AT501428A1 - METHOD FOR AUTHENTICATING A DATA-SUBMITTED DEVICE - Google Patents

Description

PATENT OFFICER DIPL.-IN «ECK.TECHN! idNCXREAS WEISER EUROPEAN PATENT AND TRADEMARK ATTORNEY A-1130 VIENNA · HIETZINGER MAIN ROAD 4 01396

Kapsch TrafficCom AG A-1121 Vienna AT

The present invention relates to a method for authenticating a data transmitting terminal to an associated data receiving detection unit.

The invention relates to the problem of ensuring the authenticity of terminals, in particular when the transmission link between the terminal and the detection unit can not be reliably protected from attacks. In particular, the invention relates to the field of application to securely document a traffic scene or any other scene with the aid of cameras or other sensors. Common applications in traffic engineering are the documentation of offenses against the traffic regulations, such as speeding, crossing a red light intersection, etc., or the control of tolls or access authorizations. Often cameras are used in conjunction with other sensors to detect the violation. The captured images should reflect the scene unadulterated and be protected against manipulation.

For this purpose, it is state of the art, the acquired data, e.g. Images to be provided with an electronic signature. In the process, a hash value is calculated for the image and the signature is then generated using an asymmetric encryption method. TEL.: +43 1 879 17 06 · FAX: +43 1 879 17 07 E-MAIL: MAIL@PATENTE.NET WEB: WWW. PATENTE.NET FIRST BANK: 038-56704 BLZ: 20111 · IBAN: ATI02011100003856704 · BIC: GIBAATWW · VAT: AT U 53832900 • ··· ♦ ········································································································ · Created a secret key. The images are protected against subsequent changes.

The images are often compressed before being signed. Since both compression and signing are computationally intensive, these processing steps are typically performed on a personal computing device. Until the image reaches the PC, it is not protected against manipulation. In particular, by signing on the PC, it can not be prevented that e.g. Pictures from non-authentic sources can be loaded into the PC.

Known system solutions prevent the import of non-authentic images by the detection unit and the camera are closely integrated with each other and thus the interface is made inaccessible and protected from external intrusions.

If several terminals are operated in a system and these are spatially separated from one or more registration unit (s), an integration of the detection units and terminals to an externally protected unit is neither sensible nor possible both technically and economically.

Accordingly, the object of the invention is to ensure in a system with one or more terminals, which are connected via unprotected communication links to one or more detection unit (s), that only data from authentic terminals of the or the detection unit (s ) be accepted. Third-party devices should be recognized and no data transferred from them.

This object is achieved with a method of the aforementioned type, which according to the invention is characterized in that in the terminal and in the detection unit associated with each other, each not externally readable keys are stored, that the keys during operation on a coordinated calculation rule between terminal and detection unit are checked, and that only the data of the terminal are accepted by the detection unit, if the verification gives the authenticity of the terminal.

In the invention, a key is stored in a protected memory area in the terminal and in the detection unit. A coordinated calculation rule is used to check whether keys assigned to one another are entered in the terminal and in the registration unit. The method is designed so that the keys themselves are not transmitted over the communication link. The detection unit may even send an authentication request with non-uniform data to the terminal, as will be explained later. The terminal calculates with this data and the key stored in it a response to the authentication request. This answer will be checked by the unit of assessment. The coordinated calculation rule expediently uses cryptographic methods which ensure that the expected response of the detection unit can only be calculated with reasonable computational effort if the key stored in the terminal is known. Conversely, if the answer is correct, it can thus be concluded that the terminal has stored the corresponding key and can therefore be accepted as an authentic source.

A preferred embodiment of the method of the invention is characterized in that to verify the key during operation, the detection unit creates an authentication request and sends to the terminal, the terminal encrypted with its key and returns in response to the detection unit, the detection unit the Authentication request encrypted with its key and compared with the received response, the equality case indicating the authenticity of the terminal.

Alternatively, the detection unit may decrypt the received response with its key and compare it with the original authentication request; or the detection unit sends the authentication request encrypted with its key to the terminal, which it decrypts with its decrypted key for comparison with the original authentication request.

All these variants allow a particularly simple and secure implementation with the above advantages.

According to a further feature of the invention, the authentication request is preferably created on the basis of random or changing data. With a sufficiently large supply of possible underlying data is thus ensured that a decryption of the authentication process, for example by listening to the communication connection, is practically impossible.

The authentication method according to the invention can be performed once, when the terminal registers with the recording unit for the current operation, or also whenever the terminal sends data. In the latter case, it is particularly advantageous if the terminal sends its data together with the said response, and / or the authentication request comprises a request to transmit the data of the terminal. Both measures speed up the transmission protocol or reduce the data traffic on the interface or communication connection between terminal and detection unit.

The keys used in the terminal and in the registration unit do not necessarily have to be identical, and preference may also be given to using mutually different keys which are only uniquely assigned to each other. As a result, the security of the authentication process can be further increased. Alternatively, it would also be conceivable to use a key pair according to a private / public-key method, if desired.

Another aspect of the present invention includes a preferred embodiment for securely assigning and storing the keys. If a system has security deficiencies when installing new keys, the entire security of the system is compromised. A particularly preferred embodiment of the method according to the invention is therefore that the key of the detection unit can only be stored in this when a dongle is connected to the detection unit. Preferably, the key of the terminal is entered into the detection unit and sent from this only to the terminal and stored there when a dongle is connected to the detection unit.

Under the name "dongle" In the present description, it is understood that a device is used to enable special functions of a system which are not permitted without this device.

The invention thus provides a system that allows the insertion of keys only when the system is unlocked by connecting the dongle for key insertion. ·············

Preferably, the dongle is authenticated to the detection unit in the same way as a terminal, and only in the case of authentication the keys are stored in the detection unit or in the terminal. As a result, it can be determined with sufficient certainty whether an authentic and thus valid dongle is connected to the registration unit.

Furthermore, according to a further preferred feature of the invention, the keys can be stored in the terminal and / or the detection unit only if at least one key previously stored therein is also entered into the detection unit for validation. The key storage is thus unlocked by a query of previously valid keys, i. any existing "old" Keys must be known for "new " Key can be recorded. Conveniently, the "very first" old key already during production, delivery or initial commissioning of a detection unit stored in this.

In any case, it is particularly favorable if, as a further consequence, the detection unit itself is also protected against external intervention and manipulation of the detected data. This can ensure that no changes can be made to the data recorded therein.

According to further preferred features of the method, the acquired data can be fed to a signal enhancement to increase the interpretability of the meaning derivable therefrom _ * p · _ * · · · «· ········ • w · · · · · · · · ; and / or added data can be added to the acquired data via the acquisition process itself and / or additional data derived from the collected data itself; and / or the acquired data can be compressed and / or protected against changes by means of a digital signature. In this way, a trustworthy transmission chain of the data from the terminal via the detection unit to the handover to an interface or a final processing can be ensured.

The data transmitting terminal may be of any type known in the art. As mentioned above, the method of the invention is particularly suitable for the authentication of sensors, in particular cameras, and the data are preferably image data. Alternatively, the terminal may be a radio receiver, preferably a radio transceiver, via which a bidirectional information exchange between an external device and the detection unit is handled, for example a radio beacon in an electronic toll collection system, an access control system, a warehousing or billing system by means of RFID tags, etc The terminals may according to a further feature of the invention also comprise at least one actuator, which is connected via the same interface with the detection unit as the terminal. Examples of possible actuators are barriers, gripper arms, servomotors for camera settings, etc. In this way, all data-transmitting terminals used in such systems, such as cameras, beacons, accounting stations, monitored barriers, etc., can be compared to one another centralized capture units in a consistent, secure manner.

Further features and advantages of the invention will become apparent from the following description of preferred embodiments in conjunction with the accompanying drawings. In the drawings shows:

1 shows the method for authenticating a terminal relative to a detection unit schematically in block diagram form,

2 shows the flow of the method of FIG. 1 in flow chart form,

3 shows the method for storing the keys by means of a dongle schematically in block diagram form, Figs. 4a and 4b, the method of Figure 3 in flow chart form, and

Fig. 5 shows the further processing of the detected data in the detection unit in combined block diagram and flow chart form.

1 shows a first embodiment of a method for authenticating a data-transmitting terminal 1 with respect to an associated data-receiving detection unit 3. In the example shown, several terminals in the form of cameras 1 are connected to the detection unit 3 via a communication link 2. - ΙΟίϊ- • ··· ··· ··· • · • · · · · ·

In each camera 1, a key KeKKAM, Κβγ2κΜΐ / etc. is stored in a protected memory 4. The protected memory 4 is designed so that only the built-in camera 1 processor 5 can read the key. Via the communication link 2, the key can not be read.

In the detection unit 3, an associated key KeylEE, Key2EE, etc. is stored in a protected memory 6 for each connected camera 1. The protected memory 6 is designed so that only the built-in detection unit 3 processor 7 can read the key. The key can not be read via the communication link 2 or via another interface of the system.

In a simpler variant, a single, shared key KeylEE can be used for all cameras 1.

Fig. 1 also shows an external trigger source 8. This is necessary if an image acquisition is to be performed due to external events. It is irrelevant whether one or more trigger sources 8 are physically connected to the cameras 1 or the detection unit 3. If there is no external trigger source 8, the image capture can be e.g. derived from the frame rate of the cameras 1 themselves or triggered by generated by the detection unit 3 triggers or requests for the transmission of data.

1 shows a higher-level system 19. The images acquired by the cameras 1 and any image evaluation data 15 (see FIG. 5) are usually forwarded to other systems, such as the system 19 shown. This can be a single higher-level system 19 or the detection unit 3 can exchange data with several higher-level systems 19. The interface to the higher-level system 19 is designated by 18.

2 shows the sequence of a data acquisition (here: image capture) with authentication of the terminal 1 (here: camera) with respect to the detection unit 3 in the following steps: 1st step: The detection unit 3 generates an authentication request A. The data of the authentication request A preferably changes each time u.zw. either at random or according to a fixed rule within a sufficiently large set of values to ensure that an imitation of the authentication by listening to the communication link 2 is practically impossible. 2nd step: The detection unit 3 sends a request for the transmission of data (here: image request) together with the authentication request A to the camera 1. 3rd step: The image request either refers to an already captured by the camera 1 image or dissolves in it an image capture. The camera 1 calculates with the in and one between

key stored on camera 1 KeyljcAM _ «1 9 · * - · · # * - ^ * · · · · · ··· ··· ···

Camera 1 and acquisition unit 3 coordinated calculation rule f an encrypted authentication request A * as A * - f (A, ΚεγΙκΑϋ) 4th step: The image data and the encrypted Authenti-fizierungsanfrage A * are from the camera 1 as a response A * to the detection unit. 3 cleverly. 5th and 6th step: The detection unit 3 checks whether the answer A * ("actual answer") has been created with a key matching the key KeylEE stored in the detection unit 3. This can be done in different ways. In a first implementation of the method, the detection unit 3 executes the same calculation rule f with the same key as used in the camera 1 (i.e., KeylEE = Key 1 came) to obtain a "target response". A * SOll A * soll = f (A, KeylEE) and compare it with the response A * received from camera 1. If the set response A * SO1 calculated by the detection unit 3 coincides with the actual response A * obtained from the camera 1, then the camera 1 is accepted as authentic and the data D (see FIG. 5) transmitted by it is detected; otherwise the data D is discarded. - fl 3 · * - · · # · · · · · · · · «· ··· ··« • · I t

The calculation rule f is carried out so that only with knowledge of the respective key assigned to the camera 1 KeylEE, or their key KeylRAM itself, the target response A * should be calculated, i. the keys KeylEE or KeylKAM can not be derived from the messages exchanged between the camera 1 and the detection unit 3 at a practicable observation time with reasonable computational effort.

The calculation rule f can include both symmetric and asymmetric encryption methods. For example, in the camera 1 and the detection unit 3, keys KeylRAM / KeylEE; Key2RAM / Key2EE etc stored; alternatively, the keys are identical (KeylRAM = KeylEE, Key2RAM = Key2EE, etc.). The cameras can be assigned different keys KeylRAM / Key2RAM etc., or the same key can be used for all cameras 1 (KeylRAM = Key2EE = Key3RAM etc.).

Further modifications of the method described above are possible. For example, the detection unit 3 can decrypt the message A * received by the camera 1 with the inverse calculation rule f *, i.

AiSt = f * (A *, KeylEE) and check if the "actual answer" is correct. AiSt corresponds to the originally sent authentication request A.

A further alternative is that the detection unit 3 encrypts the authentication request A with its own key KeylEE assigned to the respective camera 1, i. A * = f (A, KeylEE) and sends as an encrypted authentication request A * to the camera 1, which this with her key KeylnAM to

Aist = f * (A *, KeylRAM) is decrypted and returned as an actual answer AiSt to the detection unit 3 for comparison with the original authentication request A.

In a further implementation variant, any authentication errors are reported to the higher-level system 19 in step 6 in order to immediately detect attempted manipulations of the system and to be able to derive further measures.

In itself, it does not matter if the authentication is directly linked to the collection of the data. As far as e.g. the system reliably detects temporary line breaks and temporary shutdowns of the system or system parts, it is sufficient to re-authenticate after each interruption detected. Another possibility is to ensure the authenticity of the terminals or cameras 1 by means of a sufficiently frequent authentication, but decoupled from the data acquisition process.

FIG. 3 shows an embodiment of the method for securely importing or storing the keys in order to prevent incorrect keys from being imported into the system via unauthorized access and thus manipulating the authentication.

According to FIG. 3, in addition to the cameras 1, a special device, a so-called "dongle". 9, connected to the detection unit 3. The dongle 9 is preferably authenticated to the detection unit 3 according to the same method described for the cameras 1. The detection unit 3 is designed so that the import of the key KeylEE, Key2EE, KeylKAto Key2RAM, etc. is only possible if the dongle 9 is connected and a correct authentication of the dongle 9 against the detection unit 3 takes place. Conveniently, no imaging is performed with connected dongle 9.

If the described camera system is used in the context of large systems with remote maintenance access, the dongle 9 also has the advantage that key operator must be on-site operator, i. not just key storage via the remote maintenance access, e.g. the interface 18 to the parent system 19, can be performed. The on-site operator has thus the opportunity and the task of manipulation of the

Detect devices that make secure key entry impossible.

In addition to this measure, the import of keys in a further implementation variant is only possible if the respectively previously stored key, the so-called "old" key. Keys, are known.

FIGS. 4a and 4b show the procedure for safe insertion of the keys in the following steps: 1st-6th step: the dongle 9 is connected to the detection unit 3 and the detection unit 3 enters a mode for key insertion. The sequence of steps 1-6 (FIG. 4 a) for the authentication of the dongle 9 is analogous to the procedure for authenticating the camera 1 shown in FIG. 2. If the authentication of the dongle 9 fails in step 6, the key memory is aborted; otherwise, the process moves to steps 7-10 (Figure 4b). Step 7: The old key 3 KeylgE, old stored in the registration unit 3, and the "new " Keys KeylEE, NEu for the detection unit 3 and KeylKAM, NEu for the camera 1 are transmitted via an external interface, e.g. by means of manual input via a keyboard, sent to the detection unit 3. If the authentication method uses identical keys in camera 1 and capture unit 3 (ie, KeylRAM = KeylEE, etc.), only a new key is sent to the capture unit 3, otherwise both new KeylEE keys, NE0 and Key 1, will be reissued sent to the detection unit 3. Step 8: If the inputted old key KeylEE, old coincides with the key stored in the detection unit 3, the detection unit 3 takes over the new key KeylEE (NEW and enters it in the protected memory 6, otherwise no entries of the new key are possible. The described procedure then ends with step 8. 9th step: The detection unit 3 also transmits the camera 1 assigned new key Key 1 came, new to the camera 1. 10th step: The camera 1 takes over the new key KeyΙκαμ, νεο and enters it in the protected memory 4.

After completion of the key assignment, the dongle 9 is disconnected from the detection unit 3 and the system returns to normal operation.

According to the method described here, it is not necessary to protect the camera against manipulation of the keys by expensive security measures, because a terminal with a wrong key can not send pictures to the registration unit and thus there is no danger that manipulated or not authentic pictures in the Recording unit are recorded. Therefore, in step 10, when the key is stored in the camera 1, an additional protection mechanism, e.g. that the old camera must be familiar with the key

Key KeylKAMfAi / r ΚβγΙκΑΜ, einzusο in camera 1 to save, not required.

By applying the present method, it is possible to build a secure processing chain for the overall system and thus to achieve data security that has not hitherto been achieved in decentralized architectures. This is shown in Fig. 5, which will now be explained in more detail.

In Fig. 5, the acquired data (here: a picture) in the different stages of its processing chain is D, D ', D ", D " and D " " designated.

The image D is detected in the camera 1 and sent from it to the detection unit 3 where it exists as a received image D '. With known methods for detecting and correcting transmission errors between camera 1 and detection unit 3, it can be ensured that the received image D 'is not only authentic but also error-free. This ensures that the image D ', which is taken over in the detection unit 3, is largely identical to the image D.

In many cases it is convenient to extract from the captured image material, e.g. Single frames or sequences of images of one or more cameras 1, by means of an image analysis 10 statements on image content derived such as characteristics, object coordinates and types, movements, etc. By ensuring that the image analysis 10 makes no changes to the received images D ', and by the Application of known security mechanisms ··· ··· ···

At the operating system level, the image analysis 10 itself is protected against unauthorized manipulations. Further evaluation data 15, 16 and / or actions can be derived from the received image D 'which, among other things, can also be used to influence the image acquisition process of the system itself. In Fig. 5, such an information flow for controlling the camera 1 is e.g. drawn on the basis of image content or evaluation data 16. The flow of information to the camera 1 is advantageously via the communication link. 2

The received image D 'is then rendered (D ") by a contrast enhancement 11 for visual assessment and supplemented by superimposing supplemental data 12 with readable additional information (D "'), as will now be explained in detail.

In contrast enhancement 11, a simple calculation rule, e.g. Multiplying all pixel values by a constant number, a picture D " derived, which is easier for the viewer to interpret. In doing so, e.g. the brightness of the individual pixels, but not the image content changed in terms of its meaning, so that the image D " the scene continues to be authentic. The contrast enhancement 11 may also be a preparatory processing step i 14: β for a possible subsequent compression 13, since known compression methods often provide image information in the dark

I! B

Affect image areas. A previous lightening reduces this influence. i

The insertion of additional data 12 may be e.g. can be achieved by superimposing information either at predefined positions in the original image without making further image manipulations, or by expanding the captured image to the extent of the defined location where the additional data 12 is superimposed. After the additional data 12 is displayed, the picture D " 'results.

To reduce the bandwidth and memory requirements in higher-level systems 19 (Figure 1), it is often necessary to compress the image material. For compression (13), e.g. a compression method according to the prior art is used, with which from the picture D " a compressed image D " " is created. Known methods at the operating system level can be used to protect the compression 13 against unauthorized manipulations.

For example, an optional signing stage 17 then calculates a hash value from the image D " " and / or the additional data 12 and / or the evaluation data 15 and from this by means of an asymmetric encryption method a signature with a secret key. The data or images D ", possibly together with the associated additional and evaluation data 12, 15, can thus be protected against subsequent changes outside the detection unit 3.

The compressed image D ", the signature 17 and the evaluation data 15 are transferred to the higher-level system 19 at the interface 18.

The preceding illustrations describe the use of the method, in particular in imaging systems. The communication link 2 to the camera 1 can be used not only for authentication, but also for setting, for example, the mode or the sensitivity of the camera or the intensity of a camera associated light source, the temperature in the housing of the terminal, etc.

Accordingly, the data transmitting terminal 1 may not only be a sensor (such as a camera) but may also comprise an actuator, control or servo member or manufacturing cell in the field of industrial production, i. generally any actuator.

As used herein, the term "sensor" also includes multi-sensor terminals, e.g. at multiple locations (e.g., stereo video, light curtains, etc.) and / or performing surround detection using various measurement principles (e.g., laser, ultrasound, magnetism).

The detection of environmental data subsequently also includes the emission of information, e.g. the emission of a laser pulse for transit time measurement in laser sensors or radio waves. A further application of the method therefore also consists in the authentication of communication terminals, e.g. Radio beacons in electronic access or toll systems

Stars, whose task is to transfer data in accordance with defined communication protocols of third-party devices, e.g. Vehicle devices or RFID tags to read.

It is both possible that the terminal 1 handles the entire communication protocol with the third party device independently, as well as that the communication protocol is handled with the third party device by ongoing data exchange between the terminal 1 and the detection unit 3; Also in this application, the authenticity of the terminal 1 can be ensured with the help of the presented method. The data exchanged with the third party device may be e.g. be protected by encryption measures against unauthorized interception.

The presented method can be applied to a large number of identical or different terminals 1 (sensors, sensor / actuator combinations, actuators, communication units), as well as to a multiplicity of identical or different detection units 3. In this way, e.g. all terminals are authenticated in a complete access, toll or surveillance system consisting of a wide variety of detection and classification sensors, video cameras, communication units and associated acquisition units.

Claims (20)

1. A method for authenticating a data transmitting terminal (1) to an associated data receiving detection unit (3), characterized in that in the terminal (1) and in the detection unit (3) each associated non-externally readable keys (KeylRAM / Key2RAM, KeylEE, Key2EE) are stored so that the keys (KeylKAM, Key2KAM / KeylEE, Key2EE) are checked during operation via a coordinated computing instruction between the terminal (1) and the registration unit (3), and that only the data (D) of the terminal (1) from the detection unit (3) are accepted if the verification gives the authenticity of the terminal (3). 2. The method according to claim 1, characterized in that to verify the key (KeylRAMf Key2KAM / 'KeylEE, Key2EE) during operation, the detection unit (3) creates an authentication request (A) and sends to the terminal (1), the Terminal (3) with its key (KeylRAM / Κθυ2καμ) encrypted and returns in response (A *) to the detection unit (3), - wherein the detection unit (3) the authentication request (A) with its key (KeylEE, Key2EE ) and compared with the received response (A *), the equality case indicating the authenticity of the terminal (1). 3. The method according to claim 1, characterized in that for verification of the key (KeylRAM / Key2KAM; KeylEE, Key2EE) during operation, the detection unit (3) creates an authentication request (A) and sends to the terminal (1), the terminal ( 1) encodes it with its key (Keyl ^, Key2KMj) and sends it back to the detection unit (3) as a response (A *), wherein the detection unit (3) decrypts the response (A *) with its key (KeylEE, Key2EE) and with the original authentication request (A), the equality case indicating the authenticity of the terminal (3). 4. The method according to claim 1, characterized in that to verify the key (KeylRAM / Key2RAM; KeylEE, Key2EE) during operation, the detection unit (3) creates an authentication request (A), with its key (KeylEE, Key2EE) encrypted (A *) and to the terminal (1), the terminal (1) decrypts it with its key (KeylRAMr Key2RAM) and returns it in response to (A) to the detection unit (3), the detection unit (3) having the answer (A) with the original authentication request, the equality case indicating the authenticity of the terminal (1). 5. The method according to any one of claims 2 to 4, characterized in that the authentication request (A) is created on the basis of random or changing data. 6. The method according to any one of claims 2 to 5, characterized in that the terminal (1) sends its data (D) together with said response (A; A *). 7. The method according to any one of claims 2 to 6, characterized in that the authentication request (A, A *) comprises a request for the transmission of the data (D) of the terminal (1). 8. The method according to any one of claims 1 to 7, characterized in that for the key (KeylRAM, Κβγ2κΑΜ) of the terminal (1) and the key (KeylEE, Key2EE) of the detection unit (3) mutually different, mutually associated keys are used. 9. The method according to any one of claims 1 to 7, characterized in that for the key (KeylRAMr Key2icAM) of the terminal (1) and the key (KeylEE, Key2EE) of the detection unit (3) a key pair after a private / public key Method is used. 10. The method according to any one of claims 1 to 9, characterized in that the key (KeylEE, Key2EE) of the detection unit (3) can only be stored therein when a dongle (9) to the detection unit (3) is connected. 11. The method according to any one of claims 1 to 10, characterized in that the key (KeylEE, Key2EE) of the terminal (1) in the detection unit (3) is input and sent from this only to the terminal (1) and stored there when a dongle (9) is connected to the detection unit (3). 12. The method according to claim 10 or 11, characterized in that the dongle (9) in the same manner as a terminal (1) relative to the detection unit (3) is authenticated and only in the case of authentication, the keys (KeylRAMf Key2RAM; KeylEE, Key2EE ) are stored in the detection unit (3) or in the terminal (1). 13. The method according to any one of claims 1 to 12, characterized in that the keys (KeylRAM / Key2KAM / KeylEE, Key2EE) can only be stored in the terminal (1) and / or the detection unit (3), if at least one previously in it stored key (KeylEEfALT) for validation in the detection unit (3) is entered. 14. The method according to any one of claims 1 to 13, characterized in that the detection unit (3) is protected against external interference and manipulation of the detected data (D). 15. The method according to any one of claims 1 to 14, characterized in that the detected data (D) of a signal enhancement (11) supplied to increase the interpretability of the derivable from the data meaning ^. 16. The method according to any one of claims 1 to 15, characterized in that the collected data (D) additional data (12) via the detection process itself and / or from the detected data (D) itself derived additional data (15) are added. 17. The method according to any one of claims 1 to 16, characterized in that the detected data (D) compressed (13) and / or by means of a digital signature (17) are protected against changes. 18. The method according to any one of claims 1 to 17, characterized in that the terminal (1) is a sensor, preferably a camera and the data (D) image data. 19. The method according to any one of claims 1 to 17, characterized in that the terminal (1) is a radio receiver, preferably a radio transceiver over which a bidirectional information exchange between an external device and the detection unit (3) is handled. 20. The method according to any one of claims 1 to 19, characterized in that the terminal (1) comprises at least one actuator which is connected via the same interface (2) with the detection unit (3) as the terminal (1).