toll card database 6 'and determines associated tolls from the toll card database 6'. The "map matching" device 6 calculates in this manner "location-anonymised" toll data T which does not permit any conclusion on the individual location records p i from the toll charges of the location records p i received for a sender identifier RID. The toll data T are eg a single charge sum for all location records p i of all data packets 3 of a sender identifier RID.

Der "map matching"-Einrichtung 6 des Mautberechnungsservers 5 ist ein Pufferspeicher 7 in Form eines Ringspeichers vorgeschaltet, in dem alle von OBUs 1 abgesandten Ortsaufzeichnungen pi bzw. Datenpakete 3 aufeinanderfolgend einlangen, um von der Einrichtung 6 abgearbeitet zu werden. Aufgrund der durchschnittlichen Arbeitsbelastung der Einrichtung 6 kann daher eine Zeitspanne festgelegt werden, innerhalb derer zu einem bestimmten Zeitpunkt im Pufferspeicher 7 eingelangte Ortsaufzeichnungen pi zu ortsanonymisierten Mautdaten T umgewandelt und durch das Einlangen von neuen Ortsaufzeichnungen automatisch gelöscht worden sind, letzteres z.B. wenn der Pufferspeicher 7 wie in Fig. 1 gezeigt als Ringspeicher ausgeführt ist, der durch einlangende neue Daten automatisch fortlaufend zyklisch überschrieben wird. Sollte diese Zeitspanne bei einer außergewöhnlich niedrigen Auslastung des Pufferspeichers 7 ausnahmsweise überschritten werden, kann durch eine zusätzliche periodische, z.B. tägliche, Löschung von Einträgen im Pufferspeicher 7, die älter als die genannte Zeitspanne sind, gewährleistet werden, daß nach der genannten vorgegebenen Zeitspanne jedenfalls keine Ortsaufzeichnungen pi mehr im Mautberechnungsserver 5 vorhanden sind.The map-matching device 6 of the toll calculation server 5 is preceded by a buffer memory 7 in the form of a ring memory, in which all the local records p i or data packets 3 sent by OBUs 1 arrive in succession in order to be processed by the device 6. Due to the average workload of the device 6, therefore, a period of time can be set, within which at a certain time in the buffer memory 7 received location records p i have been converted to location anonymized toll data T and deleted by the arrival of new location records, the latter eg when the buffer memory as in Fig. 1 shown executed as a ring memory, which is automatically cyclically overwritten by incoming new data continuously. Should this period be exceptionally exceeded at an exceptionally low utilization of the buffer memory 7, can by an additional periodic, eg daily, deletion of entries in the buffer memory 7, which are older than the said period, guaranteed be that after the specified time period anyway no location records p i more in the toll calculation server 5 are available.

Falls einmal bei einer außergewöhnlich hohen Belastung des Ringspeichers 7 bzw. der "map-matching"-Einrichtung 6 Ortsaufzeichnungen pi unverarbeitet gelöscht werden sollten, kann die OBU 1 solche Ortsaufzeichnungen pi entweder automatisch oder auf Anfrage des Mautberechnungsservers 5 oder auf Anfrage der Zentrale 2 erneut übermitteln.If at an exceptionally high load on the ring memory 7 or the "map-matching" device 6 local records p i should be deleted unprocessed, the OBU 1 such site records p i either automatically or on request of the toll calculation server 5 or on request of the center 2 retransmit.

Falls gewünscht, kann der Mautberechnungsserver 5 die Ortsaufzeichnungen pi vor dem Löschen in einer vertrauenswürdig verschlüsselten Form zu Beweiszwecken archivieren, z.B. indem er sie mit dem öffentlichen Schlüssel einer Archivstelle 9 verschlüsselt und an diese sendet (Schritt 10). Der private Schlüssel der Archivstelle 8, welcher zum Entschlüsseln der Ortsaufzeichnungen pi notwendig ist, darf weder dem Benutzer noch dem Betreiber des Straßenmautsystems und nur dem Betreiber der Archivstelle 9 bekannt sein, welcher somit gleichsam als Notar bzw. Treuhänder für beide Seiten arbeitet.If desired, the toll calculation server 5 may be archived for evidence purposes in a trustworthy encrypted form, the location records p i prior to the deletion, for example by encrypting them with the public key of an archive location 9 at this transmits (step 10). The private key of the archive point 8, which is necessary for decrypting the location records p i , may not be known to the user or the operator of the road toll system and only the operator of the archive point 9, which thus works as a notary or trustee for both sides.

Der Mautberechnungsserver 5 sendet die berechneten Mautdaten T anschließend im Schritt 8 unter der Absenderkennung RID an die Zentrale 2.The toll calculation server 5 then sends the calculated toll data T to the center 2 in step 8 under the sender ID RID.

Auf der anderen Seite wartet die OBU 1 die genannte Zeitspanne ab (Schritt 11) und gibt anschließend ihre "Identität", d.h. ihre Kennung OID frei bzw. preis (Schritt 12). Die Freigabe erfolgt in Fig. 1, indem die OBU 1 die von ihr verwendete Absenderkennung RID unter ihrer Kennung OID an die Zentrale 2 sendet. Die Zentrale 2 kann somit die vom Abrechnungsserver 5 unter der Absenderkennung RID empfangenen Mautdaten T der von der OBU 1 zu dieser Absenderkennung RID erhaltenen Kennung OID zuordnen (Schritt 13), um ortsanonymisierte, der OBU 1 zugeordnete Mautdaten T zu erzeugen.On the other hand, the OBU 1 waits for the said period of time (step 11) and then releases its "identity", ie its identifier OID or price (step 12). The release takes place in Fig. 1 in that the OBU 1 sends the sender identifier RID used by it under its identifier OID to the center 2. The center 2 can thus allocate the toll data T received by the billing server 5 under the sender identifier RID to the identifier OID received from the OBU 1 for this sender identifier RID (step 13) in order to generate location-anonymized toll data T assigned to the OBU 1.

Fig. 2 zeigt verschiedene Varianten von Komponenten des Verfahrens von Fig. 1. Die Zuordnung der Mautdaten T zur Kennung OID erfolgt hier nicht in der Zentrale 2, sondern direkt im Mautberechnungsserver 5, indem die OBU 1 ihre Kennung OID im Schritt 12 an den Mautberechnungsserver 5 freigibt und letzterer das Ergebnis der Zuordnung 13 an die Zentrale 2 sendet (Schritt 14). Fig. 2 shows various variants of components of the method of Fig. 1 , The assignment of the toll data T to the identifier OID is not done here in the center 2, but directly in the toll calculation server 5, in which the OBU 1 releases its identifier OID in step 12 to the toll calculation server 5 and the latter sends the result of the assignment 13 to the center 2 (step 14).

Ferner ist in Fig. 2 gezeigt, daß die OBU 1 - anstelle des Abwartens einer Zeitspanne 11 - hier auf das Einlangen einer expliziten Bestätigung 15 des Mautberechnungsserver 5 über das erfolgte Löschen der Ortsaufzeichnungen pi wartet. Nach Einlangen der Löschbestätigung 15 gibt die OBU 1 ihre Kennung OID im Schritt 12 preis.Furthermore, in Fig. 2 shown that the OBU 1 - waiting for the arrival of an explicit confirmation 15 of the toll calculation server 5 on the successful deletion of the location records p i - instead of waiting for a time period 11. Upon receipt of the deletion confirmation 15, the OBU 1 reveals its identifier OID in step 12.

Fig. 2 zeigt auch die Variante, daß die einzelnen Datenpakete 3 mit wechselnden Absenderkennungen RIDi versehen werden können, um eine Mitverfolgung auf der Schnittstelle 4 zu erschweren. Im Schritt 12 kann die OBU 1 dann gleich mehrere von ihr zuletzt verwendete Absenderkennungen RIDi mit ihrer Kennung OID identifizieren. Fig. 2 also shows the variant that the individual data packets 3 can be provided with changing sender IDs RID i in order to make tracking on the interface 4 more difficult. In step 12, the OBU 1 can then immediately identify several of its last used sender IDs RID i with their identifier OID.

Wenn die einzelnen Datenpakete 3 untereinander verkettet sind, z.B. durch entsprechende gegenseitige Verweise in ihren Paketkennungen Pi, dann genügt es, wenn die OBU 1 im Schritt 12 nur die letzte Absenderkennung RIDi einer verketteten Datenpaketfolge mit ihrer Kennung OID identifiziert, weil der Mautberechnungsserver 5 aufgrund der Paketverkettungen die vorhergehenden Absenderkennung RIDi erschließen kann.If the individual data packets 3 are linked to one another, for example by corresponding mutual references in their packet identifiers P i , then it is sufficient if the OBU 1 identifies only the last sender identifier RID i of a linked data packet sequence with its identifier OID in step 12 because the toll calculation server 5 due to the packet chaining the previous sender ID RID i can open.

Alternativ könnte der Mautberechnungsserver 5 auch die zu verketteten Absenderkennungen RIDi fortlaufend auflaufenden Mautdaten Ti z.B. zu einer Gebührensumme akkumulieren und dabei stets nur die letzte Absenderkennung RIDi aufheben. Auch in diesem Fall genügt es, wenn die OBU 1 im Schritt 12 nur ihre letzte Absenderkennung RIDi mit ihrer Kennung OID identifiziert.Alternatively, the toll calculation server 5 could also be linked Originators RID i continuously accruing toll data T i, for example, accumulate to a total fee and thereby only the last station ID, RID cancel always i. Also in this case, it is sufficient if the OBU 1 identifies only its last sender identifier RID i with its identifier OID in step 12.

Schließlich zeigt Fig. 2 auch die Verwendung eines Stapelspeichers als Pufferspeicher 7. Der Stapelspeicher 7 wird z.B. periodisch gelöscht bzw. seine ältesten Einträge nach einer vorgegebenen Zeitspanne entfernt, sollten sie nicht rechtzeitig verarbeitet worden sein, und/oder die OBU 1 wartet hier stets auf eine Löschbestätigung 16.Finally shows Fig. 2 also the use of a stack as a buffer memory 7. The stack memory 7 is, for example periodically deleted or removed its oldest entries after a predetermined period of time, they should not be timely have been processed, and / or the OBU 1 is always waiting for a deletion confirmation 16.

Die Erfindung ist nicht auf die dargestellten Ausführungsformen beschränkt, sondern umfaßt alle Varianten und Modifikationen, die in den Rahmen der angeschlossenen Ansprüche fallen.The invention is not limited to the illustrated embodiments, but includes all variants and modifications that fall within the scope of the appended claims.

Claims (12)

Verfahren zum Erzeugen von ortsanonymisierten Mautdaten (T) aus den Ortsaufzeichnungen (pi) eines ortsaufzeichnenden Fahrzeuggeräts (1) mit einer eindeutigen Kennung (OID) in einem Straßenmautsystem, mit den Schritten: Senden (4) der Ortsaufzeichnungen (pi) unter zumindest einer von der Kennung (OID) verschiedenen Absenderkennung (RID) vom Fahrzeuggerät (1) an einen Mautberechnungsserver (5), Berechnen (6) von ortsanonymisierten Mautdaten (T) aus den Ortsaufzeichnungen (pi) und anschließendes Löschen der Ortsaufzeichnungen (pi) im Mautberechnungsserver (5), wobei das Löschen jedenfalls periodisch innerhalb jeweils einer vorgegebenen Zeitspanne durchgeführt wird, im Fahrzeuggerät (1): Abwarten der genannten vorgegebenen Zeitspanne (11) und anschließendes Freigeben (12) der zur Absenderkennung (RID) zugehörigen Kennung (OID) vom Fahrzeuggerät (1) aus, um die ortsanonymisierten Mautdaten (T) dieser Absenderkennung (RID) der zugehörigen Kennung (OID) zuzuordnen. Method for generating location-anonymised toll data (T) from the location records (p i ) of a location-recording vehicle device (1) with a unique identifier (OID) in a road toll system, comprising the steps of: Sending (4) the location records (p i ) from at least one of the identifier (OID) different sender identification (RID) from the vehicle unit (1) to a toll calculation server (5), Calculating (6) from anonymised toll data (T) from the location records (p i ) and then deleting the location records (p i ) in the toll calculation server (5), wherein the deletion is in each case carried out periodically within in each case a predetermined period of time, in the vehicle device (1): Waiting said predetermined period (11) and then releasing (12) to the sender identification (RID) associated identifier (OID) from the vehicle unit (1) to the location-anonymized toll data (T) this sender identification (RID) to associate with the associated identifier (OID). Verfahren nach Anspruch 1, dadurch gekennzeichnet, daß das genannte Freigeben (12) an den Mautberechnungsserver (5) erfolgt, welcher die ortsanonymisierten Mautdaten (T) der Kennung (OID) zuordnet (13) und an eine Zentrale (2) des Mautsystems sendet.Method according to Claim 1, characterized in that the said enabling (12) takes place at the toll calculation server (5), which assigns the location-anonymised toll data (T) to the identifier (OID) (13) and sends it to a toll center (2). Verfahren nach Anspruch 1, dadurch gekennzeichnet, daß das genannte Freigeben (12) an eine Zentrale (2) des Mautsystems erfolgt, welche die ortsanonymisierten Mautdaten (T) vom Mautberechnungsserver (5) erhält und der Kennung (OID) zuordnet.Method according to Claim 1, characterized in that the said enabling (12) takes place at a toll center (2) which receives the location-anonymised toll data (T) from the toll calculation server (5) and assigns it to the identifier (OID). Verfahren nach einem der Ansprüche 1 bis 3, dadurch gekennzeichnet, daß die Ortsaufzeichnungen (pi) im Mautberechnungsserver (5) vor dem Löschen mit dem öffentlichen Schlüssel einer externen Archivstelle (9) verschlüsselt und an diese gesandt werden.Method according to one of Claims 1 to 3, characterized in that the location records (p i ) in the toll calculation server (5) are encrypted with the public key of an external archive location (9) before being deleted and sent thereto. Verfahren nach einem der Ansprüche 1 bis 4, dadurch gekennzeichnet, daß das Senden (4) und Freigeben (12) vom Fahrzeuggerät (1) aus über ein Funknetz, bevorzugt ein Mobilfunknetz, erfolgt.Method according to one of Claims 1 to 4, characterized in that the transmission (4) and release (12) from the vehicle device (1) takes place via a radio network, preferably a mobile radio network. Verfahren nach einem der Ansprüche 1 bis 5, dadurch gekennzeichnet, daß die Ortsaufzeichnungen (pi) eines Fahrzeuggeräts (1) in Datenpaketen (3) versandt werden, die jeweils mit gleichen Absenderkennungen (RID) versehen sind.Method according to one of Claims 1 to 5, characterized in that the location records (p i ) of a vehicle device (1) are sent in data packets (3) which are each provided with identical sender identifications (RID). Verfahren nach einem der Ansprüche 1 bis 5, dadurch gekennzeichnet, daß die Ortsaufzeichnungen (pi) eines Fahrzeuggeräts in Datenpaketen (3) versandt werden, die mit wechselnden Absenderkennungen (RIDi) versehen sind.Method according to one of Claims 1 to 5, characterized in that the location records (p i ) of a vehicle device are sent in data packets (3) which are provided with changing sender identifications (RID i ). Verfahren nach Anspruch 7, dadurch gekennzeichnet, daß die Datenpakete (3) mit verketteten Paketkennungen (Pi) versehen sind, welche ihre Zuordnung zueinander gestatten, wobei das Freigeben (12) der Kennung (OID) nur zur Absenderkennung (RIDi) des letzten Datenpakets (3) erfolgt.Method according to Claim 7, characterized in that the data packets (3) are provided with concatenated packet identifiers (P i ) which allow their association with each other, whereby the release (12) of the identifier (OID) is sent only to the sender identifier (RID i ) of the last one Data packets (3) takes place. Verfahren nach einem der Ansprüche 1 bis 8, dadurch gekennzeichnet, daß die genannte Kennung (OID) eine Fahrzeuggerät- oder Benutzerkontokennung ist.Method according to one of claims 1 to 8, characterized in that said identifier (OID) is a vehicle device or user account identifier. Verfahren nach einem der Ansprüche 1 bis 9, dadurch gekennzeichnet, daß die Absenderkennung (RID) ein Zufallswert oder ein benutzerwählbarer Code ist.Method according to one of Claims 1 to 9, characterized in that the sender identification (RID) is a random value or a user-selectable code. Mautberechnungsserver (5) zur Durchführung des Verfahrens nach einem der Ansprüche 1 bis 10, ausgebildet zum Empfangen von Ortsaufzeichnungen (pi) und Berechnen von ortsanonymisierten Mautdaten (T) daraus, gekennzeichnet durch einen Pufferspeicher (7) zur Aufnahme der Ortsaufzeichnungen (pi) und Mittel zum periodischen, bevorzugt täglichen, Löschen zumindest der ältesten Einträge des Pufferspeichers (7).Toll calculation server (5) for carrying out the method according to one of claims 1 to 10, configured to receive location records (p i ) and to calculate location-anonymized toll data (T) therefrom, characterized by a buffer memory (7) for recording the location records (p i ) and means for periodically, preferably daily, deleting at least the oldest entries of the buffer memory (7). Ortsaufzeichnendes Fahrzeuggerät (1) mit einer Kennung (OID) zur Durchführung des Verfahrens nach einem der Ansprüche 1 bis 10, ausgebildet zum Senden (4) seiner Ortsaufzeichnungen (pi) unter zumindest einer von der Kennung (OID) verschiedenen Absenderkennung (RID), gekennzeichnet durch Freigabemittel, welche nach Verstreichen einer vorgegebenen Zeitspanne (11) die genannte Absenderkennung (RID) unter seiner Kennung (OID) versenden.A location-recording vehicle device (1) with an identifier (OID) for carrying out the method according to one of claims 1 to 10, designed to transmit (4) its location records (p i ) under at least one sender identifier (RID) different from the identifier (OID), characterized by release agents, which after a predetermined period of time (11) send said sender identification (RID) under its identifier (OID).
EP11005131A 2009-10-30 2009-10-30 Device and method for creating toll data from anonymous locations Active EP2381425B1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PL11005131T PL2381425T3 (en) 2009-10-30 2009-10-30 Device and method for creating toll data from anonymous locations
SI200930303T SI2381425T1 (en) 2009-10-30 2009-10-30 Device and method for creating toll data from anonymous locations

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP09450207A EP2320386B1 (en) 2009-10-30 2009-10-30 Device and method for creating toll data from anonymous locations

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
EP09450207.7 Division 2009-10-30

Publications (2)

Publication Number Publication Date
EP2381425A1 true EP2381425A1 (en) 2011-10-26
EP2381425B1 EP2381425B1 (en) 2012-05-09

Family

ID=41600358

Family Applications (2)

Application Number Title Priority Date Filing Date
EP11005131A Active EP2381425B1 (en) 2009-10-30 2009-10-30 Device and method for creating toll data from anonymous locations
EP09450207A Active EP2320386B1 (en) 2009-10-30 2009-10-30 Device and method for creating toll data from anonymous locations

Family Applications After (1)

Application Number Title Priority Date Filing Date
EP09450207A Active EP2320386B1 (en) 2009-10-30 2009-10-30 Device and method for creating toll data from anonymous locations

Country Status (7)

Country Link
EP (2) EP2381425B1 (en)
AT (2) ATE548713T1 (en)
DK (2) DK2320386T3 (en)
ES (2) ES2387755T3 (en)
PL (2) PL2381425T3 (en)
PT (2) PT2320386E (en)
SI (1) SI2320386T1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8321265B2 (en) * 2010-05-12 2012-11-27 Kapsch Trafficcom Ag Method for collecting tolls for location usages
ES2524148T3 (en) 2012-05-03 2014-12-04 Kapsch Trafficcom Ag Procedure and devices for the identification of a vehicle that uses a place
EP3035296A1 (en) 2014-12-18 2016-06-22 Toll Collect GmbH Method for allocating a data processing outcome created by a central data processing system to a decentralized data processing device, central data processing system and decentralised data processing device
DE202015102311U1 (en) 2015-05-06 2015-06-09 Omp Telematics Gmbh Device for billing tolls
EP3144867B1 (en) 2015-09-21 2020-06-17 Toll Collect GmbH Position data transmitting system, on-vehicle device and position data transmitting method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5819234A (en) * 1996-07-29 1998-10-06 The Chase Manhattan Bank Toll collection system
EP1457928A1 (en) * 2003-03-11 2004-09-15 Atos Origin IT Services UK Ltd. Road Charging System
EP1475752A2 (en) * 2003-05-05 2004-11-10 Vodafone Holding GmbH Electronic toll collection system and method
WO2007107001A1 (en) * 2006-03-21 2007-09-27 Skymeter Corporation Private, auditable vehicle positioning system and on-board unit for same
WO2008000227A1 (en) 2006-06-27 2008-01-03 Deutsche Telekom Ag Method and apparatus for ensuring data protection during off-board toll metering
WO2009001303A1 (en) 2007-06-26 2008-12-31 Nxp B.V. Road toll system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5819234A (en) * 1996-07-29 1998-10-06 The Chase Manhattan Bank Toll collection system
EP1457928A1 (en) * 2003-03-11 2004-09-15 Atos Origin IT Services UK Ltd. Road Charging System
EP1475752A2 (en) * 2003-05-05 2004-11-10 Vodafone Holding GmbH Electronic toll collection system and method
WO2007107001A1 (en) * 2006-03-21 2007-09-27 Skymeter Corporation Private, auditable vehicle positioning system and on-board unit for same
WO2008000227A1 (en) 2006-06-27 2008-01-03 Deutsche Telekom Ag Method and apparatus for ensuring data protection during off-board toll metering
DE102006029383A1 (en) * 2006-06-27 2008-01-03 Deutsche Telekom Ag Method and device for ensuring data protection during offboard toll collection
WO2009001303A1 (en) 2007-06-26 2008-12-31 Nxp B.V. Road toll system

Also Published As

Publication number Publication date
DK2320386T3 (en) 2012-07-02
PT2320386E (en) 2012-06-15
PT2381425E (en) 2012-08-06
ATE557373T1 (en) 2012-05-15
EP2320386B1 (en) 2012-03-07
DK2381425T3 (en) 2012-08-20
PL2381425T3 (en) 2012-10-31
ES2383852T3 (en) 2012-06-26
EP2381425B1 (en) 2012-05-09
EP2320386A1 (en) 2011-05-11
ATE548713T1 (en) 2012-03-15
PL2320386T3 (en) 2012-08-31
SI2320386T1 (en) 2012-07-31
DK2381425T5 (en) 2012-09-10
ES2387755T3 (en) 2012-10-01

Similar Documents

Publication Publication Date Title
EP2860703B1 (en) Method for checking toll transactions and components therefor
EP2381425B1 (en) Device and method for creating toll data from anonymous locations
DE102015013318B4 (en) Method for removing a motor vehicle from a target area, communication system and motor vehicle
DE60006553T2 (en) METHOD FOR MANAGING PARKING OF VEHICLES
DE102004013807A1 (en) Electronic toll system for traffic routes and method of operation thereof
EP2912856B1 (en) System and method for data-protection-compliant capture and forwarding of telemetry data
EP2541502B1 (en) Method for acquiring toll fees in a road toll system
EP2378489B1 (en) Method for DSRC communication
EP0646897A2 (en) Method and device for reserving parking space
DE4402612C2 (en) Procedure for monitoring authorized use of traffic routes and / or traffic areas
DE102014203717A1 (en) Method for data transmission
EP2994890B1 (en) Method and device for providing data for toll charging and toll system
DE19636379C1 (en) Procedure for the control of transport and tourist traffic
EP2690601A2 (en) Toll control method, toll control devices and toll system with such toll control devices
EP3772050A1 (en) Method for performing a maneuver request between at least two vehicles
EP2148305A1 (en) Method for calculating charges for using a mobile station
EP2325806B1 (en) Method for generating toll transactions
DE102018203797A1 (en) Method and device for a C2X communication of motor vehicles of a motor vehicle network
EP2503518A1 (en) Method for validating a toll transaction
DE202015102311U1 (en) Device for billing tolls
DE60204096T2 (en) Providing location-based services to a subscriber
DE60216056T2 (en) METHOD AND ARRANGEMENT IN A COMMUNICATION SYSTEM
EP3211605B1 (en) Vehicle device, system, roadside device and method for performing at least one transaction
EP3188133B1 (en) Position data processing device and toll system and method for operating a position data processing device and a road toll system
DE60205354T2 (en) SYSTEM AND METHOD FOR REGISTERING A ROUTE OF A VEHICLE WITH A MOBILE PHONE

Legal Events

Date Code Title Description
AC Divisional application: reference to earlier application

Ref document number: 2320386

Country of ref document: EP

Kind code of ref document: P

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR

AX Request for extension of the european patent

Extension state: AL BA RS

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20111021

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AC Divisional application: reference to earlier application

Ref document number: 2320386

Country of ref document: EP

Kind code of ref document: P

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

Free format text: NOT ENGLISH

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

Ref country code: AT

Ref legal event code: REF

Ref document number: 557373

Country of ref document: AT

Kind code of ref document: T

Effective date: 20120515

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

Free format text: LANGUAGE OF EP DOCUMENT: GERMAN

REG Reference to a national code

Ref country code: SE

Ref legal event code: TRGR

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 502009003497

Country of ref document: DE

Effective date: 20120712

REG Reference to a national code

Ref country code: CH

Ref legal event code: NV

Representative=s name: BUECHEL, VON REVY & PARTNER

REG Reference to a national code

Ref country code: PT

Ref legal event code: SC4A

Free format text: AVAILABILITY OF NATIONAL TRANSLATION

Effective date: 20120731

REG Reference to a national code

Ref country code: DK

Ref legal event code: T3

REG Reference to a national code

Ref country code: NL

Ref legal event code: T3

REG Reference to a national code

Ref country code: SK

Ref legal event code: T3

Ref document number: E 11928

Country of ref document: SK

REG Reference to a national code

Ref country code: DK

Ref legal event code: T5

REG Reference to a national code

Ref country code: NO

Ref legal event code: T2

Effective date: 20120509

REG Reference to a national code

Ref country code: ES

Ref legal event code: FG2A

Ref document number: 2387755

Country of ref document: ES

Kind code of ref document: T3

Effective date: 20121001

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG4D

Effective date: 20120509

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20120509

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20120509

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20120509

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20120909

REG Reference to a national code

Ref country code: PL

Ref legal event code: T3

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20120509

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20120810

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20120509

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20120509

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20120509

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20130212

REG Reference to a national code

Ref country code: CH

Ref legal event code: NV

Representative=s name: PATWIL AG, CH

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20121031

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 502009003497

Country of ref document: DE

Effective date: 20130212

REG Reference to a national code

Ref country code: HU

Ref legal event code: AG4A

Ref document number: E016045

Country of ref document: HU

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20120809

REG Reference to a national code

Ref country code: IE

Ref legal event code: MM4A

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20121030

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20120509

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20120509

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SM

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20120509

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20121030

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20120509

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 7

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 8

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: CH

Payment date: 20161020

Year of fee payment: 8

Ref country code: NL

Payment date: 20161019

Year of fee payment: 8

Ref country code: GB

Payment date: 20161020

Year of fee payment: 8

Ref country code: NO

Payment date: 20161024

Year of fee payment: 8

Ref country code: HU

Payment date: 20161019

Year of fee payment: 8

Ref country code: SK

Payment date: 20161027

Year of fee payment: 8

Ref country code: DK

Payment date: 20161019

Year of fee payment: 8

Ref country code: CZ

Payment date: 20161027

Year of fee payment: 8

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: IT

Payment date: 20161024

Year of fee payment: 8

Ref country code: PT

Payment date: 20161028

Year of fee payment: 8

Ref country code: PL

Payment date: 20161027

Year of fee payment: 8

Ref country code: SI

Payment date: 20160923

Year of fee payment: 8

Ref country code: BE

Payment date: 20161019

Year of fee payment: 8

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 9

REG Reference to a national code

Ref country code: DK

Ref legal event code: EBP

Effective date: 20171031

REG Reference to a national code

Ref country code: NO

Ref legal event code: MMEP

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

REG Reference to a national code

Ref country code: NL

Ref legal event code: MM

Effective date: 20171101

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20171030

REG Reference to a national code

Ref country code: SK

Ref legal event code: MM4A

Ref document number: E 11928

Country of ref document: SK

Effective date: 20171030

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SK

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20171030

Ref country code: NO

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20171031

Ref country code: CZ

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20171030

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20171030

Ref country code: PT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20180430

Ref country code: NL

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20171101

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20171031

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20171031

REG Reference to a national code

Ref country code: SI

Ref legal event code: KO00

Effective date: 20180605

REG Reference to a national code

Ref country code: BE

Ref legal event code: MM

Effective date: 20171031

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20171031

Ref country code: HU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20171031

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20171031

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 10

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20171030

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DK

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20171031

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PL

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20171030

P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230513

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: ES

Payment date: 20231222

Year of fee payment: 15

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: SE

Payment date: 20231019

Year of fee payment: 15

Ref country code: FR

Payment date: 20231024

Year of fee payment: 15

Ref country code: DE

Payment date: 20231020

Year of fee payment: 15

Ref country code: AT

Payment date: 20231020

Year of fee payment: 15