JP2006031617A - Electronic device and random number generation method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To certainly generate a random number different in each electronic device. <P>SOLUTION: In an engine ECU controlling an engine of a vehicle, a microcomputer reads an indefinite value from a register before execution of an initialization process (S330) for writing an initial value into the register inside the microcomputer after a start of operation according to input of power (S310), calculates the random number that is collating data with a smart controller of a driver's own vehicle by use of the read value (S320), stores the random number into an EEPROM of the ECU itself (S360), and makes the smart controller store it (S350). Accordingly, regardless of a vehicle state, the random number different from the smart controller and the engine ECU of another vehicle can be certainly generated and stored. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a technique for generating a random number.

  In recent years, in an automobile, an electronic control device (engine control device) that controls an engine communicates with an anti-theft device so that the anti-theft device recognizes the ride of a legitimate user and the theft. A vehicle in which fuel injection and ignition can be performed if it is confirmed that the verification data held by the prevention device and the verification data held by the own device match. Anti-theft system has been put into practical use. And since the said data for collation needs to differ for every vehicle, it is calculated by the calculation for generating a random number.

Here, conventionally, in an engine control device, a method of generating a random number using sensor data input to the engine control device is known (for example, see Patent Document 1).
JP 2001-507649 A

  However, in the method of generating a random number from sensor data, when generating a random number in a specific vehicle state and storing the value in a nonvolatile memory or the like in which data can be written, each vehicle (specifically, provided in the vehicle) Even if it is desired to change the value of the random number for each electronic device that generates a random number), the generated random number becomes the same value. This is because, if the vehicle state is the same, the sensor data becomes the same value for each vehicle, and as a result, the random numbers calculated by the electronic device of each vehicle also become the same value.

  For this reason, for example, on the assembly line of the vehicle assembly plant, the engine control device of each vehicle calculates verification data shared with the antitheft device of the host vehicle, and the calculated verification data is If a registration method for verification data, such as storing it in an anti-theft device, is used, the sensor input data will be the same value for each vehicle on the assembly line, so the same verification data for other vehicles May be stored. And if there are multiple vehicles with the same collation data, it may be possible to operate the engine illegally by replacing the anti-theft device with another vehicle, Sufficient security cannot be obtained.

  The present invention has been made in view of these problems, and an object thereof is to reliably generate different random numbers for each electronic device.

  According to a first aspect of the present invention, there is provided a random number generation method according to claim 1, wherein the volatile semiconductor memory means is powered on before an initialization process for writing an initial value to the semiconductor memory means is performed. The semiconductor memory means reads a value (specifically, a value stored in the semiconductor memory means), and generates a random number using the read value. As the volatile semiconductor storage means, a register in a microcomputer (microcomputer), an internal or external RAM, etc. can be used.

  That is, generally, an electronic device is provided with volatile semiconductor memory means, and when the electronic device is turned on, the semiconductor memory means is also turned on (supplied). And since the stored value of the semiconductor memory means is indefinite when the power is turned on and becomes a different value every time the power is turned on, in the electronic device, when the power is turned on and the operation is started, An initialization process for writing a predetermined initial value in the semiconductor memory means is performed, and then the semiconductor memory means is used for calculation.

  Therefore, in the present invention, before the initial value is written in the volatile semiconductor memory means by the initialization process, the value of the semiconductor memory means is indefinite and will be different for each electronic device. In particular, before the initialization process is performed, an indefinite value is read from the semiconductor memory means, and a random number is generated using the read value.

According to such a random number generation method of the present invention, there is no problem described above when generating random numbers from sensor data, and different random numbers can be generated reliably for each electronic device.
According to another aspect of the present invention, the electronic device includes a microcomputer, and the microcomputer starts operating when the power is turned on and before performing an initialization process for writing an initial value to a register in the microcomputer. Then, a value is read from the register, and a random number is generated using the read value.

  That is, when power is turned on to a microcomputer, power is also turned on (supplied) to a register in the microcomputer, but the register value at the time of turning on the power is indefinite. Therefore, the microcomputer generates a random number according to the method of claim 1. Specifically, the microcomputer generates an indeterminate value from the register before the initialization process for writing the initial value to the register after the operation is started by turning on the power. A random value is read out and a random number is generated using the read out value.

For this reason, according to the electronic device of the second aspect, there is no problem described above when the random number is generated from the sensor data, and a different random number can be surely generated for each electronic device.
Next, in the electronic device of claim 3, in the electronic device of claim 2, the microcomputer reads values from a plurality of registers before performing the initialization process, and uses each of the read values to generate a random number. Generate.

  According to this electronic device, since random numbers are generated from a plurality of indefinite register values, a divergent random number (that is, a different random number for each electronic device) can be generated more reliably. There is also an advantage that random numbers of various sizes and types can be generated by processing a plurality of register values.

  An engine control device (hereinafter referred to as an engine ECU) according to an embodiment to which the present invention is applied will be described below. The engine ECU of the present embodiment is mounted on a vehicle and controls the engine of the vehicle.

  As shown in FIG. 1, the engine ECU 11 of the present embodiment includes a microcomputer 13 that executes various processes for controlling the engine, a non-volatile memory (in the present embodiment, EEPROM) 15 that can rewrite data, and a power supply circuit. 17.

  The microcomputer 13 includes a CPU 21, a ROM 23, a normal RAM 25 that is not backed up by a power source, a backup RAM 27 that is backed up by a power source, a register group 29 including a plurality of registers 1 to n, and the like.

  The power supply circuit 17 is a constant power supply voltage Vd (for example, a voltage of 5V) for operating the microcomputer 13 from the voltage (battery voltage) VB of the in-vehicle battery 33 that is supplied when the ignition switch 31 of the vehicle is turned on. And the power supply voltage Vd is supplied to the microcomputer 13 and the EEPROM 15, and the backup RAM 27 holds a constant power supply voltage Vs (for example, 3V) from the battery voltage VB constantly supplied from the in-vehicle battery 33. Voltage) is generated and supplied to the microcomputer 13. The power supply voltage Vs is supplied to the backup RAM 27.

Furthermore, the EEPROM 15 stores a random number A, which will be described later, and data to be stored continuously even if the battery runs out or the battery is removed.
On the other hand, the engine ECU 11 is connected to a smart controller 35 mounted on the same vehicle via a communication line 37 in the vehicle.

  The smart controller 35 transmits a transmission request signal from a vehicle-mounted transmitter (not shown) to a detection area outside the vehicle, and the portable device 39 as an electronic key carried by the user of the vehicle receives the transmission request signal. Is received by an in-vehicle receiver (not shown), and the ID code included in the received return signal is matched with the ID code unique to the vehicle stored in advance. Then, it is determined that the received return signal is a return signal transmitted from a portable device dedicated to the vehicle (hereinafter referred to as a regular portable device), and thereafter, an amplifier provided outside the door of the vehicle. When it detects that the lock switch has been pressed, smart door lock control is performed such that the door is unlocked.

  Further, the smart controller 35 transmits a transmission request signal from a vehicle interior transmitter (not shown) to a detection area in the vicinity of the driver's seat in the vehicle interior, and a return transmitted by the portable device 39 that has received the transmission request signal. When the signal is received by the vehicle interior receiver (not shown) and it is determined that the ID code included in the received return signal matches the ID code unique to the vehicle stored in advance, Car interior verification is also performed such that the authorized portable device 39 is present in the passenger compartment and that the authorized user of the vehicle is in the driver's seat.

  The smart controller 35 is also provided with a microcomputer 41 that controls the operation of the controller 35 and a non-volatile memory (in this embodiment, an EEPROM) 43 that can rewrite data. The same random number A ′ as the random number A stored in the EEPROM 15 of the ECU 11 is stored.

  Then, when the ignition switch 31 is turned on, the engine ECU 11 communicates with the smart controller 35 via the communication line 37, so that the smart controller 35 determines that the vehicle interior verification is OK (that is, And that the portable device 39 is recognized as being present in the passenger compartment), the random number A ′ as the verification data stored in the EEPROM 43 of the smart controller 35, and the EEPROM 15 of the engine ECU 11 The anti-theft of the vehicle that confirms that the random number A as the collation data is in agreement, and if the confirmation can be made, the engine control is permitted to perform fuel injection and ignition to the engine. Control.

  Then, in order to perform such control for preventing vehicle theft, processing executed by the microcomputer 13 of the engine ECU 11 and the microcomputer 41 of the smart controller 35 will be described with reference to FIG. 2 is executed in a normal case where random numbers A and A 'are already stored in the EEPROM 15 of the engine ECU 11 and the EEPROM 43 of the smart controller 35. Here, it is assumed that random numbers A and A ′ have already been stored in these EEPROMs 15 and 43.

First, in the engine ECU 11, when the ignition switch 31 is turned on and the power supply voltage Vd is output from the power supply circuit 17, the microcomputer 13 starts its operation.
As shown in FIG. 2 (A), when the microcomputer 13 of the engine ECU 11 starts operating, first, in S110, predetermined values in the RAM 23 and registers 1 to n (register group 29) are set to predetermined initial values. The initialization process for writing is executed, and the random number A is read from the EEPROM 15 in the subsequent S120.

  Next, in S130, the key code B is read from the backup RAM 27, and the data C is created by substituting the key code B and the random number A read from the EEPROM 15 in S120 into a predetermined arithmetic expression.

  Here, in the present embodiment, the microcomputer 13 reads the value of the battery voltage VB and calculates the key code B using the read value during the normal control process in S190 described later, and the calculated key. The code B is stored in the backup RAM 27. In S130, the key code B (that is, the key code B calculated during the operation from when the ignition switch 31 was turned on to when it was turned off) is read from the backup RAM 27. For this reason, the key code B becomes a different value every time the process of S130 is executed.

Next, in S140, the current key code B read from the backup RAM 27 in S130 is transmitted to the smart controller 35.
Then, when the key code B is received by the smart controller 35, the microcomputer 41 starts the processing of FIG.

That is, the microcomputer 41 of the smart controller 35 first reads the key code B received from the engine ECU 11 in S210.
Then, in subsequent S220, it is determined whether or not it is determined to be OK in the above-described vehicle interior matching with the portable device 39. If it is not determined to be OK (S220: NO), the processing of FIG. However, if it is determined as OK (that is, if it is recognized that the regular portable device 39 is present in the vehicle interior), the process proceeds to S230.

  In S230, the random number A ′ is read from the EEPROM 43. In the next step S240, the key code B read from the engine ECU 11 read in step S210 and the random number A ′ read from the EEPROM 43 in step S230 are substituted into the same equation as in step S130 on the engine ECU 11 side. Data C ′ is created. Next, in S250, the data C 'created in S240 is transmitted to the engine ECU 11, and then the processing of FIG.

  On the other hand, as shown in FIG. 2A, the microcomputer 13 of the engine ECU 11 transmits the key code B in S140, and then receives the data C ′ from the smart controller 35 within a specified time in S150. It is determined whether or not the data C ′ has been received, and if it is determined that the data C ′ has been received within the specified time, the process proceeds to S160, and the data C ′ received from the smart controller 35 is read.

  In step S170, the microcomputer 13 determines whether the data C created in step S130 matches the data C ′ read from the smart controller 35 read in step S160. If 'is in agreement, the smart controller 35 has determined that the vehicle interior verification is OK, and the random number A ′ stored in the EEPROM 43 of the smart controller 35 and the EEPROM 15 of the engine ECU 11 are stored. Therefore, the process proceeds to S180, and internal setting for permitting fuel injection and ignition for the engine is performed. Then, the process proceeds to S190, and normal control processing for controlling the engine is performed.

  In S150, when it is determined that the data C ′ is not received within the specified time (S150: NO), or in S170, it is determined that the data C and the data C ′ do not match. In this case (S170: NO), the smart controller 35 has not determined that the vehicle interior verification is OK, or is stored in the EEPROM 15 of the engine ECU 11 and the random number A ′ stored in the EEPROM 43 of the smart controller 35. The random number A does not match, and the smart controller 35 of the communication partner is not a genuine product for the own vehicle. Therefore, the process proceeds to S185 to prohibit the fuel injection and ignition for the engine. After setting, the process proceeds to S190. For this reason, when the process of S185 is performed, fuel injection and ignition are not performed in the normal control process of S190, and the operation of the engine is prohibited.

  By the way, in this embodiment, an external device is connected to the communication line 37 in a state where the random number A is not yet stored in the EEPROM 15 of the engine ECU 11, the ignition switch 31 is turned on to operate the engine ECU 11, and the external device By transmitting a random number registration request from the engine ECU 11 to the engine ECU 11, the same random number can be stored in the EEPROM 15 of the engine ECU 11 and the EEPROM 43 of the smart controller 35.

Then, the process which the microcomputer 13 of engine ECU11 performs for such random number registration is demonstrated using FIG.
As shown in FIG. 3, when the random number A is not yet stored in the EEPROM 15, the microcomputer 13 of the engine ECU 11 starts operating upon receiving the power supply voltage Vd from the power supply circuit 17 when the ignition switch 31 is turned on. First, in S310, a value is read from one of the registers 1 to n (in this embodiment, for example, register 1 and register 2). At this time, the values of the registers 1 to n are undefined.

  Next, in S320, a random number A is generated using each value of the registers 1 and 2 read in S310. For example, the random number A is calculated by substituting the read values of the registers 1 and 2 into a predetermined calculation formula for calculating random numbers.

  Then, in the next S330, the same initialization process as S110 in FIG. 2A (that is, the process of writing the initial values in the predetermined area of the RAM 23 and the registers 1 to n) is executed. It is determined whether or not the above-described random number registration request has been received within a predetermined time after executing the digitizing process.

  If a random number registration request is not received from an external device within a certain time (S340: NO), the process proceeds to normal control as it is, but if a random number registration request is received within a certain time (S340). : YES), the process proceeds to S350, and the random number A calculated in S320 is transmitted to the smart controller 35.

  Then, the smart controller 35 receives the random number A transmitted in S350 and stores it as the aforementioned random number A 'in the EEPROM 43. When the storage is completed, a registration completion notification is transmitted to the engine ECU 11.

  Therefore, the microcomputer 13 of the engine ECU 11 receives the registration completion notification from the smart controller 35 in the next S355, and if the registration completion notification is received, proceeds to the next S360 and calculates in the S320. The random number A is stored in the EEPROM 15. Then, the process proceeds to normal control processing.

  In this embodiment, when the process directly shifts from S340 to the normal control process or when the process shifts from S360 to the normal control process, fuel injection and ignition to the engine are not permitted, and the engine is activated. Never do. Further, when the process shifts from S360 to the normal control process, the same random number is stored in the EEPROM 15 of the engine ECU 11 and the EEPROM 43 of the smart controller 35. Therefore, the ignition switch 31 is turned off and then turned on again. If the fuel injection and ignition are permitted in S180 of FIG. 2A described above, the engine can be operated.

  In the engine ECU 11 of the present embodiment as described above, after the microcomputer 13 starts its operation when the power supply circuit 17 turns on the power, the initialization process (S330) of writing initial values to the registers 1 to n in the microcomputer 13 is performed. ), The value is read from the registers 1 and 2 of the registers 1 to n (S310), the random number A is calculated from the read value (S320), and the random number A is stored in the EEPROM 15 of the own ECU 11. (S360) and also stored in the EEPROM 43 of the smart controller 35 (S350).

  That is, when the microcomputer 13 is turned on, the registers 1 to n in the microcomputer 13 are also turned on, but the register value at the time of turning on the power is indefinite. Therefore, the microcomputer 13 reads an indefinite value from the registers 1 and 2 before starting the initialization process after the operation is started by turning on the power, and calculates the random number A using the read indeterminate value. I am doing so.

  For this reason, according to the engine ECU 11 of the present embodiment, a random number different from the engine ECU 11 of other vehicles is reliably generated regardless of the vehicle state, and the random number is generated by the EEPROM 15 of the own ECU 11 and the smart controller 35 in the own vehicle. Can be stored in the EEPROM 43. In addition, since it is possible to prevent a plurality of vehicles having the same random number from being used as collation data between the engine ECU 11 and the smart controller 35, the smart controller 35 and the portable device 39 are exchanged as a set for another vehicle. Thus, it is possible to surely prevent theft such as illegally operating the engine.

  Further, in the engine ECU 11 of the present embodiment, the microcomputer 13 calculates the random number A using each value read from the plurality of registers 1 and 2, so that a different random number is generated for each vehicle (for each ECU 11). Can be generated more reliably.

  As mentioned above, although one Embodiment of this invention was described, this invention is not limited to such Embodiment at all, Of course, in the range which does not deviate from the summary of this invention, it can implement in a various aspect. .

  For example, in the above embodiment, a random number is calculated from a plurality of register values, but the number of register values used to calculate a random number may be one. Further, when the bit length of the register is large, a random number may be calculated using a partial bit string of one register value.

  On the other hand, in the above embodiment, the indeterminate value read from the register is substituted for the random number calculation formula to calculate the random number A. However, the indeterminate value read from the register is treated as the random number A as it is. Also good. For example, in S320 of FIG. 3, data obtained by connecting the values read from the registers 1 and 2 in series may be calculated as the random number A.

  In the above embodiment, a random number is generated from an indefinite register value before the initialization process is performed. However, before executing the initialization process, an indeterminate value is read from the RAM 25 and a random number is generated from the value. You may do it.

  Further, the present invention is not limited to an on-vehicle electronic device such as an engine ECU, and can be similarly applied to various other electronic devices.

It is a block diagram showing engine ECU of an embodiment with a smart controller. It is a flowchart showing the process performed by each of the microcomputer of engine ECU, and the microcomputer of a smart controller in order to prevent vehicle theft. It is a flowchart showing the process performed in order for the microcomputer of engine ECU to calculate a random number.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1-n ... Register, 11 ... Engine ECU, 13, 41 ... Microcomputer, 15, 43 ... EEPROM, 17 ... Power supply circuit, 21 ... CPU, 23 ... ROM, 25 ... RAM, 27 ... Backup RAM, 29 ... Register group, 31 ... Ignition switch, 33 ... In-vehicle battery, 35 ... Smart controller, 37 ... Communication line, 39 ... Portable device (electronic key)

Claims (3)

A random number generation method for generating a random number,
After power is turned on to the volatile semiconductor storage means, the value is read from the semiconductor storage means before the initialization process for writing the initial value to the semiconductor storage means is performed, and a random number is used using the read value. Generating,
A random number generation method characterized by In an electronic device equipped with a microcomputer,
The microcomputer starts operation when the power is turned on, reads the value from the register before executing the initialization process to write the initial value to the register in the microcomputer, and uses the read value to generate a random number. Generating,
An electronic device characterized by the above. The electronic device according to claim 2.
The microcomputer reads values from a plurality of registers, generates random numbers using the read values,
An electronic device characterized by the above.

Images