1. Field of the Invention
This invention relates generally to automatic real-time highway toll collection from moving vehicles. It is especially adapted to the use of an untraceable electronic check debited from a smart card and communicated in a cryptographically sealed envelope with opener. The invention relates directly to an in-vehicle unit (IVU) and a roadside collection station (RCS) and to an overall system incorporating a plurality of RCS's and IVU's The invention may also find use for parking collections and other types of road pricing applications.
2. Related Prior Art
The microwave communication and cryptographic processing components of this invention are related to the following prior issued U.S. Patents which are hereby incorporated herein by reference:
U.S. Pat. No. 4,075,632--Baldwin et al. (1978) PA0 U.S. Pat. No. 4,739,328--Koelle et al (1988) PA0 U.S. Pat. No. 5,030,807--Landt et al (1991) PA0 U.S. Pat. No. 5,055,659--Hendrick et al (1991) PA0 U.S. Pat. No. 4,759,063--Chaum (1988) PA0 U.S. Pat. No. 4,926,480--Chaum (1990) PA0 U.S. Pat. No. 5,131,039--Chaum (1992) PA0 U.S. Pat. No. 4,303,904--Chasek (1991) PA0 U.S. Pat. No. 5,086,389--Hassett et al (1992) PA0 U.S. Pat. No. 5,144,553--Hassett et al (1992) PA0 U.S. Pat. No. 4,075,632--Baldwin et al (1978) PA0 U.S. Pat. No. 4,739,328--Koelle et al (1988) PA0 U.S. Pat. No. 5,030,807--Landt et al (1991) PA0 U.S. Pat. No. 5, 055,659--Hendrick et al (1991) PA0 U.S. Pat. No. 4,759,063--Chaum (1988) PA0 U.S. Pat. No. 4,926,480--Chaum (1990) PA0 U.S. Pat. No. 5,131,039--Chaum (1992)
Numerous electronic toll collection systems have been implemented during the past several years. In most cases, vehicle readers and their associated microwave antennas arc located at well defined toll plazas and readable tags are located on the vehicles. As a tag-equipped vehicle enters the read range of the antenna, a fixed code is read out from the tag. The code is then compared with an online database to verify the account and determine vehicle classification. Next, the user's account is debited by the appropriate amount and the vehicle is permitted to pass. This system is simple in the sense that the amount of data to be handled is typically small and data need pass in only one direction (i.e., uplink). These simplifications can lead to a system which may operate with a relatively low data bandwidth and with reasonably high vehicle speeds.
Sometimes the computation of toll charge is based, in part, upon the identity of the entry plaza at which the vehicle entered the system. In this case, it is necessary to either write the identity of the entry plaza into the tag or to communicate the fixed tag code and associated entry plaza over a network so that each exit plaza in the entire system has online access to the data. Needless to say, both of these alternatives complicate the system, necessite a higher bandwidth, and may prove expensive to implement.
Furthermore, some users may object to loss of privacy since the fixed tag code serves to identify the owner and his or her whereabouts. Low value, off-line payment systems which provide privacy to the user are now gaining commercial acceptance. These systems often make use of a reusable smart card or its predecessor, the disposable memory card.
Automatic real-time toll collection in general has been a long-standing goal of many prior efforts The following U.S. Patents are a few examples of prior systems which proport to provide one aspect or another of such systems:
As explained by Chasek, conventional manual toll collection facilities slow traffic, waste time and fuel and increase air pollution. Such manual facilities can also be relatively inefficient in terms of overhead costs required for toll collection processes.
Chasek is perhaps typical in prior art approaches to automatic toll collection which propose the use of prepaid tolls inserted electronically in the memory of a microwave transponder-data-processor, normally kept in the vehicle. As the vehicle passes through a suitably equipped toll collection facility, a toll plaza microwave transponder receives billing information from the vehicle transponder, calculates the toll, transmits it back to the vehicle transponder where the toll is electronically subtracted from a stored balance. If the resulting balance is not negative, a pass signal is then flashed. Typical information to be stored hi the vehicle transponder permanent memory and communicated to the toll collection facility would include a vehicle-owner identity code, a collection agent code and a vehicle-class code. The availability of this information permits calculation of the toll. A procedure for increasing the pre-paid balance makes possible a computerized and automated double entry bookkeeping and funds transfer system. Security is said to be achieved by "crypto-insertion codes". The stored current electronic money balance in the vehicle transponder is to be indicated by a liquid crystal display.
Such automatic toll systems may offer some improvement over other prior art techniques employing only automatic vehicle identification (e.g. one-way data communication rather than bi-directional data communication) and involving intricate centralized computer facilities for storing and extracting billing information from potentially tens of millions of possible users for each toll transaction. However, there are nevertheless still drawbacks with such conventional approaches to automatic toll paying. For example, in the Chasek system the toll transaction inherently reveals the identity of the vehicle--and therefore inherently reveals the identity of the vehicle owner/driver. This may provide a significant intrusion into the expected privacy of individuals in a society which is presently accustomed to anonymous highway toll payment transactions using untraceable cash/coins or the like.
Furthermore, the Chasek approach requires an initial interrogation by a microwave transponder located at the toll plaza. This implies at least four phases of required bi-directional communication (e.g. the initial interrogating downlink communication, a first uplink communication of vehicle identification, etc., a second downlink communication of the computed toll amount and a second uplink communication indicating a lack of a negative balance in the vehicle transponder. Not only does the described four-phase communication inherently require a considerable time and loss of anonymity to the transaction, it also fails to effectively provide for real-time cryptographically verified debit of the prepaid electronic money balance. Accordingly, such systems are more susceptible to erroneous and/or fraudulent transactions.
Although Chasek refers to security being achieved by "crypto-insertion codes", the only discussion of any cryptography is a brief reference to the determination of a highway entry code from a given vehicle transponder identification code using a "cryptographic sequence". Presumably this would provide some security against fraudulent toll minimization by use of false highway entry data (for "closed" toll highway situations). However, it does not appear to offer any other security against possible fraudulent activity--and it clearly offers no anonymity to the vehicle owners or operators traveling along the highway.