SYSTEM, METHOD, AND APPARATUS TO MITIGATE AND OR PREVENT AUTONOMOUS VEHICLE MISUSE THROUGH THE USE OF SECURITY ENABLED SENSORS

Abstract

Methods and systems for implementing autonomous vehicle security features. The present invention details an effective and secure methodology to implement the external management and control of autonomous vehicles by authorized personnel, usually law enforcement, through the use of intelligent sensors that can override an autonomous vehicle controller's functionality as necessary.

Claims

1. A Lawful Stop and Search (LSS) Override Controller for an autonomous vehicle, the controller comprising: a first communication channel to a LSS Illuminator or a LSS Manual Controller; a second communication channel to the LSS Manual Controller; a logical command communications link coupled to the first and second communication channels that employs a secure communication protocol configured to concurrently communicate to said LSS Illuminator and said LSS Manual Controller; an AV Computer interface to an automated driving system (ADS) controller providing default control of said autonomous vehicle; an Emergency Override Interface, bypassing said ADS, coupled to at least one of a drive motor system, a braking system, and a steering system of said autonomous vehicle; a dispatch interface configured to communicate with said autonomous vehicle's dispatch; a memory configured to securely store program code and a data set wherein the data set includes: operational data, critical security parameters (CSPs), and a set of usage records; and a processor.

2. The LSS Override Controller of claim 1, wherein said LSS Override Controller is logically distinct and independent from said ADS controller and may assert unconditional control over said ADS controller via the AV Computer interface, and may bypass said ADS controller to assert unconditional control over at least one of said vehicle steering, braking and propulsion systems via the Emergency Override Interface.

3. The LSS Override Controller of claim 1, wherein said the first communication channel utilize at least one of ultrasonic, optical, and radio frequency energy and the second communication channel utilize a direct wired connection.

4. The LSS Override Controller of claim 1, wherein the set of usage records contain a minimum content including: a notification that a law enforcement entity has performed an LSS interdiction, a date, time, and location of said interdiction, an identity and jurisdiction of said law enforcement entity and evidence of non-repudiation of message origin for said interaction.

5. The LSS Override Controller of claim 1, wherein the processor is configured to record each interaction with the LSS Illuminator or the LSS Manual Controller within said set of usage records and later transmit via said dispatch interface a message comprising a plurality of said usage records and receive acknowledgment that said message was successfully received.

6. The LSS Override controller of claim 1, wherein said secure communication protocol performs an identification and authentication of an entity using the LSS Illuminator or the LSS Manual Controller, and contingent on the determination said entity is an authorized member of law enforcement, said entity is granted access of the LSS override controller to assert control over said autonomous vehicle.

7. The LSS Override controller of claim 1, further comprising an external casing wherein said casing provides a set of protections against unauthorized physical access to the memory.

8. The LSS Override controller of claim 7, wherein the set of protections includes at least one of, evidence of tampering, pick-resistant locks, and tamper-detection/response circuitry.

9. The LSS Override Controller of claim 1, wherein the CSPs includes at least one of the following: cryptographic key, public key certificate, password, PIN, token, or biometric data.

10. A lawful stop and search (LSS) Illuminator comprising: a command communications link configured to communicate using a secure communication protocol to the LSS Override controller via at least one of, a focused beam of ultrasonic, optical, or radio frequency energy; a dispatch interface configured to communicate with law enforcement dispatch; a memory configured to securely store program code and a data set wherein the data set includes: operational data, critical security parameters (CSPs), and a set of usage records; and a processor.

11. The LSS Illuminator of claim 10, wherein the processor is configured to record each interaction with the LSS Override Controller within said set of usage records and later transmit via said dispatch interface a message comprising a plurality of said usage records and receive acknowledgment that said message was successfully received.

12. The LSS Illuminator of claim 10, wherein said set of usage records containing a minimum content including: notification that a law enforcement entity has performed a LSS interdiction, a date, time, and location of said interdiction, the interdicted vehicle ownership, and evidence of non-repudiation of message receipt for said interaction.

13. The LSS Illuminator of claim 10, further comprising an external casing that renders the LSS Illuminator operable as a handheld device wherein said casing provides a set of protections against unauthorized physical access to the memory.

14. The LSS Illuminator of claim 13, wherein the set of protections includes at least one of, evidence of tampering, pick-resistant locks on all casing covers, and tamper-detection/response circuitry.

15. The LSS Illuminator of claim 10, wherein the CSPs includes at least one of the following: cryptographic key, public key certificate, password, PIN, token, or biometric data.

16. A lawful stop and search (LSS) Manual Controller that comprises: a first communication channel to a LSS Override Controller; a second communication channel to the LSS Override Controller; a logical command communications link coupled to the first and second communication channels that employs a secure communication protocol configured to communicate to said to the LSS Override controller; a dispatch interface configured to communicate with law enforcement dispatch; a memory configured to securely store program code and a data set wherein the data set including: operational data, critical security parameters (CSPs), and a set of usage records; and a processor.

17. The LSS Manual Controller of claim 16, wherein said the first communication channel utilize at least one of ultrasonic, optical, and radio frequency energy and the second communication channel utilize a direct wired connection.

18. The LSS Manual Controller of claim 16, wherein the processor is configured to record each interaction with the LSS Override Controller within said set of usage records and later transmit via said dispatch interface a message comprising a plurality of said usage records and receive acknowledgment that said message was successfully received.

19. The LSS Manual Controller of claim 16, wherein said set of usage records containing a minimum content including: notification that a law enforcement entity has performed a LSS interdiction, a date, time, and location of said interdiction, the interdicted vehicle ownership, and evidence of non-repudiation of message receipt for said interaction.

20. The LSS Manual Controller of claim 16, further comprising an external casing that renders the LSS Manual Controller operable as a handheld device wherein said casing provides a set of protections against unauthorized physical access to the memory.

21. The LSS Manual Controller of claim 20, wherein the set of protections includes at least one of, evidence of tampering, pick-resistant locks on all casing covers, and tamper-detection/response circuitry.

22. The LSS Manual Controller of claim 14, wherein the CSPs includes at least one of the following: cryptographic key, public key certificate, password, PIN, token, or biometric data.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0040] The novel features believed characteristic of the invention are set forth in the appended claims; however, the invention itself, as well as a preferred mode of use, further objectives and advantages thereof, will best be understood by reference to the following detailed description of an illustrative embodiment when read in conjunction with the accompanying drawings, wherein:

[0041] FIG. 1 is a block diagram showing a typical Autonomous Vehicle with AV Controller and Sensor System in which the present invention may be implemented;

[0042] FIG. 2 is a block diagram showing details of a typical Autonomous Vehicle Controller and Support Systems in which the present invention may be implemented;

[0043] FIG. 3 depicts a handheld Lawful Stop and Search (LSS) illuminator;

[0044] FIG. 4 depicts a car mounted Lawful Stop and Search (LSS) illuminator;

[0045] FIG. 5 depicts a helicopter mounted Lawful Stop and Search (LSS) illuminator;

[0046] FIG. 6 is a diagram depicting a Fixed LSS Fence, an electronic fence using Lawful Stop and Search (LSS) illuminators;

[0047] FIG. 7 is a diagram depicting the two way communications where the LSS Illuminator, acting as a client, communicates with a LSS AV Override System Controller, acting as the server, i.e., actively listening for an illuminator;

[0048] FIG. 8 is a block diagram of an example LSS illuminator electronics;

[0049] FIG. 9 is a block diagram of an example LSS Manual Controller electronics;

[0050] FIG. 10 is a block diagram of an example LSS AV Override System Controller electronics;

[0051] FIG. 11 is a block diagram showing details of a LSS Override System Controller interfaces to a typical Autonomous Vehicle Controller;

[0052] FIG. 12 is a diagram depicting a driver-less AV with wired LSS Manual Controller; and

[0053] FIG. 13 is a diagram depicting a driver-less AV with wireless LSS Manual Controller;

DETAILED DESCRIPTION OF THE INVENTION

[0054] With reference now to the figures, and in particular with reference to FIG. 1, a block diagram depicting a typical Autonomous Vehicle (AV) with AV Controller and Sensor System 100 in which the present invention may be implemented. Those of ordinary skill in the art will appreciate that the AV Controller and the sensor systems may vary according to the manufacturer, design requirements, requirements mandated by local and federal regulatory bodies, as well as intended usage. Depicted in FIG. 1 is an autonomous vehicle with AV Controller 130 and the various sensors currently being designed for autonomous vehicles; direction of forward travel is indicated by arrow. These diagrams show long range radar sensor coverage 101, medium radar coverage 104, 105, and 106, camera coverage 102, short range radar coverage 103, ultrasonic sensor coverage 110, 111, 112, 113,114, and 115, and omnidirectional sensor coverage 120 generated by the omnidirectional sensor 132. The omnidirectional sensor may represent a GPS/GNSS, LIDAR, V2X, LSS, RF, or a combination of these (or other technology types). i.e., an AV could support multiple omnidirectional technologies each having dedicated sensors, or sensors integrated with multiple technologies. A LSS (Lawful Stop and Search) sensor, either dedicated or integrated with other sensor technology may be implemented as a single mode or as a multi-mode sensor as design demands.

[0055] With reference now to FIG. 2, a block diagram depicting a typical Autonomous Vehicle (AV) Controller and Support Systems 200 in which the present invention may be implemented. Those of ordinary skill in the art will appreciate that the AV Controller and Support systems may vary according to the manufacturer, design requirements, requirements mandated by local and federal regulatory bodies, as well as intended usage. Depicted in FIG. 2 is the autonomous vehicle controller processor subsystem 201 providing the main processing resources and external interface, the User Interface 203 that provides possible manual interfaces to the controller. Additionally shown are the following systems, the Brake Controller & Brake System 205, Radio Controller & Radio System 207, Steering Controller & Steering System 209, Sensor Controllers 211, Drive Motor Controller & Drive Motor System 213, GPS Controller & GPS System 215, Lighting Controller & Lighting System 217, Other Systems Controller & Systems 219. The External Control Interfaces 221 and 223 provide both normal control interfaces 223 and emergency control interfaces 221 to the AV Controller. The normal control interface 223 interfaces directly with the AV Controller Processor Subsystem 210 and allows an external controller override the normal autonomous operations. The emergency control interface 221 bypasses the AV Controller Processor Subsystem 210 and interfaces directly to the Brake Controller & Brake System 205, Steering Controller & Steering System 209 and Drive Motor Controller & Drive Motor System 213.

[0056] With reference now to FIGS. 3, 4, 5 and 6, depictions of a LSS handheld illuminator, a LSS Car Mounted illuminator, a LSS Helicopter Mounted illuminator, and a fixed LSS Fence, in accordance with a preferred embodiment of the present invention. Those of ordinary skill in the art will appreciate that the LSS Car Mounted illuminator and the LSS Helicopter Mounted illuminator will require external mounts that have azimuth and elevation control for pointing; however, this is beyond the scope of the present invention. Typically, law enforcement personnel will operate the LSS illuminators as part of an intervention process when an AV must be stopped for inspection or where other means have failed or deemed unusable or unsafe. The LSS illuminator is used to signal the AV that authorized personnel are overriding AV control. A LSS illuminator may be a single mode, or multi-mode device; multi-mode may allow different modes to be selectable or all modes may be used simultaneously. Additionally, each Illuminator depicted may be integrated into other systems already required; e.g. the LSS handheld illuminator could be integrated into a flashlight, the LSS Car Mounted illuminator could be integrated into the vehicle's emergency lighting. Those of ordinary skill in the art will appreciate that these modes may vary according to the manufacturer, design requirements, requirements mandated by local and federal regulatory bodies, as well as intended usage and range. Typical modes would be visible laser, infrared laser, ultrasonic, Radio Frequency (RF) and/or other applicable technologies; multi-mode devices would utilize two or more of these (or two or more frequencies), either selectably or simultaneously.

[0057] With reference now to FIG. 6 a concept drawing of a restricted area consisting of Restricted Roadway 312C, Pedestrian Walkways 310C and 314C. These areas are protected by an electronic fence consisting of LSS Illuminators 302C, 304C, 306C, and 308C, each transmitting a Fence command with the GPS coordinates of the restricted area. These coordinates could be the corners of the fenced area or the center and radius as design dictates. Commands are transmit periodically at a high repetition rate during periods of usage, and may be turned off otherwise. The installation could be used to exclude AV from restricted areas, such as large celebrations, and/or large public gatherings.

[0058] With reference now to FIG. 7, a depictions of the communications path between a LSS illuminator 400 and a LSS AV Sensor 420 showing the two way nature of communication in accordance with a preferred embodiment of the present invention. In this depiction, the communications may be visible laser, infrared laser, ultrasonic, Radio Frequency (RF) and/or other applicable technologies. Those of ordinary skill in the art will appreciate that one way communication cannot provide the required level of security to prevent LSS misuse, e.g., malicious or criminal hacking and/or pranking, load hijacking, competitor interference, etc.; therefore, a two way encrypted communication channel with mutual authentication is established to meet the applicable standards to guarantee LSS user identification and authentication, message integrity, message confidentiality, non-repudiation of origin and non-repudiation of receipt. LSS user identification and authentication is necessary to guarantee unauthorized interference to the AV, message integrity is required to ensure the message is received correctly so it may be interpreted properly, and message confidentiality is required to prevent spoofing of LSS messages or other hacking techniques. Non-repudiation of origin is required to ensure the AV's owner/dispatcher has sufficient records to know who and why the AV was stopped and non-repudiation of receipt is required so the origin (ownership) of the AV can be verified.

[0059] Depicted in FIG. 7 are LSS illuminator 400 with Transmitter (TX) 401 and Receiver (RX) 402, and LSS AV Sensor 420 with Receiver (RX) 421 and Transmitter (TX) 422. LSS AV Sensor 420 acts as a server, listening for a LSS illuminator 400 communication to be initiated via Receiver 421; its Transmitter 422 is inactive. When LSS illuminator 400 is activated it initiates a Transport Layer Security version 1.2 (TLSv1.2) handshake with mutual authentication; if the LSS AV Sensor 420 Receiver 421 is in its beam 410 as shown, the LSS AV Sensor 420 responds via Transmitter 422 and completes the handshake. Immediately after the handshake is completed, the LSS illuminator 400 transmits command(s) and waits on a response from the LSS AV Sensor 402. When the command(s) are acknowledged, the LSS illuminator 400 issues a TLSv1.2 shutdown command to terminate the link; this ends the TLS session. Those of ordinary skill in the art will appreciate that protocols other than TLSv1.2 may be used to achieve the necessary link security; however, they will also recognize non-repudiation of origin and non-repudiation of receipt are required whether provided as an extension to TLS or as part of the application layer.

[0060] Typical necessary commands (or their equivalent) that are envisioned are the emergency commands, EmergencyStop, Stop, and Fence, and the normal commands, Acknowledge, Identify, Manifest, PullOverPark, and ResumeOperation; once the AV is at a full stop, further actions can be initiated via other communication paths. The command EmergenctStop is issued only when imminent danger necessitates the AV must apply all means to halt motion; this may necessitate a separate control path be implemented, one that bypasses the AV's controller and operates directly on the motor feed and braking mechanisms. The command Stop is issued in situations that require immediate AV halt; however, normal safety rules remain in place except the AV does not need to clear traffic lanes. The command Fence is issued in fixed locations that require the AV recognize a restricted area that the AV may not enter, this command transmits the GPS coordinates of its location so the AV may reroute. The command Acknowledge requires the AV respond to a sensor query to verify the health of the LSS System. The command Identify requires the vehicle return AV identification data. The command Manifest requires the AV respond with the current vehicle manifest data. The command PullOverPark is intended for normal situations where vehicle inspection e.g., load inspection, vehicle weight, etc., or other lawful stop of the AV is required where the AV needs to be clear traffic lanes. The command ResumeOperation is intended to allow the AV continue its operation after interruption; however, no internal AV control may be applied until enabled by receipt of this command. Additionally, some commands could requires sub-commands for added functionality, the PullOverPark command could include sub-commands to indicate why the AV was pulled over, e.g., MobileScale, LoadInspection, EquipmentViolation, or others as required. Those of ordinary skill in the art will appreciate that design requirements, regulatory requirements, field experience, etc., may require commands be added, modified, and/or removed.

[0061] With reference now to FIG. 8, a block diagram illustrating components of a LSS illuminator 500 used by authorized personnel to mitigate and/or prevent autonomous vehicle misuse is depicted in accordance with a preferred embodiment of the present invention. The LSS illuminator described herein communicates directly with the LSS Sensor described in the paragraph below. In this illustrative example, the components organized into the following subsystems: processing, transmit chain, receive chain, user interface and dispatch interface. Those of ordinary skill in the art will appreciate that the hardware depicted in FIG. 8 may vary; e.g., other components may be used in the transmit and/or receive chain, or other subsystems.

[0062] The transmit chain is comprised of Oscillator 501 which generates the carrier frequency, the Modulator 503 which modulates the carrier, Amplifier 505 which amplifies the signal, the Transmitter 507 which emits the modulated beam 530 intended for the LSS Sensor. The receive chain is comprised of the Receiver 515 which receives the modulated beam 532 from the LSS Sensor, Signal Conditioner and Amplifier 513 which synchronizes to the incoming signal and amplifies to the proper level, and Demodulator 511 which recovers the information content from the modulated carrier wave and sends for processing. The processing chain is comprised of Processor 509, and the RAM/NVRAM 517. The Processor 509 performs all processing tasks including generating transmit signals, interpreting receive signals, user input/output functions, and interfacing to dispatch; it interfaces to RAM/NVRAM 517 where program and data are stored, interfaces to USB Interface 521 which provides means to load necessary system data, reads User Input 519, drives Status Indicators 523, and drives the Dispatch Interface 525 which insures all device (LSS Illuminator) usage is externally monitored to preserve usage records. Optionally, for electronic fence applications, a GPS Receiver 527 and GPS Antenna 529 can be integrated. It is recommended high-accuracy GPS be implemented.

[0063] With reference now to FIG. 9, a diagram illustrating components of an LSS Manual Controller 600 intended to communicate with the AV and used to manage the autonomous vehicle is depicted in accordance with a preferred embodiment of the present invention. The LSS Manual Controller described herein communicates directly with the LSS AV Override System via an attached cable or by wireless link; the details of cable or wireless link are not illustrated. In this illustrative example, the components organized into the following subsystems: processing, transmit chain, receive chain, and user interface. Those of ordinary skill in the art will appreciate that the hardware depicted in FIG. 9 may vary; e.g., other components may be used in the transmit and/or receive chain, or other subsystems.

[0064] The transmit chain is comprised of Oscillator 601 which generates the carrier frequency, the Modulator 603 which modulates the carrier, Amplifier 605 which amplifies the signal, the Transmitter 607 which emits the modulated signal 630 to the LSS AV Override System, either via wired or wireless means. The receive chain is comprised of the Receiver 615 which receives the modulated signal 632 from the LSS AV Override System, again, either via wired or wireless means, Signal Conditioner and Amplifier 613 which synchronizes to the incoming signal and amplifies to the proper level, and Demodulator 611 which recovers the information content from the modulated carrier wave and sends for processing. The processing chain is comprised of Processor 609, and the RAM/NVRAM 617. The Processor 609 performs all processing tasks including generating transmit signals, interpreting receive signals, user input/output functions, and interfacing to dispatch; it interfaces to RAM/NVRAM 617 where program and data are stored, interfaces to USB Interface 621 which provides means to load necessary system data, reads User Input 619, and drives Status Indicators 623. When LSS Manual Controller 600 is activated it initiates a TLSv1.2 handshake with mutual authentication; immediately after the handshake is completed, the LSS Manual Controller 600 transmits command(s) and waits on a response from the LSS AV Override System. When the command(s) are acknowledged, the LSS Manual Controller 600 issues a TLSv1.2 shutdown command to terminate the link; this ends the TLS session. Those of ordinary skill in the art will appreciate that protocols other than TLSv1.2 may be used to achieve the necessary link security.

[0065] Typical necessary commands (or their equivalent) that are envisioned are the proportional commands, PullForward, BackUp, TurnLeft, and TurnRight and fixed commands, Stop, DownloadVehicleIdentification, UnlockLoadCompartment, ContactTerminal, and ResumeOperation; proportional commands carry rate information and are used to move the vehicle locally at low rates of speed. The command Stop is issued in situations that require immediate AV halt. The command DownloadVehicleIdentification is intended for situations where vehicle inspection requires the vehicle produce documentation such as: identification (the motor carrier's name or trade name and the motor carrier's Department of Transportation (DOT) registration number, manifest, proof of insurance, maintenance records, accident records, licenses, permits, planned route and actual route, etc.; this information is downloaded to the controller's USB drive for review and storage. The command UnlockLoadCompartment is used to perform vehicle load inspections. The command ContactTerminal is intended to notify the vehicle's owner/operator that additional assistance is required. The command ResumeOperation is intended to allow the AV continue its operation after interruption; however, no internal AV control may be applied until enabled by receipt of this command. Those of ordinary skill in the art will appreciate that design requirements, regulatory requirements, field experience, etc., may require commands be added, modified, and/or removed.

[0066] With reference now to FIG. 10, a diagram illustrating components of a LSS AV Override System Controller 700 mounted on the AV used to mitigate and/or prevent autonomous vehicle misuse and vehicle management is depicted in accordance with a preferred embodiment of the present invention. The LSS AV Override System described herein communicates directly with the LSS illuminator described in the paragraph above and communicates with the LSS Manual Controller described below. In this illustrative example, the components organized into the following subsystems: processing, transmit chain, receive chain, user interface and dispatch interface; the subsystems may be appropriately separated into physically different enclosures with the transmit and receive chains located in one package mounted on top of the AV and the remainder in a more accessible location. Additionally, the components may be integrated into existing AV sensors such as LIDAR, radar, GNSS, or ultrasonic, etc; furthermore, significant anti-tampering characteristics of the LSS AV Override System may be gained through the use of integrated sensors. e.g., if an integrated LSS/LIDAR sensor were tampered, the LIDAR system would also be downgraded and the system fail. Additionally, some components, such as receiver and/or transmitter, may be integrated into the vehicle's running, braking, or emergency lighting. Those of ordinary skill in the art will appreciate that the hardware depicted in FIG. 10 may vary, e.g., other components may be used in the transmit and/or receive chain, or other subsystems.

[0067] The transmit chain is comprised of Oscillator 701 which generates the carrier frequency, the Modulator 703 which modulates the carrier, Amplifier 705 which amplifies the signal, the Transmitter 707 which emits the modulated beam 730 intended for the LSS Illuminator. The receive chain is comprised of the Receiver 715 which receives the modulated beam 732 from the LSS Illuminator, Signal Conditioner and Amplifier 713 which synchronizes to the incoming signal and amplifies to the proper level, and Demodulator 711 which recovers the information content from the modulated carrier wave and sends for processing. The processing chain is comprised of Processor 709, and the RAM/NVRAM 717. The Processor 709 performs all processing tasks including generating transmit signals, interpreting receive signals, user input/output functions, and interfacing to dispatch; it interfaces to RAM/NVRAM 717 where program and data are stored, interfaces to USB Interface 721 which provides means to load necessary system data, reads User Input 719, drives Status Indicators 723, and drives the Dispatch Interface 725 which insures all device (LSS Illuminator) usage is externally monitored to preserve usage records, interfaces to the External Control Interface 727 which allows the AV be controlled by an external device, and interfaces to the AV Computer Interface 729 which sends override commands to the AV control system computer, or to a separate control implemented to bypasses the AV's controller and operates directly on the motor feed and braking mechanisms via the Emergency Override Interface 728.

[0068] A high-accuracy GPS Receiver 720 and GPS Antenna 724 provide accurate LSS location data that is independent of the AV control system. LSS location data is used in conjunction with Fence commands received from LSS electronic fence installations. As the vehicle approaches a restricted area marked with the LSS fence, the AV controller may be notified to avoid the restricted area. In the case the LSS AV Override System detects actual AV intrusion into a LSS electronic fenced area, the vehicle is reliably stopped by bypassing the AV's controller via the Emergency Override Interface 728, operating directly on the motor feed and braking mechanisms. Once the AV has been stopped using the Emergency Override Interface 728, it can only be restarted by law enforcement. LSS AV Override System location data can also be sent to the AV control system to increase its reliability. To reduce misuse and increase route reliability, the Native AV Controller can transmit the route map to the LSS AV Override System via the AV Computer Interface 729 where the route is continuously checked by the LSS Override System. Small route deviations can be transmit back to the AV controller for correction resulting in higher route reliability, whereas large route deviations will result in activation of the Emergency Override Interface and subsequent AV stop. Those of ordinary skill in the art will appreciate that the LSS AV Override System and all interfaces to the AV must have sufficient physical and logical protection to prevent misuse and/or tampering; therefore, manufacturers should consider FIPS 140-2 Level 4 certification or its equivalent.

[0069] With reference now to FIG. 8, a diagram illustrating components of a LSS illuminator 500 and FIG. 9, a diagram illustrating components of an LSS Manual Controller 600, show significant similarities such that the handheld LSS Illuminator and a LSS Manual Controller may be integrated into a single package.

[0070] With reference now to FIG. 11, a block diagram of a LSS Override System Controller and Autonomous Vehicle Controller 800 showing the relationship and connections between the LSS Override System Controller 801, the AV Controller and Support System 803, and the External Control Interfaces 805 and 807. The LSS Override System Controller 801 is purposefully shown above the AV Controller and Support System 803 because it can override the AV Controller and Support System 803 which must respond to the direction of LSS Override System Controller 801. The LSS Override System Controller 801 is fully explained in the description of FIG. 10 above, the AV Controller and Support System 803 and the External Control Interfaces 805 and 807 are fully explained in the description of FIG. 2

[0071] With reference now to FIG. 12, a concept drawing of a driver-less AV 900 having LSS Sensor 902 and Control Port 904 depicted in accordance with a preferred embodiment of the present invention. LSS Sensor 902 may be an independent sensor, or may be integrated into the AV navigation sensors such as LIDAR, RADAR, camera or other; however, integrated sensors offer increased anti-tampering security, and are therefore preferred. Control Port 904 is depicted with attached Control Cable 912 and LSS Manual Controller 910; Control Port 904 is attached internally to the External Control Interface 527 shown in FIG. 8. LSS Control Cable 912 and LSS Manual Controller 910 are attached to provide local management of the AV 900 after the AV has stopped. Upon connection of LSS Manual Controller 910, all internal control functions are overridden, including remote AV control via other pathways.

[0072] With reference now to FIG. 13 a concept drawing of a driver-less AV 900A having LSS Sensor 902A and Control Port 904A depicted in accordance with an alternate embodiment of the present invention. LSS Sensor 904A may be an independent sensor, or may be integrated into the AV navigation sensors such as LIDAR, RADAR, camera or other; however, integrated sensors offer increased anti-tampering security, and are therefore preferred. The LSS Manual Controller 920A communicates to the LSS Sensor 902A via wireless signal and provides local management of the AV 900A after stopped. Upon establishment of LSS Manual Controller 910A control, all internal control functions are overridden, including remote AV control via other pathways. Control Port 904A is unused in this example.

[0073] With reference now to FIG. 12 and FIG. 13, whether wired or wireless, the AV can be moved locally as necessary using the LSS Manual Controller; in terminal this can aid in vehicle maintenance, vehicle fueling for non-electric vehicles such as diesel or hydrogen fuels, and charging for electric vehicles, load and unload tasks, in transit this can aid in mobile or Port of Entry weight inspections, and/or load inspection. Additional the AV Controller can be used in terminal for final inspection to verify route information, and verify all required documentation is present, available, and correct. Although a driver-less AV was used in these examples, those of ordinary skill in the art will appreciate that the AV could be with driver present, with driver facilities but no driver, or driver-less, i.e., no driver facilities, as this will probably be the development sequence for fully autonomous driver-less vehicles.

[0074] The descriptions of the present invention has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the invention in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art. The embodiment was chosen and described in order to best explain the principles of the invention, the practical application, and to enable others of ordinary skill in the art to understand the invention for various embodiments with various modifications as are suited to the particular use contemplated.

Definitions

[0075]

TABLE-US-00001 AV Autonomous Vehicle, for the purposes of this invention, refers to SAE specification J3016, Level 2 and higher vehicle. Federal Publicly announced standards developed by Information the United States federal government for use in Processing computer systems by non-military government Standards agencies and government contractors. FIPS See Federal Information Processing Standards Global The standard generic term for satellite navigation Navigation systems that provide autonomous geo-spatial Satellite System positioning with global coverage. Global The US Government's implementation of GNSS Positioning System GNSS See Global Navigation Satellite System GPS See Global Positioning System IAS See Intrusion Analysis Software Lawful Stop and Refers to a situation where law enforcement may Search legally request a vehicle to pull over and search (inspect) the vehicle LSS See Lawful Stop and Search LIDAR An acronym for Light Detection and Ranging, which is a remote sensing method that uses pulsed laser light to perform range measurements; it is and for control and navigation for autonomous vehicles. National Institute A United States government non-regulatory federal of Standards and agency Department of Commerce; its mission is to Technology promote US. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST See National Institute of Standards and Technology SAE Society of Automotive Engineers V2I Vehicle to Infrastructure V2V Vehicle to Vehicle V2X V2I and V2V