JP6188744B2 - Management system, vehicle and management method - Google Patents

Description

The present invention relates to a management system, a vehicle, and a management method.

  In recent years, automobiles have an ECU (Electronic Control Unit) and realize functions such as engine control by the ECU. The ECU is a kind of computer and realizes a desired function by a computer program. For an automobile that is already in use, the ECU computer program is usually updated at a general automobile maintenance shop during an automobile inspection or a periodic inspection.

  Conventionally, in updating an ECU computer program, an operator connects a diagnostic terminal dedicated for maintenance to a diagnostic port called an OBD (On-board Diagnostics) port of an automobile, and installs an update program and sets data from the diagnostic terminal. Make changes. In this regard, for example, Non-Patent Documents 1 and 2 describe security.

C. Miller, C. Valasek, “Adventures in Automotive Networks and Control Units”, DEF CON 21, August 2013 Hiroaki Takada, Tsutomu Matsumoto, “Proposal for Strengthening Information Security of In-Vehicle Embedded Systems”, September 2013, Internet <URL: https://www.ipa.go.jp/files/000034668.pdf> Trusted Computing Group, Internet <URL: http://www.trustedcomputinggroup.org/>

  In the non-patent documents 1 and 2 described above, means for realizing improvement in security is not described. For this reason, it is desired to improve the reliability of application of data such as a computer program used in an in-vehicle computer such as an ECU provided in a vehicle such as an automobile. For example, after the ECU is activated, it is conceivable to improve the defense capability of the in-vehicle computer system by mutually authenticating the data exchange partner using a key held by the ECU. For example, it is conceivable to verify the validity of data exchanged between ECUs using a key held by the ECU. In addition, for example, an electronic signature is attached to data such as a computer program used in the ECU and distributed to the vehicle management device, and the electronic signature of the distributed data is verified using a key held by the management device. Thus, it is conceivable to inspect data such as a computer program used in the ECU. Here, how to realize the management and update of the key held in the automobile is a key security issue.

The present invention has been made in view of such circumstances, and it is an object of the present invention to provide a management system, a vehicle, and a management method that can contribute to the management and update of a key held in a vehicle such as an automobile. .

(1) One aspect of the present invention is a management system including a management device and an in-vehicle computer provided in a vehicle, wherein the management device and the in-vehicle computer communicate via a communication network provided in the vehicle. And the in-vehicle computer have a common key storage unit that stores a Root secret key and a Root certificate that is a public key certificate of a Root public key of a pair of the Root secret key, and the key storage unit The management system issues a public key certificate used for a public key cryptosystem using a stored pair of a root certificate and a root private key.
(2) According to one aspect of the present invention, in the management system according to (1), the management device is stored in a key generation unit that generates a public / private key pair and a key storage unit of the management device A cryptographic processing unit that generates an electronic signature of the public key generated by the key generation unit using a Root private key, and is generated by the public key generated by the key generation unit and the cryptographic processing unit. The in-vehicle computer transmits a public key certificate composed of an electronic signature to the in-vehicle computer, and the in-vehicle computer stores the public key certificate received from the management device in a root certificate stored in the key storage unit of the in-vehicle computer. It is a management system provided with the verification part which verifies using a certificate.
(3) According to one aspect of the present invention, in the management system according to (2), the in-vehicle computer is stored in a key generation unit that generates a public / private key pair and a key storage unit of the in-vehicle computer. A cryptographic processing unit that generates an electronic signature of the public key generated by the key generation unit of the in-vehicle computer using a Root private key, and the public key generated by the key generation unit of the in-vehicle computer, A public key certificate composed of an electronic signature generated by an encryption processing unit of the in-vehicle computer is transmitted to the management device, and the management device receives the public key certificate received from the in-vehicle computer of the management device. The management system includes a verification unit that verifies using a Root certificate stored in a key storage unit.
(4) According to one aspect of the present invention, in the management system of (3), the key generation unit of the management device generates a key, and the encryption processing unit of the management device transmits the public key certificate transmitted to the in-vehicle computer A public key of the certificate and a private key paired to generate an electronic signature of the key generated by the key generation unit of the management device, and a key certificate composed of the key and the electronic signature Encrypted with the public key of the public key certificate received from the computer, the management device transmits the encrypted data of the key certificate to the in-vehicle computer, and the encryption processing unit of the in-vehicle computer received from the management device The encrypted data of the key certificate is decrypted with the public key of the public key certificate transmitted to the management apparatus and the private key paired, and the verification unit of the in-vehicle computer decrypts the encrypted data of the key certificate data And verified using the public key of the public key certificate received from the management apparatus, a management system.
(5) According to one aspect of the present invention, in the management system according to any one of (1) to (4), the key generation unit of the management device generates a pair of a new root public key and a new root private key, The encryption processing unit of the management device generates an electronic signature of the new Root public key using a Root private key stored in the key storage unit of the management device, and the key storage unit of the management device A root authentication key, a new root certificate that is a public key certificate composed of the new root public key and an electronic signature of the new root public key, and the management device stores the new root private key The new Root certificate is encrypted with an encryption path key shared with the in-vehicle computer and transmitted to the in-vehicle computer. The in-vehicle computer receives the new Root secret key received from the management device and the The encrypted data of the root certificate is decrypted with the encryption path key, and the verification unit of the in-vehicle computer converts the decrypted new root certificate into a root certificate stored in the key storage unit of the in-vehicle computer. The key storage unit of the in-vehicle computer is a management system that stores the new root private key and the new root certificate when the verification of the new root certificate is successful.

(6) One aspect of the present invention is a vehicle including the management system according to any one of (1) to (5) above.

(7) One aspect of the present invention is a management device provided in the vehicle that communicates with an in-vehicle computer provided in the vehicle via a communication network provided in the vehicle, and discloses a Root disclosure of a pair of a Root secret key and the Root secret key A key storage unit that stores a root certificate that is a public key certificate of a key is provided in common with the in-vehicle computer, and a pair of a root certificate and a root secret key stored in the key storage unit is used. A management device that issues a public key certificate used for public key cryptography.

(8) One aspect of the present invention is an in-vehicle computer provided in the vehicle that communicates with a management device provided in the vehicle via a communication network provided in the vehicle, and a Root disclosure of a pair of a Root secret key and the Root secret key A key storage unit that stores a root certificate that is a public key certificate of a key is provided in common with the management device, and a pair of a root certificate and a root private key stored in the key storage unit is used. An in-vehicle computer that issues a public key certificate used in a public key cryptosystem.

(9) One aspect of the present invention is a management system management method including a management device and an in-vehicle computer provided in a vehicle, wherein the management device and the in-vehicle computer communicate via a communication network provided in the vehicle. The management device and the in-vehicle computer commonly store in each key storage unit a root certificate that is a public key certificate of a root public key and a root public key of a pair of the root private key. And issuing a public key certificate used in a public key cryptosystem using a pair of a Root certificate and a Root private key stored in the key storage unit.

(10) According to one aspect of the present invention, a Root disclosure of a pair of a Root secret key and a Root secret key is made available to a computer of a management device provided in the vehicle that communicates with an in-vehicle computer provided in the vehicle via a communication network provided in the vehicle. A root certificate that is a public key certificate of a key is stored in a key storage unit in common with the in-vehicle computer, and a pair of a root certificate and a root secret key stored in the key storage unit is used. And a step of issuing a public key certificate used for the public key cryptosystem.

(11) According to one aspect of the present invention, an in-vehicle computer provided in the vehicle that communicates with a management device provided in the vehicle via a communication network provided in the vehicle has a root public key that is a pair of a root secret key and the root secret key. A root certificate that is a public key certificate is stored in a key storage unit in common with the management device, and a pair of a root certificate and a root private key stored in the key storage unit is used. And a step of issuing a public key certificate used in a public key cryptosystem.

  According to the present invention, it is possible to contribute to management and updating of a key held in a vehicle such as an automobile.

1 is a diagram illustrating an automobile 1 according to a first embodiment. It is a block diagram which shows the management apparatus 10 which concerns on 1st Embodiment. It is a figure which shows the structure of the key memory | storage part 22 shown in FIG. It is a lineblock diagram showing ECU50 concerning a 1st embodiment. It is a figure which shows the structure of the key memory | storage part 62 shown in FIG. It is a sequence chart of the management method concerning a 1st embodiment. It is a sequence chart of the management method concerning a 1st embodiment. It is a sequence chart of the management method concerning a 1st embodiment. It is a sequence chart of the management method concerning a 1st embodiment. It is a figure which shows the management system which concerns on 2nd Embodiment. It is a block diagram which shows the management apparatus 10a which concerns on 2nd Embodiment.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the following embodiment, a vehicle will be described as an example of a vehicle.

[First Embodiment]
FIG. 1 is a diagram illustrating an automobile 1 according to the first embodiment. In FIG. 1, the automobile 1 includes a management device 10 and an ECU 50. The management device 10 is connected to the control in-vehicle network 40. For example, a CAN (Controller Area Network) is used as the in-vehicle network 40 for control. CAN is known as one of communication networks mounted on vehicles. In the present embodiment, the in-vehicle network for control 40 is a CAN. Various ECUs 50 are connected to the control in-vehicle network 40. The ECU 50 is an in-vehicle computer provided in the automobile 1. The ECU 50 is, for example, a drive system ECU, a vehicle body system ECU, a safety control system ECU, or the like. The management device 10 exchanges data with each ECU 50 via the control in-vehicle network 40. The ECU 50 exchanges data with other ECUs 50 via the control in-vehicle network 40.

  The management device 10 includes a secure element 20. The ECU 50 includes a secure element 60.

  FIG. 2 is a configuration diagram illustrating the management apparatus 10 according to the first embodiment. In FIG. 2, the management apparatus 10 includes a control unit 11, a CAN interface 12, and a secure element 20. Each of these units is configured to exchange data. The secure element 20 includes a key generation unit 21, a key storage unit 22, a verification unit 23, and an encryption processing unit 24.

  The control unit 11 has a control function of the management apparatus 10. The CAN interface 12 is a communication unit that communicates with the ECU 50. The CAN interface 12 is connected to the control in-vehicle network 40 and exchanges data with each ECU 50 via the control in-vehicle network 40. The secure element 20 has tamper resistance.

  In the secure element 20, the key generation unit 21 generates a key. The key storage unit 22 stores a key. The verification unit 23 verifies data exchange. The encryption processing unit 24 encrypts data and decrypts encrypted data.

  FIG. 3 is a diagram showing the configuration of the key storage unit 22 shown in FIG. 3, the key storage unit 22 includes a root certificate storage unit 31, a root private key storage unit 32, an S public key certificate storage unit 33, an S private key storage unit 34, a C public key certificate storage unit 35, and a MAC. A key storage unit 36 is provided.

  The root certificate storage unit 31 stores a root certificate Cert_KRp. The root secret key storage unit 32 stores the root secret key KRs. The root certificate Cert_KRp is a public key certificate. The public key certified by the root certificate Cert_KRp is the root public key KRp. The root secret key KRs is a secret key paired with the root public key KRp. The root certificate Cert_KRp and the root secret key KRs are safely written into the secure element 20 when the management apparatus 10 is manufactured, for example. The root certificate Cert_KRp written in the secure element 20 is stored in the root certificate storage unit 31. The root secret key KRs written in the secure element 20 is stored in the root secret key storage unit 32. The Root certificate Cert_KRp and the Root secret key KRs are preferably managed and concealed so that they remain in plain text and are not output from the secure element 20 to the outside.

  The S public key certificate storage unit 33 stores the S public key certificate Cert_KSp. The S secret key storage unit 34 stores the S secret key KSs. The S public key certificate KSp is a public key certificate. The public key proved by the S public key certificate Cert_KSp is the S public key KSp. The S secret key KSs is a secret key paired with the S public key KSp. The S public key certificate Cert_KSp and the S private key KSs are generated by the key generation unit 21. The S public key certificate Cert_KSp generated by the key generation unit 21 is stored in the S public key certificate storage unit 33. The S secret key KSs generated by the key generation unit 21 is stored in the S secret key storage unit 34.

  The C public key certificate storage unit 35 stores the C public key certificate. The C public key certificate exists for each ECU 50. The C public key certificate storage unit 35 stores the C public key certificate of each ECU 50. A C public key certificate of an ECU 50 is a certificate of the public key of the ECU 50. For example, the public key certified by the C public key certificate Cert_KC1p of the first ECU 50 that is one of the ECUs 50 provided in the automobile 1 is the C public key KC1p. The C public key KC1p is a public key of the first ECU 50. The C public key KC1p is paired with a C secret key KC1s that is a secret key of the first ECU 50. The C public key certificate received from each ECU 50 is stored in the C public key certificate storage unit 35.

  The MAC key storage unit 36 stores the MAC key Km. The MAC key Km is a common key generated by the key generation unit 21. The MAC key Km generated by the key generation unit 21 is stored in the MAC key storage unit 36. The MAC key Km is used when exchanging data between the ECUs 50, for example.

  FIG. 4 is a configuration diagram showing the ECU 50 according to the first embodiment. In FIG. 4, the ECU 50 includes a control unit 51, a CAN interface 52, and a secure element 60. Each of these units is configured to exchange data. The secure element 60 includes a key generation unit 61, a key storage unit 62, a verification unit 63, and an encryption processing unit 64.

  The control unit 51 has a predetermined control function corresponding to the ECU 50. The CAN interface 52 is a communication unit that communicates with the management apparatus 10 and other ECUs 50. The CAN interface 52 is connected to the control in-vehicle network 40 and exchanges data with the management apparatus 10 and other ECUs 50 through the control in-vehicle network 40. The secure element 60 has tamper resistance.

  In the secure element 60, the key generation unit 61 generates a key. The key storage unit 62 stores a key. The verification unit 63 verifies the exchange of data. The encryption processing unit 64 performs data encryption and decryption of the encrypted data.

  FIG. 5 is a diagram showing a configuration of the key storage unit 62 shown in FIG. In FIG. 5, a key storage unit 62 includes a root certificate storage unit 71, a root private key storage unit 72, a C public key certificate storage unit 73, a C private key storage unit 74, an S public key certificate storage unit 75, and a MAC. A key storage unit 76 is provided.

  The root certificate storage unit 71 stores the same root certificate Cert_KRp as that of the management apparatus 10. The root secret key storage unit 72 stores the same root secret key KRs as that of the management apparatus 10. Therefore, the management apparatus 10 and each ECU 50 include a pair of the same root certificate Cert_KRp and a root secret key KRs. The root certificate Cert_KRp and the root secret key KRs are safely written in the secure element 60 when the ECU 50 is manufactured, for example. The root certificate Cert_KRp written in the secure element 60 is stored in the root certificate storage unit 71. The root secret key KRs written to the secure element 60 is stored in the root secret key storage unit 72. The Root certificate Cert_KRp and the Root secret key KRs are preferably managed and concealed so that they remain in plain text and are not output from the secure element 60 to the outside.

  The C public key certificate storage unit 73 stores the C public key certificate. The C secret key storage unit 74 stores the C secret key. The C public key certificate is a public key certificate. The C private key is a private key paired with the public key of the C public key certificate. The C public key certificate and the C private key are generated by the key generation unit 61. The C public key certificate generated by the key generation unit 61 is stored in the C public key certificate storage unit 73. The C secret key generated by the key generation unit 61 is stored in the C secret key storage unit 74. For example, the C public key certificate Cert_KC1p of the first ECU 50 is a certificate of the C public key KC1p of the first ECU 50. The C public key KC1p is paired with the C secret key KC1s of the first ECU 50. The C public key certificate Cert_KC1p generated by the key generation unit 61 of the first ECU 50 is stored in the C public key certificate storage unit 73 of the first ECU 50. The C secret key KC1s generated by the key generation unit 61 of the first ECU 50 is stored in the C secret key storage unit 74 of the first ECU 50.

  The S public key certificate storage unit 75 stores the S public key certificate Cert_KSp of the management apparatus 10. The S public key certificate Cert_KSp received from the management apparatus 10 is stored in the S public key certificate storage unit 75.

  The MAC key storage unit 76 stores the MAC key Km. The MAC key Km received from the management apparatus 10 is stored in the MAC key storage unit 76.

  Next, a management method according to the first embodiment will be described with reference to FIGS. In the following description, the management device 10 and the ECU 50 transmit and receive data via the control in-vehicle network 40. The secure element 20 of the management device 10 transmits / receives data to / from the secure element 60 of the ECU 50 via the CAN interface 12. The secure element 60 of the ECU 50 transmits / receives data to / from the secure element 20 of the management apparatus 10 via the CAN interface 52. As a result, data is exchanged between the secure element 20 of the management apparatus 10 and the secure element 60 of the ECU 50.

[Public key certificate renewal stage]
With reference to FIG. 6, the update stage of the public key certificate will be described. FIG. 6 is a sequence chart of the management method according to the first embodiment. Here, for convenience of explanation, the first ECU 50 that is one of the ECUs 50 provided in the automobile 1 will be described as an example, but the same applies to the other ECUs 50.

(Step S1) In the secure element 20 of the management apparatus 10, the key generation unit 21 generates a pair of the S public key KSp and the S secret key KSs. As a method for generating a public key / private key pair, for example, RSA (Rivest Shamir Adleman), ECC (Elliptic Curve Cryptosystems), or the like can be used. Further, the key generation unit 21 generates an S public key certificate Cert_KSp for the generated S public key KSp. The S public key certificate Cert_KSp includes an S public key KSp and an electronic signature of the S public key KSp. The electronic signature of the S public key KSp is encrypted data obtained as a result of encrypting the hash value of the S public key KSp with the Root secret key KRs.

  In generating the S public key certificate Cert_KSp, first, the key generation unit 21 calculates a hash value hash (KSp) of the S public key KSp. Next, the encryption processing unit 24 encrypts the hash value hash (KSp) calculated by the key generation unit 21 with the Root secret key KRs stored in the Root secret key storage unit 32. The encrypted data KRs (hash (KSp)) is an electronic signature of the S public key KSp. Next, the key generation unit 21 configures the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” from the S public key KSp and the electronic signature KRs (hash (KSp)) of the S public key KSp.

  The S public key certificate storage unit 33 stores the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” generated by the key generation unit 21. The S secret key storage unit 34 stores the S secret key KSs generated by the key generation unit 21. In addition, the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” stored in the S public key certificate storage unit 33 and the S private key KSs stored in the S private key storage unit 34 are paired. Set the association information indicating that there is.

(Step S2) In the secure element 60 of the first ECU 50, the key generation unit 61 generates a pair of the C public key KC1p and the C secret key KC1s. Further, the key generation unit 61 generates a C public key certificate Cert_KC1p of the generated C secret key KC1s. The C public key certificate Cert_KC1p includes a C public key KC1p and an electronic signature of the C public key KC1p. The electronic signature of the C public key KC1p is encrypted data obtained as a result of encrypting the hash value of the C public key KC1p with the Root secret key KRs.

  In generating the C public key certificate Cert_KC1p, first, the key generation unit 61 calculates a hash value hash (KC1p) of the C public key KC1p. Next, the encryption processing unit 64 encrypts the hash value hash (KC1p) calculated by the key generation unit 61 with the Root secret key KRs stored in the Root secret key storage unit 72. The encrypted data KRs (hash (KC1p)) is an electronic signature of the C public key KC1p. Next, the key generation unit 61 forms a C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” from the C public key KC1p and the electronic signature KRs (hash (KC1p)) of the C public key KC1p.

  The C public key certificate storage unit 73 stores the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” generated by the key generation unit 61. The C secret key storage unit 74 stores the C secret key KC1s generated by the key generation unit 61. Also, the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” stored in the C public key certificate storage unit 73 and the C secret key KC1s stored in the C secret key storage unit 74 are paired. Set the association information indicating that there is.

(Step S3) The secure element 20 of the management apparatus 10 uses the CAN interface 12 to secure the S public key certificate Cert_KSp “KSp, KRs (hash (Ksp))” generated in Step S1 above to the secure of the first ECU 50. Transmit to element 60.

(Step S <b> 4) The secure element 60 of the first ECU 50 receives the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” from the secure element 20 of the management apparatus 10 via the CAN interface 52. In the secure element 60 of the first ECU 50, the verification unit 63 verifies the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” received from the secure element 20 of the management apparatus 10.

  In the verification of the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))”, the verification unit 63 first obtains the S public key KSp from the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))”. Acquire and calculate the hash value hash (KSp) of the acquired S public key KSp. Next, the verification unit 63 acquires the electronic signature KRs (hash (KSp)) from the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))”, and acquires the acquired electronic signature KRs (hash (KSp)). , Decryption is performed with the root public key KRp of the root certificate Cert_KRp stored in the root certificate storage unit 71. By this decryption, decrypted data “KRp · KRs (hash (KSp))” is obtained. Next, the verification unit 63 determines whether the calculated hash value hash (KSp) matches the decrypted data “KRp · KRs (hash (KSp))”. As a result of this determination, if they match, the verification of the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” is successful, and if they do not match, the S public key certificate Cert_KSp “KSp, KRs ( “hash (KSp))” is unsuccessful.

  If the verification of the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” is successful, the verification unit 63 obtains the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))”. The data is stored in the S public key certificate storage unit 75. Thereafter, the process proceeds to step S5.

  On the other hand, if the verification of the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” fails, the process in FIG. Therefore, the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” is not stored in the S public key certificate storage unit 75. In addition, when the verification of the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” fails, the control unit 51 may execute a predetermined error process.

(Step S5) The secure element 60 of the first ECU 50 uses the CAN interface 52 to obtain the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” generated in Step S2 above. Transmit to element 20.

(Step S6) The secure element 20 of the management apparatus 10 receives the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” from the secure element 60 of the first ECU 50 through the CAN interface 12. In the secure element 20 of the management device 10, the verification unit 23 verifies the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” received from the secure element 60 of the first ECU 50.

  In the verification of the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))”, the verification unit 23 first obtains the C public key KC1p from the C public key certificate Cert_KC1p “KC1, KRs (hash (KC1p))”. Acquire and calculate the hash value hash (KC1p) of the acquired C public key KC1p. Next, the verification unit 23 acquires the electronic signature KRs (hash (KC1p)) from the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))”, and acquires the acquired electronic signature KRs (hash (KC1p)). , Decryption is performed using the root public key KRp of the root certificate Cert_KRp stored in the root certificate storage unit 31. By this decryption, decrypted data “KRp · KRs (hash (KC1p))” is obtained. Next, the verification unit 23 determines whether or not the calculated hash value hash (KC1p) matches the decrypted data “KRp · KRs (hash (KC1p))”. As a result of this determination, if they match, the verification of the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” is successful, and if they do not match, the C public key certificate Cert_KC1p “KC1p, KRs ( “hash (KC1p))” is unsuccessful.

  When the verification of the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” is successful, the verification unit 23 obtains the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))”. The data is stored in the C public key certificate storage unit 35. Thereafter, the process of FIG. 6 is terminated.

  On the other hand, if the verification of the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” is unsuccessful, the processing in FIG. Therefore, the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” is not stored in the C public key certificate storage unit 35. In addition, when the verification of the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” is unsuccessful, the control unit 11 may execute predetermined error processing.

  According to the update stage of the public key certificate described above, the management apparatus 10 can issue the S public key certificate Cert_KSp and the ECU 50 can issue the C public key certificate. . For this reason, it is possible to issue a public key certificate by closing it inside the automobile 1 without using a general PKI (Public Key Infrastructure). Thereby, it is possible to realize a public key cryptosystem closed inside the automobile 1 without using a general PKI. In addition, when using the public key cryptosystem to conceal the data inside the automobile 1, communication for using the PKI existing outside the automobile 1 is not required, and thus the number of communication devices can be reduced. Effects such as applying to an environment where communication is impossible and easily increasing the frequency of issuing public key certificates can be obtained.

  The management device 10 and the ECU 50 repeatedly generate a public key / private key pair at a relatively short cycle to issue a public key certificate, and a new public key certificate is issued each time a public key certificate is issued. You may make it replace | exchange. Thereby, management of the revocation list of the public key may be omitted.

[MAC key update stage]
With reference to FIG. 7, the update step of the MAC key will be described. FIG. 7 is a sequence chart of the management method according to the first embodiment. Here, for convenience of explanation, the first ECU 50 that is one of the ECUs 50 provided in the automobile 1 will be described as an example, but the same applies to the other ECUs 50.

(Step S11) In the secure element 20 of the management device 10, the key generation unit 21 generates the MAC key Km. Next, the key generation unit 21 applies an electronic signature to the generated MAC key Km. In the electronic signature for the MAC key Km, the key generation unit 21 first calculates a hash value hash (Km) of the MAC key Km. Next, the encryption processing unit 24 encrypts the hash value hash (Km) calculated by the key generation unit 21 with the S secret key KSs stored in the S secret key storage unit 34. The encrypted data KSs (hash (Km)) is an electronic signature of the MAC key Km. Next, the key generation unit 21 configures the MAC key certificate “Km, KSs (hash (Km))” from the MAC key Km and the electronic signature KSs (hash (Km)) of the MAC key Km. The MAC key storage unit 36 stores the MAC key Km generated by the key generation unit 21.

(Step S12) In the secure element 20 of the management apparatus 10, the cryptographic processing unit 24 performs C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” stored in the C public key certificate storage unit 35 to C The public key KC1p is acquired. Next, the encryption processing unit 24 encrypts the MAC key certificate “Km, KSs (hash (Km))” generated by the key generation unit 21 with the acquired C public key KC1p. The encrypted data KC1p (“Km, KSs (hash (Km))”) is the transmission data of the encryption path key. Next, the secure element 20 of the management device 10 transmits the encryption path key transmission data KC1p (“Km, KSs (hash (Km))”) to the secure element 60 of the first ECU 50 via the CAN interface 12.

(Step S13) The secure element 60 of the first ECU 50 receives the encryption path key transmission data KC1p (“Km, KSs (hash (Km))”) from the secure element 20 of the management apparatus 10 through the CAN interface 52. . In the secure element 60 of the first ECU 50, the verification unit 63 verifies the encryption path key transmission data KC 1 p (“Km, KSs (hash (Km))”) received from the secure element 20 of the management device 10.

  In the verification of the transmission data KC1p (“Km, KSs (hash (Km))”) of the encryption path key, first, the encryption processing unit 64 uses the C secret key KC1s stored in the C secret key storage unit 74 as the encryption path key. The transmission data KC1p (“Km, KSs (hash (Km))”) is decrypted. By this decryption, decrypted data “KC1s · KC1p (“ Km, KSs (hash (Km)) ”)” is obtained. Next, the verification unit 63 acquires the MAC key Km from the decrypted data “KC1s · KC1p (“ Km, KSs (hash (Km)) ”)”, and calculates the hash value hash (Km) of the acquired MAC key Km. To do.

  Next, the verification unit 63 acquires the S public key KSp from the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” stored in the S public key certificate storage unit 75. Next, the verification unit 63 acquires the electronic signature KSs (hash (Km)) from the decrypted data “KC1s · KC1p (“ Km, KSs (hash (Km))) ”, and acquires the acquired electronic signature KSs (hash ( Km)) is decrypted with the S public key KSp. By this decryption, decrypted data “KSp · KSs (hash (Km))” is obtained.

  Next, the verification unit 63 determines whether or not the calculated hash value hash (Km) matches the decrypted data “KSp · KSs (hash (Km))”. If the result of this determination is that they match, the verification of the encryption path key transmission data KC1p (“Km, KSs (hash (Km))”) is successful, and if they do not match, the encryption path key transmission data KC1p ( The verification of “Km, KSs (hash (Km))” is unsuccessful.

  If the verification of the encryption path key transmission data KC1p (“Km, KSs (hash (Km))”) is successful, the verification unit 63 transmits the encryption path key transmission data KC1p (“Km, KSs (hash ( Km)))) The MAC key Km acquired from “)” is stored in the MAC key storage unit 76. Thereafter, the process of FIG. 7 is terminated.

  On the other hand, if the verification of the encryption path key transmission data KC1p (“Km, KSs (hash (Km))”) is unsuccessful, the processing in FIG. 7 ends. Therefore, the MAC key Km included in the encryption path key transmission data KC1p (“Km, KSs (hash (Km))”) is not stored in the MAC key storage unit 76. In addition, when the verification of the encryption path key transmission data KC1p (“Km, KSs (hash (Km))”) fails, the control unit 51 may execute predetermined error processing.

  According to the above-described MAC key update stage, the MAC key Km used in the automobile 1 can be updated inside the automobile 1 and can be safely performed by a public key cryptosystem.

[Root certificate renewal stage]
With reference to FIG. 8 and FIG. 9, the update step of the Root certificate will be described. 8 and 9 are sequence charts of the management method according to the first embodiment.

(Initial update stage of Root certificate)
First, referring to FIG. 8, the initial update stage of the root certificate will be described. Here, for convenience of explanation, in the pair of the root certificate Cert_KRp and the root secret key KRs initially held in the management apparatus 10 and the ECU 50, the root certificate Cert_KRp is referred to as the initial root certificate Cert_KRp, and the root public key KRp is the initial The root public key KRp is called, and the root secret key KRs is called the initial root secret key KRs. In the newly generated pair of the root certificate Cert_KRp and the root secret key KRs, the root certificate Cert_KRp is referred to as a new root certificate Cert_KRp_new, the root public key KRp is referred to as a new root public key KRp_new, and a Root secret key Is referred to as a new root secret key KRs_new. Here, the first ECU 50, which is one of the ECUs 50 provided in the automobile 1, will be described as an example, but the same applies to the other ECUs 50.

(Step S21) In the secure element 20 of the management apparatus 10, the key generation unit 21 generates a pair of a new root public key KRp_new and a new root secret key KRs_new. Further, the key generation unit 21 generates a new root certificate Cert_KRp_new which is a certificate of the generated new root public key KRp_new. The new root certificate Cert_KRp_new is composed of a new root public key KRp_new and an electronic signature of the new root public key KRp_new. The electronic signature of the new root public key KRp_new is encrypted data resulting from encrypting the hash value of the new root public key KRp_new with the initial root private key KRs.

  In generating the new root certificate Cert_KRp_new, first, the key generation unit 21 calculates a hash value hash (KRp_new) of the new root public key KRp_new. Next, the encryption processing unit 24 encrypts the hash value hash (KRp_new) calculated by the key generation unit 21 with the initial root secret key KRs stored in the root secret key storage unit 32. The encrypted data KRs (hash (KRp_new)) is an electronic signature of the new root public key KRp_new. Next, the key generation unit 21 creates a new Root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” from the new Root public key KRp_new and the electronic signature KRs (hash (KRp_new)) of the new Root public key KRp_new. .

  The root certificate storage unit 31 stores the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” generated by the key generation unit 21. The root secret key storage unit 32 stores the new root secret key KRs_new generated by the key generation unit 21. In addition, the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” stored in the root certificate storage unit 31 and the new root secret key KRs_new stored in the root secret key storage unit 32 are paired. Set the association information indicating.

(Step S22) In the secure element 20 of the management apparatus 10, the key generation unit 21 generates the encryption path key Kc. Next, the cryptographic processing unit 24 acquires the C public key KC1p from the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” stored in the C public key certificate storage unit 35. Next, the encryption processing unit 24 encrypts the encryption path key Kc generated by the key generation unit 21 with the acquired C public key KC1p. The encrypted data KC1p (Kc) is encryption path key transmission data. Next, the secure element 20 of the management apparatus 10 transmits the encryption path key transmission data KC1p (Kc) to the secure element 60 of the first ECU 50 through the CAN interface 12.

  The secure element 60 of the first ECU 50 receives the encryption path key transmission data KC1p (Kc) from the secure element 20 of the management apparatus 10 via the CAN interface 52. In the secure element 60 of the first ECU 50, the encryption processing unit 64 stores the encryption path key transmission data KC 1 p (Kc) received from the secure element 20 of the management device 10 in the C secret key storage unit 74. Decrypt with key KC1s. By this decoding, decoded data “KC1s · KC1p (Kc)” is obtained. If the encryption path key sending data KC1p (Kc) is successfully decrypted, the decrypted data “KC1s · KC1p (Kc)” is the encryption path key Kc. Here, it is assumed that the encryption path key transmission data KC1p (Kc) has been successfully decrypted and the encryption path key Kc is obtained.

(Step S23) In the secure element 20 of the management apparatus 10, the encryption processing unit 24 uses the encryption path key Kc generated by the key generation unit 21 in the above step S22 and the new root secret key KRs_new and the new root certificate Cert_KRp_new. “KRp_new, KRs (hash (KRp_new))” is encrypted. Thereby, the encrypted data Kc (KRs_new, “KRp_new, KRs (hash (KRp_new))”) is obtained. Next, the secure element 20 of the management device 10 transmits the encrypted data Kc (KRs_new, “KRp_new, KRs (hash (KRp_new))”) to the secure element 60 of the first ECU 50 via the CAN interface 12.

(Step S <b> 24) The secure element 60 of the first ECU 50 receives the encrypted data Kc (KRs_new, “KRp_new, KRs (hash (KRp_new))”) from the secure element 20 of the management apparatus 10 via the CAN interface 52. In the secure element 60 of the first ECU 50, the encryption processing unit 64 receives the encrypted data Kc (KRs_new, “KRp_new, KRs (hash (KRp_new))”) received from the secure element 20 of the management apparatus 10 in the above-described step. In S22, decryption is performed with the encryption path key Kc obtained by decrypting the transmission data KC1p (Kc) of the encryption path key. By this decryption, decrypted data “Kc · Kc (KRs_new,“ KRp_new, KRs (hash (KRp_new)) ”)” is obtained. If the decryption of the encrypted data Kc (KRs_new, “KRp_new, KRs (hash (KRp_new))”) is successful, the decrypted data “Kc · Kc (KRs_new,“ KRp_new, KRs (hash (KRp_new)) ”)”. Thus, a new root secret key KRs_new and a new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” are obtained. Here, the encrypted data Kc (KRs_new, “KRp_new, KRs (hash (KRp_new))”) has been successfully decrypted, and the new Root secret key KRs_new and the new Root certificate Cert_KRp_new “KRp_new, KRs (pnew) ) "Is obtained. Next, the verification unit 63 verifies the obtained new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))”.

  In the verification of the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))”, the verification unit 63 first obtains the new Root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” from the new Rot public key. Then, the hash value hash (KRp_new) of the acquired new Root public key KRp_new is calculated. Next, the verification unit 63 acquires the electronic signature KRs (hash (KRp_new)) from the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))”, and acquires the acquired electronic signature KRs (hash (KRp_new)). Decryption is performed using the initial root public key KRp of the initial root certificate Cert_KRp stored in the root certificate storage unit 71. By this decoding, decoded data “KRp · KRs (hash (KRp_new))” is obtained.

  Next, the verification unit 63 determines whether or not the calculated hash value hash (KRp_new) matches the decrypted data “KRp · KRs (hash (KRp_new))”. As a result of this determination, if they match, the verification of the new Root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” is successful, and if they do not match, the new Root certificate Cert_KRp_new “KRp_new, KRs (hash ( KRp_new)) "is unsuccessful.

  If the verification of the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” is successful, the root certificate storage unit 71 sets the new root certificate Cert_KRp_new “KRp_new, KRs (hash) (KRp_new)”. Remember. The root secret key storage unit 72 stores the new root secret key KRs_new. The new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” stored in the root certificate storage unit 71 and the new root secret key KRs_new stored in the root secret key storage unit 72 are paired. Set the association information indicating. Thereafter, the process of FIG. 8 is terminated.

  On the other hand, if the verification of the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” is unsuccessful, the processing in FIG. 8 ends. Therefore, the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” is not stored in the root certificate storage unit 71. In addition, when the verification of the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” is unsuccessful, the control unit 51 may execute predetermined error processing.

(The second and subsequent renewal stages of the root certificate)
Next, referring to FIG. 9, the second and subsequent update stages of the root certificate will be described. Here, for convenience of explanation, in the pair of the root certificate Cert_KRp before updating and the root secret key KRs held in the management apparatus 10 and the ECU 50, the root certificate Cert_KRp is referred to as the old root certificate Cert_KRp_old, and the root public key KRp is referred to as the root certificate Cert_KRp. The old Root public key KRp_old is called, and the Root secret key KRs is called the old Root secret key KRs_old. In the newly generated pair of the root certificate Cert_KRp and the root secret key KRs, the root certificate Cert_KRp is referred to as a new root certificate Cert_KRp_new, the root public key KRp is referred to as a new root public key KRp_new, and a Root secret key Is referred to as a new root secret key KRs_new. Here, the first ECU 50, which is one of the ECUs 50 provided in the automobile 1, will be described as an example, but the same applies to the other ECUs 50.

(Step S31) In the secure element 20 of the management apparatus 10, the key generation unit 21 generates a pair of a new root public key KRp_new and a new root secret key KRs_new. Further, the key generation unit 21 generates a new root certificate Cert_KRp_new which is a certificate of the generated new root public key KRp_new. The new root certificate Cert_KRp_new is composed of a new root public key KRp_new and an electronic signature of the new root public key KRp_new. The electronic signature of the new root public key KRp_new is encrypted data resulting from encrypting the hash value of the new root public key KRp_new with the old root private key KRs_old.

  In generating the new root certificate Cert_KRp_new, first, the key generation unit 21 calculates a hash value hash (KRp_new) of the new root public key KRp_new. Next, the encryption processing unit 24 encrypts the hash value hash (KRp_new) calculated by the key generation unit 21 with the old Root secret key KRs_old stored in the Root secret key storage unit 32. This encrypted data KRs_old (hash (KRp_new)) is an electronic signature of the new Root public key KRp_new. Next, the key generation unit 21 creates a new Root certificate Cert_KRp_new “KRp_new, KRs_old (hash)” from the new Root public key KRp_new and the electronic signature KRs_old (hash (KRp_new)) of the new Root public key KRp_new (KRp_new) .

  The root certificate storage unit 31 stores the new root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” generated by the key generation unit 21. The root secret key storage unit 32 stores the new root secret key KRs_new generated by the key generation unit 21. Also, the new Root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” stored in the Root certificate storage unit 31 and the new Root secret key KRs_new stored in the Root secret key storage unit 32 are a pair. Set the association information indicating.

(Step S32) In the secure element 20 of the management device 10, the key generation unit 21 generates the encryption path key Kc. Next, the cryptographic processing unit 24 acquires the C public key KC1p from the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” stored in the C public key certificate storage unit 35. Next, the encryption processing unit 24 encrypts the encryption path key Kc generated by the key generation unit 21 with the acquired C public key KC1p. The encrypted data KC1p (Kc) is encryption path key transmission data. Next, the secure element 20 of the management apparatus 10 transmits the encryption path key transmission data KC1p (Kc) to the secure element 60 of the first ECU 50 through the CAN interface 12.

  The secure element 60 of the first ECU 50 receives the encryption path key transmission data KC1p (Kc) from the secure element 20 of the management apparatus 10 via the CAN interface 52. In the secure element 60 of the first ECU 50, the encryption processing unit 64 stores the encryption path key transmission data KC 1 p (Kc) received from the secure element 20 of the management device 10 in the C secret key storage unit 74. Decrypt with key KC1s. By this decoding, decoded data “KC1s · KC1p (Kc)” is obtained. If the encryption path key sending data KC1p (Kc) is successfully decrypted, the decrypted data “KC1s · KC1p (Kc)” is the encryption path key Kc. Here, it is assumed that the encryption path key transmission data KC1p (Kc) has been successfully decrypted and the encryption path key Kc is obtained.

(Step S33) In the secure element 20 of the management apparatus 10, the encryption processing unit 24 uses the encryption path key Kc generated by the key generation unit 21 in the above step S32 and the new root secret key KRs_new and the new root certificate Cert_KRp_new. “KRp_new, KRs_old (hash (KRp_new))” is encrypted. As a result, encrypted data Kc (KRs_new, “KRp_new, KRs_old (hash (KRp_new))”) is obtained. Next, the secure element 20 of the management device 10 transmits the encrypted data Kc (KRs_new, “KRp_new, KRs_old (hash (KRp_new))”) to the secure element 60 of the first ECU 50 via the CAN interface 12.

(Step S34) The secure element 60 of the first ECU 50 receives the encrypted data Kc (KRs_new, “KRp_new, KRs_old (hash (KRp_new))”) from the secure element 20 of the management apparatus 10 through the CAN interface 52. In the secure element 60 of the first ECU 50, the encryption processing unit 64 receives the encrypted data Kc (KRs_new, “KRp_new, KRs_old (hash (KRp_new))”) received from the secure element 20 of the management apparatus 10 in the above steps. In S32, decryption is performed with the encryption path key Kc obtained by decrypting the transmission data KC1p (Kc) of the encryption path key. By this decryption, decrypted data “Kc · Kc (KRs_new,“ KRp_new, KRs_old (hash (KRp_new)) ”)” is obtained. If the decryption of the encrypted data Kc (KRs_new, “KRp_new, KRs_old (hash (KRp_new))”) is successful, the decrypted data “Kc · Kc (KRs_new,“ KRp_new, KRs_old (hash (KRp_new)) ”). Thus, a new root secret key KRs_new and a new root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” are obtained. Here, the decryption of the encrypted data Kc (KRs_new, “KRp_new, KRs_old (hash (KRp_new))”) succeeds, and the new Root secret key KRs_new and the new Root certificate Cert_KRp_new (KRp_new, HRs_oldK_rKold_p) ) "Is obtained. Next, the verification unit 63 verifies the obtained new root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))”.

  In the verification of the new Root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))”, the verification unit 63 first obtains the new Root certificate Cert_KRp_new “KRp_new, KRs_old (new from the hash (KRp_New) key”). Then, the hash value hash (KRp_new) of the acquired new Root public key KRp_new is calculated. Next, the verification unit 63 acquires the electronic signature KRs_old (hash (KRp_new)) from the new Root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))”, and acquires the acquired electronic signature KRs_old (hash (KRp_new)). Decryption is performed with the old Root public key KRp_old of the old Root certificate Cert_KRp_old stored in the Root certificate storage unit 71. By this decryption, decrypted data “KRp_old · KRs_old (hash (KRp_new))” is obtained.

  Next, the verification unit 63 determines whether or not the calculated hash value hash (KRp_new) matches the decoded data “KRp_old · KRs_old (hash (KRp_new))”. As a result of this determination, if they match, the verification of the new Root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” is successful, and if they do not match, the new Root certificate Cert_KRp_new “KRp_new, HRs_old (hs KRp_new)) "is unsuccessful.

  If the verification of the new Root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” is successful, the Root certificate storage unit 71 sets the new Root certificate Cert_KRp_new “KRp_new, KRs_old (p)” Remember. The root secret key storage unit 72 stores the new root secret key KRs_new. Also, the new Root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” stored in the Root certificate storage unit 71 and the new Root secret key KRs_new stored in the Root secret key storage unit 72 are a pair. Set the association information indicating. Thereafter, the process of FIG. 9 is terminated.

  On the other hand, if the verification of the new Root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” is unsuccessful, the processing in FIG. 9 ends. Therefore, the new root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” is not stored in the root certificate storage unit 71. In addition, when the verification of the new root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” is unsuccessful, the control unit 51 may execute a predetermined error process.

  According to the above-described root certificate update stage, the root certificate and the root secret key pair can be updated by being closed inside the automobile 1. Therefore, by periodically updating the pair of the root certificate and the root private key, the reliability of the pair of the root certificate and the root private key can be improved, so that the automobile 1 can be used without using a general PKI. The security at the time of realizing the public key cryptosystem closed inside is improved. For example, when the pair of the initial root certificate Cert_KRp and the initial root secret key KRs is continuously used without being updated, even if the secure element having tamper resistance is used, the initial root certificate Cert_KRp and the initial root root are analyzed as a result of the leakage electromagnetic wave analysis. The possibility of leakage of the secret key KRs pair cannot be denied. For this reason, it is preferable to periodically update the pair of the root certificate and the root private key. Further, it is preferable to reduce the number of times of use of the pair of the initial root certificate Cert_KRp and the initial root secret key KRs as much as possible in order to improve the reliability. For example, the use of the pair of the initial root certificate Cert_KRp and the initial root secret key KRs may be limited to a predetermined number of times (for example, only once).

  The pair of the root certificate and the root secret key is preferably different for each automobile 1. According to the above-described root certificate update stage, the pair of the root certificate and the root secret key can be updated by being closed inside the automobile 1, so that the pair of the initial root certificate Cert_KRp and the initial root secret key KRs is Even if it is common to each automobile 1, the pair of the root certificate and the root secret key of each automobile 1 can be made different by updating the pair of the root certificate and the root secret key.

[Second Embodiment]
FIG. 10 is a diagram illustrating a management system according to the second embodiment. 10, parts corresponding to those in FIG. 1 are given the same reference numerals, and descriptions thereof are omitted. 10, the management system includes a management device 10a and a management server device 80. The management device 10a is provided in the automobile 1. The management server device 80 is provided in a communication carrier of the wireless communication network 2.

  In order to use the wireless communication network 2, a SIM (Subscriber Identity Module) or eSIM (Embedded Subscriber Identity Module) in which subscriber information of the wireless communication network 2 is written is necessary. The management device 10a includes a SIM_20a. SIM_20a is a SIM in which subscriber information of the wireless communication network 2 is written. Therefore, the management apparatus 10a can use the wireless communication network 2 by using SIM_20a. The management device 10a connects to the wireless communication network 2 through the wireless communication line 3 established using SIM_20a. SIM_20a is a secure element.

  The management server device 80 is connected to the wireless communication network 2 via the communication line 4 of the communication carrier of the wireless communication network 2. The management device 10a and the management server device 80 communicate via the wireless communication network 2.

  Note that a dedicated line is established between the management apparatus 10a and the management server apparatus 80 via the wireless communication network 2, and the management apparatus 10a and the management server apparatus 80 transmit and receive data via the dedicated line. Good.

  In the automobile 1, the management device 10 a is connected to the control in-vehicle network 40. In the present embodiment, the in-vehicle network for control 40 is a CAN. Various ECUs 50 are connected to the control in-vehicle network 40. The management device 10a exchanges data with each ECU 50 via the control in-vehicle network 40.

  FIG. 11 is a configuration diagram illustrating a management device 10a according to the second embodiment. In FIG. 11, parts corresponding to those in FIG. In FIG. 11, the management device 10a includes a control unit 11, a CAN interface 12, a wireless communication unit 13, and SIM_20a. Each of these units is configured to exchange data. The SIM_20a includes a key generation unit 21, a key storage unit 22, a verification unit 23, and an encryption processing unit 24. Also in the second embodiment, the configuration of the key storage unit 22 is the same as the configuration shown in FIG.

  SIM_20a is a secure element and has tamper resistance. As a secure element, eSIM may be used instead of SIM_20a. SIM and eSIM are a kind of computer, and a desired function is realized by a computer program.

  The wireless communication unit 13 transmits and receives data by wireless communication. SIM_20a is a SIM in which subscriber information of the wireless communication network 2 is written. Therefore, the wireless communication unit 13 connects to the wireless communication network 2 via the wireless communication line 3 by using SIM_20a.

  The SIM_20a realizes the same function as the secure element 20 shown in FIG. Thereby, the management method of the first embodiment described with reference to FIGS. 6 to 9 is realized.

  In the present embodiment, the SIM_20a exchanges data with the management server device 80 via the wireless communication network 2 by the wireless communication unit 13. The management server device 80 transmits a pair of a root certificate and a root secret key to the SIM_20a. When transmitting a pair of root certificate and root private key from the management server device 80 to the SIM_20a, a dedicated line is established between the management device 10a and the management server device 80 via the wireless communication network 2 and established. It is preferable to send and receive data via a dedicated line.

  The SIM_20a stores the root certificate received from the management server device 80 in the root certificate storage unit 31. The SIM_20a stores the Root secret key received from the management server device 80 in the Root secret key storage unit 32.

  According to the present embodiment, a pair of a root certificate and a root secret key can be transmitted from the management server device 80 to the automobile 1 by wireless communication. Thereby, the pair of the Root certificate and the Root private key held in the automobile 1 can be updated from the management server device 80.

  If the management apparatus 10a cannot communicate with the management server apparatus 80 via the wireless communication network 2 because the radio wave of the wireless communication network 2 does not reach or the like, a new root is given to the automobile 1 as necessary. The management apparatus 10a that holds a pair of a certificate and a root private key and the ECU 50 may be exchanged.

  As mentioned above, although embodiment of this invention was explained in full detail with reference to drawings, the specific structure is not restricted to this embodiment, The design change etc. of the range which does not deviate from the summary of this invention are included.

  For example, although the example which uses SIM or eSIM as a secure element was given, it is not limited to this. As the secure element, for example, a tamper resistant cryptographic processing chip may be used. As tamper-resistant cryptographic processing chips, for example, cryptographic processing chips called HSM (Hardware Security Module) and TPM (Trusted Platform Module) are known. About TPM, it describes in the nonpatent literature 3, for example. For example, HSM or TPM may be used for the secure element 20 of the management apparatus 10 and the secure element 60 of the ECU 50. Alternatively, SIM or eSIM may be used for the secure elements 20 and 20a of the management devices 10 and 10a and the secure element 60 of the ECU 50. Alternatively, SIM or eSIM may be used as the secure elements 20 and 20a of the management devices 10 and 10a, and HSM or TPM may be used as the secure element 60 of the ECU 50.

  Also, any ECU 50 provided in the automobile 1 may function as the management device 10 or the management device 10a.

  Moreover, although the car was mentioned as an example as a vehicle, it is applicable also to vehicles other than motor vehicles, such as a motorbike and a rail vehicle.

In addition, a computer program for realizing each step of the management method executed by the management device 10, the management device 10a, or the ECU 50 described above is recorded on a computer-readable recording medium, and the program recorded on the recording medium is stored in the computer. It may be read by the system and executed. Here, the “computer system” may include an OS and hardware such as peripheral devices.
“Computer-readable recording medium” means a flexible disk, a magneto-optical disk, a ROM, a writable nonvolatile memory such as a flash memory, a portable medium such as a DVD (Digital Versatile Disk), and a built-in computer system. A storage device such as a hard disk.

Further, the “computer-readable recording medium” means a volatile memory (for example, DRAM (Dynamic DRAM) in a computer system that becomes a server or a client when a program is transmitted through a network such as the Internet or a communication line such as a telephone line. Random Access Memory)), etc., which hold programs for a certain period of time.
The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.
The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

DESCRIPTION OF SYMBOLS 1 ... Automobile, 2 ... Wireless communication network, 3 ... Wireless communication line, 4 ... Communication line, 10, 10a ... Management apparatus, 11, 51 ... Control part, 12, 52 ... CAN interface, 13 ... Wireless communication part, 20, 60 ... Secure element, 20a ... SIM (Secure element) 21,61 ... Key generation unit, 22,62 ... Key storage unit, 23,63 ... Verification unit, 24,64 ... Cryptographic processing unit, 31,71 ... Root certification ... Storage unit, 32, 72... Root private key storage unit, 33, 75... S public key certificate storage unit, 34... S private key storage unit, 35, 73. MAC key storage unit, 80 ... management server device

Claims (3)

A management system comprising a management device and an in-vehicle computer provided in a vehicle, wherein the management device and the in-vehicle computer communicate via a communication network provided in the vehicle,
The management device and the in-vehicle computer commonly include a key storage unit that stores a root certificate that is a public key certificate of a root public key and a root public key of a pair of the root private key.
A management system that issues a public key certificate used in a public key cryptosystem using a pair of a root certificate and a root private key stored in the key storage unit ;
The key generation unit of the management device generates a pair of a new root public key and a new root private key,
The encryption processing unit of the management device generates an electronic signature of the new Root public key using a Root private key stored in the key storage unit of the management device,
The key storage unit of the management device stores the new Root private key, a new Root certificate that is a public key certificate composed of the new Root public key and an electronic signature of the new Root public key,
The management device encrypts the new Root private key and the new Root certificate with an encryption path key shared with the in-vehicle computer, and transmits the encrypted information to the in-vehicle computer.
The in-vehicle computer decrypts the encrypted data of the new Root private key and the new Root certificate received from the management device with the encryption path key,
The verification unit of the in-vehicle computer verifies the decrypted new Root certificate using a Root certificate stored in the key storage unit of the in-vehicle computer,
The key storage unit of the in-vehicle computer stores the new Root private key and the new Root certificate when the verification of the new Root certificate is successful.
Management system. A vehicle comprising the management system according to claim 1 . A management system comprising a management device and an in-vehicle computer provided in a vehicle, wherein the management device and the in-vehicle computer communicate via a communication network provided in the vehicle,
The management device and the in-vehicle computer commonly store in each key storage unit a root certificate that is a public key certificate of a root public key and a root public key of a pair of the root private key. ,
Issuing a public key certificate used for public key cryptography using a pair of a root certificate and a root private key stored in the key storage unit, and a management method comprising :
A key generation unit of the management device generates a pair of a new root public key and a new root private key;
A cryptographic processing unit of the management device generates an electronic signature of the new Root public key using a Root private key stored in the key storage unit of the management device;
The key storage unit of the management device stores the new Root private key, a new Root certificate that is a public key certificate composed of the new Root public key and an electronic signature of the new Root public key. When,
The management device encrypting the new Root private key and the new Root certificate with an encryption path key shared with the in-vehicle computer and transmitting the encrypted data to the in-vehicle computer;
The in-vehicle computer decrypting the encrypted data of the new Root private key and the new Root certificate received from the management device with the encryption path key;
A verification unit of the in-vehicle computer verifies the decrypted new Root certificate using a Root certificate stored in a key storage unit of the in-vehicle computer;
The key storage unit of the in-vehicle computer stores the new Root private key and the new Root certificate when the verification of the new Root certificate is successful;
Management method including.

Images