JP2005326339A - Alteration detection system of accumulated mileage - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an alteration detection system of an accumulated mileage capable of detecting alteration of the accumulated mileage of a vehicle. <P>SOLUTION: A signal corresponding to a mileage of the vehicle is generated by a distance detection part 10, and the signal is outputted to the first ECU 20. A keyword for encryption and decoding of distance data is stored in the second ECU 30. In this state, the first ECU 20 acquires the keyword from the second ECU 30 through LAN 40 in the vehicle at the communication wake-up time (for example, when a key is inserted into a key cylinder). Then, the signal inputted from the distance detection part 10 is converted into distance data, and the distance data are encrypted and decoded by using the keyword acquired from the second ECU 30 and a plurality of operation expressions. The first ECU 20 detected whether the distance data are altered or not by collating the plurality of encrypted distance data. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a falsification detection system for an accumulated mileage that detects tampering when the accumulated mileage of a vehicle is tampered with illegally.

  Conventionally, an electronic odometer that detects and stores a travel distance of a vehicle and displays the accumulated travel distance has been used. In such an electronic odometer, in order to prevent the accumulated travel distance from being tampered with by a third party, the microcomputer uses the “keyword” to convert the distance data into another content, that is, encrypts the encrypted data. Data is stored in, for example, a nonvolatile memory. Such a keyword is composed of an enumeration of numbers “1” and “0”, and is stored in a microcomputer or a non-volatile memory before product shipment.

  Thus, in the method of encrypting the distance data using the keyword, first, using the distance data of the accumulated travel distance and the keyword, the calculation is performed by the arithmetic expression stored in the microcomputer, and the encryption is performed. Store the encrypted data in non-volatile memory. Then, the inverse operation of the encrypted operation using the same keyword is performed, and the distance data is decrypted to the original content. The decoded distance data of the accumulated traveling distance of the vehicle is displayed on a display device such as a liquid crystal panel.

  However, in the method of encrypting and decrypting distance data using a keyword as described above, an external input device or the like is connected to storage means for storing the keyword, that is, the microcomputer and the nonvolatile memory. As a result, there arises a problem that the distance data is falsified and illegally falsified to a travel distance smaller than the actual accumulated travel distance of the vehicle.

  When a keyword is stored in the microcomputer, since a common keyword is stored for each product, another product having a microcomputer storing the same keyword is prepared and stored in the nonvolatile memory of this product. It is possible to falsify the accumulated travel distance by copying the encrypted data to the nonvolatile memory to be falsified.

  On the other hand, when the keyword is stored in the non-volatile memory, the encrypted data of the accumulated travel distance stored in the non-volatile memory is falsified by using an external input device that can be connected to the non-volatile memory. In addition, the keyword itself stored in the nonvolatile memory can be rewritten, and the accumulated travel distance can be falsified accordingly.

  As described above, the distance data is falsified depending on the case where the common keyword of the product is used, or when the storage means such as the rewritable nonvolatile memory is accessed through the external input device. Therefore, it is necessary to take measures so that the actual accumulated travel distance of the vehicle is not falsified.

  In view of the above points, the present invention detects a tampering of distance data by acquiring a keyword from another product mounted on the vehicle and encrypting and decrypting the distance data using this keyword. It is an object of the present invention to provide a falsification detection system for accumulated mileage that can be used.

  In order to achieve the above object, according to the first aspect of the present invention, a signal is generated according to the travel distance of the vehicle, and a distance detection unit (10) that outputs the signal and a signal input from the distance detection unit are An arithmetic unit (21) that detects unauthorized alteration of the distance data by converting the distance data, converting the distance data into encrypted data, and converting the encrypted data into decrypted data, and stores the encrypted data The first control unit (20) having the storage unit (22) and the first control unit (20) are prepared as separate bodies and the first control unit (via the transmission means (40)). 20), and the first control unit (20) sets individual keywords for converting distance data into encrypted data and converting encrypted data into decrypted data. Second control unit (30 The tampering detection system for the accumulated travel distance includes a calculation unit (21) having a calculation formula for converting the distance data into encrypted data using a keyword, and the transmission means (40). Via the second control unit (30), the distance data is converted into encrypted data using the distance data, the keyword, and an arithmetic expression, and stored in the storage unit (22). The alteration of the distance data is detected by reading the encrypted data stored in (22) and converting the encrypted data into decrypted data based on the keyword and the arithmetic expression. .

  As described above, it is possible to detect falsification of the distance data by encrypting the distance data using the keyword stored in the second control unit and decrypting the encrypted data. Further, by storing the keyword in a control unit other than the first control unit, that is, the second control unit, it is possible to prevent the keyword from being easily found.

  For example, even if a storage unit storing encrypted data of distance data is mounted on another vehicle, a different keyword is stored in the second control unit of the other vehicle. It is possible to detect that the encrypted data has been tampered with during conversion.

  Thus, the keyword for encrypting and decrypting the distance data is stored in the second control unit other than the first control unit having the storage unit for storing the encrypted data, and the distance data is stored using this keyword. By encrypting and decrypting, it is possible to detect unauthorized alteration of the accumulated travel distance.

  In the invention according to claim 2, the calculation unit (21) has a plurality of calculation formulas, acquires a keyword from the second control unit (30) via the transmission means (40), and obtains distance data. The distance data is converted into a plurality of encrypted data using a keyword, a keyword, and a plurality of arithmetic expressions and stored in the storage unit (22), and the plurality of encrypted data stored in the storage unit (22) is read out. In addition, after being converted into a plurality of decrypted data based on a plurality of encrypted data and a keyword, the decrypted data is collated to detect falsification of the distance data.

  In this way, by converting the distance data into encrypted data using a plurality of arithmetic expressions, even if the encrypted data is falsified, the plurality of distance data decrypted when converted into the decrypted data are matched. It is extremely difficult to do. Accordingly, even if the encrypted data in the storage unit is falsified, it is possible to detect falsification of the distance data by collating the decrypted data.

  According to the third aspect of the present invention, it is possible to communicate data between the first control unit (20) and the second control unit (30) via the transmission means (40). When waked up, the first control unit (20) is characterized in that it acquires a keyword from the second control unit (30) during communication wakeup.

  Such a communication wake-up time can be set as a timing at which the first control unit acquires a keyword from the second control unit. Therefore, the first control unit can encrypt and decrypt the distance data using the keyword acquired at the time of wakeup of the communication.

  The communication wake-up is, for example, when a key is inserted into a key cylinder, when a vehicle door is opened, or when an ignition switch is turned on.

  In the invention according to claim 4, the calculation unit (21) is connected to a display unit (50) for displaying the accumulated travel distance of the vehicle, and the calculation unit (21) detects falsification of the distance data. In this case, a warning is displayed on the display unit (50).

  Thereby, it can be notified that the alteration of the distance data has been detected, and the user can be informed that the distance data has been altered.

  In addition, the code | symbol in the bracket | parenthesis of each said means shows the correspondence with the specific means as described in embodiment mentioned later.

(First embodiment)
Hereinafter, a first embodiment of the present invention will be described with reference to the drawings. FIG. 1 is a block diagram showing a falsification detection system for accumulated travel distance according to an embodiment of the present invention. As shown in FIG. 1, the tampering detection system for the accumulated travel distance includes a distance detection unit 10, a first ECU 20, a second ECU 30, an in-vehicle LAN 40, and a display unit 50. .

  The distance detection part 10 produces | generates a signal according to a travel distance, and outputs this signal, for example, is comprised by a wheel speed sensor. The wheel speed sensor generates a pulse signal corresponding to vehicle travel, and the pulse signal is output to the first ECU 20.

  The first ECU 20 has a function of inputting a pulse signal input from the distance detection unit 10 and converting it into distance data, and encrypting and decrypting the distance data to display an accumulated traveling distance of the vehicle. . The first ECU 20 also has a function of detecting falsification of the distance data. Such a first ECU 20 includes a first microcomputer (hereinafter referred to as a microcomputer) 21 and a first memory 22. The first ECU 20 serves as a meter ECU that stores and displays the accumulated travel distance of the vehicle. The first ECU 20 corresponds to the first control unit of the present invention.

  The first microcomputer 21 performs a process of inputting a pulse signal from the distance detector 10 and converting it into distance data, a process of encrypting and decrypting the distance data, and a process of detecting falsification of the distance data. is there. Specifically, the first microcomputer 21 stores a program for detecting falsification of the accumulated travel distance, and processing according to this program is performed. The first microcomputer 21 has an arithmetic expression for encrypting and decrypting the distance data. The first microcomputer 21 corresponds to the calculation unit of the present invention.

  The encryption of the distance data performed by the first microcomputer 21 is performed each time the travel distance of the vehicle is counted by the first microcomputer 21 and reaches a predetermined distance. Here, the predetermined distance is, for example, 1 km. The first microcomputer 21 is connected to a power supply circuit (not shown), and power is supplied even when the vehicle ignition is off. For this reason, the distance data of the travel distance that is less than the predetermined distance counted by the first microcomputer 21 is left without being erased, and when the ignition switch is turned on and the vehicle starts traveling, the travel less than the predetermined distance is performed. The distance data of the distance is counted as it is.

  The first memory 22 stores encrypted data of distance data of a predetermined distance encrypted by the first microcomputer 21. The first memory 22 is a storage unit that can store data even when power is not supplied. For example, a nonvolatile memory such as an EEPROM is used. The first memory 22 corresponds to the storage unit of the present invention.

  The second ECU 30 holds a keyword for the first ECU 20 to encrypt and decrypt the distance data. As such a second ECU 30, any one ECU other than the first ECU 20 such as an air conditioner ECU, a door ECU, and an engine control ECU mounted on the vehicle is employed. The second ECU 30 includes a second microcomputer 31 and a second memory 32. The second ECU 30 corresponds to the second control unit of the present invention.

  The second microcomputer 31 reads keywords for encryption and decryption stored in the second memory 32 described above and outputs them to the first ECU 20 via the in-vehicle LAN 40.

  The second memory 32 is a storage unit that stores a keyword for encrypting or decrypting the distance data. For example, a nonvolatile memory such as an EEPROM is used. This keyword is written in the second memory 32 at the manufacturing stage of the second ECU 30, for example. At this time, it is kept secret which ECU is mounted on the vehicle, and the ECU in which the keyword is written is the second ECU 30. In addition, for this keyword, an individual keyword is written for each vehicle.

  As described above, the second ECU 30 is configured as a separate ECU from the first ECU 20, and is prepared separately. Further, the first ECU 20 is a meter ECU, but the second ECU 30 may be an ECU other than the first ECU 20, a storage device that is not an ECU, or the like. In other words, the second ECU 30 is separate from the first ECU 20 and is configured independently.

  The first ECU 20 and the second ECU 30 are arranged at predetermined positions on the vehicle body and are connected to each other via an in-vehicle LAN 40, and keywords are transferred via the in-vehicle LAN 40. It has become so. The in-vehicle LAN 40 corresponds to the transmission means of the present invention and serves as a wiring that can exchange data between the first ECU 20 and the second ECU 30.

  The display unit 50 displays the accumulated travel distance of the vehicle, and for example, a liquid crystal panel is used. The display unit 50 receives the decoded distance data from the first microcomputer 21 of the first ECU 20, and displays the accumulated travel distance of the vehicle based on the distance data. Further, when the first microcomputer 21 of the first ECU 20 detects that the distance data has been tampered with, a signal to that effect is input from the first microcomputer 21 to the display unit 50 and an error message indicating that tampering has been detected. Is displayed.

  The above is the configuration of the tampering detection system for the accumulated travel distance in the present embodiment.

  Next, the timing at which the first ECU 20 receives a keyword from the second ECU 30 will be described. As described above, the first ECU 20 and the second ECU 30 are connected to each other via the in-vehicle LAN 40.

  Here, the state in which data can be exchanged between the first ECU 20 and the second ECU 30 via the in-vehicle LAN 40 is referred to as communication wake-up. In the present embodiment, the time when the key is inserted into the key cylinder is the time of communication wakeup.

  For example, in a vehicle that is not equipped with a key cylinder such as a smart key system, the time when the smart key is collated can be set as a communication wake-up time. In addition, the time when the key is inserted into the key cylinder is not limited to the case of communication wakeup, and the time when the ignition switch is turned on or the door is opened may be set as the time of communication wakeup. .

  As described above, the keyword is output from the second ECU 30 to the first ECU 20 and acquired by the first ECU 20 at the time of wake-up of the communication.

  The keyword acquisition process will be described with reference to the flowchart shown in FIG. FIG. 2 is a flowchart showing the contents of the keyword acquisition process.

  In step 010, a keyword is acquired. As described above, the first ECU 20 acquires a keyword from the second ECU 30 during communication wakeup. Specifically, the first microcomputer 21 of the first ECU 20 outputs a signal requesting a keyword to the second ECU 30 via the in-vehicle LAN 40. Receiving this, the second microcomputer 31 of the second ECU 30 reads the keyword stored in the second memory 32 and outputs it to the first microcomputer 21 of the first ECU 20 via the in-vehicle LAN 40. In this way, the first microcomputer 21 acquires a keyword from the second ECU 30. In this embodiment, the keyword is “A”.

  The keyword A is held by the first microcomputer 21 of the first ECU 20 while power is supplied to the first ECU 20, but the power is not supplied to the first ECU 20, that is, When the ignition switch is turned off and the vehicle is completely stopped, the keyword A held in the first microcomputer 21 is deleted. For this reason, the keyword A is not left in the first microcomputer 21. Then, at the time of communication wakeup, the keyword A is acquired from the second ECU 30 again.

  When the keyword A is acquired in this way, a tampering detection process for distance data is performed.

  Hereinafter, the falsification detection processing of the distance data will be described with reference to the flowchart shown in FIG. FIG. 3 is a flowchart showing falsification detection processing of distance data. This process is executed by the arithmetic processing unit 2 and executed according to the distance data falsification detection program stored in the first microcomputer 21.

  First, in step 100, it is determined whether or not a flag is set. This flag indicates a history that the falsification detection processing has been performed once after the ignition switch is turned on, and the on state is maintained until the ignition switch is turned off. In step 100, if the flag is set, the process proceeds to step 600. If the flag is not set, the process proceeds to step 200.

  In steps after step 100, steps 200 to 500 indicate falsification detection processing, and steps 600 to 900 indicate total travel distance display processing of the vehicle. Since the tampering detection process performed in steps 200 to 500 is performed based on the distance data writing and reading processes shown in steps 600 to 800 among the normally executed processes, first, steps 600 to 900 are performed. The process will be described.

  If the flag is set in step 100, the travel distance pulse signal input from the distance detection unit 10 is converted into distance data in step 600.

  In step 700, a distance data writing process is performed. Specifically, it is executed according to a flowchart showing the distance data writing process shown in FIG. In the present embodiment, the predetermined distance is “B”.

  In step 710 shown in FIG. 4, it is determined whether or not the travel distance has reached a predetermined distance B. This is because the entire travel distance of the vehicle is not stored as one data, but the distance data is encrypted and stored for each predetermined distance B. If it is determined that the distance data has reached the predetermined distance B, the process proceeds to step 720. If it is determined that the distance data has not reached the predetermined distance B, the process returns to step 710.

  In step 720, distance data for a predetermined distance B is encrypted. That is, the first microcomputer 21 performs encryption by substituting the distance data of the predetermined distance B and the keyword A into the arithmetic expression using the arithmetic expression stored in the first microcomputer 21. The arithmetic expression is, for example, B × A, B + A. Then, the calculation result of B × A is “C”, and the calculation result of B + A is “D”. In this way, the distance data of the predetermined distance B is encrypted using the two arithmetic expressions and converted into the two encrypted data C and D. The above arithmetic expression is an example, and a more complicated arithmetic expression is used for actual encryption.

  In step 730, the encrypted data C and D are written into the first memory 22. That is, the first microcomputer 21 stores the encrypted data C and D of the predetermined distance B in the first memory 22. When the distance data writing process is completed in this way, the process proceeds to step 800 shown in FIG.

  In step 800, read processing of the encrypted data C and D stored in the first memory 22 is performed. Specifically, the processing is performed according to a flowchart showing the distance data reading processing shown in FIG.

  In step 810, the encrypted data C and D of a predetermined distance B stored in the first memory 22 are read. Specifically, the first microcomputer 21 reads the encrypted data C and D of a predetermined distance B stored in the first memory 22.

  In step 820, the encrypted data C and D at a predetermined distance B are decrypted using the keyword A. That is, the first microcomputer 21 converts the encrypted data C and D read in step 810 using the keyword A into decrypted data.

  Specifically, the first microcomputer 21 performs a reverse calculation of an arithmetic expression (B × A, B + A) obtained by encrypting the distance data of the predetermined distance B. That is, since the data encrypted by the operation of B × A is C, the distance data of the predetermined distance B is obtained by performing the reverse calculation C ÷ A of B × A. Similarly, since the data encrypted by the calculation of B + A is D, the distance data of the predetermined distance B is obtained by performing the reverse calculation DA of B + A. In this way, the two encrypted data C and D of the predetermined distance B stored in the first memory 22 are respectively decrypted. By decrypting in this way, the encrypted data is returned to the distance data again.

  As described above, the distance data writing and reading processes are performed, and when this process ends, the process proceeds to step 900 shown in FIG.

  In step 900, the distance data of the predetermined distance B read in step 800 is added together, and the accumulated travel distance of the vehicle is displayed on the display unit 50. Then, returning to step 100, the processes of steps 600 to 900 are repeated.

  Next, the falsification detection process in steps 200 to 500 will be described. This process is performed on the encrypted data C and D of the predetermined distance B stored in the first memory 22 by the distance data writing process in step 700 described above.

  First, if it is determined in step 100 that the flag is not set, the process proceeds to step 200. In step 200, a flag is set. As a result, a history of falsification detection processing remains, and the on state is maintained until the ignition switch is turned off.

  Subsequently, in step 300, the distance data of the encrypted data stored last is read before the vehicle ignition switch is turned on. In step 300, the same processing as in step 800 described above is performed. That is, two encrypted data C and D at a predetermined distance B are read from the first memory unit 22 and these are subjected to an inverse operation of encryption based on an arithmetic expression to obtain two distance data. Decrypted.

  In step 400, it is determined whether or not the two distance data decoded in step 300 match. In this way, whether or not the encrypted data C and D stored in the first memory 22 has been tampered with by collating the distance data of the two predetermined distances B decrypted from the encrypted data C and D. Can be determined.

  That is, when the encrypted data C and D in the first memory 22 are falsified, the falsified person falsifies the encrypted data C and D without knowing the keyword A and the arithmetic expression. For this reason, when the encrypted data C and D that have been tampered with are decrypted, they are decrypted into completely different distance data, which do not match. Accordingly, the encrypted data C and D stored in the first memory 22 is obtained by decrypting the encrypted data C and D, comparing the decrypted distance data, and determining whether or not they match. It can be determined whether or not tampering has occurred.

  If the two distance data match at step 400, the process proceeds to step 900. If not, the process proceeds to step 500.

  In step 500, when it is determined that the two distance data decrypted in step 400 do not match and the encrypted data C and D in the first memory 22 have been falsified, the display unit 50 encrypts the data. The fact that the data C and D have been tampered with is displayed. Specifically, an error message is displayed on the liquid crystal panel of the display unit 50. Then, the falsification detection process ends.

  If it is determined in step 400 that tampering has not been performed, the process proceeds to step 900, where the accumulated travel distance of the vehicle is displayed.

  As described above, in the present embodiment, the keyword A is not stored in the first ECU 20, and the keyword A is stored in the second ECU 30 different from the first ECU 20. In this way, it is possible to detect falsification of the distance data by encrypting the distance data using the keyword A stored in the second ECU 30 and decrypting the encrypted data. Further, storing the keyword A in the second ECU 30 makes it difficult to find the keyword A itself for falsifying the distance data.

  Also, by converting the distance data into encrypted data using a plurality of arithmetic expressions, even if the encrypted data is falsified, the plurality of distance data decrypted when converted into the decrypted data can be matched. Is extremely difficult. Therefore, even if the encrypted data in the first memory 22 is falsified, it is possible to detect falsification of the distance data by collating a plurality of decrypted data.

  In this manner, by storing the keyword A for encrypting and decrypting the distance data in the second ECU 30 other than the first ECU 20, it is possible to detect unauthorized alteration of the accumulated travel distance. Furthermore, since it is difficult to find out at the user level which ECU is mounted on the vehicle, the keyword A can be prevented from being falsified.

  In the present embodiment, the timing at which the first ECU 20 acquires the keyword A from the second ECU 30 is the time of communication wake-up. Therefore, the first ECU 20 can encrypt and decrypt the distance data using the keyword A acquired at the time of wakeup of this communication.

  Further, when the first ECU 20 detects falsification of the distance data, the fact can be displayed on the display unit 50. Therefore, the user can know that the distance data has been tampered with.

(Other embodiments)
In addition to displaying an error message on the display unit 50 as means for notifying that the distance data has been tampered with, a warning sound may be emitted from a speaker provided in the vehicle.

  In the first embodiment, when the flag is set, the tampering detection process of the distance data ends. However, every time the travel distance of the vehicle reaches a predetermined distance, tampering of the distance data may be detected. By doing so, it is possible to detect alteration of the distance data periodically.

  There may be three or more arithmetic expressions for performing encryption of the predetermined distance B. In this way, one predetermined distance B is converted into a large amount of encrypted data by many arithmetic expressions and decrypted, so that the decrypted data is decrypted when collating the decrypted predetermined distance B. If all the predetermined distances B do not match, it is determined that the data has been tampered with. In this way, by encrypting the distance data of a predetermined distance using three or more arithmetic expressions, it is possible to make decryption verification more strict.

  In the first embodiment, falsification of vehicle distance data is detected. However, falsification of desired data other than vehicle distance data may be detected.

  In the first embodiment, the first ECU 20 and the second ECU 30 are connected via the in-vehicle LAN 40, but if the first ECU 20 can receive a keyword from the second ECU 30, Any signal may be passed. For example, the first ECU 20 and the second ECU 30 may perform bidirectional communication so that the keyword A is transmitted and received via radio waves. In such a case, an antenna, a modulator, and a demodulator for transmitting and receiving the keyword A by radio waves are provided in each ECU 20 and 30.

  In the first embodiment, the second ECU 30 is used to hold the keyword A. However, the keyword A is stored in a storage medium that is not an ECU, and the first ECU 20 stores the keyword A from the storage medium. You may make it receive. That is, the second ECU 30 may be anything other than the first ECU 20 that can store the keyword A, as long as it is a separate product from the first ECU 20.

  In the storage device that holds the keyword A, that is, the second memory 32 of the second ECU 30 in the first embodiment, a special command may be used when storing the keyword A.

  This special command is provided only in the external input device used in the manufacturing stage of the second ECU 30, and the keyword A is stored in the second memory 32 by connecting the external input device to the second ECU 30. Can be written. Therefore, data cannot be written into the second memory 32 unless a device having a command capable of writing data into the second memory 32 is used.

  A special command for writing data to the second memory 32 is not open to the public and generally cannot be specified. Therefore, the user cannot rewrite the keyword A in the second memory 32 after product shipment. Therefore, it is difficult to alter the keyword A at the user level.

  In the first embodiment, the keyword A is stored in the second memory 32 of the second ECU 30, but may be stored in the second microcomputer 31.

  In the first embodiment, the timing at which the first ECU 20 acquires the keyword A from the second ECU 30 is the time when the key is inserted into the key cylinder (at the time of communication wakeup), but this timing is displayed. Any timing may be used as long as the accumulated travel distance is displayed on the unit 50.

  At the time of communication wakeup, in the first embodiment, the first ECU 20 requests the keyword A from the second ECU 30, but the second ECU 30 voluntarily sends the keyword A to the first ECU 20. May be output.

  In addition, as a method for detecting the alteration of the distance data, the distance data of the predetermined distance that is left in the first microcomputer 21 before being encrypted is compared with the distance data that is encrypted and decrypted based on one arithmetic expression. Thus, alteration of the distance data stored in the first memory 22 may be detected. In this way, it is possible to determine whether or not the distance data that is not encrypted matches the distance data that is encrypted and decrypted, and the distance data stored in the first memory 22 is falsified. Can be detected.

  The steps shown in each figure correspond to means for executing various processes.

It is a block block diagram of the falsification detection system of the total traveling distance which concerns on one Embodiment of this invention. It is a flowchart showing the content of the keyword acquisition process which 1st ECU of FIG. 1 performs. It is a flowchart showing the content of the alteration detection process of the distance data which 1st ECU of FIG. 1 performs. It is a flowchart showing the content of the writing process of the distance data shown by FIG. It is a flowchart showing the content of the reading process of the distance data shown by FIG.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 ... Distance detection part, 20 ... 1st ECU, 30 ... 2nd ECU, 40 ... In-vehicle LAN,
50: Display section.

Claims (4)

A distance detection unit (10) that generates a signal according to the travel distance of the vehicle and outputs the signal;
The signal input from the distance detection unit is converted into distance data, the distance data is converted into encrypted data, and the encrypted data is converted into decrypted data to detect unauthorized alteration of the distance data. A first control unit (20) having a calculation unit (21) for storing and a storage unit (22) for storing the encrypted data;
The first control unit (20) is provided separately from the first control unit (20) and is in a state where data is transferred to and from the first control unit (20) via the transmission unit (40). A second control unit (30) having individual keywords for converting the distance data into the encrypted data and converting the encrypted data into the decrypted data. A tampering detection system for accumulated mileage provided,
The calculation unit (21) has a calculation formula for converting the distance data into the encrypted data using the keyword, and the second control unit (30) via the transmission means (40). After acquiring the keyword from the above, the distance data is converted into the encrypted data using the distance data, the keyword, and the arithmetic expression, and is stored in the storage unit (22), and the storage unit (22 ) Is read out, and the encrypted data is converted into the decrypted data based on the keyword and the arithmetic expression to detect falsification of the distance data. A tamper detection system for accumulated mileage. The arithmetic unit (21) has a plurality of the arithmetic expressions,
The keyword is acquired from the second control unit (30) through the transmission means (40), and the distance data is encrypted using the distance data, the keyword, and the plurality of arithmetic expressions. The data is converted into data and stored in the storage unit (22), and the plurality of encrypted data stored in the storage unit (22) is read out, and a plurality of data is based on the plurality of encrypted data and the keyword. 2. The falsification detection system for accumulated travel distance according to claim 1, wherein the falsification of the distance data is detected by collating the decrypted data after conversion into the decrypted data. . When a state where data can be exchanged between the first control unit (20) and the second control unit (30) via the transmission means (40) is a communication wakeup time,
The said 1st control part (20) acquires the said keyword from the said 2nd control part (30) at the time of the said communication wakeup, The 1st or 2 characterized by the above-mentioned. Falsification detection system for accumulated mileage. The calculation unit (21) is connected to a display unit (50) for displaying the accumulated travel distance of the vehicle.
The said calculating part (21) displays a warning on the said display part (50), when tampering of the said distance data is detected, The any one of Claim 1 thru | or 3 characterized by the above-mentioned. The tampering detection system for accumulated mileage described in 1.

Images