JP7049789B2 - Key distribution system, key distribution device and key distribution method - Google Patents

Description

The present invention relates to a key distribution system, a key distribution device, and a key distribution method.

Conventionally, an automobile has an ECU (Electronic Control Unit), and functions such as engine control are realized by the ECU. The ECU is a kind of computer, and realizes a desired function by a computer program. For example, Non-Patent Document 1 describes a security technique for an in-vehicle control system configured by connecting a plurality of ECUs to a CAN (Controller Area Network).

Keisuke Takemori, "Protection of In-Vehicle Control Systems Based on Secure Elements-Organization and Consideration of Elemental Technologies-", Institute of Electronics, Information and Communication Engineers, Academic Technical Report, vol. 114, no. 508, pp. 73-78, 2015 March of the year

For the security of the ECU installed in the car, the ECU uses the key to mutually authenticate the data exchange partner, or the ECU key is used to encrypt the computer program applied to the ECU from the server device to the car. It is possible to send it. One of the issues was to improve the efficiency of key distribution of the ECU.

The present invention has been made in consideration of such circumstances, and an object of the present invention is to improve the efficiency of key distribution of an in-vehicle computer such as an ECU mounted on a vehicle such as an automobile.

(1) One aspect of the present invention includes a key distribution device and an in-vehicle computer mounted on a vehicle, and the key distribution device is provided for each type of key and a vehicle interface for transmitting and receiving data to and from the vehicle. A master key storage unit that stores a plurality of master keys, and a key generation unit that generates various different keys to be distributed to the vehicle by using the master key corresponding to the type of key to be distributed to the vehicle. The vehicle interface transmits various different keys generated by the key generation unit to the vehicle, the in-vehicle computer includes a key storage unit for storing the key, and the key storage unit distributes the key. It is a key distribution system that stores various types of keys distributed from the device , and the master key stored in the master key storage unit is a key that differs for each in-vehicle computer manufacturer, vehicle manufacturer, or vehicle model. It is a delivery system.
(2) In one aspect of the present invention, in the key distribution system of (1) above, the key storage unit stores an initial key in advance, and the key generation unit uses a master key corresponding to the initial key. The key distribution device includes an encryption processing unit that generates key encryption data by encrypting various different keys distributed to the vehicle with the initial key generated by the key generation unit. The vehicle interface is a key distribution system including a encryption processing unit that transmits the key encryption data to the vehicle and the vehicle-mounted computer decrypts the key encryption data with the initial key of the key storage unit. ..

(3) One aspect of the present invention is a key distribution device for distributing a key to a vehicle, a master key storage unit for storing a plurality of master keys provided for each type of key, and a type of key to be distributed to the vehicle. It is a key distribution device including a key generation unit that generates various different keys to be distributed to the vehicle by using the master key corresponding to the above, and the master key stored by the master key storage unit is mounted on the vehicle. The in - vehicle computer is a key distribution device that stores various different keys distributed from the key distribution device to the vehicle, which differs depending on the manufacturer of the vehicle-mounted computer, the manufacturer of the vehicle, or the vehicle type.

(4) One aspect of the present invention is a master key storage step in which a key distribution device stores a plurality of master keys provided for each key type in a master key storage unit, and the key distribution device is a key type. The key generation step of generating various different keys to be distributed to the vehicle by using the master key corresponding to the type of the key to be distributed to the vehicle among the plurality of master keys provided for each, and the key distribution device , A transmission step of transmitting various different keys generated by the key generation step to the vehicle, and an in-vehicle computer mounted on the vehicle stores various different keys distributed from the key distribution device. It is a key distribution method including a key storage step to be stored in the unit, and the master key stored in the master key storage unit is different for each in-vehicle computer manufacturer, vehicle manufacturer, or vehicle model. Is.
(5) In one aspect of the present invention, in the key distribution method of the above (4), the key distribution device uses a master key corresponding to an initial key stored in advance in the key storage unit to obtain the initial key. An initial key generation step to be generated, and an encryption step in which the key distribution device encrypts various different keys distributed to the vehicle with the initial key generated by the initial key generation step to generate key encryption data. The vehicle-mounted computer includes a decryption step of decrypting the key encryption data with the initial key of the key storage unit, and the transmission step is a key distribution method for transmitting the key encryption data to the vehicle. be.

According to the present invention, it is possible to improve the efficiency of key distribution of an in-vehicle computer such as an ECU mounted on a vehicle such as an automobile.

It is a schematic block diagram of the key distribution system 1 which concerns on one Embodiment. It is a schematic block diagram of the key distribution apparatus 30 which concerns on one Embodiment. It is a figure which shows the functional composition example of the ECU 18 which concerns on one Embodiment. It is a sequence chart which shows the example of the key distribution method which concerns on one Embodiment.

Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the embodiment shown below, an automobile will be described as an example as a vehicle.

FIG. 1 is a schematic configuration diagram of a key distribution system 1 according to the present embodiment. In FIG. 1, the key distribution system 1 includes a key distribution device 30 and an ECU (electronic control unit) 18 for key distribution mounted on an automobile 10. The automobile 10 includes a communication interface 14, an in-Vehicle Infotainment (IVI) device 15, a gateway (GW) device 16, a communication network 17, and a plurality of ECUs 18.

The ECU 18 is an in-vehicle computer provided in the automobile 10. The ECU 18 has a control function such as engine control of the automobile 10. Examples of the ECU 18 include an ECU having an engine control function, an ECU having a handle control function, and an ECU having a brake control function. The GW device 16 has a data security function applied to the ECU 18 mounted on the automobile 10. It should be noted that any ECU mounted on the automobile 10 may function as the GW device 16.

The GW device 16 and the plurality of ECUs 18 are connected to a communication network (hereinafter referred to as an in-vehicle network) 17 provided in the automobile 10. The in-vehicle network 17 may be, for example, a CAN (Controller Area Network). CAN is known as one of the communication networks mounted on vehicles. The GW device 16 exchanges data with each ECU 18 via the vehicle-mounted network 17. The ECU 18 exchanges data with another ECU 18 via the vehicle-mounted network 17.

As a communication network mounted on the vehicle, a communication network other than CAN is provided in the automobile 10, data is exchanged between the GW device 16 and the ECU 18 and between the ECUs 18 via the communication network other than CAN. Data may be exchanged. For example, a LIN (Local Interconnect Network) may be provided in the automobile 10. Further, CAN and LIN may be provided in the automobile 10.

The vehicle-mounted computer system of the automobile 10 is configured by connecting the GW device 16 and a plurality of ECUs 18 to the vehicle-mounted network 17. The GW device 16 monitors communication between the inside and the outside of the vehicle-mounted computer system of the automobile 10. The ECU 18 communicates with an external device of the in-vehicle computer system via the GW device 16.

As a configuration of the vehicle-mounted network 17, the vehicle-mounted network 17 may include a plurality of buses (communication lines), and the plurality of buses may be connected to the GW device 16. In this case, one ECU 18 or a plurality of ECUs 18 are connected to one bus.

The communication interface 14 communicates with an external device of the automobile 10. The communication interface 14 may perform wireless communication or may perform wired communication. For example, the communication interface 14 may be a wireless communication interface such as a mobile communication network, a wireless LAN (Local Area Network), or a short-range wireless communication. Alternatively, the communication interface 14 may be a wired communication interface such as a wired LAN or a Universal Serial Bus (USB). Further, the communication interface 14 may include both a wireless communication interface and a wired communication interface. Alternatively, the communication interface 14 may be a diagnostic port of the automobile 10. For example, an OBD (On-board Diagnostics) port may be used as the diagnostic port of the automobile 10.

The communication interface 14 communicates with the key distribution device 30 via the communication path 102. The communication path 102 may be a wireless communication path, a wired communication path, or may be composed of a wireless communication path and a wired communication path. For example, the communication path 102 may be the communication path of the wireless communication network used by the communication interface 14. Alternatively, the communication path 102 may be a communication path composed of a communication network such as the Internet and a wireless communication network used by the communication interface 14. Further, for example, the key distribution device 30 and the communication interface 14 may be connected by a dedicated line such as a VPN (Virtual Private Network) line.

Further, the key distribution device 30 and the automobile 10 may be connected by a communication cable. For example, the key distribution device 30 and the communication interface 14 of the automobile 10 may be connected by a communication cable. For example, the key distribution device 30 and the diagnostic port of the automobile 10 may be connected by a communication cable. Alternatively, the key distribution device 30 and the automobile 10 may be configured to communicate via a wired or wireless communication network. For example, the key distribution device 30 and the automobile 10 may be connected by a wired or wireless LAN.

The key distribution device 30 communicates with the communication interface 14 of the automobile 10 via the communication path 102. The key distribution device 30 communicates with the device mounted on the automobile 10 via the communication interface 14 of the automobile 10. The key distribution device 30 communicates with the ECU 18 mounted on the automobile 10 via the communication interface 14 of the automobile 10 and the GW device 16.

The communication interface 14 is connected to the IVI device 15 and the GW device 16. The IVI device 15 is connected to the communication interface 14 and the GW device 16. The IVI device 15 communicates with an external device of the automobile 10 via the communication interface 14. The IVI device 15 communicates with the ECU 18 via the GW device 16.

FIG. 2 is a schematic configuration diagram of the key distribution device 30 according to the present embodiment. In FIG. 2, the key distribution device 30 includes a vehicle interface 31, a master key storage unit 32, a key generation unit 34, and an encryption processing unit 36. The vehicle interface 31 sends and receives data to and from the automobile 10. The master key storage unit 32 stores a plurality of master keys. A master key is provided for each type of key. The types of keys include, for example, an initial key, a server key, and a tool key. The initial key is a key stored in advance in the ECU 18. The server key is a key used when data such as a computer program applied to the ECU 18 mounted on the automobile 10 is distributed from the server to the automobile 10. The server key is used for data encryption and generation of data message authentication code. Examples of the message authentication code include HMAC (Hash-based MAC) and CMAC (Cipher-based Message Authentication Code). The tool key is a key used for diagnosis and maintenance work of the automobile 10. The tool key is used for processing such as authenticating a diagnostic terminal or a maintenance terminal.

The key generation unit 34 uses the master key corresponding to the type of key to be distributed to the automobile 10 to generate various different keys to be distributed to the automobile 10. The key generation unit 34 generates the initial key by using the master key corresponding to the initial key stored in advance in the ECU 18 of the automobile 10. The encryption processing unit 36 encrypts various different keys to be distributed to the automobile 10 with the initial key generated by the key generation unit 34 to generate key encryption data. The vehicle interface 31 transmits the key encryption data to the vehicle 10.

The function of the key distribution device 30 is realized by the CPU (Central Processing Unit) included in the key distribution device 30 executing a computer program. The key distribution device 30 may be configured by using a general-purpose computer device, or may be configured as a dedicated hardware device.

FIG. 3 is a diagram showing a functional configuration example of the ECU 18 according to the present embodiment. In FIG. 3, the ECU 18 includes an external interface 181, a key storage unit 182, and an encryption processing unit 183. The external interface 181 transmits / receives data to / from an external device of the own ECU 18. The ECU 18 receives the key encryption data transmitted from the key distribution device 30 to the automobile 10 by the external interface 181. The key storage unit 182 stores the key. The key storage unit 182 stores various different keys distributed from the key distribution device 30. The encryption processing unit 183 decrypts the key encryption data received by the external interface 181 with the initial key stored in advance in the key storage unit 182.

The function of the ECU 18 is realized by the CPU included in the ECU 18 executing a computer program.

Next, the key distribution method according to the present embodiment will be described with reference to FIG. FIG. 4 is a sequence chart showing an example of the key distribution method according to the present embodiment.

In FIG. 4, the ECU 18 is a key distribution target ECU mounted on the automobile 10. The ECU 18 stores the initial key K_ini in the key storage unit 182 in advance. The initial key K_ini is written in the ECU 18 at the time of manufacturing the ECU 18, for example.

The key distribution device 30 is provided in, for example, a manufacturing plant of an automobile 10. The key distribution device 30 stores the master key MS_ini in the master key storage unit 32 in advance. The master key MS_ini is the master key used to generate the initial key K_ini. The master key MS_ini may be unique to each manufacturer of the ECU 18, for example. The master key MS_ini is a master key corresponding to the key type "initial key".

The key distribution device 30 stores the server master key MS_ser and the tool master key MS_tool in the master key storage unit 32 in advance. The server master key MS_ser is a master key corresponding to the key type "server key". The tool master key MS_tool is a master key corresponding to the key type "tool key". The server master key MS_ser and the tool master key MS_tool may be unique to, for example, each manufacturer of the automobile 10 or may be unique to each vehicle type of the automobile 10.

(Step S1) The key generation unit 34 of the key distribution device 30 uses the master key MS_ini to generate the initial key K_ini. The method of generating the initial key K_ini is set in advance in the key distribution device 30. The initial key K_ini is, for example, a common key generated by the following equation (1).
K_ini = digest (MS_ini, INIT_ID) ... (1)
However, the INIT_ID is a predetermined value and is set in the key distribution device 30 in advance. In the above equation (1), the initial key K_ini is a digest generated by using the master key MS_ini and the predetermined value INIT_ID. Examples of the digest include a value calculated by a hash function, a value calculated by an exclusive OR operation, and the like. For example, the initial key K_ini is a hash function value calculated by using the master key MS_ini and the predetermined value INIT_ID as input values.

(Step S2) The key generation unit 34 of the key distribution device 30 uses the server master key MS_ser to generate the server key Kser_1. The key generation unit 34 uses the tool master key MS_tool to generate the tool key Ktool_1. The method of generating the server key and the tool key is set in the key distribution device 30 in advance. The server key Kser_1 and the tool key Ktool_1 are, for example, common keys generated by the following equations (2) and (3), respectively.
Kser_1 = Digest (MS_ser, SER_ID) ... (2)
Ktool_1 = digest (MS_tool, TOOL_ID) ... (3)
However, SER_ID and TOOL_ID are predetermined values and are set in the key distribution device 30 in advance. The predetermined value SER_ID and the predetermined value TOOL_ID may be different values or may be the same value. For example, the predetermined value SER_ID and the predetermined value TOOL_ID may be the same value, for example, a vehicle identification number (VIN) of the automobile 10. For example, the server key Kser_1 is a hash function value calculated by using the server master key MS_ser and the VIN of the automobile 10 as input values. For example, the tool key Ktool_1 is a hash function value calculated by using the tool master key MS_tool and the VIN of the automobile 10 as input values.

(Step S3) The encryption processing unit 36 of the key distribution device 30 encrypts the server key Kser_1 generated by the key generation unit 34 with the initial key K_ini generated by the key generation unit 34, and the server key encryption data K_ini (Kser_1). ) Is generated. The encryption processing unit 36 encrypts the tool key Ktool_1 generated by the key generation unit 34 with the initial key K_ini generated by the key generation unit 34, and generates the tool key encryption data K_ini (Ktool_1).

(Step S4) The vehicle interface 31 of the key distribution device 30 transmits the server key encryption data K_ini (Kser_1) and the tool key encryption data K_ini (Ktool_1) generated by the encryption processing unit 36 to the automobile 10. The ECU 18 of the automobile 10 receives the server key encryption data K_ini (Kser_1) and the tool key encryption data K_ini (Ktool_1) from the key distribution device 30 via the communication interface 14 and the GW device 16 by the external interface 181.

(Step S5) The encryption processing unit 183 of the ECU 18 decrypts the server key encryption data K_ini (Kser_1) received from the key distribution device 30 by the external interface 181 by the initial key K_ini of the key storage unit 182, and obtains the server key Kser_1. get. The encryption processing unit 183 decrypts the tool key encryption data K_ini (Ktool_1) received from the key distribution device 30 by the external interface 181 with the initial key K_ini of the key storage unit 182 to acquire the tool key Ktool_1.

(Step S6) The key storage unit 182 of the ECU 18 stores the server key Kser_1 and the tool key Ktool_1 acquired by the encryption processing unit 183. As a result, the ECU 18 stores various different keys distributed from the key distribution device 30.

The key storage unit 182 of the ECU 18 may replace the initial key K_ini with the server key Kser_1 and the tool key Ktool_1 acquired by the encryption processing unit 183. As a result, in the ECU 18, the key may be exchanged from the initial key K_ini to the server key Kser_1 and the tool key Ktool_1.

According to the above-described embodiment, the key distribution device 30 has a plurality of master keys provided for each type of key, and uses the master key corresponding to the type of key to be distributed to the vehicle 10 of the vehicle 10. Each type of key to be distributed to is generated, and the generated various types of keys are distributed to the automobile 10. The ECU 18 of the automobile 10 stores various different keys distributed from the key distribution device 30. As a result, when a plurality of key types exist, the key to be distributed to the automobile 10 can be easily generated by using the master key corresponding to the key type to be distributed to the automobile 10. Therefore, the automobile 10 can be easily generated. The effect of improving the efficiency of key distribution of the ECU 18 can be obtained.

Although the embodiments of the present invention have been described in detail with reference to the drawings, the specific configuration is not limited to this embodiment, and includes design changes and the like within a range that does not deviate from the gist of the present invention.

The above-described embodiment may be applied to the automobile 10 in, for example, an automobile manufacturing factory, a maintenance factory, a dealer, or the like.

In the above-described embodiment, an automobile is taken as an example as a vehicle, but it can also be applied to other vehicles other than automobiles such as motorized bicycles and railway vehicles.

Further, a computer program for realizing the functions of the above-mentioned devices may be recorded on a computer-readable recording medium, and the program recorded on the recording medium may be read by the computer system and executed. The "computer system" here may include hardware such as an OS and peripheral devices.
The "computer-readable recording medium" is a flexible disk, a magneto-optical disk, a ROM, a writable non-volatile memory such as a flash memory, a portable medium such as a DVD (Digital Versatile Disc), and a built-in computer system. A storage device such as a hard disk.

Further, the "computer-readable recording medium" is a volatile memory inside a computer system that serves as a server or client when a program is transmitted via a network such as the Internet or a communication line such as a telephone line (for example, DRAM (Dynamic)). It also includes those that hold the program for a certain period of time, such as Random Access Memory)).
Further, the program may be transmitted from a computer system in which this program is stored in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the "transmission medium" for transmitting a program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.
Further, the above program may be for realizing a part of the above-mentioned functions. Further, a so-called difference file (difference program) may be used, which can realize the above-mentioned function in combination with a program already recorded in the computer system.

1 ... key distribution system, 10 ... automobile, 14 ... communication interface, 15 ... IVI device, 16 ... gateway device, 17 ... in-vehicle network, 18 ... ECU, 30 ... key distribution device, 31 ... vehicle interface, 32 ... master key storage Unit, 34 ... Key generation unit, 36, 183 ... Cryptographic processing unit, 181 ... External interface, 182 ... Key storage unit

Claims (5)

Equipped with a key distribution device and an in-vehicle computer mounted on the vehicle,
The key distribution device is
A vehicle interface that sends and receives data to and from the vehicle,
A master key storage unit that stores multiple master keys provided for each key type,
It is provided with a key generation unit that generates various different keys to be distributed to the vehicle by using the master key corresponding to the type of the key to be distributed to the vehicle.
The vehicle interface transmits various different keys generated by the key generator to the vehicle.
The in-vehicle computer includes a key storage unit for storing a key.
The key storage unit stores various types of keys distributed from the key distribution device.
It is a key distribution system
The master key stored in the master key storage unit differs for each in-vehicle computer manufacturer, vehicle manufacturer, or vehicle model.
Key distribution system. The key storage unit stores the initial key in advance and stores it in advance.
The key generation unit generates the initial key by using the master key corresponding to the initial key.
The key distribution device includes an encryption processing unit that generates key encryption data by encrypting various different keys distributed to the vehicle with an initial key generated by the key generation unit.
The vehicle interface transmits the key encryption data to the vehicle.
The in-vehicle computer includes an encryption processing unit that decrypts the key encryption data with the initial key of the key storage unit.
The key distribution system according to claim 1. In a key distribution device that distributes keys to vehicles
A master key storage unit that stores multiple master keys provided for each key type,
A key generation unit that generates various different keys to be distributed to the vehicle by using the master key corresponding to the type of the key to be distributed to the vehicle.
It is a key distribution device equipped with
The master key stored in the master key storage unit differs depending on the manufacturer of the in-vehicle computer mounted on the vehicle, the manufacturer of the vehicle, or the vehicle model.
The in-vehicle computer stores various different keys distributed from the key distribution device to the vehicle.
Key distribution device. A master key storage step in which the key distribution device stores a plurality of master keys provided for each key type in the master key storage unit, and
A key that the key distribution device uses a master key corresponding to a key type to be distributed to a vehicle among a plurality of master keys provided for each key type to generate various different keys to be distributed to the vehicle. Generation step and
A transmission step in which the key distribution device transmits various different keys generated by the key generation step to the vehicle.
A key storage step in which an in-vehicle computer mounted on the vehicle stores various different keys distributed from the key distribution device in its own key storage unit.
Is a key delivery method that includes
The master key stored in the master key storage unit differs for each in-vehicle computer manufacturer, vehicle manufacturer, or vehicle model.
Key delivery method. An initial key generation step in which the key distribution device generates the initial key using a master key corresponding to the initial key stored in advance in the key storage unit.
An encryption step in which the key distribution device encrypts various different keys distributed to the vehicle with the initial key generated by the initial key generation step to generate key encryption data.
The vehicle-mounted computer includes a decryption step of decrypting the key encrypted data with the initial key of the key storage unit.
The transmission step transmits the key encrypted data to the vehicle.
The key distribution method according to claim 4.

Images