JP6218914B1 - Distribution system, data security device, distribution method, and computer program - Google Patents

Abstract

An object of the present invention is to improve the efficiency of key distribution applied to an in-vehicle computer such as an ECU mounted on a vehicle such as an automobile. A key generation device generates a first key to be supplied to an in-vehicle computer using a master key and a vehicle identifier, and uses a first key and a common initial key of the vehicle to generate a first key update request message. Is generated and transmitted to the in-vehicle computer. The in-vehicle computer updates the initial key to the first key using its own initial key and the first key update request message, and completes the first update using the first key. A message is generated and a first update completion message is transmitted to the key generation device, and the key generation device verifies the first update completion message based on the first key supplied to the in-vehicle computer. [Selection] Figure 5

Description

The present invention relates to a distribution system , a data security device, a distribution method, and a computer program.

  2. Description of the Related Art Conventionally, an automobile has an ECU (Electronic Control Unit), and functions such as engine control are realized by the ECU. The ECU is a kind of computer and realizes a desired function by a computer program. For example, Non-Patent Document 1 discloses a security technique for an in-vehicle control system configured by connecting a plurality of ECUs to a CAN (Controller Area Network).

Keisuke Takemori, “Protection of in-vehicle control systems based on secure elements: Organizing and considering element technologies”, IEICE, IEICE Technical Report, vol. 114, no. 508, pp. 73-78, 2015 March Japanese Industrial Standard, JIS D4901, “Vehicle Identification Number (VIN)” STMicroelectronics, “AN4240 Application note”, [October 5, 2016 search], Internet <URL: http://www.st.com/web/en/resource/technical/document/application_note/DM00075575.pdf>

  One problem is to improve the efficiency of key distribution applied to the ECU of an in-vehicle control system of an automobile.

The present invention has been made in view of such circumstances, a distribution system capable of improving the efficiency of key distribution applied to an in-vehicle computer such as an ECU mounted on a vehicle such as an automobile , It is an object to provide a data security device, a distribution method, and a computer program.

(1) One aspect of the present invention includes a key generation device and a vehicle-mounted computer mounted on a vehicle, and the key generation device supplies the vehicle-mounted computer using a master key and a vehicle identifier of the vehicle. Generating a first key update request message using a key generation unit that generates the first key to be used, the first key and a common initial key of the vehicle stored in advance in the in-vehicle computer, A first key distribution unit that transmits a key update request message to the in-vehicle computer, wherein the in-vehicle computer transmits / receives data to / from an external device of the in-vehicle computer, and a storage unit that stores the initial key And an initial key stored in the storage unit using the initial key stored in the storage unit and the first key update request message received from the key generation device by the interface unit A key update unit that updates the first key and generates a first update completion message using the first key, and transmits the first update completion message to the key generation device by the interface unit, The first key distribution unit is a distribution system that verifies a first update completion message received from the in-vehicle computer based on a first key supplied to the in-vehicle computer.
(2) One aspect of the present invention is the distribution system according to (1), wherein the key generation unit further includes a second key supplied to the in-vehicle computer using the master key and a vehicle identifier of the vehicle. The first key distribution unit generates the second key update request message using the second key and the first key supplied to the in-vehicle computer, and sends the second key update request message to the in-vehicle The key update unit stores the second key using the first key stored in the storage unit and the second key update request message received from the key generation device by the interface unit. The second update completion message is generated using the second key, and the in-vehicle computer transmits the second update completion message to the key generation device by the interface unit, The key distribution unit, the second update completion message received from the onboard computer, verifying based on a second key supplied to the vehicle computer, a distribution system.

(3) One aspect of the present invention includes a key generation device, an in-vehicle computer mounted on a vehicle, and a data security device mounted on the vehicle. The key generation device includes a master key and a vehicle of the vehicle. A key generation unit that generates a first key to be supplied to the in-vehicle computer and the data security device using an identifier; a common of the vehicle stored in advance in the first key, the in-vehicle computer, and the data security device The first key update request message is generated using the initial key, the first verification data is generated using the first key, and the first key update request message and the first verification data are converted into the data. A first key distribution unit for transmitting to the security device, wherein the data security device is a first interface unit for transmitting / receiving data to / from an external device of the own data security device, and a first storage unit for storing the initial key. A first key update request message received from the key generation device by the first interface unit is transmitted to the in-vehicle computer by the first interface unit, and stored in the first storage unit. A first key update unit that updates an initial key stored in the first storage unit to a first key using an initial key and a first key update request message received from the key generation device by the first interface unit The in-vehicle computer includes a second interface unit that transmits / receives data to / from an external device of the in-vehicle computer, a second storage unit that stores the initial key, and an initial stored in the second storage unit The initial key stored in the second storage unit using the key and the first key update request message received from the data security device by the second interface unit as the first key A second key update unit that generates a first update completion message using the first key, and transmits the first update completion message to the data security device by the second interface unit, The second key distribution unit verifies the first update completion message received from the in-vehicle computer by the first interface unit using the first verification data received from the key generation device by the first interface unit. , Distribution system.
(4) In one aspect of the present invention, in the distribution system of (3), the key generation unit supplies the in-vehicle computer and the data security device using the master key and the vehicle identifier of the vehicle. Further generating a second key, the first key distribution unit generates a second key update request message using the second key and the first key supplied to the in-vehicle computer and the data security device, The second key is used to generate second verification data, the second key update request message and the second verification data are transmitted to the data security device, and the second key distribution unit includes the first interface. The second key update request message received from the key generation device by the unit is transmitted to the in-vehicle computer by the first interface unit, and the first key update unit is stored in the first storage unit. The second key is stored in the first storage unit using the key and the second key update request message received from the key generation device by the first interface unit, and the second key update unit Storing the second key in the second storage unit using the first key stored in the storage unit and the second key update request message received from the data security device by the second interface unit; A second update completion message is generated using a key, and the in-vehicle computer transmits the second update completion message to the data security device by the second interface unit, and the second key distribution unit transmits the second update completion message to the data security device. The second update completion message received from the in-vehicle computer by the one interface unit is verified using the second verification data received from the key generation device by the first interface unit. , It is a delivery system.

(5) One aspect of the present invention includes a key generation device, an in-vehicle computer mounted on a vehicle, and a data security device mounted on the vehicle. The key generation device includes a master key and a vehicle of the vehicle. A key generation unit that generates a first key to be supplied to the in-vehicle computer and the data security device using an identifier, and a first key distribution unit that transmits the first key to the data security device, The data security device stores a first interface unit that transmits and receives data to and from an external device of the data security device, and a first initial key that is stored in advance in the in-vehicle computer and the data security device. A storage unit, a first key update unit that updates an initial key stored in the first storage unit with a first key received from the key generation device by the first interface unit, and a storage in the first storage unit Is A distribution processing unit configured to generate a first key update request message using an initial key and a first key received from the key generation device by the first interface unit; and A second key distribution unit for transmitting to the in-vehicle computer by an interface unit, wherein the in-vehicle computer transmits and receives data to and from an external device of the in-vehicle computer, and stores the initial key. An initial stored in the second storage using a storage, an initial key stored in the second storage, and a first key update request message received from the data security device by the second interface A second key update unit that updates the key to the first key and generates a first update completion message using the first key, and the second interface unit causes the first key to be updated. An update completion message is transmitted to the data security device, and the distribution processing unit receives the first update completion message received from the in-vehicle computer by the first interface unit from the key generation device by the first interface unit. A distribution system for verifying based on a first key.
(6) According to one aspect of the present invention, in the distribution system of (5), the key generation unit supplies the in-vehicle computer and the data security device using the master key and a vehicle identifier of the vehicle. A second key is further generated, the first key distribution unit transmits the second key to the data security device, and the first key update unit is received from the key generation device by the first interface unit. A second key is stored in the first storage unit, and the distribution processing unit includes a first key stored in the first storage unit and a second key received from the key generation device by the first interface unit. The second key update request message is generated by using the first interface unit, and the second key update unit transmits the second key update request message to the in-vehicle computer via the first interface unit. Is the second A second key is stored in the second storage unit using the first key stored in the unit and the second key update request message received from the data security device by the second interface unit, and the second key The second update completion message is generated using the second interface unit, and the in-vehicle computer transmits the second update completion message to the data security device, and the distribution processing unit includes the first interface unit. Is a distribution system that verifies the second update completion message received from the in-vehicle computer based on the second key received from the key generation device by the first interface unit.

(7) One aspect of the present invention includes an in-vehicle computer mounted on a vehicle and a data security device mounted on the vehicle, and the data security device uses a master key and a vehicle identifier of the vehicle. A key generation unit for generating a first key to be supplied to the in-vehicle computer and the data security device, a first interface unit for transmitting / receiving data to / from an external device of the own data security device, the in-vehicle computer and the data security device A first storage unit storing a common initial key of the vehicle stored in advance, a first key update unit updating the initial key stored in the first storage unit to the first key, and the first A distribution processing unit that generates a first key update request message using a key and an initial key stored in the first storage unit, and generates first verification data using the first key; 1 key update request message A second key distribution unit that transmits the data to the in-vehicle computer through the first interface unit, wherein the in-vehicle computer transmits / receives data to / from an external device of the in-vehicle computer, and the initial key The second storage unit using the second storage unit that stores the initial key stored in the second storage unit and the first key update request message received from the data security device by the second interface unit A second key update unit that updates the initial key stored in the first key to the first key and generates a first update completion message using the first key, and the first interface updates the first update by the second interface unit. A completion message is transmitted to the data security device, and the second key distribution unit receives the first update completion message received from the in-vehicle computer by the first interface unit, It is verified using the serial first verification data, a delivery system.
(8) According to one aspect of the present invention, in the distribution system according to (7), the key generation unit supplies the in-vehicle computer and the data security device using the master key and the vehicle identifier of the vehicle. The distribution processing unit generates a second key update request message using the second key and the first key supplied to the in-vehicle computer and the data security device, and further generates a second key. 2nd verification data is produced | generated using 2 keys, The said 2nd key distribution part transmits the said 2nd key update request message to the said vehicle-mounted computer by the said 1st interface part, The said 1st key update part Stores the second key in the first storage unit, and the second key update unit receives the first key stored in the second storage unit and the second interface unit from the data security device. Second key update required A second key is stored in the second storage unit using the message and a second update completion message is generated using the second key, and the in-vehicle computer uses the second interface unit to generate the second key. An update completion message is transmitted to the data security device, and the second key distribution unit verifies the second update completion message received from the in-vehicle computer by the first interface unit using the second verification data. , Distribution system.

(9) According to one aspect of the present invention, a key generation unit that generates a first key to be supplied to an in-vehicle computer mounted on the vehicle using a master key and a vehicle identifier of the vehicle, the first key, A first key update request message is generated using a common initial key of the vehicle stored in advance in the in-vehicle computer, and the first key update request message is transmitted to the in-vehicle computer and received from the in-vehicle computer. And a first key distribution unit that verifies a first update completion message based on a first key supplied to the in-vehicle computer.
(10) One aspect of the present invention is the key generation device according to (9), wherein the key generation unit uses a master key and a vehicle identifier of the vehicle to supply a second key to be supplied to the in-vehicle computer. Further, the first key distribution unit generates a second key update request message using the second key and the first key supplied to the in-vehicle computer, and sends the second key update request message to the second key update request message. The key generation device transmits the data to the in-vehicle computer, and the first key distribution unit verifies the second update completion message received from the in-vehicle computer based on the second key supplied to the in-vehicle computer.

(11) According to one aspect of the present invention, in an in-vehicle computer mounted on a vehicle, an interface unit that transmits / receives data to / from an external device of the in-vehicle computer, and a common initial key of the vehicle stored in the in-vehicle computer in advance The initial key stored in the storage unit using the storage unit storing the first key update request message received from the key generation device by the interface unit and the initial key stored in the storage unit. An in-vehicle computer comprising: a key update unit that updates the key and generates a first update completion message using the first key, and transmits the first update completion message to the key generation device by the interface unit It is.
(12) One aspect of the present invention is the in-vehicle computer according to (11), wherein the key update unit includes a first key stored in the storage unit and a second key received from the key generation device by the interface unit. An update request message is used to store a second key in the storage unit, and a second update completion message is generated using the second key, and the in-vehicle computer uses the interface unit to complete the second update An in-vehicle computer that transmits a message to the key generation device.

(13) According to an aspect of the present invention, a key generation unit that generates a first key to be supplied to an in-vehicle computer and a data security device mounted on the vehicle using a master key and a vehicle identifier of the vehicle, A first key update request message is generated using one key and a common initial key of the vehicle stored in advance in the in-vehicle computer and the data security device, and the first verification data is generated using the first key. And a first key distribution unit that transmits the first key update request message and the first verification data to the data security device.
(14) One aspect of the present invention is the key generation device according to (13), wherein the key generation unit supplies the in-vehicle computer and the data security device using the master key and a vehicle identifier of the vehicle. And generating a second key update request message using the second key and the first key supplied to the in-vehicle computer and the data security device. The key generation device generates second verification data using the second key, and transmits the second key update request message and the second verification data to the data security device.

(15) According to one aspect of the present invention, in a data security device mounted on a vehicle, a first interface unit that transmits / receives data to / from an external device of the data security device, an in-vehicle computer mounted on the vehicle, and the data A first storage unit storing a common initial key of the vehicle stored in advance in a security device; and a first key update request message received from a key generation device by the first interface unit by the first interface unit. The second key distribution unit to be transmitted to the in-vehicle computer, the initial key stored in the first storage unit, and the first key update request message received from the key generation device by the first interface unit. A first key update unit that updates an initial key stored in one storage unit to a first key, and the second key distribution unit is connected to the first key by the first interface unit. The first update completion message received from the onboard computer and verified using the first verification data received from the key generating device by said first interface unit is a data security device.
(16) One aspect of the present invention is the data security device according to (15), wherein the second key distribution unit receives the second key update request message received from the key generation device by the first interface unit, The first interface unit transmits to the in-vehicle computer, and the first key update unit receives the first key stored in the first storage unit and the second key update received from the key generation device by the first interface unit. The second key is stored in the first storage unit using the request message, and the second key distribution unit receives the second update completion message received from the in-vehicle computer by the first interface unit. A data security device that verifies using second verification data received from the key generation device by an interface unit.

(17) According to one aspect of the present invention, in a vehicle-mounted computer mounted on a vehicle, a second interface unit that transmits / receives data to / from an external device of the vehicle-mounted computer, the vehicle-mounted computer, and a data security device mounted on the vehicle A second storage unit storing a common initial key of the vehicle stored in advance, an initial key stored in the second storage unit, and a first key update received from the data security device by the second interface unit A second key update unit that updates an initial key stored in the second storage unit to a first key using a request message and generates a first update completion message using the first key; And a second in-vehicle computer that transmits the first update completion message to the data security device.
(18) One aspect of the present invention is the in-vehicle computer according to (17), wherein the second key update unit includes the first key stored in the second storage unit and the second interface unit. The second key update request message received from the second key is stored in the second storage unit, and the second key is used to generate a second update completion message. The in-vehicle computer transmits the second update completion message to the data security device by a second interface unit.

(19) According to one aspect of the present invention, a key generation unit that generates a first key to be supplied to an in-vehicle computer and a data security device mounted on the vehicle using a master key and a vehicle identifier of the vehicle, And a first key distribution unit that transmits one key to the data security device.
(20) One aspect of the present invention is the key generation device according to (19), wherein the key generation unit supplies the in-vehicle computer and the data security device using the master key and a vehicle identifier of the vehicle. A second key to be generated, and the first key distribution unit transmits the second key to the data security device.

(21) According to one aspect of the present invention, in a data security device mounted on a vehicle, a first interface unit that transmits / receives data to / from an external device of the data security device, an in-vehicle computer mounted on the vehicle, and the data A first storage unit that stores a common initial key of the vehicle stored in advance in a security device, and a first storage unit that receives the initial key stored in the first storage unit from the key generation device by the first interface unit. A first key update request message using a first key update unit updated to a key, an initial key stored in the first storage unit, and a first key received from the key generation device by the first interface unit; And a second key distribution unit that transmits the first key update request message to the in-vehicle computer through the first interface unit, and the distribution processing unit includes: Wherein the first update completion message received from the onboard computer by the first interface unit, verifies based on the first key received from the key generating device by said first interface unit is a data security device.
(22) One aspect of the present invention is the data security device according to (21), wherein the first key update unit stores the second key received from the key generation device by the first interface unit in the first storage. And the distribution processing unit uses the first key stored in the first storage unit and the second key received from the key generation device by the first interface unit to generate a second key update request. The second key distribution unit transmits the second key update request message to the in-vehicle computer by the first interface unit, and the distribution processing unit transmits the second key update request message to the in-vehicle computer by the first interface unit. The data update device verifies the second update completion message received from the first key based on the second key received from the key generation device.

(23) According to one aspect of the present invention, in a vehicle-mounted computer mounted on a vehicle, a second interface unit that transmits / receives data to / from an external device of the vehicle-mounted computer, the vehicle-mounted computer, and a data security device mounted on the vehicle A second storage unit storing a common initial key of the vehicle stored in advance, an initial key stored in the second storage unit, and a first key update received from the data security device by the second interface unit A second key update unit that updates an initial key stored in the second storage unit to a first key using a request message and generates a first update completion message using the first key; And a second in-vehicle computer that transmits the first update completion message to the data security device.
(24) One aspect of the present invention is the data security device according to (23), wherein the second key update unit includes the first key stored in the second storage unit and the second interface unit. The second key update request message received from the second key is stored in the second storage unit, and the second key is used to generate a second update completion message. The in-vehicle computer transmits the second update completion message to the data security device by a second interface unit.

(25) According to one aspect of the present invention, in a data security device mounted on a vehicle, a master key and a vehicle identifier of the vehicle are used to supply the vehicle-mounted computer mounted on the vehicle and the data security device. A key generation unit for generating one key, a first interface unit for transmitting / receiving data to / from an external device of the own data security device, and a common initial key for the vehicle stored in advance in the in-vehicle computer and the data security device. A first storage unit to store; a first key update unit that updates an initial key stored in the first storage unit to the first key; and an initial key stored in the first key and the first storage unit. Generating a first key update request message using the first key, generating first verification data using the first key, and sending the first key update request message to the first interface unit. The vehicle A second key distribution unit for transmitting to the computer, wherein the second key distribution unit uses the first verification data to receive a first update completion message received from the in-vehicle computer by the first interface unit. This is a data security device to be verified.
(26) One aspect of the present invention is the data security device according to (25), wherein the key generation unit supplies the in-vehicle computer and the data security device using the master key and the vehicle identifier of the vehicle. And generating a second key update request message using the second key and the first key supplied to the in-vehicle computer and the data security device, Second verification data is generated using a second key, and the second key distribution unit transmits the second key update request message to the in-vehicle computer through the first interface unit, and the first key update The unit stores the second key in the first storage unit, and the second key distribution unit receives the second update completion message received from the in-vehicle computer by the first interface unit and performs the second verification. It is verified using the over data, which is a data security apparatus.

(27) According to one aspect of the present invention, in a vehicle-mounted computer mounted on a vehicle, a second interface unit that transmits and receives data to and from an external device of the vehicle-mounted computer, the vehicle-mounted computer, and a data security device mounted on the vehicle A second storage unit storing a common initial key of the vehicle stored in advance, an initial key stored in the second storage unit, and a first key update received from the data security device by the second interface unit A second key update unit that updates an initial key stored in the second storage unit to a first key using a request message and generates a first update completion message using the first key; And a second in-vehicle computer that transmits the first update completion message to the data security device.
(28) One aspect of the present invention is the on-board computer according to (27), wherein the second key update unit includes the first key stored in the second storage unit and the second interface unit. The second key update request message received from the second key is stored in the second storage unit, and the second key is used to generate a second update completion message. The in-vehicle computer transmits the second update completion message to the data security device by a second interface unit.

(29) In one aspect of the present invention, a key generation device generates a first key to be supplied to an in-vehicle computer mounted on the vehicle using a master key and a vehicle identifier of the vehicle. The key generation device generates a first key update request message using the first key and a common initial key of the vehicle stored in advance in the in-vehicle computer, and the first key update request message A first key distribution step for transmitting to the in-vehicle computer, an initial key stored in the storage unit of the in-vehicle computer, and an interface unit for transmitting / receiving data to / from an external device of the in-vehicle computer, A first key update request message received is used to update an initial key stored in the storage unit to a first key, and a first update completion message is generated using the first key. A key update / completion message generation step; a first update completion message transmission step in which the in-vehicle computer transmits the first update completion message to the key generation device by the interface unit; and the key generation device includes the in-vehicle computer. And a first verification step for verifying the first update completion message received from the first key supplied to the in-vehicle computer.
(30) One aspect of the present invention is the distribution method according to (29), wherein the key generation device further includes a second key supplied to the in-vehicle computer using the master key and a vehicle identifier of the vehicle. Generating a second key update request message using the second key generation step and the key generation device using the second key and the first key supplied to the in-vehicle computer, and generating the second key update request. A second key distribution step of transmitting a message to the in-vehicle computer; a first key stored in the storage unit by the in-vehicle computer; and a second key update request message received from the key generation device by the interface unit. A second key update / completion message generation step of using the second key to generate a second update completion message using the second key, and storing the second key in the storage unit; A second update completion message transmission step for transmitting the second update completion message to the key generation device by the interface unit, and a second update completion message received by the key generation device from the in-vehicle computer, And a second verification step of verifying based on the second key supplied to the in-vehicle computer.

(31) According to one aspect of the present invention, a key generation device generates a first key to be supplied to an in-vehicle computer and a data security device mounted on the vehicle using a master key and a vehicle identifier of the vehicle. A key generation step, and the key generation device generates a first key update request message using the first key and a common initial key of the vehicle stored in advance in the in-vehicle computer and the data security device. A first key distribution step of generating first verification data using the first key, and transmitting the first key update request message and the first verification data to the data security device; and the data security device comprises: A first key update request message received from the key generation device by the first interface unit that transmits / receives data to / from an external device of the own data security device is transmitted to the vehicle by the first interface unit. A first key update request message transmission step to be transmitted to the computer; an initial key stored in the first storage unit of the data security device; and a first key update received from the key generation device by the first interface unit. A first key updating step of updating an initial key stored in the first storage unit to a first key using a request message; and an initial key stored in the second storage unit of the in-vehicle computer. The first key stored in the second storage unit is first stored in the second storage unit using the first key update request message received from the data security device by the second interface unit that transmits and receives data to and from an external device of the in-vehicle computer. A first key update / completion message generating step of updating to a key and generating a first update completion message using the first key; A first update completion message transmission step for transmitting the first update completion message to the data security device by the interface unit; and a first update completion message received by the data security device from the in-vehicle computer by the first interface unit. And a first verification step of verifying using the first verification data received from the key generation device by the first interface unit.
(32) According to one aspect of the present invention, in the distribution method of (31), the key generation device supplies the in-vehicle computer and the data security device using the master key and a vehicle identifier of the vehicle. A second key update request message using a second key generation step of further generating a second key, and a first key supplied from the key generation device to the in-vehicle computer and the data security device; A second key distribution step of generating second verification data using the second key, and transmitting the second key update request message and the second verification data to the data security device; The security device transmits a second key update request message received from the key generation device by the first interface unit to the in-vehicle computer by the first interface unit. A key update request message transmission step, and the data security device uses a first key stored in the first storage unit and a second key update request message received from the key generation device by the first interface unit. A second key updating step for storing the second key in the first storage unit, and the in-vehicle computer receiving the first key stored in the second storage unit and the second interface unit from the data security device. A second key update / completion message generation step of storing the second key in the second storage unit using the second key update request message and generating a second update completion message using the second key. A second update completion message transmission step in which the in-vehicle computer transmits the second update completion message to the data security device by the second interface unit; The data security device verifies the second update completion message received from the in-vehicle computer by the first interface unit using the second verification data received from the key generation device by the first interface unit. And a verification step.

(33) In one aspect of the present invention, a key generation device generates a first key to be supplied to an in-vehicle computer and a data security device mounted on the vehicle using a master key and a vehicle identifier of the vehicle. A key generation step, a first key distribution step in which the key generation device transmits the first key to the data security device, and the data security device is stored in its own first storage unit. And the initial common key of the vehicle stored in advance in the data security device "is updated to the first key received from the key generation device by the first interface unit that transmits / receives data to / from an external device of the own data security device. Using the first key update step, the data security device using the initial key stored in the first storage unit, and the first key received from the key generation device by the first interface unit. A first key update request message generating step for generating a one key update request message; and a first key update request for the data security device to transmit the first key update request message to the in-vehicle computer through the first interface unit. A message transmission step, and a first interface received by the in-vehicle computer from the data security device by an initial key stored in its own second storage unit and a second interface unit that transmits and receives data to and from an external device of the in-vehicle computer. Updating the initial key stored in the second storage unit to the first key using the key update request message and generating a first update completion message using the first key A message generation step, and the in-vehicle computer sends the first update completion message to the data security by the second interface unit. A first update completion message transmission step for transmitting to a device; and the data security device receives a first update completion message received from the in-vehicle computer by the first interface unit from the key generation device by the first interface unit. And a first verification step for verifying based on the first key.
(34) One aspect of the present invention is the distribution method according to (33), wherein the key generation device supplies the in-vehicle computer and the data security device using the master key and the vehicle identifier of the vehicle. A second key generation step of further generating a second key; a second key distribution step in which the key generation device transmits the second key to the data security device; and the data security device in the first interface unit. A second key updating step of storing the second key received from the key generation device in the first storage unit, the first data stored in the first storage unit, and the first key stored in the first storage unit. A second key update request message generation step of generating a second key update request message using the second key received from the key generation device by the interface unit; and A second key update request message transmission step of transmitting an update request message to the in-vehicle computer by the first interface unit; a first key stored in the second storage unit by the in-vehicle computer; and the second interface unit A second key update request message received from the data security device is used to store a second key in the second storage unit and a second update completion message is generated using the second key. A key update / completion message generation step, a second update completion message transmission step in which the in-vehicle computer transmits the second update completion message to the data security device by the second interface unit; and A second update completion message received from the in-vehicle computer by the first interface unit; A second verification step of verifying on the basis of the second key received from the key generating device by the interface unit is further comprising distributing method.

(35) According to one aspect of the present invention, a data security device mounted on a vehicle uses a master key and a vehicle identifier of the vehicle to supply the vehicle-mounted computer mounted on the vehicle and the data security device. A first key generating step for generating one key; and the data security device is stored in its own first storage unit “a common initial key for the vehicle stored in advance in the in-vehicle computer and the data security device” A first key update step for updating the first key to the first key, and the data security device sends a first key update request message using the first key and the initial key stored in the first storage unit. A first message generation step of generating first verification data using the first key, and the data security device sends the first key update request message to a device external to the data security device and data The A first key update request message transmission step for transmitting to the in-vehicle computer by the first interface unit to be received; an initial key stored in the second storage unit of the in-vehicle computer; An initial key stored in the second storage unit is updated to a first key using a first key update request message received from the data security device by a second interface unit that transmits and receives data, and the first key A first key update / completion message generation step for generating a first update completion message using the first in-vehicle computer, wherein the in-vehicle computer transmits the first update completion message to the data security device by the second interface unit. An update completion message transmission step and the data security device are connected to the in-vehicle computer by the first interface unit. The first update completion message et received a delivery method including, a first verification step of verifying using the first verification data.
(36) According to one aspect of the present invention, in the distribution method of (35), the data security device supplies the in-vehicle computer and the data security device using the master key and the vehicle identifier of the vehicle. A second key update request message using a second key generation step of further generating a second key, and the data security device using the second key and the first key supplied to the in-vehicle computer and the data security device. Generating a second verification data using the second key, and the data security device sends the second key update request message to the in-vehicle computer by the first interface unit. A second key update request message transmission step for transmitting to the second key update step, wherein the data security device stores the second key in the first storage unit; The in-vehicle computer uses the first key stored in the second storage unit and the second key update request message received from the data security device by the second interface unit to store the second key in the second storage. A second key update / completion message generation step of generating a second update completion message using the second key, and the in-vehicle computer transmitting the second update completion message by the second interface unit. A second update completion message transmission step for transmitting to the data security device; and a second update completion message received by the data security device from the in-vehicle computer by the first interface unit using the second verification data. This is a delivery method to be verified.

(37) According to one aspect of the present invention, there is provided a key generation function for generating a first key to be supplied to an in-vehicle computer mounted on the vehicle using a master key and a vehicle identifier of the vehicle. A first key update request message is generated using a key and a common initial key of the vehicle stored in advance in the in-vehicle computer, the first key update request message is transmitted to the in-vehicle computer, and the in-vehicle computer And a first key distribution function for verifying a first update completion message received from the first key supplied to the in-vehicle computer.
(38) In one aspect of the present invention, in the computer program of (37), the key generation function further includes a second key supplied to the in-vehicle computer using the master key and a vehicle identifier of the vehicle. The first key distribution function generates the second key update request message using the second key and the first key supplied to the in-vehicle computer, and sends the second key update request message to the in-vehicle The first key distribution function is a computer program that verifies the second update completion message received from the in-vehicle computer based on the second key supplied to the in-vehicle computer.

(39) According to one aspect of the present invention, in a vehicle-mounted computer mounted on a vehicle, a storage function for storing a common initial key of the vehicle stored in advance in the vehicle-mounted computer, and an initial key stored in the storage function And the first key update request message received from the key generation device by the interface unit that transmits and receives data with the device external to the in-vehicle computer, and updates the initial key stored in the storage function to the first key. A computer for realizing a key update function for generating a first update completion message using the first key and a transmission function for transmitting the first update completion message to the key generation device by the interface unit It is a program.
(40) One aspect of the present invention is the computer program according to (39), wherein the key update function includes a first key stored in the storage function and a second key received from the key generation device by the interface unit. An update request message is used to store a second key in the storage function, a second update completion message is generated using the second key, and the transmission function uses the interface unit to complete the second update completion. A computer program for transmitting a message to the key generation device.

(41) According to one aspect of the present invention, there is provided a key generation function for generating a first key supplied to a computer and a data security device mounted on the vehicle using a master key and a vehicle identifier of the vehicle. A first key update request message is generated using the first key and the vehicle's common initial key stored in advance in the in-vehicle computer and the data security device, and the first key is used to generate a first key update request message. A computer program for realizing a first key distribution function for generating one verification data and transmitting the first key update request message and the first verification data to the data security device.
(42) One aspect of the present invention is the computer program according to (41), wherein the key generation function supplies the in-vehicle computer and the data security device using the master key and a vehicle identifier of the vehicle. A second key is further generated, and the first key distribution function generates a second key update request message using the second key and the first key supplied to the in-vehicle computer and the data security device; A computer program for generating second verification data using the second key and transmitting the second key update request message and the second verification data to the data security device.

(43) According to one aspect of the present invention, a computer of a data security device mounted on a vehicle stores an in-vehicle computer mounted on the vehicle and a common initial key of the vehicle stored in advance in the data security device. A first key update request message received from a key generation device by a first interface unit that transmits and receives data to and from a device external to the data security device is transmitted to the in-vehicle computer by the first interface unit. Stored in the first storage function using the second key distribution function, the initial key stored in the first storage function, and the first key update request message received from the key generation device by the first interface unit A first key update function for updating the initial key to be a first key, the second key distribution function, The first update completion message received from the onboard computer by serial first interface unit is to be verified with the first verification data received from the key generating device by said first interface unit is a computer program.
(44) In one aspect of the present invention, in the computer program according to (43), the second key distribution function receives a second key update request message received from the key generation device by the first interface unit. The first key update function transmits the first key stored in the first storage function and the second key update request received from the key generation device by the first interface unit. A second key is stored in the first storage function using a message, and the second key distribution function receives a second update completion message received from the in-vehicle computer by the first interface unit as the first interface. A computer program for verifying by using the second verification data received from the key generation device.

(45) According to one aspect of the present invention, a second memory that stores a common initial key of the vehicle stored in advance in the in-vehicle computer and a data security device mounted in the vehicle in the in-vehicle computer mounted in the vehicle. Function, an initial key stored in the second storage function, and a first key update request message received from the data security device by a second interface unit that transmits and receives data to and from an external device of the in-vehicle computer. Updating the initial key stored in the second storage function to the first key, and using the first key to generate a first update completion message, and the second interface unit A computer program for realizing a transmission function of transmitting a first update completion message to the data security device.
(46) One aspect of the present invention is the computer program according to (45), wherein the second key update function includes the first key stored in the second storage function and the second interface unit. A second key update request message received from the second key is stored in the second storage function, a second update completion message is generated using the second key, and the transmission function includes: A computer program for transmitting the second update completion message to the data security device by a second interface unit.

(47) One aspect of the present invention is a key generation function for generating a first key to be supplied to an in-vehicle computer and a data security device mounted on a vehicle using a master key and a vehicle identifier of the vehicle. And a first key distribution function for transmitting the first key to the data security device.
(48) In one aspect of the present invention, in the computer program of (47), the key generation function supplies the in-vehicle computer and the data security device using the master key and a vehicle identifier of the vehicle. A second key is further generated, and the first key distribution function is a computer program that transmits the second key to the data security device.

(49) According to one aspect of the present invention, a computer of a data security device mounted on a vehicle stores an in-vehicle computer mounted on the vehicle and a common initial key of the vehicle stored in advance in the data security device. A first storage function and an initial key stored in the first storage function are updated to a first key received from a key generation device by a first interface unit that transmits and receives data to and from an external device of the data security device. Distribution processing for generating a first key update request message using a one-key update function, an initial key stored in the first storage function, and a first key received from the key generation device by the first interface unit And a second key distribution function for transmitting the first key update request message to the in-vehicle computer through the first interface unit. The distribution processing function verifies the first update completion message received from the in-vehicle computer by the first interface unit based on the first key received from the key generation device by the first interface unit. A computer program.
(50) One aspect of the present invention is the computer program according to (49), wherein the first key update function uses the first storage function to store the second key received from the key generation device by the first interface unit. And the distribution processing function uses a first key stored in the first storage function and a second key received from the key generation device by the first interface unit to generate a second key update request message. The second key distribution function transmits the second key update request message to the in-vehicle computer by the first interface unit, and the distribution processing function is transmitted from the in-vehicle computer by the first interface unit. A computer that verifies the received second update completion message based on the second key received from the key generation device by the first interface unit. Is a program.

(51) According to one aspect of the present invention, in the in-vehicle computer mounted on the vehicle, a second memory that stores a common initial key of the vehicle stored in advance in the in-vehicle computer and the data security device mounted in the vehicle. Function, an initial key stored in the second storage function, and a first key update request message received from the data security device by a second interface unit that transmits and receives data to and from an external device of the in-vehicle computer. Updating the initial key stored in the second storage function to the first key, and using the first key to generate a first update completion message, and the second interface unit A computer program for realizing a transmission function of transmitting a first update completion message to the data security device.
(52) One aspect of the present invention is the computer program according to (51), wherein the second key update function includes the first key stored in the second storage function and the second interface unit. A second key update request message received from the second key is stored in the second storage function, a second update completion message is generated using the second key, and the transmission function includes: A computer program for transmitting the second update completion message to the data security device by a second interface unit.

(53) According to one aspect of the present invention, a computer of a data security device mounted on a vehicle is supplied to an in-vehicle computer mounted on the vehicle and the data security device using a master key and a vehicle identifier of the vehicle. Stored in the first storage function, a key generation function for generating a first key to be stored, a first storage function for storing a common initial key of the vehicle stored in advance in the in-vehicle computer and the data security device, and the first storage function Generating a first key update request message using a first key update function for updating an initial key to the first key; and an initial key stored in the first key and the first storage function; A distribution processing function for generating first verification data using one key, and the first key update request message are transmitted to the in-vehicle computer by a first interface unit that transmits / receives data to / from an external device of the data security device. A second key distribution function to be transmitted to the computer, wherein the second key distribution function receives the first update completion message received from the in-vehicle computer by the first interface unit, A computer program for verification using first verification data.
(54) In one aspect of the present invention, in the computer program of (53), the key generation function supplies the in-vehicle computer and the data security device using the master key and the vehicle identifier of the vehicle. A second key is generated, and the distribution processing function generates a second key update request message using the second key and the first key supplied to the in-vehicle computer and the data security device; 2nd verification data is generated using 2 keys, The 2nd key distribution function transmits the 2nd key update request message to the in-vehicle computer by the 1st interface part, The 1st key update function Stores the second key in the first storage function, and the second key distribution function receives a second update completion message received from the in-vehicle computer by the first interface unit. Di, is verified using the second verification data is a computer program.

(55) According to one aspect of the present invention, in the in-vehicle computer mounted on the vehicle, the second memory for storing a common initial key of the vehicle stored in advance in the in-vehicle computer and the data security device mounted in the vehicle. Function, an initial key stored in the second storage function, and a first key update request message received from the data security device by a second interface unit that transmits and receives data to and from an external device of the in-vehicle computer. Updating the initial key stored in the second storage function to the first key, and using the first key to generate a first update completion message, and the second interface unit A computer program for realizing a transmission function of transmitting a first update completion message to the data security device.
(56) According to one aspect of the present invention, in the computer program according to (55), the second key update function includes the first key stored in the second storage function and the second interface unit. A second key update request message received from the second key is stored in the second storage function, a second update completion message is generated using the second key, and the transmission function includes: A computer program for transmitting the second update completion message to the data security device by a second interface unit.

  According to the present invention, it is possible to improve the efficiency of key distribution applied to an in-vehicle computer such as an ECU mounted on a vehicle such as an automobile.

1 is a diagram illustrating a configuration example of a distribution system and an automobile 1001 according to an embodiment. It is a figure showing an example of composition of key generation device 10 concerning one embodiment. It is a figure which shows the structural example of the data security apparatus 1010 which concerns on one Embodiment. It is a figure showing an example of composition of ECU1020 concerning one embodiment. It is a sequence chart which shows the example 1 of the delivery method which concerns on one Embodiment. It is a sequence chart which shows the example 2 of the delivery method which concerns on one Embodiment. It is a sequence chart which shows the example 3 of the delivery method which concerns on one Embodiment. It is a sequence chart which shows the example 4 of the delivery method which concerns on one Embodiment. It is a sequence chart which shows the example 5 of the delivery method which concerns on one Embodiment. It is a sequence chart which shows the example 6 of the delivery method which concerns on one Embodiment. It is a figure which shows the other structural example of the data security apparatus 1010 which concerns on one Embodiment. It is a sequence chart which shows the example 7 of the delivery method which concerns on one Embodiment. It is a sequence chart which shows the example 8 of the delivery method which concerns on one Embodiment.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the following embodiment, a vehicle will be described as an example of a vehicle.

  FIG. 1 is a diagram illustrating a configuration example of a distribution system and an automobile 1001 according to the present embodiment. In the present embodiment, an ECU (electronic control device) mounted on the automobile 1001 will be described as an example of the in-vehicle computer.

  In FIG. 1, an automobile 1001 includes a data security device 1010 and a plurality of ECUs 1020. The ECU 1020 is an in-vehicle computer provided in the automobile 1001. ECU 1020 has a control function such as engine control of automobile 1001. Examples of the ECU 1020 include an ECU having an engine control function, an ECU having a handle control function, and an ECU having a brake control function. The data security device 1010 has a data security (security) function applied to the ECU 1020 mounted on the automobile 1001. Note that any ECU mounted on the automobile 1001 may function as the data security device 1010.

  The data security device 1010 and the plurality of ECUs 1020 are connected to a CAN (Controller Area Network) 1030 provided in the automobile 1001. CAN 1030 is a communication network. CAN is known as one of communication networks mounted on vehicles. The data security device 1010 exchanges data with each ECU 1020 via the CAN 1030. ECU 1020 exchanges data with other ECUs 1020 via CAN 1030.

  In addition, as a communication network mounted on the vehicle, a communication network other than CAN is provided in the automobile 1001, and data exchange between the data security device 1010 and the ECU 1020 and communication between the ECUs 1020 are performed via the communication network other than CAN. Data exchanges between them may be performed. For example, the automobile 1001 may include a LIN (Local Interconnect Network). In addition, the automobile 1001 may include CAN and LIN. Further, the automobile 1001 may include an ECU 1020 connected to the LIN. Further, the data security device 1010 may be connected to CAN and LIN. Further, the data security device 1010 exchanges data with the ECU 1020 connected to the CAN via the CAN, and exchanges data with the ECU 1020 connected to the LIN via the LIN. Also good. Further, the ECUs 1020 may exchange data via the LIN.

  An in-vehicle computer system 1002 provided in the automobile 1001 is configured by connecting a data security device 1010 and a plurality of ECUs 1020 to a CAN 1030. In the present embodiment, the in-vehicle computer system 1002 functions as an in-vehicle control system for the automobile 1001.

  The data security device 1010 monitors communication between the inside and the outside of the in-vehicle computer system 1002. The data security device 1010 is connected to an infotainment device 1040, a TCU (Tele Communication Unit) 1050, and a diagnostic port 1060 as an example of a device external to the in-vehicle computer system 1002. The ECU 1020 communicates with a device external to the in-vehicle computer system 1002 via the data security device 1010.

  As a configuration of the CAN 1030, the CAN 1030 may include a plurality of buses (communication lines), and the plurality of buses may be connected to the data security device 1010. In this case, one ECU 1020 or a plurality of ECUs 1020 is connected to one bus.

  The automobile 1001 includes a diagnostic port 1060. As the diagnostic port 1060, for example, an OBD (On-board Diagnostics) port may be used. A device outside the automobile 1001 can be connected to the diagnostic port 1060. As an external device of the automobile 1001 that can be connected to the diagnosis port 1060, for example, there is a maintenance tool 2100 shown in FIG. The data security device 1010 and a device connected to the diagnostic port 1060, for example, the maintenance tool 2100 exchange data via the diagnostic port 1060. The maintenance tool 2100 may have a function of a conventional diagnostic terminal connected to the OBD port.

  The automobile 1001 includes an infotainment device 1040. Examples of the infotainment device 1040 include a navigation function, a location information service function, a multimedia playback function such as music and video, a voice communication function, a data communication function, and an Internet connection function.

  The automobile 1001 includes a TCU 1050. The TCU 1050 is a communication device. The TCU 1050 includes a communication module 1051. The communication module 1051 performs wireless communication using a wireless communication network. The communication module 1051 includes a SIM (Subscriber Identity Module) 1052. The SIM 1052 is a SIM in which information for using the wireless communication network is written. The communication module 1051 can use the SIM 1052 to connect to the wireless communication network and perform wireless communication. Note that an eSIM (Embedded Subscriber Identity Module) may be used as the SIM 1052. SIM and eSIM are examples of secure elements (SE). SIM and eSIM have tamper resistant properties.

  Data security device 1010 exchanges data with TCU 1050. As another connection form of the TCU 1050, for example, the TCU 1050 may be connected to the infotainment device 1040, and the data security device 1010 may exchange data with the TCU 1050 via the infotainment device 1040. Alternatively, the TCU 1050 may be connected to the diagnostic port 1060, and the data security device 1010 may exchange data with the TCU 1050 connected to the diagnostic port 1060 via the diagnostic port 1060. Alternatively, the data security device 1010 may include a communication module 1051 including a SIM 1052. When the data security device 1010 includes the communication module 1051 including the SIM 1052, the automobile 1001 may not include the TCU 1050.

  The data security device 1010 includes a main computing unit 1011 and an HSM (Hardware Security Module) 1012. The main arithmetic unit 1011 executes a computer program for realizing the functions of the data security device 1010. The HSM 1012 has a cryptographic processing function and the like. HSM1012 has tamper resistance. HSM 1012 is an example of a secure element. The HSM 1012 includes a storage unit 1013 that stores data. The main arithmetic unit 1011 uses an HSM 1012.

  The ECU 1020 includes a main computing unit 1021 and a SHE (Secure Hardware Extension) 1022. The main computing unit 1021 executes a computer program for realizing the functions of the ECU 1020. The SHE 1022 has a cryptographic processing function and the like. SHE1022 has tamper resistance. SHE1022 is an example of a secure element. The SHE 1022 includes a storage unit 1023 that stores data. The main computing unit 1021 uses SHE1022. In addition, about SHE, it describes in the nonpatent literature 3, for example.

  Server device 2000 transmits and receives data to and from communication module 1051 of TCU 1050 of automobile 1001 via a communication line. Server device 2000 transmits and receives data to and from communication module 1051 via a wireless communication network used by communication module 1051 of TCU 1050 of automobile 1001. Alternatively, the server device 2000 may transmit / receive data to / from the communication module 1051 via a communication network such as the Internet and the wireless communication network. Further, for example, the server apparatus 2000 and the communication module 1051 may be connected by a dedicated line such as a VPN (Virtual Private Network) line, and data may be transmitted / received through the dedicated line. For example, a dedicated line such as a VPN line may be provided by a wireless communication network corresponding to the SIM 1052.

  Server device 2000 communicates with TCU 1050 of automobile 1001 and transmits / receives data to / from data security device 1010 of automobile 1001 via TCU 1050. An encrypted communication path may be used as a communication path between the server device 2000 and the data security device 1010. For example, the server apparatus 2000 and the data security apparatus 1010 may perform https (hypertext transfer protocol secure) communication as an example of an encrypted communication path.

  Note that the server device 2000 and the automobile 1001 may be connected by a communication cable. For example, the server device 2000 and the data security device 1010 of the automobile 1001 may be connected by a communication cable. Alternatively, the server device 2000 and the automobile 1001 may be configured to communicate via a wired or wireless communication network. For example, the server device 2000 and the automobile 1001 may be connected by a wired or wireless LAN (Local Area Network).

  FIG. 2 is a diagram illustrating a configuration example of the key generation apparatus 10 according to the present embodiment. In FIG. 2, the key generation device 10 includes a storage unit 12, a key generation unit 15, an encryption processing unit 16, and a first key distribution unit 17. The storage unit 12 stores data. The key generation unit 15 generates a key. The encryption processing unit 16 encrypts data and decrypts encrypted data. The first key distribution unit 17 performs processing related to key distribution.

  The function of the key generation device 10 is realized when a CPU (Central Processing Unit) included in the key generation device 10 executes a computer program. Note that the key generation device 10 may be configured using a general-purpose computer device, or may be configured as a dedicated hardware device.

  In the present embodiment, a device outside the automobile 1001, for example, the server device 2000 or the maintenance tool 2100 may have the function of the key generation device 10. Alternatively, a device mounted on the automobile 1001, for example, the TCU 1050 or the data security device 1010 may have the function of the key generation device 10. The function of the key generation device 10 is preferably realized using a secure element. The secure element preferably has tamper resistance. Examples of the secure element include an IC (Integrated Circuit) chip, SIM, eSIM, HSM, and SHE.

  FIG. 3 is a diagram illustrating a configuration example of the data security device 1010 according to the present embodiment. In FIG. 3, the data security device 1010 includes a main arithmetic unit 1011, an HSM 1012, and an interface unit 20. The main computing unit 1011 includes a control unit 21, a storage unit 22, and a second key distribution unit 23. The HSM 1012 includes a storage unit 1013, an encryption processing unit 32, a key update unit 35, and a distribution processing unit 36.

  The interface unit 20 transmits / receives data to / from an external device of the own data security device 1010. The interface unit 20 includes an interface for transmitting / receiving data via the CAN 1030, an interface for transmitting / receiving data to / from the infotainment device 1040, an interface for transmitting / receiving data to / from the TCU 1050, and an interface for transmitting / receiving data via the diagnostic port 1060. Prepare. The main computing unit 1011 transmits / receives data to / from devices other than the data security device 1010 via the interface unit 20.

  The control unit 21 controls the data security device 1010. The storage unit 22 stores data. The second key distribution unit 23 performs processing related to key distribution. The storage unit 1013 stores data. The encryption processing unit 32 encrypts data and decrypts encrypted data. The key update unit 35 performs processing related to key update. The distribution processing unit 36 performs processing related to key distribution.

  In this embodiment, HSM is used for the data security device 1010. However, SHE may be used in the data security device 1010 instead of HSM.

  FIG. 4 is a diagram illustrating a configuration example of the ECU 1020 according to the present embodiment. In FIG. 4, the ECU 1020 includes a main computing unit 1021, a SHE 1022, and an interface unit 40. The main computing unit 1021 includes a control unit 41 and a storage unit 42. The SHE 1022 includes a storage unit 1023, an encryption processing unit 52, and a key update unit 55.

  The interface unit 40 transmits / receives data to / from an external device of the own ECU 1020. The interface unit 40 includes an interface that transmits and receives data via the CAN 1030. The main computing unit 1021 transmits and receives data to and from devices other than its own ECU 1020 via the interface unit 40.

  The control unit 41 controls the ECU 1020. The storage unit 42 stores data. The storage unit 1023 stores data. The encryption processing unit 52 encrypts data and decrypts encrypted data. The key update unit 55 performs processing related to key update.

[Example of delivery method]
Next, an example of a distribution method according to the present embodiment will be described. In the description of the example of the distribution method below, a vehicle identification number (VIN) is used as an example of an identifier (vehicle identifier) of an automobile (vehicle). The vehicle identification number (VIN) is described in Non-Patent Document 2, for example.

  In addition, as an example of the key of the ECU 1020, three types of keys, MEK key, MAC key, and ENC key, will be described. The MEK key corresponds to a key called “MASTER_ECU_KEY” in SHE. The MAC key corresponds to a key used for generation and verification of CMAC (Cipher-based Message Authentication Code) among keys called “KEY_n, where n is any integer from 1 to 10” in SHE. . The ENC key corresponds to a key used for data encryption and decryption of encrypted data among keys called “KEY_n, where n is any integer from 1 to 10” in SHE.

<Example 1 of delivery method>
Example 1 of the distribution method according to the present embodiment will be described with reference to FIG. FIG. 5 is a sequence chart showing Example 1 of the distribution method according to the present embodiment.

  In FIG. 5, the key generation device 10 stores a master key Master_Secret, a MEK key K_mek_oem, a MAC key K_mac_oem, and an ENC key K_enc_oem in the storage unit 12 in advance.

  Each ECU 1020 mounted on a certain automobile 1001 stores the same MEK key K_mek_oem, MAC key K_mac_oem, and ENC key K_enc_oem in the storage unit 1023 of the SHE 1022 in advance. In the ECU 1020, for example, the MEK key K_mek_oem, the MAC key K_mac_oem, and the ENC key K_enc_oem are stored in the storage unit 1023 of the SHE 1022 at the manufacturing factory of the ECU 1020.

  For example, the same MEK key K_mek_oem, MAC key K_mac_oem, and ENC key K_enc_oem may be used for each automobile 1001 manufactured by the same automobile manufacturer. Alternatively, the same MEK key K_mek_oem, MAC key K_mac_oem, and ENC key K_enc_oem may be used for each ECU 1020 manufactured by the same ECU manufacturer. Further, the MEK key K_mek_oem, the MAC key K_mac_oem, and the ENC key K_enc_oem may be changed at a constant cycle.

  The MEK key K_mek_oem, the MAC key K_mac_oem, and the ENC key K_enc_oem stored in the storage unit 12 by the key generation device 10 are the same as the MEK key K_mek_oem, the MAC key K_mac_oem, and the ENC key K_em that the ECU 1020 stores in the storage unit 1023 of the SHE1022. is there.

  In Example 1 of the distribution method, the MEK key K_mek_oem, the MAC key K_mac_oem, and the ENC key K_enc_oem are keys stored in advance in the ECU 1020 and are common initial keys of the automobile 1001.

  Hereinafter, the key generation device 10 communicates with the ECU 1020 via the CAN 1030. For example, when the server apparatus 2000 functions as the key generation apparatus 10, the server apparatus 2000 accesses the CAN 1030 via the TCU 1050 and the data security apparatus 1010 of the automobile 1001 and communicates with the ECU 1020 via the CAN 1030. Alternatively, when the maintenance tool 2100 functions as the key generation device 10, the maintenance tool 2100 accesses the CAN 1030 via the diagnostic port 1060 and the data security device 1010 of the automobile 1001 and communicates with the ECU 1020 via the CAN 1030. Alternatively, when the TCU 1050 of the automobile 1001 functions as the key generation device 10, the TCU 1050 accesses the CAN 1030 via the data security device 1010 and communicates with the ECU 1020 via the CAN 1030. Alternatively, when the data security device 1010 of the automobile 1001 functions as the key generation device 10, the data security device 1010 communicates with the ECU 1020 via the CAN 1030.

(Step S101) The key generation device 10 acquires the vehicle identification number VIN of the automobile 1001. The vehicle identification number VIN of the automobile 1001 may be stored in the key generation device 10 in advance, or may be stored in the key generation device 10 when there is a request for distributing the key to the ECU 1020.

  For example, when the ECU 1020 having the engine control function of the automobile 1001 stores the vehicle identification number VIN of the automobile 1001, the ECU 1020 notifies the key generation device 10 of the vehicle identification number VIN of the automobile 1001 after the ECU 1020 is activated. May be. In general, the activation time of the ECU 1020 having the engine control function is often longer than the activation times of the other ECUs 1020. For this reason, when the ECU 1020 having the engine control function is activated to notify the key generation device 10 of the vehicle identification number VIN, many other ECUs 1020 are already activated. Therefore, after the ECU 1020 having the engine control function notifies the key generation device 10 of the vehicle identification number VIN after activation, distributing the key from the key generation device 10 to the plurality of ECUs 1020 increases the success probability of key distribution. This is preferable. For example, after the ECU 1020 having the engine control function notifies the key generation device 10 of the vehicle identification number VIN after activation, the key generation device 10 distributes the key to all the ECUs 1020 to be distributed by CAN 1030 broadcast. Also good.

  Alternatively, as the vehicle identification number VIN of the automobile 1001, for example, the vehicle identification number VIN managed by the automobile manufacturer of the automobile 1001 may be supplied to the key generation device 10. For example, an automobile manufacturing company of the automobile 1001 may be provided with a database of vehicle identification numbers VIN, and the vehicle identification numbers VIN may be transmitted from the database to the key generation apparatus 10 by communication.

(Step S102) The key generation unit 15 of the key generation device 10 generates the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen to be supplied to the ECU 1020 of the automobile 1001.

  In example 1 of the distribution method, the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen correspond to the first key.

An example of a key generation method according to this embodiment will be described. The key generation unit 15 uses the master key Master_Secret stored in the storage unit 12, the vehicle identification number VIN of the automobile 1001, and the key type identifier Key_ID (Nk) to obtain a key (common key) according to the following equation: Generate. Nk is a variable representing the type of key.
Common key = digest (Master_Secret, VIN, Key_ID (Nk))

  However, the digest (Master_Secret, VIN, Key_ID (Nk)) is a digest value generated from the master key Master_Secret, the vehicle identification number VIN, and the key type identifier Key_ID (Nk). Examples of the digest value include a value calculated by a hash function or a value calculated by an exclusive OR operation. For example, the common key is a hash function value calculated using the master key Master_Secret, the vehicle identification number VIN, and the key type identifier Key_ID (Nk) as input values.

If the value of the key type identifier Key_ID (Nk) is different, the digest value is different. By changing the value of the key type identifier Key_ID (Nk), different common keys can be generated from the same master key Master_Secret and the vehicle identification number VIN. For example, the key type identifier of the MEK key is Key_ID (mek), the key type identifier of the MAC key is Key_ID (mac), and the key type identifier of the ENC key is Key_ID (enc). The key generation unit 15 uses the master key Master_Secret, the vehicle identification number VIN, and the key type identifiers Key_ID (mek), Key_ID (mac), and Key_ID (enc),
MEK key K_mek_gen = digest (Master_Secret, VIN, Key_ID (mek)),
MAC key K_mac_gen = digest (Master_Secret, VIN, Key_ID (mac)),
ENC key K_enc_gen = digest (Master_Secret, VIN, Key_ID (enc)),
Thus, the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen supplied to the ECU 1020 of the automobile 1001 can be generated as different keys. The MEK key K_mek_gen, MAC key K_mac_gen, and ENC key K_enc_gen are common to each ECU 1020 mounted on one automobile 1001. The storage unit 12 stores the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen.

(Step S103) The first key distribution unit 17 of the key generation device 10 uses the MEK key K_mek_oem, the MAC key K_mac_oem, and the ENC key K_enc_oem to update each key update request message for the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen. MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), and MES_K_enc_oem (K_enc_gen) are generated.

  In example 1 of the distribution method, the key update request message MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), and MES_K_enc_oem (K_enc_gen) correspond to the first key update request message.

  In the present embodiment, the key update request message includes an M1 parameter, an M2 parameter, and an M3 parameter that are parameters used for registering the SHE key. The M1 parameter, the M2 parameter, and the M3 parameter are described in Non-Patent Document 3, for example. The key K_AuthID is used to generate the M2 parameter and the M3 parameter. The key K_AuthID related to the key update request message MES_K_mek_oem (K_mek_gen) of the MEK key K_mek_gen is the MEK key K_mek_oem. The key K_AuthID related to the key update request message MES_K_mac_oem (K_mac_gen) of the MAC key K_mac_gen is the MAC key K_mac_oem. The key K_AuthID related to the key update request message MES_K_enc_oem (K_enc_gen) of the ENC key K_enc_gen is the ENC key K_enc_oem.

  The first key distribution unit 17 uses the MEK key K_mek_oem to generate an M1 parameter, an M2 parameter, and an M3 parameter used for registration of the MEK key K_mek_gen. The first key distribution unit 17 includes the M1 parameter, the M2 parameter, and the M3 parameter used for registration of the MEK key K_mek_gen in the key update request message MES_K_mek_oem (K_mek_gen).

  The first key distribution unit 17 uses the MAC key K_mac_oem to generate an M1 parameter, an M2 parameter, and an M3 parameter used for registration of the MAC key K_mac_gen. The first key distribution unit 17 includes the M1 parameter, the M2 parameter, and the M3 parameter used for registration of the MAC key K_mac_gen in the key update request message MES_K_mac_oem (K_mac_gen).

  The first key distribution unit 17 uses the ENC key K_enc_oem to generate an M1 parameter, an M2 parameter, and an M3 parameter used for registration of the ENC key K_enc_gen. The first key distribution unit 17 includes the M1 parameter, the M2 parameter, and the M3 parameter used for registration of the ENC key K_enc_gen in the key update request message MES_K_enc_oem (K_enc_gen).

(Step S104) The first key distribution unit 17 of the key generation apparatus 10 transmits a key update request message MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), and MES_K_enc_oem (K_enc_gen) to the ECU 1020. Key update request messages MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), and MES_K_enc_oem (K_enc_gen) are common to each ECU 1020 of automobile 1001.

  An example of a method for transmitting the key update request message will be described. As an example of a transmission method of the key update request message, the key update request message MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), and MES_K_enc_oem (K_enc_gen) may be transmitted by broadcasting of the CAN 1030. A key distribution CAN identifier (key distribution CANID) is set in the data security device 1010 and each ECU 1020 connected to the CAN 1030. The key distribution CANID is a different value for each of the data security device 1010 and the ECU 1020. The CAN identifier is an identifier for identifying a transmission source device.

When the data security device 1010 transmits the key update request message MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), and MES_K_enc_oem (K_enc_gen) received from the first key distribution unit 17 to the CAN 1030, the key update request message is sent to the CAN 1030. A CAN ID for key distribution of the own data security device 1010 is attached as an identifier of CAN. The key update request message MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), and MES_K_enc_oem (K_enc_gen) transmitted from the key generation apparatus 10 to the CAN 1030 via the data security apparatus 1010 are the data for each ECU 10N Is identified and received. Accordingly, the key update request messages MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), and MES_K_enc_oem (K_enc_gen) can be transmitted to the ECUs 1020 connected to the CAN 1030 all at once.
The above is the description of an example of the transmission method of the key update request message.

(Step S105) The control unit 41 of the ECU 1020 receives the key update request message MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), and MES_K_enc_oem (K_enc_gen) through the interface unit 40.

  The control unit 41 passes the M1 parameter, the M2 parameter, and the M3 parameter included in the key update request message MES_K_mek_oem (K_mek_gen) to the SHE 1022 and requests a key update. The key update unit 55 of the SHE 1022 registers the MEK key K_mek_gen using the M1 parameter, the M2 parameter, the M3 parameter, and the MEK key K_mek_oem stored in the storage unit 1023. Thereby, the MEK key stored in the storage unit 1023 is updated from the MEK key K_mek_oem to the MEK key K_mek_gen.

  The control unit 41 passes the M1 parameter, the M2 parameter, and the M3 parameter included in the key update request message MES_K_mac_oem (K_mac_gen) to the SHE 1022, and requests a key update. The key update unit 55 of the SHE 1022 registers the MAC key K_mac_gen using the M1 parameter, the M2 parameter, the M3 parameter, and the MAC key K_mac_oem stored in the storage unit 1023. Accordingly, the MAC key stored in the storage unit 1023 is updated from the MAC key K_mac_oem to the MAC key K_mac_gen.

  The control unit 41 passes the M1 parameter, the M2 parameter, and the M3 parameter included in the key update request message MES_K_enc_oem (K_enc_gen) to the SHE 1022, and requests a key update. The key update unit 55 of the SHE 1022 registers the ENC key K_enc_gen using the M1 parameter, the M2 parameter, the M3 parameter, and the ENC key K_enc_oem stored in the storage unit 1023. As a result, the ENC key stored in the storage unit 1023 is updated from the ENC key K_enc_oem to the ENC key K_enc_gen.

(Step S106) The control unit 41 of the ECU 1020 generates update completion messages for the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen.

  In example 1 of the distribution method, each update completion message of the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen corresponds to the first update completion message.

  In the present embodiment, the update completion message includes an M4 parameter and an M5 parameter, which are parameters used for SHE key verification. The M4 parameter and the M5 parameter are described in Non-Patent Document 3, for example.

  The key update unit 55 of the SHE 1022 uses the MEK key K_mek_gen to generate the M4 parameter and the M5 parameter of the MEK key K_mek_gen. The SHE 1022 passes the M4 parameter and M5 parameter of the MEK key K_mek_gen to the control unit 41. The control unit 41 includes the M4 parameter and the M5 parameter of the MEK key K_mek_gen in the update completion message of the MEK key K_mek_gen.

  The key update unit 55 of the SHE 1022 uses the MAC key K_mac_gen to generate the M4 parameter and the M5 parameter of the MAC key K_mac_gen. The SHE 1022 passes the M4 parameter and M5 parameter of the MAC key K_mac_gen to the control unit 41. The control unit 41 includes the M4 parameter and the M5 parameter of the MAC key K_mac_gen in the update completion message of the MAC key K_mac_gen.

  The key update unit 55 of the SHE 1022 uses the ENC key K_enc_gen to generate the M4 parameter and the M5 parameter of the ENC key K_enc_gen. The SHE 1022 passes the M4 parameter and M5 parameter of the ENC key K_enc_gen to the control unit 41. The control unit 41 includes the M4 parameter and the M5 parameter of the ENC key K_enc_gen in the update completion message of the ENC key K_enc_gen.

(Step S <b> 107) The control unit 41 of the ECU 1020 transmits update completion messages of the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen to the key generation device 10 through the interface unit 40.

  When the key distribution CANID is set in the ECU 1020, the control unit 41 attaches the key distribution CANID of the own ECU 1020 to each update completion message of the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen. The update completion message transmitted from the ECU 1020 to the CAN 1030 is identified by the data security device 1010 by the key distribution CANID of the ECU 1020 and received. The data security device 1010 transfers the received update completion message to the key generation device 10.

(Step S108) The first key distribution unit 17 of the key generation device 10 receives the update completion messages of the MEK key K_mek_gen, MAC key K_mac_gen, and ENC key K_enc_gen received from the ECU 1020, and the MEK key K_mek_gen and MAC key K_mac_gen supplied to the ECU 1020. And verification based on the ENC key K_enc_gen. The MEK key K_mek_gen, MAC key K_mac_gen, and ENC key K_enc_gen supplied to the ECU 1020 are stored in the storage unit 12.

  The first key distribution unit 17 uses the MEK key K_mek_gen supplied to the ECU 1020 to generate an M4 parameter and an M5 parameter to be compared with the MEK key K_mek_gen. The first key distribution unit 17 compares the M4 parameter and M5 parameter included in the update completion message of the MEK key K_mek_gen with the M4 parameter and M5 parameter to be compared with the MEK key K_mek_gen, and determines whether or not they match. to decide. If the result of this determination is that they match, the MEK key has been successfully updated. On the other hand, if the two do not match, the MEK key update has failed.

  The first key distribution unit 17 uses the MAC key K_mac_gen supplied to the ECU 1020 to generate the M4 parameter and the M5 parameter to be compared with the MAC key K_mac_gen. The first key distribution unit 17 compares the M4 parameter and M5 parameter included in the MAC key K_mac_gen update completion message with the M4 parameter and M5 parameter to be compared with the MAC key K_mac_gen, and determines whether or not they match. to decide. If the result of this determination is that they match, the MAC key has been successfully updated. On the other hand, if the two do not match, the MAC key update has failed.

  The first key distribution unit 17 uses the ENC key K_enc_gen supplied to the ECU 1020 to generate an M4 parameter and an M5 parameter to be compared with the ENC key K_enc_gen. The first key distribution unit 17 compares the M4 parameter and M5 parameter included in the update completion message of the ENC key K_enc_gen with the M4 parameter and M5 parameter to be compared with the ENC key K_enc_gen, and determines whether or not they match. to decide. If the result of this determination is that they match, the ENC key has been successfully updated. On the other hand, if the two do not match, the ENC key update has failed.

  The first key distribution unit 17 may execute a predetermined error process when the update of the MEK key K_mek_gen, the MAC key K_mac_gen, or the ENC key K_enc_gen is unsuccessful. As the predetermined error processing, the key update request message of the key that failed to update may be retransmitted among the key update request messages in step S104. In addition, the first key distribution unit 17 may execute a predetermined error process if any update completion message is not received even after a predetermined time has elapsed since the transmission of each key update request message in step S104. . As the predetermined error processing, among the key update request messages in step S104, a key update request message for a key that does not receive an update completion message may be retransmitted.

  According to the first example of the distribution method described above, by storing the MEK key K_mek_oem, the MAC key K_mac_oem, and the ENC key K_enc_oem common to the automobile 1001 in advance for each ECU 1020 mounted on the same automobile 1001. A key update request message (first key update request message) for each key (first key) is generated from the key Master_Secret and the common key, and the key update request message is commonly used by the ECUs 1020 to The key of ECU 1020 can be updated. As a result, an effect of improving the efficiency of key distribution applied to the ECU 1020 can be obtained.

  Also, the key update request message is transmitted to the ECUs 1020 connected to the CAN 1030 all at once by broadcasting of the CAN 1030, so that the time required for key distribution can be shortened.

<Example 2 of delivery method>
An example 2 of the distribution method according to the present embodiment will be described with reference to FIG. FIG. 6 is a sequence chart showing Example 2 of the distribution method according to the present embodiment. In FIG. 6, parts corresponding to the respective steps in FIG.

  In FIG. 6, the key generation device 10 stores a master key Master_Secret and a MEK key K_mek_oem in the storage unit 12 in advance.

  Each ECU 1020 mounted on a certain automobile 1001 stores the same MEK key K_mek_oem in the storage unit 1023 of the SHE 1022 in advance. In the ECU 1020, for example, the MEK key K_mek_oem is stored in the storage unit 1023 of the SHE 1022 at the manufacturing factory of the ECU 1020. For example, the same MEK key K_mek_oem may be used for each automobile 1001 manufactured by the same automobile manufacturer. Alternatively, the same MEK key K_mek_oem may be used for each ECU 1020 manufactured by the same ECU manufacturing company. Also, the MEK key K_mek_oem may be changed at a constant cycle.

  The MEK key K_mek_oem stored in the storage unit 12 by the key generation device 10 and the MEK key K_mek_oem stored in the storage unit 1023 of the SHE 1022 by the ECU 1020 are the same.

  In Example 2 of the distribution method, the MEK key K_mek_oem is a key stored in advance in the ECU 1020 and is a common initial key for the automobile 1001.

  The communication method between the key generation device 10 and the ECU 1020 is the same as that of the delivery method example 1.

  In FIG. 6, step S101 and step S102 are executed. Steps S101 and S102 are the same as those in the delivery method example 1.

  In example 2 of the distribution method, the MEK key K_mek_gen corresponds to the first key, and the MAC key K_mac_gen and the ENC key K_enc_gen correspond to the second key.

(Step S103a) The first key distribution unit 17 of the key generation device 10 uses the MEK key K_mek_oem to generate a key update request message MES_K_mek_oem (K_mek_gen) for the MEK key K_mek_gen.

  In example 2 of the distribution method, the key update request message MES_K_mek_oem (K_mek_gen) corresponds to the first key update request message.

  The first key distribution unit 17 uses the MEK key K_mek_oem to generate an M1 parameter, an M2 parameter, and an M3 parameter used for registration of the MEK key K_mek_gen. The first key distribution unit 17 includes the M1 parameter, the M2 parameter, and the M3 parameter used for registration of the MEK key K_mek_gen in the key update request message MES_K_mek_oem (K_mek_gen).

(Step S104a) The first key distribution unit 17 of the key generation device 10 transmits a key update request message MES_K_mek_oem (K_mek_gen) to the ECU 1020. Key update request message MES_K_mek_oem (K_mek_gen) is common to each ECU 1020 of automobile 1001. The key update request message may be transmitted by broadcasting of CAN 1030.

(Step S105a) The control unit 41 of the ECU 1020 receives the key update request message MES_K_mek_oem (K_mek_gen) through the interface unit 40.

  The control unit 41 passes the M1 parameter, the M2 parameter, and the M3 parameter included in the key update request message MES_K_mek_oem (K_mek_gen) to the SHE 1022 and requests a key update. The key update unit 55 of the SHE 1022 registers the MEK key K_mek_gen using the M1 parameter, the M2 parameter, the M3 parameter, and the MEK key K_mek_oem stored in the storage unit 1023. Thereby, the MEK key stored in the storage unit 1023 is updated from the MEK key K_mek_oem to the MEK key K_mek_gen.

(Step S106a) The control unit 41 of the ECU 1020 generates an update completion message for the MEK key K_mek_gen. The generation method of the update completion message is the same as that of the delivery method example 1.

  In example 2 of the distribution method, the update completion message of the MEK key K_mek_gen corresponds to the first update completion message.

(Step S <b> 107 a) The control unit 41 of the ECU 1020 transmits an update completion message for the MEK key K_mek_gen to the key generation device 10 through the interface unit 40.

(Step S108a) The first key distribution unit 17 of the key generation device 10 verifies the update completion message of the MEK key K_mek_gen received from the ECU 1020 based on the MEK key K_mek_gen supplied to the ECU 1020. The MEK key K_mek_gen supplied to the ECU 1020 is stored in the storage unit 12. The method for verifying the update completion message is the same as that in the delivery method example 1.

  In addition, the 1st key distribution part 17 may perform a predetermined | prescribed error process, when the update of MEK key K_mek_gen is unsuccessful. As the predetermined error process, the key update request message MES_K_mek_oem (K_mek_gen) in step S104a may be retransmitted. In addition, the first key distribution unit 17 executes a predetermined error process when the update completion message for the MEK key K_mek_gen is not received even after a predetermined time has elapsed since the transmission of the key update request message MES_K_mek_oem (K_mek_gen) in step S104a. May be. As the predetermined error process, the key update request message MES_K_mek_oem (K_mek_gen) in step S104a may be retransmitted.

  For ECU 1020 in which the MEK key has been successfully updated, the process proceeds to step S108a. On the other hand, for the ECU 1020 in which the MEK key update has not been successful, the process cannot proceed to step S108a until the MEK key update is successful. Note that the processing may be advanced to step S108a after the MEK keys of all ECUs 1020 to be distributed have been successfully updated.

(Step S103b) The first key distribution unit 17 of the key generation device 10 generates the key update request messages MES_K_mek_gen (K_mac_gen) and MES_K_mek_gen (K_enc_gen) of the MAC key K_mac_gen and the ENC key K_enc_gen using the MEK key K_mek_gen. .

  In the present embodiment, the key update request message includes an M1 parameter, an M2 parameter, and an M3 parameter that are parameters used for registering the SHE key. The key K_AuthID is used to generate the M2 parameter and the M3 parameter. The key K_AuthID related to the key update request message MES_K_mek_gen (K_mac_gen) of the MAC key K_mac_gen is the MEK key K_mek_gen. The key K_AuthID related to the key update request message MES_K_mek_gen (K_enc_gen) of the ENC key K_enc_gen is the MEK key K_mek_gen.

  In example 2 of the distribution method, the key update request messages MES_K_mek_gen (K_mac_gen) and MES_K_mek_gen (K_enc_gen) correspond to the second key update request message.

  The first key distribution unit 17 uses the MEK key K_mek_gen to generate an M1 parameter, an M2 parameter, and an M3 parameter used for registration of the MAC key K_mac_gen. The first key distribution unit 17 includes the M1 parameter, the M2 parameter, and the M3 parameter used for registration of the MAC key K_mac_gen in the key update request message MES_K_mek_gen (K_mac_gen).

  The first key distribution unit 17 uses the MEK key K_mek_gen to generate an M1 parameter, an M2 parameter, and an M3 parameter used for registration of the ENC key K_enc_gen. The first key distribution unit 17 includes the M1 parameter, the M2 parameter, and the M3 parameter used for registration of the ENC key K_enc_gen in the key update request message MES_K_mek_gen (K_enc_gen).

(Step S104b) The first key distribution unit 17 of the key generation device 10 transmits a key update request message MES_K_mek_gen (K_mac_gen) and MES_K_mek_gen (K_enc_gen) to the ECU 1020. Key update request messages MES_K_mek_gen (K_mac_gen) and MES_K_mek_gen (K_enc_gen) are common to each ECU 1020 of automobile 1001. The key update request message may be transmitted by broadcasting of CAN 1030.

(Step S105b) The control unit 41 of the ECU 1020 receives the key update request message MES_K_mek_gen (K_mac_gen) and MES_K_mek_gen (K_enc_gen) through the interface unit 40.

  The control unit 41 passes the M1 parameter, the M2 parameter, and the M3 parameter included in the key update request message MES_K_mek_gen (K_mac_gen) to the SHE 1022, and requests a key update. The key update unit 55 of the SHE 1022 registers the MAC key K_mac_gen using the M1 parameter, the M2 parameter, the M3 parameter, and the MEK key K_mek_gen stored in the storage unit 1023. As a result, the MAC key K_mac_gen is stored in the storage unit 1023.

  The control unit 41 passes the M1 parameter, the M2 parameter, and the M3 parameter included in the key update request message MES_K_mek_gen (K_enc_gen) to the SHE 1022, and requests a key update. The key update unit 55 of the SHE 1022 registers the ENC key K_enc_gen using the M1 parameter, the M2 parameter, the M3 parameter, and the MEK key K_mek_gen stored in the storage unit 1023. As a result, the ENC key K_enc_gen is stored in the storage unit 1023.

(Step S106b) The control unit 41 of the ECU 1020 generates each update completion message of the MAC key K_mac_gen and the ENC key K_enc_gen. The generation method of the update completion message is the same as that of the delivery method example 1.

  In example 2 of the distribution method, each update completion message of the MAC key K_mac_gen and the ENC key K_enc_gen corresponds to a second update completion message.

(Step S <b> 107 b) The control unit 41 of the ECU 1020 transmits update completion messages of the MAC key K_mac_gen and the ENC key K_enc_gen to the key generation device 10 through the interface unit 40.

(Step S108b) The first key distribution unit 17 of the key generation device 10 verifies each update completion message of the MAC key K_mac_gen and ENC key K_enc_gen received from the ECU 1020 based on the MAC key K_mac_gen and ENC key K_enc_gen supplied to the ECU 1020. To do. The MAC key K_mac_gen and ENC key K_enc_gen supplied to the ECU 1020 are stored in the storage unit 12. The method for verifying the update completion message is the same as that in the delivery method example 1.

  The first key distribution unit 17 may execute a predetermined error process when the update of the MAC key K_mac_gen or the ENC key K_enc_gen is unsuccessful. As the predetermined error processing, the key update request message of the key that failed to update may be retransmitted among the key update request messages in step S104b. In addition, the first key distribution unit 17 may execute a predetermined error process if any update completion message is not received even after a predetermined time has elapsed since the transmission of each key update request message in step S104b. . As the predetermined error processing, among the key update request messages in step S104b, a key update request message for a key that does not receive an update completion message may be retransmitted.

  According to the delivery method example 2 described above, by storing the MEK key K_mek_oem common to the automobile 1001 in advance for each ECU 1020 mounted on the same automobile 1001, the master key Master_Secret and the common key Generates a key update request message (first key update request message) of the MEK key K_mek_gen (first key), and uses the key update request message in common to the ECUs 1020 to update the MEK keys of the ECUs 1020. Can be implemented. Further, using the updated MEK key K_mek_gen, each key update request message (second key update request message) of the MAC key K_mac_gen (second key) and the ENC key K_enc_gen (second key) is generated, The key update request message can be shared by the ECUs 1020 to update the MAC keys and ENC keys of the ECUs 1020. As a result, an effect of improving the efficiency of key distribution applied to the ECU 1020 can be obtained. Also, the MEK key K_mek_oem is the only initial key common to the automobile 1001 stored in advance in the ECU 1020. As a result, for example, an effect is obtained that can contribute to simplification of the initial key writing process of the ECU 1020 in the manufacturing factory of the ECU 1020.

  Also, the key update request message is transmitted to the ECUs 1020 connected to the CAN 1030 all at once by broadcasting of the CAN 1030, so that the time required for key distribution can be shortened.

<Example 3 of delivery method>
Example 3 of the distribution method according to the present embodiment will be described with reference to FIG. FIG. 7 is a sequence chart showing Example 3 of the distribution method according to the present embodiment. In FIG. 7, parts corresponding to the respective steps in FIG.

  In FIG. 7, the key generation device 10 stores a master key Master_Secret, a MEK key K_mek_oem, a MAC key K_mac_oem, and an ENC key K_enc_oem in the storage unit 12 in advance.

  The data security device 1010 and each ECU 1020 mounted on a certain automobile 1001 store the same MEK key K_mek_oem, MAC key K_mac_oem, and ENC key K_enc_oem in advance. The data security device 1010 stores the MEK key K_mek_oem, the MAC key K_mac_oem, and the ENC key K_enc_oem in the storage unit 1013 of the HSM 1012. The ECU 1020 stores the MEK key K_mek_oem, the MAC key K_mac_oem, and the ENC key K_enc_oem in the storage unit 1023 of the SHE 1022. In the data security device 1010 and the ECU 1020, for example, the MEK key K_mek_oem, the MAC key K_mac_oem, and the ENC key K_enc_oem are stored in the manufacturing factory.

  MEK key K_mek_oem, MAC key K_mac_oem and ENC key K_enc_oem stored in the key generation apparatus 10, MEK key K_mek_oem, MAC key K_mac_oem and ENC key K_enc_oem stored in the data security apparatus 1010, and MEK key stored in the ECU 1020 K_mac_oem and ENC key K_enc_oem are the same.

  In Example 3 of the distribution method, the MEK key K_mek_oem, the MAC key K_mac_oem, and the ENC key K_enc_oem are keys stored in advance in the data security device 1010 and the ECU 1020, and are common initial keys of the automobile 1001.

  Hereinafter, the key generation device 10 communicates with the data security device 1010. For example, when the server device 2000 functions as the key generation device 10, the server device 2000 communicates with the data security device 1010 via the TCU 1050 of the automobile 1001. Alternatively, when the maintenance tool 2100 functions as the key generation device 10, the maintenance tool 2100 communicates with the data security device 1010 via the diagnosis port 1060 of the automobile 1001. Alternatively, when the TCU 1050 of the automobile 1001 functions as the key generation device 10, the TCU 1050 communicates with the data security device 1010. Further, the data security device 1010 communicates with the ECU 1020 via the CAN 1030.

  In FIG. 7, step S101 and step S102 are executed. Steps S101 and S102 are the same as those in the delivery method example 1.

  In example 3 of the distribution method, the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen correspond to the first key.

(Step S201) The first key distribution unit 17 of the key generation device 10 generates a key update processing message. The key update processing message includes key update request messages MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), MES_K_en_K, and MES_K_enK_meK The M5 parameter, the M4 parameter and the M5 parameter to be compared with the MAC key K_mac_gen, and the M4 parameter and the M5 parameter to be compared with the ENC key K_enc_gen are included. Each key update request message and each M4 parameter and M5 parameter to be compared are the same as those in the delivery method example 1.

  In the example 3 of the distribution method, the key update request message MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), and MES_K_enc_oem (K_enc_gen) correspond to the first key update request message. In the third example of the distribution method, the M4 parameter and M5 parameter to be compared with the MEK key K_mek_gen correspond to the first verification data, the M4 parameter and M5 parameter to be compared with the MAC key K_mac_gen correspond to the first verification data, and ENC The M4 parameter and the M5 parameter to be compared with the key K_enc_gen correspond to the first verification data.

(Step S202) The first key distribution unit 17 of the key generation device 10 transmits a key update processing message to the data security device 1010. The control unit 21 of the data security device 1010 receives the key update processing message from the first key distribution unit 17 of the key generation device 10 through the interface unit 20. The control unit 21 of the data security device 1010 stores the key update processing message received from the first key distribution unit 17 of the key generation device 10 in the storage unit 22. The key update processing message is common to each ECU 1020 of the automobile 1001.

(Step S203) The second key distribution unit 23 of the data security device 1010 acquires the key update request message MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), and MES_K_enc_oem (K_enc) from the storage unit 22 . The second key distribution unit 23 transmits the key update request message MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), and MES_K_enc_oem (K_enc_gen) to the ECU 1020. Key update request messages MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), and MES_K_enc_oem (K_enc_gen) are common to each ECU 1020 of automobile 1001. The key update request message may be transmitted by broadcasting of CAN 1030.

  Next, Step S105 and Step S106 are executed. Steps S105 and S106 are the same as those in the delivery method example 1.

  In example 3 of the distribution method, each update completion message of the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen corresponds to the first update completion message.

(Step S204) The control unit 41 of the ECU 1020 transmits update completion messages of the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen to the data security device 1010 through the interface unit 40.

(Step S205) The second key distribution unit 23 of the data security device 1010 receives each update completion message of the MEK key K_mek_gen, MAC key K_mac_gen, and ENC key K_enc_gen received from the ECU 1020, and the first key distribution unit 17 of the key generation device 10. M4 parameter and M5 parameter to be compared with MEK key K_mek_gen included in the key update processing message received from M4, M4 parameter and M5 parameter to be compared with MAC key K_mac_gen, and M4 parameter and M5 parameter to be compared with ENC key K_enc_gen Validate using The key update processing message received from the first key distribution unit 17 of the key generation device 10 is stored in the storage unit 22.

  The second key distribution unit 23 acquires the M4 parameter and the M5 parameter to be compared with the MEK key K_mek_gen included in the key update processing message from the storage unit 22. The second key distribution unit 23 compares the M4 parameter and M5 parameter included in the update completion message of the MEK key K_mek_gen with the M4 parameter and M5 parameter to be compared with the MEK key K_mek_gen, and determines whether or not they match. to decide. If the result of this determination is that they match, the MEK key has been successfully updated. On the other hand, if the two do not match, the MEK key update has failed.

  The second key distribution unit 23 acquires the M4 parameter and the M5 parameter to be compared with the MAC key K_mac_gen included in the key update processing message from the storage unit 22. The second key distribution unit 23 compares the M4 parameter and M5 parameter included in the MAC key K_mac_gen update completion message with the M4 parameter and M5 parameter to be compared with the MAC key K_mac_gen, and determines whether or not they match. to decide. If the result of this determination is that they match, the MAC key has been successfully updated. On the other hand, if the two do not match, the MAC key update has failed.

  The second key distribution unit 23 acquires the M4 parameter and the M5 parameter to be compared with the ENC key K_enc_gen included in the key update processing message from the storage unit 22. The second key distribution unit 23 compares the M4 parameter and the M5 parameter included in the update completion message of the ENC key K_enc_gen with the comparison target M4 parameter and the M5 parameter of the ENC key K_enc_gen, and determines whether or not they match. to decide. If the result of this determination is that they match, the ENC key has been successfully updated. On the other hand, if the two do not match, the ENC key update has failed.

  Note that the second key distribution unit 23 may perform predetermined error processing when the update of the MEK key K_mek_gen, the MAC key K_mac_gen, or the ENC key K_enc_gen fails. As the predetermined error processing, among the key update request messages in step S203, the key update request message of the key that failed to be updated may be retransmitted. In addition, the second key distribution unit 23 may execute a predetermined error process if any update completion message is not received even after a predetermined time has elapsed since the transmission of each key update request message in step S203. . As the predetermined error process, a key update request message of a key that does not receive an update completion message among the key update request messages in step S203 may be retransmitted.

  Further, the processing may be advanced to step S206 after the MEK key, the MAC key, and the ENC key have been successfully updated for all the ECUs 1020 to be distributed.

(Step S206) The control unit 21 of the data security device 1010 acquires the key update request message MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), and MES_K_enc_oem (K_enc_gen) included in the key update processing message from the storage unit 22.

  The control unit 21 passes the M1 parameter, the M2 parameter, and the M3 parameter included in the key update request message MES_K_mek_oem (K_mek_gen) to the HSM 1012 and requests a key update. The key update unit 35 of the HSM 1012 registers the MEK key K_mek_gen using the M1 parameter, the M2 parameter, the M3 parameter, and the MEK key K_mek_oem stored in the storage unit 1013. Accordingly, the MEK key stored in the storage unit 1013 is updated from the MEK key K_mek_oem to the MEK key K_mek_gen.

  The control unit 21 passes the M1 parameter, the M2 parameter, and the M3 parameter included in the key update request message MES_K_mac_oem (K_mac_gen) to the HSM 1012 and requests a key update. The key update unit 35 of the HSM 1012 registers the MAC key K_mac_gen using the M1 parameter, the M2 parameter, the M3 parameter, and the MAC key K_mac_oem stored in the storage unit 1013. As a result, the MAC key stored in the storage unit 1013 is updated from the MAC key K_mac_oem to the MAC key K_mac_gen.

  The control unit 21 passes the M1 parameter, the M2 parameter, and the M3 parameter included in the key update request message MES_K_enc_oem (K_enc_gen) to the HSM 1012 to request a key update. The key update unit 35 of the HSM 1012 registers the ENC key K_enc_gen using the M1 parameter, the M2 parameter, the M3 parameter, and the ENC key K_enc_oem stored in the storage unit 1013. As a result, the ENC key stored in the storage unit 1013 is updated from the ENC key K_enc_oem to the ENC key K_enc_gen.

  The key update unit 35 of the HSM 1012 generates the M4 parameter and the M5 parameter of the MEK key K_mek_gen using the MEK key K_mek_gen. The HSM 1012 passes the M4 parameter and M5 parameter of the MEK key K_mek_gen to the control unit 21. The control unit 21 acquires the M4 parameter and the M5 parameter to be compared with the MEK key K_mek_gen included in the key update processing message from the storage unit 22. The control unit 21 compares the M4 parameter and M5 parameter of the MEK key K_mek_gen received from the HSM 1012 with the M4 parameter and M5 parameter to be compared with the MEK key K_mek_gen, and determines whether or not they match. If the result of this determination is that they match, the MEK key has been successfully updated. On the other hand, if the two do not match, the MEK key update has failed.

  The key update unit 35 of the HSM 1012 uses the MAC key K_mac_gen to generate the M4 parameter and the M5 parameter of the MAC key K_mac_gen. The HSM 1012 passes the M4 parameter and M5 parameter of the MAC key K_mac_gen to the control unit 21. The control unit 21 acquires the M4 parameter and the M5 parameter to be compared with the MAC key K_mac_gen included in the key update processing message from the storage unit 22. The control unit 21 compares the M4 parameter and M5 parameter of the MAC key K_mac_gen received from the HSM 1012 with the M4 parameter and M5 parameter to be compared with the MAC key K_mac_gen, and determines whether or not they match. If the result of this determination is that they match, the MAC key has been successfully updated. On the other hand, if the two do not match, the MAC key update has failed.

  The key update unit 35 of the HSM 1012 uses the ENC key K_enc_gen to generate the M4 parameter and the M5 parameter of the ENC key K_enc_gen. The HSM 1012 passes the M4 parameter and M5 parameter of the ENC key K_enc_gen to the control unit 21. The control unit 21 acquires the M4 parameter and the M5 parameter to be compared with the ENC key K_enc_gen included in the key update processing message from the storage unit 22. The control unit 21 compares the M4 parameter and M5 parameter of the ENC key K_enc_gen received from the HSM 1012 with the M4 parameter and M5 parameter to be compared of the ENC key K_enc_gen, and determines whether or not they match. If the result of this determination is that they match, the ENC key has been successfully updated. On the other hand, if the two do not match, the ENC key update has failed.

  Note that the control unit 21 may execute predetermined error processing when the update of the MEK key K_mek_gen, the MAC key K_mac_gen, or the ENC key K_enc_gen of the HSM 1012 is unsuccessful. As the predetermined error process, a key update failure may be reported to the key generation apparatus 10. Further, the control unit 21 may report a key update failure of the ECU 1020 to the key generation device 10. In addition, the control unit 21 may report the key update success of the ECU 1020 and the data security device 1010 to the key generation device 10.

  Note that the data security device 1010 may update the key in step S206 at any timing after the reception of the key update processing message in step S202. For example, the data security device 1010 may update the key in step S206 before receiving the update completion message in step S204.

  According to the third example of the delivery method described above, the master 10K, the MAC key K_mac_oem, and the ENC key K_enc_oem that are common to the automobile 1001 are stored in advance for each ECU 1020 mounted on the same automobile 1001. A key update request message (first key update request message) for each key (first key) is generated from the key Master_Secret and the common key, and the key update request message is commonly used by the ECUs 1020 to The key of ECU 1020 can be updated. As a result, an effect of improving the efficiency of key distribution applied to the ECU 1020 can be obtained.

  Also, the key update request message is transmitted to the ECUs 1020 connected to the CAN 1030 all at once by broadcasting of the CAN 1030, so that the time required for key distribution can be shortened.

  Also, by distributing the processing to the key generation device 10 and the data security device 1010, the processing load on the key generation device 10 can be reduced. Thereby, for example, when the key generation device 10 executes a key distribution process for a plurality of automobiles 1001, it can contribute to a reduction in processing time.

<Example 4 of delivery method>
An example 4 of the distribution method according to the present embodiment will be described with reference to FIG. FIG. 8 is a sequence chart showing Example 4 of the distribution method according to the present embodiment. In FIG. 8, parts corresponding to the steps in FIGS. 5 and 6 are given the same reference numerals.

  In FIG. 8, the key generation device 10 stores a master key Master_Secret and a MEK key K_mek_oem in the storage unit 12 in advance.

  The data security device 1010 and each ECU 1020 mounted on a certain automobile 1001 store the same MEK key K_mek_oem in advance. The data security device 1010 stores the MEK key K_mek_oem in the storage unit 1013 of the HSM 1012. The ECU 1020 stores the MEK key K_mek_oem in the storage unit 1023 of the SHE 1022. In the data security device 1010 and the ECU 1020, for example, the MEK key K_mek_oem is stored at the manufacturing factory.

  The MEK key K_mek_oem stored in the key generation device 10, the MEK key K_mek_oem stored in the data security device 1010, and the MEK key K_mek_oem stored in the ECU 1020 are the same.

  In Example 4 of the distribution method, the MEK key K_mek_oem is a key stored in advance in the data security device 1010 and the ECU 1020 and is a common initial key of the automobile 1001.

  The communication method between the key generation device 10 and the data security device 1010 is the same as that of the delivery method example 3. A communication method between the data security device 1010 and the ECU 1020 is the same as that of the delivery method example 3.

  In FIG. 8, step S101 and step S102 are executed. Steps S101 and S102 are the same as those in the delivery method example 1.

  In example 4 of the distribution method, the MEK key K_mek_gen corresponds to the first key, and the MAC key K_mac_gen and the ENC key K_enc_gen correspond to the second key.

(Step S201a) The first key distribution unit 17 of the key generation device 10 generates a key update processing message. The key update process message includes a key update request message MES_K_mek_oem (K_mek_gen) of the MEK key K_mek_gen, a key update request message MES_K_mek_gen (K_mac_gen) of the MAC key K_mac_gen, and a key update request message Mecgen_Ken_Ken_en The M4 parameter and M5 parameter to be compared with the key K_mek_gen, the M4 parameter and M5 parameter to be compared with the MAC key K_mac_gen, and the M4 parameter and M5 parameter to be compared with the ENC key K_enc_gen are included. Each key update request message is the same as Example 2 of the distribution method. The M4 parameter and M5 parameter to be compared are the same as those in the delivery method example 1.

  In example 4 of the distribution method, the key update request message MES_K_mek_oem (K_mek_gen) corresponds to the first key update request message. In example 4 of the distribution method, the key update request messages MES_K_mek_gen (K_mac_gen) and MES_K_mek_gen (K_enc_gen) correspond to the second key update request message. In Example 4 of the distribution method, the M4 parameter and the M5 parameter to be compared with the MEK key K_mek_gen correspond to the first verification data. In Example 4 of the distribution method, the M4 parameter and the M5 parameter to be compared with the MAC key K_mac_gen correspond to the second verification data. In Example 4 of the distribution method, the M4 parameter and the M5 parameter to be compared with the ENC key K_enc_gen correspond to the second verification data.

(Step S202a) The first key distribution unit 17 of the key generation device 10 transmits a key update processing message to the data security device 1010. The control unit 21 of the data security device 1010 stores the key update processing message received from the first key distribution unit 17 of the key generation device 10 in the storage unit 22. The key update processing message is common to each ECU 1020 of the automobile 1001.

(Step S203a) The second key distribution unit 23 of the data security device 1010 acquires the key update request message MES_K_mek_oem (K_mek_gen) included in the key update processing message from the storage unit 22. The second key distribution unit 23 transmits the key update request message MES_K_mek_oem (K_mek_gen) to the ECU 1020. Key update request message MES_K_mek_oem (K_mek_gen) is common to each ECU 1020 of automobile 1001. The key update request message may be transmitted by broadcasting of CAN 1030.

  Next, Step S105a and Step S106a are executed. Steps S105a and S106a are the same as those in the delivery method example 2.

  In example 4 of the distribution method, the update completion message of the MEK key K_mek_gen corresponds to the first update completion message.

(Step S204a) The control unit 41 of the ECU 1020 transmits an update completion message of the MEK key K_mek_gen to the data security device 1010 through the interface unit 40.

(Step S205a) The second key distribution unit 23 of the data security device 1010 includes the update completion message of the MEK key K_mek_gen received from the ECU 1020 in the key update processing message received from the first key distribution unit 17 of the key generation device 10. Verification using the M4 parameter and the M5 parameter to be compared with the MEK key K_mek_gen to be compared. The key update processing message received from the first key distribution unit 17 of the key generation device 10 is stored in the storage unit 22. The verification method of the update completion message is the same as that of the delivery method example 3.

  Note that the second key distribution unit 23 may execute a predetermined error process when the update of the MEK key K_mek_gen fails. As the predetermined error processing, the key update request message in step S203a may be retransmitted. In addition, the second key distribution unit 23 may execute a predetermined error process when the update completion message is not received even after a predetermined time has elapsed since the transmission of the key update request message in step S203a. As the predetermined error processing, the key update request message in step S203a may be retransmitted.

  Further, the processing may be advanced to step S206a after the MEK key has been successfully updated for all the ECUs 1020 targeted for key distribution.

(Step S206a) The control unit 21 of the data security device 1010 acquires the key update request message MES_K_mek_oem (K_mek_gen) included in the key update processing message from the storage unit 22.

  The control unit 21 passes the M1 parameter, the M2 parameter, and the M3 parameter included in the key update request message MES_K_mek_oem (K_mek_gen) to the HSM 1012 and requests a key update. The key update unit 35 of the HSM 1012 registers the MEK key K_mek_gen using the M1 parameter, the M2 parameter, the M3 parameter, and the MEK key K_mek_oem stored in the storage unit 1013. Accordingly, the MEK key stored in the storage unit 1013 is updated from the MEK key K_mek_oem to the MEK key K_mek_gen.

  The key update unit 35 of the HSM 1012 generates the M4 parameter and the M5 parameter of the MEK key K_mek_gen using the MEK key K_mek_gen. The HSM 1012 passes the M4 parameter and M5 parameter of the MEK key K_mek_gen to the control unit 21. The control unit 21 acquires the M4 parameter and the M5 parameter to be compared with the MEK key K_mek_gen included in the key update processing message from the storage unit 22. The control unit 21 compares the M4 parameter and M5 parameter of the MEK key K_mek_gen received from the HSM 1012 with the M4 parameter and M5 parameter to be compared with the MEK key K_mek_gen, and determines whether or not they match. If the result of this determination is that they match, the MEK key has been successfully updated. On the other hand, if the two do not match, the MEK key update has failed.

  The control unit 21 may execute a predetermined error process when the update of the MEK key K_mek_gen of the HSM 1012 is unsuccessful. As the predetermined error process, a key update failure may be reported to the key generation apparatus 10. Further, the control unit 21 may report a key update failure of the ECU 1020 to the key generation device 10. In addition, the control unit 21 may report the key update success of the ECU 1020 and the data security device 1010 to the key generation device 10.

(Step S203b) The second key distribution unit 23 of the data security device 1010 acquires the key update request message MES_K_mek_gen (K_mac_gen) and MES_K_mek_gen (K_enc_gen) included in the key update processing message from the storage unit 22. The second key distribution unit 23 transmits the key update request message MES_K_mek_gen (K_mac_gen) and MES_K_mek_gen (K_enc_gen) to the ECU 1020. Key update request messages MES_K_mek_gen (K_mac_gen) and MES_K_mek_gen (K_enc_gen) are common to each ECU 1020 of automobile 1001. The key update request message may be transmitted by broadcasting of CAN 1030.

  Next, Step S105b and Step S106b are executed. Steps S105b and S106b are the same as those in the delivery method example 2.

  In example 4 of the distribution method, each update completion message of the MAC key K_mac_gen and the ENC key K_enc_gen corresponds to a second update completion message.

(Step S204b) The control unit 41 of the ECU 1020 transmits update completion messages of the MAC key K_mac_gen and the ENC key K_enc_gen to the data security device 1010 through the interface unit 40.

(Step S205b) The second key distribution unit 23 of the data security device 1010 receives each update completion message of the MAC key K_mac_gen and ENC key K_enc_gen received from the ECU 1020 from the first key distribution unit 17 of the key generation device 10. Verification is performed using the M4 parameter and M5 parameter to be compared with the MAC key K_mac_gen included in the update processing message, and the M4 parameter and M5 parameter to be compared with the ENC key K_enc_gen. The key update processing message received from the first key distribution unit 17 of the key generation device 10 is stored in the storage unit 22. The verification method of the update completion message is the same as that of the delivery method example 3.

  Note that the second key distribution unit 23 may execute a predetermined error process when the update of the MAC key K_mac_gen or the ENC key K_enc_gen fails. As the predetermined error process, the key update request message of the key that failed to update among the key update request messages in step S203b may be retransmitted. Further, the second key distribution unit 23 may execute a predetermined error process if any update completion message is not received even after a predetermined time has elapsed since the transmission of each key update request message in step S203b. . As the predetermined error process, a key update request message of a key that does not receive an update completion message among the key update request messages in step S203b may be retransmitted.

  Further, the processing may be advanced to step S206b after the updating of the MAC key and the ENC key is successful for all the ECUs 1020 to be distributed.

(Step S206b) The control unit 21 of the data security device 1010 acquires the key update request message MES_K_mek_gen (K_mac_gen) and MES_K_mek_gen (K_enc_gen) included in the key update processing message from the storage unit 22.

  The control unit 21 passes the M1 parameter, the M2 parameter, and the M3 parameter included in the key update request message MES_K_mek_gen (K_mac_gen) to the HSM 1012 to request a key update. The key update unit 35 of the HSM 1012 registers the MAC key K_mac_gen using the M1 parameter, the M2 parameter, the M3 parameter, and the MEK key K_mek_gen stored in the storage unit 1013. As a result, the MAC key K_mac_gen is stored in the storage unit 1013.

  The control unit 21 passes the M1 parameter, the M2 parameter, and the M3 parameter included in the key update request message MES_K_mek_gen (K_enc_gen) to the HSM 1012 to request a key update. The key update unit 35 of the HSM 1012 registers the ENC key K_enc_gen using the M1 parameter, the M2 parameter, the M3 parameter, and the MEK key K_mek_gen stored in the storage unit 1013. As a result, the ENC key K_enc_gen is stored in the storage unit 1013.

  The key update unit 35 of the HSM 1012 uses the MAC key K_mac_gen to generate the M4 parameter and the M5 parameter of the MAC key K_mac_gen. The HSM 1012 passes the M4 parameter and M5 parameter of the MAC key K_mac_gen to the control unit 21. The control unit 21 acquires the M4 parameter and the M5 parameter to be compared with the MAC key K_mac_gen included in the key update processing message from the storage unit 22. The control unit 21 compares the M4 parameter and M5 parameter of the MAC key K_mac_gen received from the HSM 1012 with the M4 parameter and M5 parameter to be compared with the MAC key K_mac_gen, and determines whether or not they match. If the result of this determination is that they match, the MAC key has been successfully updated. On the other hand, if the two do not match, the MAC key update has failed.

  The key update unit 35 of the HSM 1012 uses the ENC key K_enc_gen to generate the M4 parameter and the M5 parameter of the ENC key K_enc_gen. The HSM 1012 passes the M4 parameter and M5 parameter of the ENC key K_enc_gen to the control unit 21. The control unit 21 acquires the M4 parameter and the M5 parameter to be compared with the ENC key K_enc_gen included in the key update processing message from the storage unit 22. The control unit 21 compares the M4 parameter and M5 parameter of the ENC key K_enc_gen received from the HSM 1012 with the M4 parameter and M5 parameter to be compared of the ENC key K_enc_gen, and determines whether or not they match. If the result of this determination is that they match, the ENC key has been successfully updated. On the other hand, if the two do not match, the ENC key update has failed.

  The control unit 21 may execute a predetermined error process when the update of the MAC key K_mac_gen or the ENC key K_enc_gen of the HSM 1012 is unsuccessful. As the predetermined error process, a key update failure may be reported to the key generation apparatus 10. Further, the control unit 21 may report a key update failure of the ECU 1020 to the key generation device 10. In addition, the control unit 21 may report the key update success of the ECU 1020 and the data security device 1010 to the key generation device 10.

  Note that the data security device 1010 may update the keys in steps S206a and S206b at an arbitrary timing after the reception of the key update processing message in step S202a. For example, the data security device 1010 may update the keys in steps S206a and S206b before receiving the update completion message in step S204a. Alternatively, the data security device 1010 may update the keys in steps S206a and S206b after receiving the update completion message in step S204b.

  According to the delivery method example 4 described above, the MEK key K_mek_oem common to the automobile 1001 is stored in advance for each ECU 1020 mounted on the same automobile 1001, so that the master key Master_Secret and the common key Generates a key update request message (first key update request message) of the MEK key K_mek_gen (first key), and uses the key update request message in common to the ECUs 1020 to update the MEK keys of the ECUs 1020. Can be implemented. Further, using the updated MEK key K_mek_gen, each key update request message (second key update request message) of the MAC key K_mac_gen (second key) and the ENC key K_enc_gen (second key) is generated, The key update request message can be shared by the ECUs 1020 to update the MAC keys and ENC keys of the ECUs 1020. As a result, an effect of improving the efficiency of key distribution applied to the ECU 1020 can be obtained. Also, the MEK key K_mek_oem is the only initial key common to the automobile 1001 stored in advance in the ECU 1020. As a result, for example, an effect is obtained that can contribute to simplification of the initial key writing process of the ECU 1020 in the manufacturing factory of the ECU 1020.

  Also, the key update request message is transmitted to the ECUs 1020 connected to the CAN 1030 all at once by broadcasting of the CAN 1030, so that the time required for key distribution can be shortened.

  Also, by distributing the processing to the key generation device 10 and the data security device 1010, the processing load on the key generation device 10 can be reduced. Thereby, for example, when the key generation device 10 executes a key distribution process for a plurality of automobiles 1001, it can contribute to a reduction in processing time.

<Example 5 of delivery method>
With reference to FIG. 9, Example 5 of the delivery method according to the present embodiment will be described. FIG. 9 is a sequence chart showing a fifth example of the distribution method according to the present embodiment. 9, parts corresponding to the respective steps in FIG. 5 are denoted by the same reference numerals.

  In FIG. 9, the key generation device 10 stores a master key Master_Secret, a MEK key K_mek_oem, a MAC key K_mac_oem, and an ENC key K_enc_oem in the storage unit 12 in advance.

  The data security device 1010 and each ECU 1020 mounted on a certain automobile 1001 store the same MEK key K_mek_oem, MAC key K_mac_oem, and ENC key K_enc_oem in advance, as in the third example of the distribution method. The data security device 1010 stores the key in the storage unit 1013 of the HSM 1012. The ECU 1020 stores the key in the storage unit 1023 of the SHE 1022.

  MEK key K_mek_oem, MAC key K_mac_oem and ENC key K_enc_oem stored in the key generation apparatus 10, MEK key K_mek_oem, MAC key K_mac_oem and ENC key K_enc_oem stored in the data security apparatus 1010, and MEK key stored in the ECU 1020 K_mac_oem and ENC key K_enc_oem are the same.

  In the delivery method example 5, the MEK key K_mek_oem, the MAC key K_mac_oem, and the ENC key K_enc_oem are keys stored in advance in the data security device 1010 and the ECU 1020, and are common initial keys of the automobile 1001.

  The communication method between the key generation device 10 and the data security device 1010 is the same as that of the delivery method example 3. A communication method between the data security device 1010 and the ECU 1020 is the same as that of the delivery method example 3.

  In FIG. 9, step S101 and step S102 are executed. Steps S101 and S102 are the same as those in the delivery method example 1.

  In Example 5 of the distribution method, the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen correspond to the first key.

(Step S301) The first key distribution unit 17 of the key generation device 10 transmits the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen to the data security device 1010. The control unit 21 of the data security device 1010 receives the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen from the first key distribution unit 17 of the key generation device 10 through the interface unit 20. The control unit 21 of the data security device 1010 passes the MEK key K_mek_gen, MAC key K_mac_gen, and ENC key K_enc_gen received from the first key distribution unit 17 of the key generation device 10 to the HSM 1012 and stores them in the storage unit 1013.

  Note that the key generation device 10 may encrypt the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen and transmit them to the data security device 1010. A case where the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen are encrypted will be described below.

  The encryption processing unit 16 of the key generation device 10 encrypts the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen with the ENC key K_enc_oem stored in the storage unit 12, respectively, and generates the encryption keys K_enc_oem (K_mek_gen) and K_enc_ome K_mac_gen) and K_enc_oem (K_enc_gen) are generated. The first key distribution unit 17 transmits the encryption keys K_enc_oem (K_mek_gen), K_enc_oem (K_mac_gen), and K_enc_oem (K_enc_gen) to the data security device 1010. The control unit 21 of the data security device 1010 receives the encryption keys K_enc_oem (K_mek_gen), K_enc_oem (K_mac_gen), and K_enc_oem (K_enc_gen) from the first key distribution unit 17 of the key generation device 10 through the interface unit 20.

  The control unit 21 of the data security device 1010 passes the encryption keys K_enc_oem (K_mek_gen), K_enc_oem (K_mac_gen), and K_enc_oem (K_enc_gen) received from the first key distribution unit 17 of the key generation device 10 to the HSM 1012 for decryption. The encryption processing unit 32 of the HSM 1012 decrypts the encryption keys K_enc_oem (K_mek_gen), K_enc_oem (K_mac_gen), and K_enc_oem (K_enc_gen) using the ENC key K_enc_oem stored in the storage unit 1013. The HSM 1012 stores the MEK key K_mek_gen, MAC key K_mac_gen, and ENC key K_enc_gen acquired by the decryption in the storage unit 1013.

Note that the encryption key used for encryption of the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen may be a common key K_com other than the above-described ENC key K_enc_oem. The key generation device 10 and the data security device 1010 share a common key K_com in advance.
The above is a description of the case where the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen are encrypted.

(Step S302) The distribution processing unit 36 of the HSM 1012 of the data security device 1010 uses the MEK key K_mek_oem, the MAC key K_mac_oem, and the ENC key K_enc_oem to update each key update message of the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), and MES_K_enc_oem (K_enc_gen) are generated. Each key update request message is the same as Example 1 of the distribution method.

  In example 5 of the distribution method, the key update request message MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), and MES_K_enc_oem (K_enc_gen) correspond to the first key update request message.

(Step S303) The second key distribution unit 23 of the data security device 1010 transmits a key update request message MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), and MES_K_enc_oem (K_enc_gen) to the ECU 1020. Key update request messages MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), and MES_K_enc_oem (K_enc_gen) are common to each ECU 1020 of automobile 1001. The key update request message may be transmitted by broadcasting of CAN 1030.

  Next, Step S105 and Step S106 are executed. Steps S105 and S106 are the same as those in the delivery method example 1.

  In Example 5 of the distribution method, each update completion message of the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen corresponds to the first update completion message.

(Step S304) The control unit 41 of the ECU 1020 transmits the update completion messages of the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen to the data security device 1010 through the interface unit 40. The control unit 21 of the data security device 1010 receives the update completion messages of the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen from the ECU 1020 through the interface unit 20.

(Step S305) The control unit 21 of the data security device 1010 passes the update completion messages of the MEK key K_mek_gen, MAC key K_mac_gen, and ENC key K_enc_gen received from the ECU 1020 to the HSM 1012 for verification. The distribution processing unit 36 of the HSM 1012 verifies each update completion message based on the MEK key K_mek_gen, MAC key K_mac_gen, and ENC key K_enc_gen received from the first key distribution unit 17 of the key generation device 10. The MEK key K_mek_gen, MAC key K_mac_gen, and ENC key K_enc_gen received from the first key distribution unit 17 of the key generation device 10 are stored in the storage unit 1013.

  The distribution processing unit 36 uses the MEK key K_mek_gen received from the first key distribution unit 17 of the key generation device 10 to generate the M4 parameter and the M5 parameter to be compared with the MEK key K_mek_gen. The distribution processing unit 36 compares the M4 parameter and the M5 parameter included in the update completion message of the MEK key K_mek_gen with the M4 parameter and the M5 parameter to be compared with the MEK key K_mek_gen, and determines whether or not they match. . If the result of this determination is that they match, the MEK key has been successfully updated. On the other hand, if the two do not match, the MEK key update has failed.

  The distribution processing unit 36 uses the MAC key K_mac_gen received from the first key distribution unit 17 of the key generation device 10 to generate the M4 parameter and M5 parameter to be compared with the MAC key K_mac_gen. The distribution processing unit 36 compares the M4 parameter and M5 parameter included in the MAC key K_mac_gen update completion message with the M4 parameter and M5 parameter to be compared with the MAC key K_mac_gen, and determines whether or not they match. . If the result of this determination is that they match, the MAC key has been successfully updated. On the other hand, if the two do not match, the MAC key update has failed.

  The distribution processing unit 36 uses the ENC key K_enc_gen received from the first key distribution unit 17 of the key generation device 10 to generate the M4 parameter and the M5 parameter to be compared with the ENC key K_enc_gen. The distribution processing unit 36 compares the M4 parameter and the M5 parameter included in the update completion message of the ENC key K_enc_gen with the M4 parameter and the M5 parameter to be compared with the ENC key K_enc_gen, and determines whether or not they match. . If the result of this determination is that they match, the ENC key has been successfully updated. On the other hand, if the two do not match, the ENC key update has failed.

  Note that the second key distribution unit 23 of the data security device 1010 may execute a predetermined error process when the update of the MEK key K_mek_gen, the MAC key K_mac_gen, or the ENC key K_enc_gen fails. As the predetermined error processing, among the key update request messages in step S303, the key update request message of the key that failed to be updated may be retransmitted. In addition, the second key distribution unit 23 may execute a predetermined error process if any update completion message is not received even after a predetermined time has elapsed since the transmission of each key update request message in step S303. . As the predetermined error process, a key update request message of a key that does not receive an update completion message among the key update request messages in step S303 may be retransmitted.

  Further, the processing may be advanced to step S306 after the MEK key, the MAC key, and the ENC key have been successfully updated for all the ECUs 1020 to be distributed.

(Step S306) The control unit 21 of the data security device 1010 requests the HSM 1012 to update the key. The key update unit 35 of the HSM 1012 updates the storage unit 1013 from the MEK key K_mek_oem, the MAC key K_mac_oem, and the ENC key K_enc_oem to the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen. As a result, the MEK key stored in the storage unit 1013 is updated from the MEK key K_mek_oem to the MEK key K_mek_gen. Also, the MAC key stored in the storage unit 1013 is updated from the MAC key K_mac_oem to the MAC key K_mac_gen. Further, the ENC key stored in the storage unit 1013 is updated from the ENC key K_enc_oem to the ENC key K_enc_gen.

  According to the delivery method example 5 described above, the master MEK key K_mek_oem, the MAC key K_mac_oem, and the ENC key K_enc_oem common to the automobile 1001 are stored in advance for each ECU 1020 mounted on the same automobile 1001. A key update request message (first key update request message) for each key (first key) is generated from the key Master_Secret and the common key, and the key update request message is commonly used by the ECUs 1020 to The key of ECU 1020 can be updated. As a result, an effect of improving the efficiency of key distribution applied to the ECU 1020 can be obtained.

  Also, the key update request message is transmitted to the ECUs 1020 connected to the CAN 1030 all at once by broadcasting of the CAN 1030, so that the time required for key distribution can be shortened.

  Also, by distributing the processing to the key generation device 10 and the data security device 1010, the processing load on the key generation device 10 can be reduced. Thereby, for example, when the key generation device 10 executes a key distribution process for a plurality of automobiles 1001, it can contribute to a reduction in processing time.

<Example 6 of delivery method>
With reference to FIG. 10, Example 6 of the delivery method according to the present embodiment will be described. FIG. 10 is a sequence chart showing a sixth example of the distribution method according to the present embodiment. In FIG. 10, the same reference numerals are given to the portions corresponding to the steps in FIGS. 5, 6, and 9.

  In FIG. 10, the key generation device 10 stores a master key Master_Secret and an ENC key K_enc_oem in the storage unit 12 in advance.

The data security device 1010 and each ECU 1020 mounted on a certain automobile 1001 store the same MEK key K_mek_oem in advance, as in the delivery method example 4.
The data security device 1010 further stores an ENC key K_enc_oem in advance. The data security device 1010 stores the MEK key K_mek_oem and the ENC key K_enc_oem in the storage unit 1013 of the HSM 1012. The ECU 1020 stores the MEK key K_mek_oem in the storage unit 1023 of the SHE 1022.

  The ENC key K_enc_oem stored in the key generation device 10 and the ENC key K_enc_oem stored in the data security device 1010 are the same.

  In Example 6 of the distribution method, the MEK key K_mek_oem is a key stored in advance in the data security device 1010 and the ECU 1020 and is a common initial key of the automobile 1001.

  The communication method between the key generation device 10 and the data security device 1010 is the same as that of the delivery method example 3. A communication method between the data security device 1010 and the ECU 1020 is the same as that of the delivery method example 3.

  In FIG. 10, step S101 and step S102 are executed. Steps S101 and S102 are the same as those in the delivery method example 1.

  In the example 6 of the distribution method, the MEK key K_mek_gen corresponds to the first key, and the MAC key K_mac_gen and the ENC key K_enc_gen correspond to the second key.

Next, step S301 is executed. Step S301 is the same as that of the delivery method example 5. Similarly to the example 5 of the distribution method, the key generation device 10 may encrypt the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen with the own ENC key K_enc_oem and transmit the encrypted data to the data security device 1010. In this case, the data security device 1010 decrypts the encryption keys K_enc_oem (K_mek_gen), K_enc_oem (K_mac_gen), and K_enc_oem (K_enc_gen) with its own ENC key K_enc_oem.
Note that the encryption key used for encryption of the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen may be a common key K_com other than the above-described ENC key K_enc_oem. The key generation device 10 and the data security device 1010 share a common key K_com in advance.

(Step S302a) The distribution processing unit 36 of the HSM 1012 of the data security device 1010 generates a key update request message MES_K_mek_oem (K_mek_gen) for the MEK key K_mek_gen using the MEK key K_mek_oem. The key update request message is the same as that in the delivery method example 1.

  In Example 6 of the distribution method, the key update request message MES_K_mek_oem (K_mek_gen) corresponds to the first key update request message.

(Step S303a) The second key distribution unit 23 of the data security device 1010 transmits a key update request message MES_K_mek_oem (K_mek_gen) to the ECU 1020 via the interface unit 20. Key update request message MES_K_mek_oem (K_mek_gen) is common to each ECU 1020 of automobile 1001. The key update request message may be transmitted by broadcasting of CAN 1030.

  Next, Step S105a and Step S106a are executed. Steps S105a and S106a are the same as those in the delivery method example 2.

  In Example 6 of the distribution method, the update completion message of the MEK key K_mek_gen corresponds to the first update completion message.

(Step S304a) The control unit 41 of the ECU 1020 transmits an update completion message of the MEK key K_mek_gen to the data security device 1010 through the interface unit 40. The control unit 21 of the data security device 1010 receives an update completion message for the MEK key K_mek_gen from the ECU 1020 via the interface unit 20.

(Step S305a) The control unit 21 of the data security device 1010 passes the update completion message of the MEK key K_mek_gen received from the ECU 1020 to the HSM 1012 for verification. The distribution processing unit 36 of the HSM 1012 verifies the update completion message of the MEK key K_mek_gen based on the MEK key K_mek_gen received from the first key distribution unit 17 of the key generation device 10. The MEK key K_mek_gen received from the first key distribution unit 17 of the key generation device 10 is stored in the storage unit 1013. The verification method of the update completion message is the same as that of the delivery method example 5.

  Note that the second key distribution unit 23 may execute a predetermined error process when the update of the MEK key K_mek_gen fails. As the predetermined error processing, the key update request message in step S303a may be retransmitted. In addition, the second key distribution unit 23 may execute a predetermined error process when the update completion message is not received even after a predetermined time has elapsed since the transmission of the key update request message in step S303a. As the predetermined error processing, the key update request message in step S303a may be retransmitted.

  Further, the processing may be advanced to step S306a after the MEK key has been successfully updated for all the ECUs 1020 to be distributed.

(Step S306a) The control unit 21 of the data security device 1010 requests the HSM 1012 to update the key. The key update unit 35 of the HSM 1012 updates the registration from the MEK key K_mek_oem to the MEK key K_mek_gen to the storage unit 1013. As a result, the MEK key stored in the storage unit 1013 is updated from the MEK key K_mek_oem to the MEK key K_mek_gen.

(Step S302b) The distribution processing unit 36 of the HSM 1012 of the data security device 1010 uses the MEK key K_mek_gen to generate each key update request message MES_K_mek_gen (K_mac_gen) and MES_K_mec_gen (K_gen_K_gen) for the MAC key K_mac_gen and ENC key K_enc_gen. . The key update request message is the same as that of the delivery method example 2.

(Step S303b) The second key distribution unit 23 of the data security device 1010 transmits a key update request message MES_K_mek_gen (K_mac_gen) and MES_K_mek_gen (K_enc_gen) to the ECU 1020. Key update request messages MES_K_mek_gen (K_mac_gen) and MES_K_mek_gen (K_enc_gen) are common to each ECU 1020 of automobile 1001. The key update request message may be transmitted by broadcasting of CAN 1030.

  Next, Step S105b and Step S106b are executed. Steps S105b and S106b are the same as those in the delivery method example 2.

  In the distribution method example 6, each update completion message of the MAC key K_mac_gen and the ENC key K_enc_gen corresponds to a second update completion message.

(Step S304b) The control unit 41 of the ECU 1020 transmits update completion messages of the MAC key K_mac_gen and the ENC key K_enc_gen to the data security device 1010 through the interface unit 40. The control unit 21 of the data security device 1010 receives the update completion messages of the MAC key K_mac_gen and the ENC key K_enc_gen from the ECU 1020 through the interface unit 20.

(Step S305b) The control unit 21 of the data security device 1010 passes each update completion message of the MAC key K_mac_gen and ENC key K_enc_gen received from the ECU 1020 to the HSM 1012 for verification. The distribution processing unit 36 of the HSM 1012 verifies each update completion message based on the MAC key K_mac_gen and ENC key K_enc_gen received from the first key distribution unit 17 of the key generation device 10. The MAC key K_mac_gen and ENC key K_enc_gen received from the first key distribution unit 17 of the key generation device 10 are stored in the storage unit 1013. The verification method of the update completion message is the same as that of the delivery method example 5.

  Note that the second key distribution unit 23 of the data security device 1010 may execute a predetermined error process when the update of the MAC key K_mac_gen or the ENC key K_enc_gen is unsuccessful. As the predetermined error process, the key update request message of the key that failed to update may be retransmitted among the key update request messages in step S303b. In addition, the second key distribution unit 23 may execute a predetermined error process if any update completion message is not received even after a predetermined time has elapsed since the transmission of each key update request message in step S303b. . As the predetermined error processing, among the key update request messages in step S303b, a key update request message for a key that does not receive an update completion message may be retransmitted.

  Further, the processing may be advanced to step S306b after the updating of the MAC key and the ENC key is successful for all the ECUs 1020 to be distributed.

(Step S306b) The control unit 21 of the data security device 1010 requests the HSM 1012 to update the key. The key update unit 35 of the HSM 1012 registers the MAC key K_mac_gen in the storage unit 1013. As a result, the MAC key K_mac_gen is stored in the storage unit 1013. In addition, the key update unit 35 updates the registration from the ENC key K_enc_oem to the ENC key K_enc_gen to the storage unit 1013. As a result, the ENC key stored in the storage unit 1013 is updated from the ENC key K_enc_oem to the ENC key K_enc_gen.

  According to the delivery method example 6 described above, by storing the MEK key K_mek_oem common to the automobile 1001 in advance for each ECU 1020 mounted on the same automobile 1001, the master key Master_Secret and the common key Generates a key update request message (first key update request message) of the MEK key K_mek_gen (first key), and uses the key update request message in common to the ECUs 1020 to update the MEK keys of the ECUs 1020. Can be implemented. Further, using the updated MEK key K_mek_gen, each key update request message (second key update request message) of the MAC key K_mac_gen (second key) and the ENC key K_enc_gen (second key) is generated, The key update request message can be shared by the ECUs 1020 to update the MAC keys and ENC keys of the ECUs 1020. As a result, an effect of improving the efficiency of key distribution applied to the ECU 1020 can be obtained. Also, the MEK key K_mek_oem is the only initial key common to the automobile 1001 stored in advance in the ECU 1020. As a result, for example, an effect is obtained that can contribute to simplification of the initial key writing process of the ECU 1020 in the manufacturing factory of the ECU 1020.

  Also, the key update request message is transmitted to the ECUs 1020 connected to the CAN 1030 all at once by broadcasting of the CAN 1030, so that the time required for key distribution can be shortened.

  Also, by distributing the processing to the key generation device 10 and the data security device 1010, the processing load on the key generation device 10 can be reduced. Thereby, for example, when the key generation device 10 executes a key distribution process for a plurality of automobiles 1001, it can contribute to a reduction in processing time.

<Example 7 of delivery method>
Example 7 of the distribution method according to this embodiment will be described with reference to FIGS. FIG. 11 is a diagram illustrating another configuration example of the data security device 1010 according to the present embodiment. FIG. 12 is a sequence chart showing a seventh example of the distribution method according to the present embodiment. In FIG. 11, the same reference numerals are given to portions corresponding to the respective portions in FIG. 3. In FIG. 12, parts corresponding to the steps in FIGS. 5 and 9 are given the same reference numerals.

  In example 7 of the distribution method, as shown in FIG. 11, the HSM 1012 of the data security device 1010 further includes a key generation unit 37. The key generation unit 37 has the same key generation function as the key generation unit 15 of the key generation device 10.

  In FIG. 12, the HSM 1012 of the data security device 1010 stores a master key Master_Secret, MEK key K_mek_oem, MAC key K_mac_oem, and ENC key K_enc_oem in the storage unit 1013 in advance.

  The data security device 1010 and each ECU 1020 mounted on a certain automobile 1001 store the same MEK key K_mek_oem, MAC key K_mac_oem, and ENC key K_enc_oem in advance, as in the third example of the distribution method. The ECU 1020 stores the key in the storage unit 1023 of the SHE 1022.

  In the delivery method example 7, the MEK key K_mek_oem, the MAC key K_mac_oem, and the ENC key K_enc_oem are keys stored in advance in the data security device 1010 and the ECU 1020, and are common initial keys of the automobile 1001.

  A communication method between the data security device 1010 and the ECU 1020 is the same as that of the delivery method example 3.

(Step S401) The control unit 21 of the data security device 1010 acquires the vehicle identification number VIN of the automobile 1001 on which the data security device 1010 is mounted. The vehicle identification number VIN of the automobile 1001 may be stored in the data security device 1010 in advance, or may be stored in the data security device 1010 when there is a request for distributing a key to the ECU 1020. For example, when the ECU 1020 having the engine control function of the automobile 1001 stores the vehicle identification number VIN of the automobile 1001 as described in Example 1 of the distribution method, the data security from the ECU 1020 is started after the ECU 1020 is activated. The apparatus 1010 may be notified of the vehicle identification number VIN of the automobile 1001. Alternatively, as the vehicle identification number VIN of the automobile 1001, for example, the vehicle identification number VIN managed by the automobile manufacturer of the automobile 1001 may be supplied to the data security device 1010.

(Step S402) In the data security device 1010, the control unit 21 passes the vehicle identification number VIN of the automobile 1001 to the HSM 1012 to request generation of a message. The HSM 1012 executes steps S403, S404, and S405 in response to a message generation request from the control unit 21.

(Step S403) The key generation unit 37 of the HSM 1012 generates a key using the vehicle identification number VIN of the automobile 1001 received from the control unit 21. This key generation is the same as that in step S102 of the delivery method example 1. The key generation unit 37 generates the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen by the same key generation method as step S102 of the delivery method example 1. The MEK key K_mek_gen, MAC key K_mac_gen, and ENC key K_enc_gen are common to each ECU 1020 mounted on the automobile 1001 on which the data security device 1010 is mounted. The storage unit 1013 stores the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen.

  In Example 7 of the distribution method, the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen correspond to the first key.

(Step S404) The distribution processing unit 36 of the HSM 1012 generates a key update processing message. The key update processing message includes key update request messages MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), MES_K_en_K, and MES_K_enK_meK The M5 parameter, the M4 parameter and the M5 parameter to be compared with the MAC key K_mac_gen, and the M4 parameter and the M5 parameter to be compared with the ENC key K_enc_gen are included. Each key update request message and each M4 parameter and M5 parameter to be compared are the same as those in the delivery method example 1.

  In the example 7 of the distribution method, the key update request message MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), and MES_K_enc_oem (K_enc_gen) correspond to the first key update request message. In Example 7 of the distribution method, the M4 parameter and the M5 parameter to be compared with the MEK key K_mek_gen correspond to the first verification data, the M4 parameter and the M5 parameter to be compared with the MAC key K_mac_gen correspond to the first verification data, and ENC The M4 parameter and M5 parameter to be compared with the key K_enc_gen correspond to the first verification data.

(Step S405) The HSM 1012 sends a key update processing message to the control unit 21. The control unit 21 stores the key update processing message in the storage unit 22.

  Next, Step S303, Step S105, Step S106, and Step S304 are executed. Steps S105 and S106 are the same as those in the delivery method example 1. Steps S303 and S304 are the same as those in the delivery method example 5. In step S303, the second key distribution unit 23 acquires, from the storage unit 22, the key update request message MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), and MES_K_enc_oem (K_enc_gen) included in the key update processing message.

  In Example 7 of the distribution method, each update completion message of the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen corresponds to the first update completion message.

(Step S406) The second key distribution unit 23 of the data security device 1010 includes each update completion message of the MEK key K_mek_gen, MAC key K_mac_gen, and ENC key K_enc_gen received from the ECU 1020 in the key update processing message received from the HSM 1012. Verification is performed using the M4 and M5 parameters to be compared with the MEK key K_mek_gen, the M4 and M5 parameters to be compared with the MAC key K_mac_gen, and the M4 and M5 parameters to be compared with the ENC key K_enc_gen. The key update processing message received from the HSM 1012 is stored in the storage unit 22. The method for verifying each update completion message is the same as that in step S205 of the delivery method example 3.

  Note that the second key distribution unit 23 may perform predetermined error processing when the update of the MEK key K_mek_gen, the MAC key K_mac_gen, or the ENC key K_enc_gen fails. As the predetermined error processing, among the key update request messages in step S303, the key update request message of the key that failed to be updated may be retransmitted. In addition, the second key distribution unit 23 may execute a predetermined error process if any update completion message is not received even after a predetermined time has elapsed since the transmission of each key update request message in step S303. . As the predetermined error process, a key update request message of a key that does not receive an update completion message among the key update request messages in step S303 may be retransmitted.

  Further, the processing may be advanced to step S407 after the MEK key, the MAC key, and the ENC key have been successfully updated for all the ECUs 1020 to be distributed.

(Step S407) The control unit 21 of the data security device 1010 requests the HSM 1012 to update the key. The HSM 1012 executes steps S408 and S409 in response to a key update request from the control unit 21.

(Step S408) The key update unit 35 of the HSM 1012 updates the storage unit 1013 from the MEK key K_mek_oem, the MAC key K_mac_oem, and the ENC key K_enc_oem to the MEK key K_mek_gen, the MAC key K_mac_gen, and the ENC key K_enc_gen. Accordingly, the MEK key stored in the storage unit 1013 is updated from the MEK key K_mek_oem to the MEK key K_mek_gen. Also, the MAC key stored in the storage unit 1013 is updated from the MAC key K_mac_oem to the MAC key K_mac_gen. Further, the ENC key stored in the storage unit 1013 is updated from the ENC key K_enc_oem to the ENC key K_enc_gen.

  Note that the key update unit 35 of the HSM 1012 performs the key update request message MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen) and MES_K_enc_oem (K_enc_gen and parameters included in the M_2 parameter, M1 and M2), as in the case of updating the key of the SHE 1022 in step S105. Using the M3 parameter, the MEK key K_mek_oem, the MAC key K_mac_oem, and the ENC key K_enc_oem stored in the storage unit 1013, the MEK key K_mek_oem, the MAC key K_mac_oem, and the ENC key K_enc_oem_Meg_oem_K_en_me_K_me_K , Update registration to MAC key K_mac_gen and ENC key K_enc_gen It may be. The key update request message MES_K_mek_oem (K_mek_gen), MES_K_mac_oem (K_mac_gen), and MES_K_enc_oem (K_enc_gen) may be passed from the control unit 21 to the HSM 1012 or may be stored in the storage unit 1013 of the HSM 1012.

(Step S409) When the update of each key in the storage unit 1013 is completed, the HSM 1012 responds to the control unit 21 with the completion of the key update.

  According to the delivery method example 7 described above, the master MEK key K_mek_oem, MAC key K_mac_oem, and ENC key K_enc_oem common to the automobile 1001 are stored in advance for each ECU 1020 mounted on the same automobile 1001. A key update request message (first key update request message) for each key (first key) is generated from the key Master_Secret and the common key, and the key update request message is commonly used by the ECUs 1020 to The key of ECU 1020 can be updated. As a result, an effect of improving the efficiency of key distribution applied to the ECU 1020 can be obtained.

  Also, the key update request message is transmitted to the ECUs 1020 connected to the CAN 1030 all at once by broadcasting of the CAN 1030, so that the time required for key distribution can be shortened.

  Further, by integrating the key generation function into the data security device 1010, the processing efficiency can be improved compared to the case where the key generation device 10 is provided separately from the data security device 1010.

<Example 8 of delivery method>
An example 8 of the distribution method according to the present embodiment will be described with reference to FIG. FIG. 13 is a sequence chart showing an example 8 of the distribution method according to the present embodiment. In FIG. 13, the same reference numerals are given to the portions corresponding to the steps in FIGS.

  In the delivery method example 8, as in the delivery method example 7, the data security device 10 shown in FIG. 11 is applied.

  In FIG. 13, the HSM 1012 of the data security device 1010 stores a master key Master_Secret and a MEK key K_mek_oem in the storage unit 1013 in advance.

  The data security device 1010 and each ECU 1020 mounted on a certain automobile 1001 store the same MEK key K_mek_oem in advance, as in the delivery method example 4. The ECU 1020 stores the key in the storage unit 1023 of the SHE 1022.

  In Example 8 of the distribution method, the MEK key K_mek_oem is a key stored in advance in the data security device 1010 and the ECU 1020, and is a common initial key of the automobile 1001.

  A communication method between the data security device 1010 and the ECU 1020 is the same as that of the delivery method example 3.

  In FIG. 13, steps S401, S402 and S403 are executed. Steps S401, S402, and S403 are the same as those in Example 7 of the distribution method.

  In example 8 of the distribution method, the MEK key K_mek_gen corresponds to the first key, and the MAC key K_mac_gen and the ENC key K_enc_gen correspond to the second key.

(Step S404a) The distribution processing unit 36 of the HSM 1012 generates a key update processing message. The key update process message includes a key update request message MES_K_mek_oem (K_mek_gen) of the MEK key K_mek_gen, a key update request message MES_K_mek_gen (K_mac_gen) of the MAC key K_mac_gen, and a key update request message Mecgen_Ken_Ken_en The M4 parameter and M5 parameter to be compared with the key K_mek_gen, the M4 parameter and M5 parameter to be compared with the MAC key K_mac_gen, and the M4 parameter and M5 parameter to be compared with the ENC key K_enc_gen are included. Each key update request message is the same as Example 2 of the distribution method. The M4 parameter and M5 parameter to be compared are the same as those in the delivery method example 1.

  In Example 8 of the distribution method, the key update request message MES_K_mek_oem (K_mek_gen) corresponds to the first key update request message. In Example 8 of the distribution method, the key update request messages MES_K_mek_gen (K_mac_gen) and MES_K_mek_gen (K_enc_gen) correspond to the second key update request message. In Example 8 of the distribution method, the M4 parameter and the M5 parameter to be compared with the MEK key K_mek_gen correspond to the first verification data. In Example 8 of the distribution method, the M4 parameter and the M5 parameter to be compared with the MAC key K_mac_gen correspond to the second verification data. In Example 8 of the distribution method, the M4 parameter and the M5 parameter to be compared with the ENC key K_enc_gen correspond to the second verification data.

(Step S405a) The HSM 1012 sends a key update processing message to the control unit 21. The control unit 21 stores the key update processing message in the storage unit 22.

  Next, step S303a, step S105a, step S106a, and step S304a are executed. Steps S105a and S106a are the same as those in the delivery method example 2. Steps S303a and S304a are the same as those in the delivery method example 6. In step S303a, the second key distribution unit 23 acquires the key update request message MES_K_mek_oem (K_mek_gen) included in the key update processing message from the storage unit 22.

  In the delivery method example 8, the update completion message of the MEK key K_mek_gen corresponds to the first update completion message.

(Step S406a) The second key distribution unit 23 of the data security device 1010 receives the update completion message for the MEK key K_mek_gen received from the ECU 1020, and the M4 parameter to be compared with the MEK key K_mek_gen included in the key update processing message received from the HSM 1012. And verify using the M5 parameter. The key update processing message received from the HSM 1012 is stored in the storage unit 22. The verification method of the update completion message is the same as that in step S205 of the delivery method example 3.

  Note that the second key distribution unit 23 may execute a predetermined error process when the update of the MEK key K_mek_gen fails. As the predetermined error processing, the key update request message in step S303a may be retransmitted. In addition, the second key distribution unit 23 may execute a predetermined error process when the update completion message is not received even after a predetermined time has elapsed since the transmission of the key update request message in step S303a. As the predetermined error processing, the key update request message in step S303a may be retransmitted.

  Further, the processing may be advanced to step S407a after the MEK key has been successfully updated for all the ECUs 1020 to be distributed.

(Step S407a) The control unit 21 of the data security device 1010 makes a first key update request to the HSM 1012. In response to the first key update request from the control unit 21, the HSM 1012 executes steps S408a and S409a.

(Step S408a) The key update unit 35 of the HSM 1012 updates the registration from the MEK key K_mek_oem to the MEK key K_mek_gen in the storage unit 1013. Accordingly, the MEK key stored in the storage unit 1013 is updated from the MEK key K_mek_oem to the MEK key K_mek_gen.

  The key update unit 35 of the HSM 1012 stores the M1 parameter, the M2 parameter, and the M3 parameter included in the key update request message MES_K_mek_oem (K_mek_gen) and the storage unit 1013 in the same manner as the key update of the SHE 1022 in step S105a. The registration from the MEK key K_mek_oem to the MEK key K_mek_gen may be updated in the storage unit 1013 using the MEK key K_mek_oem. The key update request message MES_K_mek_oem (K_mek_gen) may be passed from the control unit 21 to the HSM 1012 or may be stored in the storage unit 1013 of the HSM 1012.

(Step S409a) When the update of the MEK key in the storage unit 1013 is completed, the HSM 1012 responds to the control unit 21 with the completion of the first key update.

  Next, step S303b, step S105b, step S106b, and step S304b are executed. Steps S105b and S106b are the same as those in the delivery method example 2. Steps S303b and S304b are the same as those in Example 6 of the distribution method. In step S303b, the second key distribution unit 23 acquires, from the storage unit 22, the key update request message MES_K_mek_gen (K_mac_gen) and MES_K_mek_gen (K_enc_gen) included in the key update processing message.

  In example 8 of the distribution method, each update completion message of the MAC key K_mac_gen and the ENC key K_enc_gen corresponds to a second update completion message.

(Step S406b) The second key distribution unit 23 of the data security device 1010 receives each update completion message of the MAC key K_mac_gen and ENC key K_enc_gen received from the ECU 1020, and the MAC key K_mac_gen included in the key update processing message received from the HSM 1012. Verification is performed using the M4 and M5 parameters to be compared, and the M4 and M5 parameters to be compared with the ENC key K_enc_gen. The key update processing message received from the HSM 1012 is stored in the storage unit 22. The method for verifying each update completion message is the same as that in step S205 of the delivery method example 3.

  Note that the second key distribution unit 23 of the data security device 1010 may execute a predetermined error process when the update of the MAC key K_mac_gen or the ENC key K_enc_gen is unsuccessful. As the predetermined error process, the key update request message of the key that failed to update may be retransmitted among the key update request messages in step S303b. In addition, the second key distribution unit 23 may execute a predetermined error process if any update completion message is not received even after a predetermined time has elapsed since the transmission of each key update request message in step S303b. . As the predetermined error processing, among the key update request messages in step S303b, a key update request message for a key that does not receive an update completion message may be retransmitted.

  Further, the processing may be advanced to step S407b after the updating of the MAC key and the ENC key is successful for all the ECUs 1020 to be distributed.

(Step S407b) The control unit 21 of the data security device 1010 makes a second key update request to the HSM 1012. The HSM 1012 executes Steps S408b and S409b in response to the second key update request from the control unit 21.

(Step S408b) The key update unit 35 of the HSM 1012 registers the MAC key K_mac_gen in the storage unit 1013. As a result, the MAC key K_mac_gen is stored in the storage unit 1013. Further, the key update unit 35 registers the ENC key K_enc_gen in the storage unit 1013. As a result, the ENC key K_enc_gen is stored in the storage unit 1013.

  The key update unit 35 of the HSM 1012 stores the M1 parameter, the M2 parameter, and the M3 parameter included in the key update request messages MES_K_mek_gen (K_mac_gen) and MES_K_mek_gen (K_enc_gen), respectively, in the same manner as the key update of the SHE 1022 in step S105b. Using the MEK key K_mek_gen stored in the unit 1013, the storage unit 1013 may be updated with registration from the MAC key K_mac_oem and the ENC key K_enc_oem to the MAC key K_mac_gen and the ENC key K_enc_gen. The key update request messages MES_K_mek_gen (K_mac_gen) and MES_K_mek_gen (K_enc_gen) may be passed from the control unit 21 to the HSM 1012 or may be stored in the storage unit 1013 of the HSM 1012.

(Step S409b) When the registration of the MAC key and ENC key in the storage unit 1013 is completed, the HSM 1012 responds to the control unit 21 with the completion of the second key update.

  According to the delivery method example 8 described above, by storing the MEK key K_mek_oem common to the automobile 1001 in advance for each ECU 1020 mounted on the same automobile 1001, the master key Master_Secret and the common key Generates a key update request message (first key update request message) of the MEK key K_mek_gen (first key), and uses the key update request message in common to the ECUs 1020 to update the MEK keys of the ECUs 1020. Can be implemented. Further, using the updated MEK key K_mek_gen, each key update request message (second key update request message) of the MAC key K_mac_gen (second key) and the ENC key K_enc_gen (second key) is generated, The key update request message can be shared by the ECUs 1020 to update the MAC keys and ENC keys of the ECUs 1020. As a result, an effect of improving the efficiency of key distribution applied to the ECU 1020 can be obtained. Also, the MEK key K_mek_oem is the only initial key common to the automobile 1001 stored in advance in the ECU 1020. As a result, for example, an effect is obtained that can contribute to simplification of the initial key writing process of the ECU 1020 in the manufacturing factory of the ECU 1020.

  Also, the key update request message is transmitted to the ECUs 1020 connected to the CAN 1030 all at once by broadcasting of the CAN 1030, so that the time required for key distribution can be shortened.

  Further, by integrating the key generation function into the data security device 1010, the processing efficiency can be improved compared to the case where the key generation device 10 is provided separately from the data security device 1010.

  As mentioned above, although embodiment of this invention was explained in full detail with reference to drawings, the specific structure is not restricted to this embodiment, The design change etc. of the range which does not deviate from the summary of this invention are included.

  In the above-described embodiment, HSM and SHE are used for the data security device 1010 and the ECU 1020, but cryptographic processing chips other than HSM and SHE may be used. For the data security device 1010, for example, a cryptographic processing chip called “TPM (Trusted Platform Module) f” may be used. TPMf has tamper resistance. TPMf is an example of a secure element. For the ECU 1020, for example, a cryptographic processing chip called “TPMt” may be used. TPMt has tamper resistance. TPMt is an example of a secure element.

  The above-described embodiment may be applied to the automobile 1001 in, for example, an automobile manufacturing factory, a maintenance factory, a store, or the like.

  In the above-described embodiment, an automobile is taken as an example of the vehicle, but the present invention can also be applied to vehicles other than automobiles such as a motorbike and a railway vehicle.

In addition, a computer program for realizing the functions of each device described above may be recorded on a computer-readable recording medium, and the program recorded on the recording medium may be read into a computer system and executed. Here, the “computer system” may include an OS and hardware such as peripheral devices.
“Computer-readable recording medium” refers to a flexible disk, a magneto-optical disk, a ROM, a writable nonvolatile memory such as a flash memory, a portable medium such as a DVD (Digital Versatile Disc), and a built-in computer system. A storage device such as a hard disk.

Further, the “computer-readable recording medium” means a volatile memory (for example, DRAM (Dynamic DRAM) in a computer system that becomes a server or a client when a program is transmitted through a network such as the Internet or a communication line such as a telephone line. Random Access Memory)), etc., which hold programs for a certain period of time.
The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.
The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

DESCRIPTION OF SYMBOLS 10 ... Key generation apparatus 12, 22, 42 ... Storage part, 15, 37 ... Key generation part, 16, 32, 52 ... Cryptographic processing part, 17 ... First key distribution part, 20, 40 ... Interface part, 21, DESCRIPTION OF SYMBOLS 41 ... Control part, 23 ... 2nd key delivery part, 35,55 ... Key update part, 36 ... Delivery processing part, 1001 ... Car, 1002 ... In-vehicle computer system, 1010 ... Data security apparatus, 1011, 1021 ... Main arithmetic unit DESCRIPTION OF SYMBOLS 1012 ... HSM, 1013, 1023 ... Memory | storage part, 1020 ... ECU, 1022 ... SHE, 1030 ... CAN, 1040 ... Infotainment equipment, 1050 ... TCU, 1051 ... Communication module, 1052 ... SIM, 1060 ... Diagnostic port, 2000 ... Server device, 2100 ... maintenance tool

Claims (20)

A key generation device, an in-vehicle computer mounted on the vehicle, and a data security device mounted on the vehicle,
The key generation device includes:
A key generation unit that generates a first key to be supplied to the in-vehicle computer and the data security device using a master key and a vehicle identifier of the vehicle;
A first key update request message is generated using the first key and a common initial key of the vehicle stored in advance in the in-vehicle computer and the data security device, and a first key is generated using the first key. A first key distribution unit that generates verification data and transmits the first key update request message and the first verification data to the data security device;
The data security device is
A first interface unit for transmitting / receiving data to / from an external device of the data security device;
A first storage unit for storing the initial key;
A second key distribution unit that transmits a first key update request message received from the key generation device by the first interface unit to the in-vehicle computer by the first interface unit;
Using the initial key stored in the first storage unit and the first key update request message received from the key generation device by the first interface unit, the initial key stored in the first storage unit is a first A first key update unit for updating to a key,
The in-vehicle computer is
A second interface unit for transmitting / receiving data to / from an external device of the vehicle-mounted computer;
A second storage unit for storing the initial key;
Using the initial key stored in the second storage unit and the first key update request message received from the data security device by the second interface unit, the initial key stored in the second storage unit is first A second key update unit that updates the key and generates a first update completion message using the first key, and transmits the first update completion message to the data security device by the second interface unit. And
The second key distribution unit verifies the first update completion message received from the in-vehicle computer by the first interface unit using the first verification data received from the key generation device by the first interface unit. ,
Distribution system. The key generation unit further generates a second key to be supplied to the in-vehicle computer and the data security device using the master key and a vehicle identifier of the vehicle,
The first key distribution unit generates a second key update request message using the second key and the first key supplied to the in-vehicle computer and the data security device, and uses the second key. Generating second verification data, sending the second key update request message and the second verification data to the data security device;
The second key distribution unit transmits a second key update request message received from the key generation device by the first interface unit to the in-vehicle computer by the first interface unit,
The first key update unit uses the first key stored in the first storage unit and the second key update request message received from the key generation device by the first interface unit to obtain the second key. Stored in the first storage unit,
The second key update unit uses the first key stored in the second storage unit and the second key update request message received from the data security device by the second interface unit to obtain the second key. Storing in the second storage unit and generating a second update completion message using the second key;
The in-vehicle computer transmits the second update completion message to the data security device by the second interface unit,
The second key distribution unit verifies the second update completion message received from the in-vehicle computer by the first interface unit using the second verification data received from the key generation device by the first interface unit. ,
The distribution system according to claim 1 . A key generation device, an in-vehicle computer mounted on the vehicle, and a data security device mounted on the vehicle,
The key generation device includes:
A key generation unit that generates a first key to be supplied to the in-vehicle computer and the data security device using a master key and a vehicle identifier of the vehicle;
A first key distribution unit that transmits the first key to the data security device;
The data security device is
A first interface unit for transmitting / receiving data to / from an external device of the data security device;
A first storage unit storing a common initial key of the vehicle stored in advance in the in-vehicle computer and the data security device;
A first key update unit that updates an initial key stored in the first storage unit to a first key received from the key generation device by the first interface unit;
A distribution processing unit that generates a first key update request message using the initial key stored in the first storage unit and the first key received from the key generation device by the first interface unit;
A second key distribution unit that transmits the first key update request message to the in-vehicle computer by the first interface unit;
The in-vehicle computer is
A second interface unit for transmitting / receiving data to / from an external device of the vehicle-mounted computer;
A second storage unit for storing the initial key;
Using the initial key stored in the second storage unit and the first key update request message received from the data security device by the second interface unit, the initial key stored in the second storage unit is first a second key update section for updating the key, Ru provided with,
Distribution system. The second key update unit generates a first update completion message using the first key in which the initial key stored in the second storage unit is updated;
The in-vehicle computer transmits the first update completion message to the data security device by the second interface unit,
The distribution processing unit verifies the first update completion message received from the in-vehicle computer by the first interface unit based on the first key received from the key generation device by the first interface unit;
The distribution system according to claim 3. The key generation unit further generates a second key to be supplied to the in-vehicle computer and the data security device using the master key and a vehicle identifier of the vehicle,
The first key distribution unit transmits the second key to the data security device,
The first key update unit stores the second key received from the key generation device by the first interface unit in the first storage unit,
The distribution processing unit generates a second key update request message using the first key stored in the first storage unit and the second key received from the key generation device by the first interface unit;
The second key distribution unit transmits the second key update request message to the in-vehicle computer by the first interface unit,
The second key update unit uses the first key stored in the second storage unit and the second key update request message received from the data security device by the second interface unit to obtain the second key. Storing in the second storage unit and generating a second update completion message using the second key;
The in-vehicle computer transmits the second update completion message to the data security device by the second interface unit,
The distribution processing unit verifies the second update completion message received from the in-vehicle computer by the first interface unit based on the second key received from the key generation device by the first interface unit;
The distribution system according to any one of claims 3 and 4 . In the data security device mounted on the vehicle,
A first interface unit for transmitting / receiving data to / from an external device of the data security device;
A first storage unit for storing a common initial key of the vehicle stored in advance in the vehicle-mounted computer and the data security device mounted on the vehicle;
A second key distribution unit that transmits a first key update request message received from the key generation device by the first interface unit to the in-vehicle computer by the first interface unit;
Using the initial key stored in the first storage unit and the first key update request message received from the key generation device by the first interface unit, the initial key stored in the first storage unit is a first A first key update unit for updating to a key,
The second key distribution unit verifies the first update completion message received from the in-vehicle computer by the first interface unit using the first verification data received from the key generation device by the first interface unit. ,
Data security device. The second key distribution unit transmits a second key update request message received from the key generation device by the first interface unit to the in-vehicle computer by the first interface unit,
The first key update unit uses the first key stored in the first storage unit and the second key update request message received from the key generation device by the first interface unit to obtain the second key. Stored in the first storage unit,
The second key distribution unit verifies the second update completion message received from the in-vehicle computer by the first interface unit using the second verification data received from the key generation device by the first interface unit. ,
The data security device according to claim 6 . In the data security device mounted on the vehicle,
A first interface unit for transmitting / receiving data to / from an external device of the data security device;
A first storage unit for storing a common initial key of the vehicle stored in advance in the vehicle-mounted computer and the data security device mounted on the vehicle;
A first key update unit that updates an initial key stored in the first storage unit to a first key received from a key generation device by the first interface unit;
A distribution processing unit that generates a first key update request message using the initial key stored in the first storage unit and the first key received from the key generation device by the first interface unit;
A second key distribution unit that transmits the first key update request message to the in-vehicle computer by the first interface unit;
Ru equipped with a data security apparatus. The distribution processing unit verifies the first update completion message received from the in-vehicle computer by the first interface unit based on the first key received from the key generation device by the first interface unit;
The data security device according to claim 8. The first key update unit stores the second key received from the key generation device by the first interface unit in the first storage unit,
The distribution processing unit generates a second key update request message using the first key stored in the first storage unit and the second key received from the key generation device by the first interface unit;
The second key distribution unit transmits the second key update request message to the in-vehicle computer by the first interface unit,
The distribution processing unit verifies the second update completion message received from the in-vehicle computer by the first interface unit based on the second key received from the key generation device by the first interface unit;
The data security device according to any one of claims 8 and 9 . A first key generation step in which a key generation device generates a first key to be supplied to an in-vehicle computer and a data security device mounted on the vehicle using a master key and a vehicle identifier of the vehicle;
The key generation device generates a first key update request message using the first key and a common initial key of the vehicle stored in advance in the in-vehicle computer and the data security device, and the first key Generating a first verification data using a first key distribution step of transmitting the first key update request message and the first verification data to the data security device;
The data security device transmits a first key update request message received from the key generation device to the in-vehicle computer by the first interface unit through a first interface unit that transmits / receives data to / from an external device of the data security device. A first key update request message sending step,
The data security device stores in the first storage unit using an initial key stored in its first storage unit and a first key update request message received from the key generation device by the first interface unit. A first key update step of updating the initial key to be changed to the first key;
An initial key stored in the second storage unit of the in-vehicle computer, and a first key update request message received from the data security device by a second interface unit that transmits and receives data to and from an external device of the in-vehicle computer. A first key update / completion message generation step of updating an initial key stored in the second storage unit to a first key using the first key, and generating a first update completion message using the first key;
A first update completion message transmission step in which the in-vehicle computer transmits the first update completion message to the data security device by the second interface unit;
The data security device verifies the first update completion message received from the in-vehicle computer by the first interface unit using the first verification data received from the key generation device by the first interface unit. A verification step;
Including delivery method. A second key generation step in which the key generation device further generates a second key to be supplied to the in-vehicle computer and the data security device using the master key and a vehicle identifier of the vehicle;
The key generation device generates a second key update request message using the second key and the first key supplied to the in-vehicle computer and the data security device, and uses the second key to generate a second key. A second key distribution step of generating verification data and transmitting the second key update request message and the second verification data to the data security device;
A second key update request message transmission step in which the data security device transmits a second key update request message received from the key generation device by the first interface unit to the in-vehicle computer by the first interface unit;
The data security device uses the first key stored in the first storage unit and the second key update request message received from the key generation device by the first interface unit to transmit the second key to the first key. A second key update step for storing in the storage unit;
The in-vehicle computer uses the first key stored in the second storage unit and the second key update request message received from the data security device by the second interface unit to store the second key in the second storage. A second key update / completion message generation step for storing the second update completion message using the second key;
A second update completion message transmission step in which the in-vehicle computer transmits the second update completion message to the data security device by the second interface unit;
The data security device verifies the second update completion message received from the in-vehicle computer by the first interface unit using the second verification data received from the key generation device by the first interface unit. A verification step;
The distribution method according to claim 11 , further comprising: A first key generation step in which a key generation device generates a first key to be supplied to an in-vehicle computer and a data security device mounted on the vehicle using a master key and a vehicle identifier of the vehicle;
A first key distribution step in which the key generation device transmits the first key to the data security device;
The data security device is stored in its own first storage unit by means of “the initial key common to the vehicle computer and the vehicle stored in advance in the data security device”, and the key generation device by the first interface unit. a first key update request message generation step of generating a first key update request message using a first key received from,
A first key update request message transmission step in which the data security device transmits the first key update request message to the in-vehicle computer by the first interface unit ;
The data security device updates the initial key stored in the first storage unit to the first key received from the key generation device by a first interface unit that transmits / receives data to / from an external device of the data security device. A first key update step;
An initial key stored in the second storage unit of the in-vehicle computer, and a first key update request message received from the data security device by a second interface unit that transmits and receives data to and from an external device of the in-vehicle computer. Vehicle first key update step of updating the initial key stored in the second storage unit to the first key using
Including delivery method. A first key update completion message generating step in which the in-vehicle computer generates a first update completion message using a first key in which an initial key stored in the second storage unit is updated;
A first update completion message transmission step in which the in-vehicle computer transmits the first update completion message to the data security device by the second interface unit;
A first verification step in which the data security device verifies the first update completion message received from the in-vehicle computer by the first interface unit based on the first key received from the key generation device by the first interface unit. When,
The delivery method according to claim 13, further comprising: A second key generation step in which the key generation device further generates a second key to be supplied to the in-vehicle computer and the data security device using the master key and a vehicle identifier of the vehicle;
A second key distribution step in which the key generation device transmits the second key to the data security device;
A second key updating step in which the data security device stores the second key received from the key generation device by the first interface unit in the first storage unit;
The data security device generates a second key update request message using a first key stored in the first storage unit and a second key received from the key generation device by the first interface unit. A two-key update request message generation step;
A second key update request message transmission step in which the data security device transmits the second key update request message to the in-vehicle computer by the first interface unit;
The in-vehicle computer uses the first key stored in the second storage unit and the second key update request message received from the data security device by the second interface unit to store the second key in the second storage. A second key update / completion message generation step for storing the second update completion message using the second key;
A second update completion message transmission step in which the in-vehicle computer transmits the second update completion message to the data security device by the second interface unit;
A second verification step in which the data security device verifies the second update completion message received from the in-vehicle computer by the first interface unit based on the second key received from the key generation device by the first interface unit; When,
The delivery method according to any one of claims 13 and 14 , further comprising: In the computer of the data security device mounted on the vehicle,
A first storage function for storing an in-vehicle computer mounted in the vehicle and a common initial key of the vehicle stored in advance in the data security device;
A second key distribution function for transmitting a first key update request message received from a key generation device by a first interface unit that transmits and receives data to and from an external device of the data security device to the in-vehicle computer by the first interface unit; ,
Using the initial key stored in the first storage function and the first key update request message received from the key generation device by the first interface unit, the initial key stored in the first storage function is first A first key update function for updating to a key, and a computer program for realizing
The second key distribution function verifies a first update completion message received from the in-vehicle computer by the first interface unit using first verification data received from the key generation device by the first interface unit. ,
Computer program. The second key distribution function transmits a second key update request message received from the key generation device by the first interface unit to the in-vehicle computer by the first interface unit,
The first key update function uses the first key stored in the first storage function and the second key update request message received from the key generation device by the first interface unit to acquire the second key. Store in the first memory function,
The second key distribution function verifies a second update completion message received from the in-vehicle computer by the first interface unit using second verification data received from the key generation device by the first interface unit. ,
The computer program according to claim 16 . In the computer of the data security device mounted on the vehicle,
A first storage function for storing an in-vehicle computer mounted in the vehicle and a common initial key of the vehicle stored in advance in the data security device;
A first key update function that updates an initial key stored in the first storage function to a first key received from a key generation device by a first interface unit that transmits and receives data to and from an external device of the data security device;
A distribution processing function for generating a first key update request message using the initial key stored in the first storage function and the first key received from the key generation device by the first interface unit;
A second key distribution function for transmitting the first key update request message to the in-vehicle computer by the first interface unit;
Computer program for realizing . The distribution processing function verifies the first update completion message received from the in-vehicle computer by the first interface unit based on the first key received from the key generation device by the first interface unit.
The computer program according to claim 18. The first key update function stores the second key received from the key generation device by the first interface unit in the first storage function,
The distribution processing function generates a second key update request message using the first key stored in the first storage function and the second key received from the key generation device by the first interface unit,
The second key distribution function transmits the second key update request message to the in-vehicle computer by the first interface unit,
The distribution processing function verifies a second update completion message received from the in-vehicle computer by the first interface unit based on a second key received from the key generation device by the first interface unit.
The computer program according to claim 18 .

Images