WO2013179392A1 - 認証システム及び認証方法 - Google Patents
認証システム及び認証方法 Download PDFInfo
- Publication number
- WO2013179392A1 WO2013179392A1 PCT/JP2012/063794 JP2012063794W WO2013179392A1 WO 2013179392 A1 WO2013179392 A1 WO 2013179392A1 JP 2012063794 W JP2012063794 W JP 2012063794W WO 2013179392 A1 WO2013179392 A1 WO 2013179392A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- code
- authentication
- key
- communication data
- update
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/068—Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R25/00—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
- B60R25/20—Means to switch the anti-theft system on or off
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C5/00—Registering or indicating the working of vehicles
- G07C5/08—Registering or indicating performance data other than driving, working, idle, or waiting time, with or without registering driving, working, idle or waiting time
- G07C5/0841—Registering performance data
- G07C5/085—Registering performance data using electronic data carriers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/84—Vehicles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
Definitions
- the present invention relates to an authentication system and an authentication method that are useful when applied to authentication by an in-vehicle control device mounted on a vehicle, for example.
- vehicles such as automobiles are equipped with in-vehicle control devices that electronically control various in-vehicle devices such as engines and brakes, as well as in-vehicle control devices that constitute a navigation system.
- Many on-vehicle control devices such as an on-vehicle control device that controls devices such as meters that display various states of the vehicle are mounted on the vehicle.
- each vehicle-mounted control apparatus is electrically connected by a communication line, a vehicle network is formed, and transmission / reception of various vehicle data between each vehicle-mounted control apparatus is performed via this vehicle network.
- the vehicle-mounted device center key 22, which is a key unique to the vehicle 1 is written in advance by the writing device 18 in the vehicle 1 to which the secret key 16 used for authentication is distributed. Yes. Also, the electronic key center key 23 unique to the electronic key 2 is written in advance by the writing device 18 in the electronic key 2 to which the secret key 16 is distributed.
- the center 20 that generates and distributes the secret key 16 has an in-vehicle device center key 22 and an electronic key center key 23 that the vehicle 1 and the electronic key 2 have in advance. Then, when distributing the secret key 16, the center 20 encrypts the secret key 16 distributed to the vehicle 1 using the vehicle-mounted device center key 22, which is a key common to the key held by the vehicle 1. Further, the center 20 encrypts the secret key 16 distributed to the electronic key 2 using the electronic key center key 23 which is a key common to the key held by the electronic key 2. The center 20 distributes the encrypted secret key 16 to the vehicle 1 and the electronic key 2.
- the encrypted secret key 16 is decrypted by the in-vehicle device center key 22 and the electronic key center key 23 that the vehicle 1 and the electronic key 2 own. Thereafter, encryption communication is performed between the center 20 and the vehicle 1 and the electronic key 2 using the decrypted secret key 16.
- the secret key 16 is Even if it is illegally acquired during distribution, it is possible to prevent the secret key 16 that has been illegally acquired from being misused.
- the vehicle-mounted device center key 22 and the electronic key center key 23 used for encryption of the secret key 16 are used as keys unique to the vehicle 1 and the electronic key 2. For this reason, the secret key 16 distributed from the center 20 is always encrypted with a unique key such as the vehicle-mounted device center key 22 or the electronic key center key 23. Therefore, if only the in-vehicle device center key 22 and the electronic key center key 23 can be decrypted, the encrypted secret key 16 can be easily decrypted.
- the vehicle-mounted device center key 22 and the electronic key center key 23 are periodically updated, the keys owned by the center 20, the vehicle 1, and the electronic key 2 are simultaneously updated.
- the vehicle 1 and the electronic key 2 must be shared. For this reason, it is difficult to update the vehicle-mounted device center key 22 and the electronic key center key 23 once held in the center 20, the vehicle 1, and the electronic key 2, and the so-called danger that the security of the encryption algorithm is lowered by long-time operation. It is something that cannot be avoided.
- Such a problem is not limited to data communication between a center, a vehicle, and an electronic key, but a system using a key used for verification and authentication of communication data and an authentication code generated by such a key. Are almost common issues.
- the present invention has been made in view of such circumstances, and its purpose is to maintain high reliability of authentication using an authentication code through improvement in manageability of a communication authentication code used for data communication.
- an authentication system is an authentication system used for authentication of a plurality of nodes connected to a network and transmitting / receiving communication data, and verifying the validity of the transmission source of the communication data
- a granting unit that grants an authentication code used for the communication data
- an update unit that updates the authentication code based on the update rule for the specified authentication code each time communication of the communication data is completed .
- an authentication method is an authentication method used for authentication of a plurality of nodes connected to a network and transmitting / receiving communication data, and verifying the validity of the transmission source of the communication data
- a granting step for granting an authentication code used for the communication data, and an updating step for updating the authentication code on the basis of an update rule for the specified authentication code each time communication of the communication data is completed.
- an authentication code for authentication is added to the communication data.
- the authentication code for authentication is updated based on a pre-defined update rule every time communication of communication data is completed. For this reason, when communication data is transmitted next, the authentication code given to the communication data is updated to another authentication code. Therefore, even if the authentication code assigned to the communication data is illegally acquired, the authentication code acquired illegally is different from the authentication code assigned to the communication data transmitted next from the node. . Therefore, unauthorized use of an authentication code used for verifying the presence / absence of tampering of communication data is suppressed. As a result, it is possible to verify the validity of communication data using an authentication code with high reliability. As a result, it is possible to maintain high reliability of authentication using an authentication code. .
- the plurality of nodes commonly hold a key code for generating an authentication code and a change code for changing the authentication code, and as the update rule, the key code and the A rule for updating the authentication code using a change code is defined, and the update unit updates the authentication code through a predetermined operation based on the key code and the change code.
- a key code for generating an authentication code and a change code for changing the authentication code are commonly held in the plurality of nodes, and the key code and the change are used as the update rule.
- the authentication code is updated through a predetermined calculation based on the key code and the change code.
- the authentication code is updated by executing a predetermined operation based on the two codes such as the key code and the change code. That is, every time communication of communication data is completed, a predetermined calculation based on the key code and the change code is executed, and the authentication code obtained from the calculation result is updated. For this reason, as long as the confidentiality of the key code, the change code, and the calculation method can be ensured, the confidentiality of the authentication code updated based on the key code and the change code can be maintained high.
- the authentication code is updated based on the two codes such as the key code and the change code, so that even if the authentication code before the update is obtained illegally, the authentication code is used. Thus, it becomes difficult to guess the updated authentication code. Therefore, it is possible to maintain the confidentiality of the authentication code updated as needed.
- the update unit selects a translation code composed of a predetermined random number as the change code, and executes a recursive operation using the selected translation code on the key code.
- the key code is updated as needed, and the authentication code is recursively generated using the key code updated as needed.
- a translation code composed of a predetermined random number is selected as the change code, and a recursive operation using the selected translation code is executed on the key code.
- the key code is updated at any time, and the authentication code is recursively generated by the key code updated at any time.
- the key code used for generating the authentication code is updated as needed by performing a recursive operation using a translation code composed of random numbers. Then, by executing a predetermined calculation using the key code updated as needed, the authentication code generated based on the key code is also updated as needed. That is, in the above configuration or method, the authentication code is updated as needed through the update of the key code as needed. For this reason, the confidentiality of the key code used for generating the authentication code is also maintained high. Thereby, the secrecy of the generation source of the authentication code is also maintained.
- the key code includes an initial key that is stored in advance in the plurality of nodes and is used when the authentication code is generated for the first time, and the communication data through an operation of the initial key and the translation code. And an update key generated whenever necessary, and the update unit uses a predetermined random number preliminarily held in the initial key and the plurality of nodes for an authentication code used at the time of initial communication of communication data. The generated authentication code is updated by using an update key generated as needed.
- an initial key that is stored in advance in the plurality of nodes and used when the authentication code is generated for the first time, and the communication data is calculated through the calculation of the initial key and the translation code.
- An update key generated at any time is selected each time communication is performed, and the update step generates an authentication code used at the time of initial communication of communication data through the operation of the initial key and the random code; and
- the authentication method includes a step of updating the generated authentication code using an update key that is generated as needed.
- an initial key previously stored in a regular node connected to the network is used as a key code at the initial communication of communication data. Further, after the completion of the initial communication, an update key generated as needed through the operation of the initial key and the translation code is used as the key code. Then, at the time of initial communication between nodes, first, an authentication code is generated based on a random code and an initial key previously held in a regular node. In subsequent communication, the authentication code is updated by executing an operation based on an update key generated at any time and, for example, a random code.
- an authentication code is generated using an initial key and a random code that are held in advance only in a legitimate node, and the once generated authentication code is updated as needed. For this reason, as long as the confidentiality of the initial key and the random code can be ensured, it is possible to maintain the confidentiality of the authentication code generated based on the initial key and the random code and transmitted to the network.
- the authentication code is generated and updated based on a plurality of types of codes such as an initial key, a translation code, and a random code. Therefore, it becomes more difficult to specify the generation source and update source of the authentication code. As a result, unauthorized use of the authentication code transmitted in the network together with the communication data is suppressed.
- the authentication system further includes an authentication unit that authenticates a node to be communicated when the communication data is transmitted and received, and the authentication unit preliminarily stores the plurality of nodes in authenticating the node to be communicated.
- a communication code to which a message code generated through a calculation of a random code consisting of a predetermined random number held and the key code is acquired from a communication target, and the acquired message code and a key code held by the authentication unit Verifying the validity of the communication data provided with the message code through a comparison between a random code restored through the operation and a random code held in advance by the node that received the communication data from the communication target, and the updating unit Updates the message code as the authentication code.
- the authentication method further includes an authentication step of verifying the legitimacy of the communication data provided with the message code, and authenticating a node to be communicated when transmitting / receiving the communication data based on the verification result, and in the updating step, The message code is updated as an authentication code.
- a random code commonly held by a plurality of regular nodes is converted into a message code by the key code.
- the converted message code is added to the communication data.
- the message code is restored to the random code through the calculation using the key code held by the node.
- the restored random code matches the random code previously held by the node from which the communication data is received, it is determined that the communication data and the message code have not been tampered with. If it is determined that the communication data and the message code are not falsified through such verification, it is authenticated that the communication data and the message code are properly transmitted from the legitimate node. Then, communication data determined to have been properly transmitted from a legitimate node is used at the node that received the communication data.
- the communication data and the message code have been tampered with or transmitted. It is determined that the source is an unauthorized node. Communication data that is determined to be unauthorized is discarded as unauthorized communication data. Similarly, communication data determined to have been tampered with is also discarded as unauthorized communication data.
- the message code that is given when the communication data is transmitted and is used for verifying the communication data or its transmission source is updated as the authentication code. For this reason, even if the message code used for verifying the communication data or its transmission source is illegally acquired, another message code is used for verifying the communication data when the next communication data is transmitted. As a result, compromise of the message code used for verifying the communication data and its transmission source is suppressed.
- the authentication unit prior to authentication of the node to be communicated, receives a key code that the authentication unit holds in advance a message code generated through an operation of the key code and a random code.
- the random code used for verifying the correctness of the communication data is obtained by using it to restore the random code.
- a random code used for verification of communication data and its transmission source is distributed to each node in a state converted into a message code by a key code.
- the distributed message code is restored from the message code to a random code by using a previously held key code.
- an unauthorized node connected to the network illegally acquires the message code
- the unauthorized node cannot retain the key code, and therefore cannot recover the illegally acquired message code to a random code.
- an unauthorized node cannot obtain a random code illegally, and unauthorized use of a random code used for verification of communication data and its transmission source is suppressed.
- the random code distributed prior to communication of communication data is held in a legitimate node with high confidentiality.
- a regular node connected to the network has only a key code
- a random code can be retained in the regular node afterwards. That is, the legitimate node only needs to hold the key code prior to verifying the communication data and its transmission source and obtaining the random code.
- the verification of the communication data using the random code and the random code and the transmission source thereof is performed with a higher degree of freedom.
- the node that transmits the communication data distributes the change code together with the authentication code given to the communication data to the node to be transmitted, and the update unit includes the authentication code and the change On the condition that the transmission processing of the communication data to which the code is given is completed, the key code is updated using the change code.
- communication data, an authentication code for verifying the communication data and its transmission source, and a change code for updating the key code are distributed to the receiving node to which the communication data is transmitted.
- the updating unit updates the key code using the change code distributed to the receiving node together with the communication data. Then, the authentication code is updated using the updated key code, and the updated authentication code is used when transmitting the next communication data.
- a node to which communication data is transmitted can acquire a change code for updating the authentication code transmitted together with the communication data every time data communication is performed. Then, the authentication code is updated using the change code, and the updated authentication code is added to the communication data to be transmitted next and transmitted. As a result, the completion of the communication data transmission process and the update of the authentication code are performed smoothly.
- the plurality of nodes commonly hold a key code for generating an authentication code and a change code for changing the authentication code, and as the update rule, the key code and the The regulation for updating the authentication code using a change code is defined, and the update unit changes the calculation type of the authentication code using the change code every time communication of the communication data is completed. To update the authentication code.
- an authentication code is generated by performing an operation based on two codes such as a key code and a change code. And in the said structure, whenever the communication of communication data is completed, the authentication code obtained from this calculation result is updated by changing the calculation type based on a key code and a change code. For this reason, as long as the confidentiality of the key code, the change code, and the calculation type can be ensured, the confidentiality of the authentication code updated based on the key code and the change code can be maintained high.
- the authentication code is updated based on the two codes such as the key code and the change code, so that even if the authentication code before the update is obtained illegally, the authentication code is updated. It becomes difficult to guess the later authentication code. Therefore, it is possible to maintain the confidentiality of the authentication code updated as needed.
- the plurality of nodes commonly hold a key code for generating an authentication code and a change code for changing the authentication code, and as the update rule, the key code and the Regulations for updating the authentication code using a change code are defined, and the updating unit counts the number of communication data communication times transmitted between the plurality of nodes and responds to the counted communication number.
- the authentication code is updated by generating the authentication code using a number of key codes.
- an authentication code is generated by performing an operation based on two codes such as a key code and a change code.
- an authentication code is generated by using a number of key codes corresponding to the number of communication data communications. That is, the generated authentication code changes to a different code depending on the number of communication data communications. For this reason, as long as the confidentiality of the key code, the change code, and the number of encryptions can be ensured, the confidentiality of the authentication code updated based on the key code and the change code can be maintained high.
- the authentication code is updated based on the two codes such as the key code and the change code. Even if the authentication code before the update is illegally acquired, the authentication code is updated from this authentication code. It becomes difficult to guess the authentication code. Therefore, it is possible to maintain the confidentiality of the authentication code updated as needed.
- the plurality of nodes include a plurality of in-vehicle control devices that are provided in a vehicle and configure a vehicle network, and the adding unit and the updating unit are provided in the plurality of in-vehicle control devices, respectively.
- the update units provided in the plurality of in-vehicle control devices perform the update of the authentication code in synchronization each time transmission / reception of communication data via the vehicle network is performed.
- vehicle speed data indicating the traveling speed of the vehicle, control data of various control systems, and the like are processed by an in-vehicle control device.
- vehicle speed data indicating the traveling speed of the vehicle
- control data of various control systems, and the like are processed by an in-vehicle control device.
- the communication data processed by such a vehicle-mounted control apparatus are used for vehicle control etc., the necessity for verifying communication data and its legitimacy is especially high.
- the calculation processing capability of the in-vehicle control device is naturally limited, and it is difficult to perform advanced authentication processing with the in-vehicle control device.
- a plurality of in-vehicle control devices constituting the vehicle network are selected as the plurality of nodes.
- the authentication code updated at any time is given to the communication data transmitted / received between such vehicle-mounted control apparatuses. For this reason, even if the authentication code generated by the in-vehicle control device or the like is not a very complicated code, the authentication code is updated as needed, and thus it is possible to maintain high confidentiality.
- communication data using an authentication code and its transmission source can be verified with high reliability. Therefore, it is possible to maintain high reliability of the vehicle network that requires high security.
- (A)-(d) is a figure which shows an example of the update mode of the key code by the update part, and a message code.
- the sequence diagram which shows an example of the update procedure of the key code and message code by an update part, and the authentication procedure by an authentication part.
- the flowchart which shows an example of the transmission procedure of the communication data by the transmission subject of communication data, and the update procedure of a key code and a message code.
- the flowchart which shows an example of the authentication procedure of the communication data by the receiving subject of communication data, and the update procedure of a key code and a message code.
- the block diagram which shows schematic structure of the vehicle-mounted control apparatus by which the update part and the provision part are mounted about 2nd Embodiment of the authentication system and authentication method concerning this invention.
- the sequence diagram which shows an example of the update procedure of the key code and message code by an update part, and the authentication procedure by an authentication part.
- the block diagram which shows schematic structure of the vehicle-mounted control apparatus by which the update part and the provision part are mounted about 3rd Embodiment of the authentication system and authentication method concerning this invention.
- the sequence diagram which shows an example of the update procedure of the key code and message code by an update part, and the authentication procedure by an authentication part.
- the block diagram which shows schematic structure of the vehicle-mounted control apparatus by which the update part and the provision part are mounted about 4th Embodiment of the authentication system and authentication method concerning this invention.
- the sequence diagram which shows an example of the update procedure of the key code and message code by an update part, and the authentication procedure by an authentication part.
- (A) is a block diagram which shows schematic structure of the vehicle-mounted control apparatus by which an update part and a provision part are mounted about 5th Embodiment of the authentication system and authentication method concerning this invention.
- (B) is a figure which shows an example of the communication data to which the translation code for the update of a key code is not provided as a comparative example.
- (C) is a figure which shows an example of the communication data to which the translation code for the update of a key code was provided.
- the block diagram which shows schematic structure of the conventional authentication system.
- a first embodiment that embodies an authentication system and an authentication method according to the present invention will be described below with reference to FIGS.
- the authentication system and the authentication method of the present embodiment manage communications performed via a vehicle network mounted on a vehicle.
- a message code is generated using a key code composed of an initial key and an update key, and a random code composed of a predetermined random number and a change code composed of a translation code.
- the vehicle is provided with vehicle-mounted control devices 100A to 100D that are a plurality of nodes that electronically control various vehicle-mounted devices mounted on the vehicle.
- vehicle-mounted control devices 100A to 100D include information systems such as navigation systems, various vehicle drive systems such as engines, brakes and steering, body systems such as air conditioners and meters that display various states of vehicles, etc. To control.
- Such in-vehicle control devices 100A to 100D are connected to a communication line 10 constituting a vehicle network, for example.
- Each of the in-vehicle control devices 100A to 100D transmits / receives communication data such as sensor data indicating detection results of various sensors that detect the state of the vehicle and control data of various in-vehicle devices via the communication line 10.
- a control area network CAN
- the in-vehicle control devices 100A to 100D perform transmission / reception of communication data in accordance with communication rules defined by CAN.
- the in-vehicle control device 100A is defined as an in-vehicle control device representing each of the in-vehicle control devices 100A to 100D.
- the vehicle is provided with a DLC (data link connector) 200 to which a device such as a vehicle diagnostic device is connected, for example.
- the DLC 200 is connected to the communication line 10 so that the devices connected to the DLC 200 and the devices such as the in-vehicle control devices 100A to 100D connected to the vehicle network can communicate with each other.
- an information terminal 300 such as a smartphone is connected to the DLC 200 of the present embodiment.
- Such a diagnostic device and the information terminal 300 are connected to the vehicle network via the DLC 200 to acquire communication data transmitted by the in-vehicle control devices 100A to 100D.
- the diagnostic device and the information terminal 300 transmit various data to the vehicle network.
- the in-vehicle control devices 100A to 100D are each provided with a central processing unit 101 that performs various operations such as operations for generating control data for various in-vehicle devices.
- Each of the in-vehicle control devices 100A to 100D includes a communication unit 102 that includes a CAN controller that manages transmission and reception of communication data.
- Each central processing unit 101 includes a communication data generation unit 110 that generates communication data.
- Each central processing unit 101 according to the present embodiment includes an update unit 120 that generates and updates communication data generated by the communication data generation unit 110 and an authentication code for verifying the transmission source.
- each central processing unit 101 of the present embodiment includes an adding unit 130 that adds the code generated or updated by the updating unit 120 to the communication data generated by the communication data generating unit 110.
- each central processing unit 101 of the present embodiment includes an authentication unit 140 that authenticates communication data transmitted via the vehicle network and its transmission source.
- update unit 120 of the present embodiment generates a message code that is an authentication code for verifying communication data and its transmission source.
- a message code generation unit 121 is provided.
- the update unit 120 according to the present embodiment includes a key code update unit 122 that generates a key code for generating an authentication code.
- the message code generation unit 121 stores in the storage area 150 as indicated by a broken line arrow in FIG. 2 at the time of initial communication when initial communication is performed on the vehicle network after the vehicle ignition key is turned on. Get the initial key that is being used. Similarly, at the time of initial communication, the message code generation unit 121 acquires a random code including a predetermined random number stored in the storage area 150. Then, the message code generation unit 121 generates a message code by, for example, performing an XOR operation on the acquired initial key and random code. Thereby, in this Embodiment, a random code is converted into a message code.
- the update unit 120 updates the initial key instead of the initial key when communication is performed for the second and subsequent times after the ignition key of the vehicle is turned on, as indicated by a chain arrow in FIG.
- the obtained update key is acquired from the storage area 150.
- the message code generation unit 121 generates a message code by performing an XOR operation on the acquired update key and random code, for example.
- the message code is generated based on the updated update key, so that the message code is updated as needed along with the update key.
- the initial key stored in the storage area 150 is, for example, distributed in advance to the regular onboard control devices 100A to 100D connected to the vehicle network when the vehicle is shipped from the factory.
- the random code stored in the storage area 150 is distributed in advance from the regular onboard control device 100A connected to the vehicle network to the regular onboard control devices 100B to 100D.
- a translation code composed of a predetermined random number generated by the translation code generator 123 is stored.
- the key code update unit 122 updates a key code for generating a message code every time communication of communication data via the vehicle network is completed.
- the key code updating unit 122 updates the initial key serving as the initial key code by performing, for example, an XOR operation on the translation code and the initial key stored in the storage area 150. As a result, the initial key is converted into an update key. In the second and subsequent communications, the update key is updated as needed, for example, by performing an XOR operation on the update key being used and the translation code.
- the operation based on the key code including the initial key or the update key for generating the authentication code and the translation code is recursively executed. Note that such calculation is performed in synchronization with each of the in-vehicle control devices 100A to 100D every time communication data transmission processing by the in-vehicle control devices 100A to 100D is completed in the vehicle network. As a result, the key codes respectively held by the in-vehicle control devices 100A to 100D are updated as needed every time the communication data transmission process via the vehicle network is completed.
- the translation code generator 123 generates a translation code composed of a predetermined random number prior to the communication data transmission process. Then, the translation code generation unit 123 stores the generated translation code in the storage area 150 of the in-vehicle control device 100A. Note that the translation code generation unit 123 generates a translation code when the in-vehicle control device on which the translation code generation unit 123 is mounted becomes a communication data transmission subject. And the translation code produced
- the random code generation unit 124 provided in the representative in-vehicle control device 100A generates a random code composed of a predetermined random number prior to the communication data transmission process. Then, the random code generation unit 124 stores the generated random code in the storage area 150 of the in-vehicle control device 100A. For example, the random code generation unit 124 of the present embodiment generates a random code on the condition that the ignition key of the vehicle is turned on from off. After the ignition key is turned on, the random code generation unit 124 distributes the generated random code to the in-vehicle control devices 100B to 100D. The random code distributed to each of the in-vehicle control devices 100B to 100D is stored, for example, in the storage area 150 provided in each of the in-vehicle control devices 100B to 100D.
- the adding unit 130 adds a random code converted based on a key code (initial key, update key), that is, a message code, to the communication data. Then, the assigning unit 130 assigns a translation code for updating the key code (initial key, update key) to the communication data.
- a key code initial key, update key
- the communication unit 102 mounted on each of the in-vehicle control devices 100A to 100D transmits the communication data thus assigned with the message code and the translation code to the vehicle network.
- the communication unit 102 mounted on the representative in-vehicle control device 100A transmits the random code generated by the random code generation unit 124 prior to transmission of such communication data to each of the other in-vehicle control devices 100B to 100B to be communicated.
- the communication unit 102 converts the message code converted by the message code generation unit 121 based on the random code and the key code, in order to maintain the confidentiality of the random code, to each of the in-vehicle control devices 100B to 100D.
- the authentication unit 140 of the in-vehicle control devices 100B to 100D verifies the validity of the communication data and its transmission source.
- the authenticating unit 140 verifies the validity of the communication data and the transmission source by using a random code distributed in advance from the in-vehicle control device 100A prior to transmission / reception of the communication data. That is, when the authentication unit 140 acquires the message code transmitted together with the communication data, the authentication unit 140 performs an XOR operation on the message code and the initial key or update key stored in the storage area 150. The authentication unit 140 restores the message code to a random code through such calculation. Then, the authentication unit 140 compares the restored random code with a random code distributed in advance from the representative in-vehicle control device 100A.
- the authentication unit 140 When the compared random codes match each other, the authentication unit 140 has not tampered with the communication data transmitted together with the message code, and the communication data and the message code are generated by any of the legitimate in-vehicle controllers 100A to 100D. Authenticate that it was sent. Then, the in-vehicle control devices 100A to 100D that have received the communication data to which such a message code is assigned execute various controls based on the communication data whose validity has been confirmed.
- the authentication unit 140 determines that the message code or the communication data has been falsified by the information terminal 300 or the like illegally connected to the vehicle network, for example. Further, for example, when the compared random codes are different, the authentication unit 140 determines that the received communication data is data illegally transmitted by the information terminal 300 or the like that is illegally connected to the vehicle network. Then, the authentication unit 140 discards the communication data determined to have been tampered with or the communication data determined to have been illegally transmitted. Note that, after discarding the communication data, the authentication unit 140 makes a request for transmission of regular communication data to the regular vehicle-mounted control devices 100A to 100D, for example.
- the random code generation unit 124 mounted on the representative in-vehicle control device 100A when the ignition key of the vehicle is turned on, the random code generation unit 124 mounted on the representative in-vehicle control device 100A generates a random code Y. Then, the generated random code and an initial key X that is an initial key code held by the in-vehicle control device 100A are subjected to, for example, an XOR operation. As a result, the random code is converted into the message code Z based on the initial key (block Z01). Next, the generated message code is distributed from the in-vehicle control device 100A to each of the in-vehicle control devices 100B to 100D.
- a predetermined number of bits is assigned to the initial key, random code, message code, translation code, and update key.
- this number of bits for example, a half value of a value obtained by subtracting the number of bits used for control from 64-bit communication data based on CAN communication regulations is set.
- the translation code generation unit 123 mounted on the vehicle-mounted control device that is the communication subject of the communication data executes a predetermined calculation.
- a translation code ⁇ composed of random numbers is generated (block Z02).
- the communication data to which the generated message code and translation code are added is transmitted to the vehicle network.
- each of the in-vehicle control devices 100A to 100D performs, for example, an XOR operation between the translation code transmitted together with the communication data and the initial key held in advance by each of the in-vehicle control devices 100A to 100D. Is done.
- the key code is updated from the initial key X to the update key X '(block Z03).
- the updated update key and the random code are XORed, for example, to generate a message code Z '(block Z04).
- the authentication code is updated from the initial message code Z to a new message code Z ′.
- each of the translation code generators 123 of the in-vehicle controllers 100A to 100D newly generates a translation code ⁇ ′ (block Z05).
- the updated message code and translation code are added to the communication data. And the communication data to which these message code and translation code were given is transmitted to the network for vehicles.
- each of the in-vehicle control devices 100A to 100D has a translation code transmitted together with the communication data and an initial key held in advance by each of the in-vehicle control devices 100A to 100D.
- the XOR operation is performed again.
- the key code is updated from the already used update key X 'to the new update key X "(block Z06).
- the updated update key and the random code are XORed, for example, to generate a message code Z ′′ (block Z07).
- the authentication code is further updated from the already used message code Z ′ to the new message code Z ′′.
- each of the translation code generators 123 of the in-vehicle controllers 100A to 100D newly generates a translation code (block Z08).
- the updated message code and translation code are added to the communication data.
- Data is transmitted to the vehicle network.
- the already used key code is updated from the already used update key X ′′ to the new update key X ′′ ′′ (block Z09).
- a new message code is generated by, for example, XORing the updated update key and the random code.
- the initial key and the update key which are key codes for generating message codes, are updated as needed.
- a message code assigned to the communication data for verification is updated at any time by recursively executing an operation based on the updated initial key and the updated key and the translation code calculated as needed.
- the Rukoto Therefore, the message code transmitted to the vehicle network changes each time communication data is transmitted. For this reason, even if the message code transmitted together with the communication data to the vehicular network is illegally acquired by, for example, the information terminal 300 connected to the vehicular network, the message code is invalid during the next communication. . Therefore, impersonation or the like due to unauthorized use of the message code is suppressed, and the security of the vehicle network is maintained.
- a random code distribution process is executed by the representative in-vehicle control device 100A.
- this distribution processing first, for example, an XOR operation is performed between the initial key held by the in-vehicle control device 100A and the random code generated by the random code generation unit 124 (S02). Then, a message code is generated from the calculation result (S03). Next, the generated message code is distributed from the in-vehicle control device 100A to the in-vehicle control devices 100B to 100D connected to the vehicle network.
- the in-vehicle control device 100B to 100D When each of the in-vehicle control devices 100B to 100D receives the message code, the in-vehicle control device 100B to 100D performs, for example, an XOR operation on the initial key held in advance by the in-vehicle control devices 100B to 100D (R01). Then, the message code is restored to a random code through such calculation (R02).
- a translation code is generated in the in-vehicle control device 100A that is a transmission subject of communication data (S04). Then, the translation code and the message code are added to the communication data to be transmitted (granting step), and the communication data is transmitted to the vehicle network.
- the in-vehicle control devices 100B to 100D When each of the in-vehicle control devices 100B to 100D receives the communication data to which the translation code and the message code are added, the in-vehicle control devices 100B to 100D perform, for example, an XOR operation on the initial key held in advance by the in-vehicle control devices 100B to 100D ( R03). Then, the message code is restored to a random code through such calculation (R04).
- each of the in-vehicle control devices 100B to 100D compares the random code distributed and restored in advance from the in-vehicle control device 100A with the random code distributed and restored together with the communication data (R05).
- Each of the in-vehicle control devices 100B to 100D verifies the validity of the communication data and the in-vehicle control device 100A that is the transmission source based on whether or not the compared random codes match (R06).
- each of the in-vehicle control devices 100B to 100D determines that the communication data is communication data transmitted from the legitimate in-vehicle control device 100A and has not been tampered with. Each of the in-vehicle control devices 100B to 100D executes various controls based on the communication data. On the other hand, when the compared random codes are different, each of the in-vehicle control devices 100B to 100D discards the communication data, assuming that the received communication data is data transmitted to the vehicle network by an unauthorized device. Alternatively, each of the in-vehicle control devices 100B to 100D discards the communication data, assuming that the communication data transmitted from the in-vehicle control device 100A has been tampered with when the compared random codes are different.
- a key code update process for generating a message code is executed (update step).
- each of the in-vehicle control devices 100A to 100D performs, for example, an XOR operation between the translation code generated and transmitted by the in-vehicle control device 100A and the initial key held by each of the in-vehicle control devices 100A to 100D (for example). S05, R07). Then, through this XOR operation, the initial key used for generating the message code is updated to an update key (S06, R08).
- step S100 when the ignition key is switched from off to on (step S100: YES), the representative in-vehicle control device 100A generates a message code, and the generated message code is, for example, each in-vehicle The data is transmitted to the control devices 100B to 100D (steps S101 to S103).
- the in-vehicle control apparatus 100A which is the communication data transmission subject, assigns a translation code and a message code to the communication data (steps S104 and S105: grant step). Then, this communication data is transmitted to, for example, the in-vehicle control devices 100B to 100D (step S105).
- the in-vehicle control device 100A updates the key code and the message code until the ignition key is turned off (steps S107 to S110: update step).
- the key code and the message code added to the communication data are updated.
- each of the in-vehicle control devices 100B to 100D which is a communication data receiving entity, acquires a message code transmitted from the in-vehicle control device 100A after the ignition key is switched from off to on. (Step S200: YES, S201: YES).
- each of the in-vehicle control devices 100B to 100D restores the acquired message code to a random code based on the initial key held by each of the in-vehicle control devices 100B to 100D. (Steps S202 and S203). Further, in the second and subsequent communications after the ignition key is turned on, each of the vehicle-mounted control devices 100B to 100D uses the acquired message code based on the updated update key held by the vehicle-mounted control device 100B to 100D. Restore to random code.
- step S204 when each of the in-vehicle control devices 100B to 100D receives the communication data transmitted from the in-vehicle control device 100A (step S204: YES), the received communication data is verified (steps S205 to S207).
- step S208: YES, S209 each vehicle control apparatus 100B to 100D discards the communication data when the validity of the communication data cannot be confirmed.
- each of the vehicle-mounted control devices 100B to 100D processes the communication data, it updates the key code (initial key, update key) and message code until the ignition key is turned off (steps S209 to S212).
- the communication data is processed, and each time the communication data transmission process is completed, the message code assigned to the key code and the communication data is updated.
- the attaching unit 130 provided in the in-vehicle control devices 100A to 100D assigns an authentication code used for verifying the legitimacy of the communication data transmission source to the corresponding communication data.
- the update unit 120 provided in the in-vehicle control devices 100A to 100D updates the authentication code based on the specified authentication code update rule every time communication of communication data is completed. As a result, it is possible to verify the validity of communication data using an authentication code with high reliability. As a result, it is possible to maintain high reliability of authentication using an authentication code. .
- the message code transmitted to a vehicle network with communication data is not utilized at the time of next communication. For this reason, even if the message code is illegally acquired, the unauthorized use can be suppressed. As a result, it is not necessary to encrypt the message code given to the communication data, and the processing load upon transmission / reception of the communication data can be reduced.
- the update unit 120 updates the authentication code including the message code through the calculation based on the key code and the change code.
- the update unit 120 updates the key code as needed by executing a recursive operation using the translation code selected as the change code on the key code (initial key, update key).
- the updating unit 120 recursively generates a message code using a key code that is updated as needed. For this reason, the message code is updated as needed through the update of the key code as needed. Thereby, the confidentiality of the key code used for generating the message code is maintained high, and the confidentiality of the message code generation source is maintained.
- a key code an initial key that is stored in advance in a plurality of nodes and used when the authentication code is generated for the first time, and an update key that is generated whenever communication data is communicated are adopted.
- the update unit 120 generates a message code used at the time of initial communication data communication through calculation of an initial key and a random code composed of a predetermined random number.
- the update part 120 updated the produced
- the authentication unit 140 acquires the communication data to which the message code is attached from the communication target. Further, the authentication unit 140 converts the message code given to the acquired communication data into a random code through calculation of this message code and the key code (initial key, update key) held by the in-vehicle control devices 100A to 100D. Restored. And the authentication part 140 verified the correctness of the communication data to which the message code was given through the comparison of the restored random code and the random code distributed in advance by the representative in-vehicle control device 100A. This makes it possible to verify the presence / absence of tampering of communication data and the validity of the transmission source of communication data through restoration and comparison of random codes.
- the authentication unit 140 provided in the in-vehicle control devices 100B to 100D acquires the message code generated by the representative in-vehicle control device 100A prior to the authentication of the communication target. Then, the authentication unit 140 restores the random code using a key code (initial key, update key) held in advance by the in-vehicle control devices 100B to 100D provided with the authentication unit 140, thereby verifying the validity of the communication data. A random code used for verification was obtained. As a result, the random code distributed prior to communication of communication data is held in the in-vehicle control devices 100A to 100D with high confidentiality. This also enables verification of the communication data using the random code and the random code and the transmission source thereof with a higher degree of freedom.
- a key code initial key, update key
- a plurality of in-vehicle control devices 100A to 100D that are provided in the vehicle and configure the vehicle network are selected.
- the update unit 120 and the grant unit 130 are provided in each of the plurality of in-vehicle control devices 100A to 100D.
- each update unit 120 provided in each of the in-vehicle control devices 100A to 100D synchronizes and updates the authentication code each time communication data is transmitted / received via the vehicle network.
- the second embodiment of the authentication system and the authentication method according to the present invention is a diagram corresponding to FIG. 2 and FIG. 4 with a focus on the differences from the first embodiment.
- a description will be given with reference to FIG.
- the basic configuration of the authentication system and the authentication method according to this embodiment is the same as that of the first embodiment, and in FIG. 7, the elements are substantially the same as those of the first embodiment. Are denoted by the same reference numerals, and duplicate descriptions are omitted.
- a rule for updating a message code using a key code composed of an initial key and a change code composed of a random code is defined.
- the update unit 120 ⁇ / b> A is configured not to include the translation code generation unit 123.
- the message code generation unit 121A that constitutes the update unit 120A of the present embodiment includes an operation selection unit 125 that updates an operation method for generating a message code every time data communication ends.
- the in-vehicle control device 100A selects a calculation method for generating a message code (S12).
- the in-vehicle control device 100A selects a calculation method by a random method or the like from three types of calculation methods such as an XOR operation, an AND operation, and an OR operation.
- the in-vehicle control devices 100B to 100D select the same calculation method as the calculation method selected by the in-vehicle control device 100A (R21). Note that such calculation method selection is performed, for example, by referring to data indicating a selection rule for a calculation method shared in advance by the in-vehicle control apparatuses 100A to 100D.
- the in-vehicle control device 100A performs calculation using the initial key and the random code based on the selected calculation method (S13). Then, a message code is generated from the calculation result (S14). Next, the generated message code is distributed from the in-vehicle control device 100A to the in-vehicle control devices 100B to 100D connected to the vehicle network.
- each of the vehicle-mounted control devices 100B to 100D Upon receipt of the message code, each of the vehicle-mounted control devices 100B to 100D calculates this message code and the initial key held in advance by the vehicle-mounted control devices 100B to 100D by the calculation method selected in synchronization (R12). . Then, the message code is restored to a random code through such calculation (R13).
- the in-vehicle control devices 100A to 100D reselect the calculation method (S15, R17). At this time, a calculation method different from the previously selected calculation method is selected.
- the calculation is performed using the initial key and the random code based on the reselected calculation method (S16).
- the calculation method is different from the previous calculation. Therefore, the message code generated from the calculation result of the initial key and the random code is different from the previously generated message code.
- the newly generated message code is added to the communication data, and this communication data is transmitted to the communication target (S17).
- the re-selection of the calculation method is performed every time the data communication is finished, so that the message code given to the communication data is dynamically changed.
- the effects (1) and (8) can be obtained, and the above (2) to (7), (9), ( The following effects can be obtained instead of 10).
- the in-vehicle control devices 100A to 100D select the calculation method used for generating the message code. For this reason, each time data communication is performed, the message code generated through the calculation using the initial key and the random code dynamically changes. As a result, the compromise of the communication data and the message code for verifying the transmission subject is suppressed, and the verification accuracy by this message code is suitably maintained.
- the message code changes dynamically only by changing the calculation method for generating the message code. For this reason, it becomes possible to change a message code more easily.
- the third embodiment of the authentication system and the authentication method according to the present invention is a diagram corresponding to FIG. 2 and FIG. 4 with a focus on the difference from the first embodiment.
- a description will be given with reference to FIG.
- the basic configuration of the authentication system and the authentication method according to the present embodiment is the same as that of the first embodiment, and FIGS. 9 and 10 are substantially the same as those of the first embodiment. These elements are denoted by the same reference numerals, and redundant descriptions are omitted.
- a rule for updating a message code using a key code composed of an initial key and a change code composed of a random code is defined.
- the update unit 120 ⁇ / b> B is configured not to include the translation code generation unit 123.
- the message code generation unit 121B constituting the update unit 120B of the present embodiment includes a counting unit 126 that counts the number of data communications based on transmission end information of communication data input from the communication unit 102. .
- a plurality of types of initial keys are commonly stored in the storage area 150 of the in-vehicle control devices 100A to 100D of the present embodiment.
- the in-vehicle control device 100A selects one initial key from a plurality of types of initial keys held by the in-vehicle control device 100A. (S22). In synchronization with this, the in-vehicle control devices 100B to 100D select an initial key that is common to the initial key selected by the in-vehicle control device 100A (R21). Note that such synchronization is performed, for example, by referring to data that defines a selection rule for initial keys held by the in-vehicle control devices 100A to 100D.
- the selected initial key and the random code are subjected to an XOR operation (S23). Then, a message code is generated from the calculation result (S24). Next, the generated message code is distributed from the in-vehicle control device 100A to the in-vehicle control devices 100B to 100D connected to the vehicle network.
- each of the vehicle-mounted control devices 100B to 100D Upon receipt of the message code, each of the vehicle-mounted control devices 100B to 100D performs, for example, an XOR operation on the message code and the initial key selected in synchronization (R22). Then, the message code is restored to a random code through such calculation (R23).
- each of the in-vehicle control devices 100A to 100D counts the number of times of communication after the ignition key is turned on, for example. (S25, R28).
- the number of initial keys corresponding to the counted number of communication is selected (S26, R29).
- one initial key is further selected from the storage area 150.
- the initial key (S22, R22) selected at the time of the initial communication and at least one newly selected at the end of the initial communication
- the calculation is performed using the initial key (S26, R29) and the random code (S27).
- the number of initial keys used for the calculation is different from the previous calculation. Therefore, the message code generated from the calculation result of each initial key and the random code is different from the previously generated message code.
- the newly generated message code is added to the communication data (S28), and this communication data is transmitted to the communication target.
- the message code given to communication data changes dynamically by changing the number of initial keys used for generation of such a message code according to the number of communications.
- the number of communications reaches, for example, the number of initial keys held, for example, the number of initial keys used for calculating a message code is reset. Then, again, the number of initial keys used for calculating the message code is increased until the number of communications reaches, for example, the number of possessed initial keys.
- the effects (1) and (8) can be obtained, and the above (2) to (7), (9), ( The following effects can be obtained instead of 10).
- the in-vehicle controllers 100A to 100D generate message codes using the number of initial keys corresponding to the number of communications. For this reason, each time data communication is performed, a message code generated based on one or more initial keys dynamically changes. As a result, the compromise of the communication data and the message code for verifying the transmission subject is suppressed, and the verification accuracy by this message code is suitably maintained.
- the message code changes dynamically only by changing the number of initial keys for generating the message code. For this reason, it becomes possible to change a message code more easily.
- the fourth embodiment of the authentication system and the authentication method according to the present invention is a diagram corresponding to FIG. 2 and FIG. 4, focusing on the differences from the first embodiment. A description will be given with reference to FIG. Note that the basic configuration of the authentication system and authentication method according to the present embodiment is the same as that of the first embodiment, and FIGS. 11 and 12 are substantially the same as those of the first embodiment. These elements are denoted by the same reference numerals, and redundant descriptions are omitted.
- a rule for updating a message code using a key code composed of an initial key and a change code composed of a random code is defined.
- the update unit 120 ⁇ / b> C of the present embodiment is configured not to include the translation code generation unit 123.
- the message code generation unit 121C constituting the update unit 120C of the present embodiment is a key selection unit that selects an initial key used for generating a message code from among a plurality of types of initial keys stored in the storage area 150. 127.
- the in-vehicle control device 100A selects one initial key from a plurality of types of initial keys held by the in-vehicle control device 100A. (S32). In synchronization with this, the in-vehicle control devices 100B to 100D select an initial key that is common to the initial key selected by the in-vehicle control device 100A (R31). Note that such selection is performed, for example, through reference to data that defines a selection rule for initial keys held by the in-vehicle control devices 100A to 100D.
- the selected initial key and the random code are subjected to an XOR operation (S33). Then, a message code is generated from the calculation result (S34). Next, the generated message code is distributed from the in-vehicle control device 100A to the in-vehicle control devices 100B to 100D connected to the vehicle network.
- each of the vehicle-mounted control devices 100B to 100D Upon receipt of the message code, each of the vehicle-mounted control devices 100B to 100D performs, for example, an XOR operation on the message code and the initial key selected in synchronization (R32). Then, the message code is restored to a random code through such calculation (R33).
- each of the in-vehicle control devices 100A to 100D reselects the next initial key (S35, R38). ). At this time, a calculation method different from the previously selected initial key is selected.
- the initial key used for the calculation is different from the previous calculation. Therefore, the message code generated from the operation result of the reselected initial key and the random code is different from the previously generated message code.
- the newly generated message code is added to the communication data (S37), and this communication data is transmitted to the communication target. Then, the re-selection of the initial key is performed every time the data communication is completed, so that the message code assigned to the communication data is dynamically changed.
- the effects (1) and (8) can be obtained, and the above (2) to (7), (9), ( The following effects can be obtained instead of 10).
- Each of the on-vehicle controllers 100A to 100D has a plurality of types of initial keys in common. Then, each time the data communication is completed, the in-vehicle controllers 100A to 100D reselect the initial key used for generating the message code. For this reason, each time data communication is performed, the message code generated based on the initial key dynamically changes. As a result, the compromise of the communication data and the message code for verifying the transmission subject is suppressed, and the verification accuracy by this message code is suitably maintained. In this embodiment, the message code dynamically changes only by changing the type of the initial key for generating the message code. For this reason, it becomes possible to change a message code more easily.
- FIG. 13 a fifth embodiment of an authentication system and an authentication method according to the present invention will be described with reference to FIG. 13 with a focus on differences from the first embodiment.
- the basic configuration of the authentication system and the authentication method according to the present embodiment is the same as that of the first embodiment, and in FIG. 13, the elements are substantially the same as those of the first embodiment. Are denoted by the same reference numerals, and duplicate descriptions are omitted.
- in-vehicle control devices 100A to 100I provided with an updating unit 120 and a granting unit 130 are connected to the vehicle network.
- the vehicle network is provided with a monitoring on-vehicle control device (monitoring ECU) 50 for monitoring communication data transmitted to the vehicle network.
- monitoring ECU monitoring ECU
- an unauthorized control device 400 is illegally connected to the vehicle network.
- the regular onboard control devices 100A to 100I and the monitoring onboard control device 50 have a key code including the initial key and the update key, and a random code.
- the unauthorized control device 400 does not have a key code or a random code because it is attached to the vehicle later by unauthorized means.
- the unauthorized control device 400 When the monitoring on-vehicle control device 50 detects the unauthorized data transmitted by the control device 400, the unauthorized control device 400 that is the transmission source of the unauthorized data based on the ID given to the data frame of the unauthorized data. Is identified.
- the on-board control device 50 for monitoring creates warning information with a content that prohibits each of the on-vehicle control devices 100A to 100I from using the unauthorized data transmitted by the specified unauthorized control device 400.
- the message code “X” is created as, for example, 53-bit data.
- the message code “Z” is a content that prohibits the in-vehicle control devices 100A to 100I from using the data transmitted by the unauthorized control device 400 until the cancellation process cancellation condition is satisfied. Note that, as the release condition of the suppression process, for example, it is specified that a predetermined time elapses and that the ignition key is turned on. Then, the suppression process is canceled on the condition that any one of the cancellation conditions is satisfied.
- the in-vehicle control device 50 for monitoring When generating the message code, the in-vehicle control device 50 for monitoring writes, for example, the ID of the specified unauthorized control device 400 indicated by 11 bits in the data field of the communication data. Then, the monitoring on-vehicle control device 50 transmits communication data with its own ID attached to the data frame to the vehicle network as warning information indicating the presence of the unauthorized control device 400.
- the message code that has been used once is continuously used. For this reason, there is a possibility that the unauthorized control device 400 illegally acquires the message code and impersonates the legitimate vehicle-mounted control devices 100A to 100I using the illegally acquired message code.
- a translation code is assigned to the communication data, and the key code and the message code are updated based on the translation code. Therefore, improper control device 400 is prevented from impersonating legitimate in-vehicle control devices 100A to 100I.
- the effects (1) to (10) can be obtained, and the following effects can be further obtained.
- Each of the vehicle-mounted control devices 100A to 100I and the monitoring vehicle-mounted control device 50 exchanged the communication data with the message code with respect to the communication data indicating the warning information.
- the confidentiality of highly important communication data is maintained in maintaining the security of the vehicle network.
- the message code is not assigned to communication data other than the communication data indicating the warning information, and it is possible to omit the message code assigning process and the restoring process for normal communication data transmission / reception.
- each said embodiment can also be implemented with the following forms.
- the in-vehicle control device 100A generates and distributes a random code on the condition that the ignition key of the vehicle is turned on.
- the in-vehicle control device 100A may generate and distribute a random code on condition that a predetermined period has elapsed.
- the in-vehicle control device 100A is the communication data transmission subject.
- the in-vehicle control devices 100B to 100D may be the communication data transmitting entity.
- the vehicle-mounted control devices 100B to 100D give a message code and a random code to the communication data when transmitting the communication data. Then, the communication data and the transmission subject are verified by the device that has received the communication data.
- the message code is generated through the XOR operation between the initial key and the random code.
- various operations such as an OR operation and an AND operation can be used to generate the message code.
- the representative in-vehicle control device 100A transmits the translation code generated as the change code to the in-vehicle control devices 100B to 100D together with the communication data.
- the in-vehicle control device 100A may distribute the translation code separately from the communication data.
- the in-vehicle control device 100A may generate, for example, a plurality of types of translation codes in advance, and distribute the generated plurality of types of translation codes to the in-vehicle control devices 100B to 100D. According to this, each of the in-vehicle control devices 100A to 100D generates a translation code used for generating a message code from a plurality of types of translation codes generated in advance every time data communication is completed.
- the representative in-vehicle control device 100A does not need to generate a translation code or distribute the generated translation code every time data communication ends.
- the representative in-vehicle control device 100A generates a translation code as a change code. Then, the in-vehicle control apparatus 100A updates the initial key based on the generated translation code. Also, each of the in-vehicle control devices 100B to 100D updated the initial key based on the translation code distributed from the in-vehicle control device 100A. Not limited to this, the generation and distribution of the initial key may be performed by at least one of the in-vehicle control devices 100A to 100D. In addition, the in-vehicle control devices 100A to 100D may generate a common translation code in synchronization with each other.
- the in-vehicle control device 100A is defined as a device that represents the in-vehicle control devices 100A to 100D. Then, the in-vehicle control device 100A generates and distributes a random code. Not limited to this, any one of the in-vehicle control devices 100B to 100D may generate and distribute the random code. Further, for example, each of the in-vehicle control devices 100A to 100D may hold the same type of random code in advance. Similarly, the in-vehicle control devices 100A to 100D may generate and update the same type of random code in synchronization with each other.
- the translation code constituting the change code is updated every time data communication is completed.
- the present invention is not limited to this, and once the translation code is generated, the translation code may be used continuously. Also in this way, the translation key and the update key that is updated each time are calculated in multiple, whereby the update key is updated as needed.
- the change code is not limited to a translation code made up of random numbers, but may be any code for updating the message code, and can be changed as appropriate.
- the communication data transmission subject assigns a random code converted into a message code as an authentication code to the communication data, and transmits this communication data to the transmission target.
- the authentication part 140 performed verification of communication data and its transmission source through the comparison with the random code previously hold
- the communication data transmission subject may transmit the random code itself to the communication target as the authentication code.
- the authentication unit 140 includes a random code given to the communication data acquired from the communication data transmission subject and a random code held in advance by the in-vehicle control devices 100A to 100D in which the authentication unit 140 is provided. Compare. And the authentication part 140 verifies communication data and its transmission source based on this comparison result.
- one random code is used. Not limited to this, the number of random codes used for verification of communication data may be two or more.
- one translation code is used for updating the key code.
- the update unit 120 may update the key code using a plurality of translation codes.
- a random code composed of a predetermined random number is adopted as the authentication code. Further, the authentication unit 140 verifies communication data and its transmission source through comparison of two random codes.
- the authentication code is not limited to this, and may be a password or the like distributed in advance to a legitimate vehicle-mounted control device or the like.
- the update unit 120 and the grant unit 130 are provided in the in-vehicle control devices 100A to 100D.
- the updating unit 120 and the assigning unit 130 are provided in the in-vehicle control devices 100A to 100I and the monitoring in-vehicle control device 50.
- the structure which the update part 120 and the provision part 130 provide in the gateway GW (refer FIG. 13) connected to the network for vehicles may be sufficient, for example.
- the update unit 120 and the grant unit 130 may be connected to the vehicle network as a dedicated device, for example.
- the in-vehicle control device connected to the vehicle network is adopted as a node for transmitting and receiving communication data.
- various information terminals such as personal computers and smartphones, various devices, and the like may be employed as nodes.
- each information terminal or each device gives an authentication code to the communication data when transmitting / receiving the communication data via the network.
- each information terminal and each device updates an authentication code given to communication data as needed. Also by this, it is possible to obtain the effect according to the above (1).
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Medical Informatics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Mechanical Engineering (AREA)
- Small-Scale Networks (AREA)
- Mobile Radio Communication Systems (AREA)
- Lock And Its Accessories (AREA)
Abstract
Description
以下、本発明にかかる認証システム及び認証方法を具体化した第1の実施の形態について図1~図6を参照して説明する。なお、本実施の形態の認証システム及び認証方法は、車両に搭載された車両用ネットワークを介して行われる通信を管理するものである。また、本実施の形態では、上記更新規定として、イニシャルキーや更新キーからなる鍵コードと、いずれも所定の乱数により構成されるランダムコード及びトランスレーションコードからなる変更コードとを用いてメッセージコードを更新する規定が定められている。
次に、本発明にかかる認証システム及び認証方法の第2の実施の形態を、第1の実施の形態との相違点を中心に、先の図2及び図4に対応する図である図7及び図8を参照して説明する。なお、本実施の形態にかかる認証システム及び認証方法も、その基本的な構成は第1の実施の形態と同等であり、図7においても第1の実施の形態と実質的に同一の要素にはそれぞれ同一の符号を付して示し、重複する説明は割愛する。
次に、本発明にかかる認証システム及び認証方法の第3の実施の形態を、第1の実施の形態との相違点を中心に、先の図2及び図4に対応する図である図9及び図10を参照して説明する。なお、本実施の形態にかかる認証システム及び認証方法も、その基本的な構成は第1の実施の形態と同等であり、図9及び図10においても第1の実施の形態と実質的に同一の要素にはそれぞれ同一の符号を付して示し、重複する説明は割愛する。
次に、本発明にかかる認証システム及び認証方法の第4の実施の形態を、第1の実施の形態との相違点を中心に、先の図2及び図4に対応する図である図11及び図12を参照して説明する。なお、本実施の形態にかかる認証システム及び認証方法も、その基本的な構成は第1の実施の形態と同等であり、図11及び図12においても第1の実施の形態と実質的に同一の要素にはそれぞれ同一の符号を付して示し、重複する説明は割愛する。
次に、本発明にかかる認証システム及び認証方法の第5の実施の形態を、第1の実施の形態との相違点を中心に、図13を参照して説明する。なお、本実施の形態にかかる認証システム及び認証方法も、その基本的な構成は第1の実施の形態と同等であり、図13においても第1の実施の形態と実質的に同一の要素にはそれぞれ同一の符号を付して示し、重複する説明は割愛する。
なお、上記各実施の形態は、以下のような形態をもって実施することもできる。
Claims (15)
- ネットワークに接続されて通信データが送受信される複数のノードの認証に用いられる認証システムであって、
前記通信データの送信元の正当性の検証に用いられる認証コードを該当する通信データに付与する付与部と、
前記通信データの通信が完了する都度、規定された認証コードの更新規定に基づいて前記認証コードを更新する更新部と、を
備えることを特徴とする認証システム。 - 前記複数のノードは、認証コードの生成用の鍵コードと、該認証コードの変更用の変更コードとを共通して保有し、
前記更新規定として、前記鍵コードと前記変更コードとを用いて前記認証コードを更新する規定が定められており、
前記更新部は、前記鍵コード及び変更コードに基づく所定の演算を通じて前記認証コードを更新する
請求項1に記載の認証システム。 - 前記更新部は、前記変更コードとして所定の乱数からなるトランスレーションコードを選定するとともに、この選定したトランスレーションコードを用いた再帰的な演算を前記鍵コードに対して実行することにより該鍵コードを随時更新し、該随時更新する鍵コードを用いて前記認証コードを再帰的に生成する
請求項2に記載の認証システム。 - 前記鍵コードには、前記複数のノードに予め保有されて前記認証コードの初回生成時に用いられるイニシャルキーと、前記イニシャルキーと前記トランスレーションコードとの演算を通じて前記通信データの通信が行われる都度、随時生成される更新キーとが含まれ、
前記更新部は、通信データの初回通信時に用いられる認証コードを前記イニシャルキーと前記複数のノードに予め保有された所定の乱数からなるランダムコードとの演算を通じて生成し、該生成した認証コードを随時生成される更新キーを用いて更新する
請求項3に記載の認証システム。 - 請求項2~4のいずれか一項に記載の認証システムにおいて、
前記通信データの送受信に際して通信対象となるノードを認証する認証部をさらに備え、
前記認証部は、通信対象となるノードの認証に際し、前記複数のノードに予め保有された所定の乱数からなるランダムコードと前記鍵コードとの演算を通じて生成されるメッセージコードが付与された通信データを通信対象から取得し、該取得したメッセージコードと当該認証部が保有する鍵コードとの演算を通じて復元されるランダムコードと、前記通信対象から通信データを受信したノードが予め保有するランダムコードとの比較を通じて前記メッセージコードが付与された通信データの正当性を検証し、
前記更新部は、前記認証コードとして前記メッセージコードを更新する
ことを特徴とする認証システム。 - 前記認証部は、前記通信対象となるノードの認証に先立ち、前記鍵コードとランダムコードとの演算を通じて生成されたメッセージコードを、当該認証部が予め保有する鍵コードを用いてランダムコードに復元することにより、前記通信データの正当性の検証に用いられるランダムコードを取得する
請求項5に記載の認証システム。 - 前記通信データを送信するノードは、前記通信データに付与される認証コードとともに前記変更コードを送信対象とするノードに配布し、
前記更新部は、前記認証コード及び前記変更コードが付与された通信データの送信処理が完了されたことを条件として、該変更コードを用いた鍵コードの更新を行う
請求項2~6のいずれか一項に記載の認証システム。 - 前記複数のノードは、認証コードの生成用の鍵コードと、該認証コードの変更用の変更コードとを共通して保有し、
前記更新規定として、前記鍵コードと前記変更コードとを用いて前記認証コードを更新する規定が定められており、
前記更新部は、前記通信データの通信が完了する都度、前記変更コードを用いた前記認証コードの演算種別を変更することによって前記認証コードを更新する
請求項1~7のいずれか一項に記載の認証システム。 - 前記複数のノードは、認証コードの生成用の鍵コードと、該認証コードの変更用の変更コードとを共通して保有し、
前記更新規定として、前記鍵コードと前記変更コードとを用いて前記認証コードを更新する規定が定められており、
前記更新部は、前記複数のノード間で送信される通信データの通信回数をカウントするとともに、該カウントした通信回数に応じた数の鍵コードを用いて前記認証コードを生成することにより前記認証コードを更新する
請求項1~8のいずれか一項に記載の認証システム。 - 前記複数のノードが、車両に設けられて車両用ネットワークを構成する複数の車載制御装置からなり、
前記付与部及び更新部が、前記複数の車載制御装置にそれぞれ設けられるとともに、
前記複数の車載制御装置に設けられた更新部は、前記車両用ネットワークを介した通信データの送受信が行われる都度、前記認証コードの更新を各々同期して行う
請求項1~9のいずれか一項に記載の認証システム。 - ネットワークに接続されて通信データが送受信される複数のノードの認証に用いられる認証方法であって、
前記通信データの送信元の正当性の検証に用いられる認証コードを該当する通信データに付与する付与ステップと、
前記通信データの通信が完了する都度、規定された認証コードの更新規定に基づいて前記認証コードを更新する更新ステップと、を
含むことを特徴とする認証方法。 - 認証コードの生成用の鍵コードと、該認証コードの変更用の変更コードとを前記複数のノードに共通して保有させ、
前記更新規定として、前記鍵コードと前記変更コードとを用いて前記認証コードを更新する規定を定め、
前記更新ステップでは、前記鍵コード及び変更コードに基づく所定の演算を通じて前記認証コードを更新する
請求項11に記載の認証方法。 - 前記更新ステップでは、前記変更コードとして所定の乱数からなるトランスレーションコードを選定するとともに、この選定したトランスレーションコードを用いた再帰的な演算を前記鍵コードに対して実行することにより該鍵コードを随時更新し、該随時更新する鍵コードによって前記認証コードを再帰的に生成する
請求項12に記載の認証方法。 - 前記鍵コードとして、前記複数のノードに予め保有されて前記認証コードの初回生成時に用いられるイニシャルキーと、前記イニシャルキーと前記トランスレーションコードとの演算を通じて前記通信データの通信が行われる都度、随時生成される更新キーとを選定し、
前記更新ステップは、通信データの初回通信時に用いられる認証コードを前記イニシャルキーと前記ランダムコードとの演算を通じて生成するステップと、該生成した認証コードを随時生成する更新キーを用いて更新するステップと、を含む
請求項13に記載の認証方法。 - 請求項12~14のいずれか一項に記載の認証方法において、
通信対象となるノードの認証に際し、前記複数のノードに予め保有された所定の乱数からなるランダムコードと前記鍵コードとの演算を通じて生成したメッセージコードが付与された通信データを通信対象から取得し、該取得したメッセージコードと予め保有された鍵コードとの演算を通じて復元するランダムコードと、前記通信対象から通信データを受信したノードが予め保有するランダムコードとの比較を通じて前記メッセージコードが付与された通信データの正当性を検証し、該検証結果に基づいて前記通信データの送受信に際して通信対象となるノードを認証する認証ステップをさらに含み、
前記更新ステップでは、前記認証コードとして前記メッセージコードを更新する
ことを特徴とする認証方法。
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2014518127A JP5958535B2 (ja) | 2012-05-29 | 2012-05-29 | 認証システム及び認証方法 |
US14/399,224 US9577997B2 (en) | 2012-05-29 | 2012-05-29 | Authentication system and authentication method |
PCT/JP2012/063794 WO2013179392A1 (ja) | 2012-05-29 | 2012-05-29 | 認証システム及び認証方法 |
EP12877846.1A EP2858003B1 (en) | 2012-05-29 | 2012-05-29 | Authentication system and authentication method |
CN201280073474.8A CN104349947B (zh) | 2012-05-29 | 2012-05-29 | 认证系统和认证方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2012/063794 WO2013179392A1 (ja) | 2012-05-29 | 2012-05-29 | 認証システム及び認証方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2013179392A1 true WO2013179392A1 (ja) | 2013-12-05 |
Family
ID=49672646
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2012/063794 WO2013179392A1 (ja) | 2012-05-29 | 2012-05-29 | 認証システム及び認証方法 |
Country Status (5)
Country | Link |
---|---|
US (1) | US9577997B2 (ja) |
EP (1) | EP2858003B1 (ja) |
JP (1) | JP5958535B2 (ja) |
CN (1) | CN104349947B (ja) |
WO (1) | WO2013179392A1 (ja) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104811434A (zh) * | 2014-01-29 | 2015-07-29 | 现代自动车株式会社 | 车辆网络中的控制器之间的数据传输方法和数据接收方法 |
CN105594155A (zh) * | 2014-05-08 | 2016-05-18 | 松下电器(美国)知识产权公司 | 车载网络系统、电子控制单元以及更新处理方法 |
CN105637803A (zh) * | 2014-05-08 | 2016-06-01 | 松下电器(美国)知识产权公司 | 车载网络系统、不正常检测电子控制单元以及不正常应对方法 |
WO2016152556A1 (ja) * | 2015-03-26 | 2016-09-29 | Kddi株式会社 | 管理装置、車両、管理方法、及びコンピュータプログラム |
JP2017050848A (ja) * | 2015-08-31 | 2017-03-09 | パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America | ゲートウェイ装置、車載ネットワークシステム及び転送方法 |
WO2017037982A1 (ja) * | 2015-08-31 | 2017-03-09 | パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ | ゲートウェイ装置、車載ネットワークシステム及び転送方法 |
JP2018061289A (ja) * | 2017-12-13 | 2018-04-12 | Kddi株式会社 | 管理装置、車両、管理方法、及びコンピュータプログラム |
JP2020129801A (ja) * | 2014-05-08 | 2020-08-27 | パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America | 不正対処方法 |
Families Citing this family (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5522160B2 (ja) * | 2011-12-21 | 2014-06-18 | トヨタ自動車株式会社 | 車両ネットワーク監視装置 |
CN104113426B (zh) * | 2013-04-17 | 2019-03-01 | 腾讯科技(深圳)有限公司 | 开放认证协议票据的升级方法、系统及装置 |
US20150298654A1 (en) * | 2013-08-19 | 2015-10-22 | Raymond Anthony Joao | Control, monitoring, and/or security, apparatus and method for premises, vehicles, and/or articles |
US9253200B2 (en) * | 2013-10-28 | 2016-02-02 | GM Global Technology Operations LLC | Programming vehicle modules from remote devices and related methods and systems |
US9374355B2 (en) | 2013-10-28 | 2016-06-21 | GM Global Technology Operations LLC | Programming vehicle modules from remote devices and related methods and systems |
WO2015129352A1 (ja) * | 2014-02-28 | 2015-09-03 | 日立オートモティブシステムズ株式会社 | 認証システム、車載制御装置 |
CN106332073B (zh) * | 2015-06-16 | 2019-06-21 | 北京信威通信技术股份有限公司 | 一种集群组根密钥更新方法 |
US11048797B2 (en) | 2015-07-22 | 2021-06-29 | Arilou Information Security Technologies Ltd. | Securing vehicle bus by corrupting suspected messages transmitted thereto |
CN105282168B (zh) * | 2015-11-06 | 2019-02-05 | 盛趣信息技术(上海)有限公司 | 基于chap协议的数据交互方法及装置 |
US10277597B2 (en) | 2015-11-09 | 2019-04-30 | Silvercar, Inc. | Vehicle access systems and methods |
DE102015222234B4 (de) * | 2015-11-11 | 2019-03-21 | Volkswagen Aktiengesellschaft | Verfahren zum Auslösen einer sicherheitsrelevanten Funktion eines Systems und System |
DE102015016334B4 (de) | 2015-12-15 | 2017-07-06 | Audi Ag | Kraftfahrzeug-Dachantennenmodul, Kraftfahrzeug und Verfahren zum Betreiben des Dachantennenmoduls |
EP3426151A4 (en) * | 2016-03-08 | 2019-12-04 | Dust Identity, Inc. | GENERATING A SINGLE CODE FROM ORIENTATION INFORMATION |
US11146401B2 (en) * | 2016-08-10 | 2021-10-12 | Ford Global Technologies, Llc | Software authentication before software update |
JP6956624B2 (ja) | 2017-03-13 | 2021-11-02 | パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America | 情報処理方法、情報処理システム、及びプログラム |
US20180310173A1 (en) * | 2017-04-25 | 2018-10-25 | Kabushiki Kaisha Toshiba | Information processing apparatus, information processing system, and information processing method |
KR102348122B1 (ko) | 2017-09-22 | 2022-01-07 | 현대자동차주식회사 | 차량 간 통신환경에서 차량 검증 방법 및 그 장치 |
JP6717793B2 (ja) * | 2017-10-10 | 2020-07-08 | 株式会社東海理化電機製作所 | カーシェアリングシステム及びカーシェア装置 |
JP6950605B2 (ja) * | 2018-03-27 | 2021-10-13 | トヨタ自動車株式会社 | 車両用通信システム |
US10789364B2 (en) * | 2018-05-02 | 2020-09-29 | Nxp B.V. | Method for providing an authenticated update in a distributed network |
CN109033862B (zh) * | 2018-08-12 | 2019-04-30 | 吉林大学 | 一种分布式车载电子系统信息安全防护方法 |
CN111324896A (zh) * | 2018-12-13 | 2020-06-23 | 航天信息股份有限公司 | 一种写入车辆业务信息的方法、装置及计算设备 |
CN111434533B (zh) * | 2019-01-15 | 2022-01-18 | 浙江吉利汽车研究院有限公司 | 一种车辆钥匙搜索方法及系统 |
US11838416B2 (en) * | 2019-04-12 | 2023-12-05 | Kabushiki Kaisha Tokai Rika Denki Seisakusho | Communication system and control device |
DE102020118960A1 (de) | 2020-07-17 | 2022-01-20 | Dspace Digital Signal Processing And Control Engineering Gmbh | Verfahren und Wiedergabeeinheit zur Wiedergabe von gesicherten Nachrichten |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001005784A (ja) * | 1999-06-18 | 2001-01-12 | Nec Software Kyushu Ltd | パスワード照合装置および方法 |
JP2001036522A (ja) * | 1999-07-22 | 2001-02-09 | Ntt Advanced Technology Corp | 可変認証情報を用いる資格認証方法 |
JP2002109593A (ja) * | 2000-09-29 | 2002-04-12 | Mitsubishi Electric Corp | 無線通信装置および情報変更方法 |
JP2009123059A (ja) * | 2007-11-16 | 2009-06-04 | Fujitsu Ten Ltd | 認証装置、車載装置および認証システム |
JP2010041411A (ja) * | 2008-08-05 | 2010-02-18 | Tokai Rika Co Ltd | 通信システム |
JP2011020475A (ja) | 2009-07-13 | 2011-02-03 | Tokai Rika Co Ltd | 秘密鍵登録システム及び秘密鍵登録方法 |
JP2011164729A (ja) * | 2010-02-05 | 2011-08-25 | Fujitsu Ltd | プログラム、車載装置および情報処理装置 |
Family Cites Families (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE4411450C1 (de) * | 1994-04-01 | 1995-03-30 | Daimler Benz Ag | Fahrzeugsicherungseinrichtung mit elektronischer Nutzungsberechtigungscodierung |
US5577122A (en) * | 1994-12-29 | 1996-11-19 | Trimble Navigation Limited | Secure communication of information |
US5754657A (en) * | 1995-08-31 | 1998-05-19 | Trimble Navigation Limited | Authentication of a message source |
JP3595109B2 (ja) * | 1997-05-28 | 2004-12-02 | 日本ユニシス株式会社 | 認証装置、端末装置、および、それら装置における認証方法、並びに、記憶媒体 |
AU7628398A (en) * | 1997-09-12 | 1999-03-25 | Robert Bosch Gmbh | An ignition lock system |
JP4558295B2 (ja) * | 2003-09-10 | 2010-10-06 | 株式会社メルコホールディングス | リモートアクセスシステム、リモートアクセス方法およびリモートアクセスプログラム |
JP4707373B2 (ja) * | 2003-12-16 | 2011-06-22 | 株式会社リコー | 電子装置、電子装置の制御方法、プログラム、記録媒体、管理システム、および交換部材 |
JP2005196568A (ja) * | 2004-01-08 | 2005-07-21 | Denso Corp | 車両の部品管理方法及び装置、車両の部品管理データ更新方法及び装置、並びに車両部品管理センタ |
US7266198B2 (en) * | 2004-11-17 | 2007-09-04 | General Instrument Corporation | System and method for providing authorized access to digital content |
JP4568638B2 (ja) * | 2005-04-26 | 2010-10-27 | 本田技研工業株式会社 | 車両用電子キーシステム |
JP2007188375A (ja) | 2006-01-16 | 2007-07-26 | Hitachi Ltd | データベースにおいてidを検索可能なプライバシ保護型認証システムおよび装置 |
JP4708377B2 (ja) * | 2007-03-01 | 2011-06-22 | 株式会社シンフォーム | パスワード自動更新システム |
CN101652956B (zh) * | 2007-04-05 | 2013-08-21 | 皇家飞利浦电子股份有限公司 | 无线传感器网络密钥分配 |
JP5019172B2 (ja) * | 2007-07-24 | 2012-09-05 | 株式会社大都技研 | 遊技台 |
JP4959038B2 (ja) | 2007-08-29 | 2012-06-20 | 三菱電機株式会社 | 認証システム及び認証装置及び端末装置及びicカード及びプログラム |
WO2009063947A1 (ja) * | 2007-11-16 | 2009-05-22 | Fujitsu Ten Limited | 認証方法、認証システム、車載装置および認証装置 |
CN101715188B (zh) * | 2010-01-14 | 2015-11-25 | 中兴通讯股份有限公司 | 一种空口密钥的更新方法及系统 |
US8881294B2 (en) * | 2011-02-18 | 2014-11-04 | Honeywell International Inc. | Methods and systems for securely uploading files onto aircraft |
US9003492B2 (en) * | 2011-06-21 | 2015-04-07 | Qualcomm Incorporated | Secure client authentication and service authorization in a shared communication network |
US8779893B2 (en) * | 2011-09-12 | 2014-07-15 | King Fahd University Of Petroleum And Minerals | System and method for controlling vehicle ignition |
JP5770602B2 (ja) | 2011-10-31 | 2015-08-26 | トヨタ自動車株式会社 | 通信システムにおけるメッセージ認証方法および通信システム |
US8798852B1 (en) * | 2013-03-14 | 2014-08-05 | Gogoro, Inc. | Apparatus, system, and method for authentication of vehicular components |
-
2012
- 2012-05-29 EP EP12877846.1A patent/EP2858003B1/en not_active Not-in-force
- 2012-05-29 US US14/399,224 patent/US9577997B2/en active Active
- 2012-05-29 WO PCT/JP2012/063794 patent/WO2013179392A1/ja active Application Filing
- 2012-05-29 CN CN201280073474.8A patent/CN104349947B/zh not_active Expired - Fee Related
- 2012-05-29 JP JP2014518127A patent/JP5958535B2/ja not_active Expired - Fee Related
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001005784A (ja) * | 1999-06-18 | 2001-01-12 | Nec Software Kyushu Ltd | パスワード照合装置および方法 |
JP2001036522A (ja) * | 1999-07-22 | 2001-02-09 | Ntt Advanced Technology Corp | 可変認証情報を用いる資格認証方法 |
JP2002109593A (ja) * | 2000-09-29 | 2002-04-12 | Mitsubishi Electric Corp | 無線通信装置および情報変更方法 |
JP2009123059A (ja) * | 2007-11-16 | 2009-06-04 | Fujitsu Ten Ltd | 認証装置、車載装置および認証システム |
JP2010041411A (ja) * | 2008-08-05 | 2010-02-18 | Tokai Rika Co Ltd | 通信システム |
JP2011020475A (ja) | 2009-07-13 | 2011-02-03 | Tokai Rika Co Ltd | 秘密鍵登録システム及び秘密鍵登録方法 |
JP2011164729A (ja) * | 2010-02-05 | 2011-08-25 | Fujitsu Ltd | プログラム、車載装置および情報処理装置 |
Non-Patent Citations (1)
Title |
---|
See also references of EP2858003A4 * |
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104811434B (zh) * | 2014-01-29 | 2020-01-10 | 现代自动车株式会社 | 车辆网络中的控制器之间的数据传输方法和数据接收方法 |
CN104811434A (zh) * | 2014-01-29 | 2015-07-29 | 现代自动车株式会社 | 车辆网络中的控制器之间的数据传输方法和数据接收方法 |
JP2020129801A (ja) * | 2014-05-08 | 2020-08-27 | パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America | 不正対処方法 |
CN105637803B (zh) * | 2014-05-08 | 2019-10-22 | 松下电器(美国)知识产权公司 | 车载网络系统、不正常检测电子控制单元以及不正常应对方法 |
JP7199467B2 (ja) | 2014-05-08 | 2023-01-05 | パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ | 不正対処方法、および電子制御ユニット |
JP2021121109A (ja) * | 2014-05-08 | 2021-08-19 | パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America | 不正対処方法、および電子制御ユニット |
EP3142291A4 (en) * | 2014-05-08 | 2017-05-17 | Panasonic Intellectual Property Corporation of America | On-vehicle network system, fraud-detection electronic control unit, and method for tackling fraud |
EP3142288A4 (en) * | 2014-05-08 | 2017-05-17 | Panasonic Intellectual Property Corporation of America | In-car network system, electronic control unit and update processing method |
CN105594155A (zh) * | 2014-05-08 | 2016-05-18 | 松下电器(美国)知识产权公司 | 车载网络系统、电子控制单元以及更新处理方法 |
US10227053B2 (en) | 2014-05-08 | 2019-03-12 | Panasonic Intellectual Property Corporation Of America | In-vehicle network system, electronic control unit, and update processing method |
CN105594155B (zh) * | 2014-05-08 | 2019-08-02 | 松下电器(美国)知识产权公司 | 车载网络系统、电子控制单元以及更新处理方法 |
CN105637803A (zh) * | 2014-05-08 | 2016-06-01 | 松下电器(美国)知识产权公司 | 车载网络系统、不正常检测电子控制单元以及不正常应对方法 |
WO2016152556A1 (ja) * | 2015-03-26 | 2016-09-29 | Kddi株式会社 | 管理装置、車両、管理方法、及びコンピュータプログラム |
US10673621B2 (en) | 2015-03-26 | 2020-06-02 | Kddi Corporation | Management device, vehicle, management method, and computer program |
US10525911B2 (en) | 2015-08-31 | 2020-01-07 | Panasonic Intellectual Property Corporation Of America | Gateway device, vehicle network system, and transfer method |
US10974669B2 (en) | 2015-08-31 | 2021-04-13 | Panasonic Intellectual Property Corporation Of America | Gateway device, vehicle network system, and transfer method |
WO2017037982A1 (ja) * | 2015-08-31 | 2017-03-09 | パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ | ゲートウェイ装置、車載ネットワークシステム及び転送方法 |
CN113300947A (zh) * | 2015-08-31 | 2021-08-24 | 松下电器(美国)知识产权公司 | 网关装置、车载网络系统以及转送方法 |
US11529914B2 (en) | 2015-08-31 | 2022-12-20 | Panasonic Intellectual Property Corporation Of America | Gateway device, vehicle network system, and transfer method |
JP2017050848A (ja) * | 2015-08-31 | 2017-03-09 | パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America | ゲートウェイ装置、車載ネットワークシステム及び転送方法 |
JP2018061289A (ja) * | 2017-12-13 | 2018-04-12 | Kddi株式会社 | 管理装置、車両、管理方法、及びコンピュータプログラム |
Also Published As
Publication number | Publication date |
---|---|
CN104349947A (zh) | 2015-02-11 |
EP2858003A1 (en) | 2015-04-08 |
US20150095997A1 (en) | 2015-04-02 |
JP5958535B2 (ja) | 2016-08-02 |
EP2858003B1 (en) | 2018-10-10 |
US9577997B2 (en) | 2017-02-21 |
JPWO2013179392A1 (ja) | 2016-01-14 |
EP2858003A4 (en) | 2015-07-08 |
CN104349947B (zh) | 2016-11-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5958535B2 (ja) | 認証システム及び認証方法 | |
CN109076078B (zh) | 用以建立和更新用于安全的车载网络通信的密钥的方法 | |
JP6345157B2 (ja) | 車載情報通信システム及び認証方法 | |
CN111131313B (zh) | 智能网联汽车更换ecu的安全保障方法及系统 | |
JP6260066B2 (ja) | 車載コンピュータシステム及び車両 | |
US7742603B2 (en) | Security for anonymous vehicular broadcast messages | |
JP5772692B2 (ja) | 車載制御装置の認証システム及び車載制御装置の認証方法 | |
JP6036845B2 (ja) | 車両用ネットワークの認証システム及び車両用ネットワークの認証方法 | |
JP2019009509A (ja) | 車載認証システム、通信装置、車載認証装置、コンピュータプログラム、通信装置の認証方法及び通信装置の製造方法 | |
JP6523143B2 (ja) | データ配布装置、通信システム、移動体およびデータ配布方法 | |
WO2019004097A1 (ja) | 保守システム及び保守方法 | |
JP5276940B2 (ja) | センタ装置,端末装置,および,認証システム | |
JP2013138304A (ja) | セキュリティシステム及び鍵データの運用方法 | |
CN112019340B (zh) | 认证系统 | |
CN108377184A (zh) | 一种智能汽车内部网络分布式认证加密方法 | |
WO2017126471A1 (ja) | 認証システム、認証要求装置、車載電子機器、コンピュータプログラム及び認証処理方法 | |
US10263976B2 (en) | Method for excluding a participant from a group having authorized communication | |
JP2020088836A (ja) | 車両メンテナンスシステム、メンテナンスサーバ装置、管理サーバ装置、車載装置、メンテナンスツール、コンピュータプログラム及び車両メンテナンス方法 | |
Kleberger et al. | Protecting vehicles against unauthorised diagnostics sessions using trusted third parties | |
WO2017126322A1 (ja) | 車載コンピュータシステム、車両、鍵生成装置、管理方法、鍵生成方法、及びコンピュータプログラム | |
KR100921153B1 (ko) | 무선 통신 네트워크 상에서의 사용자 인증 방법 | |
JP2013142963A (ja) | 車載制御装置の認証システム | |
CN116155625B (zh) | 密钥交换方法、装置、电子设备、存储介质及程序产品 | |
Yousef | Methods of securing in-vehicle networks | |
JP2019197999A (ja) | 車両用電子制御システムおよび車両用電子制御装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 12877846 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2014518127 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14399224 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012877846 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |