JP2018186486A - Information processing apparatus, information processing system, and information processing method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide useful data for a log analysis.SOLUTION: A GW 10 includes a storage control unit 32G. The storage control unit 32G stores in a storage unit 34 communication data of nodes 20 connected via a network N and authentication information used for authentication between the nodes 20 at a time of communication data communication in association with each other.SELECTED DRAWING: Figure 4

Description

  Embodiments described herein relate generally to an information processing apparatus, an information processing system, and an information processing method.

  A system is known in which a plurality of nodes are connected to a network, and communication between these nodes is performed via a gateway device (hereinafter abbreviated as “GW”). For example, a configuration in which such a system is mounted on a vehicle is disclosed. Log data such as driving environment monitoring results, internal / external communication, driver operations, logs related to the internal system state of the vehicle, and the like are used for analysis of the traveling state of the vehicle.

  For example, a system is disclosed in which vehicle information within a period corresponding to a detection point of vehicle behavior is stored in a vehicle and transmitted to a server. Here, when analyzing log data, it may be necessary to estimate the causal relationship of communication data between nodes and in a node mounted on a vehicle. However, conventionally, information capable of estimating the causal relationship between nodes and within each node of communication data included in log data has not been provided. That is, conventionally, it has been difficult to provide data useful for log analysis.

JP 2017-004445 A

  The problem to be solved by the present invention is to provide an information processing apparatus, an information processing system, and an information processing method capable of providing data useful for log analysis.

  The information processing apparatus according to the embodiment includes a storage control unit. The storage control unit stores the communication data of the nodes connected via the network and the authentication information used for authentication between the nodes when communicating the communication data in the storage unit in association with each other.

The schematic diagram which shows the outline | summary of an information processing system. The block diagram which shows the hardware structural example of GW. The block diagram which shows the hardware structural example of a node. The block diagram which shows the functional structural example of GW and a node. The schematic diagram which shows an example of the data structure of log DB. The schematic diagram which shows an example of the data structure of log DB. The flowchart which shows an example of the procedure of the information processing performed by GW. The flowchart which shows an example of the procedure of the information processing performed by a node. The block diagram which shows the functional structural example of GW and a node. The schematic diagram which shows an example of the data structure of log DB. The flowchart which shows an example of the procedure of the information processing performed by GW. The flowchart which shows an example of the procedure of the information processing performed by a node.

  The information processing system according to the embodiment can be applied to, for example, an in-vehicle network system (communication system) installed in an automobile which is an example of a mobile object. Below, the example which comprised the vehicle-mounted gateway apparatus (henceforth "GW") contained in a vehicle-mounted network system as an information processing apparatus of embodiment is demonstrated. In the following, an example will be described in which an electronic control unit (ECU: Electronic Control Unit; hereinafter abbreviated as “ECU”) and various sensors and devices included in the in-vehicle network system are configured as nodes of the embodiment.

  In addition, the apparatus and system which can apply the information processing system of embodiment are not restricted to the following examples. The information processing system of the embodiment is widely applicable to various systems that communicate communication data to be analyzed.

(First embodiment)
FIG. 1 is a schematic diagram showing an overview of the information processing system 1. The information processing system 1 is mounted on the vehicle 2, for example.

  The information processing system 1 includes a GW 10 and a plurality of nodes 20. The plurality of nodes 20 and the GW 10 are connected via a network N. In the example illustrated in FIG. 1, the information processing system 1 includes a plurality of sub-networks (sub-network N1 and sub-network N2) as the network N. A node 20 is connected to each of the plurality of sub-networks. The plurality of sub-networks are connected to the GW 10.

  Further, the V2X communication module 50 and the communication module 52 are connected to the GW 10. The communication module 52 is a module for communicating with an external device via the external network 26. The V2X communication module 50 is a module for performing direct wireless communication with another vehicle 2 without using a communication infrastructure. For the direct wireless communication, for example, vehicle-to-vehicle / road-to-vehicle communication (V2X: Vehicle-to-Everything) is used. The V2X communication may be referred to as C2X (Car-to-X) communication.

  The GW 10 is an example of an information processing device. The GW 10 executes each process to be described later in addition to the original function as a gateway. The original function as a gateway is, for example, relay and filtering of communication between sub-networks (for example, sub-network N1 and sub-network N2) in the information processing system 1, and between the information processing system 1 and the external network 26 outside the vehicle. Relaying and filtering of communication between them, relaying and filtering of direct communication with other vehicles 2, and the like.

  The node 20 is an example of a node. The node 20 is an electronic device that communicates communication data with another node 20 via the GW 10. The node 20 is, for example, an ECU, various sensors, an actuator, or the like. The ECU is an electronic device that performs various controls in the vehicle 2. FIG. 1 shows an ECU 20a, an ECU 20b, a sensor 20c, an ECU 20d, and an actuator 20e as an example of the node 20. The node 20 executes each process to be described later in addition to the original function as an electronic device.

  The communication standard of the information processing system 1 is not limited. The communication standard of the information processing system 1 is, for example, CAN (Controller Area Network) or FlexRay (registered trademark).

  FIG. 2 is a block diagram illustrating a hardware configuration example of the GW 10. The GW 10 includes a control device such as a CPU (Central Processing Unit) 11, a storage device such as a ROM (Read Only Memory) 12 and a RAM (Random Access Memory) 13, a network I / F 14, a communication I / F 15, and a communication In this configuration, the I / F 16 and the memory I / F 17 are connected via a bus 19.

  The network I / F 14 is a communication interface for communicating with the node 20 via the subnetwork. The communication I / F 15 is a communication interface that performs direct wireless communication. The communication I / F 16 is a communication interface that communicates with an external device via the external network 26. The memory I / F 17 is an interface for accessing the ST (storage) 18. ST18 is a memory for storing various information. ST18 is, for example, a hard disk or an SSD (Solid State Drive) using a nonvolatile memory.

  In the GW 10, the CPU 11 reads out a program from the ROM 12 onto the RAM 13 and executes it, thereby realizing various functions described below.

  FIG. 3 is a block diagram illustrating a hardware configuration example of the node 20. The node 20 has a configuration in which a control device such as a CPU 21, a storage device such as a ROM 22 and a RAM 23, a network I / F 24, and a memory I / F 17 are connected via a bus 29.

  The network I / F 24 is a communication interface for communicating with other nodes 20 via the subnetwork and the GW 10. The memory I / F 27 is an interface for accessing ST28. ST28 is a memory for storing various information.

  In the node 20, the CPU 21 reads out a program from the ROM 22 onto the RAM 23 and executes the program, thereby realizing various functions to be described later.

  FIG. 4 is a block diagram illustrating a functional configuration example of each of the GW 10 and the node 20 included in the information processing system 1 according to the present embodiment. FIG. 4 shows one node 20 for the sake of simplicity. However, in practice, a plurality of nodes 20 communicate via the GW 10 and execute processing to be described later.

-GW10-
First, the GW 10 will be described. The GW 10 includes a control unit 32 and a storage unit 34. The control unit 32 and the storage unit 34 are connected so as to be able to exchange data and signals.

  The storage unit 34 stores various information. The storage unit 34 is an example of a storage unit and a first storage unit. The storage unit 34 is realized by ST18 (see FIG. 2), for example. In the present embodiment, the storage unit 34 stores a common key 34A and a log DB 34B (details will be described later).

  The control unit 32 incorporates a computer system as an integrated circuit, and executes various controls according to a program (software) operating on the computer system. The control unit 32 includes a transmission / reception unit 32A, a verification unit 32D, a GW processing unit 32E, a generation unit 32F, and a storage control unit 32G. The transmission / reception unit 32A includes a reception unit 32B and a transmission unit 32C.

  Each of these units (transmission / reception unit 32A, reception unit 32B, transmission unit 32C, verification unit 32D, GW processing unit 32E, generation unit 32F, storage control unit 32G) is realized by, for example, one or a plurality of processors. For example, each of the above units may be realized by causing a processor such as the CPU 11 to execute a program, that is, by software. The above units may be realized by a processor such as a dedicated IC (Integrated Circuit), that is, hardware. Each of the above units may be realized by using software and hardware together. When using a plurality of processors, each processor may realize one of the respective units, or may realize two or more of the respective units.

  The transmission / reception unit 32A transmits / receives various data to / from the node 20, other information processing system 1, external devices, and the like. In the present embodiment, the transmission / reception unit 32 </ b> A transmits / receives communication data to / from the node 20. The transmission / reception unit 32A includes a reception unit 32B and a transmission unit 32C. The receiving unit 32B receives communication data from the node 20. The transmission unit 32C transmits the received communication data to the destination node 20 of the communication data.

  Here, when a plurality of nodes 20 transmit and receive communication data via the GW 10, it is necessary to ensure the validity of communication in order to prevent erroneous control. Therefore, the node 20 attaches authentication information to the communication data and transmits it. Specifically, the node 20 transmits communication data, authentication information, and transmission destination information indicating a transmission destination of the communication data to the GW 10. The transmission destination information is identification information of another node 20 of the transmission destination.

  The authentication information is information used for authentication between the nodes 20. The authentication information may be information for guaranteeing the validity of communication. The authentication information is, for example, a MAC (Message Authentication Code), a random number, a counter value, or a digital signature.

  The authentication information is generated at the node 20. Note that the type of authentication information used in the information processing system 1 is the same between the GW 10 and the node 20 included in the information processing system 1.

  Therefore, in the present embodiment, the reception unit 32B of the GW 10 receives communication data, authentication information, and transmission destination information from the node 20. In addition, the transmission unit 32C transmits communication data, authentication information, and transmission destination information to the node 20.

  Note that communication data received by the GW 10 from the node 20 may not be data to be transmitted to other nodes 20. For example, the GW 10 may receive information indicating the processing result in the node 20 as communication data. In this case, the receiving unit 32B receives from the node 20 the transmission destination information not included (that is, communication data and authentication information).

  The verification unit 32D verifies the authentication information.

  When the authentication information is MAC, the verification unit 32D acquires the common key 34A from the storage unit 34 via the storage control unit 32G. The common key 34A may be stored in the storage unit 34 in advance. The storage unit 34 may store in advance one common key 34A that is common to all the nodes 20 included in the information processing system 1, or may store in advance a common key 34A that is common to each subnetwork. Alternatively, the common key 34A corresponding to each node 20 may be stored in advance.

  Then, the verification unit 32D calculates the MAC using the communication data received by the reception unit 32B and the common key 34A. The verification unit 32D compares the calculated MAC with the MAC received together with the communication data. If they match, the verification unit 32D determines that the verification is normal. Then, the verification unit 32D outputs a verification result indicating normal verification or verification abnormality to the storage control unit 32G and the GW processing unit 32E.

  When the authentication information is a random number, the GW 10 may be configured to include a pseudo random number generator. Then, the verification unit 32D reads the random value (random number before update) from the storage unit 34. Then, the verification unit 32D inputs the read random number value to the pseudo random number generator, and updates the random number value. The verification unit 32D stores the updated random value in the storage unit 34 as a random value before update. In addition, the verification unit 32D compares the updated random number value with the random number value received together with the communication data by the receiving unit 32B. The verification unit 32D determines that the verification is normal if they match, and determines that the verification is abnormal if they do not match. Then, the verification unit 32D outputs a verification result indicating normal verification or verification abnormality to the storage control unit 32G and the GW processing unit 32E.

  When the authentication information is a counter value, the GW 10 may be configured to include a counter that generates a counter value. Then, the verification unit 32D reads the counter value (counter value before update) from the storage unit 34. Then, the verification unit 32D inputs the read counter value to the counter and updates the counter value. The verification unit 32D stores the updated counter value in the storage unit 34 as the pre-updated counter value. The verification unit 32D compares the updated counter value with the counter value received together with the communication data by the receiving unit 32B. The verification unit 32D determines that the verification is normal if they match, and determines that the verification is abnormal if they do not match. Then, the verification unit 32D outputs a verification result indicating normal verification or verification abnormality to the storage control unit 32G and the GW processing unit 32E.

  When the authentication information is a digital signature, the verification unit 32D determines whether the communication data is valid using a public key encryption method and a hash function that are publicly known. If the verification unit 32D determines that the communication data is valid, the verification unit 32D determines that the verification is normal. Further, when the verification unit 32D determines that the communication data is invalid, the verification unit 32D determines that the verification is abnormal. Then, the verification unit 32D outputs a verification result indicating normal verification or verification abnormality to the storage control unit 32G and the GW processing unit 32E.

  Note that the verification unit 32D may store the information used for verification in the storage unit 34 at the end. Then, at the time of activation, the verification unit 32D may read information used for verification from the storage unit 34 and use it for verification of authentication information. The information used for verification is at least one of a random value, a counter value, a hash function, and a public key certificate.

  The time of starting is when the supply of power to the respective units of the GW 10 is started. For example, at the time of starting, it is when the accessory power source of the vehicle 2 is turned on, or when the ignition power source of the vehicle 2 is turned on.

  The end time is when an instruction to turn off power supply to each unit of the GW 10 is given. For example, the end time is when an ignition power-off is instructed by a user's operation of the ignition switch of the vehicle 2 or when an accessory power-off is instructed.

  In this case, ST18 used as the storage unit 34 is preferably a nonvolatile memory. For example, the storage unit 34 may be configured from a plurality of types of nonvolatile memories.

  Next, the storage control unit 32G will be described. The storage control unit 32G controls storage in the storage unit 34 and data reading. The storage control unit 32G is an example of a storage control unit and a first storage control unit.

  The storage control unit 32G stores the communication data of the node 20 connected via the network N and the related information in the storage unit 34 in association with each other.

  The related information is information regarding input / output of communication data in the node 20. The information regarding input / output is information indicating the causal relationship of communication data. In other words, the information indicating the causal relationship is information that can identify the communication data transmission source node 20 and the communication data transmission destination node 20.

  The related information is, for example, identification information of communication data. That is, the related information is information that can uniquely identify communication data. In the present embodiment, authentication information is used as identification information that is an example of related information. That is, in the present embodiment, the identification information is authentication information used for authentication between the nodes 20.

  Here, as described above, the authentication information is, for example, a MAC, a random number, a counter value, or a digital signature. For this reason, in the present embodiment, the storage control unit 32G stores the communication data and the authentication information received together with the communication data in the storage unit 34 in association with each other.

  Specifically, the storage control unit 32G updates the log DB 34B to store the communication data and the authentication information in the storage unit 34 in association with each other. FIG. 5 is a schematic diagram illustrating an example of a data configuration of the log DB 34B. The log DB 34B is a database that associates authentication information with communication data. Note that the data configuration of the log DB 34B is not limited to a database. For example, the data configuration of the log DB 34B may be a table.

  Returning to FIG. 4, the description will be continued. Note that the storage control unit 32G may store the communication data and authentication information used for the verification in the storage unit 34 in association with each other when the verification result received from the verification unit 32D indicates normal verification. Then, if the verification result indicates a verification error, the storage control unit 32G may omit storing the communication data and authentication information used for the verification in the storage unit 34.

  Note that the storage control unit 32G preferably stores, in the storage unit 34, address information indicating an area in which communication data and authentication information are stored next, at the end. For example, the storage control unit 32G preferably stores, in the storage unit 34, address information indicating an area for storing communication data and authentication information next in the log DB 34B stored in the storage unit 34 at the time of activation.

  Then, the storage control unit 32G may read the address information from the storage unit 34 at the time of activation, and store the communication data and the authentication information in an area indicated by the address information in the storage unit 34.

  Note that the definitions of the end time and the start time are the same as described above. Also in this case, ST18 used as the storage unit 34 is preferably a nonvolatile memory. For example, the storage unit 34 may be configured from a plurality of types of nonvolatile memories.

  The GW processing unit 32E executes a function as an original GW. Specifically, the GW processing unit 32E relays and filters communication between sub-networks in the information processing system 1 (for example, the sub-network N1 and the sub-network N2), and the information processing system 1 and the external network 26 outside the vehicle. Relaying and filtering of communication between the two and relaying and filtering of direct communication with other vehicles 2 are performed.

  In the present embodiment, the GW processing unit 32E executes the original function as the GW 10 when the verification unit 32D determines that the verification is normal. As described above, the original function as the GW 10 is, for example, the relay of communication between the sub-networks (for example, the sub-network N1 and the sub-network N2) in the information processing system 1, and the information processing system 1 and the outside outside the vehicle. For example, a relay of communication with the network 26 or a relay of direct communication with another vehicle 2 is performed.

  The generation unit 32F generates authentication information to be added to communication data to be transmitted to the node 20. For example, the generation unit 32F generates authentication information when the domain (subnetwork) of the communication data transmission source node 20 received by the reception unit 32B and the communication data transmission destination node 20 are different. . When the authentication information is MAC and a common key 34A that is different between the transmission source node 20 and the transmission destination node 20 is used, the generation unit 32F generates the authentication information.

  For example, when the authentication information is MAC, the generation unit 32F acquires the common key 34A from the storage unit 34 via the storage control unit 32G. Then, the generation unit 32F calculates the MAC using the communication data to be transmitted to the node 20 and the common key 34A. Thereby, the generation unit 32F generates the MAC as authentication information.

  When the authentication information is a random number, the GW 10 may be configured to include a pseudo random number generator. Then, the generation unit 32F reads the random value (random number before update) from the storage unit 34. Then, the generation unit 32F inputs the read random number value to the pseudo random number generator and updates the random number value. The generation unit 32F stores the updated random number value in the storage unit 34 as a random value before update. Further, the generation unit 32F generates the updated random number value as authentication information.

  When the authentication information is a counter value, the GW 10 may be configured to include a counter that generates a counter value. Then, the generation unit 32F reads the counter value (counter value before update) from the storage unit 34. Then, the generation unit 32F inputs the read counter value to the counter and updates the counter value. The generation unit 32F stores the updated counter value in the storage unit 34 as the counter value before the update. In addition, the generation unit 32F generates the updated counter value as authentication information.

  When the authentication information is a digital signature, the generation unit 32F generates a digital signature using a public key encryption method or a hash function that is publicly known. Accordingly, the generation unit 32F generates a digital signature as authentication information.

  When the GW 10 transmits the communication data and authentication information received by the reception unit 32B to the node 20 that is the transmission destination of the communication data as it is, the generation unit 32F may omit the generation of the authentication information. .

  The transmission unit 32C transmits communication data, authentication information for the communication data, and transmission destination information to the node 20 identified by the transmission destination information.

  The storage control unit 32G stores the communication data transmitted from the transmission unit 32C to the node 20 and the authentication information assigned to the communication data in the storage unit 34 in association with each other. That is, the storage control unit 32G associates the communication data with the authentication information and registers them in the log DB 34B.

-Node 20-
Next, the node 20 will be described. The node 20 includes a control unit 42 and a storage unit 44. The control unit 42 and the storage unit 44 are connected so as to be able to exchange data and signals.

  The storage unit 44 stores various information. The storage unit 44 is an example of a second storage unit. The storage unit 44 is realized by ST28 (see FIG. 3). In the present embodiment, the storage unit 44 stores a common key 44A and a log DB 44B (details will be described later).

  The control unit 42 incorporates a computer system as an integrated circuit, and executes various controls according to a program (software) operating on the computer system. The control unit 42 includes a transmission / reception unit 42A, a verification unit 42D, a node processing unit 42E, a generation unit 42F, and a storage control unit 42G. The transmitting / receiving unit 42A includes a receiving unit 42B and a transmitting unit 42C.

  Each of these units (transmission / reception unit 42A, reception unit 42B, transmission unit 42C, verification unit 42D, node processing unit 42E, generation unit 42F, storage control unit 42G) is realized by, for example, one or a plurality of processors. For example, each of the above units may be realized by causing a processor such as the CPU 21 to execute a program, that is, by software. Each of the above units may be realized by a processor such as a dedicated IC, that is, hardware. Each of the above units may be realized by using software and hardware together. When using a plurality of processors, each processor may realize one of the respective units, or may realize two or more of the respective units.

  The transmission / reception unit 42A transmits / receives various data to / from the GW 10. In the present embodiment, the transmission / reception unit 42A transmits / receives communication data to / from another node 20 via the GW 10. The receiving unit 42B receives communication data from the GW 10. As described above, in the present embodiment, the receiving unit 42B receives communication data, authentication information, and transmission destination information from the GW 10. The transmission unit 42C transmits communication data to the GW 10. As described above, in the present embodiment, the transmission unit 42C transmits communication data, authentication information, and transmission destination information to the GW 10.

  The verification unit 42D verifies the authentication information.

  When the authentication information is MAC, the verification unit 42D acquires the common key 34A from the storage unit 44 via the storage control unit 42G. The common key 34A may be stored in the storage unit 44 in advance. The common key 44A is the same as the common key 34A. That is, when providing one common key that is common to all the nodes 20 included in the information processing system 1, the common key 34A and the common key 44A are the same key.

  The verification unit 42D calculates the MAC using the communication data received by the reception unit 42B and the common key 44A. The verification unit 42D compares the calculated MAC with the MAC received together with the communication data. If they match, the verification unit 42D determines that the verification is normal, and if they do not match, determines that the verification is abnormal. Then, the verification unit 42D outputs a verification result indicating whether the verification is normal or abnormal to the storage control unit 42G and the node processing unit 42E.

  When the authentication information is a random number, the node 20 may be configured to include a pseudo random number generator. Then, the node 20 reads a random value (random number before update) from the storage unit 44. Then, the verification unit 42D inputs the read random number value to the pseudo random number generator and updates the random number value. The verification unit 42D stores the updated random number value in the storage unit 44 as the random value before update. In addition, the verification unit 42D compares the updated random number value with the random number value received together with the communication data by the receiving unit 42B. The verification unit 42D determines that the verification is normal when they match, and determines that the verification is abnormal when they do not match. Then, the verification unit 42D outputs a verification result indicating whether the verification is normal or abnormal to the storage control unit 42G and the node processing unit 42E.

  When the authentication information is a counter value, the node 20 may be configured to include a counter that generates a counter value. Then, the verification unit 42D reads the counter value (counter value before update) from the storage unit 44. Then, the verification unit 42D inputs the read counter value to the counter and updates the counter value. The verification unit 42D stores the updated counter value in the storage unit 44 as the pre-updated counter value. The verification unit 42D compares the updated counter value with the counter value received together with the communication data by the receiving unit 42B. The verification unit 42D determines that the verification is normal when they match, and determines that the verification is abnormal when they do not match. Then, the verification unit 42D outputs a verification result indicating whether the verification is normal or abnormal to the storage control unit 42G and the node processing unit 42E.

  When the authentication information is a digital signature, the verification unit 42D determines whether the communication data is valid using a public key encryption method and a hash function that are publicly known. If the verification unit 42D determines that the communication data is valid, the verification unit 42D determines that the verification is normal. Further, when the verification unit 42D determines that the communication data is invalid, it determines that the verification is abnormal. Then, the verification unit 42D outputs a verification result indicating whether the verification is normal or abnormal to the storage control unit 42G and the node processing unit 42E.

  The node processing unit 42E executes the original function as the node 20. Specifically, the node 20 performs a predetermined process. The predetermined process includes, for example, detection of a predetermined object, driving of a predetermined object, various arithmetic processes, and the like.

  In the present embodiment, the node processing unit 42E executes the original function as the node 20 when the verification result received from the verification unit 42D indicates normal verification. Further, the node processing unit 42E does not execute the function as the original node 20 when the verification result received from the verification unit 42D indicates a verification error.

  The generation unit 42F generates authentication information to be given to communication data to be transmitted to the GW 10. For example, when communication data to be transmitted to be transmitted to another node 20 via the GW 10 or GW 10 is generated by the processing of the node processing unit 42E, the generation unit 42F generates authentication information of the communication data.

  For example, when the authentication information is MAC, the generation unit 42F acquires the common key 44A from the storage unit 44 via the storage control unit 42G. Then, the generation unit 42F calculates the MAC using the communication data to be transmitted and the common key 34A. Accordingly, the generation unit 42F generates the MAC as authentication information.

  When the authentication information is a random number, the node 20 may be configured to include a pseudo random number generator. Then, the generation unit 42F reads the random value (random number before update) from the storage unit 44. Then, the generation unit 42F inputs the read random number value to the pseudo random number generator, and updates the random number value. The generation unit 42F stores the updated random number value in the storage unit 44 as a random value before update. Further, the generation unit 42F generates an updated random number value as authentication information.

  When the authentication information is a counter value, the node 20 may be configured to include a counter that generates a counter value. Then, the generation unit 42F reads the counter value (counter value before update) from the storage unit 44. Then, the generation unit 42F inputs the read counter value to the counter and updates the counter value. The generation unit 42F stores the updated counter value in the storage unit 44 as the pre-update counter value. In addition, the generation unit 42F generates the updated counter value as authentication information.

  When the authentication information is a digital signature, the generation unit 42F generates a digital signature using a public key encryption method and a hash function that are publicly known. Thereby, the generation unit 42F generates a digital signature as authentication information.

  The transmission unit 42C transmits the communication data, the authentication information for the communication data, and the transmission destination information of the communication data to the GW 10.

  Next, the storage control unit 42G will be described. The storage control unit 42G is an example of a second storage control unit. The storage control unit 42G controls storage of data in the storage unit 44 and reading of data.

  In the present embodiment, the storage control unit 42G stores related information in the storage unit 44. As described above, in the present embodiment, a case where the related information is authentication information will be described as an example. In the present embodiment, the storage control unit 42G stores the authentication information in the storage unit 44 by registering the authentication information in the log DB 44B.

  For this reason, the communication data is not stored in the storage unit 44 of the node 20, and only the authentication information is stored as related information. Therefore, the data capacity of the storage unit 44 (ST28) of the node 20 can be reduced.

  FIG. 6 is a schematic diagram illustrating an example of a data configuration of the log DB 44B. 6A and 6B are schematic diagrams illustrating an example of the log DB 44B stored in each of the nodes 20 (for example, the ECU 20a and the ECU 20b) that are different from each other.

  The log DB 44B is a database for storing authentication information. The data format of the log DB 44B is not limited to a database.

  In the present embodiment, the log DB 44B associates a label with authentication information. The label indicates whether the communication data to which the corresponding authentication information is attached is data received by the node 20 storing the log DB 44B, or data output from the node 20 to another node 20, It is a label which shows. In the example shown in FIG. 6, the label “input” indicates that the corresponding communication data is data received by the node 20 storing the log DB 44B. The label “output” indicates that the corresponding communication data is data transmitted from the node 20 storing the log DB 44B to another node 20 or the GW 10.

  In the present embodiment, when the receiving unit 42B receives communication data from the GW 10, the storage control unit 42G adds a label “input” to the authentication information received together with the communication data and registers it in the log DB 44B. Further, when the transmission unit 42C transmits communication data to the GW 10, the storage control unit 42G adds a label “output” to the authentication information transmitted together with the communication data, and registers it in the log DB 44B.

  For this reason, in each storage unit 44 of the plurality of nodes 20, a label “input” indicating communication data received by the node 20, or communication data transmitted from the node 20 is indicated. The authentication information is stored in association with the label “output” (see FIGS. 6A and 6B).

  Note that the storage control unit 42G preferably stores, in the storage unit 44, the smaller of the communication data and the authentication information given to the communication data. That is, the storage unit 44 stores only related information or only the smaller of the related information and communication data. For this reason, the data capacity of the storage unit 44 (ST28) of the node 20 can be further reduced.

  Specifically, in this case, the storage control unit 42G associates the communication data received by the receiving unit 42B and the authentication information with the smaller data size and the label “input” and registers them in the log DB 44B. . Similarly, the storage control unit 42G associates the communication data transmitted from the transmission unit 42C and the authentication information with the smaller data size with the label “output” and registers them in the log DB 44B.

  When the data size of the communication data and the authentication information given to the communication data is the same, the storage control unit 42G may store the authentication information in the storage unit 44.

  Note that the storage control unit 42G is not limited to the form in which the authentication information (or the smaller of the communication data and the authentication information data size) is stored in the storage unit 44 in association with the label. That is, the log DB 44B may not include a label, and may be a registration of authentication information or only the smaller data size of communication data and authentication information.

  When the log DB 44B does not include a label, the log DB 34B of the GW 10 may be obtained by associating authentication information, communication data, and transmission destination information of the communication data.

  Note that in the node 20, data that is processed without going through the GW 10 may occur. The data that is processed without going through the GW 10 is, for example, data that communicates directly with another node 20 without going through the GW 10, or data that is generated by the processing of the node processing unit 42E.

  The storage control unit 42G may further store such data processed without going through the GW 10 in the log DB 44B.

  Next, an example of an information processing procedure executed by the GW 10 will be described. FIG. 7 is a flowchart illustrating an example of an information processing procedure executed by the GW 10 according to the present embodiment.

  First, the receiving unit 32B of the GW 10 determines whether communication data and authentication information have been received from the node 20 (step S100). As described above, in detail, the reception unit 32B determines whether communication data, authentication information, and transmission destination information have been received from the node 20. If the reception unit 32B makes a negative determination in step S100 (step S100: No), this routine ends. On the other hand, if an affirmative determination is made in step S100 (step S100: Yes), the process proceeds to step S102.

  In step S102, the verification unit 32D verifies the authentication information received in step S100 (step S102). Next, the verification unit 32D determines whether the verification result in step S102 indicates normal verification (step S104). If an affirmative determination is made in step S104 (step S104: Yes), the process proceeds to step S106.

  In step S106, the storage control unit 32G associates the communication data received in step S100 with the authentication information and stores them in the storage unit 34 (step S106).

  Next, the GW processing unit 32E executes the function of the GW 10 as the original GW (Step S108). Then, the process proceeds to step S112.

  On the other hand, when it is determined in step S104 that the verification result indicates a verification error (step S104: No), the process proceeds to step S110. In step S110, the storage control unit 32G associates the communication data received in step S100 with the authentication information and stores them in the storage unit 34 (step S110). Then, the process proceeds to step S112. Note that the process of step S110 may be omitted.

  Next, the generation unit 32F determines whether or not to generate authentication information to be added to communication data transmitted to the node 20 (step S112). For example, the generation unit 32F determines whether the domain (subnetwork) of the transmission source node 20 of the communication data received in step S100 is different from the transmission destination node 20 indicated by the transmission destination information. In step S112, the determination is made. Further, for example, the generation unit 32F determines whether or not the authentication information is MAC, and whether or not a common key 34A different between the transmission source node 20 and the transmission destination node 20 is used is determined in step S112. I do.

  If an affirmative determination is made in step S112 (step S112: Yes), the process proceeds to step S114. In step S114, the generation unit 32F generates authentication information to be given to the communication data to be transmitted (step S114). The transmission target communication data is, for example, the communication data received in step S100.

  Next, the transmission unit 32C transmits the communication data to be transmitted, the authentication information generated in Step S114 for the communication data, and the transmission destination information to the node 20 identified by the transmission destination information ( Step S116). The transmission destination information transmitted in step S116 matches, for example, the transmission destination information received in step S100.

  Next, the storage control unit 32G associates the communication data transmitted in step S116 with the authentication information given to the communication data and stores them in the storage unit 34 (step S118). Then, this routine ends.

  On the other hand, if a negative determination is made in step S112 (step S112: No), the process proceeds to step S120. In step S120, the transmission unit 42C transmits the communication data, authentication information, and transmission destination information received in step S100 to the node 20 identified by the transmission destination information (step S120). Then, this routine ends.

  In addition, the procedure of the information processing which GW10 performs is not limited to the order shown in FIG.

  For example, the GW 10 may execute at least a part of the processes shown in the steps shown in FIG. 7 in parallel. In addition, the GW 10 may execute the storage process of step S106 and step S110 after the process of step S100 and before the process of step S102 or step S104. Further, the GW 10 may execute the transmission process in step S116 after the storage process in step S118. The GW 10 may execute the transmission process in step S116 and the storage process in step S118 in parallel.

  The GW 10 may be configured not to execute the verification process in step S102, the determination process in step S104, and the generation process in step S114. Further, the communication data, authentication information, and transmission destination information received in step S100 may be the same as the communication data, authentication information, and transmission destination information transmitted in step S120. In this case, the GW 10 may omit the processes of step S106 and step S110 and execute the process of step S106 or step S110 at the same timing as the process of step S120 or before or after the process.

  Next, an example of an information processing procedure executed by the node 20 will be described. FIG. 8 is a flowchart illustrating an example of an information processing procedure executed by the node 20 according to the present embodiment.

  First, the receiving unit 42B of the node 20 determines whether communication data and authentication information have been received from the GW 10 (step S200). As described above, in detail, the receiving unit 42B determines whether communication data, authentication information, and transmission destination information have been received from the GW 10. If the receiving unit 42B makes a negative determination in step S200 (step S200: No), this routine is terminated. On the other hand, if an affirmative determination is made in step S200 (step S200: Yes), the process proceeds to step S202.

  In step S202, the verification unit 42D verifies the authentication information received in step S200 (step S202). Next, the verification unit 42D determines whether or not the verification result in step S202 indicates normal verification (step S204). If an affirmative determination is made in step S204 (step S204: Yes), the process proceeds to step S206.

  In step S206, the storage control unit 42G stores, in the storage unit 44, the smaller one of the communication data and authentication information received in step S200 (step S206). In the present embodiment, in step S206, the storage control unit 42G associates the label “input” with the communication data and the smaller one of the authentication information and stores them in the storage unit 44.

  Next, the node processing unit 42E executes the original function as the node 20 (step S208). Then, the process proceeds to step S212.

  On the other hand, when it is determined in step S204 that the verification result indicates verification abnormality (step S204: No), the process proceeds to step S210. In step S210, the storage control unit 42G stores the smaller one of the communication data and authentication information received in step S200 in the storage unit 44 (step S210). Then, the process proceeds to step S212. Note that the process of step S210 may be omitted.

  Next, the generation unit 42F determines whether or not communication data to be transmitted has occurred (step S212). If a negative determination is made in step S212 (step S212: No), this routine ends. On the other hand, if a positive determination is made in step S212 (step S212: Yes), the process proceeds to step S214. In step S214, the generation unit 42F generates authentication information to be given to the communication data to be transmitted (step S214). The communication data to be transmitted is, for example, data generated by the process of step S208 by the node processing unit 42E.

  Next, the transmitting unit 42C transmits the communication data to be transmitted, the authentication information generated in step S214 for the communication data, and the transmission destination information to the GW 10 (step S216).

  Next, the storage control unit 42G stores, in the storage unit 44, the smaller one of the communication data transmitted in step S216 and the authentication information attached to the communication data (step S218). In the present embodiment, in step S218, the storage control unit 42G associates the label “output” with the communication data and the smaller one of the authentication information and stores them in the storage unit 44. Then, this routine ends.

  The information processing procedure executed by the node 20 is not limited to the order shown in FIG.

  For example, the node 20 may execute at least a part of the processing shown in each step shown in FIG. 8 in parallel. In addition, the node 20 may execute the storage process of step S206 and step S210 after the process of step S200 and before the process of step S202 or step S204. In addition, the node 20 may execute the transmission process in step S216 after the storage process in step S218. Further, the node 20 may execute the transmission process in step S216 and the storage process in step S218 in parallel.

  As described above, the GW 10 (information processing apparatus) of the present embodiment includes the storage control unit 32G. The storage control unit 32G associates the communication data of the nodes 20 connected via the network N with the authentication information used for authentication between the nodes 20 when communicating the communication data, and stores them in the storage unit 34.

  Therefore, at the time of log analysis in the information processing system 1, by analyzing authentication information corresponding to the communication data stored in the storage unit 34, the causal relationship between the nodes 20 and within the nodes 20 is estimated. It can be performed.

  Therefore, the GW 10 (information processing apparatus) according to the present embodiment can provide data useful for log analysis.

  Further, by using the authentication information, the node 20 side can use the authentication information as the related information without obtaining the identification information used as the related information of the communication data by inquiring the GW 10. The authentication information is information used by both the GW 10 and the node 20, and is not secret information. In addition, the authentication information is preferably used as identification information for communication data because the probability that the same value is generated redundantly is sufficiently small.

  For this reason, in addition to the above effects, the GW 10 can provide data useful for log analysis without causing complication of communication.

  In the information processing system 1 according to the present embodiment, the node 20 includes a storage control unit 42G (second storage control unit). The storage control unit 42G stores the related information or the smaller of the communication data and the related information corresponding to the communication data in the storage unit 44 (second storage unit).

  For this reason, in addition to the above effects, the information processing system 1 according to the present embodiment can reduce the storage capacity of the node 20.

  For example, when the authentication information as the related information is MAC, it is 32 bytes, but actually a value truncated to about 4 to 8 bytes is used. Assuming that the authentication information (MAC) is 8 bytes, it is considered that the capacity of the ST 28 (storage unit 44) of the node 20 can be reduced to 1/8 compared to storing the entire communication data. For this reason, in addition to the above effects, the information processing system 1 according to the present embodiment can reduce the storage capacity of the node 20.

  Further, in the information processing system 1 of the present embodiment, the storage control unit 32G of the GW 10 stores the communication data of the node 20 and the related information related to input / output of the communication data in the node 20 in association with each other in the storage unit 34. To do. Further, the storage control unit 42G of the node 20 stores the related information or the smaller of the communication data and the related information corresponding to the communication data in the storage unit 44 (second storage unit). Further, the storage control unit 42G can further store data generated in the node 20 and processed without going through the GW 10 in the storage unit 44 (log DB 44B).

  For this reason, in addition to the above effects, the information processing system 1 according to the present embodiment can provide data useful for analyzing the causal relationship between the nodes 20 and within the nodes 20.

(Second Embodiment)
In the above-described embodiment, the case where identification information or authentication information of communication data is used as related information of communication data has been described as an example. In the present embodiment, a case will be described in which transmission source information and transmission destination information of communication data are used as related information of communication data.

  In the present embodiment, the same configuration and function units as those in the first embodiment are denoted by the same reference numerals, and detailed description may be omitted.

  FIG. 9 is a block diagram illustrating a functional configuration example of the GW 30 and the node 40 in the information processing system 1A. The information processing system 1A is mounted on, for example, the vehicle 2 (see FIG. 1).

  The information processing system 1A includes a GW 30 and a plurality of nodes 40. The plurality of nodes 40 and the GW 30 are connected via the network N. The information processing system 1A is the same as the information processing system 1 of the first embodiment, except that the GW 30 and the node 40 are provided instead of the GW 10 and the node 20.

  The GW 30 is an example of an information processing device. In addition to the original function as a gateway, the GW 30 executes each process described later. The original function as a gateway is the same as that of the first embodiment. The node 40 is an example of a node. The node 40 is an electronic device that communicates communication data with another node 40 via the GW 30. The node 40 is, for example, an ECU, various sensors, an actuator, or the like. FIG. 1 shows an ECU 40a, an ECU 40b, a sensor 40c, an ECU 40d, and an actuator 40e as an example of the node 40. The node 40 executes each process to be described later in addition to the original function as an electronic device. The original function as an electronic device is the same as that of the first embodiment.

  Note that the hardware configurations of the GW 30 and the node 40 are the same as those of the GW 10 and the node 20 of the first embodiment (see FIGS. 2 and 3).

  FIG. 9 is a block diagram illustrating a functional configuration example of each of the GW 30 and the node 40 included in the information processing system 1A according to the present embodiment. FIG. 9 shows one node 40 for the sake of simplicity. However, in practice, a plurality of nodes 40 communicate via the GW 30 and execute processing to be described later.

-GW30-
First, the GW 30 will be described. The GW 30 includes a control unit 36 and a storage unit 38. The control unit 36 and the storage unit 38 are connected so as to be able to exchange data and signals.

  The storage unit 38 stores various information. The storage unit 38 is an example of a storage unit and a first storage unit. The storage unit 38 is realized by ST18 (see FIG. 2). In the present embodiment, the storage unit 38 stores a common key 34A and a log DB 38B (details will be described later).

  The control unit 36 incorporates a computer system as an integrated circuit, and executes various controls according to a program (software) operating on the computer system. The control unit 36 includes a transmission / reception unit 32A, a verification unit 32D, a GW processing unit 32E, a generation unit 32F, and a storage control unit 36G. The transmission / reception unit 32A includes a reception unit 32B and a transmission unit 32C. The receiving unit 32B is an example of a receiving unit.

  Each of these units is realized by, for example, one or a plurality of processors. For example, each of the above units may be realized by causing a processor such as the CPU 11 to execute a program, that is, by software. Each of the above units may be realized by a processor such as a dedicated IC, that is, hardware. Each of the above units may be realized by using software and hardware together. When using a plurality of processors, each processor may realize one of the respective units, or may realize two or more of the respective units.

  The transmission / reception unit 32A, the reception unit 32B, the transmission unit 32C, the verification unit 32D, the GW processing unit 32E, and the generation unit 32F are the same as the GW 10 of the first embodiment. That is, the control unit 36 is the same as the control unit 32 of the GW 10 of the first embodiment, except that it includes a storage control unit 36G instead of the storage control unit 32G and further includes a derivation unit 36K.

  The receiving unit 32B receives communication data, authentication information, and transmission destination information from the node 40, as in the first embodiment.

  The deriving unit 36K derives transmission source information of communication data received together with the authentication information based on the authentication information received by the receiving unit 32B. Here, when communication is performed between the GW 30 and the node 40 using CAN (Controller Area Network), FlexRay (registered trademark), or the like, the source information is included in the data communicated between the GW 30 and the node 40. Not included. For this reason, the deriving unit 36K derives the transmission source information using the authentication information.

  For example, the deriving unit 36K derives the transmission source information using the verification result of the authentication information by the verification unit 32D.

  Specifically, the deriving unit 36K derives the verification identification information as the transmission source information when the verification result by the verification unit 32D indicates normal verification. The verification identification information is information for identifying information used for verification by the verification unit 32D.

  Specifically, when the authentication information is a MAC (message authentication code), the verification identification information is index information of a common key used for generating and verifying the MAC.

  When the authentication information is a random number, the verification identification information is index information of a pseudo random number generator that has generated the random number.

  When the authentication information is a count value, the verification identification information is index information of the counter that generated the count value.

  When the authentication information is a digital signature, the verification identification information is a public key certificate corresponding to the private key used for generating the digital signature or a public key certificate used for verification.

  On the other hand, when the verification result indicates a verification abnormality, the deriving unit 36K derives verification abnormality information indicating the verification abnormality as transmission source information.

  If the authentication information is MAC and all nodes 40 in the information processing system 1A share the same common key 44A, the deriving unit 36K derives the verification result as transmission source information. Also good.

  Then, the deriving unit 36K outputs the derived transmission source information to the storage control unit 36G.

  The storage control unit 36G controls storage in the storage unit 38 and data reading. The storage control unit 36G is an example of a storage control unit and a first storage control unit.

  The storage control unit 36G associates the communication data of the node 40 connected via the network N and the related information, and stores them in the storage unit 38. In the present embodiment, the storage controller 36G uses communication data transmission destination information and transmission source information as related information.

  The storage control unit 36G stores the communication data received by the receiving unit 32B in association with the transmission destination information received together with the communication data and the transmission source information derived by the deriving unit 36K in the storage unit 38.

  Specifically, the storage control unit 36G updates the log DB 38B to store the communication data and the related information in the storage unit 38 in association with each other. FIG. 10 is a schematic diagram illustrating an example of the data configuration of the log DB 38B. The log DB 38B is a database in which related information is associated with communication data. The related information includes transmission source information and transmission destination information. The data configuration of the log DB 38B is not limited to the database. For example, the data configuration of the log DB 38B may be a table.

  Returning to FIG. 9, the description will be continued. The generation unit 32F generates authentication information to be given to communication data to be transmitted to the node 40 as in the first embodiment.

  When the generating unit 32F generates authentication information, the deriving unit 36K generates information used for generating the authentication information as verification identification information and outputs the information to the storage control unit 36G. In this case, the storage control unit 36G uses the verification identification information as transmission source information. Then, the storage control unit 36G may store the related information including the transmission source information, the transmission destination information of the communication data, and the communication data in the storage unit 38 in association with each other.

-Node 40-
Next, the node 40 will be described. The node 40 includes a control unit 46 and a storage unit 48. The control unit 46 and the storage unit 48 are connected so as to be able to exchange data and signals.

  The storage unit 48 stores various information. The storage unit 48 is realized by ST28 (see FIG. 3). In the present embodiment, the storage unit 48 stores the common key 44A but does not store the log DB. That is, in the present embodiment, the node 40 does not store the related information in the storage unit 48.

  The control unit 46 incorporates a computer system as an integrated circuit, and executes various controls according to a program (software) operating on the computer system. The control unit 46 includes a transmission / reception unit 42A, a verification unit 42D, a node processing unit 42E, a generation unit 42F, and a storage control unit 46G. The transmitting / receiving unit 42A includes a receiving unit 42B and a transmitting unit 42C.

  Each of these units (transmission / reception unit 42A, reception unit 42B, transmission unit 42C, verification unit 42D, node processing unit 42E, generation unit 42F, storage control unit 46G) is realized by, for example, one or a plurality of processors. For example, each of the above units may be realized by causing a processor such as the CPU 21 to execute a program, that is, by software. Each of the above units may be realized by a processor such as a dedicated IC, that is, hardware. Each of the above units may be realized by using software and hardware together. When using a plurality of processors, each processor may realize one of the respective units, or may realize two or more of the respective units.

  The transmission / reception unit 42A, the reception unit 42B, the transmission unit 42C, the verification unit 42D, the node processing unit 42E, and the generation unit 42F are the same as those of the node 20 in the first embodiment. In the present embodiment, a storage control unit 46G is provided instead of the storage control unit 42G in the node 20 of the first embodiment.

  The storage control unit 46G does not perform storage control on the storage unit 48, which is the smaller of the related information and the related information and communication data, and the storage control unit 42G of the first embodiment. It is the same.

  Next, an example of an information processing procedure executed by the GW 30 will be described. FIG. 11 is a flowchart illustrating an example of an information processing procedure executed by the GW 30 according to the present embodiment.

  First, the receiving unit 32B of the GW 30 determines whether communication data, authentication information, and transmission destination information have been received from the node 40 (step S300). If the receiving unit 32B makes a negative determination in step S300 (step S300: No), this routine ends. On the other hand, if a positive determination is made in step S300 (step S300: Yes), the process proceeds to step S302.

  In step S302, the verification unit 32D verifies the authentication information received in step S300 (step S302). Next, the verification unit 32D determines whether or not the verification result in step S302 indicates normal verification (step S304). If an affirmative determination is made in step S304 (step S304: Yes), the process proceeds to step S306.

  In step S306, the deriving unit 36K derives verification identification information for identifying the information used for verification in step S302 as transmission source information (step S306).

  Next, the storage control unit 36G associates the communication data received in step S300 with the related information (the transmission destination information received in step S300 and the transmission source information derived in step S306). 38 (step S308).

  Next, the GW processing unit 32E executes the function of the GW 30 as the original GW (step S310). Then, the process proceeds to step S316.

  On the other hand, when it is determined in step S304 that the verification result indicates a verification error (step S304: No), the process proceeds to step S312. In step S312, the deriving unit 36K derives verification abnormality information indicating a verification abnormality as transmission source information (step S312).

  Next, the storage control unit 36G associates the communication data received in step S300 with the related information (the transmission destination information received in step S300 and the transmission source information derived in step S312). 38 (step S314). Then, the process proceeds to step S316.

  In step S316, the generation unit 32F determines whether to generate authentication information to be added to the communication data transmitted to the node 40 (step S316). The determination in step S316 is the same as step S112 in the first embodiment.

  If an affirmative determination is made in step S316 (step S316: Yes), the process proceeds to step S318. In step S318, the generation unit 32F generates authentication information to be given to the communication data to be transmitted (step S318). The communication data to be transmitted is, for example, the communication data received in step S300.

  Next, the transmission unit 32C transmits the communication data to be transmitted, the authentication information generated in step S318 for the communication data, and the transmission destination information to the node 40 identified by the transmission destination information ( Step S320). The transmission destination information transmitted in step S320 matches, for example, the transmission destination information received in step S300.

  Next, the deriving unit 36K derives verification identification information for identifying the information used for generating the authentication information in step S318 as transmission source information (step S322).

  Next, the storage control unit 36G associates the communication data received in step S300 with the related information (the transmission destination information received in step S300 and the transmission source information derived in step S322). 38 (step S324). Then, this routine ends.

  On the other hand, if a negative determination is made in step S316 (step S316: No), the process proceeds to step S326. In step S326, the transmission unit 32C transmits the communication data, authentication information, and transmission destination information received in step S300 to the node 40 identified by the transmission destination information (step S326). Then, this routine ends.

  In addition, the procedure of the information processing which GW30 performs is not limited to the order shown in FIG.

  For example, the GW 30 may execute at least a part of the processes shown in the steps shown in FIG. 11 in parallel. The GW 30 may execute the transmission process in step S320 after the storage process in step S324. The GW 30 may execute the transmission process in step S320 and the storage process in step S324 in parallel.

  Further, the communication data, authentication information, and transmission destination information received in step S300 may be the same as the communication data, authentication information, and transmission destination information transmitted in step S326. In this case, the GW 30 may omit the processes of step S308 and step S314 and execute the process of step S308 or step S314 at the same timing as the process of step S326 or before or after the process.

  Next, an example of an information processing procedure executed by the node 40 will be described. FIG. 12 is a flowchart illustrating an example of an information processing procedure executed by the node 40 according to the present embodiment.

  First, the receiving unit 42B of the node 40 determines whether communication data and authentication information have been received from the GW 30 (step S400). As described above, in detail, the receiving unit 42B determines whether communication data, authentication information, and transmission destination information have been received from the GW 30. If the receiving unit 42B makes a negative determination in step S400 (step S400: No), this routine is terminated. On the other hand, if a positive determination is made in step S400 (step S400: Yes), the process proceeds to step S402.

  In step S402, the verification unit 42D verifies the authentication information received in step S400 (step S402). Next, the verification unit 42D determines whether or not the verification result in step S402 indicates normal verification (step S404). If a positive determination is made in step S404 (step S404: Yes), the process proceeds to step S406.

  In step S406, the node processing unit 42E executes the original function as the node 40 (step S406). Then, the process proceeds to step S408. If a negative determination is made in step S404 (step S404: No), the process proceeds to step S408.

  In step S408, the generation unit 42F determines whether communication data to be transmitted has occurred (step S408). If a negative determination is made in step S408 (step S408: No), this routine ends. On the other hand, if an affirmative determination is made in step S408 (step S408: Yes), the process proceeds to step S410. In step S410, the generation unit 42F generates authentication information to be given to the communication data to be transmitted (step S410).

  Next, the transmission unit 42C transmits the communication data to be transmitted, the authentication information generated in step S410 for the communication data, and the transmission destination information to the GW 30 (step S412). Then, this routine ends.

  As described above, in the GW 30 (information processing apparatus) according to the present embodiment, transmission source information and transmission destination information of communication data are used as related information. For this reason, in the storage unit 38 (log DB 38B) of the GW 30, the transmission source information and the transmission destination information of the communication data are stored for each communication data. For this reason, when analyzing the log in the information processing system 1A, the causal relationship between the nodes 40 of the communication data is estimated by analyzing the related information corresponding to the communication data stored in the storage unit 38 of the GW 30. be able to.

  Therefore, the GW 30 (information processing apparatus) according to the present embodiment can provide data useful for log analysis.

  In the information processing system 1A of the present embodiment, the node 40 does not store related information. For this reason, the information processing system 1A can further reduce the storage capacity of the node 40 as compared with the first embodiment.

  Further, in the information processing system 1A of the present embodiment, the verification identification information as the transmission source information includes the index information of the common key used for generating and verifying the MAC, the index information of the pseudo-random number generator that generated the random number, This is the index information of the counter that generated the count value, or the public key certificate used to generate the digital signature.

  When the transmission source information is index information of the common key 44A, it is assumed that the vehicle manufacturer manages the common key 44A of the node 40. It is assumed that all the nodes 40 and the GW 30 share the same common key 44A (the common key 44A and the common key 34A are also the same key). In this case, at the time of analysis, by analyzing the index information of the common key 44A that is the transmission source information, the corresponding communication data is related to the node 40 under the control of the vehicle manufacturer that uses the shared key 44A. It becomes possible to analyze.

  It is assumed that the vehicle manufacturer manages the common key 44A of the node 40. It is assumed that the same common key 44A is shared for each domain (each subnetwork) of the information processing system 1A. In this case, at the time of analysis, by analyzing the index information of the common key 44A which is transmission source information, the corresponding communication data is a node in a specific domain under the control of the vehicle manufacturer using the shared key 44A. If it is related to 40, it becomes possible to analyze.

  It is assumed that the vehicle manufacturer manages the common key 44A of the node 40. Then, it is assumed that the same common key 44A is shared for each pair of nodes 40 in the information processing system 1A. In this case, at the time of analysis, by analyzing the index information of the common key 44A that is the transmission source information, the corresponding communication data is under the control of the vehicle manufacturer that uses the shared key 44A. If it is related to, it becomes possible to analyze.

  The same effect can be obtained when MAC is used as verification identification information.

<Supplementary explanation>
Note that programs for executing the above-described processes executed by the GW 10, the node 20, the GW 30, and the node 40 may be stored in an HDD (hard disk drive). Moreover, the program for performing each said process performed by GW10 of the said embodiment, the node 20, GW30, and the node 40 may be previously integrated and provided in ROM12 and ROM22.

  In addition, a program for executing the above-described processing executed by the GW 10, the node 20, the GW 30, and the node 40 according to the above-described embodiment is an installable format or executable file, and is a CD-ROM, CD-R. The program may be stored in a computer-readable storage medium such as a memory card, a DVD (Digital Versatile Disk), or a flexible disk (FD) and provided as a computer program product. Further, a program for executing the above-described processing executed by the GW 10, the node 20, the GW 30, and the node 40 according to the above-described embodiment is stored on a computer connected to a network such as the Internet and downloaded via the network. You may make it provide by. In addition, a program for executing the processing executed by the GW 10, the node 20, the GW 30, and the node 40 according to the above-described embodiment may be provided or distributed via a network such as the Internet.

  As mentioned above, although embodiment of this invention was described, these embodiment was shown as an example and is not intending limiting the range of invention. These novel embodiments can be implemented in various other forms, and various omissions, replacements, and changes can be made without departing from the spirit of the invention. These embodiments and modifications thereof are included in the scope and gist of the invention, and are included in the invention described in the claims and the equivalents thereof.

1, 1A Information processing system 10, 30 GW
20, 40 Node 32B Reception unit 32D Verification unit 32G, 36G Storage control unit 34, 38 Storage unit 36K Derivation unit 42B Reception unit 42D Verification unit 42G, 46G Storage control unit 44, 48 Storage unit

Claims (12)

A storage control unit that associates and stores communication data of nodes connected via a network and authentication information used for authentication between the nodes during communication of the communication data in a storage unit;
An information processing apparatus comprising:   The information processing apparatus according to claim 1, wherein the authentication information is a message authentication code, a random number, a counter value, or a digital signature. A receiving unit that receives communication data of nodes connected via a network and authentication information of the communication data;
A derivation unit for deriving source information of the communication data based on the authentication information;
A storage control unit that associates the communication data with the related information including the transmission source information and the transmission destination information and stores them in a storage unit;
An information processing apparatus comprising: A verification unit for verifying the authentication information;
The derivation unit includes:
When the verification result of the verification unit indicates normal verification, verification identification information for identifying information used for the verification is derived as the transmission source information,
When the verification result indicates a verification abnormality, the verification abnormality information is derived as the transmission source information.
The information processing apparatus according to claim 3.   The information processing apparatus according to claim 4, wherein the authentication information is a message authentication code, and the verification identification information is common key index information used for generation and verification of the message authentication code.   The information processing apparatus according to claim 4, wherein the authentication information is a random number, and the verification identification information is index information of a pseudo-random number generator that has generated the random number.   The information processing apparatus according to claim 4, wherein the authentication information is a count value, and the verification identification information is index information of a counter that has generated the count value.   The information processing apparatus according to claim 4, wherein the authentication information is a digital signature, and the verification identification information is a public key certificate used to generate the digital signature. The storage control unit stores address information indicating an area in which the communication data and the authentication information are stored next in the storage unit at the end, and an area indicated by the address information read from the storage unit at startup Storing the communication data and the authentication information;
The information processing apparatus according to any one of claims 1 to 8. The verification unit stores the information used for verification in the storage unit at the end, and verifies the authentication information using the information used for the verification read from the storage unit at the time of activation.
The information processing apparatus according to any one of claims 4 to 8. An information processing system comprising a plurality of nodes and an information processing apparatus connected to the plurality of nodes via a network,
The information processing apparatus includes:
A storage control unit that associates and stores communication data of the node and authentication information used for authentication between the nodes during communication of the communication data in the first storage unit;
With
The node is
A second storage control unit that stores, in a second storage unit, a smaller one of the authentication information or the communication data and the authentication information corresponding to the communication data,
Information processing system. Storing communication data of nodes connected via a network and authentication information used for authentication between the nodes at the time of communication of the communication data in a storage unit in association with each other;
Including an information processing method.

Images