JP2008176487A - Data storage unit, and theft prevention unit having the same - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To obtain a data storage unit and a theft prevention unit having the data storage unit, capable of retaining correct data without losing data completely even when a part of data is broken due to incorrect writing to a nonvolatile memory such as an EEPROM, not only at the time of abnormality of a backup RAM. <P>SOLUTION: The data storage unit includes a first storage means 14 configured to store at least one kind of data in at least one location, in which the above stored data is erased when power supply is suspended, a second storage means 17 configured to store at least the one kind of data in a plurality of locations with respectively different timing, in which the above stored data are not erased even when the power supply is suspended, and an authenticity decision means for deciding the authenticity of arbitrary data among the above data stored in the first storage means 14 and the second storage means 17. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a data storage device that stores encrypted data used in, for example, a vehicle antitheft device, and an antitheft device including the data storage device.

  A vehicle such as an automobile having an anti-theft function includes an immobilizer electronic control unit (hereinafter referred to as an immobilizer ECU) having an engine start lock function for locking the engine start of the vehicle. Is communicated with a transponder incorporated in the vehicle key for starting the vehicle, and based on the data received from the transponder, it is determined whether the vehicle key is a regular key of the vehicle (hereinafter referred to as a regular key). One method for this determination is to send encrypted data from the immobilizer ECU to the transponder of the vehicle key, and the transponder that has received the encrypted data generates response data by a cryptographic operation based on the encrypted data and transmits it to the immobilizer ECU. There is a method in which the ECU compares the received answer data with the self-answer data of the immobilizer ECU to determine whether or not the vehicle key is a regular key. In this case, it is necessary to store the cipher in order to perform the cipher operation and make a determination next time.

  Conventionally, as a theft prevention device equipped with a data storage device for storing encrypted data, the encrypted data is stored in a backup RAM (Random Access Memory) as a storage means, and when an abnormality occurs in this backup RAM, The encrypted data after a predetermined number of times is predicted based on the previous value written in a nonvolatile memory that is a storage means, for example, EEPROM (Electronically Erasable and Programmable Read Only Memory), and the encrypted data is calculated using the predicted encrypted data. There has been proposed a vehicle anti-theft device that creates and appropriately manages past data (see, for example, Patent Document 1).

JP 2000-181686 A

  Normally, when the power supply is stopped, the stored contents of the RAM are erased. However, the abnormality of the backup RAM means that the power supply to the backup RAM is stopped and the stored contents are erased, or the power supply for power supply is deleted. This refers to the case where the stored contents of the backup RAM are destroyed due to fluctuations in power supply voltage, disturbances, or the like. In the conventional apparatus shown in Patent Document 1, when the stored contents are destroyed due to an abnormality in the backup RAM, new encrypted data can be properly created and managed. However, in a nonvolatile memory such as an EEPROM, No consideration is given to cases where the stored contents are destroyed or cannot be stored correctly.

  Normally, in a nonvolatile memory such as an EEPROM, even if the battery is removed and power supply is stopped, the stored contents are retained, and the stored data is unlikely to be destroyed. However, the battery is removed while data is being written to a nonvolatile memory such as an EEPROM, or the battery voltage is lowered due to a deteriorated battery or the like, so that the vehicle control computer (hereinafter referred to as ECU) that performs the writing process is stable. When power supply cannot be performed, or when the state becomes close to that, normal power supply cannot be performed to the ECU that performs the writing process, and the storage contents of the backup RAM are destroyed. There is a risk that the writing process to the memory itself is interrupted to cause a writing failure, and the data stored in the nonvolatile memory such as the EEPROM cannot be partially stored correctly or is destroyed.

  Therefore, according to the conventional anti-theft device, when the anti-theft encryption data is not correctly written into the nonvolatile memory such as the EEPROM, the anti-theft control encryption data is destroyed, and as a result, the encryption data There was a problem that it was impossible to start due to inconsistencies.

  The present invention has been made paying attention to the above-mentioned problems in the conventional apparatus, and not only when the backup RAM is abnormal, but also part of data in the nonvolatile memory such as EEPROM is destroyed due to defective writing or the like. It is an object of the present invention to provide a data storage device in which encrypted data is not lost completely even if it is done.

  Further, according to the present invention, not only when the backup RAM is abnormal, but also when some data in the nonvolatile memory such as EEPROM is destroyed due to defective writing or the like, the encrypted data is not completely lost, and as a result, theft An object of the present invention is to provide an anti-theft device capable of appropriately determining whether to start the engine without detracting from the preventive property and using a regular key.

  The data storage device according to the present invention is configured to store at least one type of data in at least one location, and includes first storage means for erasing the stored data when power supply is stopped, and the at least one data storage device. A second storage unit configured to store each type of data in a plurality of locations, and the stored data is not erased even when the power supply is stopped, the first storage unit, and the second storage unit Credibility determining means for determining the credibility of arbitrary data among the data stored in the means.

  The antitheft device according to the present invention comprises a data storage device, a communication means for transmitting / receiving encrypted data between the vehicle key and the data storage device, and a calculation result based on the encrypted data on the vehicle key side. And a normal key judging means for judging that the vehicle key is a legitimate key when it matches the calculation result based on the encrypted data, and the data storage means stores at least one kind of data in at least one place. A first storage means for erasing the stored data when power supply is stopped, and storing the at least one type of data in a plurality of locations, respectively. The second storage means in which the stored data is not erased even when stopped, and any data among the data stored in the first storage means and the second storage means. Is obtained by a credibility determination means for determining the authenticity of the data.

  The antitheft device according to the present invention comprises a data storage device, a communication means for transmitting / receiving encrypted data between the vehicle key and the data storage device, and a calculation result based on the encrypted data on the vehicle key side. And a normal key judging means for judging that the vehicle key is a legitimate key when it matches the calculation result based on the encrypted data, and the data storage means stores at least one kind of data in at least one place. A first storage means for erasing the stored data when power supply is stopped, and storing the at least one type of data in a plurality of locations, respectively. The second storage means in which the stored data is not erased even when stopped, and any data among the data stored in the first storage means and the second storage means. And a credibility determination means for determining the authenticity of data, the second storage means is to the data is configured to be stored at different timings to the plurality of locations.

  The antitheft device according to the present invention comprises a data storage device, a communication means for transmitting / receiving encrypted data between the vehicle key and the data storage device, and a calculation result based on the encrypted data on the vehicle key side. And a normal key judging means for judging that the vehicle key is a legitimate key when it matches the calculation result based on the encrypted data, and the data storage means stores at least one kind of data in at least one place. A first storage means for erasing the stored data when power supply is stopped, and storing the at least one type of data in a plurality of locations, respectively. The second storage means in which the stored data is not erased even when stopped, and any data among the data stored in the first storage means and the second storage means. Credibility determining means for determining the authenticity of the data, wherein the credibility determining means is a mutual comparison of the same type of data respectively stored in the first storage means and the second storage means, or The credibility of the data is determined by mutual comparison of the same type of data respectively stored in a plurality of locations of any one of the first storage means and the second storage means. Is.

  Furthermore, the antitheft device according to the present invention comprises a data storage device, a communication means for transmitting / receiving encrypted data between the vehicle key and the data storage device, and a calculation result based on the encrypted data on the vehicle key side. And a normal key judging means for judging that the vehicle key is a legitimate key when it matches the calculation result based on the encrypted data, and the data storage means stores at least one kind of data in at least one place. A first storage means for erasing the stored data when power supply is stopped, and storing the at least one type of data in a plurality of locations, respectively. The second storage means in which the stored data is not erased even when stopped, and any of the data stored in the first storage means and the second storage means Credibility determining means for determining the credibility of the data, the credibility determining means reads the stored data, performs a predetermined operation based on the read data, and based on the result of the operation The credibility of the stored data is determined.

  The antitheft device according to the present invention comprises a data storage device, a communication means for transmitting / receiving encrypted data between the vehicle key and the data storage device, and a calculation result based on the encrypted data on the vehicle key side. And a normal key judging means for judging that the vehicle key is a legitimate key when it matches the calculation result based on the encrypted data, and the data storage means stores at least one kind of data in at least one place. A first storage means for erasing the stored data when power supply is stopped, and storing the at least one type of data in a plurality of locations, respectively. The second storage means in which the stored data is not erased even when stopped, and any data among the data stored in the first storage means and the second storage means. Credibility determining means for determining the authenticity of the data, the credibility determining means reads the stored data, performs a predetermined calculation based on the read data, and based on the result of the calculation, The determination of the authenticity of stored data is performed, and the calculation uses a sum of arbitrary numbers of bytes among a plurality of bytes constituting the read data.

  According to the data storage device of the present invention, not only when the first storage unit is abnormal, but also when the data stored in the second storage unit is destroyed due to a write failure or the like, the data such as the encrypted data is completely deleted. The reliability of the data can be improved, and the reliability of the data can be improved.

  In addition, according to the anti-theft device according to the present invention, data such as encrypted data is not completely lost, highly reliable data can be retained, and the anti-theft function can be maintained without loss as much as possible. Appropriate engine start permission can be determined.

Embodiment 1 FIG.
FIG. 1 is a block diagram showing a configuration of a data storage device and a vehicle antitheft device equipped with the data storage device according to Embodiment 1 of the present invention. In FIG. 1, the anti-theft device comprises an immobilizer ECU 10, an amplifier circuit 21, a key cylinder 22 having an antenna 22a, a regular key K1, and a tester 25.

  The regular key K1 is a vehicle key registered as a master key or a new key registered in advance, and has a built-in transponder T1. The transponder T1 is an encryption type transponder in which function data as unique authentication data is written, and its energy is not shown when receiving an excitation signal (for example, a SIN wave having a constant frequency) from the vehicle side via the antenna 22a. It is stored in a capacitor and operates using it as a power source. In the first embodiment of the present invention, one regular key K1 is described for convenience, but a plurality of regular keys K1 may be provided.

  The immobilizer ECU 10 is mounted on a vehicle and referred to as a CPU (Central Processing Unit) 11 that executes various controls, a ROM 12 that stores various control programs, a RAM 13 that temporarily stores various data, and when power is supplied. A backup RAM 14 composed of a nonvolatile volatile RAM, an input / output buffer 15, an input / output circuit 16, and an EEPROM 17 as a nonvolatile memory are provided. The backup RAM 14 is supplied with power at all times and is non-volatile. During this time, the stored memory contents are retained, but when the power supply is stopped, it becomes volatile and the stored contents are erased. The EEPROM 17 is non-volatile even when the supply of power is stopped, and the stored contents are not erased.

  The backup RAM 14, the EEPROM 17, and the CPU 11 constitute data storage means according to the first embodiment of the present invention. The backup RAM 14 constitutes the first storage means, and the EEPROM 17 constitutes the second storage means. Includes a determination unit that determines that the vehicle key is a regular key, and a credibility determination unit that determines the credibility of the data stored in the storage unit.

  The backup RAM 14 and the EEPROM 17 are initially registered as a key response code of the transponder T1 in advance by an initial registration procedure performed at a factory or the like before shipment of the vehicle, which will be described later. In addition to storing the encrypted data D1, the same function data as the function data stored in the transponder T1 is stored. The immobilizer ECU 10 also includes a drive circuit 18 that drives an injector 23 that supplies fuel to an engine (not shown), and a drive circuit 19 that drives an igniter 24 that ignites the engine. Is controlled to execute engine control such as ignition and fuel injection.

  The key cylinder 22 includes a loop type antenna 22 a in the vicinity of the vehicle key insertion slot, and the antenna 22 a is connected to the amplifier circuit 21. The amplifier circuit 21 receives a signal from the immobilizer ECU 10 and transmits it from the antenna 22 a of the key cylinder 22. For example, when receiving the excitation start signal from the CPU 11 of the immobilizer ECU 10, the amplifier circuit 21 transmits the excitation signal from the antenna 22a. The directivity and the excitation signal transmission time are adjusted so that the antenna 22a gives sufficient energy to communicate with the immobilizer ECU 10 only to the normal key transponder T1 inserted into the key cylinder 22. The tester 25 has a function of requesting an initial key registration command, and is used during initial registration.

  Next, the operation of the data storage device and the vehicle antitheft device provided with the data storage device in Embodiment 1 of the present invention will be described. FIG. 2 is a flowchart for explaining the operation of general immobilization processing including key matching processing. First, when a vehicle key is inserted into the key cylinder 22 and a key switch (IG switch) (not shown) is turned on, a power supply is supplied from an in-vehicle battery (not shown), and the electrical systems shown in FIG. And CPU11 of immobilizer ECU10 starts the process of FIG.

  Password communication is performed at the beginning of immobilization processing, and interference between the immobilizer ECU 10 and the transponder T1 is prevented. That is, when the immobilizer ECU 10 transmits a predetermined transmission password from the antenna 22a, the surrounding vehicle key transponder T1 receives the password and verifies whether the received password data and its own password data match. Do. If the two match, the reception is continued. If the two do not match, the sleep state is entered. As a result, the immobilizer ECU 10 can communicate only with the transponder T1 having predetermined password data.

  Next, in step 101, a random number is created. In the subsequent step 102, the random number created in step 101 is transmitted as question data to the transponder T1 of the vehicle key. That is, the CPU 11 outputs a random number as question data to the amplifier circuit 21. Then, the amplifier circuit 21 converts the random number as the question data into a frequency and transmits it from the antenna 22a. Upon receiving this, the transponder T1 uses the unique function data, generates the answer data D21 from the random number and the function data as the question data, and transmits it to the antenna 22a as a frequency data group.

  In step 103, the previously stored 5-byte long encrypted data D1 is read from the backup RAM 14, and in step 104, self-answer data D2 is created from the encrypted data D1, random numbers as question data, and function data. In step 105, the response data D21 received from the transponder T1 via the antenna 22a is read.

  In step 106, both answer data D2 and D21 are collated to determine whether or not both answer data match. If the two answer data do not match (N), the process proceeds to step 107 and the engine start is prohibited. Specifically, the prohibition of ignition and injection engine control is confirmed. In subsequent step 108, other control, for example, processing for displaying the occurrence of an abnormality with an LED or the like is performed.

  On the other hand, if the two answer data match in step 106, the CPU 11 recognizes that the communication partner transponder T1 is installed in the regular key K1. Then, an affirmative determination (Y) is made at step 106, and the routine proceeds to step 109, where engine control of ignition and injection is performed. That is, if the dark data D1 read from the backup RAM 14 in step 103 is correct, the response data D2 created in step 104 is that the transponder T1 is set to the regular key by the collation performed in step 106. As a result, the vehicle is ignited and injected without any problem, and the engine is operated.

  If the encrypted data D1 becomes incorrect because it is destroyed when stored in the EEPROM 17, the response data D2 generated in step 104 does not match the response data D21 from the transponder T1, and the transponder T1. It is determined that the key K1 installed in is not correct. As a result, the ignition / injection control is prohibited and the vehicle does not operate normally despite the correct regular key K1 being installed.

  The above is the operation of the general immobilizer process. Next, the operation of storing the encrypted data D1 at the time of initial registration between the transponder T1 and the immobilizer ECU 10 will be described with reference to the flowchart shown in FIG. This initial registration is usually performed at a factory or the like before shipment of the vehicle.

  In FIG. 3, in step 200, it is determined whether or not there is a request for initial registration from the tester 25. If there is a request for initial registration from the tester 25 (Y), an initial registration mode flag F1 is set in step 201. If there is no request for initial registration (N), the initial registration mode flag F1 is cleared in step 202. Next, in step 203, it is determined whether or not the initial registration mode flag F1 is set. As a result, if the initial registration mode flag F1 is set (Y), the processing after step 204 at the time of initial registration is performed. I do. Note that the initial registration mode in the first embodiment is a special mode in which no dark data is registered, and any method can be used as long as it can be determined that dark data is not registered.

  Next, in step 204, a random number for creating dark data is created. In the following step 205, 5-byte long encrypted data D1 is created from the random number and function data created in step 204. Next, in step 206, the sum data S1 is calculated from the sum of 1-byte length units of the 5-byte long dark data D1. The total data S1 may be a total of an arbitrary number of 1-byte length units out of the 5-byte long dark data D1.

  In the subsequent step 207, the 5-byte long encrypted data D1 is stored in an arbitrary location of the backup RAM 14, and the value of 1 Byte from the bottom of the total data S1 is stored in the arbitrary location of the backup RAM 14 as the total data S1.

  Next, in step 208, the encrypted data D1 is stored in an arbitrary first storage area (hereinafter referred to as EEPROM “1”) of the EEPROM 17, and the value of 1 Byte from the bottom of the total data S1 is stored in the total data S1. And stored in an arbitrary first storage area (hereinafter referred to as EEPROM “1”) of the EEPROM 17. Thus, the initial registration is completed. Next, in step 209, the initial registration mode flag F1 is cleared.

  Next, in step 210, it is determined whether an ignition switch (hereinafter referred to as IGSW) is OFF. If IGSW is OFF (Y), it is determined in step 211 whether the write flag F2 is set. If not, the encrypted data D1 and the sum data S1 are read from the backup RAM in step 212. Next, at step 213, the encrypted data D1 and the sum data S1 are stored in an arbitrary second storage area (hereinafter referred to as EEPROM “2”) of the EEPROM 17. Next, at step 214, the write flag F2 is set. If the IGSW is ON (N), the write flag F2 is cleared in step 215, and step 211 and subsequent steps are skipped. Thereafter, the ECU 10 repeatedly performs the processing from step 200 to step 215 until the power is turned off.

  As described above, the same encrypted data D1 and total data S1 are stored in the backup RAM 14 and the EEPROM “1” and the EEPROM “2” of the EEPROM 17 at different timings.

  Next, a specific operation of each process at the time of initial registration described with reference to FIG. 3 will be described with reference to a time chart shown in FIG. FIG. 4 is a timing chart showing the storage operation of the encryption data D1 and the summation data S1 in the backup RAM 14 and the EEPROM 17 at the time of initial registration between the transponder T1 and the immobilizer ECU 10 at the time of initial registration request from the tester 25. (A) ON / OFF of power supply, (b) setting / clearing flag F1 at the time of initial registration determination from the tester 25, (c) ON / OFF of IGSW, (d) writing / reading of backup RAM 14 (E) shows the timing of writing to the EEPROM "1" in the EEPROM 17, and (f) shows the timing of writing to the EEPROM "2" in the EEPROM 17.

  In FIG. 4, as shown in FIG. 4A, the initial registration request mode flag F1 from the tester 25 is set at time t1, and the encrypted data is transferred to the backup RAM 14 at time t2 as shown in FIG. D1 and total data S1 are stored (step 207 in FIG. 3). Next, at the time t3, the storage of the encrypted data D1 and the total data S1 in the backup RAM 14 is completed, and at the same time, the encrypted data D1 and the total data in the EEPROM "1" in the EEPROM 17 as shown in (e). The storage of S1 is started, the storage ends at time t4 (step 208 in FIG. 3), and at the same time, the flag F1 is cleared as shown in (b) (step 209 in FIG. 3). The initial registration started from time t1 is completed at time t4.

  Next, when it is confirmed that IGSW is OFF at time t5 as shown in (c) (step 210 in FIG. 3), as shown in (d), the encrypted data D1 from the backup RAM 14 and the sum total at that time t5. Reading of the data S1 is started (step 212 in FIG. 3), and the reading ends at time t6. At the same time, as shown in (f), storage of the encrypted data D1 and the summation data S1 in the second storage area EREPOM “2” of the EEPROM 17 is started (step 213 in FIG. 3), and the storage is performed at time t7. Exit.

Here, the storage timing of the encryption data D1 and the summation data S1 is summarized as follows.
Backup RAM 14: Stored only during initial registration.
EEPROM “1”: Stored only at initial registration.
EEPROM “2”: Stored only after the IGSW is turned OFF.
Thus, as a result, the same encrypted data D1 and total data S1 are stored in different storage areas at different timings. However, after the initial registration is completed, the encrypted data D1 and total data S1 are stored in a nonvolatile memory. This is performed only for the second storage area EEPROM “2” of the EEPROM 17.

  When the power supply is stable, the backup RAM 14 and the EEPROM 17 can be used together, so that the encrypted data D1 can be used. However, for example, when the power is removed or close to it, a write process is performed. Thus, the normal power supply cannot be performed to the immobilizer ECU 10 and the CPU 11 cannot operate. In this case, if the writing process to the EEPROM 17 is in progress, the writing process to the EEPROM 17 itself may be interrupted, causing a writing failure, and the data stored in the EEPROM 17 may not be partially stored correctly or may be destroyed. It is done.

  However, according to the first embodiment of the present invention, the encrypted data D1 and the sum data S1 are stored at different timings at different timings, that is, the backup ROM 14 and the EEPROM “1” and the EEPROM “2” of the EEPROM 17, respectively. Thus, even in a state where it was inevitable that the engine could not be started in the prior art, the usable encryption data D1 can be applied, and the start determination can be performed.

  Next, a process for confirming the authenticity of the stored contents when the power is turned on will be described. FIG. 5 is a flowchart showing a process of confirming the authenticity of data stored in the EEPROM 17 which is a nonvolatile memory. In FIG. 5, in step 301, it is confirmed whether the backup RAM 14 has been destroyed or not usable due to power interruption or the like. In order to verify whether the backup RAM 14 is destroyed, for example, there is a method of storing specific data in the backup RAM 14 in advance and checking whether the data value has changed. Here, any method can be used as long as it can be confirmed whether it can be used.

  If it is determined in step 301 that the backup RAM 14 is usable (Y), the process is terminated by using the encrypted data stored in the backup RAM 14. If it is determined that the backup RAM 14 is not usable (N), the process proceeds to the next step 302, and it is determined whether or not the EEPROM 17 can be used without any trouble such as being unusable. Whether the EEPROM 17 can be used is verified by, for example, storing specific data in the EEPROM 17 in advance and checking whether or not the data value has changed, or a communication failure between the CPU 11 and the EEPROM 17. There is a judgment of the presence or absence, etc. However, any method can be used as long as it can be confirmed whether it can be used. If the EEPROM 17 is usable (Y), the stored contents of the EEPROM “2” in the next step 303 are read out. On the other hand, if it is determined that the EEPROM 17 cannot be used (N), the process proceeds to step 305 described later.

  In step 304, the authenticity of the data value stored in the read EEPROM “2”, that is, the encrypted data D1, is confirmed. The confirmation is performed as follows. First, the 5-byte long encrypted data D1 and the sum data S1 stored in the EEPROM “2” are read. It is assumed that the read encrypted data is D11 and the total data is S11. Next, using the read 5-byte length encrypted data D11, the sum of the 5-byte length is calculated again, and it is confirmed whether or not the total data S12 obtained by the calculation matches the read total data S11. To do. If the newly calculated sum data S12 matches the read sum data S11 (Y), the data stored in the EEPROM "2" of the EEPROM 17 is credible, and the stored contents can be used. The process proceeds to the next step 307. In step 307, the encrypted data D1 stored in the EEPROM “2” whose credibility is confirmed in step 304 is adopted and set as valid encrypted data.

  On the other hand, if the authenticity of the data stored in the EEPROM “2” is denied in step 304 (N), the process proceeds to step 305. In step 305, when it is determined that the used area of the EEPROM 17 is unusable in the determination in step 302 (N), it is determined in step 304 that the stored content of the EEPROM “2” is not credible. In the case (N), the data stored in the EEPROM “1” which is the first storage area of the EEPROM 17 is read out, and the process proceeds to Step 306.

  In step 306, the determination of the authenticity of the data stored in the EEPROM “1” is determined by the same determination method as the determination of the authenticity of the data stored in the EEPROM “2” in the above-described step 304. As described above, the EEPROM “1” stores data at a timing different from that of the EEPROM “2”. As a result of confirming the authenticity of the data of the EEPROM “2” in the step 304, the data of the EEPROM “2” has the authenticity. Even when it is determined that there is no data, there is a case where the data stored in the EEPROM “1” is credible. If it is determined in step 306 that the data stored in the EEPROM “1” is credible (Y), the process proceeds to step 307, and the encrypted data D1 read from the EEPROM “1” is read as valid encrypted data. Set.

  If it is determined in step 306 that the data stored in the EEPROM “1” is not credible (N), the process proceeds to step 308. In step 308, in order to prevent the engine from being inadvertently operated, the encryption data is set by adopting a data value that makes the engine unstartable. That is, if it is determined that all data stored in the backup RAM 14 and the EEPROM “2” as the second storage area of the EEPROM 17 and the EEPROM “1” as the first storage area cannot be used, the engine Although it is impossible to start the engine, the first embodiment stores the data at different timings. Therefore, the possibility that the engine cannot actually be started is extremely low.

  As described above, according to the first embodiment of the present invention, not only when the backup RAM becomes abnormal, but also a part of the EEPROM becomes abnormal and the dark data stored in one place becomes abnormal. However, by confirming the authenticity of the secret data stored in the other one place at different timings, the correct secret data is set, and the start determination can be performed correctly without impairing the anti-theft function.

  In the first embodiment, the authenticity of the stored data is determined based on the sum data S1, which is the sum of the 5-byte length of the encrypted data D1, but stored in the backup RAM and the EEPROM, respectively. It is possible to determine the authenticity of the encrypted data by confirming that the plurality of stored encrypted data completely match, or when storing an odd number of encrypted data, The same effect can be obtained even if the credibility is judged by comparison judgment by majority vote.

It is a block diagram which shows the structure of the data storage device and data storage device in Embodiment 1 of this invention. It is a flowchart explaining the operation | movement of an immobility process. It is a flowchart explaining the memory | storage operation | movement at the time of the initial registration of the apparatus which concerns on Embodiment 1 of this invention. It is a time chart which shows write-in and read-out operation | movement to the non-volatile memory of the apparatus which concerns on Embodiment 1 of this invention. It is a flowchart which shows the process of the authenticity confirmation of the stored data of the apparatus which concerns on Embodiment 1 of this invention.

Explanation of symbols

10 Immobility ECU
21 Amplifier circuit 22 Key cylinder 22a Antenna K1 Regular key K1
25 Tester T1 Transponder 11 CPU
12 ROM
13 RAM
14 Backup RAM
15 I / O buffer 16 I / O circuit 17 EEPROM
18 Injector drive circuit 19 Igniter drive circuit

Claims (6)

  A first storage unit configured to store at least one type of data in at least one location, wherein the stored data is erased when power supply is stopped; and the at least one type of data in a plurality of locations. A second storage unit configured to store each of the data stored in the first storage unit and the second storage unit, wherein the stored data is not erased even when the power supply is stopped; A data storage device comprising credibility determination means for determining the credibility of arbitrary data.   The data storage device according to claim 1, wherein the second storage unit stores the data in the plurality of locations at different timings.   The credibility determining means includes comparing the same type of data stored respectively in the first storage means and the second storage means, or out of the first storage means and the second storage means. 3. The data storage device according to claim 1, wherein the reliability of the data is determined by mutual comparison of the same type of data respectively stored in any one of the plurality of locations.   The credibility determining means reads the stored data, performs a predetermined calculation based on the read data, and determines the credibility of the stored data based on a result of the calculation. The data storage device according to claim 1 or 2.   5. The data storage device according to claim 4, wherein the calculation uses a sum of an arbitrary number of bytes among a plurality of bytes constituting the read data.   6. The data storage device according to claim 1, communication means for transmitting / receiving encrypted data between a vehicle key and the data storage device, and an operation result based on the encrypted data is on the vehicle key side A theft prevention apparatus comprising: a determination unit that determines that the vehicle key is a legitimate key when the calculation result based on the encrypted data in FIG.

Images