JP2020173796A - Communication system and communication device - Google Patents

Abstract

To provide a novel and improved communication system and communication device, which allow for reducing time it takes from completion of communication with an external device to outputting of communication data corresponding to a communication result to another device.SOLUTION: A communication system is provided, comprising: a communication device configured to send a selective solution selected according to a result of first communication with an external device; and a control device configured to receive the selective solution from the communication device through second communication taking place between the communication device and a communication counterpart different from that in the first communication.SELECTED DRAWING: Figure 1

Description

The present invention relates to communication systems and communication devices.

Conventionally, there is a communication system that communicates between a communication device and an external device (see, for example, Patent Document 1). For example, the communication data generated by processing the result derived from the communication between the communication device and the external device may be output from the communication device to another device. In such a case, in general, after the result is derived in the communication device, the result is processed to generate communication data.

Japanese Unexamined Patent Publication No. 2012-036582

However, if the communication data is generated after the result is derived in the communication device, there is a problem that it takes time to complete the transmission of the communication data.
Therefore, the present invention has been made in view of the above problems, and an object of the present invention is to output communication data corresponding to a communication result to another device after communication with an external device is completed. It is an object of the present invention to provide a new and improved communication system and a communication device that can accelerate the timing of the process.

In order to solve the above problems, according to a certain viewpoint of the present invention, a communication device that transmits a selected solution selected according to the result of the first communication with an external device, and the first communication are the communication devices. A communication system is provided that includes a control device that receives the selected solution from the communication device by a second communication with a different communication partner with the communication system.

Further, in order to solve the above problems, according to another viewpoint of the present invention, the acquisition unit that acquires the selected solution selected according to the result of the first communication with the external device, and the first communication are A communication device is provided that includes a communication unit that transmits the selected solution to the control device by a second communication with a different communication partner.

As described above, according to the present invention, there is provided a communication system and a communication device capable of suppressing an increase in processing time.

It is a block diagram which shows the structure of a communication system. It is a figure which shows the arrangement of the communication device in a vehicle. It is explanatory drawing which shows the procedure of distance measurement. It is explanatory drawing which shows (a) transmission of a cryptographic selective solution when a measured value is valid, (b) is an explanatory diagram which shows transmission of a cryptographic selective solution when a measured value is not valid, and (c) first. It is explanatory drawing which shows the example of notification to the collation ECU when the cipher selection solution does not match the 1st cipher collation solution. It is a table summarizing the example of the correspondence relationship between the notification to the collation ECU, the determination result of the measured value in the master communication device, and the determination result of the measured value in the slave communication device. It is explanatory drawing which shows the example of the notification to the collation ECU when a communication error occurs between a slave communication device and a terminal.

Preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings. In the present specification and the drawings, components having substantially the same functional configuration are designated by the same reference numerals, so that duplicate description will be omitted.

<1. One Embodiment>
Hereinafter, an embodiment of the communication system and the communication device will be described with reference to FIGS. 1 to 4.

<< 1.1. Configuration example >>
A configuration example of the communication system according to the present embodiment will be described with reference to FIG. As shown in FIG. 1, the communication system according to the present embodiment includes an electronic key system 4. The electronic key system 4 controls whether or not the in-vehicle device 3 can be operated by confirming whether or not the terminal 2 is legitimate by wirelessly (by authenticating the terminal 2). More specifically, in the electronic key system 4 of this example, when the key ID (ID information) required for authentication is transmitted by one of the vehicle 1 and the terminal 2, and the key ID is received by the other. It is a smart collation system that executes ID collation (hereinafter, also referred to as "smart collation") for collating the key ID received by the other party with the key ID registered in the other party.

As will be described later, in this example, it is mainly assumed that the smart collation is performed in the vehicle 1. However, the smart collation may be performed on the terminal 2. Further, smart collation is an example of authentication of the terminal 2 by wireless communication. Therefore, the authentication method of the terminal 2 is not limited to smart collation. When smart collation is performed by the electronic key system 4, the terminal 2 is preferably the electronic key 5, as shown in FIG. The electronic key 5 is used for smart collation through wireless communication with, for example, the vehicle 1, and has a key function of executing the operation of the in-vehicle device 3 based on the smart collation.

(Vehicle configuration)
Subsequently, each configuration of the vehicle 1 will be described. The vehicle 1 includes an in-vehicle device 3, a collation ECU (Electronic Control Unit) 8, a body ECU 9, an engine ECU 10, an LF (Low Frequency) transmitter 13, a UHF (Ultra High Frequency) receiver 14, and a communication device. 31 and. As shown in FIG. 1, as the in-vehicle device 3, the door lock device 6 for controlling the locking and unlocking of the vehicle door can be mentioned as an example, and the engine 7 of the vehicle 1 can be mentioned as an example.

The collation ECU 8 includes a volatile memory 15, a non-volatile memory 16, a processing execution unit 17, an update unit 44c, a collation unit 46, an update control unit 47, an authentication unit 48, and a reception unit 49. The authentication unit 48 executes smart collation and authenticates the terminal 2 by smart collation. A key ID unique to the terminal 2 and a key unique key are registered in the non-volatile memory 16 of the collation ECU 8. The key ID and key unique key are used for smart collation. The volatile memory 15, the processing execution unit 17, the update unit 44c, the collation unit 46, the update control unit 47, and the reception unit 49 will be described in detail later.

The body ECU 9 manages the power supply of the in-vehicle electrical components. For example, the body ECU 9 controls a door lock device 6 for switching the locking and unlocking of the vehicle door. Further, the engine ECU 10 controls the engine 7. The collation ECU 8, the body ECU 9, and the engine ECU 10 are connected to each other via a communication line 11 inside the vehicle 1. The protocol for communication via the communication line 11 may be, for example, CAN (Controller Area Network) or LIN (Local Interconnect Network).

The LF transmitter 13 transmits radio waves in the LF band to the terminal 2 when executing smart collation communication between the vehicle 1 and the terminal 2. Further, when the terminal 2 receives the LF band radio wave and the terminal 2 transmits the UHF band radio wave, the UHF receiver 14 receives the UHF band radio wave transmitted from the terminal 2. The LF transmitter 13 is, for example, an outdoor LF transmitter that transmits radio waves to a terminal 2 located outside the vehicle 1 and an indoor LF transmitter that transmits radio waves to a terminal 2 located indoors of the vehicle 1. It is preferable to have a machine. The communication device 31 will be described in detail later.

(Each configuration of the terminal)
Subsequently, each configuration of the terminal 2 will be described. The terminal 2 includes a terminal control unit 20, an LF receiving unit 21, a UHF transmitting unit 22, and a UWB (Ultra Wide Band) transmitting / receiving unit 33. The terminal control unit 20 controls the terminal 2. The terminal control unit 20 includes a non-volatile memory 23. A key ID unique to the terminal 2 and a key unique key are registered in the non-volatile memory 23 of the terminal control unit 20. The key ID and key unique key are used for smart collation.

The LF receiving unit 21 receives the LF radio wave transmitted from the vehicle 1 when executing the smart collation communication between the vehicle 1 and the terminal 2. When the LF radio wave transmitted from the vehicle 1 is received by the LF receiving unit 21, the UHF transmitting unit 22 transmits the UHF radio wave to the vehicle 1. The UWB transmitter / receiver 33 will be described in detail later.

(Smart collation)
Next, the flow of smart collation will be described. First, the LF transmitter 13 of the vehicle 1 transmits the wake signal LF periodically or irregularly. When the terminal 2 receives the wake signal by the LF receiving unit 21, the terminal 2 is activated from the standby state, and the UHF transmitting unit 22 transmits the ack signal by UHF. When the collation ECU 8 receives the ack signal for the wake signal from the terminal 2 by the UHF receiver 14, the authentication unit 48 starts smart collation. At this time, when the outdoor terminal 2 receives the wake signal of the outdoor LF transmitter 13, the authentication unit 48 of the collation ECU 8 executes the outdoor smart collation between the outdoor terminal 2 and the vehicle 1. .. On the other hand, when the indoor terminal 2 receives the wake signal of the indoor LF transmitter 13, the authentication unit 48 of the collation ECU 8 executes the indoor smart collation with the indoor terminal 2.

Here, the smart collation may include a key ID collation for confirming a match between the key ID registered in the terminal 2 and the key ID registered in the vehicle 1 in advance, or a request using the key unique key. Response authentication may be included. The request response authentication is an authentication in which both the vehicle 1 and the terminal 2 are made to calculate a response code using the key unique key for the request code which is a random number, and the matching of these response codes is confirmed. In this example, it is mainly assumed that the authentication unit 48 of the collation ECU 8 establishes smart collation when both key ID verification and request response authentication are established.

(Distance measurement system)
As shown in FIG. 1, the communication system according to the present embodiment includes a distance measuring system 30. Hereinafter, the distance measurement system 30 will be described. The distance measuring system 30 directly measures the measured value Vm according to the distance between the vehicle 1 and the terminal 2. However, for the sake of brevity, the distance measuring system 30 may be described below as measuring the distance between the vehicle 1 and the terminal 2.

Here, when the vehicle 1 and the terminal 2 are far apart, the communication connection between the vehicle 1 and the terminal 2 is not made, so that the smart collation is not usually established. However, there is a case where a fraudulent act is performed in which a terminal 2 far away from the vehicle 1 is communicated with the vehicle 1 by a repeater or the like to establish smart collation. As a countermeasure against such fraudulent activity, the distance measuring system 30 has a function of measuring the measured value Vm according to the distance between the vehicle 1 and the terminal 2, and whether or not the smart collation can be established is determined based on the validity of the measured value Vm. It has a function to determine (illegal communication detection function).

The distance measurement system 30 is mainly realized by the UWB transmission / reception unit 33 included in the terminal 2 and the communication device 31 included in the vehicle 1. The UWB transmission / reception unit 33 executes communication for distance measurement with the communication device 31. Further, the communication device 31 executes communication for distance measurement with the terminal 2. In this example, it is mainly assumed that the vehicle 1 includes a plurality of communication devices 31 (particularly, a master communication device 34 and a slave communication device 35). However, the number of communication devices 31 included in the vehicle 1 is not limited.

In this example, the master communication device 34 is connected to the collation ECU 8 via the communication line 36. The slave communication device 35 is connected to the master communication device 34 via a communication line 37. The communication protocol in communication via the communication line 36 and the communication line 37 may be, for example, LIN or CAN. A communication interface such as a UART (Universal Asynchronous Receiver Transmitter) may be used for the communication line 36.

The master communication device 34 includes a communication control unit 38, an interface unit 39, a volatile memory 40b, a non-volatile memory 41b, an acquisition unit 42b, a second communication unit 43b, an update unit 44b, and a measurement unit 45b. To be equipped. The interface unit 39 is an interface capable of communicating with each of the collation ECU 8 and the slave communication device 35. For example, the interface unit 39 outputs an operation signal to the slave communication device 35. The communication control unit 38 controls the operation of the slave communication device 35. When there are a plurality of slave communication devices 35, the communication control unit 38 sets the operation order of the plurality of slave communication devices 35, or selectively operates a part of the plurality of slave communication devices 35. .. The volatile memory 40b, the non-volatile memory 41b, the acquisition unit 42b, the second communication unit 43b, the update unit 44b, and the measurement unit 45b will be described in detail later.

The slave communication device 35 includes a volatile memory 40a, a non-volatile memory 41a, an acquisition unit 42a, a first communication unit 43a, an update unit 44a, and a measurement unit 45a. The volatile memory 40a, the non-volatile memory 41a, the acquisition unit 42a, the first communication unit 43a, the update unit 44a, and the measurement unit 45a will be described in detail later.

Here, an example of installation of the communication device 31 will be described with reference to FIG. In the example shown in FIG. 2, communication devices 31 are installed at five locations in the vehicle 1. Of the communication devices 31, the master communication device 34 is arranged in the interior of the vehicle 1 to transmit radio waves for distance measurement into the interior of the vehicle. The radio wave for distance measurement will be described later. The first slave communication device 35a is arranged in the front corner of the driver's seat of the vehicle 1 to transmit radio waves for distance measurement to the front of the vehicle 1 and the driver's seat side. The second slave communication device 35b is arranged in the front corner of the passenger seat of the vehicle 1 to transmit radio waves for distance measurement to the front of the vehicle 1 and the passenger seat side.

The third slave communication device 35c is arranged in the corner on the rear side of the driver's seat of the vehicle 1 to transmit radio waves for distance measurement to the rear of the vehicle 1 and the driver's seat side. The fourth slave communication device 35d is arranged in the corner behind the passenger seat of the vehicle 1 to transmit radio waves for distance measurement to the rear of the vehicle 1 and the passenger seat side. However, the installation of the communication device 31 is not limited to such an example.

The explanation will be continued by returning to FIG. The non-volatile memory 41a of the slave communication device 35 and the non-volatile memory 41b of the master communication device 34 each store the first encryption key. That is, the first encryption key used by the slave communication device 35 and the first encryption key used by the master communication device 34 are common encryption keys. Further, the non-volatile memory 41b of the master communication device 34 and the non-volatile memory 16 of the collation ECU 8 store the second encryption key, respectively. That is, the second encryption key used by the master communication device 34 and the second encryption key used by the collation ECU 8 are common encryption keys.

In this example, the first encryption key stored in each of the non-volatile memory 41a of the slave communication device 35 and the non-volatile memory 41b of the master communication device 34, the non-volatile memory 41b of the master communication device 34, and the collation ECU 8. It is mainly assumed that the second encryption key stored in each of the non-volatile memories 16 is different. However, the first encryption key and the second encryption key may be the same. How each of the first encryption key and the second encryption key is used will be described in detail later.

(Communication for distance measurement)
Subsequently, communication for distance measurement and notification of the determination result of the measured value will be described. For example, when the distance measurement request is output from the collation ECU 8, the interface unit 39 of the master communication device 34 receives the input of the distance measurement request from the collation ECU 8. When the interface unit 39 receives the input of the distance measurement request, the communication control unit 38 outputs the distance measurement request to the slave communication device 35 via the interface unit 39. The timing at which the distance measurement request is output from the collation ECU 8 is when smart communication is established (for example, when the vehicle 1 receives an ack signal from the terminal 2 with respect to the wake signal transmitted from the vehicle 1). It may be present, or it may be when the outdoor smart collation or the indoor smart collation is established.

When the communication device 31 (master communication device 34 and slave communication device 35) receives the input of the distance measurement request, the communication device 31 (master communication device 34 and slave communication device 35) starts communication for distance measurement with the terminal 2, respectively.

Next, communication for distance measurement will be described. In this example, it is mainly assumed that the radio waves used for communication for distance measurement (radio waves for distance measurement and its response radio waves) are performed using radio waves in the UWB band. Therefore, in the following, the radio wave used for communication for distance measurement may be described as "UWB radio wave Sa". However, the radio waves used for communication for distance measurement are not limited to radio waves in the UWB band.

First, in the communication for distance measurement, the communication device 31 (that is, the master communication device 34 and the slave communication device 35) transmits the UWB radio wave Sa. When the UWB transmission / reception unit 33 of the terminal 2 receives the UWB radio wave Sa from the communication device 31, it returns the UWB radio wave Sa as a response. Then, the communication device 31 receives the UWB radio wave Sa transmitted from the terminal 2. At this time, the measuring unit 45 of the communication device 31 (that is, the measuring unit 45b of the master communication device 34 and the measuring unit 45a of the slave communication device 35) has a measured value Vm (that is, a measured value Vm (that is,) according to the distance between the communication device 31 and the terminal 2. Measure the distance measurement value corresponding to the distance).

More specifically, the measuring unit 45 of the communication device 31 calculates the propagation time from the transmission of the UWB radio wave Sa to the reception of the UWB radio wave Sa which is the response, and from this propagation time between the communication device 31 and the terminal 2. Calculate the measured value Vm (distance measurement value corresponding to the distance) according to the distance of. Further, the measuring unit 45 determines whether or not the measured value Vm is valid. Whether or not the measured value Vm is valid is determined by, for example, whether or not the measured value Vm is less than the specified value Vk.

(Update encryption key)
As described above, the communication device 31 performs communication (first communication) for distance measurement with the terminal 2. Then, the communication device 31 obtains the measured value Vm as a result of the communication for the distance measurement. The communication device 31 obtains a determination result indicating whether or not the measured value Vm is valid. The communication device 31 transmits the determination result to the collation ECU 8 by communication (second communication) via the communication line. For example, the slave communication device 35 transmits the determination result to the collation ECU 8 via the communication line 37, the master communication device 34, and the communication line 36. Further, the master communication device 34 transmits the determination result to the collation ECU 8 via the communication line 36. The communication partner with the communication device 31 is different between the communication for measuring the distance and the communication via the communication line.

The collation ECU 8 receives the determination result from the communication device 31 by communication via the communication line. In the collation ECU 8, the collation result of smart collation is enabled or invalidated according to the determination result.

At this time, it is assumed that the communication device 31 does not transmit the determination result to the collation ECU 8 as it is, but generates communication data by processing the determination result and transmits the communication data to the collation ECU 8. In such a case, if the communication data is generated after the result is derived in the communication device 31, it takes time to complete the transmission of the communication data. Therefore, in the present embodiment, the communication device 31 accelerates the timing from the completion of the communication with the terminal 2 to the transmission of the communication data corresponding to the communication result to the collation ECU 8.

The terminal 2 is an example of an external device that communicates with the communication device 31 (first communication), and the communication for distance measurement is communication performed between the communication device 31 and the external device (first communication). ), And the measured value Vm is an example of the result of communication (first communication) performed between the communication device 31 and the external device. Therefore, the external device that communicates with the communication device 31 (first communication) is not limited to the terminal 2, and the communication (first communication) performed between the communication device 31 and the external device is for distance measurement. The result of communication (first communication) performed between the communication device 31 and the external device is not limited to the measured value Vm.

Further, the determination result indicating whether or not the measured value Vm is valid is an example of communication data corresponding to the result of communication (first communication) performed between the communication device 31 and the external device. Therefore, the communication data corresponding to the result of the communication (first communication) performed between the communication device 31 and the external device is not limited to the determination result indicating whether or not the measured value Vm is valid. For example, the communication data corresponding to the result of the communication (first communication) performed between the communication device 31 and the external device is some based on the communication (first communication) performed between the communication device 31 and the external device. It may be a determination result (for example, a result indicating a normal determination or a result indicating an abnormality determination).

The collation ECU 8 is an example of a control device that performs communication (second communication) with the communication device 31 via a communication line, and communication via the communication line is performed between the communication device 31 and the control device. This is an example of communication (second communication). Therefore, the control device that performs communication (second communication) with the communication device 31 via the communication line is not limited to the collation ECU 8, and the communication (second communication) performed between the communication device 31 and the control device. ) Is not limited to communication via a communication line. Further, in this example, encryption using an encryption key is assumed as an example of processing for the determination result. However, the processing for the determination result is not limited to the encryption using the encryption key.

The update control unit 47 of the collation ECU 8 generates a random number α and a random number β when a predetermined condition (hereinafter, also referred to as a “solution generation condition”) is satisfied, and outputs the random number β to the update unit 44c of the collation ECU 8. At the same time, the random number α and the random number β are transmitted to the master communication device 34 via the communication line 36. As a result, when the key generation condition is satisfied for the first time, a random number is generated for the first time. If the key generation condition is satisfied from the second time onward, the random number is updated. When the interface unit 39 of the master communication device 34 receives the random number α and the random number β from the collation ECU 8 via the communication line 36, the interface unit 39 outputs the random number α and the random number β to the update unit 44b and outputs the random number α and the random number β to the update unit 44b, and also outputs the random number α via the communication line 37. Is transmitted to the slave communication device 35.

When the random number α is received from the master communication device 34 via the communication line 37, the update unit 44a of the slave communication device 35 generates a first encryption selection solution based on the random number α and the first encryption key. More specifically, the update unit 44a of the slave communication device 35 generates the first encryption selective solution by encrypting the random number α using the first encryption key. The random number α here can correspond to the first-choice solution. Then, when the first cipher selection solution is generated for the first time, the update unit 44a stores the generated first cipher selection solution in the volatile memory 40a. On the other hand, when the first cipher selection solution is generated from the second time onward, the update unit 44a updates the first cipher selection solution stored in the volatile memory 40a by the generated first cipher selection solution. According to such a configuration, the security of the first cipher selection solution is improved.

FIG. 1 shows a first cipher selection solution stored in the volatile memory 40a of the slave communication device 35. Here, the number of the first cipher selection solutions is not limited, but at least the number of the first cipher selection solutions corresponding to the type of the determination result is stored in the volatile memory 40a. In this example, since there are two types of determination results, the two first cipher selection solutions are stored in the volatile memory 40a. That is, the update unit 44a has a first cipher selection solution corresponding to the determination result indicating that the measured value Vm is valid, and a first cipher selection solution corresponding to the determination result indicating that the measured value Vm is not valid. Is stored in the volatile memory 40a. The determination result may be one type or three or more types.

When the random number α is input from the interface unit 39, the update unit 44b of the master communication device 34 generates a first encryption collation solution based on the random number α and the first encryption key. More specifically, the update unit 44b of the master communication device 34 generates the first encryption collation solution by encrypting the random number α using the first encryption key. The random number α here can correspond to the first collation solution. Then, when the first cryptographic collation solution is generated for the first time, the update unit 44b stores the generated first cryptographic collation solution in the volatile memory 40b. On the other hand, when the first cipher collation solution is generated from the second time onward, the update unit 44b updates the first cipher collation solution stored in the volatile memory 40b by the generated first cipher collation solution. According to such a configuration, the security of the first cryptographic collation solution is improved.

FIG. 1 shows a first cryptographic collation solution stored in the volatile memory 40b of the master communication device 34. Here, the number of the first cryptographic collation solutions is not limited, but at least the number of the first cryptographic collation solutions corresponding to the type of the determination result is stored in the volatile memory 40b. In this example, since there are two types of determination results, the two first cryptographic collation solutions are stored in the volatile memory 40b. That is, the update unit 44b has a first cryptographic collation solution corresponding to the determination result indicating that the measured value Vm is valid, and a first cryptographic collation solution corresponding to the determination result indicating that the measured value Vm is not valid. Is stored in the volatile memory 40b.

Further, when the random number β is input from the interface unit 39, the update unit 44b of the master communication device 34 generates a second encryption selection solution based on the random number β and the second encryption key. More specifically, the update unit 44b of the master communication device 34 generates a second encryption selective solution by encrypting the random number β using the second encryption key. The random number β here may correspond to the second-choice solution. Then, when the second cipher selection solution is generated for the first time, the update unit 44b stores the generated second cipher selection solution in the volatile memory 40b. On the other hand, when the second cipher selection solution is generated from the second time onward, the update unit 44b updates the second cipher selection solution stored in the volatile memory 40b by the generated second cipher selection solution. According to such a configuration, the security of the second cipher selection solution is improved.

FIG. 1 shows a second cipher selection solution stored in the volatile memory 40b of the master communication device 34. Here, the number of the second cipher selection solutions is not limited, but at least the number of the second cipher selection solutions corresponding to the type of the determination result is stored in the volatile memory 40b. In this example, since there are two types of determination results, the two second cipher selection solutions are stored in the volatile memory 40b. That is, the update unit 44b has a second cipher selection solution corresponding to the determination result indicating that the measured value Vm is valid, and a second cipher selection solution corresponding to the determination result indicating that the measured value Vm is not valid. Is stored in the volatile memory 40b.

When the random number β is input from the update control unit 47, the update unit 44c of the collation ECU 8 generates a second encryption collation solution based on the random number β and the second encryption key. More specifically, the update unit 44c of the collation ECU 8 generates a second encryption collation solution by encrypting the random number β using the second encryption key. The random number β here can correspond to the second collation solution. Then, when the second cipher collation solution is generated for the first time, the update unit 44c stores the generated second cipher collation solution in the volatile memory 15. On the other hand, when the second cipher collation solution is generated from the second time onward, the update unit 44c updates the second cipher collation solution stored in the volatile memory 15 by the generated second cipher collation solution. According to such a configuration, the security of the second cryptographic collation solution is improved.

FIG. 1 shows a second cryptographic collation solution stored in the volatile memory 15 of the collation ECU 8. Here, the number of the first cipher selection solutions is not limited, but at least the number of the second cipher collation solutions corresponding to the type of the determination result is stored in the volatile memory 15. In this example, since there are two types of determination results, the two second cryptographic collation solutions are stored in the volatile memory 15. That is, the update unit 44c has a second cryptographic collation solution corresponding to the determination result indicating that the measured value Vm is valid, and a second cryptographic collation solution corresponding to the determination result indicating that the measured value Vm is not valid. Is stored in the volatile memory 15.

The solution generation condition is the same as the timing when the distance measurement request is output from the collation ECU 8, and the condition that the smart communication is established (for example, the wake signal transmitted from the vehicle 1 is subjected to the ack signal from the terminal 2). It may be a condition that the vehicle 1 has received it), or it may be a condition that the outdoor smart collation or the indoor smart collation has been established. That is, the solution generation condition may be a condition that communication for authentication of the terminal 2 is established, or a condition that a part of the authentication of the terminal 2 is established.

According to such a configuration, if the encryption selection solution is updated every time the terminal 2 is authenticated, the security of the encryption selection solution is improved. In particular, when the terminal 2 is authenticated, communication for distance measurement is performed, it is determined whether or not the measured value Vm is valid, and a cipher selection solution corresponding to the determination result is transmitted to the collation ECU 8. It is assumed that it is configured as such. In such a case, if the encryption selection solution is updated every time the terminal 2 is authenticated, the encryption selection solution is updated every time the encryption selection solution is transmitted to the collation ECU 8, so that the encryption selection solution is updated. Security is further improved.

In this example, when the solution generation condition is the condition that the communication for the authentication of the terminal 2 is established, and the distance measurement request output from the collation ECU 8 to the master communication device 34 is a random number α and a random number. It is mainly assumed that β is added. However, the distance measurement request may not be accompanied by the random number α and the random number β, and the distance measurement request and the random number α and the random number β may be separately output from the collation ECU 8 to the master communication device 34.

The solution generation conditions are not limited to this example. For example, the solution generation condition may include a condition that a predetermined time has elapsed. According to such a configuration, the same encryption key is not used even after a predetermined time has elapsed, so that it is expected that the security of the encryption selection solution will be improved. The predetermined time may be a time that arrives only once, or a time that arrives a plurality of times. Further, the time that arrives a plurality of times may be a time that arrives a plurality of times on a regular basis.

Alternatively, the solution generation condition may include a condition that the number of times of communication (encryption communication) using the common encryption key performed between the terminal 2 and the communication device 31 has reached a predetermined number of times. According to such a configuration, the same encryption key is not used even after the number of times of encrypted communication reaches a predetermined number of times, so that it is expected that the security of the encryption selection solution is improved. The number of encrypted communications performed between the terminal 2 and the communication device 31 may be notified to the collation ECU 8 from each of the terminal 2 and the communication device 31 and managed by the collation ECU 8.

Further, in this example, it is assumed that a random number is generated by the update control unit 47. However, the data generated by the update control unit 47 is not limited to random numbers. For example, the data generated by the update control unit 47 may be data that changes regularly. That is, the data generated by the update control unit 47 may be any information that can change with the passage of time, and more preferably information that changes each time it is output. Further, in this example, in order to improve security, it is mainly assumed that the random number α and the random number β have different values. However, the random number α and the random number β may have the same value.

As described above, the first cipher selection solution and the first cipher collation solution are generated based on the encryption by the common key cryptosystem using the first cipher key. According to such a configuration, the confidentiality of communication is improved. Further, if the first selection solution and the first collation solution to be encrypted by the first encryption key have the same value (in the above example, both the first selection solution and the first collation solution are random numbers α), the first The cipher selection solution and the first cipher collation solution are generated as the same value. According to such a configuration, the collation with the first cipher selection solution and the first cipher collation solution can be easily determined based on whether or not both of them match. However, the first cipher selection solution and the first cipher collation solution do not have to be generated as the same value, and if the correspondence between the first cipher selection solution and the first cipher collation solution is known, such a correspondence can be obtained. Based on this, collation with the first cipher selection solution and the first cipher collation solution can be performed.

Similarly, the second cipher selection solution and the second cipher collation solution are generated based on encryption by a common key cryptosystem using a second cipher key. According to such a configuration, the confidentiality of communication is improved. Further, if the second selection solution and the second collation solution to be encrypted by the second encryption key have the same value (in the above example, both the second selection solution and the second collation solution are random numbers β). The second cipher selection solution and the second cipher collation solution are generated as the same value. According to such a configuration, the collation with the second cipher selection solution and the second cipher collation solution can be easily determined based on whether or not both of them match. However, the second cipher selection solution and the second cipher collation solution do not have to be generated as the same value, and if the correspondence between the second cipher selection solution and the second cipher collation solution is known, such a correspondence can be obtained. Based on this, collation with the second cipher selection solution and the second cipher collation solution can be performed.

(Notification of judgment result)
The communication device 31 transmits to the collation ECU 8 a cipher selection solution selected according to a determination result indicating whether or not the measured value Vm is valid. Then, the collation ECU 8 receives the cipher selection solution transmitted from the communication device 31. According to such a configuration, a cipher selection solution corresponding to the determination result is prepared even before the communication for measuring the distance between the communication device 31 and the terminal 2 is completed. Therefore, according to such a configuration, it is possible to accelerate the timing from the completion of the communication for distance measurement to the output of the cipher selection solution corresponding to the determination result to the collation ECU 8.

The collation unit 46 of the collation ECU 8 collates the received cipher selection solution with the cipher collation solution prepared corresponding to the cipher selection solution. According to such a configuration, a cryptographic collation solution corresponding to the received cryptographic selection solution is prepared in advance. Therefore, according to such a configuration, it is possible to accelerate the timing of obtaining the cipher collation solution matching the cipher selection solution and obtaining the determination result corresponding to the cipher collation solution after receiving the cipher selection solution. Become.

In this example, both the slave communication device 35 and the master communication device 34 transmit a determination result indicating whether or not the measured value Vm is valid.

First, the acquisition unit 42a of the slave communication device 35 acquires the first cipher selection solution corresponding to the determination result obtained by the measurement unit 45a from the volatile memory 40a, and the first communication unit 43a is acquired by the acquisition unit 42a. The obtained first cipher selection solution is transmitted to the master communication device 34 via the communication line 37. According to such a configuration, since the first cipher selection solution corresponding to the determination result is prepared in advance, the time from the acquisition of the determination result to the transmission of the first cipher selection solution corresponding to the determination result is obtained. Can be shortened.

More specifically, when the measurement unit 45a obtains a determination result indicating that the measured value Vm is valid, the acquisition unit 42a selects the first code corresponding to the determination result indicating that the measured value Vm is valid. The solution is acquired from the volatile memory 40a, and the first communication unit 43a transmits the first code selection solution corresponding to the determination result indicating that the measured value Vm is valid to the master communication device 34 via the communication line 37. Send. According to such a configuration, as will be described later, the collation ECU 8 can obtain a determination result indicating that the measured value Vm is valid.

On the other hand, when the measurement unit 45a obtains a determination result indicating that the measured value Vm is not valid, the acquisition unit 42a obtains a first code selection solution corresponding to the determination result indicating that the measured value Vm is not valid. Acquired from the volatile memory 40a, the first communication unit 43a transmits the first code selection solution corresponding to the determination result indicating that the measured value Vm is not valid to the master communication device 34 via the communication line 37. .. According to such a configuration, as will be described later, the collation ECU 8 can obtain a determination result indicating that the measured value Vm is not valid.

When the acquisition unit 42b of the master communication unit 34 receives the first cipher selection solution from the slave communication unit 35 via the communication line 37 by the second communication unit 43b, the first cipher received by the second communication unit 43b The selected solution is collated with the first cryptographic collation solution stored in the volatile memory 40b. According to this configuration, since the first cipher collation solution is prepared in advance, the time from receiving the first cipher selection solution to obtaining the first cipher selection solution corresponding to the first cipher selection solution is obtained. Can be shortened.

The second communication unit 43b corresponds to the first cipher collation solution acquired by the acquisition unit 42b when the first cipher collation solution matching the first cipher selection solution is acquired from the volatile memory 40b by the acquisition unit 42b. The second cipher selection solution is transmitted to the collation ECU 8 via the communication line 36. According to this configuration, since the second cipher selection solution corresponding to the first cipher collation solution is prepared in advance, the second cipher corresponding to the first cipher collation solution is received after the first cipher collation solution is received. The time to send the selected solution can be shortened.

More specifically, the second communication unit 43b is the first cipher collation solution corresponding to the determination result indicating that the measured value Vm is valid as the first cipher collation solution that matches the first cipher selection solution by the acquisition unit 42b. Is acquired from the volatile memory 40b, a second cipher selection solution corresponding to the determination result indicating that the measured value Vm is valid is transmitted to the collation ECU 8 via the communication line 36. According to such a configuration, as will be described later, the collation ECU 8 can obtain a determination result indicating that the measured value Vm is valid.

On the other hand, in the second communication unit 43b, as the first cipher collation solution that matches the first cipher selection solution by the acquisition unit 42b, the first cipher collation solution corresponding to the determination result indicating that the measured value Vm is not valid is volatile. When acquired from the sex memory 40b, a second cipher selection solution corresponding to a determination result indicating that the measured value Vm is not valid is transmitted to the collation ECU 8 via the communication line 36. According to such a configuration, as will be described later, the collation ECU 8 can obtain a determination result indicating that the measured value Vm is not valid.

It is also assumed that the first cipher collation solution matching the first cipher selection solution received by the second communication unit 43b is not acquired from the volatile memory 40b by the acquisition unit 42b. In such a case, the second communication unit 43b does not have to transmit anything to the collation ECU 8 via the communication line 36. Alternatively, the communication unit 43b may transmit information indicating that the first cryptographic collation solution is not acquired to the collation ECU 8 via the communication line 36. As a result, if the receiving unit 49 of the collation ECU 8 receives information indicating that the first cryptographic collation solution is not acquired, the collation unit 46 of the collation ECU 8 does not receive the second cryptographic collation solution from the master communication device 34. Even if the above occurs, it can be grasped that the situation has occurred because the first cryptographic collation solution is not acquired in the master communication device 34.

Further, the acquisition unit 42b of the master communication device 34 acquires the second cipher selection solution corresponding to the determination result obtained by the measurement unit 45b from the volatile memory 40b, and the second communication unit 43b acquires it by the acquisition unit 42b. The second cipher selection solution is transmitted to the collation ECU 8 via the communication line 36. According to such a configuration, since the second cipher selection solution corresponding to the determination result is prepared in advance, the time from the acquisition of the determination result to the transmission of the second cipher selection solution corresponding to the determination result is obtained. Can be shortened.

More specifically, when the measurement unit 45b obtains a determination result indicating that the measured value Vm is valid, the acquisition unit 42b selects a second code corresponding to the determination result indicating that the measured value Vm is valid. The solution is acquired from the volatile memory 40b, and the second communication unit 43b transmits the second code selection solution corresponding to the determination result indicating that the measured value Vm is valid to the matching ECU 8 via the communication line 36. .. According to such a configuration, as will be described later, the collation ECU 8 can obtain a determination result indicating that the measured value Vm is valid.

On the other hand, when the measurement unit 45b obtains a determination result indicating that the measured value Vm is not valid, the acquisition unit 42b obtains a second code selection solution corresponding to the determination result indicating that the measured value Vm is not valid. Acquired from the volatile memory 40b, the second communication unit 43b transmits a second code selection solution corresponding to the determination result indicating that the measured value Vm is not valid to the matching ECU 8 via the communication line 36. According to such a configuration, as will be described later, the collation ECU 8 can obtain a determination result indicating that the measured value Vm is not valid.

When the collating unit 46 of the collating ECU 8 receives the second cipher selection solution from the master communication device 34 via the communication line 36 by the receiving unit 49, the collating unit 46 receives the second cipher selection solution and the volatile memory by the receiving unit 49. It is collated with the second cryptographic collation solution stored in 15. According to such a configuration, a second cipher collation solution corresponding to the second cipher selection solution received by the receiving unit 49 is prepared in advance. Therefore, according to such a configuration, after the second cipher selection solution is received by the receiving unit 49, a second cipher collation solution matching the second cipher selection solution is obtained and a determination corresponding to the second cipher collation solution is obtained. It is possible to accelerate the timing of obtaining results.

When the collation unit 46 acquires the second cipher collation solution that matches the second cipher selection solution from the volatile memory 15, the processing execution unit 17 obtains a determination result corresponding to the acquired second cipher collation solution. More specifically, the processing execution unit 17 uses the volatile memory 15 as the second cipher collation solution that matches the second cipher selection solution, and sets the second cipher collation solution corresponding to the determination result indicating that the measured value Vm is valid. When obtained from, a determination result indicating that the measured value Vm is valid is obtained. On the other hand, the processing execution unit 17 acquires a second cipher collation solution corresponding to the determination result indicating that the measured value Vm is not valid from the volatile memory 15 as the second cipher collation solution compatible with the second cipher selection solution. If so, a determination result indicating that the measured value Vm is not valid is obtained.

It is also assumed that the collation unit 46 does not acquire the second cipher collation solution that matches the second cipher selection solution from the volatile memory 15. In such a case, the processing execution unit 17 may obtain a determination result indicating that the measured value Vm is not valid (it may be determined that the measured value Vm is not valid).

The processing execution unit 17 determines whether or not the smart collation can be established based on the determination result indicating whether or not the measured value Vm is valid. For example, the processing execution unit 17 enables the establishment of smart collation when a determination result indicating that the measured value Vm is valid is input from at least one communication device 31. On the other hand, the processing execution unit 17 invalidates the establishment of the smart collation when the determination result indicating that the measured value Vm is valid is not input from any of the communication devices 31. The collation ECU 8 permits or executes the operation of the in-vehicle device 3 when the establishment of smart collation is enabled.

<< 1.2. Operation example >>
Next, the operation of the distance measurement system 30 of the present embodiment will be described with reference to FIGS. 3 and 4.

As shown in FIG. 3, in step S101, the collation ECU 8 transmits a distance measurement request to the master communication device 34. Further, the update control unit 47 generates random numbers α and β, and transmits the random numbers α and β to the master communication device 34 together with the distance measurement request. At this time, the update unit 44c updates the second encryption collation solution using the random number β and the second encryption key. As described above, the distance measurement request and the random numbers α and β are, for example, when smart communication is established (for example, when the vehicle 1 receives an ack signal from the terminal 2 with respect to the wake signal transmitted from the vehicle 1). It may be transmitted to when the outdoor smart collation or the indoor smart collation is established. The establishment of smart communication means that, for example, the vehicle 1 receives an ack signal from the terminal 2 in response to a wake signal transmitted from the vehicle 1. Further, as described above, the distance measurement request and the random numbers α and β may be transmitted at different timings.

In step S102, when the interface unit 39 of the master communication device 34 receives the distance measurement request and the random numbers α and β, the update unit 44b of the master communication device 34 uses the random number α and the first encryption key to perform the first encryption verification. The solution is updated, and the second cipher selection solution is updated using the random number β and the second encryption key. Further, the communication control unit 38 of the master communication device 34 sets the operation order of the slave communication devices 35a to 35d, and notifies the slave communication devices 35a to 35d of the distance measurement request and the random number α according to the operation order. In this way, by making the timing of notification of the distance measurement request different between the slave communication devices 35a to 35d, the operation timing of the slave communication devices 35a to 35d can be made different.

Upon receiving the distance measurement request and the notification of the random number α, the update unit 44a of each of the slave communication devices 35a to 35d updates the first cipher selection solution using the random number α and the first encryption key. As a result, the first cipher selection solution, the first cipher collation solution, the second cipher selection solution, and the second cipher collation solution are updated to unique values that are valid only in this communication.

In this example, the first encryption key used by the master communication device 34 and the first encryption key used by the slave communication device 35 are common encryption keys. That is, the first cipher selection solution and the first cipher collation solution are encrypted by the common key cryptosystem. Further, the data that is the source of the first cryptographic selective solution (that is, the first selective solution) and the data that is the source of the first cryptographic collation solution (that is, the first collation solution) have the same value (in this example, a random number). In the case of α), the first cipher selection solution and the first cipher collation solution have the same value.

Similarly, in this example, the second encryption key used by the master communication device 34 and the second encryption key used by the collation ECU 8 are common encryption keys. That is, the second cipher selection solution and the second cipher collation solution are encrypted by the common key cryptosystem. Further, the data that is the source of the second cryptographic selective solution (that is, the second selective solution) and the data that is the source of the second cryptographic collation solution (that is, the second collation solution) have the same value (in this example, a random number). In the case of β), the second cipher selection solution and the second cipher collation solution have the same value.

In step S103, each of the slave communication devices 35a to 35d receives the UWB radio wave Sa from the terminal 2 when receiving the distance measurement request and the notification of the random number α (that is, when it comes to its own operation timing), and responds to the UWB radio wave Sa. The UWB radio wave Sa is transmitted to the terminal 2. Upon receiving the response from each of the slave communication devices 35a to 35d, the UWB transmission / reception unit 33 of the terminal 2 further transmits the UWB radio wave Sa. The measuring units 45a of each of the slave communication devices 35a to 35d measure the time from transmitting the response UWB radio wave Sa to receiving the UWB radio wave Sa again. Then, the measuring units 45a of each of the slave communication devices 35a to 35d calculate the measured value Vm according to the distance between itself and the terminal 2 from the measured time.

The measuring units 45a of each of the slave communication devices 35a to 35d determine the validity of the calculated measured value Vm. When the measured value Vm is less than the specified value Vk, the measuring unit 45a of each of the slave communication devices 35a to 35d determines that the distance between the vehicle 1 and the terminal 2 is valid. On the other hand, when the measured value Vm is the specified value Vk or more, the measuring units 45a of each of the slave communication devices 35a to 35d determine that the distance between the vehicle 1 and the terminal 2 is not valid.

On the other hand, when the operation timing of the master communication device 34 is reached, the master communication device 34 does not notify the distance measurement request, receives the UWB radio wave Sa from the terminal 2, and transmits the UWB radio wave Sa in response to the UWB radio wave Sa to the terminal 2. .. Upon receiving the response from the master communication device 34, the UWB transmission / reception unit 33 of the terminal 2 further transmits the UWB radio wave Sa. The measuring unit 45b of the master communication device 34 measures the time from transmitting the response UWB radio wave Sa to receiving the UWB radio wave Sa again. Then, the measuring unit 45b of the master communication device 34 calculates the measured value Vm according to the distance between itself and the terminal 2 from the measured time.

The measuring unit 45b of the master communication device 34 determines the validity of the calculated measured value Vm. When the measured value Vm is less than the specified value Vk, the measuring unit 45b of the master communication device 34 determines that the distance between the vehicle 1 and the terminal 2 is valid. On the other hand, when the measured value Vm is the specified value Vk or more, the measuring unit 45b of the master communication device 34 determines that the distance between the vehicle 1 and the terminal 2 is not valid.

In step S104, when the first communication unit 43a of each of the slave communication devices 35a to 35d obtains a determination result indicating whether or not the measured value Vm is valid by the measurement unit 45a, the first communication unit corresponding to the determination result. Notify the master communication device 34 of the cipher selection solution.

In step S105, when the second communication unit 43b of the master communication device 34 is notified from each of the slave communication devices 35a to 35d of the determination result indicating whether or not the measured value Vm is valid, the slave communication devices 35a to 35a to The collation ECU 8 is notified of the second cipher selection solution corresponding to the determination result notified from each of the 35d. Further, when the measurement unit 45b obtains a determination result indicating whether or not the measured value Vm is valid, the second communication unit 43b of the master communication device 34 corresponds to the determination result obtained by the measurement unit 45b. 2 Notify the collation ECU 8 of the cipher selection solution.

Subsequently, a method of notifying the determination result will be described with reference to FIGS. 4 (a) and 4 (b).

As shown in FIG. 4A, when the measuring unit 45a of the slave communication device 35 determines that the measured value Vm is valid, the acquisition unit 42a of the slave communication device 35 takes the measured value from the volatile memory 40a. The first cipher selection solution A corresponding to the determination result indicating that Vm is valid is acquired. The first communication unit 43a transmits the first cipher selection solution A corresponding to the determination result indicating that the measured value Vm is valid to the master communication device 34.

The volatile memory 40b of the master communication device 34 stores the first cipher collation solution A'and the second cipher selection solution C corresponding to the determination result indicating that the measured value Vm is valid. The first cipher selection solution A corresponding to the determination result indicating that the measured value Vm is valid, which is input from the slave communication device 35 by the collation unit 46, and the first cipher collation solution registered in the volatile memory 40b. When it is confirmed that A'matches, the second communication unit 43b transmits the second cipher selection solution C corresponding to the first cipher collation solution A'to the collation ECU 8.

The volatile memory 15 of the collation ECU 8 stores the second cryptographic collation solution C'corresponding to the determination result indicating that the measured value Vm is valid. The second cipher selection solution C corresponding to the determination result indicating that the measured value Vm is valid, which is input from the master communication device 34 by the collation unit 46, and the second cipher collation solution registered in the volatile memory 15. When it is confirmed that C'matches, the processing execution unit 17 obtains a determination result corresponding to the second cryptographic collation solution C', that is, a determination result indicating that the measured value Vm is valid.

Similarly, when the measurement unit 45b of the master communication device 34 determines that the measured value Vm is valid, the acquisition unit 42b of the master communication device 34 determines that the measured value Vm is valid. The corresponding second cryptographic selective solution C is acquired from the volatile memory 40b. Then, the second communication unit 43b transmits the second cipher selection solution C to the collation ECU 8. As a result, the collation ECU 8 recognizes a determination result indicating that the measured value Vm is valid.

As shown in FIG. 4B, when the measuring unit 45a of the slave communication device 35 determines that the measured value Vm is not valid, the acquisition unit 42a of the slave communication device 35 measures the measured value from the volatile memory 40a. The first cipher selection solution B corresponding to the determination result indicating that Vm is not valid is acquired. The first communication unit 43a transmits the first cipher selection solution B corresponding to the determination result indicating that the measured value Vm is not valid to the master communication device 34.

The volatile memory 40b of the master communication device 34 stores the first cipher collation solution B'and the second cipher selection solution D corresponding to the determination result indicating that the measured value Vm is not valid. The first cipher selection solution B corresponding to the determination result indicating that the measured value Vm is not valid, which is input from the slave communication device 35 by the collation unit 46, and the first cipher collation solution registered in the volatile memory 40b. When it is confirmed that B'matches, the second communication unit 43b transmits the second cipher selection solution D corresponding to the first cipher collation solution B'to the collation ECU 8.

The volatile memory 15 of the collation ECU 8 stores a second cryptographic collation solution D'corresponding to a determination result indicating that the measured value Vm is valid. The second cipher selection solution D corresponding to the determination result indicating that the measured value Vm registered in the volatile memory 15 input from the master communication device 34 by the collating unit 46 is not valid, and the volatile memory 15 When it is confirmed that the registered second cryptographic verification solution D'matches, the processing execution unit 17 indicates that the determination result corresponding to the second cryptographic verification solution D', that is, the measured value Vm is not valid. The judgment result indicating is obtained.

Similarly, when the measurement unit 45b of the master communication device 34 determines that the measured value Vm is not valid, the acquisition unit 42b of the master communication device 34 gives a determination result indicating that the measured value Vm is not valid. The corresponding second cryptographic selective solution D is obtained from the volatile memory 40b. Then, the second communication unit 43b transmits the second cipher selection solution D to the collation ECU 8. As a result, the collation ECU 8 recognizes a determination result indicating that the measured value Vm is not valid.

Further, when the first cipher selection solution input from the slave communication device 35 to the acquisition unit 42b of the master communication device 34 does not match either of the first cipher collation solutions A'and B'registered in the volatile memory 40b. Is also assumed. In such a case, as described above, the second communication unit 43b does not have to transmit any of the second cipher selection solutions C and D to the collation ECU 8, and the acquisition unit 42b does not acquire the first cipher collation solution. It is preferable to transmit the information indicating the above to the collation ECU 8.

A specific example is shown in FIG. 4 (c). As shown in FIG. 4C, the first cipher selection solution E input from the slave communication device 35 to the acquisition unit 42b of the master communication device 34 is the first cipher collation solution A registered in the volatile memory 40b. It is also assumed that neither'or B'matches (“cryptographic mismatch” in FIG. 4C). In such a case, as described above, the second communication unit 43b indicates that the acquisition unit 42b does not acquire the first cryptographic collation solution as the determination result of the measured value Vm in the slave communication device 35 (FIG. 4 (c). ), The "encryption mismatch") is transmitted to the collation ECU 8.

As a result, it is recognized that the collation ECU 8 does not acquire the first cryptographic collation solution corresponding to the determination result of the measured value Vm in the slave communication device 35. It is assumed that the reason why the first cryptographic collation solution corresponding to the determination result of the measured value Vm in the slave communication device 35 is not acquired is that the slave communication device 35 is cheated.

FIG. 5 is a table summarizing an example of the correspondence between the notification to the collation ECU 8, the determination result of the measured value Vm in the master communication device 34, and the determination result of the measured value Vm in the slave communication device 35. In the example shown in FIG. 5, "OK" indicates that the measured value Vm is valid, and "NG" indicates that the measured value Vm is not valid. “Cryptographic decipherment mismatch” indicates that the first cryptographic collation solution or the second cryptographic selection solution corresponding to the determination result of the measured value Vm in the communication device 31 is not acquired.

As shown in the first to fourth lines of FIG. 5, the second communication unit 43b of the master communication device 34 may notify the collation ECU 8 of the second cipher selection solution aggregated into one. That is, at least one of the determination result notified from each of the slave communication devices 35a to 35d and the determination result obtained by the measurement unit 45b of the master communication device 34 may indicate that the measurement Vm is valid. is assumed. In such a case, the second communication unit 43b of the master communication device 34 may notify the collation ECU 8 of the second cipher selection solution C corresponding to the determination result indicating that the measurement Vm is valid.

Therefore, when the measurement unit 45b of the master communication device 34 obtains a determination result indicating that the measurement Vm is valid, the second communication unit 43b of the master communication device 34 can be used from the slave communication devices 35a to 35d, respectively. Instead of waiting for the notified determination result to be obtained, the collation ECU 8 may be notified of the second cipher selection solution C corresponding to the determination result indicating that the measurement Vm is valid.

On the other hand, it is assumed that all of the determination results notified from the slave communication devices 35a to 35d and the determination results obtained by the measurement unit 45b of the master communication device 34 indicate that the measurement Vm is not valid. .. In such a case, the second communication unit 43b of the master communication device 34 may notify the collation ECU 8 of the second cipher selection solution D corresponding to the determination result indicating that the measurement Vm is not valid.

Further, in the 5th to 7th lines of FIG. 5, an example is shown in which the master communication device 34 notifies the collation ECU 8 of "cipher resolution mismatch" in addition to the second cipher selection solution.

For example, at least one of the determination result notified from each of the slave communication devices 35a to 35d and the determination result obtained by the measurement unit 45b of the master communication device 34 indicates that the measurement Vm is valid. In this case, it is assumed that the first cipher collation solution or the second cipher selection solution corresponding to at least one of them is not acquired. In such a case, the second communication unit 43b of the master communication device 34 has the second cipher selection solution C corresponding to the determination result indicating that the measurement Vm is valid and the "cipher solution mismatch (that is, the first cipher collation solution). Alternatively, information indicating that the second cipher selection solution is not acquired) ”may be notified to the collation ECU 8 (lines 5 to 6 in FIG. 5).

For example, as shown in the fifth line of FIG. 5, the first cipher collation solution or the second cipher selection solution corresponding to at least one of the determination results notified from each of the slave communication devices 35a to 35d is not acquired. In this case, it is assumed that the determination result obtained by the measurement unit 45b of the master communication device 34 indicates that the measurement Vm is valid. In such a case, the second communication unit 43b of the master communication device 34 has the second cipher selection solution C corresponding to the determination result indicating that the measurement Vm is valid and the "cipher solution mismatch (that is, the first cipher collation solution). Alternatively, information indicating that the second cipher selection solution is not acquired) ”may be notified to the collation ECU 8.

For example, as shown in the sixth line of FIG. 5, when the determination results notified from each of the slave communication devices 35a to 35d indicate that the measurement Vm is valid, and the measurement unit 45b of the master communication device 34 It is assumed that the second cipher selection solution corresponding to the determination result obtained by is not acquired. In such a case, the second communication unit 43b of the master communication device 34 has the second cipher selection solution C corresponding to the determination result indicating that the measurement Vm is valid and the "cipher solution mismatch (that is, the first cipher collation solution). Alternatively, information indicating that the second cipher selection solution is not acquired) ”may be notified to the collation ECU 8.

For example, as shown in the 7th line of FIG. 5, the determination result notified from each of the slave communication devices 35a to 35d and the determination result obtained by the measurement unit 45b of the master communication device 34 correspond to all of the first. It is assumed that the 1-cipher collation solution or the 2nd cipher selection solution is not acquired. In such a case, the second communication unit 43b of the master communication device 34 has the second cipher selection solution D corresponding to the determination result indicating that the measurement Vm is not valid and the "cipher solution mismatch (that is, the first cipher collation solution). Alternatively, information indicating that the second cipher selection solution is not acquired) ”may be notified to the collation ECU 8.

Further, the reason is that a communication error has occurred in at least one of the communication between the slave communication devices 35a to 35d and the master communication device 34 and the terminal 2, and the distance between the communication device and the terminal 2 is measured. It is assumed that communication will not be possible. In such a case, information indicating that a communication error has occurred between the terminal 2 and the communication device 31 may be notified to the collation ECU 8.

A specific example is shown in FIG. As shown in FIG. 6, it is assumed that a communication error occurs between the slave communication device 35 and the terminal 2, and communication for distance measurement cannot be performed between the slave communication device 35 and the terminal 2. In such a case, the first communication unit 43a of the slave communication device 35 may transmit information indicating that a communication error has occurred between the slave communication device 35 and the terminal 2 to the master communication device 34. Then, the second communication unit 43b of the master communication device 34 may transmit information indicating that a communication error has occurred between the slave communication device 35 and the terminal 2 to the collation ECU 8.

Similar to the example shown in FIG. 6, it is assumed that a communication error occurs between the master communication device 34 and the terminal 2 and communication for distance measurement cannot be performed between the master communication device 34 and the terminal 2. To. In such a case, the second communication unit 43b of the master communication device 34 may transmit information indicating that a communication error has occurred between the master communication device 34 and the terminal 2 to the collation ECU 8.

Further, the second cipher selection solution input from the master communication device 34 by the collation unit 46 of the collation ECU 8 may not match either of the second cipher collation solutions C'and D'registered in the volatile memory 15. is assumed. In such a case, as described above, the processing execution unit 17 may recognize that the measured value Vm is not valid. As described above, in order for the collation ECU 8 to determine that the measured value Vm is valid, a correct cipher selection solution is required, so that security can be improved.

Returning to FIG. 3, in step S106, the processing execution unit 17 of the collation ECU 8 determines whether or not smart collation is possible based on the determination result. For example, if the processing execution unit 17 obtains a determination result indicating that the measured value Vm is valid from the second cipher selection solution input from at least one of the communication devices 31, the processing execution unit 17 obtains the collation result of the smart collation. Make it valid. On the other hand, if the processing execution unit 17 obtains a determination result indicating that the measured value Vm is not valid from the second cipher selection solution input from all the communication devices 31, the collation result of the smart collation is invalidated. ..

As shown in the 1st to 4th lines of FIG. 5, it is assumed that the second cipher selection solution aggregated into one is input to the collation ECU 8 from the master communication device 34. In such a case, if the processing execution unit 17 of the collation ECU 8 obtains a determination result indicating that the measured value Vm is valid from the second cipher selection solution input from the master communication device 34, the collation of the smart collation The result should be valid. On the other hand, if the processing execution unit 17 obtains a determination result indicating that the measured value Vm is not valid from the second cipher selection solution input from the master communication device 34, the processing execution unit 17 may invalidate the collation result of the smart collation. Good.

Further, as shown in the 5th to 7th lines of FIG. 5, in addition to the second cipher selection solution, it is assumed that the master communication device 34 notifies the collation ECU 8 of "cipher resolution mismatch". In such a case, when the processing execution unit 17 of the collation ECU 8 obtains a determination result indicating that the measured value Vm is valid from the second cipher selection solution input from the master communication device 34, the collation of the smart collation The result may be valid or invalid (because of the cryptographic mismatch). On the other hand, when the processing execution unit 17 obtains a determination result indicating that the measured value Vm is not valid from the second cipher selection solution input from the master communication device 34, the processing execution unit 17 may invalidate the collation result of the smart collation. Good.

For example, when the collation ECU 8 establishes smart collation (outdoor smart collation) with the outdoor terminal 2 and the processing execution unit 17 validates the collation result of smart collation, the body ECU 9 locks and unlocks the door lock device 6. Allow or execute operation. As a result, for example, when the vehicle door handle is touch-operated when the door is locked, the vehicle door is unlocked, and when the lock button of the vehicle exterior door handle is pressed when the door is unlocked, the vehicle door is locked.

On the other hand, when the collation ECU 8 establishes smart collation (indoor smart collation) with the terminal 2 in the room and the processing execution unit 17 enables the collation result of smart collation, the transition of the vehicle power supply by the engine switch 50 in the room. Operation is allowed. As a result, when the engine switch 50 is operated while the brake pedal is depressed, the engine 7 is started.

When the processing execution unit 17 invalidates the collation result of the smart collation, the collation ECU 8 prohibits the operation of the in-vehicle device 3 regardless of whether or not the smart collation is established. As a result, for example, it is possible to prevent the in-vehicle device 3 from being operated by unauthorized communication using a repeater or the like.

<< 1.3. Effect >>
According to the above embodiment, the communication device that transmits the selected solution selected according to the result of the first communication with the external device and the first communication communicate with each other by the second communication in which the communication partner with the communication device is different. A communication system is provided that comprises a control device that receives a selective solution from the machine. According to such a configuration, a selective solution corresponding to the result of the first communication is prepared even before the communication between the external device and the communication device is completed. Therefore, according to such a configuration, it is possible to accelerate the timing from the completion of the communication to the output of the selective solution corresponding to the result of the first communication to the control device.

Further, the control device may collate the received selective solution with the collation solution prepared corresponding to the selective solution. According to such a configuration, a cryptographic collation solution corresponding to the received cryptographic selection solution is prepared in advance. Therefore, according to such a configuration, it is possible to accelerate the timing of obtaining the collation solution matching the selection solution and obtaining the determination result corresponding to the collation solution after receiving the selection solution.

The communication device may transmit a cryptographic selective solution in which the selective solution is encrypted, and the control device may receive the cryptographic selective solution and collate the cryptographic selective solution with the cryptographic collation solution in which the collation solution is encrypted. According to such a configuration, since the cipher selection solution and the cipher collation solution are used instead of the determination result itself, the confidentiality of the determination result is improved. Further, the cipher selection solution and the cipher collation solution may be generated based on the encryption by the common key cryptosystem. According to such a configuration, the confidentiality of communication is improved.

The communication system includes an update control unit that updates the selection solution and the collation solution when a predetermined condition is satisfied, and the communication device updates the encryption selection solution based on the updated selection solution and the first encryption key. Then, the control device may update the encryption verification solution based on the updated verification solution and the second encryption key which is the encryption key common to the first encryption key. According to such a configuration, the confidentiality of the cipher selection solution and the cipher collation solution is improved.

The communication device includes a first communication device and a second communication device, and the first communication device transmits a first cipher selection solution according to the result of the first communication with an external device to the second communication device. The second communication device includes one communication unit, and the second communication device corresponds to the first cryptographic collation solution when the first cipher collation solution matching the first cipher selection solution received from the first communication device is acquired. It may include a second communication unit that transmits the selected solution to the control device. According to this configuration, since the encryption selection key and the encryption verification solution are prepared in advance, the increase in processing time is suppressed and the confidentiality of communication is improved.

The second communication unit receives the first cipher selection solution corresponding to the normal judgment, and when the first cipher collation solution matching the first cipher selection solution corresponding to the normal judgment is acquired, corresponds to the normal judgment. When the second cipher selection solution to be used is transmitted to the control device, the first cipher selection solution corresponding to the abnormality determination is received, and the first cipher matching solution matching the first cipher selection solution corresponding to the abnormality determination is acquired. The second cipher selection solution corresponding to the abnormality determination may be transmitted to the control device. According to this configuration, since the encryption selection key and the encryption verification solution are prepared in advance, the increase in processing time is suppressed and the confidentiality of communication is improved. If the first cipher selection solution and the second cipher selection solution are different, the confidentiality of the determination result is further improved.

<< 1.4. Modification example >>
Although the preferred embodiments of the present invention have been described in detail with reference to the accompanying drawings, the present invention is not limited to such examples. It is clear that a person having ordinary knowledge in the field of technology to which the present invention belongs can come up with various modifications or modifications within the scope of the technical ideas described in the claims. , These are also naturally understood to belong to the technical scope of the present invention.

For example, this embodiment can be modified and implemented as follows. The present embodiment and the following modified examples can be implemented in combination with each other within a technically consistent range.

(Variation example of cryptographic selection solution and cryptographic collation solution)
In the above example, it is assumed that the second cipher selection solution is generated by a cipher key different from the first cipher selection solution. However, the second cipher selection solution may be one in which the first cipher selection solution is encrypted by a common key cryptosystem. That is, in the master communication device 34, the second encryption selection solution may be generated by executing the encryption processing by the common key encryption method for the first encryption selection solution received from the slave communication device 35. According to such a configuration, the cipher selection solution to be transmitted can be made different between the slave communication device 35 and the master communication device 34 and between the master communication device 34 and the collation ECU 8. This contributes to the improvement of confidentiality.

In the above example, it is assumed that the data transmitted from the master communication device 34 to the collation ECU 8 is the second cipher selection solution. However, the data transmitted from the master communication device 34 to the collation ECU 8 is not limited. For example, the data transmitted from the master communication device 34 to the collation ECU 8 may be any data transmitted according to the first cipher selection solution.
In the above example, it is assumed that the cryptographic selection solution and the cryptographic collation solution are updated using random numbers α and β and a cryptographic key. However, the method for updating the cipher selection solution and the cipher collation solution is not limited. For example, the update of the cipher selection solution and the cipher collation solution may be performed by re-encrypting the cipher selection solution and the cipher collation solution using a predetermined arithmetic expression.

In the above example, it is assumed that random numbers α and β are transmitted together with the distance measurement request. However, the transmission timing of the random numbers α and β is not particularly limited. For example, the random numbers α and β may be transmitted before the distance measurement request.

In the above example, it is assumed that the random numbers α and β are output from the collation ECU 8. However, the random numbers α and β may be output from a block different from the collation ECU 8. For example, the random numbers α and β may be output from the master communication device 34 or may be output from the slave communication device 35. That is, the random numbers α and β are output from at least one of the collation ECU 8, the master communication device 34, and the slave communication device 35, and are output from the collation ECU 8, the master communication device 34, and the slave communication device 35. It may be shared between them.

In the above example, it is assumed that the first cipher selection solution and the second cipher selection solution are generated based on different random numbers. However, the first cipher selection solution and the second cipher selection solution may be generated based on the same random number. Similarly, it is assumed that the first cryptographic collation solution and the second cryptographic collation solution are generated based on different random numbers. However, the first cryptographic collation solution and the second cryptographic collation solution may be generated based on the same random number.

In the above example, it is assumed that the first cipher selection solution and the second cipher selection solution are generated based on different encryption keys. However, the first cipher selection solution and the second cipher selection solution may be generated based on the same encryption key. Similarly, it is assumed that the first cryptographic collation solution and the second cryptographic collation solution are generated based on different encryption keys. However, the first cryptographic collation solution and the second cryptographic collation solution may be generated based on a common encryption key.

The cryptographic selection solution and the cryptographic collation solution do not have to be updated. That is, the update unit 44 may be omitted.
In the above example, it is assumed that the same cipher selection solution is registered in all slave communication devices 35. However, a different encryption selection solution may be registered for each slave communication device 35.
The method of registering the encryption key is not particularly limited.
The arithmetic expression (algorithm) for calculating the cipher selection solution and the cipher collation solution is not particularly limited. That is, the method of generating the cipher selection solution and the cipher collation solution is not particularly limited.
The cryptographic selection solution and the cryptographic collation solution are not essential requirements, and an unencrypted selection solution and a collation solution may be used. At this time, the selective solution and the collation solution may be the same or different.

(Modified example of communication for distance measurement)
Regardless of what kind of trigger the communication start trigger for distance measurement is, the timing at which communication for distance measurement is performed may be before smart collation or after smart collation. It may be in the middle of smart collation. For example, when the communication for distance measurement is executed before or during the smart collation, the processing execution unit 17 may invalidate the establishment of the smart collation. In such a case, the processing execution unit 17 may forcibly terminate the smart collation in the middle. That is, when the establishment of smart collation is invalidated, the processing execution unit 17 may perform some processing that does not establish smart collation (smart communication).

In the above example, the case where the measured value Vm is measured from the propagation time of the radio wave between the slave communication device 35 and the terminal 2 has been mainly described. However, the method for measuring the measured value Vm is not limited to such an example. For example, when the other of the slave communication device 35 and the terminal 2 receives the radio wave transmitted from one of the slave communication device 35 and the terminal 2, the measured value Vm measures the reception strength (RSSI: Received Signal Strength Indicator) of the radio wave. The measured value according to the distance may be calculated from the reception intensity. At this time, either one of the communication device 31 and the terminal 2 may only transmit the UWB radio wave Sa, and the other may only receive the UWB radio wave Sa.

In the above example, it is assumed that the terminal 2 includes the UWB transmission / reception unit 33. However, the terminal 2 does not have to include the UWB transmission / reception unit 33. In such a case, the communication device 31 may obtain the measured value Vm based on the reception result of the reflected wave of the radio wave from the terminal 2.

In the above example, the case where the measured value Vm is measured by the measuring unit 45a of the slave communication device 35 and the measuring unit 45b of the master communication device 34 has been mainly described. At this time, the radio wave for distance measurement is transmitted to the terminal 2 from each of the slave communication device 35 and the master communication device 34. However, the measured value Vm may be measured by a device other than the slave communication device 35 and the master communication device 34. For example, the measured value Vm may be measured by the terminal 2. At this time, the radio wave for distance measurement may be transmitted from the terminal 2 to the slave communication device 35 and the master communication device 34, respectively.

In the above example, it is assumed that the UWB radio wave Sa is first transmitted from the terminal 2. However, the UWB radio wave Sa may be transmitted first from the communication device 31.

In the above example, the case where the measured value Vm is measured by the measuring unit 45a of the slave communication device 35 has been mainly described. At this time, the radio wave for distance measurement is transmitted from the slave communication device 35 to the terminal 2. However, the measured value Vm may be measured by a device other than the slave communication device 35. For example, the measured value Vm may be measured by the terminal 2. At this time, the radio wave for distance measurement may be transmitted from the terminal 2 to the slave communication device 35.

In addition, radio wave transmission may be performed using each of the plurality of channels. At this time, the measuring unit 45 may calculate the measured value Vm based on the result (propagation time or reception intensity) of radio wave transmission performed using each of the plurality of channels.
-The method of communication for distance measurement (radio wave for distance measurement and its response radio wave) is not limited to the method using UWB radio wave Sa. For example, radio waves of other frequencies may be used as communication for distance measurement. As an example, Bluetooth® communication may be used as the communication for distance measurement.

The first communication performed between the terminal 2 and the communication device 31 is not limited to the communication for distance measurement. For example, the first communication may be communication for transmitting and receiving information.
The first communication performed between the terminal 2 and the communication device 31 may be a communication for authenticating a communication partner. For example, examples of communication for authenticating a communication partner include communication for distance measurement, communication for ID verification, and communication for authenticating biometric information.

The first communication performed between the terminal 2 and the communication device 31 may be communication for operating a communication partner. For example, as communication for operating a communication partner, communication for selecting music of a media player, communication for performing radio channel selection or volume adjustment operation, communication for operating a navigation system, and air conditioning operation. Communication for performing the above, communication for manipulating the transition of the engine, and the like. Further, the communication for operating the communication partner includes a communication having a function of providing hospitality to the user by turning on or displaying a light based on the result of the communication.

(Various modifications of the system)
In the above example, it is assumed that only the master communication device 34 out of the plurality of communication devices 31 is directly connected to the collation ECU 8. However, a plurality of communication devices 31 may be connected to the collation ECU 8. Further, the communication device 31 does not have to be divided into a master communication device 34 and a slave communication device 35.

The LF transmitter 13 of the vehicle 1 may be provided in the vehicle 1 so as to form an LF radio wave (wake signal) area around the vehicle 1. For example, the LF transmitter 13 of the vehicle 1 may form an LF radio wave area around the driver's door, around the passenger's door, around the back door, and in the room.
The communication control unit 38 may control the operation of the communication device 31 based on the LF radio wave area formed by the LF transmitter 13. For example, in the communication control unit 38, when the terminal 2 enters the LF radio wave area around the driver's door and the outdoor smart collation is established, only the first slave communication device 35a and the third slave communication device 35c near the driver's seat are established. You do not have to activate the rest.

In the above example, regardless of the type of smart collation, when smart collation is performed, the case where communication for distance measurement is performed is mainly described. However, even when smart collation is performed, it may be controlled whether or not communication for distance measurement is performed depending on the type of smart collation. For example, when outdoor smart collation is performed, communication for distance measurement is not performed, and distance measurement communication may be performed only when indoor smart collation is performed. That is, the communication control unit 38 may not operate the communication device 31 in the LF radio wave area formed outside the vehicle 1, and may operate the communication device 31 in the LF radio wave area formed indoors.

In the above example, the case where the processing execution unit 17 for determining whether or not the smart collation is established is provided in the collation ECU 8 has been mainly described. However, the position where the processing execution unit 17 is provided is not limited. For example, the processing execution unit 17 may be provided in the master communication device 34, the slave communication device 35, or the terminal 2.
In the above example, it is assumed that the master communication device 34 transmits the determination result obtained by each communication device 31 to the collation ECU 8. At this time, the master communication device 34 may transmit the determination results obtained by each communication device 31 to the collation ECU 8 at different timings, or may collectively transmit the determination results to the collation ECU 8 at the same timing.

In the above example, as a result of communication for distance measurement, it is assumed that a determination result indicating whether or not the measured value Vm is valid is transmitted from the slave communication device 35 to the master communication device 34. However, as a result of communication for distance measurement, another determination result may be transmitted from the slave communication device 35 to the master communication device 34. For example, as a result of communication for distance measurement, a level indicating how much the measured value Vm is may be transmitted from the slave communication device 35 to the master communication device 34, or the processing execution unit 17 may transmit the master communication. When the machine 34 is provided, the slave communication device 35 may transmit to the master communication device 34 whether to enable or disable the collation result of the smart collation.

In the above example, the case where the validity of the measured value Vm according to the distance between the communication device 31 and the terminal 2 is determined by the communication device 31 has been mainly described. However, the validity of the measured value Vm may be determined by the terminal 2. At this time, the terminal 2 may notify the communication device 31 of the determination result of the validity of the measured value Vm.

The frequency and communication method of radio waves used for various communications between the vehicle 1 and the terminal 2 can be changed in various modes.

In the above example, in the smart collation system, the case where the wake signal is transmitted from the vehicle 1 to the terminal 2 has been mainly described. However, the wake signal may be transmitted from the terminal 2 to the vehicle 1.
In the above example, the case where the confirmation of the correctness of the terminal 2 is performed by the verification of the key ID and the request / response authentication has been mainly described. However, the method for confirming the correctness of the terminal 2 is not limited to such an example. For example, the method for confirming the correctness of the terminal 2 may be a method in which the terminal 2 and the vehicle 1 can confirm whether or not the terminal 2 and the vehicle 1 are a regular pair through communication.

In the above example, the case where the electronic key system 4 is a smart collation system that executes smart collation has been mainly described. However, the electronic key system 4 is not limited to the smart collation system. For example, the electronic key system 4 may be a system capable of confirming the correctness of the terminal 2. Alternatively, the electronic key system 4 may be omitted, and the correctness of the terminal 2 may be confirmed using UWB communication.

In the above example, the case where the terminal 2 is the electronic key 5 has been mainly described. However, the terminal 2 is not limited to the case where the electronic key 5 is used. For example, the terminal 2 may be a high-performance mobile phone capable of performing wireless communication with the vehicle 1.

In the above example, it is assumed that the communication device 31 and the collation ECU 8 (control device) are mounted on the vehicle 1. However, the communication device 31 and the collation ECU 8 (control device) are not limited to being mounted on the vehicle 1, and may be mounted on various devices or devices.

1 ... Vehicle, 2 ... Terminal, 3 ... In-vehicle device, 4 ... Electronic key system, 5 ... Electronic key, 15 ... Volatile memory, 17 ... Processing execution unit, 20 ... Terminal control unit, 30 ... Distance measurement system, 31 ... Communication device, 45 ... Measurement unit, 33 ... UWB transmission / reception unit, 34 ... Master communication device, 35 ... Slave communication device, 38 ... Communication control unit, 39 ... Interface unit, 40a ... Volatile memory, 40b ... Volatile memory, 42 ... acquisition unit, 43 ... communication unit, 44 ... update unit, 45 ... measurement unit, 46 ... collation unit, 47 ... update control unit, 48 ... authentication unit, 49 ... reception unit.

Claims (15)

A communication device that transmits a selected solution selected according to the result of the first communication with an external device, and
A control device that receives the selected solution from the communication device by a second communication in which the communication partner with the communication device is different from that of the first communication.
A communication system that has. The control device is
Collate the received selected solution with the collation solution prepared corresponding to the selected solution.
The communication system according to claim 1. The communication device transmits a cryptographic selective solution in which the selective solution is encrypted.
The control device receives the cipher selection solution and collates the cipher selection solution with the cipher collation solution that encrypts the collation solution.
The communication system according to claim 2. The cipher selection solution and the cipher collation solution are generated based on encryption by a common key cryptosystem.
The communication system according to claim 3. The communication system
An update control unit that updates the selected solution and the collated solution when a predetermined condition is satisfied is provided.
The communication device updates the cryptographic selection solution based on the updated selection solution and the first encryption key.
The control device updates the cryptographic collation solution based on the updated collation solution and the second cryptographic key which is a cryptographic key common to the first cryptographic key.
The communication system according to claim 4. The update control unit is used when communication for authentication of the external device is established, when a part of the authentication of the external device is established, when a predetermined time has elapsed, or between the communication device and the control device. When the number of times of encrypted communication in the above reaches a predetermined number of times, it is determined that the predetermined condition is satisfied.
The communication system according to claim 5. The communication system
A first storage unit that stores multiple cryptographic selection solutions,
It has a second storage unit that stores a plurality of cryptographic collation solutions, and has
The communication device transmits the cipher selection solution selected according to the result of the first communication from the plurality of cipher selection solutions stored in the first storage unit.
The control device collates the cipher selection solution received from the communication device with the plurality of cipher collation solutions stored in the second storage unit.
The communication system according to any one of claims 3 to 6. The communication device
When the result of the first communication indicates a normal determination, a cipher selection solution corresponding to the normal determination is transmitted to the control device.
When the result of the first communication indicates an abnormality determination, a cipher selection solution corresponding to the abnormality determination is transmitted to the control device.
The communication system according to any one of claims 3 to 7. The communication device includes a first communication device and a second communication device.
The first communication device is
A first communication unit for transmitting a first cipher selection solution according to the result of the first communication with the external device to the second communication device is provided.
The second communication device is
When a first cipher collation solution that matches the first cipher selection solution received from the first communication device is acquired, a second cipher selection solution corresponding to the first cipher collation solution is transmitted to the control device. Equipped with a second communication unit,
The communication system according to any one of claims 3 to 8. The first communication unit
When the result of the first communication indicates a normal determination, the first cipher selection solution corresponding to the normal determination is transmitted to the second communication device.
When the result of the first communication indicates an abnormality determination, the first cipher selection solution corresponding to the abnormality determination is transmitted to the second communication device.
The communication system according to claim 9. The second communication unit
When the first cipher selection solution corresponding to the normal determination is received and the first cipher collation solution matching the first cipher selection solution corresponding to the normal determination is obtained, the first cipher matching solution corresponding to the normal determination is obtained. 2 Send the cipher selection solution to the control device,
When the first cipher selection solution corresponding to the abnormality determination is received and the first cipher collation solution matching the first cipher selection solution corresponding to the abnormality determination is acquired, the first cipher matching solution corresponding to the abnormality determination is obtained. 2 Send the cipher selection solution to the control device,
The communication system according to claim 10. The second communication unit
When the first cipher collation solution matching the received first cipher selection solution is not acquired, information indicating that the first cipher collation solution is not acquired is transmitted to the control device.
The communication system according to any one of claims 9 to 11. The control device is
A receiver that receives the second cipher selection solution and
A collation unit for collating the second cipher selection solution and the second cipher collation solution is provided.
The communication system according to any one of claims 9 to 12. The first cipher selection solution and the first cipher collation solution are generated based on the first encryption by the common key cryptosystem.
The second cipher selection solution and the second cipher collation solution are generated based on the second encryption by the common key cryptosystem.
The communication system according to claim 13. An acquisition unit that acquires a selected solution selected according to the result of the first communication with an external device,
A communication unit that transmits the selected solution to the control device by a second communication with a communication partner different from that of the first communication.
A communication device.

Images