Communication device and system for mobile encrypted communication

Abstract

An automatic collection system for automatically collecting a toll charge from an IC card is provided with transceivers in gantries installed along a vehicle road. This collection system uses the transceivers to perform communication with a vehicle-mounted device based on the use of encrypted data. The vehicle-mounted device performs the encryption and decryption of the communication data before its entry into the communication area of the gantries and after its passage therethrough. Also, writing of the data into the IC card, etc. are also performed using encrypted data. However, an algorithm which differs from that used in encrypting the data stored in the IC card and which enables the execution of the high speed processing is used for encrypting the communication data. As a result, since the encryption and decryption of the data is performed only in the roadside device side during communication and this encryption and decryption can be performed at a high speed, the communication time can be shortened to perform accurate data communications within a limited period of time while the vehicle is travelling.

Claims

What is claimed is:

1. A communication device for installation in a vehicle to perform a communication operation with a roadside device when said communication device is within a communication area of said roadside device, said communication device comprising:

drive means for receiving an IC card that stores predetermined card data;

communication means for performing said communication operation with said roadside device by transmitting transmission data generated based on said card data to said roadside device and by receiving reception data from said roadside device when said communication device is within said communication area of said roadside device; and

cryptographic means for encrypting, using a first encryption algorithm, said card data read through said drive means to generate said transmission data and for decrypting, using said first encryption algorithm, said reception data to obtain decrypted data,

said cryptographic means further encrypting, using a second encryption algorithm different from said first encryption algorithm, a result of said communication operation, and storing said result of said communication operation encrypted using said second encryption algorithm in said IC card through said drive means.

2. A communication device according to claim 1 wherein said communication device is mounted on a vehicle.

3. A communication device according to claim 2, wherein said cryptographic means encrypts said card data before said vehicle enters said communication area of said roadside device.

4. A communication device according to claim 1, wherein said cryptographic means decrypts said reception data after said communication means completes said communication operations with said roadside device.

5. A communication device according to claim 2, wherein said first encryption algorithm has a higher processing speed than said second encryption algorithm.

6. The communication device according to claim 1, further comprising:

verification means for causing said cryptographic means and said IC card to perform a mutual verification operation by exchanging predetermined verification data therebetween when said IC card is inserted inside said drive means and before said cryptographic means generates said transmission data,

wherein said cryptographic means generates said transmission data including a result of said mutual verification operation.

7. A communication device according to claim 6, wherein said predetermined verification data exchanged between said cryptographic means and said IC card is encrypted by said second encryption algorithm.

8. A communication device according to claim 6, further comprising:

error determination means for determining an error in operation of said cryptographic means, said communication means, said drive means, said IC card, and said verification means, and for adding error data indicative of said determined error to said transmission data.

9. The communication device according to claim 1, further comprising:

error determination means for determining an error in operation of said cryptographic means and in said communication means, and for adding error data indicative of determined errors to said transmission data.

10. A vehicle monitoring system for monitoring a vehicle that cruises along a road, said system comprising:

a vehicle-mounted device mounted on said vehicle; and

a roadside device for emitting signals towards a predetermined communication area, said roadside device being installed along said road and performing a communication operation with said vehicle-mounted device when said vehicle is within said communication area,

wherein said vehicle-mounted device comprises:

drive means for receiving an IC card that stores predetermined card data;

communication means for performing said communication operation with said roadside device by transmitting transmission data generated based on said card data to said roadside device and by receiving reception data from said roadside device; and

cryptographic means for encrypting, using a first encryption algorithm, said card data read through said drive means to generate said transmission data and for decrypting, using said first encryption algorithm, said reception data to obtain decrypted data,

said cryptographic means being further for encrypting, using a second encryption algorithm different from said first encryption algorithm, a result of said communication operation of said communication means and storing said result of said communication operation encrypted using said second encryption algorithm in said IC card through said drive means.

11. A vehicle monitoring system according to claim 10, wherein said vehicle-mounted device and said roadside device perform communication operations using communication data that includes an encrypted part and an unencrypted part.

12. A vehicle monitoring system according to claim 11, wherein said communication operations are performed to carry out a toll charge process when the vehicle travels along a toll road, said communication data comprising identity data intrinsic to said vehicle-mounted device and said IC card, process data used for said toll charge process and incidental data other than said identity data and said process data, both said identity data and said process data being encrypted and forming said encrypted part, said incidental data being unencrypted and forming said unencrypted part.

13. A vehicle monitoring system for monitoring a vehicle that cruises along a road, said system comprising:

a vehicle-mounted device mounted on said vehicle; and

a roadside device for emitting signals towards a predetermined communication area, said roadside device being installed along said road and periodically emitting a pilot signal towards said communication area, said roadside device terminating the emission of said pilot signal after said vehicle enters said communication area, performing a communication operation with said vehicle-mounted device by sending and receiving communication data to and from said vehicle-mounted device while said vehicle is within said communication area, transmitting a transmission completion signal to said vehicle-mounted device to indicate completion of said communication operation, and restarting the emission of the periodic emission of said pilot signal after completing said communication operation with said vehicle-mounted device,

wherein said vehicle-mounted device provides a pilot response signal to said roadside device after receiving said pilot signal from said roadside device and subsequently starts said communication operation with said roadside device, said vehicle-mounted device receiving said transmission completion signal from said roadside device after completing said communication operation with said roadside device,

said roadside device terminating said emission of said pilot signal after receiving said pilot response signal from said vehicle-mounted device and starting a periodic emission of said pilot signal immediately after sending said transmission completion signal.

14. A vehicle monitoring system according to claim 13, wherein:

said roadside device sends an unmodulated carrier wave for a predetermined time period to said vehicle-mounted device after sending one of said pilot signal and said communication data to said vehicle-mounted device;

said vehicle-mounted device generating said communication data by modulating said carrier wave signal based on predetermined transmission information and providing said communication data to said roadside device; and

said vehicle-mounted device sending a completion request signal to said roadside device after completing said communication operation with said roadside device unless said roadside device sends said transmission completion.

15. A vehicle monitoring system according to claim 13, wherein:

said roadside device is installed in one of an entrance and an exit of said road, said roadside device decrypting said communication data indicative of toll payment information from said vehicle-mounted device during said communication operation with said vehicle-mounted device, said roadside device performing a toll charge operation to collect a toll charge from said vehicle-mounted device based on said toll payment information, and encrypting a result of said toll charge operation and sending said encrypted result to said vehicle-mounted device;

said vehicle-mounted device sends said encrypted data indicative of said toll payment information during said communication operation with said roadside device;

said vehicle-mounted device receives said encrypted result of said toll charge operation from said roadside device, and decrypts and stores said result; and

said vehicle-mounted device and said roadside device transmit said communication data using a common format.

16. A device for installation in a vehicle for communicating with a roadside device installed in the vicinity of a road traveled by the vehicle, said communication device comprising:

an IC card reader for reading predetermined card data from an IC card, said IC card comprising storage media for storing said predetermined card data;

an encryptor for encrypting, using a first encryption algorithm, said predetermined card data;

a wireless transmitter transmitting to said roadside device transmission data generated based on said predetermined card data and comprising the encrypted predetermined card data;

a wireless receiver receiving from said roadside device reception data when said vehicle is within a predetermined communication range of said roadside device; and

a decryptor for decrypting, using said first encryption algorithm, said reception data;

an encryptor for encrypting, using a second encryption algorithm, data resulting from said communication between said communication device and said roadside device, said second encryption algorithm being different from said first encryption algorithm; and

a write mechanism for storing the encrypted data resulting from said communication in said IC card.

17. A communication device according to claim 16, wherein said first encryptor encrypts said predetermined card data faster than said second encryptor encrypts said data resulting from said communication.

18. A communication device according to claim 16, wherein said communication device is mounted on a vehicle.

Description

BACKGROUND OF THE INVENTION

1. Field of the invention

The present invention relates to a vehicle-mounted communication device which performs data communication using encrypted data with a roadside device disposed along a vehicular road. The present invention also relates to a cruising vehicle monitoring system which includes this vehicle-mounted device and the roadside device for monitoring vehicles that travel in the vicinity of the roadside device. In particular, the present invention relates to a device for performing automatic collection of a toll charge from a vehicle that travels along a toll road.

2. Description of Related Art

A toll charging system for automatically collecting a toll charge from a vehicle travelling along a toll road is well-known. This toll charging system includes a communication device (i.e., a roadside device) that is installed at an entrance or exit of the toll road and a communication device (i.e., a vehicle-mounted device) that is installed in a vehicle that travels along the toll road. This vehicle-mounted device transmits vehicle passenger data and method of payment data in response to an inquiry from the roadside device. This toll charging system performs automatic toll charge collection in the roadside device based on the transmission data from the vehicle-mounted device.

Meanwhile, in the above-mentioned system, because private information such as toll charge data, vehicle data, passenger data and the like are transmitted via radio communication between the vehicle-mounted device and the roadside device, there is a possibility that such data will be intercepted and wrongly used by a third party. For example, when a cash card is used for paying the toll charge, there is a possibility that cash card information will be intercepted and wrongly used.

Accordingly, in order to solve the above-mentioned problems, for example, one well-known proposal as disclosed in U.S. Pat. No. 5,310,999 proposes the execution of data communication between the vehicle-mounted device and the roadside device using encrypted data, which is obtained by encrypting the data to be transmitted, so that the contents of the data will be incomprehensible to the third party that intercepts such data.

Meanwhile, in the above-proposed system, because a known standardized encryption protocol such as the Data Encryption Standard (DES) algorithm for performing the reading and writing of data with respect to an IC card or the like is used for encrypting the communication data, the communication data between the vehicle-mounted device may be under certain circumstances decrypted relatively easily after such data is intercepted and analyzed. In this way, there may be problems regarding the confidentiality of data. Also, because it takes the DES algorithm a significant amount of time to perform the data encryption operation and because it is difficult to speed up this DES algorithm, the following problem occurs when the vehicle is moving fast and the DES algorithm is taking a significant amount of time in encrypting the transmission data and decrypting the reception data during communication operations between the vehicle-mounted device and the roadside device. That is, the vehicle-mounted device might leave a communication area of the roadside device before data communication operations are finished after the vehicle-mounted device enters the communication area of the roadside device.

For example, in the above-described toll charging system, when the vehicle-mounted device writes data (e.g., toll collection data) into a cash card or the like, and, after completion thereof, encrypts this data and transmits the encrypted data to the roadside device, the vehicle-mounted device first decrypts the data transmitted from the roadside device in order to perform the toll collection, then writes the data into the cash card or the like based on such decrypted data, encrypts the resulting data and transmits the encrypted result to the roadside device. However, it takes the foregoing system a significant amount of time to perform decryption of the data from the roadside device and encryption of the data to be transmitted to the roadside device. For example, assuming that the amount of time needed for the respective encryption and decryption operations is 30 ms and the cruising speed of the vehicle is 120 km/h, the vehicle travels one meter each time the vehicle-mounted device performs one encryption or decryption operation. On the other hand, since the communication area of the roadside device is set usually to a size that corresponds approximately to the size of the vehicle to prevent a plurality of vehicles from simultaneously entering into it, the travel distance of the vehicle within the communication area will be a few meters or so. Accordingly, in a highway where vehicles travel at speeds of approximately 120 km/h, because the encryption and the decryption operations need to be executed in both the vehicle-mounted device and the roadside device even during one-way communication to perform normal data communication between them, data communication (two-way communication) between the roadside device and the vehicle-mounted device can be performed once or twice at the most. If there are more communication operations, the vehicle-mounted device will go out of the communication area before communication operations are completed and thus, normal data communication becomes impossible.

On the other hand, in order to solve the above-mentioned problem, one may impose vehicle speed limits or replace an encryption device that performs the encryption operation in accordance with the DES algorithm with a device that enables high speed encryption processing. However, limiting the travel speed of the vehicle leads to traffic congestion and thus, negates the purpose of automatically collecting toll charges via radio communication, which is to lessen traffic congestion. Conversely, in order to make the processing speed of the encryption device faster, there is a need to use expensive encryption devices. Therefore, even if such expensive devices can be used for the roadside device, installation of such expensive encryption device in the vehicle-mounted device will be difficult to implement because this means increased burden on the toll road users.

Also, another option for increasing encryption speed is to use an encryption algorithm different from the DES algorithm, for example, an encryption algorithm that enables encryption to be performed through pipeline processing implemented using hardware. However, in this case, when the encryption device is constructed to perform encryption not through software processing using a CPU but via pipeline processing using special purpose hardware, the encryption device itself becomes expensive, and thus, even if it is possible to employ this construction for the roadside device, providing the same encryption device in the vehicle-mounted device will be difficult.

SUMMARY OF THE INVENTION

In view of the foregoing problems in the prior art, it is a goal of the present invention to provide a vehicle-mounted communication device which can efficiently encrypt data to be transmitted, perform communication in a small communication area for a short period of time and prevent illegal interception of the communication data and the like. The present invention also aims to provide a vehicle monitoring system such as the above-mentioned toll charging system that uses this vehicle-mounted communication device.

To achieve the foregoing objects, one aspect of the present invention provides a vehicle-mounted communication device which is installed in a vehicle and which is for performing communication operations with a roadside device installed along a toll road when the vehicle is within a communication area of the roadside device. The vehicle-mounted communication device includes a cryptographic unit and a communication unit. The cryptographic unit encrypts transmission data to be transmitted to the roadside device before the vehicle enters the communication area of the roadside device. The communication unit performs communication operations with the roadside device by transmitting transmission data encrypted by the cryptographic unit and by receiving reception data from the roadside device. Preferably, the cryptographic unit decrypts the reception data after the communication unit completes communication operations with the roadside device.

In this way, since it takes a significant amount of time to encrypt the transmission data and decrypt the reception data, the vehicle-mounted communication device according to the present invention performs this data encrypting and decrypting operations when it is not performing communication operations with the roadside device. In other words, there will be less burden on the vehicle-mounted communication device when it is performing communication operations with the roadside device. Thus, duration of communication between the vehicle-mounted device and the roadside device can be shortened and accurate data communication between them can be performed without imposing speed limits on the vehicle or using an expensive cryptographic device for executing the encrypting and decrypting operations.

Preferably, the vehicle-mounted communication device further includes a drive unit for receiving an IC card that stores predetermined card data, and the cryptographic unit includes an encryptor and a decryptor. The encryptor reads card data of the IC card, encrypts the card data to generate the transmission data and stores the transmission data. The decryptor decrypts the reception data received by the communication unit to obtain decrypted data and stores in the IC card a result of the communication operation of the communication unit based on the decrypted data. The decryptor decrypts the reception data after the communication unit completes the communication operations with the roadside device.

In this way, when the vehicle enters the communication area of the roadside device, the communication unit starts to perform data communication with the roadside device by transmitting data encrypted by the encryptor. Then, when the communication unit finishes the data communication operation with the roadside device, the decryptor decrypts the reception data. Thus, the vehicle-mounted communication device is not burdened with decrypting the reception data when it is communicating with the roadside device and so, communication time between the vehicle-mounted device and the roadside device can be shortened. Meanwhile, the IC card is used for storing at least part of data to be transmitted to the roadside device such as identification code of the driver of the vehicle, bank account number and the like.

Incidentally, in a toll charging system, there might be a need to write the communication result into the IC card and inform the result of such to the roadside device. Thus, it helps if this result is encrypted beforehand as the transmission data after the completion of the communication between the vehicle-mounted device and the roadside device. Thereafter, the encrypted data is transmitted to the roadside device when the vehicle enters the next communication area of the roadside device.

Preferably, the decryptor encrypts the result of the communication operation before storing the result in the IC card and the decryptor uses a card data encryption algorithm for encrypting the result. It must be noted here that the card data encryption algorithm is different from a communication encryption algorithm used by the decryptor for decrypting the reception data and by the encryptor for encrypting the card data to generate the transmission data.

That is, when writing data into the IC card, such data is usually encrypted using the DES algorithm or the like to prevent interception of the contents of the data. However, using the same algorithm for decrypting the reception and encrypting the transmission data may pose problems on data security and thus, it will be best to use different algorithms for these encrypting operations. In this way, data can be safely and securely communicated between the roadside device and the vehicle-mounted device.

Preferably, the vehicle-mounted communication device is provided with a verification unit for driving the encryptor and the IC card to perform a mutual verification operation using predetermined verification data when the IC card is inserted inside the drive unit and before the encryptor generates the transmission data. Here, the verification unit also drives the encryptor to include a result of the mutual verification operation in the transmission data.

In the above-mentioned toll charging system or the like, there is a possibility that not only the IC card but also the vehicle-mounted communication device itself will be forged. As a countermeasure against this, the verification unit is provided for executing a mutual verification procedure between the encryptor and the IC card. After performing this verification procedure, the verification results are included in the transmission data to be sent to the roadside device. In this way, the roadside device will be notified of possible trouble in the vehicle-mounted device.

Preferably, the communication encryption algorithm has a higher processing speed than the card data encryption algorithm. In this way, the communication time between the vehicle-mounted device and the roadside device can be shortened. Accordingly, data communication can be executed more reliably even if the vehicle is passing through the communication area of the roadside device at a high speed.

Preferably, the vehicle-mounted device has an error determination unit for determining an error in operations of the cryptographic unit, and the communication unit, and for adding an error data indicative of the determined error to the transmission data. In this way, the roadside device can be informed of any error in the vehicle-mounted device so that it can take measures such as sending a message to the driver to stop the vehicle, taking a photograph of the vehicle or the like.

Another aspect of the present invention provides a vehicle monitoring system which monitors a vehicle that cruises along a toll road and which includes a vehicle-mounted device and a roadside device. The roadside device is installed along the toll road to emit signals towards a predetermined communication area. This roadside device performs a communication operation with the vehicle-mounted device when the vehicle is within the communication area. The vehicle-mounted device and the roadside device perform communication operations using communication data that includes an encrypted part and an unencrypted part.

In this way, with the communication data containing an encrypted part and an unencrypted part, it becomes more difficult to decipher the communication data even if such data is intercepted and thus, highly reliable communication operations can be performed between the vehicle-mounted device and the roadside device.

One other aspect of the present invention provides a vehicle monitoring system which includes a vehicle-mounted device and a roadside device. The roadside device emits a pilot signal for every predetermined time interval to the communication area, terminating emission of the pilot signal after the vehicle enters the communication area, performs a communication operation with the vehicle-mounted device by sending and receiving communication data to and from the vehicle-mounted device while the vehicle is within the communication area, transmits a transmission completion signal to the vehicle-mounted device to indicate completion of the communication operation and again emits the pilot signal after completing the communication operation with the vehicle-mounted device. The vehicle-mounted device provides a pilot response signal to the roadside device after receiving the pilot signal from the roadside device and subsequently starts the communication operation with the roadside device. This vehicle-mounted device receives the transmission completion signal from the roadside device after completing the communication operation with the roadside device. The roadside device terminates the emission of the pilot signal after receiving the pilot response signal from the vehicle-mounted device, and resumes the emission of the pilot signal at predetermined time intervals after sending the transmission completion signal.

In this way, while there may be a plurality of vehicles running along the toll road, the roadside device can swiftly start communication operations with a vehicle-mounted communication device of a next vehicle after finishing communication operations with the present vehicle. In this way, the roadside device can perform accurate communication operations even if vehicles enter its communication area in succession.

Preferably, the roadside device sends an unmodulated carrier wave for a predetermined time period to the vehicle-mounted device after sending one of the pilot signal and the communication data to the vehicle-mounted device; the vehicle-mounted device generates the communication data by modulating the carrier wave signal based on predetermined transmission information and provides the communication data to the roadside device; and the vehicle-mounted device sends a completion request signal to the roadside device after completing the communication operation with the roadside device unless the roadside device sends the transmission completion signal.

In this way, with the communication operation using the completion request signal and the transmission completion signal, the vehicle-mounted device and the roadside device can check if the communication operation between them was completed properly or not.

Preferably, the roadside device is installed in one of an entrance and an exit of the toll road. The roadside device decrypts the communication data indicative of toll payment information from the vehicle-mounted device during communication operation with the vehicle-mounted device. The roadside device performs a toll charge operation to collect toll charge from the vehicle-mounted device based on the toll payment information, encrypts a result of the toll charge operation and sends the encrypted result to the vehicle-mounted device. The vehicle-mounted device sends the encrypted data indicative of the toll payment information during communication with the roadside device. In addition, the vehicle-mounted device receives the encrypted result of the toll charge operation from the roadside device, and decrypts and stores the result. It must be noted here that the vehicle-mounted device and the roadside device transmit the communication data using a common format. In this way, because the vehicle-mounted device and the roadside device use the same data format, encoding and decoding operations in these devices can be performed efficiently.

BRIEF DESCRIPTION OF THE DRAWINGS

Additional objects and advantages of the present invention will be more readily apparent from the following detailed description of preferred embodiments thereof when taken together with the accompanying drawings in which:

FIG. 1 is a block diagram of a toll road toll charging system according to a preferred embodiment of the present invention;

FIG. 2 is a circuit diagram illustrating a communication circuit of a vehicle-mounted device according to the preferred embodiment;

FIG. 3 is a diagram illustrating a format of a transmission signal that is transmitted by a roadside device side communication device according to the preferred embodiment;

FIG. 4 is a flowchart showing a routine executed by the vehicle-mounted device when an IC card is inserted thereto;

FIG. 5 is a flowchart illustrating a mutual verification process between an IC card and a cryptographic module of the vehicle-mounted device;

FIG. 6 is a flowchart illustrating the communication process which is executed by a communication device provided in a first gantry of the roadside device;

FIG. 7 is a chart illustrating the flow of data communication between the communication device provided in the first gantry and the vehicle-mounted device;

FIG. 8 is a flowchart illustrating a first gantry passage process that is executed by the vehicle-mounted device;

FIG. 9 is a flowchart illustrating a communication process that is executed by a communication device provided in a second gantry of the roadside device;

FIG. 10 is a chart illustrating the flow of data communication between the communication device provided in the second gantry and the vehicle-mounted device;

FIG. 11 is a flowchart illustrating a second gantry passage process that is executed in the vehicle-mounted device; and

FIG. 12 is a flowchart illustrating a process that is executed by the vehicle-mounted device when the IC card is removed from its drive.

DETAILED DESCRIPTION OF PRESENTLY-PREFERRED EXEMPLARY EMBODIMENT

A preferred embodiment of the present invention is described hereinafter with reference to the accompanying drawings.

First, FIG. 1 is a block diagram illustrating the construction of an overall toll road toll charging system according to the present embodiment.

As illustrated in FIG. 1, the toll road toll charging system according to the present embodiment includes a vehicle-mounted device 10 that is installed in a vehicle and a roadside device 20 that is installed in the vicinity of an entrance or exit of a toll road. The roadside device 20 is connected to first and second gantries 30, 40 that are placed at predetermined intervals along the toll road in the forward direction of the vehicles. These gantries 30, 40 are two elevated platforms which traverse the toll road which has a plurality of vehicular lanes. The first gantry 30 and the second gantry 40 are equipped with transceivers 32, 34, . . . and 42, 44, . . . , respectively, for performing data communication with each vehicle-mounted device 10 that has been installed in each vehicle that is travelling along each lane of the road.

When the vehicle passes through gantries 30, 40, the vehicle-mounted device 10 automatically performs data communication with the communication device (i.e., a transceiver) of the communication area the vehicle is passing through. The vehicle-mounted device 10 includes an IC card drive 12, a communication circuit 18 which has an antenna 18a and which performs radio communication with the transceivers 32, 34, . . . , 42, 44, . . . , a cryptographic module (hereinafter referred to as "crypto module") 14 for encrypting transmission data, and for decrypting reception data and a controller 16 which includes a microprocessor for controlling the foregoing circuits. The IC card drive 12 may be loaded with a detachable IC card 2 which may be a cash card or prepaid card for payment of a toll charge. This IC card drive 12 performs data read and write operations on the IC card 2.

It should be noted that the crypto module 14 may be built inside or attached to the vehicle-mounted device 10 and is for changing the encryption algorithm or the key data used for encryption. In other words, the crypto module 14 may be detached from the vehicle-mounted device 10 to reprogram its encryption software or may remain inside the vehicle-mounted device 10 while changing its encryption algorithm and key data. In this way, it is possible to change the encryption algorithm and the key data of the crypto module 14.

The transceivers 32, 34, . . . that are installed inside the first gantry 30 not only include antennas 32a, 34a, for performing radio communication with the vehicle-mounted device 10 but also cryptographic units (hereinafter referred to as "crypto units") 32b, 34b, . . . for encrypting transmission data and decrypting reception data. These transceivers 32, 34 perform data communication with the vehicle-mounted device 10 while also encrypting and decrypting data. In contrast, the transceivers 42, 44, . . . that are installed inside the second gantry 40 have no such crypto units and perform only data communication with the vehicle-mounted device 10 via their antennas 42, 44, . . . That is, the transceivers 42, 44, . . . provide and receive transmission data and reception data respectively to and from the roadside device 20 as is. Although not shown in FIG. 1, it must be noted that in the same way as the vehicle-mounted device 10, each of the transceivers 32, 34, . . . and 42, 44, . . . is equipped with a communication circuit for performing transceiving operations and a control device which includes a microprocessor and whose control processes supervise radio communication with the vehicle-mounted device 10 and data transmission with the roadside device 20.

The roadside device 20 is provided with a pair of gantries 30, 40. The roadside device 20 also includes communication controllers 22, 24 for controlling the communication operations of the transceivers 32, 34, . . . , 42, 44, . . . and a local controller 26 which includes a microprocessor and which performs data communication with the transceivers 32, 34, . . . and 42, 44, . . . of the gantries 30, 40 via the communication controllers 22, 24 to control the collection of toll charges from a running vehicle.

Also, the roadside device 20 is connected to a plurality of cameras 52 which are installed in the vicinity of the road to take photographs of cruising vehicles. For example, when the system fails to collect a toll charge from a running vehicle, the local controller 26 drives the cameras 52 through a photograph controller 28 to photograph such vehicle. Also, the local controller 26 is connected to a central controller (host computer) 50 which is devoted to managing the toll charge collections of the toll roads. The local controller 26 sends toll charge collection results, information on vehicles from which toll charges were improperly collected and the like to the central controller 50.

In the toll road toll charging system according to the present embodiment, usually, each of the transceivers 32, 34, . . . and 42, 44, . . . of the roadside device 20 transmits a pilot signal for activating the vehicle-mounted devices 10 installed in vehicles travelling along the corresponding vehicle lanes at predetermined time intervals. When the vehicle-mounted device 10 that received this pilot signal has transmitted a response signal and the transceivers 32, 34, . . . 42, 44, . . . have received this response signal, the roadside device 2 executes data communication with the vehicle-mounted unit 10 to collect toll charge.

On the other hand, the vehicle-mounted device 10 is kept in a sleep mode for the purpose of, for example, decreasing its power consumption until it receives the pilot signal from the roadside device 20 and, after receiving the pilot signal, is activated to transmit a response signal and thereafter executes data communication with the transceiver of the roadside device 20 to pay for toll charges.

Also, data communications that are performed between the roadside device 20 and the vehicle-mounted device 10 mentioned above are all executed under the supervision of the roadside device 20. That is, in the present embodiment, for example, as illustrated in FIG. 3, each of the transceivers 32, 34, . . . and 42, 44, . . . of the roadside device 20 is arranged to transmit the pilot signal or a modulated signal for data communication within a predetermined transmission time period T1 and, thereafter during a subsequent predetermined response time period T2, to transmit an unmodulated carrier wave signal. The vehicle-mounted device 10 transmits a response signal to the pilot signal or data signal by modulating the carrier wave signal. Accordingly, the communication circuit 18 of the vehicle-mounted device 10 is constructed, for example, as shown in FIG. 2.

That is, as shown in FIG. 2, in the communication circuit 18, the antenna 18a is connected to the anode of a diode 63 via a transmission path 62. The cathode of the same diode 63 is connected to an oscillator 65 via a transmission path 64. The length of this transmission path 64 is set to be .lambda./4 wherein .lambda. is the wavelength of the carrier wave signal that is transmitted from the roadside device 20. The anode and cathode of the diode 63 are each grounded via a coil 68 and a resistor 69, and via a coil 70 and a resistor 71, respectively.

Also, the coil 68 together with a capacitor 72 that is connected in parallel with the resistor 69 forms a low pass filter while the coil 70 together with a capacitor 73 that is connected in parallel with the resistor 71 forms a low pass filter. Moreover, these low-pass filters together with the diode 63 form an envelope wave detector circuit 80 for detecting the envelope of the reception signal.

Meanwhile, the anode of the diode 63 is connected to a power source VDD via a resistor 74 and a transistor Tr3, the oscillator 65 is connected to the power source VDD via a transistor Tr1, and a point connecting the coil 70 and the resistor 71 is connected to the power source VDD via a transistor Tr2. The bases of these transistors Tr1, Tr2 and Tr3 are connected to the controller 16.

In this way, in the communication circuit 18, when each of the transistors Tr1, Tr2 and Tr3 is deactuated by the controller 16, the transmission signal from the roadside device 20 that has been received by the antenna 18a has its envelope detected by the envelope wave detector circuit 80, and the resulting detected signal Si is provided as the reception signal to the controller 16. That is, in this state, the communication circuit 18 receives a modulated signal that has been transmitted from the roadside device 20 within the transmission time period Ti illustrated in FIG. 3. The communication circuit 18 detects the envelope wave of this reception signal and provides the resulting signal S1 (a binary signal) as reception data to the controller 16.

Next, when the transistors Tr1 and Tr3 are deactuated and only the transistor Tr2 is actuated, since a power source voltage is applied to the cathode of the diode 63, the diode 63 is reverse biased via the resistor 69. Accordingly, in this case, the diode 63 cannot conduct the reception signal and, as a result, the reception signal from the antenna 18a is reflected by the input terminal (anode side) of the diode 63.

On the other hand, when the transistors Tr1 and Tr2 are deactuated and only transistor Tr3 is actuated, since the power source voltage is applied to the anode of the diode 63, the diode 63 is forward biased via the resistors 74, 71. Accordingly, in this case, the diode 63 is brought to a state enabling bi-directional passage of the reception signal. As a result, the reception signal from the antenna 18a passes through the diode 63 and is provided to the transmission path 64 and then is reflected by an input terminal of the oscillator 65 that has an infinitely large input impedance. Further, this reflected wave passes through the diode 63 in the reverse direction and passes through the transmission path 62 and then is radiated from the antenna 18a. And, at this time, since the effective length of the transmission path 64 is .lambda./4, the signal that is radiated from the antenna 18a has a phase difference of .pi. (180.degree.) with respect to the signal that is reflected when the transistors Tr1 and Tr3 are deactuated and only the transistor Tr2 is actuated.

For this reason, in the communication circuit 18, if the transistors Tr2 and Tr3 are alternately actuated and deactuated within the transmission time period T2 illustrated in FIG. 3 in which the unmodulated carrier wave signal is transmitted from the roadside device 20, the carrier wave signal can be phase modulated (using phase shift keying) and transmitted from the antenna 18a.

That is, in the present embodiment, after the communication circuit 18 receives the transmission signal from the roadside device 20 within the time period T1 illustrated in FIG. 3 and provides the wave detection signal S1 to the controller 16, the controller 16 actuates and deactuates the transistors Tr2 and Tr3 in accordance with data to be transmitted in response to this signal to modulate the phase of the carrier wave signal and transmit the resulting modulated signal from the antenna 18a and thereby perform data communication with the roadside device 20.

It is to be noted that the oscillator 65 and transistor Tr1 are provided to enable data communication with the roadside device of a system that does not transmit unmodulated carrier wave signals. In this case, the controller 16 supplies power to the oscillator 65 by actuating the transistor Tr1 to thereby drive the oscillator 65 to generate the carrier wave signal. Also, in this state, by alternately actuating and deactuating the transistors Tr2 and Tr3 in accordance with the data to be transmitted, switching between transmitting the carrier wave signal from the oscillator 65 via the antenna 18a and blocking the carrier wave signal from the oscillator 65 and preventing this signal from being transmitted from the antenna 18a can be performed. That is, by performing this switching, the signal, which is obtained by performing amplitude shift keying (ASK) on the carrier wave signal from the oscillator 65 in correspondence with the transmission data, will be transmitted from the antenna 18a.

Next, a data communication operation that is executed between the vehicle-mounted device 10 and the roadside device 20 of the toll road toll charging system of the present embodiment and data processing that is executed in the vehicle-mounted device 10 for the execution of this data communication will be explained hereinafter. However, it must be noted here that the following explanation is about communication operations between the roadside device 20 and the vehicle-mounted device 10 that are executed when the toll charge to be paid at the entrance or the exit of the toll road provided with the roadside device 20 is uniform. In this way, these operations may be different from those which are executed when the toll charge is set in accordance with the travelled distance or travelled time.

First, in the vehicle-mounted device 10, FIG. 4 is a flowchart showing a data process (card loading process) which is executed by the controller 16 when the IC card 2 is loaded into an insertion opening (not shown) of the IC card drive 12 for preparing the transmission data. It is to be noted that since the vehicle-mounted device 10 is normally kept in a sleep mode as mentioned before, this data process is started when the loading of the IC card 2 has been detected by a sensor provided in the IC card drive 12 and the resulting detection signal has been provided to the controller 16 to activate the same.

As illustrated in FIG. 4, when this process is started, first, step 110 executes a self-diagnostic test for determining whether the controller 16 itself is operating normally or not while step 120 determines whether or not the test result is normal. If the test result indicates an abnormality, then step 120 determines that there is a diagnostic error and so control proceeds to step 280 which is described later. Conversely, if the test result is normal, control goes to step 130 which performs a battery check by determining the voltage of a battery (not shown) that supplies a power source voltage to the vehicle-mounted device 10. It must be noted here that there are two types of batteries which are, namely, a replaceable battery and a sealed battery, and that the battery check here involves checking the voltage of these two batteries.

Next, step 140 determines if the voltage level of the replaceable battery is very low that it needs to be replaced. When step 140 determines that battery replacement is necessary, step 150 sends a replacement message to this effect to a display (not shown) and after which, the controller 16 is set to a sleep mode. After step 140 determines that there is no need to replace the battery, although the battery voltage is sufficient to ensure operations of the controller 16 and the communication circuit 18, step 160 determines whether the battery voltage is insufficient for operating the IC card drive 12, the crypto module 14 and the like (that is, step 160 determines whether the battery voltage is low or not). When the battery voltage level is determined to be low, step 170 displays the battery condition such as a voltage value in the display unit and thereafter, when a battery problem is determined, control goes to step 280 which is described later. When the battery voltage level is normal, control goes to step 180.

With this battery check, it must be noted that after determining that the battery replacement is necessary or that the battery voltage is low, a message is displayed to this effect in the display unit so that the passenger of the vehicle can know the timing for replacing the battery from the contents of the display message and restore the vehicle-mounted device to its normal operating state by replacing the battery.

Next, step 180 actuates the IC card 2 (actuation and resetting) using the IC card drive 12 to read predetermined card data from the IC card 2 and to check if the IC card 2 loaded in the IC card drive 12 can be used in the vehicle-mounted device 10 (IC card check).

Based on the IC card check result, step 190 determines whether or not the IC card 2 can be used in the vehicle-mounted device 10. If the IC card 2 cannot be used, step 190 determines an IC card error and so, control proceeds to step 280 which is described later. If the IC card 2 can be used, control goes to step 200 which activates and drives the crypto module 14 to perform mutual verification with the IC card 2. It is to be noted that this mutual verification process is executed according to the process illustrated in FIG. 5, which is described later, via the use of encrypted data generated in accordance with the above-mentioned DES algorithm.

Next, step 210 determines whether the mutual verification result between the crypto module 14 and the IC card 2 is positive or not. If the mutual verification result is negative, step 210 determines that there is a verification error and so, control goes to step 280 which is described later. If the mutual verification result is positive, control proceeds to step 220.

Step 220 determines whether the IC card 2 is a prepaid card, which indicates the prepayment of the toll charges, or a cash card which permits payment of the toll charges using a predetermined bank account. If the IC card 2 is a cash card, control proceeds to step 230 (cash card check) which retrieves and checks card information, i.e., term of validity of the card, presence/absence of vehicle-mounted device type usage limit, and the like, from the IC card 2. Based on the cash card check result, subsequent step 250 determines if the cash card can be used or not. If the cash card cannot be used, step 250 determines that a cash card error has occurred and so, control goes to step 280 which is described later. Conversely, if the cash card can be used, control proceeds to step 270.

Incidentally, while it has been mentioned that the cash card can store the vehicle-mounted device type usage limit as its card information, this information is for restricting the use of the cash card only for certain vehicle-mounted device types and an identification code is stored in the cash card for this purpose.

On the other hand, if the IC card 2 is a prepaid card, control proceeds to step 240 (prepaid card check) which reads out information in the prepaid card such as its term of validity, the remaining balance, etc., and checks the card information. Based on the card check result, subsequent step 260 determines whether the prepaid card can be used or not. If the prepaid card cannot be used, step 260 determines that a prepaid card error has occurred and so, control proceeds to step 280 which is described later. Conversely, if the prepaid card can be used, control proceeds to step 270.

Step 270 executes a process for retrieving a toll charging key Z used in collecting the toll charge from the IC card 2 and storing the collection results (date/time of use, remaining balance) in the same IC card 2, and thereafter, control then proceeds to a subsequent step 290. That is, the IC card 2 uses encrypted data for updating its data to prevent the stored data from being overwritten easily. Here, at this stage, the controller 16 makes the IC card 2 produce the key Z (toll charging key) needed for producing encrypted data for updating the card data, reads and stores this key Z, and thereafter, control proceeds to step 290. It is to be noted that the toll charging key Z is produced using the DES algorithm by encrypting card information such as number of times processed and the like based on a special IC card key (IC card key) that is assigned beforehand to the IC card 2.

On the other hand, when any one of steps 120, 160, 190, 210, 250 or 260 determines an error in the vehicle-mounted device 10 or the IC card 2, an error status flag that indicates the content of such error is set in step 280 and thereafter control proceeds to step 290.

Next, step 290 makes the crypto module 14 produce a key (communication key X1) which will be used for encrypting data to be transmitted to the roadside device 20 and step 300 stores such communication key X1. It must be noted here that when the crypto module 14 receives the command for generating the communication key X1 from the controller 16, the crypto module 14 first generates a random number R1 and produces the communication key X1 using this random number R1 and a communication master key of an encryption key number Kn that is selected from among several kinds of encryption key numbers. Also, an encryption algorithm (hereinafter referred to as an FX algorithm) that enables high-speed encryption in comparison with the DES algorithm is used here to produce this communication key X1.

Here, an encryption algorithm called SAFER.multidot.K-64 (Secure And Fast Encryption Routine of Length 64 bits) by J. L. Massey of Switzerland or FEAL (Fast Data Encipherment Algorithm) by H. Matsumoto of NTT, Japan is suitable for use as the FX algorithm.

After producing the communication key X1 mentioned above, step 310 reads the vehicle-mounted device data (first read data) RD1 that is to be transmitted to the roadside device 21. A subsequent step 320 provides this data RD1 to the crypto module 14 which is made to encrypt this data RD1 using the communication key X1 mentioned above. It is to be noted that the FX algorithm is used also for this encryption processing.

After the first read data RD1 has been encrypted by the crypto module 14, the encrypted first read data <RD1> is stored by step 330 as the transmission data to be transmitted to the roadside device 20. Then, step 340 informs the passengers of the vehicle of the state of the card based on the error status set in step 280, card data from the IC card 2, etc. and thereafter, the controller 16 enters a sleep mode.

It is to be noted here that this operation of reporting the card state is performed simultaneously by displaying messages and the like in the display device and by generating sounds using a buzzer. That is, by informing the passenger of the vehicle of the card type, the remaining balance of the IC card 2, the abnormality of the card, etc. using both visual and audio methods, the vehicle passenger can be made to verify the card he is using for toll charge payment and be made to replace the card if there is some abnormality.

Also, for example, as illustrated in TABLE 1, the first read data RD1 that is stored as the transmission data includes a response code to the transceiver of the roadside device 20, a status code such as an error status data that represents the operational state of the vehicle-mounted device 10, a charge payment mode that represents a toll charge payment method, etc., a vehicle-mounted device code which is assigned uniquely to each vehicle-mounted device, a serial number CSN of the IC card 2, balance data of the IC card 2, an exclusive OR (CSN XOR CAN) of the serial number CSN of the IC card 2 and an application number CAN that represents the type of the IC card 2, a transaction counter CTC that represents the most recent position for storing the processed data in the IC card 2, an index that represents the type of the IC card key used to encrypt the card data on the IC card 2 side according to the DES algorithm (index of the key used), etc. Among these data items, the status code, charge payment mode, vehicle-mounted device code, serial number CSN, and part of the balance data are encrypted while the remaining data items are set and stored as is in an unencrypted state as the transmission data.

                                      TABLE 1
    __________________________________________________________________________
    1ST GANTRY COMMU. SIGNALS
                      CONTENTS
    __________________________________________________________________________
    1ST PILOT SIGNAL  PILOT SIGNAL
    (ROADSIDE DEVICE) LOCATION NO.
    1ST PILOT RESPONSE SIGNAL
                      RESPONSE CODE
    (VEHICLE-MOUNTED DEVICE)
                      RANDOM NUMBER R1
                      ENCRYPTION KEY Kn
    ROADSIDE VERIFIC. MESSAGE
                      DATA RETRIEVAL COMMAND
    (ROADSIDE DEVICE) RANDOM NUMBER R3
                      ENCRYPTION KEY Kc
    1ST READ DATA     RESPONSE CODE
    (VEHICLE-MOUNTED DEVICE)
                      STATUS CODE* (ERROR CODE)
                      MODE OF PAYMENT*
                      VEHICLE-MOUNTED DEVICE CODE*
                      CSN*
                      BALANCE* (PARTLY ENCRYPTED)
                      CSN XOR CAN
                      CTC
                      INDEX OF KEY IN USE
    1ST WRITE DATA    WRITE COMMAND
    (ROADSIDE DEVICE) VEHICLE-MOUNTED DEVICE CODE .dagger.
                      TOLL CHARGE TOTAL .dagger.
                      LOCATION NO. (PARTLY ENCRYPT.).dagger.
                      TRANSACTION TYPE
                      DATE
                      TIME
    END SIGNAL (VEHIC-MTD DEVICE)
                      RESPONSE CODE
    END ACK. SIGNAL (ROADSIDE DEV.)
                      END ACKNOWLEDGE
    __________________________________________________________________________
     NOTE:
     *DENOTES DATA ENCRYPTED IN THE VEHICLEMOUNTED DEVICE
     .dagger.DENOTES DATA ENCRYPTED IN THE ROADSIDE DEVICE

                                      TABLE 2
    __________________________________________________________________________
    2ND GANTRY COMMU. SIGNALS
                        CONTENTS
    __________________________________________________________________________
    2ND PILOT SIGNAL    2ND PILOT SIGNAL
    (ROADSIDE DEVICE)   LOCATION NO.
    2ND PILOT RESPONSE SIGNAL
                        RESPONSE CODE
    (VEHICLE-MOUNTED DEVICE)
                        PAYMENT MODE DATA
    DATA RETRIEVAL SIGNAL (VEHI-MTD.)
                        DATA RETRIEVAL COMMAND
    2ND READ DATA       RESPONSE CODE
    (ROADSIDE DEVICE)   CASH CARD FILE* (PARTLY ENCRYPTED)
                        STATUS CODE*
                        MODE OF PAYMENT*
                        CHARGE COLLECTION RESULT*
                        VEHICLE-MOUNTED DEVICE CODE*
                        CSN*
                        RANDOM NUMBER R3*
                        TOLL COLLECTION PROOF DATA*
    2ND WRITE DATA      WRITE COMMAND
    (ROADSIDE DEVICE)   DISPLAY COMMAND
                        DISPLAY MESSAGE
    END SIGNAL (VEHI-MTD DEVICE)
                        RESPONSE CODE
    END ACK. SIGNAL (ROADSIDE DEV.)
                        END ACKNOWLEDGE
    __________________________________________________________________________
     NOTE: *DENOTES DATA ENCRYPTED IN THE VEHICLEMOUNTED DEVICE

                                      TABLE 3
    __________________________________________________________________________
    ENT. GANTRY COMMU. SIGNALS
                        CONTENTS
    __________________________________________________________________________
    ENTRY PILOT SIGNAL  PILOT SIGNAL
    (ROADSIDE DEVICE)   LOCATION NO.
    ENTRY PILOT RESPONSE SIGNAL
                        RESPONSE CODE
    (VEHICLE-MOUNTED DEVICE)
                        RANDOM NUMBER R1
                        ENCRYPTION KEY Kn
    DATA RETRIEVAL SIGNAL (VEHI-MTD)
                        DATA RETRIEVAL COMMAND
    ENTRY READ DATA     RESPONSE CODE
    (ROADSIDE DEVICE)   STATUS CODE*
                        MODE OF PAYMENT*
                        VEHICLE-MOUNTED DEVICE CODE*
    ENTRY WRITE DATA    WRITE COMMAND
    (ROADSIDE DEVICE)   VEHICLE-MOUNTED DEVICE CODE.dagger.
                        LOCATION NO. (PARTLY ENCRYPT.).dagger.
                        TRANSACTION TYPE
                        DATE OF ENTRY
                        TIME OF ENTRY
    END SIGNAL (VEHI-MOUNTED DEVICE)
                        RESPONSE CODE
    END ACK. SIGNAL (ROADSIDE DEV.)
                        END ACKNOWLEDGE
    __________________________________________________________________________
     NOTE:
     *DENOTES VEHICLEMOUNTED DEVICE ENCRYPTED DATA
     .dagger.DENOTES ROADSIDE DEVICE ENCRYPTED DATA

                                      TABLE 4
    __________________________________________________________________________
    1ST EXIT GANTRY COMMU. SIGNAL
                          CONTENTS
    __________________________________________________________________________
    1ST PILOT SIGNAL      PILOT NO.
    (ROADSIDE DEVICE)     LOCATION NO.
    1ST PILOT RESPONSE SIGNAL
                          RESPONSE CODE
    (VEHICLE-MOUNTED DEVICE)
                          RANDOM NO. R1
                          ENCRYPTION KEY NO. Kn
    ROADSIDE DEVICE VERI. MESSAGE
                          RESPONSE CODE
    (ROADSIDE DEVICE)     RANDOM NO. R3
                          ENCRYPTION KEY NO. Kc
    ENTRANCE DATA         RESPONSE CODE
    (VEHICLE-MOUNTED DEVICE)
                          VEHICLE-MOUNTED DEV. CODE*
                          ENTRANCE NO.*
                          DATE OF ENTRY*
                          TIME OF ENTRY*
    DATA RETRIEVAL SIGNAL (ROADSIDE DEV.)
                          DATA RETRIEVAL COMMAND
    FIRST READ DATA       RESPONSE CODE
    (VEHICLE-MOUNTED DEVICE)
                          STATUS CODE*
                          MODE OF PAYMENT*
                          VEHICLE-MOUNTED DEV. CODE*
                          CSN*
                          BALANCE (PARTLY ENCRYPTED)*
                          CSN XOR CAN
                          CTC
                          INDEX OF KEY TO BE USED
    FIRST WRITE DATA      WRITE COMMAND
    (ROADSIDE DEVICE)     VEHICLE-MOUNTED DEV. CODE.dagger.
                          TOTAL CHARGE.dagger.
                          LOCATION NO..dagger. (PARTLY ENCRYPTED)
                          TRANSACTION TYPE
                          DATE
                          TIME
                          CHARGING DATA (TIME OR EXIT NO.)
    END SIGNAL (VEHICLE-MOUNTED DEVICE)
                          RESPONSE CODE
    END ACK SIGNAL (ROADSIDE DEVICE)
                          END ACKNOWLEDGE
    __________________________________________________________________________
     NOTE:
     *DENOTE VEHICLEMOUNTED DEVICE ENCRYPTED DATA
     .dagger.DENOTES ROADSIDE DEVICE ENCRYPTED DATA

• Inventors
  Maeda, Asako; Ando, Toshihide; Yoshida, Ichiro;
• Assignee
  Denso Corporation (Kariya)
• Published
  Jul-20-1999
• Current US Classes:
  380/270
  705/13
  705/65
• Application #
  733912
• International Classes
  H04L 009/00
• Field of Search
  380/6 380/9 380/23 380/24 380/25 380/49 340/825.34 340/928
• Examiner
  Cangialosi; Salvatore
• Agent
  Pillsbury Madison & Sutro LLP
• US Patent References:
  4305152
  4882779
  5310999
  5485520
  5502767
  5581249
  5600723
  5602919
  5640156
  5705996
  5708972