The present application claims the benefit under 35 U.S.C. ยง 119 of German Patent Application No. DE 10 2023 204 608.3 filed on May 17, 2023, which is expressly incorporated herein by reference in its entirety.
The present invention relates to a method for generating a digital map, a data processing method, a computing unit and a system including a computing unit and at least one vehicle.
The detection of a vehicle's environment using sensors, such as radar, lidar, ultrasound and/or cameras, is a fundamental component of modern driver assistance systems and automated vehicle systems. In this context, the employed environment models are often supplemented by additional map information, such as roadways outside the sensor field of view. The map data used for this (for example from planning maps, localization maps or behavior maps) are made available to the vehicle system via a map service.
Among modern sensor systems (e.g., radar, video, lidar, ultrasound, cameras), there are many examples of sensors that have to meet the functional safety requirements. These safety requirements can, for example, be ASIL in accordance with ISO 26262 for clearly defined safety targets. No such solutions with economic feasibility are known for crowdsourcing-based map services.
A large number of algorithms are available for creating, expanding and updating maps for use in vehicle systems. Furthermore, such map services are already available on the market. Furthermore, systems are available that divide mapping data into different data records and calculate them separately to form localization maps with the aim of increasing the robustness of the mapping pipeline.
An object of the present invention is to provide a method for generating a digital map that meets security requirements. Another object of the present invention is to provide a data processing method, a computing unit, and a system including a computing unit and at least one vehicle with which the method can be carried out. These objects may be achieved by features of the present invention. Advantageous example embodiments and developments of the present invention are disclosed herein.
The present invention relates to a method for processing data by means of hardware secured according to specified security criteria. According to an example embodiment of the present invention, the method comprises the following steps: First, the data are read in. Diverse data records are then generated from the data. The diverse data records are then sent to various computers that are not secured according to specified security criteria. The computers can then process the data records, for example to edit map data. The processed data records are then read in again. The processed data records are then compared using a similarity assessment, and a final result of the data processing is determined based on the comparison of the processed data records. The final result is then output.
A main feature of the method for processing data is to carry out the explained method steps of the present invention on the hardware secured according to the specified security criteria and to outsource the processing of the data records to the unsecured computers. Since most of the computing time is required in particular when processing the data records, this method can be used to achieve a secure end result, even though the most computationally intensive method steps are not carried out on secure hardware.
According to an example embodiment of the present invention, when determining the final result, the processed data records can be selected, and/or the processed data records can be merged. For example, it can be determined that a processed data record deviates significantly from the other processed data records, for example using statistical methods. The deviating processed data record can then be rejected while the other processed data records are merged to form the final result.
The diverse data records and the processed data records between the secure hardware and the computers can, for example, be transmitted wirelessly or wired.
According to an example embodiment of the present invention, the method can also include processing the diverse data records on the computers.
In one example embodiment of the method for processing data according to the present invention, in addition to the diverse data records, a processing program is output to the computers that are not secured according to specified security criteria.
This makes it possible to output the diverse data records and the processing program to data centers in the cloud so that the cheapest available computing capacity can be used if necessary.
In one example embodiment of the method for processing data according to the present invention, the diverse data records are generated disjointly. This can mean that each data point available in the data is only used for a single diverse data record.
In one example embodiment of the method for processing data according to the present invention, the data are distributed to the data records on the basis of criteria and/or on the basis of metadata while generating the diverse data records. This can reduce the deviation of the processed data records from one another or reduce the probability of statistical outliers in the processed data records.
In one example embodiment of the method for processing data according to the present invention, the comparison of the processed data records using the similarity assessment is used to adjust the diverse data records. The diverse data records are then output again to different computers that are not secured according to specified security criteria, and processed data records are read in again. The adjustment can be carried out in such a way that the individual data points are distributed differently to the diverse data records compared to the first run of the method. This method can be used, for example, to identify whether one of the computers is providing incorrect data.
In one example embodiment of the method for processing data according to the present invention, the adapted diverse data records are output to different computers than in the first output to the computers. This method can be used, for example, to identify whether one of the computers is providing incorrect data.
The data of the described method of the present invention can, in particular, be sensor data from vehicles that are transmitted, for example. The criteria and/or the metadata can then include, for example, that differences between the data records are as different as possible (for example with regard to the time of data recording or the fleet vehicles). This allows an increase in the entropy of the disjoint data records to be achieved.
The present invention further relates to a method for generating a digital map. According to an example embodiment of the present invention, in this method, sensor data are generated by means of vehicle sensors, and then the already described method is carried out, wherein the sensor data are processed, and the end result contains a digital map. The digital map is then issued to at least one vehicle. In particular, the sensor data can be transmitted wirelessly.
The present invention also relates to a computing unit which, according to an example embodiment, is configured to read in data, generate diverse data records from the data, output the diverse data records to various computers which are not secured according to specified security criteria, read in processed data records, carry out a comparison of the processed data records using a similarity assessment, determine a final result of the processing of the data using the comparison of the processed data records, and output the final result. In particular, the computing unit can contain secure hardware for carrying out these steps.
The computing unit can be located inside a vehicle, for example, but also in a data center.
Such a computing unit can carry out the method for processing data according to the present invention.
In one example embodiment of the present invention, the computing unit is also configured to read in sensor data from vehicle sensors as the data, and to output a digital map. Such a computing unit can carry out the method according to the present invention for generating a digital map. This computing unit can be arranged inside a vehicle, for example. In this case, it can be provided that the computers are also arranged in the vehicle, but not secured. Furthermore, the computers can be arranged in a data center, and the diverse data records can be output to the computers wirelessly. Alternatively, it is also possible to arrange the computing unit in a data center. The sensor data can then be output to the computing unit wirelessly.
The present invention also relates to a system consisting of such a computing unit and a vehicle with a vehicle sensor. The vehicle is configured to output sensor data from the vehicle sensor to the computing unit and to receive the digital map. The computing unit can be arranged in the vehicle or in a data center. Furthermore, the system can include a plurality of vehicles with a vehicle sensor, wherein each of the vehicles is configured to output sensor data from the vehicle sensor to the computing unit and to receive the digital map.
Exemplary embodiments of the present invention are explained with reference to the figures.
The core of the method for processing data is to carry out the explained method steps 101, 102, 103, 104, 105, 106, 107 on the hardware secured according to specified security criteria and to outsource the processing of the data records to the non-secured computers in calculation step 111. Since most of the computing time is required in particular when processing the data records, i.e., the calculation steps 111, this method can be used to achieve a secure end result, even though the most computationally intensive method steps are not carried out on secure hardware.
When determining the final result, the processed data records can be selected, and/or the processed data records can be merged. For example, it can be determined that a processed data record deviates significantly from the other processed data records, for example using statistical methods. The deviating processed data record can then be rejected while the other processed data records are merged to form the final result.
The diverse data records and the processed data records between the secure hardware and the computers can, for example, be transmitted wirelessly or wired.
The method can also include processing the diverse data records on the computers.
In one exemplary embodiment of the method for processing data, in addition to the diverse data records in a first processing step 103, a processing program is output to the computers that are not secured according to specified security criteria. This makes it possible to output the diverse data records and the processing program to data centers in the cloud so that the cheapest available non-secure computing capacity can be used if necessary.
In one exemplary embodiment of the method for processing data, the diverse data records are generated disjointly in the generating step 102. This can mean that each data point available in the data is only used for a single diverse data record.
In one exemplary embodiment of the method for processing data, the data are distributed to the data records in the generating step 102 on the basis of criteria and/or on the basis of metadata while generating the diverse data records. This can reduce the deviation of the processed data records from one another or reduce the probability of statistical outliers in the processed data records.
In one exemplary embodiment of the method for processing data, the comparison of the processed data records using the similarity assessment is used to adjust the diverse data records. This is optionally shown in
In one exemplary embodiment of the method for processing data, the adjusted diverse data records are output to different computers after each re-run of the generating step 102 than during the first output to the computers. This method can be used, for example, to identify whether one of the computers is providing incorrect data. In particular, when the generation step 102 is run through again, it can be provided that the diverse data records can be adapted so that there is only a single output to other computers.
The data of the described method can, in particular, be sensor data from vehicles that are transmitted, for example. The criteria and/or the metadata can then include, for example, that differences between the data records are as different as possible (for example with regard to the time of data recording or the fleet vehicles). This allows an increase in the entropy of the disjoint data records to be achieved.
The computing unit 10 can be located inside a vehicle, for example, but also in a data center. The computers 20 can be networked with each other, as indicated by the dashed lines in
The computing unit 10 can also be configured to read in sensor data from vehicle sensors as the data, and to output a digital map. Such a computing unit 10 can carry out the method shown in
In an exemplary embodiment not shown, the computing unit 10 can be arranged in the vehicle 30, while the computers 20 are arranged in a computing center 11. Here, the diverse data records can be output wirelessly to the computers 20.
In both the exemplary embodiment in
Although the present invention has been described in detail by the preferred exemplary embodiments, the present invention is not limited to the disclosed examples and other variations may be derived therefrom by a person skilled in the art without departing from the scope of protection of the present invention.
Number | Date | Country | Kind |
---|---|---|---|
10 2023 204 608.3 | May 2023 | DE | national |