METHOD FOR GENERATING A DIGITAL MAP

Information

  • Patent Application
  • 20240385012
  • Publication Number
    20240385012
  • Date Filed
    May 10, 2024
    9 months ago
  • Date Published
    November 21, 2024
    2 months ago
  • CPC
    • G01C21/3837
  • International Classifications
    • G01C21/00
Abstract
A method for processing data by means of hardware secured according to specified security criteria. The method includes the following steps. First, the data are read in. Diverse data records are then generated from the data. The diverse data records are then sent to various computers that are not secured according to specified security criteria. The computers can then engage in processing of the data records, for example to process map data. The processed data records are then read in again. The processed data records are then compared using a similarity assessment, and a final result of the processing of the data is determined based on the comparison of the processed data records. The final result is then output.
Description
CROSS REFERENCE

The present application claims the benefit under 35 U.S.C. ยง 119 of German Patent Application No. DE 10 2023 204 608.3 filed on May 17, 2023, which is expressly incorporated herein by reference in its entirety.


FIELD

The present invention relates to a method for generating a digital map, a data processing method, a computing unit and a system including a computing unit and at least one vehicle.


BACKGROUND INFORMATION

The detection of a vehicle's environment using sensors, such as radar, lidar, ultrasound and/or cameras, is a fundamental component of modern driver assistance systems and automated vehicle systems. In this context, the employed environment models are often supplemented by additional map information, such as roadways outside the sensor field of view. The map data used for this (for example from planning maps, localization maps or behavior maps) are made available to the vehicle system via a map service.


Among modern sensor systems (e.g., radar, video, lidar, ultrasound, cameras), there are many examples of sensors that have to meet the functional safety requirements. These safety requirements can, for example, be ASIL in accordance with ISO 26262 for clearly defined safety targets. No such solutions with economic feasibility are known for crowdsourcing-based map services.


A large number of algorithms are available for creating, expanding and updating maps for use in vehicle systems. Furthermore, such map services are already available on the market. Furthermore, systems are available that divide mapping data into different data records and calculate them separately to form localization maps with the aim of increasing the robustness of the mapping pipeline.


SUMMARY

An object of the present invention is to provide a method for generating a digital map that meets security requirements. Another object of the present invention is to provide a data processing method, a computing unit, and a system including a computing unit and at least one vehicle with which the method can be carried out. These objects may be achieved by features of the present invention. Advantageous example embodiments and developments of the present invention are disclosed herein.


The present invention relates to a method for processing data by means of hardware secured according to specified security criteria. According to an example embodiment of the present invention, the method comprises the following steps: First, the data are read in. Diverse data records are then generated from the data. The diverse data records are then sent to various computers that are not secured according to specified security criteria. The computers can then process the data records, for example to edit map data. The processed data records are then read in again. The processed data records are then compared using a similarity assessment, and a final result of the data processing is determined based on the comparison of the processed data records. The final result is then output.


A main feature of the method for processing data is to carry out the explained method steps of the present invention on the hardware secured according to the specified security criteria and to outsource the processing of the data records to the unsecured computers. Since most of the computing time is required in particular when processing the data records, this method can be used to achieve a secure end result, even though the most computationally intensive method steps are not carried out on secure hardware.


According to an example embodiment of the present invention, when determining the final result, the processed data records can be selected, and/or the processed data records can be merged. For example, it can be determined that a processed data record deviates significantly from the other processed data records, for example using statistical methods. The deviating processed data record can then be rejected while the other processed data records are merged to form the final result.


The diverse data records and the processed data records between the secure hardware and the computers can, for example, be transmitted wirelessly or wired.


According to an example embodiment of the present invention, the method can also include processing the diverse data records on the computers.


In one example embodiment of the method for processing data according to the present invention, in addition to the diverse data records, a processing program is output to the computers that are not secured according to specified security criteria.


This makes it possible to output the diverse data records and the processing program to data centers in the cloud so that the cheapest available computing capacity can be used if necessary.


In one example embodiment of the method for processing data according to the present invention, the diverse data records are generated disjointly. This can mean that each data point available in the data is only used for a single diverse data record.


In one example embodiment of the method for processing data according to the present invention, the data are distributed to the data records on the basis of criteria and/or on the basis of metadata while generating the diverse data records. This can reduce the deviation of the processed data records from one another or reduce the probability of statistical outliers in the processed data records.


In one example embodiment of the method for processing data according to the present invention, the comparison of the processed data records using the similarity assessment is used to adjust the diverse data records. The diverse data records are then output again to different computers that are not secured according to specified security criteria, and processed data records are read in again. The adjustment can be carried out in such a way that the individual data points are distributed differently to the diverse data records compared to the first run of the method. This method can be used, for example, to identify whether one of the computers is providing incorrect data.


In one example embodiment of the method for processing data according to the present invention, the adapted diverse data records are output to different computers than in the first output to the computers. This method can be used, for example, to identify whether one of the computers is providing incorrect data.


The data of the described method of the present invention can, in particular, be sensor data from vehicles that are transmitted, for example. The criteria and/or the metadata can then include, for example, that differences between the data records are as different as possible (for example with regard to the time of data recording or the fleet vehicles). This allows an increase in the entropy of the disjoint data records to be achieved.


The present invention further relates to a method for generating a digital map. According to an example embodiment of the present invention, in this method, sensor data are generated by means of vehicle sensors, and then the already described method is carried out, wherein the sensor data are processed, and the end result contains a digital map. The digital map is then issued to at least one vehicle. In particular, the sensor data can be transmitted wirelessly.


The present invention also relates to a computing unit which, according to an example embodiment, is configured to read in data, generate diverse data records from the data, output the diverse data records to various computers which are not secured according to specified security criteria, read in processed data records, carry out a comparison of the processed data records using a similarity assessment, determine a final result of the processing of the data using the comparison of the processed data records, and output the final result. In particular, the computing unit can contain secure hardware for carrying out these steps.


The computing unit can be located inside a vehicle, for example, but also in a data center.


Such a computing unit can carry out the method for processing data according to the present invention.


In one example embodiment of the present invention, the computing unit is also configured to read in sensor data from vehicle sensors as the data, and to output a digital map. Such a computing unit can carry out the method according to the present invention for generating a digital map. This computing unit can be arranged inside a vehicle, for example. In this case, it can be provided that the computers are also arranged in the vehicle, but not secured. Furthermore, the computers can be arranged in a data center, and the diverse data records can be output to the computers wirelessly. Alternatively, it is also possible to arrange the computing unit in a data center. The sensor data can then be output to the computing unit wirelessly.


The present invention also relates to a system consisting of such a computing unit and a vehicle with a vehicle sensor. The vehicle is configured to output sensor data from the vehicle sensor to the computing unit and to receive the digital map. The computing unit can be arranged in the vehicle or in a data center. Furthermore, the system can include a plurality of vehicles with a vehicle sensor, wherein each of the vehicles is configured to output sensor data from the vehicle sensor to the computing unit and to receive the digital map.


Exemplary embodiments of the present invention are explained with reference to the figures.





BRIEF DESCRIPTION OF THE DRAWINGS


FIG. 1 shows a flow chart of a method for processing data, according to an example embodiment of the present invention.



FIG. 2 shows a flow chart of a method for generating a digital map, according to an example embodiment of the present invention.



FIG. 3 shows a computer network, according to an example embodiment of the present invention.



FIG. 4 shows a system consisting of a computing unit and a vehicle, according to an example embodiment of the present invention.



FIG. 5 shows a further system including a computer unit and a vehicle, according to an example embodiment of the present invention.





DETAILED DESCRIPTION OF EXAMPLE EMBODIMENTS


FIG. 1 shows a flow chart 100 of a method for processing data using hardware secured according to specified security criteria. In a first reading-in step 101, data are read in. From the data, diverse data records are then generated in a generation step 102. The diverse data records are then output in a first output step 103 to various computers that are not secured according to specified security criteria. The computers can execute a processing of the data records in an optional calculation step 111, for example to process map data. To accomplish this, FIG. 1 shows four calculation steps 111 carried out in parallel, wherein the number of calculation steps can be different from four. The processed data records are then read in again in a second reading-in step 104. The processed data records are then compared in a comparison step 105 on the basis of a similarity assessment, and a final result of the processing of the data is determined in a determination step 106 on the basis of the comparison of the processed data records. The final result is then output in a second output step 107.


The core of the method for processing data is to carry out the explained method steps 101, 102, 103, 104, 105, 106, 107 on the hardware secured according to specified security criteria and to outsource the processing of the data records to the non-secured computers in calculation step 111. Since most of the computing time is required in particular when processing the data records, i.e., the calculation steps 111, this method can be used to achieve a secure end result, even though the most computationally intensive method steps are not carried out on secure hardware.


When determining the final result, the processed data records can be selected, and/or the processed data records can be merged. For example, it can be determined that a processed data record deviates significantly from the other processed data records, for example using statistical methods. The deviating processed data record can then be rejected while the other processed data records are merged to form the final result.


The diverse data records and the processed data records between the secure hardware and the computers can, for example, be transmitted wirelessly or wired.


The method can also include processing the diverse data records on the computers.


In one exemplary embodiment of the method for processing data, in addition to the diverse data records in a first processing step 103, a processing program is output to the computers that are not secured according to specified security criteria. This makes it possible to output the diverse data records and the processing program to data centers in the cloud so that the cheapest available non-secure computing capacity can be used if necessary.


In one exemplary embodiment of the method for processing data, the diverse data records are generated disjointly in the generating step 102. This can mean that each data point available in the data is only used for a single diverse data record.


In one exemplary embodiment of the method for processing data, the data are distributed to the data records in the generating step 102 on the basis of criteria and/or on the basis of metadata while generating the diverse data records. This can reduce the deviation of the processed data records from one another or reduce the probability of statistical outliers in the processed data records.


In one exemplary embodiment of the method for processing data, the comparison of the processed data records using the similarity assessment is used to adjust the diverse data records. This is optionally shown in FIG. 1. If the comparison step 105 shows that the processed data records are inconsistent, the method can jump back to the generation step 102 and adapt or regenerate the diverse data records. The first output step 103 is then repeated so that the diverse data records are again output to different computers that are not secured according to specified security criteria. The optional calculation steps 111 can now be run through again. The second reading-in step 104 is also run through again, and processed data records are read in again. The comparison step 105 can now be carried out again, after which, if the processed data records are consistent, the determination step 106 can be carried out, and otherwise a further run starting from the generation step 102 is possible. The adjustment when re-running the generation step 102 can be performed such that the individual data points are distributed differently to the diverse data records compared to the first run of the method. This method can be used, for example, to identify whether one of the computers is providing incorrect data.


In one exemplary embodiment of the method for processing data, the adjusted diverse data records are output to different computers after each re-run of the generating step 102 than during the first output to the computers. This method can be used, for example, to identify whether one of the computers is providing incorrect data. In particular, when the generation step 102 is run through again, it can be provided that the diverse data records can be adapted so that there is only a single output to other computers.


The data of the described method can, in particular, be sensor data from vehicles that are transmitted, for example. The criteria and/or the metadata can then include, for example, that differences between the data records are as different as possible (for example with regard to the time of data recording or the fleet vehicles). This allows an increase in the entropy of the disjoint data records to be achieved.



FIG. 2 shows a flow chart 100 of a method for generating a digital map. In this method, sensor data are generated by means of vehicle sensors in a sensor evaluation step 108, and then the already described method is carried out, wherein the sensor data are processed, and the end result contains a digital map. The digital map is then output to at least one vehicle in the second output step 107. In particular, the sensor data can be transmitted wirelessly.



FIG. 3 shows a computer network consisting of a computer unit 10 and a plurality of computers 20, wherein four computers 20 are shown in FIG. 3. In particular, the computers 20 can be computers 20 that are not secured according to specified security criteria. The computing unit 10 is configured to read in data, generate diverse data records from the data, output the diverse data records to the computers 20, read in processed data records again from the computers 20, carry out a comparison of the processed data records using a similarity assessment, determine a final result of the processing of the data using the comparison of the processed data records, and output the final result. In particular, the computing unit 10 can contain secure hardware for carrying out these steps.


The computing unit 10 can be located inside a vehicle, for example, but also in a data center. The computers 20 can be networked with each other, as indicated by the dashed lines in FIG. 3. The computers 20 and possibly also the computing unit 10 can be arranged in a cloud 21. A computing unit 10 as shown in FIG. 3 can perform the method shown in FIG. 1 for processing data.


The computing unit 10 can also be configured to read in sensor data from vehicle sensors as the data, and to output a digital map. Such a computing unit 10 can carry out the method shown in FIG. 2 for generating a digital map. This computing unit 10 can be arranged inside a vehicle, for example.



FIG. 4 shows a system 2 consisting of a computing unit 10 and a vehicle 30. The computing unit 10 is arranged in the vehicle 30. The vehicle 30 also has a vehicle sensor 31 connected to the computing unit 10. The computers 20 are also arranged in the vehicle, but are not secured.



FIG. 5 shows another system 2 consisting of a computer unit 10 and a vehicle 30. Here, the computers 20 are arranged in a data center 11. The computing unit 10 is also arranged in the computing center 11. The computing unit 10 has a data transmission unit 12. The vehicle 30 has a vehicle sensor 31 and a data transmission unit 32. Data between the vehicle 30 and the computing unit 10 can be transmitted by means of the data transmission units 12, 32, in particular wirelessly.


In an exemplary embodiment not shown, the computing unit 10 can be arranged in the vehicle 30, while the computers 20 are arranged in a computing center 11. Here, the diverse data records can be output wirelessly to the computers 20.


In both the exemplary embodiment in FIG. 4 and FIG. 5, the system 2 consists of the computing unit 10 and the vehicle 30 with the vehicle sensor 31. The vehicle 30 is configured to output sensor data from the vehicle sensor 31 to the computing unit 10 and to receive the digital map.



FIG. 5 also optionally shows another vehicle 33 with a vehicle sensor 31 and a data transmission unit 32. The system 2 can also include more than two vehicles 30, 33 with a vehicle sensor 31 and data transmission unit 31, wherein each of the vehicles 30, 33 is configured to output sensor data from the vehicle sensor 31 to the computing unit 10 and to receive the digital map.


Although the present invention has been described in detail by the preferred exemplary embodiments, the present invention is not limited to the disclosed examples and other variations may be derived therefrom by a person skilled in the art without departing from the scope of protection of the present invention.

Claims
  • 1. A method for processing data using hardware secured according to specified security criteria, the method comprising the following steps: reading in the data;generating diverse data records from the data;outputting the diverse data records to various computers that are not secured according to the specified security criteria;reading in processed data records;comparing the processed data records based on a similarity assessment;determining a final result of the processing of the data by comparing the processed data records; andoutputting the final result.
  • 2. The method according to claim 1, wherein in addition to the diverse data records, a processing program is output to the computers which are not secured according to the specified security criteria.
  • 3. The method according to claim 1, wherein the diverse data records are generated disjointly.
  • 4. The method according to claim 1, wherein the data are distributed to the data records based on criteria and/or based on metadata, while generating the diverse data records.
  • 5. The method according to claim 1, wherein the comparison of the processed data records using the similarity assessment is used to adjust the diverse data records, and the diverse data records are then output to various computers which are not secured according to specified security criteria, and the processed data records are read in again.
  • 6. The method according to claim 5, wherein the adapted diverse data records are each output to different computers than in the first output to the computers.
  • 7. The method for generating a digital map, comprising the following steps: generating sensor data using vehicle sensors;processing the sensor data using hardware secured according to specified security criteria, including: reading in the sensor data,generating diverse data records from the sensor data,outputting the diverse data records to various computers that are not secured according to the specified security criteria,reading in processed data records;comparing the processed data records based on a similarity assessment,determining a final result of the processing of the sensor data by comparing the processed data records, andoutputting the final result, wherein the final result contains a digital map; andoutputting the digital map to at least one vehicle.
  • 8. A computing unit configured to: read in data;generate diverse data records from the data;output the diverse data records to various computers which are not secured according to specified security criteria;read in processed data records;carry out a comparison of the processed data records using a similarity assessment;determine a final result of the processing of the data using the comparison of the processed data records; andoutput the final result.
  • 9. The computing unit according to claim 8, wherein the computing unit is configured to read in sensor data from vehicle sensors as the data, and to output a digital map.
  • 10. A system comprising: a computing unit configured to: read in data;generate diverse data records from the data;output the diverse data records to various computers which are not secured according to specified security criteria;read in processed data records;carry out a comparison of the processed data records using a similarity assessment;determine a final result of the processing of the data using the comparison of the processed data records; andoutput the final result,wherein the computing unit is configured to read in sensor data from a vehicle sensor as the data, and to output a digital map; anda vehicle with the vehicle sensor, wherein the vehicle is configured to output the sensor data from the vehicle sensor to the computing unit and to receive the digital map.
Priority Claims (1)
Number Date Country Kind
10 2023 204 608.3 May 2023 DE national