JP2016046649A - Authentication system, transmitter, and receiver - Google Patents

Abstract

PROBLEM TO BE SOLVED: To make it possible to ensure high security while suppressing an amount of information to be transmitted from a transmitter to a receiver for authentication.SOLUTION: Information to be transmitted from a mobile apparatus 1 to a BCM 2 in order to perform authentication using a common encryption key system is made to be a plain text and a fragmentation cipher text, where the number of bits obtained by adding that of the plain text to that of the fragmentation cipher text is smaller than that of a cipher key. The BCM 2 extends, in the same way as the mobile apparatus 1, the plain text received from the mobile apparatus 1 so that the number of bits of the extended plain text is equal to that of the cipher key and encrypts the extended plain text by using the same cipher key and cipher algorithm as those of the mobile apparatus 1. The BCM 2, then, extracts a fragmentation cipher text from the same part in the obtained cipher text as part in the cipher text from which the fragmentation cipher text is extracted by the mobile apparatus 1 and performs authentication by determining whether or not the extracted fragmentation cipher text agrees with the fragmentation cipher text received from the mobile apparatus 1.SELECTED DRAWING: Figure 1

Description

  The present invention relates to an authentication system for performing authentication between a transmitter and a receiver, and a transmitter and a receiver included in the authentication system.

  Conventionally, as an authentication system that performs authentication between a transmitter and a receiver, a keyless entry system that performs authentication by wireless communication between a portable device carried by a user and an in-vehicle device and locks and unlocks a vehicle door, etc. It has been known.

  Such an authentication system employs a common key cryptosystem in order to maintain security. In an authentication system that employs a common encryption method, the transmitter transmits a ciphertext obtained by encrypting plaintext with an encryption key, and the receiver that receives the ciphertext transmits the ciphertext using a common encryption key with the transmitter. Decrypt and authenticate whether the decrypted plaintext is correct.

  In addition, in order to improve the security of the authentication system, a technique using a rolling code whose value changes every time is known as plain text used for authentication. For example, Patent Document 1 discloses a technique that uses the number of operations of a key operation unit of a transmission device for automobile door lock control as a rolling code. In the technique disclosed in Patent Document 1, a rolling code as the number of operations of the key operation unit is encrypted and transmitted to the vehicle side. Then, the receiving device on the automobile side determines that normal reception has been performed when the value of the received and decoded rolling code is greater than the previous value.

  In recent years, in order to further improve the security of the authentication system, it is required to complicate the encryption algorithm for encrypting the rolling code and to increase the length of the encryption key from 32 bits to 64 bits and 128 bits. ing.

JP 2001-027063 A

  However, conventionally, in an authentication system such as a keyless entry system using unidirectional communication, an encrypted rolling code (that is, ciphertext) transmitted from a transmitter can be decrypted on the receiver side. The ciphertext having the same number of bits as the encryption key had to be transmitted. Therefore, if the number of bits of the encryption key is increased in order to improve the security of the authentication system, the number of bits of ciphertext transmitted and received between the transmitter and the receiver also increases. If the number of ciphertext bits sent and received between the transmitter and the receiver increases, the amount of information sent and received between the transmitter and the receiver will increase, resulting in poor communication response and reception errors. Problems arise.

  The present invention has been made in view of the above-described conventional problems, and its purpose is to ensure high security while suppressing the amount of information transmitted from the transmitter to the receiver for authentication. An authentication system, a transmitter, and a receiver are provided.

  An authentication system according to the present invention includes a transmitter (1) and a receiver (2), and performs authentication using a common encryption key. The transmitter uses an extension algorithm common to the receiver. A transmission side extension unit (114) that expands a plaintext before extension, which is smaller than the number of encryption key bits, which is the number of bits of the encryption key, into a plaintext after extension of the number of encryption key bits, and an encryption algorithm common to the receiver The transmission side encryption unit (115) that encrypts the expanded plaintext expanded by the transmission side extension unit into a ciphertext having the number of encryption key bits with the encryption key common to the receiver, and the transmission side encryption unit A transmission side extraction unit (117) for extracting a fragment portion having a bit number smaller than the number of bits obtained by subtracting the bit number of the plaintext before extension from the number of encryption key bits based on the encrypted ciphertext, and a transmission side extraction unit Fragment of the ciphertext extracted by And a transmission unit (13) that transmits the plaintext before extension, and the receiver includes a reception unit (22) that receives a fragment portion of the ciphertext and the plaintext before extension transmitted from the transmitter, and a reception unit. The receiving side extension unit (232) for extending the received plain text before extension to the plain text after extension of the number of encryption key bits by an extension algorithm common to the transmitter, and the receiver side extension unit according to the encryption algorithm common to the transmitter From the encrypted text encrypted by the receiving side encryption unit, the receiving side encryption unit (233) that encrypts the expanded plaintext after expansion into a ciphertext having the number of encryption key bits by using a common encryption key with the transmitter, A receiving side extracting unit (235) that extracts a fragment part at the same location as the fragment part extracted by the transmitting side extracting unit, a ciphertext fragment part received by the receiving unit, and a ciphertext extracted by the receiving side extracting unit Depending on whether the fragment part matches It is characterized by comprising an authentication unit which performs authentication (236).

  According to this, the information transmitted from the transmitter to the receiver for authentication is the plaintext before extension and the fragment portion of the ciphertext extracted from the ciphertext by the transmission side extraction unit. The plaintext before extension has fewer bits than the number of encryption key bits, and the ciphertext fragment part has fewer bits than the number of bits of the encryption key bits minus the number of plaintext bits before extension. Even if the number of bits with the fragment portion of the sentence is combined, the number of bits is smaller than the number of bits of the encryption key. Therefore, the amount of information transmitted from the transmitter to the receiver for authentication can be suppressed.

  At the receiver, the expanded plaintext expanded by the receiving side extension unit from the pre-enhanced plaintext transmitted from the transmitter is encrypted according to the encryption algorithm common to the transmitter and the ciphertext with the number of encryption key bits using the common encryption key with the transmitter. Encrypt to. Therefore, if the transmitted plaintext before extension is the same, the same ciphertext as the ciphertext encrypted by the transmitting side encryption unit is obtained. Subsequently, since the fragment part at the same location as the fragment part is extracted from the ciphertext by the receiver side extractor is extracted by the receiver side extractor, if the transmitted is a normal plain text before extension, The same fragment portion as the fragment portion of the ciphertext extracted by the side extraction unit is obtained. Then, authentication is performed by the authentication unit depending on whether or not the fragment portion of the ciphertext received by the receiving unit matches the fragment portion of the ciphertext extracted by the receiving side extraction unit. If both the plain text before extension transmitted from the transmitter and the fragment portion of the ciphertext are normal, the fragment portion of the ciphertext received by the receiver and the fragment portion of the ciphertext extracted by the receiver-side extractor Matches. Therefore, authentication can be performed even if not only the entire ciphertext but only a fragment of the ciphertext is transmitted from the transmitter to the receiver.

  Even when a pair of plaintext before extension and a fragment portion of a ciphertext is intercepted, the ciphertext cannot be analyzed because the entire ciphertext cannot be obtained. Therefore, the confidentiality of the encryption key is ensured even when a pair of the plaintext before extension and the fragment portion of the ciphertext is intercepted. As a result, it is possible to ensure high security while suppressing the amount of information transmitted from the transmitter to the receiver.

  Since the transmitter and the receiver of the present invention are used in the above-described authentication system, similarly to the above-described authentication system, the amount of information transmitted from the transmitter to the receiver for authentication is suppressed while being high. It becomes possible to ensure security.

1 is a diagram illustrating an example of a schematic configuration of an electronic key system 100. FIG. 2 is a block diagram illustrating an example of a schematic configuration of a portable device 1. FIG. 3 is a block diagram illustrating an example of a schematic configuration of a control IC 11 of the portable device 1. FIG. 10 is a flowchart illustrating an example of a flow of keyless entry related processing in the portable device 1. It is a block diagram which shows an example of a schematic structure of BCM2. It is a block diagram which shows an example of a schematic structure of the main control part 23 of BCM2. It is a flowchart which shows an example of the flow of the keyless entry related process in BCM2. 4 is a schematic diagram schematically showing an outline of keyless entry related processing in the electronic key system 100. FIG.

(Embodiment 1)
<Schematic Configuration of Electronic Key System 100>
FIG. 1 is a diagram showing an example of a schematic configuration of an electronic key system 100 to which the present invention is applied. As shown in FIG. 1, the electronic key system 100 includes an electronic key system 100 according to the present invention. As shown in FIG. 1, the electronic key system 100 includes a portable device 1 carried by a user and a body control module ( Hereinafter, BCM) 2 is included. The portable device 1 corresponds to the transmitter of the claims, the BCM 2 corresponds to the in-vehicle device and the receiver of the claims, and the electronic key system 100 corresponds to the authentication system of the claims.

  The electronic key system 100 has a so-called smart function. The smart function refers to a function of performing authentication by wireless communication between the portable device 1 and the BCM 2 and performing locking / unlocking control and starting permission of the vehicle door when the authentication is established. The electronic key system 100 also has a so-called remote keyless entry function that executes control such as locking and unlocking of the vehicle door according to the operation of the switch of the portable device 1.

  The electronic key system 100 employs a common key encryption method that secures communication confidentiality using a common secret key (hereinafter referred to as an encryption key) and a common encryption algorithm between the portable device 1 and the BCM 2. Will be described below. Further, in the present embodiment, the following description will be given by taking as an example a case where an AES (Advanced Encryption Standard) method is used as an encryption algorithm.

<Detailed configuration of portable device 1>
Next, the portable device 1 will be described with reference to FIG. As shown in FIG. 2, the portable device 1 includes a control IC 11, an LF receiver 12, a UHF transmitter 13, a push switch 14, and a push switch 15.

  The LF receiving unit 12 receives a signal transmitted from the vehicle HV side by an LF band (for example, 30 kHz to 300 kHz) radio wave via the LF antenna. As an example, the LF band radio wave is a 125 kHz radio wave.

  The LF receiver 12 is connected to the control IC 11 and outputs a received signal to the control IC 11. The UHF transmission unit 13 transmits the signal output from the control IC 11 on the UHF band (for example, 300 MHz to 3 GHz) from the UHF antenna. As an example, the UHF band radio wave is a 315 MHz band radio wave.

  The push switches 14 and 15 are switches mainly for using the remote keyless entry function. When the push switch 14 is operated by one push, the vehicle door is locked. On the other hand, when the push switch 15 is operated by one push, the vehicle door is unlocked. The push switches 14 and 15 correspond to an operation input unit in claims.

  The control IC 11 is a microcomputer including a CPU, a memory such as a ROM and a RAM, an I / O, and the like, and executes various processes by executing various control programs stored in the ROM. For example, the control IC 11 executes processing related to the smart function and the remote keyless entry function. In the present embodiment, processing related to the remote keyless entry function (hereinafter, keyless entry related processing) will be described.

  As shown in FIG. 3, the control IC 11 includes a function detection unit 111, a portable side transmission processing unit 112, a random number generation unit 113, a portable side extension unit 114, and a portable side encryption unit 115 as functional blocks related to keyless entry related processing. A portable side encryption key storage unit 116 and a portable side extraction unit 117.

<Keyless entry-related processing on portable device 1>
Next, an example of the keyless entry related process in the portable device 1 will be described using the flowchart of FIG. As described above, in the present embodiment, the case where the AES method is used as an encryption algorithm will be described as an example, and a 128-bit (bit) bit is used as a common encryption key between the portable device 1 and the BCM 2. An encryption key is used. The flowchart of FIG. 4 starts when the operation detection unit 111 detects that any one of the push switches 14 and 15 has been operated.

  First, in step S1, the random number generation unit 113 generates a 32-bit random code. This 32-bit random code is hereinafter referred to as plain text. The 32-bit random code corresponds to the plaintext before extension in the claims.

  In step S2, the mobile-side extension unit 114 extends the 32-bit plaintext generated in S1 so as to have the same 128 bits as the encryption key. As a specific example, the 32-bit plaintext generated in S1 is multiplied by 4 to expand to 128 bits, which is the same as the encryption key. The code obtained by quadrupling the 32-bit plaintext generated in S1 is hereinafter referred to as a rolling code. This rolling code corresponds to the plaintext after the extension of the claims, and the portable side extension unit 114 corresponds to the transmission side extension unit of the claims.

  In step S3, the mobile side encryption unit 115 reads the 128-bit encryption key stored in the mobile side encryption key storage unit 116, and uses the 128-bit rolling code expanded in S2 as the AES. Encrypt according to the encryption algorithm of the method. A 128-bit ciphertext is obtained by the encryption in S3. The portable side encryption unit 115 corresponds to the transmission side encryption unit in the claims.

  In step S4, the mobile-side extraction unit 117 extracts a 32-bit fragment portion (hereinafter, a fragment ciphertext) at a predetermined location from the 128-bit ciphertext encrypted in S3. From which part of the ciphertext the fragment part is extracted is programmed in the control IC 11 in advance. The mobile side extraction unit 117 corresponds to the transmission side extraction unit in the claims, and the fragment ciphertext corresponds to the fragment portion of the ciphertext in the claims.

  In step S5, the operation information indicating which of the push switches 14 and 15 is operated, the 32-bit plaintext generated in S1, and the 32-bit fragment ciphertext extracted in S4 are transmitted to the mobile-side transmission processing unit 112. Is transmitted from the UHF transmission unit 13, and the keyless entry related process in the portable device 1 is terminated. Operation information indicating which of the push switches 14 and 15 has been operated may be obtained from the operation detection unit 111. Further, the UHF transmitter 13 corresponds to the transmitter of the claims.

<Detailed configuration of BCM2>
Next, an example of a schematic configuration of the BCM 2 will be described with reference to FIG. As shown in FIG. 5, the BCM 2 includes an LF transmission unit 21, a UHF reception unit 22, and a main control unit 23, and the door locking / unlocking unit 3 is connected thereto.

  The door locking / unlocking unit 3 locks / unlocks the vehicle door by driving an actuator for locking / unlocking the vehicle door such as a side door or a trunk door.

  The LF transmission unit 21 transmits the signal input from the main control unit 23 on the LF band radio wave from the LF antenna. For example, a plurality of LF antennas may be arranged in the vicinity of the side door or in the trunk.

  The UHF receiving unit 22 receives a signal transmitted from the portable device 1 using a UHF band radio wave via the UHF antenna. The UHF receiver 22 is connected to the main controller 23 and outputs the received signal to the main controller 23.

  The main control unit 23 is mainly configured by a microcomputer including a CPU, a memory such as a ROM and a RAM, and an I / O, and executes various processes by executing various control programs stored in the ROM. For example, the main control unit 23 executes processing related to the smart function and the remote keyless entry function described above. In the present embodiment, processing related to the remote keyless entry function (that is, keyless entry related processing) will be described.

  As shown in FIG. 6, the main control unit 23 includes a vehicle-side reception processing unit 231, a vehicle-side expansion unit 232, a vehicle-side encryption unit 233, and a vehicle-side encryption key storage unit 234 as functional blocks related to keyless entry-related processing. The vehicle side extraction unit 235, the authentication unit 236, and the locking / unlocking instruction unit 237 are provided. Note that some or all of the functions executed by the main control unit 23 may be configured by hardware using one or a plurality of ICs.

<Keyless entry related processing in BCM2>
Next, an example of keyless entry related processing in BCM2 will be described using the flowchart of FIG. As described above, in this embodiment, the case where the AES method is used as an encryption algorithm will be described as an example, and a 128-bit encryption key is used as a common encryption key between the portable device 1 and the BCM 2. Shall be used.

  The flowchart of FIG. 7 starts when the UHF receiving unit 22 receives the above-described operation information, plaintext, and fragment ciphertext transmitted from the portable device 1 using radio waves in the UHF band. The UHF receiver 22 corresponds to the receiver of the claims.

  First, in step S21, the vehicle-side reception processing unit 231 receives the above-described operation information, plaintext, and fragment ciphertext output from the UHF reception unit 22. Note that the plaintext and fragment ciphertext bits are 32 bits as described above.

  In step S22, the vehicle side extension unit 232 extends the 32-bit plaintext received in S21 so as to have the same 128 bits as the encryption key in the same manner as in S2. That is, by multiplying the 32-bit plaintext received in S21 by four, it is expanded to the same 128 bits as the encryption key, and the above-described rolling code is obtained. The vehicle-side extension unit 232 corresponds to the reception-side extension unit in the claims, and the process of quadrupling the 32-bit plaintext common to the portable device 1 and the BCM 2 to 128 bits equal to the number of bits of the encryption key, This corresponds to the extended algorithm of the claims.

  In step S23, the vehicle-side encryption unit 233 reads the 128-bit encryption key stored in the vehicle-side encryption key storage unit 234, and uses the 128-bit rolling code expanded in S22 as the AES. Encrypt according to the encryption algorithm of the method. The encryption key stored in the vehicle side encryption key storage unit 234 is the same as the encryption key stored in the mobile side encryption key storage unit 116, and the encryption algorithm is also common between the mobile device 1 and the BCM2. By the encryption in S23, the same 128-bit ciphertext as that obtained by the encryption in S3 is obtained. The vehicle side encryption unit 233 corresponds to the reception side encryption unit in the claims.

  In step S24, the vehicle-side extraction unit 235 extracts a 32-bit fragment portion (that is, a fragment ciphertext) at the same location as S4 described above from the 128-bit ciphertext encrypted in S23. From which part of the ciphertext the fragment part is extracted is programmed in the main control unit 23 in advance.

  In the electronic key system 100, the control IC 11 and the main control unit 23 are programmed so that the same part is selected as the part from which the fragment part is extracted from the ciphertext by the portable side extraction unit 117 and the car side extraction unit 235. ing. Therefore, the process of extracting the fragment portion of the same portion of the ciphertext between the portable device 1 and the BCM 2 corresponds to the extraction algorithm of the claims. Moreover, the vehicle side extraction part 235 is corresponded to the transmission side extraction part of a claim.

  In step S25, the authentication unit 236 compares the 32-bit fragment ciphertext received in S21 with the 32-bit fragment ciphertext extracted in S24. If the encryption key and the encryption algorithm are common between the portable device 1 and the BCM 2 and the 32-bit plain text received by the BCM 2 is transmitted from the regular portable device 1, this 32-bit plain text is expanded to 128 bits. The fragment ciphertext extracted from the ciphertext obtained by encrypting the rolling code is identical to the fragment ciphertext received from the regular portable device 1.

  In step S26, if the 32-bit fragment ciphertext received in S21 matches the 32-bit fragment ciphertext extracted in S24 (YES in S26), the process proceeds to step S27. On the other hand, if they do not match (NO in S26), the process proceeds to step S29.

  In step S27, the authentication unit 236 establishes authentication, and the process proceeds to step S28. In step S28, the locking / unlocking instruction unit 237 instructs the door locking / unlocking unit 3 to lock / unlock the vehicle door according to the operation information received in S21, and locks / unlocks the vehicle door. For example, when the operation information indicates that the push switch 14 has been operated, the door locking / unlocking unit 3 is instructed to lock the vehicle door to automatically lock the vehicle door. On the other hand, if the operation information indicates that the push switch 15 has been operated, the door locking / unlocking unit 3 is instructed to unlock the vehicle door to automatically unlock the vehicle door.

  In step S29, the authentication unit 236 determines that the authentication is not established, and the keyless entry related process in the BCM2 is terminated.

<Summary of keyless entry related processing in the electronic key system 100>
Here, an outline of keyless entry related processing in the electronic key system 100 will be described with reference to FIG. As shown in FIG. 8, in the portable device 1, a 128-bit rolling code obtained by quadrupling a 32-bit plaintext is encrypted according to an encryption algorithm using a 128-bit encryption key. Then, a 32-bit fragment portion of a predetermined portion of the encrypted ciphertext is extracted, and a 32-bit plaintext and a 32-bit fragment ciphertext are transmitted to the BCM 2 by wireless communication.

  In BCM2, a 128-bit rolling code obtained by quadrupling the 32-bit plaintext received from the portable device 1 is encrypted according to a common encryption algorithm with the portable device 1 using a 128-bit encryption key common to the portable device 1. . Subsequently, from the encrypted 128-bit ciphertext, a 32-bit fragment ciphertext at the same location as the 32-bit fragment ciphertext extracted by the portable device 1 is extracted. If the extracted 32-bit fragment ciphertext matches the 32-bit fragment ciphertext received from the portable device 1, the authentication is established, and if not, the authentication is not established.

<Summary of Embodiment 1>
According to the configuration of the first embodiment, since a rolling code whose value changes each time is used for authentication or a relatively long encryption key such as 128 bits is used, security can be improved.

  The information transmitted from the portable device 1 to the BCM 2 for authentication using the common key cryptosystem is a 32-bit plaintext and a 32-bit fragment ciphertext, so the bits of the information transmitted from the portable device 1 to the BCM2 The number can be reduced to 64 bits, which is significantly smaller than 128 bits, which is the number of bits of the encryption key. Therefore, compared to the previous configuration where the ciphertext having the same number of bits as the encryption key had to be sent so that the ciphertext sent from the sending side could be decrypted by the receiving side, it was sent for authentication The amount of information to be reduced can be suppressed.

  Furthermore, according to the configuration of the first embodiment, even when a malicious third party intercepts a pair of plaintext and fragmented ciphertext, the entire ciphertext cannot be obtained, so that the encryption key cannot be analyzed. Therefore, even when a pair of plaintext and fragment ciphertext is intercepted, the confidentiality of the encryption key is ensured. Therefore, it is possible to ensure high security while suppressing the amount of information transmitted from the portable device 1 to the BCM 2.

  In addition, in the technique disclosed in Patent Document 1, since the number of operations of a device that transmits a rolling code is used as the rolling code, it is necessary to store the number of operations in the memory of the device that transmits the rolling code. . On the other hand, according to the configuration of the first embodiment, a random code generated by the random number generation unit 113 can be used as a rolling code for authentication by extending the random code to have the same number of bits as the encryption key. Therefore, it is not necessary to store the number of operations of the portable device 1 in the memory of the portable device 1. Although it is necessary to secure the memory area of the portable device 1 for storing the encryption key as much as the encryption key becomes longer, according to the above configuration, the memory area of the portable device 1 can be easily secured.

(Modification 1)
In the first embodiment, in the electronic key system 100, the control IC 11 and the main control unit are selected so that the portable side extraction unit 117 and the vehicle side extraction unit 235 select the same location as the location where the fragment portion is extracted from the ciphertext. However, the present invention is not limited to this. For example, information (hereinafter referred to as “extraction location information”) indicating a location where the mobile-side extraction unit 117 and the vehicle-side extraction unit 235 extract a 32-bit fragment ciphertext from a 128-bit ciphertext is included in the 32-bit plaintext. Thus, the mobile-side extraction unit 117 and the vehicle-side extraction unit 235 may extract a fragment portion at the same location from the ciphertext based on the extracted location information (hereinafter, modified example 1).

  In the case of adopting the configuration of the first modification, for example, a code corresponding to several bits at a predetermined location in the random code generated by the random number generation unit 113 may be handled as the extracted location information. As an example, when the random number generator 113 generates a random code represented by a binary value of 0 and 1, and the array of the specific area of the generated code is “0000”, the random number is a number 32 from the first bit of the ciphertext. The extracted portion may be specified according to the arrangement of the specific area, for example, by extracting the bit portion, and in the case of “0100”, extracting the 32-bit portion from the eighth bit of the ciphertext.

  Even when the configuration of the modification 1 is adopted, it is not necessary to store the number of operations of the portable device 1 in the memory of the portable device 1, so that the memory area of the portable device 1 is set as in the configuration of the first embodiment. It becomes easy to secure.

(Modification 2)
In the first embodiment, the configuration in which the present invention is applied to the authentication in the process related to the remote keyless entry function has been described. For example, a configuration (hereinafter, modified example 2) in which the present invention is applied to authentication in processing related to the smart function may be employed.

  Here, an example of Modification 2 will be described below. First, the LF transmission unit 21 of the BCM 2 periodically transmits a WAKE request for requesting activation of the portable device 1. When the portable device 1 enters the wireless communication area that can receive the WAKE request from the LF transmission unit 21, the WLF request is received by the LF reception unit 12.

  When the LF receiver 12 of the portable device 1 receives the WAKE request from the BCM 2, the portable device 1 that is in the sleep state becomes active, and the control IC 11 sends a WAKE response as a response signal to the WAKE request from the UHF transmitter 13. Send it. In the second modification, for example, in this WAKE response, the 32-bit plaintext and the 32-bit fragment ciphertext obtained by the processing of S1 to S4 described above may be transmitted to the BCM2.

  Upon receiving the 32-bit plaintext and the 32-bit fragment ciphertext, the BCM2 performs the processing of S21 to S26 and shifts to an unlocking preparation state if the authentication is established, and prohibits the unlocking if the authentication is not established. To do. When it is detected that the user has touched the outer door handle of the driver's door of the vehicle HV in the unlocking preparation state, the main control unit 23 instructs the door locking / unlocking unit 3 to automatically Unlock. In addition to unlocking the vehicle door, the start of the vehicle HV may be permitted when authentication is established.

(Modification 3)
In the first embodiment, the configuration in which the random code generated by the random number generation unit 113 is expanded to have the same number of bits as the encryption key is used as the rolling code for authentication. However, the present invention is not limited to this. For example, the number of operations of the portable device 1 may be used as a rolling code.

(Modification 4)
In the above-described embodiment, the configuration in which the electronic key system 100 has the remote keyless entry function and the smart function is shown. However, the present invention is not limited to this, and the electronic key system 100 is a remote of the remote keyless entry function and the smart function. A configuration having only a keyless entry function may be used.

(Modification 5)
In the above-described embodiment, the case where the AES method is used as an encryption algorithm has been described as an example, but the present invention is not necessarily limited thereto. For example, a configuration using an encryption algorithm of a common key encryption method other than the AES method may be used.

(Modification 6)
In the above-described embodiment, the configuration in which the encryption key is 128 bits is shown, but this is not necessarily the case. For example, other bit numbers such as 192 bits and 256 bits may be used.

(Modification 7)
In the above-described embodiment, the configuration in which the plaintext transmitted from the portable device 1 to the BCM 2 is 32 bits and the fragment ciphertext is 32 bits is shown, but the configuration is not necessarily limited thereto. If the bit number of the plaintext and the fragment ciphertext transmitted from the portable device 1 to the BCM2 satisfies a condition that is smaller than the bit number of the encryption key common to the portable device 1 and the BCM2, It is good also as composition to do.

(Modification 8)
In the above-described embodiment, the configuration in which the present invention is applied to the authentication of wireless communication between the portable device 1 carried by the user and the BCM 2 mounted on the vehicle HV has been described. The present invention can be applied to authentication of communication between various devices. As an example, the present invention can be applied to authentication for controlling locking / unlocking of a house door by wireless communication between the portable device 1 and a device provided on the door of the house.

  The present invention is not limited to the above-described embodiments, and various modifications can be made within the scope of the claims, and the technical means disclosed in different embodiments can be appropriately combined. Such embodiments are also included in the technical scope of the present invention.

DESCRIPTION OF SYMBOLS 1 Portable machine (transmitter), 2 BCM (receiver, in-vehicle apparatus), 13 UHF transmission part (transmission part), 14 Push switch (operation input part), 15 Push switch (operation input part), 22 UHF reception part ( Receiving unit), 100 electronic key system (authentication system), 114 mobile side extension unit (transmission side extension unit), 115 mobile side encryption unit (transmission side encryption unit), 117 mobile side extraction unit (transmission side extraction unit) 232 Car side extension part (reception side extension part), 233 Car side encryption part (reception side encryption part), 235 Car side extraction part (reception side extraction part), 236 Authentication part, 237 Locking / unlocking instruction part

Claims (7)

An authentication system that includes a transmitter (1) and a receiver (2) and performs authentication using a common encryption key,
The transmitter is
A transmission-side extension unit that expands a plaintext before extension, which is smaller in number of bits than the number of encryption key bits, which is the number of bits of the encryption key, into a plaintext after extension of the number of encryption key bits by an extension algorithm common to the receiver ( 114),
A transmission-side encryption unit that encrypts the expanded plaintext expanded by the transmission-side extension unit into a ciphertext having the number of encryption key bits using a common encryption key with the receiver, according to a common encryption algorithm with the receiver. (115),
Based on the ciphertext encrypted by the transmission side encryption unit, a transmission side that extracts a fragment portion having a bit number smaller than the number of bits obtained by subtracting the number of bits of the plaintext before extension from the number of bits of the encryption key An extraction unit (117);
A transmission unit (13) for transmitting the fragment portion of the ciphertext extracted by the transmission-side extraction unit and the plaintext before extension;
The receiver
A receiving unit (22) for receiving the fragment portion of the ciphertext and the plaintext before extension transmitted from the transmitter;
A receiving side extension unit (232) for extending the plaintext before extension received by the receiver unit to the plaintext after extension of the number of encryption key bits by an extension algorithm common to the transmitter;
A receiving side encryption unit that encrypts the expanded plaintext expanded by the receiving side extension unit into ciphertext of the number of encryption key bits with a common encryption key with the transmitter according to an encryption algorithm common to the transmitter (233),
A receiving side extraction unit (235) for extracting a fragment portion of the same location as the transmission side extraction unit extracts the fragment portion from the ciphertext encrypted by the reception side encryption unit;
An authentication unit (236) that performs authentication based on whether or not the fragment portion of the ciphertext received by the reception unit matches the fragment portion of the ciphertext extracted by the reception-side extraction unit; A featured authentication system. In claim 1,
The transmission side extraction unit extracts a fragment portion of a predetermined location from the ciphertext encrypted by the transmission side encryption unit according to an extraction algorithm common to the receiver,
The reception side extraction unit is the same location as the transmission side extraction unit extracts the fragment part from the ciphertext encrypted by the reception side encryption unit according to an extraction algorithm common to the transmitter. An authentication system characterized by extracting a fragment portion. In claim 1,
The pre-extended plaintext includes extraction location information indicating a location where the fragment portion is extracted from the ciphertext in the transmission side extraction unit and the reception side extraction unit,
The transmission side extraction unit, based on the extracted location information included in the plaintext before extension extended by the transmission side extension unit, from the ciphertext encrypted by the transmission side encryption unit, a predetermined location Extract the fragment part of
The reception-side extraction unit extracts the fragment portion by the transmission-side extraction unit from the ciphertext encrypted by the reception-side encryption unit based on the plain text before extension received by the reception unit. An authentication system characterized by extracting a fragment portion at the same location as. In any one of Claims 1-3,
The transmitter is a portable device carried by a user,
The authentication system, wherein the receiver is an in-vehicle device mounted on a vehicle. In claim 4,
The portable device as the transmitter is
An operation input unit (14, 15) for receiving an operation input from a user for instructing locking / unlocking of the vehicle door;
When the operation input is received by the operation input unit, the transmission unit is received by the operation input unit in addition to the fragment portion of the ciphertext extracted by the transmission side extraction unit and the plaintext before extension. The operation information corresponding to the operation input is also sent.
The in-vehicle device as the receiver is
The operation information transmitted from the transmission unit is also received by the reception unit,
An authentication / locking / instructing unit (237) that automatically locks / unlocks the door of the vehicle according to the operation information received by the receiving unit when authentication by the authenticating unit is established. system.   The transmitter used for the authentication system of any one of Claims 1-5.   A receiver used in the authentication system according to claim 1.

Images