JP2012123587A - Authentication system and authentication method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To reduce computation load associated with calculation of confidential information from distributed information.SOLUTION: Disclosed is an authentication system including devices having different functions and parameters, and an authentication device. When pieces of confidential information derived from the function of one of the devices and the respective parameters of the other devices, or confidential information derived from the parameter of one of the devices the respective functions of the other devices coincide with each other, the authentication device authenticates the devices. Thereby computation processing load for confidential information calculation can be reduced.

Description

  The present invention relates to an authentication system and an authentication method.

  In an authentication system for authenticating whether or not a plurality of cooperating devices are authentic, a method for improving security has been proposed. One example is a secret sharing method (for example, Patent Documents 1 to 4). In the secret sharing method, information for obtaining secret information is distributed and held in a plurality of devices (hereinafter, distributed information holding devices) as distributed information. The secret information is defined as, for example, the Y intercept of a linear equation in the XY coordinate plane. In this case, the XY coordinates of a plurality of points on the linear equation are dispersion information. In this method, respective pieces of shared information are collected from at least two shared information holding devices, and a linear equation is obtained from the collected shared information. Then, secret information that is an intercept of the linear equation is obtained. Then, the distributed information holding device is authenticated based on whether the obtained secret information is correct or not.

Japanese Patent Laid-Open No. 9-212089 JP 2004-274320 A JP 2004-343816 A JP-A-2005-130404

  The authentication system as described above can be used for, for example, a vehicle security system. In the vehicle security system, the distributed information is held in, for example, an electronic key or an IC card carried by the driver. A security system for a vehicle is required to improve security while reducing cost.

On the other hand, in the secret sharing method as described above, it is necessary to perform division in order to obtain a linear equation from the shared information. For example, a straight line passing through the point (x1, y1) and the point (x2, y2) and having the secret information S as an intercept is represented by the following expression.
y = [(y2-y1) / (x2-x1)]. x + S
Then, the secret information S is obtained as follows.
Secret information S = (x2 · y1−x1 · y2) / (x2−x1)
However, here, division is required in order to obtain the secret information S. However, division is more computationally intensive than addition / subtraction or multiplication. Therefore, a device for obtaining secret information is required to have a certain level of arithmetic processing capability. This is a factor that hinders cost reduction of the security system.

  Accordingly, an object of the present invention is to provide an authentication system capable of improving security, reducing the calculation load for calculating secret information, and reducing the cost.

  In order to achieve the above object, an authentication system according to the first aspect of the present invention includes a device group having a different function and a different parameter, the function of one device in the device group, and the one function. The secret information obtained for each function from the parameters of devices other than the device, or the parameters of the parameters of one device of the device group and the functions of devices other than the one device. And an authentication device that authenticates the device group when the secret information obtained for each device matches.

  According to the following embodiments, it is possible to improve security and reduce the calculation processing load for calculating secret information.

It is a figure which shows the structural example of an authentication system when the number of shared information holding devices is two. It is a figure which shows the structural example of an authentication system when the number of shared information holding devices is three. It is a figure which shows the modification of FIG. It is a figure explaining 1st Example. It is a detailed structural example of an immobilizer system. It is a figure explaining 2nd Example. It is a figure which shows the detailed structural example of an air pressure monitoring system. It is a figure explaining the modification in 2nd Example. It is a figure which shows the detailed structural example of an air pressure monitoring system. It is a figure explaining the process which detects an unauthorized air pressure sensor. It is a flowchart figure explaining the example of an operation | movement procedure of the authentication system in 1st Embodiment. It is a flowchart figure explaining the example of an operation | movement procedure of the authentication system in 1st Embodiment. It is a figure which shows the structural example of the authentication system in 2nd Embodiment. It is a figure which shows 3rd Example. It is a figure which shows 4th Example. It is a flowchart figure explaining the example of an operation | movement procedure of an authentication system when using a parent device. It is a flowchart figure explaining the example of an operation | movement procedure of the authentication process in 2nd Embodiment.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. However, the technical scope of the present invention is not limited to these embodiments, but extends to the matters described in the claims and equivalents thereof.

[First embodiment]
The authentication system in the first embodiment includes a distributed information holding device group and an authentication device that authenticates them.

  FIG. 1 is a diagram illustrating a configuration example of an authentication system when the number of distributed information holding devices is two. For example, this authentication system includes shared information holding devices 10_1 and 10_2 and an authentication device 20, and further includes a shared information generation apparatus 1 that generates shared information held by the shared information holding devices 10_1 and 10_2.

  The shared information holding device 10_1 has a function f1 (X) and a parameter X1 as shared information. On the other hand, the shared information holding device 10_2 has a function f2 (X) and a parameter X2 (≠ X1) as shared information. The function f1 (X) and the parameter X1, and the function f2 (X) and the parameter X2 are generated by the shared information generating apparatus 1 as follows, for example, and distributed to the shared information holding devices 10_1 and 10_2.

First, the distributed information generation device 1 generates arbitrary parameters X1 and X2. When the secret information is S, the shared information generating apparatus 1 determines an arbitrary coefficient a of the variable term in the function f1 (X), and an arbitrary coefficient b (of the variable term in the function f2 (X). ≠ a) is determined. Then, the shared information generating apparatus 1 generates functions f1 (X) and f2 (X) represented by the following linear equations.
Function f1 (X) = a · X + α (where constant term α = S−a · X2)
Function f2 (X) = b · X + β (where constant term β = S−b · X1)
In this authentication system, a process of obtaining the secret information S for each function from the function of one shared information holding device and the parameters of the other shared information holding device out of the two shared information holding devices 10_1 and 10_2 is executed. Is done. Such processing is performed by the authentication device 20, for example. The authentication device 20 acquires the parameter X1 and the function f1 (X) from the shared information holding device 10_1, and acquires the parameter X2 and the function f2 (X) from the shared information holding device 10_2. Then, for example, the authentication device 20 assigns the parameter X2 to the function f1 (X), and the secret obtained for each function fn (n = 1, 2,... For convenience in the following description). The information is S_n), and the parameter X1 is substituted into the function f2 (X) to obtain the secret information S_2. Here, the secret information S_1 and S_2 are as follows.
Secret information S_1 = a · X2 + α
Secret information S_2 = b · X1 + β
Then, the authentication device 20 authenticates the distributed information devices 10_1 and 10_2 when the obtained secret information S_1 and S_2 match. In yet another example, the authentication device 20 authenticates the distributed information devices 10_1 and 10_2 when the secret information S_1 and S_2 match each other and matches the matching secret information S. The secret information S for verification is stored in a storage device outside the authentication device 20, for example.

  In another example of the process for obtaining the secret information S_1 and S_2, the distributed information holding device 10_1 (or 10_2) performs the process for obtaining the secret information S_1 and S_2. For example, the shared information holding device 10_1 (or 10_2) acquires the function f2 (X) (or f1 (X)) and the parameter X2 (or X1) from the shared information device 10_2 (or 10_1), and the secret information S_1, S_2 is obtained. In another example, both of the shared information holding devices 10_1 and 10_2 obtain the parameters X2 and X1 from the other, respectively, and obtain the secret information S_1 and S_2 from their own functions f1 (X) and f2 (X). .

  In another example of the authentication process, the shared information holding device 10_1 or 10_2 sends the obtained secret information S_1 and S_2 to the authentication device 20, and the authentication device 20 determines whether the secret information S_1 and S_2 match or does not match. Authenticate. In another example, the shared information holding device 10_1 or 10_2 determines whether the obtained secret information S_1 and S_2 match or does not match, and sends the determination result to the authentication device 20. Based on the determination result, the authentication device 20 Authenticates.

  FIG. 2 is a diagram illustrating a configuration example of the authentication system when the number of shared information holding devices is three. For example, this authentication system includes shared information holding devices 10_1, 10_2, and 10_3, an authentication device 20, and further includes a distributed information generation apparatus 1. The shared information holding device 10_1 has a function f1 (X) and a parameter X1. Further, the shared information holding device 10_2 has a function f2 (X) and a parameter X2 (≠ X1). The shared information holding device 10_3 has a function f3 (X) and a parameter X3 (≠ X1 and ≠ X2).

  The function f1 (X) and the parameter X1, the function f2 (X) and the parameter X2, and the function f3 (X) and the parameter X3 are generated by the shared information generation device 1 as follows, for example, and the distributed information holding device Distributed to 10_1, 10_2, and 10_3.

First, the distributed information generation device 1 generates arbitrary parameters X1, X2, and X3. When the secret information is S, the shared information generating apparatus 1 determines an arbitrary coefficient a of the variable term in the function f1 (X), and an arbitrary coefficient b (of the variable term in the function f2 (X). ≠ a) and an arbitrary coefficient c (≠ a and ≠ b) of the variable term in the function f3 (X) is determined. Then, the shared information generating apparatus 1 generates functions f1 (X), f2 (X), and f3 (X) expressed by the following linear equations.
Function f1 (X) = a · X + α (where constant term α = Sa− (X2 + X3))
Function f2 (X) = b · X + β (where constant term β = S−b · (X1 + X3))
Function f3 (X) = c · X + γ (where constant term γ = S−c · (X1 + X2))
In this authentication system, a process for obtaining secret information from a function of one shared information holding device out of the three shared information holding devices 10_1, 10_2, and 10_3 and parameters of the other two shared information holding devices. , Executed for each function. Such processing is performed by the authentication device 20, for example.

The authentication device 20 acquires the parameter X1 and the function f1 (X) from the shared information holding device 10_1, acquires the parameter X2 and the function f2 (X) from the shared information holding device 10_2, and receives the parameter X3 from the shared information holding device 10_3. The function f3 (X) is acquired. Then, the authentication device 20 obtains secret information S_1 by substituting the sum of the parameters X2 and X3 into the function f1 (X). Further, the authentication device 20 obtains secret information S_2 by substituting the sum of the parameters X1 and X3 into the function f2 (X). Then, the authentication device 20 obtains the secret information S_3 by substituting the sum of the parameters X1 and X2 into the function f3 (X). Here, the secret information S_1 to 3 is as follows.
Secret information S_1 = a · (X2 + X3) + α
Secret information S_2 = b · (X1 + X3) + β
Secret information S_3 = c · (X1 + X2) + γ
Then, the authentication device 20 authenticates the distributed information devices 10_1 to 3 when the obtained secret information S_1 to 3 match. For example, the authentication device 20 performs authentication when the secret information S_1 to 3 obtained by itself matches. Furthermore, in another example, the authentication device 20 performs authentication when the secret information S_1 to 3 coincides with the collation secret information S.

  In another example of the process for obtaining the secret information S_1 to 3, one of the shared information holding devices 10_1 to 3 acquires a function and a parameter from the other two shared information holding devices, and the secret information S_1 to 3 is obtained. Ask. In another example, each of the shared information holding devices 10_1 to 3_1 acquires parameters from the other two shared information holding devices, and obtains the secret information S_1 to 3 using its own functions f1 to 3 (X).

  In another example of the authentication process, the shared information holding device 10_1, 10_2, or 10_3 transfers the obtained secret information S_1 to 3 to the authentication device 20, and the authentication device 20 matches or does not match the secret information S_1 to 3. And authenticate. In another example, the shared information holding device 10_1, 10_2, or 10_3 determines whether the obtained secret information S_1 to 3 matches or does not match, and transfers the determination result to the authentication device 20, based on the determination result. The authentication device 20 performs authentication.

  FIG. 3 is a diagram showing a modification of FIG. In this modification, a process for obtaining secret information for each parameter from a parameter of one shared information holding device among the shared information holding devices and a function of other shared information holding devices is performed. Here, the function f1 (X) and the parameter X1, the function f2 (X) and the parameter X2, and the function f3 (X) and the parameter X3 are generated by the distributed information generation device 1 as follows, for example.

First, the distributed information generation device 1 generates arbitrary parameters X1, X2, and X3. When the secret information is S, the shared information generating apparatus 1 determines arbitrary constants a, b (≠ a), and c (≠ a and ≠ b). Then, the shared information generating apparatus 1 generates functions f1 (X), f2 (X), and f3 (X) that indicate the following linear equations. Then, the shared information generating apparatus 1 generates the following constant terms α, β, and γ.
Constant term α = (S + (b + c) .X1- (a + c) .X2- (a + b) .X3) / 2
Constant term β = (S− (b + c) × X1 + (a + c) × X2− (a + b) × X3) / 2
Constant term γ = (S− (b + c) × X1− (a + c) × X2 + (a + b) × X3) / 2
Then, the shared information generating apparatus 1 generates functions f1 (X), f2 (X), and f3 (X) represented by the following linear equations.
Function f1 (X) = a · X + α
Function f2 (X) = b · X + β
Function f3 (X) = c · X + γ
For example, the authentication device 20 substitutes the parameter X1 of the shared information holding device 10_1 into the sum of the function f2 (X) of the shared information holding device 10_2 and the function f3 (X) of the shared information holding device 10_3. Thus, the secret information S_1 is obtained. Further, the authentication device 20 substitutes the parameter X2 of the shared information holding device 10_2 for the sum of the function f1 (X) of the shared information holding device 10_1 and the function f3 (X) of the shared information holding device 10_3. The secret information S_2 is obtained. Then, the authentication device 20 substitutes the parameter X3 of the shared information holding device 10_3 for the sum of the function f1 (X) of the shared information holding device 10_1 and the function f2 (X) of the shared information holding device 10_2. The secret information S_3 is obtained. Here, the secret information S_1 to 3 is as follows.
Secret information S_1 = f2 (X1) + f3 (X1) = (b + c) · X1 + β + γ
Secret information S_2 = f1 (X2) + f3 (X2) = (a + c) · X2 + α + γ
Secret information S_3 = f1 (X3) + f2 (X3) = (a + b) · X3 + α + β
Note that this processing may be performed in any one of the distributed information holding devices 10_1 to 3 instead of the authentication device 20, as in the case of FIG. Then, as in the case of FIG. 2, the authentication device 20 authenticates the distributed information devices 10_1 to 3 when the obtained secret information S_1 to 3 match.

  As shown in FIGS. 1 to 3, the authentication system according to the first embodiment includes n (n = 2, 3, 4,...) Distributed information holding devices each having a different function and a different parameter. 10_1 to n. Then, the process of obtaining the secret information S_1 to n from the function (or parameter) of one shared information holding device and the parameters (or functions) of the other (n−1) shared information holding devices is performed by the function (parameter ) Every time. Then, when the secret information S_1 to n matches, authentication of the distributed information holding devices 10_1 to n is performed.

  In the example of FIGS. 1 to 3, when obtaining the secret information S_1 to n, addition and multiplication are performed, and division is not performed. Therefore, the configuration of the arithmetic circuit for obtaining the secret information can be simpler than the circuit for performing the division. Therefore, for example, when compared with an example of a distributed secret method for obtaining a linear equation that passes through a plurality of coordinate positions, a simpler calculation process is possible. Therefore, the authentication system can be configured with a simpler circuit configuration, and the cost can be reduced.

  The authentication system in the first embodiment is applied to the following system, for example.

  FIG. 4 is a diagram illustrating a first example to which the authentication system of the first embodiment is applied. In the first embodiment, the authentication system is applied to an immobilizer system. In the first embodiment, the distributed information holding device group is a license 10_1a and an electronic key 10_2a. The license 10_1a is, for example, an IC card. The license 10_1a has shared information d_1 including a function f1 (x) and a parameter X1. The electronic key 10_2a is provided in, for example, a mechanical vehicle key. The electronic key 10_2a has shared information d_2 including a function f2 (x) and a parameter X2.

  The authentication device 20 is, for example, an engine ECU (Electronic Control Unit) 20a. A reading device 11 and an ignition switch 12 are connected to the engine ECU 20 a via an in-vehicle LAN (Local Area Network) 13. A storage device 201 is connected to the engine ECU 20a. The reading device 11 is, for example, an IC card reader. The reading device 11 reads the shared information d_1 from the license 10_1a and transfers it to the engine ECU 20a. The ignition switch 12 is mechanically turned on and off by a vehicle key to which the electronic key 10_2a is attached, and sends a control signal corresponding to the on and off to the engine ECU 20a. The ignition switch 12 has means for receiving the shared information d_2 transmitted from the electronic key 10_2a and transferring it to the engine ECU 20a. The in-vehicle LAN 13 is, for example, a CAN (Controller Area Network). Further, the storage device 201 stores secret information S for verification.

  FIG. 5 is a detailed configuration example of the immobilizer system. The electronic key 10_2a includes a storage unit 33 that stores the shared information d_2 and a communication unit 32 that transmits the shared information d_2 read from the storage unit 33. The engine ECU 20 a includes, for example, a CPU (Central Processing Unit) 21, a ROM 23, a RAM (Random Access Memory) 22, and an interface unit 25 connected via a bus 24. A storage device 201 is connected to the interface unit 25. Further, the communication device 120 and the reading device 11 are connected to the interface unit 25 via the in-vehicle LAN 13.

  The communication device 120 is provided in the ignition switch 12, for example, receives the shared information d_2 transmitted from the communication unit 32 of the electronic key 10_2a, and transfers it to the CPU 21 via the interface unit 25. Further, the reading device 11 reads the shared information d_1 from the license 10_1a which is an IC card, and transfers it to the CPU 21 via the interface unit 25. The storage device 201 has, for example, a ROM (Read Only Memory), and stores the confidential information S for verification in the ROM.

  The CPU 21 performs authentication processing based on the distributed information transferred from the communication device 120 or the reading device 11. At this time, the CPU 21 executes secret information calculation and authentication processing according to the processing program stored in the ROM 23. Various data and programs necessary for processing are temporarily stored in the RAM 22.

  Authentication processing in the immobilizer system will be described with reference to FIGS. First, the engine ECU 20a obtains the secret information S_1 and 2 based on the shared information d_1 that the license 10_1a has and the shared information d_2 that the electronic key 10_2a has. Specifically, the engine ECU 20a acquires the shared information d_1 including the function f1 (x) and the parameter X1 from the license 10_1a, and acquires the shared information d_2 including the function f2 (x) and the parameter X2 from the electronic key 10_2a. .

Then, the engine ECU 20a calculates the secret information S_1 from the function f1 (X) acquired from the license 10_1a and the parameter X2 acquired from the electronic key 10_2a. Further, the engine ECU 20a calculates the secret information S_2 from the function f2 (X) acquired from the electronic key 10_2a and the parameter X1 acquired from the license 10_1. Here, the secret information S_1 and S_2 are as follows.
Secret information S_1 = a · X2 + α
Secret information S_2 = b · X1 + β
The engine ECU 20a authenticates that the license 10_1a and the electronic key 10_2a are authentic when the calculated secret information S_1 and S_2 match each other and matches the matching secret information S.

  The engine ECU 20a permits the engine start in response to the ignition switch 12 being turned on when the authentication is established. On the other hand, when the authentication is not established, the engine start is not permitted even if the ignition switch 12 is turned on. According to such an immobilizer system, for example, security can be further improved as compared with a case where secret information is stored only in an electronic key and the authentication is performed.

  FIG. 6 is a diagram illustrating a second example to which the authentication system of the first embodiment is applied. In the second embodiment, the authentication system is applied to an air pressure monitoring system that monitors the air pressure of a vehicle tire. The distributed information holding device group is, for example, air pressure sensors 10_1b to 4b provided for each tire. The air pressure sensors 10_1b to 4b include, for example, a piezoelectric element that detects tire air pressure and a communication device that wirelessly transmits the detected air pressure. The air pressure sensors 10_1 to 4b have distributed information d_11 to 14, respectively.

  The authentication device 20 is, for example, a body ECU (Electronic Control Unit) 20b. A wireless communication device not shown here is connected to the body ECU 20b via an in-vehicle LAN 27 such as a LIN (Local Interconnect Network). Thereby, body ECU20b receives the dispersion | distribution information d_11-14 which air pressure sensors 10_1b-4b transmit wirelessly. The storage device 202 is connected to the body ECU 20b. The storage device 202 stores secret information S for verification.

  FIG. 7 is a detailed configuration example of the air pressure monitoring system. Each of the air pressure sensors 10_1b to 4b includes a storage unit 33 that stores the distributed information d_1 to 14 and a communication unit 32 that wirelessly transmits the distributed information read from the storage unit 33. The body ECU 20 b includes, for example, a CPU 21, a ROM 23, a RAM (Random Access Memory) 22, and an interface unit 25 that are connected by a bus 24.

  A storage device 202 is connected to the interface unit 25. Further, the communication device 122 is connected to the interface unit 25 via the in-vehicle LAN 27. The storage device 202 has, for example, a ROM. In this ROM, as shown in FIG. 5, secret information S for verification is stored. The communication device 122 receives the distributed information d_11 to 14 transmitted from the communication unit 32 of the air pressure sensors 10_1b to 4b and transfers it to the CPU 21 via the interface unit 25.

  The CPU 21 performs authentication processing based on the shared information d_11 to 14 transferred from the communication device 122. At this time, the CPU 21 executes secret information calculation and authentication processing according to the processing program stored in the ROM 23. At this time, data necessary for the processing is temporarily stored in the RAM 22.

  Authentication processing in the air pressure monitoring system will be described with reference to FIGS. In the authentication process, the body ECU 20b obtains secret information S_1 to 4 based on the shared information d_1 to 14 included in the air pressure sensors 10_1b to 4b. Specifically, the body ECU 20b acquires the dispersion information d_11 to 14 from the air pressure sensors 10_1b to 4b, respectively. The shared information d_11 includes a function f1 (x) and a parameter X1. Further, the distributed information d_12 includes a function f2 (x) and a parameter X2. Further, the distributed information d_13 includes a function f3 (x) and a parameter X3. The shared information d_14 includes a function f4 (x) and a parameter X4.

Here, the parameters X1 to X4 (X1 ≠ X2 ≠ X3 ≠ X4) are arbitrarily determined parameters. When the secret information is S, the functions f1 to 4 (X) are linear equations as follows.
Function f1 (X) = a · X + α (where a is an arbitrary coefficient, constant term α = S−a · (X2 + X3 + X4))
Function f2 (X) = b · X + β (where b (≠ a) is an arbitrary coefficient, constant term β = S−b · (X1 + X3 + X4))
Function f3 (X) = c · X + γ (where c (≠ a and ≠ b) is an arbitrary coefficient, constant term γ = S−c · (X1 + X2 + X4))
Function f4 (X) = d · X + δ (where d (≠ a, ≠ b and ≠ c) is an arbitrary coefficient, constant term δ = S−d · (X1 + X2 + X3))
The body ECU 20b calculates the secret information S_1 by substituting the sum of the parameters X2 to X4 acquired from the air pressure sensors 10_2b to 4b into the function f1 (X) acquired from the air pressure sensor 10_1b. In addition, the body ECU 20b calculates the secret information S_2 by substituting the sum of the parameters X1, X3, and X4 acquired from the air pressure sensors 10_1b, 10_3b, and 10_4b for the function f2 (X) acquired from the air pressure sensor 10_2b. The body ECU 20b calculates the secret information S_3 by substituting the sum of the parameters X1, X2, and X4 acquired from the air pressure sensors 10_1b, 10_2b, and 10_4b into the function f3 (X) acquired from the air pressure sensor 10_3b. Then, the body ECU 20b calculates the secret information S_4 by substituting the sum of the parameters X1 to X3 acquired from the air pressure sensors 10_1 to 3b into the function f4 (X) acquired from the air pressure sensor 10_4b. Here, the secret information S_1 to 4 is as follows.
Secret information S_1 = a. (X2 + X3 + X4) + α
Secret information S_2 = b · (X1 + X3 + X4) + β
Secret information S_3 = c · (X1 + X2 + X4) + γ
Secret information S_4 = d · (X1 + X2 + X3) + δ
Then, the body ECU 20b authenticates that the air pressure sensors 10_1b to 4b are authentic when the calculated secret information S_1 to 4 matches and the matching secret information S matches.

  When the authentication is successful, the body ECU 20b transmits, for example, a signal permitting engine start to the engine ECU. On the other hand, when authentication is not established, a signal for prohibiting engine start is transmitted. By doing so, it is possible to avoid a situation in which the proper air pressure monitoring cannot be performed by using the non-genuine air pressure sensor.

  FIG. 8 is a diagram for explaining a modification of the second embodiment. This modification differs from the second embodiment in that each of the air pressure sensors 10_1b to 4b obtains parameters from other air pressure sensors and obtains secret information by its own function. A detailed configuration example of the air pressure monitoring system for performing such an operation is shown in FIG. Each of the air pressure sensors 10_1b to 4b includes a storage unit 33 that stores the dispersion information d_1 to 14 and a communication unit 32 that wirelessly transmits a parameter among the dispersion information read from the storage unit 33. An arithmetic processing unit 34 is included. The arithmetic processing unit 34 calculates secret information by using its own function from parameters acquired from other air pressure sensors. The arithmetic processing unit 34 is, for example, a microcomputer. However, the arithmetic processing unit 34 may be an inexpensive arithmetic device having a simple arithmetic circuit that performs only addition and multiplication. Body ECU 20b has the same configuration as that shown in FIG.

  An authentication process according to the modification will be described with reference to FIGS. First, the air pressure sensor 10_1b acquires the respective parameters X2 to X4 from the other air pressure sensors 10_2b to 4b. For example, the air pressure sensors 10_2b to 4b wirelessly transmit the respective parameters X2 to X4 to the body ECU 20b. Then, the body ECU 20b wirelessly transmits the parameters X2 to X4 to the air pressure sensor 10_1b. Next, the air pressure sensor 10_1b calculates the secret information S_1 from the parameters X2 to X4 using its function f1 (X). Then, the air pressure sensor 10_1b transmits the calculated secret information S_1 to the body ECU 20b.

  The air pressure sensors 10_2b to 4b perform the same processing. For example, the air pressure sensor 10_2b acquires the respective parameters X1, X3, and X4 from the other air pressure sensors 10_1b, 10_3b, and 10_4b via the body ECU 20b (not shown). Then, the air pressure sensor 10_1b calculates the secret information S_2 from the parameters X1, X3, and X4 by using its function f2 (X). Then, the air pressure sensor 10_2b transmits the calculated secret information S_2 to the body ECU 20b. Further, the air pressure sensor 10_3b acquires the respective parameters X1, X2, and X4 from the other air pressure sensors 10_1b, 10_2b, and 10_4b via the body ECU 20b (not shown). Then, the air pressure sensor 10_3b calculates the secret information S_3 from the parameters X1, X2, and X4 by using its function f3 (X). Then, the air pressure sensor 10_3b transmits the calculated secret information S_3 to the body ECU 20b. Further, the air pressure sensor 10_4b acquires the respective parameters X1 to X3 from the other air pressure sensors 10_1b to 3b via the body ECU 20b (not shown). Then, the air pressure sensor 10_4b calculates the secret information S_4 from the parameters X1 to X3 using its own function f4 (X). Then, the air pressure sensor 10_4b transmits the calculated secret information S_4 to the body ECU 20b.

  Then, the body ECU 20b authenticates the air pressure sensors 10_1b to 4b when the secret information S_1 to S_4 matches and the matching secret information S matches.

  In this modified example, since the air pressure sensors 10_1b to 4b do not transmit the respective functions f1 to f4 to other air pressure sensors, it is possible to avoid such information being illegally acquired by a third party or the like on the transmission path. . Even if the parameters X1 to X4 are illegally acquired and an illegal air pressure sensor imitated by storing them is attached to the vehicle, this can be detected as follows.

  FIG. 10 is a diagram illustrating processing for detecting an unauthorized air pressure sensor. FIG. 10 shows a state in which an unauthorized air pressure sensor 10_5b is attached instead of the genuine air pressure sensor 10_4b shown in FIG. The unauthorized air pressure sensor 10_5b stores imitated unauthorized distributed information d_15. The distributed information d_15 includes the authentic parameter X4 of the air pressure sensor 10_4b that has been illegally acquired. On the other hand, the function f4 (X) of the authentic air pressure sensor 10_4b is not transferred to another air pressure sensor as shown in FIG. Accordingly, the illegal shared information d_15 includes an illegal function f5 (X) different from the genuine function f4 (X) or does not include a function.

  In such a state, the unauthorized air pressure sensor 10_5b transmits the authentic parameter X4 to the other authentic air pressure sensors 10_1b to 3b. Then, the secret information S_1 to 3 obtained by the air pressure sensors 10_1b to 3b respectively match with each other and the secret information for verification. On the other hand, in the unauthorized air pressure sensor 10_5b, even if the genuine parameters X1 to X3 transmitted from the air pressure sensors 10_1b to 3b are used, the unauthorized secret information S_5 is calculated by using the unauthorized function f5 (X). The Therefore, the body ECU 20b can determine that the air pressure sensor 10_5b is an illegal product by detecting that the air pressure sensor 10_5b calculates the illegal secret information S_5.

  For example, the body ECU 20b matches the unauthorized secret information S_5 transmitted from the air pressure sensor 10_5b with the genuine secret information S_1 to 3, and detects the mismatch. Alternatively, the secret information is not calculated unless the air pressure sensor 10_5b has a function. Therefore, the body ECU 20b can detect that the air pressure sensor 10_5b is an unauthorized product by determining that secret information is not transmitted from the air pressure sensor 10_5b.

  According to such a modified example, when any of the secret information S_1 to 4 does not match the other, or when any of the secret information S_1 to 4 is missing, an unauthorized air pressure sensor can be detected. When the body ECU 20b detects an unauthorized air pressure sensor, the body ECU 20b displays, for example, information indicating that an unauthorized product has been detected in addition to transmitting a control signal for prohibiting engine start to the engine ECU. Or output audio. In this way, safety can be improved.

  FIG. 11 is a flowchart for explaining an operation procedure example of the authentication system in the first embodiment. The procedure shown in FIG. 11 is an example of the generation / setting procedure of shared information. This example procedure includes an operation procedure of the shared information generating apparatus 1. The distributed information generation apparatus 1 is, for example, a host system in the manufacturer of the immobilizer system shown in FIG. 4 or the air pressure monitoring system shown in FIG. The shared information generation device 1 generates parameters X1 to n for the shared information holding devices 10_1 to 10_1-n (Step 2). Then, the shared information generating apparatus 1 determines a constant term from the secret information S, the parameters X1 to n, and the coefficient of the variable term, and determines the functions f1 to n (Step 4). Then, the shared information generation device 1 distributes the functions f1 to n and the parameters X1 to n to the shared information holding devices 10_1 to n (Step 6). Note that step Step 6 may be performed manually or semi-automatically by the operator. And each shared information holding device 10_1-n stores each function f1-n and parameter X1-n (Step8).

  FIG. 12 is a flowchart for explaining an operation procedure example of the authentication system in the first embodiment. The procedure shown in FIG. 12 is a procedure example of secret information calculation processing and authentication processing. First, a process that requires authentication is requested (Step 10). For example, in the case of an immobilizer system or a pneumatic monitoring system, the ignition switch is mechanically turned on. Then, the shared information is collected to obtain the secret information (Step 12). For example, the authentication device 20 acquires functions and parameters from the distributed information holding devices 10_1 to 10_1-n. Alternatively, all or one of the shared information holding devices 10_1 to 10_1n acquires parameters or parameters and functions from other shared information devices.

  Then, secret information S_1 to n is obtained for each function (or for each parameter) (Step 14). For example, the authentication device 20 calculates the secret information S_1 to n for each function (or for each parameter) acquired from the distributed information holding devices 10_1 to n. Alternatively, all or any of the shared information holding devices 10_1 to n calculates the secret information S_1 to n for each function (or for each parameter) acquired from another shared information device.

  When all the obtained secret information S_1 to n matches (YES in Step 16), and all the obtained secret information S_1 to n matches the matching secret information S ( Step 18 YES), processing that requires authentication is executed (Step 20), and the processing is terminated. For example, the determination process of step Step 16 is performed by either the authentication device 20 or the confidential information holding devices 10_1 to 10-n. Further, the determination process of step Step 18 is performed by the authentication device 20. The process that requires authentication is, for example, output of a control signal that permits engine start.

  On the other hand, when all the obtained secret information does not match (NO at Step 16), or when all the obtained secret information does not match the secret information for verification (NO at Step 18), Error handling is performed. Error processing includes, for example, output of a control signal for prohibiting engine start and output of warning information.

  According to the first embodiment as described above, it is possible to improve security and reduce a calculation load for obtaining secret information. Therefore, the cost of the authentication system can be reduced.

[Second Embodiment]
The authentication system according to the second embodiment includes a function for obtaining secret information from parameters of (n−2) or less shared information devices out of n shared information device groups, and (n−2) And a parent device having a parameter for obtaining the secret information by a function of the following distributed information device.

FIG. 13 is a diagram illustrating a configuration example of an authentication system according to the second embodiment. 13 is obtained by adding a parent device 100 to the configuration example of the first embodiment shown in FIG. For example, the parent device 100 has a function F (X) for obtaining the secret information S from the parameter X2 of the shared information holding device 10_2. The function F (X) is, for example, the following linear equation.
Function F (X) = m · X + θ (where m is an arbitrary coefficient, constant term θ = S−m · X2)
Further, the parent device 100 has a parameter X1 + X3 for obtaining the secret information S from the function f2 (X) of the shared information holding device 10_2.

  In the first embodiment, as shown in FIG. 2, in order to obtain the secret information S_1 to 3 for each of the functions f1 (X) to f3 (X) of the shared information holding devices 10_1 to 3, the other two distributed The parameters of the information holding device were used. On the other hand, in the second embodiment, the secret information mS can be obtained from only the parameter X2 of one shared information holding device 10_2 by using the function F (X) of the parent device 100. Further, by using the parameter (X1 + X3) of the parent device 100, the secret information S_2 can be obtained from the function f2 (X) of the shared information holding device 10_2. The shared information holding device 10_2 is authenticated when the secret information mS and the secret information S_2 match.

  That is, the parent device 100 enables authentication by cooperating with a smaller number of shared information holding devices 10 </ b> _ <b> 1 to 3. In other words, only the parent device 100 has a function equivalent to that of the distributed information holding devices 10_1 and 3. Accordingly, the parent device 100 has higher authority than the distributed information holding devices 10_1 to 3_1. In this way, the parent device 100 and the distributed information holding devices 10_1 to 3 can be hierarchized.

  The authentication system of the second embodiment is applied to the following system, for example.

  FIG. 14 is a diagram showing a third embodiment in which the authentication system is applied to an immobilizer system. In this immobilizer system, the distributed information holding devices 10_1 to 10_1-n are an electronic key 10_1d, a safety control device 10_2d, and a license 10_3d. The safety control device 10_2d is, for example, an ECU having a speed control function. The authentication device 20 is an engine ECU 20d. The parent device 100 is the upper key 100d.

  The shared information generated by the shared information generating device 1 is stored in the electronic key 10_1d, the safety control device 10_2d, and the license 10_3d. For example, the electronic key 10_1d has a function f1 (X) and a parameter X1. Further, the safety control device 10_2d has a function f2 (X) and a parameter X2. The license 10_3d has a function f3 (X) and a parameter X3.

The engine ECU 20d calculates the following secret information S_1 to 3 based on the functions f1 (X) to f3 (X) acquired from the electronic key 10_1d, the safety control device 10_2d, and the license 10_3d, respectively, and the parameters X1 to X3. To do.
Secret information S_1 = f1 (X2 + X3)
Secret information S_2 = f2 (X1 + X3)
Secret information S_3 = f3 (X1 + X2)
Then, the engine ECU 20d authenticates the electronic key 10_1d, the safety control device 10_2d, and the license 10_3d when the secret information S_1 to 3 match each other and the matching secret information S, and permits the engine start. To do.

  In the upper key 100d, the shared information generated by the shared information generating device 1 is stored. For example, the upper key 100d has a function F (X) for obtaining the secret information mS only from the parameter X2 of the safety control device 10_2d and a parameter (X1 + X3) for obtaining the secret information S_2 by the function f2 (X) of the safety control device 10_2d. Have The upper key 100d is stored in a car dealer, for example.

The upper key 100d is used, for example, when one or both of the electronic key 10_1d and the license 10_3d are lost. The engine ECU 20d acquires functions F (X) and f2 (X), parameters (X1 + X3), and X2 from the upper key 100d and the safety control device 10_2d, respectively. Then, the engine ECU 20d calculates the following secret information mS and S_2.
Confidential information mS = F (X2)
Secret information S_2 = f2 (X1 + X3)
Then, the engine ECU 20d performs authentication and permits the engine start when the secret information mS and S_2 match each other and matches the matching secret information S.

  Thus, according to the third embodiment, the engine can be started by using the upper key 100d even if the electronic key 10_1d, the safety control device 10_2d, and the license 10_3d are not all available. Therefore, since the engine can be started even when the electronic key 10_1d or the license 10_3d is lost while ensuring security during normal use, convenience is improved.

  FIG. 15 is a diagram showing a fourth embodiment in which the authentication system is applied to a car navigation system. This navigation system authenticates the authority to use software downloaded from the service provider's server. The downloaded software is, for example, a tourist guide application having map information.

  In this navigation system, the shared information generating apparatus 1 generates shared information and has download software 50. The shared information generating apparatus 1 is connected to a public communication line network (not shown). Therefore, the software 50 is downloaded from the distributed information generating device 1 to the navigation device 52 when the navigation device 52 is connected to the public communication network.

  In this navigation system, the distributed information holding devices 10_1 to 10_1-n are the first portable memory 10_1e, the password management module 10_2e, and the second portable memory 10_3e. The portable memories 10_1e and 10_3e are, for example, a USB memory or a memory card. The password management module 10_2e is provided in the navigation device 52, for example, and decodes the distributed information based on the password input by the user. The authentication device 20e is provided in the navigation device 52, for example. The authentication device 20e is provided in a module that downloads and executes the software 50, for example. The parent device 100 is a third portable memory 100e. The portable memory 100e is, for example, a USB memory or a memory card.

  In the portable memory 10_1e and the password management module 10_2e, the shared information generated by the shared information generating device 1 is stored. For example, the portable memory 10_1e has a function f1 (X) and a parameter X1. For example, the function f1 (X) and the parameter X1 are acquired by a personal computer connected to the distributed information generation apparatus 1 via the public communication line network and stored in the portable memory 10_1e.

  The password management module 10_2e has a function f2 (X) and a parameter X2. The function f2 (X) and the parameter X2 are downloaded as a part of the software 50 from the distributed information generation device 1. The password management module 10_2e decrypts and holds the function f2 (X) and the parameter X2 from the password that the user inputs to the navigation device 52.

  The portable memory 10_3e has a function f3 (X) and a parameter X3. For example, the function f3 (X) and the parameter X3 are acquired by a personal computer connected to the distributed information generation apparatus 1 via a public communication line network and stored in the portable memory 10_3e. Or portable memory 10_3e acquires function f3 (X) and parameter X3 from authentication device 20e, for example. For example, the authentication device 20e generates the function f3 (X) and the parameter X3 based on the unique number such as the machine number of the navigation device 52 in accordance with the downloaded software 50. In this case, the generated parameter X3 is uploaded to the shared information generating device 1 and held in the shared information generating device 1 in order to generate the function f1 (X) and the parameter X1.

  On the other hand, the portable memory 100e stores a function F (X) and a parameter (X1 + X3) generated by the shared information generating device 1. For example, the function F (X) and the parameter (X1 + X3) are acquired by a personal computer connected to the distributed information generation apparatus 1 via a public communication line network and stored in the portable memory 100e. According to the function F (X), the secret information mS is obtained only from the parameter X2 of the password management module 10_2e. Also, the secret information S_2 is obtained from the parameter (X1 + X3) by the function f2 (X) of the password management module 10_2e.

The authentication device 20e includes a portable memory 10_1e connected to the navigation device 52, a password management module 10_2e that generates a function f2 (X) and a parameter X2 based on a user's password input, and a portable memory connected to the navigation device 52. The functions f1 (X) to f3 (X) and the parameters X1 to X3 are respectively acquired from 10_3e, and the following secret information S_1 to 3 is calculated.
Secret information S_1 = f1 (X2 + X3)
Secret information S_2 = f2 (X1 + X3)
Secret information S_3 = f3 (X1 + X2)
Then, the authentication device 20e authenticates the portable memory 10_1e, the password management module 10_2e, and the portable memory 10_3e when the secret information S_1 to 3 match each other and matches the verification secret information S, and the software 50 executions are permitted. Alternatively, the authentication device 20e acquires functions F (X) and f2 (X), parameters (X1 + X3) and X2 from the portable memory 100e and the password management module 10_2e, respectively. Then, the authentication device 20e calculates the following secret information mS and S_2.
Confidential information mS = F (X2)
Secret information S_2 = f2 (X1 + X3)
Then, the authentication device 20e authenticates and permits the execution of the software 50 when the secret information mS and S_2 match each other and match the matching secret information S.

  For example, during the trial period of the software 50, such a navigation system permits the execution of the software 50 by the portable memory 100e and password authentication by the password authentication module 10_2e. A user who tries the software 50 obtains the function F (X) and the parameter (X1 + X3) from the distributed information generation device 1 via the public communication network, for example, by a personal computer, and stores the function F (X) and the parameter (X1 + X3) in the portable memory 100e.

  Then, after the trial period of the software 50 has elapsed, the function F (X) of the portable memory 100e is invalidated by the software 50. At the same time, the user is prompted to purchase the shared information stored in the portable memory 10_1e, that is, the license. A user who purchases a license acquires (purchases) the function f1 (X) and the parameter X1 from the distributed information generation device 1 via a public communication line network, for example, using a personal computer, and stores the function f1 (X) and the parameter X1 in the portable memory 10_1e. After the user purchases the license, the execution of the software 50 is permitted when all of the portable memory 10_1e, the password authentication module 10_2e, and the portable memory 10_3e are authenticated.

  As described above, according to the fourth embodiment, during the trial period of the software 50, the condition for use can be relaxed and the user's willingness to purchase can be stimulated. After the usage period has elapsed, by tightening the conditions for use, it is possible to provide high security to the user who purchased the license, thus improving convenience.

  FIG. 16 is a flowchart for explaining an operation procedure example of the authentication system according to the second embodiment. The procedure shown in FIG. 16A is an example of a shared information generation / setting procedure. The shared information generation device 1 generates parameters X1 to Xn for the shared information holding devices 10_1 to 10_1-n (Step 102). Then, the shared information generating apparatus 1 determines a constant term from the secret information S, the parameters X1 to Xn, and the coefficient of the variable term, and determines the functions f1 to n (Step 104).

  Then, the shared information generating apparatus 1 generates a function F (X) for the parent device according to the hierarchy definition table TBL as shown in FIG. 16B (Step 105). In the hierarchy definition table TBL, for example, the hierarchy is defined by the number of parameters for each of the distributed information holding devices 10_1 to 10_1-n. For example, each of the shared information holding devices 10_1 to 3_1 has one parameter, but the parent device 100 has a sum of two parameters X1 and X3. Therefore, the parent device 100 is defined as a hierarchy higher than the distributed information holding devices 10_1 to 10_1. Such a hierarchy table TBL is stored, for example, in a storage device inside the distributed information generating apparatus 1.

  The functions f1 to n and the parameters X1 to n are distributed to the distributed information holding devices 10_1 to n, and the function F (X) and the parent device parameters (for example, the sum of X1 and X3) are transmitted to the parent device 100. Distributed (Step 106). Each of the shared information holding devices 10_1 to 10_1-n stores the functions f1-n and the parameters X1-n, and the parent device 100 stores the function F (X) and the parent device parameters (for example, the sum of X1 and X3). (Step 108).

  FIG. 17 is a flowchart for explaining an operation procedure example of authentication processing when a parent device is used in the second embodiment. First, a process requiring authentication is requested (Step 110). For example, in the case of an immobilizer system, the ignition switch is mechanically turned on. Alternatively, in the case of a navigation system, the navigation function is activated.

  Then, shared information is collected in order to obtain secret information (Step 112). For example, the authentication device 20 acquires a function and a parameter from the parent device 100 and the distributed information holding device 10_2. Then, secret information is obtained for each function (Step 114). For example, the authentication device 20 calculates the secret information mS using the function F (X) acquired from the parent device, and calculates the secret information S_2 using the function f2 (X) acquired from the shared information holding device 10_2.

  Then, when the obtained secret information matches (YES in Step 116) and the obtained secret information matches the secret information S for verification (YES in Step 118), authentication is required. The process is executed (Step 120), and the process is terminated. For example, the authentication device 20 performs the determination process of steps Steps 116 and 118.

  The process that requires authentication is, for example, output of a control signal that permits engine start, execution of software, and the like. On the other hand, when all the obtained secret information does not match (NO in Step 116), or when all the found secret information does not match the secret information for verification (NO in Step 118), Error handling is performed. The error processing includes, for example, output of a control signal for prohibiting engine start and software execution stop.

  According to the second embodiment as described above, the distributed information holding device can be hierarchized in the authentication system, and the convenience for the user is improved.

  The above embodiment is summarized as follows.

(Appendix 1)
A group of devices each having a different function and different parameters;
Secret information obtained for each function from the function of one device in the device group and the parameter of a device other than the one device, or the parameter of one device of the device group And an authentication device that authenticates the device group when the secret information determined for each parameter from the function of a device other than the one device matches.

(Appendix 2)
In Appendix 1,
The authentication device further authenticates the device group on the condition that the obtained secret information group matches secret information stored in a storage device.

(Appendix 3)
In Appendix 1,
The authentication system, wherein the authentication device acquires the function and the parameter from each device of the device group and executes a process for obtaining the secret information for each device of the device group.

(Appendix 4)
In Appendix 1,
Each device of the device group obtains the parameter from another device, obtains the secret information using the obtained parameter and its own function, and transfers the obtained secret information to the authentication device. Authentication system.

(Appendix 5)
In Appendix 1,
The secret information is obtained from the function of one device in the device group and the parameters of (n−1) devices other than the one device, where n is the number of devices included in the device group. And
A parent having a function for obtaining the secret information from the parameters of the (n-2) or less devices and a parameter for obtaining the secret information by a function of the (n-2) or less devices. Further having a device,
The authentication device includes secret information obtained from the function of the parent device and the parameters of the (n−2) or less devices, the parameter of the parent device and the (n−2) pieces. An authentication system that authenticates the (n−2) or less devices when the secret information obtained from the functions of the following devices matches.

(Appendix 6)
In Appendix 1,
An authentication system further comprising a generation device that generates the function group and the parameter group for distribution to the device group based on the secret information.

(Appendix 7)
In any one of supplementary notes 1 to 6,
The authentication system is an authentication system in which the function of each device in the device group is a linear equation in which the parameter of another device is substituted to obtain the secret information.

(Appendix 8)
Secret information is obtained from the function of one device among devices having different functions and different parameters, and the parameters of devices other than the one device, or one device of the device group The secret information is obtained from the parameter and the function that the device other than the one device has,
An authentication method for authenticating the device group when the determined secret information group matches.

1: distributed information generation apparatus, 10_n: distributed information holding device, 20: authentication device,
100: Parent device

Claims (6)

A group of devices each having a different function and different parameters;
Secret information obtained for each function from the function of one device in the device group and the parameter of a device other than the one device, or the parameter of one device of the device group And an authentication device that authenticates the device group when the secret information determined for each parameter from the function of a device other than the one device matches. In claim 1,
The authentication device further authenticates the device group on the condition that the obtained secret information group matches secret information stored in a storage device. In claim 1,
Each device of the device group obtains the parameter from another device, obtains the secret information using the obtained parameter and its own function, and transfers the obtained secret information to the authentication device. Authentication system. In claim 1,
The secret information is obtained from the function of one device in the device group and the parameters of (n−1) devices other than the one device, where n is the number of devices included in the device group. And
A parent having a function for obtaining the secret information from the parameters of the (n-2) or less devices and a parameter for obtaining the secret information by a function of the (n-2) or less devices. Further having a device,
The authentication device includes secret information obtained from the function of the parent device and the parameters of the (n−2) or less devices, the parameter of the parent device and the (n−2) pieces. An authentication system that authenticates the (n−2) or less devices when the secret information obtained from the functions of the following devices matches. In any one of Claims 1 thru | or 4,
The authentication system is an authentication system in which the function of each device in the device group is a linear equation in which the parameter of another device is substituted to obtain the secret information. Secret information is obtained from the function of one device among devices having different functions and different parameters, and the parameters of devices other than the one device, or one device of the device group The secret information is obtained from the parameter and the function that the device other than the one device has,
An authentication method for authenticating the device group when the determined secret information group matches.

Images