JP7489310B2 - Electronic Key System - Google Patents

Description

The present invention relates to an electronic key system for electronically locking and unlocking a vehicle, and in particular to an electronic key system that uses a network.

Key systems that lock or unlock vehicle doors without using a key are being put into practical use. For example, the keyless entry system of Patent Document 1 connects a mobile phone to a vehicle locking/unlocking control device via a communication line, and the owner of the vehicle transmits data for unlocking the door from the mobile phone to the locking/unlocking control device via the communication line, and the locking/unlocking control device unlocks the vehicle door. To enhance security, the data is encrypted using a public key and a private key, so that a third party cannot unlock the door even if they illegally obtain the data. In addition, the electronic key system of Patent Document 2 stores a public key used for a digital signature in the electronic key and the in-vehicle device, stores a private key used for the digital signature in the server, and the update information obtained from the server is given a hash value of the update information encrypted by the private key, and the electronic key and the in-vehicle device decrypt the hash value of the update information encrypted by the private key using the public key to verify the authenticity of the update information.

JP 2006-9333 A JP 2009-275363 A

The development of "digital keys," which use mobile phones or other smartphones to electronically lock and unlock vehicle doors, has become more active following the formulation of standard specifications by the Car Connectivity Consortium (CCC).

In conventional car sharing, users communicate with the vehicle (on-board device) via a server using, for example, a smartphone to lock and unlock the vehicle. In this case, if both the vehicle and the smartphone are out of communication range, it is not possible to unlock the vehicle from the smartphone.

To address this issue, public key cryptography could be used to realize key operations in local communication. The vehicle downloads the public key from the server in advance, and the smartphone digitally signs requests to the vehicle using the private key before sending them, and the vehicle uses the public key to verify the digital signature of the request. In this case, there is an issue that the server must be maintained for the same period as the vehicle's lifespan (10 to 15 years).

Meanwhile, blockchain, which is a distributed processing system, monitors data on the blockchain between terminals on multiple networks, preventing unauthorized data rewriting, copying, deletion, etc., and guarantees that the data on the blockchain is correct. By using such a blockchain, service providers no longer need to maintain and manage servers. When using public key cryptography with blockchain, it is necessary to write a public key to the blockchain, but in public blockchains, etc., fees (gas) must generally be paid according to the amount of data written to the blockchain. Therefore, it is necessary to reduce the amount of public key data written to the blockchain as much as possible.

Fig. 1 is a diagram for explaining an overview of a conventional electronic key system using a blockchain. Here, an electronic key system for car sharing or when multiple users of a family use a vehicle is illustrated.
(1) First, a user generates a private key/public key on a smartphone, and then requests the owner's personal computer or smartphone to add user device information including the generated public key from the smartphone. The user device information is, for example, the phone number of the user's smartphone.
(2) When the owner receives a request to add user device information from a user, the owner extracts the public key included in the request and writes the public key corresponding to the user device information to be added to the blockchain on the network, thereby adding or changing the user device information on the blockchain. In addition, when the owner himself uses the vehicle, he generates a public key/private key and writes the public key corresponding to the owner's user device information to the blockchain. In addition, when the conditions of use of the vehicle (e.g., the date and time of use, etc.) have been determined, the user requests the owner to add user device information including the conditions of use, and the owner can add or change the user device information to the blockchain according to the conditions of use.
(3) The blockchain synchronizes the authority information of the in-vehicle device. That is, the blockchain transmits a public key corresponding to the added user device information to the in-vehicle device, and the in-vehicle device holds the public key. Also, if the owner's own public key is written to the blockchain, the public key is downloaded to the in-vehicle device and held there.
(4) When a user uses a vehicle, the user sends a lock/unlock request accompanied by a digital signature signed with the private key to the in-vehicle device. The in-vehicle device authenticates the user by decoding the digital signature using the public key stored in the device, and if authenticated, allows the user to lock/unlock the vehicle.
(5) In addition, when the owner himself uses the system, the owner sends a lock/unlock request accompanied by a digital signature signed with a private key to the in-vehicle device, as in (4) above. The in-vehicle device then authenticates the owner by decoding the digital signature using the public key it holds, and if authenticated, makes it possible to lock and unlock the vehicle.

An electronic key system that uses such a blockchain has the advantage that the written public key is virtually impossible to tamper with, but it has the problem that costs are incurred according to the amount of data written, as mentioned above.

The present invention aims to solve these problems and provide an inexpensive electronic key system that uses public key cryptography.

The electronic key system of the present invention includes an in-vehicle device, a user terminal, and an electronic device connected to the in-vehicle device and the user terminal via a network, and enables electronic locking or unlocking of a vehicle. The user terminal includes a generation means for generating a private key and a public key, a first conversion means for converting the public key into first unique data having a small data size of the public key, a first transmission means for transmitting the converted first unique data to the electronic device, and a second transmission means for transmitting a signed request using a private key to the in-vehicle device. The electronic device includes a storage means for storing the first unique data received from the user terminal, and a third transmission means for transmitting the stored first unique data to the in-vehicle device. The in-vehicle device includes a reception means for receiving the first unique data from the electronic device, a second conversion means for converting the public key included in the signed request into second unique data by the same conversion as the first conversion means, and a key control means for comparing the second unique data with the first unique data and controlling the locking or unlocking of the vehicle based on the comparison result.

In one embodiment, the first and second conversion means convert a public key into first and second unique data using a hash function. In one embodiment, the electronic device is used in a system that charges a user according to the size of data stored in the storage means. In one embodiment, the electronic device is used in a blockchain system.

The locking/unlocking method of the present invention is for an electronic key system including an in-vehicle device, a user terminal, and a blockchain that holds information on a network, and generates a private key/public key in the user terminal, converts the public key to a digest value with a small number of bytes, stores the converted digest value in the blockchain, generates a signed request signed using the private key in the user terminal, transmits the generated signed request to the in-vehicle device, converts the public key included in the signed request received from the user terminal to a digest value in the in-vehicle device, compares the digest value with the digest value downloaded from the blockchain, and allows the vehicle to be locked or unlocked if the identity of the person making the signed request can be authenticated based on the comparison result.

According to the present invention, the public key is converted into unique data with a small data size, the unique data is stored in an electronic device on the network, and the unique data received from the electronic device is used to authenticate the user and lock or unlock the vehicle, thereby reducing the amount of data written to the network and the associated costs.

FIG. 1 is a diagram illustrating an overview of a conventional electronic key system using a blockchain. 1 is a diagram showing a configuration of an electronic key system according to an embodiment of the present invention; FIG. 2 is a block diagram showing a configuration of a user terminal according to an embodiment of the present invention. FIG. 1 is a diagram for explaining an overview of generation and verification of a digital signature using a public key cryptosystem. A diagram showing the functional configuration of an electronic key program of a user terminal in an embodiment of the present invention. FIG. 2 is a diagram showing a functional configuration of an in-vehicle device according to an embodiment of the present invention. FIG. 2 is a diagram illustrating an Ethereum Address according to an embodiment of the present invention. 5A to 5C are diagrams illustrating the operation of the electronic key system according to the embodiment of the present invention. 10A to 10C are diagrams illustrating the operation of an electronic key system as a comparative example.

Next, an embodiment of the present invention will be described. The electronic key system of the present invention makes it possible to electronically lock and unlock a vehicle using data digitally signed by a public key cryptography system. Furthermore, the electronic key system of the present invention is particularly effective when used by users other than the vehicle owner, such as in car sharing and rental cars, in addition to being used by the vehicle owner himself.

Figure 2 is a diagram showing the overall configuration of an electronic key system according to an embodiment of the present invention. The electronic key system 100 of this embodiment includes one or more user terminals 110, a blockchain 120 connected to the user terminals 110 via a network, and an on-board device 130 installed in the vehicle.

The user terminal 110 is a terminal held by a user who owns a vehicle or a user who uses a vehicle. The user terminal is, for example, a computer device, a high-function mobile phone terminal such as a smartphone, a portable terminal, etc. For example, in a car sharing service, the operator who runs the car sharing business is the user who owns the vehicle, and the person who shares the vehicle is the user who uses the vehicle. Similarly, in a car rental service, the operator who runs the rental business is the user who owns the vehicle, and the person who rents the vehicle is the user who uses the vehicle. In addition, when a vehicle is shared between family members, the owner of the vehicle is the user who owns the vehicle, and other family members are the users who use the vehicle. These are just examples, and the term "user who owns the vehicle" and "user who uses the vehicle" applies in cases where there are users who own the vehicle and users who use the vehicle other than the above. In the following description, when distinguishing between a user terminal held by a user who owns a vehicle and a user terminal held by a user who uses a vehicle, they are referred to as user terminals 110A and 110B, but otherwise they are referred to as user terminal 110.

The blockchain 120 is composed of a distributed processing system including multiple electronic devices (e.g., computer devices) connected on a network, and the blockchain allows these multiple electronic devices to mutually monitor data, prevents data written to the blockchain from being tampered with, and ensures that the written data is genuine. There are public blockchains that can be used by any user, and when using a public blockchain, users pay a fee according to the size of data written on the blockchain. In one embodiment, the electronic key system of this embodiment uses such a public blockchain.

The in-vehicle device 130 is an electronic device mounted on a vehicle, and has the functions of communicating with the user terminal 110, communicating with the blockchain 120 via a network, and electronically locking and unlocking the doors. Of course, the in-vehicle device 130 can also have other functions in addition to the above functions, such as navigation, audio, and visual functions.

Next, the user terminal of this embodiment will be described. In one embodiment, the user terminal 110 is a smartphone. FIG. 3 is a block diagram showing an example of the electrical configuration of the user terminal. As shown in the figure, the user terminal 110 includes an input unit 200, a communication unit 210, a display unit 220, an audio output unit 230, a storage unit 240, a control unit 250, and the like. The input unit 200 receives input from the user and provides it to the control unit 250. The communication unit 210 enables short-range wireless communication with the in-vehicle device 130, enables wireless communication with a blockchain or server on a network using a public wireless line network, and enables voice calls, etc. The storage unit 240 stores programs, applications, and other necessary data executed by the user terminal.

The control unit 250 controls each part of the user terminal 110 and is configured to include, for example, a microcontroller including ROM/RAM, a microprocessor, etc. In this embodiment, the control unit 250 executes the electronic key program required to realize the electronic key system.

Electronic key programs use electronic signatures to authenticate users. An electronic signature is an electronic receipt attached to an electromagnetic record, and plays a role equivalent to a seal or signature on a paper document. It is mainly used in combination with identity verification and tamper detection codes to prevent counterfeiting and tampering. For example, in the case of virtual currency, when someone says, "I want to send the 10 BTC I own to person A," an electronic signature is used so that a third party can verify that the 10 BTC on the blockchain "belongs to me." Digital signatures based on public key cryptography are the mainstream mechanism for realizing electronic signatures, and the three main methods are RSA, DSA, and ECDSA (ECDSA: Elliptic Curve Digital Signature Algorithm).

Figure 4 provides an overview of the generation and verification of electronic signatures using public key cryptography. The creator of the data (1) calculates a hash value of the data using a hash function, (2) generates an electronic signature by encoding the hash value using a private key, and sends the signed data including this electronic signature to the user. When the user receives the signed data, (3) decodes the electronic signature using a public key that was generated in a one-to-one relationship with the private key, and restores the hash value of the data created by the creator. (4) Further, the user calculates a hash value of the received data and compares the calculated hash value with the restored hash value. If the data is changed between transmission and reception, the two hash values will not match, verifying that the data has been forged or tampered with, and if the two hash values match, the creator's data is verified to be correct.

Next, the electronic key program executed on the user terminal will be described. FIG. 5 is a block diagram showing the functional configuration of the electronic key program of this embodiment. The electronic key program 300 includes a private key/public key generation unit 310, a public key conversion unit 320, a digest value transmission unit 330, and a signed request transmission unit 340.

The private key/public key generation unit 310 generates a private key/public key. For example, it generates an ECDSA private key/public key. As shown in FIG. 4, the private key is used for digitally signing data, is not disclosed to third parties, and is stored in the user terminal.

The public key conversion unit 320 converts the generated public key into a digest value that is smaller in number of bytes than the public key. The public key conversion unit 320 obtains the digest value by converting or compressing the public key using a predetermined method for reducing the number of bytes of the public key. For example, when an ECDSA private key/public key is generated, an Ethereum Address can be used as the digest value. Regarding the Ethereum Address, in the blockchain, the wallet address is a value unique to each user, and the wallet address can function as an identification (ID). The Ethereum wallet address is hashed using a hash function (keccak-256) to hash the public key derived by ECDSA, and the latter 20 bytes are extracted. In this ECDSA signature, the public key can be restored from the v, r, and s of the signature value and the hash value of the message.

Figure 7 is a diagram explaining the details of an Ethereum Address. An Ethereum Address is a value used in "Ethereum," one of the blockchain platforms, and is also called a Wallet Address. For example, it is like an account number specified when transferring virtual currency. As shown in Figure 7, an ECDSA public key is 65 bytes long. The public key conversion unit 320 hashes the ECDSA public key using a hash function (Keccak-256) to generate a 256-bit (32-byte) hash value. The public key conversion unit 320 further extracts the latter 20 bytes from the 32-byte hash value as an Ethereum Address. In other words, an Ethereum Address is a value that is irreversibly and uniquely derived from an ECDSA public key. The reason for setting the data size of an Ethereum Address to 20 bytes is that it has been verified as being large enough that the public key cannot be decrypted. Therefore, if it is difficult to decrypt the public key, the Ethereum Address may be less than 20 bytes, or of course, may be more than 20 bytes.

The digest value transmission unit 330 transmits the digest value converted by the public key conversion unit 320 to the blockchain in order to write the digest value onto the blockchain. The blockchain stores the transmitted digest value.

The signed request sending unit 340 sends a signed request for using the vehicle to the in-vehicle device 130. This request includes the public key generated by the private key/public key generation unit 310, and may further include vehicle usage conditions (e.g., usage date and time) in addition to locking and unlocking the vehicle. The signed request sending unit 340 generates an electronic signature by encoding the request using the private key generated by the private key/public key generation unit 310, and sends the signed request including this electronic signature to the in-vehicle device 130. Note that when an Ethereum Address is used as the digest value, the signed request does not necessarily need to include a public key as long as the in-vehicle device 130 has a function for restoring the public key from the ECDSA signature and the hash value of the message. The transmission method is not particularly limited, but may be, for example, transmitted to the in-vehicle device 130 by short-range wireless communication, or may be transmitted to the in-vehicle device 130 via a network using a public wireless line network.

Next, the in-vehicle device 130 will be described. In terms of hardware, the in-vehicle device 130 includes a communication unit, a storage unit, a control unit, etc., similar to a computer device, and the control unit can perform various functions by executing software stored in the storage unit. Figure 6 is a block diagram showing the functional configuration of the in-vehicle device 130. The in-vehicle device 130 includes a digest value receiving unit 400, a signed request receiving unit 410, a public key conversion unit 420, an authentication unit 430, and a key control unit 440.

The digest value receiving unit 400 downloads the digest value stored in the blockchain on the network via the communication unit, and stores it in the memory unit. For example, the digest value receiving unit 400 transmits a request including identification information of the in-vehicle device 130 to the blockchain, and the blockchain transmits a digest value corresponding to this identification information to the in-vehicle device 130. The timing of downloading the digest value is arbitrary, but for example, a request may be made to the blockchain periodically or on a set schedule.

The signed request receiving unit 410 receives a signed request sent from the user terminal 110 via the communication unit.

The public key conversion unit 420 extracts the public key included in the signed request received by the signed request receiving unit 410, and converts the extracted public key into a digest value using the same method as the public key conversion unit 320 of the user terminal. In addition, if ECDSA is used as the signature method and the in-vehicle device 130 has a function for restoring the public key from the signature and the hash value of the message, the public key conversion unit 420 calculates backwards the value of the public key that pairs with the private key used for the signature in response to the signed request, restores the 65-byte ECDSA public key shown in FIG. 7, and converts the restored public key into a digest value.

The authentication unit 430 compares the digest value converted by the public key conversion unit 420 with the digest value downloaded from the blockchain to check whether the two match. If they match, the signed request is authenticated as being from the user himself.

When the authentication unit 430 authenticates that the request is from the user himself, the key control unit 440 decodes the signed request using the public key extracted from the request, and enables the vehicle to be locked and unlocked based on the request. For example, when getting into the vehicle, the user terminal sends a request including a request to unlock the key to the in-vehicle device 130, and in response, the key control unit 440 unlocks the vehicle. Also, when leaving the vehicle, the user terminal sends a request including a request to lock the key to the in-vehicle device, and in response, the key control unit 440 locks the vehicle.

Next, the operation of the electronic key system of this embodiment will be described with reference to FIG. 8. (1) First, in the user terminal 110, a private key/public key is generated, and the public key is converted into a digest value with a small number of bytes. (2) The converted digest value is sent to the blockchain 120, and (3) the blockchain 120 stores the digest value with a smaller number of bytes than the public key. (4) Next, the in-vehicle device 130 downloads the digest value from the blockchain 120 and stores it. (5) Next, when a signed request (including a public key) is sent from the user terminal 110 to the in-vehicle device 130, (6) the in-vehicle device 130 extracts the public key from the signed request, generates a digest value from the extracted public key, compares this generated digest value with the digest value downloaded from the blockchain 120, and checks whether the two match, thereby authenticating the identity of the signed request.

Figure 9 shows the operation of an electronic key system as a comparative example. (1) First, a private key/public key is generated in the user terminal 110, (2) the public key is sent to the blockchain 120, and (3) the blockchain 120 stores the public key. (4) Next, the in-vehicle device 130 downloads the public key from the blockchain 120 and stores it. (5) Next, when a signed request is sent from the user terminal 110 to the in-vehicle device 130, (6) the in-vehicle device 130 verifies the signature using the public key downloaded from the blockchain 120 and authenticates the identity of the requester.

In the comparative example, a 65-byte public key is written to the blockchain 120, whereas in this embodiment, a digest value with a number of bytes less than 65 bytes is written. Therefore, in this embodiment, the size of the data written to the blockchain can be reduced, and the fees incurred according to the amount of data written to the blockchain can be reduced.

The electronic key system according to the above embodiment can be applied in situations where the owner and user of the vehicle are different, such as car sharing, rental cars, or when the vehicle is shared among family members. The owner sends a signed request from user terminal 110A to in-vehicle device 130, which authenticates the owner, and the user sends a signed request from user terminal 110B to in-vehicle device 130, which authenticates the user, thereby electronically locking or unlocking the vehicle.

In the above embodiment, an electronic key system using a blockchain is illustrated, but this is only one example, and a server on a network may be used instead of a blockchain. In this case, the server holds the data to prevent it from being forged or tampered with, and provides the held data to the in-vehicle device, for a fee according to the data size. The user terminal also converts the public key into unique data that has an irreversible and unique relationship and is smaller in data size than the public key, and writes and stores the converted unique data on the server. When the in-vehicle device receives a signed request sent from the user terminal, it may extract the public key from the signed request, convert the extracted public key into unique data, and compare the converted unique data with the unique data downloaded from the server to authenticate the person who made the signed request.

The above describes in detail the preferred embodiment of the present invention, but the present invention is not limited to a specific embodiment, and various modifications and changes are possible within the scope of the gist of the invention described in the claims.

100: Electronic key system 110: User terminal 120: Blockchain 130: In-vehicle device 200: Input unit 210: Communication unit 220: Display unit 230: Audio output unit 240: Memory unit 250: Control unit

Claims (5)

An electronic key system that includes an in-vehicle device, a user terminal, and an electronic device connected to the in-vehicle device and the user terminal via a network, and that enables electronic locking and unlocking of a vehicle,
the user terminal includes a generating means for generating a private key and a public key, a first converting means for converting the public key into first unique data having a smaller data size than the public key, a first transmitting means for transmitting the converted first unique data to the electronic device, and a second transmitting means for transmitting a signed request using the private key to the in-vehicle device;
the electronic device includes a storage means for storing the first unique data received from the user terminal, and a third transmission means for transmitting the stored first unique data to the in-vehicle device;
the in-vehicle device includes a receiving means for receiving first unique data from the electronic device, a second converting means for converting a public key included in the signed request into second unique data by a conversion similar to that performed by the first converting means, and a key control means for comparing the second unique data with the first unique data and controlling locking or unlocking of the vehicle based on a comparison result;
An electronic key system having The electronic key system of claim 1, wherein the first and second conversion means convert the public key into the first and second unique data using a hash function. The electronic key system of claim 1, wherein the electronic device is used in a system that charges a user a fee according to the size of data stored by the storage means. The electronic key system of claim 1 or 3, wherein the electronic device is used in a blockchain system. A method for locking or unlocking an electronic key system including an in-vehicle device, a user terminal, and a blockchain that stores information on a network, comprising:
generating a private key/public key in the user terminal, converting the public key into a digest value with a small number of bytes, storing the converted digest value in the blockchain, generating a signed request signed using the private key in the user terminal, and transmitting the generated signed request to the in-vehicle device;
A locking/unlocking method in which an in-vehicle device converts a public key included in a signed request received from a user terminal into a digest value, compares the digest value with a digest value downloaded from a blockchain, and enables locking or unlocking of a vehicle if the identity of the person making the signed request is authenticated based on the comparison result.

Images