JP5377614B2 - Communication management device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a communication management device capable of preventing the leakage and alteration of information in communication with an external device and preventing information having abnormality such as alteration inside a device from being transmitted to an external device. <P>SOLUTION: Each individual ECU 20 is provided with a message processing unit 21 to process a message containing information which should be transmitted to a vehicle-outside infrastructure 40, in accordance with a predetermined processing rule, and an individual-side vehicle-inside LAN communication unit 22 transmits the processed message to a control-side vehicle-inside LAN communication unit 14 of a charging/discharging control ECU 10 via a vehicle-inside LAN 30. The charging/discharging control ECU 10 is provided with a detector 13 to process and inspect the message received by the control-side vehicle-inside LAN communication unit 14 in accordance with a predetermined check rule, thereby detecting the presence/absence of abnormality. <P>COPYRIGHT: (C)2013,JPO&amp;INPIT

Description

  The present invention relates to a communication management device that is mounted on, for example, an electric vehicle and manages communication operations between the electric vehicle and an external device provided outside the electric vehicle.

  In an electric vehicle (abbreviation: EV), an electric vehicle that obtains power by driving a motor using electric power charged in a secondary battery (hereinafter also referred to as “battery”) as a drive source, and an engine and a motor There are hybrid vehicles that use both. In order to efficiently use renewable energy obtained by solar power generation and wind power generation, a method of using these renewable energy in a next-generation power network called a smart grid using EV is considered. . For example, it is considered that surplus power is stored in an EV battery during the generation of the above-described renewable energy, and the stored power is used in a home or factory as needed, or sold to an electric power company.

  When an EV is connected to a smart grid, battery information such as the battery capacity and state of charge (SOC) of the battery of the EV is transmitted to the power network side, or information indicating the power supply / demand situation is transmitted to the power network side. Communication means for communicating with an external device provided outside the EV (hereinafter sometimes referred to as “external communication means”) is required.

  As an external communication means, for example, a wired communication means such as a charging gun for connecting EV to a charging stand or a household outlet for charging / discharging EV, a wireless local area network (abbreviation: LAN) or WiFi ( The use of short-range wireless communication means such as Wi-Fi (registered trademark) and Wireless Fidelity) and mobile communication means such as a mobile phone is being studied.

  In an EV system in which an EV and a smart grid are connected, charge data representing a charge between an in-vehicle device mounted on the EV and an external device provided outside the EV using the above-described external communication means, Important information such as vehicle data representing information related to the vehicle and charge / discharge energy data representing the amount of electric power charged or discharged is communicated.

  The EV system has a problem that such important information may be intercepted and misused by a malicious user. For example, when EV power is sold to an electric power company via the electric power network, the malicious power is tampered with by the malicious user, and the inflated data is sent to the electric power company, resulting in illegal profits. There is a problem that may be obtained.

  A technique for solving such a problem is disclosed in Patent Document 1, for example. In the technique disclosed in Patent Document 1, data communication is intercepted by a malicious user by performing data communication between an in-vehicle device and an out-of-vehicle device using encrypted data obtained by encrypting data to be transmitted. However, the contents of the data are not easily read.

JP-A-6-60237

  In the technique disclosed in Patent Document 1 described above, it is necessary to provide an in-vehicle device with an encryption unit for encrypting data to be transmitted.

  In the EV, a plurality of electronic control units (abbreviated as ECUs) having different functions are provided as in-vehicle devices, and data is transmitted and received between the ECUs and the external devices. For example, an ECU for monitoring charging is provided, and fee data is transmitted and received. An EV-ECU that manages the EV system is provided to send and receive vehicle data. Moreover, ECU which manages the state of a battery is provided and transmission / reception of charging / discharging electric energy data is performed.

  Each ECU provided in the EV is configured to mount only a microcomputer (abbreviation: microcomputer) having a necessary minimum processing capacity in order to reduce the product cost. If such an ECU is further equipped with a microcomputer that functions as the above-described encryption means having a relatively large calculation load, the product cost of the ECU increases. Therefore, there is a problem that it is difficult to install encryption means in all ECUs.

  In order to solve this problem, for example, an in-vehicle gateway ECU may be provided between the in-vehicle communication network and the out-of-vehicle communication network, and transmission data transmitted outside the vehicle may be encrypted by the in-vehicle gateway ECU. It is done.

  However, even if the in-vehicle gateway ECU is provided, it is not possible to prevent a malicious user from directly and illegally accessing the in-vehicle communication network, so that data altered in the in-vehicle communication network is transmitted to the external device. Cannot be prevented.

  An object of the present invention is to prevent information leakage and tampering in communication with an external device, and communication capable of preventing information having an abnormality such as tampering inside the device from being transmitted to the external device. It is to provide a management device.

The communication management device of the present invention includes a general unit that can communicate with an external device, and a plurality of individual units connected to the general unit via a communication line, and the general unit, the plurality of individual units, and the external unit A communication management device that manages a communication operation with a device, wherein each individual unit is processed by a processing unit that processes information to be transmitted to the external device according to a predetermined processing rule, and the processing unit. And an individual side internal communication unit that transmits the information transmitted from the individual side internal communication unit of each of the individual units to the overall unit via the communication line. Process the internal side communication unit that receives via the line and the information received by the internal side communication unit according to a predetermined check rule. And detecting the presence or absence of abnormality of the information, an encryption unit for encrypting the information received by the general internal communication unit, and encrypted by the encryption unit An external communication unit that transmits information to the external device, and the predetermined processing rule includes a processing timing for processing the information, a processing location of the information, and a processing amount of the information, The predetermined check rule includes a check timing for inspecting the processed information, a processing location of the information for the inspection, and a processing amount of the information for the inspection. The processing timing, the processing location and the processing amount, and the check timing of the check rule, the processing location and the processing amount are the identification of the overall unit. A unit identifier, and wherein the Rukoto determined on the basis of the individual unit identifier for identifying the individual units of the transmission source of the information.

  According to the communication management device of the present invention, the information to be transmitted to the external device is processed by the processing unit of each individual unit according to a predetermined processing rule, and transmitted to the central unit via the communication line by the individual side internal communication unit. And received by the internal communication unit on the control side of the control unit. The information received by the supervising internal communication unit is processed and inspected by the detecting unit of the supervising unit according to a predetermined check rule, and the presence / absence of an abnormality is detected. The information received by the central internal communication unit is encrypted by the encryption unit of the central unit and transmitted to the external device by the external communication unit. As described above, the overall unit that communicates with the external device includes the encryption unit, so that it is possible to prevent information leakage and falsification when communication with the external device is intercepted by a third party.

Also, information is processed by the processing unit of the individual unit according to a predetermined processing rule and transmitted to the overall unit, and processed and inspected by the detection unit of the overall unit according to the predetermined check rule to detect the presence or absence of information abnormality. The Therefore, for example, when the inside of the communication management apparatus is illegally accessed directly by a third party and the information is tampered with, for example, the information can be detected to be abnormal. . Further, by preventing the external communication unit from transmitting information in which an abnormality has been detected to the external device, it is possible to prevent information having an abnormality such as tampering from being transmitted to the external device.
The above-described predetermined processing rules include information processing timing, processing location, and processing amount, which are determined based on the overall unit identifier and the individual unit identifier. Similarly, the above-described predetermined check rule includes information check timing, processing location, and processing amount, which are determined based on the overall unit identifier and the individual unit identifier.
As a result, the processing rules and the check rules can be made simple, so that the processing unit and the detection unit can be mounted without excessively increasing the calculation load in the overall unit and the individual unit. Therefore, an increase in product cost can be prevented.

It is a block diagram which shows the structure of the communication management apparatus 1 which is one Embodiment of this invention. It is a flowchart which shows the process sequence regarding the transmission process of the message in individual ECU20. It is a flowchart which shows the process sequence regarding the check process of the presence or absence of abnormality of the transmission message in charging / discharging control ECU10.

  FIG. 1 is a block diagram showing a configuration of a communication management apparatus 1 according to an embodiment of the present invention. The communication management device 1 is mounted on the electric vehicle 100. Electric vehicle 100 is a hybrid vehicle in the present embodiment, and includes power generation unit 50, engine 51, and battery 52 together with communication management device 1.

  The power generation unit 50 generates electric power, specifically DC power, using the engine 51. The power generation unit 50 provides the generated direct-current power to the battery 52. The power generation unit 50 is realized by a generator, for example. The battery 52 is configured to be able to charge and discharge electric power. Specifically, the battery 52 is configured to be able to store electric power generated by the power generation unit 50 by the engine 51. The battery 52 is supplied with power generated by the power generation unit 50 by the engine 51, specifically, DC power. Thereby, the battery 52 is charged.

  The electric vehicle 100 is not limited to a hybrid vehicle, and may be an electric vehicle. The electric vehicle (EV) 100 is connected to a smart grid, which is a next-generation power network (not shown), and constitutes an EV system. The EV system corresponds to a power supply and demand system.

  The EV system includes an electric vehicle 100 and an infrastructure 40 (hereinafter also referred to as “exterior infrastructure”) provided outside the electric vehicle 100. The out-of-vehicle infrastructure 40 includes a communication device and can communicate with the communication management device 1. The vehicle outside infrastructure 40 corresponds to an external device.

  The out-of-vehicle infrastructure 40 is, for example, a facility used for a smart grid, such as a charging station or an energy management system (abbreviation: EMS). The charging stand is a charging facility provided with a power supply device for EV. EMS supplies power from a commercial power supply system to an electric vehicle, and supplies power from the electric vehicle to a commercial power supply system such as a house or a building, as well as other power supplies such as power supply from a solar power generation device. It is a system that realizes the leveling of power supply and demand by monitoring and the like.

  The communication management device 1 manages the communication operation between the electric vehicle 100 and the off-vehicle infrastructure 40. The communication operation between the electric vehicle 100 and the vehicle infrastructure 40 includes, for example, information transmission operation from the motor vehicle 100 to the vehicle infrastructure 40, information transmission operation from the vehicle infrastructure 40 to the motor vehicle 100, and the like.

  As shown in FIG. 1, the communication management device 1 includes a charge / discharge control ECU 10, a plurality of individual ECUs 20, and an in-vehicle LAN 30. The charge / discharge control ECU 10 and each individual ECU 20 are connected by an in-vehicle LAN 30 and configured to be able to communicate with each other. The charge / discharge control ECU 10 corresponds to a general unit. The individual ECU 20 corresponds to an individual unit. The in-vehicle LAN 30 corresponds to a communication line. In the present embodiment, the case where the communication management device 1 includes three individual ECUs 20 as a plurality of individual ECUs 20 will be described, but the number of individual ECUs 20 is not limited to this.

  In the following description, when a specific individual ECU is indicated, subscripts “a”, “b”, and “c” are added to the reference numeral “20” indicating the individual ECU, and the first individual ECU 20a, These are called individual ECU 20b and third individual ECU 20c. When an unspecified individual ECU is indicated, the subscripts “a”, “b”, and “c” of the reference numeral “20” are omitted and referred to as an individual ECU 20.

  The charge / discharge control ECU 10 is configured to be able to communicate with the infrastructure 40 outside the vehicle. The charge / discharge control ECU 10 communicates with the vehicle infrastructure 40 in order to charge the battery 52 of the electric vehicle 100 and to discharge the power charged in the battery 52 to the vehicle infrastructure 40. The charge / discharge control ECU 10 acquires information related to the state of the vehicle infrastructure 40, for example, through communication with the vehicle infrastructure 40.

  The charge / discharge control ECU 10 performs the charging operation of the battery 52 of the electric vehicle 100 based on the acquired information on the state of the off-vehicle infrastructure 40 and the information on the state of the electric vehicle 100 on which the device is mounted, The contents of the charge / discharge operation such as whether to perform the discharge operation to the infrastructure 40 are determined. The charge / discharge control ECU 10 gives a control instruction to the plurality of individual ECUs 20 necessary for the charge / discharge operation via the in-vehicle LAN 30 according to the determined content of the charge / discharge operation. Thereby, the charge / discharge control ECU 10 controls the individual ECU 20.

  Each of the plurality of individual ECUs 20 is connected to the charge / discharge control ECU 10 via the in-vehicle LAN 30. The plurality of individual ECUs 20 have different functions, and include at least one of a charging monitoring individual unit, a vehicle system individual unit, and a charge / discharge management individual unit.

  The charging monitoring individual unit is an ECU that monitors charging for the electric vehicle 100, and transmits / receives charging information that is information related to charging, specifically, charging data representing the charging information, to / from the infrastructure 40 outside the vehicle. The individual unit for the vehicle system is an EV-ECU that manages the EV system, and transmits / receives vehicle information regarding the electric vehicle 100, specifically vehicle data representing the vehicle information, to / from the vehicle infrastructure 40. The individual unit for charge / discharge management is an ECU that manages the charge / discharge state of the electric vehicle 100, specifically, the state of the battery 52. Charge / discharge power amount information relating to the amount of power charged / discharged by the electric vehicle 100, specifically The charging / discharging power amount data representing the charging / discharging power amount information is transmitted / received to / from the vehicle infrastructure 40.

  The charge / discharge control ECU 10 includes an external communication unit 11, an encryption unit 12, a detection unit 13, a control-side in-vehicle LAN communication unit 14, and a control-side storage unit 15. The vehicle exterior communication unit 11 corresponds to an external communication unit. Further, the outside communication unit 11 corresponds to a reporting unit. The control-side in-vehicle LAN communication unit 14 corresponds to a general-side internal communication unit.

  The vehicle exterior communication unit 11 communicates with the vehicle exterior infrastructure 40. For example, the vehicle exterior communication unit 11 communicates with the vehicle exterior infrastructure 40 via a connector (not shown) for charging and discharging the electric vehicle 100. The outside communication unit 11 communicates with the outside infrastructure 40 information such as the amount of charge / discharge power, the scheduled departure time or charge completion time of the electric vehicle 100, and the remaining amount of the battery 52, specifically, Send and receive data representing information. Here, “data” refers to a numerical value representing information.

  As a communication method of communication performed between the vehicle exterior communication unit 11 and the vehicle exterior infrastructure 40, it is used in Power Line Communication (abbreviation: PLC) or “CHAdeMO rapid charge / discharge standard” which is a domestic standard. A wired communication system such as a controller area network (abbreviation: CAN) or a wireless communication system such as a wireless LAN or Wi-Fi is used.

  The encryption unit 12 encrypts information that is transmitted and received through communication with the infrastructure 40 outside the vehicle, specifically, data. More specifically, the encryption unit 12 transmits the data from the electric vehicle 100 to the vehicle infrastructure 40 using, for example, a data encryption standard (abbreviation: DES) algorithm for encrypting data into ciphertext. Data representing information to be transmitted (hereinafter sometimes referred to as “transmission data”), specifically, a message including the transmission data is encrypted.

  DES is a known technology and has the advantage of being documented. DES is a private key system and is highly secure as long as this private key is kept secret. DES has the further advantage that its ciphertext output is reversible, i.e. the ciphertext can be plainened back to the original message by using the same private key. Although not explicitly described because it is not directly related to the configuration and operation of the present invention, the DES can also decrypt the encrypted data received from the off-vehicle infrastructure 40.

  In the present embodiment, the case where DES is used as the encryption method in the encryption unit 12 is described, but the encryption method in the encryption unit 12 is not limited to DES. As an encryption method in the encryption unit 12, in addition to DES, a common key encryption method or a public key encryption method may be used.

  The detection unit 13 detects the presence or absence of abnormality in information communicated with the in-vehicle LAN 30, specifically, data representing the information (hereinafter also referred to as “in-vehicle LAN communication data”). More specifically, the detection unit 13 detects the presence / absence of a message including the in-vehicle LAN communication data. The “abnormality” of information, data, and messages is, for example, falsification.

  The control-side in-vehicle LAN communication unit 14 communicates with the individual ECU 20 via the in-vehicle LAN 30. The control-side storage unit 15 stores a definition of a check rule, which will be described later, an identifier of the charge / discharge control ECU 10 used for creating the check rule, and an identifier of each individual ECU 20.

  CAN is used as the in-vehicle LAN 30. The in-vehicle LAN 30 is not limited to the CAN, and may be any device that uses standardized vehicle communication such as serial communication or FlexRay.

  Each individual ECU 20 includes a message processing unit 21, an individual side in-vehicle LAN communication unit 22, and an individual side storage unit 23. The message processing unit 21 corresponds to a processing unit. The individual side in-vehicle LAN communication unit 22 corresponds to an individual side internal communication unit. The individual-side in-vehicle LAN communication unit 22 is connected to the control-side in-vehicle LAN communication unit 14 of the charge / discharge control ECU 10 via the in-vehicle LAN 30.

  The individual-side in-vehicle LAN communication unit 22 communicates with the charge / discharge control ECU 10, specifically, the control-side in-vehicle LAN communication unit 14 via the in-vehicle LAN 30. In the present embodiment, it is assumed that the individual in-vehicle LAN communication units 22 of the plurality of individual ECUs 20 transmit data to the charge / discharge control ECU 10 at predetermined intervals, for example, every 100 ms, via the in-vehicle LAN 30.

  The message processing unit 21 acquires data representing information to be transmitted to the off-vehicle infrastructure 40 from the individual-side storage unit 23, and a message including the acquired data may be referred to as a predetermined processing rule (hereinafter referred to as “message processing rule”). ) Processing a message corresponds to processing data included in the message.

  The individual-side storage unit 23 stores information such as the amount of charge / discharge power acquired from the power generation unit 50 and the battery 52 of the electric vehicle 100 and the remaining amount of the battery 52. Further, the individual side storage unit 23 stores a scheduled departure time of the electric vehicle 100 that is predetermined by the user. Further, the individual-side storage unit 23 stores the above-described processing rule definition, the identifier of the own ECU 20 used for creating the processing rule, and the identifier of the charge / discharge control ECU 10.

  For example, the individual-side storage unit 23 of the first individual ECU 20a stores an identifier of the first individual ECU 20a that is the own ECU and an identifier of the charge / discharge control ECU 10. Similarly, the individual-side storage unit 23 of the second individual ECU 20b stores an identifier of the second individual ECU 20b that is the own ECU and an identifier of the charge / discharge control ECU 10. Further, the individual-side storage unit 23 of the third individual ECU 20c stores an identifier of the third individual ECU 20c that is the own ECU and an identifier of the charge / discharge control ECU 10. In the present embodiment, the identifier of the charge / discharge control ECU 10 is “1”, the identifier of the first individual ECU 20a is “2”, the identifier of the second individual ECU 20b is “3”, and the identifier of the third individual ECU 20c is “ 4 ”.

  Next, a method for processing a message transmitted to the charge / discharge control ECU 10 via the in-vehicle LAN 30 and a method for detecting an abnormality of the message, for example, an unauthorized alteration by a third party will be described. The message processing method is performed by the message processing unit 21 of each individual ECU 20. A method for detecting a message abnormality is performed by the detection unit 13 of the charge / discharge control ECU 10.

  Tables 1 to 3 show examples of data exchanged by in-vehicle LAN communication in the prior art.

  Table 1 shows an example of transmission data transmitted by the individual ECU 20. Table 1 shows an example of transmission data transmitted by the first individual ECU 20a as a specific example.

  “Cycle number N” represents a transmission order when the individual ECU 20 transmits data at a predetermined cycle. In the following description, the cycle number may be referred to as “cycle No.”. For example, when the predetermined cycle is 100 ms, the first transmission timing is set to cycle No. 1, the transmission timing after 100 ms is set to cycle No. 2, the transmission timing after 200 ms is set to cycle No. 3, the transmission timing after 300 ms is set to the cycle No. 4 and so on.

  “Transmission data” indicates the content of transmission data transmitted by the individual ECU 20. The transmission data includes a report value that is a value that the individual ECU 20 reports to the off-vehicle infrastructure 40 and a checksum that is used to check the consistency of the contents of the report value. The reported value is, for example, the value of the amount of electric power discharged by electric vehicle 100 to the smart grid. Table 1 shows a report value expressed in hexadecimal, a report value expressed in binary, and a checksum value expressed in hexadecimal.

  For example, when the report value expressed in hexadecimal is “0x2A”, the value of the checksum is “0x02” in which the upper byte “0010” of the report value “0010 1010” expressed in binary is expressed in hexadecimal And the lower byte “1010” of the reported value “0010 1010” expressed in binary number and the value “0x0A” expressed in hexadecimal number. Therefore, as shown in Table 1, the checksum value when the report value expressed in hexadecimal is “0x2A” is “0x0C” in hexadecimal notation. Table 1 shows the calculation data used for the checksum calculation and the checksum calculation formula together with the transmission data. The calculation data is the upper byte and lower byte of the report value expressed in binary.

  Table 2 shows an example of data obtained by falsifying the transmission data shown in Table 1 (hereinafter sometimes referred to as “falsified data”). The falsification data shown in Table 2 is, for example, data that has been illegally falsified by a third party analyzing transmission data transmitted through the in-vehicle LAN 30.

  When the report value shown in Table 1 is, for example, the value of the above-described discharge power amount, the report value of the falsification data shown in Table 2 is the value of the falsified discharge power amount. Table 2 shows data obtained by adding “5” as an offset amount to each value of the transmission data shown in Table 1 as falsification data. In the following description, adding “5” as an offset amount to each value of the transmission data may be referred to as offsetting the transmission data by +5.

  Table 2 shows the calculation formula when the checksum is offset by +5 together with the altered data. As shown in Table 2, the checksum value offset by +5 is a value obtained by adding “5” as the offset amount to the checksum value shown in Table 1 as the original checksum.

  In Table 2, for example, the first individual ECU 20a has a cycle No. Of the transmission data transmitted at the timing of 1, the report value representing the discharge power amount in hexadecimal is a value obtained by adding “5” as the offset amount to the report value “0x2A” represented in hexadecimal shown in Table 1. It is “0x2F”. Similarly, the checksum value shown in Table 2 is the cycle No. shown in Table 1. A value “0x11” is obtained by adding “5” as an offset amount and “0x05” in hexadecimal notation to the original checksum value “0x0C” of 1.

  Period No. 2-No. Similarly, the report values and checksum values shown in Table 2 are values obtained by adding the offset amount “5” to the report values and checksum values shown in Table 1.

  Table 3 shows an example of data (hereinafter also referred to as “reception data”) received by the charge / discharge control ECU 10 from the first individual ECU 20a. The reception data shown in Table 3 is the reception data received by the charge / discharge control ECU 10 from the transmission data shown in Table 1 transmitted from the first individual ECU 20a. The received data shown in Table 3 includes a report value expressed in hexadecimal, a report value expressed in binary, and a checksum value expressed in hexadecimal. Table 3 shows the calculation data and the checksum calculation formula used when checking using the checksum in the prior art together with the received data.

  In Table 3, for example, the charge / discharge control ECU 10 has a cycle No. Among the received data received at the timing of 1, the report value indicating the discharge power amount is “0x2F” in hexadecimal notation. When the checksum is calculated from the report value “0x2F” expressed in hexadecimal, a value “0x02” in which the upper byte is expressed in hexadecimal and the value “0x0F” in which the lower byte is expressed in hexadecimal is “ 0x11 ". The checksum value “0x11” obtained by the calculation is equal to the checksum value “0x11” included in the received data. Therefore, the detection unit 13 of the charge / discharge control ECU 10 determines that there is no message abnormality.

  The detector 13 has a cycle No. Similarly, calculate the checksum from the report value of the received data after 2 and compare the checksum value obtained by the calculation with the checksum value included in the received data to determine whether there is an error in the message. to decide. Here, as shown in Table 3, since the checksum value obtained by calculation is equal to the checksum value received as received data, the detection unit 13 confirms that there is no message abnormality. .

  As described above, in the message confirmation method in the in-vehicle LAN communication according to the related art, when the checksum value is falsified as shown in Table 2, the detection unit 13 determines that there is no message abnormality. It is not possible to detect unauthorized alteration of the discharge electric energy shown in FIG. Therefore, even if the charge / discharge control ECU 10 encrypts the received data received from the individual ECU 20 with the encryption unit 12 such as DES and transmits the encrypted data to the vehicle infrastructure 40, the illegally altered data remains as it is. 40 will be transmitted.

  Tables 4 to 6 show examples of data exchanged by in-vehicle LAN communication in the present embodiment. Tables 4 to 6 show, as an example, data when the message processing rule and the check rule created with the identifier of the charge / discharge control ECU 10 as “1” and the identifier of the first individual ECU 20a as “2” are applied. .

  Here, a predetermined message processing rule will be described. The predetermined message processing rule defines message processing timing, processing location, and processing amount using the identifier of the charge / discharge control ECU 10 and the identifier of the individual ECU 20 of the transmission source. In other words, the message processing rule includes a message processing timing, a processing location, and a processing amount. The message processing timing is represented by a period in this embodiment. Since the message includes data representing information, the message processing timing corresponds to the information processing timing, the message processing location corresponds to the information processing location, and the message processing amount corresponds to the information processing amount. It corresponds to the processing amount.

  In the present embodiment, by using the identifier of the charge / discharge control ECU 10 and the identifier of the individual ECU 20 of the transmission source, the processing timing, processing location, and processing amount of a message that is an element constituting the message processing rule are as follows: Define.

  The processing timing (cycle) of the message is the sum of the identifier of the individual ECU 20 as the transmission source and the identifier of the charge / discharge control ECU 10. The message processing location is the sum of the identifier of the individual ECU 20 that is the transmission source and the identifier of the charge / discharge control ECU 10. The processing amount of the message is an identifier of the charge / discharge control ECU 10.

  For example, when the individual ECU 20 as the transmission source is the first individual ECU 20a, the identifier of the charge / discharge control ECU 10 is “1”, and the identifier of the first individual ECU 20a is “2”, the processing timing (cycle) of the message is This is the sum of the identifier “2” of one individual ECU 20a and the identifier “1” of the charge / discharge control ECU 10. The processing location of the message is the sum of the identifier “2” of the first individual ECU 20a and the identifier “1” of the charge / discharge control ECU 10. The processing amount of the message is the identifier “1” of the charge / discharge control ECU 10.

  As described above, when the transmission source individual ECU 20 is the first individual ECU 20a, the identifier of the charge / discharge control ECU 10 is "1", and the identifier of the first individual ECU 20a is "2", the message processing timing, processing location, and processing The quantity is expressed as follows.

Message processing timing (cycle)
= Identifier of first individual ECU 20a + identifier of charge / discharge control ECU 10 = 2 + 1 = 3 (cycle)
Processing location of message = identifier of first individual ECU 20a + identifier of charge / discharge control ECU 10 = 2 + 1 = 3 (bit)
Message processing amount = identifier of charge / discharge control ECU 10 = 1 (bit processing)

  A message processing rule is created according to the above definition. In the present embodiment, the message processing rule is that “the third bit of data is processed by one bit every three communication cycles”. Here, “1 bit processing” means 1 bit inversion.

  The checksum of the message is calculated using the data processed according to the message processing rule created in this way. That is, the checksum is calculated using a value obtained by inverting the third bit of the third period by 1 bit. The checksum value obtained by the calculation and the report value before processing are transmitted as transmission data. In other words, in the present embodiment, only the checksum is processed without processing the transmission data report value itself.

  Table 4 shows an example of transmission data transmitted by the individual ECU 20 in the present embodiment. Table 4 shows an example of transmission data transmitted by the first individual ECU 20a as a specific example. In Table 4, similarly to Table 1, transmission data, calculation data, and checksum calculation formulas are shown. In Table 4, similarly to Table 1, the transmission data includes a report value expressed in hexadecimal, a report value expressed in binary, and a checksum value expressed in hexadecimal. The report value shown in Table 4 is, for example, the value of the discharge electric energy, similarly to the report value shown in Table 1.

  In Table 4, the calculation data includes a report value after processing according to a predetermined message processing rule, and upper and lower bytes of a report value expressed in binary number among the report values after processing. The report value included in the transmission data shown in Table 4 is the same as the report value included in the transmission data shown in Table 1, but a part of the checksum included in the transmission data shown in Table 4, specifically, the period No. The checksum value of 3 is different from the checksum value shown in Table 1.

  As shown in Table 4, the cycle No. The reported value of 3 is “0x25” in hexadecimal notation. In the present embodiment, the first individual ECU 20a, which is the transmission source, uses the message processing unit 21 in accordance with the above-described message processing rules, as shown by the thick frame in Table 4, with the cycle No. Processing is performed to invert the third bit of the reported value “0010 0101” represented by a binary number of 3. When the report value after processing is expressed in binary, the upper byte is the same “0010” as before processing, but the lower byte is “0001”.

  Using the value “0x21” representing the report value after processing in hexadecimal, the cycle No. A checksum of 3 is calculated. Period No. obtained by calculation The checksum value of 3 is a value “0x03” obtained by adding the upper byte “0x02” and the lower byte “0x01” of the reported value “0x21” expressed in hexadecimal after processing, as indicated by a thick frame in Table 4. "

  The message processing unit 21 has a cycle No. Every 3 to 3 cycles, ie cycle No. 6, no. 9, no. 12,. Similarly to the case of 3, the checksum is processed by calculating the checksum using the processed report value. A message including the checksum processed in this way as transmission data (hereinafter also referred to as “processed message”) is transmitted from the first individual ECU 20a to the charge / discharge control ECU 10 via the in-vehicle LAN 13.

  Table 5 shows an example of falsification data obtained by falsifying the transmission data shown in Table 4. The falsification data shown in Table 5 is, for example, data obtained by illegally falsifying the transmission data transmitted through the in-vehicle LAN 30 by a third party, as in Table 2. When the report value shown in Table 4 is, for example, the value of the above-described discharge power amount, the report value of the falsification data shown in Table 5 is the value of the falsified discharge power amount.

  Table 5 shows, as falsified data, data obtained by offsetting the transmission data shown in Table 4 by +5, that is, data obtained by adding “5” as an offset amount to each value shown in Table 4. Table 5 shows the calculation formula when the checksum is offset by +5 together with the altered data. As shown in Table 5, the checksum value offset by +5 is a value obtained by adding “5” as the offset amount to the checksum value shown in Table 4 which is the original checksum.

  For example, as indicated by a thick frame in Table 5, the first individual ECU 20a has a cycle No. Of the transmission data transmitted at the timing of 3, the report value representing the discharge power amount in hexadecimal is a value obtained by adding “5” as the offset amount to the report value “0x25” represented in hexadecimal shown in Table 4 It is “0x2A”.

  Similarly, the checksum values shown in Table 5 are the cycle numbers shown in Table 4. The value “0x08” is obtained by adding “5” as the offset amount and “0x05” in hexadecimal notation to the original checksum value “0x03” of 3. Period No. 2-No. Similarly, the report values and checksum values shown in Table 5 are values obtained by adding “5” as an offset amount to the report values and checksum values shown in Table 4.

  Although different from Table 5, the checksum value may be recalculated from the altered report value. For example, the cycle No. The checksum value of No. 3 indicates the falsified cycle number. 3 may be altered to a value “0x0C” obtained by adding the upper byte “0x02” and the lower byte “0x0A” of the reported value “0x2A” expressed in hexadecimal.

  Table 6 shows an example of received data received by the charge / discharge control ECU 10 from the first individual ECU 20a. The reception data shown in Table 6 is reception data obtained by the charge / discharge control ECU 10 receiving the transmission data shown in Table 4 transmitted from the first individual ECU 20a. Similarly to the reception data shown in Table 3, the reception data shown in Table 6 includes a report value expressed in hexadecimal, a report value expressed in binary, and a checksum value expressed in hexadecimal.

  In Table 6, similarly to Table 3, the calculation data used for the checksum calculation and the checksum calculation formula are shown together with the received data. In Table 6, the calculation data includes a report value after processing according to a predetermined check rule, and upper and lower bytes of the report value expressed in binary number among the report values after processing. The report value included in the reception data shown in Table 6 is the same as the report value included in the reception data shown in Table 3, but a part of the checksum included in the reception data shown in Table 6, specifically, the period No. The checksum value of 3 is different from the checksum value shown in Table 3.

  In Table 6, for example, the charge / discharge control ECU 10 has a cycle No. Of the received data received at the timing of 3, the report value representing the discharge power amount in hexadecimal is “0x2A”. The detection unit 13 of the charge / discharge control ECU 10 processes the reported value “0x2A” expressed in hexadecimal according to a predetermined check rule, and calculates a checksum using the processed report value.

  In the present embodiment, the predetermined check rule is the same as the above-described predetermined processing rule, and “the third bit of data is processed (inverted) by one bit every three communication cycles”. . A checksum is calculated by the detection unit 13 using data processed according to this check rule.

  Specifically, as shown by a thick frame in Table 6, the detection unit 13 includes the cycle No. in the received data. Processing is performed to invert the third bit of the value “0010 1010” represented by the binary number of the reported value “0x2A” represented by the hexadecimal number of 3. When the report value after processing is expressed in binary, the upper byte is the same “0010” as before processing, but the lower byte is “1110”. Using the value “0x2E” that represents the report value after processing in hexadecimal, the cycle No. A checksum of 3 is calculated. Period No. obtained by calculation The checksum value of 3 is a value “0x10” obtained by adding the upper byte “0x02” and the lower byte “0x0E” of the report value expressed in hexadecimal after processing.

  Cycle No. obtained by calculation. The checksum value “0x10” of 3 does not match the checksum value “0x08” included in the received data. In addition, the cycle No. obtained by calculation. The checksum value “0x10” of No. 3 indicates the cycle No. that has been falsified as described above. It also does not match the checksum value “0x0C” calculated using the reported value “0x2A” expressed in hexadecimal of 3.

  Therefore, the detection unit 13 determines that an abnormality has occurred in the message. Accordingly, the detection unit 13 can detect that some data has been tampered with by a third party who does not know a predetermined message processing rule, for example.

  Thus, according to the message confirmation method by the detection unit 13 in the present embodiment, it is possible to detect unauthorized data alterations shown in Table 5, for example, the discharge power amount alteration. Therefore, it is possible to prevent the charge / discharge control ECU 10 from encrypting the illegally tampered data as it is by the encryption unit 12 such as DES and transmitting the data to the infrastructure 40 outside the vehicle.

  Next, operation | movement of the communication management apparatus 1 in the electric vehicle 100 is demonstrated using the flowchart shown to FIG. 2 and FIG. 3, referring FIG. 1 and Table 4-Table 6. FIG.

  FIG. 2 is a flowchart showing a processing procedure regarding message transmission processing in the individual ECU 20. Each process shown in FIG. 2 is executed by the message processing unit 21 and the individual in-vehicle LAN communication unit 22 of the individual ECU 20. When power is supplied to the individual ECU 20 from a power source (not shown), the process shown in the flowchart of FIG. 2 is started, and the process proceeds to step S1.

  In step S1, the message processing unit 21 of the individual ECU 20 resets the cycle number N representing the communication cycle in the in-vehicle LAN communication of the own ECU to “0”, and proceeds to step S2.

  In step S2, the message processing unit 21 reads the identifier of the own ECU, the identifier of the charge / discharge control ECU 10, and the definition of the message processing rule from the individual-side storage unit 23, and proceeds to step S3. For example, as described above, the message processing rule is defined by an expression using the identifier of the individual ECU 20 and the identifier of the charge / discharge control ECU 10 as parameters.

  In step S <b> 3, the message processing unit 21 creates a message processing rule using the read identifiers of the own ECU and charge / discharge control ECU 10 and the definition of the message processing rule. Specifically, the message processing unit 21 uses the read identifiers of the own ECU and the charge / discharge control ECU 10 and the definition of the message processing rule, the elements constituting the message processing rule, specifically the message processing timing, The message processing location and message processing amount are calculated. When the message processing rule is created in this way, the process proceeds to step S4.

  In step S4, the message processing unit 21 adds “1” to the cycle number N representing the cycle of communication in the in-vehicle LAN communication of the own ECU, and proceeds to step S5.

  In step S5, the message processing unit 21 determines whether or not the transmission timing represented by the cycle number N matches the message processing timing in the message processing rule created in step S3. If the message processing unit 21 determines that the transmission timing indicated by the cycle number N coincides with the message processing timing, the message processing unit 21 proceeds to step S6. If it determines that the transmission timing does not match, the message processing unit 21 proceeds to step S7.

  In step S6, the message processing unit 21 processes the message to be transmitted including the report value stored in the individual-side storage unit 23 according to the message processing rule created in step S3, and the individual-side in-vehicle LAN communication unit 22 To give. When the message is processed in this way, the process proceeds to step S7.

  When the process proceeds to step S7 after processing the message in step S6, in-vehicle LAN communication unit 22 transmits the message processed in step S6 to charge / discharge control ECU 10 via in-vehicle LAN 30 in step S7. To do. When the process proceeds from step S5 to step S7 without passing through the process of processing the message in step S6, the in-vehicle LAN communication unit 22 includes a report value stored in the individual storage unit 23 in step S7. Is transmitted to the charge / discharge control ECU 10 via the in-vehicle LAN 30. If a message is transmitted to charge / discharge control ECU10, it will transfer to step S8.

  In step S <b> 8, the message processing unit 21 determines whether or not an instruction to turn off the power of its own ECU is given, that is, whether or not an instruction to turn off the power is inputted. If the message processing unit 21 determines that the power-off is not instructed, the message processing unit 21 returns to step S4 and repeats the above-described processing. If the message processing unit 21 determines that an instruction to turn off the power has been given, it ends all processing procedures. In this way, the processes in steps S4 to S7 are repeated until the power source of the individual ECU 20 is turned off.

  FIG. 3 is a flowchart showing a processing procedure related to a check process for the presence / absence of an abnormality in the transmission message in the charge / discharge control ECU 10. Each process shown in FIG. 3 is executed by the vehicle exterior communication unit 11, the encryption unit 12, the detection unit 13, and the control-side vehicle interior LAN communication unit 14 of the charge / discharge control ECU 10. When power is supplied to the charge / discharge control ECU 10 from a power source (not shown), the processing shown in the flowchart of FIG. 3 is started, and the process proceeds to step S11.

  In step S11, the detection unit 13 of the charge / discharge control ECU 10 resets the cycle number N indicating the communication cycle in the in-vehicle LAN communication of the own ECU to “0”, and proceeds to step S12.

  In step S <b> 12, the detection unit 13 determines, from the control-side storage unit 15, the identifier of the own ECU, the identifier of the individual ECU 20 of the communication partner, and the definition of a message check rule (hereinafter also referred to as “message check rule”). Is transferred to step S13. In the present embodiment, the check rule is the same as the processing rule.

  In step S <b> 13, the detection unit 13 creates a message check rule using the read identifiers of the self ECU and the individual ECU 20 and the definition of the message check rule. Specifically, the detection unit 13 uses the read identifiers of the own ECU and the individual ECU 20 and the definition of the message check rule, and configures the elements constituting the message check rule, specifically the message check timing, the inspection check The processing location and the processing amount of the message for calculating are calculated. When the message check rule is created in this way, the process proceeds to step S14.

  In step S14, the detection unit 13 adds “1” to the cycle number N representing the cycle of communication in the in-vehicle LAN communication of the own ECU, and proceeds to step S15.

  In step S <b> 15, the detection unit 13 determines whether the control-side in-vehicle LAN communication unit 14 has received a message from the individual ECU 20. If the detection unit 13 determines that a message from the individual ECU 20 has been received, the process proceeds to step S16. If it is determined that the message has not been received, the detection unit 13 waits until it is received.

  In step S16, the detection unit 13 determines whether or not the transmission timing represented by the cycle number N matches the message check timing in the message check rule created in step S13. If the detection unit 13 determines that the transmission timing indicated by the cycle number N matches the message check timing, the detection unit 13 proceeds to step S17. If the detection unit 13 determines that the transmission timing does not match, the detection unit 13 proceeds to step S18.

  In step S17, the detection unit 13 processes the message received from the individual ECU 20 in accordance with the message check rule created in step S13, and proceeds to step S18.

  When the process proceeds to step S18 through the process of processing the message in step S17, in step S18, the detection unit 13 uses the message abnormality detection method such as checking the checksum to check whether the processed message is abnormal. Check. If the process proceeds from step S16 to step S18 without going through the process of processing the message in step S17, in step S18, the detection unit 13 uses a message abnormality detection method such as checking the checksum, and the individual ECU 20 Check whether there is an error in the message received from. When the detection unit 13 checks whether there is a message abnormality, the detection unit 13 proceeds to step S19.

  In step S19, the detection unit 13 determines whether or not there is an abnormality as a result of checking whether or not the message is abnormal in step S18. If the detection unit 13 determines that there is no abnormality, the process proceeds to step S20. If the detection unit 13 determines that there is an abnormality, the process proceeds to step S21. When it is determined that there is no abnormality in the message, the message is given to the encryption unit 12 by the detection unit 13.

  In step S20, the encryption unit 12 encrypts the given message and proceeds to step S21.

  In step S21, the vehicle exterior communication unit 11 transmits the message encrypted in step S20 to the vehicle exterior infrastructure 40, and proceeds to step S23.

  In step S22, the detection unit 13 performs a message abnormality process and proceeds to step S23. The message abnormal process is, for example, a process for notifying the user that there is an error in the message by outputting an alarm sound from an output device such as a speaker (not shown) or information indicating that the message is abnormal. This is a process for transmitting to the infrastructure 40.

  In step S <b> 23, the detection unit 13 determines whether or not an instruction to turn off the power of the own ECU has been issued. When the detection unit 13 determines that the power-off is not instructed, the detection unit 13 returns to step S14 and repeats the above-described processing. If the detection unit 13 determines that an instruction to turn off the power has been given, it ends all processing procedures. In this manner, the processes in steps S14 to S22 are repeatedly performed until the power supply of the charge / discharge control ECU 10 is turned off.

  As described above, according to the communication management device 1 of the present embodiment, the charge / discharge control ECU 10 that performs communication (hereinafter sometimes referred to as “external communication”) with the external infrastructure 40 that is an external device is used for external communication. Since the encryption unit 12 which is means for encrypting the data is provided, it is possible to prevent information leakage and tampering when communication with the infrastructure 40 outside the vehicle is intercepted by a third party.

  In addition, since the individual ECU 20 communicates with the vehicle infrastructure 40 via the charge / discharge control ECU 10, the encryption unit 12 that performs encryption only needs to be mounted only on the charge / discharge control ECU 10 that performs communication with the vehicle infrastructure 40. . Therefore, it is not necessary for all ECUs mounted on the electric vehicle 100 to mount the encryption unit 12 having a large load.

  In addition, the individual ECU 20 and the charge / discharge control ECU 10 communicating via the in-vehicle LAN process a message in accordance with a predetermined processing rule in the individual ECU 20 and transmit the message to the charge / discharge control ECU 10, and the message received by the charge / discharge control ECU 10. Are processed and inspected according to a predetermined check rule to detect the presence or absence of an abnormality such as message tampering.

  Thus, for example, when an abnormality occurs in the information because the inside of the communication management device 1 is directly and illegally accessed by a third party and the information is falsified, the detection of the abnormality in the information is detected. Can do. In addition, by preventing the out-of-vehicle communication unit 11 from transmitting information in which the abnormality is detected to the out-of-vehicle infrastructure 40, it is possible to prevent information in which an abnormality such as tampering has occurred from being transmitted to the out-of-vehicle infrastructure 40.

  Specifically, the fact of falsification can be detected when the information transmitted in the in-vehicle LAN 30 is falsified directly. Further, by preventing the altered information from being transmitted from the outside communication unit 11, it is possible to prevent the altered information from leaking outside.

  The aforementioned predetermined processing rules include the processing timing, processing location and processing amount of the message, and these are based on the identifier of each ECU that performs transmission / reception, that is, the identifier of the charge / discharge control ECU 10 and the identifier of the individual ECU 20 of the transmission source. Determined. Similarly, the predetermined check rule includes a message check timing, a processing location and a processing amount for inspection, and these are based on the identifier of the charge / discharge control ECU 10 and the identifier of the individual ECU 20 of the transmission source. Determined.

  As a result, the processing rules and the check rules can be simplified, so that the message processing unit 21 and the detection unit 13 can be mounted without excessively increasing the calculation load in the charge / discharge control ECU 10 and the individual ECU 20. it can. Therefore, an increase in product cost can be prevented.

  In the present embodiment, the binary value of the report value is processed by the processing rule and the check rule, so that the same simple rule can be used as the processing rule and the check rule. Therefore, since the message processing unit 21 and the detection unit 13 can be mounted without excessively increasing the calculation load in the charge / discharge control ECU 10 and the individual ECU 20, an increase in product cost can be prevented.

  The communication management device 1 according to the present embodiment described above is mounted on the electric vehicle 100 as a communication management device for an electric vehicle that manages communication operations between the out-of-vehicle infrastructure 40 and the charge / discharge control ECU 10 and the individual ECU 20. Preferably used. As described above, the individual ECU 20 includes at least one of a charging monitoring individual unit, an EV system individual unit, and a charge / discharge management individual unit.

  In the present embodiment described above, once the message processing rule and the message check rule are set, the same rule is repeatedly used until the individual ECU 20 and the charge / discharge control ECU 10 are turned off. . In another embodiment of the present invention, the message processing rule and the identifier of the charge / discharge control ECU 10 and the identifier of the individual ECU 20 that communicates with the charge / discharge control ECU 10 via the in-vehicle LAN 30 are not limited thereto. The timing for recreating the message check rule may be further determined, and the message processing rule and the message check rule may be recreated at a specific cycle. As a result, it is possible to more reliably prevent the message processing rule and the message check rule from being analyzed by a third party.

  As described above, the predetermined message processing rule and message check rule are updated at an update timing obtained from calculation results based on the identifiers of the ECUs that perform transmission and reception, that is, the individual ECU 20 and the charge / discharge control ECU 10. This makes it difficult to analyze the processing content of the message, so that threats such as tampering by a third party can be easily avoided.

  Further, in the present embodiment, when it is detected by the detection unit 13 that there is an abnormality in the message in step S19 shown in FIG. 3, for example, the outside communication unit 11 that functions as a notification unit in the abnormality process in step S22. Will report that there is an error in the message. Specifically, an alarm, a notification to the driver, or a report to the outside infrastructure 40 is performed as the abnormal time process. Accordingly, it is possible to notify the user that there is an abnormality in the message quickly at the timing when the abnormality of the message is detected.

  Specifically, in the present embodiment, the charge / discharge control ECU 10 that performs external communication includes an out-of-vehicle communication unit 11 as a means for reporting when an abnormality of a message, such as tampering, is detected. Thereby, for example, falsification and leakage due to unauthorized access can be notified to the user or the infrastructure 40 outside the vehicle. Therefore, it is possible to quickly take measures against fraud such as tampering.

  In the present invention, the embodiments can be appropriately modified and omitted within the scope of the invention. For example, in the above-described embodiment, the communication management device 1 is mounted and used in the electric vehicle 100, but is not limited thereto. For example, the communication management apparatus 1 may include a power generation apparatus such as a solar power generation apparatus, and may be used as a communication management apparatus for a smart house that is a house that can supply and demand electric power. As described above, even when the communication management device 1 is used as a communication management device for a smart house, the same effects as in the present embodiment can be obtained.

  DESCRIPTION OF SYMBOLS 1 Communication management apparatus, 10 Charging / discharging control ECU, 11 External communication part, 12 Encryption part, 13 Detection part, 14 Control side in-vehicle LAN communication part, 15 Control side memory | storage part, 20 Individual ECU, 21 Message processing part, 22 Individual Side in-vehicle LAN communication unit, 23 individual side storage unit, 30 in-vehicle LAN, 50 power generation unit, 51 engine, 52 battery, 100 electric vehicle.

Claims (5)

A general unit capable of communicating with an external device, and a plurality of individual units connected to the general unit via a communication line, and performing communication operations between the general unit and the plurality of individual units and the external device. A communication management device for managing,
Each said individual unit is
A processing unit that processes information to be transmitted to the external device according to a predetermined processing rule;
An individual side internal communication unit that transmits information processed by the processing unit to the overall unit via the communication line;
The head unit is
Information transmitted from the individual-side internal communication unit of each individual unit, a general-side internal communication unit that receives the information via the communication line;
Processing the information received by the supervisory internal communication unit according to a predetermined check rule, inspecting the processed information, and detecting the presence or absence of the information,
An encryption unit for encrypting information received by the supervisory internal communication unit;
An external communication unit that transmits the information encrypted by the encryption unit to the external device ;
The predetermined processing rule includes a processing timing for processing the information, a processing location of the information, and a processing amount of the information.
The predetermined check rule includes a check timing for inspecting the processed information, a processing location of the information for the inspection, and a processing amount of the information for the inspection,
The processing timing of the processing rule, the processing location and the processing amount, and the check timing of the check rule, the processing location and the processing amount are an overall unit identifier for identifying the overall unit, and a transmission source of the information the communication management apparatus according to claim Rukoto determined on the basis of the individual unit identifier for identifying the individual units. 2. The predetermined processing rule and the predetermined check rule are updated at an update timing determined based on the overall unit identifier and the individual unit identifier of the information transmission source. Communication management device. Before SL supervising unit, if the by the detection unit is abnormal in the information is detected, to claim 1 or 2, characterized in Rukoto comprising a reporting unit to report that there is an abnormality in the information The communication management device described. Mounted on the vehicle, any one of claims 1 to 3, characterized that you manage communication operations between said external device provided outside of the vehicle the supervising unit and the plurality of individual units The communication management device according to 1. The vehicle is configured to be chargeable / dischargeable,
The plurality of individual units are connected to the next unit, that is, a charging monitoring individual unit that monitors charging for the vehicle and transmits / receives charging information related to the charging to / from the external device, and the vehicle and the power network. An individual unit for a vehicle system that manages an electric power supply and demand system, transmits / receives vehicle information related to the vehicle to / from the external device, and manages a charge / discharge state of the vehicle, The communication management apparatus according to claim 4 , comprising at least one of individual units for charge / discharge management that transmits / receives discharge power amount information to / from the external apparatus.

Images