JP2011256561A - Key device, lock control device, control program and control method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a key update which surely performs locking and unlocking without complicated key management with a key issue server.SOLUTION: A smart key 1 comprises: a key receiving part 47 which receives a key issued by a key issue server 3; a key holding part 41 which holds a plurality of different keys issued each time; a key selection part 45 which selects a key to encrypt a locking and unlocking request to be transmitted to a door lock device 2 among from the held keys; an encryption part 42 which encrypts the locking and unlocking request by using the selected key by the key selection part 45; and a message transmitting and receiving part 46 which transmits the encrypted locking and unlocking request to the door lock device 2 and receives a notice of a locking and unlocking success from the door lock device 2, and when the notice of a locking and unlocking success in response to the locking and unlocking request is not received by the message transmitting and receiving part 46, the key selection part 45 changes the selected key for encryption and the encryption part 42 encrypts a lock and unlocking request using the changed key.

Description

  The present invention relates to a key device, a lock control device, a control program, and a control method.

  Conventionally, there is a technique for providing an additional function such as temporary key issuance by making a smart key and a vehicle communicable via a network (see Patent Document 1). In addition, as a setting change before driving, there is a technique for distributing key information to the vehicle side if there is a key information transmission request by distributing the key information from the management center to the portable terminal and operating the portable terminal ( (See Patent Document 2).

  Further, conventionally, on the key side, every time a button is operated, the transmission data transmission method is designated to be changed, and identification information for identifying the transmission method designated to be changed and button data corresponding to the operation content of the button are provided. A control unit that outputs transmission data including transmission pre-transmission processing means that performs transmission pre-processing on transmission data from the control unit in a transmission method designated by the control unit, and transmission data that has been pre-transmission processed by the transmission pre-processing unit. There is a vehicle radio control system including a transmission high-frequency unit that wirelessly transmits to an in-vehicle unit (see Patent Document 3). Further, in the keyless entry system, the portable device and the fixed device each have an encryption table with the same contents, and each time a different encryption key is selected and encrypted with reference to the encryption key and the encryption table on the portable device. There is a technology (see Patent Document 4).

JP 2006-262184 A JP 2008-072160 A JP 2006-161507 A JP 2001-295525 A

  Conventionally, a technology such as a smart key system used in a vehicle that realizes locking or unlocking (hereinafter also referred to as “locking / unlocking”) of a locking device using wireless communication between the key device and the locking device is used. It has been. In such a locking / unlocking system, encryption communication is used to prevent unauthorized use of the key due to wiretapping of communication between the key device and the lock device.

  Here, the security of a key such as an encryption key used for encryption communication decreases with the passage of time or the accumulation of communication amount. For this reason, in such a locking / unlocking system, it is conceivable to distribute a key such as an encryption key from the center, but both the key device and the lock device are always in a state where they can receive information from the center. Is not limited. In particular, when the key device is a smart key and the lock device is a vehicle door lock, these devices cannot receive communication from the center due to the movement of the user carrying the smart key, the movement of the vehicle, or the like. Due to the location (out of service area), the distributed key may not be received by one or both of the devices.

If the key distributed by one of the key device and the lock device cannot be received, there is a possibility that a key mismatch occurs between the key device and the lock device, which makes locking and unlocking impossible. In order to avoid such a situation, a connection is established between each of the key device and the lock device and the center, and the key is securely delivered to both devices. In this method, a large resource is required to update the key, and there is a possibility that the delivery state may become inconsistent due to unexpected disconnection of the connection.

  In view of the above-described problems, an object of the present invention is to provide a key update that can reliably perform locking and unlocking without performing complicated key management by a key issuing device.

  The present invention performs complicated key management by a key issuing device by accumulating a plurality of keys issued by a key issuing device and specifying corresponding keys by repeating retries if necessary at the time of locking and unlocking It was also possible to provide key renewals that could be securely locked and unlocked.

  Specifically, the present invention includes a key receiving unit that receives a key issued by a key issuing device, a key holding unit that holds a plurality of keys that differ for each issue by the key issuing device, and a lock device. A key selection unit that selects a key for encrypting the unlocking / unlocking request transmitted from the key held by the key holding unit, and the locking / unlocking request is selected by the key selecting unit Encrypting means for encrypting using a key, message transmitting means for transmitting the locking / unlocking request encrypted by the encrypting means to the locking device, and locking / unlocking according to the locking / unlocking request by the locking device Message receiving means for receiving a notification of success, and when the message receiving means does not receive a notification of successful locking / unlocking according to the locking / unlocking request, the key selecting means selects for encryption Change the that key, said encryption means encrypts the unlocking request using the changed key, a key device.

  In order to ensure the safety of communication between the key device and the lock device over a long period of time, the key issuing device newly adds the key device and the lock device to the key device and the lock device periodically or at a timing according to the request. It is a device such as a server that issues a simple key. The key issuing device issues a key (encryption key, decryption key, etc.) having a correspondence relationship in encryption and decryption to the corresponding key device and lock device pair. For example, when the encryption communication method between the key device and the lock device is the common key encryption method for each of the corresponding key device and the lock device, either the encryption or the decryption is performed. When the same key that can be used in the network is issued and the encryption communication method between the key device and the lock device is a public key encryption method, a public key and a secret key corresponding to the public key are Issue. Since the key issued by the key issuing device is different for each issue in principle, the security of communication between the key device and the lock device is ensured over time. However, depending on the embodiment of the present invention, a key issuing device that is allowed to issue the same key in different key issuing may be employed.

  The unlocking request is a message transmitted from the key device to the locking device, and indicates a locking request for requesting locking to the locking device and an unlocking request for requesting unlocking to the locking device. ing. In the present invention, the lock request or the unlock request is encrypted by the encryption means using the key selected by the key selection means. In the present invention, a message such as a lock / unlock request is encrypted and transmitted / received between the key device and the lock device, thereby realizing locking / unlocking only with a valid key device.

And when the notification of successful locking / unlocking from the lock device is not received, the key selection means changes the key used for encryption, and the encryption means and the message transmission means use the selected and changed key, Retry the lock / unlock request to the locking device. In the present invention, the key is held by the key device by holding the key for a plurality of generations by the key holding means, and making a lock / unlock request while changing the key used for encryption among the plurality of held keys. Even when there is a partial discrepancy between the plurality of keys and the plurality of keys held by the lock device, it is possible to find the corresponding keys and perform safe locking / unlocking. Then, by providing a means for finding an effective key at the time of locking / unlocking as described above, it is possible to provide a key update that can be reliably locked / unlocked without performing complicated key management by the key issuing device. It is possible.

  In the present invention, the key holding unit holds the plurality of keys in the storage device in association with the order in which the keys are issued or received, and the key device according to the present invention is provided by the message receiving unit. When the notification of successful locking / unlocking is received, a key older than the key paired with the key held in the lock device is specified based on the order associated by the key holding means, and the storage An erasing unit for erasing from the apparatus may be further provided.

  Further, the key device according to the present invention, when the message receiving means has received the notification of the successful locking / unlocking, the key held in the storage device, the key held in the lock device, The erasure unit further includes a key older than a key determined to be a key paired with the key held in the lock device as a result of the verification by the verification unit. It may be specified based on the order associated by the key holding means and deleted from the storage device.

  The key paired with the key held on the lock device side can be specified by the success of the communication for locking / unlocking or the collation by the collation means. Here, by deleting a key older than the identified paired key from the storage device, the key held in the storage device is kept in a new state, and the capacity for holding the key in the storage device is saved. I can do it.

  Further, in the present invention, the verification means includes a key held in the storage device and a key held in the lock device through encrypted communication using a key related to the successful locking / unlocking. You may collate.

  If locking / unlocking is successful, keep the key used for communication for successful locking / unlocking, keeping the communication between the key device and the locking device confidential, and verifying the key safely. I can do it. The key verification method is not limited to the method of transmitting and receiving the key data itself via encrypted communication. For example, the key verification may be performed by transmitting / receiving information that can determine whether or not the keys match, such as a hash value of the key. However, in the case where key verification is performed by passing a hash value or the like, the communication for passing the hash value may not be encrypted.

  Further, the present invention provides a key receiving means for receiving a key issued by a key issuing apparatus, a key holding means for holding a plurality of different keys for each issue by the key issuing apparatus in a storage device, and transmitting from the key apparatus. A message receiving means for receiving the encrypted locking / unlocking request, a key selecting means for selecting a key for decrypting the locking / unlocking request from the keys held by the key holding means, and the unlocking A decrypting means for decrypting the lock request using the key selected by the key selecting means; and a locking / unlocking means for locking / unlocking the lock according to the unlocking / unlocking request decrypted by the decrypting means. When the decryption is not successful, the key selection unit is a lock control device that changes a key selected for decryption, and the decryption unit decrypts the lock / unlock request using the changed key.

In the present invention, an encrypted lock request or unlock request is transmitted from the key device. The message receiving means of the lock control device receives an encrypted message such as a lock request or unlock request, and the decryption means decrypts the encrypted message using the key selected by the key selection means. Try. Here, the key selection means changes the key selected for decryption when decryption is not successful. In this way, by sequentially using a plurality of keys held in the storage device and trying to decrypt, according to the present invention, a plurality of keys held by the key device and a plurality of keys held by the lock device Even if there is some discrepancy between the key and the key, find the corresponding key,
It enables safe locking and unlocking.

  In the present invention, the key holding unit holds the plurality of keys in the storage device in association with the order in which the keys are issued or received, and the key device according to the present invention performs the decryption by the decryption unit. If the correct result is obtained and the locking / unlocking by the locking / unlocking means is completed, keys older than the key paired with the key held in the key device are placed in the order associated with the key holding means. An erasing unit that identifies and erases from the storage device may be further provided.

  Further, the key device according to the present invention further includes a collating unit that collates the key held in the storage device and the key held in the key device when the decryption by the decrypting unit is successful. And the erasure unit associates a key older than the key determined to be a key paired with the key held in the key device as a result of the verification by the verification unit by the key storage unit. It may be specified based on the order and erased from the storage device.

  The key paired with the key held on the lock device side can be specified by the success of the communication for locking / unlocking or the collation by the collation means. Here, by deleting a key older than the specified paired key from the storage device, the key held in the storage device is kept in a new state, and the capacity for holding the key in the storage device is saved. I can do it.

  In the present invention, the collating unit includes a key held in the storage device and a key held in the key device via encrypted communication using a key related to the success of the decryption by the decrypting unit. And may be collated.

  If locking / unlocking is successful, keep the key used for communication for successful locking / unlocking, keeping the communication between the key device and the locking device confidential, and verifying the key safely. I can do it. The key verification is not a method of transmitting / receiving key information itself, but may be performed by transmitting / receiving information that can be used for key verification, such as a hash value of a key. It is the same.

  Further, the present invention may be grasped as an invention of a key issuing device, an invention of a method executed by a computer operating as a key device, a lock device, a key issuing device or the like, or an invention of a program. Good.

  ADVANTAGE OF THE INVENTION According to this invention, it becomes possible to provide the update of the key which can perform locking / unlocking reliably, without performing complicated key management by a key issuing apparatus.

It is a figure which shows the outline of a structure of the key update system which concerns on embodiment. It is a figure which shows the outline of the hardware constitutions of the key update system which concerns on embodiment. It is a figure which shows the outline of a function structure of the key update system which concerns on embodiment. It is a flowchart which shows the flow of the key issue process in embodiment. It is a figure which shows the structure of the key database used in embodiment. It is a flowchart which shows the flow of the smart key side locking / unlocking process in embodiment. It is a figure which shows the method of the matching process of the key which concerns on embodiment. It is a flowchart which shows the flow of the locking device side locking / unlocking process in embodiment. In the key update system which concerns on embodiment, it is a figure which shows the outline of the method of raising a security level using a random number.

<Configuration of key update system>
Embodiments of a key update system according to the present invention will be described below with reference to the drawings.

  FIG. 1 is a diagram showing an outline of the configuration of the key update system according to the present embodiment. The key update system according to the present embodiment issues a door lock device 2 as a lock device provided in a vehicle, a smart key 1 as a key device for locking and unlocking the door lock, an update key, and the like. This is a system in which a key issuing server (key issuing center) 3 as a key issuing device is connected to be communicable with each other via a network. It does not matter whether the connection between the devices is wired or wireless. Here, communication between the key issuing server 3 and the door lock device 2 and between the key issuing server 3 and the smart key 1 can be performed via a communication network 9 such as a mobile phone network, the Internet, or a wide area network. ing. The smart key 1 and the door lock device 2 can communicate with each other by short-range wireless communication using a UHF (Ultra High Frequency) band or the like. However, the communication method and protocol used for communication between the devices are not limited to the above-described examples as long as necessary information can be transmitted and received between the devices. For example, even communication between the smart key 1 and the door lock device 2 may be performed via a mobile phone network, the Internet, a wide area network, or the like.

  FIG. 2 is a diagram showing an outline of the hardware configuration of the key update system according to the present embodiment. The smart key 1 according to the present embodiment includes a short-range communication device 16, a network interface 15, a processor 11, a RAM (Rancom Access Memory) 12, a ROM (Read Only Memory) 13, and a storage device (storage) 14. The door lock device 2 includes a lock portion 2b that physically locks the vehicle door, and a door lock control device 2a that controls the lock portion 2b. The door lock control device 2a includes a short-range communication device 26, a network interface, and the like. 25, a processor 21, a RAM 22, a ROM 23, and a storage device (storage) 24. The key issuing server 3 includes a network interface 35, a CPU (Central Processing Unit), a RAM 32, a ROM 33, and a storage device (storage) 34.

  That is, the smart key 1, the door lock control device 2a, and the key issuing server 3 according to the present embodiment are all computers as information processing devices. As the storage devices 14, 24, and 34 included in the smart key 1, the door lock device 2, and the key issuing server 3, for example, an EEPROM (Electrically Erasable Programmable ROM), an HDD (Hard Disk Drive), or the like can be used. .

  Each door lock device 2 can be locked / unlocked using a corresponding smart key 1, that is, a specific smart key 1 having the authority to lock / unlock a certain door lock device 2. That is, even if it tries to lock / unlock the door lock apparatus 2 using the smart key 1 which is not combined with respect to a certain door lock apparatus 2, the door lock apparatus 2 is not locked / unlocked. In the present embodiment, each smart key 1 has a key ID that is an identifier of the smart key 1 and is recorded in the ROM 13 or the storage device 14 of the smart key 1. The door lock device 2 refers to the key ID included in the lock request or unlock request message transmitted from the smart key 1, and the message source smart key 1 has the authority to lock and unlock the door lock device 2. It is determined whether or not the smart key 1 has.

FIG. 3 is a diagram showing an outline of a functional configuration of the key update system according to the present embodiment. The smart key 1 is configured such that the processor 11 executes a program expanded in the RAM 12 or the ROM 13 and controls each component of the short-range communication device 16, the network interface 15, the RAM 12, the ROM 13, the storage device 14, and the like, The smart key 1 includes a holding unit 41, an encryption unit 42, a verification unit 43, a deletion unit 44, a key selection unit 45, a message transmission / reception unit 46, and a key reception unit 47. In the door lock device 2, the processor 21 executes a program developed in the RAM 22 and the ROM 23 to control each component of the short-range communication device 26, the network interface 25, the RAM 22, the ROM 23, the storage device 24, and the like. Thus, it functions as the door lock device 2 including the key holding unit 51, the decrypting unit 52, the collating unit 53, the erasing unit 54, the key selecting unit 55, the message transmitting / receiving unit 56, the key receiving unit 57, and the locking / unlocking unit 58.

  The key receiving unit 47 of the smart key 1 and the key receiving unit 57 of the door lock control device 2 both receive the key issued by the key issuing server 3. In the present embodiment, safety is taken into account for concealing communication between the key issuing server 3 and the smart key 1 and concealing communication between the key issuing server 3 and the door lock device 2. Thus, a public key cryptosystem such as RSA suitable for long-term operation is used. The key holding units 41 and 51 hold a plurality of different keys for each issue by the key issuing server 3 in a key database constructed using the storage devices 14 and 24 in association with the order in which the keys are issued or received. . The configuration of the key database will be described later with reference to FIG.

  The key selection unit 45 of the smart key 1 selects a key for encrypting the locking / unlocking request transmitted to the door lock control device 2a from the keys held by the key holding unit 41. Then, the encryption unit 42 encrypts the locking / unlocking request using the key selected by the key selection unit 45. The key selection unit 45 changes the key to be selected for encryption when the message transmission / reception unit 46 does not receive the result notification indicating the successful locking / unlocking, and the encryption unit 42 selects the key selection unit 45. Encrypt the unlocking request again using the changed key.

  The message transmission / reception unit 46 of the smart key 1 and the message transmission / reception unit 56 of the door lock control device 2 both transmit and receive messages such as locking / unlocking requests and notification of locking / unlocking results with the counterpart device. . In the present embodiment, for concealing communication between the smart key 1 and the door lock device 2, a low-delay common key encryption method such as AES (Advanced Encryption Standard) is used in consideration of the processing load. It is done. The message transmission / reception unit 46 of the smart key 1 transmits a message such as a lock / unlock request encrypted by the encryption unit 42 to the door lock control device 2a, and the door lock control device 2a locks / unlocks according to the lock / unlock request. A message such as a notification of the result is received. The message transmission / reception unit 56 of the door lock device 2 receives a message such as a lock / unlock request transmitted from the smart key 1, and transmits a message such as a lock / unlock result notification corresponding to the lock / unlock request to the smart key 1. The message such as the lock request and the unlock request is, for example, a predetermined command or the like. However, in order to make it difficult for the eavesdropper of the communication to guess the key, measures such as giving a variation to the message that is encrypted each time the communication is performed may be taken.

  The collation unit 43 of the smart key 1 is held in the storage device 14 through encrypted communication using the key related to the successful locking / unlocking when the message transmission / reception unit 46 receives a result notification indicating the successful locking / unlocking. And the key held in the door lock control device 2a are collated. Then, the erasure unit 44 of the smart key 1 specifies a key older than the key paired with the key held in the door lock control device 2a based on the order associated with the key holding unit 41, and the storage device Delete from 14. The erasure unit 44 erases an older key as a key paired with the key held in the door lock control device 2a without using the collation by the collation unit 43. May be.

The key selection unit 55 of the door lock device 2 selects a key for decrypting the locking / unlocking request from the keys held by the key holding unit 51. Then, the decrypting unit 52 decrypts the locking / unlocking request using the key selected by the key selecting unit 55. Note that if the decryption by the decryption unit 52 is not successful, the key selection unit 55 changes the key selected for decryption, and the decryption unit 52 uses the key selected and changed by the key selection unit 55 to request unlocking / unlocking. Is decrypted. If the combination is successful, the locking / unlocking unit 58 locks / unlocks the lock according to the locking / unlocking request decrypted by the decryption unit 52.

  When the decryption by the decryption unit 52 is successful, the collation unit 53 of the door lock device 2 uses the key held in the storage device 24 via encrypted communication using the key related to the successful decryption by the decryption unit 52. The key held in the smart key 1 is collated. Then, the erasing unit 54 of the door lock device 2 identifies a key older than the key paired with the key held in the smart key 1 based on the order associated with the key holding unit 51, and the storage device 24. Erase from The erasure unit 54 does not perform collation by the collation unit 53, and uses a key related to successful combination or unlocking as a key paired with the key held in the smart key 1. It may be erased.

  In the smart key 1 and the door lock device 2 according to the present embodiment, so-called protection domain technology is used, the external communication domain related to communication with the key issuing server 3 is set as a normal domain, the smart key 1 and the door lock device 2 As a protection domain, the vehicle communication domain related to communication between the two is supposed to ensure the independence of each other domain. That is, direct access from the normal domain to the protection domain is prohibited, and the system and key are protected from unauthorized access by an attack tool or malware (see FIG. 1).

  More specifically, the key receiving units 47 and 57 of the smart key 1 and the door lock device 2 operate in the normal domain, but the key holding units 41 and 51 of the smart key 1 and the door lock device 2, the encryption unit 42, The decryption unit 52, the collation units 43 and 53, the deletion units 44 and 54, the key selection units 45 and 55, the message transmission / reception units 46 and 56, and the like operate in the protection domain. However, the domain dividing method shown here is merely an example, and it is preferable that the specific application method of the protection domain is appropriately selected according to the embodiment.

  Further, the key issuing server 3 is configured such that the CPU executes a program expanded in the RAM 32 or the ROM 33 to control each configuration of the network interface 35, the RAM 32, the ROM 33, the storage device 34, and the like, thereby generating the key generating unit 61, It functions as the key issuing server 3 including the combination holding unit 62 and the key transmission unit 63.

  The key generation unit 61 generates a key to be issued for a combination of the door lock device 2 and the smart key 1 having the authority to lock / unlock the door lock device 2 periodically or upon request. . The key generated here is preferably different for each issue.

  The combination holding unit 62 holds, in the storage device 34, information that can specify the combination of the door lock device 2 and the smart key 1 that has the authority to lock and unlock the door lock device 2. The combination can be held by, for example, associating a combination of a key ID and a lock ID (identifier of the door lock device 2) and recording them in a table or the like.

  The key transmission unit 63 issues the key by transmitting the key generated by the key generation unit 61 to the combination of the door lock device 2 and the smart key 1 held by the combination holding unit 62.

<Process flow>
FIG. 4 is a flowchart showing the flow of the key issuing process in the present embodiment. The processing shown in this flowchart is executed periodically (for example, every other day) or in response to a request. It should be noted that the specific contents and order of the processing shown in this flowchart are examples for carrying out the present invention. It is preferable that specific processing contents and order are appropriately selected according to the embodiment.

  In step S101, a key is generated. The key generation unit 61 of the key issuing server 3 generates a key used for encryption communication or authentication between the door lock device 2 and the smart key 1. The key may be automatically generated using a random number, or may be generated using various methods that can be conceived by those skilled in the art at the time of implementation, such as generating a pseudo-random number based on some sort of value. It's okay. In this embodiment, the key used for communication between the smart key 1 and the door lock device 2 is a key of a common key cryptosystem (that is, used in the smart key 1 and the door lock device 2). However, a key of another method such as a public key encryption method (secret key encryption method) may be used. Thereafter, the process proceeds to step S102.

  In the case of the common key encryption method, since the encryption key and the decryption key are the same, the same encryption key is issued, and encryption and decryption are performed on either side of the smart key 1 or the door lock device 2. Even in this case, the same encryption key is used. In contrast, when an encryption algorithm having a different encryption key and decryption key, such as a public key encryption method, is adopted, the smart key 1 has an encryption key for encrypting a message to be sent to the door lock device 2. And a decryption key for decrypting the message from the door lock device 2 are issued, and the door lock device 2 is provided with an encryption key for encrypting a message to be sent to the smart key 1, and from the smart key 1. And a decryption key for decrypting the message.

  In steps S102 to S105, the generated key is transmitted to the smart key 1 and the door lock device 2. The key transmitting unit 63 of the key issuing server 3 refers to the combination of the smart key 1 and the door lock device 2 held by the combination holding unit 62, so that the smart key 1 and the door lock device 2 belonging to the combination are displayed. Identify and send keys to these devices. Here, the key transmission unit 63 conceals (encrypts) the key using a public key set in advance, and transmits the concealed key to the door lock device 2 and the smart key 1 via the communication network 9. Send. The public key used for key concealment (encryption) is a key different from the key to be transmitted, and is between the key issuing server 3 and the door lock device 2 and between the key issuing server 3 and the smart key. The confidentiality of communication with the key 1 is ensured.

  The key issuing server 3 transmits the key without waiting for the connection from the transmission target devices (smart key 1 and door lock device 2) to the key issuing server 3, and from the key issuing server 3 to the transmission target. It is preferable to employ a so-called push-type transmission in which a key is transmitted spontaneously to the apparatus. The key receiving unit 57 of the door lock device 2 and the key receiving unit 47 of the smart key 1 each receive a key transmitted with its own device as a destination. Thereafter, the process proceeds to step S106.

  In steps S106 to S109, the received key is decrypted and stored in the storage devices 14 and 24. The key receiving unit 57 of the door lock device 2 and the key receiving unit 47 of the smart key 1 use the secret key stored in advance, which is received in the processing shown in steps S102 to S105. To obtain a non-confidential (plaintext) key. Then, the key holding unit 51 of the door lock device 2 and the key holding unit 41 of the smart key 1 hold the acquired keys in the storage devices 14 and 24 in association with the issued or received order. Thereafter, the processing shown in this flowchart ends.

  In the key distribution according to the present embodiment, it is not confirmed whether or not the key transmitted by the key issuing server 3 has been normally received and held on the receiving side. That is, in the key distribution according to the present embodiment, when reception or holding of a key fails in one of the smart key 1 and the door lock device 2, the key held in the key database by the smart key 1 and the door lock device There will be a discrepancy between 2 and the key held in the key database.

  FIG. 5 is a diagram showing the configuration of the key database used in the present embodiment. The key database stores the keys issued by the key issuing server 3 and received by the key receiving units 47 and 57 in association with the order of issue or reception. However, the number of stored keys and the amount of data are limited due to the capacity of the storage devices 14 and 24. In the smart key 1 and the door lock device 2 according to the present embodiment, when the erasing units 44 and 54 exceed the upper limit of the number of keys that can be held in the key database and a new key is received from the key issuing server 3, Delete the old key preferentially and save the new key. However, in the method of simply deleting the oldest key in order, there is a possibility that a state where no corresponding key exists in the key database on the smart key 1 side and the key database on the door lock device 2 side may occur. For this reason, in the combination of the smart key 1 and the door lock device 2, it is preferable that at least one key that has been confirmed to match with the other party is deleted so that it remains. In this way, it is possible to avoid a situation in which locking / unlocking is impossible without having a single key that matches the smart key 1 and the door lock device 2.

  FIG. 6 is a flowchart showing the flow of the smart key side locking / unlocking process in the present embodiment. The processing shown in this flowchart is executed, for example, when the user performs a locking operation or an unlocking operation using the smart key 1. However, the locking and unlocking may be started not by an explicit user operation but, for example, when the user is away from the vehicle by a predetermined distance or closer to a predetermined distance or less. It should be noted that the specific contents and order of the processing shown in this flowchart are examples for carrying out the present invention. It is preferable that specific processing contents and order are appropriately selected according to the embodiment.

  In step S201, key selection and message encryption are performed. The key selection unit 45 of the smart key 1 reads out the oldest key in the order issued or received among the keys held in the storage device 14. Then, the encryption unit 42 encrypts the lock request or the unlock request, the key ID (identifier of the smart key 1), and the counter value using the read key. When the user operation is a locking operation, the locking request is encrypted, and when the operation is an unlocking operation, the unlocking request is encrypted. As the counter value to be encrypted, the value updated in step S202 at the time of the previous locking / unlocking process is read from the storage devices 14 and 24. The key ID to be encrypted is read from the ROM 13 or the storage device 14 of the smart key 1. Thereafter, the process proceeds to step S202.

  In steps S202 and S203, the counter value is updated and the encrypted message is transmitted. The processor 11 of the smart key 1 adds 1 to the counter value (increment) (step S202). Then, the message transmitting / receiving unit 46 transmits a message including the locking request or unlocking request encrypted in step S201, the key ID, and the counter value to the door lock device 2 (step S203). Communication between the smart key 1 and the door lock device 2 is performed by wireless communication as described above. Thereafter, the process proceeds to step S204.

The content of the process performed by the door lock device 2 that has received the message transmitted by the smart key 1 will be described later using a separate flowchart. When the process according to the lock request or the unlock request is completed, the door lock device 2 transmits a result notification message including information such as success or error of the lock to the smart key 1. Here, the result notification message transmitted from the door lock device 2 may be encrypted or may not be encrypted. When decryption by the door lock device 2 is successful, a result notification message encrypted using a common key can be transmitted to secure a secure communication path. In the case of failure, it may not be possible to specify a key that can be decrypted by the smart key 1, and the result notification message may not be encrypted.

  In step S204, the presence / absence of a result notification message is determined. The message transmitting / receiving unit 46 of the smart key 1 determines whether or not a result notification message corresponding to the locking / unlocking request transmitted in step S203 has been received from the door lock device 2. If a result notification message is received, the process proceeds to step S205. If the result notification message has not been received, it is determined that the communication with the door lock device 2 has been unsuccessful and the locking / unlocking has failed, and the processing shown in this flowchart ends.

  In step S205, the content of the result notification message is determined. The result notification message includes information such as success or failure of locking and unlocking. For this reason, the message transmitting / receiving unit 46 makes a determination with reference to the content of the result notification message determined to be received in step S204. When the content of the result notification message indicates that the locking / unlocking is successful, the process proceeds to step S207. On the other hand, when the content of the result notification message indicates a decryption error due to the fact that the key corresponding to the key database was not found, the process proceeds to step S206.

  In step S206, key selection and message encryption are performed. The key selection unit 45 of the smart key 1 reads the key that is next to the key related to the determination of the decryption error in step S205 in the order issued or received among the keys held in the key database. Then, the encryption unit 42 encrypts the lock request or the unlock request, the key ID, and the counter value using the read key. The specific processing of encryption is substantially the same as that described in step S201, and thus description thereof is omitted. Thereafter, the process proceeds to step S202.

  That is, in the smart key side locking / unlocking process shown in this flowchart, in the locking / unlocking process using a certain key, the corresponding key cannot be found in the door lock device 2, and a message decoding error occurs and the locking / unlocking process is performed. In the case of failure, the process shown in steps S202 to S206 is repeated to perform the unlocking / unlocking process using the oldest key next to the failed key among the keys held in the storage device 14 of the smart key 1. Try again. In the smart key 1 according to the present embodiment, the key database on the smart key 1 side and the key database on the door lock device 2 side are partially inconsistent by repeating the locking and unlocking process while changing the encryption key. Even in such a case, a matching key in the key database is found, and a secure communication path (tunnel provided by encrypted communication) is established between the smart key 1 and the door lock device 2.

  In step S207, a key older than the designated key is deleted from the storage device 14. The collation unit 43 of the smart key 1 communicates with the collation unit 53 of the door lock device 2 via the message transmission / reception units 46 and 56, so that a plurality of keys held in the key database of the smart key 1 and the door A plurality of keys held in the key database of the lock device 2 are collated (hereinafter referred to as “matching process”).

FIG. 7 is a diagram showing a key matching processing method according to the present embodiment. The collation unit 43 of the smart key 1 and the collation unit 53 of the door lock device 2 communicate with each other via the message transmission / reception units 46 and 56, so that a plurality of keys held in the key database of the smart key 1 and the door A matching process for collating a plurality of keys held in the key database of the lock device 2 is performed. If locking / unlocking is successful, communication between the smart key 1 and the door lock device 2 is concealed by using the key used for communication for successful locking / unlocking, and is included in the key database. Send and receive a list of keys for secure key verification. In the example shown in FIG. 7, the encryption communication using the key b is established by the successful decryption in step S302.

  In the example illustrated in FIG. 7, the collating units 43 and 53 perform the keys a, b, d, e, g, and h held in the key database of the smart key 1 through encrypted communication using the key b. , L and keys b, e, f, h, m, p, q held in the key database of the door lock device 2 are collated, and the key h is identified as the latest corresponding key. . When the matching processing by the collating units 43 and 53 is completed, the erasing units 44 and 54 are issued or received from the keys that are stored in the storage devices 14 and 24 and whose correspondence is confirmed between the devices. The old keys are deleted from the storage device 14 in the same order. In the example shown in FIG. 7, the keys a, b, d, e, and g older than the key h are deleted from the key database of the smart key 1, and the key b older than the key h is deleted from the key database of the door lock device 2. , E, f are erased.

  The key verification method is not limited to the method of transmitting and receiving the key data itself (key list) via encrypted communication. For example, the key verification may be performed by transmitting / receiving information that can determine whether or not the keys match, such as a hash value of the key. When key verification is performed by passing a hash value, etc., key-hashing for message authentication code (HMAC) using the key used in message encryption and decryption is performed in order to identify the transmission source. In addition, it is preferable to confirm the presence or absence of tampering.

  The erasure unit 44 is issued or received from a key whose correspondence is confirmed with the door lock device 2 among the keys held in the storage device 14 in response to the collation result by the collation unit 43. The old key in order is erased from the storage device 14. Thereafter, the processing shown in this flowchart ends.

  FIG. 8 is a flowchart showing the flow of the locking device side locking / unlocking process in the present embodiment. The processing shown in this flowchart is executed when the door lock device 2 receives a message including a locking / unlocking request transmitted from the smart key 1. It should be noted that the specific contents and order of the processing shown in this flowchart are examples for carrying out the present invention. It is preferable that specific processing contents and order are appropriately selected according to the embodiment.

  In step S301, the message transmitted by the smart key 1 is received. The message transmitting / receiving unit 56 of the door lock device 2 receives the message transmitted from the smart key 1 in step S203 of the flowchart shown in FIG. 6 via wireless communication. Thereafter, the process proceeds to step S302.

  In step S302, key selection and message decryption are performed. The key selection unit 55 of the door lock device 2 reads out the oldest key in the issued or received order among the keys held in the storage device 24. Then, the decryption unit 52 of the door lock device 2 attempts to decrypt the message received in step S301 (plain text conversion) using the read key. If the decryption of the message is successful, the lock request or unlock request transmitted by the smart key 1, the key ID, and the counter value are acquired. Thereafter, the process proceeds to step S303.

In step S303, the success or failure of the decoding is determined. The decryption unit 52 of the door lock device 2 refers to the result of the decryption process in step S302, and determines whether the lock request or the unlock request, the key ID, and the counter value are acquired by the decryption process. If the encryption communication method used between the smart key 1 and the door lock device 2 is a common key encryption method, the decryption key is the same as the encryption key, so that the key selection unit 45 of the smart key 1 selects the decryption key. Decryption succeeds when the same key as the key is selected by the key selection unit 55 of the door lock device 2.

  The success or failure of the decoding process may be determined by a method for determining whether or not a correct result is obtained by referring to the result of the decoding, or whether an error or the like has occurred during the decoding process. It may be determined by a method of determining. As a specific method for the determination, it is preferable that an optimal method is appropriately selected according to the encryption algorithm employed. If it is determined that the decoding is successful, the process proceeds to step S306. If it is determined that decoding has failed, the process proceeds to step S304.

  In step S304, the presence / absence of another key is determined. The key selection unit 55 of the door lock device 2 refers to the storage device 24 and determines whether a key other than the key that has failed to be decrypted is held. If another key is held, the process proceeds to step S305. If no other key is held, the process proceeds to step S312.

  In step S305, key selection and message decryption are performed. The key selection unit 55 of the door lock device 2 reads out the keys held in the storage device 24 in the order of issuance or reception, and the next key next to the key related to the determination as a decryption error in step S303. Then, the decryption unit 52 attempts to decrypt (plain text conversion) the message received in step S301, using the read key. If the decryption of the message is successful, the lock request or unlock request transmitted by the smart key 1, the key ID, and the counter value are acquired. Thereafter, the process proceeds to step S303.

  That is, in the locking / unlocking process on the lock device side shown in this flowchart, if the decryption is not successful in the locking / unlocking process using a certain key, the processes shown in steps S303 to S305 are repeated. The door lock device 2 according to the present embodiment repeats the decryption process while changing the decryption key, so that the key database on the smart key 1 side and the key database on the door lock device 2 side are partially inconsistent. In such a case, a matching key is found in the key database.

  In steps S306 and S307, the key ID and the counter value are extracted and confirmed. The locking / unlocking unit 58 extracts the key ID from the plaintext message obtained as a result of the successful decryption in step S302 or S305 (step S306), and the extracted key ID and the storage device 24 of the door lock device 2 in advance. The key ID of the key having the authority to lock and unlock the door lock registered in the ROM 23 is compared (step S307). When the extracted key ID and the pre-registered key ID match, the door lock device 2 confirms that the transmission source of the message including the key ID corresponds to the door lock device 2. It can be determined that it is a smart key 1.

  Further, the locking / unlocking unit 58 extracts the counter value from the plaintext message obtained as a result of the successful decryption (step S306), and records the newly extracted counter value in the storage device 24 of the door lock device 2. The previous counter value is compared (step S307). Here, the counter value newly extracted from the message is the counter value set in the message by the smart key 1 in step S201. The previous counter value is a counter value recorded in the storage device 24 of the door lock device 2 when the previous locking / unlocking process was successful (see step S310).

Even if a message to be transmitted / received is encrypted, a person who does not have the authority to lock / unlock eavesdrops on the encrypted message in the transmission / reception route, and sends the exact same message as that transmitted from the valid smart key 1. There is a risk of resending. For this reason, in this embodiment, the counter value is used to prevent unauthorized locking and unlocking due to message retransmission. As described in steps S201 and S202, the counter value is a value that is added on the smart key 1 side every time a message is transmitted, and the previous counter value is the counter given on the smart key 1 side when locking / unlocking is successful. The value is a value stored in the door lock device 2. For this reason, if it is a message from the legitimate smart key 1 paired with the door lock device 2, it should send a message containing a counter value larger than the previous counter value. When the counter value included in the message is larger than the previous counter value, it can be estimated that the message transmission source is the smart key 1 as a correct communication partner.

  As a result of the comparison, if the key IDs match and the counter value is larger than the previous counter value, the process proceeds to step S308. If the key IDs do not match as a result of the comparison, or if the counter value is smaller than the previous counter value, the processing shown in this flowchart ends.

  In steps S308 and S309, the door lock is unlocked and the counter value is recorded. The locking / unlocking unit 58 controls the lock unit 2b according to the locking request or the unlocking request included in the message, locks or unlocks the vehicle door lock (step S308), and the counter value extracted from the message in step S306, The previous counter value is recorded in the storage device 24 (step S309). Thereafter, the process proceeds to step S310.

  In step S310, a result notification is transmitted to the smart key 1. The message transmitting / receiving unit 56 of the door lock device 2 transmits a result notification message indicating the success of the locking / unlocking to the smart key 1. The result notification transmitted here is preferably encrypted using the key whose decryption was confirmed to be successful in step S303. However, when the result notification message does not include information to be concealed, the result notification message may be transmitted in plain text without being encrypted. Thereafter, the process proceeds to step S311.

  In step S <b> 311, a key older than the designated key is deleted from the storage device 24. The collation unit 53 of the door lock device 2 communicates with the collation unit 43 of the smart key 1 via the message transmission / reception units 46 and 56 to perform the matching process described in step S207. That is, the process shown in step S311 is a process executed simultaneously with the process shown in step S207. In addition, the matching process mainly performed by the collation units 43 and 53 in this step is as described with reference to FIG. The erasure unit 54 receives the collation result by the collation unit 53, and is issued or received from the keys whose correspondence with the smart key 1 is confirmed among the keys held in the storage device 24. The old key is deleted from the storage device 24. Thereafter, the processing shown in this flowchart ends.

  In step S312, a decoding error is transmitted. The message transmitting / receiving unit 56 of the door lock device 2 transmits a result notification message indicating failure of decryption to the smart key 1. The result notification transmitted here cannot be encrypted using a key that has been confirmed to be successfully decrypted. For this reason, it is preferable not to include information to be concealed in the result notification message.

When the transmission of the decoding error is completed, the process proceeds to step S301. That is, the door lock device 2 waits for a lock / unlock request from the smart key 1 encrypted with a different key. The smart key 1 receives the decryption error transmitted in step S312 (see step S204), and if it is determined that the received notification is a decryption error (step S205), the message is encrypted with a different key (step S205). Step S206), and transmits it to the door lock device 2. The door lock device 2 receives a message encrypted with a different key (step S301), and tries decryption again with the key held by the door lock device 2 (see the processing after step S302).

  In the key device side locking / unlocking process and the lock device side locking / unlocking process according to the present embodiment, encryption communication is tried in order from the oldest key in the issued or received order. Are not limited to the oldest. For example, it is good also as trying in order from the newest key. By trying in order from the latest key, the latest corresponding key can be specified between the smart key 1 and the door lock device 2.

  In the above-described embodiment, the case where the smart key 1 and the door lock device 2 have a communication function with the key issuing server 3 is described. However, instead of such an embodiment, a key issuance is performed. Once the key issued from the server 3 is downloaded to the user's PC (personal computer), the user's PC and the smart key 1 or the door lock device 2 are connected by a communication means such as USB (Universal Serial Bus), and the key The database may be updated. In this case, communication between the PC using the USB or the like and the smart key 1 or the door lock device 2 is normally performed in the domain. In addition, in the key update via the PC, unlike the case where the smart key 1 or the door lock device 2 has a communication function with the key issuing server 3 independently, it is necessary to connect a device such as a PC to the user. At an appropriate timing, an alert that prompts the user to perform an update operation may be generated from a vehicle instrument panel, an in-vehicle device (navigation device), or the like.

  When the key is updated by such a method, the key is delivered via a PC that can be easily customized by the user. Therefore, the key issued secretly to the user's PC with a public key or the like is issued. Preferably, no means for decoding is provided. That is, it is preferable that a key issued by being encrypted with a public key or the like is temporarily stored in the storage of the PC while being encrypted and delivered to the smart key 1 or the door lock device 2. In order not to leave a key in the PC storage, dedicated software that operates on the PC is provided, and after the delivery of the key to the smart key 1 or the door lock device 2 is completed, the software is temporarily stored in the PC storage. It is preferable that the key stored in is deleted.

  According to the key distribution system shown in the present embodiment, a key database holds keys for a plurality of generations, and locks and unlocks while changing keys used for encryption and decryption among the plurality of held keys. Even if there is a partial mismatch between the key held in the smart key 1 and the key held in the door lock device 2 by the trial, the corresponding key is found, and safe locking / unlocking is performed. Can be done. By providing a means for finding an effective key at the time of locking / unlocking, it is possible to provide a key issuing system that can perform locking / unlocking reliably without performing complicated key management by the key issuing server 3 or the like. I can do it.

  FIG. 9 is a diagram showing an outline of a method for increasing the security level using random numbers in the key update system according to the present embodiment. In the process described with reference to the flowcharts shown in FIGS. 6 and 8, the smart key 1 encrypts the locking request or unlocking request, the key ID (identifier of the smart key 1), and the counter value. The door lock device 2 that has transmitted (see step S201 to step S203 in FIG. 6) and received the encrypted message decrypts the received message (translates into plaintext), thereby obtaining a lock request or unlock request and a key. The ID and the counter value are acquired (see step S301 to step S303 in FIG. 8).

Here, prior to transmission / reception of an encrypted message, the security level can be further increased by employing the random number transmission shown in FIG. That is, in the process shown in FIG. 9, the door lock device 2 or the vehicle-mounted device (hereinafter, referred to as “vehicle-side device”) generates a random number and periodically transmits (broadcasts) it. Here, the random number may be transmitted by plain text communication. The smart key 1 automatically recognizes that it has approached the target vehicle by obtaining a random number periodically from a vehicle-side device that has sufficient power, and can obtain an opportunity to transmit an unlocking request or the like. In addition, when the random number transmission shown in FIG. 9 is adopted, the smart key 1 transmits an unlocking request or the like after obtaining an opportunity for communication, so that useless communication by the smart key 1 is suppressed, and the smart key 1 Power consumption can be reduced. That is, when the random number transmission shown in FIG. 9 is adopted, the smart key 1 can make an unlock request on demand when a random number broadcast from the vehicle-side device enters an area where it can be received. This makes it possible to prevent unnecessary message transmission.

  Furthermore, according to the processing shown in FIG. 9, since the smart key 1 transmits an unlocking request or the like after receiving an opportunity for communication, useless encrypted communication that may lead to guessing of the encryption key by the smart key 1 And the smart key 1 can recognize the communicable range while keeping the encryption key safe. This also allows the smart key 1 to issue an unlock request with high security on demand.

  The encryption unit 42 of the smart key 1 that has received the random number encrypts the unlock request, the key ID, the random number received from the door lock device 2, and the counter value using the read key (step) S201). Then, the message transmission / reception unit 46 of the smart key 1 transmits the message encrypted in step S201 to the door lock device 2 (step S203).

  The message transmitted by the message transmission / reception unit 46 of the smart key 1 is received by the message transmission / reception unit 56 of the door lock device 2 (step S301). Then, the decryption unit 52 of the door lock device 2 tries to decrypt the received message (plaintext conversion). If the message is successfully decrypted, the unlock request, key ID, random number, and counter value transmitted by the smart key 1 are acquired (step S302). The door lock device 2 can collate the random number acquired in step S302 with the random number broadcast periodically, and determine whether the random number has been transmitted before.

  In this embodiment, when the key update fails, the key once used is reused (refer to the processing described with reference to FIGS. 6 to 8), and there is a concern that the security level is lowered. . For this reason, in the process shown in FIG. 9, a random number is included in the object of encryption, whereby an eavesdropping message is changed every time communication is performed, and it is difficult for the eavesdropper to decrypt the key. Although the ciphertext that can be wiretapped can be changed for each communication by using the counter value described with reference to FIGS. 6 to 8, a random number may be used instead of the counter value, or a random number may be combined with the counter value. By using it, the security level can be further increased.

DESCRIPTION OF SYMBOLS 1 Smart key 2 Door lock device 2a Door lock control device 2b Lock part 3 Key issuing server

Claims (12)

Key receiving means for receiving the key issued by the key issuing device;
A plurality of different keys for each issue by the key issuing device, a key holding means for holding in a storage device;
A key selecting means for selecting a key for encrypting the locking / unlocking request transmitted to the locking device from the keys held by the key holding means;
Encryption means for encrypting the locking / unlocking request using the key selected by the key selection means;
Message transmitting means for transmitting the locking / unlocking request encrypted by the encryption means to the locking device;
Message receiving means for receiving a notification of successful locking and unlocking according to the locking and unlocking request by the locking device, and
If the message receiving means does not receive a notification of successful locking / unlocking according to the locking / unlocking request, the key selecting means changes the key to be selected for encryption, and the encryption means Encrypt the unlocking request using
Key device. The key holding means holds the plurality of keys in the storage device in association with the order in which the keys are issued or received;
When the message receiving means receives the notification of successful locking / unlocking, a key older than the key paired with the key held in the lock device is based on the order associated with the key holding means. The key device according to claim 1, further comprising an erasing unit that identifies and erases the data from the storage device. When the notification of successful locking / unlocking is received by the message receiving means, further comprising a collating means for collating the key held in the storage device and the key held in the locking device,
The erasure unit is configured so that, as a result of collation by the collation unit, keys older than the key determined to be paired with the key held in the lock device are in the order associated with the key holding unit. To identify and erase from the storage device,
The key device according to claim 2. The collation means collates the key held in the storage device and the key held in the lock device through cryptographic communication using the key related to the successful locking / unlocking,
The key device according to claim 3. Key receiving means for receiving the key issued by the key issuing device;
A plurality of different keys for each issue by the key issuing device, a key holding means for holding in a storage device;
Message receiving means for receiving an encrypted locking / unlocking request transmitted from the key device;
A key selection unit that selects a key for decrypting the locking / unlocking request from the keys held by the key holding unit;
Decryption means for decrypting the locking / unlocking request using the key selected by the key selection means;
Locking / unlocking means for locking / unlocking according to the locking / unlocking request decoded by the decoding means,
If decryption by the decryption means is not successful, the key selection means changes the key to be selected for decryption, and the decryption means decrypts the unlocking / unlocking request using the changed key.
Lock control device. The key holding means holds the plurality of keys in the storage device in association with the order in which the keys are issued or received;
When a correct result is obtained by the decryption by the decryption means and the unlocking by the lock / unlock means is completed, a key older than the key paired with the key retained in the key device is obtained by the key retaining means. The lock control device according to claim 5, further comprising: an erasing unit that is identified based on the associated order and erases from the storage device. When the decryption by the decryption means is successful, further comprising a collation means for collating the key held in the storage device and the key held in the key device,
The erasure unit is configured so that, as a result of the verification by the verification unit, keys older than the key determined to be paired with the key held in the key device are in the order associated with the key holding unit. To identify and erase from the storage device,
The lock control device according to claim 6. The collation unit collates a key held in the storage device and a key held in the key device via encrypted communication using a key related to the success of decryption by the decryption unit.
The lock control device according to claim 7. Computer
Key receiving means for receiving the key issued by the key issuing device;
A plurality of different keys for each issue by the key issuing device, a key holding means for holding in a storage device;
A key selecting means for selecting a key for encrypting the locking / unlocking request transmitted to the locking device from the keys held by the key holding means;
Encryption means for encrypting the locking / unlocking request using the key selected by the key selection means;
Message transmitting means for transmitting the locking / unlocking request encrypted by the encryption means to the locking device;
The lock device functions as message receiving means for receiving a notification of successful locking / unlocking according to the locking / unlocking request,
If the message receiving means does not receive a notification of successful locking / unlocking according to the locking / unlocking request, the key selecting means changes the key to be selected for encryption, and the encryption means Encrypt the unlocking request using
Program for controlling the key device. Computer
Key receiving means for receiving the key issued by the key issuing device;
A plurality of different keys for each issue by the key issuing device, a key holding means for holding in a storage device;
Message receiving means for receiving an encrypted locking / unlocking request transmitted from the key device;
A key selection unit that selects a key for decrypting the locking / unlocking request from the keys held by the key holding unit;
Decryption means for decrypting the locking / unlocking request using the key selected by the key selection means;
Functioning as locking / unlocking means for locking / unlocking according to the locking / unlocking request decoded by the decoding means,
If decryption by the decryption means is not successful, the key selection means changes the key to be selected for decryption, and the decryption means decrypts the unlocking / unlocking request using the changed key.
Program for controlling the locking device. Computer
A key receiving step for receiving a key issued by the key issuing device;
A key holding step of holding a plurality of different keys for each issue by the key issuing device in a storage device;
A key selection step of selecting a key for encrypting the locking / unlocking request transmitted to the locking device from the keys held in the key holding step;
An encryption step for encrypting the locking / unlocking request using the key selected in the key selection step;
A message transmission step of transmitting the lock / unlock request encrypted in the encryption step to the lock device;
A message receiving step of receiving a notification of successful locking and unlocking according to the locking and unlocking request by the locking device;
When the notification of successful locking / unlocking according to the locking / unlocking request is not received in the message receiving step, the key selected for encryption is changed in the key selection step, and the changed key is changed in the encryption step. The unlocking request is encrypted using
Key device control method. Computer
A key receiving step for receiving a key issued by the key issuing device;
A key holding step of holding a plurality of different keys for each issue by the key issuing device in a storage device;
A message receiving step for receiving an encrypted unlocking request sent from the key device;
A key selection step of selecting a key for decrypting the locking / unlocking request from the keys held in the key holding step;
A decryption step of decrypting the lock / unlock request using the key selected in the key selection step;
A locking / unlocking step for locking / unlocking the lock according to the locking / unlocking request decoded in the decoding step,
If the decryption in the decryption step is not successful, in the key selection step, the key selected for decryption is changed, and in the decryption step, the unlocking / unlocking request is decrypted using the changed key.
Control method of the locking device.

Images