JP2024033380A - information processing system - Google Patents

Abstract

To provide an information processing system that can more strictly restrict unauthorized use of services.SOLUTION: The present invention relates to an information processing system 100 in which an on-vehicle apparatus 10 and a sever 20 can communicate with each other via a network. The on-vehicle apparatus retains a certificate issued by a certificate authority and identification information of the on-vehicle apparatus, and sends the certificate and the identification information of the on-vehicle apparatus to the certificate authority when starting the on-vehicle apparatus. The server requests the certificate authority to authenticate the certificate received from the on-vehicle apparatus, obtains the identification information of the on-vehicle apparatus from the certificate authority when the authentication is successful, and issues temporary authentication information to the on-vehicle apparatus when the identification information of the on-vehicle apparatus received from the on-vehicle apparatus matches the identification information of the on-vehicle apparatus obtained from the certificate authority. The on-vehicle apparatus sends the temporary authentication information upon requesting a service to the server, and the server provides the service based on the temporary authentication information.SELECTED DRAWING: Figure 1

Description

The present invention relates to an information processing system that authenticates in-vehicle equipment and provides services.

A service provision center that provides services to onboard devices and passengers through a network is known. The service provision center authenticates the onboard device using a predetermined method, and if authentication is successful, provides services to the onboard device and passengers.

As one of the authentication methods, there is a technology that uses a user ID and a device ID (see, for example, Patent Document 1). Patent Document 1 discloses a technology in which a user ID and a device ID unique to a music playback device are registered, and when the device ID is already registered, the playback of music data is permitted with certain restrictions. ing.

Japanese Patent Application Publication No. 2002-116769

However, in the conventional technology, there is a problem in that the service is provided even if the passenger falsifies the identification information of the on-vehicle device. Authentication information and identification information of the onboard device are used when the onboard device and the service provision center communicate. Authentication information is information specific to a contractor or an on-vehicle device, but at the service provision center, authentication information and identification information of an on-vehicle device were not managed in association with each other. For this reason, if a third party other than the subscriber correctly generates authentication information by some method, he or she may be able to use the service by spoofing a device ID with a known format.

SUMMARY OF THE INVENTION In view of the above problems, an object of the present invention is to provide an information processing system that can more firmly restrict unauthorized use of services by on-vehicle devices.

In view of the above problems, the present invention provides an information processing system in which an on-vehicle device and a server can communicate via a network, wherein the on-vehicle device holds a certificate issued by a certification authority and identification information of the on-vehicle device. When the onboard device is activated, the certificate and identification information of the onboard device are transmitted to the certification authority, and the server requests the certification authority to authenticate the certificate received from the onboard device. , if the authentication is successful, the identification information of the onboard device is obtained from the certification authority, and the identification information of the onboard device received from the onboard device matches the identification information of the onboard device obtained from the certification authority. In this case, temporary authentication information is issued to the on-vehicle device, the on-vehicle device transmits the temporary authentication information when requesting a service to the server, and the server provides the service based on the temporary authentication information.

It is possible to provide an information processing system that can more firmly restrict unauthorized use of services.

1 is an example of a schematic configuration diagram of a service providing system. FIG. 2 is a diagram illustrating a flow in which a service provision center and a certification authority authenticate an on-vehicle device and provide a service to the on-vehicle device.

Hereinafter, as an example of a mode for implementing the present invention, a service providing center and an authentication method performed by the service providing center will be described.

<System configuration example>
The vehicle of this embodiment is a so-called connected car, and the onboard equipment and passengers of the vehicle can receive various services from a service providing center. Although the definition of a connected car is not necessarily established, it is a "vehicle that functions as an ICT (Information and Communication Technology) terminal." Vehicles transmit their own status and surrounding conditions to a service provider center via a communication network. Based on the information sent, the service provision center returns the latest information (maps, IOT, the shortest route to avoid traffic jams, parking lots, etc.) to the vehicle. In addition, there are a variety of other services such as remote start, digital key service via smartphone, remote monitoring, and emergency notification.

To use such a service, a contract is required by the vehicle owner, etc., even if there is a period in which it can be used free of charge. However, conventionally, as described above, there have been cases in which someone other than the subscriber has been able to use the service by falsifying the device ID. Therefore, in this embodiment, the service providing center uses a certificate issued by a certificate authority for authentication, as described below, thereby more firmly restricting unauthorized use.

FIG. 1 shows a schematic configuration diagram of a service providing system 100. First, an outline of the authentication method of this embodiment will be explained.
(1) The onboard device 10 holds a client certificate issued by the certification authority 30. The client certificate is associated with a device ID in the certificate authority 30 when the client certificate is issued.
(2) The onboard device 10 transmits the client certificate and the device ID of the onboard device 10 to the service providing center 20, for example, at the time of startup.
(3) The service provision center 20 sends the contents of the client certificate (the digital signature of the certificate authority 30) to the certificate authority 30 written in the client certificate, and requests the certificate authority 30 to authenticate the client certificate. If the client certificate authentication is successful, the certificate authority 30 returns the device ID to the service providing center 20.
(4) The service providing center 20 that has acquired the device ID determines whether the device ID received from the onboard device 10 and the device ID acquired from the certification authority 30 match. If they match, the service providing center 20 issues temporary authentication information to the onboard device 10. Temporary authentication information is information that permits use of a service for at least a certain period of time.
(5) The onboard device 10 transmits temporary authentication information to the service providing center 20 when requesting a service.
(6) The service providing center 20 executes processing according to the service request based on the temporary authentication information.

In this manner, the service providing system 100 of this embodiment performs authentication for service execution based on the client certificate issued by the certificate authority 30. The client certificate issued by the certificate authority 30 is difficult to forge, and it is also difficult for a third party to prepare a client certificate that the certificate authority 30 determines as successful authentication. Therefore, even if a device ID whose format is known is forged, a third party other than the subscriber can be prevented from receiving the service. Further, as in the past, the service providing center 20 does not need to manage the association between authentication information and device ID.

<About terms>
The identification information of the onboard device is letters, numbers, symbols, alphabets, or a combination thereof for uniquely identifying or specifying the onboard device. In this embodiment, the term “device ID” will be used.

The information processing system is a mechanism in which the on-vehicle device 10, the service providing center 20, and the certification authority 30 communicate as necessary, and the service providing center 20 provides services to the on-vehicle device 10 as a whole. In this embodiment, the term service providing system 100 will be used.

<System configuration>
The system configuration of the service providing system 100 will be explained using FIG. 1. As shown in FIG. 1, the service providing system 100 includes an on-vehicle device 10 mounted on a vehicle, a service providing center 20, and a certification authority 30. Certificate authority 30 is often an independent commercial authority and need not be part of service provision system 100.

The onboard device 10 has a communication device that communicates with the service providing system 100 via a communication network such as a mobile phone network. The communication device may be replaced by a device equipped with a SIM function, such as a smartphone carried by the passenger. In this case, a smartphone is connected to the on-vehicle device 10 by wire or wirelessly.

The communication device connects to a base station such as a mobile phone network (not shown). The base station is connected to the service providing center 20 mainly via a wired communication network or gateway. The service providing center 20 and the certificate authority 30 are communicably connected via a communication network such as the Internet or a LAN. The service providing center 20 and the certificate authority 30 may be integrated.

The vehicle 9 is equipped with an on-vehicle device 10 for receiving services from a service providing center 20. The onboard device 10 is, for example, a navigation device, a display audio device, or the like. The on-vehicle device 10 is not limited to these, and may have functions for receiving services from the service providing center 20 (for example, a display, a speaker, a microphone, etc., but the function differs depending on the type of service to be received).

The services provided by the service provision center 20 include services provided to passengers who are in the vehicle 10, and services provided to contractors who are not in the vehicle (often potential passengers). . For example, the following are just examples:
- A service where vehicle occupants request the service provision center 20 to dispatch the fire department or police when they are in trouble due to an accident, sudden illness, or erratic driving.
- A service in which the service provision center 20 acquires the vehicle condition when the warning light is on and the current vehicle condition, and provides the results of confirmation and checking to the contractor.
- A service that provides the status and location of the vehicle 9 that is far from the occupants to an application such as a smartphone. An alarm will also be issued if there is illegal entry, such as when the door is forced open.
・A service that allows passengers to turn on the vehicle's air conditioner before boarding using an app on their smartphone or other device.
- A service in which the on-vehicle device 10 receives content such as videos and music from the service provision center 20 and plays it in the car.
- A service that allows the vehicle to recognize the occupant (in this case, the driver) and automatically reflect previously configured settings such as seat position and navigation.
- A service in which the on-vehicle device 10 sets a route to a destination using the latest map information, facility information, and traffic congestion information acquired via communication from the service provision center 20.
・A service that allows subscribers to use their smartphones as car keys using an app. A service that allows policyholders to use a family member's smartphone as a car key.
・A service that allows the subscriber to check the vehicle's charging status and power supply status from the app even when the subscriber is away from the vehicle.
・A service that allows passengers to search for and provide destinations and information simply by talking to an agent (AI).
・A service where passengers can set their destination simply by telling the operator where they want to go.

The service providing center 20 is one or more information processing devices that provide the above-mentioned services to a plurality of vehicles 9. A manned operator may intervene to provide the service. An information processing device (computer) or software that performs a function of providing information and processing results in response to a request from a client such as the vehicle 9 is called a server.

In this embodiment, the service providing center 20 is described as one information processing device, but each function of the service providing center 20 may be distributed among multiple information processing devices. Alternatively, there may be a plurality of service providing centers 20, and the service providing center 20 with the least load among them may provide the service. Further, the service providing center 20 may be compatible with cloud computing. Cloud computing refers to a usage format in which resources on a network are used without being aware of specific hardware resources.

The service providing center 20 is an information processing device equipped with the functions of a general computer, such as a CPU, RAM, ROM, and an input/output unit. Preferably, the service providing center 20 is located on the Internet or is connectable to the Internet. Although the actual location of the service provision center 20 does not matter, it is often placed in a data center or a server rack within a facility. In the service providing center 20, applications corresponding to each of the above-mentioned services are executed, for example.

The certification authority 30 is a third-party organization that issues public key certificates (hereinafter referred to as client certificates in this embodiment) and registers, issues, and revoke client certificates in order to encrypt important information. be. Here, the client is an on-vehicle device or a service contractor (owner of the vehicle 9), but the actual contract may be in a form in which the service providing center acts on behalf of the owner. The client certificate includes the public key of the on-vehicle device 10, a description regarding the on-vehicle device 10 (information identifying the owner of the public key, such as subscriber information), and a digital signature of the certification authority 30. The client certificate proves that the onboard device 10 is the owner of the private key corresponding to this public key. In this embodiment, with respect to the service providing center 20, the owner of the private key paired with the public key included in the client certificate is the on-vehicle device 10. Note that the crew member does not need to be aware of the existence of the client certificate or the authentication process.

When issuing a client certificate, the certificate authority 30 associates the client certificate with the device ID and holds the certificate. If the digital signature of the certificate authority 30 included in the client certificate transmitted from the on-vehicle device 10 is successfully authenticated, the certificate authority 30 can specify the device ID of the on-vehicle device 10 associated with the client certificate.

The process by which the certificate authority 30 issues a client certificate will be explained. The onboard device 10 requires a private key for encrypting the device ID and a public key paired with the private key. The public key and private key can be obtained from a predetermined application or a predetermined vendor. It is assumed that the service providing center 20 prepares a public key and a private key for each subscriber. The contractor may prepare a public key and a private key.

A. The service provision center 20 submits a public key to the certification authority 30 for the on-vehicle device (service contractor).

B. The certificate authority 30 confirms that the provider of the public key is the service providing center 20 through a predetermined method such as face-to-face, and issues a client certificate for the onboard device 10. As described above, the client certificate includes the public key of the onboard device 10, descriptions regarding the onboard device 10 (information that identifies the owner of the public key, such as subscriber information), and the digital signature of the certification authority 30. . The client certificate is a client certificate that proves that the public key truly belongs to the onboard device 10. When issuing a client certificate, the certificate authority 30 associates the client certificate with the device ID and holds the certificate.

C. The private key and public key certificate are stored in the onboard device 10.

D. When the on-vehicle device 10 transmits a client certificate to the service provision center 20, the service provision center 20 authenticates the client certificate with the certificate authority 30 to confirm that the public key included in the client certificate belongs to the subscriber. You can check.

<Details of authentication using public key certificate>
FIG. 2 is a functional block diagram illustrating the functions of the onboard device 10, the service provision center 20, and the certification authority 30. Further, FIG. 2 is a diagram illustrating a flow of authenticating the on-vehicle device 10 and providing services to the on-vehicle device 10.

<<Onboard equipment>>
The onboard device 10 includes an authentication requesting section 11 and a service using section 12. Each of these functions that the onboard device 10 has is based on general hardware (CPU, RAM, auxiliary storage device, input/output I/F, display, keyboard, touch panel, communication device, etc.) that the onboard device 10 has as a computer. This is a function or means that is realized by being controlled by a CPU that executes a program expanded from an auxiliary storage device to a RAM.

The authentication requesting unit 11 holds the private key of the on-vehicle device 10, a client certificate, and a device ID. The authentication requesting unit 11 encrypts the device ID with a private key, and requests the service providing center 20 to authenticate the onboard device 10 using the client certificate and the encrypted device ID.

The service usage unit 12 receives temporary authentication information from the service providing center 20 when the authentication of the onboard device 10 is successful, and requests the service providing center 20 to use various services by attaching the temporary authentication information.

<<Service Provision Center>>
The service providing center 20 includes a certificate checking section 21, a temporary authentication information issuing section 22, a temporary authentication information storage section 23, and a service function section 24. Each of these functions possessed by the service provision center 20 uses general hardware possessed by a computer (CPU, RAM, auxiliary storage device, input/output I/F, display, keyboard, touch panel, communication device, etc.) and auxiliary storage device. This is a function or means that is realized under the control of a CPU that executes a program loaded into a RAM.

The certificate check unit 21 sends the client certificate sent from the onboard device 10 to the certification authority 30 to request authentication of the onboard device 10, and if the authentication is successful, the client certificate is associated with the client certificate. The device ID is acquired from the certification authority 30.

When the certification authority 30 determines that the authentication is successful, the temporary authentication information issuing unit 22 decrypts the encrypted device ID transmitted from the onboard device 10 using the public key included in the client certificate. Further, the temporary authentication information issuing unit 22 determines whether the device ID from the certification authority 30 and the decrypted device ID match. If they match, the temporary authentication information issuing section 22 issues temporary authentication information, associates the device ID and the temporary authentication information, and stores them in the temporary authentication information storage section 23.

When the onboard device 10 requests the use of a service together with the device ID and temporary authentication information, the service function unit 24 temporarily stores the same device ID and temporary authentication information as the device ID and temporary authentication information transmitted from the onboard device 10. It is determined whether the authentication information is stored in the authentication information storage unit 23. When the device ID and the temporary authentication information are stored in the temporary authentication information storage section 23, the service function section 24 provides the on-vehicle device 10 with the service requested by the on-vehicle device 10.

<<Certification Authority>>
The certificate authority has a certificate device ID storage section 31 and an authentication section 32. The certificate device ID storage unit 31 stores a device ID and a client certificate in association with each other when a client certificate is issued. Instead of the entire client certificate, for example, the digital signature of the certificate authority 30 and the device ID may be associated.

When the authentication unit 32 is requested by the service providing center 20 to authenticate a client certificate, the authentication unit 32 decrypts the digital signature of the client certificate and determines whether the client certificate is issued by the certificate authority 30 or not. If the client certificate is issued by the certificate authority 30, this means that the client certificate has been authenticated successfully.

<Flow of the service provision center and certification authority authenticating the on-vehicle device and providing services to the on-vehicle device>
Referring to FIG. 2, a flow in which the service providing center 20 and the certification authority 30 authenticate the on-vehicle device 10 and provide services to the on-vehicle device 10 will be described.

(21) When the ignition is turned on (internal combustion engine vehicles) or the system is turned on (in electric vehicles and hybrid vehicles), the authentication requesting unit 11 of the onboard device 10 transmits the device ID and client certificate to the service providing center 20. The device ID is encrypted using the private key of the onboard device 10.

(22) The certificate check unit 21 of the service provision center 20 requests the certificate authority 30 to authenticate the client certificate received from the onboard device 10. The authentication unit 32 of the certificate authority 30 decrypts the digital signature of the client certificate and determines whether the client certificate is issued by the certificate authority 30. If the digital signature of the certification authority 30 is the one given by the certification authority 30, it can be determined that the public key of the client certificate belongs to the onboard device 10 described in the client certificate. When the certification authority 30 succeeds in authenticating the client certificate, it transmits to the service providing center 20 the device ID that was associated and held when the client certificate was granted.

If the client certificate does not have the digital signature of the certificate authority 30 or is not a digital signature given by the certificate authority 30, the authentication unit 32 determines that authentication of the client certificate has failed. (The key cannot be confirmed as belonging to the onboard device 10.)
. The authentication unit 32 notifies the service providing center 20 of the authentication failure. In this case, since the subsequent processing is not performed, the onboard device 10 cannot use the service.

(23) If the client certificate is successfully authenticated, the temporary authentication information issuing unit 22 of the service provision center 20 decrypts the device ID sent from the on-vehicle device 10 using the public key and uses the device ID sent by the certification authority 30. Determine whether it matches or not. If they match, the device ID was encrypted with the private key paired with the public key included in the client certificate, so it can be confirmed that the vehicle-mounted device 10 concerned is the vehicle-mounted device 10 described in the client certificate. When the device ID transmitted from the onboard device 10 and the device ID transmitted by the certification authority 30 match, the temporary authentication information issuing unit 22 issues temporary authentication information.

The temporary authentication information is information that allows the onboard device 10 to use the service at least temporarily. Such temporary authentication information is sometimes called an access token or a token. Temporary credentials are random strings of characters that identify an authenticated user. Since temporary authentication information has an expiration date set, even if temporary authentication information is given to a malicious third party, permanent use of the service can be suppressed. The temporary authentication information issuing unit 22 associates the device ID with the temporary authentication information and stores them in the temporary authentication information storage unit 23.

The verification method that uses electronic signatures, which will be described later, may require communication protocols such as SSL/TLS, but an authentication method that obtains the device ID from the certificate authority 30 is less susceptible to communication protocol restrictions. .

(24) The service usage unit 12 of the onboard device 10 transmits the device ID, temporary authentication information, and client certificate to the service providing center 20 when requesting an individual service.

(25) The service function unit 24 of the service provision center 20 compares the temporary authentication information and device ID received from the onboard device 10 with the temporary authentication information and device ID held in the temporary authentication information storage unit 23 (matching use of the service will be permitted only if verification is possible. In addition, when the service function unit 24 receives temporary authentication information, but communicates using a communication protocol that does not support authentication of the sender using temporary authentication information, the service function unit 24 uses the client certificate and device ID to 10 can be authenticated.

<Main effects>
As described above, the service providing system 100 of this embodiment performs authentication for service execution based on the certificate issued by the certificate authority 30. The certificate issued by the certificate authority 30 is difficult to forge, and it is also difficult for a third party to prepare a certificate that the certificate authority 30 determines as successful authentication. Therefore, even if a device ID whose format is known is forged, a third party other than the subscriber can be prevented from receiving the service. Further, as in the past, the service providing center 20 does not need to manage the association between authentication information and device ID.

<Flow of the service provision center and certification authority authenticating the on-vehicle device and providing services to the on-board device (modified example)>
In the explanation of FIG. 2 above, the certification authority 30 provides the device ID to the service providing center 20 upon successful authentication of the client certificate, but in this modification, authentication of the device ID using an electronic signature will be described.

First, electronic signatures will be explained. An electronic signature is a digest of a message encrypted with a private key in order to detect tampering with the message being sent. Electronic signatures ensure that a message has not been tampered with and can authenticate the creator of the message. In this modification, the message is the device ID of the onboard device 10, and the creator is the onboard device 10. First, the onboard device 10 performs the following processing.
(i) The onboard device 10 generates a digest from the device ID using a hash function.
(ii) The onboard device 10 encrypts the generated digest using the private key of the onboard device 10 (this is called an electronic signature).
(iii) The onboard device 10 transmits the device ID (plain text), the generated electronic signature, and the client certificate to the service providing center 20.

The service providing center 20 performs the following processing.
(iv) The service providing center 20 generates a digest from the received device ID using a hash function.
(v) The service provision center 20 decrypts the received electronic signature using the public key of the onboard device 10 (included in the client certificate).
(vi) Compare the digest generated in (iv) and the digest decoded in (v) to confirm that they completely match.

The electronic signature proves that the device ID has not been tampered with and that the device ID was signed with a private key that is paired with the public key used for verification.

However, since the public key is made public, a third party can spoof the device ID of the vehicle-mounted device 10 and transmit the public key in communication via the network. Therefore, the service providing center 20 needs to confirm whether the public key is the public key of the subscriber. There is a certificate authority model as a mechanism for confirming the owner of this public key.
With reference to FIG. 2, a modification of the process in which the service providing center 20 and the certification authority 30 authenticate the onboard device 10 will be described based on the certification authority model. Note that the differences between (21) to (25) will be mainly explained below.

(21) When the ignition is turned on (internal combustion engine vehicles) or the system is turned on (in electric vehicles and hybrid vehicles), the authentication requesting unit 11 of the onboard device 10 performs (i) to (iii) above, and sends the information to the service provision center 20. Send the electronic signature, device ID, and client certificate.

(22) The certificate check unit 21 of the service provision center 20 requests the certificate authority 30 to authenticate the digital signature of the certificate authority 30 included in the client certificate received from the onboard device 10. If the digital signature of the certification authority 30 is given by the certification authority 30, it can be determined that the public key included in the client certificate belongs to the onboard device 10. In this modification, even if the digital signature is successfully authenticated, the certification authority 30 does not transmit the device ID held at the time of granting the client certificate to the service providing center 20. In this modification, there is no need for the certificate authority 30 to hold client certificates and device IDs in association with each other.

(23) If the public key included in the client certificate is authenticated as belonging to the contractor, the temporary authentication information issuing unit 22 of the service providing center 20 verifies the electronic signature. That is, the service provision center 20 performs (iv) to (vi) above to ensure that the device ID has not been tampered with and that the device ID is signed by the private key that pairs with the public key authenticated by the certification authority 30. Verify what has been done. As described above, when the device ID transmitted from the onboard device 10 is verified, the temporary authentication information issuing unit 22 issues temporary authentication information. The temporary authentication information issuing unit 22 associates the device ID with the temporary authentication information and stores them in the temporary authentication information storage unit 23.

(24) The service usage unit 12 of the onboard device 10 transmits the device ID and temporary authentication information to the service providing center 20 when requesting an individual service. Note that since the device ID has been authenticated, the device ID does not need to be attached to the communication between the onboard device 10 and the service providing center 20. In this case, leakage of the device ID can be suppressed.

(25) The service function unit 24 of the service provision center 20 compares the temporary authentication information and device ID received from the onboard device 10 with the temporary authentication information held in the temporary authentication information storage unit 23 (matches the temporary authentication information and device ID). use of the service will be permitted only if verification is possible.

According to this modification, if the service providing center 20 can verify the electronic signature, it is possible to prevent a third party other than the subscriber from receiving the service without acquiring the device ID from the certification authority 30.

9 Vehicle 10 On-board device 20 Service provision center 30 Certification authority 100 Service provision system

Claims (1)

An information processing system in which an on-vehicle device and a server can communicate via a network,
The onboard device holds a certificate issued by a certification authority and identification information of the onboard device,
transmitting the certificate and identification information of the onboard device to the certification authority when the onboard device starts up;
The server is
requesting the certification authority to authenticate the certificate received from the onboard device;
If the authentication is successful, acquiring identification information of the onboard device from the certification authority,
If the identification information of the onboard device received from the onboard device matches the identification information of the onboard device acquired from the certification authority, temporary authentication information is issued to the onboard device;
The onboard device transmits the temporary authentication information when requesting a service to the server,
The server is
An information processing system that provides a service based on the temporary authentication information.

Images