JP2002109593A - Radiocommunication equipment and method of information change - Google Patents

Abstract

PROBLEM TO BE SOLVED: To solve a problem that change of key information is impossible due to a lack of time for changing the key information between one antenna and one road side radiocommunication installation, since a communication area is for a narrow radiocommunication system when the key information stored in a vehicle-mounted unit is to be changed to new key information using radiocommunication. SOLUTION: A plurality of the antenna and the road side radiocommunication equipment are installed along non-exit sections of a toll road so as to provide a longer communication time. Authentication and information processing period are combined to be in sequence in chronological order as partners of communication even when communication sections are intermittent, whereby the key information stored in the vehicle-mounted unit can be changed.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a radio communication apparatus for changing information contained in a device mounted on a mobile body such as an automobile (hereinafter referred to as a mobile device in the abbreviated form), and an information changing method. Things.

[0002]

2. Description of the Related Art As a mobile unit of this type, for example, a non-stop automatic toll collection system on a toll road (hereinafter abbreviated as ETC) is mounted on a vehicle, and is compatible with roadside equipment installed at a tollgate. In-vehicle devices for exchanging information for toll collection by wireless communication are known. In this vehicle-mounted device, in order to exchange information wirelessly, important information is confidentially transmitted so as not to be stolen or stolen by eavesdropping. In order to keep this information confidential, encryption key information used for encryption and decryption is implemented in the vehicle-mounted device. This encryption key information, along with the progress of decryption technology and the performance of processing devices,
I can't deny that it will be decoded someday. In the unlikely event that the encryption key information is decrypted, it is necessary to change the key information to a new one. Conventionally, a method of changing such key information has been proposed.

FIG. 4 shows an example of the structure of a conventional vehicle-mounted device. In the figure, reference numeral 4 denotes the entire vehicle-mounted device. Reference numeral 401 denotes an IC card socket for mounting an IC card, 402 denotes an IC card interface, 403 denotes a host CPU which is a control arithmetic device for controlling the vehicle-mounted device, and 404 denotes a display for performing a display to a driver or inputting from a setting button or the like.・ Input unit, 405
406 is a wireless transmitting and receiving circuit for performing wireless communication with the roadside device, 406
Is an antenna for wireless communication, and 407 is an encryption / decryption / authentication circuit that performs information encryption, decryption of the encrypted information, and authentication for confirming the validity of the information. An IC card such as a credit card 409 or a key information updating IC card 410 is mounted in the IC card socket 401. The credit card 409 is required when passing through the toll booth, and is used to collect a fee based on the fee at a later date. Inside the encryption / decryption / authentication circuit 407, there is an encryption key information area 408 for storing encryption key information. This area stores a key information update IC card 410 which is a special IC card in an IC card socket. When installed, the host CPU 4
03 reads the encryption key information from the IC card and stores it inside. Using the encryption key information, the vehicle-mounted device 4 performs encryption of vehicle information and the like to be transmitted to the roadside wireless communication device 5 and decrypts billing information received from the roadside wireless communication device 5.

As described above, conventionally, the key information updating IC card 410 is used to store the encryption key information, and new key information is required to rewrite the already stored key information. Information update IC card 410 with key
Must be created and each in-vehicle device must be read. Since the number of the on-vehicle units is large, if the key information needs to be rewritten, the above-mentioned method requires a large amount of work. For that purpose, it is necessary to notify the owner of the vehicle-mounted device and bring the vehicle equipped with the vehicle-mounted device, which is troublesome for both the owner and the person in charge of the change procedure.

[0005]

The vehicle-mounted device 4 originally has a wireless communication function. If the roadside wireless communication device is arranged on the road side, the vehicle-mounted device 4 automatically communicates with the vehicle-mounted device while the vehicle is running. It is possible to exchange information. Therefore, when changing the key information, the roadside wireless communication device detects that the vehicle-mounted device needs to change the key information, and if the key information can be automatically changed, a large amount of work as in the related art is performed. Can be eliminated. Between the on-vehicle device and the roadside wireless communication device, a microwave having a weak power of several tens to several hundreds of milliwatts is used for communication. As the antenna, the vehicle-mounted device side has relatively low directivity, but the roadside wireless communication device side has relatively directivity. Therefore, the transmission speed is as high as several megabits / second, but a so-called narrow-area wireless communication system is used in which the communication area is limited to a narrow range.

On the other hand, the encryption key information area in the vehicle-mounted device uses a semiconductor element such as a flash memory, and it takes a long time to write information therein or change information. The vehicle equipped with the vehicle-mounted device is running, transmitting information for changing key information, performing encryption processing, and further writing new key information in the encryption key information area in the vehicle-mounted device. Since the wireless communication section is short, communication with one roadside wireless communication device (antenna) does not end. Therefore, there is a problem that the rewriting of the key information is not completed in the communication between the vehicle-mounted device and one roadside wireless communication device.

SUMMARY OF THE INVENTION The present invention has been made to solve the above-mentioned problems, and a plurality of roadside wireless communication devices are provided so that the communication time between the vehicle-mounted device and the roadside wireless communication device can be equivalently lengthened. It is an object of the present invention to provide a method of changing key information built in an in-vehicle device by properly installing authentication and an information processing period as communication partners even if communication sections are interrupted and interrupted.

[0008]

A wireless communication apparatus according to a first aspect of the present invention has an encryption / decryption means for encrypting or decrypting information using a set encryption key, and moves along a moving route. A first wireless communication device that performs communication for mutual authentication with a moving object that passes through a first communication area; It is arranged so as to have a second communication area at a position distant from the first communication area and perform wireless communication with a mobile object,
A second transmitting means for transmitting instruction information for setting a new encryption key to the authenticated moving object to a moving object authenticated as a communication target by the mutual authentication with the first wireless communication device; And a wireless communication device.

[0009] A wireless communication apparatus according to a second aspect of the present invention includes:
In the first invention, a third communication area is provided at a position distant from the second communication area so as to perform wireless communication with a mobile object, and the authentication is performed through the third communication area. And a third wireless communication apparatus having a confirmation unit for confirming that a new encryption key has been set in the moving body by receiving transmission information from the moving body.

A wireless communication apparatus according to a third aspect of the present invention has an encryption / decryption means for encrypting or decrypting information using a set encryption key, and has a function of communicating with a moving object moving along a moving route. In the wireless communication device that transmits and receives information wirelessly, communication for mutual authentication is performed with a mobile object that passes through the first communication area, and tag information indicating that authentication has been performed is authenticated. A first wireless communication device to be transmitted to the mobile object, and key management information indicating the correspondence between the key identifier and the encryption key. Determining means for determining, based on the management information, that the encryption key corresponding to the transmitted key identifier set in the mobile object is to be changed; Wireless communication with mobile objects A new encryption key is assigned to the mobile unit that is arranged to perform the transmission and transmits the tag information received from the first wireless communication device and that is determined as the encryption key change target by the determination unit. And a second wireless communication device having a transmission unit for transmitting instruction information for causing the mobile body to set the information.

[0011] Further, a wireless communication apparatus according to a fourth aspect of the present invention includes:
In the third invention, a third communication area is provided at a position distant from the second communication area so as to perform wireless communication with a mobile object, and the authentication is performed through the third communication area. And a third wireless communication apparatus having a confirmation unit for confirming that a new encryption key has been set in the moving body by receiving transmission information from the moving body.

Further, a wireless communication apparatus according to a fifth aspect of the present invention includes:
In any one of the first to fourth inventions, the first wireless communication device receives information of a key identifier corresponding to an encryption key held by the mobile unit, and receives the same information as the encryption key based on the key identifier. An encryption unit that encrypts the common key using an encryption key; and a transmission unit that transmits the common key encrypted by the encryption unit to the mobile unit. The second wireless communication apparatus includes: An encryption unit for encrypting a new encryption key using a common key, and a transmission unit for transmitting the new encryption key encrypted by the encryption unit to the mobile unit.

[0013] Further, a wireless communication apparatus according to a sixth aspect of the present invention includes:
In any one of the first to fifth inventions, the second wireless communication device may include an ID unique to the moving object transmitted from the moving object.
And the signature information generated from this ID,
And authenticating means for verifying the signature based on the signature verification key corresponding to the signature information and for authenticating the moving object, and transmitting the new encryption key to the moving object authenticated by the authenticating means. It is.

[0014] Further, a wireless communication apparatus according to a seventh aspect of the present invention includes:
In the fourth invention, the third wireless communication device includes an updating unit that updates key management information referred to by the determining unit after the mobile unit confirms that the encryption key is stored by the checking unit. It is provided.

Further, a wireless communication apparatus according to an eighth aspect of the present invention is
In the fifth invention, the common key is generated based on an ID unique to the moving object transmitted from the moving object and a random number.

According to a ninth aspect of the present invention, there is provided a wireless communication apparatus having encryption / decryption means for encrypting / decrypting information using a set encryption key, and a communication unit with a moving object moving along a moving route. In the wireless communication device that transmits and receives information wirelessly, communication for mutual authentication is performed with a mobile object that passes through the first communication area, and tag information indicating that authentication has been performed is authenticated. A first wireless communication device to be transmitted to the mobile object, and key management information indicating the correspondence between the key identifier and the encryption key. Determining means for determining, based on the management information, that the encryption key corresponding to the transmitted key identifier set in the mobile object is to be changed; Wireless communication with mobile objects A mobile unit that transmits the tag information received from the first wireless communication device and that is determined to be an encryption key change target by the determination unit. A second wireless communication device having a transmission unit for transmitting a new key identifier different from the key identifier corresponding to the encryption key in use, and storing a plurality of key identifiers and a plurality of encryption keys corresponding to each key identifier Receiving the encryption key corresponding to the new key identifier transmitted from the second wireless communication device, updating the encryption key being used to the encryption key corresponding to the new key identifier, and then updating the updated encryption key. And a moving body having an encryption / decryption means for performing encryption / decryption with a key.

According to a tenth aspect of the present invention, there is provided an information changing method, comprising: a moving body having encryption / decryption means for encrypting or decrypting information using a set encryption key and moving along a movement route; First and second arranged sequentially along the movement path
In an information change method for changing information by wireless communication with a wireless communication device of the present invention, a mobile unit ID, signature information generated from the mobile unit ID, and a key for identifying an encryption key held by the mobile unit A first step of transmitting an identifier from a moving object passing through the first communication area to the first wireless communication device, and moving the identifier based on the moving object ID and signature information sent to the first wireless communication device; A second step of verifying the validity of the body ID, a third step of generating a common key from the mobile body ID verified in the second step,
A fourth step of encrypting the common key and the signature information generated from the common key with an encryption key corresponding to the key identifier sent from the mobile unit, the encrypted common key and its signature A fifth step of transmitting information and a random number from the first wireless communication device to the mobile object, and transmitting the encrypted common key sent from the first wireless communication device and its signature information to the mobile object. A sixth step of decrypting with the encryption key held and verifying the signature of the decrypted common key with the common key to confirm the validity. If the validity is confirmed by the signature verification of the sixth step, A seventh step of encrypting the random number transmitted from the first wireless communication device with the common key and transmitting the encrypted random number to the first wireless communication device from the mobile object; The randomized random number An eighth step of performing mutual authentication by decrypting with the key and comparing it with a random number transmitted by the first wireless communication device; generating tag information when mutual authentication is performed by the eighth step; A ninth step of transmitting to the body, a tenth step of transmitting the mobile body ID, signature information of the mobile body ID, and tag information from the mobile body to the second wireless communication apparatus, the second wireless communication apparatus An eleventh step of confirming the validity of the mobile unit ID based on the mobile unit ID sent to and the signature information thereof;
A twelfth step of transmitting new information encrypted with the common key to the mobile unit that has been verified as valid in the eleventh step and has transmitted the tag information, The new information transmitted by the mobile unit is decrypted with the common key, and the information is processed in the thirteenth step of updating the information held by the mobile unit.

An information changing method according to an eleventh aspect of the present invention is the third wireless communication system according to the tenth aspect, wherein the third wireless communication device is disposed on the moving route away from the second wireless communication device and performs wireless communication with a moving object. A fourteenth step of transmitting a response from the mobile unit to the second wireless communication device when the update to the new information is completed in the thirteenth step; A fifteenth step of receiving a response signal to the communication device and transmitting second tag information from the second wireless communication device to the mobile device, a mobile device ID from the mobile device to a third wireless communication device, A sixteenth step of transmitting the signature information of the mobile unit ID, the second tag information, and the new information, and determining the mobile unit ID based on the mobile unit ID sent to the third wireless communication device and the signature information. First to check legitimacy Step 17, the validity is confirmed in the seventeenth step, and the new information transmitted from the mobile unit and the second wireless communication device are transmitted to the mobile unit that has transmitted the second tag information. The first step is to confirm the update of new information in the mobile by comparing it with the new information
In the eighth step, when an update is confirmed in the eighteenth step, a nineteenth step of recording log information indicating the update is provided.

[0019]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Embodiment 1 FIG. 1 is a diagram showing that a plurality of antennas connected to the roadside wireless communication device of the present invention are installed on a road and communicate with an onboard device mounted on an automobile in cooperation with each other. 1 is a road, 2 is a car, 3 is an antenna installed on the roadside, and 4 is a vehicle-mounted device.

FIG. 2 is a view showing an on-vehicle device installed in an automobile. In the figure, reference numeral 4 denotes a vehicle-mounted device. FIG. 3 is a diagram showing a connection form from the antenna to the roadside wireless communication device 5, the roadside communication computer 6, and the central computer for key management. In the figure, reference numerals 3a, 3b, 3c, etc. denote antennas, which are respectively referred to as a first antenna, a second antenna, and a third antenna. Here, each antenna is located along a section of the toll road where there is no exit,
They are arranged in order so that their communication areas do not necessarily overlap. The communication time at each antenna is, for example, assuming that the maximum speed of the moving object is 80 km / h and the length of the moving object in the communication area in the traveling direction is about 3 m. Although it is as short as about 0.13 second, the communication time can be equivalently increased by disposing a plurality of antennas. Further, the interval between the antennas is determined according to the information rewriting time in the mobile body and the information search time and calculation time in the roadside wireless communication device 5 and the roadside communication computer 6 after the communication between each antenna and the mobile body. . Reference numerals 5a, 5b, 5c, and 5 denote roadside wireless communication devices, which are respectively referred to as a first roadside wireless communication device, a second roadside wireless communication device, and a third roadside wireless communication device. Reference numeral 6 denotes a roadside communication computer, and reference numeral 7 denotes a hub, which connects between the roadside communication computer 6 and the roadside wireless communication device 5. Reference numeral 8 denotes a key management central computer, which is connected to a plurality of roadside communication computers 6. The roadside communication computer 6 is usually installed at a tollgate or the like along a toll road, and is connected to the central computer 8 for key management, which is not always located near the toll road or tollgate, through an online network line. . The data transmission between the roadside wireless communication device 5 and the roadside communication computer 6 can be transmitted in a shorter time than the data transmission between the roadside communication computer 6 and the central computer 8 for key management. FIG. 4 is a diagram showing the configuration of the vehicle-mounted device, and its components are the same as those of the conventional device except for the operation sequence of the host CPU 403 and the encryption / decryption / authentication circuit 407.

FIG. 5 is a diagram showing the configuration of a roadside wireless communication apparatus, in which 501 is a wireless transceiver, 502 is a short-range wireless communication circuit, 503 is an encryption / decryption / authentication circuit, and 50
Reference numeral 4 denotes a communication circuit with the roadside communication computer, reference numeral 505 denotes a checklist for storing information for identifying an onboard device that does not require rewriting of key information, and reference numeral 506 denotes a procedure for communication with the onboard device and communication with the roadside communication computer. This is a processing unit. In the check list 505, the vehicle-mounted device identification information 663 that does not need to be renewed and held by the roadside communication computer 6 is transmitted and stored via the communication circuit 504 with the roadside communication computer. Processing unit 506
The rewrite target key information 661 held by the roadside communication computer 6 is transmitted via the communication circuit 504 with the roadside communication computer and stored as key information to be transmitted to the vehicle-mounted device. A signal received by the wireless transceiver 501 from the vehicle-mounted device 4 via the antenna is transmitted to the short-range wireless communication circuit 502, where it is demodulated and transmitted to the encryption / decryption / authentication circuit 503.
Conversely, the data received by the short range wireless communication circuit 502 from the encryption / decryption / authentication circuit 503 is modulated,
The signal is transmitted to the wireless transceiver 501. The encryption / decryption / authentication circuit 503 performs decryption processing on the encrypted data received from the vehicle-mounted device 4, verifies the signature data through authentication processing, and passes the processing result to the checklist 505 and the processing unit 506. The encryption / decryption / authentication circuit 50
In 3, encryption processing is performed on the transmission data to the vehicle-mounted device 4 passed from the processing unit 506. The processing unit 506 checks the vehicle-mounted device ID received from the vehicle-mounted device 4 against the checklist 505, and if they match, considers that the vehicle-mounted device does not require rewriting, stops the subsequent key information rewriting process, ends the process, and ends the process. If not, the key information rewriting process is continued.

FIG. 6 is a configuration diagram of the roadside communication computer and the central computer for key management. In the figure, 6 indicates the entire roadside communication computer, 8 indicates the entire key management central computer,
Reference numeral 1 denotes a connection circuit with the roadside wireless communication device 5, reference numeral 602 denotes a connection circuit with the key management central computer 8, reference numeral 603 denotes a connection circuit with the roadside communication computer, reference numeral 604 denotes an arithmetic control circuit and a program of the roadside communication computer, and reference numeral 605. Is an arithmetic control circuit and a program of the central computer for key management. The key management central computer 8 and the roadside communication computer 6 are internally provided with 606 and 607.
, Which stores rewrite target key information 661 and 671, on-vehicle device key information rewrite records 662 and 672, and on-vehicle device identification information 663 and 673 that do not require rewriting. The rewriting target key information 671 is key information for updating the vehicle-mounted device stored in the key management central computer 8, and
The key management central computer 8 transmits the key information change command of the vehicle-mounted device together with the key information change command of the vehicle-mounted device to the roadside communication computers 6 in various places, and is held as rewrite target key information 661 by the roadside communication computer 6.
The roadside communication computer 6 is connected to the second roadside wireless communication device 5b.
The rewrite target key information 661 is transmitted together with the key information change command of the vehicle-mounted device, and the road-side wireless communication device 5 holds the key information to be transmitted to the vehicle-mounted device. When the roadside communication computer 6 receives the notification of the end of rewriting the key information of the vehicle-mounted device from the roadside wireless communication device 5, the roadside computer 6 creates an OBE ID log whose key information has been rewritten, stores the log as the vehicle-mounted device key information rewrite record 662, and stores the key management information. OBE I with key information rewritten to central computer 8
A request for D-log transmission is made, and the key management central computer 8 stores it as an on-vehicle device key information rewrite record 672.

FIG. 7 is a diagram schematically illustrating how the key information of the vehicle-mounted device is rewritten as the vehicle moves. In the following description, a roadside system includes an antenna, a roadside wireless communication device, a hub, and a roadside communication computer. When the vehicle arrives at the position of the first antenna 3 a in the section indicated by 71, the road-side system performs an encryption / decryption / authentication circuit 503 based on an instruction from the processing unit 506 of the road-side wireless communication device 5. Is checked to see if it has been properly manufactured and has not been altered illegally. When the roadside wireless communication device confirms that the vehicle-mounted device is legitimately manufactured and has not been illegally modified, the processing unit 506 checks the key identifier received from the vehicle-mounted device, and further checks that the vehicle-mounted device has a key. The information of the key identifier is transmitted to the roadside communication computer 6 to confirm whether the information needs to be rewritten. At this time, the check of the key identifier in the processing unit 506 refers to the check list 505, and is transmitted from the vehicle-mounted device in the vehicle-mounted device ID information that does not require rewriting stored in the vehicle-side device identification information 663 that does not require roadside rewriting. Onboard unit ID
It is checked whether or not the information is included. If the information is included, the subsequent processing is stopped. In the vehicle-mounted device ID that does not need to be rewritten, for example, information on the vehicle-mounted device ID whose expiration date has expired, information on the vehicle-mounted device ID whose mutual authentication has failed in the past, information on the vehicle-mounted device ID that has been illegally used in the past, and the like are registered. . These confirmations are performed between the vehicle-mounted device and the roadside wireless communication device of the roadside system.In the case of changing the key information, in order to confirm the validity of the encryption and decryption when transmitting the information and the key information etc. The digital signature generation requires a large processing time because of the heavy computer processing load. When it is confirmed that the vehicle is a valid vehicle-mounted device and corresponds to key rewriting in the section 71, the roadside system transmits the midway progress tag 1 to the vehicle-mounted device, the vehicle-mounted device receives this, and transmits the information to the encryption key information. The data is written and held in the area 408 (process 74).

In the section indicated by 72, when the vehicle reaches the position of the second antenna 3b, the roadside system checks the vehicle-mounted device ID, and then checks the tag information 1 in the vehicle-mounted device.
The roadside system confirms whether or not there is a write (step 75).
Here, if the existence of the halfway progress tag information 1 can be confirmed, the in-vehicle device is valid, and it is confirmed next whether or not the key information needs to be changed. If the key information needs to be changed, the roadside wireless communication device 5b transmits the key information prepared for the change to the vehicle-mounted device and instructs rewriting. The vehicle-mounted device receives the key information and stores the key information in the encryption / decryption / authentication circuit. The roadside system transmits the midway progress tag information 2 to the vehicle-mounted device to indicate that the key information writing instruction has been issued, and the vehicle-mounted device receives the information and writes the information in the encryption key information area 408 and holds the information ( Process 76).

When the vehicle reaches the position of the third antenna 3c in the section indicated by 73, the roadside system checks the vehicle-mounted device ID and then checks whether or not the intermediate tag information 2 has been written (step 77). If the presence of the halfway progress tag information 2 can be confirmed, the in-vehicle device 4 is known to be valid and the key information change has been completed. Therefore, the roadside system indicates that the key information writing instruction has been issued. The midway progress tag information 3 is transmitted to the vehicle-mounted device, and the vehicle-mounted device stores this (process 78). After the transmission of the midway progress tag information 3, the roadside system records, as a log, the identification information of the vehicle-mounted device for which the key change has been completed.

FIGS. 8, 12, and 14 are diagrams for explaining information exchange and processing performed between the vehicle-mounted device 4 and the roadside system in a time-series manner from top to bottom. The sequence of communication between one antenna, the second antenna, the third antenna, and the vehicle-mounted device is described.

If the key information used up to that point is decrypted, or if the key information used for a certain period has expired, the key information needs to be changed.
In FIG. 8, when it is necessary to change the key information of the vehicle-mounted device, the key management central computer 8 transmits a key information change command of the vehicle-mounted device to the plurality of roadside communication computers 6 (processing 80).
1). The roadside communication computer receives the command and holds the key change information (process 802). Further, the roadside communication computer 6
It instructs the first roadside apparatus to rewrite the key information of the vehicle-mounted device (process 803).

When the preparation for rewriting the key information is completed, the first roadside wireless communication device 5a transmits a beacon signal to the vehicle-mounted device mounted on the vehicle passing under the first antenna 3a (process 804). This beacon signal instructs the vehicle-mounted device to transmit ID information indicating the identification of the vehicle-mounted device. The vehicle-mounted device 4 transmits the vehicle-mounted device ID, the ID signature, and the key identifier in response to the beacon signal (process 805). First roadside wireless communication device 5
a verifies the signature of the vehicle-mounted device ID, confirms the validity of the vehicle-mounted device 4 (process 806), and calculates the key value currently used by the vehicle-mounted device 4 (process 807). Next, the first roadside wireless communication device 5a
Specifies a temporary key (session key) created using the common key encryption algorithm MISTY or the like, makes a qualification request to the vehicle-mounted device 4 (process 808), and the vehicle-mounted device 4 responds. (Process 809). The first roadside wireless communication device 5a performs a qualification authentication check of the vehicle-mounted device 4 based on the response content from the vehicle-mounted device 4 (process 810), and the tag information 1 on the way.
Is transmitted to the vehicle-mounted device 4 (process 812). Next, the first roadside wireless communication device 5a transmits the authenticated in-vehicle device ID and the key identifier to the roadside communication computer 6 (process 813). The roadside communication computer 6 stores the authenticated vehicle-mounted device ID (step 814), and stores the key identifier information received from the vehicle-mounted device 4 and the key of the roadside communication computer.
The new key identifier in the table 150 indicating the correspondence between the Version and the key identifier is checked to determine whether the key information of the vehicle-mounted device needs to be changed, and the key information needs to be changed. In this case, a key change to the in-vehicle device 4 is prepared (process 815).

FIGS. 9, 10 and 11 are diagrams for explaining details of the qualification authentication processing procedure 81 of the vehicle-mounted device 4 performed between the vehicle-mounted device 4 and the first roadside wireless communication device 5a in FIG. It is.

FIG. 9 is a diagram for explaining the encryption key information area of the vehicle-mounted device 4. In FIG. 9, reference numeral 90 denotes the same region as the encryption key information region 408 of the vehicle-mounted device 4, and reference numeral 91 denotes the vehicle-mounted device I.
D and 92 are signatures for the vehicle-mounted device ID, 93 is a signature verification key (K2) issued by the key management central computer, and 94 is data concealment between the vehicle-mounted device 4 and the roadside wireless communication device (5a, 5b, 5c). A session key used in the process, 95 is tag information on the progress of writing the process progress information from the roadside wireless communication device,
96 is a key identifier currently used: key V (C), 97 is key V (C)
Value: key (C). For example, the key V (C) is Version1 ~ Ver
sionn value 1 to n (length 8 bits), key (C) length 12
This is an 8-bit key value (binary).

FIG. 10 shows a roadside wireless communication device (5a, 5b,
FIG. 5C is a diagram illustrating an encryption key information area included in 5c). In the figure, 100 is the entire encryption key information area, 101 is the roadside wireless communication device ID, and 102 is the signature verification key issued by the key management central computer. (K1), 103 is a signature generation key (S1) issued by the key management central computer, and 104 is a common key used when concealing data between the vehicle-mounted device 4 and the roadside wireless communication device (5a, 5b, 5c). , 105 is a new key identifier: key V (m), 106 is a key value generation variable of key V (1),
107 is a key value generation variable of the key V (2), and 108 is a key V (m)
Is a key value generation variable. FIG. 11 is a diagram illustrating details of a qualification authentication process performed between the vehicle-mounted device 4 and the first roadside wireless communication device 5a.

The following description is made with reference to FIGS. 9, 10 and 11. First, the on-board unit 4 sends the encryption key information area 90
The vehicle-mounted device ID 91, the signature 92 for the vehicle-mounted device ID, and the currently used key identifier: key V (C) are transmitted to the first roadside wireless communication device 5a.
(S111). Here, the signature 92 is the vehicle-mounted device I
It is generated by encrypting a function value corresponding to D with a secret key. The first roadside wireless communication device 5a verifies the signature 92 for the vehicle-mounted device ID with the signature verification key (K1) 102 in the encryption key information area 100 (S11).
2, S113), this signature verification is performed by decrypting the signature 92 from the vehicle-mounted device 4 with the public key corresponding to the secret key, and comparing the decrypted information with the function value corresponding to the vehicle-mounted device ID. Will be If the signature verification fails, the subsequent authentication processing is not performed. In the first roadside wireless communication device 5a,
If the signature verification is successful, a key value: key (C) is obtained from the key value generation variable of the key V (C) corresponding to the key V (C) in the encryption key information area 100 in the roadside wireless communication device (S114). And OBE ID
And a random number 1 (L1), a session key value 104 is set, a signature is given to this by a signature generation key (S1) 103 (S115), and the session key value 104 and a signature for the session key are encrypted with the key (C). Then, this and the random number 2 (L2) are transmitted to the vehicle-mounted device 4 (S116). Next, the vehicle-mounted device 4 decrypts the data received from the first roadside wireless communication device 5a using the key (C) 97 of the encryption key information area 90, and decrypts the signature verification key (K
2) The signature is verified at 93 (S117, S118), and if the signature verification fails, the subsequent authentication processing is not performed.
If the signature verification is successful in the vehicle-mounted device 4, the qualification authentication for the first roadside wireless communication device 5a is regarded as OK, the session key 94 is obtained, the random number 2 (L2) is encrypted with the session key 94, and the first roadside wireless communication device 5a is encrypted. To the wireless communication device 5a (S11).
9). In the first roadside wireless communication device 5a, the encrypted random number 2 (L2) is decrypted with the session key 104 to check whether or not the random number 2 (L2) matches the original random number. ), Midway progress tag information 1 is generated from the roadside wireless communication device ID 101 and transmitted to the vehicle-mounted device 4 (S)
121). The vehicle-mounted device 4 stores the received halfway progress tag information 1 in the halfway progression tag information 95 of the encryption key information area 90. Generally, a common key such as the session key 104 can perform encryption / decryption more quickly than a public key / private key used for signature verification.

Referring to FIG. 12, information exchange and processing performed between the vehicle-mounted device 4 and the roadside system in the second wireless communication section will be described. The key change command is sent from the key management central computer 8 to the roadside communication computer 6 as in FIG. The roadside communication computer 6 instructs the second roadside wireless communication device 5b to rewrite key information by designating the ID of the vehicle-mounted device (process 1201). The second roadside wireless communication device 5b transmits a connection request together with the ID to the vehicle-mounted device 4 via the second antenna 3b for a certain period of time. This time is from the time at which the vehicle 2 is predicted to arrive at the communication area of the second antenna to a certain time or until a connection response is received (process 1202). The prediction based on this fixed time is based on the distance L between the first roadside wireless communication device 5a and the second roadside wireless communication device 5b.
Is the maximum speed Vmax preset for the vehicle-mounted device.
(Eg, 120 km / h) (L / Vmax)
Is fixed time, or the first roadside wireless communication device 5
a) is provided with a speed measuring device for detecting the speed by a vehicle sensor, a radar, or the like. The speed V of the vehicle-mounted device 4 passing through the first roadside wireless communication device 5a is obtained from the speed measuring device, and the distance L is calculated as The prediction is performed with the value (L / V) divided by the speed as a fixed time. In the case of the method of receiving the connection response, the beacon signal (ID request) is immediately transmitted from the second roadside wireless communication device 5b after the communication with the first roadside wireless communication device 5a is completed, and When the response is returned, the operation of stopping the transmission of the beacon signal (ID request) is performed.

Upon receiving a connection request from the second antenna 3b,
At the same time, the in-vehicle device that matches the transmitted ID and the in-vehicle device ID transmits a connection response (process 1204). Connection response processing 1
204 includes a signature of the vehicle-mounted device ID, a key identifier, and tag information 1 on the way. The second roadside wireless communication device 4b
Similarly to the process 806 in the section, the validity of the vehicle-mounted device is confirmed by verifying the signature of the vehicle-mounted device ID (process 1205), the midway progress tag information 1 is verified (process 1206), and the necessity of updating the key identifier is determined. Confirmation (process 1207). This processing 1207 is performed again for confirmation and is not essential processing, but by performing this processing, erroneous processing in key update is reduced. If the vehicle-mounted device 4 is a key information change target, the key information is transmitted (process 1208).
Upon receiving the key information, the vehicle-mounted device 4 transmits a key information reception response (process 1209). Upon receiving the key information reception response, the second roadside wireless communication device 5b transmits a midway progression tag information 2 write instruction (process 1210), and simultaneously transmits a key information rewrite completion notification to the roadside communication computer 6 (process 1211).
The vehicle-mounted device 4 updates the information stored in the information area of the used key identifier 96 and the key value 97 based on the transmitted new key information (process 1212).

FIG. 13 is a diagram for explaining the details of the key information update processing procedure 1203 in the second roadside wireless communication device 5b of FIG. In the following description, the vehicle-mounted device 4 encrypts the vehicle-mounted device ID, the signature of the vehicle-mounted device ID, the key identifier, and the midway progress tag information 1 held in the encryption key information area 90 by using the session key 94, and transmits the second roadside wireless signal. When the information is transmitted to the communication device 5b (S131), the second roadside wireless communication device 5b decrypts the received information with the session key 104 held in the encryption key information area 100 to acquire the information (S132). The second roadside apparatus 5b verifies the signature 92 for the vehicle-mounted device ID with the signature verification key (K1) 102 in the encryption key information area 100 (S133). Subsequent processing is not performed as error processing (S134).
In the second roadside apparatus 5b, if the signature verification is successful,
The midway progress tag information is checked (S135), the result of the check of the roadside apparatus ID passed immediately before (S136) is normal, and the key information update is required according to the result of the necessity check of the key identifier update (S137). If so, a new key identifier and a new key identifier of the encryption key information area 100 in the roadside apparatus: key V (m)
The key value of the new key identifier is set from the key generation variable 108, and the data with the signature added by signature generation is encrypted with the session key 104 and transmitted to the vehicle-mounted device 4 (S139). If no processing result is found in the above processing S136 or S137, the in-vehicle device 4 regards that key information rewriting is not necessary (S138). The vehicle-mounted device 4 receives the data of the process S139, performs signature verification on the data decrypted with the session key 94 using the signature verification key (K2) 93 (S140), and obtains a new key identifier: key V (C), And a new key value: The key (C) is stored in the encryption key information area 90 (S141) to update the key information.
As described above, by performing the signature verification also in the second wireless communication section, even if the plurality of roadside wireless communication apparatuses 5 perform the communication in time series in order, the confidentiality of the communication is protected and the improper communication is performed. (E.g., an unauthorized user using an illegal OBE ID or a user with an expired OBE ID)
Communication with the server can be eliminated. Further, by encrypting the key information to be transmitted with the session key 94 set by the first roadside wireless communication device 5a, confidentiality is secured in the communication between the second roadside wireless communication device 5b and the vehicle-mounted device 4. It can be improved. Furthermore, the use of the midway progress tag information makes it possible to guarantee the continuity of communication between the roadside wireless communication devices 5.

Referring to FIG. 14, information exchange and processing performed between the vehicle-mounted device 4 and the roadside system in the third wireless communication section will be described. The key change command is sent from the key management central computer 8 to the roadside communication computer 6 in the same manner as in FIG. 8 (not shown). The roadside communication computer 6 instructs the third roadside wireless communication device 5c to rewrite key information by specifying the vehicle-mounted device ID (process 1401). The third roadside wireless communication device 5c is connected to the vehicle-mounted device 4 via the third antenna 3c.
Send a connection request for a certain period of time together with the ID. This time is from the time at which the car 2 is predicted to arrive at the communication area of the third antenna to a certain time or until a connection response is received (process 1402). The in-vehicle device 4 that matches its ID with the ID from the third roadside wireless communication device and matches the ID transmits a connection response (process 1403). The connection response processing 1403 includes the signature of the vehicle-mounted device ID, the key identifier, and the tag information 2 on the way. Third roadside wireless communication device 4c
Checks the validity of the vehicle-mounted device by verifying the signature of the vehicle-mounted device ID (process 1404), checks the tag information 2 in the middle (process 1405), and confirms the end of the key change from the key identifier (process 1406). Next, the third roadside wireless communication device 5c
At the same time as transmitting the write command of the midway progress tag information 3 to the vehicle-mounted device 4 (process 1407), the fact that the key information change to the vehicle-mounted device has been completed is transmitted to the roadside communication computer 6 together with the vehicle-mounted device ID (process). 1408). In this way, by confirming that the new key value has been set in the vehicle-mounted device 4, the rewriting state of the key information can be accurately confirmed, and if the rewriting does not work properly due to some trouble. , The occurrence of the non-operation can be confirmed, and the trouble can be dealt with. Further, the roadside communication computer 6 creates a log of the vehicle-mounted device ID whose key information has been rewritten, and processes the process.
10), and sends the log to the key management central computer 8 (process 1411). By holding this log as key management information, the key management central computer 8 can confirm the update status of the key value in the vehicle-mounted device 4. Central management, such as notification by e-mail, is facilitated.

FIG. 15 is a diagram for explaining the correspondence between the key version and the key identifier included in the rewrite target key information 661 of the roadside communication computer 6 or the rewrite target key information 671 of the key management central computer 8. In the table, 150 is a table showing the correspondence between the key Version and the key identifier, 151 and 152 are used key identifiers (key Version is already used), 153 is a new / key identifier, and 154 is not used. It is a use / key identifier. The table 150 indicating the correspondence between the key Version of the roadside communication computer 6 and the key identifier is stored in the table 150.
Is used to transmit / receive information regarding rewriting of key information between the roadside communication computer 6 and the roadside wireless communication device 5, such as instructing the roadside wireless communication device 5 to rewrite key information of the vehicle-mounted device. For example, the key V (1) (or the keys V (2) to V (m-1)) is used as the currently used key identifier from the vehicle-mounted device 4.
Key identifier 151 (or 152 to 1 in the figure)
If the information of (key identifier between 53) is transmitted, this key identifier corresponds to the old key value, and the above-described processing 8
In step 15, it is determined that the key needs to be rewritten.
At 208, the new key information transmitted from the second roadside wireless communication device 5b to the vehicle-mounted device 4 for rewriting the key information is a new key information.
The key identifier 153 and the corresponding key V (m) are transmitted. Also, when the information of the key identifier 151 corresponding to V (m) is transmitted as the currently used key identifier, this key identifier corresponds to the new key value, and the key is rewritten in the above-described processing 815. Is determined to be unnecessary, and the subsequent processing is stopped. Note that V (m +
1) to key identifiers corresponding to V (n) (for example, key identifier 1
Reference numeral 54) denotes an unused key identifier, which will be used when the key version is changed in the future. The table 150 indicating the correspondence between the key Version and the key identifier is stored in the rewriting target key information 671 of the key management central computer 8, and the rewriting target key can be collectively managed at the center.

Embodiment 2 FIG. 16 is a diagram for explaining Embodiment 2 of the present invention. In the figure, reference numeral 160 denotes an encryption key information area of the vehicle-mounted device 4 according to the second embodiment, in which a plurality of key identifiers and corresponding key values are held in addition to the key identifiers and their key values in use. This shows encryption key information. Reference numerals 91 to 95 are equivalent to information indicated by corresponding numbers in FIG. 9, and reference numeral 161 denotes a key identifier in use:
Keys V (a), 162, and 163 are used key identifiers, 164 is a key identifier in use: a key (a) corresponding to key V (a), and 165 is a key identifier: key V (n). It is a key (n) which is a key value. In the encryption key information area 160,
The key identifier in use: the key V (a) 161 and the corresponding key (a) 164 and the key identifier: the key (n) 165 which is the key value of the key V (n) are set in the vehicle-mounted device 4 in advance. It is a form that is. Here, a is an integer of 1 or more and n or less.

The second roadside wireless communication device 5b updates the key identifier in response to the transmission of the key identifier: key V (a) 161 held in the encryption key information area 160 of the vehicle-mounted device 4. After the necessity is confirmed, if the key identifier needs to be updated, a new key identifier is transmitted to the vehicle-mounted device 4. On the other hand, the vehicle-mounted device 4 stores the new key identifier specified by the second roadside wireless communication device 5b in the key identifier in use: key V (a) 161 of the encryption key information area 160. After this, the onboard equipment 4
Uses the key value (a) corresponding to the new key identifier: key V (a). According to this key information changing method, the roadside wireless communication device 5 transmits the key identifier to the vehicle-mounted device 4 in advance by allowing the vehicle-mounted device 4 to hold a plurality of types of key identifiers and corresponding key values as key information. Only the key identifier of the newly used key information needs to be transmitted, and transmission of the key information to the vehicle-mounted device 4 can be omitted.

In the above description, one vehicle-mounted device communicates with the roadside system. However, in this type of short-range wireless communication system, a plurality of vehicle-mounted devices are communicated with each other by time division multiplexing. Since simultaneous communication can be performed in parallel, it is possible to change the key information of several vehicle-mounted devices at the same time.

[0041]

As described above, according to the mobile station key information changing method of the present invention, the key information built in the vehicle-mounted device can be automatically rewritten even when the vehicle is moving on the road. It is possible, and it is possible to greatly reduce the time and labor required in the conventional method in which the key information is rewritten by manually inserting the IC card.

[Brief description of the drawings]

FIG. 1 is a configuration diagram of Embodiments 1 and 2 of the present invention.

FIG. 2 is a configuration diagram showing Embodiments 1 and 2 of the present invention.

FIG. 3 is a configuration diagram showing a connection mode according to the first and second embodiments of the present invention.

FIG. 4 is a configuration diagram of a processing method in a conventional mobile device information changing method.

FIG. 5 is a configuration diagram of a roadside wireless communication device according to the first and second embodiments of the present invention.

FIG. 6 is a detailed configuration diagram of a roadside communication computer and a key management central computer according to the first and second embodiments of the present invention.

FIG. 7 is a configuration diagram showing rewriting of key information of the vehicle-mounted device according to the movement of the automobile in the first and second embodiments of the present invention.

FIG. 8 is a diagram illustrating information exchange and processing performed between the vehicle-mounted device and the roadside system (first section) according to the first and second embodiments of the present invention.

FIG. 9 is a diagram illustrating an encryption key information area of the vehicle-mounted device according to the first and second embodiments of the present invention.

FIG. 10 is a diagram illustrating an encryption key information area included in the roadside wireless communication device according to the first and second embodiments of the present invention.

FIG. 11 is a diagram illustrating details of a qualification authentication processing procedure between the vehicle-mounted device and the first roadside wireless communication device according to the first and second embodiments of the present invention.

FIG. 12 is a diagram illustrating information exchange and processing performed between the vehicle-mounted device and the roadside system (second section) according to Embodiment 1 of the present invention.

FIG. 13 is a diagram illustrating details of a key information update processing procedure in the second roadside wireless communication device according to the first embodiment of the present invention.

FIG. 14 is a diagram illustrating information exchange and processing performed between the vehicle-mounted device and the roadside system (third section) according to the first and second embodiments of the present invention.

FIG. 15 is a diagram illustrating a rewrite target key information area held by the roadside communication computer according to the first embodiment of the present invention.

FIG. 16 is a diagram illustrating an encryption key information area of an in-vehicle device according to Embodiment 2 of the present invention.

[Explanation of symbols]

 Reference Signs List 1 road 2 automobile 3 antenna 3a first antenna 3b second antenna 3c third antenna 4 on-vehicle device 5 roadside wireless device 5a first roadside wireless communication device 5b second roadside wireless communication device 5c third roadside wireless communication device 6 roadside communication Computer 7 Hub 8 Central computer for key management

Claims (11)

[Claims] An information is wirelessly transmitted and received to and from a moving body that moves along a moving path and includes an encryption / decryption unit that encrypts or decrypts information using a set encryption key. A first wireless communication device that performs communication for mutual authentication with a mobile object passing through a first communication region; and a second wireless communication device that is located at a position away from the first communication region. A new encryption key is assigned to the mobile unit that is arranged to perform wireless communication with the mobile unit having the communication area and that has been authenticated as a communication target by mutual authentication with the first wireless communication device. And a second wireless communication device having a transmission means for transmitting instruction information to be set by the mobile object. 2. An authenticated communication system having a third communication area at a position distant from the second communication area to perform wireless communication with a mobile object, and passing through the third communication area. A third means for receiving transmission information from the moving body and having a confirmation means for confirming that a new encryption key has been set in the moving body;
The wireless communication device according to claim 1, further comprising: a wireless communication device. 3. An information transmission / reception unit wirelessly transmits / receives information to / from a moving object that moves along a moving path and includes an encryption / decryption unit that encrypts / decrypts information using a set encryption key. Wireless communication device, performs communication for mutual authentication with a mobile object passing through the first communication area, and transmits tag information indicating that the mobile device has been authenticated to the authenticated mobile object. A first wireless communication device, and key management information indicating a correspondence between the key identifier and the encryption key, and based on the key identifier and the key management information transmitted from the mobile unit authenticated as a communication target, Determining means for determining that the encryption key set in the mobile object corresponding to the set key identifier is to be changed, and moving with the second communication area at a position distant from the first communication area. Is arranged to perform wireless communication with the body, A mobile body transmits the tag information received from the wireless communication device,
And a second wireless communication apparatus having a transmission unit for transmitting instruction information for setting a new encryption key to the mobile object determined to be an encryption key change target by the determination unit, A wireless communication device comprising: 4. The authenticated device having a third communication region at a position distant from the second communication region to perform wireless communication with a mobile unit, and passing through the third communication region. A third means for receiving transmission information from the moving body and having a confirmation means for confirming that a new encryption key has been set in the moving body;
The wireless communication device according to claim 3, further comprising: a wireless communication device. 5. The first wireless communication device receives information on a key identifier corresponding to an encryption key held by the mobile unit,
An encryption unit that encrypts the common key using the same encryption key as the encryption key based on the key identifier; and a transmission unit that transmits the common key encrypted by the encryption unit to the mobile unit. The second wireless communication apparatus includes an encryption unit that encrypts a new encryption key using the common key, and a transmission that transmits the new encryption key encrypted by the encryption unit to the mobile unit. The wireless communication device according to any one of claims 1 to 4, further comprising means. 6. The second wireless communication apparatus receives an ID unique to a moving object transmitted from the moving object and signature information generated from the ID, and a signature verification key corresponding to the ID and the signature information. 6. The method according to claim 1, further comprising: authenticating means for performing signature verification based on the authentication information to authenticate the moving object, and transmitting the new encryption key to the moving object authenticated by the authenticating means. The wireless communication device according to any one of the above. 7. The third wireless communication device, after confirming that the encryption key has been stored in the moving body by the confirmation means,
The wireless communication device according to claim 4, further comprising an updating unit that updates the key management information referred to by the determining unit. 8. The wireless communication apparatus according to claim 5, wherein the common key is generated based on an ID unique to the moving object transmitted from the moving object and a random number. 9. A wireless device for transmitting / receiving information to / from a moving object moving along a moving path, having an encryption / decryption means for encrypting / decoding information using a set encryption key. Wireless communication device, performs communication for mutual authentication with a mobile object passing through the first communication area, and transmits tag information indicating that the mobile device has been authenticated to the authenticated mobile object. A first wireless communication device, and key management information indicating a correspondence between the key identifier and the encryption key, and based on the key identifier and the key management information transmitted from the mobile unit authenticated as a communication target, Determining means for determining that the encryption key set in the mobile object corresponding to the set key identifier is to be changed, and moving with the second communication area at a position distant from the first communication area. Is arranged to perform wireless communication with the body, A mobile body transmits the tag information received from the wireless communication device,
And a transmitting means for transmitting a new key identifier different from the key identifier corresponding to the encryption key being used in the moving body to the moving body determined to be a target of changing the encryption key by the determining means. Storing a plurality of key identifiers and a plurality of encryption keys corresponding to the respective key identifiers, and receiving and using the encryption key corresponding to the new key identifier transmitted from the second wireless communication device. And a mobile unit having encryption / decryption means for performing encryption / decryption after updating the encryption key therein to an encryption key corresponding to the new key identifier. A wireless communication device characterized by the following. 10. A moving body having encryption / decryption means for encrypting or decrypting information using a set encryption key and moving along a moving route, and sequentially arranged along the moving route. An information changing method for changing information by wireless communication with the first and second wireless communication devices, wherein: a mobile body ID; signature information generated from the mobile body ID;
And a first step of transmitting a key identifier for identifying an encryption key held by the moving object from the moving object passing through the first communication area to the first wireless communication device; A second method for verifying the validity of the mobile unit ID based on the transmitted mobile unit ID and signature information
A third step of generating a common key from the mobile unit ID validated in the second step; an encryption key corresponding to a key identifier sent from the mobile unit, wherein the common key and A fourth step of encrypting the signature information generated from the common key, the encrypted common key and its signature information and a random number,
Fifth transmission from the first wireless communication device to the mobile object
Decrypting the encrypted common key and its signature information sent from the first wireless communication device with the encryption key held by the mobile unit, and verifying the decrypted signature of the common key with the common key. A sixth step of verifying the validity of the signature. If the validity is confirmed by the signature verification of the sixth step, the random number transmitted from the first wireless communication device is encrypted with the common key. A seventh step of transmitting from the mobile unit to the first wireless communication device, decrypting the encrypted random number transmitted from the mobile unit with the common key, and transmitting the decrypted random number to the first wireless communication device. An eighth step of performing mutual authentication by comparing the random number transmitted with the mobile station, a ninth step of generating tag information when the mutual authentication is performed by the eighth step, and transmitting the generated tag information to the mobile body, 2 wireless communication To location, the transmitting mobile ID, signature information of the mobile ID, and the tag information 10
A first step of verifying the validity of the mobile unit ID based on the mobile unit ID sent to the second wireless communication device and its signature information.
A first step, a twelfth step of transmitting new information encrypted with the common key to the mobile unit which has been verified as valid in the eleventh step and has transmitted the tag information, An information changing method, wherein the new information transmitted in the step 12 is decrypted with a common key and the information held by the mobile object is updated in a thirteenth step. 11. A third wireless communication device, which is disposed on the moving route away from the second wireless communication device and performs wireless communication with a moving object, is updated to new information in the thirteenth step. When the communication is completed, a fourteenth step of transmitting a response from the mobile unit to the second wireless communication device, receiving a response signal from the mobile unit to the second wireless communication device, A fifteenth step of transmitting the second tag information from the mobile device to the mobile device, a mobile device ID, a mobile device ID signature information, a second tag information, and A sixteenth step of transmitting information, a first step of confirming the validity of the mobile unit ID based on the mobile unit ID sent to the third wireless communication device and its signature information
Step 7, the correctness is confirmed in the seventeenth step, and the second
The update of the new information in the mobile unit is confirmed by comparing the new information transmitted from the mobile unit with the new information transmitted by the second wireless communication device for the mobile unit that has transmitted the tag information. 11. The information changing method according to claim 10, further comprising: if the update is confirmed in the eighteenth step, a nineteenth step of recording log information indicating the update.