JP5882783B2 - Electronic key registration system - Google Patents

Description

  The present invention relates to an electronic key registration system for registering an electronic key with a communication target.

  As is conventionally known, many vehicles are equipped with an electronic key system that performs key verification using an electronic key ID that is wirelessly transmitted from the electronic key. In this type of electronic key system, it is necessary to register the electronic key to be used in the vehicle. In this case, the key ID of the electronic key and the encryption key are used to control the operation of the electronic key system in the vehicle (ECU (Electronic Control Unit) etc.) must be registered in advance. Specific examples of the electronic key registration system are disclosed in Patent Documents 1 to 3, for example.

JP-A-7-61328 JP 2003-148018 A JP 2004-107959 A

  By the way, in this kind of electronic key registration system, it is assumed that an “all erasing function” is provided that enables all the electronic keys registered in the control device to be erased at once. This is because there may occur a situation where it is desired to re-register the electronic key after registration. However, if it is freely permitted to return the control device to the initial state using the all erase function, any key can be registered in the control device, so the all erase function is provided. However, it is desired that this cannot be used at an appropriate timing.

  An object of the present invention is to provide an electronic key registration system capable of disabling the electronic key all deletion function registered in a control device at an appropriate timing.

In order to solve the above problems, in the present invention, the electronic key is registered in the communication target by associating and writing the key ID and the encryption key of the electronic key to the communication target control device, and the communication target In an electronic key registration system that enables authentication of the electronic key by encrypted communication, the electronic key registration system includes a full erasing function for erasing the electronic key registered in the control device from the control device, and a condition for prohibiting the full erasing function is Monitoring means for monitoring whether or not all the functions have been prepared , and all erasing function prohibiting means for prohibiting the all erasing function when conditions for prohibiting the all erasing function have been prepared , and the electronic key and the communication object are manufactured In the line, the encryption communication is performed more than the required number of communication before shipment specified as the minimum number of encryption communications to be performed before shipment, and the all erasure function prohibiting means Number of communications, when it reaches the threshold between less than 1 or greater than the pre-shipment required communication count, and summarized in that prohibits the entire erase function.

According to the configuration of the present invention, even if the electronic key registration system is provided with a total erasing function so that the electronic key registered in the control device can be completely erased, the total erasing function is performed at a predetermined timing after the key registration. It is possible to switch to prohibition. Therefore, instead of leaving the all-erasable function enabled, the all-erase function is disabled when the conditions for erasing the all-erase function are complete. Even if an all erase function is provided, this function can be disabled at an optimal timing. According to this configuration, it is possible to disable the use of the all-erase function at a suitable timing that the number of times of encrypted communication reaches a threshold value between 1 and the number of required communication before shipment in the production line.
In order to solve the above problems, in the present invention, the electronic key is registered in the communication target by associating and writing the key ID and the encryption key of the electronic key to the communication target control device, and the communication target In an electronic key registration system that enables authentication of the electronic key by encrypted communication, the electronic key registration system includes a full erasing function for erasing the electronic key registered in the control device from the control device, and a condition for prohibiting the full erasing function is Monitoring means for monitoring whether or not all the functions have been prepared, and all erasing function prohibiting means for prohibiting the all erasing function when conditions for prohibiting the all erasing function have been prepared, and the electronic key and the communication object are manufactured In the line, the encryption communication is performed more than the required number of communication before shipment specified as the minimum number of encryption communications to be performed before shipment, and the all erasure function prohibiting means Communication time elapsed since the first time carried out, when it reaches the defined threshold as the time it takes shipping, and summarized in that prohibits the entire erase function.
According to the configuration of the present invention, in the production line, the use of the all erasure function is prohibited at a suitable timing that the elapsed time from the first encrypted communication has reached the threshold defined as the time required for shipping. It becomes possible to do.

  In the present invention, the registration of the electronic key has a different value for each electronic key, and an encryption key generation code used when generating an encryption key used for authentication, and the encryption key generation code as an encryption key generation logic. The encryption key generated through the electronic key is stored in the electronic key, the unique identification information different for each communication object and the encryption key generation logic are stored in the control device, and the encryption key is generated from the electronic key. The gist of the registration is that the code is obtained, an encryption key is generated from the encryption key generation code by the encryption key generation logic of the control device, and this is stored in the control device. According to this configuration, instead of taking the form of sending the encryption key itself directly from the electronic key to the control device in the registration of the electronic key, the encryption key generation code generated by encrypting the encryption key is sent to the control device, Since this is a method of decrypting and registering in the control device, the encryption key can be registered with high security.

  The gist of the present invention is that the registration of the electronic key is initial registration for registering a first key in the control device. According to this configuration, it is possible to switch the use of the all erasure function provided as one function of the initial registration at the optimum timing.

  The gist of the present invention is that the electronic key registration includes initial registration for registering the first key in the control device and additional registration for registering the second and subsequent keys in the control device. To do. According to this configuration, not only the first electronic key is registered to the control device for the first time, but also the second and subsequent electronic keys can be additionally registered to the control device as necessary.

  In the present invention, the all erasure function erases the electronic key registered in the control device from the control device, and the state of the control device is not registered in the control device. The gist is that the function returns to the initial state. According to this configuration, since the processing content of the all erasure function is a function for returning the control device to the initial state, it is possible to re-register the electronic key to the control device from the beginning by using the all erasure function. Become.

  According to the present invention, the electronic key all deletion function registered in the control device can be disabled at an appropriate timing.

The block diagram of the electronic key registration system of one Embodiment. The timing chart which shows the sequence of smart collation. Explanatory drawing which shows the outline | summary of the initial registration of an electronic key registration system. Explanatory drawing which shows the outline | summary of the all erasure prohibition function. The block diagram of the outline | summary of the additional registration of the electronic key registration system of another example.

Hereinafter, an embodiment of an electronic key registration system embodying the present invention will be described with reference to FIGS.
[Electronic key system]
As shown in FIG. 1, the vehicle 1 is provided with an electronic key system 3 that authenticates the validity of the electronic key 2 by bidirectional communication with the electronic key 2 triggered by communication from the vehicle 1. The electronic key 2 is a key capable of wirelessly transmitting an ID (electronic key ID) registered therein to the vehicle 1. Examples of the two-way communication electronic key system 3 include a key operation free system and an immobilizer system. Note that the vehicle 1 corresponds to a communication target.

  The vehicle 1 is provided with a verification ECU 4 that performs ID verification with the electronic key 2, a body ECU 5 that manages the power supply of the on-vehicle electrical components, and an engine ECU 6 that controls the engine, which are connected via a bus 7 in the vehicle. Has been. In the memory 4a of the verification ECU 4, an electronic key ID, an encryption key Kcr (key-1, key-2,...) Used for challenge response authentication with the electronic key 2, and an on-vehicle device ID (specific identification information of the vehicle 1) Vehicle ID) and the like are registered. When a plurality of electronic keys 2 are registered in the vehicle 1, a plurality of sets of the electronic key ID and the encryption key Kcr are stored in accordance with this. The verification ECU 4 includes an LF transmitter 8 capable of transmitting LF (Low Frequency) band radio waves, a UHF receiver 9 capable of receiving UHF (Ultra High Frequency) band radio waves, and an LF receiver capable of receiving LF radio waves. Machine 10 is connected. The verification ECU 4 corresponds to a control device.

  The electronic key 2 is provided with a key control unit 11 that manages the communication operation of the electronic key 2. Similarly to the verification ECU 4, an electronic key ID, an in-vehicle device ID, an encryption key Kcr, and the like are also registered in the memory 11a of the key control unit 11. Connected to the key control unit 11 are an LF receiving unit 12 capable of receiving LF radio waves, a UHF transmitting unit 13 capable of transmitting UHF radio waves, and an LF transmitting unit 14 capable of transmitting LF radio waves.

  As shown in FIG. 2, when the vehicle is parked (vehicle door locking, engine stop), the LF transmitter 8 outside the vehicle intermittently forms an outside communication area of the LF wake signal Swk within a range of several meters outside the vehicle. Execute smart communication outside the vehicle. The electronic key 2 is activated when it receives the wake signal Swk, and transmits the ACK signal Sack1 to the vehicle 1 by UHF. When the verification ECU 4 receives the ACK signal Sack1 by the UHF receiver 9, the verification unit 4 transmits the OBE ID signal Svi by LF, and causes the electronic key 2 to execute the OBE ID verification. The electronic key 2 transmits an ACK signal Sack2 to the vehicle 1 by UHF if the vehicle-mounted device ID verification is established.

  Subsequently, the verification ECU 4 LF-transmits the challenge Sch to the electronic key 2 to execute challenge response authentication. The challenge Sch includes a challenge code whose code is different each time it is transmitted, and a key number representing the registration key number of the vehicle 1. When the electronic key 2 receives the challenge Sch, it first performs key number verification, and if the key number verification is established, it passes the challenge code through its encryption key Kcr and generates a response code. The electronic key 2 transmits a response Srs including this response code and its own electronic key ID to the vehicle 1 by UHF. When the verification ECU 4 receives the response Srs from the electronic key 2, the verification ECU 4 performs response verification using the response code calculated by itself and the response code calculated by the electronic key 2. The verification ECU 4 also performs electronic key ID verification to confirm whether the electronic key ID acquired from the electronic key 2 is correct. When the verification ECU 4 confirms that both verifications have been established, the verification ECU 4 processes smart verification (external vehicle smart verification) as established, and permits or executes door lock locking / unlocking by the body ECU 5.

  Further, when it is detected by a courtesy switch (not shown) that the driver has boarded, for example, instead of the LF transmitter 8 outside the vehicle, the LF transmitter 8 inside the vehicle now communicates the wake signal Swk throughout the vehicle. Form an area and start in-car smart communication. At this time, when the electronic key 2 receives the wake signal Swk in the vehicle, the vehicle smart verification is executed. When the in-vehicle smart verification is established, the power supply transition operation and the engine start operation by the engine switch 15 are permitted.

  In the immobilizer system, the vehicle 1 and the electronic key 2 perform authentication without any short distance (communication distance: about 10 cm) by LF radio waves. Since the immobilizer system is a system that uses power radio waves transmitted from the vehicle 1 as the power source of the electronic key 2, the electronic key 2 can be operated without a power source. Standards such as NFC (Near Field Communication) are used for short-range radio.

[Electronic key registration system]
As shown in FIGS. 1 and 3, the electronic key 2 can be registered in the vehicle 1 by the electronic key registration system 16. In this case, each of the verification ECU 4 and the key control unit 11 is provided with registration function units 17 and 18 for performing a key registration operation. In the electronic key registration system 16 of this example, the registration tool 19 is wired to the vehicle 1, and the service person operates the registration tool 19 to register the electronic key 2 to the vehicle 1. The key registration in this example is the first registration in which the first electronic key 2a, that is, the direct delivery key (master key) is registered in the vehicle 1.

  As shown in FIG. 1, the registration tool 19 can wirelessly communicate with a center 20 that manages registration of the electronic key 2 through communication via a network. This network communication is so-called Internet communication, for example, IP (Internet Protocol) communication. The registration tool 19 performs wired communication with the vehicle 1 connected by wire such as a cable. Short-distance LF bidirectional communication is used for communication between the vehicle 1 and the electronic key 2 when the electronic key 2 is registered.

  As shown in FIG. 3, the initial registration is factory registration performed at a manufacturing factory of the vehicle 1, and a seed registration method is adopted in which key registration is completed between the vehicle 1 and the electronic key 2a. ing. The initial registration is an operation of switching the verification ECU 4 to the registration mode by outputting an initial registration command R from the registration tool 19 to the verification ECU 4 and registering the first arbitrary key in the verification ECU 4.

  In the case of the seed registration method, the encryption key “key-1” generated by passing “SD-1” as the SEED code Ssd written in the memory 11a through the key generation logic f is stored in the memory 11a. Previously written and saved. The key generation logic f similar to that registered in the electronic key 2 is written and stored in the memory 4a of the verification ECU 4. The SEED code Ssd corresponds to the encryption key generation code.

  The center 20 is provided with a vehicle-mounted device database 21 for managing which vehicle-mounted device ID and electronic key 2 are registered in which vehicle 1 (reference ECU 4). The center 20 is provided with an electronic key database 22 for managing which electronic key ID and encryption key are registered in which electronic key 2.

  In the seed registration method, the encryption key Kcr → “key-1” of the electronic key 2a to be registered for the first time is sent from the electronic key 2 to the vehicle 1 instead of the key itself, and the SEED code “SD-1” for generating the encryption key. Thus, the encryption key “key-1” is registered. In the case of the seed registration method, the verification ECU 4 acquires the electronic key ID “ID-1” from the electronic key 2 and registers it in the memory 4a, and acquires the SEED code “SD-1” from the electronic key 2. Is passed through the key generation logic f in the vehicle 1 to generate an encryption key “key-1” and register it in the vehicle 1. The SEED code “SD-1” registered in the electronic key 2 is deleted from the memory 11 a after being transmitted to the vehicle 1. In the electronic key 2, the vehicle-mounted device ID “ID-A” notified from the vehicle 1 during the initial registration process is written in the memory 11 a. Further, when the initial registration of the electronic key 2 is completed, the initial registration flag is changed from “accepted” to “rejected”, and the initial registration becomes impossible.

  After the initial registration of the electronic key 2a to the vehicle 1 is completed, the vehicle-mounted device database 21 and the electronic key database 22 managed by the center 20 need to be updated. In the case of initial registration, since the registration tool 19 is not connected to the center 20 in real time, the registration tool 19 is connected to the center 20 at a certain timing after the initial registration is completed, and the in-vehicle device database 21 and the electronic key database 22 are updated. To do.

[All Erase Function]
As shown in FIG. 1, the electronic key registration system 16 is provided with a full erasure function that erases the electronic key 2 registered in the verification ECU 4 and returns the verification ECU 4 to its original initial state. After the initial registration of the electronic key 2 to the verification ECU 4, the all erasure function outputs an initial registration command R from the registration tool 19 to the verification ECU 4, thereby erasing the electronic key 2 registered in the verification ECU 4, This is a function for returning the operation state of the ECU 4 to a state where an arbitrary key can be registered, that is, an initial state.

  In this case, the verification ECU 4 is provided with a full erasure function unit 23 that manages the full erasure function in the verification ECU 4. When the initial registration command R is input from the registration tool 19 in the state where the initial registration of the verification ECU 4 has been completed, the all deletion function unit 23 deletes the electronic key ID and the encryption key Kcr registered in the memory 4a and performs initial registration. The flag is returned from “reject” to “accept”, and the verification ECU 4 is returned to the original initial state. As a result, the verification ECU 4 can re-register the electronic key 2 for the first time.

[All erase prohibition function]
As shown in FIG. 1, the verification ECU 4 is provided with a full erasure prohibiting function that prohibits the full erasing function at a certain timing. This is because if the verification ECU 4 is provided with a complete erasure function, it is possible to freely return the verification ECU 4 to the original initial state by this complete erasure function, so that another key is newly registered in the verification ECU 4. This is because the security is low. However, if the all erasure function is prohibited immediately after the initial registration, the electronic key 2 cannot be dealt with in a situation where it is desired to delete all the electronic keys 2 thereafter.

  By the way, as shown in FIG. 4, in the process of flowing through the factory production line, the vehicle 1 repeatedly performs engine on / off operation in each process, that is, ID verification is repeatedly performed between the vehicle 1 and the electronic key 2 in each process. That is, in the production line, when the vehicle 1 is assembled, ID collation communication is performed Ns times as many times as necessary before shipment. Therefore, if the total erase function is prohibited when the ID verification communication count Nx reaches 1 or more and the threshold value Nk between the required communication count Ns before shipment, the entire erase function can be prohibited at an optimal timing. I should say that.

  As shown in FIG. 1, the verification ECU 4 is provided with a prohibition condition monitoring unit 24 that monitors whether conditions for prohibiting the all erasure function are met. The prohibition condition monitoring unit 24 of this example measures the number of ID verifications performed after the initial registration is completed by the internal counter 25, the ID verification communication count Nx is 1 or more, and the required communication count Ns before shipment. When the threshold value Nk between the following is reached, it is determined that the all erase function should be prohibited. The prohibition condition monitoring unit 24 corresponds to a monitoring unit.

  The verification ECU 4 is provided with a full erasure function prohibiting unit 26 that prohibits the full erasure function of the vehicle 1 when the prohibition condition monitoring unit 24 determines that the full erasure function should be prohibited. The all erasure function prohibition unit 26 disables (invalidates) the all erasure function unit 23 when the ID verification communication count Nx reaches a threshold value Nk between 1 and Ns, and the pre-shipment required communication count Ns. This prohibits the use of the all erase function. The all erasure function prohibiting unit 26 corresponds to all erasing function prohibiting means.

Next, the operation of the all erasure prohibiting function of this example will be described with reference to FIG.
As shown in FIG. 4, in the manufacturing factory, the first electronic key 2, that is, the master key is registered in the vehicle 1 by the initial registration operation using the registration tool 19. When it is desired to re-register the electronic key 2 after the initial registration, the electronic key 2, the electronic key ID, and the encryption key Kcr registered in the verification ECU 4 are deleted by the all deletion function of the verification ECU 4. At this time, the registration tool 19 is connected to the vehicle 1, and the initial registration command R is sent from the registration tool 19 to the verification ECU 4, whereby the information of the electronic key 2 is deleted from the verification ECU 4 by the all deletion function. Thereby, re-registration of the electronic key 2 is possible.

  Assume that after the electronic key 2 is registered in the vehicle 1 for the first time, the vehicle 1 is flowed to the production line and the vehicle 1 is assembled. At this time, an engine on / off operation is imposed in each of the first step, the second step, and so on. That is, ID collation is performed between the vehicle 1 and the electronic key 2 in each process. The prohibition condition monitoring unit 24 measures the ID verification communication count Nx using its own counter 25.

  Then, in the production line, it is assumed that the number Nx of communication times for ID collation reaches the threshold value Nk when n processes are reached. At this time, the prohibition condition monitoring unit 24 outputs a request for prohibiting the all erase function to the all erase function unit 23. When the all erase function prohibition unit 26 receives a prohibition request for the all erase function from the prohibition condition monitoring unit 24, the all erase function prohibition unit 26 disables its own operation and prohibits the all erase function. As a result, the all erasure function of the vehicle 1 cannot be used, and a state in which the all erasure function is prohibited before the vehicle 1 is shipped from the factory is ensured.

According to the configuration of the present embodiment, the following effects can be obtained.
(1) The all deletion function provided in the electronic key registration system 16 is switched to use prohibition at a certain timing after key registration. Therefore, instead of leaving the all-erasable function enabled, when the conditions for erasing the all-erased function are met, this is prohibited, so re-registration (redoing) of key registration is considered. Even if an all erase function is provided, this function can be disabled at an optimal timing.

  (2) The registration method for the initial registration of the electronic key 2 is the SEED code method, and a prohibition function for the all erasure function is provided in this method. Therefore, in the key registration of this example, where the confidentiality of the key registration is high, both convenient key re-registration using the all-erase function and security ensuring that the all-erase function is prohibited at the optimal timing are compatible. Can do.

(3) Since the key registration is the initial registration, the all-erase function, which is convenient when provided as one function of the initial registration, can be switched to use prohibition at the optimal timing.
(4) The prohibition determination of the all erasure function is set to a value between the number of communication times Nx of ID collation performed between the vehicle 1 and the electronic key 2 in the production line being 1 or more and the required number Ns or less before shipment. This is performed by checking whether or not the threshold value Nk has been reached. Therefore, the all erasure function can be switched to use prohibition at an optimal timing. In addition, the all erasure function can be surely switched to use prohibition before the vehicle 1 is shipped.

  (5) The processing content of the all erasure function is a function for returning the verification ECU 4 to an initial state (a state in which an arbitrary key can be registered). Therefore, if the all erasure function of this example is used, the key registration to the verification ECU 4 can be performed again from the beginning.

Note that the embodiment is not limited to the configuration described so far, and may be modified as follows.
The electronic key registration system 16 may register the additional electronic key 2b in the vehicle 1 by the additional registration shown in FIG. The additional registration is a registration operation performed by a dealer or the like. The registration tool 19 is connected to the center 20 and various data necessary for key registration is acquired from the center 20 by the registration tool 19. The electronic key 2b is registered.

  In this case, the in-vehicle device center key Kvc used in the additional registration of the electronic key 2b is registered in the memory 4a of the verification ECU 4. The vehicle-mounted device center key Kvc is an encryption key for key registration associated with the vehicle 1 and the center 20, and is assigned to each verification ECU 4 (vehicle 1). The in-vehicle device center key Kvc is an encryption key compliant with, for example, AES (Advanced Encryption Standard) encryption.

  In the vehicle-mounted device database 21, what vehicle-mounted device center key Kvc is registered in which vehicle 1 (verification ECU 4) is also registered. In the electronic key database 22, what kind of SEED code Ssd is registered in which electronic key 2b is also written and registered. The SEED code Ssd of the electronic key database 22 is created by passing the encryption key Kcr through the corresponding on-vehicle device center key Kvc at the center 20.

  In the case of online registration, when an additional registration command for the electronic key 2b is input from the registration tool 19, the verification ECU 4 acquires the electronic key ID “ID-2” from the electronic key 2b, and writes and stores it in the memory 4a. In addition, the verification ECU 4 outputs a SEED creation request to the center 20 via the registration tool 19 to create the SEED code Ssd of the electronic key 2b to be registered. At this time, the center 20 refers to the in-vehicle device database 21 to determine the in-vehicle device center key Kvc → “key-A” to be used, and the encryption key “key-2” of the electronic key 2b that is now registered. ] Is passed through “key-A” to create a SEED code “A2”. The center 20 outputs the created SEED code “A2” to the verification ECU 4 via the registration tool 19. The verification ECU 4 generates the encryption key “key-2” by decrypting the SEED code “A2” acquired from the center 20 through its own vehicle-mounted device center key “key-A”, and stores this in the memory 4a. Write and save. In the electronic key 2, the vehicle-mounted device ID “ID-A” notified from the vehicle 1 during the additional registration process is written in the memory 11 a.

  When the center 20 obtains the SEED creation request from the registration tool 19, the center 20 knows the electronic key ID of the electronic key 2b that is about to be additionally registered, so the electronic key ID “ID-2” of the electronic key 2b that is additionally registered is obtained. This is reflected in the in-vehicle device database 21. Further, after sending the SEED code “A2” to the registration tool 19, the center 20 reflects the encryption key “key-2” of the electronic key 2b additionally registered in the in-vehicle device database 21.

  In this case, the electronic key registration system 16 is provided with two modes of initial registration and additional registration. Thus, not only the first electronic key 2 is registered for the first time in the verification ECU 4, but also the second and subsequent electronic keys 2 can be freely additionally registered in the verification ECU 4 as necessary.

  The all erasure prohibiting function may be a form in which the all erasing function is prohibited when the elapsed time from the first communication of ID collation reaches a threshold defined as the time required for shipping. Also in this case, the all erasure function can be switched to use prohibition at an optimal timing.

  Additional registration is not limited to online registration where key registration is performed by exchanging information with the center 20 connected in real time. For example, since there are places where network communication is not possible, it may be offline where registration is completed between the vehicle 1 and the electronic key 2 in such a place.

  The all erasure function is not limited to the function of erasing all the key information stored in the verification ECU 4, and may be a function of erasing a part of one of a plurality of registered keys or only the encryption key Kcr.

The threshold value Nk is not limited to a value that is 1 or more and the required number of communication times Ns before shipment, but may be Ns or a value larger than Ns.
The condition for prohibiting the all erasure function is not limited to the format for monitoring the number of ID verification communications Nx and the time elapsed since the ID verification was first performed. For example, it can be changed as appropriate when a trigger for completion of manufacture is received or when it is removed from the manufacturing line.

-Various arithmetic expressions and functions can be adopted as the encryption key generation logic.
The encryption key generation code is not limited to the SEED code Ssd, and may be anything as long as it is data obtained by encrypting the encryption key Kcr.

The key registration is not limited to the operation of registering both the electronic key ID and the encryption key Kcr, and may be a format in which only one of them is registered.
-Encryption communication used for ID verification is not limited to challenge-response authentication, and other encryption authentication can be employed.

The communication between the vehicle 1 and the registration tool 19 is not limited to wired communication but may be wireless.
The vehicle 1 and the electronic key 2 are not limited to performing all communication with the center 20 via the registration tool 19. For example, a network communication function may be provided in the vehicle 1 or the electronic key 2 so that they can communicate directly with the center 20.

  The registration method of the electronic key registration system 16 is not limited to the method described in the embodiment (a method using the SEED code Ssd), and if the electronic key 2 can be registered in the verification ECU 4 (vehicle 1), other contents are appropriately set. It can be changed.

The electronic key registration system 16 may be constructed from, for example, the vehicle 1, the electronic key 2, and the center 20 without using the registration tool 19.
The electronic key registration system 16 is not limited to having both initial registration and additional registration, and may be a system having only one.

The electronic key registration system 16 is not limited to being employed in the vehicle 1 and can be applied to other devices and apparatuses.
It is not limited to storing the encryption key Kcr in the electronic key 2 in advance. For example, an electronic key center key associated with the electronic key 2 and the center 20 may be registered in both, and the encryption key Kcr may be encrypted with the electronic key center key and sent.

  DESCRIPTION OF SYMBOLS 1 ... Vehicle as communication object, 2 (2a, 2b) ... Electronic key, 4 ... Verification ECU as control apparatus, 16 ... Electronic key registration system, 24 ... Prohibition condition monitoring part as monitoring means, 26 ... All deletion function All erasure function prohibition section as prohibition means, Kcr ... encryption key, Ssd ... SEED code as encryption key generation code, f ... encryption key generation logic, Nx ... number of encryption communications, Nk ... threshold, Ns ... communication required before shipment Number of times.

Claims (6)

An electronic device that registers a key ID and an encryption key of an electronic key in association with a communication target control device, registers the electronic key in the communication target, and can authenticate the communication target and the electronic key by encrypted communication. In the key registration system,
A complete erasure function for erasing the electronic key registered in the control device from the control device;
Monitoring means for monitoring whether or not conditions for prohibiting the all erasure function are met;
When a condition for prohibiting the all erasing function is prepared , the all erasing function prohibiting means for prohibiting the all erasing function , and
In the production line, the electronic key and the object to be communicated are subjected to the encryption communication at a number of times required before the shipment specified as the minimum number of times of the encryption communication performed before the shipment,
The all-erase function prohibiting unit prohibits the all-erase function when the number of times of encryption communication reaches a threshold value between 1 and the number of required communication before shipment. Key registration system. An electronic device that registers a key ID and an encryption key of an electronic key in association with a communication target control device, registers the electronic key in the communication target, and can authenticate the communication target and the electronic key by encrypted communication. In the key registration system,
A complete erasure function for erasing the electronic key registered in the control device from the control device;
Monitoring means for monitoring whether or not conditions for prohibiting the all erasure function are met;
When a condition for prohibiting the all erasing function is prepared, the all erasing function prohibiting means for prohibiting the all erasing function, and
In the production line, the electronic key and the object to be communicated are subjected to the encryption communication at a number of times required before the shipment specified as the minimum number of times of the encryption communication performed before the shipment,
The all erasure function prohibiting unit prohibits the all erasure function when an elapsed time after the first encryption communication is performed reaches a threshold defined as a time required for shipping.
An electronic key registration system characterized by that . Registration of the electronic key is
The electronic key has a different value for each electronic key and is used when generating an encryption key used for authentication, and an encryption key generated by passing the encryption key generation code through an encryption key generation logic. Save to key
The unique identification information different for each communication target and the encryption key generation logic are stored in the control device,
The encryption key generation code is acquired from the electronic key, the encryption key is generated from the encryption key generation code by the encryption key generation logic of the control device, and the registration is stored in the control device. The electronic key registration system according to claim 1 or 2 . The electronic key registration system according to any one of claims 1 to 3 , wherein the registration of the electronic key is an initial registration for registering a first key in the control device. 2. The electronic key registration includes initial registration for registering a first key in the control device and additional registration for registering second and subsequent keys in the control device. electronic key registration system as claimed in any one of 1-4. The all erasure function erases the electronic key registered in the control device from the control device, and returns the state of the control device to an initial state in which no electronic key is registered in the control device. It is a function, The electronic key registration system as described in any one of Claims 1-5 characterized by the above-mentioned.