RU2522418C1 - High-reliability secure vehicle monitoring system configured for feedback with driver at control point - Google Patents

Abstract

FIELD: physics; control.

SUBSTANCE: invention relates to automated systems for monitoring road traffic and is intended for automatic identification of vehicles and generating an algorithm of actions with respect to further use thereof, and for real-time notification of the driver on all remarks relating to use of a vehicle as a road traffic participant. The vehicle monitoring system includes an electronic device mounted on the vehicle and capable of storing the identification number of the vehicle and information necessary and sufficient for mutual authentication of said device and devices at control points of the system, which are connected via a single telecommunication network to a distributed data base in which the obtained information is processed. To improve protection from unauthorised access, broadcast data are encrypted and accuracy of obtained information is further verified.

EFFECT: designing a reliable system for informing a driver on use of a vehicle as a road traffic participant.

8 cl, 3 dwg

Description

The invention relates to automated systems for monitoring the flow of vehicles on the road during their movement and is intended to automatically identify vehicles and develop an algorithm of actions in relation to their further operation, as well as to inform the driver in real time about all the comments regarding the vehicle as a participant traffic.

Automated (hardware-software) systems for monitoring vehicles are known, based on the principles of pattern recognition that contain video cameras, vehicle identification computers, each of which is connected to a corresponding video camera, and a server for managing and searching a vehicle in a database associated with these computers through a local area network. These systems may differ in the location of the cameras (top, side), but their common feature is the insufficiently high percentage of correctly recognized state registration marks (especially in conditions of poor visibility and at night), relatively easy misleading (dirty number, intentional visual distortion), the requirement for a special vehicle identification computer and powerful lighting devices. According to the technical characteristics of the Potok-S hardware-software complex (RF patents No. 2137202-2137204), the percentage of correctly recognized state registration marks (clean and without flaws) in the daytime is at least 95%, at night it is at least 60%, with illumination in the control zone in a vertical plane of at least 60 lux.

Stationary control posts for the movement of vehicles are known, equipped with devices or control systems based on various physical principles: radar, photoelectric, induction, Doppler, etc. (see, for example, the description of the invention to the USSR copyright certificate N 492211, class G08G 1 / 01, 1973). These systems require a low vehicle speed, do not have the ability to uniquely identify a vehicle, or require equipping vehicles with devices that can easily be deliberately damaged. As a result of this, such systems are used only when parking vehicles or when driving through guarded objects.

Systems based on satellite navigation and identification are expensive and also not 100% reliable. The accuracy of measurements of such systems depends on the design and class of the receiver, the number and location of satellites (in real time), the state of the ionosphere and the Earth’s atmosphere (strong cloud cover, etc.), the presence of interference and other factors. The quality of measurements deteriorates if the satellites are located in the sky in a dense beam or on the same line and “far” - at the horizon line (all this is called “bad geometry”) and there is interference to the signal (closing, reflecting the signal high-rise buildings, trees, mountains nearby). The most widespread satellite positioning systems are GPS systems (abroad) and the Russian analogue of this system, Glonass (Global Navigation Satellite System). As a disadvantage that impedes the widespread use of such systems for traffic control purposes, in addition to insufficient accuracy, it should be noted simplex in its physical entity the communication channel through which the location is determined. The insecurity of this channel from outside interference leads to the fact that such devices are used only with the personal interest of drivers in their presence on the vehicle or in transport companies, where it is possible to constantly monitor the absence of external interference in their work.

The closest analogue to the invention according to the set of essential features is a vehicle control system comprising an electronic device mounted on a vehicle and having the ability to store information about the vehicle, receive a signal from the requesting device and transmit a response signal to the requesting device, which is connected by a single telecommunication network with a database in which the processing of the received information occurs (see RU 2185663 C1, IPC 7 G08G 1/017, public Station July 20, 2002).

The technical problem to which the present invention is directed is to create a vehicle control system with a sufficient degree of reliability, reliability and protection against unauthorized access with the ability to provide feedback to the driver at a control point in order to inform him promptly of all comments regarding the operation of a vehicle means as a participant in road traffic. With a sufficient degree of approximation, we can say that the technical task is to create a reliable electronic equivalent of the state registration plate of the vehicle.

The technical result that determines the solution of the problem is to provide in real time at the level of a local automated post both directly control all vehicles passing through the post and automatically take an operational decision on the operation of the vehicle as a road participant, as well as the possibility of unauthorized replacement or substitution of the electronic equivalent of the state registration mark to practically unreal task to be solved.

The problem is solved in that the infrastructure for the implementation of the electronic equivalent of the state registration plate includes an electronic device mounted on the vehicle and having the ability to store information necessary and sufficient for the authentication procedure at the control point, receiving a signal from the requesting device of the control point and transmitting a response signal to the requesting device, which is connected by a single telecommunication network with a distributed The data base in which the analysis and processing of the information received takes place. In this case, the vehicle identification number is recorded using a secure protocol in its electronic device during the initial registration of the vehicle along with the result of applying the cryptographic algorithm (as one option - GOST 28147-89) to the value of the time of the last response to the signal of the requesting device of the control point in the aggregate with a code index of its location. Other quantities, including pseudo-random ones, can be introduced into this set of values.

In particular embodiments of the invention, the electronic device of the vehicle is partially non-volatile, i.e. maintaining its operability when the power is disconnected from the vehicle’s network for a period sufficient to take actions that exclude the operation of the vehicle without the electronic equivalent of a state registration mark. This electronic device is protected by a circuit that makes it an integral part of the vehicle, provided that it remains operational (as one of the options that burns its storage device when trying to remove it).

The electronic device is equipped with a receiving antenna with the ability to receive a signal without distortion from the requesting device of the control point at a distance of 4-100 m from the latter, and the frequency of the signal can lie in the range 500-10000 MHz. depending on the version.

The requesting device of the control point can be equipped with antennas with artificially limited aperture for monitoring the moments of crossing conditionally control lines: stop lines, dividing lines, parking restriction lines, etc. In general, it is located above the carriageway with the ability to capture a vehicle traveling in the lane, and keeping in touch with him until the time until the authentication procedure is completed.

The system database is distributed. It consists of a central database (CDB), which consolidates information about each vehicle on the basis of pre-processed information received through the gateways (to convert data formats) from the databases of enterprises and organizations that are somehow connected with the automotive industry. In addition to this function, information on the current location of the vehicle is tracked in a central database.

The central database servers are connected via telecommunication channels to the database servers of the regional service centers (RSC). The package of consolidated information about the vehicle arrives at the RCC of the region where it is currently located. RTC servers serve all control points in the region. The size of the region is determined by the ability to conduct without delay the authentication procedure of any vehicle located in the zone of responsibility of the RCC.

To ensure the continuity of service of vehicles when they move from one region to another, information about the vehicle is copied simultaneously to all RTCs adjacent to the current one. As the vehicle moves from region to region, the process of copying or, on the contrary, the destruction of information in the corresponding RCO takes place. This process is managed by a central database.

The main condition for the viability of any information system is its reliability in terms of hacking and the reliability of the information received. In the proposed system, this is achieved by several levels of protection, not only by using strong cryptographic algorithms, but also by logical analysis of the information received. This provides protection against unauthorized access and attempts to scan the transmitted information in order to replace the electronic equivalent of the state registration plate with another vehicle (creating a clone).

Simplified exchange of information between the "defendant" (vehicle device - TCB) and the "interrogator" of the control point (PC) can be represented as follows:

Let the TCB during the initial registration procedure be assigned an ID identifier and a certain passphrase K. In the random access memory (RAM) of the TCB, the value X (K, SL1) was written, where X is the hash function (as one of the options is GOST R 34.11- 94), and SL1 is the pseudo-random number. The time value of the initial registration procedure (T) and the location code of the control point (M) were encrypted and recorded in the UTS RAM in the form of the value Ш (Т, М), where Ш is the cryptographic algorithm (for example, GOST 28147-89), the codes of which are written to the TCB RAM along with the hash function codes X.

At the same time, the value X (K, SL2) was entered in the central database (CBD), where X is the hash function already mentioned, and SL2 is the pseudo-random, pre-selected number. In addition, the value of Ш (Т, М) is recorded in the CBD.

When the vehicle passes through the next control point, the TCB sends its ID identifier, a pseudo-random, each time new, number СЛ1 and value Ш (Т, М).

In response, the CBD sends an information packet containing SL2, the calculated value of X (SL2, X (K, SL1)) and the value of W (T + 1, M + 1), where T + 1 and M + 1 are, respectively, the value of the transit time current post and its location code ..

The TCB calculates the value of the hash function X (SL1, X (K, SL2)) and sends it to the receiving device of the control point.

The CDB also calculates the value of X (SL1, X (K, SL2)) and checks it against that received from the TCB. If the values match, the vehicle authentication procedure was successful.

At the same time, the TCB calculates the value of X (SL2, X (K, SL1)) and compares it with that received from the PC. If the PC matches, it is recognized as legitimate and the values T + 1 and M + 1 update the RAM stack.

Thus, the passphrase K is nowhere transmitted over the air in open form and is not stored openly in the CBD, and the transmitted hash values are different each time.

Although hacking X and W is a computationally difficult task, another level of protection has been introduced into the system. For its implementation, the value of Ш (Т, М) received from the TCB is decrypted and the obtained values of the time point for passing the control point (T) and its location code (M) are compared with those in the CBD. In a hypothetical hacking of a TCB, its stack will be updated with new values of VT and MN, which do not coincide with the values of T and M stored in the CDB. From this fact, it is concluded that the system has been hacked and this TS is put under control.

In addition, the obtained values of T and M can be used in the CBD to implement more in-depth algorithms for analyzing the motion of the vehicle. This circumstance is due to the property of the spatio-temporal determinism of vehicle movement. Namely: it cannot appear in a certain control point without being marked in neighboring ones along the way. If this did not happen, then a conclusion is drawn about intentional interference in the functioning of the system and an appropriate signal is issued to regulatory authorities.

Additionally, the system provides for a periodic change of the X and W algorithms, as well as the K code, i.e. in the general case, the formulas above should indicate X (t), W (t) and K (t) instead of X, W and K, respectively, where m is time.

The essential features of the implementation of the electronic state registration plate are:

- unlike patent 2185663 (electronic vehicle identification system), where extensive information about the vehicle, owner, cargo, etc., is each written in its own label, the proposed TCB system contains only the information necessary and sufficient for the authentication procedure. To analyze information about the vehicle, the fact is used that this information is already present in the databases of various enterprises and organizations of the automotive industry and access to it can be carried out by a unique vehicle identification number. Therefore, there is no need to establish special feedback with the vehicle and the time required to change the information in the tags. Information changes in a centralized distributed database (s) as necessary and becomes available by a unique identification number;

- the infrastructure for the implementation of the electronic equivalent of the state registration plate of a vehicle can be called organized with a sufficient degree of approximation based on a network-centric principle, since all control points and vehicles form a single information network;

- when passing the control point, each time the process of mutual authentication of the PC and the device of the vehicle occurs. If the result of this process is positive, the exchange of information between the TCB and the PC occurs through a secure communication channel;

- to ensure the continuity of servicing vehicles when moving from one region to another, information about the vehicle is copied simultaneously to all RTCs adjacent to the current one. As the vehicle moves from region to region, the process of copying or, on the contrary, the destruction of information in the corresponding RCO takes place. This process is managed by a central database;

- The main condition for the viability of any information system is its reliability in terms of hacking and the reliability of the information received. In our case, this is achieved by several levels of protection, not only by using strong cryptographic algorithms, but also by logical analysis of the information received. This provides protection against unauthorized access and attempts to scan the transmitted information in order to replace the electronic equivalent of the state registration plate with another vehicle (create a clone);

- the system provides for real-time feedback with the driver of the vehicle when passing the control point in the form of received audio and / or video messages about all the comments that arose regarding the operation of the vehicle as a participant in road traffic. For this, as one of the options, the TCB is equipped with a display and / or audio speakers. In addition, as one of the options, it is possible to pair with an automatic immobilizer, which can have a different design (affect the ignition system, fuel injection system, power supply system, etc.). If necessary, the signal can be duplicated by sending an SMS message to the subscriber's telephone number of the driver;

- the digital nature of the information circulating in the system allows you to pair it with special additional sensors that affect traffic safety. As one of the options, you can specify the seat belt sensors, passenger number sensors, sensors signaling the driver’s health (as an option, transmitting the results of breath tests), sensors of driver’s personal cards and / or driver’s license, etc.

- the TCB is equipped with light indicators, the signal of which can be observed outside the vehicle and which, as one of the options, can be green in the absence of comments on the vehicle, yellow - for non-critical comments of which the driver is informed, red - about the need for immediate vehicle stops at a stationary control point by traffic police.

The invention is illustrated graphically.

Figure 1 shows the spatial arrangement of the elements of the control point.

Figure 2 shows the process of copy-destruction of information about the vehicle as it moves from the zone of responsibility of one RCO to the zone of responsibility of another.

Figure 3 shows the General functional diagram of the information processing in the implementation infrastructure of the electronic state registration plate of the vehicle.

The control point for the movement of vehicles includes (Fig. 1): an arm with a transceiver of the interrogator PC 1, located in such a way as to ensure the mutual authentication of the interrogator and the TCB of vehicles 4 located in traffic lanes 2 in control zone 3.

The information received by the receiver of the interrogator PC 1 (Fig. 1) via the communication channels 5 enters the database of the regional service center (RSC). In addition to the function of information processing efficiency, the RCC database additionally performs the function of distributing the information load in order to avoid overloading the central database servers with a large flow of information. It also seems appropriate to separate the central and operational databases for backup purposes (at least at this stage in the development of computer technology).

The vehicle is monitored by the server of the current RTC, transmitting information about the vehicle as it moves along the chain to the server of the next RTC. Information is updated in the central database as the need arises from the databases of organizations and enterprises of the automotive industry through gateways that perform the functions of converting data formats.

The foregoing is illustrated in the general information processing functional diagram of FIG. 3.

Claims (8)

1. A vehicle control system comprising requesting devices located in the direction of movement of the vehicles, an electronic device mounted on the vehicle and configured to store the vehicle identification number, receive a signal from the requesting device, and transmit a response signal to the requesting device, the requesting ones the devices are connected by a single telecommunication network with a database in which the processing of the received information ies, characterized in that they create a single distributed database consisting of a central database connected through gateways to databases of enterprises and organizations of the motor transport industry, and databases of regional service centers, to which all control points of the region are closed, for the purpose of implementation in any a procedure for mutual authentication of a control point device and a vehicle device using at least one cryptographic algorithm with fixation of the conditional coordinates of this point and the time of its passage by the vehicle in the memory of these devices, and the transmission to the driver in real time of information regarding comments on the operation of the vehicle as a road user, for which the vehicle’s device is functionally inseparable from the vehicle, equipped with audio or video the device or both together, if necessary, mate with at least one sensor that reflects the condition of the car or driver and, if necessary, mate t immobilizer at least one of embodiment and operate the device control points, if necessary with the possibility of fixing the fact conditionally control lines crossing a road marking vehicle. 2. The system according to claim 1, characterized in that, in order to enhance protection against unauthorized access, at the control point, they additionally check the compliance of the values of the time of passage of the previous post and its conditional coordinates received from the vehicle with the values of these values stored in the database system. 3. The system according to claim 1, characterized in that, in order to enhance protection against unauthorized access, the values of the time of passage of the post and its conditional coordinates are stored in encrypted form using at least one type of cryptographic algorithm. 4. The system according to claim 1, characterized in that, in order to enhance protection against unauthorized access, the control point additionally perform a logical check of compliance with the principle of spatio-temporal determinism of vehicle traffic. 5. The system according to claim 1, characterized in that, in order to enhance protection against unauthorized access, the system provides for a periodic change of code words, as well as encryption algorithms and hash functions. 6. The system according to claim 1, characterized in that in order to maintain continuity in tracking the position of the vehicle, information on it when it is changed is copied simultaneously to regional centers adjacent to the current one, with its subsequent destruction as it moves. 7. The system according to claim 1, characterized in that the vehicle device is configured in such a way that it maintains its operability when the on-board power is turned off for a period of time sufficient to eliminate the on-board network malfunction or take other actions that exclude the operation of the vehicle without electronic equivalent of state registration mark. 8. The system according to claim 1, characterized in that in order to visualize the results of the procedure of mutual authentication of the vehicle’s devices and the control point, as well as visualize the state of the vehicle, its device, if necessary, is equipped with light indicators that can have a different color or shape or their a combination whose signal can be observed by regulatory authorities outside the vehicle.

Images