WO2015111109A1 - Position information authentication system, positioning terminal, and position information acquisition device - Google Patents

Position information authentication system, positioning terminal, and position information acquisition device Download PDF

Info

Publication number
WO2015111109A1
WO2015111109A1 PCT/JP2014/006059 JP2014006059W WO2015111109A1 WO 2015111109 A1 WO2015111109 A1 WO 2015111109A1 JP 2014006059 W JP2014006059 W JP 2014006059W WO 2015111109 A1 WO2015111109 A1 WO 2015111109A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
unit
authentication
authenticated
terminal
Prior art date
Application number
PCT/JP2014/006059
Other languages
French (fr)
Japanese (ja)
Inventor
正剛 隈部
貴久 山城
Original Assignee
株式会社デンソー
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社デンソー filed Critical 株式会社デンソー
Priority to SG11201605322RA priority Critical patent/SG11201605322RA/en
Priority to DE112014006225.1T priority patent/DE112014006225B8/en
Priority to CN201480073106.2A priority patent/CN105934688B/en
Publication of WO2015111109A1 publication Critical patent/WO2015111109A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S19/00Satellite radio beacon positioning systems; Determining position, velocity or attitude using signals transmitted by such systems
    • G01S19/01Satellite radio beacon positioning systems transmitting time-stamped messages, e.g. GPS [Global Positioning System], GLONASS [Global Orbiting Navigation Satellite System] or GALILEO
    • G01S19/13Receivers
    • G01S19/21Interference related issues ; Issues related to cross-correlation, spoofing or other methods of denial of service
    • G01S19/215Interference related issues ; Issues related to cross-correlation, spoofing or other methods of denial of service issues related to spoofing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Definitions

  • the present disclosure relates to a position information authentication system capable of authenticating a navigation message received from a navigation satellite in order to calculate position information, a positioning terminal provided in the authentication system, and a position information acquisition device.
  • Positioning terminals that receive satellite radio waves from navigation satellites included in navigation satellite systems such as the global positioning system (hereinafter referred to as GPS) and calculate the current position using navigation messages included in the satellite radio waves are widely known. .
  • GPS global positioning system
  • Patent Document 1 there is a position information authentication system that can authenticate a navigation message in order to determine the reliability of the navigation message received from the navigation satellite in order to calculate the position information. Proposed.
  • This position information authentication system enables the positioning terminal to determine whether the navigation message received by the positioning terminal itself is a navigation message authenticated by the authentication center. If it can be determined that the navigation message received by the positioning terminal itself is a navigation message authenticated by the authentication center, the navigation message can be determined to have been transmitted by a navigation satellite.
  • a positioning terminal that receives a navigation message can calculate a reliable current position.
  • the position information calculated by the positioning terminal in addition to a use of the user who owns the positioning terminal to know the current position, a use of transmitting position information indicating the current position calculated by the positioning terminal to the surroundings can be considered.
  • the position information is transmitted to a charge management device that manages a toll parking area and a toll road, and charging is automatically performed.
  • the positioning terminal receives the position information indicating the position different from the calculated current position and performs the charging process. If it is transmitted to the position information acquisition device, it cannot be charged correctly.
  • the positioning terminal indicates that the positioning terminal itself does not falsify the position information, and the position information acquisition device that acquires the position information needs to be able to determine that the positioning terminal is a reliable terminal that does not falsify the position information. is there.
  • the present disclosure has been made based on this circumstance, and the purpose of the present disclosure is to obtain position information from the positioning terminal that the positioning terminal is compatible with the position information authentication system.
  • An object of the present invention is to provide a position information authentication system, a positioning terminal, and a position information acquisition apparatus that can be determined by an acquisition apparatus.
  • the position information authentication system receives a navigation message, and when the received navigation message is a navigation message that can be authenticated, position information indicating the current position calculated using the navigation message is externally provided.
  • Positioning terminal that transmits wirelessly, an authentication center device that transmits the center-created authentication data to a communication satellite that transmits center-created authentication data used for authentication by the positioning terminal, and position information that receives position information wirelessly transmitted by the positioning terminal An acquisition device.
  • the authentication center device includes a center side satellite receiving unit that receives a satellite radio wave including a navigation message from a navigation satellite included in the navigation satellite system, a cipher key, and the cipher key and the satellite received by the center side satellite receiving unit. Based on the navigation message included in the radio wave, a center side authentication data creation unit that creates center creation authentication data, and authentication data transmission that transmits the center creation authentication data created by the center side authentication data creation unit to the communication satellite A section.
  • the positioning terminal receives the center creation authentication data from the communication satellite, and also creates the encryption key or the encryption key from the terminal side satellite receiver that receives the satellite radio wave from the navigation satellite and the authentication center device. Authentication of terminal creation based on a key receiver that receives key-related data that is one of the data, key-related data received by the key receiver, and navigation messages extracted from satellite radio waves received by the terminal-side satellite receiver.
  • the terminal side authentication data creation unit that creates the data, the center creation authentication data and the terminal creation authentication data are compared, and if they match, the navigation message included in the satellite radio wave received by the terminal side satellite reception unit is Based on the key-related data received by the key receiving unit from the authentication center device, the terminal-side satellite receiving unit determines that the authentication has been successful.
  • Authenticated creation unit that creates authenticated data indicating that the navigation message contained in the received satellite signal has been authenticated and the location information calculated based on the navigation message, as well as the authenticated creation unit created by the authenticated creation unit A terminal-side transmission unit that transmits data.
  • the location information acquisition device includes a terminal data acquisition unit that acquires the location information and authenticated data transmitted by the terminal side transmission unit from the communication unit, and a key acquisition unit that acquires key-related data from the authentication center device via the communication unit. Based on the key-related data acquired by the key acquisition unit, the comparison data generation unit that generates the authenticated comparison data for comparison with the authenticated data, and the authentication data and comparison data generated by the terminal data acquisition unit Compared with the authenticated comparison data created by the unit, the terminal includes a terminal determination unit that determines that the positioning terminal is a legitimate positioning terminal if they match.
  • the positioning terminal authenticates the navigation message included in the satellite radio wave received from the navigation satellite.
  • the key receiving unit receives from the authentication center device key-related data, which is key creation data that can be used to create the encryption key used by the authentication center device to create the center creation authentication data. is doing. If the authentication is successful, the key-related data received from the authentication center device is used to create authenticated data indicating that the authentication has been completed, and the authenticated data is transmitted together with the position information. .
  • the positioning terminal creates authenticated data using key-related data that is data acquired from the authentication center device, and transmits it together with position information.
  • the positioning terminal it is possible to prove that the positioning terminal itself is a legitimate positioning terminal trusted by the authentication center device that can communicate with the authentication center device.
  • the key related data for creating the authenticated data is acquired from the authentication center device for authenticating the navigation message included in the satellite radio wave received by the positioning terminal itself. Therefore, it is not necessary to separately acquire data for creating authenticated data from the authentication center apparatus, and the process of creating authenticated data can be simplified.
  • the location information acquisition device that has received the authenticated data together with the location information also acquires the key related data from the authentication center device. Then, based on the acquired key-related data, authenticated comparison data for comparison with the authenticated data is created.
  • the terminal determination unit determines whether the positioning terminal that transmitted the position information is an authorized positioning terminal by comparing the authenticated comparison data with the authenticated data acquired by the terminal data acquisition unit. Can do.
  • the positioning terminal When the positioning terminal according to another aspect of the present disclosure receives a navigation message and the received navigation message is a navigation message that can be authenticated, position information indicating the current position calculated using the navigation message is externally provided. Wireless transmission.
  • the positioning terminal receives the center creation authentication data created by the authentication center device and transmitted to the communication satellite for use in authentication in the positioning terminal, and includes a navigation message from the navigation satellite provided in the navigation satellite system.
  • Key-related data that is either an encryption key for creating center-created authentication data or key creation data that can create the encryption key from the terminal-side satellite receiver that receives satellite radio waves and the authentication center device
  • a terminal side authentication data creation unit that creates terminal creation authentication data based on a key reception unit to be received, key related data received by the key reception unit, and a navigation message extracted from satellite radio waves received by the terminal side satellite reception unit
  • the center-created authentication data and the terminal-created authentication data are compared.
  • Terminal that sends the authenticated data created by the authenticated creation unit, together with the location information calculated based on the navigation message, and the authenticated creation unit that creates the authenticated data indicating that the navigation message being authenticated can be authenticated A transmission unit.
  • the position information acquisition device When the position information acquisition device according to another aspect of the present disclosure receives a navigation message and the received navigation message is a navigation message that can be authenticated, the position information indicating the current position calculated using the navigation message and Position information and authenticated data are received from a positioning terminal that wirelessly transmits authenticated data indicating that the received navigation message has been authenticated.
  • the position information acquisition device includes a terminal data acquisition unit that acquires the position information and authenticated data transmitted by the positioning terminal from the communication unit, and the center creation authentication data that the positioning terminal uses for authentication from the authentication center device via the communication unit.
  • a key acquisition unit that acquires key-related data that is either the encryption key used by the authentication center device or the key generation data that can generate the encryption key to generate the key, and the key relationship acquired by the key acquisition unit Based on the data, the comparison data creation unit that creates authenticated comparison data for comparison with the authenticated data, the authenticated data acquired by the terminal data acquisition unit, and the authenticated comparison data generated by the comparison data generation unit
  • the positioning terminal includes a terminal determination unit that determines that it is a legitimate positioning terminal.
  • the location information acquisition device that acquires the location information from the positioning terminal indicates that the positioning terminal is compatible with the location information authentication system. I can judge.
  • FIG. 1 is a configuration diagram of a location information authentication system according to the first embodiment.
  • FIG. 2 is a block diagram showing in detail the configuration of the authentication center processing apparatus of FIG.
  • FIG. 3 is a block diagram showing in detail the configuration of the in-vehicle device of FIG.
  • FIG. 4 is a diagram showing the relationship between the navigation message included in the satellite radio wave and the RAND message.
  • FIG. 5 is a flowchart showing processing executed by the control unit of the in-vehicle device.
  • FIG. 6 is a flowchart showing in detail the navigation message authentication process in step S4 of FIG. FIG.
  • FIG. 7 is a flowchart showing processing executed by the control unit of the roadside machine.
  • FIG. 8 is a configuration diagram of a roadside machine in the second embodiment.
  • FIG. 9 is a flowchart showing the pre-processing executed by the control unit included in the roadside machine,
  • FIG. 10 is a flowchart illustrating processing executed when the control unit included in the roadside device receives position information and the like from the in-vehicle device.
  • the location information authentication system 1 of Embodiment 1 includes an authentication center device 100, an in-vehicle device 200 corresponding to the positioning terminal of the present disclosure, and a roadside device 300 corresponding to the location information acquisition device of the present disclosure. .
  • the authentication center apparatus 100 includes a monitor station apparatus 110, an authentication center processing apparatus 120, and a master control station apparatus 130.
  • the monitor station apparatus 110 is the monitor station 110
  • the authentication center processing apparatus 120 is the authentication center 120
  • the master control station apparatus 130 is the master control station 130.
  • the monitor station 110 corresponds to the center-side satellite receiver of the present disclosure, and receives GPS radio waves transmitted by the GPS satellite 2 included in the GPS that is one of the navigation satellite systems.
  • the GPS satellite 2 corresponds to the navigation satellite of the present disclosure
  • the GPS radio wave corresponds to the satellite radio wave of the present disclosure.
  • navigation messages are included in GPS radio waves.
  • the monitor station 110 demodulates the received GPS radio wave, extracts a navigation message, and sends it to the authentication center 120.
  • GPS radio waves are received from a plurality of GPS satellites 2
  • a navigation message is extracted from each GPS radio wave and sent to the authentication center 120.
  • the authentication center 120 creates parity data corresponding to the center creation authentication data of the present disclosure from the navigation message and the H matrix that is the encryption key. Then, a signal including the created parity data is sent to the master control station 130. In addition, communication is performed with the in-vehicle device 200 and the roadside device 300. Details of the authentication center 120 will be described with reference to FIG.
  • the master control station 130 corresponds to the authentication data transmission unit of the present disclosure, and transmits parity data received from the authentication center 120 to the quasi-zenith satellite (hereinafter, QZS satellite) 3.
  • QZS satellite quasi-zenith satellite
  • the QZS satellite 3 corresponds to the communication satellite of the present disclosure, and broadcasts a navigation message including parity data toward the ground.
  • the in-vehicle device 200 is a navigation message authentication type in-vehicle device, and authenticates whether or not the navigation message received from the GPS satellite 2 can be authenticated by using parity data included in the navigation message received from the QZS satellite 3. .
  • communication with the authentication center 120 is performed.
  • the current position is calculated using the navigation message received from the GPS satellite 2, and position information indicating the calculated current position is wirelessly transmitted to the outside together with a hash value to be described later.
  • the hash value indicates that the navigation message has been authenticated, and corresponds to the authenticated data of the present disclosure.
  • the in-vehicle device 200 will be described with reference to FIGS. 3, 5, and 6.
  • the roadside device 300 is managed by a service provider that provides a predetermined service using the position information transmitted by the in-vehicle device 200.
  • Examples of the service include a service that charges a user of the vehicle when the vehicle on which the vehicle-mounted device 200 is mounted is parked in a toll parking area or when the vehicle travels on a toll road.
  • the roadside machine 300 includes a communication unit 310 and a control unit 320.
  • the communication unit 310 performs wireless communication with the communication unit 126 (see FIG. 2) included in the authentication center 120 and the communication unit 210 (see FIG. 3) included in the in-vehicle device 200.
  • the control unit 320 is a computer including a CPU, a ROM, a RAM, and the like, and the CPU controls the communication unit 310 by executing a program stored in the ROM while using a temporary storage function of the RAM. Further, the hash value transmitted by the in-vehicle device 200 is acquired via the communication unit 310, and based on the hash value, it is determined whether the in-vehicle device 200 is a regular on-vehicle device. In this determination, communication with the authentication center 120 is performed.
  • the authentication center 120 includes a control unit 122, a data storage unit 124, and a communication unit 126.
  • the control unit 122 is a computer including a CPU, a ROM, a RAM, and the like, and controls the data storage unit 124 and the communication unit 126.
  • the CPU executes a program stored in the ROM while using the temporary storage function of the RAM, so that the RAND message generation unit 1221, the SEED value generation unit 1222, the H matrix calculation unit 1223, the parity calculation unit 1224, A function as the signal processing unit 1225 is provided.
  • the functions of these units 1221 to 1225 may be the same as the functions disclosed in Patent Document 1.
  • the control unit 122 also includes an H matrix selection unit 1226.
  • the control unit 122 corresponds to the center side authentication data creation unit of the present disclosure.
  • the RAND message generation unit 1221 means reference authentication navigation data (RAND: “Reference” Authentication “Navigation” Data), and is generated from the navigation message acquired from the monitor station 110.
  • Fig. 4 shows the relationship between RAND messages and navigation messages.
  • the navigation message is divided into subframes 1 to 5, and subframes 4 and 5 have 1 to 25 pages, respectively.
  • Each subframe is divided into words 1-10.
  • the elapsed time TOW time of week, corresponding to the time information of the present disclosure
  • the TOC, AF0, AF1 included in the words 8 to 10 are arranged in order. It is out.
  • an AS Flag that is an anti-spoof flag and a PRN (Pseudo Random Noise) ID that is a satellite number are added.
  • the numerical value shown in parentheses after each data constituting the RAND message means the number of bits of each data.
  • the RAND message including TOW and PRNID is a message indicating which GPS satellite transmitted when. Further, since TOW changes every 6 seconds and PRNID is included, a RAND message is generated every GPS satellite 2 received by the monitor station 110 and every 6 seconds.
  • the SEED value generation unit 1222 generates a single SEED value with the PC clock as an input.
  • the SEED value is generated by generating a random number with the PC clock as an input.
  • the SEED value is 36 bits.
  • the H matrix calculation unit 1223 uses the SEED value generated by the SEED value generation unit 1222 and calculates an H matrix corresponding to the SEED value on a one-to-one basis.
  • This H matrix corresponds to the encryption key of the present disclosure.
  • the H matrix can be created if the SEED value is determined, the SEED value corresponds to the key creation data of the present disclosure.
  • a known hash function may be used.
  • a parity check matrix for performing LDPC (Low Density Parity Check) encoding may be used.
  • a generator matrix determined from a parity check matrix may be used.
  • the H matrix corresponds to an example of the encryption key of the present disclosure
  • the H matrix or the SEED value corresponds to an example of the key related data of the present disclosure.
  • the parity calculator 1224 calculates parity data based on the RAND message created by the RAND message generator 1221 and the H matrix calculated by the H matrix calculator 1223. That is, parity data is calculated by multiplying the RAND message by this H matrix.
  • the signal processing unit 1225 inserts the parity data calculated by the parity calculation unit 1224 and the RAND message used for the calculation into the navigation message to be transmitted to the QZS satellite 3. Then, the inserted navigation message is sent to the master control station 130.
  • the signal processing unit 1225 stores the parity data calculated by the parity calculation unit 1224, the RAND message used for calculating the parity data, the H matrix, and the SEED value used for the calculation of the H matrix in accordance with the signal insertion. Store in the storage unit 124.
  • the signal processing unit 1225 inserts the RAND message and parity data into the navigation message that causes the QZS satellite 3 to transmit each time the RAND message generation unit 1221 generates the RAND message. Therefore, the SEED value generation unit 1222, the H matrix calculation unit 1223, and the parity calculation unit 1224 also execute processing each time the RAND message generation unit 1221 generates a RAND message.
  • the H matrix selection unit 1226 converts the H matrix stored in the data storage unit 124 into the received PRNID and TOW. Select the corresponding H matrix. Then, the selected H matrix is encrypted with the public key, and the encrypted H matrix is transmitted to the in-vehicle device 200 that has transmitted PRNID or the like.
  • the communication unit 126 receives the PRNID, TOW, and public key transmitted from the roadside device 300, it corresponds to the received PRNID and TOW from the H matrix and parity data stored in the data storage unit 124. Select H matrix and parity data. Then, the selected H matrix and parity data are encrypted with the public key, and the encrypted H matrix and parity data are transmitted to the roadside device 300 that transmitted the PRNID and the like.
  • the communication unit 126 communicates with the communication unit 210 included in the in-vehicle device 200 and the communication unit 310 included in the roadside device 300.
  • the master control station 130 transmits the navigation message generated by the signal processing unit 1225 to the QZS satellite 3.
  • the QZS satellite 3 broadcasts the navigation message received from the master control station 130 toward the ground.
  • the navigation message broadcast by the QZS satellite 3 is received by the satellite receiver 230 of the in-vehicle device 200.
  • This in-vehicle device 200 includes a communication unit 210 and a control unit 220 in addition to the satellite reception unit 230.
  • the communication unit 210 includes a reception unit 211 and a transmission unit 212.
  • the reception unit 211 corresponds to the key reception unit of the present disclosure
  • the transmission unit 212 corresponds to the terminal side transmission unit of the present disclosure.
  • the communication unit 210 has a narrow area communication function and a wide area communication function.
  • the narrow area communication function has a communication distance of several hundred meters, for example.
  • the wide-area communication function has a communication distance of, for example, several kilometers, and can communicate with other communication devices within the communication area of the public communication network by communicating with the base station of the public communication network.
  • the narrow area communication function communicates with the communication unit 310 of the roadside machine 300, and the wide area communication function communicates with the communication unit 126 of the authentication center 120.
  • the satellite receiver 230 corresponds to the terminal-side satellite receiver of the present disclosure, and receives radio waves transmitted by the GPS satellite 2 and the QZS satellite 3 at a constant period.
  • the control unit 220 is a computer including a CPU, a ROM, a RAM, and the like, and controls the communication unit 210 and the satellite reception unit 230. Further, the CPU executes the program shown in FIG. 5 by executing the program stored in the ROM while using the temporary storage function of the RAM.
  • the processing shown in FIG. 5 is executed each time the satellite receiving unit 230 receives GPS radio waves from four or more GPS satellites 2.
  • the reason why the number is four or more is that it is necessary to receive GPS radio waves from four or more GPS satellites 2 in order to calculate the current position.
  • step S2 the current position is calculated based on the GPS radio wave.
  • step S4 navigation message authentication processing is executed. Details of this processing are shown in FIG.
  • step S42 the navigation message received from the QZS satellite 3 is acquired from the receiving unit 211.
  • step S44 PRNID, TOW, and parity data corresponding to the navigation message used to calculate the current position are extracted from the navigation message acquired in step S42. Note that PRNID and TOW may be extracted from the navigation message used to calculate the current position.
  • step S46 the PRNID and TOW extracted in step S44 are transmitted from the transmission unit 212 to the authentication center 120 together with the public key.
  • the authentication center 120 encrypts the H matrix determined by the PRNID and TOW with the public key and transmits the encrypted H matrix to the in-vehicle device 200.
  • step S48 the encrypted H matrix transmitted from the authentication center 120 is acquired from the receiving unit 211.
  • step S50 the encrypted H matrix acquired in step S48 is decrypted with the secret key.
  • step S52 a RAND message is created from GPS radio waves that include the same PRNID as the PRNID transmitted in step S46 in the navigation message.
  • step S54 comparison parity data is created from the RAND message created in step S52 and the H matrix decoded in step S50.
  • the comparison parity data created here corresponds to the terminal creation authentication data of the present disclosure, and S54 corresponds to the terminal side authentication data creation unit of the present disclosure.
  • step S56 it is determined whether or not the comparison parity data created in step S54 matches the parity data extracted in step S44.
  • the H matrix decoded in step S50 is the same as the H matrix used by the authentication center 120 to create parity data.
  • the parity calculation unit 1224 of the authentication center 120 calculates parity data based on the H matrix and the RAND message.
  • step S54 matches the parity data extracted in step S44, it can be considered that the RAND message created in step S52 is the same as the RAND message created by the authentication center 120. . Therefore, if the comparison parity data created in step S54 matches the parity data extracted in step S44, the process proceeds to step S58 and authentication is established. On the other hand, if the two parity data do not match, the process proceeds to step S60 and authentication is not established.
  • step S6 it is determined whether or not the processing result of the navigation message authentication process is authentication establishment.
  • step S6 If this determination is No, that is, if authentication is not established, the processing in FIG. 4 is terminated. On the other hand, if the determination in step S6 is Yes, the process proceeds to step S8.
  • step S8 it is determined whether or not transmission of position information is necessary. As a case where transmission of position information is necessary, for example, there is a case where a request signal for position information is received from the communication unit 310 of the roadside device 300. Further, the position information may be transmitted at a constant transmission cycle. If the determination in step S8 is No, the process in FIG. 4 is terminated. On the other hand, if the determination in step S8 is also Yes, the process proceeds to step S10.
  • a hash value is created from a hash function using the H matrix, which is data created by the authentication center 120, and parity data as input keys. This hash value corresponds to the authenticated data of the present disclosure.
  • step S12 the position information indicating the current position calculated in step S1, the hash value created in step S8, the PRNID extracted in step S44, and the TOW are transmitted from the transmission unit 212 to the communication unit 310 of the roadside device 300.
  • the control unit 320 of the roadside machine 300 periodically transmits a request signal for requesting transmission of position information around the roadside machine 300.
  • the in-vehicle device 200 receives this request signal, the in-vehicle device 200 transmits position information, a hash value, and the like as described above.
  • the control unit 320 of the roadside device 300 executes the process shown in FIG.
  • step S70 the location information, hash value, PRNID, and TOW received by the communication unit 310 are acquired from the communication unit 310.
  • This step S70 corresponds to the terminal data acquisition unit of the present disclosure.
  • Step S72 the PRNID and TOW acquired in Step S70 are transmitted from the communication unit 310 to the authentication center 120 together with the public key.
  • This public key is a public key that is uniquely stored in the roadside device 300, and is a key that is different from the public key that the in-vehicle device 200 transmits to the authentication center 120.
  • the authentication center 120 encrypts the H matrix and parity data determined by the PRNID and TOW with the public key and transmits the encrypted data to the roadside device 300.
  • These H matrix and parity data are input keys for creating a hash value.
  • step S 74 the encrypted H matrix and parity data transmitted from the authentication center 120 are acquired from the communication unit 310.
  • This step S74 corresponds to the key acquisition unit of the present disclosure.
  • step S76 the encrypted H matrix and parity data acquired in step S74 are decrypted with the secret key.
  • step S78 a comparison hash value is created from a hash function stored in advance as the one used by the legitimate vehicle-mounted device 200 using the H matrix and parity data decrypted in step S76 as input keys.
  • This comparison hash value corresponds to the authenticated comparison data of the present disclosure
  • step S78 corresponds to the comparison data creation unit of the present disclosure.
  • steps S80 to S84 corresponding to the terminal determination unit of the present disclosure are executed.
  • step S80 it is determined whether or not the comparison hash value created in step S78 matches the hash value acquired in step S70.
  • the process proceeds to step S82, and it is assumed that the in-vehicle device 200 that transmitted the position information, the hash value, and the like is a regular in-vehicle device.
  • the process proceeds to step S84, and it is assumed that the in-vehicle device 200 that transmitted the position information, the hash value, etc. is an unauthorized in-vehicle device.
  • the in-vehicle device 200 authenticates the navigation message included in the satellite radio wave received from the GPS satellite 2 (S4).
  • the authentication center 120 acquires the H matrix used for generating the parity data from the authentication center 120 (S48).
  • a hash value is created to indicate that the authentication has been completed using the H matrix acquired from the authentication center 120 (S10), and the hash value is transmitted together with the position information. (S12).
  • the in-vehicle device 200 creates a hash value, which is data indicating that it has been authenticated, using the H matrix acquired from the authentication center 120 and transmits it together with the position information. Accordingly, it is possible to prove that the in-vehicle device 200 itself is a regular on-vehicle device that can communicate with the authentication center 120 and is trusted by the authentication center 120.
  • the H matrix for creating the hash value is obtained from the authentication center 120 in order to authenticate the navigation message included in the satellite radio wave received by the in-vehicle device 200 itself. Therefore, since it is not necessary to separately acquire data for creating a hash value from the authentication center 120, the process of creating a hash value can be simplified.
  • a hash value created from the H matrix using a hash function is transmitted. Since the hash function is an irreversible one-way function, it is possible to prevent the H matrix from being known to a third party.
  • the roadside device 300 that has received the hash value together with the location information also acquires the H matrix from the authentication center 120, and also acquires parity data (S74).
  • a comparison hash value is created from these H matrix, parity data, and a hash function stored in advance as one used by the regular vehicle-mounted device 200 (S78). By comparing this comparison hash value with the hash value acquired from the in-vehicle device 200, it can be determined whether or not the in-vehicle device 200 that transmitted the position information is a regular on-vehicle device.
  • Embodiment 2 Next, Embodiment 2 will be described.
  • elements having the same reference numerals as those used so far are the same as the elements having the same reference numerals in the previous embodiments unless otherwise specified.
  • the embodiment described above can be applied to other parts of the configuration.
  • the roadside device 300A includes a satellite receiver 330 as shown in FIG.
  • This satellite receiver 330 corresponds to the acquisition device side satellite receiver of the present disclosure.
  • the processing of the control unit 320A is partially different from the control unit 320 of the first embodiment. The processing of the control unit 320A will be described with reference to FIGS.
  • Control unit 320A executes the process shown in FIG. 9 at a constant GPS radio wave acquisition cycle, and also executes the process shown in FIG. 10 at a constant cycle.
  • FIG. 9 shows pre-processing that is performed before acquiring position information and the like from the vehicle-mounted device 200. This will be described from FIG.
  • step S 90 the navigation message included in the GPS radio wave received by the satellite receiver 330 is acquired from the satellite receiver 330.
  • the satellite receiving unit 330 receives GPS radio waves from a plurality of GPS satellites 2, the navigation message for all GPS radio waves received by the satellite receiving unit 330 is acquired.
  • step S92 corresponding to the radio wave information extraction unit of the present disclosure, PRNID and TOW are extracted from all the navigation messages acquired in step S90.
  • step S94 corresponding to the radio wave information transmission processing unit of the present disclosure, the PRNID and TOW extracted in step S92 are transmitted from the communication unit 310 to the authentication center 120 together with the public key.
  • the authentication center 120 encrypts the H matrix and parity data determined by the PRNID and TOW with a public key and transmits the encrypted data to the roadside device 300.
  • step S96 the encrypted H matrix and parity data transmitted from the authentication center 120 are acquired from the communication unit 310.
  • step S98 the encrypted H matrix and parity data acquired in step S96 are decrypted with the secret key.
  • This step S96 corresponds to the key acquisition unit of the present disclosure.
  • step S100 a comparison hash value is created from a hash function stored in advance as the one used by the authorized vehicle-mounted device 200, using the H matrix and parity data decrypted in step S98 as input keys. This comparison hash value is created for all GPS radio waves received by the satellite receiver 330.
  • step S102 a comparison hash value table is created.
  • This comparison hash value table shows the correspondence between the comparison hash value created in step S100, the H matrix used to create the comparison hash value, and the PRNID and TOW transmitted to the authentication center 120 to obtain parity data. It is a table to show.
  • step S110 it is determined whether the communication unit 310 has received data such as position information transmitted by the in-vehicle device 200 by executing step S12 of FIG. If this determination is No, the processing in FIG. 10 is terminated. On the other hand, if determination of step S110 is Yes, it will progress to step S112.
  • step S112 the location information, hash value, PRNID, and TOW received by the communication unit 310 from the in-vehicle device 200 are acquired.
  • steps S114 to S120 corresponding to the terminal determination unit of the present disclosure are executed.
  • step S114 if the comparison hash value table created in the pre-processing in FIG. 9 includes the PRNID and TOW acquired in step S112, the comparison hash value corresponding to the PRNID and TOW is used as the comparison hash value used for the current comparison. To decide.
  • comparison hash values for all GPS radio waves received by the satellite receiver 230 are created. Therefore, it is highly likely that the hash value corresponding to the PRNID and TOW acquired in step S112 is included in the comparison hash value table.
  • the satellite wave received by the satellite receiving unit 230 of the in-vehicle device 200 may not be received by the satellite receiving unit 330 of the roadside device 300.
  • hash values corresponding to the PRNID and TOW acquired in step S112 are not included in the comparison hash value table. If the hash values corresponding to the PRNID and TOW acquired in step S112 are not included in the comparison hash value table, the processing of steps S72 to S78 in FIG. 7 is executed to create a comparison hash value.
  • step S116 it is determined whether or not the hash value acquired in step S112 matches the comparison hash value determined in step S114.
  • step S118 If the two hash values match, the process proceeds to step S118, and it is assumed that the in-vehicle device 200 that transmitted the position information, the hash value, etc. is a regular in-vehicle device. On the other hand, if the two hash values do not match, the process proceeds to step S120, and it is assumed that the in-vehicle device 200 that transmitted the position information, the hash value, etc. is an unauthorized in-vehicle device.
  • the roadside device 300 includes the satellite receiving unit 230, so that it exists around the roadside device 300 and may transmit a hash value to the roadside device 300. Satellite radio waves can be received from the same GPS satellite 2 as the in-vehicle device 200.
  • the PRNID and TOW are received from the in-vehicle device 200, and the PRNID and TOW are transmitted to the authentication center 120 to acquire the H matrix and parity data.
  • satellite radio waves can be received from the same GPS satellite 2 as the in-vehicle device 200. Therefore, the PRNID and TOW are extracted from the navigation message received by the satellite receiver 330 without waiting for the PRNID and TOW to be received from the in-vehicle device 200. Then, the extracted PRNID and TOW are transmitted to the authentication center 120 to acquire the H matrix and parity data, and a comparison hash value table is created (FIG. 9).
  • the roadside device 300 recognizes the vehicle-mounted device 200 as a regular vehicle-mounted device and performs processing based on the recognition result, and the vehicle-mounted device 200 is running, There is a high need to make a judgment.
  • processing based on the authorization result for example, transmitting to the in-vehicle device 200 that it is a regular in-vehicle device, or opening and closing a gate provided in the vehicle travel path based on being authorized as a regular in-vehicle device. There is processing.
  • the second embodiment is particularly useful when it is necessary to quickly determine whether or not the vehicle is a regular vehicle-mounted device.
  • the hash value and the comparison hash value are created using the H matrix and the parity data as the input keys of the hash function (authenticated creation unit: S10, comparison data creation unit: S100).
  • a hash value and a comparison hash value may be created using only the H matrix as the input key of the hash function (Modification 1).
  • the hash value and the comparison hash value may be created using the SEED value that is the key creation data as the input key of the hash function (Modification 2).
  • an H matrix can be created from the SEED value. Therefore, even if the authenticated creation unit and the comparison data creation unit obtain the SEED value as the key-related data, the SEED value is not used as an input key as it is, but an H matrix is created from the SEED value, and the H matrix is used as the input key.
  • a hash value may be created as
  • the authenticated creation unit and the comparison data creation unit do not use the hash value as authenticated data or authenticated comparison data, but use the H matrix or SEED value used to create the hash value as authenticated data or authenticated comparison data. Also good.
  • comparison hash values for all GPS radio waves received by the satellite reception unit 330 are created. However, comparison hash values for some of the GPS radio waves received by the satellite reception unit 330 are created. May be. For example, the comparison hash value may be created only for GPS radio waves received from a preset number of GPS satellites 2 that can be satisfactorily received.
  • the position information acquisition device may be a mobile device such as mounted on a crackdown vehicle that cracks down on illegal use of toll parking lots and toll roads.
  • the vehicle-mounted device 200 has been described as a positioning terminal, but the present invention is not limited to this.
  • the positioning terminal may be a portable terminal carried by a person or a terminal mounted on a mobile body other than a car.
  • each step is expressed as, for example, S2. Further, each step can be divided into a plurality of sub-steps, while a plurality of steps can be combined into one step.
  • each part in the control unit 122 focuses on the function of the control unit 122 and is classified for convenience, and the inside of the control unit 122 corresponds to each part. It does not mean that they are physically separated. Accordingly, each “unit” can be realized as software as a part of a computer program, or can be realized as hardware using an IC chip or a large-scale integrated circuit.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Remote Sensing (AREA)
  • Power Engineering (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • Position Fixing By Use Of Radio Waves (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Navigation (AREA)

Abstract

Provided are: a position information authentication system (1) provided with a positioning terminal (200), an authentication center device (100), and a position information acquisition device (300, 300A); a positioning terminal (200); and a position information acquisition device (300, 300A). The authentication center device (100) is provided with a center-side satellite reception unit (110), a center-side authentication data creation unit (122), and an authentication data transmission unit (130). The positioning terminal (200) is provided with a terminal-side satellite reception unit (230), a key reception unit (211), a terminal-side authentication data creation unit (S54), an authentication determination unit (S56 to S60), an authentication completion message creation unit (S6 to S10), and a terminal-side transmission unit (212). The position information acquisition device (300, 300A) is provided with a terminal data acquisition unit (S70, S112), a key acquisition unit (S74, S96), a comparison data creation unit (S78, S100, S102), and a terminal determination unit (S80 to S84, S114 to S120).

Description

位置情報認証システム、測位端末、および位置情報取得装置POSITION INFORMATION AUTHENTICATION SYSTEM, POSITIONING TERMINAL, AND POSITION INFORMATION ACQUISITION DEVICE 関連出願の相互参照Cross-reference of related applications
 本出願は、2014年1月21日に出願された日本国特許出願2014-8904号に基づくものであり、ここにその記載内容を参照により援用する。 This application is based on Japanese Patent Application No. 2014-8904 filed on January 21, 2014, the contents of which are incorporated herein by reference.
 本開示は、位置情報を算出するために航法衛星から受信する航法メッセージの認証を行うことができる位置情報認証システム、その認証システムが備える測位端末、位置情報取得装置に関する。 The present disclosure relates to a position information authentication system capable of authenticating a navigation message received from a navigation satellite in order to calculate position information, a positioning terminal provided in the authentication system, and a position information acquisition device.
 グローバルポジショニングシステム(以下、GPS)などの航法衛星システムが備える航法衛星から衛星電波を受信し、その衛星電波に含まれている航法メッセージを用いて現在位置を算出する測位端末が広く知られている。 Positioning terminals that receive satellite radio waves from navigation satellites included in navigation satellite systems such as the global positioning system (hereinafter referred to as GPS) and calculate the current position using navigation messages included in the satellite radio waves are widely known. .
 ところが、偽の衛星電波を生成して放送する偽衛星電波生成装置が存在する。この偽衛星電波生成装置を使って、悪意のある者が測位端末に誤った位置を算出させる虞がある。 However, there are pseudo satellite radio wave generators that generate and broadcast fake satellite radio waves. There is a possibility that a malicious person may cause the positioning terminal to calculate an incorrect position using the false satellite radio wave generation device.
 そこで、特許文献1に開示されているように、位置情報を算出するために航法衛星から受信する航法メッセージの信頼性を判断するために、その航法メッセージを認証することができる位置情報認証システムが提案されている。 Therefore, as disclosed in Patent Document 1, there is a position information authentication system that can authenticate a navigation message in order to determine the reliability of the navigation message received from the navigation satellite in order to calculate the position information. Proposed.
 この位置情報認証システムにより、測位端末は、測位端末自身が受信した航法メッセージが認証センタで認証された航法メッセージであるかどうかを判断できる。測位端末自身が受信した航法メッセージが認証センタで認証された航法メッセージであると判断できれば、その航法メッセージは、航法衛星が送信したものであると判断することができる。 This position information authentication system enables the positioning terminal to determine whether the navigation message received by the positioning terminal itself is a navigation message authenticated by the authentication center. If it can be determined that the navigation message received by the positioning terminal itself is a navigation message authenticated by the authentication center, the navigation message can be determined to have been transmitted by a navigation satellite.
 特許文献1の技術により、航法メッセージを受信する測位端末は、信頼性のある現在位置を算出することができる。 With the technology of Patent Document 1, a positioning terminal that receives a navigation message can calculate a reliable current position.
 本願発明者らは以下を見出した。 The inventors of the present application have found the following.
 測位端末が算出した位置情報の用途としては、その測位端末を所有するユーザが現在位置を知る用途の他に、測位端末が算出した現在位置を示す位置情報を、周囲に送信する用途が考えられる。たとえば、位置情報を、有料駐車区域や有料道路を管理する課金管理装置に送信して、自動的に課金する用途が考えられる。この用途においては、測位端末が信頼性のある現在位置を算出できたとしても、測位端末が、算出した現在位置とは異なる位置を示す位置情報を、その位置情報を受信して課金処理を行う位置情報取得装置に送信してしまうと、正しく課金を行うことができない。 As a use of the position information calculated by the positioning terminal, in addition to a use of the user who owns the positioning terminal to know the current position, a use of transmitting position information indicating the current position calculated by the positioning terminal to the surroundings can be considered. . For example, the position information is transmitted to a charge management device that manages a toll parking area and a toll road, and charging is automatically performed. In this application, even if the positioning terminal can calculate the current position with reliability, the positioning terminal receives the position information indicating the position different from the calculated current position and performs the charging process. If it is transmitted to the position information acquisition device, it cannot be charged correctly.
 このように、測位端末が算出した位置を位置情報取得装置が取得して課金などの所定の処理を行うシステムにおいては、測位端末が位置を正しく算出することができるだけでは十分でない。測位端末は測位端末自身が位置情報を改ざんしない端末であることを示し、位置情報を取得する位置情報取得装置は、測位端末が、位置情報を改ざんしない信頼できる端末であることを判断できる必要がある。 Thus, in a system in which the position information acquisition device acquires the position calculated by the positioning terminal and performs predetermined processing such as charging, it is not sufficient that the positioning terminal can correctly calculate the position. The positioning terminal indicates that the positioning terminal itself does not falsify the position information, and the position information acquisition device that acquires the position information needs to be able to determine that the positioning terminal is a reliable terminal that does not falsify the position information. is there.
日本国公開特許公報2013-130395号Japanese published patent publication 2013-130395
 本開示は、この事情に基づいて成されたものであり、その目的とするところは、測位端末が、位置情報認証システムに対応していることを、その測位端末から位置情報を取得する位置情報取得装置が判断できる位置情報認証システム、その測位端末、位置情報取得装置を提供することにある。 The present disclosure has been made based on this circumstance, and the purpose of the present disclosure is to obtain position information from the positioning terminal that the positioning terminal is compatible with the position information authentication system. An object of the present invention is to provide a position information authentication system, a positioning terminal, and a position information acquisition apparatus that can be determined by an acquisition apparatus.
 本開示の一態様に係る位置情報認証システムは、航法メッセージを受信し、受信した航法メッセージが認証できる航法メッセージである場合に、その航法メッセージを用いて算出した現在位置を示す位置情報を外部に無線送信する測位端末と、測位端末が認証に用いるセンタ作成認証データを送信する通信衛星に、そのセンタ作成認証データを送信する認証センタ装置と、測位端末が無線送信した位置情報を受信する位置情報取得装置とを備える。 The position information authentication system according to an aspect of the present disclosure receives a navigation message, and when the received navigation message is a navigation message that can be authenticated, position information indicating the current position calculated using the navigation message is externally provided. Positioning terminal that transmits wirelessly, an authentication center device that transmits the center-created authentication data to a communication satellite that transmits center-created authentication data used for authentication by the positioning terminal, and position information that receives position information wirelessly transmitted by the positioning terminal An acquisition device.
 認証センタ装置は、航法衛星システムが備える航法衛星から航法メッセージを含んでいる衛星電波を受信するセンタ側衛星受信部と、暗号キーを作成し、その暗号キーとセンタ側衛星受信部が受信した衛星電波に含まれている航法メッセージとに基づいて、センタ作成認証データを作成するセンタ側認証データ作成部と、センタ側認証データ作成部が作成したセンタ作成認証データを通信衛星に送信する認証データ送信部と、を備える。 The authentication center device includes a center side satellite receiving unit that receives a satellite radio wave including a navigation message from a navigation satellite included in the navigation satellite system, a cipher key, and the cipher key and the satellite received by the center side satellite receiving unit. Based on the navigation message included in the radio wave, a center side authentication data creation unit that creates center creation authentication data, and authentication data transmission that transmits the center creation authentication data created by the center side authentication data creation unit to the communication satellite A section.
 測位端末は、通信衛星からセンタ作成認証データを受信するとともに、航法衛星から衛星電波を受信する端末側衛星受信部と、認証センタ装置から、暗号キーまたはその暗号キーを作成することができるキー作成データのいずれかであるキー関連データを受信するキー受信部と、キー受信部が受信したキー関連データと、端末側衛星受信部が受信した衛星電波から抽出した航法メッセージとに基づいて端末作成認証データを作成する端末側認証データ作成部と、センタ作成認証データと端末作成認証データとを比較し、一致している場合に端末側衛星受信部が受信した衛星電波に含まれている航法メッセージが認証できたと判断する認証判断部と、キー受信部が認証センタ装置から受信したキー関連データに基づいて、端末側衛星受信部が受信した衛星電波に含まれている航法メッセージが認証できたことを示す認証済みデータを作成する認証済み作成部と、航法メッセージに基づいて算出した位置情報とともに、認証済み作成部が作成した認証済みデータを送信する端末側送信部とを備える。 The positioning terminal receives the center creation authentication data from the communication satellite, and also creates the encryption key or the encryption key from the terminal side satellite receiver that receives the satellite radio wave from the navigation satellite and the authentication center device. Authentication of terminal creation based on a key receiver that receives key-related data that is one of the data, key-related data received by the key receiver, and navigation messages extracted from satellite radio waves received by the terminal-side satellite receiver The terminal side authentication data creation unit that creates the data, the center creation authentication data and the terminal creation authentication data are compared, and if they match, the navigation message included in the satellite radio wave received by the terminal side satellite reception unit is Based on the key-related data received by the key receiving unit from the authentication center device, the terminal-side satellite receiving unit determines that the authentication has been successful. Authenticated creation unit that creates authenticated data indicating that the navigation message contained in the received satellite signal has been authenticated and the location information calculated based on the navigation message, as well as the authenticated creation unit created by the authenticated creation unit A terminal-side transmission unit that transmits data.
 位置情報取得装置は、端末側送信部が送信した位置情報および認証済みデータを通信部から取得する端末データ取得部と、通信部を介して、認証センタ装置からキー関連データを取得するキー取得部と、キー取得部が取得したキー関連データに基づいて、認証済みデータと比較するための認証済み比較データを作成する比較データ作成部と、端末データ取得部が取得した認証済みデータと比較データ作成部が作成した認証済み比較データとを比較し、一致している場合に、測位端末は正規の測位端末であると判断する端末判断部とを備える。 The location information acquisition device includes a terminal data acquisition unit that acquires the location information and authenticated data transmitted by the terminal side transmission unit from the communication unit, and a key acquisition unit that acquires key-related data from the authentication center device via the communication unit. Based on the key-related data acquired by the key acquisition unit, the comparison data generation unit that generates the authenticated comparison data for comparison with the authenticated data, and the authentication data and comparison data generated by the terminal data acquisition unit Compared with the authenticated comparison data created by the unit, the terminal includes a terminal determination unit that determines that the positioning terminal is a legitimate positioning terminal if they match.
 本開示によれば、測位端末は、航法衛星から受信した衛星電波に含まれている航法メッセージの認証を行う。この認証のために、キー受信部は、認証センタ装置がセンタ作成認証データの作成に用いた暗号キーまたはその暗号キーを作成することができるキー作成データであるキー関連データを認証センタ装置から受信している。そして、認証ができた場合には、認証センタ装置から受信したキー関連データを用いて、認証済みであることを示す認証済みデータを作成して、位置情報とともにその認証済みデータを送信している。 According to the present disclosure, the positioning terminal authenticates the navigation message included in the satellite radio wave received from the navigation satellite. For this authentication, the key receiving unit receives from the authentication center device key-related data, which is key creation data that can be used to create the encryption key used by the authentication center device to create the center creation authentication data. is doing. If the authentication is successful, the key-related data received from the authentication center device is used to create authenticated data indicating that the authentication has been completed, and the authenticated data is transmitted together with the position information. .
 このように、測位端末は、認証済みデータを、認証センタ装置から取得したデータであるキー関連データを用いて作成して位置情報とともに送信する。これにより、測位端末自身が、認証センタ装置との間の通信が可能な、認証センタ装置から信頼された正規の測位端末であることを証明することができる。 Thus, the positioning terminal creates authenticated data using key-related data that is data acquired from the authentication center device, and transmits it together with position information. As a result, it is possible to prove that the positioning terminal itself is a legitimate positioning terminal trusted by the authentication center device that can communicate with the authentication center device.
 また、その認証済みデータを作成するためのキー関連データは、測位端末自身が受信した衛星電波に含まれている航法メッセージを認証するために認証センタ装置から取得される。よって、認証済みデータを作成するためのデータを別途、認証センタ装置から取得する必要がないので、認証済みデータを作成する処理を簡単にすることができる。 Also, the key related data for creating the authenticated data is acquired from the authentication center device for authenticating the navigation message included in the satellite radio wave received by the positioning terminal itself. Therefore, it is not necessary to separately acquire data for creating authenticated data from the authentication center apparatus, and the process of creating authenticated data can be simplified.
 そして、位置情報とともに認証済みデータを受信した位置情報取得装置は、位置情報取得装置自身も認証センタ装置からキー関連データを取得する。そして、取得したキー関連データに基づいて、認証済みデータと比較するための認証済み比較データを作成する。端末判断部は、この認証済み比較データと、端末データ取得部が取得した認証済みデータとを比較することで、位置情報を送信した測位端末が正規の測位端末であるか否かを判断することができる。 Then, the location information acquisition device that has received the authenticated data together with the location information also acquires the key related data from the authentication center device. Then, based on the acquired key-related data, authenticated comparison data for comparison with the authenticated data is created. The terminal determination unit determines whether the positioning terminal that transmitted the position information is an authorized positioning terminal by comparing the authenticated comparison data with the authenticated data acquired by the terminal data acquisition unit. Can do.
 本開示の別の一態様に係る測位端末は、航法メッセージを受信し、受信した航法メッセージが認証できる航法メッセージである場合に、その航法メッセージを用いて算出した現在位置を示す位置情報を外部に無線送信する。測位端末は、認証センタ装置が作成し、測位端末における認証に用いるために通信衛星に送信したセンタ作成認証データを通信衛星から受信するとともに、航法衛星システムが備える航法衛星から航法メッセージを含んでいる衛星電波を受信する端末側衛星受信部と、認証センタ装置から、センタ作成認証データを作成するための暗号キーまたはその暗号キーを作成することができるキー作成データのいずれかであるキー関連データを受信するキー受信部と、キー受信部が受信したキー関連データと、端末側衛星受信部が受信した衛星電波から抽出した航法メッセージとに基づいて端末作成認証データを作成する端末側認証データ作成部と、センタ作成認証データと端末作成認証データとを比較し、一致している場合に端末側衛星受信部が受信した衛星電波に含まれている航法メッセージが認証できたと判断する認証判断部と、キー受信部が認証センタ装置から受信したキー関連データに基づいて、端末側衛星受信部が受信した衛星電波に含まれている航法メッセージが認証できたことを示す認証済みデータを作成する認証済み作成部と、航法メッセージに基づいて算出した位置情報とともに、認証済み作成部が作成した認証済みデータを送信する端末側送信部とを備える。 When the positioning terminal according to another aspect of the present disclosure receives a navigation message and the received navigation message is a navigation message that can be authenticated, position information indicating the current position calculated using the navigation message is externally provided. Wireless transmission. The positioning terminal receives the center creation authentication data created by the authentication center device and transmitted to the communication satellite for use in authentication in the positioning terminal, and includes a navigation message from the navigation satellite provided in the navigation satellite system. Key-related data that is either an encryption key for creating center-created authentication data or key creation data that can create the encryption key from the terminal-side satellite receiver that receives satellite radio waves and the authentication center device A terminal side authentication data creation unit that creates terminal creation authentication data based on a key reception unit to be received, key related data received by the key reception unit, and a navigation message extracted from satellite radio waves received by the terminal side satellite reception unit And the center-created authentication data and the terminal-created authentication data are compared. Included in the satellite radio wave received by the terminal-side satellite receiver based on the key-related data received from the authentication center device by the authentication determination unit that determines that the navigation message contained in the received satellite radio wave has been authenticated. Terminal that sends the authenticated data created by the authenticated creation unit, together with the location information calculated based on the navigation message, and the authenticated creation unit that creates the authenticated data indicating that the navigation message being authenticated can be authenticated A transmission unit.
 本開示の別の一態様に係る位置情報取得装置は、航法メッセージを受信し、受信した航法メッセージが認証できる航法メッセージである場合に、その航法メッセージを用いて算出した現在位置を示す位置情報および受信した航法メッセージが認証できたことを示す認証済みデータを外部に無線送信する測位端末から、位置情報および認証済みデータを受信する。位置情報取得装置は、測位端末が送信した位置情報および認証済みデータを通信部から取得する端末データ取得部と、通信部を介して、認証センタ装置から、測位端末が認証に用いるセンタ作成認証データを作成するために認証センタ装置が用いた暗号キーまたはその暗号キーを作成することができるキー作成データのいずれかであるキー関連データを取得するキー取得部と、キー取得部が取得したキー関連データに基づいて、認証済みデータと比較するための認証済み比較データを作成する比較データ作成部と、端末データ取得部が取得した認証済みデータと比較データ作成部が作成した認証済み比較データとを比較し、一致している場合に、測位端末は正規の測位端末であると判断する端末判断部とを備える。 When the position information acquisition device according to another aspect of the present disclosure receives a navigation message and the received navigation message is a navigation message that can be authenticated, the position information indicating the current position calculated using the navigation message and Position information and authenticated data are received from a positioning terminal that wirelessly transmits authenticated data indicating that the received navigation message has been authenticated. The position information acquisition device includes a terminal data acquisition unit that acquires the position information and authenticated data transmitted by the positioning terminal from the communication unit, and the center creation authentication data that the positioning terminal uses for authentication from the authentication center device via the communication unit. A key acquisition unit that acquires key-related data that is either the encryption key used by the authentication center device or the key generation data that can generate the encryption key to generate the key, and the key relationship acquired by the key acquisition unit Based on the data, the comparison data creation unit that creates authenticated comparison data for comparison with the authenticated data, the authenticated data acquired by the terminal data acquisition unit, and the authenticated comparison data generated by the comparison data generation unit In the case of comparison and matching, the positioning terminal includes a terminal determination unit that determines that it is a legitimate positioning terminal.
 本開示の位置情報認証システム、その測位端末、位置情報取得装置によれば、測位端末が、位置情報認証システムに対応していることを、その測位端末から位置情報を取得する位置情報取得装置が判断できる。 According to the location information authentication system, the positioning terminal, and the location information acquisition device of the present disclosure, the location information acquisition device that acquires the location information from the positioning terminal indicates that the positioning terminal is compatible with the location information authentication system. I can judge.
 本開示についての上記および他の目的、特徴や利点は、添付の図面を参照した下記の詳細な説明から、より明確になる。添付図面において
図1は、実施形態1となる位置情報認証システムの構成図であり、 図2は、図1の認証センタ処理装置の構成を詳しく示すブロック図であり、 図3は、図1の車載機の構成を詳しく示すブロック図であり、 図4は、衛星電波に含まれている航法メッセージと、RANDメッセージの関係を示す図であり、 図5は、車載機の制御部が実行する処理を示すフローチャートであり、 図6は、図5のステップS4の航法メッセージ認証処理を詳しく示すフローチャートであり、 図7は、路側機の制御部が実行する処理を示すフローチャートであり、 図8は、実施形態2における路側機の構成図であり、 図9は、路側機が備える制御部が実行する事前処理を示すフローチャートであり、 図10は、路側機が備える制御部が車載機から位置情報等を受信した場合に実行する処理を示すフローチャートである。 The above and other objects, features and advantages of the present disclosure will become more apparent from the following detailed description with reference to the accompanying drawings. In the attached drawings
FIG. 1 is a configuration diagram of a location information authentication system according to the first embodiment. FIG. 2 is a block diagram showing in detail the configuration of the authentication center processing apparatus of FIG. FIG. 3 is a block diagram showing in detail the configuration of the in-vehicle device of FIG. FIG. 4 is a diagram showing the relationship between the navigation message included in the satellite radio wave and the RAND message. FIG. 5 is a flowchart showing processing executed by the control unit of the in-vehicle device. FIG. 6 is a flowchart showing in detail the navigation message authentication process in step S4 of FIG. FIG. 7 is a flowchart showing processing executed by the control unit of the roadside machine. FIG. 8 is a configuration diagram of a roadside machine in the second embodiment. FIG. 9 is a flowchart showing the pre-processing executed by the control unit included in the roadside machine, FIG. 10 is a flowchart illustrating processing executed when the control unit included in the roadside device receives position information and the like from the in-vehicle device.
 (実施形態1)
 以下、本開示の実施形態を図面に基づいて説明する。図1に示すように、実施形態1の位置情報認証システム1は、認証センタ装置100、本開示の測位端末に相当する車載機200、本開示の位置情報取得装置に相当する路側機300を備える。 (Embodiment 1)
Hereinafter, embodiments of the present disclosure will be described with reference to the drawings. As illustrated in FIG. 1, the location information authentication system 1 of Embodiment 1 includes an authentication center device 100, an in-vehicle device 200 corresponding to the positioning terminal of the present disclosure, and a roadside device 300 corresponding to the location information acquisition device of the present disclosure. .
 (位置情報認証システム1の概略構成)
 認証センタ装置100は、モニタステーション装置110、認証センタ処理装置120、マスタコントロールステーション装置130を備える。なお、以下では、装置、処理装置を省略し、モニタステーション装置110はモニタステーション110、認証センタ処理装置120は認証センタ120、マスタコントロールステーション装置130はマスタコントロールステーション130とする。 (Schematic configuration of the location information authentication system 1)
The authentication center apparatus 100 includes a monitor station apparatus 110, an authentication center processing apparatus 120, and a master control station apparatus 130. Hereinafter, the apparatus and the processing apparatus are omitted, the monitor station apparatus 110 is the monitor station 110, the authentication center processing apparatus 120 is the authentication center 120, and the master control station apparatus 130 is the master control station 130.
 モニタステーション110は、本開示のセンタ側衛星受信部に相当し、航法衛星システムの一つであるGPSが備えるGPS衛星2が送信するGPS電波を受信する。GPS衛星2は本開示の航法衛星に相当し、GPS電波は本開示の衛星電波に相当する。周知のように、GPS電波には航法メッセージが含まれている。モニタステーション110は、受信したGPS電波を復調して航法メッセージを抽出し、認証センタ120へ送る。複数のGPS衛星2からGPS電波を受信した場合には、それぞれのGPS電波から航法メッセージを抽出して、認証センタ120へ送る。 The monitor station 110 corresponds to the center-side satellite receiver of the present disclosure, and receives GPS radio waves transmitted by the GPS satellite 2 included in the GPS that is one of the navigation satellite systems. The GPS satellite 2 corresponds to the navigation satellite of the present disclosure, and the GPS radio wave corresponds to the satellite radio wave of the present disclosure. As is well known, navigation messages are included in GPS radio waves. The monitor station 110 demodulates the received GPS radio wave, extracts a navigation message, and sends it to the authentication center 120. When GPS radio waves are received from a plurality of GPS satellites 2, a navigation message is extracted from each GPS radio wave and sent to the authentication center 120.
 認証センタ120は、航法メッセージと暗号キーであるHマトリクスとから、本開示のセンタ作成認証データに相当するパリティデータを作成する。そして、作成したパリティデータを含む信号をマスタコントロールステーション130に送る。また、車載機200や路側機300との間で通信も行う。この認証センタ120の詳細は図2を用いて説明する。 The authentication center 120 creates parity data corresponding to the center creation authentication data of the present disclosure from the navigation message and the H matrix that is the encryption key. Then, a signal including the created parity data is sent to the master control station 130. In addition, communication is performed with the in-vehicle device 200 and the roadside device 300. Details of the authentication center 120 will be described with reference to FIG.
 マスタコントロールステーション130は、本開示の認証データ送信部に相当し、認証センタ120から受信したパリティデータを準天頂衛星(以下、QZS衛星)3に送信する。 The master control station 130 corresponds to the authentication data transmission unit of the present disclosure, and transmits parity data received from the authentication center 120 to the quasi-zenith satellite (hereinafter, QZS satellite) 3.
 QZS衛星3は本開示の通信衛星に相当し、パリティデータを含んだ航法メッセージを地上に向けて放送する。 The QZS satellite 3 corresponds to the communication satellite of the present disclosure, and broadcasts a navigation message including parity data toward the ground.
 車載機200は、航法メッセージ認証型の車載機であり、GPS衛星2から受信した航法メッセージが認証できるかどうかを、QZS衛星3から受信した航法メッセージに含まれているパリティデータを用いて認証する。この認証の際に、認証センタ120と通信を行う。また、GPS衛星2から受信した航法メッセージを用いて現在位置を算出し、算出した現在位置を示す位置情報を、後述するハッシュ値とともに外部に無線送信する。ハッシュ値は航法メッセージの認証ができたことを示しており、本開示の認証済みデータに相当する。車載機200は、図3、図5、図6を用いて説明する。 The in-vehicle device 200 is a navigation message authentication type in-vehicle device, and authenticates whether or not the navigation message received from the GPS satellite 2 can be authenticated by using parity data included in the navigation message received from the QZS satellite 3. . At the time of this authentication, communication with the authentication center 120 is performed. In addition, the current position is calculated using the navigation message received from the GPS satellite 2, and position information indicating the calculated current position is wirelessly transmitted to the outside together with a hash value to be described later. The hash value indicates that the navigation message has been authenticated, and corresponds to the authenticated data of the present disclosure. The in-vehicle device 200 will be described with reference to FIGS. 3, 5, and 6.
 路側機300は、車載機200が送信する位置情報を用いた所定のサービスを提供するサービス提供事業者が管理する。上記サービスとしては、たとえば、車載機200を搭載した車両が有料駐車区域に駐車した場合や、その車両が有料道路を走行した場合に、その車両の使用者に課金するサービスがある。 The roadside device 300 is managed by a service provider that provides a predetermined service using the position information transmitted by the in-vehicle device 200. Examples of the service include a service that charges a user of the vehicle when the vehicle on which the vehicle-mounted device 200 is mounted is parked in a toll parking area or when the vehicle travels on a toll road.
 この路側機300は通信部310と制御部320を備える。通信部310は、認証センタ120が備える通信部126(図2参照)や、車載機200が備える通信部210(図3参照)と無線通信を行う。 The roadside machine 300 includes a communication unit 310 and a control unit 320. The communication unit 310 performs wireless communication with the communication unit 126 (see FIG. 2) included in the authentication center 120 and the communication unit 210 (see FIG. 3) included in the in-vehicle device 200.
 制御部320は、CPU、ROM、RAM等を備えたコンピュータであり、CPUが、RAMの一時記憶機能を利用しつつROMに記憶されているプログラムを実行することで通信部310を制御する。また、車載機200が送信したハッシュ値を通信部310を介して取得し、そのハッシュ値に基づいて、車載機200が正規の車載機であるか否かを判断する。この判断の際に、認証センタ120と通信を行う。 The control unit 320 is a computer including a CPU, a ROM, a RAM, and the like, and the CPU controls the communication unit 310 by executing a program stored in the ROM while using a temporary storage function of the RAM. Further, the hash value transmitted by the in-vehicle device 200 is acquired via the communication unit 310, and based on the hash value, it is determined whether the in-vehicle device 200 is a regular on-vehicle device. In this determination, communication with the authentication center 120 is performed.
 (認証センタ120の詳細構成)
 図2に示すように、認証センタ120は、制御部122、データ記憶部124、通信部126を備える。 (Detailed configuration of authentication center 120)
As shown in FIG. 2, the authentication center 120 includes a control unit 122, a data storage unit 124, and a communication unit 126.
 制御部122は、CPU、ROM、RAM等を備えたコンピュータであり、データ記憶部124、通信部126を制御する。また、CPUが、RAMの一時記憶機能を利用しつつROMに記憶されているプログラムを実行することで、RANDメッセージ生成部1221、SEED値生成部1222、Hマトリクス計算部1223、パリティ計算部1224、信号加工部1225としての機能を備える。なお、これら、各部1221~1225の機能は、特許文献1に開示されている機能と同じでよい。また、これらに加え、制御部122は、Hマトリクス選択部1226も備える。この制御部122は、本開示のセンタ側認証データ作成部に相当する。 The control unit 122 is a computer including a CPU, a ROM, a RAM, and the like, and controls the data storage unit 124 and the communication unit 126. In addition, the CPU executes a program stored in the ROM while using the temporary storage function of the RAM, so that the RAND message generation unit 1221, the SEED value generation unit 1222, the H matrix calculation unit 1223, the parity calculation unit 1224, A function as the signal processing unit 1225 is provided. The functions of these units 1221 to 1225 may be the same as the functions disclosed in Patent Document 1. In addition to these, the control unit 122 also includes an H matrix selection unit 1226. The control unit 122 corresponds to the center side authentication data creation unit of the present disclosure.
 RANDメッセージ生成部1221は、レファランス認証ナビゲーションデータ(RAND: Reference Authentication Navigation Data)を意味しており、モニタステーション110から取得する航法メッセージから作成する。 The RAND message generation unit 1221 means reference authentication navigation data (RAND: “Reference” Authentication “Navigation” Data), and is generated from the navigation message acquired from the monitor station 110.
 図4にRANDメッセージと航法メッセージとの関係を示す。周知のように、航法メッセージはサブフレーム1~5に分けられ、サブフレーム4、5は、それぞれ、1~25ページを持つ。そして、各サブフレームはワード1~10に分けられる。 Fig. 4 shows the relationship between RAND messages and navigation messages. As is well known, the navigation message is divided into subframes 1 to 5, and subframes 4 and 5 have 1 to 25 pages, respectively. Each subframe is divided into words 1-10.
 RANDメッセージは、サブフレーム1のワード2に含まれている経過時間TOW(time of week、本開示の時刻情報に相当)、ワード8~10に含まれているTOC、AF0、AF1が順番に並んでいる。さらに、その後に、アンチスプーフフラグであるAS Flag、衛星番号であるPRN(Pseudo Random Noise)IDが追加されている。なお、図4において、RANDメッセージを構成する各データの後の括弧内に示す数値は、各データのビット数を意味する。 In the RAND message, the elapsed time TOW (time of week, corresponding to the time information of the present disclosure) included in the word 2 of the subframe 1 and the TOC, AF0, AF1 included in the words 8 to 10 are arranged in order. It is out. Further, an AS Flag that is an anti-spoof flag and a PRN (Pseudo Random Noise) ID that is a satellite number are added. In FIG. 4, the numerical value shown in parentheses after each data constituting the RAND message means the number of bits of each data.
 TOWは6秒ごとに変化するので、TOWとPRNIDを含んでいるRANDメッセージは、どのGPS衛星がいつ送信したかを示すメッセージであると言える。また、TOWが6秒ごとに変化し、また、PRNIDを含んでいるので、モニタステーション110が受信したGPS衛星2ごと、かつ、6秒ごとにRANDメッセージを生成する。 Since TOW changes every 6 seconds, it can be said that the RAND message including TOW and PRNID is a message indicating which GPS satellite transmitted when. Further, since TOW changes every 6 seconds and PRNID is included, a RAND message is generated every GPS satellite 2 received by the monitor station 110 and every 6 seconds.
 SEED値生成部1222は、PCクロックを入力として唯一のSEED値を生成する。たとえば、PCクロックを入力として乱数を発生させることで、SEED値を生成する。なお、本実施形態におけるSEED値は36ビットとする。 The SEED value generation unit 1222 generates a single SEED value with the PC clock as an input. For example, the SEED value is generated by generating a random number with the PC clock as an input. In this embodiment, the SEED value is 36 bits.
 Hマトリクス計算部1223は、SEED値生成部1222が生成したSEED値を使い、このSEED値に一対一に対応するHマトリクスを計算する。このHマトリクスは本開示の暗号キーに相当する。また、SEED値が決まればHマトリクスを作成することができるので、SEED値は本開示のキー作成データに相当する。Hマトリクスとしては、周知のハッシュ関数を用いればよく、例えばLDPC(Low Density Parity Check)符号化を行うためのパリティ検査行列を用いればよい。さらに、パリティ検査行列から決定される生成行列を用いてもよい。 The H matrix calculation unit 1223 uses the SEED value generated by the SEED value generation unit 1222 and calculates an H matrix corresponding to the SEED value on a one-to-one basis. This H matrix corresponds to the encryption key of the present disclosure. Further, since the H matrix can be created if the SEED value is determined, the SEED value corresponds to the key creation data of the present disclosure. As the H matrix, a known hash function may be used. For example, a parity check matrix for performing LDPC (Low Density Parity Check) encoding may be used. Furthermore, a generator matrix determined from a parity check matrix may be used.
 Hマトリクスは本開示の暗号キーの一例に対応し、HマトリクスまたはSEED値は本開示のキー関連データの一例に相当する。 The H matrix corresponds to an example of the encryption key of the present disclosure, and the H matrix or the SEED value corresponds to an example of the key related data of the present disclosure.
 パリティ計算部1224は、RANDメッセージ生成部1221が作成したRANDメッセージ、Hマトリクス計算部1223が計算したHマトリクスに基づいて、パリティデータを計算する。すなわち、このHマトリクスをRANDメッセージに乗じることで、パリティデータを計算する。 The parity calculator 1224 calculates parity data based on the RAND message created by the RAND message generator 1221 and the H matrix calculated by the H matrix calculator 1223. That is, parity data is calculated by multiplying the RAND message by this H matrix.
 信号加工部1225は、パリティ計算部1224が計算したパリティデータ、および、その計算に使用したRANDメッセージを、QZS衛星3に送信させる航法メッセージに挿入する。そして、挿入済みの航法メッセージをマスタコントロールステーション130に送る。 The signal processing unit 1225 inserts the parity data calculated by the parity calculation unit 1224 and the RAND message used for the calculation into the navigation message to be transmitted to the QZS satellite 3. Then, the inserted navigation message is sent to the master control station 130.
 さらに、信号加工部1225は、信号の挿入に合せて、パリティ計算部1224が計算したパリティデータ、パリティデータの計算に用いたRANDメッセージ、Hマトリクス、そのHマトリクスの計算に用いたSEED値をデータ記憶部124に記憶する。 Further, the signal processing unit 1225 stores the parity data calculated by the parity calculation unit 1224, the RAND message used for calculating the parity data, the H matrix, and the SEED value used for the calculation of the H matrix in accordance with the signal insertion. Store in the storage unit 124.
 この信号加工部1225は、RANDメッセージ生成部1221がRANDメッセージを生成するごとに、RANDメッセージとパリティデータをQZS衛星3に送信させる航法メッセージに挿入する。よって、SEED値生成部1222、Hマトリクス計算部1223、パリティ計算部1224も、RANDメッセージ生成部1221がRANDメッセージを生成するごとに、処理を実行する。 The signal processing unit 1225 inserts the RAND message and parity data into the navigation message that causes the QZS satellite 3 to transmit each time the RAND message generation unit 1221 generates the RAND message. Therefore, the SEED value generation unit 1222, the H matrix calculation unit 1223, and the parity calculation unit 1224 also execute processing each time the RAND message generation unit 1221 generates a RAND message.
 Hマトリクス選択部1226は、車載機200から送信されてきたPRNID、TOW、公開キーを通信部126が受信したときは、データ記憶部124に記憶されているHマトリクスから、受信したPRNID、TOWに対応するHマトリクスを選択する。そして、選択したHマトリクスを公開キーで暗号化し、暗号化したHマトリクスを、PRNIDなどを送信した車載機200へ送信する。 When the communication unit 126 receives the PRNID, TOW, and public key transmitted from the in-vehicle device 200, the H matrix selection unit 1226 converts the H matrix stored in the data storage unit 124 into the received PRNID and TOW. Select the corresponding H matrix. Then, the selected H matrix is encrypted with the public key, and the encrypted H matrix is transmitted to the in-vehicle device 200 that has transmitted PRNID or the like.
 また、路側機300から送信されてきたPRNID、TOW、公開キーを通信部126が受信したときは、データ記憶部124に記憶されているHマトリクスおよびパリティデータから、受信したPRNID、TOWに対応するHマトリクスおよびパリティデータを選択する。そして、選択したHマトリクスおよびパリティデータを公開キーで暗号化し、暗号化したHマトリクスおよびパリティデータを、PRNIDなどを送信した路側機300へ送信する。 Further, when the communication unit 126 receives the PRNID, TOW, and public key transmitted from the roadside device 300, it corresponds to the received PRNID and TOW from the H matrix and parity data stored in the data storage unit 124. Select H matrix and parity data. Then, the selected H matrix and parity data are encrypted with the public key, and the encrypted H matrix and parity data are transmitted to the roadside device 300 that transmitted the PRNID and the like.
 通信部126は、車載機200が備える通信部210、および、路側機300が備える通信部310と通信する。 The communication unit 126 communicates with the communication unit 210 included in the in-vehicle device 200 and the communication unit 310 included in the roadside device 300.
 マスタコントロールステーション130は、信号加工部1225が生成した航法メッセージをQZS衛星3に送信する。 The master control station 130 transmits the navigation message generated by the signal processing unit 1225 to the QZS satellite 3.
 QZS衛星3は、マスタコントロールステーション130から受信した航法メッセージを地上に向けて放送する。 The QZS satellite 3 broadcasts the navigation message received from the master control station 130 toward the ground.
 (車載機200の構成)
 QZS衛星3が放送した航法メッセージは、車載機200の衛星受信部230に受信される。この車載機200は、衛星受信部230の他に、通信部210、制御部220を備える。 (Configuration of in-vehicle device 200)
The navigation message broadcast by the QZS satellite 3 is received by the satellite receiver 230 of the in-vehicle device 200. This in-vehicle device 200 includes a communication unit 210 and a control unit 220 in addition to the satellite reception unit 230.
 通信部210は、受信部211と送信部212を備える。受信部211は、本開示のキー受信部に相当し、送信部212は本開示の端末側送信部に相当する。通信部210は、狭域通信機能と広域通信機能を備えている。狭域通信機能は、たとえば、通信距離が数百メートルである。広域通信機能は、通信距離がたとえば数キロメートルであり、公衆通信回線網の基地局と通信を行うことにより、公衆通信回線網の通信圏内の他の通信機器と通信することができる。狭域通信機能により、路側機300の通信部310と通信し、広域通信機能により、認証センタ120の通信部126と通信する。 The communication unit 210 includes a reception unit 211 and a transmission unit 212. The reception unit 211 corresponds to the key reception unit of the present disclosure, and the transmission unit 212 corresponds to the terminal side transmission unit of the present disclosure. The communication unit 210 has a narrow area communication function and a wide area communication function. The narrow area communication function has a communication distance of several hundred meters, for example. The wide-area communication function has a communication distance of, for example, several kilometers, and can communicate with other communication devices within the communication area of the public communication network by communicating with the base station of the public communication network. The narrow area communication function communicates with the communication unit 310 of the roadside machine 300, and the wide area communication function communicates with the communication unit 126 of the authentication center 120.
 衛星受信部230は、本開示の端末側衛星受信部に相当し、GPS衛星2、QZS衛星3が送信する電波を一定周期で受信する。 The satellite receiver 230 corresponds to the terminal-side satellite receiver of the present disclosure, and receives radio waves transmitted by the GPS satellite 2 and the QZS satellite 3 at a constant period.
 制御部220は、CPU、ROM、RAM等を備えたコンピュータであり、通信部210、衛星受信部230を制御する。また、CPUが、RAMの一時記憶機能を利用しつつROMに記憶されているプログラムを実行することで、図5に示す処理を実行する。 The control unit 220 is a computer including a CPU, a ROM, a RAM, and the like, and controls the communication unit 210 and the satellite reception unit 230. Further, the CPU executes the program shown in FIG. 5 by executing the program stored in the ROM while using the temporary storage function of the RAM.
 図5に示す処理は、衛星受信部230が4つ以上のGPS衛星2からGPS電波を受信するごとに実行する。4つ以上としているのは、現在位置を算出するには、4つ以上のGPS衛星2からGPS電波を受信する必要があるからである。 The processing shown in FIG. 5 is executed each time the satellite receiving unit 230 receives GPS radio waves from four or more GPS satellites 2. The reason why the number is four or more is that it is necessary to receive GPS radio waves from four or more GPS satellites 2 in order to calculate the current position.
 ステップS2では、GPS電波に基づいて現在位置を算出する。ステップS4では、航法メッセージ認証処理を実行する。この処理の詳細は図6に示す。 In step S2, the current position is calculated based on the GPS radio wave. In step S4, navigation message authentication processing is executed. Details of this processing are shown in FIG.
 ステップS42では、QZS衛星3から受信した航法メッセージを、受信部211から取得する。 In step S42, the navigation message received from the QZS satellite 3 is acquired from the receiving unit 211.
 ステップS44では、ステップS42で取得した航法メッセージから、現在位置の算出に用いた航法メッセージに対応するPRNID、TOW、パリティデータを抽出する。なお、PRNID、TOWは、現在位置の算出に用いた航法メッセージから抽出してもよい。 In step S44, PRNID, TOW, and parity data corresponding to the navigation message used to calculate the current position are extracted from the navigation message acquired in step S42. Note that PRNID and TOW may be extracted from the navigation message used to calculate the current position.
 ステップS46では、ステップS44で抽出したPRNIDとTOWを公開キーとともに、送信部212から認証センタ120へ送信する。前述したように、認証センタ120は、このPRNIDとTOWより定まるHマトリクスを、公開キーにより暗号化して車載機200へ送信する。 In step S46, the PRNID and TOW extracted in step S44 are transmitted from the transmission unit 212 to the authentication center 120 together with the public key. As described above, the authentication center 120 encrypts the H matrix determined by the PRNID and TOW with the public key and transmits the encrypted H matrix to the in-vehicle device 200.
 ステップS48では、認証センタ120から送信された、暗号化されたHマトリクスを受信部211から取得する。ステップS50では、ステップS48で取得した、暗号化されたHマトリクスを秘密キーで復号する。 In step S48, the encrypted H matrix transmitted from the authentication center 120 is acquired from the receiving unit 211. In step S50, the encrypted H matrix acquired in step S48 is decrypted with the secret key.
 ステップS52では、ステップS46で送信したPRNIDと同じPRNIDを航法メッセージに含んでいるGPS電波から、RANDメッセージを作成する。 In step S52, a RAND message is created from GPS radio waves that include the same PRNID as the PRNID transmitted in step S46 in the navigation message.
 ステップS54では、ステップS52で作成したRANDメッセージと、ステップS50で復号したHマトリクスとから、比較パリティデータを作成する。ここで作成した比較パリティデータが、本開示の端末作成認証データに相当し、このS54は本開示の端末側認証データ作成部に相当する。 In step S54, comparison parity data is created from the RAND message created in step S52 and the H matrix decoded in step S50. The comparison parity data created here corresponds to the terminal creation authentication data of the present disclosure, and S54 corresponds to the terminal side authentication data creation unit of the present disclosure.
 続いて本開示の認証判断部に相当するステップS56~S60を実行する。ステップS56では、ステップS54で作成した比較パリティデータと、ステップS44で抽出したパリティデータが一致するか否かを判断する。 Subsequently, steps S56 to S60 corresponding to the authentication determination unit of the present disclosure are executed. In step S56, it is determined whether or not the comparison parity data created in step S54 matches the parity data extracted in step S44.
 ステップS50で復号したHマトリクスは、認証センタ120がパリティデータの作成に使用したHマトリクスと同じである。そして、認証センタ120のパリティ計算部1224は、このHマトリクスとRANDメッセージとに基づいてパリティデータを計算している。 The H matrix decoded in step S50 is the same as the H matrix used by the authentication center 120 to create parity data. The parity calculation unit 1224 of the authentication center 120 calculates parity data based on the H matrix and the RAND message.
 よって、ステップS54で作成した比較パリティデータが、ステップS44で抽出したパリティデータと一致する場合、ステップS52で作成したRANDメッセージが、認証センタ120が作成したRANDメッセージと同じであると考えることができる。そこで、ステップS54で作成した比較パリティデータと、ステップS44で抽出したパリティデータとが一致する場合、ステップS58に進み、認証成立とする。一方、2つのパリティデータが一致しない場合、ステップS60に進み、認証不成立とする。 Therefore, when the comparison parity data created in step S54 matches the parity data extracted in step S44, it can be considered that the RAND message created in step S52 is the same as the RAND message created by the authentication center 120. . Therefore, if the comparison parity data created in step S54 matches the parity data extracted in step S44, the process proceeds to step S58 and authentication is established. On the other hand, if the two parity data do not match, the process proceeds to step S60 and authentication is not established.
 説明を図5に戻す。ステップS4を実行した後は、本開示認証済み作成部に相当するステップS6~S10を実行する。ステップS6では、航法メッセージ認証処理の処理結果が、認証成立であったか否かを判断する。 Return the explanation to FIG. After step S4 is executed, steps S6 to S10 corresponding to the presently disclosed authenticated creation unit are executed. In step S6, it is determined whether or not the processing result of the navigation message authentication process is authentication establishment.
 この判断がNo、すなわち、認証不成立である場合には、図4の処理を終了する。一方、ステップS6の判断がYesの場合には、ステップS8に進む。 If this determination is No, that is, if authentication is not established, the processing in FIG. 4 is terminated. On the other hand, if the determination in step S6 is Yes, the process proceeds to step S8.
 ステップS8では、位置情報の送信が必要であるか否かを判断する。位置情報の送信が必要である場合としては、たとえば、路側機300の通信部310から位置情報の要求信号を受信した場合などがある。また、一定の送信周期で位置情報を送信するようにしてもよい。ステップS8の判断がNoである場合には、図4の処理を終了する。一方、ステップS8の判断もYesとなった場合にはステップS10へ進む。 In step S8, it is determined whether or not transmission of position information is necessary. As a case where transmission of position information is necessary, for example, there is a case where a request signal for position information is received from the communication unit 310 of the roadside device 300. Further, the position information may be transmitted at a constant transmission cycle. If the determination in step S8 is No, the process in FIG. 4 is terminated. On the other hand, if the determination in step S8 is also Yes, the process proceeds to step S10.
 ステップS10では、認証センタ120が作成したデータであるHマトリクスと、パリティデータとを入力キーとしてハッシュ関数からハッシュ値を作成する。このハッシュ値は本開示の認証済みデータに相当する。 In step S10, a hash value is created from a hash function using the H matrix, which is data created by the authentication center 120, and parity data as input keys. This hash value corresponds to the authenticated data of the present disclosure.
 ステップS12では、ステップS1で算出した現在位置を示す位置情報、ステップS8で作成したハッシュ値、ステップS44で抽出したPRNID、TOWを、送信部212から路側機300の通信部310に送信する。 In step S12, the position information indicating the current position calculated in step S1, the hash value created in step S8, the PRNID extracted in step S44, and the TOW are transmitted from the transmission unit 212 to the communication unit 310 of the roadside device 300.
 (路側機300の処理)
 路側機300の制御部320は、周期的に、路側機300の周囲に位置情報の送信を要求する要求信号を送信する。この要求信号を車載機200が受信した場合、前述のように、車載機200は、位置情報、ハッシュ値等を送信する。 (Processing of roadside machine 300)
The control unit 320 of the roadside machine 300 periodically transmits a request signal for requesting transmission of position information around the roadside machine 300. When the in-vehicle device 200 receives this request signal, the in-vehicle device 200 transmits position information, a hash value, and the like as described above.
 路側機300の通信部310が、車載機200から位置情報、ハッシュ値等を受信した場合、路側機300の制御部320は図7に示す処理を実行する。 When the communication unit 310 of the roadside device 300 receives position information, a hash value, and the like from the in-vehicle device 200, the control unit 320 of the roadside device 300 executes the process shown in FIG.
 ステップS70では、通信部310が受信した位置情報、ハッシュ値、PRNID、TOWを通信部310から取得する。このステップS70は本開示の端末データ取得部に相当する。 In step S70, the location information, hash value, PRNID, and TOW received by the communication unit 310 are acquired from the communication unit 310. This step S70 corresponds to the terminal data acquisition unit of the present disclosure.
 ステップS72では、ステップS70で取得したPRNIDとTOWを公開キーとともに、通信部310から認証センタ120へ送信する。なお、この公開キーは路側機300が独自に記憶している公開キーであり、車載機200が認証センタ120へ送信する公開キーとは異なるキーである。 In Step S72, the PRNID and TOW acquired in Step S70 are transmitted from the communication unit 310 to the authentication center 120 together with the public key. This public key is a public key that is uniquely stored in the roadside device 300, and is a key that is different from the public key that the in-vehicle device 200 transmits to the authentication center 120.
 前述したように、認証センタ120は、このPRNIDとTOWより定まるHマトリクスおよびパリティデータを、公開キーにより暗号化して路側機300へ送信する。これらHマトリクスおよびパリティデータは、ハッシュ値を作成するための入力キーである。 As described above, the authentication center 120 encrypts the H matrix and parity data determined by the PRNID and TOW with the public key and transmits the encrypted data to the roadside device 300. These H matrix and parity data are input keys for creating a hash value.
 ステップS74では、認証センタ120から送信された、暗号化されたHマトリクスおよびパリティデータを、通信部310から取得する。このステップS74は本開示のキー取得部に相当する。 In step S 74, the encrypted H matrix and parity data transmitted from the authentication center 120 are acquired from the communication unit 310. This step S74 corresponds to the key acquisition unit of the present disclosure.
 ステップS76では、ステップS74で取得した、暗号化されたHマトリクスおよびパリティデータを秘密キーで復号する。 In step S76, the encrypted H matrix and parity data acquired in step S74 are decrypted with the secret key.
 ステップS78では、ステップS76で復号したHマトリクスおよびパリティデータを入力キーとして、正規の車載機200が使用するものとして予め記憶しているハッシュ関数から比較ハッシュ値を作成する。この比較ハッシュ値は本開示の認証済み比較データに相当し、ステップS78は本開示の比較データ作成部に相当する。 In step S78, a comparison hash value is created from a hash function stored in advance as the one used by the legitimate vehicle-mounted device 200 using the H matrix and parity data decrypted in step S76 as input keys. This comparison hash value corresponds to the authenticated comparison data of the present disclosure, and step S78 corresponds to the comparison data creation unit of the present disclosure.
 続いて、本開示の端末判断部に相当するステップS80~S84を実行する。ステップS80では、ステップS78で作成した比較ハッシュ値と、ステップS70で取得したハッシュ値が一致するか否かを判断する。 Subsequently, steps S80 to S84 corresponding to the terminal determination unit of the present disclosure are executed. In step S80, it is determined whether or not the comparison hash value created in step S78 matches the hash value acquired in step S70.
 2つのハッシュ値が一致する場合、車載機200が送信したハッシュ値も、認証センタ120が作成したHマトリクスを入力キーとしていると考えることができる。そこで、2つのハッシュ値が一致する場合、ステップS82に進み、位置情報、ハッシュ値等を送信した車載機200は正規車載機であるとする。一方、2つのハッシュ値が一致しない場合、ステップS84に進み、位置情報、ハッシュ値等を送信した車載機200は不正車載機であるとする。 When the two hash values match, it can be considered that the hash value transmitted by the in-vehicle device 200 also uses the H matrix created by the authentication center 120 as an input key. Therefore, if the two hash values match, the process proceeds to step S82, and it is assumed that the in-vehicle device 200 that transmitted the position information, the hash value, and the like is a regular in-vehicle device. On the other hand, if the two hash values do not match, the process proceeds to step S84, and it is assumed that the in-vehicle device 200 that transmitted the position information, the hash value, etc. is an unauthorized in-vehicle device.
 以上、説明した実施形態1によれば、車載機200は、GPS衛星2から受信した衛星電波に含まれている航法メッセージの認証を行っている(S4)。この認証のために、認証センタ120がパリティデータの作成に用いたHマトリクスを認証センタ120から取得している(S48)。そして、認証ができた場合には、認証センタ120から取得したHマトリクスを用いて、認証済みであることを示すためにハッシュ値を作成して(S10)、位置情報とともにそのハッシュ値を送信している(S12)。 As described above, according to the first embodiment described above, the in-vehicle device 200 authenticates the navigation message included in the satellite radio wave received from the GPS satellite 2 (S4). For this authentication, the authentication center 120 acquires the H matrix used for generating the parity data from the authentication center 120 (S48). When the authentication is successful, a hash value is created to indicate that the authentication has been completed using the H matrix acquired from the authentication center 120 (S10), and the hash value is transmitted together with the position information. (S12).
 このように、車載機200は、認証済みであることを示すデータであるハッシュ値を、認証センタ120から取得したHマトリクスを用いて作成して位置情報とともに送信する。これにより、車載機200自身が、認証センタ120との間の通信が可能な、認証センタ120から信頼された正規車載機であることを証明することができる。 In this way, the in-vehicle device 200 creates a hash value, which is data indicating that it has been authenticated, using the H matrix acquired from the authentication center 120 and transmits it together with the position information. Accordingly, it is possible to prove that the in-vehicle device 200 itself is a regular on-vehicle device that can communicate with the authentication center 120 and is trusted by the authentication center 120.
 また、そのハッシュ値を作成するためのHマトリクスは、車載機200自身が受信した衛星電波に含まれている航法メッセージを認証するために認証センタ120から取得したものである。よって、ハッシュ値を作成するためのデータを別途、認証センタ120から取得する必要がないので、ハッシュ値を作成する処理を簡単にすることができる。 Further, the H matrix for creating the hash value is obtained from the authentication center 120 in order to authenticate the navigation message included in the satellite radio wave received by the in-vehicle device 200 itself. Therefore, since it is not necessary to separately acquire data for creating a hash value from the authentication center 120, the process of creating a hash value can be simplified.
 また、Hマトリクスそのものを送信するのではなく、Hマトリクスからハッシュ関数を用いて作成したハッシュ値を送信している。ハッシュ関数は不可逆の一方向関数であることから、Hマトリクスが第三者に知られてしまうことも抑制できる。 Also, instead of transmitting the H matrix itself, a hash value created from the H matrix using a hash function is transmitted. Since the hash function is an irreversible one-way function, it is possible to prevent the H matrix from being known to a third party.
 位置情報とともにハッシュ値を受信した路側機300は、路側機300自身も認証センタ120からHマトリクスを取得し、また、パリティデータも取得する(S74)。これらHマトリクス、パリティデータと、正規の車載機200が使用するものとして予め記憶しているハッシュ関数から比較ハッシュ値を作成する(S78)。この比較ハッシュ値と、車載機200から取得したハッシュ値とを比較することで、位置情報を送信した車載機200が正規車載機であるか否かを判断することができる。 The roadside device 300 that has received the hash value together with the location information also acquires the H matrix from the authentication center 120, and also acquires parity data (S74). A comparison hash value is created from these H matrix, parity data, and a hash function stored in advance as one used by the regular vehicle-mounted device 200 (S78). By comparing this comparison hash value with the hash value acquired from the in-vehicle device 200, it can be determined whether or not the in-vehicle device 200 that transmitted the position information is a regular on-vehicle device.
 (実施形態2)
 次に、実施形態2を説明する。なお、この実施形態2以下の説明において、それまでに使用した符号と同一番号の符号を有する要素は、特に言及する場合を除き、それ以前の実施形態における同一符号の要素と同一である。また、構成の一部のみを説明している場合、構成の他の部分については先に説明した実施形態を適用することができる。 (Embodiment 2)
Next, Embodiment 2 will be described. In the following description of the second embodiment, elements having the same reference numerals as those used so far are the same as the elements having the same reference numerals in the previous embodiments unless otherwise specified. In addition, when only a part of the configuration is described, the embodiment described above can be applied to other parts of the configuration.
 実施形態2では、路側機300Aは、図8に示すように、衛星受信部330を備える。この衛星受信部330は本開示の取得装置側衛星受信部に相当する。また、実施形態2では、制御部320Aの処理が、実施形態1の制御部320と一部相違する。この制御部320Aの処理を図9、図10を用いて説明する。制御部320Aは、図9に示す処理を一定のGPS電波取得周期で実行し、図10に示す処理も、一定周期で実行する。 In the second embodiment, the roadside device 300A includes a satellite receiver 330 as shown in FIG. This satellite receiver 330 corresponds to the acquisition device side satellite receiver of the present disclosure. In the second embodiment, the processing of the control unit 320A is partially different from the control unit 320 of the first embodiment. The processing of the control unit 320A will be described with reference to FIGS. Control unit 320A executes the process shown in FIG. 9 at a constant GPS radio wave acquisition cycle, and also executes the process shown in FIG. 10 at a constant cycle.
 図9は、車載機200から位置情報等を取得する前に行う事前処理である。この図9から説明する。ステップS90では、衛星受信部330が受信したGPS電波に含まれている航法メッセージを、衛星受信部330から取得する。衛星受信部330が複数のGPS衛星2からGPS電波を受信した場合、衛星受信部330が受信したすべてのGPS電波についての航法メッセージを取得する。 FIG. 9 shows pre-processing that is performed before acquiring position information and the like from the vehicle-mounted device 200. This will be described from FIG. In step S 90, the navigation message included in the GPS radio wave received by the satellite receiver 330 is acquired from the satellite receiver 330. When the satellite receiving unit 330 receives GPS radio waves from a plurality of GPS satellites 2, the navigation message for all GPS radio waves received by the satellite receiving unit 330 is acquired.
 本開示の電波情報抽出部に相当するステップS92では、ステップS90で取得したすべての航法メッセージから、PRNIDとTOWを抽出する。 In step S92 corresponding to the radio wave information extraction unit of the present disclosure, PRNID and TOW are extracted from all the navigation messages acquired in step S90.
 本開示の電波情報送信処理部に相当するステップS94では、ステップS92で抽出したPRNIDとTOWを公開キーとともに、通信部310から認証センタ120へ送信する。認証センタ120は、このPRNIDとTOWより定まるHマトリクス、パリティデータを、公開キーにより暗号化して路側機300へ送信する。 In step S94 corresponding to the radio wave information transmission processing unit of the present disclosure, the PRNID and TOW extracted in step S92 are transmitted from the communication unit 310 to the authentication center 120 together with the public key. The authentication center 120 encrypts the H matrix and parity data determined by the PRNID and TOW with a public key and transmits the encrypted data to the roadside device 300.
 ステップS96では、認証センタ120から送信された、暗号化されたHマトリクスおよびパリティデータを、通信部310から取得する。 In step S96, the encrypted H matrix and parity data transmitted from the authentication center 120 are acquired from the communication unit 310.
 ステップS98では、ステップS96で取得した、暗号化されたHマトリクスおよびパリティデータを秘密キーで復号する。このステップS96は本開示のキー取得部に相当する。 In step S98, the encrypted H matrix and parity data acquired in step S96 are decrypted with the secret key. This step S96 corresponds to the key acquisition unit of the present disclosure.
 ステップS100では、ステップS98で復号したHマトリクスおよびパリティデータを入力キーとして、正規の車載機200が使用するものとして予め記憶しているハッシュ関数から比較ハッシュ値を作成する。この比較ハッシュ値は、衛星受信部330が受信したすべてのGPS電波について作成することになる。 In step S100, a comparison hash value is created from a hash function stored in advance as the one used by the authorized vehicle-mounted device 200, using the H matrix and parity data decrypted in step S98 as input keys. This comparison hash value is created for all GPS radio waves received by the satellite receiver 330.
 ステップS102では、比較ハッシュ値テーブルを作成する。この比較ハッシュ値テーブルは、ステップS100で作成した比較ハッシュ値と、その比較ハッシュ値の作成に用いたHマトリクス、パリティデータを取得するために認証センタ120へ送信したPRNID、TOWとの対応関係を示すテーブルである。 In step S102, a comparison hash value table is created. This comparison hash value table shows the correspondence between the comparison hash value created in step S100, the H matrix used to create the comparison hash value, and the PRNID and TOW transmitted to the authentication center 120 to obtain parity data. It is a table to show.
 次に、図10を説明する。ステップS110では、車載機200が図5のステップS12を実行することにより送信する位置情報等のデータを、通信部310が受信したか否かを判断する。この判断がNoであれば図10の処理を終了する。一方、ステップS110の判断がYesであればステップS112へ進む。 Next, FIG. 10 will be described. In step S110, it is determined whether the communication unit 310 has received data such as position information transmitted by the in-vehicle device 200 by executing step S12 of FIG. If this determination is No, the processing in FIG. 10 is terminated. On the other hand, if determination of step S110 is Yes, it will progress to step S112.
 ステップS112では、通信部310が車載機200から受信した位置情報、ハッシュ値、PRNID、TOWを取得する。 In step S112, the location information, hash value, PRNID, and TOW received by the communication unit 310 from the in-vehicle device 200 are acquired.
 続いて、本開示の端末判断部に相当するステップS114~S120を実行する。ステップS114では、図9の事前処理で作成した比較ハッシュ値テーブルに、ステップS112で取得したPRNID、TOWがある場合、そのPRNID、TOWに対応する比較ハッシュ値を、今回の比較に用いる比較ハッシュ値に決定する。なお、図9の事前処理では、衛星受信部230が受信したすべてのGPS電波についての比較ハッシュ値を作成している。そのため、比較ハッシュ値テーブルには、ステップS112で取得したPRNID、TOWに対応するハッシュ値が含まれている可能性が高い。しかし、路側機300の周辺の電波遮蔽物の位置、大きさによっては、車載機200の衛星受信部230が受信した衛星電波を、路側機300の衛星受信部330が受信できないこともある。この場合には、ステップS112で取得したPRNID、TOWに対応するハッシュ値が比較ハッシュ値テーブルに含まれていない。ステップS112で取得したPRNID、TOWに対応するハッシュ値が比較ハッシュ値テーブルに含まれていない場合には、図7のステップS72~S78の処理を実行して比較ハッシュ値を作成する。 Subsequently, steps S114 to S120 corresponding to the terminal determination unit of the present disclosure are executed. In step S114, if the comparison hash value table created in the pre-processing in FIG. 9 includes the PRNID and TOW acquired in step S112, the comparison hash value corresponding to the PRNID and TOW is used as the comparison hash value used for the current comparison. To decide. In the pre-processing in FIG. 9, comparison hash values for all GPS radio waves received by the satellite receiver 230 are created. Therefore, it is highly likely that the hash value corresponding to the PRNID and TOW acquired in step S112 is included in the comparison hash value table. However, depending on the position and size of the radio wave shield around the roadside device 300, the satellite wave received by the satellite receiving unit 230 of the in-vehicle device 200 may not be received by the satellite receiving unit 330 of the roadside device 300. In this case, hash values corresponding to the PRNID and TOW acquired in step S112 are not included in the comparison hash value table. If the hash values corresponding to the PRNID and TOW acquired in step S112 are not included in the comparison hash value table, the processing of steps S72 to S78 in FIG. 7 is executed to create a comparison hash value.
 ステップS116では、ステップS112で取得したハッシュ値と、ステップS114で決定した比較ハッシュ値が一致するか否かを判断する。 In step S116, it is determined whether or not the hash value acquired in step S112 matches the comparison hash value determined in step S114.
 2つのハッシュ値が一致する場合、ステップS118に進み、位置情報、ハッシュ値等を送信した車載機200は正規車載機であるとする。一方、2つのハッシュ値が一致しない場合、ステップS120に進み、位置情報、ハッシュ値等を送信した車載機200は不正車載機であるとする。 If the two hash values match, the process proceeds to step S118, and it is assumed that the in-vehicle device 200 that transmitted the position information, the hash value, etc. is a regular in-vehicle device. On the other hand, if the two hash values do not match, the process proceeds to step S120, and it is assumed that the in-vehicle device 200 that transmitted the position information, the hash value, etc. is an unauthorized in-vehicle device.
 以上、説明した実施形態2によれば、路側機300は衛星受信部230を備えているので、この路側機300の周囲に存在しており、ハッシュ値を路側機300に送信する可能性がある車載機200と同じGPS衛星2から衛星電波を受信することができる。 As described above, according to the second embodiment described above, the roadside device 300 includes the satellite receiving unit 230, so that it exists around the roadside device 300 and may transmit a hash value to the roadside device 300. Satellite radio waves can be received from the same GPS satellite 2 as the in-vehicle device 200.
 実施形態1では、車載機200からPRNID、TOWを受信し、そのPRNID、TOWを認証センタ120に送信してHマトリクス、パリティデータを取得していた。しかし、実施形態2では、車載機200と同じGPS衛星2から衛星電波を受信することができる。そこで、車載機200からPRNID、TOWを受信するのを待たずに、衛星受信部330が受信した航法メッセージからPRNID、TOWを抽出する。そして、抽出したPRNID、TOWを認証センタ120に送信してHマトリクス、パリティデータを取得して、比較ハッシュ値テーブルを作成する(図9)。 In the first embodiment, the PRNID and TOW are received from the in-vehicle device 200, and the PRNID and TOW are transmitted to the authentication center 120 to acquire the H matrix and parity data. However, in the second embodiment, satellite radio waves can be received from the same GPS satellite 2 as the in-vehicle device 200. Therefore, the PRNID and TOW are extracted from the navigation message received by the satellite receiver 330 without waiting for the PRNID and TOW to be received from the in-vehicle device 200. Then, the extracted PRNID and TOW are transmitted to the authentication center 120 to acquire the H matrix and parity data, and a comparison hash value table is created (FIG. 9).
 これにより、車載機200から位置情報等を受信した後は(S110:Yes)、予め作成しておいた比較ハッシュ値テーブルを参照して、車載機200から受信したPRNID、TOWに対応する比較ハッシュ値を決定すればよい(S112、S114)。つまり、車載機200からPRNID、TOWを受信した後に、実施形態1における図7のステップS72~S78の処理を実行しなくて済む可能性が高いので、迅速に正規車載機かどうかの判断を行うことができる。 Thereby, after receiving the positional information from the in-vehicle device 200 (S110: Yes), the comparison hash corresponding to the PRNID and TOW received from the in-vehicle device 200 with reference to the comparison hash value table created in advance. What is necessary is just to determine a value (S112, S114). That is, after receiving PRNID and TOW from the in-vehicle device 200, there is a high possibility that the processing of steps S72 to S78 in FIG. be able to.
 特に、路側機300が、車載機200を正規車載機と認定した後に、その認定結果に基づく処理を行う場合であって、車載機200が走行している場合には、迅速に正規車載機かどうかの判断を行う必要性が高い。認定結果に基づく処理としては、たとえば、正規車載機であることを、車載機200に送信する、あるいは、正規車載機と認定したことに基づいて車両走行路に設けられたゲートを開閉するなどの処理がある。実施形態2は、このように、迅速に正規車載機かどうかの判断を行う必要性がある場合に、特に有用である。 In particular, when the roadside device 300 recognizes the vehicle-mounted device 200 as a regular vehicle-mounted device and performs processing based on the recognition result, and the vehicle-mounted device 200 is running, There is a high need to make a judgment. As processing based on the authorization result, for example, transmitting to the in-vehicle device 200 that it is a regular in-vehicle device, or opening and closing a gate provided in the vehicle travel path based on being authorized as a regular in-vehicle device. There is processing. The second embodiment is particularly useful when it is necessary to quickly determine whether or not the vehicle is a regular vehicle-mounted device.
 以上、本開示の実施形態を説明したが、本開示は上述の実施形態に限定されるものではなく、次の変形例も本開示の技術的範囲に含まれ、さらに、下記以外にも要旨を逸脱しない範囲内で種々変更して実施することができる。 As mentioned above, although embodiment of this indication was described, this indication is not limited to the above-mentioned embodiment, and the following modification is also included in the technical scope of this indication, and also a summary other than the following is given. Various modifications can be made without departing from the scope.
 (変形例1、変形例2)
 たとえば、前述の実施形態では、Hマトリクスとパリティデータをハッシュ関数の入力キーとして、ハッシュ値および比較ハッシュ値を作成していた(認証済み作成部:S10、比較データ作成部:S100)。しかし、これに限られず、ハッシュ関数の入力キーをHマトリクスのみとしてハッシュ値および比較ハッシュ値を作成してもよい(変形例1)。また、暗号キーであるHマトリクスに代えて、キー作成データであるSEED値をハッシュ関数の入力キーとしてハッシュ値および比較ハッシュ値を作成してもよい(変形例2)。 (Modification 1 and Modification 2)
For example, in the above-described embodiment, the hash value and the comparison hash value are created using the H matrix and the parity data as the input keys of the hash function (authenticated creation unit: S10, comparison data creation unit: S100). However, the present invention is not limited to this, and a hash value and a comparison hash value may be created using only the H matrix as the input key of the hash function (Modification 1). Further, instead of the H matrix that is the encryption key, the hash value and the comparison hash value may be created using the SEED value that is the key creation data as the input key of the hash function (Modification 2).
 (変形例3)
 また、SEED値からHマトリクスが作成できる。そこで、認証済み作成部、比較データ作成部は、キー関連データとしてSEED値を取得しても、そのSEED値をそのまま入力キーとせず、SEED値からHマトリクスを作成し、そのHマトリクスを入力キーとしてハッシュ値を作成してもよい。 (Modification 3)
Also, an H matrix can be created from the SEED value. Therefore, even if the authenticated creation unit and the comparison data creation unit obtain the SEED value as the key-related data, the SEED value is not used as an input key as it is, but an H matrix is created from the SEED value, and the H matrix is used as the input key. A hash value may be created as
 (変形例4)
 また、認証済み作成部、比較データ作成部は、ハッシュ値を認証済みデータ、認証済み比較データとせず、そのハッシュ値の作成に用いたHマトリクスやSEED値を認証済みデータ、認証済み比較データとしてもよい。 (Modification 4)
The authenticated creation unit and the comparison data creation unit do not use the hash value as authenticated data or authenticated comparison data, but use the H matrix or SEED value used to create the hash value as authenticated data or authenticated comparison data. Also good.
 (変形例5)
 実施形態2では、衛星受信部330が受信したすべてのGPS電波についての比較ハッシュ値を作成していたが、衛星受信部330が受信したGPS電波のうちの一部についての比較ハッシュ値を作成してもよい。たとえば、良好に受信できる予め設定された数のGPS衛星2から受信したGPS電波に限定して、比較ハッシュ値を作成してもよい。 (Modification 5)
In the second embodiment, comparison hash values for all GPS radio waves received by the satellite reception unit 330 are created. However, comparison hash values for some of the GPS radio waves received by the satellite reception unit 330 are created. May be. For example, the comparison hash value may be created only for GPS radio waves received from a preset number of GPS satellites 2 that can be satisfactorily received.
 (変形例6)
 前述の実施形態では、位置情報取得装置として路側機300、300Aを説明したが、これに限られない。位置情報取得装置は、有料駐車場や有料道路の不正利用を取り締まる取り締まり車両に搭載されるなど、移動型の装置であってもよい。 (Modification 6)
In the above-described embodiment, the roadside devices 300 and 300A have been described as position information acquisition devices, but the present invention is not limited to this. The position information acquisition device may be a mobile device such as mounted on a crackdown vehicle that cracks down on illegal use of toll parking lots and toll roads.
 (変形例7)
 前述の実施形態では、測位端末として車載機200を説明したが、これに限られない。測位端末は、人に携帯される携帯型の端末や、車以外の移動体に搭載される端末であってもよい。 (Modification 7)
In the above-described embodiment, the vehicle-mounted device 200 has been described as a positioning terminal, but the present invention is not limited to this. The positioning terminal may be a portable terminal carried by a person or a terminal mounted on a mobile body other than a car.
 この出願に記載されるフローチャート、あるいは、フローチャートの処理は、複数のステップ(あるいはセクションと言及される)から構成され、各ステップは、たとえば、S2と表現される。さらに、各ステップは、複数のサブステップに分割されることができる、一方、複数のステップが合わさって一つのステップにすることも可能である。 The flowchart described in this application or the process of the flowchart is composed of a plurality of steps (or referred to as sections), and each step is expressed as, for example, S2. Further, each step can be divided into a plurality of sub-steps, while a plurality of steps can be combined into one step.
 本実施形態において、制御部122内の各部は、制御部122の有する機能に着目して、その内部を便宜的に分類したものであり、制御部122の内部が、それぞれの部に対応する部分に物理的に区分されていることを意味するものではない。従って、それぞれの「部」は、コンピュータープログラムの一部分としてソフトウェア的に実現することもできるし、ICチップや大規模集積回路によってハードウェア的に実現することもできる。 In the present embodiment, each part in the control unit 122 focuses on the function of the control unit 122 and is classified for convenience, and the inside of the control unit 122 corresponds to each part. It does not mean that they are physically separated. Accordingly, each “unit” can be realized as software as a part of a computer program, or can be realized as hardware using an IC chip or a large-scale integrated circuit.
 以上、本開示の実施形態、構成、態様を例示したが、本開示に係わる実施形態、構成、態様は、上述した各実施形態、各構成、各態様に限定されるものではない。例えば、異なる実施形態、構成、態様にそれぞれ開示された技術的部を適宜組み合わせて得られる実施形態、構成、態様についても本開示に係わる実施形態、構成、態様の範囲に含まれる。

  The embodiments, configurations, and aspects of the present disclosure have been illustrated above, but the embodiments, configurations, and aspects according to the present disclosure are not limited to the above-described embodiments, configurations, and aspects. For example, embodiments, configurations, and aspects obtained by appropriately combining technical units disclosed in different embodiments, configurations, and aspects are also included in the scope of the embodiments, configurations, and aspects according to the present disclosure.

Claims (6)

  1.  航法メッセージを受信し、受信した航法メッセージが認証できる航法メッセージである場合に、前記航法メッセージを用いて算出した現在位置を示す位置情報を外部に無線送信する測位端末(200)と、
     前記測位端末(200)が認証に用いるセンタ作成認証データを送信する通信衛星(3)に、前記センタ作成認証データを送信する認証センタ装置(100)と、
     前記測位端末(200)が無線送信した位置情報を受信する位置情報取得装置(300、300A)とを備えた位置情報認証システム(1)であって、
     前記認証センタ装置(100)は、
     航法衛星システムが備える航法衛星(2)から航法メッセージを含んでいる衛星電波を受信するセンタ側衛星受信部(110)と、
     暗号キーを作成し、前記暗号キーと前記センタ側衛星受信部(110)が受信した衛星電波に含まれている航法メッセージとに基づいて、前記センタ作成認証データを作成するセンタ側認証データ作成部(122)と、
     前記センタ側認証データ作成部(122)が作成したセンタ作成認証データを前記通信衛星(3)に送信する認証データ送信部(130)と、を備え、
     前記測位端末(200)は、
     前記通信衛星(3)から前記センタ作成認証データを受信するとともに、前記航法衛星(2)から前記衛星電波を受信する端末側衛星受信部(230)と、
     前記認証センタ装置(100)から、前記暗号キーまたは前記暗号キーを作成することができるキー作成データのいずれかであるキー関連データを受信するキー受信部(211)と、
     前記キー受信部(211)が受信したキー関連データと、前記端末側衛星受信部(230)が受信した衛星電波から抽出した航法メッセージとに基づいて端末作成認証データを作成する端末側認証データ作成部(S54)と、
     前記センタ作成認証データと前記端末作成認証データとを比較し、一致している場合に前記端末側衛星受信部(230)が受信した衛星電波に含まれている航法メッセージが認証できたと判断する認証判断部(S56~S60)と、
     前記キー受信部(211)が前記認証センタ装置(100)から受信した前記キー関連データに基づいて、前記端末側衛星受信部(230)が受信した衛星電波に含まれている航法メッセージが認証できたことを示す認証済みデータを作成する認証済み作成部(S6~S10)と、
     前記航法メッセージに基づいて算出した前記位置情報とともに、前記認証済み作成部(S6~S10)が作成した認証済みデータを送信する端末側送信部(212)とを備え、
     前記位置情報取得装置(300、300A)は、
     前記端末側送信部(212)が送信した前記位置情報および前記認証済みデータを通信部から取得する端末データ取得部(S70、S112)と、
     前記通信部を介して、前記認証センタ装置(100)から前記キー関連データを取得するキー取得部(S74、S96)と、
     前記キー取得部(S74、S96)が取得したキー関連データに基づいて、前記認証済みデータと比較するための認証済み比較データを作成する比較データ作成部(S78、S100、S102)と、
     前記端末データ取得部(S70、S112)が取得した認証済みデータと前記比較データ作成部(S78、S100、S102)が作成した認証済み比較データとを比較し、一致している場合に、前記測位端末(200)は正規の測位端末であると判断する端末判断部(S80~S84、S114~S120)とを備える位置情報認証システム。     A positioning terminal (200) that receives a navigation message and wirelessly transmits position information indicating the current position calculated using the navigation message to the outside when the received navigation message is a navigation message that can be authenticated;
    An authentication center device (100) for transmitting the center creation authentication data to a communication satellite (3) for transmitting center creation authentication data used for authentication by the positioning terminal (200);
    A location information authentication system (1) comprising a location information acquisition device (300, 300A) for receiving location information wirelessly transmitted by the positioning terminal (200),
    The authentication center device (100)
    A center side satellite receiver (110) for receiving satellite radio waves including a navigation message from a navigation satellite (2) provided in the navigation satellite system;
    A center-side authentication data creating unit that creates an encryption key and creates the center-created authentication data based on the encryption key and a navigation message included in the satellite radio wave received by the center-side satellite receiver (110) (122)
    An authentication data transmission unit (130) for transmitting the center creation authentication data created by the center side authentication data creation unit (122) to the communication satellite (3),
    The positioning terminal (200)
    A terminal-side satellite receiver (230) for receiving the center creation authentication data from the communication satellite (3) and receiving the satellite radio wave from the navigation satellite (2);
    A key receiving unit (211) for receiving key-related data which is either the encryption key or key creation data capable of creating the encryption key from the authentication center device (100);
    Terminal side authentication data creation for creating terminal creation authentication data based on the key related data received by the key receiving unit (211) and the navigation message extracted from the satellite radio wave received by the terminal side satellite receiving unit (230) Part (S54),
    The center creation authentication data and the terminal creation authentication data are compared, and if they match, authentication for determining that the navigation message included in the satellite radio wave received by the terminal-side satellite receiver (230) has been authenticated. A determination unit (S56 to S60);
    Based on the key-related data received by the key receiving unit (211) from the authentication center device (100), a navigation message included in the satellite radio wave received by the terminal-side satellite receiving unit (230) can be authenticated. An authenticated creation unit (S6 to S10) for creating authenticated data indicating that;
    Along with the position information calculated based on the navigation message, a terminal side transmission unit (212) that transmits the authenticated data created by the authenticated creation unit (S6 to S10),
    The position information acquisition device (300, 300A)
    A terminal data acquisition unit (S70, S112) for acquiring the location information and the authenticated data transmitted from the terminal side transmission unit (212) from a communication unit;
    A key acquisition unit (S74, S96) for acquiring the key related data from the authentication center device (100) via the communication unit;
    A comparison data creation unit (S78, S100, S102) that creates authenticated comparison data for comparison with the authenticated data based on the key-related data acquired by the key acquisition unit (S74, S96);
    The authenticated data acquired by the terminal data acquisition unit (S70, S112) is compared with the authenticated comparison data generated by the comparison data generation unit (S78, S100, S102). A location information authentication system including a terminal determination unit (S80 to S84, S114 to S120) that determines that the terminal (200) is a legitimate positioning terminal.
  2.  請求項1において、
     前記認証済み作成部(S6~S10)は、前記キー受信部(211)が受信した前記キー関連データを用いて、ハッシュ関数により前記認証済みデータを作成する位置情報認証システム。     In claim 1,
    The authenticated creation unit (S6 to S10) uses the key related data received by the key receiving unit (211) to create the authenticated data using a hash function.
  3.  請求項2において、
     前記認証済み作成部(S6~S10)は、前記端末作成認証データを、前記キー受信部(211)が受信した前記キー関連データとともに用いて、前記ハッシュ関数により前記認証済みデータを作成する位置情報認証システム。     In claim 2,
    The authenticated creation unit (S6 to S10) uses the terminal creation authentication data together with the key related data received by the key receiving unit (211) to create the location information for creating the authenticated data by the hash function. Authentication system.
  4.  請求項1~3のいずれか1項において、
     前記位置情報取得装置(300A)は、
     前記航法衛星(2)から前記衛星電波を受信する取得装置側衛星受信部(330)と、
     前記取得装置側衛星受信部が受信した衛星電波から衛星番号および時刻情報を抽出する電波情報抽出部(S92)と、
     前記電波情報抽出部が抽出した衛星番号および時刻情報を周期的に前記通信部から前記認証センタへ送信させる電波情報送信処理部(S94)とを備え、
     前記キー取得部(S96)は、前記通信部が前記衛星番号および時刻情報を前記認証センタに送信したことに基づいて認証センタから送信される前記キー関連データを、前記通信部から取得し、
     前記比較データ作成部(S100、S102)は、前記認証済み比較データを作成することに加えて、前記認証済み比較データと、前記衛星番号および時刻情報との対応関係を、前記認証済みデータを受信する前に予め決定しておき、
     前記端末判断部(S114~S120)は、前記端末データ取得部(S70、S112)が取得した衛星番号および時刻情報と前記対応関係に基づいて定まる認証済み比較データがある場合に、前記認証済み比較データを、前記端末データ取得部(S70、S112)が取得した認証済みデータと比較する位置情報認証システム。     In any one of claims 1 to 3,
    The position information acquisition device (300A)
    An acquisition device-side satellite receiver (330) that receives the satellite radio waves from the navigation satellite (2);
    A radio wave information extraction unit (S92) for extracting a satellite number and time information from the satellite radio wave received by the acquisition device side satellite reception unit;
    A radio wave information transmission processing unit (S94) that periodically transmits the satellite number and time information extracted by the radio wave information extraction unit from the communication unit to the authentication center;
    The key acquisition unit (S96) acquires the key related data transmitted from the authentication center based on the fact that the communication unit has transmitted the satellite number and time information to the authentication center, from the communication unit,
    The comparison data creation unit (S100, S102) receives the authenticated data, in addition to creating the authenticated comparison data, the correspondence between the authenticated comparison data and the satellite number and time information. Before you decide,
    The terminal determination unit (S114 to S120) performs the authenticated comparison when there is authenticated comparison data determined based on the satellite number and time information acquired by the terminal data acquisition unit (S70, S112) and the correspondence relationship. A location information authentication system for comparing data with authenticated data acquired by the terminal data acquisition unit (S70, S112).
  5.  航法メッセージを受信し、受信した航法メッセージが認証できる航法メッセージである場合に、前記航法メッセージを用いて算出した現在位置を示す位置情報を外部に無線送信する測位端末(200)であって、
     認証センタ装置(100)が作成し、前記測位端末(200)における認証に用いるために通信衛星(3)に送信したセンタ作成認証データを通信衛星(3)から受信するとともに、航法衛星システムが備える航法衛星(2)から航法メッセージを含んでいる衛星電波を受信する端末側衛星受信部(230)と、
     前記認証センタ装置(100)から、前記センタ作成認証データを作成するための暗号キーまたは前記暗号キーを作成することができるキー作成データのいずれかであるキー関連データを受信するキー受信部(211)と、
     前記キー受信部(211)が受信したキー関連データと、前記端末側衛星受信部(230)が受信した衛星電波から抽出した航法メッセージとに基づいて端末作成認証データを作成する端末側認証データ作成部(S54)と、
     前記センタ作成認証データと前記端末作成認証データとを比較し、一致している場合に前記端末側衛星受信部(230)が受信した衛星電波に含まれている航法メッセージが認証できたと判断する認証判断部(S56~S60)と、
     前記キー受信部(211)が前記認証センタ装置(100)から受信した前記キー関連データに基づいて、前記端末側衛星受信部(230)が受信した衛星電波に含まれている航法メッセージが認証できたことを示す認証済みデータを作成する認証済み作成部(S6~S10)と、
     前記航法メッセージに基づいて算出した前記位置情報とともに、前記認証済み作成部(S6~S10)が作成した認証済みデータを送信する端末側送信部(212)とを備える測位端末。     A positioning terminal (200) that receives a navigation message and wirelessly transmits position information indicating a current position calculated using the navigation message to the outside when the received navigation message is a navigation message that can be authenticated,
    The center creation authentication data created by the authentication center device (100) and transmitted to the communication satellite (3) for use in authentication at the positioning terminal (200) is received from the communication satellite (3), and the navigation satellite system is provided. A terminal-side satellite receiver (230) that receives satellite radio waves including a navigation message from the navigation satellite (2);
    A key receiving unit (211) that receives key-related data, which is either an encryption key for creating the center creation authentication data or key creation data that can create the encryption key, from the authentication center device (100). )When,
    Terminal side authentication data creation for creating terminal creation authentication data based on the key related data received by the key receiving unit (211) and the navigation message extracted from the satellite radio wave received by the terminal side satellite receiving unit (230) Part (S54),
    The center creation authentication data and the terminal creation authentication data are compared, and if they match, authentication for determining that the navigation message included in the satellite radio wave received by the terminal-side satellite receiver (230) has been authenticated. A determination unit (S56 to S60);
    Based on the key-related data received by the key receiving unit (211) from the authentication center device (100), a navigation message included in the satellite radio wave received by the terminal-side satellite receiving unit (230) can be authenticated. An authenticated creation unit (S6 to S10) for creating authenticated data indicating that;
    A positioning terminal comprising: a terminal side transmission unit (212) for transmitting the authenticated data generated by the authenticated generation unit (S6 to S10) together with the position information calculated based on the navigation message.
  6.  航法メッセージを受信し、受信した航法メッセージが認証できる航法メッセージである場合に、前記航法メッセージを用いて算出した現在位置を示す位置情報および受信した航法メッセージが認証できたことを示す認証済みデータを外部に無線送信する測位端末(200)から、前記位置情報および前記認証済みデータを受信する位置情報取得装置(300、300A)であって、
     前記測位端末(200)が送信した前記位置情報および前記認証済みデータを通信部から取得する端末データ取得部(S70、S112)と、
     前記通信部を介して、認証センタ装置(100)から、前記測位端末(200)が認証に用いるセンタ作成認証データを作成するために前記認証センタ装置(100)が用いた暗号キーまたは前記暗号キーを作成することができるキー作成データのいずれかであるキー関連データを取得するキー取得部(S74、S96)と、
     前記キー取得部(S74、S96)が取得したキー関連データに基づいて、前記認証済みデータと比較するための認証済み比較データを作成する比較データ作成部(S78、S100、S102)と、
     前記端末データ取得部(S70、S112)が取得した認証済みデータと前記比較データ作成部(S78、S100、S102)が作成した認証済み比較データとを比較し、一致している場合に、前記測位端末(200)は正規の測位端末であると判断する端末判断部(S80~S84、S114~S120)とを備える位置情報取得装置。

          When the navigation message is received and the received navigation message is a navigation message that can be authenticated, position information indicating the current position calculated using the navigation message and authenticated data indicating that the received navigation message can be authenticated A position information acquisition device (300, 300A) that receives the position information and the authenticated data from a positioning terminal (200) that wirelessly transmits to the outside,
    A terminal data acquisition unit (S70, S112) for acquiring the location information and the authenticated data transmitted from the positioning terminal (200) from a communication unit;
    An encryption key used by the authentication center device (100) or the encryption key used to create center creation authentication data used for authentication by the positioning terminal (200) from the authentication center device (100) via the communication unit A key acquisition unit (S74, S96) that acquires key-related data that is any of the key generation data that can generate
    A comparison data creation unit (S78, S100, S102) that creates authenticated comparison data for comparison with the authenticated data based on the key-related data acquired by the key acquisition unit (S74, S96);
    The authenticated data acquired by the terminal data acquisition unit (S70, S112) is compared with the authenticated comparison data generated by the comparison data generation unit (S78, S100, S102). A position information acquisition device including a terminal determination unit (S80 to S84, S114 to S120) that determines that the terminal (200) is a legitimate positioning terminal.

PCT/JP2014/006059 2014-01-21 2014-12-04 Position information authentication system, positioning terminal, and position information acquisition device WO2015111109A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
SG11201605322RA SG11201605322RA (en) 2014-01-21 2014-12-04 Position information authentication system, positioning terminal, and position information acquisition apparatus
DE112014006225.1T DE112014006225B8 (en) 2014-01-21 2014-12-04 Position information authentication system, positioning terminal and position information acquisition device
CN201480073106.2A CN105934688B (en) 2014-01-21 2014-12-04 Positional information Verification System, position finding terminal and positional information acquisition device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2014-008904 2014-01-21
JP2014008904A JP6213258B2 (en) 2014-01-21 2014-01-21 POSITION INFORMATION AUTHENTICATION SYSTEM, POSITIONING TERMINAL, AND POSITION INFORMATION ACQUISITION DEVICE

Publications (1)

Publication Number Publication Date
WO2015111109A1 true WO2015111109A1 (en) 2015-07-30

Family

ID=53680947

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2014/006059 WO2015111109A1 (en) 2014-01-21 2014-12-04 Position information authentication system, positioning terminal, and position information acquisition device

Country Status (6)

Country Link
JP (1) JP6213258B2 (en)
CN (1) CN105934688B (en)
DE (1) DE112014006225B8 (en)
SG (1) SG11201605322RA (en)
TW (1) TWI525332B (en)
WO (1) WO2015111109A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111102979A (en) * 2019-07-02 2020-05-05 长沙北斗产业安全技术研究院有限公司 Access-controllable indoor positioning method and system

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111769868B (en) * 2020-07-01 2022-05-10 中船黄埔文冲船舶有限公司 Control scheduling system based on large-scale structure spare transportation equipment
US11936791B2 (en) * 2020-09-21 2024-03-19 Jason Burt Verification of the reliability of software and devices against assertions and guarantees
CN115022879B (en) * 2022-05-11 2023-11-21 西安电子科技大学 Enhanced Beidou user terminal access authentication method and system based on position key

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004172865A (en) * 2002-11-19 2004-06-17 Casio Comput Co Ltd Electronic equipment and authentication system
JP2006267024A (en) * 2005-03-25 2006-10-05 Toshiba Corp Position authentication system, position calculator, and program
WO2008010287A1 (en) * 2006-07-20 2008-01-24 Panasonic Corporation Position verifying device, position verifying system, and position verifying method
JP2013092857A (en) * 2011-10-25 2013-05-16 Sony Corp Mobile device, information processing device, location information acquisition method, location information acquisition system, and program
JP2013130395A (en) * 2011-12-20 2013-07-04 Hitachi Information & Control Solutions Ltd Positional information authentication system and positional information authentication method

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002112337A (en) * 2000-09-26 2002-04-12 Hitachi Ltd Communication system between road side and vehicle and its mobile station device, base station device, and base station management device
US8539232B2 (en) 2002-06-26 2013-09-17 Sony Corporation Information terminal apparatus, information processing apparatus and information communication system
CN1930487A (en) * 2004-04-08 2007-03-14 三菱电机株式会社 Position guarantee server, position guarantee system, and position guarantee method
JP4644018B2 (en) * 2005-03-31 2011-03-02 株式会社日立製作所 Location authentication method, mobile terminal and control station
JP2006304193A (en) 2005-04-25 2006-11-02 Toshiba Corp Time and position authentication device, method, and program
JP4982215B2 (en) * 2007-03-14 2012-07-25 株式会社トヨタIt開発センター Encryption communication system, encryption communication method, encryption communication program, in-vehicle terminal, and server
US9432197B2 (en) * 2010-02-24 2016-08-30 Renesas Electronics Corporation Wireless communications device and authentication processing method
EP2397868A1 (en) 2010-06-15 2011-12-21 The European Union, represented by the European Commission Method of providing an authenticable time-and-location indication
JP5950225B2 (en) * 2012-01-10 2016-07-13 クラリオン株式会社 Server device, in-vehicle terminal, information communication method, and information distribution system
FR2995700B1 (en) * 2012-09-18 2017-01-27 Centre Nat D'etudes Spatiales AUTHENTICATION OF GNSS SIGNALS

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004172865A (en) * 2002-11-19 2004-06-17 Casio Comput Co Ltd Electronic equipment and authentication system
JP2006267024A (en) * 2005-03-25 2006-10-05 Toshiba Corp Position authentication system, position calculator, and program
WO2008010287A1 (en) * 2006-07-20 2008-01-24 Panasonic Corporation Position verifying device, position verifying system, and position verifying method
JP2013092857A (en) * 2011-10-25 2013-05-16 Sony Corp Mobile device, information processing device, location information acquisition method, location information acquisition system, and program
JP2013130395A (en) * 2011-12-20 2013-07-04 Hitachi Information & Control Solutions Ltd Positional information authentication system and positional information authentication method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111102979A (en) * 2019-07-02 2020-05-05 长沙北斗产业安全技术研究院有限公司 Access-controllable indoor positioning method and system

Also Published As

Publication number Publication date
JP2015137901A (en) 2015-07-30
CN105934688B (en) 2018-01-12
TW201539014A (en) 2015-10-16
CN105934688A (en) 2016-09-07
DE112014006225T5 (en) 2016-11-03
DE112014006225B8 (en) 2022-07-21
SG11201605322RA (en) 2016-08-30
TWI525332B (en) 2016-03-11
DE112014006225B4 (en) 2022-05-12
JP6213258B2 (en) 2017-10-18

Similar Documents

Publication Publication Date Title
CN107659550B (en) Vehicle-to-vehicle private communication
US9135820B2 (en) Communication system, vehicle-mounted terminal, roadside device
JP4959463B2 (en) Location authentication system
CN110149611B (en) Identity verification method, equipment, system and computer readable medium
JP6344970B2 (en) POSITION INFORMATION VERIFICATION DEVICE, RELAY DEVICE, MOBILE DEVICE, POSITION INFORMATION VERIFICATION PROGRAM, RELAY PROGRAM, AND MOBILE PROGRAM
US11095660B2 (en) Blockchain enabled encryption
WO2015111109A1 (en) Position information authentication system, positioning terminal, and position information acquisition device
WO2015118819A1 (en) Navigation-message-authenticating positioning device
JP4644018B2 (en) Location authentication method, mobile terminal and control station
JP7367032B2 (en) Identification confirmation method and device
WO2015118817A1 (en) Navigation message authentication system, reception terminal, and authentication processing device
WO2015118805A1 (en) Positioning terminal
JP6269123B2 (en) Device with positioning function, positioning result receiving device, and positioning result utilization system
JP6252245B2 (en) Navigation message receiver and simple authentication system
RU2663817C1 (en) Method for activating functions in a radio receiver
CN112823348B (en) System and method for on-board fraud detection in transportation services
JP2007164306A (en) Location certification system, certification center device, location certification method, certification device and terminal
JP6379503B2 (en) Navigation message authentication type positioning device
US20200213855A1 (en) Systems and methods for fraud detecting in a transportation service
JP6252246B2 (en) Navigation message receiver
CN112333703A (en) ETC-based platform operation vehicle safety certification system and method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14879809

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 112014006225

Country of ref document: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14879809

Country of ref document: EP

Kind code of ref document: A1