JP5189432B2 - Cryptographic data communication system - Google Patents

Description

  The present invention relates to an encrypted data communication system that performs authentication by having a common encryption key between apparatuses that perform authentication and exchanging a result obtained by encrypting common information between the apparatuses using a common encryption key.

Conventionally, as disclosed in, for example, Patent Document 1, an encrypted data communication system in which a message is encrypted and communicated between a transmission terminal and a reception terminal is known.
The transmitting terminal and the receiving terminal store an encryption key that is common between them and a number sequence that is also common between them. The transmitting terminal generates a block by combining a message part obtained by dividing a message every n bits (n: positive integer) and a number part obtained by dividing a number sequence every m bits (m: positive integer), The block is encrypted with AES, and the encryption result is transmitted to the receiving terminal. The receiving terminal generates a block by decrypting the received encryption result with AES, and divides the block into a message part and a sequence part. The receiving terminal compares the number sequence generated by dividing the number sequence common to the transmitting terminal into m bits (m: positive integer) and the number sequence after decoding, and if they match, Get the message.
JP 2005-114870 A

  However, according to the conventional encrypted data communication system, the receiving terminal receives all the encrypted results for one block encrypted by the transmitting terminal in order to decrypt the encrypted result transmitted from the transmitting terminal. The encryption result must be decrypted and authenticated, and it takes time to receive and authenticate all the encrypted results encrypted at the transmitting terminal.

  The present invention has been made in view of such circumstances, and the purpose thereof is encrypted data capable of reducing the amount of information exchanged between devices that perform authentication less than the amount of information necessary for encryption. It is to provide a communication system.

  The invention according to claim 1 has a common encryption key between the authentication device and the target device registered in the authentication device, and for common information shared between the target device and the authentication device. The target device encrypts the encrypted result using the common encryption key, and transmits the authentication result to the authentication device as authentication information, and the target device side encryption result received by the authentication device as the authentication information; A cipher for authenticating the legitimacy of the target device when the authentication device compares the common information with a cipher result encrypted by using the common encryption key and they match. In the data communication system, the target device includes an input unit to which an authentication start operation is input, and the input unit includes identification information unique to the target device when the authentication start operation is input to the input unit. Generated every time it is manipulated A part of the encryption result obtained by encrypting the addition information added with the input history information by using the common encryption key is extracted based on a first extraction rule negotiated in advance with the authentication device. The first communication means for transmitting a part of the encryption result to the authentication device as first authentication information and the random number information transmitted from the authentication device are received in the identification information unique to the target device. A part of the encryption result obtained by encrypting the addition information to which the random number information is added using the common encryption key is different from the first extraction rule determined in advance with the authentication device. And a second communication unit that extracts a part of the encryption result as second authentication information to the authentication device, and the authentication device receives the first authentication information. The target device registered with itself A part of the encryption result obtained by encrypting the addition information obtained by adding the input history information generated every time the first authentication information is received to the unique identification information using the common encryption key, Extracting based on one extraction rule, and authenticating the validity of the target device when the extracted encryption result matches the encryption result on the target device side included in the first authentication information; When the second authentication information is received, the added information obtained by adding the random number information transmitted to the target device to the identification information unique to the target device registered in itself is encrypted using the common encryption key. A part of the encrypted encryption result is extracted based on the second extraction rule determined in advance with the target device, and the extracted encryption result and the target included in the second authentication information When the encryption result on the device side matches The gist is to authenticate the validity of the target device.

  According to the present invention, authentication can be performed based on authentication information having an information amount smaller than that required for encryption. Therefore, the amount of information exchanged between devices that perform authentication can be made smaller than the amount of information necessary for encryption.

  Further, in the present invention, the first communication means of the target device includes a part of the encryption result obtained by encrypting the addition information generated from the identification information unique to the target device and the input history information managed by the target device. The first authentication information is transmitted to the authentication device. In addition, the second communication unit of the target device transmits a part of the encryption result obtained by encrypting the addition information generated from the identification information unique to the target device and the random number information transmitted from the authentication device to the second authentication. Information is sent to the authentication device. That is, the target device and the authentication device according to the present invention have a common encryption key between the authentication method using the input history information based on the input operation of the input unit and the authentication method using the random number information managed by the authentication device. Is used.

  By the way, since the input history information generated based on the input operation of the input unit has regularity, it is more likely to be estimated by a third party than the random number information. Therefore, in these two authentication methods, when generating authentication information using a common encryption key, when input history information estimated by a third party is input to the target device as random number information, As the second authentication information, the same authentication information as the first authentication information is output, and there is a concern that the first authentication information may be read illegally. For this reason, normally, separate encryption keys are set for these two authentication methods, and it is necessary to store at least two encryption keys in the authentication device and the target device, respectively. A special storage area is required for storage.

  In this regard, in the present invention, the first communication unit of the target device transmits a part of the encryption result extracted based on the first extraction rule to the authentication device as the first authentication information. On the other hand, a 2nd communication means transmits a part of encryption result extracted based on the 2nd extraction rule different from a 1st extraction rule to an authentication apparatus as 2nd authentication information. Therefore, even when the input history information managed by the target device matches the random number information managed by the authentication device, different authentication information is exchanged. Therefore, even when the input history information is estimated by a third party and the input history information is input as random number information, the second authentication information for the random number information is illegally used as the first authentication information. Can be prevented. Accordingly, it is possible to perform authentication by two different authentication methods using a common encryption key, and a special storage area for storing the encryption key can be reduced.

  The invention according to claim 2 has a common encryption key between the authentication device and the target device registered in the authentication device, and for common information shared between the target device and the authentication device. The target device encrypts the encrypted result using the common encryption key, and transmits the authentication result to the authentication device as authentication information, and the target device side encryption result received by the authentication device as the authentication information; A cipher for authenticating the legitimacy of the target device when the authentication device compares the common information with a cipher result encrypted by using the common encryption key and they match. In the data communication system, the target device includes an input unit to which an authentication start operation is input, and the first identification information unique to the target device when the authentication start operation is input to the input unit. Every time the input unit is operated A part of the encryption result obtained by encrypting the added information with the input history information added using the common encryption key based on a specific extraction rule previously determined with the authentication device When the first communication means for transmitting a part of the extracted cryptographic result to the authentication device as first authentication information and the random number information transmitted from the authentication device are received, the first identification information is A part of the encryption result obtained by encrypting the addition information obtained by adding the received random number information to the second identification information unique to the different target device using the common encryption key is exchanged with the authentication device. Second authentication means for extracting based on a specific extraction rule determined in advance, and transmitting a part of the extracted encryption result to the authentication device as second authentication information, wherein the authentication device When the authentication information of 1 is received, Using the common encryption key, the added information obtained by adding the input history information generated every time the first authentication information is received is encrypted using the common encryption key. When a part of the encrypted result is extracted based on the specific extraction rule, and the extracted encrypted result and the encrypted result on the target device side included in the first authentication information match, When authenticating the validity of the target device and receiving the second authentication information, addition information in which random number information transmitted to the target device is added to the second identification information unique to the target device registered in itself A part of the encryption result encrypted using the common encryption key based on the specific extraction rule, and the target device included in the extracted authentication result and the second authentication information The previous cipher result matches The gist is to authenticate the validity of the target device.

  According to the present invention, authentication can be performed based on authentication information having an information amount smaller than that required for encryption. Therefore, the amount of information exchanged between devices that perform authentication can be made smaller than the amount of information necessary for encryption.

  In the present invention, the first communication means of the target device encrypts the addition information obtained by adding the input history information generated every time the input unit is operated to the first identification information unique to the target device. A part of the encryption result extracted from the encryption result based on a specific extraction rule is transmitted to the authentication device as the first authentication information. On the other hand, the second communication means encrypts the addition information obtained by adding the random number information transmitted from the authentication device to the second identification information unique to the target device that is different from the first identification information. A part of the encryption result extracted based on the extraction rule is transmitted to the authentication apparatus as second authentication information. Therefore, even when the input history information managed by the target device matches the random number information managed by the authentication device, different authentication information is exchanged. Therefore, even when the input history information is estimated by a third party and the input history information is input as random number information, the second authentication information for the random number information is illegally used as the first authentication information. Can be prevented. Accordingly, it is possible to perform authentication by two different authentication methods using a common encryption key, and a special storage area for storing the encryption key can be reduced.

  The invention according to claim 3 has a common encryption key between the authentication device and the target device registered in the authentication device, and for common information shared between the target device and the authentication device. The target device encrypts the encrypted result using the common encryption key, and transmits the authentication result to the authentication device as authentication information, and the target device side encryption result received by the authentication device as the authentication information; A cipher for authenticating the legitimacy of the target device when the authentication device compares the common information with a cipher result encrypted by using the common encryption key and they match. In the data communication system, the target device includes an input unit to which an authentication start operation is input, and the input unit includes identification information unique to the target device when the authentication start operation is input to the input unit. Generated every time it is manipulated Input history information is added based on a first addition rule determined in advance with the authentication device to generate addition information, and the generated addition information is encrypted using the common encryption key A part of the encryption result is extracted based on a specific extraction rule that is negotiated in advance with the authentication device, and a part of the extracted encryption result is transmitted to the authentication device as first authentication information. When the random number information transmitted from one authentication unit and the authentication device is received, the random number information received in the identification information is different from the first addition rule determined in advance with the authentication device. Is added based on the addition rule to generate addition information, and a part of the encryption result obtained by encrypting the generated addition information using the common encryption key is negotiated with the authentication device in advance. Based on specific extraction rules And a second communication unit that extracts a part of the extracted cryptographic result as second authentication information to the authentication device, and the authentication device receives the first authentication information when receiving the first authentication information. The input history information generated every time the first authentication information is received is added to the registered identification information unique to the target device based on the first addition rule to generate addition information. A part of the encryption result obtained by encrypting the addition information using the common encryption key is extracted based on the specific extraction rule, and the extracted encryption result and the first authentication information are included in the first authentication information. When the encryption result on the target device side matches, the validity of the target device is authenticated, and when the second authentication information is received, the identification information unique to the target device registered in the target device is included in the target information. The random number information transmitted to the device is the second Adding based on an addition rule to generate addition information, extracting a part of the encryption result obtained by encrypting the generated addition information using the common encryption key based on the specific extraction rule; The gist is to authenticate the validity of the target device when the extracted encryption result matches the encryption result on the target device side included in the second authentication information.

  According to the present invention, authentication can be performed based on authentication information having an information amount smaller than that required for encryption. Therefore, the amount of information exchanged between devices that perform authentication can be made smaller than the amount of information necessary for encryption.

  Further, in the present invention, the first communication means of the target device includes a first predetermined input history information that is generated each time the input unit is operated on identification information unique to the target device with the authentication device. Is added based on the addition rule to generate addition information, and a part of the encryption result obtained by encrypting the addition information is transmitted to the authentication apparatus as first authentication information. On the other hand, the second communication means adds the received random number information to the identification information based on a second addition rule that is different from the first addition rule decided in advance with the authentication device. And a part of the encryption result obtained by encrypting the added information is transmitted to the authentication apparatus as second authentication information. Therefore, even when the input history information managed by the target device matches the random number information managed by the authentication device, different authentication information is exchanged. Therefore, even when the input history information is estimated by a third party and the input history information is input as random number information, the second authentication information for the random number information is illegally used as the first authentication information. Can be prevented. Accordingly, it is possible to perform authentication by two different authentication methods using a common encryption key, and a special storage area for storing the encryption key can be reduced.

  According to the present invention, it is possible to obtain an encrypted data communication system that can reduce the amount of information exchanged between devices that perform authentication than the amount of information necessary for encryption.

  Hereinafter, an embodiment in which the present invention is embodied in a vehicle electronic key system will be described with reference to the drawings. This electronic key system locks and unlocks a door and starts an engine through wireless communication between an electronic key possessed by a user and a vehicle.

<Outline of electronic key system>
First, an outline of the electronic key system will be described. As shown in FIG. 1, the electronic key system 11 includes an electronic key 12 possessed by a user and an in-vehicle device 13 mounted on a vehicle Car.

  The control circuit 21 of the electronic key 12 is connected to an LF receiving circuit 22 that receives an LF band radio signal and an RF transmission circuit 23 that transmits an RF band radio signal in accordance with a command from the control circuit 21. The LF reception circuit 22 demodulates the received LF signal and outputs the demodulated signal to the control circuit 21 as reception data. The RF transmission circuit 23 transmits an RF band response signal Srep in which an identification code unique to the electronic key 12 is placed in accordance with a command from the control circuit 21.

  The control circuit 21 is electrically connected with a lock button 24 and an unlock button 25 as input units. The locking button 24 and the unlocking button 25 are configured by a push button switch or the like provided on the design surface of the electronic key 12, and can be locked and unlocked by the user. When the control circuit 21 receives an operation signal indicating that the locking operation has been performed from the locking button 24, the control circuit 21 includes the identification code unique to the electronic key 12 and indicates that the locking button 24 has been operated. The signal Sky is output to the RF transmission circuit 23. When a lock / unlock operation signal Sky indicating that the lock button 24 has been operated is input, the RF transmission circuit 23 generates a lock / unlock code indicating that the lock button 24 has been operated and an identification code unique to the electronic key 12. An RF band locking / unlocking operation signal Sky onboard is transmitted. Further, when an operation signal indicating that the unlocking operation has been performed is input from the unlocking button 25, the control circuit 21 indicates that the unlocking button 25 including the identification code unique to the electronic key 12 has been operated. The locking / unlocking operation signal Sky is output to the RF transmission circuit 23. When the unlocking operation signal Sky indicating that the unlocking button 25 has been operated is input, the RF transmission circuit 23 indicates that the unlocking code indicating that the unlocking button 25 has been operated, and an identification code unique to the electronic key 12. And an RF band locking / unlocking operation signal Sky.

  The in-vehicle device 13 includes a verification control device 31 that determines the validity of the electronic key 12 through mutual wireless communication with the electronic key 12. The verification control device 31 includes an out-of-vehicle LF transmitter 32 that transmits an LF-band radio signal to the outside of the vehicle interior, an in-vehicle LF transmitter 33 that transmits an LF-band radio signal to the inside of the vehicle, and an RF-band radio signal. Is connected to the RF receiver 34. Further, the collation control device 31 includes a door control device 35 that drives and controls the door lock motor M to lock and unlock the door, and a power control that switches and controls the power position of the vehicle Car according to the operation of the engine switch SW by the user. An apparatus 36 and an engine control apparatus 37 that controls the drive of the engine E are connected via a bus (multiplex communication line) B.

  When the verification control device 31 receives the locking / unlocking operation signal Sky transmitted from the electronic key 12 through the RF receiver 34, the verification control device 31 stores the identification code unique to the electronic key 12 included in the locking / unlocking operation signal Sky and its own storage. Car interior comparison is performed by comparing the identification code stored in the unit 31a. When the vehicle exterior verification is established, the verification control device 31 sends a door lock request signal or a door unlock signal to the door control device 35 based on the lock code or the unlock code included in the lock / unlock operation signal Sky. Outputs a lock request signal.

  For example, when the locking code indicating that the unlocking button 25 has been operated is included in the locking / unlocking operation signal Sky, the verification control device 31 outputs a door lock request signal to the door control device 35. The door control device 35 receives the door lock request signal from the verification control device 31 and drives the door lock motor M to lock the door of the vehicle. On the other hand, when the unlocking code indicating that the unlocking button 25 has been operated is included in the locking / unlocking operation signal Sky, the verification control device 31 outputs a door unlock request signal to the door control device 35. The door control device 35 receives the door unlock request signal from the verification control device 31 and drives the door lock motor M to unlock the door of the vehicle.

  Further, in the parking state of the vehicle Car in which the engine E is stopped and the door is locked, the collation control device 31 sends a response request signal Sreq in the LF band for in-vehicle collation for requesting a response to the electronic key 12 to a predetermined value. The vehicle is transmitted outside the vehicle compartment through the vehicle exterior LF transmitter 32 in the control cycle. Thereby, a detection area (not shown) of the electronic key 12 is formed around the door of the vehicle Car. When the user holds the electronic key 12 and approaches the vehicle Car and enters the detection area, the control circuit 21 of the electronic key 12 receives the response request signal Sreq and stores it in its storage unit 21a. A response signal Srep including the identification code is transmitted through the RF transmission circuit 23.

  When the verification control device 31 receives the response signal Srep from the electronic key 12 through the RF receiver 34, the verification code unique to the electronic key 12 included in the response signal Srep and the identification stored in its own storage unit 31a. Car exterior comparison is performed by comparing the code. When the vehicle exterior verification is established, the verification control device 31 activates a touch sensor built in a door handle knob (not shown), and detects the touch operation of the door handle knob by the user through the sensor. A door unlock request signal is output to the device 35. The door control device 35 receives the door unlock request signal from the verification control device 31 and drives the door lock motor M to unlock the door of the vehicle.

  Thereafter, when the user holding the electronic key 12 gets into the vehicle, the door control device 35 detects this through a door sensor (not shown) and outputs the detection signal to the verification control device 31. When a detection signal indicating that the user has boarded the vehicle is input from the door control device 35, the verification control device 31 transmits a response request signal Sreq for vehicle interior verification through the vehicle interior LF transmitter 33, thereby entering the vehicle interior. A detection area of the electronic key 12 is formed. When the electronic key 12 receives the response request signal Sreq for vehicle interior verification through the LF reception circuit 22, the electronic key 12 transmits the response signal Srep including the identification code through the RF transmission circuit 23.

  When the verification control device 31 receives the response signal Srep from the electronic key 12 through the RF receiver 34, the verification code unique to the electronic key 12 included in the response signal Srep and the identification stored in its own storage unit 31a. Car interior matching is performed to compare with the code. And the collation control apparatus 31 memorize | stores the collation result of this vehicle interior collation in the memory | storage part 31a, and the said collation result according to the execution function of various vehicle-mounted systems, such as the control apparatus of these systems, for example, the power supply control apparatus 36 and engine control Transmit to device 37.

  That is, when the power supply control device 36 detects that the engine switch SW is turned on in a state where the shift lever is held at the parking position and a brake pedal (not shown) is depressed, Check the collation result. When the collation result of the vehicle interior collation acquired through the collation control device 31 indicates that the collation is established, the power supply control device 36 turns on an accessory relay and an ignition relay (not shown) to each part of the vehicle Car. Supply operating power.

  Then, the power supply control device 36 outputs a start request signal for requesting start of the engine E to the engine control device 37 through the bus B. When the engine control device 37 receives a start request signal from the power supply control device 36, the engine control device 37 confirms the collation result of the vehicle interior collation with respect to the collation control device 31 and whether the control devices are paired with each other. Confirm (pairing) whether or not. The engine control device 37 starts the engine E only when both vehicle interior verification and pairing are established.

  When the user stops the engine E through the operation of the engine switch SW to get off, opens the unlocked door, goes out of the passenger compartment, and turns on a lock switch (not shown) provided on the door handle knob. This is detected by the collation control device 31. Then, the verification control device 31 re-forms the detection area for vehicle exterior verification through the vehicle exterior LF transmitter 32 to perform vehicle exterior verification, and when the vehicle exterior verification is established, the door lock request signal is sent to the door control device. To 35. When the door lock request signal from the verification control device 31 is input, the door control device 35 drives the door lock motor M to lock the door.

<Mutual authentication of electronic key and in-vehicle device>
Here, in the electronic key system 11 described above, mutual authentication between the electronic key 12 and the in-vehicle device 13 is performed by wireless communication, and therefore information transmitted and received between the electronic key 12 and the in-vehicle device 13 (electronic There is a particular concern that the identification information unique to the key 12 and the like will be intercepted and that the vehicle Car will be used illegally using this information. For this reason, between the electronic key 12 and the vehicle-mounted device 13 is authenticated using encrypted communication in which information exchanged between them is encrypted using a predetermined encryption algorithm and transmitted / received. In the present embodiment, a common encryption key K is shared between devices that perform authentication, that is, between the electronic key 12 and the vehicle-mounted device, and the result of encrypting random number information (challenge code) with the encryption key K is exchanged. A so-called challenge-response authentication method is employed in which authentication is performed by doing so.

Below, the encryption communication in the electronic key system 11 is demonstrated.
As shown in FIG. 2, the collation control device 31 (specifically, the storage unit 31 a) of the in-vehicle device 13 has an encryption common to the electronic key 12 together with the vehicle-side identification code Cc <b> 1 of the electronic key 12 registered in advance. A key K is stored. The vehicle-side identification code Cc1 is set for each electronic key 12 registered in the verification control device 31.

  The collation control device 31 includes a counter (not shown) that counts the number of times the locking / unlocking operation signal transmitted from the electronic key 12 is received, and generates a vehicle-side rolling code based on the counter value. It has. When receiving the locking / unlocking operation signal Sky from the electronic key 12, the verification control device 31 adds 1 to the counter to generate a new vehicle-side rolling code. The collation control device 31 updates the vehicle-side rolling code stored in the storage unit 31a every time it receives the locking / unlocking operation signal Sky.

  Further, upon receiving the locking / unlocking operation signal Sky, the verification control device 31 generates an addition code by adding a vehicle-side rolling code to the vehicle-side identification code Cc1 of the corresponding electronic key 12, and uses the addition code as the common code. The vehicle-side first encryption unit 42 that generates an encryption code encrypted using the encryption key K is provided. In the present embodiment, the vehicle-side first encryption unit 42 generates a 128-bit addition code by adding a 32-bit vehicle-side rolling code to the 96-bit vehicle-side identification code Cc1. The vehicle-side first encryption unit 42 then encrypts the 128-bit addition code to generate a 128-bit encryption code.

  In addition, the verification control device 31 includes a first predetermined part of the encryption code encrypted with the electronic key 12 by the vehicle-side first encryption unit 42 using the common encryption key K. A vehicle-side first extraction unit 43 that extracts based on the extraction rule and generates a 32-bit vehicle-side first authentication code is provided. In the present embodiment, the vehicle-side first extraction unit 43 extracts the first 32 bits of the encryption code and generates a 32-bit vehicle-side first authentication code. This vehicle-side first authentication code corresponds to the first authentication information.

  The verification control device 31 also includes a challenge code generation unit 44 that generates a 32-bit challenge code Cch as random number information using a different random number each time the electronic key 12 is authenticated. The challenge code Cch corresponds to random number information.

  In addition, when receiving the response signal Sres transmitted from the electronic key 12, the verification control device 31 generates an addition code by adding the challenge code Cch to the vehicle-side identification code Cc1 of the corresponding electronic key 12, and the addition code A vehicle-side second encryption unit 45 that generates an encryption code obtained by encrypting the code using the common encryption key K is provided. In the present embodiment, the vehicle-side second encryption unit 45 generates a 128-bit addition code by adding the 32-bit challenge code Cch to the 96-bit vehicle-side identification code Cc1. Then, the vehicle-side second encryption unit 45 encrypts the 128-bit addition code to generate a 128-bit encryption code.

  In addition, the verification control device 31 is configured such that a part of the encryption code encrypted by the vehicle-side second encryption unit 45 using the common encryption key K is preliminarily negotiated with the electronic key 12. A vehicle-side second extraction unit 46 is provided that extracts based on a second extraction rule different from the one extraction rule and generates a vehicle-side second authentication code. In the present embodiment, the vehicle-side second extraction unit 46 extracts the last 32 bits of the encryption code, and generates a 32-bit vehicle-side second authentication code. The vehicle-side second authentication code corresponds to second authentication information on the authentication device side.

  On the other hand, the control circuit 21 (specifically, the storage unit 21a) of the electronic key 12 stores a key-side identification code Ck1 unique to the electronic key 12 and an encryption key K common to the vehicle-mounted device 13. The control circuit 21 includes a counter (not shown) that counts the number of operations of the lock button 24 and the unlock button 25, and generates a key-side rolling code having a different value each time the lock button 24 or the unlock button 25 is operated. A key-side rolling code generation unit 51 is provided. In the present embodiment, when the lock button 24 or the unlock button 25 is operated, the control circuit 21 adds 1 to the counter and generates a new key-side rolling code. And the control circuit 21 updates the key side rolling code memorize | stored in the memory | storage part 21a.

  Further, when the lock button 24 or the unlock button 25 is operated, the control circuit 21 generates a 128-bit addition code by adding a 32-bit key-side rolling code to the key-side identification code Ck1. A key-side first encryption unit 52 that generates a 128-bit encryption code obtained by encrypting the code using the common encryption key K is provided. In the present embodiment, the key-side first encryption unit 52 generates a 128-bit addition code by adding a 32-bit key-side rolling code to the 96-bit key-side identification code Ck1. The key-side first encryption unit 52 encrypts the 128-bit addition code to generate a 128-bit encryption code.

  In addition, the control circuit 21 transmits a part of the encryption code encrypted by the key side first encryption unit 52 using the common encryption key K to the on-vehicle device 13 (specifically, the verification control device 31). A key-side first extraction unit 53 that generates a 32-bit key-side first authentication code that is extracted based on a first extraction rule that is determined in advance is provided. In the present embodiment, the key-side first extraction unit 53 extracts the first 32 bits of the encryption code and generates a 32-bit key-side first authentication code. The key side first authentication code corresponds to the first authentication information on the target device side. The first communication means includes a key side first encryption unit 52 and a key side first extraction unit 53.

  When receiving the challenge code Cch, the control circuit 21 generates an addition code by adding the received challenge code Cch to the key side identification code Ck1, and uses the common encryption key K for the addition code. And a key-side second encryption unit 54 for generating an encrypted encryption code. In the present embodiment, the key-side second encryption unit 54 adds a 32-bit challenge code Cch to the 96-bit key-side identification code Ck1 to generate a 128-bit addition code. Then, the key-side second encryption unit 54 encrypts the 128-bit addition code to generate a 128-bit encryption code.

  In addition, the control circuit 21 exchanges a part of the encryption code encrypted by the key side second encryption unit 54 using the common encryption key K with the in-vehicle device 13 (specifically, the verification control device 31). The key-side second extraction unit 55 generates a 32-bit key-side second authentication code that is extracted based on a second extraction rule that is different from the first extraction rule determined in advance. In the present embodiment, the key-side second extraction unit 55 extracts the last 32 bits of the encryption code and generates a 32-bit key-side second authentication code. The key side second authentication code corresponds to the second authentication information on the target device side. The second communication means includes a key side second encryption unit 54 and a key side second extraction unit 55.

  In the present embodiment, AES (Advanced Encryption Standard) is used as an encryption method. AES is an encryption method using a common encryption key K, which uses a 128-bit block size and can select the number of bits of the encryption key K from 128 bits, 192 bits, and 256 bits. In the present embodiment, the operation when the 128-bit encryption key K is selected will be described, but the present invention is not limited to this. In this embodiment, AES is used as an encryption method, but the present invention is not limited to this, and an encryption method having a 64-bit block size such as MISTY (a coined word using a developer's initials) may be used. .

Next, the operation of the wireless communication encryption communication in the electronic key system 11 will be described with reference to FIG.
As shown in FIG. 3, for example, when the vehicle Car is parked, if the unlock button 25 of the electronic key 12 is operated in step 101, the electronic key 12 adds 1 to its counter in step 102. Thus, a new key-side rolling code Ck2 is generated. Then, in the next step 103, the electronic key 12 generates the key side first authentication code Ck5. Specifically, as shown in FIG. 4A, a 32-bit key-side rolling code Ck2 is added to the key-side identification code Ck1 to generate a 128-bit addition code Ck3, and the addition code Ck3 is A 128-bit encryption code Ck4 encrypted using the common encryption key K is generated. Then, the electronic key 12 extracts a part of the encryption code Ck4 encrypted using the common encryption key K based on the first extraction rule determined in advance with the in-vehicle device 13 ( In this case, the first 32 bits of the encryption code Ck4 are extracted), and a 32-bit key side first authentication code Ck5 is generated.

  Then, as shown in FIG. 3, in the next step 104, the electronic key 12 generates a locking / unlocking operation signal Skey including the key side first authentication code Ck5 and the locking / unlocking code, and the locking / unlocking operation signal Sky is transmitted to the vehicle-mounted device 13 through the RF transmission circuit 23.

  In step 105, when receiving the locking / unlocking operation signal Sky including the key-side first authentication code Ck 5 transmitted from the electronic key 12, the in-vehicle device 13 adds 1 to its own counter and adds a new one in the next step 106. A vehicle-side rolling code Cc2 is generated. Then, in the next step 107, the in-vehicle device 13 generates the vehicle-side first authentication code Cc5. Specifically, as shown in FIG. 4B, the in-vehicle device 13 first adds a 32-bit vehicle-side rolling code Cc2 to the 96-bit vehicle-side identification code Cc1 of the corresponding electronic key 12. A 128-bit addition code Cc3 is generated, and a 128-bit encryption code Cc4 obtained by encrypting the addition code Cc3 using the common encryption key K is generated. The in-vehicle device 13 extracts a part of the encryption code Cc4 encrypted using the common encryption key K based on the first extraction rule determined in advance with the electronic key 12 ( In this case, the first 32 bits of the encryption code Cc4 are extracted), and a 32-bit vehicle-side first authentication code Cc5 is generated.

  Then, as shown in FIG. 3, in the next step 108, the in-vehicle device 13 compares the extracted vehicle-side first authentication code Cc5 with the key-side first authentication code Ck5, and if they match, The validity of the electronic key 12 is authenticated.

  The wireless authentication between the in-vehicle device 13 and the electronic key 12 is thus completed. Then, when the in-vehicle device 13 normally authenticates the electronic key 12 in the wireless authentication described above, the in-vehicle device 13 determines that the verification with the electronic key 12 is established when the authentication is established, and the vehicle Car Unlock the door.

  Next, the encrypted communication operation of the challenge / response authentication method in the electronic key system 11 will be described with reference to FIG. Here, it is assumed that the vehicle exterior verification performed at the time of boarding or the like is performed. The encrypted communication step is abbreviated as “S”.

  As shown in FIG. 5, when the vehicle Car is parked, the in-vehicle device 13 transmits an activation signal Swake including a WAKE code for activating the electronic key 12 as the response request signal Sreq at a predetermined control cycle. To do. Thereby, the detection area of the electronic key 12 is formed around the door of the vehicle Car.

  When the user carries the electronic key 12 and enters the detection area, when the electronic key 12 receives the activation signal Swake from the vehicle Car, the electronic key 12 first receives the WAKE code included in the activation signal Swake. That is, whether the WAKE code is a registered regular signal pattern. Next, when the electronic key 12 determines that the WAKE code is a regular signal pattern, the electronic key 12 waits for its own operation to stabilize, and receives an ACK signal Sack, which is a response signal indicating that the operation has been normally performed, on the vehicle side. Reply to

  The in-vehicle device 13 receives the ACK signal Sack from the electronic key 12 to determine that the electronic key 12 is within the detection area, and transmits a vehicle identification signal Scar including its registered vehicle code.

  And the electronic key 12 will collate the vehicle code contained in the vehicle code registered in self, if the vehicle identification signal Scar from the vehicle equipment 13 is received. If the verification is established, the electronic key 12 returns the ACK signal Sack to the vehicle side again through the RF transmission circuit 23.

<Challenge-response authentication>
When receiving the ACK signal Sack from the electronic key 12 again, the in-vehicle device 13 performs challenge / response authentication with the electronic key 12.

  That is, as shown in FIG. 5, in-vehicle device 13 first generates a random number in step 201, and uses this random number as a challenge code Cch for electronic key 12. Then, in the next step 202, the in-vehicle device 13 transmits an authentication signal Scha including this challenge code Cch.

  In step 203, when receiving the authentication signal Scha from the in-vehicle device 13, the control circuit 21 of the electronic key 12 generates the key side second authentication code Ck8 in the next step 204. Specifically, as shown in FIG. 6A, the control circuit 21 generates a 128-bit addition code Ck6 by adding the received 32-bit challenge code Cch to the 96-bit key-side identification code Ck1. Then, a 128-bit encryption code Ck7 is generated by encrypting the addition code Ck6 using the common encryption key K. Then, the control circuit 21 sets a part of the encryption code Ck7 encrypted using the common encryption key K to a second extraction rule different from the first extraction rule determined in advance with the in-vehicle device 13. Extraction is performed based on the extraction rule (in this case, the last 32 bits of the encryption code Ck7 are extracted), and a 32-bit key-side second authentication code Ck8 is generated. In the next step 205, the control circuit 21 transmits a response signal Sres including the key-side second authentication code Ck8 to the in-vehicle device 13.

  In step 206, when the key-side second authentication code Ck8 (response signal Sres) transmitted from the electronic key 12 is received, the in-vehicle device 13 generates a vehicle-side second authentication code Cc8 in the next step 207. Specifically, as shown in FIG. 6B, the in-vehicle device 13 adds a 32-bit challenge code Cch to the 96-bit vehicle-side identification code Cc1 of the corresponding electronic key 12, and adds 128 bits. A code Cc6 is generated, and a 128-bit encryption code Cc7 obtained by encrypting the addition code Cc6 using the common encryption key K is generated. The in-vehicle device 13 refers to the first extraction rule in which a part of the encryption code Cc7 encrypted using the common encryption key K is determined in advance with the registered electronic key 12. Extraction is performed based on a different second extraction rule (in this case, the last 32 bits of the encryption code Cc7 are extracted), and a 32-bit vehicle-side second authentication code Cc8 is generated.

  Then, as shown in FIG. 5, in the next step 208, the in-vehicle device 13 compares the extracted vehicle-side second authentication code Cc8 with the key-side second authentication code Ck8 included in the response signal Sres, If they match, the validity of the electronic key 12 is authenticated.

  The challenge / response authentication between the in-vehicle device 13 and the electronic key 12 is thus completed. Here, in challenge-response authentication, a different random number is generated and used as a challenge code for each authentication, and so-called replay attack is suppressed. This replay attack refers to an attack that impersonates a legitimate user by intercepting a past challenge code Cch and an authentication code Ck8 corresponding to the challenge code Cch and reusing them as they are.

  When the in-vehicle device 13 normally authenticates the electronic key 12 in the above-described challenge / response authentication, the in-vehicle device 13 determines that the vehicle compartment verification with the electronic key 12 has been established when the authentication is established. To do. Thereafter, when the vehicle door is unlocked and the user holding the electronic key 12 gets on the vehicle, the vehicle-mounted device 13 and the electronic key 12 are subjected to mutual authentication in the same manner as in the vehicle exterior verification described above. Room verification is performed. Here, detailed description of the procedure for vehicle interior verification is omitted.

  By the way, the block size of the encryption code when AES is adopted as the encryption method is usually 128 bits, and in order to decrypt and authenticate this, a 128-bit encryption code is transmitted between the devices performing the authentication. There must be. In the present embodiment, the electronic key 12 transmits a part of the encryption codes Ck4 and Ck7 encrypted using a common encryption key to the in-vehicle device 13 as key-side authentication codes Ck5 and Ck8. When the vehicle-side authentication codes Cc5 and Cc8, which are part of the encryption codes Cc4 and Cc7 generated by themselves, match the key-side authentication codes Ck5 and Ck8, the validity of the electronic key 12 is authenticated. That is, since a part of the encryption codes Ck4 and Ck7 is exchanged as the key-side authentication codes Ck5 and Ck8, the number of bits of information exchanged between the electronic key 12 and the vehicle-mounted device 13 is decrypted with normal AES. Thus, the number of communication bits required for authentication can be made smaller, and information can be exchanged in a shorter time. Therefore, it is possible to increase the response speed of the transmission / reception processing and authentication.

  In the present invention, between wireless authentication using the rolling codes Ck2 and Cc2 based on the number of operations of the lock button 24 or the unlock button 25 and challenge / response authentication using the challenge code Cch managed by the in-vehicle device 13 Thus, a common encryption key K is used.

  By the way, the rolling codes Ck2 and Cc2 that are generated based on the number of operations of the lock button 24 or the unlock button 25 have regularity, and therefore are more easily estimated by a third party than the challenge code Cch. Therefore, in these two authentication methods, when the authentication information is generated using the common encryption key K, when the rolling code estimated by a third party is input to the electronic key 12 as the challenge code Cch, the challenge information As the key-side second authentication code Ck8 for the code Cch, the same key-side first authentication code Ck5 is output, and there is a concern that the key-side first authentication code Ck5 may be read illegally. For this reason, normally, separate encryption keys K are set for these two authentication methods, and it is necessary to store at least two encryption keys K in the in-vehicle device 13 and the electronic key 12, respectively. Therefore, a special storage area for storing the encryption key K is required.

  In this regard, in the present embodiment, in the wireless authentication, the electronic key 12 transmits a part of the encryption code Ck4 extracted based on the first extraction rule to the authentication device as the key side first authentication code Ck5. On the other hand, in challenge-response authentication, the electronic key 12 uses a part of the encryption code Ck7 extracted based on the second extraction rule different from the first extraction rule at the time of wireless authentication as the key side second authentication code Ck8. To the in-vehicle device 13. Therefore, even when the rolling codes Ck2 and Cc2 based on the number of operations of the lock button 24 or the unlock button 25 match the challenge code Cch managed by the verification control device 31, the key side first authentication code corresponding to the rolling code Ck2 Ck5 and the key-side second authentication code Ck8 corresponding to the challenge code Cch do not match, and different authentication codes Ck5 and Ck8 are exchanged. Therefore, even if the rolling code Ck2, Cc2 is estimated by a third party and the rolling code Ck2, Cc2 is input as the challenge code Cch, the key side second authentication code Ck8 for the challenge code Cch is changed to the key It is possible to prevent unauthorized use as the first side authentication code Ck5. Therefore, it is possible to perform authentication by two different authentication methods using the common encryption key K, and a special storage area for storing the encryption key K can be reduced.

Next, the operational effects of the above embodiment will be described below.
(1) The electronic key 12 transmits a part of the encryption codes Ck4 and Ck7 encrypted using a common encryption key to the in-vehicle device 13 as the key side authentication codes Ck5 and Ck8. If the vehicle-side authentication codes Cc5 and Cc8, which are part of the generated encryption codes Cc4 and Cc7, match the key-side authentication codes Ck5 and Ck8, the validity of the electronic key 12 is authenticated. Therefore, authentication can be performed based on the authentication codes Cc5, Cc8, Ck5, Ck8 having a smaller number of bits than the number of bits (information amount) necessary for encryption. Therefore, the amount of information exchanged between the electronic key 12 and the in-vehicle device 13 can be made smaller than the amount of information necessary for encryption.

  (2) Between wireless authentication using the rolling codes Ck2 and Cc2 based on the number of operations of the lock button 24 or the unlock button 25 and challenge / response authentication using the challenge code Cch managed by the in-vehicle device 13 A common encryption key K is used. Therefore, a special storage area for storing the encryption key K used for encrypted data communication can be reduced.

<Second Embodiment>
Next, a second embodiment of the present invention will be described. In the present embodiment, the collation control device 31 (specifically, the storage unit 31a) of the in-vehicle device 13 has an identification corresponding to the electronic key 12 together with the electronic key 12 registered in advance and the common encryption key K. Different first and second identification codes are stored as codes. These first and second identification codes are set for each electronic key 12 registered in the verification control device 31. In addition, the control circuit 21 (specifically, the storage unit 21a) of the electronic key 12 includes first and second different identification codes corresponding to the electronic key 12 together with the encryption key K common to the vehicle-mounted device 13. 2 identification codes are stored. Then, by using two different identification codes properly, the authentication code is generated by using different identification codes for wireless authentication and smart authentication, which is different from the first embodiment. Therefore, the same components as those in the first embodiment are denoted by the same reference numerals, and detailed description thereof is omitted. The first identification code corresponds to the first identification information, and the second identification code corresponds to the second identification information.

  As shown in FIG. 7A, when the lock button 24 or the unlock button 25 is operated, the control circuit 21 of the electronic key 12 (specifically, the key side first encryption unit 52) A 128-bit addition code Ck13 is generated by adding a 32-bit key-side rolling code Ck2 to one identification code Ck11, and the addition code Ck13 is encrypted using the common encryption key K. A code Ck14 is generated. In the present embodiment, the key-side first encryption unit 52 generates a 128-bit addition code Ck13 by adding the 32-bit key-side rolling code Ck2 to the 96-bit key-side first identification code Ck11. Then, the key-side first encryption unit 52 encrypts the 128-bit addition code Ck13 to generate a 128-bit encryption code Ck14.

  In addition, the control circuit 21 (specifically, the key-side first extraction unit 53) of the electronic key 12 uses one encryption code Ck14 encrypted by the key-side first encryption unit 52 using the common encryption key K. Are extracted based on a specific extraction rule determined in advance with the in-vehicle device 13 (specifically, the collation control device 31) to generate a 32-bit key side first authentication code Ck15. In the present embodiment, the control circuit 21 of the electronic key 12 extracts the last 32 bits of the encryption code Ck14 and generates a 32-bit key side first authentication code Ck15. The key side first authentication code Ck15 corresponds to the first authentication information on the target device side.

  As shown in FIG. 8A, when the control circuit 21 (specifically, the key-side second encryption unit 54) of the electronic key 12 receives the challenge code Cch, the key-side second identification code Ck12 is received. The added challenge code Cch is added to generate an addition code Ck16, and an encryption code Ck17 obtained by encrypting the addition code Ck16 using the common encryption key K is generated. In the present embodiment, the control circuit 21 of the electronic key 12 generates a 128-bit addition code Ck16 by adding a 32-bit challenge code Cch to the 96-bit key-side second identification code Ck12. Then, the control circuit 21 of the electronic key 12 encrypts the 128-bit addition code Ck16 to generate a 128-bit encryption code Ck17.

  In addition, the control circuit 21 (specifically, the key-side second extraction unit 55) of the electronic key 12 transfers a part of the encryption code Ck17 encrypted using the common encryption key K to the in-vehicle device 13 (specifically Specifically, extraction is performed based on a specific extraction rule determined in advance with the collation control device 31) to generate a 32-bit key-side second authentication code Ck18. In the present embodiment, the control circuit 21 of the electronic key 12 extracts the last 32 bits of the encryption code Ck7 and extracts the 32-bit key-side second authentication code as in the case of extracting the key-side first authentication code Ck15. Ck18 is generated. The key side second authentication code Ck18 corresponds to the second authentication information on the target device side.

  As shown in FIG. 7B, when the collation control device 31 (specifically, the vehicle-side first encryption unit 42) of the in-vehicle device 13 receives the locking / unlocking operation signal Sky, the vehicle of the corresponding electronic key 12 is displayed. An addition code Cc13 is generated by adding the vehicle-side rolling code Cc2 to the first side identification code Cc11, and an encryption code Cc14 obtained by encrypting the addition code Cc13 using the common encryption key K is generated. In the present embodiment, the collation control device 31 of the in-vehicle device 13 generates a 128-bit addition code Cc13 by adding a 32-bit vehicle-side rolling code Cc2 to the 96-bit first vehicle-side identification code Cc11. . Then, the collation control device 31 of the in-vehicle device 13 encrypts the 128-bit addition code Cc13 to generate a 128-bit encryption code Cc14.

  In addition, the collation control device 31 (specifically, the vehicle-side first extraction unit 43) of the in-vehicle device 13 uses a part of the encryption code Cc14 encrypted by using the common encryption key K as the electronic key 12. To generate a 32-bit vehicle-side first authentication code Cc15. In this Embodiment, the collation control apparatus 31 of the vehicle equipment 13 extracts the last 32 bits of the encryption code Cc4, and produces | generates 32-bit vehicle side 1st authentication code Cc15. The vehicle side first authentication code Cc15 corresponds to the first authentication information.

  Further, as shown in FIG. 8B, when the verification control device 31 of the in-vehicle device 13 (specifically, the vehicle-side second encryption unit 45) receives the response signal Sres transmitted from the electronic key 12, A challenge code Cch is added to the vehicle-side second identification code Cc12 of the corresponding electronic key 12 to generate an addition code Cc16, and the addition code Cc16 is encrypted using the common encryption key K. Is generated. In the present embodiment, the verification control device 31 of the in-vehicle device 13 generates a 128-bit addition code Cc16 by adding a 32-bit challenge code Cch to the 96-bit vehicle-side second identification code Cc12. Then, the collation control device 31 of the in-vehicle device 13 encrypts the 128-bit addition code Cc16 to generate a 128-bit encryption code Cc17.

  Further, the collation control device 31 (specifically, the vehicle-side second extraction unit 46) of the in-vehicle device 13 uses the encryption code Cc17 encrypted by the vehicle-side second encryption unit 45 using the common encryption key K. A part is extracted based on a specific extraction rule determined in advance with the electronic key 12, and the vehicle-side second authentication code Cc18 is generated. In the present embodiment, the collation control device 31 of the in-vehicle device 13 extracts the last 32 bits of the encryption code Cc17 in the same manner as when the vehicle-side first authentication code Cc15 is extracted. An authentication code Cc18 is generated. The vehicle-side second authentication code Cc18 corresponds to second authentication information on the authentication device side.

  In the present embodiment, in the wireless authentication, the electronic key 12 is identified from the encryption code Ck14 obtained by encrypting the addition code Ck13 obtained by adding the key-side rolling code Ck2 to the key-side first identification code Ck11 unique to the electronic key 12. A part extracted based on the extraction rule is transmitted to the in-vehicle device 13 as the key side first authentication code Ck15. On the other hand, in challenge / response authentication, the electronic key 12 encrypts an addition code Ck16 obtained by adding the challenge code Cch transmitted from the in-vehicle device 13 to the key side second identification code Ck12 different from the key side first identification code Ck11. A portion extracted from the encrypted code Ck17 based on a specific extraction rule is transmitted to the in-vehicle device 13 as the key-side second authentication code Ck18. Therefore, even when the rolling codes Ck2 and Cc2 managed by the electronic key 12 match the challenge code Cch managed by the in-vehicle device 13, different authentication codes Ck15 and Ck18 are exchanged. Therefore, even if the rolling code Ck2, Cc2 is estimated by a third party and the rolling code Ck2, Cc2 is input as the challenge code Cch, the key side second authentication code Ck18 for the challenge code Cch is changed to the key It is possible to prevent unauthorized use as the first side authentication code Ck15. Therefore, it is possible to perform authentication by two different authentication methods using the common encryption key K, and a special storage area for storing the encryption key K can be reduced.

In other words, the same effect as that of the first embodiment can be obtained also by the second embodiment.
<Third Embodiment>
Next, a third embodiment of the present invention will be described. In the present embodiment, a first addition rule for adding a rolling code to an identification code in wireless authentication and a second addition rule for adding a challenge code to the identification code in smart authentication are set in advance. Yes. The second embodiment is different from the first embodiment in that different authentication codes are generated for wireless authentication and smart authentication by using two different addition rules. Therefore, the same components as those in the first embodiment are denoted by the same reference numerals, and detailed description thereof is omitted.

  As shown in FIG. 9A, when the lock button 24 or the unlock button 25 is operated, the control circuit 21 (specifically, the key side first encryption unit 52) of the electronic key 12 recognizes the key side. A key-side rolling code Ck2 is added to the code Ck1 based on a first addition rule determined in advance with the vehicle-mounted device 13 (specifically, the collation control device 31) to generate an addition code Ck23 To do. In this embodiment, the control circuit 21 of the electronic key 12 generates a 128-bit addition code Ck23 by adding a 96-bit key-side identification code Ck1 after the 32-bit key-side rolling code Ck2. Then, the key-side first encryption unit 52 encrypts the 128-bit addition code Ck23 to generate a 128-bit encryption code Ck24.

  In addition, the control circuit 21 (specifically, the key-side first extraction unit 53) of the electronic key 12 uses one encryption code Ck24 encrypted by the key-side first encryption unit 52 using the common encryption key K. Are extracted based on a specific extraction rule determined in advance with the in-vehicle device 13 (specifically, the collation control device 31) to generate a 32-bit key side first authentication code Ck25. In the present embodiment, the control circuit 21 of the electronic key 12 extracts the last 32 bits of the encryption code Ck24 and generates a 32-bit key-side first authentication code Ck25. The key side first authentication code Ck25 corresponds to the first authentication information on the target device side.

  As shown in FIG. 10A, when receiving the challenge code Cch, the control circuit 21 (specifically, the key side second encryption unit 54) of the electronic key 12 receives the key side identification code Ck1. The received challenge code Cch is added based on a second addition rule determined in advance with the in-vehicle device 13 (specifically, the collation control device 31) to generate an addition code Ck26. In the present embodiment, the control circuit 21 of the electronic key 12 generates a 128-bit addition code Ck26 by adding a 96-bit key side identification code Ck1 before the 32-bit challenge code Cch. Then, the control circuit 21 of the electronic key 12 encrypts the 128-bit addition code Ck26 to generate a 128-bit encryption code Ck27.

  In addition, the control circuit 21 (specifically, the key-side second extraction unit 55) of the electronic key 12 transfers a part of the encryption code Ck27 encrypted by using the common encryption key K to the in-vehicle device 13 (specifically Specifically, extraction is performed based on a specific extraction rule determined in advance with the collation control device 31) to generate a 32-bit key-side second authentication code Ck28. In the present embodiment, the control circuit 21 of the electronic key 12 extracts the last 32 bits of the encryption code Ck7 and extracts the 32-bit key-side second authentication code as in the case of extracting the key-side first authentication code Ck25. Ck28 is generated. The key side second authentication code Ck28 corresponds to the second authentication information on the target device side.

  As shown in FIG. 9B, when the collation control device 31 (specifically, the vehicle-side first encryption unit 42) of the in-vehicle device 13 receives the locking / unlocking operation signal Sky, the vehicle of the corresponding electronic key 12 is displayed. A vehicle-side rolling code Cc2 is added to the side identification code Cc1 based on a first addition rule determined in advance with the electronic key 12 (specifically, the control circuit 21), and an addition code Cc23 Is generated. In the present embodiment, the collation control device 31 of the in-vehicle device 13 generates the 128-bit addition code Cc23 by adding the 96-bit vehicle-side identification code Cc1 after the 32-bit vehicle-side rolling code Cc2. Then, the verification control device 31 of the in-vehicle device 13 encrypts the 128-bit addition code Cc23 to generate a 128-bit encryption code Cc24.

  In addition, the verification control device 31 (specifically, the vehicle-side first extraction unit 43) of the in-vehicle device 13 uses a part of the encryption code Cc24 encrypted by using the common encryption key K as the electronic key 12. To generate a 32-bit vehicle side first authentication code Cc25. In this Embodiment, the collation control apparatus 31 of the vehicle equipment 13 extracts the last 32 bits of the encryption code Cc4, and produces | generates the 32-bit vehicle side 1st authentication code Cc25. The vehicle-side first authentication code Cc25 corresponds to the first authentication information.

  Further, as shown in FIG. 10B, when the verification control device 31 (specifically, the vehicle-side second encryption unit 45) of the in-vehicle device 13 receives the response signal Sres transmitted from the electronic key 12, A challenge code Cch is added to the vehicle-side identification code Cc1 of the corresponding electronic key 12 based on a second addition rule determined in advance with the electronic key 12 (specifically, the control circuit 21). The addition code Cc26 is generated. In the present embodiment, the verification control device 31 of the in-vehicle device 13 generates a 128-bit addition code Cc26 by adding a 96-bit vehicle-side identification code Cc1 before the 32-bit 32-bit challenge code Cch. To do. Then, the verification control device 31 of the in-vehicle device 13 encrypts the 128-bit addition code Cc26 to generate a 128-bit encryption code Cc27.

  Further, the collation control device 31 (specifically, the vehicle-side second extraction unit 46) of the vehicle-mounted device 13 uses the encryption code Cc27 encrypted by the vehicle-side second encryption unit 45 using the common encryption key K. A part is extracted based on a specific extraction rule determined in advance with the electronic key 12, and the vehicle side second authentication code Cc28 is generated. In the present embodiment, the collation control device 31 of the in-vehicle device 13 extracts the last 32 bits of the encryption code Cc27 and extracts the 32-bit vehicle-side second as in the case where the vehicle-side first authentication code Cc25 is extracted. An authentication code Cc28 is generated. The vehicle-side second authentication code Cc28 corresponds to second authentication information on the authentication device side.

  In the present embodiment, in the wireless authentication, the electronic key 12 is based on a first addition rule that is negotiated in advance with the in-vehicle device 13 for the key-side identification code Ck1 unique to the electronic key 12 and the rolling code Ck2. Is added to generate the addition code Ck23, and a part of the encryption code Ck24 obtained by encrypting the addition code Ck23 is transmitted to the in-vehicle device 13 as the key side first authentication code Ck25. On the other hand, in challenge / response authentication, the electronic key 12 uses the first addition rule determined in advance with the in-vehicle device 13 as the challenge code Cch transmitted from the in-vehicle device 13 as the key side identification code Ck1. Is added based on a different second addition rule to generate an addition code Ck26, and a part of the encryption code Ck27 obtained by encrypting the addition code Ck26 is transmitted to the in-vehicle device 13 as the key side second authentication code Ck28. Therefore, even when the rolling codes Ck2 and Cc2 based on the number of operations of the lock button 24 or the unlock button 25 match the challenge code Cch managed by the vehicle-mounted device 13, the key side first authentication code Ck25 corresponding to the rolling code Ck2 And the key-side second authentication code Ck28 corresponding to the challenge code Cch do not match, and different authentication codes Ck25 and Ck28 are exchanged. For this reason, even when the rolling code Ck2, Cc2 is estimated by a third party and the rolling code Ck2, Cc2 is input as the challenge code Cch, the key side second authentication code Ck28 for the challenge code Cch is changed to the key It is possible to prevent unauthorized use as the first side authentication code Ck25. Therefore, it is possible to perform authentication by two different authentication methods using the common encryption key K, and a special storage area for storing the encryption key K can be reduced.

In other words, the third embodiment can provide the same effects as those of the first and second embodiments.
In addition, you may change this Embodiment as follows.

  In the first embodiment, different authentication codes are generated for wireless authentication and smart authentication by properly using two different extraction rules. In the second embodiment, different authentication codes are generated for wireless authentication and smart authentication by using two different identification codes. In the third embodiment, different authentication codes are generated for wireless authentication and smart authentication by using two different addition rules. However, by combining these, different authentication codes may be generated for wireless authentication and smart authentication. Further, by combining two of these, different authentication codes may be generated for wireless authentication and smart authentication.

In each of the above embodiments, a 32-bit authentication code is extracted from a 128-bit encryption code, but the length of the authentication code can be changed as appropriate.
In each of the above embodiments, the present invention is applied to the electronic key system 11 that locks and unlocks the door through wireless communication between the electronic key 12 possessed by the user and the vehicle (collation control device 31). For example, the present invention may be embodied in a residential electronic key system. Further, the authentication device may be embodied in a communication system that authenticates the portable device by holding the portable device over the communication device.

  In each of the above embodiments, two communication devices that perform mutual wireless communication, that is, the electronic key 12 and the vehicle-mounted device 13 are exemplified. However, for example, a plurality of electronic control devices connected to each other by a communication bus or the like, or The present invention can also be applied to a wired communication system including a plurality of computers connected to each other by a communication cable or the like.

The block diagram which shows schematic structure of an electronic key system. The functional block diagram regarding the encryption communication of 1st Embodiment. The flowchart regarding the process sequence of the wireless authentication of 1st Embodiment. (A) And (b) is the schematic regarding the authentication code preparation of the wireless authentication of 1st Embodiment. The flowchart regarding the process sequence of the smart authentication of 1st Embodiment. (A) And (b) is the schematic regarding the authentication code preparation of the smart authentication of 1st Embodiment. (A) And (b) is the schematic regarding the authentication code preparation of the wireless authentication of 2nd Embodiment. (A) And (b) is the schematic regarding the authentication code preparation of the smart authentication of 2nd Embodiment. (A) And (b) is the schematic regarding the authentication code preparation of the wireless authentication of 3rd Embodiment. (A) And (b) is the schematic regarding the authentication code preparation of the smart authentication of 3rd Embodiment.

Explanation of symbols

  24... Locking button as an input unit, 25... Unlocking button as an input unit, 52... Key side first encryption unit constituting the first communication unit, 53... Key side first extraction unit constituting the first communication unit 54 ... Key side second encryption unit constituting second communication means, 55 ... Key side second extraction part constituting second communication means, K ... Encryption key, Ck1, Cc1 ... Identification code as identification information, Ck2 , Cc2 ... rolling code as input history information, Ck3, Cc3, Ck6, Cc6, Ck13, Cc13, Ck16, Cc16, Ck23, Cc23, Ck26, Cc26 ... addition codes as addition information, Ck5, Cc5, Ck15, Cc15, Ck25, Cc25 ... first authentication code as first authentication information, Ck8, Cc8, Ck18, Cc18, Ck28, Cc28 ... second authentication information The second authentication code, Ck11, Cc11 ... first identification code as the first identification information, CK12, Cc12 ... second identification code as the second identification information.

Claims (3)

The common device has a common encryption key between the authentication device and the target device registered in the authentication device, and the target device uses the common encryption key for common information shared between the target device and the authentication device. The encryption result encrypted using the key is transmitted to the authentication device as authentication information, and the authentication result received by the authentication device as the authentication information and the authentication result for the common information A cryptographic data communication system in which the authentication device authenticates the legitimacy of the target device when the device compares the encryption result encrypted using the common encryption key and they match,
The target device is generated each time the input unit is operated on identification information unique to the target device when the authentication start operation is input to the input unit and the authentication start operation is input to the input unit. A part of the encryption result obtained by encrypting the added information added with the input history information using the common encryption key based on the first extraction rule determined in advance with the authentication device And receiving the first communication means for transmitting a part of the encryption result as the first authentication information to the authentication device and the random number information transmitted from the authentication device, receiving the identification information unique to the target device. A part of the encryption result obtained by encrypting the added information to which the random number information is added using the common encryption key is different from the first extraction rule determined in advance with the authentication device. Extract based on the second extraction rule, the dark A portion of the resulting second authentication information and a second communication means for transmitting to said authentication apparatus,
When the authentication device receives the first authentication information, the addition is performed by adding the input history information generated every time the first authentication information is received to the identification information unique to the target device registered in the authentication device. A part of the encryption result obtained by encrypting the information using the common encryption key is extracted based on the first extraction rule, and is included in the extracted encryption result and the first authentication information When the encryption result on the target device side matches, the authenticity of the target device is authenticated, and when the second authentication information is received, the identification information unique to the target device registered in the target device The second extraction rule in which a part of the encryption result obtained by encrypting the addition information added with the random number information transmitted to the target device using the common encryption key is preliminarily negotiated with the target device. Extracted based on the extracted cipher And fruit, wherein when the said target device side encrypted result matches that contained in the second authentication information, encryption data communication system, characterized in that to authenticate the target device. The common device has a common encryption key between the authentication device and the target device registered in the authentication device, and the target device uses the common encryption key for common information shared between the target device and the authentication device. The encryption result encrypted using the key is transmitted to the authentication device as authentication information, and the authentication result received by the authentication device as the authentication information and the authentication result for the common information A cryptographic data communication system in which the authentication device authenticates the legitimacy of the target device when the device compares the encryption result encrypted using the common encryption key and they match,
The target device includes an input unit to which an authentication start operation is input, and each time the input unit is operated on first identification information unique to the target device when the authentication start operation is input to the input unit. A part of the encryption result obtained by encrypting the addition information added with the input history information generated by using the common encryption key, based on a specific extraction rule determined in advance with the authentication device And receiving the first communication means for transmitting a part of the extracted cryptographic result as first authentication information to the authentication device, and the random number information transmitted from the authentication device. A part of the encryption result obtained by encrypting the addition information obtained by adding the received random number information to the second identification information unique to the target device different from the authentication device using the common encryption key, Based on specific extraction rules There was extracted, and a second communication means for transmitting a portion of the extract out encryption result to the authentication device as the second authentication information,
When the authentication device receives the first authentication information, the input history information generated every time the first authentication information is received in the first identification information unique to the target device registered in the authentication device. A part of the encryption result obtained by encrypting the added addition information using the common encryption key is extracted based on the specific extraction rule, and included in the extracted encryption result and the first authentication information And authenticating the validity of the target device when the encryption result on the target device side matches, and receiving the second authentication information, the second unique to the target device registered in itself A part of the encryption result obtained by encrypting the addition information obtained by adding the random number information transmitted to the target device to the identification information using the common encryption key is extracted based on the specific extraction rule. Included in the encryption result and the second authentication information When said encryption result of the target device side and matches, encryption data communication system, characterized in that to authenticate the target device. The common device has a common encryption key between the authentication device and the target device registered in the authentication device, and the target device uses the common encryption key for common information shared between the target device and the authentication device. The encryption result encrypted using the key is transmitted to the authentication device as authentication information, and the authentication result received by the authentication device as the authentication information and the authentication result for the common information A cryptographic data communication system in which the authentication device authenticates the legitimacy of the target device when the device compares the encryption result encrypted using the common encryption key and they match,
The target device is generated each time the input unit is operated on identification information unique to the target device when the authentication start operation is input to the input unit and the authentication start operation is input to the input unit. Input history information is added based on a first addition rule determined in advance with the authentication device to generate addition information, and the generated addition information is encrypted using the common encryption key A part of the encrypted result is extracted based on a specific extraction rule determined in advance with the authentication device, and a part of the extracted encryption result is transmitted to the authentication device as first authentication information. When the random number information transmitted from the first communication means and the authentication device is received, the random number information received in the identification information is different from the first addition rule determined in advance with the authentication device. Add based on the addition rule of 2 Generating addition information, and extracting a part of the encryption result obtained by encrypting the generated addition information using the common encryption key based on a specific extraction rule previously determined with the authentication device And a second communication means for transmitting a part of the extracted cryptographic result to the authentication device as second authentication information,
When the authentication device receives the first authentication information, the input history information generated every time the first authentication information is received in the identification information unique to the target device registered in the authentication device. To generate addition information based on the addition rule, and extract a part of the encryption result obtained by encrypting the generated addition information using the common encryption key based on the specific extraction rule. When the extracted encryption result matches the encryption result on the target device side included in the first authentication information, the authenticity of the target device is authenticated and the second authentication information is received. In this case, random number information transmitted to the target device is added to identification information unique to the target device registered in itself based on the second addition rule to generate addition information, and the generated addition information is Encrypt using a common encryption key When a part of the cryptographic result is extracted based on the specific extraction rule, and the extracted cryptographic result matches the cryptographic result on the target device side included in the second authentication information, the target An encryption data communication system characterized by authenticating the validity of a device.

Images