JP2019116791A - Vehicle key management device, vehicle key management system, and vehicle key management method - Google Patents

Abstract

To manage a vehicle key with high security and low power consumption.SOLUTION: A vehicle key management device 31 includes a one-time key management unit 302 which manages a one-time key, which is a key of a vehicle 30, received from a server using LPWA (Low Power Wide Area) communication, and an authentication unit 304 which authenticates a terminal requesting the opening or locking of a door of the vehicle 30 using the one-time key and permits the terminal to open or lock the door when the authentication is successful.SELECTED DRAWING: Figure 2

Description

  The present disclosure relates to a vehicle key management device, a vehicle key management system, and a vehicle key management method.

  Car sharing, in which vehicles are shared by multiple users, is widespread. In car sharing, in delivery of a vehicle key (vehicle key), physical delivery of the vehicle key was required between the user and the owner.

  On the other hand, an encryption key is distributed as a vehicle key for accessing the vehicle from a management server that manages the vehicle key to a terminal (for example, a smartphone etc.) held by the user, and between the terminal and the vehicle There has been proposed a car sharing system that unlocks or locks the door of the vehicle when authentication of the encryption key is successful (see, for example, Non-Patent Document 1).

http://newsroom.toyota.co.jp/en/detail/14096246

  In the car sharing system, high security and power saving in the vehicle are desired for managing the encryption key which is the vehicle key.

  One aspect of the present disclosure contributes to providing a vehicle key management device, a vehicle key management system, and a vehicle key management method capable of managing a vehicle key with high security and power saving.

  A vehicle key management device according to an aspect of the present disclosure uses a management unit that manages a one-time key that is a vehicle key received from a server using Low Power Wide Area (LPWA) communication, and the one-time key. And an authentication unit for authenticating the terminal requesting the unlocking or locking of the door of the vehicle and for permitting the unlocking or locking of the door to the terminal when the authentication is successful. Do.

  A vehicle key management system according to an aspect of the present disclosure includes a server that manages a one-time key that is a key of a vehicle, a vehicle key management device that is mounted on the vehicle, and a terminal that a user who uses the vehicle holds And the server transmits the one-time key to the vehicle key management device using Low Power Wide Area (LPWA) communication, and the terminal is configured to open or lock the door of the vehicle. A request is transmitted to the vehicle key management device through the terminal in the previous period, and the vehicle key management device uses the one-time key received from the server to request the terminal to request the unlocking or locking of the door. Authentication is performed, and when the authentication is successful, the door is allowed to be unlocked or locked.

  A vehicle key management method according to an aspect of the present disclosure manages a one-time key that is a vehicle key received from a server using a low power wide area (LPWA) communication, and uses the one-time key to manage the one-time key. The terminal requiring the unlocking or locking of the door of the vehicle is authenticated, and when the authentication is successful, the unlocking or locking of the door is permitted.

  According to one aspect of the present disclosure, a vehicle key can be managed with high security and power saving.

A diagram showing a configuration example of a vehicle key management system according to a first embodiment A block diagram showing a configuration example of a management server, a terminal and a vehicle key management device according to Embodiment 1. A sequence diagram showing an operation example of the vehicle key management system according to the first embodiment The flowchart which shows the operation example of the vehicle key management device which relates to the form 1 of execution The flowchart which shows the other operational example of the vehicle key management device which relates to the form 1 of execution A block diagram showing a configuration example of a management server, a terminal and a vehicle key management device according to Embodiment 2.

  In the car sharing system in the above-mentioned prior art, the encryption key held by the vehicle is unique. The encryption key is distributed from the management server to the terminal of the user who uses the vehicle, and is thus stored in the terminals of a plurality of users who have used the vehicle. For this reason, in the above-mentioned prior art, there is a possibility that the person who has used the vehicle may illegally use the vehicle using the encryption key. Further, in the above-mentioned prior art, when the encryption key is stolen from the terminal using the vehicle, there is a possibility that the third party may illegally use the vehicle.

  As a method of preventing such illegal use of the vehicle, a method of updating the encryption key of the vehicle at a predetermined timing can be considered. For example, a method may be considered in which the encryption key is updated using cellular communication (3G communication, 4G communication or the like) between the management server that manages the encryption key and the vehicle. However, in the method using cellular communication, the vehicle needs to be always wirelessly connected to receive the encryption key distributed from the management server, and the power consumption of the communication device mounted on the vehicle will increase.

  Thus, in the present disclosure, in a vehicle key management system that manages vehicle keys, a method of managing vehicle keys that achieves high security and power saving of the vehicle will be described.

  Hereinafter, embodiments of the present disclosure will be described in detail with reference to the drawings.

Embodiment 1
[Overview of Vehicle Key Management System]
FIG. 1 shows a configuration example of a vehicle key management system 1 according to the present embodiment.

  As shown in FIG. 1, the vehicle key management system 1 includes a management server 10, at least one terminal 20, and at least one vehicle 30.

  For example, in the vehicle key management system 1, the management server 10 manages an encryption key, which is a vehicle key of the vehicle 30, and distributes the vehicle key to the vehicle 30. Further, the management server 10 performs processing (reservation, personal identification of the user, etc.) regarding the use (car sharing) of the vehicle 30, and the vehicle key of the vehicle 30 with respect to the terminal 20 of the user who has reserved the use of the vehicle 30. To deliver.

  For example, a user who uses the vehicle 30 performs reservation processing on the use of the vehicle 30 with the management server 10 via the terminal 20. Then, when using the reserved vehicle 30, the terminal 20 receives the encryption key of the vehicle 30 from the management server 10, and uses the encryption key to request the reserved vehicle 30 to unlock / lock the door Do. The vehicle 30 (vehicle key management device 31 described later) performs authentication with the terminal 20 using the vehicle key distributed from the management server 10, and unlocks the door of the vehicle 30 when the authentication is successful. Or lock it.

  Here, the encryption key used as the vehicle key of the vehicle 30 is a "one-time key" which differs every predetermined period or each predetermined procedure. That is, the encryption key for each vehicle 30 may be updated at a predetermined timing, for example, every predetermined period, or after the user's use time (period based on the reservation time) has elapsed. From the management server 10 to the terminal 20, a valid encryption key that can currently access the vehicle 30 is distributed. In other words, the encryption key distributed in the past to the terminal 20 of the user who has used the vehicle 30 in the past becomes invalid for the vehicle 30 at the present time.

  Further, for the delivery of the vehicle key between the management server 10 and the vehicle 30, low power wide area (LPWA) communication that can cover a wide range with power saving is used.

  Also, for delivery of the vehicle key between the management server 10 and the terminal 20, for example, cellular communication, wireless LAN communication (WiFi (registered trademark) communication) connectable to the Internet, LPWA communication, etc. may be used. . Communication between the management server 10 and the terminal 20 is not limited to these communication methods.

  Further, communication between the terminal 20 and the vehicle 30 may be short distance wireless communication whose communication range is narrower than that of LPWA communication. For example, Bluetooh (registered trademark), WiFi, NFC (Near Field Communication) may be used for near field communication. By setting the communication between the terminal 20 and the vehicle 30 as short-distance wireless communication, unauthorized access to the vehicle 30 by a third party from a remote place can be prevented. Communication between the terminal 20 and the vehicle 30 is not limited to near field communication. In addition, in communication between the terminal 20 and the vehicle 30, encryption processing may be performed using pairing of BLE (Bluetooth Low Energy), WPA-PSK 2 in WiFi, or the like.

  Next, configurations of the management server 10, the terminal 20, and the vehicle 30, which are included in the vehicle key management system 1, will be described. FIG. 2 is a block diagram showing a configuration example of the management server 10, the terminal 20 and the vehicle 30. As shown in FIG.

[Management server configuration]
The management server 10 holds vehicle information on the vehicle 30 and information on a user who uses the vehicle 30 (for example, member information) (not shown). Further, the management server 10 manages the use (reservation processing, personal authentication processing) of the user for the vehicle 30 to be managed (not shown).

  Further, the management server 10 has a one-time key management unit 101, an LPWA communication processing unit 102, and a wireless communication processing unit 103 in relation to management of a vehicle key.

  The one-time key management unit 101 manages an encryption key (one-time key) which is a vehicle key of each vehicle 30. For example, the one-time key management unit 101 updates the vehicle key of the vehicle 30 every predetermined period or each predetermined procedure (trigger), and outputs the updated one-time key to the LPWA communication processing unit 102. In addition, the one-time key management unit 101 assigns the vehicle key of the vehicle 30 to the user (terminal 20) who made a reservation for each vehicle 30. Also, when the terminal 20 requests the terminal 20 to issue a vehicle key (one-time key) of the vehicle 30, the one-time key management unit 101 outputs the one-time key for accessing the vehicle 30 to the wireless communication processing unit 103. Do.

  The LPWA communication processing unit 102 communicates with the vehicle 30 via an antenna using LPWA communication. For example, the LPWA communication processing unit 102 transmits (issues) the one-time key input from the one-time key management unit 101 to the vehicle 30.

  The wireless communication processing unit 103 communicates with the terminal 20 via the antenna. For example, the wireless communication processing unit 103 receives the issuance request of the one-time key transmitted from the terminal 20 and outputs the request to the one-time key management unit 101. Further, the wireless communication processing unit 103 transmits (issues) the one-time key input from the one-time key management unit 101 to the terminal 20. As described above, the wireless communication processing unit 103 may communicate with the terminal 20 using, for example, cellular communication, WiFi communication connectable to the Internet, or LPWA communication.

[Terminal configuration]
The terminal 20 is, for example, a mobile terminal such as a smartphone or a tablet.

  The terminal 20 includes a wireless communication processing unit 201, a one-time key management unit 202, and a short distance wireless communication processing unit 203.

  The wireless communication processing unit 201 performs communication processing with the management server 10 via an antenna. For example, the wireless communication processing unit 201 transmits, to the management server 10, a request for issuing a vehicle key (one-time key) of the vehicle 30. Further, the wireless communication processing unit 201 receives the one-time key of the vehicle 30 from the management server 10 and outputs the one-time key to the one-time key management unit 202.

  The one-time key management unit 202 stores the one-time key input from the wireless communication processing unit 201. In addition, when the terminal 20 requests the vehicle 30 to connect the short distance wireless communication (that is, when the terminal 20 requests the unlocking or locking of the door of the vehicle 30), the onetime key managing unit 202 stores the onetime key. The key is output to the short distance wireless communication processing unit 203. In addition, the one-time key management unit 202 may discard the stored one-time key, for example, when a valid period of the one-time key (for example, a period based on a reservation time) has elapsed.

  The short distance wireless communication processing unit 203 performs communication processing with the vehicle 30 (vehicle key management device 31) via an antenna using short distance wireless communication (BLE, WiFi, NFC, or the like). For example, when performing the short distance wireless connection with the vehicle 30, the short distance wireless communication processing unit 203 unlocks or locks the one time key stored in the one time key management unit 202 or the door of the vehicle 30. Control signal is transmitted to the vehicle 30.

[Composition of vehicle]
The vehicle 30 includes at least one ECU (Electronic Control Unit). The at least one ECU includes a door ECU (including the vehicle key management device 31 according to the present embodiment) that controls unlocking and locking of the door. The door ECU is provided, for example, corresponding to each of at least one door of the vehicle 30. Further, each ECU is connected to another ECU or a TCU (Telematics Communication Unit) by a CAN (Controller Area Network).

  In the present embodiment, the door ECU includes a vehicle key management device 31 and a door locking / unlocking control unit 32.

  The vehicle key management device 31 performs management of a one-time key held by the vehicle 30 and authentication of the terminal 20 accessing the vehicle 30 using the one-time key.

  The vehicle key management device 31 includes, for example, an LPWA communication processing unit 301, a one-time key management unit 302, a short-distance wireless communication processing unit 303, and a one-time key authentication unit 304. The communication processing unit (LPWA communication processing unit 301 and short distance wireless communication processing unit 303) included in the vehicle key management device 31 is a component different from the TCU connected to the CAN. Alternatively, the communication processing unit included in the vehicle key management device 31 may be included as part of the configuration unit of the TCU.

  The LPWA communication processing unit 301 receives a one-time key, which is a vehicle key (encryption key), from the management server 10 via the antenna using LPWA communication. The LPWA communication processing unit 301 outputs the received one-time key to the one-time key management unit 302.

  The one-time key management unit 302 stores the one-time key input from the LPWA communication processing unit 301. Every time a new one-time key is distributed from the management server 10, the one-time key management unit 302 updates the one-time key to be stored. In addition, when there is a request for connection of short distance wireless communication from the terminal 20 to the vehicle 30, the onetime key management unit 302 outputs the stored onetime key to the onetime key authentication unit 304. Also, the one-time key management unit 302 discards the stored one-time key when the use of the vehicle 30 by the user of the terminal 20 ends, or when the effective period of the one-time key elapses. Good.

  The short distance wireless communication processing unit 303 performs communication processing with the terminal 20 via an antenna using short distance wireless communication. For example, when the short distance wireless communication processing unit 303 performs a short distance wireless connection with the terminal 20, the received one time key, or a control signal indicating a request for unlocking or locking the door of the vehicle 30 for one time Output to key authentication unit 304.

  The one-time key authentication unit 304 uses the one-time key stored in the one-time key management unit 302 and the one-time key transmitted from the terminal 20 to request the unlocking or locking of the door of the vehicle 30. Perform authentication on 20. If the authentication is successful (in the case of authentication OK), the one-time key authentication unit 304 permits a connection request for short-distance wireless communication with the terminal 20 (that is, a request for unlocking or locking the door). Then, when receiving a control signal indicating a request for unlocking or locking the door of the vehicle 30 from the terminal 20, the one-time key authentication unit 304 outputs a control signal to the door locking / unlocking control unit 32. On the other hand, when authentication fails (in the case of authentication NG), one-time key authentication unit 304 does not permit a connection request for short distance wireless communication with terminal 20 (that is, a request for unlocking or locking the door). .

  The configuration of the vehicle key management device 31 has been described above.

  When a control signal indicating a request for unlocking or locking the door of vehicle 30 is input from one-time key authentication unit 304, door locking / unlocking control unit 32 unlocks or locks the door based on the control signal. Control.

[Operation in vehicle key management system]
Next, the operation of the vehicle key management system 1 having the above configuration will be described in detail.

  FIG. 3 is a sequence diagram showing an operation example of the management server 10, the terminal 20, and the door ECU (including the vehicle key management device 31) of the vehicle 30 in the present embodiment. In FIG. 3, for example, the user having the terminal 20 reserves use of the vehicle 30, and the management server 10 assigns the vehicle 30 to the terminal 20.

  In FIG. 3, the terminal 20 requests the management server 10 to issue a vehicle key (one-time key) of the vehicle 30 (ST101). When the management server 10 receives the issuance request of the one-time key, for example, the management server 10 performs personal authentication on the terminal 20 (not shown), and when personal authentication succeeds, the one-time of the vehicle 30 allocated to the terminal 20 A key is issued to the terminal 20 (ST102).

  In addition, the process of issuing the one-time key to the terminal 20 in ST101 and ST102 may be performed by the user at an arbitrary place and timing without depending on the distance between the terminal 20 and the vehicle 30.

  Further, the management server 10 issues a vehicle key (one-time key) to the vehicle key management device 31 of the vehicle 30 using LPWA communication (ST103). For example, the issue of the one-time key in ST103 may be performed independently of the issue process of the one-time key to terminal 20 in ST101 and ST102. Alternatively, the issuance of the one-time key in ST103 may be triggered by the issuance of the one-time key to terminal 20 in ST102.

  The vehicle key management device 31 stores the one-time key issued by the management server 10 in ST103 (ST104).

  The terminal 20 requests the unlocking or locking of the door of the vehicle 30 by the processing of ST105 to ST111. For example, near field communication is used for the processing of ST105 to ST111.

  Specifically, the terminal 20 requests the vehicle key management device 31 for near-field wireless connection (ST105). When receiving the near field wireless connection request from the terminal 20, the vehicle key management device 31 requests the one time key from the terminal 20 (ST106). When the terminal 20 receives a request for the one-time key from the vehicle key management device 31, the terminal 20 requests the vehicle key management device 31 for authentication using the one-time key (ST107). That is, in ST107, the terminal 20 transmits the one-time key acquired from the management server 10 in ST102 to the vehicle key management device 31.

  Next, vehicle key management device 31 authenticates the one-time key (ST108). Specifically, when the one-time key transmitted from terminal 20 in ST 107 corresponds to the one-time key stored in ST 104 (for example, in the case of the same), vehicle key management device 31 performs authentication. Judge as success (Authentication OK). On the other hand, if the one-time key transmitted from terminal 20 in ST 107 does not correspond to the one-time key stored in ST 104 (for example, different), vehicle key management device 31 fails in authentication (authentication NG) I will judge. Vehicle key management device 31 transmits the authentication result in ST108 to terminal 20 as a one-time key authentication response (ST109).

  When authentication OK is indicated in the one-time key authentication response, the terminal 20 and the vehicle key management device 31 establish encrypted communication (ST110). The present invention is not limited to the case of establishing encrypted communication between the terminal 20 and the vehicle key management device 31 in the case of authentication OK in the one-time key authentication response, and a near field wireless connection without encryption may be established. .

  Then, the terminal 20 requests the vehicle key management device 31 to unlock or lock the door of the vehicle 30 (ST111). Thus, the door ECU (door locking / unlocking control unit 32) controls the unlocking or locking of the door of the vehicle 30 (ST112). For example, the door ECU outputs a door unlocking or locking request signal to the door lock actuator.

  Here, the one-time key held by the vehicle key management device 31 is updated, for example, by distribution from the management server 10 (ST103). Therefore, for example, even if a person who has used the vehicle 30 in the past accesses the vehicle key management device 31 using the one-time key used in the past for the purpose of illegal use of the vehicle 30, the vehicle key management device 31 It does not correspond to the one-time key currently held. Therefore, in this case, authentication in the vehicle key management device 31 fails, and it is possible to prevent the vehicle 30 from being used illegally.

  It is also assumed that the third party illegally obtains the one-time key of the vehicle 30 from the management server 10 or the terminal 20 held by the original user. However, according to the present embodiment, the one-time key held by the vehicle key management device 31 is updated, for example, as needed. Therefore, when the third party accesses the vehicle 30 in an unknown manner, the one-time key acquired by the third party is already highly likely to be a past one-time key, and the authentication in the vehicle key management device 31 The possibility of failure is high, and unauthorized use of the vehicle 30 can be prevented.

  As described above, by using the one-time key as the vehicle key of the vehicle 30, it is possible to reduce the risk that the vehicle 30 is used illegally, and to realize high security.

  Further, LPWA communication is used to issue a one-time key from the management server 10 to the vehicle key management device 31 in ST103. Therefore, even when the one-time key is issued periodically in ST103, the increase in power consumption of the vehicle 30 can be suppressed, for example, as compared with the case of using cellular communication.

  Also, for example, even when the ignition of the vehicle 30 is OFF, the vehicle key management device 31 can continue the management of the vehicle key with low power, and reduce the influence of the vehicle key management on the battery of the vehicle 30 it can. In the vehicle key management device 31, at least the LPWA communication processing unit 301 can operate with low power consumption, so the present invention is not limited to the case of operating with the power supplied from the battery of the vehicle 30, It may operate by the power supplied from a power supply source (for example, a dry cell etc.).

  The operation of the vehicle key management system 1 has been described above.

[Operation of Vehicle Key Management Device 31]
Next, the specific operation of the vehicle key management device 31 will be described.

  FIG. 4 is a flowchart showing an operation example of the vehicle key management device 31.

  The vehicle key management device 31 acquires a one-time key from the management server 10 (ST201; corresponding to ST103 and ST104 in FIG. 3).

  Next, the vehicle key management device 31 determines whether or not the one-time key acquired in ST201 is within the valid period (ST202). For example, the effective period may be a period set based on a period (reservation period) in which the user uses the vehicle 30, or may be a periodic period.

  If it is out of the valid period (ST202: NO), the vehicle key management device 31 discards the stored one-time key, returns to ST201, and acquires a new one-time key from the management server 10. On the other hand, if it is within the effective period (ST202: YES), the vehicle key management device 31 receives the one-time key from the terminal 20 (ST203; corresponding to ST105 to ST107 in FIG. 3). The process of ST203 is executed when there is a request for near field wireless connection from the terminal 20 to the vehicle key management device 31.

  Next, vehicle key management device 31 performs authentication using the one-time key acquired and stored in ST201 and the one-time key received from terminal 20 in ST203 (corresponding to ST108 in FIG. 3). It is determined whether authentication is OK (ST 204). In the case of the authentication NG (ST204: NO), the vehicle key management device 31 ends the process shown in FIG. On the other hand, if the authentication is OK (ST 204: YES), the vehicle key management device 31 controls the unlocking or locking of the door of the vehicle 30 based on the request for unlocking or locking the vehicle 30 received from the terminal 20. The control signal of is output to the door locking / unlocking control unit 32. Thus, the unlocking or locking of the door of the vehicle 30 is controlled (ST205; corresponding to ST112 in FIG. 3).

  The specific operation of the vehicle key management device 31 has been described above.

  As described above, in the present embodiment, the vehicle key management device 31 manages the one-time key which is the vehicle key of the vehicle 30 received from the management server 10 using the LPWA communication, and uses the one-time key. Authentication is performed on the terminal 20 which requests the unlocking or locking of the door of the vehicle 30, and when the authentication is successful, the terminal 20 is permitted to unlock or lock the door.

  Thereby, in the present embodiment, the vehicle key of the vehicle 30 is updated at a predetermined timing by using the one-time key as the vehicle key of the vehicle 30, so that the risk of illegal use of the vehicle 30 is realized. It can be reduced. Further, in the present embodiment, since LPWA communication is used to distribute the one-time key from the management server 10 to the vehicle 30, an increase in power consumption of the communication device mounted on the vehicle 30 can be suppressed. Therefore, according to the present embodiment, it is possible to realize high security and power saving of the vehicle 30 in the management of the vehicle key in the vehicle key management system 1.

[Modification of Embodiment 1]
In the present embodiment, when the vehicle key management device 31 determines that the authentication is NG in FIG. 4 (ST 204: NO), the case of ending the process related to the unlocking or locking of the door has been described. The operation of 31 is not limited to this.

  FIG. 5 is a flowchart showing an operation example of the vehicle key management device 31 according to the first modification of the first embodiment. In FIG. 5, the same operations as those in FIG. 4 are denoted by the same reference numerals, and the description thereof will be omitted.

  In FIG. 5, when the vehicle key management device 31 determines that the terminal 20 is in the authentication NG state (ST 204: NO), the vehicle key management device 31 determines whether the number of consecutive authentication NG failures is a predetermined number X times or more. (ST301). If the number of times for which the authentication NG occurs consecutively is less than the predetermined number X times (ST301: NO), the vehicle key management device 31 returns to the process of ST203 and receives the onetime key from the terminal 20 again.

  On the other hand, when the number of times for which the authentication NG occurs consecutively is equal to or more than the predetermined number X times (ST301: YES), the vehicle key management device 31 determines that the access to the vehicle 30 by the terminal 20 is an unauthorized access. For example, the vehicle key management device 31 executes notification processing to a notification device (not shown) that performs notification processing for transmitting a message indicating that unauthorized access is occurring to the police, a security company or a business operator. It instructs (ST302). That is, in FIG. 5, the vehicle key management device 31 allows an authentication NG up to (X-1) times. Note that the notification process is not limited to the message transmission process.

  As described above, according to the modification of the first embodiment, the vehicle key management device 31 executes the notification process when the authentication NG continues continuously a predetermined number X times. Thus, as in the first embodiment, unauthorized use of vehicle 30 can be prevented, and the police or the like can be promptly notified that an unauthorized access has occurred.

Second Embodiment
FIG. 6 is a block diagram showing a configuration example of management server 10, terminal 20 and vehicle 30a in vehicle key management system 1a according to the present embodiment. In FIG. 6, the same components as those in Embodiment 1 (FIG. 2) are assigned the same reference numerals and descriptions thereof will be omitted.

  In the vehicle key management system 1a shown in FIG. 6, the configuration of the vehicle 30a is different from the configuration of the vehicle 30 in the vehicle key management system 1 shown in FIG.

  Specifically, in the first embodiment (FIG. 2), the configuration in which the vehicle key management device 31 is included in the door ECU has been described. On the other hand, in the present embodiment, as shown in FIG. 6, the vehicle key management device 31 is provided separately from the ECU (including the door ECU). For example, the vehicle key management device 31 may be connected to the door ECU via a cable.

  That is, in the present embodiment, in the vehicle 30a, the vehicle key management device 31 is separated from the CAN.

  For example, in the configuration in which the vehicle key management device 31 is included in the door ECU, when the CAN to which each ECU is connected is illegally accessed via the TCU, for example, the program of the door ECU is via the CAN. There is a risk of being rewritten. In this case, the authentication of the one-time key in the vehicle key management device 31 is invalidated, and there is a possibility that unlocking and locking of the door of the vehicle 30 may be performed even without the correct one-time key.

  On the other hand, in the present embodiment, the vehicle key management device 31 is separated from the CAN, so even if unauthorized access via the CAN via the TCU occurs, the vehicle key management device 31 can Not affected by unauthorized access of That is, in the vehicle 30a, authentication of the one-time key in the vehicle key management device 31 can be normally performed. Therefore, in the vehicle 30a, even if the unauthorized access to the CAN occurs, if the authentication by the vehicle key management device 31 is not successful, there is no possibility that the door is illegally unlocked or locked.

  As described above, according to the present embodiment, it is possible to prevent the unlocking and locking of the door of the vehicle 30a by unauthorized access to the CAN, and compared to the first embodiment, management of the vehicle key Security can be further enhanced.

  A vehicle key management device 31 may be provided in a one-to-one correspondence with the door ECU corresponding to each of the doors included in the vehicle 30a, and a plurality of door ECUs corresponding to a plurality of doors included in the vehicle 30a And one vehicle key management device 31 may be provided in association with one another. Since the module used for LPWA communication is cheaper and the cost of use is lower than the module used for cellular communication, the vehicle key can be used even when the vehicle key management device 31 is directly connected to each door ECU. The management device 31 can be installed at low cost.

  In addition, the vehicle key management device 31 may be provided in association with all the door ECUs corresponding to the doors provided in the vehicle 30a, and corresponds to the door ECUs corresponding to some of the doors (for example, the doors of the driver's seat) It may be attached. For example, in the vehicle 30a, unlocking and locking by the above-mentioned one-time key authentication is controlled for the driver's seat door, and normal operation (for example, CAN by a switch installed near the driver's seat) is controlled for other doors. Unlocking and locking) may be performed.

  The embodiments of the present disclosure have been described above.

  The present disclosure can be implemented in software, hardware, or software in conjunction with hardware. Each functional block used in the description of the above embodiment is partially or entirely realized as an LSI which is an integrated circuit, and each process described in the above embodiment is partially or totally It may be controlled by one LSI or a combination of LSIs. The LSI may be configured from individual chips, or may be configured from one chip so as to include some or all of the functional blocks. The LSI may have data inputs and outputs. An LSI may be called an IC, a system LSI, a super LSI, or an ultra LSI depending on the degree of integration. The method of circuit integration is not limited to LSI's, and implementation using dedicated circuitry, general purpose processors, or dedicated processors is also possible. In addition, an FPGA (Field Programmable Gate Array) that can be programmed after LSI fabrication, or a reconfigurable processor that can reconfigure connection and setting of circuit cells in the LSI may be used. The present disclosure may be implemented as digital processing or analog processing. Furthermore, if integrated circuit technology comes out to replace LSI's as a result of the advancement of semiconductor technology or a derivative other technology, it is naturally also possible to carry out function block integration using this technology. The application of biotechnology etc. may be possible.

  One aspect of the present disclosure is useful for a vehicle key management system that manages vehicle keys.

1, 1a vehicle key management system 10 management server 20 terminal 30, 30a vehicle 31 vehicle key management device 32 door locking / unlocking control unit 101, 202, 302 one time key management unit 102, 301 LPWA communication processing unit 103, 201 wireless Communication processing unit 203, 303 Near field communication processing unit 304 One-time key authentication unit

Claims (7)

A management unit that manages a one-time key, which is a vehicle key, received from a server using Low Power Wide Area (LPWA) communication;
The terminal requiring authentication or unlocking of the door of the vehicle is authenticated using the one-time key, and when the authentication is successful, the terminal is permitted to unlock or lock the door An authentication unit,
Vehicle key management device equipped with. The vehicle key management device is included in an electronic control unit (ECU) that controls unlocking or locking of the door.
The ECU includes a control unit that controls the unlocking or locking of the door when the authentication unit permits the unlocking or locking of the door.
The vehicle key management device according to claim 1. The vehicle key management device is provided separately from an electronic control unit (ECU) that controls unlocking or locking of the door.
When the unlocking or locking of the door of the vehicle is permitted, the authentication unit outputs a control signal instructing execution of the unlocking or locking of the door to the ECU.
The vehicle key management device according to claim 1. The signal requesting the unlocking or locking of the door is transmitted from the terminal to the vehicle key management device using near-field wireless communication whose communication range is narrower than that of the LPWA.
The vehicle key management device according to claim 1. The authentication unit instructs the notification device to execute a notification process when the predetermined number of failed authentications continues continuously.
The vehicle key management device according to claim 1. A server that manages a one-time key which is a key of the vehicle;
A vehicle key management device mounted on the vehicle;
A terminal held by a user who uses the vehicle;
Equipped with
The server transmits the one-time key to the vehicle key management device using low power wide area (LPWA) communication.
The terminal transmits a request for unlocking or locking the door of the vehicle to the vehicle key management device via the terminal.
The vehicle key management device authenticates the terminal requesting the unlocking or locking of the door using the one-time key received from the server, and unlocks the door if the authentication is successful. Or allow the lock,
Vehicle key management system. Manage the one-time key, which is the key of the vehicle, received from the server using Low Power Wide Area (LPWA) communication,
Using the one-time key, the terminal requiring the unlocking or locking of the door of the vehicle is authenticated, and when the authentication is successful, the unlocking or locking of the door is permitted.
Vehicle key management method.

Images