JP2020123961A - Communication system - Google Patents

Abstract

To provide a communication system capable of suppressing delay related to transmission/reception of a communication message even in a case where reliability of the communication message is secured by utilizing a time change parameter.SOLUTION: A gateway 10 transmits a synchronization message MA including a high-order bit. A first ECU 21 and a third ECU 23 acquire the high-order bit from the synchronization message MA. The first ECU 21 transmits a communication message MB that includes an authenticator generated by utilizing a message counter that is reconfigured by a stored and managed low-order bit and the acquired high-order bit. The third ECU 23 authenticates the received communication message MB on the basis of comparison between an authenticator regenerated by utilizing a message counter reconfigured from the communication message MB and the authenticator included in the communication message MB. Under a condition that the synchronization message MA cannot be received, the received communication message MB is treated as an authenticated one.SELECTED DRAWING: Figure 1

Description

The present invention relates to a communication system in which a plurality of vehicle-mounted electronic control devices are network-connected.

As is well known, a plurality of electronic control units (ECUs) mounted on a vehicle are connected to the same network, and information (vehicle information) that they have can be mutually transmitted and received. Often make up. An example of such a communication system is described in Patent Document 1.

The communication system described in Patent Document 1 includes a transmitting terminal that transmits data and a receiving terminal that receives data from the transmitting terminal. The transmission terminal includes a data acquisition unit, a reception unit, a key acquisition unit, and a time-varying parameter management unit that receives challenge information from the reception unit and manages time-varying parameters. Also, the transmitting terminal receives the conversion data from the data conversion unit and the data conversion unit that converts the received communication data by using the received key information, the challenge information, and the time-varying parameter, and generates the conversion data. And a transmitting unit that transmits data to the receiving terminal. On the other hand, the receiving terminal has a challenge generating unit that generates challenge information, a transmitting unit that transmits the challenge information to the transmitting terminal, a receiving unit that receives conversion data from the transmitting terminal, and key information that is the same as the key information in the transmitting terminal. And a key acquisition unit for acquiring. Also, the receiving terminal uses the time-varying parameter determination unit that determines the novelty of the received converted data, and whether the received converted data is correctly converted using the received key information, challenge information, and time-varying parameter. And a data authentication unit that sends the authentication result to the time-varying parameter determination unit. Then, the time-varying parameter determination unit determines the novelty of the converted data based on the authentication result received from the data authentication unit.

JP, 2011-67073, A

According to the system described in Patent Document 1, the time-varying parameter included in the communication message suppresses the spoofing of the legitimate sender by an attacker who cannot appropriately change the time-varying parameter, and the reliability of the communication message is reduced. To improve the sex.

By the way, in the above technique, there is a possibility that the stored time-varying parameters are different between the receiving device and the transmitting device until the time-varying parameters are synchronized after power-on or after reset. There is. If the stored time-varying parameters are different, the receiving device does not authenticate the legitimate communication message sent by the sending device as being correct. However, some communication messages include communication data that is desired to be exchanged between the receiving device and the transmitting device immediately after the power is turned on, even before the time-varying parameters are synchronized. That is, even if the communication data is desired to be exchanged at such an early stage, the exchange of the communication data may be delayed until the time-varying parameters are synchronized.

The present invention has been made in view of the above circumstances, and an object thereof is to suppress a delay in transmission/reception of a communication message even when the reliability of the communication message is secured by using a time-varying parameter. It is to provide a communication system capable of performing.

Hereinafter, the means for solving the above problems and the operation effects thereof will be described.
To achieve the above object, a communication system stores the first information in a management code formed by combining first information and second information, and stores the first information to be stored. A management device that manages the second information to be updated once based on multiple updates, and a reception device and a transmission device that are communicatively connected to the management device via a communication network, The management device transmits a communication message including the first information, and the reception device and the transmission device each include the first communication message included in the received communication message every time the communication message transmitted by the management device is received. 1), the transmitting device manages the second information in the management code, and communication data, the first information to be held, and the managing first information. An authenticator is generated from the management code that is a combination of two pieces of information, and includes the communication data, the second information to be managed, and the generated authenticator, and stores the first information to be retained. A communication message that does not include is generated and transmitted, the value of the second information to be managed is updated after the generation of the communication message, and the receiving device receives the communication message transmitted by the transmitting device, Authenticating the received communication message based on a comparison between an authenticator included in the received communication message and an authenticator regenerated based on the received communication message, wherein the receiving device holds the holding message. The first information and the second information acquired from the communication message transmitted by the transmission device to reconfigure a management code, and communication data acquired from the communication message transmitted by the transmission device, and the reconfiguration. The received authentication message is acquired from the received management message, on condition that the communication message including the first information has not been received. The feature is that it is handled as an item.

It is desirable to set the management code to the one-time value in order to further improve the reliability of communication, but if the management code is set to the one-time value over the period of use of the communication system, the amount of information required for the management code will increase. It gets bigger. When this management code is included in the communication message, the management code occupies a large amount in the communication message, and there is a problem that the capacity that can be allocated to the message data that is the communication content to be transmitted becomes small.

In this respect, by including only the second information of the management code in the communication message transmitted by the transmitting device, it is possible to secure a large area for communication data.
Further, the first information of the management code is managed by the management device, and thus can be synchronized between the transmission device and the reception device. That is, the receiving device combines the first information transmitted from the management device with the second information included in the communication message transmitted from the transmitting device, and is used by the transmitting device to generate the authenticator. The management code can be reconfigured. That is, even if the size of the management code is set to a size required for ensuring reliability, it is possible to suppress the capacity required for storing the communication message to be small and suppress the decrease in the capacity for communication data.

Further, when the first information of the management codes transmitted from the management device is received, the first information of the management codes received can be one of the management codes stored in the receiving device and the transmitting device. The first information of is updated, ie synchronized. Thereby, even if the management code is divided into the first information and the second information, the communication message can be authenticated by the management code.

Further, since the first information of the management codes stored in the receiving device and the transmitting device can be synchronized, the receiving device and the transmitting device can store the first information of the stored management codes in the receiving device and the transmitting device. Even if the management code is asynchronously initialized by a reset or the like, the stored management code is synchronized and reset to a normal value, so that the authentication can be normally performed.

Then, according to such a configuration, the receiving device treats the received communication message as an authenticated one, provided that the communication message including the first information has not been received. As a result, even if the receiving device has not yet received the communication message including the first information of the management code from the management device immediately after the power is turned on or after the reset, the receiving device and the receiving device. You will be able to share communication data that needs to be shared with. After that, if a communication message including the first information of the management code is received, the communication message will be authenticated, so that the required reliability is maintained. As a result, even when the reliability of the communication message is ensured by using the time-varying parameter, for example, a delay in transmitting and receiving the communication message immediately after the power is turned on can be suppressed.

The block diagram which shows the schematic structure about one Embodiment which materialized the communication system. The schematic diagram which shows the outline of the process performed by the gateway in the same embodiment typically. The schematic diagram which shows typically the schematic structure of the electronic control unit (ECU) in the same embodiment. The schematic diagram which shows the outline of the process which an electronic control unit (ECU) performs at the time of transmission in the same embodiment. The schematic diagram which shows the outline of the process which an electronic control unit (ECU) performs at the time of reception in the same embodiment. 6 is a flowchart showing a procedure on the gateway side when the message counters are synchronized in the same embodiment. 6 is a flowchart showing a procedure on the ECU side when the message counters are synchronized in the same embodiment. 6 is a flowchart showing an authentication process when the message counters are not synchronized in the same embodiment. 6 is a flowchart showing an authentication process when message counters are synchronized in the same embodiment.

An embodiment in which the communication system is embodied will be described with reference to FIG. The communication system of this embodiment is a communication system applied to an in-vehicle network mounted on a vehicle (not shown).

As shown in FIG. 1, in the communication system, first to fourth electronic control units (ECUs) 21 to 24 as at least one of a transmission device and a reception device and first and second ECUs 21 and 22 are communicably connected. And a communication bus L2 to which the third and fourth ECUs 23 and 24 are communicatively connected. In the present embodiment, the communication bus L1 and the communication bus L2 form a communication network. Further, the communication system includes a gateway 10 as a management device communicatively connected to the communication bus L1 and the communication bus L2. The gateway 10 can mutually transfer (relay) the communication message MB between the communication bus L1 and the communication bus L2. Therefore, the first and second ECUs 21 and 22 connected to the communication bus L1 and the third and fourth ECUs 23 and 24 connected to the communication bus L2 mutually transmit and receive the communication message MB via the gateway 10. Is possible.

The communication system employs, for example, a CAN (Controller Area Network) protocol as a communication protocol. Further, the communication system may include wireless communication in a part of the communication path, or may include a path passing through another network via a gateway or the like.

The CAN protocol defines a frame that is the structure of a communication message. In the frame, a storage area for a "message ID" as an identifier that indicates the type of communication message, and "message data" that is data specified by the user “Data field”, which is a storage area of “”, is provided. The "message ID" has a specific value defined for each type of communication message, and each ECU adds the "message ID" corresponding to the type to the communication message to be transmitted, and transmits the received message. The type of message is determined based on the "message ID". In this communication system, it is limited to one defined ECU that a certain “message ID” can be added to a communication message and transmitted. The "data field", which is an area for storing "message data", is set to have a length of any one of 0 to 64 bits (8 bits x 0 to 8 bytes).

The gateway 10 is configured to include a microcomputer having an arithmetic unit (CPU) and a storage device. The gateway 10 includes an arithmetic unit that executes arithmetic operations of programs, a read-only memory (ROM) that stores the programs and data, and a volatile memory (RAM that temporarily stores the arithmetic results of the arithmetic units. ) And are provided. As a result, the gateway 10 provides a predetermined function by reading the program stored in the storage device into the arithmetic device and executing the program. For example, the gateway 10 performs a process of transferring the communication message MB between the two communication buses L1 and L2 and a process of managing the message counter MC (see FIG. 2) as a management code. The gateway 10 also includes a backup memory that stores and holds set values and calculated values when power is constantly supplied from the battery.

The gateway 10 includes a code management unit 11 that manages the message counter MC (see FIG. 2), a transmission unit 12 that transmits a part of the message counter MC, and communication buses L1 and L2 to which the gateway 10 is connected. And a communication I/F unit 13 that exchanges each communication message MB between them. Each function of the code management unit 11 and the transmission unit 12 is realized by the arithmetic processing of the program by the gateway 10.

The communication I/F 13 transmits/receives a communication message MB based on the CAN protocol to/from the communication buses L1 and L2. Further, the communication I/F 13 exchanges the communication message MB with the transmission unit 12 and the like. As a result, the gateway 10 can transmit the synchronization message MA output by itself to the communication buses L1 and L2, and also obtains the communication message MB transmitted from another ECU via the communication buses L1 and L2. be able to. It should be noted that in the present embodiment, the synchronization message MA is given a message ID indicating that it is a synchronization message among normal communication messages based on the CAN protocol. Therefore, the synchronization message MA is transmitted by broadcast to the ECUs 21 to 24 connected to the communication buses L1 and L2, like a normal communication message.

The code management unit 11 will be described with reference to FIG.
The code management unit 11 manages the message counter MC stored in the backup memory of the gateway 10. The code management unit 11 stores and manages the “upper bit MCH” of the message counter MC. Further, the code management unit 11 acquires the latest value of the “lower bit MCL” of the message counter MC from the communication message MB and stores it for monitoring the value. Hereinafter, the total length of the message counter MC will be simply referred to as the message counter MC.

The message counter MC is a counter managed for each “message ID”, and its value is updated when a communication message having the corresponding “message ID” is newly generated. That is, the message counter MC corresponding to each "message ID" is updated. In this embodiment, the message counter MC is a counter that can be incremented by one. In the following, one “message ID” and the message counter MC corresponding to this will be described as an example, and for convenience of description, examples of other “message IDs” and corresponding message counters MC will be described. I will omit the explanation.

In the present embodiment, the message counter MC is divided into two, that is, "upper bit MCH" as the first information and "lower bit MCL" as the second information. The "upper bit MCH" is stored, managed and transmitted by the gateway 10, and the "lower bit MCL" is stored, managed and transmitted by each ECU 21-24. In addition, the message counter MC increases the value of the “higher-order bit MCH” by “1” in response to the change of the “lower-order bit MCL” from “0” to the maximum value. The ECU repeatedly sets the "lower bit MCL" to the initial value "0" according to the increase of "MCH". As a result, the message counter MC never reaches the same value again. The gateway 10 stores and manages the “high-order bit MCH” of the message counter MC in a storage area secured as an area for storing the message counter MC. At this time, the gateway 10 may manage the “lower bit MCL” of the message counter MC by putting it in a position corresponding to the lower bit of the secured storage area, or store the secured message counter MC. The message counter MC may be separately stored and managed in a storage area secured separately from the storage area. That is, the gateway 10 may put the “lower bit MCL” received in the communication message MB into the bit corresponding to the “lower bit MCL” of the message counter MC, or set a predetermined value. Alternatively, it may be managed without including the bit corresponding to the “lower bit MCL”.

The message counter MC is set to an information amount capable of ensuring the reliability of the communication message MB, that is, a bit length (number of bits). For example, when the reliability of the communication message MB is ensured by never increasing the value of the message counter MC and never using the same value again, the message counter is calculated from the vehicle life and the transmission frequency of the communication message MB. The length of MC (the number of bits) needs to be 8 bytes in terms of calculation. Since the length of 8 bytes is the same as the maximum length of 64 bits (=8 bytes) of the "data field", if the message counter MC is stored in the communication message MB and is transmitted, the communication message The "message data" that is the data specified by the user cannot be stored in the MB. Therefore, as described above, the message counter MC is divided into "upper bit MCH" and "lower bit MCL" and managed.

More specifically, the code management unit 11 manages the “upper bit MCH” of the message counter MC. For example, in the present embodiment, when the message counter MC has a length of 8 bytes, the “high-order bit MCH” has a length of 7 bytes (=56 bits) and the “low-order bit MCL” has a length of 1 byte (=8 bits). In this case, the maximum value of the "lower bit MCL" is "255".

The code management unit 11 updates and manages the “higher-order bit MCH” of the message counter MC so that the message counter MC never becomes the same value again. Specifically, the code management unit 11 updates the “upper bit MCH” of the message counter MC by monotonically increasing at the update timing. The update timing is the timing when the “lower bit MCL” of the message counter MC reaches the maximum value, that is, the timing when all the patterns of the “lower bit MCL” are used up. For example, the code management unit 11 monitors the “lower bit MCL” of the message counter MC by receiving the communication message MB transmitted by the first ECU 21, and when the “lower bit MCL” becomes equal to or larger than the maximum value. Is the update timing.

The code management unit 11 transmits the “upper bit MCH” of the message counter MC to the transmission unit 12 in response to updating the “upper bit MCH” of the message counter MC.

The transmission unit 12 generates an "authentication element AC1" from the "upper bit MCH" of the message counter MC, and performs synchronization including the generated "authentication element AC1" and the "upper bit MCH" of the message counter MC. Message MA is generated. The synchronization message MA is a communication message in which the "upper bit MCH" of the message counter MC and the "authenticator AC1" obtained by encrypting the "upper bit MCH" of the message counter MC are stored in the "data field". Is. Then, the transmission unit 12 transmits the synchronization message MA to the first to fourth ECUs 21 to 24 via the communication I/F 13 as a communication message having a message ID having a high priority in the CAN protocol. Note that the message ID having a high priority is set in advance for the synchronization message MA. Then, the synchronization message MA notifies the “upper bit MCH” of the message counter MC managed by the gateway 10 to the first to fourth ECUs 21 to 24, respectively, and the message counter managed by each ECU 21 to 24. The "upper bit MCH" of MC is synchronized.

As shown in FIG. 2, the transmission unit 12 includes an encryption engine 111. The encryption engine 111 is set with the encryption key EK, inputs the “upper bit MCH” of the message counter MC from the code management unit 11, and inputs the “upper bit MCH” of the input message counter MC. The "certifier AC1" is generated by encrypting with the encryption key EK. Then, the transmission unit 12 generates the synchronization message MA from the “upper bit MCH” of the message counter MC and the “authenticator AC1”. Note that the encryption key EK is better if it cannot be acquired from the outside using a tamper resistant memory or the like.

Further, the transmission unit 12 transmits the synchronization message MA to all the ECUs in response to the update of the “upper bit MCH” of the message counter MC. That is, the gateway 10 transmits the “upper bit MCH” of the message counter MC.

The first to fourth ECUs 21 to 24 will be described with reference to FIGS. 3 and 4. Since the first to fourth ECUs 21 to 24 all have the same configuration, the first ECU 21 will be described in detail here, and the description of the configuration of the other ECUs will be omitted.

The first ECU 21 is configured to include a microcomputer having an arithmetic unit (CPU) and a storage device. The first ECU 21 includes an arithmetic unit that executes arithmetic operations of programs, a read-only memory (ROM) that stores the programs and data, and a volatile memory (RAM) that temporarily stores the arithmetic results of the arithmetic units. ) And are provided. As a result, the first ECU 21 provides a predetermined function by reading the program stored in the storage device into the arithmetic device and executing the program. For example, the first ECU 21 performs a process of transmitting and receiving the communication message MB to and from the communication bus L1, a process of receiving the synchronization message MA, and a process of managing the message counter MC as a management code. The first ECU 21 also includes a backup memory that stores and holds set values and calculated values when power is constantly supplied from the battery.

As shown in FIGS. 3 and 4, the first ECU 21 includes a communication I/F 30 for CAN protocol, a plurality of MBOXs (Message Box) 31a, 31b, 31c in which communication messages are temporarily stored, and communication messages to be transmitted. An authenticator generation unit 33 that generates an “authenticator AC2” included in the MB or the like is provided. The first ECU 21 also includes a message processing unit 34 that processes a communication message MB that includes an authenticator and is transmitted and received, an information processing unit 32 that processes “message data DT”, and determines whether or not the communication message MB can be received by “higher-order bits”. And a provisional reception determination unit 37 that determines according to the update state of “MCH”. Each function of the authenticator generation unit 33, the message processing unit 34, and the temporary reception determination unit 37 is realized by the arithmetic processing of the program by the first ECU 21.

The communication I/F unit 30 receives the synchronization message MA and transmits/receives the communication message MB via the communication bus L1.
The plurality of MBOXs 31a, 31b, 31c relay the communication message MB received by the communication I/F unit 30. The plurality of MBOXs 31a, 31b, 31c relay the communication message MB transmitted from the communication I/F unit 30. For example, the MBOX 31a relays a communication message including no authenticator between the communication I/F unit 30 and the information processing unit 32. Further, the MBOX 31b relays a communication message between the communication I/F unit 30 and the authenticator generation unit 33. The MBOX 31b particularly relays the synchronization message MA required for managing the message counter MC. The MBOX 31c relays a communication message between the communication I/F unit 30 and the message processing unit 34. The MBOX 31c relays the communication message MB, among others.

The information processing section 32 executes various applications using the “message data DT” included in the communication message received by the first ECU 21. Further, the information processing section 32 outputs the data output by various applications as “message data DT” to be transmitted to the outside.

The authenticator generating unit 33 generates an “authenticator AC2” from the “message data DT” and the “message counter MC”. The authenticator generation unit 33 holds the “upper bit MCH” of the message counter MC and stores and manages the “lower bit MCL”. The authenticator generation unit 33 stores only one "upper bit MCH" and "lower bit MCL" of the message counter MC at the corresponding positions in the reserved storage area of the message counter MC. Alternatively, the “higher-order bit MCH” and the “lower-order bit MCL” may be stored in separately reserved storage areas.

The temporary reception determination unit 37 determines whether or not the temporary reception is possible based on the information exchanged between the authenticator generation unit 33 and the message processing unit 34. The temporary reception determination unit 37 acquires the “high-order bit MCH” and its state stored in the authenticator generation unit 33, and outputs the result of the temporary reception availability.

More specifically, the temporary reception determination unit 37 determines whether or not the temporary reception of the communication message MB is possible based on the “upper bit MCH” stored in the authenticator generation unit 33, and the result of this determination is determined by the message processing unit 34. Output to. The temporary reception determination unit 37 determines the state of the “upper bit MCH” stored in the authenticator generation unit 33, and if the “upper bit MCH” is in a transient state in this determination, the temporary reception is “OK”. If it is in the steady state, it is determined that the temporary reception is “no”. Here, the steady state refers to a state in which the “upper bit MCH” is regularly updated, or a state within a predetermined period from the previous update. On the contrary, the transient state is a state in which the “high-order bit MCH” remains the initial value. The transient state may include a state in which the update of the “high-order bit MCH” is stopped, a state in which the update is not performed even after a predetermined period of time from the previous update, and the like. The temporary reception determination unit 37 determines whether or not the temporary reception is possible when the authenticator generation unit 33 needs to authenticate the authenticator, and outputs the determination result to the authenticator generation unit 33 and the message processing unit 34. You can

The message processing unit 34 secures the reliability of the communication message MB transmitted/received as follows.
When receiving the communication message MB, the message processing unit 34 inputs the communication message MB from the MBOX 31c, and determines whether or not the input communication message MB can be received and performs an authentication process. Then, the message processing unit 34 outputs the “message data DT” included in the communication message MB authenticated by the authenticator generating unit 33 to the information processing unit 32. Specifically, in order to perform the authentication process, the message processing unit 34 sends the received communication message MB to the authenticator generating unit 33, and the authenticator generating unit 33 obtains the authentication result for the communication message MB. The message processing unit 34 authenticated by the authenticator generating unit 33 acquires the “message data DT” from the received communication message MB, and sends the acquired “message data DT” to the information processing unit 32.

On the other hand, when the authenticator generation unit 33 has not been authenticated, the message processing unit 34 acquires a determination as to whether or not the received communication message MB can be received. More specifically, the authenticator generation unit 33 sends the received communication message MB to the temporary reception determination unit 37, and the temporary reception determination unit 37 inputs the determination result of the reception possibility. Then, the message processing unit 34 discards the received communication message MB when the determination result of the provisional reception “no” is input. On the other hand, when the determination result of the provisional reception “OK” is input, the message processing unit 34 responds to the received communication message MB even if the received communication message MB is not authenticated by the authenticator generating unit 33. Performs the same processing as when authenticated. That is, the message processing unit 34 acquires the “message data DT” from the received communication message MB that is determined to be “temporarily received” and sends the acquired “message data DT” to the information processing unit 32. As a result, the "message data DT" is sent to the information processing unit 32 even when the "high-order bit MCH" remains at the initial value immediately after the power is turned on or immediately after reset, and the "message" The data DT” is shared by the first ECU 21 and the third ECU 23.

Further, when transmitting the communication message MB, the message processing unit 34 inputs the “message data DT” from the information processing unit 32, and generates the “authenticator AC2” based on the input “message data DT”. Then, the message processing unit 34 generates the communication message MB to be transmitted including the “message data DT” and the “authentication element AC2”, and outputs the generated communication message MB to be transmitted to the MBOX 31c.

The authenticator generation unit 33 manages “upper bit MCH” and “lower bit MCL” of the message counter MC. The authenticator generation unit 33 stores only one "upper bit MCH" and "lower bit MCL" of the message counter MC at the corresponding positions in the reserved storage area of the message counter MC. Alternatively, the “higher-order bit MCH” and the “lower-order bit MCL” may be stored separately in the reserved storage areas. Further, the authenticator generation unit 33 initializes the value of the storage area for storing and holding the “lower bit MCL” and the storage area for storing the “upper bit MCH” by powering off or resetting. It is like this. This initialization often occurs asynchronously with other ECUs and the gateway 10.

The authenticator generation unit 33 performs a message counter synchronization process, a communication message transmission process, and a communication message reception process. Therefore, each process will be described in detail below.
[Message counter synchronization processing]
When the synchronization message MA is input from the MBOX 31b, the authenticator generation unit 33 authenticates the synchronization message MA and includes the value of the “upper bit MCH” in the synchronization message MA on condition that the synchronization message MA is authenticated. The value is updated by the value of the “high-order bit MCH” that is set. Further, the authenticator generation unit 33 initializes the value of the “lower bit MCL” to “0” on condition that the value of the “higher bit MCH” is updated. As a result, the "lower bit MCL" is set to be updatable in the range from "0" to the maximum value.

Further, the authenticator generation unit 33 authenticates the synchronization message MA. The authenticator generation unit 33 acquires the “authenticator AC1” and the “high-order bit MCH” from the synchronization message MA input from the MBOX 31b. Then, the authenticator generating unit 33 encrypts the acquired “high-order bit MCH” with the encryption engine 35 and regenerates the authenticator. Then, the authenticator generation unit 33 compares the regenerated authenticator with the “authenticator AC1” acquired from the synchronization message MA, and determines that the synchronization message MA is authenticated if the comparison results match. If they do not match, it is determined that the synchronization message MA is not authenticated.

Normally, the “high-order bit MCH” stored in the authenticator generation unit 33 is updated periodically or within a predetermined period by the input of the synchronization message MA. On the other hand, immediately after power-on or reset, and until the synchronization message MA is received and input, the “high-order bit MCH” stored in the authenticator generation unit 33 remains the initial value. Or, it may not be updated. The non-updated state is a state in which the “high-order bit MCH” is the initial value for a predetermined period and has not been updated because the synchronization message has not been received even once or for a long period of time.

The authenticator generation unit 33 includes an encryption engine 35. The encryption engine 35 is set with the encryption key EK, inputs the message data DT and the message counter MC from the authenticator generation unit 33, and generates an authenticator by encrypting with the encryption key EK. Since the same encryption key EK as the gateway 10 is set, encrypted communication is possible between the first ECU 21 and the gateway 10 and between the first ECU 21 and the second to fourth ECUs 22 to 24. Is. Note that the encryption key EK is better if it cannot be acquired from the outside using a tamper resistant memory or the like.

[Processing when sending communication message]
The authenticator generation unit 33 performs a process of generating an authenticator of the communication message MB to be transmitted as the process of transmitting the communication message MB. The “message data DT” is input to the authenticator generation unit 33 from the message processing unit 34. The authenticator generation unit 33 reconfigures the message counter MC from the managed “lower bit MCL” and the “upper bit MCH” acquired and held from the synchronization message MA, and at the same time, the encryption engine 35. Then, the reconfigured message counter MC and the input message data DT are encrypted with the encryption key EK to generate the "authentication element AC2". Further, the authenticator generation unit 33 outputs the input “message data DT”, the “lower bit MCL” used to generate the “authenticator AC2”, and the generated “authenticator AC2” to the message processing unit 34. To do. Then, the message processing unit 34 generates a communication message MB to be transmitted from the “message data DT”, the “lower bit MCL”, and the “authentication element AC2” input from the authenticator generating unit 33, and the generated communication message MB. To the MBOX 31c. Further, the authenticator generation unit 33 updates the “lower bit MCL” to a value larger by 1 in response to the generation of the “authenticator AC2”. As a result, when the "certifier AC2" is generated, the message counter MC does not become the same value as the past value.

[Processing when receiving communication message]
The authenticator generation unit 33 performs the authentication process of the received communication message MB as the process at the time of receiving the communication message MB. In the authentication process, the authentication based on the "authenticator AC2" is performed.

That is, as shown in FIG. 5, the authenticator generation unit 33 includes the “message data DT” of the communication message MB received from the message processing unit 34, the “lower bit MCL” of the message counter MC, and the “authentication”. Child AC2” is input. The authenticator generation unit 33 reconfigures the message counter MC from the input “lower bit MCL” and the held “upper bit MCH”, and also reconfigures the message counter MC by the encryption engine 35. The "message data DT" input with is encrypted with the encryption key EK to regenerate the "certifier AC3". Further, the authenticator generating unit 33 compares the input “authenticator AC2” with the regenerated “authenticator AC3” and determines that authentication is performed. If they do not match, authentication is not performed. To judge. Then, the authenticator generating unit 33 outputs the authentication determination result to the message processing unit 34. The message processing unit 34 outputs the “message data DT” of the authenticated communication message MB to the information processing unit 32. On the other hand, the message processing unit 34 acquires the acceptance/non-permission determination of the unauthenticated communication message MB from the temporary reception determination unit 37, and if the reception is “acceptable”, the “message data DT” of the communication message MB is acquired. The message is output to the information processing unit 32, and if the message is “not received”, the “message data DT” of the communication message MB is discarded.

The operation of the communication system of this embodiment will be described.
Here, for convenience of explanation, it is assumed that the communication message MB is transmitted from the first ECU 21 and received by the third ECU 23.

[Update upper bits]
6 and 7 show a procedure for updating the "high-order bit MCH" of the message counter MC held by the authenticator generating unit 33 of the ECUs 21-24. This procedure is started in the gateway 10 or the ECUs 21 to 24 every predetermined cycle or every time a predetermined condition is satisfied.

As shown in FIG. 6, the gateway 10 determines whether or not it is time to transmit the synchronization message MA (step S10 in FIG. 6). The transmission timing is, for example, when the “upper bit MCH” of the message counter MC is updated by the code management unit 11 of the gateway 10. If it is determined that it is not the transmission timing (NO in step S10 of FIG. 6), the process of updating the upper bits is temporarily terminated.

On the other hand, when it is determined that it is the transmission timing (YES in step S10 in FIG. 6 ), the gateway 10 transmits the “synchronization message MA” to all the ECUs 21 to 24 (step S11 in FIG. 6 ). Then, the process of updating the high-order bit ends once.

As shown in FIG. 7, each of the ECUs 21 to 24 determines whether or not the synchronization message MA has been received (step S20 in FIG. 7). If it is determined that the synchronization message MA has not been received (NO in step S20 of FIG. 7), the process of updating the upper bits ends once. On the other hand, when it is determined that the synchronization message MA is received (YES in step S20 of FIG. 7 ), each of the ECUs 21 to 24 authenticates the “authenticator AC1” of the received synchronization message MA (step S21 of FIG. 7 ). ). The authentication of the “authentication element AC1” is performed by comparison with the authentication code regenerated by the authentication code generation unit 33. If the comparison result matches, the authentication is performed, whereas if the comparison result does not match, the authentication is not performed. If the “authenticator AC1” of the synchronization message MA cannot be authenticated (NO in step S21 of FIG. 7 ), the process of updating the upper bit ends once.

On the other hand, when the authenticator AC1 of the synchronization message MA is authenticated (YES in step S21 of FIG. 7 ), each of the ECUs 21 to 24 updates the “upper bit MCH” of the stored message counter MC (FIG. Step S22 of 7.). Then, the process of updating the high-order bit ends once.

[Communication message sending process]
As shown in FIG. 4, when the information processing unit 32 generates the “message data DT”, the first ECU 21 causes the authenticator generating unit 33 to generate the “identifier AC2” based on the “message data DT” and the message counter MC. To do. Then, the first ECU 21 generates the communication message MB from the “message data DT” when the “identifier AC2” is generated and the “lower bit MCL” of the message counter MC and the generated “identifier AC2”, and The generated communication message MB is transmitted to the communication bus L1. The communication message MB transmitted to the communication bus L1 is transferred from the communication bus L1 to the communication bus L2 by the gateway 10 and can be received by the third ECU 23 connected to the communication bus L2.

[Communication message reception processing]
The communication message receiving process shown in FIGS. 8 and 9 is repeatedly executed at a predetermined cycle, or is executed in response to the reception of the communication message MB.

As shown in FIG. 8, the third ECU 23 determines whether or not the authenticator generation unit 33 receives the synchronization message MA based on the received communication message MB being acquired by the message processing unit 34. (Step S50 of FIG. 8). Whether or not the synchronization message MA is received depends on whether or not a communication message having a message ID corresponding to the synchronization message MA is received, and whether or not the synchronization message MA is input to the authenticator generation unit 33. It is determined based on at least one of the above. Therefore, the synchronization message MA has not been received, the communication message having the message ID corresponding to the synchronization message MA has not been received, and the synchronization message MA has been input to the authenticator generation unit 33. It is judged based on at least one of the absence. Further, whether or not it is received is determined based on the fact that the ECU has been started up by the third ECU 23 being powered on or resetting. When it is determined that the synchronization message MA is not received (NO in step S50 of FIG. 8 ), the third ECU 23 determines whether or not a predetermined period has elapsed since the ECU was started (step S51 of FIG. 8 ). The ECU activation means that the ECU is activated after the power is turned on or reset, and the predetermined period is a normal period in which the synchronization message MA is expected to be received after the ECU is activated, and the predetermined period is different for each message ID. This is a preset period. When it is determined that the predetermined period has elapsed since the ECU was started (YES in step S51 of FIG. 8 ), the third ECU 23 discards the “message data DT” received by the message processing unit 34, and at the same time indicates that the authentication has failed. The 32 applications are notified (step S56 in FIG. 8). Then, the third ECU 23 once ends the reception process of the communication message MB.

On the other hand, when it is determined that the predetermined period has not elapsed since the ECU was started (NO in step S51 of FIG. 8 ), the third ECU 23 uses the “message data DT” in the encryption engine 35 and the reconfigured message counter MC to perform “authentication”. Child AC3” is regenerated (step S52 in FIG. 8). Subsequently, the third ECU 23 compares the “identifier AC2” acquired from the received communication message MB with the regenerated “authentication AC3” by the authenticator generation unit 33 and determines whether or not they match ( Step S53 in FIG. 8). When it is determined that they do not match (NO in step S53 of FIG. 8), the third ECU 23 determines again whether or not a predetermined period has elapsed since the ECU was started (step S54 of FIG. 8). When it is determined that the predetermined period has elapsed since the ECU was started (YES in step S54 of FIG. 8), the process of step S56 described above is performed, and then the process of receiving communication message MB is temporarily terminated. On the other hand, if it is determined that the predetermined period has not elapsed since the ECU was started (NO in step S54 of FIG. 8) or if it is determined that they match in the determination of step S53 (YES in step S53 of FIG. 8), the third ECU 23 Sends the "message data DT" to the application of the information processing section 32 (step S55 in FIG. 8). Then, the third ECU 23 once ends the reception process of the communication message MB.

On the other hand, as shown in FIG. 9, when it is determined that the synchronization message MA is received (YES in step S50 of FIG. 8), the third ECU 23 causes the authenticator generation unit 33 to receive the synchronization message MA. It is determined whether or not (step S40 in FIG. 9). Here, whether or not the synchronization message MA is being received is determined based on whether or not the synchronization message MA is subjected to the reception processing and the “upper bit MCH” is appropriately updated. That is, whether or not it is received is determined after the third ECU 23 is powered on or reset and the ECU is activated. Further, the fact that the update is appropriately performed is determined based on that the “high-order bit MCH” has been changed from the initial value, that the update has not been stopped, and that it has been updated regularly. .. When it is determined that the synchronization message MA has not been received (NO in step S40 of FIG. 9 ), the third ECU 23 discards the “message data DT” received by the message processing unit 34 and processes the authentication failure as information processing. The application of the unit 32 is notified (step S45 of FIG. 9). Then, the third ECU 23 once ends the reception process of the communication message MB.

On the other hand, if it is determined that the synchronization message MA is being received (YES in step S40 of FIG. 9 ), referring also to FIG. 5, the third ECU 23 causes the authenticator generation unit 33 to display the message “message”. The data DT, the "lower bit MCL" of the message counter MC, and the "identifier AC2" are acquired (step S41 in FIG. 9). Further, the third ECU 23 determines the message counter MC from the “lower bit MCL” of the message counter MC in the authenticator generating unit 33 and the “upper bit MCH” of the message counter MC previously acquired from the synchronization message MA. Reconfigure. Then, the third ECU 23 regenerates the "certifier AC3" from the "message data DT" and the reconstructed message counter MC in the encryption engine 35 (step S42 in FIG. 9). Subsequently, the third ECU 23 compares the acquired “identifier AC2” and the regenerated “authentication AC3” in the authenticator generation unit 33 and determines whether or not they match (step S43 in FIG. 9 ).

When it is determined that they match (YES in step S43 of FIG. 9 ), the third ECU 23 sends “message data DT” to the application of the information processing section 32 (step S44 of FIG. 9 ). On the other hand, if it is determined that they do not match (NO in step S43 of FIG. 9), the third ECU 23 discards the message data DT received by the process of step S45 described above, that is, the message processing unit 34, and informs the authentication failure. The processing of notifying the application of the processing unit 32 is performed. Then, the third ECU 23 once ends the reception process of the communication message MB.

In the case where the reliability of the communication message is secured by using the time-varying parameter by the series of processes described above, even if the communication message MB that has not been authenticated is “Yes” in the tentative reception, “Message data DT Is sent to the information processing unit 32, and a delay in sending and receiving a communication message can be suppressed.

As described above, according to the communication system of the present embodiment, the following effects can be obtained.
(1) Since the communication message MB includes only the “lower bit MCL” of the message counter MC, a large area can be reserved for the message data. Further, since the “higher-order bit MCH” is managed by the gateway 10, the “upper bit MCH” is also synchronized among the respective ECUs 21 to 24. That is, each of the ECUs 21 to 24 on the receiving side combines the “upper bit MCH” from the gateway 10 with the “lower bit MCL” included in the communication message MB, so that each of the ECUs 21 to 24 on the transmitting side “authenticates”. The message counter MC used to generate "AC2" can be reconfigured. As a result, even if the size of the message counter MC is set to the size required for ensuring reliability, the capacity required for storing the communication message MB is suppressed to be small, and the decrease in capacity for message data is suppressed. You can As a result, the reliability of the communication message MB can be ensured while suppressing an increase in communication volume.

(2) By receiving the “upper bit MCH” of the message counter MC transmitted from the gateway 10, the “upper bit MCH” of the message counter MC stored in each of the ECUs 21 to 24 is received. The higher-order bit MCH of the message counter MC is updated, that is, synchronized. Accordingly, even if the message counter MC is divided into “upper bit MCH” and “lower bit MCL”, the communication message MB can be authenticated by the message counter MC.

In addition, the “high-order bit MCH” of the message counter MC stored in each of the ECUs 21 to 24 can be synchronized. Therefore, even if the “high-order bit MCH” of the message counters MC stored in each of the ECUs 21 to 24 is asynchronously initialized by resetting the ECUs 21 to 24, the stored message counters MC are normal. By setting the value again, it is possible to perform authentication normally.

(3) Since the message counter MC is managed for each "message ID", the size of the message counter MC can be suppressed. Further, if the "message ID" is different, a time margin can be obtained for updating the "lower bit MCL" of the message counter MC, so that the degree of freedom of synchronization of the message counter MC is increased.

(4) Synchronizing from the gateway 10 by using the “certifier AC1” obtained by encrypting the “high-order bit MCH” of the message counter MC transmitted in the synchronization message MA using the encryption key EK The reliability of the communication content of the “upper bit MCH” of the message counter MC transmitted by the message MA is also maintained.

That is, the "certifier AC1" transmitted from the gateway 10 in the synchronization message MA is the "certifier AC1" generated from the "upper bit MCH" of the message counter MC. Therefore, also in each of the ECUs 21 to 24 that have received this synchronization message MA, the “certifier AC1” transmitted in the synchronization message MA and the “upper order” of the message counter MC transmitted in this synchronization message MA. The authenticator regenerated from the “bit MCH” can be acquired, and by comparing these authenticators, the synchronization message MA can be authenticated. Therefore, each of the ECUs 21 to 24 receives the synchronization message MA from the gateway 10 to acquire the “upper bit MCH” of the message counter MC whose reliability is ensured, and the synchronization message MA based on this. Will be able to authenticate.

(5) Since the value of the message counter MC is updated so as not to be duplicated, even if the communication message MB once transmitted is retransmitted, it can be determined to be invalid.

(6) The reliability of the authenticators AC1 and AC2, that is, the reliability of the communication message MB is secured by the common encryption key EK. It is better if the encryption key EK cannot be acquired from the outside by using a tamper resistant memory or the like.

(7) The third ECU 23 treats the received communication message MB as an authenticated one, provided that the synchronization message MA including the high-order bit MCH of the message counter MC has not been received. As a result, the third ECU 23 is connected to the first ECU 21 even immediately after the power is turned on or after the reset and even when the synchronization message MA including the high-order bit MCH of the message counter MC has not been received from the gateway 10. It becomes possible to share the message data DT that needs to be shared with the third ECU 23. After that, if the synchronization message MA is received, the communication message MB is authenticated, so that the required reliability is maintained.

(Other embodiments)
In addition, the above-mentioned embodiment can also be implemented in the following modes.
[Synchronization message]
In the above embodiment, the case where the message counter is transmitted as a synchronization message has been illustrated. At this time, one message ID used for the synchronization message may be provided for each message ID. In this case, the number of message IDs may double or more in the entire communication system.

Further, for all the message IDs, only one message ID used for the synchronization message may be provided. In this case, the number of message IDs in the entire communication system is increased by one. Further, one message ID used for the synchronization message may be provided for a plurality of message IDs that are less than all. That is, if the synchronization message can be shared, the number of message IDs assigned to the synchronization message can be reduced from the limited number of message IDs. If the number of message IDs is suppressed to a small number, it is possible to suppress an increase in area for storing message IDs and message data, suppress an increase in processing load, suppress an increase in communication load, and the like.

[gateway]
In the above embodiment, the gateway 10 exemplifies the case where the communication message is relayed between the plurality of communication buses L1 and L2. However, not limited to this, the gateway may be connected to one communication bus or may relay a communication message between more than two communication buses.

In the above embodiment, the case where the gateway 10 manages and transmits the synchronization message MA has been illustrated. However, the present invention is not limited to this, and the ECU may manage and transmit the synchronization message.

In the above embodiment, the case where one gateway 10 manages and transmits the synchronization message MA has been illustrated. However, the present invention is not limited to this, and a plurality of gateways or ECUs may share and manage the synchronization message.

In the above-described embodiment, the code management unit 11 exemplifies a case where the “upper bit MCH” of the message counter MC is stored and managed. However, the present invention is not limited to this, and the code management unit may hold the entire length of the message counter MC. Then, the bit portion corresponding to the “upper bit MCH” of the message counter MC may be managed. The "lower bit MCL" of the message counter MC may acquire the latest value from the communication message MB.

In the above embodiment, the transmission unit 12 exemplifies a case where a part of the message counter MC is transmitted. However, the present invention is not limited to this, and if the gateway holds the entire message counter, the transmitting unit may transmit the entire message counter (the total number of bits) as a synchronization message. Note that the ECU that receives the synchronization message may use only the portion corresponding to the high-order bit of the entire message counter (total number of bits).

[Communication protocol]
In the above embodiment, the case where the communication protocol is the CAN protocol has been illustrated. However, the communication protocol is not limited to this, and if the message counter is used for ensuring the reliability of the communication message, the communication protocol is a protocol other than the CAN protocol, for example, a communication protocol such as Ethernet (registered trademark) or FlexRay (registered trademark). May be

[Message Counter]
In the above embodiment, the case where the message counter MC is composed of the “lower bit MCL” and the “upper bit MCH” has been illustrated. However, the present invention is not limited to this, and the message counter may be arranged such that the position of the upper bit and the position of the lower bit in the bit string may be reversed, and a separately reserved storage area for the upper bit and the lower bit, respectively. May be treated as

In the above embodiment, the case where the length of the message counter MC is 8 bytes (64 bits) has been illustrated. However, the present invention is not limited to this, and if the same value is never repeated, or if a long time interval can be secured even if the same value is repeated, the length of the message counter is 124 bits, which is longer than 64 bits. On the contrary, 32 bits shorter than 64 bits may be used.

In the above embodiment, the code management unit 11 updates the “higher-order bit MCH” in response to the “lower-order bit MCL” reaching the maximum value, which is similar to the case where a carry occurs in the bit string. Illustrated. However, the present invention is not limited to this, and the code management unit may further update the “upper bit MCH” when a predetermined condition for transmitting the synchronization message MA is satisfied. The predetermined condition is that a predetermined time (for example, Ymsec: Y is a settable value) has elapsed since the ignition was switched from "off" to "on" or when the previous synchronization message was updated (transmitted). In such a case, one or a plurality of conditions and a combination of these conditions can be used.

In the above embodiment, the value of the “upper bit MCH” in the gateway 10 is increased by “1” in response to the change of the “lower bit MCL” of the message counter MC from “0” to the maximum value (monotonically increasing). )) case. However, not limited to this, if it is possible to prevent the message counter MC from having the same value again, the “upper bit MCH” is updated with the timing before the “lower bit MCL” exceeds the maximum value as the update timing. Good. At this time, if the update timing is set to a value that is as close to the maximum value of the “lower bit MCL” as possible, the number of bits of the message counter MC can be effectively used. For example, the code management unit monitors the “lower bit MCL” of the message counter by receiving the communication message transmitted by the ECU, and the “lower bit MCL” is a threshold value set to be less than the maximum value. The update timing may be set when the value exceeds the value.

In the above embodiment, the case where the “lower bit MCL” of the message counter MC changes from the initial value “0” toward the maximum value is illustrated. However, the present invention is not limited to this, and the initial value may be set to a value larger than “0”, returned to “0” after the maximum value, and changed to a value before the initial value.

In the above-described embodiment, the message counter is illustrated as being incremented by "1" each time a communication message is transmitted. However, the present invention is not limited to this, and if the reliability of the communication message is ensured, the message counter may be decreased from the maximum value to “0” so that the same value is never used again, or irregular. You may change. Since the high-order bit and the low-order bit are managed separately, the change mode of the high-order bit and the change mode of the low-order bit may be the same or may be different.

In the above embodiment, the case where one message counter MC corresponds to one message ID has been illustrated. However, the present invention is not limited to this, and a plurality of message IDs may correspond to one message counter. When the message counter corresponds to a plurality of message IDs, the number of managed message counters can be reduced.

In the above-described embodiment, the case where the message counter MC is never set to the same value has been described as an example. However, the present invention is not limited to this, and the message counter MC may be set to the same value temporarily. For example, if the update of the “high-order bit” is not in time or cannot be synchronized, the message counter may temporarily have the same value as the past and may be used twice. Further, if the required reliability can be secured, the same value may be reused a predetermined number of times.

In the above embodiment, the case where the “high-order bit MCH” is 7 bytes and the “low-order bit MCL” is 1 byte has been illustrated. However, the present invention is not limited to this, and the upper bits and the lower bits may be separated by other bytes, for example, “6 bytes” and “2 bytes”. Further, the data may not be divided in byte units, but may be divided in bit units such as “60 bits” and “4 bits”.

[message-box]
In the above embodiment, the case where the plurality of MBOXs 31a, 31b, 31c are provided has been illustrated, but the present invention is not limited to this, and the MBOX relays and temporarily stores so that a communication message to be transmitted and received can be exchanged with an appropriate part of the ECU. If possible, the number may be one, two, or four or more.

[Authenticator generator]
-In the above-mentioned embodiment, the case where the authentication based on the "certifier AC2" is performed was illustrated. At this time, prior to the authentication based on the "authenticator AC2", the "lower bit MCL" of the message counter MC is acquired from the communication message MB, and the acquired "lower bit MCL" is the previously acquired "lower bit MCL." It is possible to confirm whether or not it is larger than (is updated). Then, if it is large (updated), authentication based on the "authenticator AC2" is performed, and conversely, if it is not large (not updated), it is determined that the authentication is not performed, and based on the "authenticator AC2" Authentication may be omitted.

10... Gateway, 11... Code management section, 12... Transmission section, 13... Communication I/F section, 21-24... First electronic control unit (ECU), 30... Communication I/F section, 31a, 31b, 31c... MBOX, 32... Information processing unit, 33... Authenticator generating unit, 34... Message processing unit, 35... Encryption engine, 111... Encryption engine, DT... Message data, EK... Encryption key, L1, L2... Communication bus , MA... synchronization message, MB... communication message, MC... message counter, AC1, AC2... authenticator.

By the way, in the above technique, there is a possibility that the stored time-varying parameters are different between the receiving device and the transmitting device until the time-varying parameters are synchronized after power-on or after reset. There is .

Hereinafter referred to as a hand stage for solving the above problems.
To achieve the above object, a communication system stores the first information in a management code formed by combining first information and second information, and stores the first information to be stored. A management device that manages the second information to be updated once based on multiple updates, and a reception device and a transmission device that are communicatively connected to the management device via a communication network, the management device, the first to send a message for synchronizing including information, said receiving apparatus and transmitting apparatus, every time of receiving the synchronization message, the first information included in the synchronization the received message The transmission device manages the second information in the management code, and communication data, the first information to be held, and the second information to be managed. A communication that generates an authenticator from the management code that is a combination of the above, and includes the communication data, the second information to be managed, and the generated authenticator, and does not include the first information to be held. together generates and transmits a message, updates the value of the second information the management after the generation of the communication message, the receiving device receives the previous SL communication message, contained in the communication the received message authentication For authenticating the received communication message based on a comparison between a child and an authenticator regenerated based on the received communication message, wherein the receiving device holds the first information held and the reception information. in combination with said second information acquired from the communication message to reconfigure the management code, and acquires the communication data acquired from the communication the received message, the authenticator that the regenerated from the management code the reconstituted The receiving device discards the received communication message when the receiving device has not received the synchronization message and a predetermined period has elapsed since the receiving device was activated. ..

Claims (1)

Storing the first information of the management code formed by combining the first information and the second information, and updating the stored first information of the second information a plurality of times. A management device that manages to update once based on
A receiving device and a transmitting device communicatively connected to the management device via a communication network,
The management device transmits a communication message including the first information, and the receiving device and the transmitting device each include the first communication message included in the received communication message each time the communication message transmitted by the management device is received. Holds the information of 1.
The transmission device manages the second information of the management codes, and the management code is a combination of communication data, the first information held and the second information managed. To generate and transmit a communication message that includes the communication data, the second information to be managed, and the generated authenticator, and does not include the first information to be held. Together with updating the value of the second information managed after the generation of the communication message,
The receiving device receives the communication message transmitted by the transmitting device, and based on a comparison between an authenticator included in the received communication message and an authenticator regenerated based on the received communication message. Certifying the received communication message,
The receiving device reconstructs a management code by combining the held first information and the second information acquired from the communication message transmitted by the transmitting device, and acquires the management code from the communication message transmitted by the transmitting device. To obtain the regenerated authenticator from communication data and the reconfigured management code,
The communication system, wherein the receiving device handles the received communication message as an authenticated one, on condition that the communication message including the first information has not been received.