JP2023135547A - Communication apparatus, communication method, vehicle, and program - Google Patents

Abstract

To prevent a length of data from being reduced, while using authentication data to perform authentication.SOLUTION: A communication apparatus includes: a determination unit which determines, when receiving a message including control data of a vehicle, whether the received message has been transmitted in a first transmission system or in a second transmission system; and an authentication unit which authenticates, when a determination is made that the first transmission system has been used for the transmission, the control data included in the received message using an authentication code included in the received message. When a determination is made that the second transmission system has been used for the transmission, the authentication unit stores the control data included in the received message if the received message does not include an authentication code for verifying the control data transmitted in the second transmission system, or collectively authenticates multiple pieces of stored control data using the authentication code included in the message when the received message includes the authentication code for verifying the control data transmitted in the second transmission system.SELECTED DRAWING: Figure 6

Description

The present invention relates to a communication device, a communication method, a vehicle, and a program.

In recent years, efforts have become active to provide access to sustainable transport systems that take into account the most vulnerable of transport participants. To achieve this goal, we are focusing on research and development to further improve traffic safety and convenience through research and development on preventive safety technology. Patent Document 1 describes that when a terminal device accesses a vehicle through communication, a token is determined to improve safety.
[Prior art documents]
[Patent document]
[Patent Document 1] Japanese Patent Application Publication No. 2019-36091

Incidentally, in active safety technology, it is desirable to require authentication of messages sent and received within a vehicle, but if authentication information is included in messages sent and received, the data length that can be sent in one message becomes shorter. is the issue. In order to solve the above-mentioned problems, the present application aims at suppressing the data length from becoming short while performing authentication using authentication information. This in turn contributes to the development of sustainable transportation systems.

In a first aspect of the invention, a communication device is provided. The communication device is mounted on a vehicle and has a function of authenticating control data for the vehicle transmitted from another communication device. When the communication device receives a message including control data for the vehicle, the communication device determines whether the received message is a message transmitted using a first transmission method or the upper limit of the amount of control data that can be transmitted in one message. The apparatus further includes a determination unit that determines whether the message is transmitted using a second transmission method, which is larger than the first transmission method. When the communication device determines that the received message is a message transmitted using the first transmission method, the communication device transmits the control included in the received message using an authentication code included in the received message. It includes an authentication section that authenticates data. The authentication unit verifies control data transmitted in the second transmission method in the received message when it is determined that the received message is a message transmitted in the second transmission method. If the authentication code for verifying the control data is not included in the received message, the control data included in the received message is stored, and the received message includes an authentication code for verifying the control data transmitted in the second transmission method. When the authentication code included in the message is used, the plurality of stored control data are authenticated all at once.

The authentication unit may discard the plurality of stored control data when the plurality of stored control data cannot be authenticated.

The communication device and the other communication device may be an electronic control unit (ECU) that is mounted on the vehicle and controls the vehicle.

The communication device may receive the message transmitted using the first transmission method and the message transmitted using the second transmission method through the same communication network.

The value of the authentication code included in the message transmitted using the first transmission method is calculated using at least control data included in the message transmitted using the first transmission method,
The value of the authentication code included in the message transmitted using the second transmission method may be calculated using at least a plurality of pieces of control data included in the plurality of messages transmitted using the second transmission method.

When it is determined that the received message is a message transmitted using the first transmission method, the authentication unit includes a value calculated using at least control data included in the received message, and a value calculated using at least control data included in the received message. By comparing the value of the authentication code included in the message, the control data included in the received message is authenticated, and it is determined that the received message is a message transmitted using the second transmission method. and when the received message includes an authentication code for verifying the control data transmitted by the second transmission method, a value calculated using at least the plurality of stored control data; The plurality of stored control data may be authenticated at once by comparing the authentication code included in the received message.

The communication device may receive messages sent from the other communication device through a CAN-compliant communication network.

In a second aspect, a vehicle is provided. The vehicle includes the communication device described above.

In a third aspect, a communication method is provided. The communication method is a communication method carried out by a communication device mounted on a vehicle and having a function of authenticating control data for the vehicle transmitted from another communication device. When the communication method receives a message including control data for the vehicle, the communication method determines whether the received message is a message transmitted using a first transmission method or the upper limit of the amount of control data that can be transmitted in one message. is a message transmitted using a second transmission method that is larger than the first transmission method. The communication method includes, when it is determined that the received message is a message transmitted using the first transmission method, a control included in the received message using an authentication code included in the received message. A step is provided to authenticate the data. The communication method verifies control data transmitted in the second transmission method in the received message when it is determined that the received message is a message transmitted in the second transmission method. If the authentication code for the message is not included, the message includes the step of storing control data included in the received message. The communication method verifies control data transmitted in the second transmission method in the received message when it is determined that the received message is a message transmitted in the second transmission method. If the message includes an authentication code, the message includes a step of collectively authenticating the plurality of stored control data using the authentication code included in the message.

Note that the above summary of the invention does not list all the features of the invention. Furthermore, subcombinations of these features may also constitute inventions.

1 schematically shows a system configuration of a vehicle 20 according to an embodiment. A series of messages 350 that the ECU 211 transmits using the first transmission method is shown. A series of messages 300 transmitted by the ECU 211 using the second transmission method is shown. 10 schematically shows a process for calculating a MAC transmitted using the second transmission method. 10 schematically shows a process of authenticating a plurality of control data transmitted using the second transmission method. A flowchart showing a communication processing method executed by the ECU 210 is shown. An example of a computer 2000 is shown.

Hereinafter, the present invention will be described through embodiments of the invention, but the following embodiments do not limit the invention according to the claims. Furthermore, not all combinations of features described in the embodiments are essential to the solution of the invention.

FIG. 1 schematically shows a system configuration of a vehicle 20 according to an embodiment. Vehicle 20 includes a control system 22 . The control system 22 includes ECU202, ECU210, ECU211, ECU212, ECU231, and ECU232. Although FIG. 1 shows only the control system 22 as a component of the vehicle 20, the vehicle 20 may include on-vehicle equipment and other equipment controlled by the control system 22. Further, the configuration of the control system 22 is not limited to the example of this embodiment.

ECU 202 , ECU 210 , ECU 211 , ECU 212 , ECU 231 , and ECU 232 are electronic control units that are installed in vehicle 20 and control vehicle 20 . Each of ECU 202, ECU 210, ECU 211, ECU 212, ECU 231, and ECU 232 may be configured to include a computer including a processor and memory such as volatile memory and nonvolatile memory. For example, ECU 202, ECU 210, ECU 211, ECU 212, ECU 231, and ECU 232 perform at least one of controlling and diagnosing in-vehicle equipment included in vehicle 20. In-vehicle equipment that is controlled and/or diagnosed by ECU 202, ECU 210, ECU 211, ECU 212, ECU 231, and ECU 232 may be, for example, a battery, a fuel injection device, an engine, a suspension, a braking device, another ECU, or the like.

ECU202, ECU210, ECU211, ECU212, ECU231, and ECU232 may be an example of the communication device in this invention. ECU 202 is connected to ECU 210 via communication network 180a. ECU 202 and ECU 210 can communicate with each other via communication network 180a. ECU 210 is connected to ECU 211 and ECU 212 via communication network 180b. ECU210, ECU211, and ECU212 can communicate with each other via communication network 180b. ECU 202 is connected to ECU 231 and ECU 232 via communication network 180c. ECU202, ECU231, and ECU232 can communicate with each other via communication network 180c.

ECU211 and ECU212 can communicate with ECU202 via ECU210. ECU211 and ECU212 can mutually communicate with ECU231 and ECU232 via ECU210 and ECU202. Moreover, ECU231 and ECU232 can communicate with ECU210 via ECU202. In this way, the ECU 210 is an ECU that relays communication between the ECU 202 and the ECU 211 and ECU 212. Moreover, ECU202 is an ECU that relays communication between ECU210, ECU211, and ECU212, and ECU231 and ECU232.

As an example, each of the ECU 211 and the ECU 212 acquires data detected by a sensor provided in an in-vehicle device associated with each ECU, and transmits the data to the ECU 210 via the communication network 180b. ECU 231 and ECU 232 each acquire data detected by a sensor provided in an on-vehicle device associated with each ECU, and transmit the data to ECU 202 via communication network 180c.

The communication network 180a, the communication network 180b, and the communication network 180c are wired communication networks based on, for example, CAN (Controller Area Network). In the description of this embodiment, the communication network 180a, the communication network 180b, and the communication network 180c may be collectively referred to as the "communication network 180."

Next, the present embodiment will be described by taking up a case where the ECU 210 is a communication device having a function of authenticating control data for the vehicle 20 transmitted from another communication device such as the ECU 211.

ECU 210 includes a determination section 100 and an authentication section 120. The determination unit 100 and the authentication unit 120 are functional blocks realized by, for example, a processor included in the ECU 210.

When receiving a message including control data for the vehicle 20, the determination unit 100 determines whether the received message is a message transmitted using the first transmission method or there is an upper limit to the amount of control data that can be transmitted in one message. It is determined whether the message was transmitted using the second transmission method, which is larger than the first transmission method. As will be described later, the first transmission method is a transmission method in which control data and an authentication code are included in one message and transmitted. The second transmission method is a transmission method in which a message including control data can be sent without including an authentication code.

The authentication unit 120 authenticates the control data included in the received message using the authentication code included in the received message when it is determined that the received message is a message sent using the first transmission method. . On the other hand, when it is determined that the received message is a message transmitted using the second transmission method, the authentication unit 120 includes a method for verifying control data transmitted using the second transmission method in the received message. When the authentication code is not included, the control data included in the received message is stored. For example, the authentication unit 120 temporarily stores the control data in a memory included in the ECU 210.

Then, when it is determined that the received message is a message transmitted using the second transmission method, the authentication unit 120 includes a method for verifying control data transmitted using the second transmission method in the received message. When an authentication code is included, the authentication code included in the message is used to authenticate a plurality of stored control data at once. Thereby, a plurality of pieces of control data sent in a plurality of messages that do not include an authentication code can be authenticated all at once. According to the second transmission method, compared to the case of transmission using the first transmission method, it is not necessary to include an authentication code in every message, so that the traffic load can be reduced.

The authentication unit 120 discards the plurality of stored control data when the plurality of stored control data cannot be authenticated. Note that the message transmitted using the first transmission method and the message transmitted using the second transmission method may be messages transmitted through the same communication network 180b. That is, the ECU 210 receives the message transmitted using the first transmission method and the message transmitted using the second transmission method through the same communication network 180a.

The value of the authentication code included in the message transmitted using the first transmission method is calculated using at least the control data included in the message transmitted using the first transmission method. The value of the authentication code included in the message transmitted using the second transmission method is calculated using at least the plurality of control data included in the plurality of messages transmitted using the second transmission method. In this case, when it is determined that the received message is a message sent using the first transmission method, the authentication unit 120 uses the value calculated using at least the control data included in the received message and the received message. The control data included in the received message is authenticated by comparing it with the value of the authentication code included in the message. In addition, when it is determined that the received message is a message transmitted using the second transmission method, the authentication unit 120 includes a method for verifying control data transmitted using the second transmission method in the received message. When an authentication code is included, the multiple pieces of stored control data are collectively authenticated by comparing the value calculated using at least the multiple pieces of stored control data with the authentication code included in the received message. .

FIG. 2 shows a series of messages 350 to be transmitted in the first transmission method. Note that in FIGS. 2 to 6, a case will be described in which the ECU 210 authenticates control data transmitted from the ECU 211. When transmitting a message using the first transmission method, the ECU 211 transmits the control data and the MAC in one message. The ECU 211 periodically transmits the information at a cycle of, for example, 20 ms.

For example, as shown in FIG. 2, at the first transmission timing, the ECU 211 transmits one CAN frame specifying the CAN ID 110 for a message including the control data 351 and the MAC 361. Note that in this embodiment, the specific value of CANID is merely for the purpose of illustration. The control data 351 includes the latest sensor data detected by in-vehicle equipment associated with the ECU 211. The control data 351 and MAC 361 are set, for example, in a data field of a CAN frame. MAC361 is a value calculated using control data 351.

After the first transmission timing, the ECU 211 transmits one CAN frame specifying the CAN ID 110 to the control data 352 and the MAC 362 at a second transmission timing. The control data 352 includes the latest sensor data detected by in-vehicle equipment associated with the ECU 211. The control data 352 and MAC 362 are set, for example, in a data field of a CAN frame. MAC362 is a value calculated using control data 352.

Similarly, ECU 211 transmits one CAN frame specifying CANID 110 to control data 352 and MAC 362 at the third transmission timing, and transmits CAN ID 110 to control data 354 and MAC 364 at the fourth transmission timing. Transmit one specified CAN frame. The ECU 211 periodically transmits the information. The control data 353 is a value calculated using the MAC 363, and the control data 354 is a value calculated using the MAC 364.

Note that MAC361, MAC362, MAC363, and MAC364 are examples of authentication codes for authenticating control data 351, control data 352, control data 353, and control data 354, respectively. The MAC 361 may be calculated using an encryption method using the control data 351, FV (fresh root split line access value), and a shared key. The MAC 361 uses the control data 351 to perform AUTOSAR (Automotive Open System Architecture) or JasPar (Japan Automotive Software Platform and Architecture). It may be calculated using the message authentication code encryption method standardized by In other embodiments, the authentication code may be generated with other encryption schemes.

FIG. 3 shows a series of messages 300 that the ECU 211 transmits using the second transmission method. When the ECU 211 transmits a message using the second transmission method, the ECU 211 transmits one of the control data and the MAC in one message. The ECU 211 periodically transmits the information at a cycle of, for example, 20 ms.

For example, as shown in FIG. 3, at the first transmission timing, the ECU 211 transmits one CAN frame specifying CAN ID 100 in response to a message including control data 310. The control data 310 includes the latest sensor data detected by in-vehicle equipment associated with the ECU 211. Control data 310 is set, for example, in a data field of a CAN frame. ECU 211 temporarily stores control data 310 in memory.

After the first transmission timing, at a second transmission timing, the ECU 211 transmits one CAN frame specifying the CAN ID 101 in response to a message including the control data 311. The control data 311 includes the latest sensor data detected by in-vehicle equipment associated with the ECU 211. ECU 211 temporarily stores control data 311 in memory.

After the second transmission timing, at the third transmission timing, the ECU 211 transmits one CAN frame specifying the CAN ID 102 for the message including the control data 312. The control data 311 includes the latest sensor data detected by in-vehicle equipment associated with the ECU 211. ECU 211 temporarily stores control data 312 in memory.

After the third transmission timing, at the fourth transmission timing, the ECU 211 transmits one CAN frame specifying the CAN ID 103 in response to a message including the MAC 313. Here, MAC313 is a value calculated using control data 310, control data 311, and control data 312. The MAC 313 is an example of an authentication code for collectively authenticating the control data 310, the control data 311, and the control data 312. Note that the MAC 313 may generate a checksum or hash from the control data 310, the control data 311, and the control data 312, and may be generated based on the generated checksum or hash. The method of generating the MAC 313 from a plurality of control data is not limited to these examples.

FIG. 4 schematically shows the process of calculating the MAC transmitted using the second transmission method. ECU 211 calculates MAC 313 by encrypting data generated from control data 310, control data 311, and control data 312 using key 50, which is an encryption key. For example, the ECU 211 calculates the MAC 313 by performing an encryption process using the key 50 on data generated by combining the control data 310, the control data 311, and the control data 312. Note that the ECU 211 may calculate the MAC 313 by encrypting data generated from the control data 310, the control data 311, and the control data 312 using the key 50 and the freshness value.

FIG. 5 schematically shows a process of authenticating a plurality of control data transmitted using the second transmission method. First, the ECU 210 acquires control data 510 from the data field of one CAN frame in which CAN ID 100 is specified, control data 511 from the data field of one CAN frame in which CAN ID 101 is specified, and control data 511 from the data field of one CAN frame in which CAN ID 102 is specified. Assume that control data 512 is acquired from the data field of one CAN frame. ECU 210 stores control data 510, control data 511, and control data 512 in a memory included in ECU 211.

When the ECU 210 receives one CAN frame in which the CAN ID 103 is specified using the second transmission method, the authentication unit 120 acquires the MAC 313 from the data field of the CAN frame in which the CAN ID 103 is specified. Then, the authentication unit 120 reads the control data 510, the control data 511, and the control data 512 from the memory included in the ECU 211, and applies the key 50 to the data generated from the read control data 510, control data 511, and control data 512. MAC513 is calculated by performing the encryption process used. For example, the authentication unit 120 calculates the MAC 313 by performing an encryption process using the key 50 on data generated by combining the control data 510, the control data 511, and the control data 512. Note that the key 50 may be a shared key stored in the ECU 210 and the ECU 211 in advance.

The authentication unit 120 compares the MAC 313 and the MAC 513, and authenticates the control data 510, the control data 511, and the control data 512 when the MAC 313 and the MAC 513 match. In this manner, when the MAC 313 and the MAC 513 match, the authentication unit 120 verifies that the control data 510, the control data 511, and the control data 512 are safe control data transmitted from the ECU 211. Thereby, the ECU 210 can perform a security check on the control data.

According to the second communication method, control data is transmitted using the entirety of multiple CAN frames, and the MAC transmitted in one CAN frame is used to authenticate the control data transmitted in multiple CAN frames. It is possible to adopt Although the data field of a CAN data frame is limited to a maximum of 64 bits, the second communication method allows more control data to be transmitted per frame than when each CAN frame includes a MAC. can do. This makes it possible to suppress an increase in traffic load for authenticating control data. Furthermore, since the MAC can be transmitted by making the most of the data field, which is limited to a maximum of 64 bits, the authentication strength can be kept higher.

Note that the ECU 211 may apply the second transmission method to a plurality of pieces of control data that are periodically transmitted at the same cycle. For example, the second transmission method is applied to a plurality of pieces of control data transmitted at a 20 ms cycle. Note that when there is a plurality of control data to be transmitted in different cycles, the ECU 211 has a first MAC for collectively authenticating the plurality of control data to be transmitted periodically in the first cycle; A second MAC for collectively authenticating a plurality of pieces of control data periodically transmitted at a second cycle different from the cycle may be transmitted in a separate CAN frame. The authentication unit 120 of the ECU 210 uses the first MAC to collectively authenticate a plurality of control data periodically transmitted in a first cycle, and authenticates a plurality of control data periodically transmitted in a second cycle. Data may be authenticated all at once using the second MAC.

FIG. 6 shows a flowchart showing a communication processing method executed by the ECU 210. The flowchart in FIG. 6 shows a series of procedures that ECU 210 executes when receiving one CAN frame.

When the ECU 210 receives the CAN frame in S602, the ECU 210 determines in S604 whether the received CAN frame message includes control data for the second transmission method. For example, the determination unit 100 determines whether the received CAN frame message includes control data of the second transmission method based on ID information included in the data field of the received CAN frame together with the control data. good. Further, the determination unit 100 may determine whether the message of the received CAN frame includes control data of the second transmission method based on the CAN ID of the received CAN frame.

If it is determined in S604 that the CAN frame message includes control data transmitted using the second transmission method, in S606 the authentication unit 120 determines whether the ECU 211 is equipped with the control data included in the data field of the received CAN frame. Store it in memory and end the process.

If it is determined in S604 that the CAN frame message does not include control data to be transmitted in the second transmission method, in S610 the determination unit 100 determines whether the received CAN frame message is transmitted in the second transmission method. It is determined whether or not the MAC is included. For example, the determination unit 100 determines whether the message of the received CAN frame includes a MAC transmitted in the second transmission method based on ID information included in the data field of the received CAN frame together with the control data. You may do so. Furthermore, the determination unit 100 may determine whether the message of the received CAN frame includes a MAC transmitted using the second transmission method, based on the CAN ID of the received CAN frame.

If it is determined in S610 that the CAN frame message is a MAC transmitted using the second transmission method, in S612 the authentication unit 120 collectively authenticates the plurality of control data stored in S606. Specifically, the method described in relation to FIG. 5 is used to perform a process of collectively authenticating a plurality of control data.

In S614, the authentication unit 120 determines whether the result of the authentication process in S612 is positive or negative. For example, as described in relation to FIG. 5, the authentication unit 120 determines that the result of the authentication process is positive when the MAC 313 and MAC 513 match, and determines that the result of the authentication process is positive when the MAC 313 and MAC 513 do not match. The result is determined to be negative.

If it is determined in S614 that the result of the authentication process is positive, in S616 the ECU 210 controls the vehicle 20 using a plurality of control data stored in the memory included in the ECU 210, and ends the process. If it is determined in S614 that the result of the authentication process is negative, in S618 the authentication unit 120 discards the plurality of control data stored in the memory included in the ECU 210, and ends the process.

If it is determined in S610 that the CAN frame message does not include the MAC transmitted using the second transmission method, that is, the determination unit 100 determines that the received message is a message transmitted using the first transmission method. If so, in S622, the control data included in the CAN frame message received in S602 is determined using the control data included in the CAN frame message received in S602 and the MAC data included in the received CAN frame message. Authenticate your data. Subsequently, in S624, the ECU 210 controls the vehicle 20 according to the authentication result of S622, and ends the process. Specifically, in S624, if the authentication result in S622 is positive, the ECU 210 controls the vehicle 20 based on the control data included in the CAN frame message received in S602, and if the authentication result in S622 is positive. If negative, the control data included in the CAN frame message received in S602 is discarded.

As explained above, when the ECU 210 receives a message transmitted using the second transmission method, if the received message includes control data, it stores it in the memory, and if the received message includes the MAC. At this time, a plurality of stored control data can be authenticated all at once using the MAC. As a result, according to the second transmission method, there is no need to include an authentication code in every message, compared to the case of transmission using the first transmission method. This makes it possible to identify fraudulent CAN frames while reducing the traffic load on the communication network 180 per control data compared to the first transmission method. This makes it possible to reduce the traffic load on the communication network 180 and detect various attacks such as frame injection to the CAN network.

In the above description, the process in which the ECU 210 authenticates the control data transmitted from the ECU 211 to the ECU 210 has been discussed. However, processing similar to the processing described above can also be applied to processing when ECU 211 authenticates control data transmitted from ECU 210 to ECU 211. That is, processing similar to the processing described above can be applied to processing for authenticating arbitrary control data transmitted and received between ECU 211 and ECU 210. Of course, processing similar to the processing described above can also be applied to processing for authenticating arbitrary control data transmitted and received between ECU 212 and ECU 210. Further, processing similar to the processing described above can also be applied to processing for authenticating arbitrary control data transmitted and received between ECU 211 and ECU 212, and processing similar to the processing described above can be applied to processing for authenticating arbitrary control data transmitted and received between ECU 211 and ECU 212. It can also be applied to the process of authenticating arbitrary control data sent and received. Similarly, processing similar to the processing described above can also be applied to processing for authenticating arbitrary control data transmitted and received between ECU 231 and ECU 232, between ECU 202 and ECU 231, and between ECU 202 and ECU 232.

FIG. 7 illustrates an example computer 2000 in which embodiments of the present invention may be implemented, in whole or in part. The program installed in the computer 2000 causes the computer 2000 to function as a system such as a control system according to the embodiment, or each part of the system, or a device such as the ECU 210, or each part of the device. or may cause each part of the device to perform an operation associated with it and/or cause a process according to an embodiment or a step of the process to be executed. Such programs may be executed by CPU 2012 to cause computer 2000 to perform certain operations associated with some or all of the processing procedures and block diagram blocks described herein.

A computer 2000 according to this embodiment includes a CPU 2012 and a RAM 2014, which are interconnected by a host controller 2010. Computer 2000 also includes ROM 2026, flash memory 2024, communication interface 2022, and input/output chips 2040. ROM 2026, flash memory 2024, communication interface 2022, and input/output chip 2040 are connected to host controller 2010 via input/output controller 2020.

The CPU 2012 operates according to programs stored in the ROM 2026 and RAM 2014, thereby controlling each unit.

Communication interface 2022 communicates with other electronic devices via a network. Flash memory 2024 stores programs and data used by CPU 2012 within computer 2000. ROM 2026 stores programs such as a boot program executed by computer 2000 upon activation and/or programs dependent on the computer 2000 hardware. The input/output chip 2040 also connects various input/output units such as keyboards, mice, and monitors to input/output units such as serial ports, parallel ports, keyboard ports, mouse ports, monitor ports, USB ports, HDMI ports, etc. It may be connected to input/output controller 2020 via an output port.

The program is provided via a computer readable storage medium such as a CD-ROM, DVD-ROM, or memory card or via a network. RAM 2014, ROM 2026, or flash memory 2024 are examples of computer-readable storage media. The program is installed in flash memory 2024, RAM 2014, or ROM 2026, and executed by CPU 2012. The information processing described in these programs is read by the computer 2000 and provides coordination between the programs and the various types of hardware resources mentioned above. An apparatus or method may be configured to implement the operation or processing of information according to the use of computer 2000.

For example, when communication is executed between the computer 2000 and an external device, the CPU 2012 executes a communication program loaded into the RAM 2014 and sends communication processing to the communication interface 2022 based on the processing written in the communication program. You may give orders. The communication interface 2022 reads transmission data stored in a transmission buffer processing area provided in a recording medium such as a RAM 2014 and a flash memory 2024 under the control of the CPU 2012, transmits the read transmission data to the network, and transmits the transmission data from the network. The received data is written to a reception buffer processing area provided on the recording medium.

The CPU 2012 also causes the RAM 2014 to read all or a necessary part of a file or database stored in a storage medium such as a flash memory 2024, and executes various types of processing on the data on the RAM 2014. good. The CPU 2012 then writes the processed data back to the recording medium.

Various types of information, such as various types of programs, data, tables, and databases, may be stored on a recording medium and subjected to information processing. The CPU 2012 performs various types of operations, information processing, conditional judgment, conditional branching, unconditional branching, information retrieval/information processing on the data read from the RAM 2014 as described herein and specified by the instruction sequence of the program. Various types of processing may be performed, including substitutions, etc., and the results are written back to RAM 2014. Further, the CPU 2012 may search for information in a file in a recording medium, a database, or the like. For example, if a plurality of entries are stored in a recording medium, each having an attribute value of a first attribute associated with an attribute value of a second attribute, the CPU 2012 search for an entry that matches the condition from among the multiple entries, read the attribute value of the second attribute stored in the entry, and thereby set the first attribute that satisfies the predetermined condition. An attribute value of the associated second attribute may be obtained.

The programs or software modules described above may be stored in a computer-readable storage medium on or near computer 2000. A storage medium such as a hard disk or RAM provided in a server system connected to a private communication network or the Internet can be used as the computer-readable storage medium. A program stored on a computer-readable storage medium may be provided to computer 2000 via a network.

A program that is installed on the computer 2000 and causes the computer 2000 to function as the ECU 210 may act on the CPU 2012 and the like to cause the computer 2000 to function as each part of the ECU 210. When the information processing described in these programs is read into the computer 2000, it functions as each part of the ECU 210, which is a concrete means in which software and the various hardware resources described above cooperate. Then, by realizing calculation or processing of information according to the purpose of use of the computer 2000 in this embodiment using these specific means, a unique ECU 210 according to the purpose of use is constructed.

Various embodiments have been described with reference to block diagrams and the like. In the block diagram, each block may represent (1) a stage in a process in which an operation is performed, or (2) a portion of a device responsible for performing the operation. Certain steps and portions may be provided by dedicated circuitry, programmable circuitry provided with computer readable instructions stored on a computer readable storage medium, and/or provided by a processor provided with computer readable instructions stored on a computer readable storage medium. May be implemented. Dedicated circuitry may include digital and/or analog hardware circuitry, and may include integrated circuits (ICs) and/or discrete circuits. Programmable circuits include logic AND, logic OR, logic may include reconfigurable hardware circuitry, including, for example, reconfigurable hardware circuitry;

A computer-readable storage medium may include any tangible device capable of storing instructions for execution by a suitable device such that a computer-readable storage medium with instructions stored therein may be a process step or block diagram. constitutes at least a portion of a product that includes instructions that can be executed to provide a means for performing the operations specified in the article. Examples of computer-readable storage media may include electronic storage media, magnetic storage media, optical storage media, electromagnetic storage media, semiconductor storage media, and the like. More specific examples of computer readable storage media include floppy disks, diskettes, hard disks, random access memory (RAM), read only memory (ROM), erasable programmable read only memory (EPROM or flash memory). , Electrically Erasable Programmable Read Only Memory (EEPROM), Static Random Access Memory (SRAM), Compact Disk Read Only Memory (CD-ROM), Digital Versatile Disk (DVD), Blu-ray Disc, Memory Stick , integrated circuit cards, and the like.

Computer-readable instructions may include assembler instructions, instruction set architecture (ISA) instructions, machine instructions, machine-dependent instructions, microcode, firmware instructions, state configuration data, or instructions such as Smalltalk®, JAVA®, C++, etc. any source code or object code written in any combination of one or more programming languages, including object-oriented programming languages such as may include.

Computer-readable instructions may be transmitted to a processor or programmable circuit of a general purpose computer, special purpose computer, or other programmable data processing device, either locally or over a wide area network (WAN), such as a local area network (LAN), the Internet, etc. ), computer-readable instructions may be executed to provide means for performing the operations specified in the illustrated process steps or block diagrams. Examples of processors include computer processors, processing units, microprocessors, digital signal processors, controllers, microcontrollers, and the like.

Although the present invention has been described above using the embodiments, the technical scope of the present invention is not limited to the range described in the above embodiments. It will be apparent to those skilled in the art that various changes or improvements can be made to the embodiments described above. It is clear from the claims that such modifications or improvements may be included within the technical scope of the present invention.

The order of execution of each process, such as the operation, procedure, step, and stage in the apparatus, system, program, and method shown in the claims, specification, and drawings, is specifically defined as "before" or "before". It should be noted that they can be implemented in any order unless the output of the previous process is used in the subsequent process. Even if the claims, specifications, and operational flows in the drawings are explained using "first," "next," etc. for convenience, this does not mean that it is essential to carry out the operations in this order. It's not a thing.

20 Vehicle 22 Control system 50 Key 100 Determination section 120 Authentication section 180 Communication network 202 ECU
210 ECU
211 ECU
212 ECU
231 ECU
232 ECU
300 Message 310 Control data 311 Control data 312 Control data 313 MAC
350 Message 351 Control data 352 Control data 353 Control data 354 Control data 361 MAC
362 MAC
363 MAC
364 MAC
510 Control data 511 Control data 512 Control data 513 MAC
2000 Computer 2010 Host controller 2012 CPU
2014 RAM
2020 Input/output controller 2022 Communication interface 2024 Flash memory 2026 ROM
2040 input/output chip

Claims (10)

A communication device installed in a vehicle and having a function of authenticating control data of the vehicle transmitted from another communication device,
When a message including control data for the vehicle is received, the received message is a message transmitted using the first transmission method, or the upper limit of the amount of control data that can be transmitted in one message is the first transmission method. a determination unit that determines whether the message is transmitted using a second transmission method that is larger than the transmission method;
Authentication for authenticating control data included in the received message using an authentication code included in the received message when it is determined that the received message is a message sent using the first transmission method. Equipped with a
When the authentication unit determines that the received message is a message transmitted using the second transmission method,
When the received message does not include an authentication code for verifying the control data transmitted by the second transmission method, storing the control data included in the received message;
When the received message includes an authentication code for verifying the control data transmitted using the second transmission method, the plurality of stored control data are collectively transmitted using the authentication code included in the message. A communication device that performs authentication. The communication device according to claim 1, wherein the authentication unit discards the plurality of stored control data when the plurality of stored control data cannot be authenticated. The communication device according to claim 1 or 2, wherein the communication device and the other communication device are electronic control units (ECUs) that are mounted on the vehicle and control the vehicle. The communication device according to any one of claims 1 to 3, wherein the communication device receives the message transmitted using the first transmission method and the message transmitted using the second transmission method through the same communication network. communication equipment. The value of the authentication code included in the message transmitted using the first transmission method is calculated using at least control data included in the message transmitted using the first transmission method,
2. The value of the authentication code included in the message transmitted using the second transmission method is calculated using at least a plurality of pieces of control data included in the plurality of messages transmitted using the second transmission method. 4. The communication device according to any one of 4 to 4. The authentication section is
When it is determined that the received message is a message transmitted using the first transmission method, a value calculated using at least control data included in the received message and a value included in the received message. authenticating the control data contained in the received message by comparing it with the value of an authentication code;
When it is determined that the received message is a message sent using the second transmission method, the received message includes an authentication code for verifying control data sent using the second transmission method. When included, the plurality of stored control data are collectively authenticated by comparing a value calculated using at least the plurality of stored control data with an authentication code included in the received message. The communication device according to claim 5. The communication device according to any one of claims 1 to 6, wherein the communication device receives a message transmitted from the other communication device via a CAN-compliant communication network. A vehicle comprising the communication device according to any one of claims 1 to 7. A communication method carried out by a communication device installed in a vehicle and having a function of authenticating control data for the vehicle transmitted from another communication device,
When a message including control data for the vehicle is received, the received message is a message transmitted using the first transmission method, or the upper limit of the amount of control data that can be transmitted in one message is the first transmission method. determining whether the message is transmitted using a second transmission method that is larger than the transmission method;
a step of authenticating control data included in the received message using an authentication code included in the received message when it is determined that the received message is a message sent using the first transmission method; and,
When it is determined that the received message is a message sent using the second transmission method, the received message includes an authentication code for verifying control data sent using the second transmission method. if not included, storing control data included in the received message;
If it is determined that the received message is a message sent using the second transmission method, the received message includes an authentication code for verifying control data sent using the second transmission method. If included, a communication method comprising the step of collectively authenticating the plurality of stored control data using an authentication code included in the message. A program for causing a computer to function as the communication device according to any one of claims 1 to 7.

Images