WO2011152042A1 - 端末装置および基地局装置 - Google Patents
端末装置および基地局装置 Download PDFInfo
- Publication number
- WO2011152042A1 WO2011152042A1 PCT/JP2011/003056 JP2011003056W WO2011152042A1 WO 2011152042 A1 WO2011152042 A1 WO 2011152042A1 JP 2011003056 W JP2011003056 W JP 2011003056W WO 2011152042 A1 WO2011152042 A1 WO 2011152042A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- common key
- unit
- key table
- packet signal
- common
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/068—Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
- H04L9/16—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/84—Vehicles
Definitions
- the present invention relates to communication technology, and more particularly, to a terminal device and a base station device that transmit and receive a signal including predetermined information.
- Road-to-vehicle communication is being studied to prevent collisions at intersections.
- information on the situation of the intersection is communicated between the roadside device and the vehicle-mounted device.
- Road-to-vehicle communication requires the installation of roadside equipment, which increases labor and cost.
- installation of a roadside machine will become unnecessary.
- the current position information is detected in real time by GPS (Global Positioning System), etc., and the position information is exchanged between the vehicle-mounted devices so that the own vehicle and the other vehicle each enter the intersection. (See, for example, Patent Document 1).
- Wireless communication makes it easier to intercept communication compared to wired communication, so it is difficult to ensure confidentiality of communication contents.
- an operation by unauthorized communication may be performed by impersonation of a third party.
- wireless communication in order to ensure confidentiality of communication contents, it is necessary to encrypt communication data and periodically update a key used for encryption.
- each of the network devices is in an initial state in which only data encrypted with an old encryption key used before the update can be transmitted / received when the encryption key is updated. From this state, each device can send and receive both data encrypted with the old encryption key and the updated new encryption key, and send and receive data encrypted with the new encryption key. Will move to an unconfirmed state.
- each device can transmit and receive data encrypted with both the old encryption key and the new encryption key, and the state of operation confirmed for the transmission and reception of data encrypted with the new encryption key is also made. Finally, each device sequentially shifts to a state in which only data encrypted with the new encryption key after the key update is completed can be transmitted and received (see, for example, Patent Document 2).
- CSMA / CA Carrier Sense Multiple Access Avidance
- the present invention has been made in view of such circumstances, and an object thereof is to provide a technique for efficiently distributing an encryption key according to an area.
- a terminal device stores a received first common key table when a first common key table indicating a plurality of types of common keys is received.
- a storage unit that stores in advance a second common key table different from the first common key table, and whether the first common key table stored in the storage unit exists in an available area are determined.
- the first packet signal is generated using the common key included in the first common key table stored in the storage unit, and the determination unit A generation unit that generates a second packet signal using the second common key table stored in the storage unit, and a first packet signal or a second packet generated in the generation unit, And a notification unit for notifying the issue.
- This device is a base station device that controls communication between terminal devices, and stores a first common key table in which a plurality of types of common keys are indicated, and a second different from the first common key table.
- a storage unit for storing the common key table, a generation unit for generating a packet signal using the common key included in the second common key table stored in the storage unit, and a packet signal generated by the generation unit A notification unit.
- the generation unit also generates a packet signal in which the first common key table stored in the storage unit is stored.
- the encryption key can be switched and used according to the area, and the risk of key leakage in the communication system can be reduced.
- FIGS. 13A to 13B are diagrams showing processing contents for the security frame of FIG. It is a figure which shows the data structure of the common key table memorize
- FIGS. 13A to 13B are diagrams showing processing contents for the security frame of FIG. It is a figure which shows the data structure of the common key table memorize
- 16A to 16C are diagrams showing an outline of updating the common key table by the generation unit of FIG. It is a flowchart which shows the maintenance procedure of the common key table in the terminal device of FIG. It is a flowchart which shows the reception procedure of the packet signal in the terminal device of FIG. It is a flowchart which shows the transmission procedure of the packet signal in the terminal device of FIG.
- Embodiments of the present invention relate to a communication system that performs vehicle-to-vehicle communication between terminal devices mounted on a vehicle, and also executes road-to-vehicle communication from a base station device installed at an intersection or the like to a terminal device.
- the terminal device broadcasts and transmits a packet signal storing its own vehicle information such as the speed and position of the vehicle (hereinafter, transmission of the packet signal by broadcasting is referred to as “notification”). Further, the other terminal device receives the packet signal and recognizes the approach of the vehicle based on the data.
- the base station apparatus broadcasts a packet signal in which intersection information, traffic jam information, security information, and the like are stored.
- data a general term for information included in packet signals for inter-vehicle communication and road-vehicle communication.
- the intersection information includes information on the situation of the intersection, such as the position of the intersection, a captured image of the intersection where the base station device is installed, and the position information of the vehicle in the intersection.
- the terminal device displays this intersection information on the monitor, recognizes the situation of the intersection vehicle based on this intersection information, and the presence of other vehicles and pedestrians for the purpose of preventing collision due to encounter, right turn, left turn, etc. To prevent accidents.
- the traffic jam information includes information regarding the congestion status of roads near intersections where base station devices are installed, road construction, and accidents. Based on this information, a traffic jam in the traveling direction is transmitted to the user, or a detour is presented.
- the security information includes information related to protecting data such as provision of a common key table. Details will be described later.
- an electronic signature is used to suppress spoofing and the like in such communication.
- An encryption key is used to generate an electronic signature.
- a common key is used as an encryption key in consideration of processing load.
- a plurality of common keys are used in order to reduce the risk of common key leakage.
- One common key is managed as one common key ID, and a plurality of common keys are collected in a common key table.
- a plurality of types of common key tables are defined by assigning a common key table ID to the common key table.
- the usable area is limited, that is, the first common table group used only in a predetermined area, and the usable area is not limited, that is, the predetermined area.
- the first common key table group is reported from the base station apparatus in the usable area or the base station apparatuses around the usable area.
- the terminal device When receiving the common key table belonging to the first common key table group, the terminal device records the common key table if it is not held inside.
- the common key table belonging to the second common key table group is stored in advance in the terminal device.
- FIG. 1 shows a configuration of a communication system 100 according to an embodiment of the present invention. This corresponds to a case where one intersection is viewed from above.
- the communication system 100 includes a base station device 10, a first vehicle 12a, a second vehicle 12b, a third vehicle 12c, a fourth vehicle 12d, a fifth vehicle 12e, a sixth vehicle 12f, and a seventh vehicle 12g, collectively referred to as a vehicle 12. , The eighth vehicle 12h, and the network 202.
- Each vehicle 12 is equipped with a terminal device (not shown).
- the road that goes in the horizontal direction of the drawing that is, the left and right direction
- intersects the vertical direction of the drawing that is, the road that goes in the up and down direction, at the central portion.
- the upper side of the drawing corresponds to the direction “north”
- the left side corresponds to the direction “west”
- the lower side corresponds to the direction “south”
- the right side corresponds to the direction “east”.
- the intersection of the two roads is an “intersection”.
- the first vehicle 12a and the second vehicle 12b are traveling from left to right
- the third vehicle 12c and the fourth vehicle 12d are traveling from right to left
- the fifth vehicle 12e and the sixth vehicle 12f are traveling from the top to the bottom
- the seventh vehicle 12g and the eighth vehicle 12h are traveling from the bottom to the top.
- the electronic signature is an electronic signature to be given to electromagnetic records such as data included in the packet signal. This is equivalent to a stamp or signature on a paper document, and is mainly used for identity verification and prevention of counterfeiting and anxiety. More specifically, if there is a person listed in the document as the creator of a document, the document is actually created by the creator of the document. It is proved by the signature and mark of its creator. However, since an electronic document cannot be directly stamped or signed, an electronic signature is used to prove this. Cryptography is used to generate the electronic signature.
- Digital signatures based on public key cryptography are prominent as electronic signatures.
- the electronic signature scheme is composed of a key generation algorithm, a signature algorithm, and a verification algorithm.
- the key generation algorithm is equivalent to advance preparation of an electronic signature.
- the key generation algorithm outputs the user's public key and secret key. Since a different random number is selected every time the key generation algorithm is executed, a different public / private key pair is allocated for each user. Each user stores the private key and publishes the public key.
- the user who created the signature is called the signer for the signature.
- the signer inputs his / her private key along with the message when creating a signature sentence by the signature algorithm. Since only the signer himself knows the signer's private key, this is the basis for identifying the creator of the electronic document with the electronic signature.
- the verifier who is the user who received the message and the signature text verifies whether the signature text is correct by executing a verification algorithm. At that time, the verifier inputs the signer's public key to the verification algorithm.
- the verification algorithm determines whether or not the signature sentence was really created by the user and outputs the result.
- the processing load of such public key cryptosystem is generally large. For example, in the vicinity of an intersection, for example, packet signals from 500 terminal apparatuses 14 must be processed in 100 msec. In the communication system 100, data of about 100 bytes is stored in a packet signal notified from a terminal device mounted on the vehicle 12. On the other hand, the public key certificate and the digital signature of the public key cryptosystem are about 200 bytes, and the transmission efficiency is greatly reduced. In addition, the calculation process for verifying an electronic signature in the public key method is large, and if a packet signal from 500 terminal apparatuses 14 is to be processed in 100 msec, a highly functional cryptographic operation apparatus or controller is required. The cost of the terminal device increases. RSA, DSA, ECDSA, etc. are used as an electronic signature system based on the public key encryption system.
- the common key cryptosystem the same key as that used for encryption or a value that can be easily derived from the encryption key is used as the decryption key. Since the decryption key is known to the terminal device on the receiving side and no key certificate is required, deterioration of transmission efficiency is suppressed as compared with the public key cryptosystem.
- CBC-MAC As an electronic signature method.
- the common key cryptosystem has a smaller processing amount than the public key cryptosystem. Typical common key ciphers are DES and AES.
- a common key cryptosystem is adopted as an encryption scheme in consideration of transmission load and processing load.
- the communication system 100 If only one type of common key is used in the communication system 100, even a malicious user can easily obtain the common key.
- a plurality of common keys are defined in advance, and each common key is managed by a common key ID.
- a plurality of common keys are collected in a common key table.
- the common key table is managed by a common key table ID, and a plurality of common key tables are defined by increasing the common key table ID.
- the terminal device 14 includes the first common key table included in the first common key table group and the second common key table included in the second common key table group. Two shared key tables shall be used.
- the predetermined area where the first common key table can be used is defined as a range in which the carrier signal of the base station apparatus 10 can be received.
- the first common key table is assigned with a preselected base station apparatus 10 and can be used around the assigned base station apparatus 10.
- the second common key table is used for the base station apparatus 10. This is a common key table that is not assigned and is used in an area that does not use the first common key table. Thus, since the area where the first common key table can be used is limited, the terminal device 14 does not need to always hold the first common key table. Alternatively, it is provided to the terminal device 14 by transmission from the base station device 10 around the usable area. Since the second common key table is used regardless of the area, the terminal device 14 always holds the second common key table.
- FIG. 2 shows the configuration of the base station apparatus 10.
- the base station apparatus 10 includes an antenna 20, an RF unit 22, a modem unit 24, a MAC frame processing unit 26, a verification unit 40, a processing unit 28, a control unit 30, a network communication unit 32, and a sensor communication unit 34.
- the verification unit 40 includes an encryption unit 42 and a storage unit 44.
- the RF unit 22 receives a packet signal from a terminal device (not shown) or another base station device 10 by the antenna 20 as a reception process.
- the RF unit 22 performs frequency conversion on the received radio frequency packet signal to generate a baseband packet signal. Further, the RF unit 22 outputs a baseband packet signal to the modem unit 24.
- the RF unit 22 also includes an LNA (Low Noise Amplifier), a mixer, an AGC, and an A / D conversion unit.
- LNA Low Noise Amplifier
- the RF unit 22 performs frequency conversion on the baseband packet signal input from the modem unit 24 as a transmission process, and generates a radio frequency packet signal. Further, the RF unit 22 transmits a radio frequency packet signal from the antenna 20 during the road-vehicle transmission period.
- the RF unit 22 also includes a PA (Power Amplifier), a mixer, and a D / A conversion unit.
- PA Power Amplifier
- the modem unit 24 demodulates the baseband packet signal from the RF unit 22 as a reception process. Further, the modem unit 24 extracts a MAC frame from the demodulated result and outputs it to the MAC frame processing unit 26. Further, the modem unit 24 performs modulation on the MAC frame from the MAC frame processing unit 26 as transmission processing. Further, the modem unit 24 outputs the modulated result to the RF unit 22 as a baseband packet signal.
- the modem unit 24 since the communication system 100 corresponds to the OFDM (Orthogonal Frequency Division Multiplexing) modulation method, the modem unit 24 also executes FFT (Fast Fourier Transform) as reception processing and IFFT (Inverse TransFour) as transmission processing. Also execute.
- FIG. 3 shows a format of a MAC frame stored in a packet signal defined in the communication system 100.
- “MAC header”, “LLC header”, “information header”, and “secure frame” are arranged from the front stage of the MAC frame.
- the MAC header, the LLC header, and the information header store information related to data communication control, and each correspond to each layer of the communication layer.
- Each feed length is, for example, 30 bytes for the MAC header, 8 bytes for the LLC header, and 12 bytes for the information header.
- the secure frame will be described later.
- the MAC frame processing unit 26 extracts a secure frame from the MAC frame from the modem unit 24 and outputs it to the verification unit 40 as a reception process. As a transmission process, the MAC frame processing unit 26 adds a MAC header, an LLC header, and an information header to the secure frame from the verification unit 40, generates a MAC frame, and outputs the MAC frame to the modem unit 24. In addition, timing control is performed so that packet signals from other base station apparatuses or terminal apparatuses do not collide.
- FIG. 4 shows a secure frame format defined in the communication system 100.
- “payload header”, “payload”, and “signature” are arranged.
- “message version”, “message type”, “key ID”, “source type”, “source ID”, “date and time of transmission”, and “location” are arranged in the payload header.
- the message version is identification information that defines the format of the secure frame. In the communication system 100, it is a fixed value.
- the key ID is identification information for specifying a common key used for electronic signature or payload encryption, and is a concatenation of a common key table ID and a common key ID.
- the transmission source ID is unique or identification information for each device that can uniquely identify the base station device 10 or the terminal device 14 that has transmitted the packet signal. When the transmission source is a base station, a base station ID described later is stored.
- the payload is a field for storing the above-described data, and corresponds to information to be notified to the terminal device such as intersection information and road information.
- it is a field for storing a payload header and an electronic signature for the payload.
- it may be invalid, but here a fixed value, a value that can be specified on the receiving side such as a copy of the payload header part, or a payload header or / and encryption
- values that can be calculated on the receiving side such as a hash value (calculation result by a hash function), a checksum, and a parity for the previous payload are stored.
- the payload and signature are encrypted together.
- decryption is performed normally and stored in the payload. The validity of the data or the data stored in the payload header and payload can be confirmed.
- Each feed length is, for example, 32 bytes for the payload header and 100 bytes for the payload (when the terminal device reports) or 1 Kbyte (when the base station device reports).
- the signature is 16 bytes.
- the communication system 100 uses AES (Advanced Encryption Standard) encryption as an encryption method.
- the electronic signature stores the MAC value obtained by CBC-MAC (Cipher Block Chaining-Message Authentication Code) in the signature.
- CBC-MAC Cipher Block Chaining-Message Authentication Code
- the MAC value for the payload header is stored in the signature, and the payload and signature are encrypted in CBC (Cipher Block Chaining) mode.
- the verification unit 40 interprets the secure frame from the MAC frame processing unit 26 as a reception process, and outputs the data to the processing unit 28. Further, the verification unit 40 receives data from the processing unit 28 as a transmission process, generates a secure frame, and outputs the secure frame to the MAC frame processing unit 26. Since the communication system 100 uses the common key encryption method, the encryption unit 42 performs encryption / decryption processing using the common key method. Specifically, when the message data type is signed data, signature creation is performed. When the message data type is encrypted data, encryption processing is performed when a secure frame is created, and data decryption processing is performed when a secure frame is interpreted.
- the storage unit 44 stores a common key table in which a plurality of types of common keys that can be used in the communication system 100 are indicated.
- a plurality of common key tables are defined, and here, they are defined as a first common key table and a second common key table.
- the first common key table includes a plurality of common keys that can be used for communication in a restricted area.
- the second common key table includes a plurality of common keys that can be used regardless of the area. This also includes a plurality of common keys that can be used in areas where the first common key table cannot be used.
- FIG. 5 shows the data structure of the common key table stored in the storage unit 44.
- a common key table ID is assigned to the first common key table and the second common key table.
- the first table has a common key table ID “128”, and the second table has a common key table ID “2”.
- Each common key table includes a plurality of common keys, and each common key is managed by a common key ID.
- each common key table includes N common keys. The first common key corresponds to the case where the common key ID is “1”, and the second common key corresponds to the case where the common key ID is “2”. Therefore, one common key is specified by a combination of a common key table ID and a common key ID.
- the first common key table includes M (M ⁇ 1) base station IDs indicating restricted areas.
- the first common table is preferentially selected in an area where the carrier signal from the base station apparatus 10 specified by the first to Mth base station IDs can be received.
- the base station device that has transmitted the carrier signal can be specified by the base station ID stored in the source ID of the secure frame.
- FIG. 6 shows the arrangement of the base station apparatus 10 in the communication system 100.
- five base station apparatuses 10 that is, a first base station apparatus 10a, a second base station apparatus 10b, a third base station apparatus 10c, a fourth base station apparatus 10d, and a fifth base station apparatus 10e.
- a circle shown around each base station device 10 corresponds to an area in which the carrier signal of each base station can be received.
- the third base station apparatus 10c corresponds to the above-described selected base station apparatus 10, and the first common key table includes the base station ID of the third base station apparatus 10c. Therefore, the terminal device that has entered the area formed by the third base station device 10c and has received the packet signal from the third base station device 10c receives the first common key table when informing the packet signal. Is used.
- the packet signal from the third base station apparatus 10c is not received for a certain period due to leaving the area formed in the third base station apparatus 10c, or the carrier signal from another base station apparatus is not received.
- the received terminal device uses the second common key table when notifying the packet signal.
- the area formed by the first base station apparatus 10a, the area formed by the second base station apparatus 10b, the area formed by the fourth base station apparatus 10d, and the fifth base station apparatus 10e A terminal device that exists in the formed area or does not exist in any area uses the second common key table when broadcasting the packet signal.
- the terminal device receives the packet signal from the third base station device 10c by using the first common key table when receiving the packet signal from the third base station device 10c. If not, the second common key table is used.
- the verification unit 40 refers to the storage unit 44 and extracts a common key when generating a secure frame. For example, when the base station apparatus 10 corresponds to the third base station apparatus 10c in FIG. 6, the verification unit 40 randomly selects one common key from the first common key table. When the base station apparatus 10 corresponds to the first base station apparatus 10a, the second base station apparatus 10b, the fourth base station apparatus 10d, and the fifth base station apparatus 10e in FIG. One common key is randomly selected from the two common key tables.
- the verification unit 40 uses the selected common key to calculate the payload header and the electronic signature for the payload using the encryption unit 42. If the message type is encrypted data, the encryption unit 42 encrypts the payload and signature.
- the verification unit 40 outputs the generated secure frame to the MAC frame processing unit 26 as it is.
- the verification unit 40 refers to the key ID of the secure frame received from the MAC frame processing unit 26 when interpreting the secure frame, and obtains the key table ID and common key ID of the common key to be used. Next, referring to the storage unit 44, the common key specified by the key table ID and the common key ID is extracted. Furthermore, using the extracted common key, the verification unit 40 verifies the validity of the signature when the message type of the secure frame received from the MAC frame processing unit 26 is signed data. Specifically, the encryption unit 42 calculates an electronic signature for the payload header and the payload, and compares the obtained value with the value of the electronic signature stored in the secure frame signature received from the MAC frame processing unit 26.
- the processing unit 28 Output to. If the values of the two electronic signatures match, it is determined that the electronic signature is valid, and the information included in the secure frame is information from the legitimate base station device 10 or terminal device 14, and the processing unit 28 Output to. If the values of the two electronic signatures do not match, it is determined that the electronic signature is not valid, and the data is discarded. If the message type is encrypted data, the encryption unit 42 executes a decryption process of the payload and signature. If the signature is a predetermined value, it is determined that the data extracted from the secure frame has been normally decoded, and the data extracted from the secure frame is output to the processing unit 28. If it is not a predetermined value, the data is discarded.
- the encryption target is a signature, as described above, by storing a known value in the signature and making it a target of encryption, so that the function of checking whether or not the decryption has been normally performed at the time of decryption. This is because they were held. When such a check function is not provided, it is not necessary to make the signature an encryption target.
- the message type is plaintext data
- the data extracted from the received secure frame is output to the processing unit 28 unconditionally.
- the sensor communication unit 34 is connected to an internal network (not shown).
- the internal network is connected to devices for collecting intersection information such as cameras and laser sensors installed at various intersections (not shown).
- a generic term for devices that collect information on intersections connected to the sensor communication unit 34 is referred to as a sensor.
- the sensor communication unit 34 receives information on sensors installed at various points in the intersection via the network, and outputs the information to the processing unit 28.
- the network communication unit 32 is connected to a network (not shown).
- the processing unit 28 performs processing on the data received from the verification unit 40.
- the processing result may be output to the network 202 (not shown) via the network communication unit 32, or may be accumulated inside and periodically output to the network (not shown). Further, the processing unit 28 is based on road information (construction, traffic jam, etc.) received from a network (not shown) via the network communication unit 3 and information on intersections from sensors (not shown) via the sensor communication unit 34. Data to be transmitted to the terminal device 14 is generated.
- the control unit 30 controls processing of the entire base station apparatus 10.
- the verification unit 40 uses the first common key table to transmit a security packet including data acquired from the processing unit 28. Generated and notified through the modem unit 24, the RF unit 22, and the antenna 20. Further, a security packet including the first common key table stored in the storage unit 44 is generated and notified using the first common key table. That is, the verification unit 40 of the base station apparatus 10 that forms an area where the first common key table can be used also notifies the first common key table itself. Further, the verification of the base station apparatus 10 adjacent to the base station apparatus 10 forming the area where the first common key table can be used, for example, the second base station apparatus 10b and the fourth base station apparatus 10d in FIG.
- the unit 40 also notifies the first common key table itself.
- the base station apparatus 10 at a predetermined distance from the base station apparatus 10 forming an area where the first common key table can be used may also notify the first common key table itself.
- the verification unit 40 of the first base station device 10a, the second base station device 10b, the fourth base station device 10d, and the fifth base station device 10e in FIG. A security packet including the data acquired from 28 is generated and notified.
- This configuration can be realized in terms of hardware by a CPU, memory, or other LSI of any computer, and in terms of software, it can be realized by a program loaded in the memory, but here it is realized by their cooperation.
- Draw functional blocks Accordingly, those skilled in the art will understand that these functional blocks can be realized in various forms by hardware only, software only, or a combination thereof.
- FIG. 7 shows the configuration of the terminal device 14 mounted on the vehicle 12.
- the terminal device 14 includes an antenna 50, an RF unit 52, a modem unit 54, a MAC frame processing unit 56, a reception processing unit 58, a data generation unit 60, a verification unit 62, a notification unit 70, and a control unit 72.
- the verification unit 62 includes an encryption unit 64, a storage unit 66, and a determination unit 68.
- the antenna 50, the RF unit 52, the modem unit 54, the MAC frame processing unit 56, the verification unit 62, the storage unit 66, and the encryption unit 64 are the antenna 20, the RF unit 22, the modem unit 24, the MAC frame processing unit 26 in FIG. Processing similar to that performed by the verification unit 40, the encryption unit 42, and the storage unit 44 is executed. For this reason, the description of the same processing is omitted here, and the difference will be mainly described.
- the verification unit 62 generates and interprets a secure frame in the same manner as the verification unit 40.
- the received payload of the secure frame is security information, that is, when the first common key table is included and the first common key table is not recorded in the storage unit 66
- the storage unit 66 the received first common key table is stored. If the storage unit 66 is empty, the received common key table is added as it is.
- the first common table including another table ID is recorded in the storage unit 66
- the first common key table stored in the storage unit 66 is rewritten.
- the received first common table is discarded.
- the reception processing unit 58 Based on the data received from the verification unit 62 and the own vehicle information received from the data generation unit 60, the reception processing unit 58 detects the risk of collision, the approach of an emergency vehicle such as an ambulance or a fire engine, the road in the traveling direction, and the intersection. Estimate the congestion situation. Further, if the data is image information, processing is performed so that the notification unit 70 can display the data.
- the notification unit 70 includes means for notifying a user such as a monitor, a lamp, and a speaker (not shown).
- a user such as a monitor, a lamp, and a speaker (not shown).
- the driver is notified of the approach of another vehicle 12 (not shown) via a monitor, a lamp, or a speaker.
- traffic information and image information such as intersections are displayed on the monitor.
- the base station ID is stored in the “source ID” of the secure frame.
- the determination unit 68 extracts the base station ID from the transmission source ID and specifies the base station device 10 that becomes the notification source of the packet signal.
- the first common key table recorded in the storage unit 66 includes a list of base station IDs of base station apparatuses that form an area where the first common key table can be used. .
- the base station ID of the base station apparatus 10 corresponding to the third base station apparatus 10c of FIG. 6 is included in the list.
- the determination unit 68 determines whether the received base station ID is included in the list stored in the storage unit 66. This is equivalent to determining whether the first common key table exists in an available area.
- the determination unit 68 holds the determination result.
- the verification unit 62 selects the common key table according to the determination result of the determination unit 68 when generating the security frame.
- the data generation unit 60 includes a GPS receiver (not shown), a gyroscope, a vehicle speed sensor, and the like, and information on the own vehicle (not shown), that is, the presence of the vehicle 12 on which the terminal device 14 is mounted is provided by information supplied from them. Get position, direction of travel, speed of movement, etc. The existence position is indicated by latitude and longitude. Since a known technique may be used for these acquisitions, description thereof is omitted here.
- the data generation unit 60 generates data based on the acquired information, and outputs the generated data to the verification unit 62.
- the acquired information is output to the reception processing unit 58 as own vehicle information.
- FIG. 8 is a flowchart illustrating a packet signal transmission procedure in the base station apparatus 10.
- the verification unit 40 receives data and a data format of a message type for transmitting data from the processing unit 28. Then, a secure frame in which the received data is stored in the payload is generated (S12). At this time, the key ID and signature are empty, and for example, 0 is stored in all of them.
- the secure frame is broadcast as a packet signal as it is via the MAC frame processing unit 26, the modem unit 24, the RF unit 22, and the antenna 20 (S22). ).
- the message type data format is signed data or encrypted data (N in S14)
- a common key is selected (S16). The common key is randomly selected from the latest common key table.
- the common key is selected, the table ID of the latest common key table and the selected common key ID are stored in the key ID of the secure frame.
- the verification unit 40 uses the selected common key in the encryption unit 42 to generate the electronic data for the payload header and payload.
- the signature is calculated and the value is stored in the signature of the secure frame (S20).
- the secure frame with the signature is broadcast as a packet signal via the MAC frame processing unit 26, the modem unit 24, the RF unit 22, and the antenna 20 (S22).
- the verification unit 40 obtains the MAC value of the payload at the encryption unit 42 and stores it in the signature of the secure frame (S24).
- the payload header and signature are encrypted using the selected common key (S26).
- the encrypted secure frame is broadcast as a packet signal via the MAC frame processing unit 26, the modem unit 24, the RF unit 22, and the antenna 20 (S22).
- the verification unit 40 When transmitting the common key table (Y in S10), the verification unit 40 acquires the common key table to be notified from the storage unit 44, generates a secure frame (S28), and selects the common key (S30). The verification unit 40 uses the encryption unit 42 to obtain the MAC value of the payroat and stores it in the signature of the secure frame (S24). Next, the payload header and signature are encrypted using the selected common key (S26). Then, the encrypted secure frame is broadcast as a packet signal via the MAC frame processing unit 26, the modem unit 24, the RF unit 22, and the antenna 20 (S22).
- FIG. 9 is a flowchart showing a packet signal reception procedure in the base station apparatus 10.
- the antenna 20, the RF unit 22, and the modem unit 24 receive the packet signal (S40).
- the verification unit 40 checks the key table ID and the common key ID (S44).
- the storage unit 44 accumulates the key table ID (S46).
- the verification unit 40 acquires the common key from the storage unit 44 (S48). If the data format is signed (Y in S50) and the signature data is valid (Y in S52), the verification unit 40 counts the table ID (S58). On the other hand, when the data format is encryption (N in S50), the verification unit 40 decrypts with the acquired encryption key (S54).
- the verification unit 40 If the data is valid (Y in S56), the verification unit 40 counts the table ID (S58). If the signature data is not valid (N in S52), or if the data is not valid (N in S56), the verification unit 40 discards the data (S62). After the table ID is counted or when the data format is plain text (Y in S42), the verification unit 40 extracts the data (S60).
- FIG. 10 is a flowchart showing a packet signal reception procedure in the terminal device 14.
- the antenna 50, the RF unit 52, and the modem unit 54 receive the packet signal (S80).
- the verification unit 62 confirms the key table ID and the common key ID (S84). If the storage unit 66 has a key table (Y in S86), the storage unit 66 accumulates the key table ID (S88). The verification unit 62 acquires the common key from the storage unit 66 (S90). If the data format is signed (Y in S92) and the signature data is valid (Y in S94), the verification unit 62 extracts the data (S104).
- the verification unit 62 decrypts with the acquired encryption key (S96). If the data is valid (Y in S98) and there is no data type (N in S100), the verification unit 62 extracts the data (S104). When the data format is plain text (Y in S82), the verification unit 62 takes out the data (S104). If the storage unit 66 does not have a key table (N in S86), the signature data is invalid (N in S94), or the data is invalid (N in S98), the verification unit 62 stores the data Discard (S106). If there is a data type (Y in S100) and there is a key table (Y in S102), the verification unit 62 discards the data (S106). If there is no key table (N in S102), the verification unit 62 stores it in the storage unit 66 (S108).
- FIG. 11 is a flowchart showing a packet signal transmission procedure in the terminal device 14.
- the verification unit 62 acquires data and generates a secure frame (S120). If the message type is signed or encrypted (N in S122) and not in the reception area of the base station device (N in S124), the verification unit 62 selects a common key from the second common key table (S128). Even if the source ID included in the packet signal received from the base station device 10 is not included in the list of base station IDs in the first common key table (S126). N), the verification unit 62 selects a common key from the second common key table (S128).
- the verification unit 62 determines that the first common key table A common key is selected from (S130). If the message type is signed (Y in S132), the verification unit 62 calculates an electronic signature with the selected common key and stores it in the signature data (S134), the modem unit 54, the RF unit 52, and the antenna 50. Broadcasts the packet signal (S140). If the message type is encryption (N in S132), the verification unit 62 calculates the MAC value of the payload header and stores it in the signature data (S136).
- the verification unit 62 selects and encrypts it with the encryption key (S138), and the modem unit 54, the RF unit 52, and the antenna 50 notify the packet signal (S140). If the message type is plain text (Y in S122), the modem unit 54, the RF unit 52, and the antenna 50 broadcast the packet signal (S140).
- the first common key table different from the second common key table is used if it exists in a predetermined area, at least two types of common keys are used depending on the area. You can use a table. Moreover, since at least two types of common key tables are used according to the area, only one common key table can be updated. In addition, since only one common key table is updated, the encryption key can be efficiently distributed according to the area. Further, since only one common key table is updated, the common key table can be updated only in a high-risk area. In addition, if the first common key table is not stored in a predetermined area, the digital signature generated by the common key included in the first common key table is not determined to be valid, thus ensuring safety. it can.
- the first common key table is not stored in the predetermined area, if the electronic signature generated by the common key included in the first common key table is detected a predetermined number of times or more, verification is performed. Since it is omitted, data with the electronic signature attached can be acquired. In addition, since data is acquired only when it is detected a predetermined number of times or more, the risk can be reduced without verifying the electronic signature. Moreover, since data is acquired, the approach of another vehicle can be recognized. In addition, since the base station apparatus that does not use the first common key table also distributes the first common key table, the first common key table can be easily used. Moreover, since the base station apparatus which distributes a 1st common key table is restrict
- a common key is used to generate an electronic signature
- the amount of processing can be reduced compared to the case where a public key is used.
- the amount of processing is reduced, the number of packet signals that can be processed can be increased.
- the common key is used to generate the electronic signature, the transmission efficiency can be improved as compared with the case where the public key is used.
- data such as position information is not encrypted, the amount of processing is reduced.
- encryption is performed on the common key table, security can be improved.
- a modified example of the present invention In order to improve security, it is desirable to periodically update the encryption key.
- a device for managing the encryption key In order to update the encryption key while using a common encryption key in a plurality of terminal devices, a device for managing the encryption key should be connected in the communication system. However, assuming that the terminal device is mainly mounted on the vehicle and the vehicle is moving, there is an area where the encryption key is not managed by the device for managing the encryption key. For this reason, autonomous update of the encryption key is desired even in a situation where only the terminal device exists.
- the purpose of the modification is to provide a technique for autonomously updating the encryption key.
- one common key is managed as one common key ID, and a plurality of common keys are collected in a common key table. Furthermore, the version of the common key table is managed as a table ID. Therefore, a single table ID includes a plurality of common key IDs. Such a common key table is desirably updated periodically. It is assumed that the number of base station apparatuses installed is small in a stage before the communication system is sufficiently widespread or in an area where the traffic volume is low. In such a situation, when the base station apparatus notifies the new common key table, when the terminal apparatus updates the common key table, the number of terminal apparatuses that have not updated the common key table may increase. .
- the terminal device stores in advance a lossy conversion function for updating the common key table, and updates the already used common key table with the lossy conversion function.
- a new common key table is generated. That is, the terminal device updates the common key table autonomously and periodically.
- the communication system 100 is the same type as that in FIG.
- an electronic signature a digital signature based on a public key cryptosystem is prominent.
- RSA, DSA, ECDSA, or the like is used as a method based on the public key cryptosystem.
- the electronic signature scheme is composed of a key generation algorithm, a signature algorithm, and a verification algorithm.
- the key generation algorithm is equivalent to advance preparation of an electronic signature.
- the key generation algorithm outputs the user's public key and secret key. Since a different random number is selected every time the key generation algorithm is executed, a different public / private key pair is allocated for each user. Each user stores the private key and publishes the public key.
- the common key table is managed by the table ID, and the common key table corresponds to version upgrade by increasing the table ID.
- the common key table is upgraded to each of the base station device 10 and the terminal device 14.
- the terminal device 14 stores the irreversible conversion function in advance, and generates a new common key table by converting the already used common key table with the irreversible conversion function. Therefore, the version of the common key table in the terminal device 14 is autonomously updated.
- the upgrade timing may be, for example, when a predetermined period has elapsed since the start of using the current common key table.
- the terminal device 14 receives a packet signal from another terminal device 14 and detects that the version of the common key table including the common key used in the packet signal is new, the version upgrade is performed. It may be the timing.
- the base station apparatus 10 may execute a version upgrade of the common key table, similarly to the terminal apparatus 14, or may perform a version upgrade by receiving a new common key table from the network 202. .
- the base station apparatus 10 is the same type as that in FIG. FIG. 12 shows a format of a security frame stored in a MAC frame defined in the communication system 100.
- security header In the security frame, “security header”, “payload”, and “signature” are arranged.
- the security header includes “protocol version”, “message type”, “table ID”, “key ID”, “source type”, “source ID”, “date and time of transmission”, “location”, “ Payload length "is arranged.
- the protocol version is identification information for defining the format of the security frame. In the communication system 100, it is a fixed value.
- the message type includes “data type”, “data format”, and reserve.
- the data format is a flag related to the format related to the security of data stored in the payload, that is, the encryption processing for the payload.
- the reserve is reserved for the future and is not used in the communication system 100.
- the table ID is identification information of a common key table including a common key used for electronic signature or payload encryption.
- the key ID is identification information for specifying the common key used for electronic signature or payload encryption, and corresponds to the aforementioned common key ID.
- the transmission source ID is identification information for uniquely specifying the base station device 10 or the terminal device 14 that has transmitted the packet signal, and is uniquely defined for each device.
- the payload is a field for storing the above-described data, and corresponds to information to be notified to the terminal device such as intersection information and road information.
- an electronic signature for the security header and payload is generated.
- values that can be calculated on the receiving side such as a hash value (a calculation result by a hash function), a checksum, and a parity for the payload before encryption are stored.
- the payload is then encrypted.
- Each feed length is, for example, a security header of 32 bytes, a payload of 100 bytes (when the terminal device broadcasts) or 1 Kbyte (when the base station device broadcasts), and a signature of 16 bytes.
- FIGS. 13A to 13B show the processing contents for the security frame.
- FIG. 13A shows a case where the data format of the message type is signed data.
- the electronic signature is calculated for a part of the security header, in this case, the transmission source type, the transmission source ID, the transmission date and time, the location, the payload length, and the payload, and the value is stored in the signature in the security footer.
- the reason why the source type and the source ID are included in the calculation target of the electronic signature is to prove the identity of the vehicle-mounted device or roadside device that is the source.
- FIG. 13B shows a case where the data format of the message type is encrypted data.
- the electronic signature is calculated with respect to a part of the security header, here, the transmission source type, the transmission source ID, the transmission date and time, the location, and the payload length, and the value is stored in the signature in the security footer.
- the payload is encrypted in CBC (Cipher Block Chaining) mode.
- CBC Cipher Block Chaining
- an initial vector (Initial Vector, hereinafter referred to as “IV”) is used when the first block is encrypted. Normally, any value may be used as the value of IV.
- the data stored in the payload is associated with the information source and encrypted, thereby encrypting the data.
- the IV is determined by calculation based on the transmission source type, transmission source ID, transmission date and time, location, and payload length. Specifically, the value of the electronic signature for a part of the previously obtained security header is used as IV.
- the storage unit 44 stores a plurality of common key tables including common keys that can be used in the communication system 100.
- FIG. 14 shows the data structure of the common key table stored in the storage unit 44.
- a plurality of versions may exist in the common key table, and these are managed as table IDs.
- the first table 220 corresponds to the case where the table ID is “N ⁇ 1”
- the second table 222 corresponds to the case where the table ID is “N”.
- the second table 222 is a newer version than the first table 220.
- two common key tables are shown, but the storage unit 44 may store three or more common key tables.
- Each common key table includes a plurality of common keys, and each common key is managed by a common key ID.
- FIG. 14 shows the data structure of the common key table stored in the storage unit 44.
- a plurality of versions may exist in the common key table, and these are managed as table IDs.
- the first table 220 corresponds to the case where the table ID is “N ⁇ 1”
- the first common key corresponds to the case where the common key ID is “1”
- the second common key corresponds to the case where the common key ID is “2”. Therefore, one common key is specified by a combination of a table ID and a common key ID.
- Each common key table includes information related to the update date and time.
- the update date / time of the first table 220 is “2010.1.1”
- the update date / time of the second table 222 is “2010.3.1”.
- the storage unit 44 holds at least one common key table in the past in order to compensate for a period until the update of the common key table spreads to the base station device and the terminal device.
- the verification unit 40 When the verification unit 40 generates a security frame, the verification unit 40 refers to the storage unit 44 and extracts a common key. For example, each common key table has an update date and time, and the verification unit 40 selects one common key table based on the current time. The verification unit 40 selects a common key table with the latest update date and time from the common key tables in operation. Furthermore, the verification unit 40 selects one common key from the selected common key table. This selection may be made at random or according to the identification number assigned to the base station apparatus 10.
- the verification unit 40 acquires the security frame table ID and the common key ID received from the MAC frame processing unit 26 when interpreting the security frame. Next, the verification unit 40 refers to the storage unit 44 and extracts the common key specified by the table ID and the common key ID. Further, when the data type of the message type of the security frame received from the MAC frame processing unit 26 is signed data, the verification unit 40 verifies the validity of the signature using the extracted common key. Specifically, the encryption unit 42 calculates an electronic signature for the security header and payload, and compares the obtained value with the value of the electronic signature stored in the security frame signature received from the MAC frame processing unit 26.
- the information included in this security frame is information from the legitimate base station apparatus 10 or terminal apparatus 14, and MAC frame processing is performed. To the unit 26. If the values of the two electronic signatures do not match, it is determined that the electronic signature is not valid and the data is discarded.
- the encryption unit 42 executes the decryption process of the payload and signature. If the signature is a predetermined value, it is determined that the data extracted from the security frame has been normally decoded, and the data extracted from the security frame is output to the MAC frame processing unit 26. If it is not a predetermined value, the data is discarded.
- the verification unit 40 outputs the data extracted from the received security frame to the MAC frame processing unit 26 unconditionally.
- the processing unit 28 performs processing on the data received from the verification unit 40.
- the processing result may be output directly to a network (not shown) via the network communication unit 32, or may be accumulated inside and periodically output to a network (not shown).
- the processing unit 28 receives road information (construction, traffic jam, etc.) from a network (not shown) via the network communication unit 32, or receives intersection information from a sensor (not shown) via the sensor communication unit 34. To do.
- the processing unit 28 generates data to be transmitted to the terminal device 14 based on such information.
- the processing unit 28 receives a new common key table from a server device (not shown) via the network communication unit 32
- the processing unit 28 writes the new common key table in the storage unit 44 of the verification unit 40.
- the control unit 30 controls processing of the entire base station apparatus 10.
- This configuration can be realized in terms of hardware by a CPU, memory, or other LSI of any computer, and in terms of software, it can be realized by a program loaded in the memory, but here it is realized by their cooperation.
- Draw functional blocks Accordingly, those skilled in the art will understand that these functional blocks can be realized in various forms by hardware only, software only, or a combination thereof.
- FIG. 15 shows a configuration of the terminal device 14 mounted on the vehicle 12.
- the terminal device 14 includes an antenna 50, an RF unit 52, a modem unit 54, a MAC frame processing unit 56, a reception processing unit 58, a data generation unit 60, a verification unit 62, a notification unit 70, and a control unit 72.
- the verification unit 62 includes an encryption unit 1064, a storage unit 1066, a generation unit 1076, and a determination unit 1074.
- the antenna 50, the RF unit 52, the modem unit 54, the MAC frame processing unit 56, the verification unit 62, the storage unit 1066, and the encryption unit 1064 are the antenna 20, RF unit 22, modem unit 24, MAC frame processing unit 26 in FIG. Processing similar to that performed by the verification unit 40, the encryption unit 42, and the storage unit 44 is executed. For this reason, the description of the same processing is omitted here, and the difference will be mainly described.
- the verification unit 62 generates and interprets a security frame in the same manner as the verification unit 40. That is, the storage unit 1066 stores a common key table in which a plurality of types of common keys that can be used for transmission and reception of packet signals in the RF unit 52 and the like are stored, and the verification unit 62 stores the same as the verification unit 40. One of the common keys is selected from the common key table stored in the unit 1066.
- the verification unit 62 verifies the electronic signature attached to the packet signal received by the RF unit 52 or the like using the selected common key, or attaches to the packet signal to be transmitted from the RF unit 52 or the like. Generate an electronic signature.
- the verification unit 62 may use a common key for encryption and decryption.
- the determination unit 1074 determines the timing at which the common key table stored in the storage unit 1066 should be updated.
- the determination unit 1074 holds in advance the date and time at which the common key table should be updated, and when the date and time acquired by a clock (not shown) included therein becomes a preset date and time, the determination unit 1074 notifies the generation unit 1076 of the common key table. Instruct update.
- the common key table is periodically updated by periodically determining the date and time when the common key table should be updated.
- the date and time information acquired by the GPS receiver included in the data generation unit 60 or included in the packet signal received from the MAC frame processing unit 56 is included.
- the clock is adjusted internally according to the date and time information.
- the determination unit 1074 is shown as including a clock inside, but it is not always necessary to include a clock inside. The determination may be made by acquiring date and time information acquired by the GPS receiver included in the data generation unit 60.
- the generation unit 1076 When the generation unit 1076 receives an update instruction from the determination unit 1074, the generation unit 1076 updates the common key table by performing an operation using an irreversible conversion function on the common key table stored in the storage unit 1066. Updating the common key table corresponds to updating a plurality of common keys included in the common key table. It is assumed that the irreversible conversion function is predetermined.
- FIGS. 16A to 16C show an outline of updating the common key table by the generation unit 1076.
- the table ID is a value in a residue system modulo M, and N ⁇ 1, N, and N + 1 are modulo M. Remainder value.
- M is a natural number
- a new common key table is generated by using the irreversible conversion function f1 for the latest common key table stored in the storage unit 1066, that is, the common key table with the table ID N. Is shown to do.
- the table ID of the new common key table is N + 1.
- a new common key is obtained by using the irreversible conversion function f2 for the past common table stored in the storage unit 1066, that is, the common key table with the table ID N-1. It is shown to generate a table. Further, in FIG. 16 (c), the latest common key table and the past common key table stored in the storage unit 1066, that is, the common key table having the table ID N and the table ID N-1, are irreversibly converted. Using the function f3 indicates that a new common key table is generated. In this case, one common key table is generated using two common key tables. The new common key table is recorded in the storage unit 1066.
- the storage unit 1066 may be stored in a new area of the storage unit 1066 or may be overwritten and recorded in the oldest common key table.
- the concept of updating the common key table has been described on the assumption that two common key tables are stored, but the previous common key table from which a new common key table is generated is limited. is not.
- a new common key table can be generated based on one or a plurality of common key tables before the update. In this case, the storage unit 1066 must store a common key table from which a new common key table is generated.
- the determination unit 1074 may acquire the timing for updating the common key table based on the table ID included in the packet signal received from the MAC frame processing unit 56. More specifically, when the data type of the message type data is signed data or encrypted data and the common key table of the table ID is not stored in the storage unit 1066, the verification unit 62 generates the unit 1076. A common key corresponding to the table ID and the common key ID included in the packet signal is generated. Then, when the data format of the message type data is signed data, the verification unit 62 uses the common key generated by the generation unit 1076 to calculate an electronic signature for the security header and payload at the encryption unit 1064.
- the verification unit 62 uses the common key generated by the generation unit 1076 to calculate an electronic signature for the security header in the encryption unit 42 and decrypts the payload.
- the determination unit 1074 determines that the generated common key is correct. If the generated common key is correct, the determination unit 1074 instructs the generation unit 1076 to update the previous table ID to the common key table.
- the control unit 72 controls the operation of the entire terminal device 14.
- FIG. 17 is a flowchart illustrating a common key table maintenance procedure in the terminal device 14.
- the determination unit 1074 determines the update timing of the common key table based on the current date and time, the table ID of the latest common key table stored in the storage unit 1066, and the scheduled update date and time derived from the update date and time (S1010).
- the generation unit 1076 updates the common key table (S1014). If the determination unit 1074 determines that it is not the update timing (N in S1010), the determination unit 1074 confirms the update request from the reception process (S1012).
- FIG. 18 is a flowchart showing a packet signal reception procedure in the terminal device 14.
- the antenna 50, the RF unit 52, and the modem unit 54 receive the packet signal (S1030).
- the verification unit 62 confirms whether the table ID and the common key ID are stored in the storage unit 1066 (S1034). If the storage unit 1066 has a key table (Y in S1034), the verification unit 62 acquires a common key from the storage unit 1066 (S1038). If the storage unit 1066 does not have a key table (N in S1034), the generation unit 1076 calculates a key from the common key table in the storage unit 1066 (S1036).
- the verification unit 62 calculates an electronic signature for a part of the security header and the payload using the acquired common key (S1042).
- the verification unit 62 decrypts with the acquired common key (S1044).
- the decryption of data includes the calculation of an electronic signature for a part of the security header and the decryption of the encrypted payload with the value as IV.
- the calculated electronic signature value is compared with the signature value of the security footer, and if both match, it is determined that the data is valid (Y in S1046). If it is valid, if it is the calculated common key (Y in S1048), the determination unit 1074 is requested to update the common key table (S1050). If it is not the calculated common key (N in S1048), step 1050 is skipped.
- the verification unit 40 extracts data (S1054).
- the verification unit 40 outputs the data to the reception processing unit 58 (S1056). If the data is not valid (N in S1046), the verification unit 40 discards the data (S1058).
- FIG. 19 is a flowchart showing a packet signal transmission procedure in the terminal device 14.
- the verification unit 62 acquires data and generates a secure frame (S1070).
- the verification unit 62 selects a common key (S1074). If the message type is signed (Y in S1076), the verification unit 62 calculates an electronic signature with the selected common key (S1078). If the message type is ciphertext (N in S1076), the verification unit 62 executes encryption with the selected common key (S1080). If the message type is plain text (Y in S1072), the processing from step 1074 to step 1080 is skipped.
- the modem unit 54, the RF unit 52, and the antenna 50 broadcast the packet signal (S1082).
- the determination based on the reserved date and the two determinations based on the table ID included in the received packet signal are used in combination.
- the update timing of the common key table may be determined based on one of the determinations.
- all the terminal devices 14 must be provided with means for acquiring date / time information from a clock or GPS.
- the latest common key table stored in the storage unit 1066 of the terminal device mounted on the base station device 10 or the vehicle 12 newly put on the market is a trigger for updating the common key table. And spreads to all terminal devices.
- the terminal device 14 has been described, it may be applied to the base station device 10. This is particularly effective for a base station that does not include the network communication unit 32 in FIG.
- the common key table is selected regardless of the source type.
- a common key table suitable for the sender type may be selected.
- the common key table is selected based on the source type and the table ID.
- the update timing of the common key table may be performed independently or the same.
- the irreversible arithmetic functions for updating the common key table may mutually use the common key table as an argument.
- a common key for signature or encryption is determined from the common key included in the common key table stored in the storage unit 1066 and the source type.
- the same effect can be obtained.
- the source type since the common key used for signature or encryption is already linked to the source type, the source type may be excluded from the calculation target of the electronic signature. By doing so, the total number of keys operated simultaneously increases, and the number of sample data required for decryption of the common key decreases. In particular, the number of sample data of priority vehicles such as ambulances and fire engines is drastically reduced, and the risk of common key leakage from the communication path is reduced.
- the generation unit 1076 holds an irreversible conversion function in advance.
- the present invention is not limited to this.
- the irreversible conversion function may be served from the base station apparatus 10. In that case, the packet signal including the irreversible conversion function is encrypted. According to this modification, the irreversible conversion function can be changed.
- the terminal device autonomously updates the common key table, safety can be improved even when the base station device does not distribute the common key table. Further, since the irreversible conversion function is calculated for the already stored common key table, the common key table can be autonomously updated even when the base station apparatus does not distribute the common key table. Further, since the distribution of the common key table by the base station device is not necessary, the frequency use efficiency can be improved. Further, the common key table can be periodically updated by periodically determining the update timing of the common key table. Also, since the update timing of the common key table is determined from the received packet signal, the common key table can be updated to match the surrounding terminal devices.
- the amount of processing can be reduced compared to the case where a public key is used. Moreover, since the amount of processing is reduced, the number of packet signals that can be processed can be increased. In addition, since the common key is used to generate the electronic signature, the transmission efficiency can be improved as compared with the case where the public key is used. Also, since data such as position information is not encrypted, the amount of processing is reduced.
- the area where the first common key table can be received is the reception range of the packet signal from the base station apparatus, and the first common key table includes a list of base station apparatus IDs.
- the first common key table use area may be expressed by coordinates.
- the coordinate means a plurality of coordinate points on the earth, that is, a point represented by longitude and latitude.
- the available area may be an inner area surrounded by a plurality of coordinates in the list. it can.
- the first common key table includes a plurality of coordinates that specify usable areas in the list. Moreover, it can also be set as the area which is the same distance from one coordinate point.
- the first common key table includes one or more pairs of coordinates and distances as information for designating usable areas.
- the first common key table is described so as to include a list of information for specifying the usable area, it is not always necessary.
- a list of information specifying the usable area of the first common key table may be provided. In this case, both are linked.
- the communication system 100 defines two types of common key tables.
- the present invention is not limited to this.
- the communication system 100 may define three or more types of common key tables.
- a plurality of types of first common key tables are defined.
- a predetermined first common key table is used around a predetermined base station apparatus 10, and another first common key table is used around another base station apparatus 10.
- the area where the common key table to be updated is used can be further limited.
- the determination unit 68 determines whether or not the first common key table exists in an area where the first common key table can be used based on the identification information of the base station device 10 included in the packet signal. .
- the present invention is not limited to this.
- the determination unit 68 may determine whether the first common key table exists in an area where the first common key table can be used, based on position information acquired by GPS or the like. According to this modification, an area where the first common key table can be used can be defined in association with the position information.
- This embodiment may be characterized by the following items.
- (Item 1) A communication unit that transmits and receives a packet signal to which an electronic signature generated by a common key in the common key cryptosystem is attached; and A storage unit that stores a common key table in which a plurality of types of common keys that can be used for transmission and reception of packet signals in the communication unit are stored; A selection unit for selecting any one of the common keys from the common key table stored in the storage unit; Using the common key selected by the selection unit, the electronic signature attached to the packet signal received by the communication unit is verified, or the electronic signature attached to the packet signal to be transmitted from the communication unit is generated.
- a processing unit to The wireless device according to claim 1, wherein the processing unit updates the common key table by performing an operation using a conversion function on the common key table stored in the storage unit. In this case, the encryption key can be updated autonomously.
- the encryption key can be switched and used according to the area, and the risk of key leakage in the communication system can be reduced.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Traffic Control Systems (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
更新の際、更新前に使用されている旧暗号鍵によって暗号化が行われたデータのみの送受信が可能な初期状態にある。この状態から、各装置は、旧暗号鍵および更新後の新暗号鍵によって暗号化が行われた双方のデータの送受信を行うことが可能で、新暗号鍵によって暗号化が行われたデータの送受信に関しては動作未確認の状態に移行する。さらに、各装置は、旧暗号鍵、新暗号鍵の双方で暗号化されたデータの送受信が可能であり、新暗号鍵で暗号化されたデータの送受信に関しても動作確認済みの状態に遷移する。最終的に、各装置は、鍵更新完了後の新暗号鍵によって暗号化されたデータのみの送受信が可能な状態に順次遷移する(例えば、特許文献2参照)。
(項目1)
共通鍵暗号方式における共通鍵によって生成した電子署名が添付されたパケット信号を送受信する通信部と、
前記通信部におけるパケット信号の送受信に使用可能な共通鍵が複数種類示された共通鍵テーブルを記憶する記憶部と、
前記記憶部において記憶した共通鍵テーブルから、いずれかの共通鍵を選択する選択部と、
前記選択部において選択した共通鍵を使用して、前記通信部において受信したパケット信号に添付された電子署名を検証するか、あるいは前記通信部から送信すべきパケット信号に添付される電子署名を生成する処理部とを備え、
前記処理部は、前記記憶部に記憶した共通鍵テーブルに対して、変換関数による演算を実行することによって、共通鍵テーブルを更新することを特徴とする無線装置。
この場合、暗号鍵を自律的に更新できる。
Claims (6)
- 共通鍵が複数種類示された第1の共通鍵テーブルが受信された場合に、受信した第1の共通鍵テーブルを記憶するとともに、第1の共通鍵テーブルとは異なった第2の共通鍵テーブルを予め記憶する記憶部と、
前記記憶部に記憶した第1の共通鍵テーブルを使用可能なエリア内に存在するかを判定する判定部と、
前記判定部がエリア内に存在すると判定した場合、前記記憶部において記憶した第1の共通鍵テーブルに含まれた共通鍵を使用して第1のパケット信号を生成し、前記判定部がエリア外に存在すると判定した場合、前記記憶部において記憶した第2の共通鍵テーブルを使用して第2のパケット信号を生成する生成部と、
前記生成部において生成した第1のパケット信号あるいは第2のパケット信号を報知する報知部と、
を備えることを特徴とする端末装置。 - 前記記憶部において記憶される第1の共通鍵テーブルに複数種類示された共通鍵は、制限されたエリアにおいて使用可能であり、第2の共通鍵テーブルに複数種類示された共通鍵は、第1の共通鍵テーブルを使用可能なエリアよりも広いエリアにおいて使用可能であることを特徴とする請求項1に記載の端末装置。
- 前記生成部は、前記判定部がエリア内に存在すると判定した場合、前記記憶部において記憶した第1の共通鍵テーブルに含まれた共通鍵によって電子署名を生成するとともに、電子署名が添付された第1のパケット信号を生成し、前記判定部がエリア外に存在すると判定した場合、前記記憶部において記憶した第2の共通鍵テーブルに含まれた共通鍵によって電子署名を生成するとともに、電子署名が添付された第2のパケット信号を生成することを特徴とする請求項1または2に記載の端末装置。
- 他の端末装置から報知された第2のパケット信号を受信する受信部と、
前記受信部において受信した第2のパケット信号に添付された電子署名に対して、前記記憶部において記憶した第2の共通鍵テーブルに含まれた共通鍵を使用することによって、電子署名の正当性を検証する検証部と、
前記検証部が正当性を検証した場合、前記受信部において受信した第2のパケット信号を処理する処理部とをさらに備え、
前記受信部は、他の端末装置から報知された第1のパケット信号も受信し、
前記検証部は、前記記憶部に第1の共通鍵テーブルが記憶されている場合、前記受信部において受信した第1のパケット信号に添付された電子署名に対して、第1の共通鍵テーブルに含まれた共通鍵を使用することによって、電子署名の正当性を検証し、前記記憶部に第1の共通鍵テーブルが未記憶である場合、第1の共通鍵テーブルに含まれた共通鍵によって生成された電子署名が所定期間において所定回数以上検出されれば、検証を省略し、
前記処理部は、前記検証部が正当性を検証した場合、あるいは前記検証部が検証を省略した場合、前記受信部において受信した第1のパケット信号を処理することを特徴とする請求項3に記載の端末装置。 - 端末装置間の通信を制御する基地局装置であって、
共通鍵が複数種類示された第1の共通鍵テーブルを記憶するとともに、第1の共通鍵テーブルとは異なった第2の共通鍵テーブルを記憶する記憶部と、
前記記憶部において記憶した第2の共通鍵テーブルに含まれた共通鍵を使用してパケット信号を生成する生成部と、
前記生成部において生成したパケット信号を報知する報知部とを備え、
前記生成部は、前記記憶部において記憶した第1の共通鍵テーブルが格納されたパケット信号も生成することを特徴とする基地局装置。 - 前記記憶部において記憶された第1の共通鍵テーブルに複数種類示された共通鍵は、制限されたエリアにおいて使用可能であり、第2の共通鍵テーブルに複数種類示された共通鍵は、第1の共通鍵テーブルを使用可能なエリアよりも広いエリアにおいて使用可能であることを特徴とする請求項5に記載の基地局装置。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011800034017A CN102577227A (zh) | 2010-05-31 | 2011-05-31 | 终端装置以及基站装置 |
JP2012518250A JP5789745B2 (ja) | 2010-05-31 | 2011-05-31 | 基地局装置 |
US13/691,096 US20130182844A1 (en) | 2010-05-31 | 2012-11-30 | Terminal apparatuses and base station apparatus for transmitting or receiving a signal containing predetermined information |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2010124967 | 2010-05-31 | ||
JP2010-124967 | 2010-05-31 | ||
JP2010-134941 | 2010-06-14 | ||
JP2010134941 | 2010-06-14 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/691,096 Continuation US20130182844A1 (en) | 2010-05-31 | 2012-11-30 | Terminal apparatuses and base station apparatus for transmitting or receiving a signal containing predetermined information |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011152042A1 true WO2011152042A1 (ja) | 2011-12-08 |
Family
ID=45066433
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2011/003056 WO2011152042A1 (ja) | 2010-05-31 | 2011-05-31 | 端末装置および基地局装置 |
Country Status (4)
Country | Link |
---|---|
US (1) | US20130182844A1 (ja) |
JP (4) | JP5789745B2 (ja) |
CN (1) | CN102577227A (ja) |
WO (1) | WO2011152042A1 (ja) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2011234340A (ja) * | 2010-04-07 | 2011-11-17 | Denso Corp | 無線通信装置およびデータ通信装置 |
JP2012147085A (ja) * | 2011-01-07 | 2012-08-02 | Sumitomo Electric Ind Ltd | 通信システム |
WO2013111364A1 (ja) * | 2012-01-27 | 2013-08-01 | 株式会社トヨタIt開発センター | 暗号通信システム、通信装置、鍵配布装置、暗号通信方法 |
JP2014027410A (ja) * | 2012-07-25 | 2014-02-06 | Sumitomo Electric Ind Ltd | 路側通信機、無線通信システム、及び送信方法 |
WO2016031149A1 (ja) * | 2014-08-26 | 2016-03-03 | 株式会社デンソー | 車両用データ変換装置及び車両用データ出力方法 |
WO2016035793A1 (ja) * | 2014-09-02 | 2016-03-10 | 大日本印刷株式会社 | 通信装置、鍵データ更新方法、及び鍵データ更新処理プログラム |
JP2016036159A (ja) * | 2015-10-08 | 2016-03-17 | 住友電気工業株式会社 | 車載機及び共通鍵の更新の契機を得る方法 |
CN105635177A (zh) * | 2016-02-23 | 2016-06-01 | 苏州元禾医疗器械有限公司 | 一种加密数据传输方法、装置及系统 |
JP2018081707A (ja) * | 2017-12-19 | 2018-05-24 | 株式会社デンソー | 車両用データ変換装置及び車両用データ出力方法 |
CN109474909A (zh) * | 2018-08-28 | 2019-03-15 | 北京交通大学 | 用于ctcs-3级列控系统车地安全通信协议的密钥管理方法 |
JP2020513169A (ja) * | 2017-04-07 | 2020-04-30 | 株式会社トラストホールディングスTrusst Holdings Inc. | 装置認証キーを利用したデータ暗号化方法およびシステム |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9154481B1 (en) * | 2012-12-13 | 2015-10-06 | Emc Corporation | Decryption of a protected resource on a cryptographic device using wireless communication |
US9819488B2 (en) * | 2014-07-10 | 2017-11-14 | Ohio State Innovation Foundation | Generation of encryption keys based on location |
JP6197000B2 (ja) * | 2015-07-03 | 2017-09-13 | Kddi株式会社 | システム、車両及びソフトウェア配布処理方法 |
EP3319354B1 (en) * | 2015-07-31 | 2020-12-30 | Huawei Technologies Co., Ltd. | V2x communication methods and related apparatuses |
JP6567376B2 (ja) | 2015-09-25 | 2019-08-28 | パナソニック株式会社 | 装置 |
JP6171046B1 (ja) * | 2016-04-26 | 2017-07-26 | 京セラ株式会社 | 電子機器、制御方法、及び制御プログラム |
CN107085961A (zh) * | 2017-06-22 | 2017-08-22 | 公安部交通管理科学研究所 | 一种车载终端、获取路口交通信号控制信息的方法及系统 |
DE102019207753A1 (de) * | 2019-05-27 | 2020-12-03 | Robert Bosch Gmbh | Verfahren zum Ansteuern eines Fahrzeugs |
JP7028833B2 (ja) * | 2019-07-31 | 2022-03-02 | パナソニック株式会社 | 装置、プロセッサ、制御方法、プログラム |
KR20210063168A (ko) * | 2019-11-22 | 2021-06-01 | 삼성전자주식회사 | 무선 접속 망에서 사업자 특정 서비스를 지원하기 위한 장치 및 방법 |
JPWO2023084694A1 (ja) * | 2021-11-11 | 2023-05-19 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000151578A (ja) * | 1998-11-10 | 2000-05-30 | Mitsubishi Electric Corp | 暗号通信装置 |
JP2006197035A (ja) * | 2005-01-11 | 2006-07-27 | Sumitomo Electric Ind Ltd | 信号制御情報通信システム |
JP2009224843A (ja) * | 2008-03-13 | 2009-10-01 | Denso Corp | 無線通信システム及び無線通信方法 |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2595899B2 (ja) * | 1994-05-17 | 1997-04-02 | 日本電気株式会社 | オンライン伝文暗号化装置 |
JP3555345B2 (ja) * | 1996-08-09 | 2004-08-18 | 株式会社日立製作所 | 自動料金収受システムの車載機 |
JP3445490B2 (ja) * | 1998-03-25 | 2003-09-08 | 株式会社日立製作所 | 移動体通信方法および移動体通信システム |
US8472627B2 (en) * | 2000-10-30 | 2013-06-25 | Geocodex Llc | System and method for delivering encrypted information in a communication network using location indentity and key tables |
JPWO2002076011A1 (ja) * | 2001-03-19 | 2004-07-08 | 株式会社鷹山 | 暗号通信システム |
EP1549010B1 (en) * | 2003-12-23 | 2008-08-13 | Motorola Inc. | Rekeying in secure mobile multicast communications |
JP4559794B2 (ja) * | 2004-06-24 | 2010-10-13 | 株式会社東芝 | マイクロプロセッサ |
JP4619858B2 (ja) * | 2004-09-30 | 2011-01-26 | 株式会社日立製作所 | 分散環境における暗号鍵更新方法、暗号鍵更新システム、暗号鍵更新システムを構成する無線基地局 |
KR101153640B1 (ko) * | 2005-05-04 | 2012-06-18 | 삼성전자주식회사 | 디지털 멀티미디어 방송 수신 제한 시스템 및 그 방법 |
US8266431B2 (en) * | 2005-10-31 | 2012-09-11 | Cisco Technology, Inc. | Method and apparatus for performing encryption of data at rest at a port of a network device |
US7945070B2 (en) * | 2006-02-24 | 2011-05-17 | Digimarc Corporation | Geographic-based watermarking keys |
JP2008060789A (ja) * | 2006-08-30 | 2008-03-13 | Toyota Infotechnology Center Co Ltd | 公開鍵配布システムおよび公開鍵配布方法 |
JP4950868B2 (ja) * | 2007-12-18 | 2012-06-13 | 株式会社東芝 | 情報処理装置及び情報処理方法 |
-
2011
- 2011-05-31 CN CN2011800034017A patent/CN102577227A/zh active Pending
- 2011-05-31 WO PCT/JP2011/003056 patent/WO2011152042A1/ja active Application Filing
- 2011-05-31 JP JP2012518250A patent/JP5789745B2/ja active Active
-
2012
- 2012-11-30 US US13/691,096 patent/US20130182844A1/en not_active Abandoned
-
2015
- 2015-02-19 JP JP2015030961A patent/JP5899457B2/ja active Active
- 2015-12-10 JP JP2015241036A patent/JP6074824B2/ja active Active
-
2016
- 2016-12-21 JP JP2016248279A patent/JP6273561B2/ja active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000151578A (ja) * | 1998-11-10 | 2000-05-30 | Mitsubishi Electric Corp | 暗号通信装置 |
JP2006197035A (ja) * | 2005-01-11 | 2006-07-27 | Sumitomo Electric Ind Ltd | 信号制御情報通信システム |
JP2009224843A (ja) * | 2008-03-13 | 2009-10-01 | Denso Corp | 無線通信システム及び無線通信方法 |
Non-Patent Citations (1)
Title |
---|
ALFRED J. MENEZES ET AL., HANDBOOK OF APPLIED CRYPTOGRAPHY, August 2001 (2001-08-01), pages 353, Retrieved from the Internet <URL:http://www.cacr.math.uwaterloo.ca/hac/about/chap9.pdf> [retrieved on 20110617] * |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2011234340A (ja) * | 2010-04-07 | 2011-11-17 | Denso Corp | 無線通信装置およびデータ通信装置 |
JP2012147085A (ja) * | 2011-01-07 | 2012-08-02 | Sumitomo Electric Ind Ltd | 通信システム |
WO2013111364A1 (ja) * | 2012-01-27 | 2013-08-01 | 株式会社トヨタIt開発センター | 暗号通信システム、通信装置、鍵配布装置、暗号通信方法 |
JP2013157693A (ja) * | 2012-01-27 | 2013-08-15 | Toyota Infotechnology Center Co Ltd | 暗号通信システム、通信装置、鍵配布装置、暗号通信方法 |
EP2816755A1 (en) * | 2012-01-27 | 2014-12-24 | Toyota Jidosha Kabushiki Kaisha | Encryption communication system, communication device, key distribution device, encryption communication method |
EP2816755A4 (en) * | 2012-01-27 | 2015-04-15 | Toyota Motor Co Ltd | ENCRYPTED COMMUNICATION SYSTEM, COMMUNICATION DEVICE, KEY DISTRIBUTION DEVICE, ENCRYPTED COMMUNICATION METHOD |
JP2014027410A (ja) * | 2012-07-25 | 2014-02-06 | Sumitomo Electric Ind Ltd | 路側通信機、無線通信システム、及び送信方法 |
JP2016045860A (ja) * | 2014-08-26 | 2016-04-04 | 株式会社デンソー | 車両用データ変換装置及び車両用データ出力方法 |
WO2016031149A1 (ja) * | 2014-08-26 | 2016-03-03 | 株式会社デンソー | 車両用データ変換装置及び車両用データ出力方法 |
US10599854B2 (en) | 2014-08-26 | 2020-03-24 | Denso Corporation | Vehicular data conversion apparatus and vehicular data output method |
WO2016035793A1 (ja) * | 2014-09-02 | 2016-03-10 | 大日本印刷株式会社 | 通信装置、鍵データ更新方法、及び鍵データ更新処理プログラム |
JPWO2016035793A1 (ja) * | 2014-09-02 | 2017-06-22 | 大日本印刷株式会社 | 通信装置、鍵データ更新方法、及び鍵データ更新処理プログラム |
JP2016036159A (ja) * | 2015-10-08 | 2016-03-17 | 住友電気工業株式会社 | 車載機及び共通鍵の更新の契機を得る方法 |
CN105635177A (zh) * | 2016-02-23 | 2016-06-01 | 苏州元禾医疗器械有限公司 | 一种加密数据传输方法、装置及系统 |
JP2020513169A (ja) * | 2017-04-07 | 2020-04-30 | 株式会社トラストホールディングスTrusst Holdings Inc. | 装置認証キーを利用したデータ暗号化方法およびシステム |
JP2018081707A (ja) * | 2017-12-19 | 2018-05-24 | 株式会社デンソー | 車両用データ変換装置及び車両用データ出力方法 |
CN109474909A (zh) * | 2018-08-28 | 2019-03-15 | 北京交通大学 | 用于ctcs-3级列控系统车地安全通信协议的密钥管理方法 |
CN109474909B (zh) * | 2018-08-28 | 2020-07-24 | 北京交通大学 | 用于ctcs-3级列控系统车地安全通信协议的密钥管理方法 |
Also Published As
Publication number | Publication date |
---|---|
JP5899457B2 (ja) | 2016-04-06 |
US20130182844A1 (en) | 2013-07-18 |
JP2017103780A (ja) | 2017-06-08 |
JP6273561B2 (ja) | 2018-02-07 |
JP2015100132A (ja) | 2015-05-28 |
CN102577227A (zh) | 2012-07-11 |
JP2016105596A (ja) | 2016-06-09 |
JP6074824B2 (ja) | 2017-02-08 |
JP5789745B2 (ja) | 2015-10-07 |
JPWO2011152042A1 (ja) | 2013-07-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6273561B2 (ja) | 端末装置 | |
JP6273658B2 (ja) | 基地局装置 | |
JP5390036B2 (ja) | 車載器 | |
JP6112467B2 (ja) | 通信装置 | |
JP5991561B2 (ja) | 無線装置 | |
JP2014158105A (ja) | 端末装置 | |
JP6187888B2 (ja) | 処理装置 | |
JP5903629B2 (ja) | 無線装置 | |
JP2014158104A (ja) | 端末装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201180003401.7 Country of ref document: CN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012518250 Country of ref document: JP |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11789455 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 11789455 Country of ref document: EP Kind code of ref document: A1 |