JP2018019415A - System, authentication station, on-vehicle computer, public key certificate issuing method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To appropriately issue a public key certificate to an ECU, etc.SOLUTION: A third authentication station in a three-layer authentication station constitution including a first authentication station, a second authentication station, and a third authentication station includes: an authentication station key storage section for storing an authentication station public key certificate and an authentication station secret key; a first authentication section for performing authentication with an on-vehicle computer on the basis of a common key of a vehicle; a first communication section for receiving an issuing request of a public key certificate of the on-vehicle computer; and an on-vehicle computer public key certificate issuing section for performing signature with respect to an on-vehicle computer public key included in an issuing request of a public key certificate with the use of an authentication station secret key when authentication by the first authentication section becomes successful, and issuing an on-vehicle computer public key certificate.SELECTED DRAWING: Figure 1

Description

  Embodiments described herein relate generally to a system, a certificate authority, an in-vehicle computer, a public key certificate issuing method, and a program.

When a vehicle communicates with a roadside device, an external server, or the like, it is necessary for a device outside the vehicle to authenticate the vehicle, an ECU (Electronic Control Unit) that constitutes the vehicle, or an application mounted on the ECU.
With regard to a technology for authenticating an automobile or the like by a device outside the vehicle, a public key certificate issuance mechanism related to V2X (Vehicle to X) communication is known (for example, see Non-Patent Document 1).

“Security Guidelines for Driving Support Communication Systems, ITSFORM RC-009 Version 1.0”, page 50, FIG. 6-1, Internet <URL: http: // www. itsforum. gr. jp / Public / J7 Database / p41 / ITS_FORM_RC009V1_0. pdf>

When communication is performed between a device that cannot be directly managed by an automobile manufacturer and the automobile, it is assumed that authentication using a public key certificate issued by a trusted third party is required.
Some certification authority service providers (CAs) that issue public key certificates to websites on the Internet, etc. issue public key certificates without strictly verifying the authentication partner. There is a business. For this reason, existing certificate authorities on the Internet are not highly reliable, and may not be suitable for issuing public key certificates to devices (cars) that are related to human life.

In general, a certificate authority obtains a copy of a registry book of a business operator to whom a public key certificate is issued, or makes a call to a representative phone described in the copy of the registry to check the existence. When it is assumed that a public key certificate is issued to an automobile, an ECU, and an application installed in the ECU, confirmation such as a copy of a registry book or a telephone call cannot be performed, and there is no means for confirming whether or not to issue.
The present invention has been made to solve the above problems, and an object thereof is to appropriately issue a public key certificate to an automobile, an ECU, and an application installed in the ECU.

(1) One aspect of the present invention is an in-vehicle computer mounted on a vehicle, a first certificate authority in the uppermost layer that authenticates a vehicle manufacturer of the vehicle, and a certificate authority in a lower layer of the first certificate authority. A third certificate authority of a three-tier certificate authority configuration comprising a second certificate authority operated by each vehicle manufacturer and a third certificate authority in a lower layer of the second certificate authority, and the third authentication The station includes a certificate authority key storage unit that stores a certificate authority public key certificate and a certificate authority private key, a first authentication unit that performs authentication with the in-vehicle computer based on a common key of the vehicle, When the authentication by the first communication unit that receives the request for issuing the public key certificate of the in-vehicle computer transmitted by the in-vehicle computer and the authentication by the first authentication unit is successful, For the in-vehicle computer public key included in the key certificate issuance request An in-vehicle computer public key certificate issuing unit that issues an in-vehicle computer public key certificate, and the first communication unit uses the issued in-vehicle computer public key certificate as the public key. A certificate issuance request is transmitted to the in-vehicle computer, and the in-vehicle computer performs authentication with the first authentication unit of the third certificate authority based on the common key of the vehicle. An authentication unit, the in-vehicle computer public key, an in-vehicle computer key generation unit that generates an in-vehicle computer private key paired with the in-vehicle computer public key, and a request for issuing a public key certificate for the in-vehicle computer public key. A public key certificate acquisition unit that transmits to the three certificate authorities and acquires the in-vehicle computer public key certificate transmitted by the third certificate authority in response to the public key certificate issuance request. That is a system.
(2) According to one aspect of the present invention, in the system of (1), the in-vehicle computer transmits a first storage unit that stores an initial key and identification information of the in-vehicle computer to the third certification authority. A second communication unit, wherein the third certificate authority stores a second storage unit that stores a master key used to generate the initial key, and the on-vehicle computer transmitted by the master key and the on-vehicle computer. An initial key generation unit that generates an initial key based on the identification information of the computer, wherein the second authentication unit of the in-vehicle computer is configured to use the third certificate authority based on the initial key of the first storage unit. The first authentication unit of the third certificate authority performs authentication with the second authentication unit of the in-vehicle computer based on the initial key generated by the initial key generation unit. It is a system that performs authentication between.

(3) One aspect of the present invention is a certificate authority that performs authentication on an in-vehicle computer mounted on a vehicle, wherein the certificate authority is a first certificate authority in the highest layer that authenticates a vehicle manufacturer of the vehicle, Of the three-tiered certificate authority configuration comprising a certificate authority in a lower layer of the first certificate authority and a second certificate authority operated by each vehicle manufacturer, and a third certificate authority in the lower layer of the second certificate authority A first certificate authority that is a third certificate authority that authenticates between a certificate authority key storage unit that stores a certificate authority public key certificate and a certificate authority private key, and the in-vehicle computer based on a common key of the vehicle The authentication station secret when the authentication by the first authentication unit is successful, the first communication unit that receives the request for issuing the public key certificate of the in-vehicle computer transmitted by the in-vehicle computer The vehicle included in the public key certificate issuance request An in-vehicle computer public key certificate issuing unit that performs signature on the computer public key and issues an in-vehicle computer public key certificate, and the first communication unit includes the issued in-vehicle computer public key certificate, A certificate authority that transmits the public key certificate issuance request to the in-vehicle computer.
(4) According to one aspect of the present invention, in the certificate authority of (3), a second storage unit that stores a master key used to generate an initial key of the in-vehicle computer, the master key, and the in-vehicle An initial key generation unit that generates an initial key based on the identification information of the in-vehicle computer transmitted by the computer, and the first authentication unit is configured based on the initial key generated by the initial key generation unit. It is a certificate authority that performs authentication with the second authentication unit of the in-vehicle computer.

(5) One aspect of the present invention is an in-vehicle computer mounted on a vehicle, the first certificate authority in the highest layer for authenticating the vehicle manufacturer of the vehicle, and the certificate authority in the lower layer of the first certificate authority The vehicle between the third certification authority in a three-tier certification authority configuration comprising a second certification authority operated by each vehicle manufacturer and a third certification authority in a lower layer of the second certification authority. A second authenticating unit that performs authentication based on the common key, an in-vehicle computer public key, an in-vehicle computer key generating unit that generates an in-vehicle computer private key paired with the in-vehicle computer public key, and the in-vehicle computer public key Public key certificate for transmitting the public key certificate issued to the third certificate authority and obtaining the in-vehicle computer public key certificate transmitted by the third certificate authority in response to the public key certificate issuance request An acquisition unit, and the vehicle The computer public key certificate is issued by the third certificate authority when authentication performed based on the common key of the vehicle between the third certificate authority and the second authentication unit is successful. It is an in-vehicle computer.
(6) According to one aspect of the present invention, in the in-vehicle computer of (5), the first storage unit that stores the initial key, the master key used to generate the initial key, and the identification information of the in-vehicle computer A second communication unit that transmits identification information of the in-vehicle computer to the third certificate authority that generates an initial key based on the initial key of the first storage unit. This is an in-vehicle computer that performs authentication with the third certificate authority based on the above.

(7) One aspect of the present invention is an in-vehicle computer mounted on a vehicle, a first certificate authority in the uppermost layer for authenticating a vehicle manufacturer of the vehicle, and a certificate authority in a lower layer of the first certificate authority. And a third certificate authority of a three-tier certificate authority configuration comprising a second certificate authority operated by each vehicle manufacturer and a third certificate authority in a lower layer of the second certificate authority. A public key certificate issuance method, wherein the third certificate authority stores a certificate authority public key certificate and a certificate authority private key, and the third certificate authority is based on a common key of the vehicle. Authenticating with the in-vehicle computer, the in-vehicle computer authenticating with the third certification authority based on a common key of the vehicle, and the in-vehicle computer releasing the in-vehicle computer Key and the in-vehicle computer Generating an in-vehicle computer private key paired with a data public key, the in-vehicle computer transmitting a request for issuing a public key certificate of the in-vehicle computer public key to the third certification authority, A step of receiving a request for issuance of a public key certificate of the in-vehicle computer transmitted from the in-vehicle computer by the third certificate authority, and a step in which the third certificate authority is based on the common key of the vehicle with the in-vehicle computer. If the authentication performed is successful, signing the in-vehicle computer public key included in the public key certificate issuance request with the CA private key and issuing the in-vehicle computer public key certificate; and The third certificate authority sends the issued in-vehicle computer public key certificate to the in-vehicle computer that is the transmission source of the public key certificate issuance request. The method comprising, the onboard computer, which is the third public key certificate issuing process by the authentication station includes the steps of obtaining a vehicle computer public key certificate to send.

(8) One aspect of the present invention is an in-vehicle computer mounted on a vehicle, a first certificate authority in the uppermost layer that authenticates a vehicle manufacturer of the vehicle, and a certificate authority in a lower layer of the first certificate authority. And a third certification authority in a three-tier certification authority configuration comprising a second certification authority operated by each vehicle manufacturer and a third certification authority in a lower layer of the second certification authority. A step of storing a certificate authority public key certificate and a certificate authority private key in a computer of the certificate authority, an authentication step of performing authentication with the in-vehicle computer based on the common key of the vehicle, and the in-vehicle computer When the authentication performed based on the common key of the vehicle between the step of receiving the issued public key certificate issuance request of the in-vehicle computer and the in-vehicle computer is successful, the certificate authority private key, The public Signing the in-vehicle computer public key included in the certificate issuance request and issuing the in-vehicle computer public key certificate; and issuing the in-vehicle computer public key certificate to the public key certificate issuance request And a step of transmitting to the in-vehicle computer that is the transmission source.

(9) One aspect of the present invention is a first certificate authority in the highest layer that authenticates a vehicle manufacturer of the vehicle to an in-vehicle computer mounted on the vehicle, and a certificate authority in a lower layer of the first certificate authority. The vehicle is shared between the second certificate authority operated by each vehicle maker and the third certificate authority in a three-tier certificate authority configuration consisting of a third certificate authority in a lower layer of the second certificate authority. An authentication step for performing authentication based on the key, a step of generating a vehicle-mounted computer public key, a vehicle-mounted computer private key paired with the vehicle-mounted computer public key, and a request for issuing a public key certificate for the vehicle-mounted computer public key. A program for executing the step of transmitting to the third certificate authority and the step of acquiring an in-vehicle computer public key certificate transmitted by the third certificate authority, wherein the in-vehicle computer public key certificate is If the authentication is successful is performed based on the common key of the vehicle between the third authentication station and the onboard computer, is issued by the third certification authority is a program.

  According to the present invention, a public key certificate can be appropriately issued to an automobile, an ECU, and an application installed in the ECU.

It is a block diagram which shows the hierarchical structure which issues the public key certificate which concerns on this embodiment. It is a functional block diagram showing a root certification authority, an OEM certification authority, and an in-vehicle certification authority according to the present embodiment. It is a sequence chart which shows an example of the operation | movement which issues the public key certificate which concerns on this embodiment. It is a block diagram which shows the structural example of the motor vehicle which concerns on this embodiment. It is a functional block diagram which shows 1st ECU which concerns on this embodiment. It is a functional block diagram which shows 2nd ECU which concerns on this embodiment. It is a figure which shows the operation | movement which issues the public key certificate which concerns on this embodiment. It is a sequence chart which shows operation | movement of the initial stage key writing apparatus which concerns on this embodiment. It is a figure which shows the operation | movement of distribution of the common key in a vehicle based on a present Example. It is a block diagram which shows the structural example of the motor vehicle which concerns on this embodiment. It is a figure which shows the operation | movement which issues a public key certificate to this embodiment. It is a block diagram which shows the structural example of the motor vehicle which concerns on this modification. It is a figure which shows the operation | movement which issues the public key certificate which concerns on this modification. It is a block diagram which shows the structural example of the motor vehicle which concerns on this embodiment. It is a figure which shows the operation | movement which issues a public key certificate to this embodiment. It is a block diagram which shows the hierarchical structure which issues the public key certificate which concerns on this modification. It is a figure which shows the operation | movement which issues the public key certificate which concerns on this modification.

  Next, modes for carrying out the present invention will be described with reference to the drawings. Embodiment described below is only an example and embodiment to which this invention is applied is not restricted to the following embodiment. Note that components having the same function are denoted by the same reference symbols throughout the drawings for describing the embodiments, and the repetitive description will be omitted. In the following embodiment, a vehicle will be described as an example of a vehicle.

FIG. 1 is a diagram illustrating an example of a hierarchical configuration 1 for issuing a public key certificate according to the embodiment. Hierarchical structure 1 includes a root certificate authority (Root CA) 100, an OEM certificate authority (OEM (Original equipment manufacturer) CA) 200A, an OEM certificate authority 200B, an in-vehicle certificate authority (In-vehicle CA) 300A, An in-vehicle certificate authority 300B, an in-vehicle certificate authority 300C, and an in-vehicle certificate authority 300D are provided. The in-vehicle certificate authority 300A is mounted on the automobile 350A, the in-vehicle certificate authority 300B is mounted on the automobile 350B, the in-vehicle certificate authority 300C is mounted on the automobile 350C, and the in-vehicle certificate authority 300D is mounted on the automobile 350D.
Furthermore, the automobile 350A is equipped with an ECU 420AA and an ECU 420AB. The automobile 350B is equipped with an ECU 420BA and an ECU 420BB. The automobile 350C includes an ECU 420CA and an ECU 420CB. The automobile 350D includes an ECU 420DA and an ECU 420DB.

  Hereinafter, when the OEM certification authority 200A and the OEM certification authority 200B are not distinguished, they are referred to as the OEM certification authority 200. In addition, in-vehicle certificate authority 300A, in-car certificate authority 300B, in-car certificate authority 300C, and in-car certificate authority 300D are described as in-car certificate authority 300 when not distinguished from each other. When the car 350A, the car 350B, the car 350C, and the car 350D are not distinguished, they are described as the car 350. When the ECU 420AA, the ECU 420AB, the ECU 420BA, the ECU 420BB, the ECU 420CA, the ECU 420CB, the ECU 420DA, and the ECU 420DB are not distinguished, they are described as the ECU 420. The same applies to the components included in the OEM certification authority 200, the in-vehicle certification authority 300, and the ECU 420.

In the hierarchical structure 1, the root certification authority 100 is an upper layer, the OEM certification authority 200 is a lower layer of the root certification authority 100, and the in-vehicle certification authority 300 is a lower layer of the OEM certification authority 200. Based on such a hierarchical structure, a public key certificate is issued in the vehicle.
The root certificate authority 100 is an organization that authenticates the OM certificate authority 200 operated by each automobile manufacturer. Since the hierarchical structure 1 includes the root certificate authority 100, mutual authentication based on a public key certificate can be performed between cars manufactured by different automobile manufacturers, between ECUs and applications constituting the car, and between devices outside the car. You can do it.
Next, different in-vehicle certificate authorities can be incorporated into the in-vehicle secure element by the public key certificate issued by the OM certificate authority 200. As a result, even if one in-vehicle certificate authority is compromised by analyzing a certain in-vehicle secure element, the in-vehicle certificate authority of other vehicles can be prevented from being affected. In addition, a public key certificate can be issued from the in-vehicle certificate authority to its own car, ECU, and ECU built-in application.

<Hierarchical structure>
FIG. 2 is a diagram illustrating the root certificate authority 100, the OM certificate authority 200, and the in-vehicle certificate authority 300 that configure the hierarchical structure 1 according to the embodiment.
<Root certificate authority>
The root certificate authority 100 includes a storage unit 160, a certificate authority public key certificate generation unit 102, a communication unit 135, and a control unit 145.
The storage unit 160 stores the root certificate authority key storage unit 105. The root certificate authority key storage unit 105 stores a root certificate authority public key certificate C_KRp and a root certificate authority private key KRs. The root certificate authority public key certificate C_KRp is a public key certificate related to the root certificate authority public key KRp of the pair of root certificate authority private key KRs. The root certificate authority public key certificate C_KRp and the root certificate authority private key KRs are securely stored in the storage unit 160 when the storage unit 160 is manufactured, for example. The root certificate authority key storage unit 105 is provided in a non-volatile storage area that cannot be accessed from the outside of the storage unit 160 among the storage areas in the storage unit 160.

The certificate authority public key certificate generation unit 102 uses the root certificate authority private key KRs stored in the root certificate authority key storage unit 105 and the OEM certificate authority public key Kr1p transmitted by the OEM certificate authority 200. Thus, an OMM certification authority public key certificate C_Kr1p is issued. The certificate authority public key certificate generation unit 102 transmits the OM certificate authority public key certificate C_Kr1p issued from the communication unit 135 to the OM certificate authority 200.
The control unit 145 controls each unit included in the root certificate authority 100. The control unit 140 includes an application 150.

<OEM Certification Authority>
The OM certificate authority 200 includes a storage unit 260, a communication unit 230, and a control unit 240. An example of the storage unit 260 is a secure element such as a SIM (Subscriber Identity Module).
The control unit 240 controls each unit included in the OM certificate authority 200. The control unit 240 includes an application 250. The storage unit 260 includes a public key certificate generation unit 202, a certificate authority key storage unit 205, a certificate authority key generation unit 208, and a certificate authority public key certificate acquisition unit 209. Prepare.
The storage unit 260 stores OEMCA identification information oemcaid. The OEMCA identification information oemcaid is identification information unique to the OEM certification authority 200.

The public key certificate generating unit 202 issues an in-vehicle certificate authority public key certificate C_Kr2p using the OEM certificate authority private key Kr1s stored in the certificate authority key storage unit 205.
The certificate authority key storage unit 205 stores the OM certificate authority public key certificate C_Kr1p and the OM certificate authority private key Kr1s. The OM certification authority public key certificate C_Kr1p is a public key certificate related to the OM certification authority public key Kr1p of the pair of the OM certification authority private key Kr1s. The OM certification authority public key certificate C_Kr1p is acquired from the root certification authority 100, and is securely stored in the certification authority key storage unit 205 together with the OM certification authority private key Kr1s.

The certificate authority key generation unit 208 generates a pair of the OM certificate authority public key Kr1p and the OM certificate authority private key Kr1s, and stores the OM certificate authority secret key Kr1s in the certificate authority key storage unit 205.
The certificate authority public key certificate acquisition unit 209 requests the root certificate authority 100 to issue an OM certificate authority public key certificate, and acquires the OM certificate authority public key certificate C_Kr1p from the root certificate authority 100. For example, the certification authority public key certificate acquisition unit 209 transmits a certification authority public key certificate issuance request including the OM certification authority public key Kr1p generated by the certification authority key generation unit 208 to the root certification authority 100. Upon receiving the OEM certification authority public key certificate C_Kr1p transmitted by the root certification authority 100, the certification authority public key certificate acquisition unit 209 stores the OEM certification authority public key certificate C_Kr1p in the certification authority key storage unit 205. To do.

<In-car certification authority>
The in-car authentication station 300 includes a storage unit 360, a communication unit 330, a control unit 340, and an authentication unit 355. The in-car certificate authority 300 is an example of an intermediate certificate authority. An example of the storage unit 360 is a secure element such as a SIM.
The control unit 340 controls each unit included in the in-vehicle certificate authority 300. The control unit 340 includes an application 345. The storage unit 360 includes an initial key generation unit 301, a public key certificate generation unit 302, an encryption processing unit 304, a certificate authority key storage unit 305, and a certificate authority key generation unit 308. And a certificate authority public key certificate acquisition unit 309.
The storage unit 360 stores IVCA identification information ivcaid. The IVCA identification information ivcaid is identification information unique to the in-vehicle certificate authority 300.

The initial key generation unit 301 generates an initial key for the ECU 420.
The public key certificate generation unit 302 issues a first ECU public key certificate using the in-vehicle certificate authority private key Kr2s stored in the certificate authority key storage unit 305.
The encryption processing unit 304 encrypts data and decrypts encrypted data.
The certificate authority key storage unit 305 stores the in-car certificate authority public key certificate C_Kr2p, the in-car certificate authority secret key Kr2s, and the master key Master_Secret. The in-vehicle certificate authority public key certificate C_Kr2p is a public key certificate related to the in-vehicle certificate authority public key Kr2p of the in-vehicle certificate authority private key Kr2s. The in-car certificate authority public key certificate C_Kr2p is acquired from the OEM certificate authority 200 and stored in the certificate authority key storage unit 305 together with the in-car certificate authority secret key Kr2s.
The certificate authority key generation unit 308 generates a pair of the in-car certificate authority public key Kr2p and the in-car certificate authority secret key Kr2s, and stores the in-car certificate authority secret key Kr2s in the certificate authority key storage unit 305.
The certification authority public key certificate acquisition unit 309 requests the OM certification authority 200 to issue the in-vehicle certification authority public key certificate C_Kr2p, and acquires the in-vehicle certification authority public key certificate C_Kr2p from the OM certification authority 200. For example, the certification authority public key certificate acquisition unit 309 transmits a certification authority public key certificate issuance request including the in-vehicle certification authority public key Kr2p generated by the certification authority key generation unit 308 to the OM certification authority 200. Upon receiving the in-vehicle certificate authority public key certificate C_Kr2p transmitted from the OEM certificate authority 200, the certificate authority public key certificate acquisition unit 309 stores the in-vehicle certificate authority public key certificate C_Kr2p in the certificate authority key storage unit 305. .

The communication unit 135 of the route certificate authority 100, the communication unit 230 of the OEM certificate authority 200, and the communication unit 330 of the in-vehicle certificate authority 300 communicate with each other. Communication between the communication unit 135, the communication unit 230, and the communication unit 330 may be wireless communication or wired communication. For example, the communication unit 135, the communication unit 230, and the communication unit 330 may perform communication via a wireless communication network such as a wireless LAN or a mobile phone network.
Alternatively, the communication unit 135, the communication unit 230, and the communication unit 330 may perform communication by directly transmitting and receiving signals using a short-range wireless communication technology, or communication such as the Internet, a fixed telephone network, and a wired LAN. Communication may be performed via a network, or communication may be performed via a communication cable.
The authentication unit 355 performs authentication with the ECU 420.

<Operation of Root Certification Authority, OM Certification Authority, and In-Vehicle Certification Authority>
FIG. 3 is a sequence chart illustrating an example of an operation for issuing a public key certificate according to the embodiment. FIG. 3 shows a process in which the root certification authority 100 issues an OEM certification authority public key certificate to the OM certification authority 200 and the OM certification authority 200 issues an in-vehicle certification authority public key certificate to the in-vehicle certification authority 300. .
(Step S302) In the OM certificate authority 200, the certificate authority key generation unit 208 generates an OM certificate authority public key Kr1p and an OM certificate authority private key Kr1s.
(Step S304) In the OM certification authority 200, the certification authority public key certificate acquisition unit 209 issues a public key certificate issuance request including the OM certification authority public key Kr1p generated by the certification authority key generation unit 208 to the communication unit. 230. The communication unit 230 applies for issuance of a public key certificate by transmitting a public key certificate issuance request to the root certificate authority 100.

  (Step S306) In the root certificate authority 100, the certificate authority public key certificate generating unit 102 includes the OM certificate authority public key Kr1p included in the public key certificate issuance request transmitted from the OM certificate authority 200, and the root The OM CA public key certificate C_Kr1p is issued using the root CA private key KRs stored in the CA authority storage unit 105. When the root certificate authority 100 receives the public key certificate issuance request from the OM certificate authority 200, the root certificate authority 100 confirms the location of the OM certificate authority 200, and then the OM certificate authority public key Kr1p and the root certificate. The OM CA public key certificate C_Kr1p is issued using the root CA private key KRs stored in the CA key storage unit 105.

  An example of an electronic signature of the OEM certification authority public key Kr1p is encrypted data obtained by encrypting a digest of data including the OEM certification authority public key Kr1p and the OEMCA identification information oemcaid with the root certification authority private key KRs. . Here, a hash value is used as an example of the digest. In addition, as an example of the public key certificate format, the public key certificate format of “X.509” standard defined by ITU-T (International Telecommunication Union-Telecommunication) or the like is used. The OEM certification authority public key Kr1p is stored at a predetermined position in the public key certificate format of the “X.509” standard. Also, OEMCA identification information oemcaid is stored at the position of “subject parameter: name of subject” in the public key certificate format of the “X.509” standard.

An example of a method for issuing the OEM certificate authority public key certificate C_Kr1p in the certificate authority public key certificate generation unit 102 will be specifically described. The certificate authority public key certificate generation unit 102 obtains a hash value hash (Kr1p, oemcaid) of data in the “X.509” standard public key certificate format storing the OEM certificate authority public key Kr1p and the OEMCA identification information oemcaid. calculate. Next, the certificate authority public key certificate generation unit 102 encrypts the hash value hash (Kr1p, oemcaid) with the root certificate authority private key KRs stored in the root certificate authority key storage unit 105 of the storage unit 160. The encrypted data KRs (hash (Kr1p, oemcaid)) is an electronic signature of the OEM certificate authority public key Kr1p. Next, the certificate authority public key certificate generating unit 102 includes the OEM certificate authority public key Kr1p, the OEMCA identification information oemcaid, and the electronic signature KRs (hash (Kr1p, oemcaid)) of the OEM certificate authority public key Kr1p. .509 ”standard public key certificate format OEM certificate authority public key certificate C_Kr1p“ Kr1p, oemcaid, KRs (hash (Kr1p, oemcaid)) ”.
(Step S308) In the root certificate authority 100, the communication unit 135 transmits the OM certificate authority public key certificate C_Kr1p issued by the certificate authority public key certificate generation unit 102 to the OM certificate authority 200.

(Step S310) In the OM certificate authority 200, the certificate authority public key certificate acquisition unit 209 acquires the OM certificate authority public key certificate C_Kr1p transmitted by the root certificate authority 100. The certificate authority public key certificate acquisition unit 209 stores the OEM certificate authority public key certificate C_Kr1p in the certificate authority key storage unit 205.
(Step S312) In the in-vehicle certificate authority 300, the certificate authority key generation unit 308 generates an in-vehicle certificate authority public key Kr2p and an in-vehicle certificate authority private key Kr2s.
(Step S314) In the in-vehicle certificate authority 300, the certificate authority public key certificate acquisition unit 309 issues a public key certificate issuance request including the in-vehicle certificate authority public key Kr2p generated by the certificate authority key generation unit 308 to the communication unit 330. Output. The communication unit 330 applies for issuance of a public key certificate by transmitting a public key certificate request to the OEM certification authority 200.

(Step S316) In the OM certificate authority 200, the public key certificate generation unit 202 stores the in-vehicle certificate authority public key Kr2p included in the public key certificate issuance request supplied from the in-vehicle certificate authority 300, and the certificate authority key storage. The in-vehicle CA public key certificate C_Kr2p is issued using the OEM CA private key Kr1s stored in the unit 205.
An example of the electronic signature of the in-car certificate authority public key Kr2p is encrypted data obtained by encrypting a digest of data including the in-car certificate authority public key Kr2p and the IVCA identification information ivcaid with the OEM certificate authority private key Kr1s. Here, a hash value is used as an example of the digest. As an example of the public key certificate format, a public key certificate format of “X.509” standard defined by ITU-T or the like is used. The in-vehicle certificate authority public key Kr2p is stored at a predetermined position in the public key certificate format of the “X.509” standard. Further, the IVCA identification information ivcaid is stored at the position of “subject parameter: name of subject” in the public key certificate format of the “X.509” standard.

  An example of a method for generating the in-vehicle certificate authority public key certificate C_Kr2p in the storage unit 260 will be specifically described. In the storage unit 260, the public key certificate generation unit 202 stores the hash value hash (Kr2p, Kr2p, “X.509” standard public key certificate format data that stores the in-vehicle certificate authority public key Kr2p and the IVCA identification information ivcaid. ivcaid) is calculated. Next, the public key certificate generation unit 202 encrypts the hash value hash (Kr2p, ivcaid) with the OEM certification authority private key Kr1s stored in the certification authority key storage unit 205 of the storage unit 260. The encrypted data Kr1s (hash (Kr2p, ivcaid)) is an electronic signature of the in-vehicle certificate authority public key Kr2p. Next, the public key certificate generation unit 202 includes an in-vehicle certificate authority public key Kr2p, IVCA identification information ivcaid, and an electronic signature Kr2s of the in-vehicle certificate authority public key Kr2p (hash (Kr2p, ivcaid)) “X.509. "In-vehicle certificate authority public key certificate C_Kr2p" Kr2p, ivcaid, Kr1s (hash (Kr2p, ivcaid)) "in the standard public key certificate format.

(Step S318) In the OM certification authority 200, the communication unit 230 transmits the in-vehicle certificate authority public key certificate C_Kr2p issued by the public key certificate generation unit 202 to the in-vehicle certificate authority 300.
(Step S320) In the in-vehicle certificate authority 300, the certificate authority public key certificate acquisition unit 309 acquires the in-vehicle certificate authority public key certificate C_Kr2p transmitted by the OM certificate authority 200. Then, the certification authority public key certificate acquisition unit 309 stores the in-vehicle certification authority public key certificate C_Kr2p in the certification authority key storage unit 305.

In the sequence chart shown in FIG. 3, steps S312 to S320 are performed in a reliable process such as on the factory line of an automobile manufacturer. As a result, the OEM certification authority 200 can safely confirm the presence of the in-car certification authority 300.
Alternatively, the storage unit 360 of the in-vehicle certificate authority 300 is configured by a SIM, and the application area in the SIM is authenticated by the over-the-air while authenticating the SIM from the SIM application area maintenance server of the communication carrier. You may make it write safely the application of the state which received the issue of the public key certificate from the IM certification authority.

In the present embodiment, the description will be continued with respect to the case where the in-vehicle authentication station 300 is constructed using the SIM of the communication module in the TCU (Tele Communication Unit).
FIG. 4 is a diagram illustrating a configuration example of the automobile 1001 according to the present embodiment.
In FIG. 4, the automobile 1001 includes a first ECU 1010 and a plurality of second ECUs 1020. The first ECU 1010 and the second ECU 1020 are in-vehicle computers provided in the automobile 1001. First ECU 1010 is an ECU having a gateway function among ECUs mounted on automobile 1001. The second ECU 1020 is an ECU having functions such as engine control among ECUs mounted on the automobile 1001. Examples of the second ECU 1020 include an ECU having an engine control function, an ECU having a handle control function, and an ECU having a brake control function.

The first ECU 1010 and the plurality of second ECUs 1020 are connected to a CAN (Controller Area Network) 1030 provided in the automobile 1001. CAN 1030 is a communication network. CAN is known as one of communication networks mounted on vehicles. First ECU 1010 exchanges data with each second ECU 1020 via CAN 1030. Second ECU 1020 exchanges data with other second ECU 1020 via CAN 1030.
In addition, as a communication network mounted on the vehicle, a communication network other than CAN is provided in the automobile 1001, and exchange of data between the first ECU 1010 and the second ECU 1020 via the communication network other than CAN, and Data exchange between the second ECUs 1020 may be performed. For example, the automobile 1001 may include a LIN (Local Interconnect Network). In addition, the automobile 1001 may include CAN and LIN. In addition, the automobile 1001 may include a second ECU 1020 connected to the LIN. The first ECU 1010 may be connected to CAN and LIN. Further, the first ECU 1010 exchanges data with the second ECU 1020 connected to the CAN via the CAN, and also exchanges data with the second ECU 1020 connected to the LIN via the LIN. You may exchange data with. Further, the second ECUs 1020 may exchange data via the LIN.

  The automobile 1001 includes a diagnostic port 1060. As the diagnostic port 1060, for example, an OBD (On-board Diagnostics) port may be used. A diagnostic terminal 1065 can be connected to the diagnostic port 1060. Diagnostic port 1060 is connected to first ECU 1010. The first ECU 1010 and the diagnostic terminal 1065 connected to the diagnostic port 1060 exchange data via the diagnostic port 1060.

The automobile 1001 includes an infotainment device 1040. Examples of the infotainment device 1040 include a navigation function, a location information service function, a multimedia playback function such as music and video, a voice communication function, a data communication function, and an Internet connection function. The infotainment device 1040 is connected to the first ECU 1010. The first ECU 1010 transmits information input from the infotainment device 1040 to the second ECU 1020.
The automobile 1001 includes a TCU 1050. The TCU 1050 is a communication device. The TCU 1050 includes a communication module 1051. The communication module 1051 performs wireless communication using a wireless communication network. The communication module 1051 includes a SIM 1052. The SIM 1052 is a SIM in which information for using the wireless communication network is written. The SIM 1052 includes a storage unit 1053 that stores data such as keys. The communication module 1051 can use the SIM 1052 to connect to the wireless communication network and perform wireless communication. Note that an eSIM (Embedded Subscriber Identity Module) may be used as the SIM 1052. SIM and eSIM have tamper resistance. SIM and eSIM are examples of secure elements. The secure element has tamper resistance.
The TCU 1050 is connected to the first ECU 1010. The first ECU 1010 exchanges data with the communication module 1051 of the TCU 1050.
In the configuration of FIG. 4, data is exchanged between the first ECU 1010 and the communication module 1051 by directly connecting the first ECU 1010 and the TCU 1050, but the present invention is not limited to this. For example, the TCU 1050 may be connected to the infotainment device 1040, and the first ECU 1010 may exchange data with the communication module 1051 of the TCU 1050 via the infotainment device 1040. Alternatively, even if the TCU 1050 is connected to the diagnostic port 1060 instead of the diagnostic terminal 1065 and the first ECU 1010 exchanges data with the communication module 1051 of the TCU 1050 connected to the diagnostic port 1060 via the diagnostic port 1060. Good. Alternatively, the first ECU 1010 may include a communication module 1051 including a SIM 1052. When the first ECU 1010 includes the communication module 1051 including the SIM 1052, the automobile 1001 may not include the TCU 1050.

  The first ECU 1010 includes a main computing unit 1011 and an HSM (Hardware Security Module) 1012. The main arithmetic unit 1011 executes a computer program for realizing the function of the first ECU 1010. The HSM 1012 has a cryptographic processing function and the like. HSM 1012 has tamper resistance. The HSM 1012 is an example of a secure element (Secure Element: SE). The HSM 1012 includes a storage unit 1013 that stores data such as keys. The main arithmetic unit 1011 uses an HSM 1012. The second ECU 1020 includes a main computing unit 1021 and a SHE (Secure Hardware Extension) 1022. The main computing unit 1021 executes a computer program for realizing the function of the second ECU 1020. The SHE 1022 has a cryptographic processing function and the like. SHE1022 has tamper resistance. SHE1022 is an example of a secure element. The SHE 1022 includes a storage unit 1023 that stores data such as keys. The main computing unit 1021 uses SHE1022.

An in-vehicle computer system 1002 provided in the automobile 1001 is configured by connecting a first ECU 1010 and a plurality of second ECUs 1020 to a CAN 1030. The first ECU 1010 has a gateway function and monitors communication between the inside and the outside of the in-vehicle computer system 1002. In the present embodiment, the in-vehicle computer system 1002 functions as an in-vehicle control system for the automobile 1001.
In the following description, when the first ECU 1010 and the second ECU 1020 are not particularly distinguished, they are simply referred to as an ECU.

  Server device 1300 sends and receives data to and from communication module 1051 of TCU 1050 of automobile 1001 via a communication line. Server apparatus 1300 transmits and receives data to and from communication module 1051 via a wireless communication network used by communication module 1051 of TCU 1050 of automobile 1001. Alternatively, the server device 1300 may transmit / receive data to / from the communication module 1051 via a communication network such as the Internet and the wireless communication network. Further, for example, the server device 1300 and the communication module 1051 may be connected by a dedicated line such as a VPN (Virtual Private Network) line, and data may be transmitted and received through the dedicated line. For example, a dedicated line such as a VPN line may be provided by a wireless communication network corresponding to the SIM 1052.

<First ECU>
FIG. 5 is a diagram illustrating a configuration example of the first ECU 1010. In FIG. 5, the first ECU 1010 includes a main computing unit 1011, an HSM 1012, and an interface unit 20. The main computing unit 1011 includes a control unit 21 and a storage unit 22. The HSM 1012 includes a storage unit 1013, an initial key generation unit 33, an in-vehicle key generation unit 34, an encryption processing unit 35, an authentication unit 36, a key generation unit 37, and a public key certificate acquisition unit 38.
The interface unit 20 includes an interface for transmitting / receiving data via the CAN 1030, an interface for transmitting / receiving data to / from the infotainment device 1040, an interface for transmitting / receiving data to / from the TCU 1050, and an interface for transmitting / receiving data via the diagnostic port 1060. Prepare. The main computing unit 1011 transmits / receives data to / from devices other than the first ECU 1010 via the interface unit 20.
In the interface unit 20, an interface that transmits and receives data via the CAN 1030 may include a plurality of ports connected to the CAN 1030. As a result, the first ECU 1010 can send and receive data to and from the plurality of second ECUs 1020 simultaneously via the CAN 1030.

  The control unit 21 controls the first ECU 1010. The storage unit 22 stores data. The storage unit 1013 stores data such as keys. The initial key generation unit 33 generates an initial key for the second ECU 1020. The in-vehicle key generation unit 34 generates an in-vehicle key that is a key used inside the automobile 1001. The encryption processing unit 35 encrypts data and decrypts encrypted data. The authentication unit 36 performs authentication processing with the TCU 1050. Further, the authentication unit 36 performs an authentication process with the second ECU 1020. The key generation unit 37 generates a pair of the first ECU public key and the first ECU private key, and stores the first ECU private key in the storage unit 1013. The public key certificate acquisition unit 38 requests the TCU 1050 to issue a first ECU public key certificate, and acquires the first ECU public key certificate from the TCU 1050. For example, the public key certificate acquisition unit 38 transmits a public key certificate issuance request including the first ECU public key generated by the key generation unit 37 to the in-vehicle certificate authority 300. When the public key certificate acquisition unit 38 receives the first ECU public key certificate transmitted by the in-vehicle certificate authority 300, the public key certificate acquisition unit 38 stores the first ECU public key certificate in the storage unit 1013.

<Second ECU>
FIG. 6 is a diagram illustrating a configuration example of the second ECU 1020. In FIG. 6, the second ECU 1020 includes a main computing unit 1021, a SHE 1022, and an interface unit 40. The main computing unit 1021 includes a control unit 41 and a storage unit 42. The SHE 1022 includes a storage unit 1023, an encryption processing unit 53, an authentication unit 54, a key generation unit 55, and a public key certificate acquisition unit 56.
The interface unit 40 includes an interface that transmits and receives data via the CAN 1030. The main computing unit 1021 transmits and receives data to and from devices other than the second ECU 1020 through the interface unit 40.
The control unit 41 controls the second ECU 1020. The storage unit 42 stores data. The storage unit 1023 stores data such as keys. The encryption processing unit 53 encrypts data and decrypts encrypted data. The authentication unit 54 performs authentication processing with the TCU 1050. Further, the authentication unit 54 performs authentication processing with the first ECU 1010. The key generation unit 55 generates a pair of the second ECU public key and the second ECU secret key, and stores the second ECU secret key in the storage unit 1023. The public key certificate acquisition unit 56 requests the TCU 1050 to issue a second ECU public key certificate, and acquires the second ECU public key certificate from the TCU 1050. For example, the public key certificate acquisition unit 56 transmits a public key certificate issue request including the second ECU public key generated by the key generation unit 55 to the TCU 1050. When the public key certificate acquisition unit 56 receives the second ECU public key certificate transmitted by the TCU 1050, the public key certificate acquisition unit 56 stores the second ECU public key certificate in the storage unit 1023.

Next, an example of a public key certificate issuing method according to the embodiment will be described with reference to FIG. Here, as an example, a case where the TCU 1050 issues a public key certificate to the first ECU 1010 will be described. Note that the present invention can also be applied to a case where the TCU 1050 issues a public key certificate to the second ECU 1020.
(Step S702) The first ECU 1010 transmits the ECU_ID of the first ECU 1010 to the TCU 1050.
(Step S704) Upon receiving the ECU_ID of the first ECU 1010 transmitted from the first ECU 1010, the TCU 1050 uses the initial key generated from the ECU_ID of the first ECU 1010 and the master key (Master_Secret). Mutual authentication with one ECU 1010 is performed. As an example of this mutual authentication method, a challenge / response authentication method is used in the present embodiment.
In the challenge / response authentication method, a challenge value (for example, a random number generated by the authentication unit 355 of the SIM 1052 of the TCU 1050) is sent from one (authentication unit 355) to the other (the authentication unit 36 of the HSM 1012 of the first ECU 1010). The authentication unit 36 of the HSM 1012 of the first ECU 1010 encrypts the challenge value with the initial key stored in the storage unit 1013, and sends the encrypted data of the challenge value to the authentication unit 355 of the SIM 1052 of the TCU 1050 as a response value. The authentication unit 355 of the SIM 1052 of the TCU 1050 decrypts the response value with the initial key, and checks whether the decryption result matches the challenge value. If the response value test is successful, authentication in one direction (direction in which the SIM 1052 of the TCU 1050 authenticates the first ECU 1010) is successful. The other direction (the direction in which the first ECU 1010 authenticates the SIM 1052 of the TCU 1050) is performed in the same manner. If the response value inspection passes, the other direction (the first ECU 1010 authenticates the SIM 1052 in the TCU 1050). Authentication) is successful. When the authentication in both directions is successful, the mutual authentication between the SIM 1052 of the TCU 1050 and the first ECU 1010 is successful, and when the authentication in either direction is unsuccessful, the mutual authentication between the SIM 1052 of the TCU 1050 and the first ECU 1010 is successful. Is a failure.
(Step S706) When the authentication of the first ECU 1010 is successful, a public key certificate is issued from the TCU 1050 to the first ECU 1010.

<Process for writing ECU initial key to ECU>
With reference to FIG. 8, a process of writing the ECU initial key to the first ECU 1010 and the second ECU 1020 will be described. In FIG. 8, the first ECU 1010 and the second ECU 1020 are referred to as an ECU 420.
In FIG. 8, the initial key writing device 701 is installed in a room 700 in the manufacturing factory of the ECU 420. The room 700 is a room in which information security is ensured. The initial key writing device 701 has a master key (MASTER KEY) Master_Secret. The master key Master_Secret is set in the initial key writing device 701 in advance. Setting of the master key Master_Secret for the initial key writing device 701 is executed safely. The master key Master_Secret included in the initial key writing device 701 and the master key Master_Secret stored in the storage unit 1013 of the HSM 1012 of the first ECU 1010 of the automobile 1001 are the same. The master key Master_Secret is managed securely.
Note that the master key Master_Secret is not necessarily stored in the HSM 1012 of the first ECU 1010.

The initial key writing device 701 includes an ECU connection interface for exchanging data with the ECU 420. The initial key writing device 701 exchanges data with the ECU 420 connected to the ECU connection interface. Here, the initial key writing device 701 includes three ECU connection interfaces, and allows the three second ECUs 1020 to be simultaneously connected through the ECU connection interfaces.
FIG. 8 shows three ECUs 420 as the ECUs 420 mounted on the automobile 1001. The three ECUs 420 are referred to as ECU_A_420, ECU_B_420, and ECU_C_420, respectively. Here, ECU_A_420, ECU_B_420, and ECU_C_420 will be described as examples.

The initial key writing device 701 simultaneously connects ECU_A_420, ECU_B_420, and ECU_C_420 through the ECU connection interface.
(Step S802) Each of the ECU_A_420, ECU_B_420, and ECU_C_420 transmits its own ECU identifier to the initial key writing device 701. Specifically, ECU_A_420 transmits ECU identifier ECU_ID_A to initial key writing device 701. ECU_B_420 transmits ECU identifier ECU_ID_B to initial key writing device 701. ECU_C_420 transmits ECU identifier ECU_ID_C to initial key writing device 701.
As the ECU identifier, for example, an identifier embedded in a semiconductor integrated circuit such as an LSI as hardware constituting the ECU 420 at the time of manufacture may be used. For example, an identifier embedded in the microcomputer LSI of the ECU 420 may be used as the ECU identifier.
(Step S804) The initial key writing device 701 generates an ECU initial key using the master key Master_Secret and the ECU identifier. Specifically, the initial key writing device 701 uses the master key Master_Secret and the ECU identifier ECU_ID_A of the ECU_A_420 to generate the ECU initial key Key_A of the ECU_A_420. The initial key writing device 701 uses the master key Master_Secret and the ECU identifier ECU_ID_B of the ECU_B_420 to generate the ECU initial key Key_B of the ECU_B_420. The initial key writing device 701 uses the master key Master_Secret and the ECU identifier ECU_ID_C of the ECU_C_420 to generate the ECU initial key Key_C of the ECU_C_420.

Examples 1 and 2 of the ECU initial key generation method will be described.
(Example 1 of ECU initial key generation method)
In Example 1 of the ECU initial key generation method, a hash function is used. For example, the hash value may be calculated using the concatenated data of the master key Master_Secret and the ECU identifier as the input value, and the calculated hash value may be used as the ECU initial key.
(Example 2 of ECU initial key generation method)
In the second example of the ECU initial key generation method, an exclusive OR operation is used. For example, an exclusive OR operation of the master key Master_Secret and the ECU identifier may be executed, and the value “master key Master_Secret xor ECU identifier” of the operation result may be used as the ECU initial key.
However, “A xor B” is an exclusive OR of A and B.

(Step S806) The initial key writing device 701 writes the generated ECU initial key to the corresponding second ECU 1020. Specifically, the initial key writing device 701 writes the ECU initial key Key_A to the ECU_A_420. The initial key writing device 701 writes the ECU initial key Key_B into the ECU_B_420. The initial key writing device 701 writes the ECU initial key Key_C into the ECU_C_420.

After the ECU initial key is written, ECU_A_420, ECU_B_420, and ECU_C_420 are mounted on the automobile 1001.
<Example 1 of distribution of in-vehicle common key>
With reference to FIG. 9, Example 1 of distribution of the in-vehicle common key according to the embodiment will be described. FIG. 9 shows a method of distributing the in-vehicle common key to the second ECU 1020 in the automobile 1001.
The HSM 1012 of the first ECU 1010 (master ECU) stores the initial key of the second ECU 1020 already mounted on the automobile 1001 in the storage unit 1013. The storage unit 1013 stores the latest in-vehicle common key Kx2. The in-vehicle common key Kx2 is the latest in-vehicle common key distributed in the past to the second ECU 1020 already mounted on the automobile 1001.
Here, one second ECU 1020 mounted on the automobile 1001 will be described. The SHE 1022 of the second ECU 1020 stores the initial key Ki5 of the second ECU 1020 in the storage unit 423. Second ECU 1020 has its own identifier ECU_ID. The storage unit 360 of the in-car certificate authority 300 stores the master key in the certificate authority key storage unit 305. The master key stored in the certificate authority key storage unit 305 of the storage unit 360 is the master key used together with the identifier ECU_ID of the second ECU 1020 when the initial key Ki5 stored in the storage unit 1023 of the second ECU 1020 is generated. Is the same master key.

(Step S <b> 902) The second ECU 1020 supplies its own identifier ECU_ID to the storage unit 360 when the power is turned on for the first time after being mounted on the automobile 1001. The identifier ECU_ID of the second ECU 1020 is transmitted from the second ECU 1020 to the communication module 1051 via the first ECU 1010. The communication module 1051 supplies the received identifier ECU_ID of the second ECU 1020 to the storage unit 360.
(Step S904) The initial key generation unit 301 acquires the master key from the certificate authority key storage unit 305, and uses the acquired master key and the identifier ECU_ID of the second ECU 1020 to obtain the initial key Ki5 of the second ECU 1020. Generate. The communication unit 330 transmits the set of the initial key Ki5 of the second ECU 1020 generated by the storage unit 360 and the identifier ECU_ID of the second ECU 1020 to the first ECU 1010.
The first ECU 1010 supplies the received set of the initial key Ki5 of the second ECU 1020 and the identifier ECU_ID of the second ECU 1020 to the HSM 1012. The HSM 1012 stores the initial key Ki5 of the second ECU 1020 in the storage unit 1013 in association with the identifier ECU_ID of the second ECU 1020. Thereby, the first ECU 1010 shares the initial key Ki5 of the second ECU 1020 with the second ECU 1020.
The method of generating the initial key of the second ECU 1020 is determined in advance. Examples 1 and 2 of the initial key generation method of the second ECU 1020 will be described.

(Example 1 of initial key generation method of second ECU 1020)
In the first example of the initial key generation method of the second ECU 1020, a hash function is used. For example, the hash value may be calculated using the concatenated data of the master key and the identifier ECU_ID of the second ECU 1020 as an input value, and the calculated hash value may be used as the initial key of the second ECU 1020.

(Example 2 of initial key generation method of second ECU 1020)
In the second example of the initial key generation method of the second ECU 1020, an exclusive OR operation is used. For example, an exclusive OR operation of the master key and the identifier ECU_ID of the second ECU 1020 may be executed, and the value “master key xor identifier ECU_ID” of the operation result may be used as the initial key of the second ECU 1020. However, “A xor B” is an exclusive OR of A and B. (Step S906) The HSM 1012 of the first ECU 1010 generates a random number Rm, and uses the generated random number Rm as a challenge value. First ECU 1010 transmits challenge value Rm to second ECU 1020.

(Step S908) The second ECU 1020 supplies the challenge value Rm received from the first ECU 1010 to the SHE 1022. The SHE 1022 generates encrypted data Ki5 (Rm) obtained by encrypting the challenge value Rm with the initial key Ki5 of the second ECU 1020 stored in the storage unit 423. The second ECU 1020 transmits the encrypted data Ki5 (Rm) as a response value to the first ECU 1010. The first ECU 1010 supplies the received response value Ki5 (Rm) to the HSM 1012.

  The HSM 1012 executes response matching processing on the response value Ki5 (Rm). In the response matching process, the HSM 1012 verifies the response value Ki5 (Rm) using the initial key Ki5 of the second ECU 1020 stored in the storage unit 1013. Examples of the verification method of the response value Ki5 (Rm) include the following verification method examples 1 and 2.

(Verification method example 1)
The HSM 1012 encrypts the challenge value Rm with each of the plurality of initial keys Ki1, ..., Ki5, ... stored in the storage unit 1013, and whether each encrypted result matches the response value Ki5 (Rm). Determine. As a result of the determination, if there is only one encrypted result that matches the response value Ki5 (Rm), the response value Ki5 (Rm) has been successfully verified. On the other hand, if the result of determination is that there is no encrypted result that matches the response value Ki5 (Rm), and there are multiple encrypted results that match the response value Ki5 (Rm), the response value Ki5 (Rm) Verification failed.
(Verification method example 2)
The HSM 1012 decrypts the response value Ki5 (Rm) with each of the plurality of initial keys Ki1, ..., Ki5, ... stored in the storage unit 1013, and whether each decryption result matches the challenge value Rm. Determine. As a result of the determination, if there is only one decryption result that matches the challenge value Rm, the verification of the response value Ki5 (Rm) is successful. On the other hand, if the result of determination is that there is no decryption result that matches the challenge value Rm, and there are multiple decryption results that match the challenge value Rm, verification of the response value Ki5 (Rm) fails.

  If the verification of the response value Ki5 (Rm) is successful, the process proceeds to the subsequent steps. On the other hand, if the verification of the response value Ki5 (Rm) is unsuccessful, the process in FIG. 9 is terminated. Note that if the verification of the response value Ki5 (Rm) fails, a predetermined error process may be performed.

(Step S910) The SHE 1022 of the second ECU 1020 generates a random number Rn, and uses the generated random number Rn as a challenge value. Second ECU 1020 transmits challenge value Rn to master ECU 1010.
(Step S912) The first ECU 1010 supplies the challenge value Rn received from the second ECU 1020 to the HSM 1012. The HSM 1012 generates encrypted data Ki5 (Rn) obtained by encrypting the challenge value Rn with the initial key Ki5 of the second ECU 1020 used when the response value Ki5 (Rm) in step S908 has been successfully verified. To do. The first ECU 1010 transmits the encrypted data Ki5 (Rn) as a response value to the second ECU 1020. The second ECU 1020 supplies the received response value Ki5 (Rn) to the SHE1022.

The SHE 1022 executes response matching processing on the response value Ki5 (Rn). In the response matching process, the SHE 1022 verifies the response value Ki5 (Rn) using the initial key Ki5 of the second ECU 1020 stored in the storage unit 1023. As a method for verifying the response value Ki5 (Rn), the same method as the above-described verification method examples 1 and 2 can be cited.
If the verification of the response value Ki5 (Rn) is successful, the process proceeds to the subsequent steps. On the other hand, if the verification of the response value Ki5 (Rn) is unsuccessful, the process in FIG. 9 is terminated. Note that if the verification of the response value Ki5 (Rn) fails, a predetermined error process may be performed.

(Step S914) The HSM 1012 of the first ECU 1010 stores in the storage unit 1013 using the initial key Ki5 of the second ECU 1020 that was used when the response value Ki5 (Rn) was successfully verified in step S908. The in-vehicle common key Kx2 is encrypted to generate an in-vehicle exchange key Ki5 (Kx2). First ECU 1010 transmits in-vehicle exchange key Ki5 (Kx2) to second ECU 1020. The second ECU 1020 supplies the received in-vehicle exchange key Ki5 (Kx2) to the SHE1022.
(Step S916) The SHE 1022 of the second ECU 1020 decrypts the encrypted in-vehicle common key Ki5 (Kx2) with the initial key Ki5 of the second ECU 1020 stored in the key storage unit 23. As a result of this decryption, the in-vehicle common key Kx2 is obtained.

(Step S918) The SHE 1022 of the second ECU 1020 stores the decrypted in-vehicle common key Kx2 in the storage unit 423.
In Example 1 of the communication method described above, the storage unit 360 has a master key with a relatively high level of key security requirement, and generates an initial key of the second ECU 1020 using the master key. Further, the HSM 1012 executes processing at the time of distributing the in-vehicle common key, which has a relatively high level of request for high-speed key distribution.

Second Embodiment
FIG. 10 is a diagram illustrating a configuration example of an automobile 1001 according to the present embodiment. In the present embodiment, a case where a public key certificate is issued from the maintenance tool outside the vehicle to the first ECU 1010 and the second ECU 1020 will be described as an example.
10, parts corresponding to those in FIG. 4 are given the same reference numerals, and explanation thereof is omitted. In the configuration example of the automobile shown in FIG. 10, a maintenance tool 1200 can be connected to the diagnosis port 1060. The first ECU 1010 and the maintenance tool 1200 connected to the diagnostic port 1060 exchange data via the diagnostic port 1060. The maintenance tool 1200 may have a function of a conventional diagnostic terminal connected to the OBD port.

  The maintenance tool 1200 includes a control module 1201. The control module 1201 includes an IC (Integrated Circuit) chip 1202. The IC chip 1202 includes a storage unit 1203 that stores data such as keys. The IC chip 1202 has tamper resistance. The IC chip 1202 is an example of a secure element. The IC chip 1202 is a kind of computer and realizes a desired function by a computer program. The configuration of the certification authority 300 built in the maintenance tool 1200 using the IC chip 1202 can be applied to the configuration of the in-car certification authority 300 of FIG.

  The server apparatus 1300 transmits and receives data to and from the maintenance tool 1200 via a communication line. For example, the server apparatus 1300 and the maintenance tool 1200 may be connected by a dedicated line such as a VPN line, and data may be transmitted / received through the dedicated line.

Next, an example of a public key certificate issuing method according to the embodiment will be described with reference to FIG. Here, as an example, a case where the maintenance tool 1200 issues a public key certificate to the first ECU 1010 will be described. The present invention can also be applied to the case where the maintenance tool 1200 issues a public key certificate to the second ECU 1020.
(Step S1102) The first ECU 1010 transmits the ECU_ID of the first ECU 1010 to the maintenance tool 1200.
(Step S1104) Upon receiving the ECU_ID of the first ECU 1010 transmitted from the first ECU 1010, the maintenance tool 1200 uses an initial key generated from the ECU_ID of the first ECU 1010 and the master key (Master_Secret). And mutual authentication with the first ECU 1010.
(Step S1106) When the authentication of the first ECU 1010 is successful, a public key certificate is issued from the maintenance tool 1200 to the first ECU 1010.

<Third Embodiment>
FIG. 12 is a diagram illustrating a configuration example of an automobile 1001 according to the present embodiment. In the present embodiment, a case where a public key certificate is issued from the server device 1300 outside the vehicle to the first ECU 1010 will be described as an example.
In FIG. 12, parts corresponding to those in FIG. 4 are assigned the same reference numerals and explanations thereof are omitted. In the configuration example of the automobile shown in FIG. 12, the SIM 1052 included in the communication module 1051 of the TCU 1050 does not include the storage unit 1053 that stores data such as keys.
The configuration of the in-car certificate authority 300 in FIG.
Next, an example of a public key certificate issuing method according to the embodiment will be described with reference to FIG. Here, as an example, a case where server apparatus 1300 issues a public key certificate to first ECU 1010 will be described. Note that the present invention can also be applied to the case where the server apparatus 1300 issues a public key certificate to the second ECU 1020.
(Step S1302) First ECU 1010 transmits the ECU_ID of first ECU 1010 to server apparatus 1300.
(Step S1304) Upon receiving the ECU_ID of the first ECU 1010 transmitted from the first ECU 1010, the server apparatus 1300 uses the initial key generated from the ECU_ID of the first ECU 1010 and the master key (Master_Secret). And mutual authentication with the first ECU 1010.
(Step S1306) When the authentication of the first ECU 1010 is successful, a public key certificate is issued from the server device 1300 to the first ECU 1010.

<Fourth embodiment>
FIG. 14 is a diagram illustrating a configuration example of an automobile 1001 according to the present embodiment. In the present embodiment, a case where a public key certificate is issued from the first ECU 1010 to the second ECU 1020 will be described as an example.
In FIG. 14, parts corresponding to those in FIG. 4 are given the same reference numerals, and descriptions thereof are omitted.
Next, an example of a public key certificate issuing method according to the embodiment will be described with reference to FIG. Here, as an example, a case where the first ECU 1010 issues a public key certificate to the second ECU 1020 will be described.
(Step S1502) The second ECU 1020 transmits the ECU_ID of the second ECU 1020 to the first ECU 1010.
(Step S1504) Upon receiving the ECU_ID of the second ECU 1020 transmitted from the second ECU 1020, the first ECU 1010 receives an initial key generated from the ECU_ID of the second ECU 1020 and the master key (Master_Secret). Using this, mutual authentication with the second ECU 1020 is performed. As an example of this mutual authentication method, the above-described challenge / response authentication method is used in the present embodiment.
(Step S1506) When the authentication of the second ECU 1020 is successful, the public key certificate is issued from the first ECU 1010 to the second ECU 1020.
In the embodiment described above, between the SIM 1052 of the communication module 1051 of the TCU 1050 and the first ECU 1010, between the IC chip 1202 of the maintenance tool 1200 and the first ECU 1010, between the server device 1300 and the first ECU 1010, In addition, although the case where authentication is performed using the initial key between the first ECU 1010 and the second ECU 1020 has been described, the present invention is not limited to this example. For example, between the SIM 1052 of the communication module 1051 of the TCU 1050 and the first ECU 1010, between the IC chip 1202 of the maintenance tool 1200 and the first ECU 1010, between the server apparatus 1300 and the first ECU 1010, and the first The ECU 1010 and the second ECU 1020 may authenticate using an in-vehicle common key instead of the initial key. When authenticating with the in-vehicle common key, the first ECU 1010 transmits the in-vehicle common key to the SIM 1052 of the communication module 1051 of the TCU 1050, the IC chip 1202 of the maintenance tool 1200, and the server device 1300. The first ECU 1010 may encrypt and transmit the in-vehicle common key with the initial key.

<Modification>
FIG. 16 is a diagram illustrating a hierarchical configuration according to the modification. The hierarchical configuration 2 according to the modification is obtained by omitting the in-vehicle certificate authority 300 from the hierarchical configuration 1 according to the embodiment. In other words, in the hierarchical structure 2 according to the modification, the OM certification authority 200 issues a public key certificate to the first ECU 1010 and an application installed in the first ECU 1010. As the configuration of the OEM certification authority 200, the configuration of the in-car certification authority 300 of FIG. 2 can be applied.

<Operation of OM Certification Authority and First ECU>
Next, an example of a public key certificate issuance method according to a modification will be described with reference to FIG. Here, as an example, a case where the OAM certification authority 200 issues a public key certificate to the first ECU 1010 will be described. Note that the present invention can also be applied to a case where the OM certificate authority 200 issues a public key certificate to the second ECU 1020.
(Step S1702) The first ECU 1010 transmits the ECU_ID of the first ECU 1010 to the OM certification authority 200.
(Step S1704) Upon receiving the ECU_ID of the first ECU 1010 transmitted from the first ECU 1010, the OM certification authority 200 receives an initial key generated from the ECU_ID of the first ECU 1010 and the master key (Master_Secret). Is used for mutual authentication with the first ECU 1010.
(Step S1706) When the authentication of the first ECU 1010 is successful, the OEM certification authority 200 issues a public key certificate to the first ECU 1010.

According to the embodiment and the modification, a new public key infrastructure is provided for authentication of an application installed in an automobile, an in-vehicle ECU, and an ECU. Specifically, it is composed of three layers: a root certificate authority that authenticates automobile manufacturers, an OEM certificate authority that is operated by each automobile manufacturer, and an in-car certificate authority that issues public key certificates to ECUs and applications in the car.
Furthermore, when issuing a public key certificate from an in-vehicle certificate authority to an application installed in an automobile, ECU, or ECU, an initial key derived from a master key preset in each ECU or an initial key is used. An in-vehicle common key distributed from one ECU to the second ECU is used. Thereby, the public key certificate can be issued after confirming the reliability of the ECU.

  Further, it is possible to prevent a public key certificate from being issued to a fake ECU or a fake application installed in the ECU. Also, public key certificate based authentication can be performed between cars of different car manufacturers, between ECUs, and between applications installed in ECUs.

As mentioned above, although embodiment of this invention was explained in full detail with reference to drawings, the specific structure is not restricted to this embodiment, The design change etc. of the range which does not deviate from the summary of this invention are included.
In the above-described embodiment, an automobile is taken as an example of the vehicle, but the present invention can also be applied to vehicles other than automobiles such as a motorbike and a railway vehicle.

Further, a computer program for realizing the functions of the above-described root certificate authority, OEM certificate authority, first ECU, or second ECU is recorded on a computer-readable recording medium, and recorded on the recording medium. The program may be read into a computer system and executed. Here, the “computer system” may include an OS and hardware such as peripheral devices.
“Computer-readable recording medium” refers to a flexible disk, a magneto-optical disk, a ROM, a writable nonvolatile memory such as a flash memory, a portable medium such as a DVD (Digital Versatile Disc), and a built-in computer system. A storage device such as a hard disk.

Further, the “computer-readable recording medium” means a volatile memory (for example, DRAM (Dynamic DRAM) in a computer system that becomes a server or a client when a program is transmitted through a network such as the Internet or a communication line such as a telephone line. Random Access Memory)), etc., which hold programs for a certain period of time. The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.
The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

DESCRIPTION OF SYMBOLS 100 ... Root certificate authority, 102 ... Certificate authority public key certificate production | generation part, 105 ... Root certificate authority key memory | storage part, 145 ... Control part, 150 ... Application, 135 ... Communication part, 160 ... Memory | storage part, 200 ... OM authentication 208, public key certificate generation unit, 205 ... certificate authority key storage unit, 208 ... certificate authority key generation unit, 209 ... certificate authority public key certificate acquisition unit, 230 ... communication unit, 240 ... control unit, 250 ... Application, storage unit ... 260, 300 ... in-car certificate authority, 301 ... initial key generation unit, 302 ... public key certificate generation unit, 304 ... encryption processing unit, 305 ... certificate authority key storage unit, 308 ... certificate authority key generation unit 309: Certificate authority public key certificate acquisition unit 330 ... Communication unit 340 ... Control unit 345 ... Application 355 ... Authentication unit 360 ... Storage unit 1001 ... Automobile 1010 ... First ECU, 1011 ... main arithmetic unit, 1012 ... HSM, 1013 ... storage unit, 1021 ... main arithmetic unit, 1022 ... HSM, 1023 ... storage unit, 20 ... interface unit, 21 ... control unit, 22 ... storage unit, 33 ... initial stage Key generation unit 34 ... In-vehicle key generation unit 35 ... Cryptographic processing unit 36 ... Authentication unit 37 ... Key generation unit 38 ... Public key certificate acquisition unit 1020 ... Second ECU 40 ... Interface unit 41 ... Control unit, 42 ... Storage unit, 53 ... Cryptographic processing unit, 54 ... Authentication unit, 55 ... Key generation unit, 56 ... Public key certificate acquisition unit, 1030 ... CAN, 1050 ... TCU, 1051 ... Communication module, 1052 ... SIM, 1060 ... diagnostic port

Claims (9)

An in-vehicle computer mounted on the vehicle;
A first certificate authority in the uppermost layer for authenticating a vehicle manufacturer of the vehicle, a certificate authority in a lower layer of the first certificate authority, operated by each vehicle manufacturer, and subordinate to the second certificate authority The third certificate authority in a three-tier certificate authority configuration comprising a third certificate authority in a layer,
The third certificate authority is
A CA key storage unit for storing the CA public key certificate and the CA private key;
A first authentication unit that performs authentication with the in-vehicle computer based on the common key of the vehicle;
A first communication unit for receiving a request for issuing a public key certificate of the in-vehicle computer transmitted by the in-vehicle computer;
When the authentication by the first authentication unit is successful, the in-vehicle computer public key certificate is issued by signing the in-vehicle computer public key included in the public key certificate issuance request with the CA private key. An in-vehicle computer public key certificate issuing unit,
The first communication unit transmits the issued in-vehicle computer public key certificate to the in-vehicle computer that is the transmission source of the public key certificate issuance request,
The in-vehicle computer is
A second authentication unit that performs authentication with the first authentication unit of the third certificate authority based on the common key of the vehicle;
An in-vehicle computer key generation unit that generates the in-vehicle computer public key and an in-vehicle computer private key that forms a pair with the in-vehicle computer public key;
A request for issuing a public key certificate for the in-vehicle computer public key is transmitted to the third certificate authority, and an in-vehicle computer public key certificate transmitted by the third certificate authority is acquired in response to the request for issuing the public key certificate A public key certificate acquisition unit for
system. The in-vehicle computer is
A first storage unit for storing an initial key;
A second communication unit that transmits identification information of the in-vehicle computer to the third certificate authority,
The third certificate authority is
A second storage unit for storing a master key used for generating the initial key;
An initial key generation unit that generates an initial key based on the master key and the identification information of the in-vehicle computer transmitted by the in-vehicle computer,
The second authentication unit of the in-vehicle computer performs authentication with the first authentication unit of the third certificate authority based on the initial key of the first storage unit,
The first authentication unit of the third certificate authority performs authentication with the second authentication unit of the in-vehicle computer based on the initial key generated by the initial key generation unit.
The system of claim 1. It is a certificate authority that performs authentication on in-vehicle computers installed in vehicles,
The certificate authority includes a first certificate authority in the highest layer that authenticates a vehicle manufacturer of the vehicle, a certificate authority in a lower layer of the first certificate authority, operated by each vehicle manufacturer, and the first certificate authority The third certificate authority in a three-tier certificate authority configuration comprising a third certificate authority in a lower layer of two certificate authorities,
A CA key storage unit for storing the CA public key certificate and the CA private key;
A first authentication unit that performs authentication with the in-vehicle computer based on the common key of the vehicle;
A first communication unit for receiving a request for issuing a public key certificate of the in-vehicle computer transmitted by the in-vehicle computer;
When the authentication by the first authentication unit is successful, the in-vehicle computer public key certificate is issued by signing the in-vehicle computer public key included in the public key certificate issuance request with the CA private key. An in-vehicle computer public key certificate issuing unit,
The first communication unit transmits the issued in-vehicle computer public key certificate to the in-vehicle computer that is the transmission source of the public key certificate issuance request.
Certificate authority. A second storage unit for storing a master key used for generating an initial key of the in-vehicle computer;
An initial key generation unit that generates an initial key based on the master key and the identification information of the in-vehicle computer transmitted by the in-vehicle computer,
The first authentication unit performs authentication with the second authentication unit of the in-vehicle computer based on the initial key generated by the initial key generation unit.
The certificate authority according to claim 3. An in-vehicle computer mounted on a vehicle,
A first certificate authority in the uppermost layer for authenticating a vehicle manufacturer of the vehicle, a certificate authority in a lower layer of the first certificate authority, operated by each vehicle manufacturer, and subordinate to the second certificate authority A second authentication unit that performs authentication based on a common key of the vehicle with the third certificate authority in a three-tier certificate authority configuration including a third certificate authority of a layer;
An in-vehicle computer public key, and an in-vehicle computer key generation unit that generates an in-vehicle computer private key paired with the in-vehicle computer public key;
A request for issuing a public key certificate for the in-vehicle computer public key is transmitted to the third certificate authority, and an in-vehicle computer public key certificate transmitted by the third certificate authority is acquired in response to the request for issuing the public key certificate A public key certificate acquisition unit for
The in-vehicle computer public key certificate is issued by the third certificate authority when authentication performed based on the common key of the vehicle between the third certificate authority and the second authentication unit is successful. The
In-vehicle computer. A first storage unit for storing an initial key;
A second communication unit that transmits the identification information of the in-vehicle computer to the third certificate authority that generates the initial key based on the master key used for generating the initial key and the identification information of the in-vehicle computer; Prepared,
The second authentication unit performs authentication with the third certificate authority based on an initial key of the first storage unit;
The in-vehicle computer according to claim 5. An in-vehicle computer mounted on the vehicle;
A first certificate authority in the uppermost layer for authenticating a vehicle manufacturer of the vehicle, a certificate authority in a lower layer of the first certificate authority, operated by each vehicle manufacturer, and subordinate to the second certificate authority A public key certificate issuance method executed by a system comprising: a third certificate authority in a three-tier certificate authority configuration comprising a third certificate authority in a layer;
The third certificate authority stores a certificate authority public key certificate and a certificate authority private key;
The third certificate authority authenticates with the in-vehicle computer based on a common key of the vehicle;
The in-vehicle computer authenticating with the third certificate authority based on a common key of the vehicle;
The vehicle computer generating the vehicle computer public key paired with the vehicle computer public key and the vehicle computer public key;
The in-vehicle computer transmitting a request for issuing a public key certificate of the in-vehicle computer public key to the third certificate authority;
The third certificate authority receives a request to issue a public key certificate of the in-vehicle computer transmitted by the in-vehicle computer;
When the third certificate authority succeeds in authentication with the in-vehicle computer based on the common key of the vehicle, the in-vehicle information included in the public key certificate issuance request with the certificate authority private key. Signing the computer public key and issuing an in-vehicle computer public key certificate;
The third certificate authority transmits the issued in-vehicle computer public key certificate to the in-vehicle computer that is the transmission source of the public key certificate issuance request;
The in-vehicle computer obtaining an in-vehicle computer public key certificate transmitted by the third certificate authority;
Public key certificate issuing method including An in-vehicle computer mounted on the vehicle;
A first certificate authority in the uppermost layer for authenticating a vehicle manufacturer of the vehicle, a certificate authority in a lower layer of the first certificate authority, operated by each vehicle manufacturer, and subordinate to the second certificate authority A computer of the third certificate authority of the system comprising: the third certificate authority in a three-tier certificate authority configuration comprising a third certificate authority in a layer;
Storing a certificate authority public key certificate and a certificate authority private key;
An authentication step of performing authentication with the in-vehicle computer based on the common key of the vehicle;
Receiving an issuance request for the public key certificate of the in-vehicle computer transmitted by the in-vehicle computer;
When the authentication performed based on the vehicle common key with the in-vehicle computer is successful, the in-vehicle computer public key included in the public key certificate issuance request is signed with the CA private key. Issuing an in-vehicle computer public key certificate;
Transmitting the issued in-vehicle computer public key certificate to the in-vehicle computer that is the transmission source of the public key certificate issuance request;
A program for running In-vehicle computers mounted on vehicles
A first certificate authority in the uppermost layer for authenticating a vehicle manufacturer of the vehicle, a certificate authority in a lower layer of the first certificate authority, operated by each vehicle manufacturer, and subordinate to the second certificate authority An authentication step of performing authentication based on the common key of the vehicle with the third certificate authority in a three-tier certificate authority configuration comprising a third certificate authority of a layer;
Generating an in-vehicle computer public key and an in-vehicle computer private key paired with the in-vehicle computer public key;
Transmitting a request for issuing a public key certificate of the in-vehicle computer public key to the third certificate authority;
Obtaining an in-vehicle computer public key certificate transmitted by the third certificate authority;
Is a program that executes
The in-vehicle computer public key certificate is issued by the third certificate authority when the authentication performed based on the common key of the vehicle between the third certificate authority and the in-vehicle computer is successful.
program.

Images