JP6896471B2 - Service usage authentication system and service usage authentication method - Google Patents

Description

Embodiments of the present invention relate to a service use authentication system and a service use authentication method.

When considering a system that provides services to vehicles, for example, there are parking lot services, electric vehicle (EV) charging services, and the like.

When considering a garage with a door at home, if common information such as a password is possessed between the garage side and the mobile device that transmits the release signal in advance, and they are collated and matched at the time of use, it is desired. There is something to make it work. Others use biometrics.

When considering an EV charging device, as a means for preventing unauthorized use, there is a system that obtains information on a mobile device held by a user in advance and confirms the existence of a regular user to determine that the EV is a regular use. In addition, although it is different from opening and closing the door of the garage, there is a device that controls the indoor home electric appliance based on the position information of the vehicle.

Even if measures such as encrypting communications are implemented, unauthorized use is becoming easier with inexpensive devices due to technological advances and lower prices, and a more advanced fraud prevention mechanism is required.

Japanese Patent No. 26999908 Japanese Patent No. 3537111 Japanese Patent No. 3989159 Japanese Patent No. 3518498 Japanese Patent No. 4480382 Japanese Patent No. 5268549

"This Hacker's Tiny Device Unlocks Cars And Opens Garages (2015/08/06 WIRED)", searched on March 13, 2017, Internet <URL: https://www.wired.com/2015/08/hackerstinydeviceunlockscarsopensgarages/>

Consider a rental car service or a vehicle sharing service that is provided to an arbitrary user and is composed of a combination of a plurality of vehicles and a plurality of facilities.

As described above, in the conventional technology, specific information is shared in advance between the mobile device on the vehicle side and the mechanism for providing the service, and whether or not the service can be provided is determined based on the agreement.

This is useful for facilities that belong to individuals such as homes, but it is useful for facilities such as parking lots that consist of multiple service provision environments and temporarily have usage rights. Is unsuitable, and in particular, it takes a lot of time and effort to carry out the above-mentioned information sharing operation each time the service is started, and the burden on the user is large. Further, in the sharing of fixed or easily available information such as the access point name required for communication and the communication key information, unauthorized use becomes easy due to the leakage of the shared information itself.

In addition, assuming an EV vehicle sharing service consisting of a vehicle sharing service consisting of EV vehicles and an EV charger network that provides priority charging installed at a plurality of locations, sharing of fixed information is shared. Leakage of the information itself facilitates unauthorized use.

In addition, confirmation of the existence of a user using a mobile device is not effective in preventing unauthorized use such as theft of the mobile device or charging of a vehicle other than the target vehicle by the user himself / herself. Charging a non-target vehicle becomes a big problem when it is desired to set the cost required for charging such as the EV charger usage fee and the amount of charging power as a vehicle sharing service at a low price.

In addition, directly controlling the implementation of service provision based on the location information of the vehicle, rather than determining whether or not to provide the service, does not have the effect of preventing unauthorized use when the above-mentioned service is assumed.

For this reason, it is desirable to realize a mechanism that makes it difficult to illegally use the service even if eavesdropping / reuse is performed, as well as protection by encryption of communication.

An object to be solved by the invention is to provide a service use authentication system and a service use authentication method that can make it difficult to illegally use a service even if eavesdropping / reuse is carried out.

The service use authentication system of the embodiment is composed of an authentication server, a service providing device capable of communicating with the authentication server, and an in-vehicle communication device provided with a mobile communication means. In the service use authentication system that authenticates the availability of services for each vehicle equipped with the device, the in-vehicle communication device is used on the authentication server based on the vehicle position or time or the specific position passage information indicating the passage of the specific position. On the other hand, the timing of requesting and acquiring the information required for authentication and the service connection information by using the mobile communication means is controlled, and the acquired service connection information and the information required for authentication are stored and the saved service. The service providing device is provided with a means for transmitting connection information and information necessary for authentication to the service providing device, and the service providing device stores the service connection information received from the authentication server and uses the service connection information to provide a service provider. By controlling the connection of communication with the in-vehicle communication device and transmitting the information required for authentication received from the in-vehicle communication device to the authentication server, the expiration date of the information required for authentication can be obtained and the target can be obtained. The authentication server is provided with means for determining whether or not to provide the service, creates service connection information in response to a request from the in-vehicle communication device, and transmits the service connection information to the in-vehicle communication device. A means of transmitting to the service providing device, creating information necessary for authentication, transmitting the information necessary for the authentication to the in-vehicle communication device, and information necessary for authentication received from the service providing device. It is provided with a means for verifying the validity and transmitting the verification result and the information indicating the expiration date to the service providing device, the communication between the authentication server and the in-vehicle communication device, and the authentication server. Communication with the service providing device is carried out at a location geographically or temporally separated, and information transmitted from the authentication server to each device and used for service availability is temporarily issued. It is generated based on a random number, is disposable, and has an expiration date .

The block diagram which shows the structure of the service use authentication system which concerns on embodiment. A flowchart showing the operation of the entire service use authentication system. The figure which shows the structure of each function of the authentication server 1, the service providing device 2, and the in-vehicle communication device 3. The flowchart which shows the operation of the authentication information generation processing unit 11, the service information transmission processing unit 12, and the authentication information transmission processing unit 13 of the authentication server 1. The figure which shows the data structure of the service information. The figure which shows the data structure of the service connection information. The figure which shows the data structure of the authentication information. The figure which shows the data structure of the information for storage authentication. FIG. 5 is a flowchart showing the operation of the authentication information transmission processing unit 33 of the in-vehicle communication device 3. The flowchart which shows the operation of the authentication information reception processing part 23 of a service providing apparatus 2. FIG. 5 is a flowchart showing the first half of the operation of the service availability determination processing unit 14 of the authentication server 1. FIG. 5 is a flowchart showing the latter half of the operation of the service availability determination processing unit 14 of the authentication server 1. The figure which shows the service form by Example 1. FIG.

Hereinafter, embodiments will be described with reference to the drawings.
(Outline of Embodiment)
In the present embodiment, the vehicle itself, not the mobile device, is the source of information for determining whether or not the service can be provided, thereby preventing theft of the mobile device and unauthorized use of the user other than the target vehicle, and the mobile device. Avoid situations where the service becomes unavailable due to loss.

Information necessary for determining whether or not to provide a service can be made difficult to use illegally even if the communication content is leaked, for example, by making the basic part disposable.

In addition, by providing the vehicle with information to determine whether or not to provide the service based on the location information of the facility / location where the service is provided and the vehicle, the service exists in an unspecified location. While flexibly responding, set an expiration date for the information used to determine whether or not to provide the service, shorten the expiration date together with information distribution based on the above location information, and cooperate with opening and closing the intrusion gate to the parking lot, for example. By doing so, the impact of information leakage is limited.

In addition, by making it possible to distribute information for determining whether or not to provide a service in advance via mobile communication, it can be used even in underground areas where mobile communication is not available.

(Overall system configuration)
FIG. 1 is a block diagram showing a configuration of a service use authentication system according to an embodiment.

The service use authentication system according to this embodiment is a system that authenticates the availability of service for each vehicle equipped with an in-vehicle communication device at the start of service provision, and is an authentication server 1, a service providing device 2, and in-vehicle communication. It is composed of the device 3. The service providing device 2 is installed in the service providing facility 20. The in-vehicle communication device 3 is installed in a moving body such as an automobile.

For example, mobile communication is applied to the communication between the in-vehicle communication device 3 and the authentication server 1. Further, for example, short-range wireless communication is applied to the communication between the in-vehicle communication device 3 and the service providing device 2. Further, for communication between the authentication server 1 and the service providing device 2, for example, wired communication such as the Internet or wireless communication is applied.

The authentication server 1 creates service connection information in response to a request from the in-vehicle communication device 3, transmits the service connection information to the in-vehicle communication device 3, and also transmits the service connection device 2 to the service providing device 2, which is necessary for authentication. The function to create and save various information and send the information required for the authentication to the in-vehicle communication device 3 and the validity of the information required for the authentication received from the service providing device 2 are verified, and the verification result and the validity It has a function of transmitting information indicating the deadline to the service providing device 2.

The service providing device 2 stores the service connection information received from the authentication server 1, uses the service connection information to control the communication connection with the in-vehicle communication device 3 which is the service providing partner, and controls the communication connection with the in-vehicle communication device 3. By transmitting the information required for authentication received from the server 1 to the authentication server 1, it has a function of acquiring the expiration date of the information required for authentication and determining whether or not the target service can be provided.

The in-vehicle communication device 3 uses mobile communication means to provide the authentication server 1 with information necessary for authentication and service connection information based on the vehicle position or time or the specific position passage information indicating the passage of the specific position. Controls the timing of requesting and acquiring, saves the acquired service connection information and information required for authentication, and transmits the saved service connection information and information required for authentication to the service providing device 2 using wireless communication means. It has a function to do.

The specific position passage information indicates whether or not the predicted time required for intrusion or movement from the service providing device 2 within a predetermined distance range has changed below the threshold value, or whether or not the service has passed the specific position on the map. It contains the information to be shown.

Further, the in-vehicle communication device 3 has a function of storing the service connection information received from the authentication server 1 and the acquired information necessary for authentication, and the connection control and service of communication with the service providing device 2 using the stored information. It may be provided with a function for authenticating availability.

Further, the in-vehicle communication device 3 has a function of transmitting the own vehicle position or time or specific position passage information when requesting service connection information from the authentication server 1, and the authentication server 1 is the in-vehicle communication device 3. It may be provided with a function of creating service connection information based on position or time or specific position passage information and transmitting it to the in-vehicle communication device 3.

Further, in the communication connection between the service providing device 2 and the in-vehicle communication device 3, the service identifier included in the service connection information may be provided with a function of using the service identifier as a communication encryption key.

Further, in the communication connection between the service providing device 2 and the in-vehicle communication device 3, the service identifier included in the service connection information may be provided with a function of using the service identifier as the access point name of the wireless LAN of the service providing device 2.

Further, in the communication connection between the service providing device 2 and the in-vehicle communication device 3, the service identifier included in the service connection information is included in the transmission content of the short-range wireless communication transmitted by the in-vehicle communication device 3, thereby providing the service providing device. 2 may have a function of making the connected communication partner identifiable.

Further, a service identifier included in the service connection information created in the authentication server 1 is created based on a random number for each request from the in-vehicle communication device 3, and the connection between the in-vehicle communication device 3 and the service providing device 2 is created. By using it for control, it may be provided with a function of preventing unauthorized access to the communication connection between the service providing device 2 and the vehicle-mounted communication device 3.

Further, the information required for authentication created by the authentication server 1 is created based on a random number for each request from the in-vehicle communication device 3, and is transmitted to the in-vehicle communication device 3, and the authentication server 1 is the service providing device 2. When the validity of the information required for authentication received from is verified, it is not possible to verify more than once by destroying a part of the stored authentication required for authentication, and it is necessary for duplicated authentication. It may be provided with a function to prevent unauthorized use of information.

Further, the information required for authentication created by the authentication server 1 is created based on a random number for each request from the in-vehicle communication device 3, and is transmitted to the in-vehicle communication device 3, and the authentication server 1 is the service providing device 2. When verifying the validity of the information required for authentication received from, the expiration date is determined from a part of the stored authentication information, and if the expiration date is exceeded, verification is not possible. , It may be provided with a function to prevent unauthorized use of the information necessary for the duplicated authentication.

Further, the service connection information includes information on the function used for communication between the service providing device 2 and the in-vehicle communication device 3, and the in-vehicle communication device 3 communicates with the service providing device 2 using the communication function shown in the service connection information. By performing the above, it may be provided with a function of automatically selecting and using the optimum communication function for communication with the service providing device 2.

In addition, when transmitting the validity verification result of the information required for authentication from the authentication server 1 to the service providing device 2, the information required for authentication from the in-vehicle communication device 3 to the service providing device 2 includes a random number in the transmission content. By performing encryption using the above, it may be provided with a function of preventing unauthorized use of the service by intercepting or copying the communication from the authentication server 1 to the service providing device 2.

(Operation of the entire system)
Next, an example of the operation of the entire service use authentication system will be described with reference to FIG.

The in-vehicle communication device 3 monitors whether or not the vehicle passes through a specific position or the like, and if the vehicle passes through a specific position or the like (S11), the authentication information for the in-vehicle communication device 3 is used as an authentication server. Request 1 (S12).

The authentication server 1 generates service connection information and authentication information in response to a request from the in-vehicle communication device 3, and in parallel with transmitting them to the in-vehicle communication device 3, provides service connection information to the service providing device. (S13).

When the vehicle arrives at the service providing location after receiving the authentication information from the authentication server 1, the in-vehicle communication device 3 establishes communication with the service providing device 2 by using the information included in the service information (S14). Then (S15), the authentication information is transmitted to the service providing device 2 (S16).

The service providing device 2 inquires of the authentication server 1 whether or not the service can be provided by using the authentication information received from the in-vehicle communication device 3 (S17).

When the determination result indicating whether or not to provide the service is received from the authentication server 1 (NO in S18), the service providing device 2 does not provide the service (S19).

On the other hand, when the determination result indicating that the service can be provided is received from the authentication server 1 (YES in S18), the service providing device 2 requests the in-vehicle communication device 3 to verify the validity of the determination result (S20).

When the verification result that the determination result is not valid is received from the in-vehicle communication device 3 (NO in S21), the service providing device 2 does not provide the service (S19).

On the other hand, when the verification result that the determination result is valid is received from the in-vehicle communication device 3 (YES in S21), the service providing device 2 provides the service (S22).

(Configuration and operation of each function)
FIG. 3 is a diagram showing the configuration of each function of the authentication server 1, the service providing device 2, and the in-vehicle communication device 3 constituting the service use authentication system.

In the formula in the sentence described below, the part with "Enc (A, B)" indicates the function that encrypts the contents of B with the key A, and the part with "Dec (A, B)" is the key. A function is used to decode the contents of B, and the description "A | B" means the concatenation of A and B as a byte string. The encryption method is not limited as long as it is common among the following devices so as not to interfere with communication.

The authentication information acquisition processing unit 31 of the in-vehicle communication device 3 shown in FIG. 3 receives position information from a GPS (Global Positioning System) antenna simultaneously mounted on the vehicle equipped with the in-vehicle communication device 3 and provides a service. When the distance to the installation location of the device 2 is calculated and it is detected that the distance is less than a preset constant value, it is assumed that the vehicle has passed a specific position or the like and approached the target location. Deemed, the authentication information is requested from the authentication server 1. At this time, the authentication information acquisition processing unit 31 transmits the service type identifier and the vehicle position information to the authentication server 1 via mobile communication or wireless communication, and receives the authentication information and the service connection information. The service type identifier is an identifier indicating the type of service to be used. Subsequently, the authentication information acquisition processing unit 31 outputs the received authentication information and service connection information to the communication establishment processing unit 32.

As information for determining the conditions for starting communication from the in-vehicle communication device 3 to the authentication server 1, for example, information indicating the position of the service providing device 2 is transmitted from the authentication server 1 to the in-vehicle communication device 3 at any time. It is assumed that the notification is made via the mobile communication and recorded in the in-vehicle communication device 3.

Further, it is assumed that the authentication server 1 has already authenticated the device of the target vehicle by the ID of the mobile communication provided in the vehicle prior to the communication here.

The transmission timing of the vehicle position information based on the information from the GPS in the authentication information acquisition processing unit 31 is from the passage of a specific position to the installation location of the service providing device 2 from the navigation system or the like instead of the GPS. It may be carried out by setting a threshold value for the expected time of.

Here, FIG. 4 shows the processing flow of the authentication information generation processing unit 11, the service information transmission processing unit 12, and the authentication information transmission processing unit 13 of the authentication server 1.

The authentication information generation processing unit 11 of the authentication server 1 has the corresponding service type identifier and is located closest to the service information database by using the service type identifier and the vehicle position information received from the in-vehicle communication device 3. Acquire the service information to be performed (S31). The data structure of the service information is shown in FIG. 5A. The service type identifier is an identifier indicating the type of service, and there may be a plurality of service providing devices 2 having different service identifiers for one service type identifier.

Next, the authentication information generation processing unit 11 of the authentication server 1 generates a service connection identifier and a service connection key used by the in-vehicle communication device 3 and the service providing device 2 to establish communication based on random numbers. (S32). Similarly, the authentication result confirmation key, the communication content confirmation key, the authentication secret information, and the authentication ticket 1 are generated based on random numbers (S33).

The calculation method of each variable is shown below.

Service connection identifier = random number ()
Service connection key = random number ()
R0 = random number ()
Authentication result confirmation key = random number ()
Communication content confirmation key = random number ()
Authentication ticket 1 = random number ()
Authentication ticket 2 = Enc (authentication ticket 1, R0)
Authentication secret information = Enc (R0, communication content confirmation key | expiration date)
The authentication information generation processing unit 11 of the authentication server 1 generates the service connection information shown in FIG. 5B from the service information obtained from the service information database, the service connection identifier, and the service connection key. Further, the authentication information shown in FIG. 5C is generated from the authentication ticket 1 and the authentication result confirmation key. Further, the authentication server 1 generates the storage authentication information shown in FIG. 5D in which the expiration date of the authentication information is set as the information used by the service availability determination processing unit 14, and records it in the authentication server 1. ..

Subsequently, the service information transmission processing unit 12 of the authentication server 1 transmits the generated service connection information to the service providing device 2 (S34). Whether or not the service providing device 2 is a legitimate device is determined between the authentication server 1 and the service providing device 2 by using a dedicated closed network, an SSL / TLS certificate, or an in-vehicle communication device 3. It is carried out using the mobile communication network in the same manner as above. As a result, the service information reception processing unit 21 of the service providing device 2 outputs the received service connection information to the service information recording unit 2M, and records the service connection information in the service information recording unit 2M.

Subsequently, the authentication information transmission processing unit 13 of the authentication server 1 transmits the authentication information and the service connection information to the vehicle-mounted communication device 3 via the mobile communication network (S35).

The private key and the authentication information are recorded in the authentication information database on the authentication server as storage authentication information (S36).

When the communication establishment processing unit 32 of the in-vehicle communication device 3 in FIG. 3 receives the authentication information and the service connection information from the authentication information acquisition processing unit 31, the communication establishment processing unit 32 of the in-vehicle communication device 3 uses the connection means of the service connection information to communicate with the service providing device 2. Communication with the establishment processing unit 22 is started. At this time, the communication establishment processing unit 32 transmits the service connection identifier included in the service connection information using short-range wireless communication, for example, in the case of Bluetooth (registered trademark), using the Advertising Channel. Here, the service providing device 2 may determine the start of the communication establishment procedure based on the service connection identifier, the service providing device 2 becomes an access point in the wireless LAN, and the in-vehicle communication device 3 becomes an access point of the service connection identifier. The procedure for establishing communication with the user may be started. The communication is not limited to wireless such as Bluetooth and wireless LAN, and may be carried out via wired communication or by a communication means that will appear in the future, such as connection with a charger provided in an EV vehicle.

By using a service connection identifier that is generated based on a random number and discarded after use, it is possible to prevent the establishment of communication due to easy unauthorized use. When a plurality of communication means are available, the authentication server 1 may specify the means of use by using the service connection information each time the service is used, thereby making eavesdropping difficult. Further, the service connection identifier may be divided into two, and the first half may be used as, for example, a wireless LAN access point name, and the second half may be used as a password used for wireless LAN communication to enhance the confidentiality of communication.

Subsequently, the authentication information transmission processing unit 33 of the in-vehicle communication device 3 encrypts the authentication ticket 1 of the service connection information with the service connection key as shown in the processing flow of FIG. 6, and the encryption authentication ticket. 1 is generated (S41), and the generated encryption authentication ticket 1 is transmitted to the service providing device 2 together with the service identifier (S42). As a result, the authentication information reception processing unit 23 of the service providing device 2 receives the service identifier and the encryption authentication ticket 1.

The calculation method of the encryption authentication ticket 1 which is a variable is shown below.

Encryption authentication ticket 1 = Enc (service connection key, authentication ticket 1)
Here, FIG. 7 shows a processing flow of the authentication information receiving processing unit 23 of the service providing device 2.

The authentication information reception processing unit 23 searches for the service connection information recorded in the service information recording unit 2M using the received service identifier, and acquires the service connection information having the matching service identifier (S51).

Here, if the search for the service connection information fails (NO in S52), the authentication information reception processing unit 23 notifies the in-vehicle communication device 3 of an error as no corresponding service (S53), and performs the subsequent processing. Not performed.

On the other hand, if the search for the service connection information is successful (YES in S52), the authentication information reception processing unit 23 uses the encryption authentication ticket 1 received from the in-vehicle communication device 3 as the service of the service connection information of the search result. By decrypting using the connection key, the authentication ticket 1 is calculated (S54), and the calculated authentication ticket 1 is output to the service availability determination request processing unit 24 (S55).

The service availability determination request processing unit 24 of the service providing device 2 in FIG. 3 sends the service connection identifier and the encryption authentication ticket 1 to the authentication server 1, and the encrypted availability result is encrypted from the authentication server 1. Is received and output to the authentication result confirmation processing unit 25. As a result, the service availability determination processing unit 14 of the authentication server 1 inputs the service connection identifier and the encryption authentication ticket 1 received from the service availability determination request processing unit 24 of the service providing device 2.

The processing flow of the service availability determination processing unit 14 is shown in FIGS. 8A and 8B.

The service availability determination processing unit 14 searches the recorded storage authentication information using the input service connection identifier (S61), and uses the service connection key of the obtained storage authentication information. Then, the input encryption authentication ticket 1 is decrypted, and the authentication ticket 1 is calculated (S62).

Subsequently, the service availability determination processing unit 14 decrypts the authentication ticket 2 of the storage authentication information using the authentication ticket 1 as a key, and calculates the communication content confirmation key A and the expiration date (S63).

The service availability determination processing unit 14 first compares the communication content confirmation key A with the communication content confirmation key included in the storage authentication information (S64).

Here, if they do not match (NO in S65), the service availability determination processing unit 14 concatenates the authentication result confirmation key of the storage authentication information and the code indicating the usage / non-use determination result, and the authentication ticket. 1 is used as a key for encryption, and a pass / fail determination result is generated (S66).

On the other hand, if they match (YES in S65), the service availability determination processing unit 14 compares the expiration date with the current time and confirms whether or not it is within the expiration date (S68).

Here, if it is outside the expiration date (NO in S68), the service availability determination processing unit 14 determines the authentication result confirmation key of the storage authentication information and the use / non-use as in the case of NO in S65. The code indicating the result is concatenated, the authentication ticket 1 is used as the key, and the pass / fail judgment result is generated (S66).

On the other hand, if the communication content confirmation keys match and it is confirmed that the expiration date has not been reached (YES in S68), the service availability determination processing unit 14 and the authentication result confirmation key of the storage authentication information , The code indicating the usability determination result is concatenated, and the authentication ticket 1 is used as the key to encrypt and generate the availability determination result (S69).

Subsequently, the service availability determination processing unit 14 transmits the generated availability determination result to the service providing device 2, and discards the used service connection information (S70).

An example of the calculation method of each variable is shown below.

Authentication ticket 1 = Dec (SCODE, encryption authentication ticket 1)
R0 = Dec (authentication ticket 1, authentication ticket 2)
Communication content confirmation key A | Expiration date = Dec (R0, X2)
Yes / No Judgment Result = Enc (Authentication Ticket 1, Code Showing Judgment Result | Authentication Result Confirmation Key)
The authentication result confirmation processing unit 25 of the service providing device 2 in FIG. 3 decrypts the encryption authentication ticket 1 using the service connection key of the service connection information, and calculates the authentication ticket 1. Subsequently, using the calculated authentication ticket 1 as a key, the approval / disapproval determination result is decoded, and the code indicating the determination result and the authentication result confirmation key are calculated.

If the code indicating the determination result is good, the authentication result confirmation processing unit 25 transmits the authentication result confirmation key to the authentication result confirmation processing unit 34 of the vehicle-mounted communication device 3 as the approval / disapproval result confirmation.

The authentication result confirmation processing unit 34 of the in-vehicle communication device 3 compares the authentication result confirmation key included in the availability result confirmation received from the service providing device 2 with the authentication result confirmation key of the service connection information, and compares the result with the authentication result confirmation key of the service connection information. It is linked with a random number, encrypted with the service connection key, and transmitted to the authentication result confirmation processing unit 25 of the service providing device 2 as the validity verification result. In addition, the retained service connection information and authentication information are destroyed.

The following is an example of the calculation method of the validity verification result which is a variable.

Validity verification result = Enc (service connection key, (authentication result confirmation key == received authentication result confirmation key) | random number ())
On the other hand, when the authentication result confirmation processing unit 25 receives the validity verification result from the authentication result confirmation processing unit 34, the received validity verification result is decrypted by the service connection key, and the validity verification result is good. In that case, the service provision start processing unit 26 is instructed to start providing the service. Also, the retained service connection information is discarded.

(Effect of embodiment)
The effects of this embodiment are shown below.

As described above, in the system of the present embodiment, the communication between the authentication server 1 and the in-vehicle communication device 3 for determining the service usage and the communication between the authentication server 1 and the service providing device 2 are performed. Since it is carried out geographically / temporally apart, it can be difficult for both parties to eavesdrop / tamper / spoof at the timing of communication. In addition, the information transmitted from the authentication server 1 to each device and used for service availability is temporarily issued. Further, the information is generated based on the random number, is disposable, and has an expiration date. Therefore, even if it is eavesdropped in some way, it can be difficult to reuse it.

Further, in the system of the present embodiment, individual communication between the authentication server 1 and the in-vehicle communication device 3 and individual communication between the authentication server 1 and the service providing device 2 are performed as described in detail below. It can make it difficult for an unauthorized vehicle to eavesdrop / tamper with communications to use the service.

For example, the communication between the in-vehicle communication device 3 and the authentication server 1 is secured by the device authentication provided in the mobile communication provided in the vehicle, and therefore, except when each device of the legitimate vehicle is stolen. , Eavesdropping / tampering itself is difficult.

In addition, if the communication between the authentication server 1 and the service providing device 2 is eavesdropped, the authentication information cannot be obtained from the service connection information and the authentication information required for using the service on the vehicle side. Therefore, the service cannot be used by irregular vehicles.

Further, even if the communication for sending and receiving the service connection information between the authentication server 1 and the service providing device 2 is tampered with and replaced with the service connection information held by the unauthorized vehicle, the authentication server 1 responds. It is difficult to use the service for unauthorized vehicles because the service connection identifier used to search the storage authentication information is disposable information generated based on random numbers, and the storage authentication information is destroyed after use. Is.

Further, when the communication of the transmission / reception of the approval / disapproval judgment result between the authentication server 1 and the service providing device 2 is altered for the purpose of unauthorized use of the service by the unauthorized vehicle, it is generated based on the random number in the approval / disapproval judgment result. The authentication result confirmation processing unit 34, including the authentication result confirmation key, collates with the authentication result confirmation key held by the in-vehicle communication device 3 to make unauthorized use difficult.

Further, when the communication for sending and receiving authentication information between the in-vehicle communication device 3 and the service providing device 2 is eavesdropped, the encryption authentication ticket 1 used for determining whether or not the service can be used is generated based on a random number. It is difficult to use the service for fraudulent vehicles because it is disposable information and the authentication information is destroyed after use.

Further, when the transmission / reception communication of the possibility result confirmation between the in-vehicle communication device 3 and the service providing device 2 is eavesdropped, the authentication result confirmation key included in the possibility determination result is a disposable one generated based on a random number. It is difficult to use the service for fraudulent vehicles because it is the information of the above and the authentication information is destroyed after use.

Further, falsifying the communication of sending and receiving the encryption authentication ticket 1 between the in-vehicle communication device 3 and the service providing device 2 for the purpose of unauthorized use of the service by the unauthorized vehicle is the subsequent encryption on the authentication server 1. The decryption of the encryption authentication ticket 1 is hindered, and it is determined as negative by the availability judgment, and unauthorized use can be prevented. Further, changing the service identifier makes it impossible to use the service providing device 2 itself, so that unauthorized use is not established.

Further, falsifying the communication of sending and receiving the validity verification result between the in-vehicle communication device 3 and the service providing device 2 for the purpose of illegal use of the service by the illegal vehicle, the validity verification result is generated based on the random number. Since it is encrypted by the temporary service connection key shared between the regular in-vehicle communication device 3 and the service providing device 2, the decryption in the service providing device 2 is hindered, and the service providing device 2 has a problem. Unauthorized use is not established because it cannot be used.

Next, each embodiment will be described.

(First Example)
In the first embodiment, a service form of a system including an EV vehicle and an EV charger that are shared and used by a plurality of users will be considered.
In the configuration shown in FIG. 9, the resident of the apartment X shares the EV vehicle <1> and the EV vehicle <2>, and can use the EV charger A, the EV charger B, and the EV charger C, and the resident of the apartment Y can use the EV charger A, the EV charger B, and the EV charger C. It is assumed that the resident shares the EV vehicle <3> and the EV vehicle <4> and can use the EV charger B, the EV charger C, and the EV charger D.

The number of EV chargers installed is not sufficient at the stage when EV vehicles have begun to spread, and there are fewer restrictions on installation compared to conventional gas stations, so the installation of unmanned charging stations may progress in the future. Conceivable. Therefore, it is a great merit for each user to provide a combination of the EV charger and the EV vehicle that can be preferentially used by each user as shown in the configuration of FIG.

As in the conventional technology, the determination of availability by a mobile device can be performed regardless of the vehicle as long as it is a charging operation by the user who owns the mobile device. Therefore, it is possible to prevent unauthorized charging of a non-target vehicle. Can not. In addition, if the availability is determined only by the geographical positional relationship, it is not possible to prevent unauthorized charging by a vehicle outside the target due to the positional estimation accuracy.

On the other hand, in the present embodiment, in the configuration of FIG. 9, the above-mentioned authentication server 1 is installed on the service provider side, and the above-mentioned service providing devices are installed on the EV chargers A, B, C, and D, respectively. 2 is installed, and the above-mentioned in-vehicle communication device 3 is installed on each of the EV vehicles <1>, <2>, <3>, and <4>.

With this configuration, it is possible to determine the availability of each vehicle, and it is possible to prevent unauthorized use by non-target vehicles.

Further, according to the present embodiment, it is possible to easily add / delete the target vehicle equipped with the in-vehicle communication device 3. The authentication server 1 on the service provider side only needs to manage the mobile communication information of the target vehicle, and the service providing device 2 on the EV charger side has geographical location information, a fixed IP address, and SSL. / The TLS certificate may be managed and notified to each in-vehicle communication device using mobile communication.

Further, the combination of the target vehicle and the available EV charger can be easily managed by managing it on the authentication server 1 and managing the information of the available charger notified to the in-vehicle communication device 3.

(Second Example)
In the second embodiment, a service form that combines vehicle sharing and a parking lot is considered.
For example, there is a vehicle sharing service for residents of condominiums and a private parking lot service attached to the condominium.

In order to reduce the burden on residents, it is desirable to operate the private parking lot unattended, and it is necessary to reduce the burden of entering and leaving the parking lot as much as possible.

In order to avoid unauthorized use by vehicles not covered by the parking lot, in the existing form, it is necessary to provide a gate and a gate controller at the entrance of the parking lot, and to temporarily stop the user at the time of warehousing and operate the gate controller. Therefore, it is necessary to provide a temporary stop space in a part of the parking lot.

On the other hand, in this embodiment, the service providing device 2 is installed in the gate controller. As a result, the gate can be opened and closed simply by the vehicle approaching the gate controller, and a parking lot that enables quick passage through the gate can be realized.

As a result, it becomes possible to realize a service in which the above-mentioned temporary stop space is not required and the small amount of land is used as a parking lot as much as possible.

(Third Example)
In the third embodiment, an operation of opening and closing a garage with a switchgear of a private house is considered.
In this case, the in-vehicle communication device 3 is mounted on the private vehicle, and the service providing device 2 is installed on the opening / closing device of the garage.

In this case, the vehicle comes in front of the garage to operate the opening and closing of the garage, but even if the communication is eavesdropped, it is possible to make it difficult to open and close illegally using the eavesdropped content.

As described in detail above, according to the embodiment, it is possible to make it difficult to illegally use the service even when eavesdropping / reuse is performed.

Although some embodiments of the present invention have been described, these embodiments are presented as examples and are not intended to limit the scope of the invention. These novel embodiments can be implemented in various other embodiments, and various omissions, replacements, and changes can be made without departing from the gist of the invention. These embodiments and modifications thereof are included in the scope and gist of the invention, and are also included in the scope of the invention described in the claims and the equivalent scope thereof.

1 ... Authentication server 1, 2 ... Service providing equipment, 3 ... In-vehicle communication equipment, 20 ... Service providing facility, 30 ... Mobile.

Claims (14)

It is composed of an authentication server, a service providing device capable of communicating with the authentication server, and an in-vehicle communication device equipped with a mobile communication means. At the start of service provision, the service is used for each vehicle equipped with the in-vehicle communication device. In the service use authentication system that authenticates the approval or disapproval
The in-vehicle communication device is
Based on the vehicle position or time or the specific position passage information indicating the passage of the specific position, the information necessary for authentication and the service connection information are requested and acquired from the authentication server by using the mobile communication means. It is provided with a means for controlling the timing, storing the acquired service connection information and the information required for authentication, and transmitting the saved service connection information and the information required for authentication to the service providing device.
The service providing device is
The service connection information received from the authentication server is saved, and the service connection information is used to control the communication connection with the in-vehicle communication device that is the service provider, and the information required for authentication received from the in-vehicle communication device. Is provided to the authentication server to obtain the expiration date of the information required for authentication and to determine whether or not the target service can be provided.
The authentication server is
In response to a request from the in-vehicle communication device, service connection information is created, the service connection information is transmitted to the in-vehicle communication device and also to the service providing device, and further, information necessary for authentication is created. The service is provided with a means for transmitting the information required for the authentication to the in-vehicle communication device and the information indicating the verification result and the expiration date after verifying the validity of the information required for the authentication received from the service providing device. and means for transmitting to the device,
The communication between the authentication server and the in-vehicle communication device and the communication between the authentication server and the service providing device are performed at geographically or temporally separated positions.
The information transmitted from the authentication server to each device and used for service availability is temporarily issued, is generated based on a random number, is disposable, and has an expiration date. Is,
Service usage authentication system. The specific position passage information is information indicating whether or not the predicted time required for intrusion or movement within a predetermined distance range from the service providing device has changed below the threshold value, or whether or not the service has passed a specific position on the map. The service use authentication system according to claim 1. The in-vehicle communication device is
A means for storing the service connection information received from the authentication server and the information necessary for the acquired authentication, and a means for controlling the connection of communication with the service providing device and authenticating the availability of the service using the stored information. With,
The service use authentication system according to claim 1 or 2. The position where information necessary for authentication is transmitted and received between the in-vehicle communication device and the authentication server is set to a position physically separated from the position of the service providing device, and further, the in-vehicle communication device and the authentication server are set. It is possible to use short-range wireless communication for communication between the service providing device and the in-vehicle communication device by performing communication with the service providing device by mobile communication, and between the service providing device and the authentication server. Wired communication or wireless communication can be used for communication.
The service use authentication system according to any one of claims 1 to 3. The in-vehicle communication device is
When requesting service connection information from the authentication server, the means for transmitting the own vehicle position or time or specific position passing information is provided.
The authentication server is
A means for creating service connection information based on the position or time of the in-vehicle communication device or specific position passage information and transmitting the service connection information to the in-vehicle communication device.
The service use authentication system according to any one of claims 1 to 4. The in-vehicle communication device includes means for using a service identifier included in the service connection information as a communication encryption key in a communication connection between the service providing device and the in-vehicle communication device.
The service use authentication system according to any one of claims 1 to 5. The in-vehicle communication device includes means for using the service identifier included in the service connection information as an access point name of the wireless LAN of the service-providing device in the communication connection between the service-providing device and the in-vehicle communication device.
The service use authentication system according to any one of claims 1 to 6. The in-vehicle communication device includes the service identifier included in the service connection information in the transmission content of the short-range wireless communication transmitted by the in-vehicle communication device in the communication connection between the service providing device and the in-vehicle communication device. The service providing device is provided with a means for identifying the connected communication partner.
The service use authentication system according to any one of claims 1 to 7. The authentication server creates a service identifier included in the service connection information created by the authentication server based on a random number for each request from the in-vehicle communication device, and the in- vehicle communication device is based on the random number. The service identifier created in is used for connection control between the in-vehicle communication device and the service providing device .
The service use authentication system according to any one of claims 1 to 8. The authentication server creates information necessary for authentication created by the authentication server based on a random number for each request from the in-vehicle communication device, and information necessary for the authentication created based on the random number. and transmitted to the vehicle-mounted communication apparatus, wherein when the authentication server was performed validity verification information required for authentication received from the service providing device, some of the information required for authentication are stored Discard ,
The service use authentication system according to any one of claims 1 to 9. The authentication server creates information necessary for authentication created by the authentication server based on a random number for each request from the in-vehicle communication device, and creates a service identifier based on the random number in the in-vehicle communication device. When the authentication server sends to a communication device and verifies the validity of the information required for authentication received from the service providing device, the expiration date is determined from a part of the stored authentication information. However, if the expiration date has passed, verification will not be possible.
The service use authentication system according to any one of claims 1 to 10. The authentication server to the service connection information, including information regarding the communication means used for communication with the service providing device and the vehicle communication device, the in-vehicle communication device, using the communication means indicated in the service connection information To communicate with the service providing device ,
The service use authentication system according to any one of claims 1 to 11. When transmitting the validity verification result of the information required for authentication from the authentication server to the service providing device, the authentication server includes a random number in the transmission content and authenticates the in-vehicle communication device to the service providing device. to encrypt the transmissions by using the information necessary for,
The service use authentication system according to any one of claims 1 to 12. It is composed of an authentication server, a service providing device capable of communicating with the authentication server, and an in-vehicle communication device equipped with a mobile communication means. At the start of service provision, the service is used for each vehicle equipped with the in-vehicle communication device. It is a service use authentication method that authenticates whether or not it is possible.
The information necessary for authentication and service connection information are transmitted from the in-vehicle communication device to the authentication server at a timing based on the vehicle position or time or the specific position passage information indicating the passage of the specific position by using the mobile communication means. Request and
The created service connection information is transmitted from the authentication server to the in-vehicle communication device to the in-vehicle communication device, is also transmitted to the service providing device, and further, the information necessary for the created authentication is transmitted to the in-vehicle communication device. And
The acquired service connection information and the information required for authentication are transmitted from the in-vehicle communication device to the service providing device to the service providing device.
Information necessary for authentication received from the service providing device to the authentication server and received from the in-vehicle communication device is transmitted to the authentication server.
The authentication server transmits to the service providing device the verification result of verifying the validity of the information required for authentication received from the service providing device and the information indicating the expiration date.
In the service providing device, based on the verification result received from the authentication server and the information indicating the expiration date, the expiration date of the information required for authentication and the feasibility of providing the target service are determined.
Including that
The communication between the authentication server and the in-vehicle communication device and the communication between the authentication server and the service providing device are performed at geographically or temporally separated positions.
The information transmitted from the authentication server to each device and used for service availability is temporarily issued, is generated based on a random number, is disposable, and has an expiration date. Is,
Service usage authentication method.

Images