Enhancement of enforcing road user charging

Abstract

 The invention presents an additional method for enforcement of Road User Charging in which a pair of independently derived positions of the vehicle are compared to assess if the usage is or has been recorded correctly, the process being triggered by either Selecting (103) active road users from a Service Register (102); or from Spotting (106) a vehicle in the traffic. The positional data is derived: 1) retrieving the last recorded position from the OBU (105); 2) the positioning the vehicle by using Location Based Services (104) of a mobile network (009); 3) from Spotting (106) a vehicle (101). By comparing (108) the positions and presence on the road infrastructure the likelihood of errors in paying for use can be assessed. As well, the existence of a period pass is checked. Anonymity is ensured.

Description

Technical Field

[0001] The invention relates to the capability for enforcement of Road User Charging with the registration of the position, route and charge being done using satellite or other positioning in an on-board system in a vehicle that is also equipped with a communication device with a generic mobile data-communication device such as GPRS for sending charging and position data to a fixed, central administration for charging and enforcement.

[0002] The present invention particularly relates to enforcing the correct working of the registration by being able to compare the positional information about the vehicle comprising as recorded by the on-board unit of the vehicle with positions derived from other means such as from camera detection and from location services in the mobile network, to ensure correct working of the positioning and registration, and to detect possible errors, misuse and fraud.

Background Art

[0003] Enforcement of Road User Charging is becoming an important issue on its own. The current invention focuses on enforcement of Road User Charging - while prior art focused on charging, treating enforcement as a side issue. And that while requirements for enforcement have been the reason for expensive DSRC-based road-side equipment (gantries costing between € 150k - € 400k each) and complex and expensive on-board units (costing between € 150 and € 650 each), see "Cost Benchmark for kilometre pricing in the Netherlands", 2006, Ministry of Infrastructure and Environment, NL, p. 12, 13. Existing methods of enforcement rely for their compliance checks on road-side equipment such as DSRC and cameras and hence on an elaborate infrastructure - or intense manual presence with patrol cars. Having gantries and cameras 'everywhere' will give a psychological burden of infringement of privacy. So the infrastructure intentionally has a small footprint. This keeps the total costs high of expenditure plus lost income. See "Systeem voor Wegenvignet binnen het Vlaamse Gewest, Waalse Gewest en het Brusselse Hoofdstedelijk Gewest", versie 1.03, 13-06-2013 page 60, showing how optimal enforcement in a pure DSRC based implementation might still lead to € 50 million loss annually in a heavy goods vehicles (HGV) scheme [and it might in practice be more] - and in a national scheme for light vehicles it will be a multiple of that. The domain that HGV have to pay per kilometre is being extended far beyond national highways to provincial roads - placing even heavier demands on presence enforcement, and we get a point where the punitive approach (risk of being caught x fine) is not any more effective.

[0004] This makes a clear case for an add-on scenario for enforcement in the periphery of a road infrastructure for reducing revenue leakage, that can work everywhere at all times and can be scaled up to a national footprint with [practically] zero marginal costs, not using road side infrastructure; where the feeds can be used for example to intercept faulty users just like in a traditional DSRC-only scenario.

Road User Charging

[0005] Road User Charging (hence abbreviated as RUC) where the road user is billed for the actual distance travelled is a method to allocate costs of building and maintaining the infrastructure specifically among those who actually use the road infrastructure, leading to a fair burden of the cost among vehicle owners. Modern electronic tolling systems of European Electronic Toll Service Providers, hereafter called Service Providers, allow for the free-flow of traffic, without stops at barriers; the vehicle identified electronically and the vehicle owner gets the charge applied on their account, also when roaming. Interoperability requires a single contract with a home EETS Provider, a single account that can be used everywhere; and thus implies a same charging method and a same surveillance of proper use. Enforcement must thus also have a unified method that allows both national road users and visiting foreign vehicles the same handling.

[0006] In a Road User Charging scheme positions are determined using Global Navigation Satellite System (GNSS) navigation technology as a basis of calculating distances; but there is a problem when the navigation and recording unit and system do not properly record the travelled distance, such as happens when the positioning device is tampered with or when reception of the satellite signal is bad. In such cases positions are not calculated and a travelled distance is not recorded, hence not charged and the state or road operator receives too little money. Tampering of the registration of the position in an On-Board Unit (OBU) may be easy. Well-known methods including detaching the GNSS antenna, shielding it with aluminium foil or by spoofing the GNSS signal. Fraud and evasion of paying can quickly become a big problem if road users perceive the risk of detection as low.

[0007] Previous Road User Charging projects like the Dutch Rekeningrijden Project (Wet Kilometerprijs 2009) and HGV charging schemes nevertheless have chosen DSRC (Dedicated Short Range Communications) for enforcement for the whole country-wide road infrastructure but having the gantries on the highways and some main roads plus some mobile DSRC units; accepting the problem of the imbalance of the enforcement between highways and other roads.

[0008] DSRC (Dedicated Short Range Communications) is a short-range RFID communication protocol used for enforcement correct functioning in Road User Charging. To do so it reads a tag connected to the OBU of the vehicle. When a vehicle passes underneath the DSRC antenna, the tag is read and it discloses. In case the tag malfunctions, a picture is taken. Enforcement using the approach with DSRC becomes a problem when the domain of travelling is extended from only (some) highways or toll sections to the total road infrastructure of a country: for example in Germany (12.500 km national highways / 650.000 km Bundeswege and local roads). DSRC cannot practically be scaled from national highways to all main provincial roads. Enforcement outside of the fixed roadside equipment is possible with mobile units, but against a high cost of manual presence. The low chance of detection is countered with a high sanction, but such punitive measures are not customer friendly. Thus prohibitively high costs are incurred in enforcement when all roads need the same level of surveillance. In practice detection can be evaded in low-served areas without fixed infrastructures. And it leads to discomfort with some users who think that intentional fraud or molest of the usage collection equipment in the vehicle will never be never detected in the periphery of the country. Imbalances in enforcement will actually increase the likelihood of fraud. This might lead to excess traffic on not-enforced local roads.

Enforcement

[0009] The common concept of enforcement in Road User Charging is based on transferring itinerary parts of the travelled route for inspection, see Vis (2009). In a static variant of this scheme each road is partitioned in segments each having a beginning and end geolocation, and each being of a road type. A dynamic variant consists of active road-mapping where a map is used to determine the travelled road and road type, based on periodical positioning for the past period. For enforcing journey details are frozen, stored encrypted by a Trusted Element (TE), available locally on the OBU or centrally, for interrogation by enforcement, with freezing per declaration and real-time freezing. Spottings and passages of the vehicle are subsequently compared with this journey data. The checking can be done after a period has elapsed, for instance at month's end. This method requires road-side equipment: DSRC beacons, and/or cameras. A GNSS/CN enforcement concept is given in EG 12 (2007). In case of a spot check the OBE or the TE submits the following information: the spot check log (a number of last usage messages, including positional data), the event log (error messages and other events that may relate to fraud or defects), the vehicle registration number, time and date. The CEN standard interfaces provides access to the last position (the raw GNSS parameters), and allows sending a challenge to the OBU and retrieving a frozen journey log for instance while connected top a DSRC beacon. These interfaces can be used to advantage.

[0010] There are two basic types of on-board unit (OBU) in the vehicle used for electronic fee charging: thin and thick, and both might co-exist on the road. Position data and frozen journey logs of the OBU might be available in central equipment for enforcement at a Service Provider.

[0011] When standardizing for enforcement in a mobile network, facilities need to be implemented to register Road User Charging OBUs with their GPRS entities, clearly identifying them as members of this class or group; implementing services for locating the mobile entities of the RUC class or group; providing a telematics access to the OBU comprising client software that has access to the registry of the OBU and or Trusted Recorder including the last [frozen and encrypted] position, status and health parameters; for providing over-the-air maintenance services of the applications and data in the mobile equipment. EP 2383703 B (KAPSCH TRAFFICCOM AG) 02.11.2011 describes the use of a (WAVE) data communication system for connecting to the OBU while the position of the OBU is located using LBS on the street but just to select the right vehicle to take a picture for enforcement in case the OBU uses a non-compliant data session, so if the OBU might be failing. EP 2017790 A describes sending a challenge to the OBU and retrieving a frozen log over a CN using a SIM card for cryptographic functions - thus replacing a closed DSRC circuit wireless communication with a CN and it suggests using a SIM card with applets; and EP 2423885 Adescribes an application/applet on the SIM card to get a last [GNSS] position but this is used for checking the map function of the Service Provider in a thin client scenario, the communication going over a CN. We conclude the method using the CN to connect to the OBU and challenge the recording or getting OBU information is established, and must be used to our advantage, as an additional method alongside fixed DSRC communication channels and that using a SIM card is also established. We also conclude that using a SIM card with applications can be seen as a standard facility across all EETS providers - preferably standardizing on the ETSI standard SIM Application Toolkit.

Location Based Services and positions

[0012] In the mobile network domain Location Based Services are well known and implemented in all mobile networks and even mandatory to find users with an E911/E112 emergency call, conform the standard 3GPP TS 23.271. Any mobile entity (even without an IMSI) can be found in a mobile network. WO 2011/019569 , US 2007281712 , EP 1457928 A, EP 1435600 Adescribe various methods like triangulation of field strengths, round-trip timing differences, Observed Time Difference of Arrival, angle and phase differences, and Cell-ID referenced methods, each method having advantages, disadvantages, preciseness and a specific cost.

[0013] The elongation of two geo-positions from the two sources is calculated with the spherical law of cosines formula that gives well-conditioned results down to distances as small as 1 meter:

[0014] See: http: //www.movable-type. co.uk/scripts/ latlong.html; the distance as the crow flies being good enough to estimate proximity of two positions for enforcing road user charging; requiring map-matching would lead to spending too much money on the comparison; but map-matching could be done, under possible protest from privacy watchdogs as then also route information might be disclosed.

[0015] Location Based Services provide a position, typically in geo-coordinates, where the position that is recorded in standardized latitude/longitudinal coordinates such as with decimal degrees e.g. 48.8610, 2.3358; which may be translated into x/y coordinates e.g. -69015, 101100 for comparing to simplify map comparisons because maps with roads are also stored as vector with x/y-coordinates. The number of digits provide the preciseness.

[0016] Location based services using triangulation in a mobile network can have a high precision of less than 15 meters. LBS provides lower accuracy when the Cell-reference is used (depending on the size of the cell) and might be better in case of enhanced-Cell-ID technology, depending on the location of the cells (rural, city), the network planning, handover locations, existence of black-out areas (city canyons, hills, forests). Telecom cells have variable sizes, depending on the network planning and also on dynamic load. In rural areas many cells are often above 20 kms; in cities often less than a km up to a hundred meters. A camera position is determined with a high precision (when installed or placed) and generally allows at least 4 or 5 digits of Position Preciseness. An OBU-recorded position against a camera-spotting can be matched at all times. A Cell-ID derived position where the size of the cell is 2 km to above 10 km is widely acceptable for enforcement in a rural area. When the road infrastructure involves price differences (such as highways or objects) a higher preciseness triangulation provides a higher confidence of the output.

LBS preciseness

Latitude	Longitude	Distance shift per digit change	Example
48.8610	2.3359	11 - 15 meter	Camera, OBU, LBS
48.861	2.335	110 - 150 m	LBS, e-Cell ID
48.86	2.33	1.100 - 1.500 m	City cell
48.8	2.3	11 - 15 km	Rural cell

Interoperability

[0017] Interoperability standards of the European Commission laid down in the Directive 2004/52/EG require (article 2) at least one of the technologies of GNSS satellite positioning, GPRS and DSRC. The combination of GNSS and GPRS has been defined as a future objective for all toll and Road User Charging systems. Article 10 of the Directive promotes the use of GNSS together with GPRS as "technologies [for] electronic toll systems [that] may serve to meet the requirements of the new road-charging policies planned at Community and Member State level" to the guideline for projects after 2007; while the industry adopted all three for charging heavy goods vehicles.

[0018] Preferably GPRS is used as communication network (CN) for the telematics interface to the OBU, being selected because of its inclusion in the preferred technology of electronic fee charging schemes by the European Commission; the telematics interface comprising: being terminated either in the SIM card or being be terminated in an application in the OBU.

[0019] The SIM card of the mobile equipment can be plain vanilla but also of a type with a SIM Application Toolkit (STK) environment installed; the latter containing an environment conform 3GPP TS 43.019 for applications that can contain the applications the EETS provider and enforcement can use to their advantage; the STK environment allowing over-the-air configuration of data and applications by mobile operator and or the EETS Service Provider. The extra cost is a few euro per card.

[0020] The number plan of the IMSI/P-IMSI can be the number range as each national mobile operator provides to an EETS Provider; preferably the number plan for road users is standardized internationally such that the MNO can simply detect road users through a number analysis.

[0021] Interoperability is a critical element for enforcement in the sense of customer care, customer friendliness. Undue punitive measures are frowned upon. Two families of interoperability can be defined: Road User Charging with paying per kilometre and period-based charging, also called a Vignette system; a grand uniform enforcement is needed for both usage classes. Interoperability must be provided in a non-discriminatory way: own users and visitors must be handled equally. This implies that enforcement treats both groups similarly in both classes of electronic fee charging of area/distance based and of time/period based charging, handles vehicles in the same way and uses the same category of measures.

[0022] Interoperability must be provided in a non-discriminatory way, being a key criterion for acceptance of a scheme by the EC (DG MOVE). National users and visitors (vehicles) must be handled equally. This implies that enforcement treats both groups similarly, in both classes of electronic fee charging of area/distance based and of time/period based charging, handles vehicles in the same way and uses the same category of measures. In case the visiting vehicle can register the real usage of the visited Road Operator's infrastructure, standard enforcement maybe applied with the crosschecking of positions as elucidated in this invention. Interoperability requires that there is standardization between EETS Service Providers in the various participating countries, the OBUs capable also in other road infrastructures of recording distances; the standardization for recording the mobile entity as belonging to a vehicle in, what we will call an Interoperability Server, to which the Enforcement Agencies and Service Providers add all countries where the vehicle OBU can be granted to have access; the Interoperability Server being used for registering special information for handling by telecom operators (such as network access rights), the Enforcement Agency in the visited country and the Service Provider (that hands on a charge to the home Service Provider of a foreign Vehicle that handles the account).

[0023] Preferably, being a long term alignment goal, EETS Providers ensure a common naming of the Subscriber Identity and a common identification of Road User Charging group members for Network Operators; the Subscriber Identity being that of the OBU.

Privacy and security

[0024] Privacy is of the gravest concern to stakeholders, watchdogs and users. When an Enforcement Agency gets access to positional information such as by using location-based services or when accessing the OBU, this does not convey the trip the vehicle makes; it is a spotting in a new technology, a position is not a route. Some state that movement information and user data about commercial vehicles does not require privacy of data, others maintain it does as drivers are persons and hence needs privacy - and therefore hold the position to include anonymity in the core concept. Methods to ensure anonymity in handling user data are well known in many industries such as on-line browsing and shopping: such as US 6983379 , WO 0118631 , EP 1026603 A, EP 2242292 Ausing encryption, one-way hashing and incorporation of a Trusted Third Party (TTP) to anonymize user information. A one-way cryptographic hash is a function, such that the vehicle-ID is translated into a token of a fixed length, with the characteristic that the token cannot ever be translated back into the vehicle ID. The output length is such that the token is collision resistant and as effective as random encryption: for a given output, it is computationally infeasible to find an input that maps to this output; and for a given input, it is computationally infeasible to find a second input, that maps to the same output. The resulting cryptographic hash value is therefore unique and can be used as key in a database. The older hashing function MD5 has been broken, new algorithms like the SHA algorithms (SHA-1, SHA-2, and SHA-3) are structured differently and safer. In 2005, cryptanalysts found attacks on SHA-1 suggesting that the algorithm might not be secure enough for ongoing use in securing sensitive government data. US 2002122554 describes the concept of hashing based on SHA512 (applicable for modern 64-bits computers) being strong enough for the present application of anonymizing the vehicle identifier. A database containing the positional data of enforcement containing such a hashed Vehicle ID does not disclose anything about the vehicle or its owner. A database containing such a hashed Vehicle ID becomes a Trusted Facility and having a historical log with such a token is not seen as a potential privacy hazard. This can be used to our advantage. In the OBU environment a Trusted Element hashes the data of a declaration, with multi-level freezing such that each part contains a journey detail, and or the response to a challenge. This value is signed as elaborated in VIS, Jan. An example of a view on EETS trust and privacy in GNSS-based toll systems. The Hague: Ministry of Transport, Public Works and Water Management of The Netherlands, 2009. A real-time OBU compliance checking is also detailed in Vis (2010).

[0025] In the mobile network methods to enhance security use temporary mobile subscriber IDs comprising P-TMSI, GUTI. Each transfer of data in a session can make use of a different temporary identity being initiated by either ME or the network conform ETSI TS 123 060.

[0026] In the mobile network, user labelling by means of e.g. car registration number is offered by a special address book service: a Label Translation Service (LTS) conform UMTS 22.75 V3.0.1. An LTS contains the two identities that have to be mapped: a vehicle ID and another token such as an IMSI, P-IMSI and in an embodiment the P-TMSI, GUTI. Before being able to establish a connection to the OBU over the mobile network, a user must then request the subscriber identity of the vehicle. A similar embodiment is a Trusted Third Party that translates the vehicle ID into an encrypted hence anonymous token, in two directions. A LTS and or TTP can be used to our advantage.

[0027] A potential breach of privacy resides in a hidden aspect of any vehicle charging and enforcement system over a public mobile network: as users travel the active handovers of the mobile entity are recorded by base stations and routes can be derived from that for investigative purposes; with a mobile phone where the user has the option not use the device this is accepted; in a compulsory vehicle system the user cannot be forced in a scheme that discloses information. The Dutch national privacy body CBP has not accepted the possibility of having a vehicle logged on actively all the time during a trip with active hand-overs being registered in the mobile network in base stations and leaving a trace in the network registries, as that could lead to the perception of a 'national vehicle following system'; as a consequence the CBP required the Mobile Entity to be 'asleep' when not sending charging data. Now that poses a problem for enforcement, as then there would not be a possibility to check all current active users, because we need to know and select all vehicles driving in a road operator domain. US 2007285280 discloses a method for charging toll users in which the mobile operator determines if the cellular device is within a toll collection subscribed area by the base station analyzing if the user is entering a cell on a Location Area list, a useful concept but we note that the mobile entity installed in the vehicle that recognizes which cell it is in, then is implied to be 'always on' - in violation of the said CBP requirement. For enforcement we would miss sleeping mobile entities this way as these are not actively logged in.

[0028] Luckily, in 3G and 4G mobile networks, the network operator or the service provider can define one or more LSA(s) for a subscriber, as allowed for restricted access conform 3GPP TS 23.401; where Location Areas, Routing Areas and Tracking areas (a set of cells) are grouped into lists (here commonly referred to as Tracking Area lists), which are configured on the Mobile Entity on the SIM card by the mobile operator. The list can be configured and managed over the air in the TE. In our context, a Traffic Area List will comprise all cells and areas covering a specific road infrastructure of a Road Operator. Operators will allocate different Tracking Area lists to different groups of MEs; Road User Charging groups will have their own list, being the Traffic Area List; the mobile entity itself can be requested to monitor the cells it is moving in even while sleeping (not active) and wake up (register) once a change is noted in the domain of the area list indicating a new Tracking Area - hence in our context signifying a (change in) road operator domain; sleeping also being possible comprising periodic updating of the ME being disabled after which the network stops sending paging messages to the ME. These and similar mechanisms can be used to our advantage.

[0029] The closest prior art EP 2017790 A (PARKER, GRAHAM) 21.01.2009 (Position-based charging) compares a position from a camera with a frozen itinerary of the OBU data, it sends a location and time to the OBU over a CN as a compliance check request and later compares this with a frozen logging; it uses roadside equipment and hence cannot solve the psychological and economic challenge of enforcing everywhere against zero marginal costs. EP 2423885 A (KAPSCH TRAFFICOM AG) 06.08.2010. (Device and method for monitoring the function of a road toll system, 06.08.2010) provides a method to retrieve the last position from the OBU but uses this to monitor if the correct map was used by the Toll-charger in a thin-client solution. US 2007285280 (RENT-A TOLL LTD) 13.12.2007 (Providing toll services utilizing a cellular device) has the base station analyzing if a user is allowed to camp on a cell from a Location Area list, but this way a sleeping ME is not detected, and as elucidated we need a technical solution that can also handle sleeping MEs.

[0030] All of these applications and patents are incorporated herein by reference; but none of these references is admitted to be prior art with respect to the present invention by its mention in the background.

Problem statement:

[0031] We conclude that an enforcement method is needed that fills the gap of enforcement of a DSRC-based system for e.g. Heavy Goods Vehicles with near-zero marginal costs. The method must be capable of working with road side equipment and without road-side equipment; provide full privacy in handling sensitive data; be cost-effective; interoperate with both distance-charging and Vignette users that populate the roads; work on all roads at all times on all lanes in all weather; work when mobile entities are in a sleep state.

Glossary

[0032] 

EETS Register

A register with information about the EETS customers and OBU's of vehicles, allowing interoperability

GPRS

General Packet Radio System, a generic name for packet data in 2G, 3G and 4G, LTE, SAE, Wimax, GSM, UMTS, GERAN, UTRAN, CDMA 2000, WAVE

STK

SIM application Toolkit for 3G and 4G is defined by the GSM 11.14 and the 3GPP 31.111 standards.

Traffic Area List

A list of cells and cell areas covering the infrastructure of a Road Operator with restricted access for a mobile entity, intended for the Road User Charging group comprising a Tracking Area List

Service Register

A register in which active road users of a road operator domain are recorded, comprising Home/Visitor Location Register of a mobile network operator

Vignette

A forfait for use of the road infrastructure of a road operator in a specific period, such as a day or week, the forfait charging a fictive number of kms. Synonym: day pass, period pass. It is often a policy to charge non compliant users and those without a distance based registration a Vignette

References

[0033] 

EG 12, 2007: "Security aspects of the EETS," Expert Group 12, Final report V1.0, Apr. 5, 2007; chapter 7.4.3, EC DG MOVE

CEN 17575: "Electronic fee collection-Application interface definition for autonomous systems-Part 1: Charging," ISO Technical Specification 17575-1, Jun. 15, 2010

CEN 12813: "Electronic fee collection - Compliance check communication for autonomous systems", ISO Technical Specification 12813, Nov. 2009.

Vis (2009) : Vis J, "An example of a view on EETS trust and privacy in GNSS-based toll systems" Report Ministry of Transport, Public Works and Water Management of The Netherlands, Dec. 15, 2009.

Vis (2010): Vis, J, Trust and Privacy in Interoperable Autonomous Tolling,

ITS Congress 2010, Busan; see www.visconsultancy .eu, referring to seminal work in 2001 on multi-level freezing (micro aangiftes).

EP2017790, "Position-based charging", Palmer, Charles Graham, 21.01.2009, [0009], [0065], [0073], [0084], claims 11, 19, 20.

EP2423885 "Device and method for monitoring the function of a road toll system", Kapsch, J. Tijink et al, 06.08.2010, [0006], [0017]

US2007285280 "Providing toll services utilizing a cellular device", 07.06.2006, Rent-A-Toll, Ltd.

Summary of invention

[0034] It is an object of one version of the invention to provide a system for enforcing a characteristic of usage of traffic infrastructure (in particular comprised of roads, railways, waterways, and the like and/or gantries such as tunnels, bridges, ferries and the like as well as corresponding services) while meeting the high privacy expectations of users. It provides a portfolio of options for enforcing the correct working of a vehicle that participates in a Road User Charging scheme and includes options to not totally depend on roadside equipment for enforcement of distance-based charging and of issuing period- or day-passes. Because the road infrastructure for Road User Charging is expanded without gantries being placed everywhere, the standard methods need to be extended.

[0035] The invention provides enforcement of a correct registration of road usage where the user is obliged to record a distance based charge or has an obligation to register for a period-pass such as a Vignette.

[0036] The invention provides enforcement of a correct registration of road usage by verifying if the position of the vehicle is the same compared to several alternative ways to determine the position. The best mode contemplated of carrying out the invention does not even use roadside equipment, and thus can be used to check the correct registration on all roads under all weather conditions; this method can be used to advantage by selecting vehicles that are registered as participating in Road User Charging in the mobile network; this method can be used as an add-on in existing (DSRC-based) enforcement systems extending enforcement also to areas without roadside equipment. Thus a completely virtual setting is created: selecting done from a Service Registry while the checking of the OBU is done over the air and the localization is done using mobile network information and network based means.

[0037] The invention provides enforcement of a vehicle that participates in Road User Charging in several ways, each method providing a position the vehicle was at (being spotted on that location); where it says it was (having registered that position) and where the vehicle 'really' has its whereabouts (being located in the mobile network), and by comparing any pair of such data, errors in registration can be found.

[0038] The rationale about this form of enforcement is that an exact equivalence of a recorded distance and route (journey) is not needed but that one can suffice with checking if the OBU probably uses the correct position in its recording; where trust is built up over time in multiple comparisons. Checking if the position is correct can be done, by assuming that:

• the precise position the OBU records from GNSS always should fall inside a rough area as determined from Location Based Services; and therefore, that
• the precise location a vehicle is spotted on (e.g. a roadside camera) should fall inside a rough area of the network location as determined from Location Based Services,
• just like a spotted location should fall within the area of the recorded position,
• likewise comparing spottings with the OBU recorded position;

[0039] and when positions deviate this presupposes a non-compliant recording of usage even without checking journey details; where the correct working can be assumed based on comparisons of positions; frequent verification is as effective as infrequent detailed controlling of the recording at mostly fixed locations. Vehicles that are found to be at fault can be put on a 'grey list' to facilitate interception (stopping for inspection, as it takes place in near real time) greatly improving the effectiveness of mobile enforcement units, thus extending the triggering of interception from just beneath gantries to the whole enforced infrastructure.

[0040] Example: if there is an erroneous navigation (for instance a spoofed or replayed GNSS signal) the OBU's position and its 'place' in the network will be far off track. From a controllers point of view a frequent low precision assessment is as effective as a scarce but precise method. The result of one mismatch might not be enough for initiating prosecution but might be enough to initiate an interception (stopping the vehicle); any reported problem can also be followed up in real time again with a further investigation process such as querying the OBU. Follow-up with giving fines and prosecution is prepared with evidence records, back-office or investigators can take over to document a case to ensure it is strong enough for court purposes where a proof of passage and a proof of non-functioning of the registration are crucial for the prosecution process. This follow-up and investigation are outside of the current invention but the process may use parts thereof.

[0041] This invention uses a method of enforcement by cross-checking positional data from several independent sources. The means to retrieve or derive these positions as used for enforcement are generic and well known capabilities. Usage Parameters signify the type of charge that is to be paid can be retrieved or determined; the Usage Parameter refers to for instance a highway, city, city centre or suburban area, corresponding to a specific price plan, further comprising such dimensions as an area, an object, or a time; the vehicle determines and records the Usage Parameter; the Usage Parameter from spotting a vehicle is known.

[0042] In this invention, a first generic source of positional information about a vehicle is by asking the OBU where it thinks it is. A mobile communications connection is used to set up a telematics connection to the in-car on-board unit (OBU). This telematics interface is used to retrieve the last or current position as well as the Usage Parameters and the status, integrity and validity flags and other pertinent health and safety information from the OBU. This position information may also reside outside of the OBU, for instance at a Service Provider. Data can be signed by a Trusted Element (frozen journey) or stored in a Trusted Recorder or reside with a Trusted Third Party.

[0043] In this invention, a second generic source of positional information about a vehicle is derived from a Location Based Service (LBS) in a mobile network that is used to determine the location of the mobile entity of the OBU; LBS provides positional information independent of the registration function of the OBU. Being determined or derived independently, it can be used to verify the OBU data. Using the found geo-position, the Usage Parameters may be derived. The orchestrating process that decides on gathering additional positional information selects this input. The mobile network positioning of Location Based Services may use pinging or paging of the mobile unit, may employ triangulation methods of field strengths, round-trip timing differences, Observed Time Difference of Arrival, angle and phase differences, and Cell-ID referenced methods; Location based services may be implemented on the SIM card or reside in the network on central equipment. A mobile cell has a known position and size (even if it is dynamic). Also other systems and methods both known now and which may be discovered hereafter can be employed for determining the position of the mobile apparatus in the mobile network.

[0044] In this invention, a third generic source of positional information is spotting a vehicle comprising making a picture of a vehicle using enforcement or surveillance cameras with ANPR technology (automatic number plate recognition) while the camera position is also recorded, giving an position of the vehicle; manual-spotting input; by using other sensors such as readers of an electronic license plate; reading the electronic vehicle identity as provide by the Mobile Entity of the OBU. The camera source is varied, being a dedicated enforcement camera for the Road User Charging system, on portals and gantries on roads where the location is known; a source from mobile enforcement units and police surveillance vehicles, being attached in or on the mobile unit; a source related to for example a speed or traffic enforcement system using methods such as using inductive loops; a source from a route-based speed enforcement system and similar enforcement systems; a source from surveillance placed on border crossing infrastructure; a source being an officer who observes the traffic and keys the vehicle identifier into an apparatus the position be determined or is known; the spotting information including position, time and Usage Parameters. In an embodiment the fixed camera positions and Usage Parameters per installed camera are stored in a database (in 106). In an embodiment camera sources are polled (by 106).

[0045] A photographic camera is generically a sensor, other useful sensors comprising video cameras and sensors to read electronic license plates and mobile network-derived identification methods comprising distributing the identity over the uplink channel. Also other sensors for observation and determining the vehicle identity both known now and discovered hereafter can be employed.

[0046] A first aspect starts with random selecting a Road User Charging Mobile Entity from a Service Register, comprising the Home Location Register (HLR) or Visitor Location Register (VLR) of the mobile network; a vehicle is selected from the list of vehicles that have registered in the network with its subscriber identity (IMSI). A simple form of LBS is possible using the Subscriber ID is used to retrieve and determine the positional information, for instance directly from HLR/VLR by using the MAP ATI command to extract the cell information. The mobile network can also be used to get a position of the mobile entity of the OBU, by using Location Based Services. In an embodiment, LBS is performed on the SIM card of the ME. The position that the vehicle has been recording itself is requested from the OBU or a frozen journey (and encrypted) detail. A telematics interface is used to get the position and further data from the OBU or its Trusted Element: position, time, status information and a Usage Parameter. Subsequently the two geo-positions (vehicle position as recorded and vehicle position as determined with LBS at the same time) are compared, and errors in the matching are handled. In an embodiment, the positions can also be compared by an applet on the SIM card and the result returned.

[0047] A second aspect of our invention is to use spotting information as input; where a camera or officer observes traffic, itself having a pertinent and known position (in terms of universal geographical latitude/longitudinal coordinates) and Usage Parameter at that spot; recording the time of passage and the vehicle ID; and then determining the vehicle's position through a Location Based Service (LBS). The LBS uses the subscriber identity of the OBU to perform a determination of the position of the GPRS entity using Location Based Services on the mobile net. The outcome is a geo-location of the OBU that is passed back to the EA. Subsequently the matching apparatus compares the two geo-positions, the geo-position given by a camera or officer and the vehicle's position according to the LBS.

[0048] It is the first aspect that makes the method a virtual method: not requiring or depending on roadside equipment for enforcement and it will work on all roads under all weather conditions at all times, and hence expanding the reach of enforcement to all active road using vehicles while it fully complements controlling with fixed roadside equipment such as in gantries. It is the second aspect that provides a very cheap method of verifying correct usage recordings.

[0049] A Road User Charging vehicle is equipped with an OBU with a Mobile Entity (ME); with a SIM/USIM card; the SIM card preferably having applications, applets, modules to interface with the OBU and its Trusted Element, and to connect to the central equipment. As soon as the vehicle starts the ME is logged in to the mobile network and while travelling can log in to new cells. The MNO detects the type of user being a RUC group member for instance through IMSI analysis, and or a check of an EETS Register; subsequently registering the ME - that represents the vehicle - as a RUC type of user in a Service Register, recording the vehicle and the type comprising Distance Charging users and Vignette users.

[0050] Any vehicles from said Service Register can be Selected 103, basing the choice on identification in said Service Register as being a participant of road user charging and the type, after which a cross-check of positions can be requested - or simply the existence of a Vignette can be checked immediately. The selection from said Service Register comprising the vehicle-ID, P-IMSI of a road user, the time usage was detected, the type of road use; the selection from said Service Register being done:

• with a random selection to e.g. ensure privacy of vehicle owners;
• by filtering users from said Service Register, the users selected on the basis of the specific attribute(s) of Road User Charging, comprising: all users of a specific type; a time period;
• the current rough position based on their registered cell;
• users on a special list such as a black list, a grey list or white list.

[0051] Requesting OBU Position 105 and Requesting Localisation 104 takes place for each selected vehicle. Depending on the circumstances and sources the choice of LBS can be made on the basis of the required precision, such as that the Usage Parameters might convey. For example, with a 'high' Usage Parameter a fine-grained LBS is requested with triangulation; with a 'low' Usage Parameter a rough LBS based on a cell-ID can be used. Or with high frequency comparisons, the cell-ID can be checked in the list of Most Frequent Occurrences (fig. 5).

[0052] In comparing positions 211 the two geo-positions from 'the same time' there is a margin of time criticalness in which a second, network based positioning must be performed but it does not have to be in near-real time. A request to the OBU might return a position based on a previous 'freeze' of the journey records, so that is backwards in time to some extent. The LBS may take place a little bit later, giving a forward moment from a spotting.

[0053] Matching calculates elongation of two positions 'as the crow flies'. A time difference translates in a possible travelled distance that has to be taken in account.

[0054] To calculate the elongation E of two geo-positions, the simple spherical law of cosines formula is used:

[0055] The formula for matching positions takes care of the time differences, the slack might be in the order of a few seconds to maybe half a minute, which means that the Travelled Distance Trd can be 0,5 to 1,2 kilometres. The Lead-way parameter L designates the allowed difference; this can be within 100 m in many cases; a Cell-ID derived position where the radius of the cell is 2 km is widely acceptable for enforcement in a rural area, L being 2.000 m in this case, leading to an algorithm like:

[0056] From an enforcement point of view an outcome of zero is objectionable (indicating a common source for both); Enforcement 208 will have to follow policy guidelines and business rules of handling a case outcome. Also other algorithms can be used to determine the elongation, the matching result and the acceptability.

[0057] In case the OBU returns a signed journey log with the frozen detail corresponding to the time of spotting, the matching can only take place after opening it with the secret key distributed for enforcement.

[0058] Checking for a valid Vignette 212 optionally takes place (depending on rules): for all non-compliant users of the type Distance Charging; a selection of a vehicle from a Service Register or a received vehicle identity from a spotting that is of the type Vignette is matched against a Vignette Register 215 to check a valid entry. Said selection is done on a periodical, for instance daily basis by selecting all road users of the type Vignette and verifying if there exists a Vignette for them; and adding one if absent.

[0059] Concluding 213 the Case and handing over for follow-up takes place when there is no error, and then the Comparison Record 500 is closed. If in error, the Comparison Record 500 is handed over comprising: in Fig. 3, indirectly using the Anonymity Service that returns the Vehicle ID 33, 34 for de-anonymizing the vehicle of the case; directly using a case number 35; indirectly where vehicle IDs from open cases are hashed and the errored comparison results retrieved. A follow-up is initiated, that falls outside the scope of this invention, comprising: the case is closed; informing mobile interception teams; raising a penalty, charging a Vignette, informing the back-office with details of the offence; investigation by officers; a message sent to the OBU to inform the driver of a malfunctioning of the OBU and keeping the driver informed about the outcome of the verification (enforcement) process.

[0060] The Comparison Record (500) stores the background and details of the comparison, containing a pair of positions with details. While preferably an anonymous vehicle ID is used as primary identifier, the Case ID can also be used as key, or no anonymization measures taken. The historical records can be reviewed by an investigator to check past performance of the OBU to detect trends in an anomaly. Such a review can be automated in a root cause and fault analysis procedure.

[0061] The data-store becomes a historical database of Most Frequent Occurrences that is used for quickly looking up if the user is probably in the area designated by the given position. By retaining all spotting information and the second half of the pair of matching data a history is built up with a frequency distribution of most often occurrences of a pair. In retaining data, the set is enlarged in size every time. Thus the set is learning by example. It allows a fast, effective and efficient checking of positions, presenting e.g. the cells in which spotted vehicles by a roadside sensor are most frequently logged in.

[0062] The Case Record (not shown) registers the origin of the enforcement activity, with a Case ID (such as a sequence number); vehicle ID; the origin of the case comprising: being selected, spotted by a detection apparatus or a manual selection by an investigator; time and date; what positioning was selected; the result of the matching; checking of the Vignette; decided follow-up activities comprising identifying errors, malfunctioning, and possible fraud; a closure indicator.

[0063] All active users can be selected from a Service Register, with the MNO detecting RUC users such as through number analysis; the users are updated in said Service Register.

[0064] RUC users are preferably only registered when driving on a road operator infrastructure. In order to check this fact, the MNO creates a list of all cells and cell-areas that correspond to the road operator domain, where the two infrastructures correspond, a Traffic Area List (comprising specific tracking area list, location area list, routing area list), said Traffic Area List connoting the Road Operator Infrastructure, where such lists may be specific per RUC type, where the MNO can distribute said List corresponding to the Road Operator infrastructure to specific ME's of a RUC group of users. When a subscriber logs into such a cell, it is said to camp on that cell and from that act the vehicle is assumed to make use of the road infrastructure, the user contractually having accepted this conclusion.

[0065] In order to overcome the problem of not detecting sleeping mobile entities of OBUs, the ME is provided in a version of the invention with a monitoring unit, that actively compares a new cell with said List. Once a new cell is detected that belongs or no longer belongs to said List, the Mobile Entity wakes up and automatically logs in; and in that process a Service Register is updated; thus the ME registering in to a network (109) only once when it is starting in and when driving into or out of a domain - when passing a virtual border; allowing a sleeping Mobile Entity while it safeguards itself from trespassing a virtual border of entering onto another or outside of road operator infrastructure undetected. The result is that only active road users are registered in a Service Register (202) and can be Selected (203). This prevents queries from , to and about vehicles that are not or no longer using the road operator infrastructure.

[0066] By using the Orchestration 209 and Selecting 203 in another way the total bill of a user can be checked. The concept of statistical scanning is used for checking the individual usage of a vehicle at months' end by performing statistical scanning of road usage by 1) randomly selecting RUC-group member vehicles from a list of all RUC-vehicles comprising said EETS Register; 2) looking up if the vehicle is registered in said Service Register, a positive outcome being a 'sighting'; 3) and increment a period counter for the vehicle for each 'sighting'; the scanning having a fixed frequency and a fixed randomness. Calculating the significance of the counter totals with an estimate of road usage; Comparing the counters with the period totals of usage, where the totals of 'sightings' statistically signify an estimated usage; and compare this assessed total with the periodical total bill of a vehicle. Similarly in this way it is possible to check if the total declared usage is in an order of magnitude equal to that what the Service Provider pays the Road Operator, a gross check that also can be used in an international context.

[0067] Anonymization is a key means to attain privacy, and in one version of the invention a one-way cryptographic hash function comprising SHA-224, SHA-256, SHA-512, MD5, is used to create an anonymous token that corresponds to the vehicle ID but cannot be used to disclose the vehicle ID. To avoid duplicates in encryption, the vehicle ID is preferably expanded with the country designation. When a position is received with a plaintext vehicle ID this value is hashed 317 and the result stored as key of a position: both the primary and the secondary position are treated this way. To re-identify as to which data belongs to a given identity (vehicle) and to search the components of a case, the hash value is calculated for the identity (vehicle) again and the database is searched for that hash value, allowing an investigator to detect patterns in past encounters of that vehicle.

[0068] In one version of the invention a Label Translation Service (LTS) is used to shield the vehicle identity such as the license number from the actual GPRS-identity used as subscriber identity (P-IMSI) on the mobile data network by translating an anonymous Subscriber-ID and or an anonymous Vehicle ID; translating an anonymous Subscriber ID into a public known vehicle ID.

[0069] As explained in connection with the corresponding method above, also other systems and methods both known now and which may be discovered hereafter can be employed to enhance privacy and security and provide anonymity in the network comprising encryption of message data and connections, messages; and in the handling in the administration comprising encryption and hashing.

[0070] As explained in connection with the corresponding method above, also other systems and methods both known now and which may be discovered hereafter can be employed to provide the OBU with positioning, comprising existing and new GNSS Satellite beacons, such as GPS, Galileo, land-based beacons, such as WAAS and EGNOS, comprising plain signals or having an authentication information in the signal; the position and navigation apparatus of the OBU being outside of the invention.

[0071] As other systems and methods both known now and which may be discovered hereafter for determining the position of a vehicle and the type of usage of the infrastructure, the method of crosschecking independently derived positions can be expanded.

[0072] As explained in connection with the corresponding method above, also other systems, apparatus, databases, servers and methods both known now and which may be discovered hereafter can be employed for determining the location in the network, for connecting to the OBU.

[0073] In a certain embodiment, the telematics interface of the stationary apparatus to the OBU is a proxy. In a certain embodiment the interface to get the position using LBS is a proxy.

Benefits

[0074] A benefit of one version of the presented enforcement method is that it provides the possibility of selecting methods out of a portfolio of surveillance techniques and giving a perceived equally dense enforcement on the whole infrastructure of the road operator without pertinent black spots or gaps, not wholly being dependent of roadside equipment, while all kinds of (preferably certified) existing camera's can also be used as input. The scheme can be implemented as an addition to DSRC-based enforcement, being fully interoperable; or can be used independently as a stand-alone GNSS/CN enforcement solution.

[0075] A benefit of one version of the invention is that it provides interoperability of Road User Charging by handling all interoperable OBUs from the own population of an EETS Provider similarly to those of other EETS Providers, such as foreign vehicles.

[0076] A benefit of one version of the presented enforcement method is that Enforcement of Road User Charging can be executed in all road infrastructure whether on highways or local roads, in cities or in the suburbs, in all weather conditions at all times, on all lanes at the same time, while ensuring privacy.

[0077] A benefit of one version of the presented enforcement method is that users of the RUC type Distance Charging and Vignette are registered immediately when entering the road operator domain, increasing the compliance without depending on roadside equipment (gantries, cameras) for punitive enforcement.

[0078] A benefit of one version of the presented enforcement method is that it allows great savings in the roadside equipment for solutions using DSRC; as well in a stand-alone solution as possibly great savings on the on-board unit and its installation and maintenance processes; in short great reduction in CAPEX and OPEX.

[0079] Thus a method is presented that allows enforcement of Road User Charging with or without roadside equipment, by being able to assess if two independently derived positions of and about the OBU, its mobile entity and the vehicle itself have a likelihood of being the same, and hence to assess and assume if the OBU is working correctly.

[0080] Thus, input handling apparatus, the apparatus for gathering additional positional information, the matching apparatus and the apparatus for handling errors build up a system for enforcing a characteristic of usage of traffic infrastructure (in particular comprised of roads, railways, waterways, and the like and/or gantries such as tunnels, bridges, ferries and the like as well as corresponding services) for automobiles, small vehicles, for small freight and for heavy freight vehicles that in one embodiment can be used as an add-on to an existing enforcement system or in an other embodiment can stand alone.

Detailed Description of the invention

[0081] The present invention is further elucidated by the following figures and examples, which are not intended to limit the scope of the invention. The person skilled in the art will understand that various embodiments may be combined.

Brief description of drawings

[0082] These and other aspects of the invention will be apparent from and elucidated with reference to the embodiment described hereinafter. In the following drawings,

• Fig. 1 shows the general process of enforcement according to the present invention
• Fig. 2 shows the enforcement handling process of comparing a pair of positions of a vehicle
• Fig. 3 shows privacy enhancing techniques to allows anonymity in handling enforcement
• Fig. 4 shows an overview of the algorithm of handling a case
• Fig. 5 shows a data-structure

Description of embodiments

[0083] The enforcement handling is described as an enforcement method that selects, receives and compares independently derived positions of a vehicle with an OBU with mobile data access to detect non-compliant users to find evidence if there is a difference in the recorded, observed or determined positions of a vehicle.

[0084] Fig. 1 shows the scheme of three methods of gathering positional information for enforcement of Road User Charging in which the methods provide a set of independently derived positions of the vehicle that can be compared to assess if the usage is or has been recorded successfully. By comparing the positions and presence on the road infrastructure the likelihood of errors can be assessed. The process is triggered by either selecting active road users or from spotting a vehicle in the traffic. Positional information is gathered from a camera, from the OBU recording or from location based services.

[0085] Fig. 1, where a Vehicle 101 logs in to a mobile data network 109, and the subscriber identity and further details such as time, type and current cell are recorded in a Service Register 102.

[0086] Fig. 1, where Enforcement 108 receives a Vehicle Identity of an active vehicle 101 from a selection device that has, preferably randomly, selected a vehicle participating in the Road User Charging (RUC) from all active vehicles from a Service Register 102, comprising basing the choice on an identification in said Register 102 as being a participant of the RUC, after which the positions can be cross-checked.

[0087] Fig. 1, where Enforcement 108 requests the last position 105 and Usage Parameters of the vehicle that the vehicle OBU has determined by means of GNSS and or other means; by establishing a telematics connection with the on-board unit OBU over the mobile data communications network 109, to retrieve the last used or recorded position and Usage Parameters of the vehicle 101; and/or retrieving the status, integrity and health indicators that the OBU keeps of its own functioning; with the time-stamp.

[0088] Fig. 1, where Enforcement 108 requests the determination of the position of a vehicle 101 by requesting Location Based Services (LBS) 104 I a mobile network; comprising triangulation or retrieving the current cell of the vehicle's ME, optionally converting the current cell-ID to a rough set of latitude/longitudinal coordinates based on the known location of the cell; with a time-stamp.

[0089] Fig. 1, where a camera or officer observes 107 a vehicle 101 making use of the road while the spottings are handled by Spotting 106 and the Vehicle ID is sent to Enforcement 108 with positional data, Usage Parameters and time-stamp, said Spotting also including means such as polling.

[0090] Fig. 2 shows a high level flow of the process of and including Enforcement 208, where the following sequence or similar steps can be executed, comprising:

[0091] Step 1, showing the process of Orchestrating 209 leading to Selecting 203 logged-in vehicles in a Service Register 202; optionally basing the selection on an EETS Register 214; or Receiving spottings 206 of a vehicle from a camera source preferably through a random polling process; and subsequently

[0092] Step 2, Gathering 210 additional positional and usage information from or about the vehicle; one source being by Requesting 205 the position as recorded by the vehicle OBU comprising the last position; another source by requesting 204 the position that the mobile entity has according to the mobile network's location based services; storing the received positional data preferably with an encrypted Vehicle ID; while creating a Case 218;

[0093] Step 3, Comparing 211 the outputs from the previous processes, verifying if it concerns the same or similar position at the same time; where the Usage Parameters from the sources must be equal; where the said comparison is executed with certain quality boundaries, to cater for differences in underlying technologies and purpose of enforcement and time differences; assessing the output of the comparison of the previous step for the likelihood of a temporary mislocation in using the GNSS (such as a long first time to fix) or of a serious malfunctioning of the GNSS unit of the vehicle's OBU in recording a position; and if in error, making a choice of an iteration or of proceeding with handling the error; the comparison being made comprising active calculation of elongation between the positions; and a lookup of most frequent combinations of previously encountered positions in a historical database. The Comparing 211 optionally being performed in the mobile apparatus comprising in the SIM card, to which the first position has been sent; the mobile apparatus thus performing a step on receiving a position with a time, a step of Requesting 205 the position from the OBU with a time, a step of Comparing 211 of received and requested positions, a step of concluding 213 on the outcome; a step of sending a response to the stationary apparatus.

[0094] Step 2, further comprising Orchestration 209 filtering all received users of the type Vignette for checking of a valid Vignette 212;

[0095] Step 4 Checking 212 the entry of the vehicle ID in a Vignette database 315 if needed, such as determined in the policy of handling non-compliant road users; the Vignette database 315 preferably being anonymized;

[0096] Step 5 Concluding 213 on the basis of the previous steps if the Case 218 shows a (serious) error or fraud of a vehicle's registration of positions; reversing anonymization; initiating follow-up activities for the Service Provider (comprising informing the user through a user interface of the OBU and sending letters, filing a fine) or law enforcement, and updating Case 218 with the findings.

[0097] Fig. 3 shows a high level view of the invention to create an administrative domain that works with anonymous subscriber identities of vehicles to enhance privacy in processing. The processes of fig. 2 are rearranged to show the flow of information in the domains of public handling to the right and anonymous handling to the left. The Anonymizing Service 317 provides anonymization in the translation and transformation of a [readable] Vehicle ID it receives in a non-corresponding and anonymous token.

[0098] In fig 3, the Anonymizing Service 317 thus having two sides: the side with anonymity 317-a to the left, and the side with public readable vehicle ID's 317-p on the right. The left side of Enforcement 308-anon contains the massive and automated handling of anonymously comparing positional information. Such a split is a key component in the design of the invention as it answers the grave concerns with the public and politics about having a method for continuous gathering and storing of positional enforcement information about vehicles while ensuring privacy and security, these aspects being critical for acceptance by stakeholders.

[0099] Fig. 3 further shows Orchestration 309 handling input from Selecting a vehicle 303 and receiving a Vehicle ID from the camera interface 306. This data with Vehicle ID is first 31 passed on for anonymizing 317 into an anonymous token; and then handed on 32 to the activity of Gathering 310 additional positioning information about the vehicle. The pairs of positional data are Stored 316 anonymously in a datastore. From the moment of anonymizing the subsequent handling up to and including Comparing and matching positions 311, Checking 312 a Vignette 315 is done with full respect of privacy in the anonymous domain of Enforcement 308-anon. The telematics retrieving positions 305 and the LBS positioning 304 are initiated in this anonymous domain. The process of Follow-up 313 with deciding on actions is performed in a domain 308-publ of publicly known and readable Vehicle ID's.

[0100] In fig. 3, the output of Comparing 311 is handed over to Concluding 313 and hence enters the public domain again. This process comprising 1) the still anonymous ID is passed back 33 to the Anonymization Service 317 that returns the vehicle ID, when a reversible encryption is used, what we can call a push-service; 2) Follow-up 313 receives the output, based on a case-ID, also a push-service; 3) the vehicle ID is hashed and the returned hashed value is used to find the records corresponding to this key, what we can call a push-service, the latter being indirect hence needing a polling from the output handling with a short as possible delay, but this model might be optimal in privacy by not disclosing any details, not even a case ID.

[0101] Fig. 4 shows a workflow that starts with triggering information of receiving selected users 403 and of receiving spotting information 406 and then deciding what to do: if the user is registered in an EETS Register as a Vignette type user, the vignette is checked 212; if the user is of Distance Charging type then the OBU position is retrieved 405; if the Usage Parameter from the triggering information or from the OBU result (Usage Parameter being part of the received output from 405, this dataflow not shown) is 'low', then a rough LBS is requested 404; if the Usage Parameter is 'high' then a precise LBS with e.g. triangulation is requested 404; the results are compared as pairs by Comparing 411 and in case there is no issue at all, the Case 218 is discarded; if there is non-compliant usage of the road, the Vignette is checked 212; and outside of the current invention, in case there is an administrative follow-up, the back-office of enforcement is informed; in case there is reason to doubt fraud or an offence, the Case 218 is handed over for investigation.

[0102] Fig. 5 shows a possible data structure of the central store of Comparison Records. It shows a record comprising four parts: the identifier comprising a case ID, a vehicle ID, temporary P-IMSI; preferably a hashed vehicle ID 501; information about the source 501; the primary positional information 502; the secondary positional information 503; the results of comparing and matching 504; status and follow-up steps 505. Over time, the case-specific parts 501, 505 might be deleted thus retaining only a database of Most Frequent Occurrences where the primary key becomes the fist position 502.

[0103] Summarizing, an enforcement for road pricing has been disclosed in which a vehicle that participates in Road User Charging can be checked by Enforcement in several ways, each method providing a position the vehicle was at (being spotted on that location); where it says it was (having registered that position) and where the vehicle 'really' has its whereabouts (being located in the mobile network). Enforcement is diversified because of the methods that have been introduced of comparing a pair of independently derived positions of the vehicle can cooperate seamlessly with existing methods and handling. Enforcement can be done even without roadside equipment because active road-using vehicles can be retrieved from a Service Register through a selection process of vehicles, where all users are registered - including even when their mobile entity is 'asleep'. The method of enforcement provides solutions for interoperability by automatically checking each interoperable foreign vehicle as distance-registering user or as one requiring a day-pass or Vignette - all within rules and regulations, providing interoperability and non-discrimination, for example that a non-compliant user must then have a Vignette. The method provides a secure and privacy-preserving way of handling enforcement.

[0104] While the invention has been illustrated and described in detail in the drawings and foregoing description, such illustration and description are to be considered illustrative or exemplary and not restrictive; the invention is not limited to the disclosed embodiments.

[0105] Other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed invention, from a study of the drawings, the disclosure, and the appended claims.

[0106] In the claims, the word "comprising" does not exclude other elements or steps, and the indefinite article "a" or "an" does not exclude a plurality. A single element or other unit may fulfil the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measured cannot be used to advantage.

[0107] Any reference signs in the claims should not be construed as limiting the scope.

Claims

1. 1. Method in a stationary apparatus for enforcement of at least one characteristic of Road User Charging (RUC) to provide electronic surveillance of Road User Charging also in places without any road side equipment, the method being characterized in, that: processing in said stationary apparatus of position information of a vehicle, to assess correct registrations, comprising methods for: a) Selecting (103) vehicles from a Service Register (102), b) Receiving spottings (106) of vehicles; c) Requesting positional information from Location Based Services (104) and from the OBU (105) of the vehicle; d) Comparing (211) and matching a pair of positions; detecting errors e) Checking (212) a valid Vignette, f) Concluding (213) and handing over.

2. Method according to claim 1, wherein the step of Selecting comprises the users being selected on the basis of the specific attribute(s) of Road User Charging, the selection method comprising: using methods and or using statistical methods, to select users comprising based on: a type; a time period; their registered cell; a special list such as a black list, a grey list or white list.

3. Method according to claim 1 or 2, wherein the step of Requesting comprises: i) a request made for a positioning of the Mobile Entity using Location Based Services (LBS) (104) from the Mobile Network Operator (MNO) comprising: triangulation methods of field strengths; round-trip timing differences; Observed Time Difference of Arrival; angle and phase differences; and Cell-ID referenced methods; comprising signals from base stations or from other stationary beacons; using the current cell information; the SIM card or an application on the SIM card providing its current cell information and/or sending multiple current cell reception data; ii) a request made for the last position as recorded by the OBU (105), comprising: to get the last position; a frozen journey log; a part of a frozen log; and or sending a challenge to the OBU.

4. Method according to claim 1 or 2 or 3, wherein the step of Comparing (211) and matching comprises: a step for calculating and assessing differences between positions; a step of comparing a position (502) with the Most Frequent Occurrences (503) and assessing differences; a step for verifying and detecting errors and determine a good or bad match; a step of reviewing data retrieved from the OBU comprising health, security, integrity, status information, GNSS-authentication codes; a step for decrypting received frozen journey details.

5. Method according to any of the preceding claims, to create a Trusted Facility (318-anon), further comprising a step of anonymizing data by one-way hashing a Vehicle ID into a hashed anonymous token comprising a SHA-512 one-way cryptographic hash (501); said data comprising positional data (500) and or vignette data and or case data (218).

6. Method in a stationary apparatus for checking usage totals of a period using the mathematical model of statistical scanning characterized in, that: a step of randomly selecting RUC-group member vehicles from a list of all RUC-vehicles and being registered in Service Register (202); a step of incrementing a period counter of 'sightings'; a step of calculating the significance of the counter totals with an estimate of road usage; a step of comparing the counters with the period totals of billed usage; a step of comparing this assessed total with the periodical total bill of this vehicle.

7. Method in a mobile apparatus to provide a position and details and ensure privacy, the method comprising: i) getting the last or current position or journey log from the OBU; ii) sending OBU information, comprising position, status, to the stationary apparatus. iii) actively monitoring cells in the mobile network to decide if it is needed to log in to a new cell.

8. Method according to claim 7 wherein the step of retrieving positions from the OBU, comprising: i) getting the position the OBU is using for the route registration, comprising getting the last GNSS position comprising using a standard interface; ii) getting a frozen itinerary log comprising using a standard interface; iii) challenging the Trusted Recorder or Trusted Element with a time to obtain a frozen log containing the position or journey detail with said timestamp comprising using a standard interface.

9. Method according to claim 7 or 8 wherein the step of ensuring that Mobile Entities of vehicles cannot be traced in the network while enforcement is still possible, comprising: i) a method of monitoring current cells versus a Traffic Area List when active or asleep, comprising the mobile entity deciding to log in and out with changes; ii) a method of distributing configuration of automatic periodic updating in the network and by the Mobile Equipment and of Traffic Area Lists.

10. Stationary apparatus for a system for enforcing at least one characteristic of road user charging, the apparatus comprising: selecting means to select vehicles as defined in claim 2; receiving means of spottings as defined in claim 1 b); means of requesting at least one position from the OBU of a vehicle as defined in claim 3 ii); means of requesting at least one localisation of a vehicle as defined in claim 3 i); Comparing means as defined in claim 4; Checking means of a vignette as defined in claim 1 e); Means of Registering a vehicle in a Service Register (102); Means of storing position data anonymously as defined in claim 5; Means for statistical scanning of usage as defined in claim 6; Transmitting means to send a request for a position information to the mobile apparatus as defined in claim 7 i), and to distribute traffic area lists as defined in claim 9 ii); Receiving means to receive at least one position as defined in claim 7 iii).

11. Mobile apparatus for a system for enforcing at least one characteristic of road user charging, the apparatus comprising: Monitoring means, for executing the steps in claim 9; Receiving means, configured to receive a request from the stationary apparatus; Processing means configured to execute the steps of claim 8 i) to iii); Transmitting means to send position information to the stationary apparatus.

12. System for enforcement of road user charging, the system being characterised in, that: it comprises at least one stationary apparatus as defined in claim 10 and one mobile apparatus as defined in claim 11; in particular with a mobile communication path between the apparatus; the communication comprising making use of temporary identities, and/or Triple DES (112 bits), AES (128, 192, 256 bits), X9.71 HMAC.

13. Method according to any of preceding claims 1 to 9, the stationary apparatus according to claim 10, a mobile apparatus according to claim 11, wherein the data-communication comprises any existing or new or to be invented wireless data-communication networks comprising GSM, UMTS, GERAN, UTRAN, CDMA 2000, LTE, SAE, Wimax, GPRS, peer to peer and meshed networks, WLAN, mobile WiMAX, wireless access in vehicular environments (WAVE), vehicle-to-vehicle networks, vehicle-to-roadside networks; wherein the positioning is performed comprising using GNSS, mobile network beacons, land-based beacons such as WAAS and EGNOS; wherein the mobile equipment comprises fixed on-board units, fixed or ad-hoc mobile entities comprising OBUs, mobile phones, route planning terminals, navigation equipment, smartphones, emergency calling mobile entities, other mobile entities of and placed in a vehicle; wherein the road operator infrastructure comprises highways, highway segments, toll-roads, cities and city-centers, tunnels, bridges, ferries and the like with clearly demarked entry and exit points, a road on a national, federal or local scale.

14. Computer program product comprising data which when executed on a processor causes the processor to perform the steps of one of the method Claims 1 to 9.

15. Data sequence signal corresponding to the data comprised by the computer program product according to claim 14.

Drawing