JP5462146B2 - Electronic key system - Google Patents

Description

  The present invention relates to an electronic key system in which cryptographic communication is performed.

  2. Description of the Related Art Conventionally, an electronic key system that permits door locking / unlocking and the like through transmission / reception of identification information (ID code) by wireless communication between an electronic key possessed by a user and a vehicle is known. In order to maintain the security of this system, it is necessary to protect the wireless communication between the electronic key and the vehicle. For this reason, for example, in the electronic key system of Patent Document 1, encrypted communication is performed between the electronic key and the vehicle. A system employing this encryption communication will be described with reference to FIG. As shown in the figure, the vehicle 110 stores ID codes ID1 to ID3 corresponding to the number of electronic keys 101 to 103 and an encryption key Kc. Each of the electronic keys 101 to 103 stores an ID code ID1 to ID3 unique to itself and an encryption key Kc. A system in which the common encryption key Kc is set for the ID codes ID1 to ID3 is called a key common system.

  The vehicle 110 transmits a challenge signal including a challenge code to the electronic keys 101 to 103 and generates a response code from the challenge code using its own encryption key Kc. When the electronic keys 101 to 103 receive the challenge signal, the electronic keys 101 to 103 generate a response code by using their own encryption key from the challenge code included therein. And the electronic keys 101-103 transmit the response signal containing the produced | generated response code and own ID code ID1-ID3. The vehicle 110 collates the response code included in the received response signal with the response code generated by itself. Further, the vehicle 110 collates the ID codes ID1 to ID3 included in the received response signal with the ID codes ID1 to ID3 stored in itself. Then, the vehicle 110 permits locking / unlocking of the vehicle door and starting of the engine when both verifications are established.

JP 2007-49759 A

  Apart from the key common system, a non-key common system in which the encryption key is different in each of the ID codes ID1 to ID3 is considered. In this system, as shown in FIG. 6, the vehicle 110 stores encryption keys K1 to K3 corresponding to the ID codes ID1 to ID3. Specifically, the electronic key 101 stores an ID code ID1 and an encryption key K1, the electronic key 102 stores an ID code ID2 and an encryption key K2, and the electronic key 103 stores an ID code ID3 and an encryption key K3. In this way, the non-key common system stores the encryption key corresponding to the ID code, and therefore has higher security than the key common system. However, in a non-key-common system, the vehicle needs to store the number of encryption keys corresponding to the number of electronic keys, and this reduces the storage capacity. Therefore, a key common system is preferable from the viewpoint of storage capacity.

  The present invention has been made in view of such circumstances, and an object of the present invention is to provide an electronic key system that secures security while suppressing compression of storage capacity by using a common encryption key for each electronic key. There is to do.

Hereinafter, means for achieving the above-described object and its operation and effects will be described.
According to the first aspect of the present invention, a common first encryption key and an ID code unique to each electronic key are stored in the control target and the plurality of electronic keys registered therein, and the control target is the When communicating with the electronic key, a challenge signal including a challenge code, which is a radio signal, is transmitted to the electronic key, and the challenge code is encrypted using the first encryption key of itself. 1, the electronic key generates a response code by encrypting the challenge code included in the received challenge signal using its first encryption key, and the generated response A response signal including a code and the ID code stored therein is transmitted to the control target, and the control target is a first generated by itself. When verification of the response code and the response code included in the response signal is established, and verification of the ID code stored in the response signal and the ID code included in the response signal is established In the electronic key system that enables control, the control target is an update mode when it is recognized that the target of wireless communication is a newly added electronic key, or when the registered electronic key is deleted The main point is to update the encryption key in the electronic key currently registered in the vicinity thereof by itself and wireless communication from the first encryption key to the second encryption key.

  According to this configuration, when a predetermined electronic key is lost, the electronic key registration is deleted from the control target when it is noticed, or a new electronic key is added to supplement the lost part. It is assumed. In this case, the control target shifts to the update mode, and updates the encryption key in the other electronic key existing around itself and through wireless communication from the first encryption key to the second encryption key. That is, the encryption key of the lost electronic key is not updated because it does not exist around the control target. As a result, even if the ID code corresponding to the lost electronic key is illegally rewritten to an ID code corresponding to another electronic key, the response code is not verified, and the controlled object is controlled. There is no. In this way, even when the encryption key between the electronic keys is shared, security can be ensured.

  According to a second aspect of the present invention, in the electronic key system according to the first aspect, the second encryption key is stored in the added electronic key, and the control target is the first response. When generating a code, a second response code is generated by encrypting the challenge code using the second encryption key generated based on the first encryption key or stored in itself. When it is determined that the verification between the first response code and the response code included in the response signal is not established, the generated second response code is compared with the response code included in the response signal. The gist is to recognize that the electronic key is added when the collation is established, and to shift to the update mode.

  According to this configuration, when the first response code is generated by the control target, the second response code is generated by encrypting the challenge code using the second encryption key. Then, both verifications of the generated response codes and the response code included in the response signal are performed.

  Here, the second encryption key is stored in the new electronic key to be added. When the new electronic key receives the challenge signal from the control target, the new electronic key transmits a response signal including the second response code generated through its own second encryption key. When it is determined that the second response code is verified, the control target shifts to the encryption key update mode and updates the encryption key. Therefore, the encryption key can be easily updated only by bringing a new electronic key around the vehicle.

  According to a third aspect of the present invention, in the electronic key system according to the second aspect, in the update mode, the control target is the first response code generated by itself and the response signal from the electronic key. The response code included in the electronic key is verified, and when this verification is established, an update signal is sent to request that the encryption key be updated, assuming that the encryption key of the electronic key is not updated. The gist of the electronic key determined to be is to update its own first encryption key to the second encryption key based on the received update signal.

  According to this configuration, in the update mode, an unupdated electronic key receives an update signal from the controlled object. Therefore, the encryption key is updated even with an unupdated electronic key. Thus, the unupdated electronic key is updated with the newly added electronic key only by performing wireless communication with the control target. Therefore, the encryption key can be updated more easily.

  According to a fourth aspect of the present invention, in the electronic key system according to any one of the first to third aspects, the second encryption key is obtained by performing data conversion on the first encryption key according to a specific algorithm. The gist is that it is generated.

  According to this configuration, since the second encryption key is obtained by data conversion of the first encryption key according to the specific algorithm, it is not necessary to store the second encryption key separately from the first encryption key. This algorithm is assigned to each control object and each electronic key. Therefore, compression of the storage capacity due to the encryption key can be suppressed. Furthermore, since it is not necessary to exchange the second encryption key between the electronic key and the control target when updating the encryption key, the security is improved.

  According to the present invention, in the electronic key system, it is possible to ensure security while suppressing compression of storage capacity by using a common encryption key for each electronic key.

The block diagram of an electronic key system. The timing chart of the signal transmitted / received between an electronic key and vehicle equipment. Explanatory drawing at the time of encryption key update. The flowchart which shows the process sequence of a control program. Explanatory drawing of a key common system. Explanatory drawing of a key non-common system.

Hereinafter, an embodiment embodying an electronic key system according to the present invention will be described with reference to FIGS.
As shown in FIG. 1, the electronic key system 1 includes an electronic key 10 possessed by a user of the vehicle 2 and an in-vehicle device 20 mounted on the vehicle 2. In the electronic key system 1, mutual communication is automatically performed between the electronic key 10 and the vehicle-mounted device 20, and on the condition that the mutual communication is established outside and inside the vehicle, the locking and unlocking of the vehicle door and the engine Start is allowed.

  First, a radio signal transmitted and received between the in-vehicle device 20 and the electronic key 10 will be briefly described with reference to FIG. The in-vehicle device 20 transmits a wake signal Swk at regular intervals inside and outside the vehicle. When the electronic key 10 receives the wake signal Swk, the electronic key 10 transmits an ack signal Sac. The in-vehicle device 20 transmits a vehicle ID signal Svi when receiving the ACK signal Sac. After confirming the validity of the received vehicle ID signal Svi, the electronic key 10 transmits an ACK signal Sac. When receiving the ACK signal Sac, the in-vehicle device 20 transmits a challenge signal Scc. Upon receiving the challenge signal Scc, the electronic key 10 transmits a response signal Sre. The in-vehicle device 20 permits locking / unlocking of the vehicle door and starting of the engine when the validity of the response signal Sre is confirmed. Hereinafter, specific configurations and operations of the electronic key 10 and the in-vehicle device 20 will be described.

<Electronic key>
As shown in FIG. 1, the electronic key 10 includes an electronic key control unit 11, a UHF (Ultra High Frequency) transmission unit 13, and an LF (low frequency) reception unit 14.

  The electronic key control unit 11 is configured by a computer unit and includes a nonvolatile memory 11a. The memory 11a stores a key ID code unique to the electronic key 10, a vehicle ID code unique to the vehicle 2, an encryption key Kc, and a specific algorithm for generating the encryption key Kc + 1 from the encryption key Kc. Yes. The encryption key Kc is, for example, data (bit string) made up of 128 bits “0” and “1”. This encryption key Kc is used when generating a response code from the challenge code. The encryption key Kc + 1 is generated by converting the encryption key Kc according to a specific algorithm. In this example, the encryption key Kc + 1 is generated by adding “1” to the bit string of the encryption key Kc in binary. For example, when the last bit in the encryption key Kc is “0”, the encryption key Kc + 1 is data in which the last bit of the encryption key Kc is converted to “1”.

  When the LF receiving unit 14 receives the LF band wake signal Swk transmitted from the vehicle-mounted device 20 via the receiving antenna 14 a, the LF receiving unit 14 demodulates the wake signal Swk into a pulse signal and outputs the pulse signal to the electronic key control unit 11. To do. When the electronic key control unit 11 recognizes that it is the wake signal Swk, the electronic key control unit 11 generates an ACK signal Sac and outputs it to the UHF transmission unit 13. The UHF transmitter 13 modulates the ACK signal Sac and transmits it as a radio signal in the UHF band via its own transmission antenna 13a. In response to the ACK signal Sac, the vehicle ID signal Svi is returned from the in-vehicle device 20.

  When the LF reception unit 14 receives the vehicle ID signal Svi in the LF band via the reception antenna 14a, the LF reception unit 14 demodulates the vehicle ID signal Svi into a pulse signal and outputs it to the electronic key control unit 11. When recognizing that it is the vehicle ID signal Svi, the electronic key control unit 11 compares the vehicle ID code included in the vehicle ID signal Svi with the vehicle ID code stored in the memory 11a. When the verification of the vehicle ID code is established, the electronic key control unit 11 generates an ACK signal Sac and outputs it to the UHF transmission unit 13. The UHF transmitter 13 modulates the ACK signal Sac and transmits it through its own transmission antenna 13a. A challenge signal Scc is transmitted from the in-vehicle device 20 in response to the ACK signal Sac.

  When the LF reception unit 14 receives the challenge signal Scc in the LF band via the reception antenna 14 a, the LF reception unit 14 demodulates the challenge signal Scc into a pulse signal and outputs it to the electronic key control unit 11. When recognizing that it is the challenge signal Scc, the electronic key control unit 11 recognizes the challenge code included in the challenge signal Scc. Then, the electronic key control unit 11 generates a response code by encrypting the challenge code using the encryption key Kc stored in the memory 11a.

  The electronic key control unit 11 outputs a response signal Sre including the generated response code and the key ID code stored in the memory 11 a to the UHF transmission unit 13. The UHF transmitter 13 modulates the response signal Sre and transmits it via its own transmission antenna 13a.

  When a new electronic key is additionally registered, an update signal Sko for requesting the electronic key 10 to update the encryption key is transmitted from the in-vehicle device 20. When the electronic key control unit 11 recognizes the update signal Sko received and demodulated through the LF reception unit 14, the electronic key control unit 11 obtains the encryption key Kc + 1 from the encryption key Kc stored in the memory 11a according to a specific algorithm stored in the memory 11a. Generate. Then, the encryption key Kc stored in the memory 11a is updated to the encryption key Kc + 1 generated this time.

  In the present embodiment, as shown in FIG. 1, there are two electronic keys 10, a master key 10a and a sub key 10b. The master key 10a and the sub key 10b are configured similarly. The key ID code ID1 is stored in the memory 11a of the master key 10a, and the key ID code ID2 is stored in the memory 11a of the sub key 10b. A common encryption key Kc is stored in each of the memories 11a of the master key 10a and the sub key 10b.

<In-vehicle device>
As shown in FIG. 1, the in-vehicle device 20 includes an in-vehicle control unit 21, an LF transmission unit 22, and an in-vehicle reception unit 24. In addition, an engine switch 33, a door lock device 34, an engine device 35, and a lock switch 32 are electrically connected to the in-vehicle control unit 21.

  The engine switch 33 is pushed when the engine is started, and outputs a signal indicating that to the vehicle-mounted control unit 21. The door lock device 34 locks and unlocks the vehicle door. The engine device 35 performs engine control. The lock switch 32 is provided on the door handle outside the vehicle, and when operated, the lock switch 32 outputs an operation signal indicating that to the vehicle-mounted control unit 21.

  The in-vehicle control unit 21 is configured by a computer unit and includes a nonvolatile memory 21a. The memory 21a has a key ID code identical to the key ID code of each electronic key, a vehicle ID code unique to the vehicle, encryption keys Kc, Kc + 1, and a specific key for generating an encryption key Kc + 1 from the encryption key Kc. The algorithm is stored.

  Specifically, as shown on the lower side of FIG. 1, key ID codes ID1 to ID5 are stored in the memory 21a. The key ID code ID1 is used when collating the key ID code when communicating with the master key 10a, and the key ID code ID2 is used when collating the key ID code when communicating with the sub key 10b. The key ID codes ID3 to ID5 are used when collating the key ID code when communicating with the added electronic key. That is, any of the key ID codes ID3 to ID5 is stored in advance in the added electronic key. The memory 21a stores a common encryption key Kc corresponding to each key ID code ID1 to ID5.

  The in-vehicle control unit 21 generates a wake signal Swk at regular intervals, and outputs it to the LF transmission unit 22. The LF transmitter 22 is provided in the door handle of each vehicle door of the vehicle 2 and in the vehicle. When the wake signal Swk is input from the vehicle-mounted control unit 21, the LF transmission unit 22 modulates the wake signal Swk and transmits it as a radio signal in the LF band to and around the vehicle via the transmission antenna 22a. .

  Here, since the in-vehicle control unit 21 transmits the wake signal Swk at different timings through the LF transmission units 22, it is determined whether the electronic key 10 is present in the vehicle or outside the vehicle based on the return timing of the ACK signal Sac. I can judge.

  The in-vehicle receiving unit 24 is provided in the vehicle and receives a radio signal from the electronic key 10 existing outside and inside the vehicle. Specifically, when receiving the ACK signal Sac transmitted from the electronic key 10 via the receiving antenna 24a, the in-vehicle receiving unit 24 demodulates this signal into a pulse signal and outputs it to the in-vehicle control unit 21.

  When the in-vehicle controller 21 recognizes the ACK signal Sac with respect to the wake signal Swk, the in-vehicle controller 21 generates a vehicle ID signal Svi including the vehicle ID code stored in its own memory 21 a and outputs it to the LF transmitter 22. The LF transmitter 22 modulates the vehicle ID signal Svi from the in-vehicle controller 21 and transmits it via the transmission antenna 22a. An ACK signal Sac is returned from the electronic key 10 in response to the vehicle ID signal Svi.

  When the in-vehicle control unit 21 recognizes the ACK signal Sac for the vehicle ID signal Svi, it generates a challenge signal Scc including a challenge code and outputs it to the LF transmission unit 22. At this time, the in-vehicle control unit 21 generates a first response code by encrypting the challenge code using the encryption key Kc stored in the memory 21a, and also stores the encryption key stored in the memory 21a. A second response code is generated by encrypting the challenge code using Kc + 1. The LF transmitter 22 modulates the challenge signal Scc from the in-vehicle controller 21 and transmits it via the transmission antenna 22a. A response signal Sre is returned from the electronic key 10 in response to the challenge signal Scc.

  When the in-vehicle control unit 21 recognizes the response signal Sre received through the in-vehicle receiving unit 24, the in-vehicle control unit 21 performs verification (first response verification) between the response code included in the response signal Sre and the first response code. Do. Moreover, the vehicle-mounted control part 21 performs collation (key ID collation) with the key ID code contained in the response signal Sre and the key ID code memorize | stored in the memory 21a.

  If it is determined that the electronic key 10 is present outside the vehicle and the first response verification and the key ID verification are established, the in-vehicle control unit 21 enters the lockable / unlockable state because the vehicle external verification is established. In this state, when the vehicle-mounted control unit 21 recognizes that the lock switch 32 has been operated, the vehicle door control unit 21 switches the lock / unlock state of the vehicle door via the door lock device 34.

  Further, when the first response verification and the key ID verification are established when it is determined that the electronic key 10 is present in the vehicle, the in-vehicle control unit 21 enters the engine start permission state because the vehicle verification is established. In this state, when the engine switch 33 installed in the vicinity of the driver's seat is operated, the operation signal is output to the in-vehicle control unit 21. When receiving the operation signal, the vehicle-mounted control unit 21 starts the engine through the engine device 35.

  Further, when the first response verification is not established, the in-vehicle control unit 21 performs verification (second response verification) between the response code included in the response signal Sre and the second response code. When this verification is established, the in-vehicle control unit 21 determines that the communication target is an electronic key to be newly added, and shifts to the encryption key update mode. That is, since the encryption key Kc + 1 is stored in the added electronic key, the second response verification is established in the in-vehicle control unit 21. In the encryption key update mode, the encryption key Kc of the electronic key 10 other than the added electronic key is also updated to the encryption key Kc + 1. Specifically, the in-vehicle control unit 21 determines that the encryption key is an unupdated regular key when the first response verification is established with the electronic key 10 in the encryption key update mode, and passes the electronic key through the LF transmission unit 22. 10 transmits an LF band update signal Sko to request update of the encryption key.

Next, the encryption key update accompanying the addition of the electronic key will be described.
As shown in FIG. 3, the additional key 10c is manufactured at a factory. The additional key 10c is configured in the same manner as the master key 10a and the like. Here, a database and a specific algorithm are stored in a memory 41 built in, for example, a computer in a factory. In this database, key ID codes ID1 to ID5 and an encryption key Kc are stored. In the factory, for example, the key ID code ID3 which is not currently used and stored in the database in the memory 11a of the additional key 10c through a dedicated tool, and the encryption key Kc + 1 obtained by converting the currently used encryption key Kc according to a specific algorithm. And write.

  The encryption key is updated only by bringing the master key 10a and the sub key 10b together with the additional key 10c to the periphery of the vehicle 2. Specifically, although the first response verification is not established through communication with the additional key 10c, the in-vehicle device 20 transitions to the encryption key update mode when the second response verification is established. In the encryption key update mode, when the in-vehicle device 20 determines that the first response verification has been established through communication with the master key 10a and the sub key 10b, the in-vehicle device 20 transmits an update signal Sko indicating that the encryption key has not been updated. By this update signal Sko, the encryption key Kc of the master key 10a and the sub key 10b is updated to the encryption key Kc + 1.

  In this way, security can be ensured when the electronic key is lost by updating the encryption key. Specifically, when the subkey 10b is lost, it is assumed that the additional key 10c is added as described above to supplement the subkey 10b. In this case, the encryption key is updated. Here, since the lost subkey 10b does not exist around the vehicle 2 when the encryption key is updated, the encryption key is never updated. For this reason, after the encryption key is updated, in the in-vehicle device 20, the first response verification is not established in communication with the lost subkey 10 b, so that the vehicle door is not illegally locked and unlocked. . The same applies to the case where the key ID code ID2 of the lost subkey 10b is rewritten to the key ID code ID1 of the master key 10a through unauthorized means. Therefore, even when the encryption keys corresponding to the key ID codes ID1 to ID5 are shared, security can be ensured.

  Next, a control program executed by the in-vehicle control unit 21 will be described with reference to the flowchart of FIG. This control program is repeatedly executed when the engine of the vehicle is stopped.

  First, it is determined whether or not the first response verification is established during communication with the electronic key (S101). When it is determined that the first response verification is established (YES in S101), it is determined whether or not the key ID code verification is established (S102). When it is determined that the key ID code verification has been established (YES in S102), locking / unlocking or engine starting is permitted (S103). When it is determined that the key ID code verification is not established (NO in S102), it is determined that the electronic key related to the current communication is not a regular one, and the unlocking and the like are not permitted, and the next time the communication with the electronic key is performed again. It is determined whether or not the first response verification is established (S101). When it is determined that the first response verification is not established (NO in S101), it is determined whether the second response verification is established (S104). When it is determined that the second response verification is not established (NO in S104), whether the first response verification is established again at the next communication with the electronic key on the assumption that the electronic key related to the current communication is not a proper one It is determined whether or not (S101).

  On the other hand, when it is determined that the second response collation is established (YES in S104), the process proceeds to the encryption key update mode (S105). In this mode, it is determined whether or not the first response verification is established during communication with the electronic key (S106) as in step S101. When it is determined that the first response collation is established (YES in S106), an update signal Sko is transmitted assuming that the encryption key of the electronic key related to the current communication is not updated (S107). Thereby, the encryption key Kc of the electronic key is updated to the encryption key Kc + 1. The processes in steps S106 and S107 are repeated until no unupdated electronic key exists around the vehicle. When it is determined that the first response verification is not established (NO in S106), the encryption key Kc of its own memory 21a is updated to the encryption key Kc + 1, assuming that an unupdated electronic key no longer exists around the vehicle. (S108). Then, after the encryption key update mode is ended (S109), the control program is ended.

  After the encryption key is updated to the encryption key Kc + 1 in this way, the first response verification is performed using the first response code generated using the encryption key Kc + 1. The second response verification is performed using the second response code generated using the encryption key Kc + 2. Here, the encryption key Kc + 2 is generated by adding “1” in binary to the bit string in the encryption key Kc + 1. The generated encryption key Kc + 2 is overwritten on the encryption key Kc + 1 of the memories 21a and 11a. That is, the encryption key Kc + n (n is a natural number) can be generated through a specific algorithm stored in the memories 21a, 11a, and 41.

As described above, according to the embodiment described above, the following effects can be obtained.
(1) When the electronic key 10 is lost, it is assumed that an additional key 10c is added to supplement the key when it is noticed. When the in-vehicle device 20 recognizes that it is the additional key 10c through wireless communication, the in-vehicle device 20 updates its own encryption key from the encryption key Kc to the encryption key Kc + 1 and wirelessly communicates with other electronic keys 10 other than the lost electronic key ( The encryption key of the electronic key 10 is updated from the encryption key Kc to the encryption key Kc + 1 through the update signal Sko). Thereby, even when the key ID code corresponding to the lost electronic key is rewritten to the key ID code corresponding to another electronic key, the first response verification is established when the encryption key is not updated. do not do. For this reason, unauthorized locking and unlocking of the vehicle door is not permitted.

  In addition, the encryption key corresponding to each key ID code is common regardless of before and after the update. Therefore, compared with the case where a different common key is stored for each key ID code, the proportion of the common key in the memory 21a can be reduced.

Thus, security can be ensured while the encryption key between the electronic keys 10 is shared.
(2) The encryption key is updated by a specific algorithm in the electronic key 10 and the in-vehicle device 20. That is, when the encryption key is updated, the encryption key is not transmitted / received between the electronic key 10 and the in-vehicle device 20. Therefore, it is possible to prevent the updated encryption key from being intercepted.

  (3) When the first response code is generated by the in-vehicle device 20, the second response code is generated by encrypting the challenge code using the encryption key Kc + 1. Then, both the generated response codes and the response code included in the response signal Sre are collated.

  On the other hand, the encryption key Kc + 1 is stored in the additional key 10c. When the additional key 10c receives the challenge signal Scc from the in-vehicle device 20, the additional key 10c transmits a response signal Sre including the second response code generated through its own encryption key Kc + 1. Therefore, when the in-vehicle device 20 determines that the verification of the second response code is established, the in-vehicle device 20 shifts to the encryption key update mode and updates the encryption key. Therefore, the encryption key can be updated only by bringing the additional key 10c around the vehicle.

  (4) In the encryption key update mode, the non-updated electronic key 10 receives the update signal Sko from the in-vehicle device 20. With the reception of the update signal Sko, the encryption key in the unupdated electronic key 10 is updated. As a result, the electronic key 10 together with the additional key 10c is updated only by performing wireless communication with the in-vehicle device 20. Therefore, the encryption key can be updated more easily.

  (5) In the key non-common system described in the background art with reference to FIG. 6, when the key ID code corresponding to the lost electronic key is deleted, the key ID code is used twice. I can't. However, in the above embodiment, since the encryption key is updated, there is no security problem even if the additional key 10c using the key ID code corresponding to the lost electronic key is created again. Therefore, losing the electronic key does not reduce the maximum number of electronic keys that can be registered in the in-vehicle device 20.

In addition, the said embodiment can be implemented with the following forms which changed this suitably.
In the above embodiment, the encryption key is updated when the additional key 10c is additionally registered. However, the encryption key may be updated when deleting the registered key ID code. For example, when the sub key 10b is lost, first, the corresponding key ID code ID2 is erased from the memory 21a. As a result, unauthorized locking / unlocking of the vehicle door by the subkey 10b as it is is restricted. However, when the key ID code ID2 of the subkey 10b is rewritten to the key ID code ID1 of the master key 10a, there is a risk that the subkey 10b impersonates the master key 10a and thus the vehicle door is unlocked or unlocked. there were. In that regard, the in-vehicle controller 21 shifts to the encryption key update mode when the key ID code is deleted from its own memory 21a. Specifically, the processing after step S105 in FIG. 4 is executed. Thereby, the master key 10a at hand and the encryption key of the memory 21a are updated as in the above embodiment. Therefore, unauthorized locking / unlocking of the vehicle door through the sub key 10b with the rewritten key ID code is restricted.

  In the above embodiment, the encryption key Kc + 1 generated based on the encryption key Kc is stored in the memory 21a. However, the encryption key Kc + 1 may be generated every time the second response verification is executed.

  In the above embodiment, every time the encryption key is updated, “1” is added to the current encryption key in binary. However, it is not limited to “1”, and for example, “2” or “3” may be added. Moreover, it is not limited to addition and may be subtracted.

  Furthermore, if a specific algorithm can be shared among the factory, the vehicle 2 and the electronic key 10, the present invention is not limited to the above algorithm. For example, the bit string may be shuffled according to a specific algorithm. By making the algorithm complicated in this way, security can be further improved.

-The process of step S101 of FIG. 4 and step S102 in the said embodiment may be reverse.
In the above embodiment, the encryption key of the electronic key 10 is automatically updated through the update signal Sko transmitted from the in-vehicle device 20 to the electronic key 10 in the encryption key update mode. However, for example, the update signal Sko may be transmitted manually through operation of a switch provided in the vehicle.

  In the above embodiment, there are two electronic keys 10, that is, a master key 10 a and a sub key 10 b, but the number is not limited to this. Further, the maximum number of electronic keys that can be registered in the vehicle is not limited to five in the above embodiment, but may be six or more or less than five.

  In the above embodiment, as the electronic key system, a so-called key operation free system in which wireless communication is automatically performed between the electronic key 10 and the vehicle-mounted device 20 when the electronic key 10 approaches the vehicle 2 has been adopted. . However, an immobilizer system in which short-distance wireless communication between the electronic key 10 and the vehicle-mounted device 20 is performed by holding the electronic key 10 over the engine switch 33 may be employed.

In the above embodiment, the encryption key is a bit string composed of “0” and “1”, but not limited thereto, various data can be used.
In the above embodiment, the control target of the electronic key 10 is a vehicle, but is not limited to a vehicle, and may be a door device for a house, for example.

  In the above embodiment, the encryption key Kc + 1 is generated based on the encryption key Kc. However, the encryption key Kc + n may be stored without generating the encryption key Kc + 1 based on the encryption key Kc. In this case, a common rule that determines which encryption key is to be used next for each update is set in advance between the factory, the vehicle 2 and the electronic key 10.

Next, the technical idea that can be grasped from the embodiment will be described together with the effects.
(A) The electronic key system according to claim 4, wherein the two encryption keys are bit strings, and the specific algorithm is to add an integer in a binary system.

  According to this configuration, for example, a second encryption key can be easily generated by adding an integer in binary to the first encryption key.

  DESCRIPTION OF SYMBOLS 1 ... Electronic key system, 2 ... Vehicle, 10 ... Electronic key, 10a ... Master key, 10b ... Sub key, 10c ... Additional key, 11 ... Electronic key control part, 11a ... Memory, 20 ... In-vehicle machine (control object), 21 ... vehicle-mounted control unit, 21a ... memory.

Claims (4)

A common first encryption key and a unique ID code for each electronic key are stored in the control object and a plurality of electronic keys registered therein,
When the control object communicates with the electronic key, the control object transmits a challenge signal including a challenge code that is a radio signal to the electronic key, and encrypts the challenge code using the first encryption key of itself. Generate a first response code by processing,
The electronic key generates a response code by encrypting the challenge code included in the received challenge signal using its own first encryption key, and stores the generated response code and the electronic key. A response signal including the ID code is transmitted to the control target;
The control target is when the first response code generated by itself is matched with the response code included in the response signal, and the ID code stored in the response code is included in the response signal. In an electronic key system that enables control when verification with an included ID code is established,
When the control target recognizes that the target of wireless communication is a newly added electronic key, or when the registered electronic key is deleted, the control target shifts to the update mode, and through its own and wireless communication, An electronic key system for updating an encryption key in the electronic key currently registered in the vicinity from the first encryption key to a second encryption key. The electronic key system according to claim 1.
The electronic key to be added stores the second encryption key,
The control object encrypts the challenge code using the second encryption key generated based on the first encryption key or stored in itself when generating the first response code. A second response code is generated, and when it is determined that the first response code is not matched with the response code included in the response signal, the generated second response code, An electronic key system which collates with a response code included in a response signal, recognizes that the electronic key is added when the collation is established, and shifts to the update mode. The electronic key system according to claim 2.
In the update mode, the controlled object collates the first response code generated by itself with the response code included in the response signal from the electronic key. Sending an update signal indicating that the encryption key of the electronic key is not updated and requesting the update of the encryption key,
The electronic key system that updates the first encryption key of the electronic key determined to be unupdated to the second encryption key based on the received update signal. The electronic key system according to any one of claims 1 to 3,
The second encryption key is an electronic key system that is generated by performing data conversion on the first encryption key according to a specific algorithm.

Images