WO2015111109A1 - Système d'authentification d'informations de position, terminal de positionnement et dispositif d'acquisition d'informations de position - Google Patents
Système d'authentification d'informations de position, terminal de positionnement et dispositif d'acquisition d'informations de position Download PDFInfo
- Publication number
- WO2015111109A1 WO2015111109A1 PCT/JP2014/006059 JP2014006059W WO2015111109A1 WO 2015111109 A1 WO2015111109 A1 WO 2015111109A1 JP 2014006059 W JP2014006059 W JP 2014006059W WO 2015111109 A1 WO2015111109 A1 WO 2015111109A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- unit
- authentication
- authenticated
- terminal
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01S—RADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
- G01S19/00—Satellite radio beacon positioning systems; Determining position, velocity or attitude using signals transmitted by such systems
- G01S19/01—Satellite radio beacon positioning systems transmitting time-stamped messages, e.g. GPS [Global Positioning System], GLONASS [Global Orbiting Navigation Satellite System] or GALILEO
- G01S19/13—Receivers
- G01S19/21—Interference related issues ; Issues related to cross-correlation, spoofing or other methods of denial of service
- G01S19/215—Interference related issues ; Issues related to cross-correlation, spoofing or other methods of denial of service issues related to spoofing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/84—Vehicles
Definitions
- the present disclosure relates to a position information authentication system capable of authenticating a navigation message received from a navigation satellite in order to calculate position information, a positioning terminal provided in the authentication system, and a position information acquisition device.
- Positioning terminals that receive satellite radio waves from navigation satellites included in navigation satellite systems such as the global positioning system (hereinafter referred to as GPS) and calculate the current position using navigation messages included in the satellite radio waves are widely known. .
- GPS global positioning system
- Patent Document 1 there is a position information authentication system that can authenticate a navigation message in order to determine the reliability of the navigation message received from the navigation satellite in order to calculate the position information. Proposed.
- This position information authentication system enables the positioning terminal to determine whether the navigation message received by the positioning terminal itself is a navigation message authenticated by the authentication center. If it can be determined that the navigation message received by the positioning terminal itself is a navigation message authenticated by the authentication center, the navigation message can be determined to have been transmitted by a navigation satellite.
- a positioning terminal that receives a navigation message can calculate a reliable current position.
- the position information calculated by the positioning terminal in addition to a use of the user who owns the positioning terminal to know the current position, a use of transmitting position information indicating the current position calculated by the positioning terminal to the surroundings can be considered.
- the position information is transmitted to a charge management device that manages a toll parking area and a toll road, and charging is automatically performed.
- the positioning terminal receives the position information indicating the position different from the calculated current position and performs the charging process. If it is transmitted to the position information acquisition device, it cannot be charged correctly.
- the positioning terminal indicates that the positioning terminal itself does not falsify the position information, and the position information acquisition device that acquires the position information needs to be able to determine that the positioning terminal is a reliable terminal that does not falsify the position information. is there.
- the present disclosure has been made based on this circumstance, and the purpose of the present disclosure is to obtain position information from the positioning terminal that the positioning terminal is compatible with the position information authentication system.
- An object of the present invention is to provide a position information authentication system, a positioning terminal, and a position information acquisition apparatus that can be determined by an acquisition apparatus.
- the position information authentication system receives a navigation message, and when the received navigation message is a navigation message that can be authenticated, position information indicating the current position calculated using the navigation message is externally provided.
- Positioning terminal that transmits wirelessly, an authentication center device that transmits the center-created authentication data to a communication satellite that transmits center-created authentication data used for authentication by the positioning terminal, and position information that receives position information wirelessly transmitted by the positioning terminal An acquisition device.
- the authentication center device includes a center side satellite receiving unit that receives a satellite radio wave including a navigation message from a navigation satellite included in the navigation satellite system, a cipher key, and the cipher key and the satellite received by the center side satellite receiving unit. Based on the navigation message included in the radio wave, a center side authentication data creation unit that creates center creation authentication data, and authentication data transmission that transmits the center creation authentication data created by the center side authentication data creation unit to the communication satellite A section.
- the positioning terminal receives the center creation authentication data from the communication satellite, and also creates the encryption key or the encryption key from the terminal side satellite receiver that receives the satellite radio wave from the navigation satellite and the authentication center device. Authentication of terminal creation based on a key receiver that receives key-related data that is one of the data, key-related data received by the key receiver, and navigation messages extracted from satellite radio waves received by the terminal-side satellite receiver.
- the terminal side authentication data creation unit that creates the data, the center creation authentication data and the terminal creation authentication data are compared, and if they match, the navigation message included in the satellite radio wave received by the terminal side satellite reception unit is Based on the key-related data received by the key receiving unit from the authentication center device, the terminal-side satellite receiving unit determines that the authentication has been successful.
- Authenticated creation unit that creates authenticated data indicating that the navigation message contained in the received satellite signal has been authenticated and the location information calculated based on the navigation message, as well as the authenticated creation unit created by the authenticated creation unit A terminal-side transmission unit that transmits data.
- the location information acquisition device includes a terminal data acquisition unit that acquires the location information and authenticated data transmitted by the terminal side transmission unit from the communication unit, and a key acquisition unit that acquires key-related data from the authentication center device via the communication unit. Based on the key-related data acquired by the key acquisition unit, the comparison data generation unit that generates the authenticated comparison data for comparison with the authenticated data, and the authentication data and comparison data generated by the terminal data acquisition unit Compared with the authenticated comparison data created by the unit, the terminal includes a terminal determination unit that determines that the positioning terminal is a legitimate positioning terminal if they match.
- the positioning terminal authenticates the navigation message included in the satellite radio wave received from the navigation satellite.
- the key receiving unit receives from the authentication center device key-related data, which is key creation data that can be used to create the encryption key used by the authentication center device to create the center creation authentication data. is doing. If the authentication is successful, the key-related data received from the authentication center device is used to create authenticated data indicating that the authentication has been completed, and the authenticated data is transmitted together with the position information. .
- the positioning terminal creates authenticated data using key-related data that is data acquired from the authentication center device, and transmits it together with position information.
- the positioning terminal it is possible to prove that the positioning terminal itself is a legitimate positioning terminal trusted by the authentication center device that can communicate with the authentication center device.
- the key related data for creating the authenticated data is acquired from the authentication center device for authenticating the navigation message included in the satellite radio wave received by the positioning terminal itself. Therefore, it is not necessary to separately acquire data for creating authenticated data from the authentication center apparatus, and the process of creating authenticated data can be simplified.
- the location information acquisition device that has received the authenticated data together with the location information also acquires the key related data from the authentication center device. Then, based on the acquired key-related data, authenticated comparison data for comparison with the authenticated data is created.
- the terminal determination unit determines whether the positioning terminal that transmitted the position information is an authorized positioning terminal by comparing the authenticated comparison data with the authenticated data acquired by the terminal data acquisition unit. Can do.
- the positioning terminal When the positioning terminal according to another aspect of the present disclosure receives a navigation message and the received navigation message is a navigation message that can be authenticated, position information indicating the current position calculated using the navigation message is externally provided. Wireless transmission.
- the positioning terminal receives the center creation authentication data created by the authentication center device and transmitted to the communication satellite for use in authentication in the positioning terminal, and includes a navigation message from the navigation satellite provided in the navigation satellite system.
- Key-related data that is either an encryption key for creating center-created authentication data or key creation data that can create the encryption key from the terminal-side satellite receiver that receives satellite radio waves and the authentication center device
- a terminal side authentication data creation unit that creates terminal creation authentication data based on a key reception unit to be received, key related data received by the key reception unit, and a navigation message extracted from satellite radio waves received by the terminal side satellite reception unit
- the center-created authentication data and the terminal-created authentication data are compared.
- Terminal that sends the authenticated data created by the authenticated creation unit, together with the location information calculated based on the navigation message, and the authenticated creation unit that creates the authenticated data indicating that the navigation message being authenticated can be authenticated A transmission unit.
- the position information acquisition device When the position information acquisition device according to another aspect of the present disclosure receives a navigation message and the received navigation message is a navigation message that can be authenticated, the position information indicating the current position calculated using the navigation message and Position information and authenticated data are received from a positioning terminal that wirelessly transmits authenticated data indicating that the received navigation message has been authenticated.
- the position information acquisition device includes a terminal data acquisition unit that acquires the position information and authenticated data transmitted by the positioning terminal from the communication unit, and the center creation authentication data that the positioning terminal uses for authentication from the authentication center device via the communication unit.
- a key acquisition unit that acquires key-related data that is either the encryption key used by the authentication center device or the key generation data that can generate the encryption key to generate the key, and the key relationship acquired by the key acquisition unit Based on the data, the comparison data creation unit that creates authenticated comparison data for comparison with the authenticated data, the authenticated data acquired by the terminal data acquisition unit, and the authenticated comparison data generated by the comparison data generation unit
- the positioning terminal includes a terminal determination unit that determines that it is a legitimate positioning terminal.
- the location information acquisition device that acquires the location information from the positioning terminal indicates that the positioning terminal is compatible with the location information authentication system. I can judge.
- FIG. 1 is a configuration diagram of a location information authentication system according to the first embodiment.
- FIG. 2 is a block diagram showing in detail the configuration of the authentication center processing apparatus of FIG.
- FIG. 3 is a block diagram showing in detail the configuration of the in-vehicle device of FIG.
- FIG. 4 is a diagram showing the relationship between the navigation message included in the satellite radio wave and the RAND message.
- FIG. 5 is a flowchart showing processing executed by the control unit of the in-vehicle device.
- FIG. 6 is a flowchart showing in detail the navigation message authentication process in step S4 of FIG. FIG.
- FIG. 7 is a flowchart showing processing executed by the control unit of the roadside machine.
- FIG. 8 is a configuration diagram of a roadside machine in the second embodiment.
- FIG. 9 is a flowchart showing the pre-processing executed by the control unit included in the roadside machine,
- FIG. 10 is a flowchart illustrating processing executed when the control unit included in the roadside device receives position information and the like from the in-vehicle device.
- the location information authentication system 1 of Embodiment 1 includes an authentication center device 100, an in-vehicle device 200 corresponding to the positioning terminal of the present disclosure, and a roadside device 300 corresponding to the location information acquisition device of the present disclosure. .
- the authentication center apparatus 100 includes a monitor station apparatus 110, an authentication center processing apparatus 120, and a master control station apparatus 130.
- the monitor station apparatus 110 is the monitor station 110
- the authentication center processing apparatus 120 is the authentication center 120
- the master control station apparatus 130 is the master control station 130.
- the monitor station 110 corresponds to the center-side satellite receiver of the present disclosure, and receives GPS radio waves transmitted by the GPS satellite 2 included in the GPS that is one of the navigation satellite systems.
- the GPS satellite 2 corresponds to the navigation satellite of the present disclosure
- the GPS radio wave corresponds to the satellite radio wave of the present disclosure.
- navigation messages are included in GPS radio waves.
- the monitor station 110 demodulates the received GPS radio wave, extracts a navigation message, and sends it to the authentication center 120.
- GPS radio waves are received from a plurality of GPS satellites 2
- a navigation message is extracted from each GPS radio wave and sent to the authentication center 120.
- the authentication center 120 creates parity data corresponding to the center creation authentication data of the present disclosure from the navigation message and the H matrix that is the encryption key. Then, a signal including the created parity data is sent to the master control station 130. In addition, communication is performed with the in-vehicle device 200 and the roadside device 300. Details of the authentication center 120 will be described with reference to FIG.
- the master control station 130 corresponds to the authentication data transmission unit of the present disclosure, and transmits parity data received from the authentication center 120 to the quasi-zenith satellite (hereinafter, QZS satellite) 3.
- QZS satellite quasi-zenith satellite
- the QZS satellite 3 corresponds to the communication satellite of the present disclosure, and broadcasts a navigation message including parity data toward the ground.
- the in-vehicle device 200 is a navigation message authentication type in-vehicle device, and authenticates whether or not the navigation message received from the GPS satellite 2 can be authenticated by using parity data included in the navigation message received from the QZS satellite 3. .
- communication with the authentication center 120 is performed.
- the current position is calculated using the navigation message received from the GPS satellite 2, and position information indicating the calculated current position is wirelessly transmitted to the outside together with a hash value to be described later.
- the hash value indicates that the navigation message has been authenticated, and corresponds to the authenticated data of the present disclosure.
- the in-vehicle device 200 will be described with reference to FIGS. 3, 5, and 6.
- the roadside device 300 is managed by a service provider that provides a predetermined service using the position information transmitted by the in-vehicle device 200.
- Examples of the service include a service that charges a user of the vehicle when the vehicle on which the vehicle-mounted device 200 is mounted is parked in a toll parking area or when the vehicle travels on a toll road.
- the roadside machine 300 includes a communication unit 310 and a control unit 320.
- the communication unit 310 performs wireless communication with the communication unit 126 (see FIG. 2) included in the authentication center 120 and the communication unit 210 (see FIG. 3) included in the in-vehicle device 200.
- the control unit 320 is a computer including a CPU, a ROM, a RAM, and the like, and the CPU controls the communication unit 310 by executing a program stored in the ROM while using a temporary storage function of the RAM. Further, the hash value transmitted by the in-vehicle device 200 is acquired via the communication unit 310, and based on the hash value, it is determined whether the in-vehicle device 200 is a regular on-vehicle device. In this determination, communication with the authentication center 120 is performed.
- the authentication center 120 includes a control unit 122, a data storage unit 124, and a communication unit 126.
- the control unit 122 is a computer including a CPU, a ROM, a RAM, and the like, and controls the data storage unit 124 and the communication unit 126.
- the CPU executes a program stored in the ROM while using the temporary storage function of the RAM, so that the RAND message generation unit 1221, the SEED value generation unit 1222, the H matrix calculation unit 1223, the parity calculation unit 1224, A function as the signal processing unit 1225 is provided.
- the functions of these units 1221 to 1225 may be the same as the functions disclosed in Patent Document 1.
- the control unit 122 also includes an H matrix selection unit 1226.
- the control unit 122 corresponds to the center side authentication data creation unit of the present disclosure.
- the RAND message generation unit 1221 means reference authentication navigation data (RAND: “Reference” Authentication “Navigation” Data), and is generated from the navigation message acquired from the monitor station 110.
- Fig. 4 shows the relationship between RAND messages and navigation messages.
- the navigation message is divided into subframes 1 to 5, and subframes 4 and 5 have 1 to 25 pages, respectively.
- Each subframe is divided into words 1-10.
- the elapsed time TOW time of week, corresponding to the time information of the present disclosure
- the TOC, AF0, AF1 included in the words 8 to 10 are arranged in order. It is out.
- an AS Flag that is an anti-spoof flag and a PRN (Pseudo Random Noise) ID that is a satellite number are added.
- the numerical value shown in parentheses after each data constituting the RAND message means the number of bits of each data.
- the RAND message including TOW and PRNID is a message indicating which GPS satellite transmitted when. Further, since TOW changes every 6 seconds and PRNID is included, a RAND message is generated every GPS satellite 2 received by the monitor station 110 and every 6 seconds.
- the SEED value generation unit 1222 generates a single SEED value with the PC clock as an input.
- the SEED value is generated by generating a random number with the PC clock as an input.
- the SEED value is 36 bits.
- the H matrix calculation unit 1223 uses the SEED value generated by the SEED value generation unit 1222 and calculates an H matrix corresponding to the SEED value on a one-to-one basis.
- This H matrix corresponds to the encryption key of the present disclosure.
- the H matrix can be created if the SEED value is determined, the SEED value corresponds to the key creation data of the present disclosure.
- a known hash function may be used.
- a parity check matrix for performing LDPC (Low Density Parity Check) encoding may be used.
- a generator matrix determined from a parity check matrix may be used.
- the H matrix corresponds to an example of the encryption key of the present disclosure
- the H matrix or the SEED value corresponds to an example of the key related data of the present disclosure.
- the parity calculator 1224 calculates parity data based on the RAND message created by the RAND message generator 1221 and the H matrix calculated by the H matrix calculator 1223. That is, parity data is calculated by multiplying the RAND message by this H matrix.
- the signal processing unit 1225 inserts the parity data calculated by the parity calculation unit 1224 and the RAND message used for the calculation into the navigation message to be transmitted to the QZS satellite 3. Then, the inserted navigation message is sent to the master control station 130.
- the signal processing unit 1225 stores the parity data calculated by the parity calculation unit 1224, the RAND message used for calculating the parity data, the H matrix, and the SEED value used for the calculation of the H matrix in accordance with the signal insertion. Store in the storage unit 124.
- the signal processing unit 1225 inserts the RAND message and parity data into the navigation message that causes the QZS satellite 3 to transmit each time the RAND message generation unit 1221 generates the RAND message. Therefore, the SEED value generation unit 1222, the H matrix calculation unit 1223, and the parity calculation unit 1224 also execute processing each time the RAND message generation unit 1221 generates a RAND message.
- the H matrix selection unit 1226 converts the H matrix stored in the data storage unit 124 into the received PRNID and TOW. Select the corresponding H matrix. Then, the selected H matrix is encrypted with the public key, and the encrypted H matrix is transmitted to the in-vehicle device 200 that has transmitted PRNID or the like.
- the communication unit 126 receives the PRNID, TOW, and public key transmitted from the roadside device 300, it corresponds to the received PRNID and TOW from the H matrix and parity data stored in the data storage unit 124. Select H matrix and parity data. Then, the selected H matrix and parity data are encrypted with the public key, and the encrypted H matrix and parity data are transmitted to the roadside device 300 that transmitted the PRNID and the like.
- the communication unit 126 communicates with the communication unit 210 included in the in-vehicle device 200 and the communication unit 310 included in the roadside device 300.
- the master control station 130 transmits the navigation message generated by the signal processing unit 1225 to the QZS satellite 3.
- the QZS satellite 3 broadcasts the navigation message received from the master control station 130 toward the ground.
- the navigation message broadcast by the QZS satellite 3 is received by the satellite receiver 230 of the in-vehicle device 200.
- This in-vehicle device 200 includes a communication unit 210 and a control unit 220 in addition to the satellite reception unit 230.
- the communication unit 210 includes a reception unit 211 and a transmission unit 212.
- the reception unit 211 corresponds to the key reception unit of the present disclosure
- the transmission unit 212 corresponds to the terminal side transmission unit of the present disclosure.
- the communication unit 210 has a narrow area communication function and a wide area communication function.
- the narrow area communication function has a communication distance of several hundred meters, for example.
- the wide-area communication function has a communication distance of, for example, several kilometers, and can communicate with other communication devices within the communication area of the public communication network by communicating with the base station of the public communication network.
- the narrow area communication function communicates with the communication unit 310 of the roadside machine 300, and the wide area communication function communicates with the communication unit 126 of the authentication center 120.
- the satellite receiver 230 corresponds to the terminal-side satellite receiver of the present disclosure, and receives radio waves transmitted by the GPS satellite 2 and the QZS satellite 3 at a constant period.
- the control unit 220 is a computer including a CPU, a ROM, a RAM, and the like, and controls the communication unit 210 and the satellite reception unit 230. Further, the CPU executes the program shown in FIG. 5 by executing the program stored in the ROM while using the temporary storage function of the RAM.
- the processing shown in FIG. 5 is executed each time the satellite receiving unit 230 receives GPS radio waves from four or more GPS satellites 2.
- the reason why the number is four or more is that it is necessary to receive GPS radio waves from four or more GPS satellites 2 in order to calculate the current position.
- step S2 the current position is calculated based on the GPS radio wave.
- step S4 navigation message authentication processing is executed. Details of this processing are shown in FIG.
- step S42 the navigation message received from the QZS satellite 3 is acquired from the receiving unit 211.
- step S44 PRNID, TOW, and parity data corresponding to the navigation message used to calculate the current position are extracted from the navigation message acquired in step S42. Note that PRNID and TOW may be extracted from the navigation message used to calculate the current position.
- step S46 the PRNID and TOW extracted in step S44 are transmitted from the transmission unit 212 to the authentication center 120 together with the public key.
- the authentication center 120 encrypts the H matrix determined by the PRNID and TOW with the public key and transmits the encrypted H matrix to the in-vehicle device 200.
- step S48 the encrypted H matrix transmitted from the authentication center 120 is acquired from the receiving unit 211.
- step S50 the encrypted H matrix acquired in step S48 is decrypted with the secret key.
- step S52 a RAND message is created from GPS radio waves that include the same PRNID as the PRNID transmitted in step S46 in the navigation message.
- step S54 comparison parity data is created from the RAND message created in step S52 and the H matrix decoded in step S50.
- the comparison parity data created here corresponds to the terminal creation authentication data of the present disclosure, and S54 corresponds to the terminal side authentication data creation unit of the present disclosure.
- step S56 it is determined whether or not the comparison parity data created in step S54 matches the parity data extracted in step S44.
- the H matrix decoded in step S50 is the same as the H matrix used by the authentication center 120 to create parity data.
- the parity calculation unit 1224 of the authentication center 120 calculates parity data based on the H matrix and the RAND message.
- step S54 matches the parity data extracted in step S44, it can be considered that the RAND message created in step S52 is the same as the RAND message created by the authentication center 120. . Therefore, if the comparison parity data created in step S54 matches the parity data extracted in step S44, the process proceeds to step S58 and authentication is established. On the other hand, if the two parity data do not match, the process proceeds to step S60 and authentication is not established.
- step S6 it is determined whether or not the processing result of the navigation message authentication process is authentication establishment.
- step S6 If this determination is No, that is, if authentication is not established, the processing in FIG. 4 is terminated. On the other hand, if the determination in step S6 is Yes, the process proceeds to step S8.
- step S8 it is determined whether or not transmission of position information is necessary. As a case where transmission of position information is necessary, for example, there is a case where a request signal for position information is received from the communication unit 310 of the roadside device 300. Further, the position information may be transmitted at a constant transmission cycle. If the determination in step S8 is No, the process in FIG. 4 is terminated. On the other hand, if the determination in step S8 is also Yes, the process proceeds to step S10.
- a hash value is created from a hash function using the H matrix, which is data created by the authentication center 120, and parity data as input keys. This hash value corresponds to the authenticated data of the present disclosure.
- step S12 the position information indicating the current position calculated in step S1, the hash value created in step S8, the PRNID extracted in step S44, and the TOW are transmitted from the transmission unit 212 to the communication unit 310 of the roadside device 300.
- the control unit 320 of the roadside machine 300 periodically transmits a request signal for requesting transmission of position information around the roadside machine 300.
- the in-vehicle device 200 receives this request signal, the in-vehicle device 200 transmits position information, a hash value, and the like as described above.
- the control unit 320 of the roadside device 300 executes the process shown in FIG.
- step S70 the location information, hash value, PRNID, and TOW received by the communication unit 310 are acquired from the communication unit 310.
- This step S70 corresponds to the terminal data acquisition unit of the present disclosure.
- Step S72 the PRNID and TOW acquired in Step S70 are transmitted from the communication unit 310 to the authentication center 120 together with the public key.
- This public key is a public key that is uniquely stored in the roadside device 300, and is a key that is different from the public key that the in-vehicle device 200 transmits to the authentication center 120.
- the authentication center 120 encrypts the H matrix and parity data determined by the PRNID and TOW with the public key and transmits the encrypted data to the roadside device 300.
- These H matrix and parity data are input keys for creating a hash value.
- step S 74 the encrypted H matrix and parity data transmitted from the authentication center 120 are acquired from the communication unit 310.
- This step S74 corresponds to the key acquisition unit of the present disclosure.
- step S76 the encrypted H matrix and parity data acquired in step S74 are decrypted with the secret key.
- step S78 a comparison hash value is created from a hash function stored in advance as the one used by the legitimate vehicle-mounted device 200 using the H matrix and parity data decrypted in step S76 as input keys.
- This comparison hash value corresponds to the authenticated comparison data of the present disclosure
- step S78 corresponds to the comparison data creation unit of the present disclosure.
- steps S80 to S84 corresponding to the terminal determination unit of the present disclosure are executed.
- step S80 it is determined whether or not the comparison hash value created in step S78 matches the hash value acquired in step S70.
- the process proceeds to step S82, and it is assumed that the in-vehicle device 200 that transmitted the position information, the hash value, and the like is a regular in-vehicle device.
- the process proceeds to step S84, and it is assumed that the in-vehicle device 200 that transmitted the position information, the hash value, etc. is an unauthorized in-vehicle device.
- the in-vehicle device 200 authenticates the navigation message included in the satellite radio wave received from the GPS satellite 2 (S4).
- the authentication center 120 acquires the H matrix used for generating the parity data from the authentication center 120 (S48).
- a hash value is created to indicate that the authentication has been completed using the H matrix acquired from the authentication center 120 (S10), and the hash value is transmitted together with the position information. (S12).
- the in-vehicle device 200 creates a hash value, which is data indicating that it has been authenticated, using the H matrix acquired from the authentication center 120 and transmits it together with the position information. Accordingly, it is possible to prove that the in-vehicle device 200 itself is a regular on-vehicle device that can communicate with the authentication center 120 and is trusted by the authentication center 120.
- the H matrix for creating the hash value is obtained from the authentication center 120 in order to authenticate the navigation message included in the satellite radio wave received by the in-vehicle device 200 itself. Therefore, since it is not necessary to separately acquire data for creating a hash value from the authentication center 120, the process of creating a hash value can be simplified.
- a hash value created from the H matrix using a hash function is transmitted. Since the hash function is an irreversible one-way function, it is possible to prevent the H matrix from being known to a third party.
- the roadside device 300 that has received the hash value together with the location information also acquires the H matrix from the authentication center 120, and also acquires parity data (S74).
- a comparison hash value is created from these H matrix, parity data, and a hash function stored in advance as one used by the regular vehicle-mounted device 200 (S78). By comparing this comparison hash value with the hash value acquired from the in-vehicle device 200, it can be determined whether or not the in-vehicle device 200 that transmitted the position information is a regular on-vehicle device.
- Embodiment 2 Next, Embodiment 2 will be described.
- elements having the same reference numerals as those used so far are the same as the elements having the same reference numerals in the previous embodiments unless otherwise specified.
- the embodiment described above can be applied to other parts of the configuration.
- the roadside device 300A includes a satellite receiver 330 as shown in FIG.
- This satellite receiver 330 corresponds to the acquisition device side satellite receiver of the present disclosure.
- the processing of the control unit 320A is partially different from the control unit 320 of the first embodiment. The processing of the control unit 320A will be described with reference to FIGS.
- Control unit 320A executes the process shown in FIG. 9 at a constant GPS radio wave acquisition cycle, and also executes the process shown in FIG. 10 at a constant cycle.
- FIG. 9 shows pre-processing that is performed before acquiring position information and the like from the vehicle-mounted device 200. This will be described from FIG.
- step S 90 the navigation message included in the GPS radio wave received by the satellite receiver 330 is acquired from the satellite receiver 330.
- the satellite receiving unit 330 receives GPS radio waves from a plurality of GPS satellites 2, the navigation message for all GPS radio waves received by the satellite receiving unit 330 is acquired.
- step S92 corresponding to the radio wave information extraction unit of the present disclosure, PRNID and TOW are extracted from all the navigation messages acquired in step S90.
- step S94 corresponding to the radio wave information transmission processing unit of the present disclosure, the PRNID and TOW extracted in step S92 are transmitted from the communication unit 310 to the authentication center 120 together with the public key.
- the authentication center 120 encrypts the H matrix and parity data determined by the PRNID and TOW with a public key and transmits the encrypted data to the roadside device 300.
- step S96 the encrypted H matrix and parity data transmitted from the authentication center 120 are acquired from the communication unit 310.
- step S98 the encrypted H matrix and parity data acquired in step S96 are decrypted with the secret key.
- This step S96 corresponds to the key acquisition unit of the present disclosure.
- step S100 a comparison hash value is created from a hash function stored in advance as the one used by the authorized vehicle-mounted device 200, using the H matrix and parity data decrypted in step S98 as input keys. This comparison hash value is created for all GPS radio waves received by the satellite receiver 330.
- step S102 a comparison hash value table is created.
- This comparison hash value table shows the correspondence between the comparison hash value created in step S100, the H matrix used to create the comparison hash value, and the PRNID and TOW transmitted to the authentication center 120 to obtain parity data. It is a table to show.
- step S110 it is determined whether the communication unit 310 has received data such as position information transmitted by the in-vehicle device 200 by executing step S12 of FIG. If this determination is No, the processing in FIG. 10 is terminated. On the other hand, if determination of step S110 is Yes, it will progress to step S112.
- step S112 the location information, hash value, PRNID, and TOW received by the communication unit 310 from the in-vehicle device 200 are acquired.
- steps S114 to S120 corresponding to the terminal determination unit of the present disclosure are executed.
- step S114 if the comparison hash value table created in the pre-processing in FIG. 9 includes the PRNID and TOW acquired in step S112, the comparison hash value corresponding to the PRNID and TOW is used as the comparison hash value used for the current comparison. To decide.
- comparison hash values for all GPS radio waves received by the satellite receiver 230 are created. Therefore, it is highly likely that the hash value corresponding to the PRNID and TOW acquired in step S112 is included in the comparison hash value table.
- the satellite wave received by the satellite receiving unit 230 of the in-vehicle device 200 may not be received by the satellite receiving unit 330 of the roadside device 300.
- hash values corresponding to the PRNID and TOW acquired in step S112 are not included in the comparison hash value table. If the hash values corresponding to the PRNID and TOW acquired in step S112 are not included in the comparison hash value table, the processing of steps S72 to S78 in FIG. 7 is executed to create a comparison hash value.
- step S116 it is determined whether or not the hash value acquired in step S112 matches the comparison hash value determined in step S114.
- step S118 If the two hash values match, the process proceeds to step S118, and it is assumed that the in-vehicle device 200 that transmitted the position information, the hash value, etc. is a regular in-vehicle device. On the other hand, if the two hash values do not match, the process proceeds to step S120, and it is assumed that the in-vehicle device 200 that transmitted the position information, the hash value, etc. is an unauthorized in-vehicle device.
- the roadside device 300 includes the satellite receiving unit 230, so that it exists around the roadside device 300 and may transmit a hash value to the roadside device 300. Satellite radio waves can be received from the same GPS satellite 2 as the in-vehicle device 200.
- the PRNID and TOW are received from the in-vehicle device 200, and the PRNID and TOW are transmitted to the authentication center 120 to acquire the H matrix and parity data.
- satellite radio waves can be received from the same GPS satellite 2 as the in-vehicle device 200. Therefore, the PRNID and TOW are extracted from the navigation message received by the satellite receiver 330 without waiting for the PRNID and TOW to be received from the in-vehicle device 200. Then, the extracted PRNID and TOW are transmitted to the authentication center 120 to acquire the H matrix and parity data, and a comparison hash value table is created (FIG. 9).
- the roadside device 300 recognizes the vehicle-mounted device 200 as a regular vehicle-mounted device and performs processing based on the recognition result, and the vehicle-mounted device 200 is running, There is a high need to make a judgment.
- processing based on the authorization result for example, transmitting to the in-vehicle device 200 that it is a regular in-vehicle device, or opening and closing a gate provided in the vehicle travel path based on being authorized as a regular in-vehicle device. There is processing.
- the second embodiment is particularly useful when it is necessary to quickly determine whether or not the vehicle is a regular vehicle-mounted device.
- the hash value and the comparison hash value are created using the H matrix and the parity data as the input keys of the hash function (authenticated creation unit: S10, comparison data creation unit: S100).
- a hash value and a comparison hash value may be created using only the H matrix as the input key of the hash function (Modification 1).
- the hash value and the comparison hash value may be created using the SEED value that is the key creation data as the input key of the hash function (Modification 2).
- an H matrix can be created from the SEED value. Therefore, even if the authenticated creation unit and the comparison data creation unit obtain the SEED value as the key-related data, the SEED value is not used as an input key as it is, but an H matrix is created from the SEED value, and the H matrix is used as the input key.
- a hash value may be created as
- the authenticated creation unit and the comparison data creation unit do not use the hash value as authenticated data or authenticated comparison data, but use the H matrix or SEED value used to create the hash value as authenticated data or authenticated comparison data. Also good.
- comparison hash values for all GPS radio waves received by the satellite reception unit 330 are created. However, comparison hash values for some of the GPS radio waves received by the satellite reception unit 330 are created. May be. For example, the comparison hash value may be created only for GPS radio waves received from a preset number of GPS satellites 2 that can be satisfactorily received.
- the position information acquisition device may be a mobile device such as mounted on a crackdown vehicle that cracks down on illegal use of toll parking lots and toll roads.
- the vehicle-mounted device 200 has been described as a positioning terminal, but the present invention is not limited to this.
- the positioning terminal may be a portable terminal carried by a person or a terminal mounted on a mobile body other than a car.
- each step is expressed as, for example, S2. Further, each step can be divided into a plurality of sub-steps, while a plurality of steps can be combined into one step.
- each part in the control unit 122 focuses on the function of the control unit 122 and is classified for convenience, and the inside of the control unit 122 corresponds to each part. It does not mean that they are physically separated. Accordingly, each “unit” can be realized as software as a part of a computer program, or can be realized as hardware using an IC chip or a large-scale integrated circuit.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Remote Sensing (AREA)
- Radar, Positioning & Navigation (AREA)
- Software Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Power Engineering (AREA)
- Signal Processing (AREA)
- Position Fixing By Use Of Radio Waves (AREA)
- Mobile Radio Communication Systems (AREA)
- Navigation (AREA)
Abstract
L'invention concerne un système d'authentification d'informations de position (1) qui est pourvu d'un terminal de positionnement (200), d'un dispositif de centre d'authentification (100) et d'un dispositif d'acquisition d'informations de position (300, 300A); un terminal de positionnement (200); un dispositif d'acquisition d'informations de position (300, 300A). Le dispositif de centre d'authentification (100) est pourvu d'une unité de réception de satellite côté centre (110), d'une unité de création de données d'authentification côté centre (122) et d'une unité de transmission de données d'authentification (130). Le terminal de positionnement (200) est pourvu d'une unité de réception de satellite côté terminal (230), d'une unité de réception de clé (211), d'une unité de création de données d'authentification côté terminal (S54), d'une unité de détermination d'authentification (S56 à S60), d'une unité de création de message d'achèvement de l'authentification (S6 à S10) et d'une unité de transmission côté terminal (212). Le dispositif d'acquisition d'informations de position (300, 300A) est pourvu d'une unité d'acquisition de données de terminal (S70, S112), d'une unité d'acquisition de clé (S74, S96), d'une unité de création de données de comparaison (S78, S100, S102) et d'une unité de détermination de terminal (S80 à S84, S114 à S120).
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201480073106.2A CN105934688B (zh) | 2014-01-21 | 2014-12-04 | 位置信息认证系统、位置测定终端以及位置信息获取装置 |
DE112014006225.1T DE112014006225B8 (de) | 2014-01-21 | 2014-12-04 | Positionsinformationsauthentifizierungssystem, Positionierungsendgerät und Positionsinformationsbeschaffungsvorrichtung |
SG11201605322RA SG11201605322RA (en) | 2014-01-21 | 2014-12-04 | Position information authentication system, positioning terminal, and position information acquisition apparatus |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2014008904A JP6213258B2 (ja) | 2014-01-21 | 2014-01-21 | 位置情報認証システム、測位端末、および位置情報取得装置 |
JP2014-008904 | 2014-01-21 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015111109A1 true WO2015111109A1 (fr) | 2015-07-30 |
Family
ID=53680947
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2014/006059 WO2015111109A1 (fr) | 2014-01-21 | 2014-12-04 | Système d'authentification d'informations de position, terminal de positionnement et dispositif d'acquisition d'informations de position |
Country Status (6)
Country | Link |
---|---|
JP (1) | JP6213258B2 (fr) |
CN (1) | CN105934688B (fr) |
DE (1) | DE112014006225B8 (fr) |
SG (1) | SG11201605322RA (fr) |
TW (1) | TWI525332B (fr) |
WO (1) | WO2015111109A1 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111102979A (zh) * | 2019-07-02 | 2020-05-05 | 长沙北斗产业安全技术研究院有限公司 | 一种访问可控的室内定位方法及系统 |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2021071413A (ja) * | 2019-10-31 | 2021-05-06 | 日本電気株式会社 | 衛星測位システム、地上受信機及び位置算出方法 |
CN111769868B (zh) * | 2020-07-01 | 2022-05-10 | 中船黄埔文冲船舶有限公司 | 一种基于大型结构件转运设备的控制调度系统 |
US11936791B2 (en) * | 2020-09-21 | 2024-03-19 | Jason Burt | Verification of the reliability of software and devices against assertions and guarantees |
CN115022879B (zh) * | 2022-05-11 | 2023-11-21 | 西安电子科技大学 | 基于位置密钥的增强型北斗用户终端接入认证方法和系统 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004172865A (ja) * | 2002-11-19 | 2004-06-17 | Casio Comput Co Ltd | 電子機器及び認証システム |
JP2006267024A (ja) * | 2005-03-25 | 2006-10-05 | Toshiba Corp | 位置認証システムおよび位置算出装置ならびにプログラム |
WO2008010287A1 (fr) * | 2006-07-20 | 2008-01-24 | Panasonic Corporation | Dispositif, système et procédé de vérification de position |
JP2013092857A (ja) * | 2011-10-25 | 2013-05-16 | Sony Corp | 移動体装置、情報処理装置、位置情報取得方法、位置情報取得システム、及びプログラム |
JP2013130395A (ja) * | 2011-12-20 | 2013-07-04 | Hitachi Information & Control Solutions Ltd | 位置情報認証システムおよび位置情報認証方法 |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002112337A (ja) * | 2000-09-26 | 2002-04-12 | Hitachi Ltd | 路車間通信システムおよびその移動局装置、基地局装置ならびに基地局管理装置 |
US8539232B2 (en) | 2002-06-26 | 2013-09-17 | Sony Corporation | Information terminal apparatus, information processing apparatus and information communication system |
JPWO2005098468A1 (ja) * | 2004-04-08 | 2008-02-28 | 三菱電機株式会社 | 位置保証サーバ、位置保証システム及び位置保証方法 |
JP4644018B2 (ja) * | 2005-03-31 | 2011-03-02 | 株式会社日立製作所 | 位置認証方法、移動体端末および制御局 |
JP2006304193A (ja) | 2005-04-25 | 2006-11-02 | Toshiba Corp | 時刻及び位置認証装置、方法及びプログラム |
JP4982215B2 (ja) * | 2007-03-14 | 2012-07-25 | 株式会社トヨタIt開発センター | 暗号通信システム、暗号通信方法、暗号通信プログラム、車載端末およびサーバ |
CN102771078B (zh) * | 2010-02-24 | 2015-05-20 | 瑞萨电子株式会社 | 无线通信装置及认证处理方法 |
EP2397868A1 (fr) | 2010-06-15 | 2011-12-21 | The European Union, represented by the European Commission | Procédé pour fournir une indication authentifiable du temps et de l'emplacement |
JP5950225B2 (ja) * | 2012-01-10 | 2016-07-13 | クラリオン株式会社 | サーバ装置、車載端末、情報通信方法および情報配信システム |
FR2995700B1 (fr) * | 2012-09-18 | 2017-01-27 | Centre Nat D'etudes Spatiales | Authentification de signaux gnss |
-
2014
- 2014-01-21 JP JP2014008904A patent/JP6213258B2/ja active Active
- 2014-12-04 WO PCT/JP2014/006059 patent/WO2015111109A1/fr active Application Filing
- 2014-12-04 CN CN201480073106.2A patent/CN105934688B/zh active Active
- 2014-12-04 DE DE112014006225.1T patent/DE112014006225B8/de active Active
- 2014-12-04 SG SG11201605322RA patent/SG11201605322RA/en unknown
- 2014-12-17 TW TW103144070A patent/TWI525332B/zh active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004172865A (ja) * | 2002-11-19 | 2004-06-17 | Casio Comput Co Ltd | 電子機器及び認証システム |
JP2006267024A (ja) * | 2005-03-25 | 2006-10-05 | Toshiba Corp | 位置認証システムおよび位置算出装置ならびにプログラム |
WO2008010287A1 (fr) * | 2006-07-20 | 2008-01-24 | Panasonic Corporation | Dispositif, système et procédé de vérification de position |
JP2013092857A (ja) * | 2011-10-25 | 2013-05-16 | Sony Corp | 移動体装置、情報処理装置、位置情報取得方法、位置情報取得システム、及びプログラム |
JP2013130395A (ja) * | 2011-12-20 | 2013-07-04 | Hitachi Information & Control Solutions Ltd | 位置情報認証システムおよび位置情報認証方法 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111102979A (zh) * | 2019-07-02 | 2020-05-05 | 长沙北斗产业安全技术研究院有限公司 | 一种访问可控的室内定位方法及系统 |
Also Published As
Publication number | Publication date |
---|---|
DE112014006225B8 (de) | 2022-07-21 |
JP2015137901A (ja) | 2015-07-30 |
DE112014006225T5 (de) | 2016-11-03 |
TWI525332B (zh) | 2016-03-11 |
JP6213258B2 (ja) | 2017-10-18 |
DE112014006225B4 (de) | 2022-05-12 |
SG11201605322RA (en) | 2016-08-30 |
CN105934688A (zh) | 2016-09-07 |
TW201539014A (zh) | 2015-10-16 |
CN105934688B (zh) | 2018-01-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107659550B (zh) | 车辆到车辆的私人通信 | |
US9135820B2 (en) | Communication system, vehicle-mounted terminal, roadside device | |
JP4959463B2 (ja) | 位置認証システム | |
WO2015111109A1 (fr) | Système d'authentification d'informations de position, terminal de positionnement et dispositif d'acquisition d'informations de position | |
CN110149611B (zh) | 一种身份验证方法、设备、系统及计算机可读介质 | |
US11095660B2 (en) | Blockchain enabled encryption | |
JP6344970B2 (ja) | 位置情報検証装置、中継装置、移動体装置、位置情報検証プログラム、中継プログラムおよび移動体プログラム | |
JP4644018B2 (ja) | 位置認証方法、移動体端末および制御局 | |
CN112448816B (zh) | 一种身份验证方法及装置 | |
WO2015118817A1 (fr) | Système d'authentification de messages de navigation, terminal de réception, et dispositif de traitement d'authentification | |
WO2015118805A1 (fr) | Terminal de positionnement | |
WO2015118820A1 (fr) | Dispositif doté d'une fonction de localisation, dispositif de réception des résultats de localisation et système utilisant les résultats de localisation | |
JPWO2018164096A1 (ja) | 位置認証システム、測位端末装置及び位置認証装置 | |
JP6252245B2 (ja) | 航法メッセージ受信装置及び簡易認証システム | |
US20200213855A1 (en) | Systems and methods for fraud detecting in a transportation service | |
RU2663817C1 (ru) | Способ активирования функций в радиоприемнике | |
CN112823348B (zh) | 用于运输服务中的机载欺诈检测的系统和方法 | |
JP2007164306A (ja) | 位置証明システム、証明センタ装置、位置証明方法、証明装置および端末 | |
JP6379503B2 (ja) | 航法メッセージ認証型測位装置 | |
JP6252246B2 (ja) | 航法メッセージ受信装置 | |
CN112333703A (zh) | 一种基于etc的平台运营车辆安全认证系统及方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14879809 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 112014006225 Country of ref document: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14879809 Country of ref document: EP Kind code of ref document: A1 |