JP2003258794A - Security system for mobile - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent the steal or illegal use of a mobile. <P>SOLUTION: A mobile body 15 and an ECU16 respectively hold a registered certificate, a secret key and identification data and after the authentication from an authentication device 14, a mobile 13 becomes available for the first time. The authentication device 14 performs the authentication by using a public key registered between the mobile body 15 and the ECU16 and by making the ECU16 active or inactive in accordance with the result, it is controlled whether or not the mobile 13 can be started. A starter 18 holds a user certificate 123 and a user secret key 124 and when user identification data 125 inputted from a user identification data input device 181 are matched with user identification data 125 held in the ECU16, the mobile 13 can be started. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a mobile security system, and more particularly to a mobile security system for preventing theft of a mobile.

[0002]

2. Description of the Related Art Conventionally, an authentication method for identifying a user in a moving body such as a vehicle generally identifies only the user based on fixed memory information, and the authentication result of the user is obtained. The starter is controlled accordingly.

[0003]

However, the conventional authentication method cannot prevent forgery data input by a user's spoofing or interception of stored data that is a prerequisite for authentication. For example, security systems such as an immobilizer system (Japanese Unexamined Patent Publication No. 10-238444), a vehicle antitheft system (Japanese Unexamined Patent Publication No. 10-315915), and a vehicle antitheft device (Japanese Unexamined Patent Publication No. 08-318820) include on-board personal identification for authentication. The data is not protected, and it is possible to use the system based on the false authentication result by illegally decoding.

Further, the whole moving body is stolen by a towing vehicle or the like, and the authenticating device itself of the moving body is tampered with.
It is not possible to deal with the situation where the mobile unit is disassembled and the components are reused.

A vehicle occupant protection device and system having anti-theft and tampering prevention functions (Japanese Patent Laid-Open No. 2000-
127892) relates to a method for preventing theft reuse of functional parts such as an airbag module. However, since it is impossible to prevent alteration of the identity identification information in the memory and alteration of the theft prevention function itself, It is an insufficient method of prevention and deterrence.

The present invention has been made in view of such a situation, and by the public key cryptosystem, at the same time as authenticating a user, an ECU (Elect) which is an essential element constituting a moving body is formed.
The ric control unit) and the moving body itself are also identified and authenticated so that the moving body is rendered inoperable even if it is stolen so that overall security can be enhanced.

[0007]

A mobile body security system according to claim 1 is a mobile body security system for preventing modification and theft of a mobile body, wherein the mobile body has storage means for storing information. An authenticating means for executing an authenticating process, a controlling means for controlling the operation of the moving body, and a communicating means for controlling communication with a starting device for starting the moving body are provided. The first public key of the certificate authority and the second public key of the second certificate authority are registered,
The first certificate, the first secret key, and the first identification data for identifying the moving body are registered in the storage means of the moving body, and the second means is provided in the control means for controlling the operation of the moving body. Of the certificate, the second secret key, the first identification data, and the second identification data for identifying the user who uses the mobile unit are registered, and the starting device possessed by the user is 3 certificates,
The third private key and the second identification data are registered, the authentication means verifies the first certificate with the first public key, and when the verification fails, the mobile unit cannot be started, When the verification is successful, the third public key of the storage means is acquired from the first certificate and stored, and predetermined random data is generated and stored,
The storage means supplies the random data and the first data to the storage means.
The identification data of the above is combined and digitally signed by the first secret key, and the signature data is supplied to the authentication means. The authentication means decodes the signature data digitally signed by the third public key,
The obtained random data is compared with the stored random data, and when they do not match, the starting of the mobile body is disabled, and when they match, the first identification data is stored, and the authentication means sets the first identification data. The second certificate is verified with the first public key, and when the verification fails, the mobile unit cannot be started, and when the verification is successful, the fourth certificate's fourth public key is converted from the second certificate. Acquiring and storing, generating and storing a predetermined random data, and supplying it to the control means, the control means combines the random data, the first identification data and the second identification data, and uses the second secret key. The digitally signed signature data is supplied to the authentication means, and the authentication means decodes the signature data digitally signed with the fourth public key and compares the obtained random data with the stored random data. If the two do not match, start the mobile When it is made impossible and coincides, the obtained first identification data is compared with the stored first identification data, and when they do not coincide, the starting of the moving body is made impossible, and when they coincide, the first identification data is stored. The identification means stores the identification data of No. 2, and the authentication unit verifies the third certificate with the second public key. When the verification fails, the mobile unit cannot be started. The fifth public key of the user is obtained and stored from the certificate of the user, and predetermined random data is generated and stored and supplied to the starter, and the starter combines the random data and the second identification data. The signature data digitally signed by the third secret key is supplied to the authentication means, and the authentication means decodes the signature data digitally signed by the fifth public key and stores the obtained random data and the stored random data. The random data that was When the start of the body is disabled and coincides, the obtained second identification data is compared with the stored second identification data, and when they do not match, the start of the moving body is disabled and the coincidence is achieved. It is characterized by enabling the moving body to be started. Further, the first certificate includes the third public key of the storage means and is digitally signed by the fourth private key of the first certificate authority, and the second certificate is of the control means. The third certificate includes the fourth public key and is digitally signed by the fourth private key of the first certificate authority, and the third certificate includes the fifth public key of the user and the second certificate. It may be digitally signed with the station's fifth private key. The mobile security system according to claim 3 is a mobile security system for preventing modification and theft of a mobile, wherein the mobile stores a storage unit for storing information, and an authentication unit for performing an authentication process. The mobile device includes a control unit that controls the operation of the mobile unit and a communication unit that controls communication with a starting device for starting the mobile unit, and the mobile unit authentication unit includes the first public key of the first certificate authority. And the second public key of the second certificate authority are registered, and the first certificate, the first private key, and the first identification for identifying the mobile are stored in the storage means of the mobile. The second certificate, the second secret key, the first identification data, and the first means for identifying the user who uses the mobile are registered in the control means for registering the data and controlling the operation of the mobile. The identification data of 2 is registered, and the user is identified in the starter possessed by the user. User ID for
, The third secret key, and the second identification data are registered, and the authentication means verifies the first certificate with the first public key, and when the verification fails, the mobile unit cannot be started. When the verification is successful, the third public key of the storage means is obtained and stored from the first certificate, predetermined random data is generated and stored, and the random data and the first identification data are combined. First
Generate signature data digitally signed with the private key of the above, and the authentication means decodes the signature data digitally signed with the third public key, and compares the obtained random data with the stored random data. Then, when they do not match, the mobile unit cannot be started, and when they match, the first identification data is stored, and the authentication means verifies the second certificate with the first public key, and the verification fails. When the verification is successful, the fourth public key of the control means is acquired from the second certificate and stored, and predetermined random data is generated, stored, and controlled. The control means combines the random data, the first identification data and the second identification data and digitally signs the signature data with the second secret key, and supplies the signature data to the authentication means. Digitally signed signature with 4 public key Data is decoded, the obtained random data is compared with the stored random data, and when they do not match, the starting of the mobile body is disabled, and when they match, the first identification data obtained And the stored first identification data are compared, and when they do not match, the starting of the moving body is disabled, and when they match, the second identification data is stored, and the starting device stores the user ID. The authentication means is supplied to the authentication means via the communication means, the authentication means transmits the user ID to the second certificate authority, and the second certificate authority judges the validity of the user ID, and when it is not valid, the authentication is performed. When the mobile is unstartable through the device and is valid, the third certificate is sent to the authenticating means, which verifies the third certificate with the second public key and the verification is successful. If it fails, the mobile cannot be started. If the verification is successful, the third proof is given. The fifth public key of the user is obtained from the document and stored, and the predetermined random data is generated and stored and supplied to the starting device, and the starting device combines the random data and the second identification data to generate the first random data. The signature data digitally signed with the private key of No. 3 is supplied to the authentication means, and the authentication means decodes the signature data digitally signed with the fifth public key, and the obtained random data and the stored random data. The data is compared, and when they do not match, the starting of the mobile body is disabled, and when they match, the second obtained
Is compared with the stored second identification data. When they do not match, the moving body cannot be started, and when they match, the moving body can be started. The mobile object antitheft method according to claim 4, wherein a storage unit for storing information, an authentication unit for executing an authentication process, a control unit for controlling the operation of the mobile unit, and a starting device for starting the mobile unit. A mobile object antitheft method for preventing modification and theft of a mobile body, comprising: a communication means for controlling communication with a mobile body; the mobile body authentication means includes: a first public key of a first certificate authority; The second public key of the second certificate authority is registered, and the first certificate and the first private key are stored in the storage means of the mobile body.
The first identification data for identifying the moving body is registered,
The control means for controlling the operation of the mobile body, the second certificate,
The second secret key, the first identification data, and the second identification data for identifying the user who uses the mobile body are registered, and the starting device carried by the user has the third certificate. , The third secret key and the second identification data are registered, the authentication means verifies the first certificate with the first public key, and when the verification fails, the mobile body cannot be started. When the verification is successful, the third public key of the storage means is acquired from the first certificate and stored, and predetermined random data is generated and stored and supplied to the storage means. And the first identification data are combined, and the signature data digitally signed by the first secret key is supplied to the authentication means, and the authentication means decodes the signature data digitally signed by the third public key to obtain the signature data. Compare the random data that was stored with the stored random data and match When it does not exist, it disables the starting of the mobile, and when it matches, it stores the first identification data, and the authentication means verifies the second certificate with the first public key, and when the verification fails, When the starting of the mobile is disabled and the verification is successful, the fourth public key of the control means is acquired from the second certificate and stored, and the predetermined random data is generated and stored and supplied to the control means. Then, the control means combines the random data, the first identification data, and the second identification data and digitally signs the signature data with the second secret key, and supplies the signature data to the authentication means. The signature data digitally signed with the key is decoded, the obtained random data is compared with the stored random data, and when they do not match, the mobile unit cannot be started. And the first identification data that was stored The identification data of No. 1 are compared, and when they do not match, the starting of the mobile body is disabled, and when they match, the second identification data is stored, and the authentication means uses the third certificate with the second public key. When the verification is unsuccessful, the mobile body cannot be started when the verification fails, and when the verification is successful, the fifth public key of the user is acquired from the third certificate and stored, and predetermined random data is stored. Generated, stored, and supplied to the starting device, the starting device combines the random data and the second identification data, and supplies the signature data digitally signed with the third secret key to the authentication means. When the signature data digitally signed with the public key of 5 is decoded, the obtained random data is compared with the stored random data, and when they do not match, the starting of the mobile unit is disabled, and when they match, And storing the obtained second identification data, The stored second identification data are compared with each other, and when they do not match, the moving body cannot be started, and when they match, the moving body can be started. The mobile theft prevention method according to claim 5, wherein a storage unit that stores information, an authentication unit that performs an authentication process, a control unit that controls the operation of the mobile unit, and a starting device for starting the mobile unit. A mobile object antitheft method for preventing modification and theft of a mobile body, comprising: a communication means for controlling communication with a mobile body; the mobile body authentication means includes: a first public key of a first certificate authority; The second public key of the second certificate authority is registered, and the first certificate, the first private key, and the first identification data for identifying the mobile are registered in the storage unit of the mobile. The second certificate, the second private key, and the first
Identification data and second identification data for identifying a user who uses the mobile body are registered, and a user ID for identifying the user is stored in the starting device possessed by the user, and the third identification data.
The private key and the second identification data are registered, the authentication means verifies the first certificate with the first public key, and when the verification fails, the mobile unit cannot be started and the verification is performed. When successful, the third public key of the storage means is obtained and stored from the first certificate, predetermined random data is generated and stored, and the random data and the first identification data are combined to create the first The signature data digitally signed with the private key is generated, the authentication means decodes the signature data digitally signed with the third public key, and compares the obtained random data with the stored random data. , When the two do not match, the mobile body cannot be started, and when the two match, the first identification data is stored, and the authentication means verifies the second certificate with the first public key, and the verification fails. When, when the starting of the mobile is impossible and the verification is successful The fourth public key of the control means is obtained and stored from the second certificate, and predetermined random data is generated and stored and supplied to the control means. The control means stores the random data and the first identification data. The signature data obtained by combining the second identification data and the digital signature with the second secret key is supplied to the authenticating means, and the authenticating means decodes the signature data digitally signed with the fourth public key to obtain the obtained signature data. Compare the random data with the stored random data,
When they do not match, the moving body cannot be started. When they match, the obtained first identification data is compared with the stored first identification data, and when they do not match, the moving body is started. When it is disabled and coincides, the second identification data is stored, the starting device supplies the user ID to the authentication means via the communication means, and the authentication means sends the user ID to the second certificate authority. Then, the second certificate authority determines the validity of the user ID, and when it is not valid, the mobile body cannot be started via the authentication device, and when it is valid, the third certificate is used as the authentication means. The authenticating means verifies the third certificate with the second public key, disables the start of the mobile when the verification fails, and from the third certificate when the verification succeeds. Acquire and store the user's fifth public key, generate and store predetermined random data, and start And the starter unit combines the random data and the second identification data and digitally signs with the third secret key, and supplies the signature data to the authentication means. The authentication means digitally uses the fifth public key. The signed signature data is decoded, the obtained random data is compared with the stored random data, and when they do not match, the starting of the mobile body is disabled, and when they match, the second data obtained Is compared with the stored second identification data. When they do not match, the moving body cannot be started, and when they match, the moving body can be started.
The mobile object antitheft program according to claim 6, storage means for storing information, authentication means for performing authentication processing,
A mobile object antitheft program for preventing modification and theft of a mobile body, comprising: a control means for controlling the operation of the mobile body; and a communication means for controlling communication with a starter device for starting the mobile body. The first public key of the first certificate authority and the second public key of the second certificate authority are registered in the body authentication means, and the first certificate and the first public key are registered in the storage means of the mobile body. The first certificate, the second identification key, and the first identification data for identifying the mobile unit are registered in the control means for controlling the operation of the mobile unit. The identification data and the second identification data for identifying the user who uses the mobile unit are registered, and the third certificate, the third secret key, and the second secret key are stored in the starting device carried by the user. Identification data of the mobile terminal, the first certificate is verified by the first public key in the authentication means, and when the verification fails, the When the verification is successful, the third public key of the storage means is acquired from the first certificate and stored, and predetermined random data is generated and stored, and the processing is supplied to the storage means. The storage unit is caused to execute a process of combining the random data and the first identification data and supplying the signature data digitally signed with the first secret key to the authentication unit, and the authentication unit is caused to execute the third public key. The signature data digitally signed by is decoded with, the obtained random data is compared with the stored random data, and when they do not match, the mobile unit cannot be started. A process of storing the identification data is executed, and the authentication means verifies the second certificate with the first public key. When the verification fails, the mobile unit cannot be started, and when the verification succeeds, From the second certificate of control means 4 the public key acquired by the store, generates a predetermined random data, and stores, to execute the processing to the control unit, the control means,
The random data, the first identification data, and the second identification data are combined, and the signature data digitally signed by the second secret key is supplied to the authentication means, and the authentication means uses the fourth public key. The digitally signed signature data is decoded, the obtained random data is compared with the stored random data, and when they do not match, the mobile unit cannot be started. The identification data of No. 1 and the stored first identification data are compared, and when they do not match, the start of the moving body is disabled, and when they match,
A process of storing the second identification data is executed, and the authentication means verifies the third certificate with the second public key. When the verification fails, the mobile body cannot be started and the verification succeeds. At this time, the fifth public key of the user is acquired from the third certificate and stored, and a predetermined random data is generated and stored, and the process of supplying the random number to the starting device is executed. And the second identification data are combined to perform a process of supplying signature data digitally signed by the third secret key to the authentication means, and the authentication means decodes the signature data digitally signed by the fifth public key. Then, the obtained random data is compared with the stored random data, and when they do not match, the moving body cannot be started, and when they match,
The obtained second identification data is compared with the stored second identification data, and when they do not match, the starting of the moving body is disabled, and when they match, the processing of making the moving body startable is performed. It is characterized by being executed. The mobile object antitheft program according to claim 7, wherein the storage means stores information.
A mobile unit that includes an authentication unit that executes an authentication process, a control unit that controls the operation of the mobile unit, and a communication unit that controls communication with a starting device for starting the mobile unit. In the body theft prevention program, the first public key of the first certificate authority and the second
The second public key of the certificate authority is registered, and the first certificate, the first private key, and the first identification data for identifying the mobile are registered in the storage means of the mobile. A second certificate, a second private key, and a control means for controlling the operation of the mobile body,
The first identification data and the second identification data for identifying the user who uses the mobile unit are registered, and the starting device carried by the user has a user ID for identifying the user, and The private key of No. 3 and the second identification data are registered, the first certificate is verified by the authentication means with the first public key, and when the verification fails, the mobile body cannot be started and verified. Is successful, the third public key of the storage means is obtained and stored from the first certificate, a process of generating and storing predetermined random data is executed, and the random data and the first identification data are combined. Then, the processing for generating the signature data digitally signed with the first secret key is executed, and the authentication means decodes the signature data digitally signed with the third public key and stores the obtained random data and the stored random data. Compare it with the random data you saved, and if it does not match , The start of the mobile is disabled, and when they match, the process of storing the first identification data is executed, and the authentication means verifies the second certificate with the first public key, and the verification fails. At that time, it makes it impossible to start the moving body,
When the verification is successful, the fourth certificate of the control means from the second certificate.
The public key is acquired and stored, predetermined random data is generated and stored, and a process for supplying the random key to the control unit is executed, and the control unit is combined with the random data, the first identification data, and the second identification data. Then, the signature data digitally signed by the second secret key is supplied to the authenticating means, and the authenticating means decodes the signature data digitally signed by the fourth public key to obtain the obtained random data. , Comparing the stored random data with each other, if they do not match, disable the starting of the moving body, and if they match, the obtained first identification data and the stored first identification data If they do not match, the moving body cannot be started, and if they match, the process of storing the second identification data is executed, and the starting device sends the user ID to the authentication means via the communication means. Supply process Then, in the authentication means, user ID
Is transmitted to the second certification authority, the second certification authority judges the validity of the user ID, and when it is not valid,
When the mobile body is unstartable via the authentication device and is valid, a process of transmitting the third certificate to the authentication means is executed, and the authentication means is made to use the second public key for the third certificate. Verify, and when verification fails, disable the mobile's startup,
When the verification is successful, the user's fifth public key is acquired from the third certificate and stored, and predetermined random data is generated and stored, and the process is supplied to the starting device, and the starting device is executed. , A process in which the random data and the second identification data are combined and the signature data digitally signed by the third secret key is supplied to the authentication means, and the authentication means is digitally signed by the fifth public key. The data is decoded, the obtained random data is compared with the stored random data, and when they do not match, the starting of the mobile body is disabled, and when they match, the obtained second identification data is compared. The stored second identification data are compared with each other, and when they do not match, a process of making the moving body start impossible is performed, and when they match, a process of making the moving body startable is executed.

[0008]

BEST MODE FOR CARRYING OUT THE INVENTION The present invention relates to an electronic control unit (Electric Controller) for controlling a starting device, a main body of a moving body, and an operation of the moving body which are required when starting a moving body.
ol Unit, hereinafter referred to as ECU as appropriate)
, The digital certificate (hereinafter referred to as a certificate as appropriate), the private key, and the identification data are registered, and the public key individually issued by the manufacturer and the retailer is registered in the authentication device, and the digital key is registered. By verifying the signed data (hereinafter referred to as a signature as appropriate) using public key cryptography, strict individual authentication of users is performed, operation restrictions are set, and modification of the mobile body is prevented, The purpose of this is to prevent theft of the moving body.

A principle diagram of the present invention is shown in FIG. Moving body 13
Manufacturers 11 and retailers 12 of the respective companies issue certificate certificates (Certificate A)
function (hereinafter, appropriately referred to as CA), and the maker (CA1) 11 includes a maker public key 111 and a maker private key 112, a body certificate 113 including the body public key and a body secret key 114, and an ECU. ECU certificate 115 including public key and ECU private key 116
And the body identification data 117 is issued, and the store (CA2)
12 is a store public key 121 and a store secret key 122
And the user certificate 123 including the user public key and the user private key 124, and the user identification data 125, and the authentication device 14 that configures the mobile unit 13 at the time of manufacturing and selling the mobile unit 13. , And is registered and stored in the mobile body 15, the ECU 16, and the starting communication device 17, respectively.

That is, the manufacturer public key 111 and the store public key 121 are registered and stored in the authentication device 14, and the main body certificate 113 including the main body public key, the main body secret key 114, and the main body identification data 117 are stored in the mobile body 15. Registered and stored, EC
ECU certificate 115 including U public key, ECU private key 11
6, main body identification data 117, and user identification data 12
5 is registered and stored in the ECU 16, and the user certificate 123 including the user public key and the user private key 124 are stored in the starting device 18.
Registered and stored in.

The mobile body 15 and the ECU 16 hold the registered certificate, private key and identification data respectively, and can be used only after being authenticated by the authentication device 14.

The authentication device 14 includes a moving body 15 and an E body.
Authentication processing is performed using the public key registered with the CU 16, and the ECU 16 is activated or deactivated according to the result of the authentication processing, thereby controlling whether or not the mobile body 13 can be started.

The starting device 18 holds a user certificate 123 and a user private key 124, and has a user identification data input device 181.

When the user starts to use the authentication device 1,
4 authenticates the user with the starting device 18 via the starting communication device 17, and the user identification data 125 sent from the starting device 18 matches the user identification data 125 held by the ECU 16. If so, the moving body 13 is started.

As described above, the mobile body 1 is not authenticated until all of the maker 11, the store 12, the legally combined mobile body 13, and the user are authenticated using the data that cannot be forged.
3 can be started.

FIG. 2 is a block diagram showing a configuration example of this embodiment. In FIG. 2, the manufacturer (CA1) 2
1, store (CA2) 22, mobile unit 23, authentication device 2
4, mobile body 25, ECU 26, starting communication device 27,
The starting device 28, the user identification data input device 221, and the user identification data input device 282 are the manufacturer 11 of FIG.
Store 12, mobile unit 13, authentication device 14, mobile unit body 1
5, the ECU 16, the starting communication device 17, the starting device 18, the user identification data input device 126, and the user identification data input device 181 respectively.

The maker 21 manufactures the mobile unit 23, and the maker public key 111, maker private key 112, main body certificate 113, main body private key 114, ECU certificate 115,
Issue registration and management of the ECU private key 116 and the body identification data 117 are performed.

When the dealer 22 sells the mobile body 23 manufactured by the maker 21 to the user, in addition to the one issued by the maker 21, the dealer public key 121 and the dealer secret key 1
22, the user certificate 123, the user private key 124, and the user identification data 125 are issued and registered and managed.

The mobile unit 23 comprises an authentication unit 24, a mobile unit main body 25, an ECU 26, and a starting communication unit 27.

IC chip 24 mounted on the authentication device 24
1 is the manufacturer public key 111 issued by the manufacturer 21.
And the store public key 121 issued by the store 22 are respectively registered and stored, and the main body certificate 11 issued by the manufacturer 21 is stored in the IC chip 251 mounted on the mobile body 25.
3, the main body secret key 114, and the main body identification data 117 are stored. The issued user identification data 125 is stored.

The authentication device 24 has a function of transmitting / receiving each stored certificate and signature data to / from the IC chip 251 of the mobile body 25, the IC chip 261 of the ECU 26, and the IC chip 281 of the starting device 28. And a function of transmitting and receiving data to and from the starting device 28 via the starting communication device 27, and a function of authenticating each constituent element based on each certificate and each signature data. Has a function of activating or deactivating.

The starting communication device 27 has a function of enabling data communication regarding a user between the starting device 28 and the authentication device 24.

The starting device 28 is owned and controlled by the user, is used when starting the moving body 23, and is mounted on the I unit.
The C chip 281 is the user certificate 1 issued by the store 22.
23 and the user secret key 124 are held, and the starting communication device 27
And a user identification data input device 282 for inputting user identification data.

IC chip 2 mounted on the moving body 25
Reference numeral 51 has a function of transmitting the main body certificate 113 to the authentication device 24. Further, it has a function of combining the random data transmitted from the authentication device 24 and the main body identification data 117 and transmitting the signature data signed by the main body secret key 114 to the authentication device 24.

IC chip 261 mounted on the ECU 25
Has a function of transmitting the ECU certificate 115 to the authentication device 24. Further, it has a function of combining the random data transmitted from the authentication device 24, the main body identification data 117, and the user identification data 125 and transmitting the signature data signed by the ECU private key 116 to the authentication device 24.

IC chip 28 mounted on the starting device 28
1 has a function of transmitting the user certificate 123 to the authentication device 24. In addition, the user identification data 125 input from the user identification data input device 282 is used as the user private key 1
24 and the authentication device 24 via the starting communication device 27.
It has a function to send to.

The IC chips 251, 261, 281 have a function of not directly reading the main body secret key 114, the main body identification data 117, the ECU secret key 116, and the user identification data 125, and the main body certificate 113, the main body secret key. 114, EC
The U-certificate 115, the ECU private key 116, and the main body identification data 117 are set one by one when the mobile body 23 is manufactured.
It has a function that allows registration only once.

The user identification data input device 282 has a function of inputting identification data for uniquely identifying a user. The store 22 has a user identification data input device 221 that inputs data by the same method, and is used when generating the user identification data 125.

The movable body 25 may be composed of a single part or a plurality of parts. When the mobile body 25 is composed of a plurality of parts, an IC chip may be mounted for each part, and each part may have a function of transmitting and receiving data to and from the ECU 26 and the authentication device 24.

The IC chip 281 may hold a plurality of combinations of the user identification data 125, the user certificate 123, and the user private key 124 in order to enable registration of a plurality of users. It may be possible to register. Similarly, the IC chip 261 may hold a plurality of user identification data 125 and may be re-registerable.

The data transmission / reception between the respective components is
It may be either wired or wireless.

The body identification data 117 may use data that is digitized in any format such as the manufacturing number of the mobile unit 14, voiceprint data of operation sound, and any length.

As the user identification data 125, a password method, a biometric information method utilizing biometric information such as a fingerprint, an iris, a voiceprint, a motion pattern extraction method, or the like can be used to identify the user in any format. , And data quantified in any length may be used.

Here, the digital certificate will be described. In general, public keys are distributed in the form of digital certificates, not by themselves. If a digital certificate is obtained, the public key can be taken out from this digital certificate and the legitimacy of the electronic data digitally signed with the corresponding private key can be verified. However, since the digital certificate itself may have been tampered with or forged, it is not possible to trust the digital certificate indefinitely without verification. Such as when sent with a certificate containing a fake public key). Therefore, the digital certificate is created in a form including the signature data digitally signed by the issuing certificate authority (CA) in order to guarantee its validity.

Since the digital signature for this digital certificate is made by the private key of the CA, if the CA certificate is obtained, anyone can verify the digital certificate by the CA public key extracted from the certificate. be able to. The verification work is performed by first using a one-way hash function such as MD5 or SHA-1 to undecrypt a part of the digital certificate other than the digital signature (including the public key and issuer name). Convert to hash data of length. Next, the digital signature data included in the digital certificate is decrypted with the CA public key, and the obtained data is compared with the previously calculated hash data. At this time, if it has been tampered with, the hash value always changes, so that it can be confirmed that no part of the certificate has been tampered with or forged. The hash function and encryption / decryption method to be used at that time are described in the digital certificate itself.

Of course, since the CA certificate itself may have to be verified, the CA certificate may be verified using the root CA certificate of the root CA digitally signed. Also, multiple root CAs may authenticate each other. In this way, the digital certificate is hierarchically checked for validity by a number of intermediate certification authorities and root certification authorities. All these mechanisms are standardized by convention.

Next, the operation of the present embodiment will be described in detail with reference to the configuration diagram of FIG. 2 and the flow charts of FIGS. First, the processing procedure of the maker 21 will be described with reference to the flowchart of FIG. The maker 21 first generates a maker public key 111 and a maker secret key 112 (step S31). Next, the moving body 23 is manufactured (step S32), and the moving body 2 is manufactured.
The manufacturer's public key 111 is stored in the IC chip 241 of the authentication device 24 incorporated in No. 3 (step S33), and the main body identification data 117 of the moving body 23 is generated (step S).
34).

The maker 21 further generates the main body public key and the main body secret key 114 (step S35), and issues the main body certificate 113 including the main body public key signed by the maker private key 112 based on the main body public key. (Step S36), the body certificate 113 and the body secret key 114 are stored in the IC chip 251 of the mobile body 25 together with the body identification data 117 (step S37). Next, the ECU public key and EC
The U secret key 116 is generated (step S38), and similarly,
Based on the ECU public key, the ECU certificate 115 including the ECU public key signed with the manufacturer private key 112 is issued (step S39), and the ECU certificate 115 and the ECU private key 11 are issued.
6 together with the body identification data 117, the IC of the ECU 26
It is stored in the chip 261 (step S3a).

Further, the maker 21 has all the generated key pairs (maker public key 111 and maker secret key 112,
Main body public key and main body secret key 114, ECU public key and ECU
The private key 116), the main body identification data 117, and various certificates (main body certificate 113, ECU certificate 115) can be stored and prepared for maintenance.

When the mobile body 25 is composed of a plurality of modules, the body certificate 113 and the body private key 1
14 may be issued individually.

Next, referring to the flow chart of FIG.
The processing procedure of the store 12 will be described. Maker 21
The store 22 that has been supplied with the mobile body 23 from the first generates the store public key 121 and the store secret key 122 (step S41).

Next, the IC chip 241 of the authentication device 24
The store public key 121 is stored in (step S42),
A user certificate 123 and a user private key 124 corresponding to the number of users operating the mobile unit 23 (= n (n is an arbitrary natural number)).
Is issued and stored in the starting device 28 (steps S44 to S4a).

Next, steps S44 to S4a
The procedure will be described in detail. First, step S44
At, it is determined whether the number of users (= n) is greater than 0. As a result, when it is determined that the number of users is greater than 0, the process proceeds to step S45. On the other hand, when it is determined that the number of users is 0, the process ends.

In step S45, the user identification data is input from the user identification data input device 221 to generate the user identification data 125, and the user public key and the user private key 124 corresponding to the user are generated. Is generated (step S46), and the user certificate 123 including the user public key and signed with the store secret key 122 is issued (step S4).
7). Further, the user identification data 125 is stored in the I / O of the ECU 26.
The user certificate 123 and the user private key 124 are stored in the C chip 261 (step S48), and the IC of the starting device 28 is stored.
The data is stored in the chip 281 (step S49). Next, in step S4a, the number of users (= n) is decremented by 1, and the process returns to step S44. After that, the process from step S44 is repeatedly executed for each user until the value of n becomes 0, that is, the number of users.

Next, referring to the flowchart of FIG.
The authentication operation until the mobile unit 23 is started will be described. FIG. 5 is a flowchart showing an authentication procedure of the mobile body 25.

At the time when the mobile unit 23 is energized by connecting a battery required for operation or the like (step S51),
The mobile body 25 transmits the body certificate 113 to the authentication device 24 (step S52). The authentication device 24 uses the received manufacturer certificate 113 to hold the received body certificate 113.
The verification is performed in step 11 (step S53). If the verification fails, the moving body 23 is disabled (NO in step S54).

On the other hand, if the verification is successful, next, the authentication device 2
4 stores the main body public key extracted from the main body certificate 113 (step S55), generates and stores random data of arbitrary length (step S56), and transmits this random data to the mobile body 25 ( Step S57).

The mobile body 25 combines the received random data and the body identification data 117 (step S5).
8) The combined data is signed with the main body secret key 114 (step S59), and the signature data is transmitted to the authentication device 24 (step S5a). The authentication device 24 decodes the received signature data with the main body public key stored in step S55 (step S5b), and stores the random data portion of the combined data obtained as a result and the step S56. The random data that has been compared is compared (S5c).
If the two do not match as a result of the comparison, authentication fails (S
(NO of 5d), the moving body 23 is made unstartable. On the other hand, if the two match (YES in S5d), the body identification data 117 of the combined data is stored (S5e).
Then, the process ends.

Next, referring to the flowchart of FIG.
The ECU authentication procedure will be described. FIG. 6 is a flowchart showing an authentication procedure for authenticating the ECU. Mobile 2
At the time when the battery is energized by connecting a battery required for operation to 3, the ECU 26 transmits the ECU certificate 115 to the authentication device 24 (step S61). Authentication device 24
Verifies the received ECU certificate 115 with the manufacturer's public key 111 held by itself (step S62), and if the verification fails, disables the moving body (NO in step S63).

On the other hand, if the verification is successful (YES in step S63), then E extracted from the ECU certificate 115
The CU public key is stored (step S64), random data of arbitrary length is generated and stored (step S65),
Random data is transmitted to the ECU 26 (step S6)
6).

The ECU 26 combines the received random data, the main body identification data 117 and the user identification data 125 (step S67), and the combined data is the ECU secret key 11
6 is signed (step S68), and the signature data is transmitted to the authentication device 24 (step S69). The authentication device 24
The received signature data is decoded with the ECU public key stored in step S64 (step S6a), and the random data portion of the combined data obtained as a result is compared with the random data stored in step S65. Yes (step S6b).

As a result, if the two do not match, the authentication fails (NO in step S6c), and the moving body 23 cannot be started. On the other hand, if they match (YES in step S6c), the body identification data 117 in the combined data is compared with the body identification data 117 stored in step S5e (step S6d). As a result, if the two do not match, the authentication fails (NO in step S6e), and the mobile unit 23 cannot be started. On the other hand, if the two match, the user identification data 125 of the combined data is stored (step S6f).

FIG. 7 is a flow chart showing a procedure for authenticating a user. The user attaches the starting device 28 to the mobile unit 2.
3 is connected to the starting communication device 27 (step S7).
1), the user identification data input device 282 reads and stores the user identification data 125 (step S72),
The starting device 28 uses the user certificate 123 to start the communication device 2
7 to the authentication device 24 (step S7).
3). The authentication device 24 verifies the received user certificate 123 with the store public key 121 held by itself (step S74), and if the verification fails (N in step S75).
O), making the moving body 23 unstartable.

On the other hand, if the verification is successful (YES in step S75), the authentication device 24 next determines the user certificate 123.
The user public key extracted from is stored (step S76), random data of arbitrary length is generated and stored (step S77), and the random data is transmitted to the starting device 28 (step S78).

The starting device 28 receives the received random data and the user identification data 125 read in step S72.
Are combined (step S79), the combined data is signed by the user private key 124 (step S7a), and the signature data is transmitted to the authentication device 24 (step S7b).

The authentication device 24 decodes the received signature data with the user public key stored in step S76 (step S7c), and in the combined data obtained as a result, the random data portion and step S77. The stored random data are compared (step S7d).
As a result, if the two do not match, the authentication fails (NO in step S7e), and the mobile unit 23 cannot be started. On the other hand, if the two match (YES in step S7e), the user identification data 125 is extracted from the combined data in step S7.
It is compared with the user identification data 125 stored in 6f (step S7f).

As a result, if the two do not match, the authentication fails (NO in step S7g), and the mobile unit 23 cannot be started. On the other hand, if the two match (YES in step S7g), the moving body 23 is brought into a startable state (step S7h). Then, the process ends.

The authentication of the moving body 25 described above with reference to the flowchart of FIG. 5 and the authentication of the ECU 26 described above with reference to the flowchart of FIG. 6 may be performed in any order. In that case, the main body identification data 117 may be stored in the authentication procedure performed first. The authentication of the mobile body 25 and the ECU 26 may be started when the user connects the starting device 28.

The present embodiment can be applied to the relationship between a moving body such as a passenger car, a construction machine, an airplane, a train, and a ship, a manufacturer, and an operating user.

Further, the present invention can be applied to a stationary machine other than a mobile body, which allows only a specific user to operate.

According to this embodiment, the following effects can be obtained. The first effect is that the illegal use of the mobile unit 23 can be suppressed by identifying the users who can use the mobile unit 23 for operation. The reason is that the starting device 28 is based on strict personal authentication using a certificate.
This is because it is impossible to forge and impersonate the user, and forgery of the starting device 28 is also impossible without the key pair held by the store 22.

The second effect is that the stolen reuse of the components of the mobile unit 23 can be disabled. The reason is that the authentication using the certificate that uniquely identifies the mobile body 25 and the ECU 26 makes the mobile body 25 unusable even in combination with other mobile body components.

FIG. 8 shows a principle diagram of another embodiment to which the present invention is applied. FIG. 9 shows a configuration example of another embodiment to which the present invention is applied. 10 and 11 are flowcharts showing an authentication procedure of another embodiment to which the invention is applied. Hereinafter, the configuration and operation of another embodiment to which the present invention is applied will be described in detail with reference to FIGS.

The manufacturer 81, the store 82, the moving body 83, the authenticating device 84, the moving body 85, the ECU 86, the starting communication device 87, the starting device 88, the user identification data input device 826, and the user identification data input of FIG. Device 881 is shown in FIG.
Manufacturer 11, dealer 12, mobile unit 13, authentication device 1
4, the mobile body 15, the ECU 16, the starting communication device 17,
They correspond to the starting device 18, the user identification data input device 126, and the user identification data input device 181, respectively.

Further, the maker 91, the store 92, and the
Mobile unit 93, authentication device 94, mobile unit main body 95, ECU 9
6, starting communication device 97, starting device 98, user identification data input device 921, user identification data input device 982
Is a maker 81, a store 82, a moving body 83, an authenticating device 84, a moving body 85, an ECU 86, a starting communication device 87, a starting device 88, and a user identification data input device 82 in FIG.
6 corresponds to the user identification data input device 881.

Further, the manufacturer public key 811, the manufacturer private key 812, the main body certificate 813, and the main body private key 81 shown in FIG.
4, ECU certificate 815, ECU private key 816, main unit identification data 817, store public key 821, store private key 8
22, the user certificate 823, the user private key 824, and the user identification data 825 are the public key 111 of the manufacturer shown in FIG.
Manufacturer private key 112, main body certificate 113, main body private key 114, ECU certificate 115, ECU private key 116, main body identification data 117, dealer public key 121, dealer private key 122, user certificate 123, user Private key 124,
Each corresponds to the user identification data 125.

In the case of the embodiment shown in FIGS. 8 and 9, the IC chip 241 of the authentication device 14 shown in FIG.
Maker public key 111 and store public key 12 stored in
In addition to 1, the main body certificate 813 (corresponding to the main body certificate 113), the main body private key 814 (corresponding to the main body private key 114), and the main body identification data 817 (main body identification) in the same manner as in the case of the mobile body main body 85. The difference is that (corresponding to the data 117) is stored in the IC chip 941 (FIG. 9) of the authentication device 84.

The IC chip 941 is the authentication device 94.
The difference is that it has a function of combining the random data generated and transferred by the main body identification data 817 and transferring the signature data signed by the main body secret key 814 to the authentication device 94. Further, in FIG. 1, instead of the user certificate 123 stored in the starting device 18, a user ID 826
Is stored in the starting device 88. Furthermore, FIG.
User identification data input device 22 of store 22 shown in FIG.
In addition to 1, the difference is that a user ID / certificate transmitting / receiving device 922 is provided in the store 92.

The difference is that a user ID / certificate transmitting / receiving device 942 is newly provided in the authentication device 94. Also, the user ID / certificate transmitting / receiving device 922, and the user ID /
The certificate transmitting / receiving device 942 includes a store 92 and an authentication device 94.
User ID 826 and corresponding user certificate 8
23 has a function of transmitting / receiving 23 via any transmission means such as wireless or wired.

Next, the operation of this embodiment will be described. In the present embodiment, in addition to the process of authenticating the mobile body 85 described above with reference to the flowchart of FIG.
According to the authentication procedure shown in the flowchart of FIG. 10, the authentication device 84 authenticates itself, thereby adding processing for verifying the authenticity of the authentication device 84.

The authentication procedure of the authentication device 85 will be described below with reference to the flowchart of FIG. When the moving body 93 is energized by connecting a battery required for operation or the like (step S111), the main body certificate 813 in the IC chip 941 mounted on the authentication device 94 is transferred to the authentication device 94 (step S111). S112). Authentication device 9
4 verifies the transferred main body certificate 813 with the manufacturer public key 811 held by itself (step S11).
3) If the verification is unsuccessful, the mobile unit 93 is made unstartable (NO in step S114).

On the other hand, if the verification is successful (step S114
YES), then the authentication device 94 determines that the main body certificate 813
The main body public key extracted from is stored (step S
115), generate and store random data of arbitrary length (step S116), and use this random data as the authentication device 94.
Transfer to the IC chip 941 mounted on the
117).

IC chip 94 mounted on the authentication device 94
1 combines the transferred random data with the body identification data 817 (step S118), signs the combined data with the body secret key 814 (step S119), and transfers the signature data to the authentication device 94 (step S11a). .
The authentication device 94 decodes the transferred signature data with the main body public key stored in step S115 (step S11b), and stores the random data portion of the combined data obtained as a result and the step S116. The saved random data is compared (S11c). As a result of the comparison, if the two do not match, authentication fails (S1
(NO of 1d), the moving body 23 is made unstartable. On the other hand, if they match (YES in S11d), the body identification data 817 of the combined data is stored (S11).
e). Then, the process ends.

Regarding the authentication of the user, unlike the user registration procedure described above with reference to the flowchart of FIG. Along with the issuance, a corresponding user ID 826 is issued and stored in the starting device 88 in place of the user certificate 823.

FIG. 11 is a flowchart showing a procedure for authenticating a user. The user sets the starting device 98 to the moving body 9
3 is connected to the starting communication device 97 (step S10).
1), the user identification data input device 982 reads and stores the input user identification data 825 (step S
102), the starting device 98 sends the user ID to the authentication device 94.
826 is transmitted (step S103). Authentication device 94
Transmits the received user ID 826 to the store 92 using the user ID / certificate transmitting / receiving device 942 (step S104).

The store 92 checks the validity of the user ID 826 received via the user ID / certificate transmitting / receiving device 922, and if it is not recognized as a valid user ID (NO in step S105), The user ID 826 received from the user ID / certificate transmitting / receiving device 922 is directly transmitted to the authenticating device 94 of the mobile unit 93 and returned (step S106). In this case, the user authentication fails, and the authentication device 94 makes the mobile body 93 unstartable.

On the other hand, the store 92 receives the received user ID.
If 826 is recognized as a valid user ID (step S10)
5), and then the user ID / certificate transmitting / receiving device 9
22 the user certificate 823 to the authentication device 9 of the mobile unit 93
4 and returns (step S107). The authentication device 94 that has received the user certificate 823 via the user ID / certificate transmitting / receiving device 942 verifies with the store public key 821 that it holds (step S108), and if the verification fails (step S109). NO), the moving body 93 is disabled to start.

On the other hand, if the verification is successful (step S109
YES), the user authentication process following step S76 in the flowchart of FIG. 7 is continuously performed, though the description is omitted. Then, the process ends.

The present embodiment has the effect of preventing tampering with the authentication device 94 itself in addition to the moving body 93. By acquiring the user certificate 823 from the store 92, the store 92 corresponds to the user ID 826 of the stolen user when the store 92 is notified of the theft report. There is also an effect that the user ID 826 can be invalidated by not transmitting the user certificate 823 to the mobile body 93. further,
When transmitting / receiving the user ID 826, the GPS (Global
It is also possible to include the position information of the l Positioning System), and there is a new effect that the geographical use restriction of the mobile body 93 can be performed.

It is needless to say that the configurations and operations of the above-described embodiments are examples, and can be changed as appropriate without departing from the spirit of the present invention.

[0081]

As described above, according to the mobile body security system of the present invention, the authenticating means verifies the first certificate with the first public key, and when the verification fails, the mobile body is started. When the verification is successful, the third public key of the storage means is acquired from the first certificate and stored, and predetermined random data is generated and stored, and the predetermined random data is supplied to the storage means. Supplies the signature data digitally signed with the first secret key by combining the random data and the first identification data to the authentication means, and the authentication means decodes the signature data digitally signed with the third public key. Then, the obtained random data is compared with the stored random data, and when they do not match, the starting of the mobile body is disabled, and when they match, the first identification data is stored, and the authentication means is , The second certificate to the first public key Verified, when the validation fails, it impossible to start the mobile, when the verification is successful, and fourth storage acquired by the public key of the control means from the second certificate,
Predetermined random data is generated, stored, and supplied to the control means, and the control means combines the random data, the first identification data, and the second identification data and digitally signs the signature data with the second secret key. The signature data supplied to the authentication means is decoded by the signature data digitally signed with the fourth public key, and the obtained random data is compared with the stored random data. When the starting of the body is disabled and coincides, the obtained first identification data is compared with the stored first identification data, and when they do not match, the starting of the moving body is disabled and coincides. and when,
The second identification data is stored, and the authentication means verifies the third certificate with the second public key. When the verification is unsuccessful, the mobile unit cannot be started. When the verification is successful, the verification is successful. The fifth public key of the user is acquired from the certificate of No. 3 and stored, and predetermined random data is generated and stored and supplied to the starter, and the starter combines the random data and the second identification data. Then, the signature data digitally signed with the third secret key is supplied to the authentication means, and the authentication means decodes the signature data digitally signed with the fifth public key and stores the obtained random data and the stored random data. When the random data is compared with the received random data, the starting of the mobile body is disabled when they do not match, and when they match, the second identification data obtained and the second stored data are stored.
The identification data are compared, and when they do not match, it is impossible to start the mobile body, and when they match, the mobile body can be started. Therefore, it is possible to specify the users who can operate the mobile body. Therefore, the illegal use of the mobile body can be suppressed. In addition, it is possible to prevent the constituent elements of the mobile body from being tampered with or illegally reused.

[Brief description of drawings]

FIG. 1 is a principle diagram of an embodiment to which the present invention is applied.

FIG. 2 is a block diagram showing a configuration example of an embodiment to which the present invention is applied.

FIG. 3 is a flowchart for explaining a processing procedure of a maker.

FIG. 4 is a flowchart for explaining a processing procedure of a store.

FIG. 5 is a flowchart for explaining a procedure for authenticating a mobile body.

FIG. 6 is a flowchart for explaining a procedure for authenticating an ECU.

FIG. 7 is a flowchart for explaining a procedure for authenticating a user.

FIG. 8 is a principle diagram of another embodiment to which the present invention is applied.

FIG. 9 is a block diagram showing a configuration example of another embodiment to which the present invention is applied.

FIG. 10 is a flowchart for explaining a procedure for authenticating an authentication device in the embodiment shown in FIGS. 8 and 9.

11 is a flowchart for explaining a procedure for authenticating a user in the embodiment shown in FIGS. 8 and 9. FIG.

[Explanation of symbols]

11,21,82,92 Manufacturer (CA1) 12,22,82,92 Store (CA2) 13,23,83,93 Mobile unit 14,24,84,94 Authentication device 15,25,85,95 Mobile unit Main body 16, 26, 86, 96 ECU 17, 17, 87, 97 Starting communication device 18, 28, 88, 98 Starting device 125, 181, 221, 822 825, 881, 9
21,982 user identification data input device 241,251,261,281,941,951,9
61,981 IC chip 922,942 User ID / certificate transmitter / receiver 11,811 Manufacturer public key 112,812 Manufacturer private key 113,813 Main body certificate 114,814 Main body private key 115,815 ECU certificate 116,816 ECU Private key 117,817 Main body identification data 121,821 Distributor public key 122,822 Distributor secret key 123,823 User certificate 124,824 User secret key 125,825 User identification data

─────────────────────────────────────────────────── ─── Continuation of front page (51) Int.Cl. ⁷ Identification code FI theme code (reference) H04M 3/42 H04L 9/00 675B 675D 675Z 673D F term (reference) 2E250 AA21 BB05 BB08 BB10 BB65 CC11 CC16 DD01 DD06 DD08 DD09 DD10 EE08 EE10 FF06 FF08 FF11 FF22 FF36 HH00 HH01 HH08 JJ00 KK03 LL00 TT01 TT03 5B085 AE02 AE04 AE09 5J104 AA07 KA02 KA05 PA01 5K024 AA61 BB04 CC11 DD01 DD02 GG01 GG04

Claims (7)

[Claims] 1. A mobile body security system for preventing modification and theft of a mobile body, the mobile body storing means for storing information, authentication means for executing an authentication process, and operation of the mobile body. Control means for controlling and communication means for controlling communication with a starting device for starting the mobile body, wherein the authenticating means of the mobile body includes a first public key of a first certificate authority and a first public key. A second public key of a second certificate authority is registered, and a first certificate, a first private key, and a first identification for identifying the mobile body are stored in the storage means of the mobile body. Data is registered, and a second certificate, a second secret key, the first identification data, and a user who uses the mobile unit are identified by the control unit that controls the operation of the mobile unit. Second identification data for registration is registered, and the start information possessed by the user is registered. A third certificate, a third secret key, and the second identification data are registered in the mobile device, and the authentication unit verifies the first certificate with the first public key, When the verification is unsuccessful, the mobile unit cannot be started, and when the verification is successful, the third public key of the storage means is acquired and stored from the first certificate, and predetermined random data is stored. Generated, stored, and supplied to the storage means, the storage means combines the random data and the first identification data, and supplies signature data digitally signed with the first secret key to the authentication means. The authenticating means decodes the signature data digitally signed with the third public key, compares the obtained random data with the stored random data, and when they do not match, Makes it impossible to start the mobile,
When they match, the first identification data is stored, the authentication means verifies the second certificate with the first public key, and when the verification fails, the mobile body cannot be started. When the verification is successful, the fourth public key of the control means is acquired from the second certificate and stored, and predetermined random data is generated and stored and supplied to the control means. The means combines the random data, the first identification data, and the second identification data, and supplies signature data digitally signed with the second secret key to the authentication means, and the authentication means The signature data digitally signed with the fourth public key is decoded, the obtained random data is compared with the stored random data, and when they do not match, the mobile body cannot be started. West,
When they match, the obtained first identification data and the stored first identification data are compared, and when they do not match, the starting of the moving body is disabled, and when they match,
Storing the second identification data, the authenticating means verifies the third certificate with the second public key, and when the verification fails, disables the starting of the mobile unit and verifies When successful, the fifth public key of the user is acquired from the third certificate and stored, and predetermined random data is generated and stored and supplied to the starter, and the starter Random data and the second identification data are combined and digitally signed by the third secret key, and the signature data is supplied to the authentication means, and the authentication means is digitally signed by the fifth public key. The signature data is decoded, the obtained random data is compared with the stored random data, and when they do not match, the mobile body cannot be started,
When they match, the obtained second identification data is compared with the stored second identification data, and when they do not match, the starting of the moving body is disabled, and when they match,
A mobile security system, wherein the mobile can be started. 2. The first certificate includes the third public key of the storage means, is digitally signed by the fourth private key of the first certificate authority, and is the second certificate. The certificate is
The fourth certificate includes the fourth public key of the control means, is digitally signed by the fourth private key of the first certificate authority, and the third certificate is the fifth certificate of the user. The mobile security system according to claim 1, wherein the mobile security system includes a public key and is digitally signed by the fifth private key of the second certificate authority. 3. A mobile body security system for preventing modification and theft of a mobile body, wherein the mobile body stores storage information, authentication means for executing an authentication process, and operation of the mobile body. Control means for controlling and communication means for controlling communication with a starting device for starting the mobile body, wherein the authenticating means of the mobile body includes a first public key of a first certificate authority and a first public key. A second public key of a second certificate authority is registered, and a first certificate, a first private key, and a first identification for identifying the mobile body are stored in the storage means of the mobile body. Data is registered, and a second certificate, a second secret key, the first identification data, and a user who uses the mobile unit are identified by the control unit that controls the operation of the mobile unit. Second identification data for registration is registered, and the start information possessed by the user is registered. A user ID for identifying a user, a third secret key, and the second identification data are registered in the mobile device, and the authenticating means publishes the first certificate in the first publication. Verifying with a key, when verification fails, starting of the mobile body is disabled, and when verification succeeds, a third public key of the storage means is acquired from the first certificate and stored. Generating and storing predetermined random data, combining the random data and the first identification data to generate signature data digitally signed with the first secret key, and the authenticating means includes the third disclosure. Decoding the digitally signed signature data with a key, comparing the obtained random data with the stored random data, and when they do not match, disables the starting of the mobile body,
When they match, the first identification data is stored, the authentication means verifies the second certificate with the first public key, and when the verification fails, the mobile body cannot be started. When the verification is successful, the fourth public key of the control means is acquired from the second certificate and stored, and predetermined random data is generated and stored and supplied to the control means. The means combines the random data, the first identification data, and the second identification data, and supplies signature data digitally signed with the second secret key to the authentication means, and the authentication means The signature data digitally signed with the fourth public key is decoded, the obtained random data is compared with the stored random data, and when they do not match, the mobile body cannot be started. West,
When they match, the obtained first identification data and the stored first identification data are compared, and when they do not match, the starting of the moving body is disabled, and when they match,
Storing the second identification data, the starting device supplies the user ID to the authentication means via the communication means, and the authentication means sends the user ID to the second authentication station. And the second certificate authority determines the validity of the user ID, disables the mobile unit via the authentication device when it is not valid, and when it is valid, the third certificate A certificate to the authenticating means, the authenticating means verifies the third certificate with the second public key, and when the verification fails, disables the starting of the mobile unit and the verification succeeds. At this time, the fifth public key of the user is acquired from the third certificate and stored, and predetermined random data is generated and stored and supplied to the starter, and the starter is the random Data and the second identification data are combined to obtain the third secret key The digitally signed signature data is supplied to the authenticating means, and the authenticating means decodes the digitally signed signature data with the fifth public key, and obtains the random data and the stored random data. Comparing with random data, when they do not match, disable the starting of the mobile,
When they match, the obtained second identification data is compared with the stored second identification data, and when they do not match, the starting of the moving body is disabled, and when they match,
A mobile security system, wherein the mobile can be started. 4. Control of communication between a storage unit for storing information, an authentication unit for executing an authentication process, a control unit for controlling the operation of the moving body, and a starting device for starting the moving body. A mobile object antitheft method for preventing modification and theft of a mobile body comprising a communication means, wherein the mobile means authentication means includes a first public key of a first certification authority and a second certification authority of the second certification authority. A second public key is registered, a first certificate, a first private key, and first identification data for identifying the mobile body are registered in the storage means of the mobile body, A second certificate, a second secret key, the first identification data, and a second means for identifying a user who uses the mobile unit are provided to the control unit that controls the operation of the mobile unit. Identification data is registered, and a third certificate is added to the starter possessed by the user. A third secret key and the second identification data are registered, the authentication means verifies the first certificate with the first public key, and when the verification fails, starts the mobile body. When the verification is successful, the third public key of the storage means is acquired and stored from the first certificate, predetermined random data is generated and stored, and the random key is supplied to the storage means. The storage unit supplies the authentication unit with signature data which is obtained by combining the random data and the first identification data and digitally signed with the first secret key. Decoding the digitally signed signature data with a key, comparing the obtained random data with the stored random data, and when they do not match, disables the starting of the mobile,
When they match, the first identification data is stored, the authentication means verifies the second certificate with the first public key, and when the verification fails, the mobile body cannot be started. When the verification is successful, the fourth public key of the control means is acquired from the second certificate and stored, and predetermined random data is generated and stored and supplied to the control means. The means combines the random data, the first identification data, and the second identification data, and supplies signature data digitally signed with the second secret key to the authentication means, and the authentication means The signature data digitally signed with the fourth public key is decoded, the obtained random data is compared with the stored random data, and when they do not match, the mobile body cannot be started. West,
When they match, the obtained first identification data and the stored first identification data are compared, and when they do not match, the starting of the moving body is disabled, and when they match,
Storing the second identification data, the authenticating means verifies the third certificate with the second public key, and when the verification fails, disables the starting of the mobile unit and verifies When successful, the fifth public key of the user is acquired from the third certificate and stored, and predetermined random data is generated and stored and supplied to the starter, and the starter Random data and the second identification data are combined and digitally signed by the third secret key, and the signature data is supplied to the authentication means, and the authentication means is digitally signed by the fifth public key. The signature data is decoded, the obtained random data is compared with the stored random data, and when they do not match, the mobile body cannot be started,
When they match, the obtained second identification data is compared with the stored second identification data, and when they do not match, the starting of the moving body is disabled, and when they match,
A method for preventing theft of a mobile body, which enables starting the mobile body. 5. Control of communication between a storage unit for storing information, an authentication unit for executing an authentication process, a control unit for controlling the operation of the moving body, and a starting device for starting the moving body. A mobile object antitheft method for preventing modification and theft of a mobile body comprising a communication means, wherein the mobile means authentication means includes a first public key of a first certificate authority and a second certificate authority of the second certificate authority. A second public key is registered, a first certificate, a first secret key, and first identification data for identifying the mobile body are registered in the storage means of the mobile body, A second certificate, a second secret key, the first identification data, and a second means for identifying a user who uses the mobile unit are provided to the control unit that controls the operation of the mobile unit. Identification data is registered, and the user is identified in the starting device possessed by the user. A user ID for authentication, a third secret key, and the second identification data are registered, and the authentication means verifies the first certificate with the first public key, and the verification has failed. When the starting of the mobile unit is disabled and the verification is successful, the third public key of the storage unit is acquired from the first certificate and stored, and predetermined random data is generated and stored. The random data and the first identification data are combined to generate signature data digitally signed with the first secret key, and the authenticating means is the digitally signed with the third public key. Data is decoded, the obtained random data is compared with the stored random data, and when they do not match, the starting of the mobile body is disabled,
When they match, the first identification data is stored, the authentication means verifies the second certificate with the first public key, and when the verification fails, the mobile body cannot be started. When the verification is successful, the fourth public key of the control means is acquired from the second certificate and stored, and predetermined random data is generated and stored and supplied to the control means. The means combines the random data, the first identification data, and the second identification data, and supplies signature data digitally signed with the second secret key to the authentication means, and the authentication means The signature data digitally signed with the fourth public key is decoded, the obtained random data is compared with the stored random data, and when they do not match, the mobile body cannot be started. West,
When they match, the obtained first identification data and the stored first identification data are compared, and when they do not match, the starting of the moving body is disabled, and when they match,
Storing the second identification data, the starting device supplies the user ID to the authentication means via the communication means, and the authentication means sends the user ID to the second authentication station. And the second certificate authority determines the validity of the user ID, disables the mobile unit via the authentication device when it is not valid, and when it is valid, the third certificate A certificate to the authenticating means, the authenticating means verifies the third certificate with the second public key, and when the verification fails, disables the starting of the mobile unit and the verification succeeds. At this time, the fifth public key of the user is acquired from the third certificate and stored, and predetermined random data is generated and stored and supplied to the starter, and the starter is the random Data and the second identification data are combined to obtain the third secret key The digitally signed signature data is supplied to the authenticating means, and the authenticating means decodes the digitally signed signature data with the fifth public key, and obtains the random data and the stored random data. Comparing with random data, when they do not match, disable the starting of the mobile,
When they match, the obtained second identification data is compared with the stored second identification data, and when they do not match, the starting of the moving body is disabled, and when they match,
A method for preventing theft of a mobile body, which enables starting the mobile body. 6. Communication is controlled between a storage unit for storing information, an authentication unit for executing an authentication process, a control unit for controlling the operation of the moving body, and a starting device for starting the moving body. A mobile object antitheft program for preventing modification and theft of a mobile unit comprising a communication unit, wherein the mobile unit authentication unit includes a first public key of a first certificate authority and a second certificate authority of the second certificate authority. Registering a second public key, registering a first certificate, a first secret key, and first identification data for identifying the mobile unit in the storage means of the mobile unit, A second certificate, a second secret key, the first identification data, and a second means for identifying a user who uses the mobile unit are provided to the control unit that controls the operation of the mobile unit. The identification data of the above, and a third certificate is stored in the starting device possessed by the user. A third secret key and the second identification data are registered, the first certificate is verified by the authentication means with the first public key, and when the verification fails, the mobile body is started. When the verification is successful, the third public key of the storage means is acquired and stored from the first certificate, and predetermined random data is generated, stored, and supplied to the storage means. Executing a process, causing the storage unit to perform a process of combining the random data and the first identification data and supplying signature data digitally signed with the first secret key to the authentication unit; Means for decoding the signature data digitally signed with the third public key, comparing the obtained random data with the stored random data, and when they do not match, Making it impossible to start,
When they match, a process of storing the first identification data is executed, and the authentication means verifies the second certificate with the first public key. When the start is impossible and the verification is successful, the fourth public key of the control means is acquired from the second certificate and stored, and the predetermined random data is generated and stored, and is supplied to the control means. The control means is supplied with signature data obtained by combining the random data, the first identification data and the second identification data and digitally signing with the second secret key to the authentication means. The authentication means, the signature data that is digitally signed with the fourth public key is decoded, and the obtained random data is compared with the stored random data, It does not match Come, it impossible to start-up of the movable body,
When they match, the obtained first identification data and the stored first identification data are compared, and when they do not match, the starting of the moving body is disabled, and when they match,
A process of storing the second identification data is executed, and the authentication unit verifies the third certificate with the second public key. When the verification fails, the mobile unit cannot be started. When the verification is successful, the fifth public key of the user is acquired from the third certificate and stored, and predetermined random data is generated and stored, and the process of supplying the starter is executed. Then, the starting device is caused to execute a process of combining the random data and the second identification data and supplying signature data digitally signed with the third secret key to the authentication means, and the authentication means, The signature data digitally signed by the fifth public key is decoded, the obtained random data is compared with the stored random data, and when they do not match, the start of the mobile unit is not successful. Enable and
When they match, the obtained second identification data is compared with the stored second identification data, and when they do not match, the starting of the moving body is disabled, and when they match,
A mobile object antitheft program, characterized by executing a process for enabling the mobile object to start. 7. Communication between a storage means for storing information, an authentication means for executing an authentication process, a control means for controlling the operation of the moving body, and a starting device for starting the moving body is controlled. A mobile object antitheft program for preventing modification and theft of a mobile unit comprising a communication unit, wherein the mobile unit authentication unit includes a first public key of a first certificate authority and a second certificate authority of the second certificate authority. Registering a second public key, registering a first certificate, a first secret key, and first identification data for identifying the mobile unit in the storage means of the mobile unit, A second certificate, a second secret key, the first identification data, and a second means for identifying a user who uses the mobile unit are provided to the control unit that controls the operation of the mobile unit. The identification data of the user is registered, and the user is identified in the starting device possessed by the user. User ID for authentication, a third secret key, and the second identification data are registered, and the first certificate is verified by the authentication means with the first public key, and verification fails. At this time, when the starting of the mobile unit is disabled and the verification is successful, the third public key of the storage unit is acquired and stored from the first certificate, and predetermined random data is generated and stored. A process of executing the process of combining the random data and the first identification data to generate signature data digitally signed with the first secret key; Decode the digitally signed signature data in, and compare the obtained random data with the stored random data, when they do not match, disable the start of the mobile,
When they match, a process of storing the first identification data is executed, and the authentication means verifies the second certificate with the first public key. When the start is impossible and the verification is successful, the fourth public key of the control means is acquired from the second certificate and stored, and the predetermined random data is generated and stored, and is supplied to the control means. The control means is supplied with signature data obtained by combining the random data, the first identification data and the second identification data and digitally signing with the second secret key to the authentication means. The authentication means, the signature data that is digitally signed with the fourth public key is decoded, and the obtained random data is compared with the stored random data, It does not match Come, it impossible to start-up of the movable body,
When they match, the obtained first identification data and the stored first identification data are compared, and when they do not match, the starting of the moving body is disabled, and when they match,
Executing a process of storing the second identification data, causing the starter device to execute a process of supplying the user ID to the authentication means via the communication means, and causing the authentication means to execute the user ID Is transmitted to the second certification authority, the second certification authority judges the validity of the user ID, and when the validity is not valid, the mobile body is not started via the certification device. When enabled, when it is valid, the third certificate is transmitted to the authentication means, and the authentication means verifies the third certificate with the second public key, and the verification fails. Then, when the mobile body cannot be started and the verification is successful, the fifth public key of the user is obtained and stored from the third certificate, and predetermined random data is generated and stored. To perform the process of supplying to the starting device, The starting device is caused to execute a process of combining the random data and the second identification data and supplying signature data digitally signed with the third secret key to the authentication means, and the authentication means performs the fifth operation. Decoding the digitally signed signature data with the public key of, comparing the obtained random data with the stored random data, and when they do not match, disables the starting of the mobile body,
When they match, the obtained second identification data is compared with the stored second identification data, and when they do not match, the starting of the moving body is disabled, and when they match,
A method for preventing theft of a mobile body, which comprises performing a process for enabling the mobile body to start.