WO2015129203A1 - 航法メッセージ受信装置及び簡易認証システム - Google Patents

航法メッセージ受信装置及び簡易認証システム Download PDF

Info

Publication number
WO2015129203A1
WO2015129203A1 PCT/JP2015/000743 JP2015000743W WO2015129203A1 WO 2015129203 A1 WO2015129203 A1 WO 2015129203A1 JP 2015000743 W JP2015000743 W JP 2015000743W WO 2015129203 A1 WO2015129203 A1 WO 2015129203A1
Authority
WO
WIPO (PCT)
Prior art keywords
satellite
navigation message
information
authenticated
authentication
Prior art date
Application number
PCT/JP2015/000743
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
貴久 山城
正剛 隈部
Original Assignee
株式会社デンソー
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社デンソー filed Critical 株式会社デンソー
Priority to CN201580010543.4A priority Critical patent/CN106030341B/zh
Priority to DE112015001048.3T priority patent/DE112015001048B4/de
Priority to SG11201606725TA priority patent/SG11201606725TA/en
Publication of WO2015129203A1 publication Critical patent/WO2015129203A1/ja

Links

Images

Classifications

    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S19/00Satellite radio beacon positioning systems; Determining position, velocity or attitude using signals transmitted by such systems
    • G01S19/01Satellite radio beacon positioning systems transmitting time-stamped messages, e.g. GPS [Global Positioning System], GLONASS [Global Orbiting Navigation Satellite System] or GALILEO
    • G01S19/13Receivers
    • G01S19/21Interference related issues ; Issues related to cross-correlation, spoofing or other methods of denial of service
    • G01S19/215Interference related issues ; Issues related to cross-correlation, spoofing or other methods of denial of service issues related to spoofing
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S19/00Satellite radio beacon positioning systems; Determining position, velocity or attitude using signals transmitted by such systems
    • G01S19/01Satellite radio beacon positioning systems transmitting time-stamped messages, e.g. GPS [Global Positioning System], GLONASS [Global Orbiting Navigation Satellite System] or GALILEO
    • G01S19/03Cooperating elements; Interaction or communication between different cooperating elements or between cooperating elements and receivers
    • G01S19/08Cooperating elements; Interaction or communication between different cooperating elements or between cooperating elements and receivers providing integrity information, e.g. health of satellites or quality of ephemeris data
    • GPHYSICS
    • G08SIGNALLING
    • G08GTRAFFIC CONTROL SYSTEMS
    • G08G1/00Traffic control systems for road vehicles
    • G08G1/09Arrangements for giving variable traffic instructions
    • G08G1/091Traffic information broadcasting
    • G08G1/092Coding or decoding of the information
    • GPHYSICS
    • G08SIGNALLING
    • G08GTRAFFIC CONTROL SYSTEMS
    • G08G1/00Traffic control systems for road vehicles
    • G08G1/09Arrangements for giving variable traffic instructions
    • G08G1/0962Arrangements for giving variable traffic instructions having an indicator mounted inside the vehicle, e.g. giving voice messages
    • G08G1/0968Systems involving transmission of navigation instructions to the vehicle
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/34Encoding or coding, e.g. Huffman coding or error correction

Definitions

  • the present disclosure relates to a navigation message receiving apparatus that receives a navigation message from an artificial satellite used in a satellite positioning system, and a simple authentication system including the navigation message receiving apparatus.
  • Patent Document 1 discloses a technique for authenticating whether a navigation message received by a receiver is a regular navigation message from an artificial satellite used in a satellite positioning system.
  • the receiver accesses the authentication center database, and acquires data used for authentication of the target artificial satellite from the satellite number and the satellite time included in the navigation message received from the artificial satellite. To do.
  • the receiver uses the data acquired from the authentication center to authenticate whether the received navigation message is a regular navigation message from an artificial satellite used in the satellite positioning system.
  • Patent Document 1 The inventor of the present application has found the following regarding the technique disclosed in Patent Document 1.
  • an object thereof is to suppress a communication processing load of an authentication center used for authenticating whether a navigation message from an artificial satellite used in a satellite positioning system is legitimate.
  • an object of the present invention is to provide a navigation message receiving apparatus and a simple authentication system that make it possible to determine whether a navigation message from an artificial satellite is legitimate.
  • a navigation message receiving apparatus is a navigation message receiving apparatus including a satellite receiver that receives a navigation message from an artificial satellite used in a satellite positioning system, and corresponds to the navigation message received from the artificial satellite.
  • a satellite information acquisition unit that acquires authenticated satellite information, which is information about an artificial satellite that is the source of a navigation message that has been authenticated, from a positioning device that receives authentication information from an authentication center and performs authentication.
  • a simple determination unit that determines whether the navigation message received by the satellite receiver is legitimate using the authenticated satellite information acquired by the unit.
  • the authenticated satellite information about the artificial satellite from which the navigation message has been authenticated in the positioning device that has received the authentication information corresponding to the navigation message received from the artificial satellite from the authentication center is used to determine whether the navigation message received by the satellite receiver is legitimate. Therefore, even if the device itself does not receive authentication information from the authentication center, it can determine whether the navigation message received by the satellite receiver is legitimate. Therefore, the communication processing load of the authentication center can be reduced by the amount that the own apparatus does not have to receive authentication information from the authentication center.
  • a simple authentication system is used in a first mobile body to receive a navigation message from an artificial satellite used in a satellite positioning system, and a first satellite receiver
  • the authentication information receiving unit that receives the authentication information corresponding to the navigation message received from the authentication center and whether the navigation message received by the first satellite receiver is legitimate or the authentication information receiving unit
  • a center use authentication unit that performs authentication using the received authentication information, and a satellite information transmission that transmits authenticated satellite information that is information about the artificial satellite that is the source of the navigation message that has been authenticated by the center use authentication unit
  • a second navigation message receiving device including a simple determination unit that determines whether the navigation message received by the satellite receiver is legitimate using the authenticated satellite information.
  • the second navigation message receiver using the authenticated satellite information about the satellite from which the navigation message has been authenticated using the authentication information received from the authentication center in the first navigation message receiver, it is determined whether the navigation message received by the satellite receiver is genuine. Therefore, the second navigation message receiving device can determine whether the navigation message received by the satellite receiver is genuine without receiving authentication information from the authentication center. Therefore, the communication processing load of the authentication center can be reduced by the amount that the second navigation message receiving device does not need to receive authentication information from the authentication center.
  • the authentication information transmitted by the first navigation message receiver used in the first mobile unit is temporarily accumulated by the roadside device and transmitted to the second navigation message receiver used in the second mobile unit. can do. Therefore, even when the first moving body and the second moving body are not located in the vicinity of the roadside unit at the same timing, the authentication information transmitted by the first navigation message receiving device comes to the vicinity of the roadside unit later. In addition, the second navigation message receiving device can obtain the information.
  • the authentication information received by the roadside machine from the first navigation message receiver is an artificial information that can receive a navigation message in the vicinity of the roadside machine. It becomes authentication information about the satellite. Therefore, the second navigation message receiving apparatus can receive only the authentication information for the artificial satellite that can receive the navigation message in the vicinity where the roadside unit is provided among the artificial satellites used in the satellite positioning system. It becomes like this.
  • FIG. 1 is a diagram illustrating an example of a schematic configuration of a simple authentication system according to the first embodiment.
  • FIG. 2 is a block diagram illustrating an example of a schematic configuration of the authentication center.
  • FIG. 3 is a block diagram illustrating an example of a schematic configuration of the first in-vehicle device.
  • FIG. 4 is a flowchart illustrating an example of the flow of authentication-related processing in the first in-vehicle device in the first embodiment.
  • FIG. 5 is a flowchart illustrating an example of a flow of authenticated satellite information transmission processing in the first in-vehicle device in the first embodiment.
  • FIG. 1 is a diagram illustrating an example of a schematic configuration of a simple authentication system according to the first embodiment.
  • FIG. 2 is a block diagram illustrating an example of a schematic configuration of the authentication center.
  • FIG. 3 is a block diagram illustrating an example of a schematic configuration of the first in-vehicle device.
  • FIG. 4 is a flow
  • FIG. 6 is a block diagram illustrating an example of a schematic configuration of the second in-vehicle device.
  • FIG. 7 is a flowchart illustrating an example of a flow of the first simple determination process in the second in-vehicle device in the first embodiment.
  • FIG. 8 is a diagram illustrating an example of a schematic configuration of the simple authentication system in the first modification.
  • FIG. 9 is a flowchart illustrating an example of the flow of accumulation processing in the roadside device in the first modification.
  • FIG. 10 is a flowchart illustrating an example of a flow of distribution processing in the roadside device in the first modification.
  • FIG. 11 is a flowchart illustrating an example of the flow of the first simple determination process in the second vehicle-mounted device in the third modification.
  • FIG. 12 is a schematic diagram for explaining an example of the process of S65.
  • FIG. 13 is a diagram illustrating an example of a schematic configuration of a simple authentication system according to the second embodiment.
  • FIG. 14 is a flowchart illustrating an example of the flow of authentication-related processing in the second in-vehicle device in the second embodiment.
  • FIG. 15 is a flowchart illustrating an example of the flow of the second simple determination process in the second vehicle-mounted device according to the second embodiment.
  • FIG. 16 is a schematic diagram for explaining an example of the process of S94.
  • FIG. 17 is a flowchart illustrating an example of the flow of the second simple determination process in the second in-vehicle device in the fourth modification.
  • FIG. 18 is a schematic diagram for explaining an example of the process of S105.
  • FIG. 19 is a flowchart illustrating an example of a flow of a third simple determination process in the second in-vehicle device in the third embodiment.
  • FIG. 20 is a schematic diagram for explaining an example of the process of S112.
  • FIG. 21 is a flowchart illustrating an example of the flow of the third simple determination process in the second in-vehicle device in the fifth modification.
  • the simple authentication system 1 includes a monitor station 110, an authentication center 120, a master control station 130, a first in-vehicle device 200, and a second in-vehicle device 300.
  • a vehicle using the first in-vehicle device 200 is a vehicle A
  • a vehicle using the second in-vehicle device 300 is a vehicle B.
  • the first in-vehicle device 200 corresponds to a positioning device
  • the second in-vehicle device 300 corresponds to a navigation message receiving device.
  • the monitor station 110 receives GPS radio waves transmitted from the GPS satellites 2a to 2c included in the GPS which is one of the satellite positioning systems.
  • the GPS satellites 2a to 2c correspond to artificial satellites.
  • the GPS satellites 2a to 2c are expressed as GPS satellites 2 if they are not distinguished from each other.
  • navigation messages are included in GPS radio waves.
  • the monitor station 110 demodulates the received GPS radio wave, extracts a navigation message, and sends it to the authentication center 120.
  • GPS radio waves are received from a plurality of GPS satellites 2
  • a navigation message is extracted from each GPS radio wave and sent to the authentication center 120.
  • the authentication center 120 creates parity data from the navigation message and the H matrix that is the encryption key. Then, a signal including this parity data is sent to the master control station 130. In addition, communication is performed with the first in-vehicle device 200. A detailed description of the authentication center 120 will be given later with reference to FIG.
  • the master control station 130 transmits the parity data received from the authentication center 120 to the quasi-zenith satellite (hereinafter, QZS satellite) 3.
  • the QZS satellite 3 broadcasts a navigation message including parity data toward the ground.
  • the first in-vehicle device 200 is a navigation message authentication type (NMA: Navigation Message Authentication) in-vehicle device.
  • NMA Navigation Message Authentication
  • the first vehicle-mounted device 200 communicates with the authentication center 120 and authenticates that the navigation message received from the GPS satellite 2 is a regular navigation message. Details of the authentication will be described later with reference to FIG.
  • the first in-vehicle device 200 measures the current position of the own device using the navigation message received from the plurality of GPS satellites 2. Navigation messages received from at least three GPS satellites 2 are used for positioning the current position.
  • the first in-vehicle device 200 transmits information about the GPS satellite 2 that is the source of the navigation message that has been authenticated (hereinafter, “authenticated satellite information”) to the outside by wireless communication.
  • authentication satellite information information about the GPS satellite 2 that is the source of the navigation message that has been authenticated
  • the second vehicle-mounted device 300 receives the authenticated satellite information transmitted from the first vehicle-mounted device 200, and uses the authenticated satellite information, so that the navigation received from the GPS satellite 2 without using the authentication center 120. Determine whether the message is a legitimate navigation message.
  • the detailed description of the second in-vehicle device 300 will be given later with reference to FIG.
  • the authentication center 120 includes a control unit 122, a data storage unit 124, and a communication unit 126.
  • the control unit 122 is a computer including a CPU, a ROM, a RAM, and the like, and controls the data storage unit 124 and the communication unit 126.
  • the CPU executes a program stored in the ROM while using the temporary storage function of the RAM, so that the RAND message generation unit 1221, the SEED value generation unit 1222, the H matrix calculation unit 1223, the parity calculation unit 1224, It functions as the signal processing unit 1225.
  • the functions of these units 1221 to 1225 may include the functions disclosed in Patent Document 1.
  • the RAND message generator 1221 creates a RAND message from the navigation message acquired from the monitor station 110.
  • the bit string data of TOW (time of week) and the clock correction parameters TOC, AF0, and AF1 of the ephemeris data are arranged in order from the bit string of the navigation message.
  • TOW, TOC, AF0, and AF1 are data specifying the signal transmission time, and correspond to the transmission time.
  • an ASAFlag that is an anti-spoof flag and a PRN (Pseudo Random Noise) ID that is a satellite number are added.
  • RAND including TOW and PRN ID is data indicating which GPS satellite has transmitted when. Further, since TOW changes every 6 seconds and includes PRN ID, RAND is generated for every GPS satellite 2 received by monitor station 110 and every 6 seconds.
  • the SEED value generation unit 1222 generates a SEED value by generating a random number with the PC clock as an input.
  • the H matrix calculation unit 1223 uses the SEED value generated by the SEED value generation unit 1222 and calculates an H matrix corresponding to the SEED value on a one-to-one basis.
  • a known hash function may be used.
  • a parity check matrix for performing LDPC (Low Density Parity Check) encoding may be used.
  • a generator matrix determined from a parity check matrix may be used.
  • the parity calculator 1224 calculates parity data based on the RAND message generated by the RAND message generator 1221 and the H matrix calculated by the H matrix calculator 1223.
  • the signal processing unit 1225 inserts the parity data calculated by the parity calculation unit 1224 and the RAND message used for the calculation into the navigation message transmitted from the QZS satellite 3. Then, the inserted navigation message is sent to the master control station 130.
  • the signal processing unit 1225 associates the parity data calculated by the parity calculation unit 1224, the RAND message used for calculating the parity data, the H matrix, and the SEED value used for the calculation of the H matrix in accordance with the signal insertion. And stored in the data storage unit 124.
  • the signal processing unit 1225 inserts the RAND message and parity data into the navigation message that causes the QZS satellite 3 to transmit each time the RAND message generation unit 1221 generates the RAND message. Therefore, the RAND message generation unit 1221, the SEED value generation unit 1222, the H matrix calculation unit 1223, and the parity calculation unit 1224 also execute processing each time the RAND message generation unit 1221 generates a RAND message.
  • the H matrix selection unit 1226 receives the PRN received from the H matrix stored in the data storage unit 124 when the communication unit 126 receives the PRN ID, TOW, and public key transmitted from the first in-vehicle device 200.
  • the H matrix corresponding to ID and TOW is selected.
  • the selected H matrix is encrypted with the public key, and the encrypted H matrix is returned to the first in-vehicle device 200.
  • first in-vehicle device 200 The navigation message broadcast by the QZS satellite 3 is received by the receiving unit 211 included in the communication unit 210 of the first in-vehicle device 200.
  • the first in-vehicle device 200 includes a communication unit 210, a control unit 220, and a satellite receiver 230.
  • the communication unit 210 includes a reception unit 211 and a transmission unit 212.
  • the communication unit 210 has a narrow area communication function and a wide area communication function.
  • the narrow area communication function has a communication distance of several hundred meters, for example.
  • the wide-area communication function has a communication distance of several kilometers, for example, and can communicate with other communication devices in the communication area of the public communication network by communicating with the base station of the public communication network.
  • the narrow-area communication function performs so-called vehicle-to-vehicle communication with the communication unit 310 of the second in-vehicle device 300, and the wide-area communication function performs communication with the communication unit 126 of the authentication center 120.
  • the satellite receiver 230 receives radio waves transmitted from the GPS satellite 2 and the QZS satellite 3 at regular intervals.
  • the control unit 220 is a computer including a CPU, a ROM, a RAM, and the like, and controls the communication unit 210 and the satellite receiver 230. Further, the CPU executes the program stored in the ROM while using the temporary storage function of the RAM, thereby executing the authentication related process shown in FIG. 4 and the authenticated satellite information transmission process shown in FIG.
  • authentication-related processing executed by the control unit 220 of the first in-vehicle device 200, that is, the signal received by the satellite receiver 230 is an authorized navigation message received from the GPS satellite 2 (hereinafter referred to as authentication-related processing). ) Will be described using the flowchart shown in FIG. The flowchart in FIG. 4 may be executed every time the satellite receiver 230 receives GPS radio waves from three or more GPS satellites 2, for example.
  • the satellite receiver 230 mistakenly transmits a signal from a repeater that duplicates a signal from the GPS satellite 2 or a simulator that can artificially generate a signal from the GPS satellite 2 as a navigation message included in the GPS radio wave. It may be received.
  • step S1 the current position of the own device is determined based on a navigation message included in GPS radio waves received from a plurality of three or more GPS satellites 2.
  • step S2 the navigation message received from the QZS satellite 3 is acquired from the receiving unit 211.
  • step S3 the PRN ID and TOW are extracted from the navigation message acquired in S1.
  • step S4 the PRN ID and TOW extracted in S3 are transmitted from the transmission unit 212 to the authentication center 120 together with the public key.
  • the authentication center 120 encrypts the H matrix determined by the PRN ID and TOW with the public key and transmits the encrypted H matrix to the first in-vehicle device 200.
  • the H matrix determined by the PRN ID and TOW transmitted from the first in-vehicle device 200 to the authentication center 120 corresponds to the authentication information.
  • step S5 the H matrix transmitted from the authentication center 120 is acquired from the receiving unit 211. That is, the H matrix corresponding to the navigation message received from the GPS satellite 2 is received from the authentication center 120.
  • step S6 the encrypted H matrix acquired in S5 is decrypted with the secret key.
  • step S7 a RAND message is created from the navigation message including the same PRN ID as the PRN ID transmitted in S4 among the navigation messages included in the GPS radio wave received from the GPS satellite 2.
  • step S8 comparison parity data is created based on the RAND message created in S7 and the H matrix decoded in S6.
  • step S9 it is determined whether or not the comparison parity data created in S8 matches the parity data extracted in S3.
  • the H matrix decrypted in S6 is the same as the H matrix used by the authentication center 120 to create parity data.
  • the parity calculation unit 1224 of the authentication center 120 calculates parity data based on the H matrix and the RAND message.
  • step S10 if the comparison parity data created in S8 matches the parity data extracted in S3 (YES in S9), the process proceeds to step S10 and authentication is established. On the other hand, if the two parity data do not match (NO in S9), the process proceeds to step S11 and authentication is not established. As described above, in the authentication-related processing, authentication is performed using the H matrix (that is, authentication information) received from the authentication center 120 in accordance with the navigation message received from the GPS satellite 2. After S10 and S11, the process proceeds to step S12.
  • H matrix that is, authentication information
  • step S12 when it is determined whether or not authentication has been established for all the navigation messages used for positioning in S1 (YES in S12), the processing in FIG. 4 ends. On the other hand, if it is determined that at least one of all the navigation messages used for positioning in S1 has not been authenticated (NO in S12), the process returns to S2 and the process is repeated.
  • FIG. 5 a flowchart shown in FIG. 5 is shown for processing (hereinafter, authenticated satellite information transmission processing) related to transmission of authentication satellite information to the second on-vehicle device 300, which is executed by the control unit 220 of the first on-vehicle device 200.
  • the processing shown in the flowchart of FIG. 5 and the processing shown in the flowchart of FIG. 4 are performed in parallel, and even if the authentication in the flowchart of FIG. 4 is not completed for all the navigation messages used for positioning, FIG. It is assumed that the flowchart is started. Moreover, what is necessary is just to set it as the structure which starts the flowchart of FIG. 5, for example with a fixed period.
  • the authenticated satellite information including the satellite number and the transmission time of the GPS satellite 2 that is the source of the navigation message that has been authenticated is transmitted.
  • the authenticated satellite information transmitted from the first in-vehicle device 200 is used in the second in-vehicle device 300 to determine whether the received navigation message is legitimate.
  • step S21 PRN ID (that is, satellite number) and TOW, TOC, AF0, and AF1 (that is, transmission time) are extracted from the navigation message that has been authenticated in the flowchart of FIG.
  • step S22 the authenticated satellite information including the satellite number and the transmission time extracted in S21 is transmitted by the narrow area communication function of the transmission unit 212, and the process ends.
  • the authenticated satellite information transmitted from the transmission unit 212 will be described below on the assumption that it is received by the second in-vehicle device 300 in the present embodiment.
  • the transmitting unit 212 may be configured to transmit the current position measured in S1 in addition to the authenticated satellite information.
  • the configuration may be such that authenticated satellite information about the GPS satellite 2 used for positioning of the current position and the current position are linked and transmitted.
  • the second in-vehicle device 300 includes a communication unit 310, a control unit 320, and a satellite receiver 330.
  • the communication unit 310 performs wireless communication with the communication unit 210 included in the first in-vehicle device 200.
  • the communication unit 310 includes a reception unit 311 and a transmission unit 312.
  • the communication unit 310 has the narrow-area communication function described above, and communicates with the communication unit 210 of the first in-vehicle device 200 using the narrow-area communication function.
  • Satellite receiver 330 receives radio waves transmitted by GPS satellite 2 and QZS satellite 3 at a constant period.
  • a radio wave transmitted from the GPS satellite 2 is received will be described as an example.
  • the control unit 320 is a computer including a CPU, a ROM, a RAM, and the like, and controls the communication unit 310 and the satellite receiver 330. Further, the CPU executes the first simple determination process shown in FIG. 7 by executing the program stored in the ROM while using the temporary storage function of the RAM.
  • the 1st simple judgment process which the control part 320 of the 2nd vehicle equipment 300 performs is demonstrated using the flowchart shown in FIG.
  • the authentication center 120 uses the authenticated satellite information transmitted from the first in-vehicle device 200, the authentication center 120 determines whether or not the navigation message received by the satellite receiver 330 of its own device is authentic. Judge without access.
  • the flowchart of FIG. 7 may be configured to start when the communication unit 310 of the second in-vehicle device 300 receives the authenticated satellite information transmitted from the first in-vehicle device 200, for example.
  • step S31 the authenticated satellite information received by the communication unit 310 is acquired from the communication unit 310.
  • This S31 corresponds to a satellite information acquisition unit.
  • the authenticated satellite information includes the satellite number and the transmission time of the GPS satellite 2 that is the transmission source of the navigation message that has been authenticated.
  • step S ⁇ b> 32 the navigation message received from the GPS satellite 2 by the satellite receiver 330 that was output most recently from the satellite receiver 330 is acquired. If the satellite receiver 330 has received navigation messages from a plurality of GPS satellites 2 within a predetermined period, the satellite receiver 330 outputs the received plurality of navigation messages.
  • step S33 it is determined whether the satellite number included in the authenticated satellite information acquired in S31 matches the satellite number included in the navigation message received in S32. That is, whether the satellite number of the GPS satellite 2 that is the source of the navigation message that has been authenticated by the first in-vehicle device 200 matches the satellite number of the GPS satellite 2 that received the navigation message in the second in-vehicle device 300. Determine whether. The satellite number corresponds to the identification information.
  • step S34 If it is determined in step S34 that the satellite numbers match (YES in S34), the process proceeds to step S35, where the satellite receiver 330 includes the authenticated satellite information in the navigation message received from the GPS satellite 2.
  • the navigation message that is determined to match the satellite number and the satellite number is determined to be a regular navigation message, and the process ends.
  • the navigation message determined not to match is not determined to be a regular navigation message, and the process ends.
  • S33 to S35 correspond to a simple determination unit.
  • the control unit 320 when the current position of the own device is determined based on the navigation message included in the GPS radio wave received from the GPS satellite 2, the navigation message that is determined to be a regular navigation message by the first simple determination process is displayed.
  • the configuration may be such that it is handled in the same manner as a navigation message for which authentication has been established.
  • the current position of the own device measured based on the navigation message determined to be a normal navigation message in the first simple determination process may be determined as the normal current position that has not been falsified. .
  • the second in-vehicle device 300 is the source of the navigation message that has been authenticated using the H matrix received from the authentication center 120 in the first in-vehicle device 200 and cannot be acquired in advance. Whether the navigation message received by the satellite receiver 330 is genuine or not is determined based on whether the satellite number of the GPS satellite 2 matches the satellite number of the navigation message received by the satellite receiver 330.
  • the navigation message received from the same GPS satellite 2 as the navigation message for which authentication has already been established may be a legitimate navigation message than the navigation message received from the same GPS satellite 2 for which the authentication has not been established. Is expensive. Therefore, even if the second in-vehicle device 300 does not receive the H matrix from the authentication center 120, it is possible to determine whether the navigation message received by the satellite receiver 330 is legitimate. Therefore, the communication processing load of the authentication center 120 can be reduced by the amount that the second in-vehicle device 300 does not have to receive the H matrix from the authentication center 120.
  • the navigation message from the GPS satellite 2 is legitimate while suppressing the communication processing load of the authentication center 120 used for authenticating whether the navigation message from the GPS satellite 2 used in the satellite positioning system is legitimate. It becomes possible to judge whether it is a thing.
  • Embodiment 1 demonstrated the structure in case the 2nd vehicle equipment 300 receives the authenticated satellite information transmitted from the 1st vehicle equipment 200 directly, it does not necessarily restrict to this.
  • a configuration in which the roadside device 400 receives and accumulates the authenticated satellite information transmitted from the first in-vehicle device 200, and distributes the accumulated authenticated satellite information from the roadside device 400 to the second in-vehicle device 300 (hereinafter, referred to as the following) Modification 1) may be used.
  • the roadside device 400 relays the point including the roadside device 400 and the authenticated satellite information transmitted from the first onboard device 200, and the distributed authenticated satellite information is transmitted to the second onboard device. Except for the point 300 receives, it is the same as the simple authentication system 1 in the first embodiment.
  • the simple authentication system 1 a in the first modification includes a monitor station 110, an authentication center 120, a master control station 130, a first in-vehicle device 200, a second in-vehicle device 300, and a roadside device 400.
  • the first vehicle-mounted device 200 executes the authentication-related process shown in FIG. 4 and the authenticated satellite information transmission process shown in FIG. Therefore, the first in-vehicle device 200 corresponds to the first navigation message receiver, and the satellite receiver 230 of the first in-vehicle device 200 corresponds to the first satellite receiver. Further, S5 described above corresponds to an authentication information receiving unit, S9 to S11 described above correspond to a center use authentication unit, and S22 described above corresponds to a satellite information transmitting unit.
  • the second in-vehicle device 300 executes the first simple determination process shown in FIG. Accordingly, the second in-vehicle device 300 corresponds to the second navigation message receiving device, and the satellite receiver 330 of the second in-vehicle device 300 corresponds to the second satellite receiver.
  • the communication unit 310 of the second in-vehicle device 300 receives the authenticated satellite information relayed by the roadside device 400. Therefore, S31 described above corresponds to the satellite information acquisition unit, and S33 to S35 described above correspond to the simple determination unit.
  • the roadside machine 400 is provided on the road, and includes a communication unit 410, a control unit 420, and a storage unit 430 as shown in FIG.
  • the communication unit 410 performs so-called road-to-vehicle communication with the communication unit 210 included in the first vehicle-mounted device 200 and the communication unit 310 included in the second vehicle-mounted device 300 using the narrow-area communication function.
  • the control unit 420 is a computer including a CPU, a ROM, a RAM, and the like, and controls the communication unit 410 and accumulates authenticated satellite information received from the first in-vehicle device 200 in the storage unit 430. Further, the CPU executes the storage process shown in FIG. 9 and the distribution process shown in FIG. 10 by executing the program stored in the ROM while using the temporary storage function of the RAM.
  • a storage process executed by the control unit 420 of the roadside device 400 to store the authenticated satellite information received from the first vehicle-mounted device 200 will be described with reference to the flowchart shown in FIG.
  • the flowchart in FIG. 9 may be configured to start when, for example, authenticated satellite information is received from the first in-vehicle device 200 by the communication unit 410 of the roadside device 400.
  • step S41 the authenticated satellite information transmitted from the first vehicle-mounted device 200 is received via the communication unit 410. Therefore, S41 corresponds to a satellite information receiving unit.
  • step S42 the authenticated satellite information received in S41 is stored in the storage unit 430, and the process ends. Therefore, the storage unit 430 corresponds to an accumulation unit. For example, when authenticated satellite information with the same satellite number is already stored in the storage unit 430, the older transmission time is deleted and the newer one is stored in the storage unit 430. do it.
  • the second in-vehicle device can be obtained by limiting the authenticated satellite information stored in the storage unit 430 to a relatively new one, such as deleting from the storage unit 430 if the transmission time is older than a predetermined time such as one hour. It is good also as a structure which raises the precision which judges in the 1st simple judgment process in 300 as a regular navigation message. This is because the navigation message received from the same GPS satellite 2 as the origination GPS satellite 2 of the authenticated navigation message within a relatively short time within the range of the range of road-to-vehicle communication is the probability of impersonation. Is lower and more likely to be a legitimate navigation message.
  • the flowchart of FIG. 10 may be configured to start when the power of the roadside device 400 is turned on and to end when the power of the roadside device 400 is turned off.
  • step S51 it is determined whether or not it is a distribution timing of authenticated satellite information accumulated in the storage unit 430.
  • the distribution timing of the authenticated satellite information may be set to a certain period, for example. If it is determined that the distribution timing is reached (YES in S51), the process proceeds to step S52. On the other hand, when it is determined that it is not the delivery timing (NO in S51), the process of step S51 is repeated.
  • step S52 the authenticated satellite information stored in the storage unit 430 is distributed via the communication unit 410, and the process returns to S51 and is repeated. If authenticated satellite information for a plurality of GPS satellites 2 is stored in the storage unit 430, the authenticated satellite information for the plurality of GPS satellites 2 may be distributed.
  • the second in-vehicle device 300 determines whether the navigation message received by the satellite receiver 330 is authentic even if it does not receive the H matrix from the authentication center 120. It becomes possible to do. Therefore, the communication processing load of the authentication center 120 can be reduced by the amount that the second in-vehicle device 300 does not have to receive the H matrix from the authentication center 120.
  • the authenticated satellite information which the 1st vehicle equipment 200 transmitted is the roadside machine 400. Is accumulated and distributed, the second in-vehicle device 300 that comes to the vicinity of the roadside device 400 later in time than the first in-vehicle device 200 can acquire.
  • the authenticated satellite information that the roadside device 400 receives from the first in-vehicle device 200 may receive a navigation message in the vicinity where the roadside device 400 is provided. It is narrowed down to the authenticated satellite information about the GPS satellite 2 that can be. Therefore, the roadside device 400 can distribute the GPS satellites 2 to the authenticated satellite information about the GPS satellites 2 that can receive the navigation message in the vicinity where the roadside device 400 is provided. As a result, the second in-vehicle device 300 that receives the authenticated satellite information from the roadside device 400 is efficiently focused on the authenticated satellite information about the GPS satellite 2 that can receive the navigation message in the vicinity where the vehicle is located. Can be received.
  • ⁇ Modification 2> the configuration is shown in which the authenticated satellite information transmitted from the first in-vehicle device 200 is received and accumulated by the roadside device 400, and the accumulated authentication satellite information is distributed from the roadside device 400. Not exclusively. For example, like the first vehicle-mounted device 200, authentication-related processing is performed in the roadside device 400, and the authenticated satellite information about the GPS satellite 2 that is the source of the navigation message that has been authenticated is distributed. It is good also as a structure which receives information with the 2nd vehicle equipment 300.
  • the configuration may be such that authenticated satellite information is transmitted from the first vehicle-mounted device 200 or the roadside device 400 via the public communication line network, and the transmitted authenticated satellite information is received by the second vehicle-mounted device 300.
  • the communication unit 310 of the second in-vehicle device 300 may be configured to receive authenticated satellite information via a public communication network by providing a wide-area communication function.
  • ⁇ Modification 3> it is received depending on whether or not the satellite number included in the authenticated satellite information received from the first in-vehicle device 200 matches the satellite number included in the navigation message received by the satellite receiver 330.
  • the configuration for determining whether the navigation message is genuine has been described, the configuration is not necessarily limited thereto. In order to further improve the accuracy of determining a regular navigation message, it is preferable to adopt the configuration of Modification 3 below.
  • Modification 3 is the same as Embodiment 1 except that the processing in the control unit 220 of the first in-vehicle device 200 is partially different from that of the control unit 320 in the second in-vehicle device 300. It is. Specifically, in Modification 3, whether or not there is continuity between the transmission time included in the authenticated satellite information received from the first in-vehicle device 200 and the transmission time included in the navigation message received by the satellite receiver 330. Is different from the first embodiment in that it is determined whether the received navigation message is legitimate.
  • the authenticated satellite information transmission process in the modified example 3 in addition to the satellite number and the transmission time extracted from the navigation message for which authentication has been established, the reception of the navigation message for which authentication has been established received by the satellite receiver 230 of the first in-vehicle device 200 is received.
  • the authenticated satellite information including the time is transmitted.
  • the flowchart of FIG. 11 may be configured to start when the communication unit 310 of the second in-vehicle device 300 receives the authenticated satellite information transmitted from the first in-vehicle device 200, for example.
  • the flowchart of FIG. 11 is configured such that when the authenticated satellite information transmitted from the first vehicle-mounted device 200 includes information on a plurality of GPS satellites 2, the processing is performed on each of the plurality of GPS satellites 2. do it.
  • the authenticated satellite information received by the communication unit 310 is acquired from the communication unit 310.
  • S61 also corresponds to a satellite information acquisition unit.
  • the authenticated satellite information includes the satellite number, transmission time, and reception time of the GPS satellite 2 that is the transmission source of the navigation message that has been authenticated.
  • step S62 the navigation message that was output most recently from the satellite receiver 330 and received by the satellite receiver 330 from the GPS satellite 2 and the reception time of the navigation message are acquired. If the satellite receiver 330 has received navigation messages from a plurality of GPS satellites 2 within a predetermined period, the satellite receiver 330 outputs the received plurality of navigation messages.
  • step S63 it is determined whether the satellite number included in the authenticated satellite information acquired in S61 matches the satellite number included in the navigation message received in S62.
  • step S64 If it is determined in step S64 that the satellite numbers match (YES in S64), the process proceeds to S65. On the other hand, if it is determined that the satellite numbers do not match (NO in S64), the process ends.
  • step S65 the authenticated satellite information and the navigation message determined to have the same satellite number in S64 are included in the transmission time included in the authenticated satellite information acquired in S61 and the navigation message received in S62. It is determined whether there is continuity with the transmission time. In other words, for the same GPS satellite 2, the authenticated satellite is included in the transmission time included in the authenticated satellite information received from the first in-vehicle device 200 and the transmission time included in the navigation message received in the second in-vehicle device 300. It is determined whether or not there is continuity according to the reception time difference from the reception time included in the information to the reception time of the navigation message. S65 corresponds to a first continuity determination unit.
  • authentication using the authentication center 120 is established in the first in-vehicle device 200 for the navigation message transmitted from the GPS satellite 2a, and the authenticated satellite information for the navigation message is obtained from the first in-vehicle device 200. It is assumed that it has been transmitted to the second in-vehicle device 300. Furthermore, it is assumed that the second in-vehicle device 300 receives a navigation message transmitted from the GPS satellite 2a thereafter.
  • the transmission time of the navigation message from the GPS satellite 2a that has been authenticated by the first in-vehicle device 200 is Ti1
  • the reception time of the navigation message in the first in-vehicle device 200 is To1
  • the second in-vehicle device 300 The transmission time of the navigation message received from the GPS satellite 2a is Ti2, and the reception time is To2.
  • the reception time (To1) included in the authenticated satellite information acquired in S61 is subtracted from the reception time (To2) of the navigation message acquired in S62, and the reception included in the authenticated satellite information acquired in S61.
  • a reception time difference (To2-To1) from the time to the reception time of the navigation message acquired in S62 is calculated.
  • the calculated reception time difference (To2-To1) is added to the transmission time (Ti1) included in the authenticated satellite information acquired in S61 (Ti1 + (To2-To1)) and the navigation acquired in S62. It is determined whether or not the transmission time (Ti2) included in the message matches.
  • the term “match” includes not only the case of a complete match but also the case of a close match within an error range.
  • a configuration for determining whether or not a time (Ti2-Ti1) obtained by subtracting the transmission time (Ti1) included in the authenticated satellite information acquired in S61 from the transmission time (Ti2) included in the acquired navigation message matches. It is good.
  • the transmission time included in the authenticated satellite information acquired in S61 and the navigation message acquired in S62 are included.
  • step S66 when it is determined that the transmission time included in the authenticated satellite information acquired in S61 and the transmission time included in the navigation message acquired in S62 are continuous (YES in S66). ) Proceeds to step S67.
  • step S67 the navigation message including the transmission time determined to be continuous with the transmission time included in the authenticated satellite information is determined to be a regular navigation message, and the process ends.
  • the second in-vehicle device 300 determines whether the navigation message received by the satellite receiver 330 is legitimate without receiving the H matrix from the authentication center 120. It becomes possible to do. Therefore, the communication processing load of the authentication center 120 can be reduced by the amount that the second in-vehicle device 300 does not have to receive the H matrix from the authentication center 120.
  • this navigation message when there is no continuity according to the reception time difference between the transmission time included in the authenticated satellite information and the transmission time of the navigation message received by the second in-vehicle device 300, this navigation message is displayed. It is not judged as a regular navigation message. Therefore, when a repeater or a simulator is used, the received navigation message can be prevented from being determined as a regular navigation message, and the accuracy of determination as a regular navigation message can be improved.
  • Embodiment 2 will be described with reference to the drawings.
  • members having the same functions as those shown in the drawings used in the description of the above-described embodiment are denoted by the same reference numerals, and description thereof is omitted.
  • the simple authentication system 1b of the second embodiment accesses the authentication center 120 even in the second in-vehicle device 300 and authenticates the received navigation message once, and the navigation in which authentication has been established in the past in the second in-vehicle device 300.
  • the simple authentication according to the first embodiment is used except that the message is used to determine whether the navigation message received by the satellite receiver 330 of the second in-vehicle device 300 is genuine without accessing the authentication center 120. Similar to system 1.
  • the simple authentication system 1 a includes a monitor station 110, an authentication center 120, a master control station 130, a first in-vehicle device 200, and a second in-vehicle device 300.
  • the first vehicle-mounted device 200 executes the authentication-related process shown in FIG. 4 and the authenticated satellite information transmission process shown in FIG.
  • the second in-vehicle device 300 executes the authentication-related process shown in FIG. 14 and the second simple determination process shown in FIG. 15 in addition to the first simple determination process shown in FIG.
  • the processing from step S71 to step S82 of the authentication related processing shown in FIG. 14 is performed in the same manner as S1 to S12 of the authentication related processing shown in FIG. Therefore, S75 corresponds to the authentication information receiving unit, and S79 to S81 correspond to the center use authentication unit.
  • the second in-vehicle device 300 associates the reception time of the navigation message (hereinafter, authenticated navigation message) that has been authenticated in the authentication-related processing shown in FIG. 14 with the authenticated navigation message, and the backup RAM of the control unit 320
  • the configuration may be such that it is stored in a non-volatile memory such as.
  • it is good also as a structure narrowed down to the satellite number and transmission time which are linked
  • the flowchart of FIG. 15 may be configured to start when the satellite receiver 330 of the second in-vehicle device 300 receives a navigation message from the GPS satellite 2, for example.
  • the flow chart of FIG. 15 shows that the navigation message of a plurality of GPS satellites 2 is received by the satellite receiver 330 within one cycle of the output sequentially performed from the satellite receiver 330 to the control unit 320. What is necessary is just to set it as the structure which each processes about the navigation message of GPS satellite 2.
  • step S91 the navigation message received by the satellite receiver 330 is acquired from the satellite receiver 330.
  • step S92 it is determined whether or not the satellite number included in the navigation message acquired in S91 matches the satellite number included in the authenticated navigation message stored in the memory of the control unit 320.
  • step S93 If it is determined in step S93 that the satellite numbers match (YES in S93), the process proceeds to S94. On the other hand, if it is determined that the satellite numbers do not match (NO in S93), the process ends.
  • the case where it is determined that the satellite numbers do not match also includes the case where no authenticated navigation message is stored in the memory of the control unit 320.
  • step S94 it is determined whether or not there is continuity between the navigation message acquired in S91 and the authenticated navigation message determined that the satellite numbers match in S93. Specifically, from when an authenticated navigation message is received until a new navigation message is received at the transmission time included in the navigation message newly received by the satellite receiver 330 and the transmission time included in the authenticated navigation message. It is determined whether or not there is continuity according to the reception time difference.
  • This S94 corresponds to a second continuity determination unit.
  • the transmission time of the navigation message (that is, the authenticated navigation message) for which the authentication using the authentication center 120 is established in the second in-vehicle device 300 is Ti3, and the reception time of the navigation message in the second in-vehicle device 300 is To3. Then, the transmission time of the navigation message newly received from the GPS satellite 2a by the second in-vehicle device 300 is Ti4 and the reception time is To4.
  • the reception time (To3) of the authenticated navigation message is subtracted from the reception time (To4) of the navigation message acquired in S91, and the reception time of the navigation message acquired in S91 from the reception time of the authenticated navigation message. Difference in reception time (To4-To3) is calculated.
  • the calculated reception time difference (To4-To3) is added to the transmission time (Ti3) included in the authenticated navigation message (Ti3 + (To4-To3)) and included in the navigation message acquired in S91. It is determined whether or not the transmission time (Ti4) matches.
  • the term “match” includes not only the case of a complete match but also the case of a close match within an error range.
  • the term “match” as used herein can be rephrased as being consistent.
  • the time (To4-To3) obtained by subtracting the reception time (To3) of the authenticated navigation message from the reception time (To4) of the navigation message acquired in S91 is included in the navigation message acquired in S91. It may be configured to determine whether or not the time (Ti4-Ti3) obtained by subtracting the transmission time (Ti3) included in the authenticated navigation message matches the transmission time (Ti4) transmitted.
  • step S95 if it is determined that the transmission time included in the authenticated navigation message and the transmission time included in the navigation message acquired in S91 are continuous (YES in S95), Proceed to step S96.
  • step S96 it is determined that the navigation message acquired in S91 is a regular navigation message, and the process ends.
  • the first in-vehicle device when the authenticated navigation message including the satellite number that matches the satellite number included in the navigation message acquired in S91 is not obtained, the first in-vehicle device The first simple determination process using the authenticated satellite information transmitted from 200 may be performed.
  • the authenticated navigation message stored in the memory of the control unit 320 is determined to match the time and time in the processing of S94 with the clock that measures the reception time of the navigation message by the satellite receiver 330.
  • a configuration may be adopted in which erasing is performed when a period in which a deviation exceeding the range is generated has elapsed.
  • the navigation message newly received from the same GPS satellite 2 may be authenticated using the authentication center 120, and the navigation message that has been authenticated is stored in the memory as an authenticated navigation message. .
  • ⁇ Summary of Embodiment 2> once authentication of the navigation message is established in the second in-vehicle device 300 using the authentication center 120, the navigation message newly received from the same GPS satellite 2 as the source of the navigation message is described. Based on the authenticated navigation message stored in the memory and its reception time, it can be determined whether it is genuine. Therefore, the communication processing load of the authentication center 120 can be reduced by the amount that the second in-vehicle device 300 does not have to receive the H matrix from the authentication center 120 for the newly received navigation message.
  • the second embodiment when there is no continuity according to the reception time difference between the transmission time included in the authenticated navigation message and the transmission time of the navigation message newly received by the second in-vehicle device 300, this navigation is performed.
  • the message is not considered a regular navigation message. Therefore, a repeater or a simulator is used so that the navigation message can be prevented from being determined as a regular navigation message, and the accuracy with which it is determined as a regular navigation message can be increased.
  • ⁇ Modification 4> In the second embodiment, for the same GPS satellite 2, a continuous time according to the reception time difference between the transmission time included in the authenticated navigation message and the transmission time of the navigation message newly received by the second in-vehicle device 300.
  • the received navigation depends on whether there is continuity between the pseudo distance determined from the transmission time and reception time of the authenticated navigation message and the pseudo distance determined from the transmission time and reception time of the newly received navigation message. It may be configured to determine whether the message is genuine (hereinafter, modified example 4).
  • the modification 4 is the same as that of Embodiment 2 except that the processing in the control unit 320 of the second in-vehicle device 300 is partially different. Specifically, in the fourth modification, a part of the second simple determination process in the control unit 320 is different from that in the second embodiment.
  • FIG. 17 may also be configured to start when the satellite receiver 330 of the second in-vehicle device 300 receives a navigation message from the GPS satellite 2, for example.
  • the navigation message of the plurality of GPS satellites 2 is received by the satellite receiver 330 within one cycle of the output sequentially performed from the satellite receiver 330 to the control unit 320, What is necessary is just to set it as the structure which each processes about the navigation message of GPS satellite 2.
  • FIG. 17 when the navigation message of the plurality of GPS satellites 2 is received by the satellite receiver 330 within one cycle of the output sequentially performed from the satellite receiver 330 to the control unit 320, What is necessary is just to set it as the structure which each processes about the navigation message of GPS satellite 2.
  • step S101 the reception time difference from the reception time of the authenticated navigation message stored in the memory of the control unit 320 to the reception time of the navigation message newly received by the satellite receiver 330 was within a predetermined time. In the case (YES in S101), the process proceeds to S102. On the other hand, if the predetermined time has been exceeded (NO in S101), the navigation message newly received by the satellite receiver 330 is not determined to be a regular navigation message, and the process ends.
  • the predetermined time here refers to a navigation message from the GPS satellite 2 when a repeater that duplicates the signal from the GPS satellite 2 or a simulator that can generate a signal from the GPS satellite 2 in a pseudo manner is not used. Is a value that is estimated to be unlikely to cause a difference greater than or equal to a threshold used in step S105 described later in the pseudo-range determined from the transmission time of the navigation message and the reception time of the navigation message at the satellite receiver 330, It is a value that can be set arbitrarily.
  • the pseudorange is calculated by adding the speed of light to the propagation time determined from the transmission time from the GPS satellite 2 and the reception time at the satellite receiver 330, and calculated from the GPS satellite 2 and the satellite receiver 330. Distance.
  • step S105 it is determined whether or not there is continuity between the navigation message newly received by the satellite receiver 330, which has been determined to match the satellite number in S104, and the authenticated navigation message. Specifically, the pseudo distance obtained from the transmission time included in the authenticated navigation message and the reception time of the authenticated navigation message, the transmission time included in the navigation message newly received by the satellite receiver 330, and the navigation message It is determined whether or not there is continuity in the pseudo distance obtained from the reception time of. S105 also corresponds to the second continuity determination unit.
  • the pseudo-range here means that the GPS satellite 2 and the satellite are calculated by adding the speed of light to the propagation time determined from the transmission time from the GPS satellite 2 and the reception time at the satellite receiver 330. The distance from the receiver 330.
  • the pseudo distance obtained from the time of sending the authenticated navigation message and the time of receiving the certified navigation message is ⁇ 1, and then the time of sending the navigation message newly received from the GPS satellite 2a by the satellite receiver 330, and its navigation
  • the pseudo distance obtained from the message reception time is represented by ⁇ 2.
  • the speed of light is added to the propagation time determined from the transmission time of the authenticated navigation message and the reception time of the authenticated navigation message, and the pseudorange ( ⁇ 1) is calculated. Further, the speed of light is added to the propagation time determined from the transmission time of the navigation message newly received by the satellite receiver 330 and the reception time of the navigation message, and the pseudorange ( ⁇ 2) is calculated.
  • ) obtained by subtracting the pseudorange ( ⁇ 2) from the pseudorange ( ⁇ 1) is less than a threshold value.
  • the threshold mentioned here is the upper limit of the change in the pseudorange between the GPS satellite 2 and the satellite receiver 330 that is estimated to be generated by the elapse of the predetermined time in S101 when the above-described repeater or simulator is not used. About the value.
  • step S106 when it is determined that the authenticated navigation message and the navigation message newly received by the satellite receiver 330 are continuous (YES in S106), the process proceeds to step S107.
  • step S107 the navigation message newly received by the satellite receiver 330 is determined to be a regular navigation message, and the process ends.
  • the predetermined time of S101 is provided as a condition for determining that there is continuity for the navigation message in which the above repeater or simulator is not used in the determination of continuity in S106. Is.
  • the pseudo distance determined from the transmission time included in the authenticated navigation message and the reception time of the authenticated navigation message the pseudo distance determined from the transmission time of the newly received navigation message and the reception time of the navigation message, If there is no continuity between the two, the newly received navigation message is not determined as a regular navigation message. Therefore, when a repeater or a simulator is used, the navigation message can be prevented from being determined as a regular navigation message, and the accuracy with which it is determined as a regular navigation message can be increased.
  • Embodiment 3 will be described with reference to the drawings.
  • members having the same functions as those shown in the drawings used in the description of the above-described embodiment are denoted by the same reference numerals, and description thereof is omitted.
  • the simple authentication system 1b uses the navigation message that has been authenticated by the second in-vehicle device 300, and the satellite receiver 330 receives the other GPS satellites 2 received at almost the same timing as the navigation message. Except for determining whether the navigation message is legitimate without access to the authentication center 120, this is the same as the simple authentication system 1b of the second embodiment.
  • the simple authentication system 1b in the third embodiment also includes the monitor station 110, the authentication center 120, the master control station 130, the first in-vehicle device 200, and the second in-vehicle device 300, as shown in the second embodiment.
  • the first vehicle-mounted device 200 executes the authentication-related process shown in FIG. 4 and the authenticated satellite information transmission process shown in FIG.
  • the second in-vehicle device 300 executes the authentication related process shown in FIG. 14 in addition to the first simple determination process shown in FIG. Moreover, the 3rd simple judgment process shown in FIG. 19 is performed instead of the 2nd simple judgment process demonstrated in Embodiment 2.
  • FIG. 19 is performed instead of the 2nd simple judgment process demonstrated in Embodiment 2.
  • the satellite receiver 330 of the second in-vehicle device 300 outputs the navigation message received from the GPS satellite 2 within one cycle to the control unit 320 of the second in-vehicle device 300 at regular intervals. Therefore, when navigation messages are received from three or more GPS satellites 2 within one period, navigation messages for these GPS satellites 2 are output to the control unit 320.
  • positioning is performed based on the navigation messages for the three or more GPS satellites 2 received by the satellite receiver 330 within the above-described one period, and the navigation message used for positioning is used.
  • Authentication-related processing is performed until authentication is established for at least one of the above.
  • authentication is established for one navigation message, it is determined whether the other navigation message is authentic without access to the authentication center 120 by the third simple determination process. Note that the plurality of navigation messages received within one period described above can be said to be navigation messages received at substantially the same timing.
  • the flowchart in FIG. 19 may be configured to start when authentication is established in the authentication-related processing for at least one navigation message among a plurality of navigation messages used for positioning.
  • the flowchart of FIG. 19 may be configured to perform processing for each navigation message that has not yet been authenticated in the authentication-related processing among the plurality of navigation messages used for positioning.
  • step S111 a navigation message (hereinafter referred to as an unauthenticated navigation message) other than a navigation message (ie, an authenticated navigation message) for which authentication has been established among the navigation messages used for positioning is acquired.
  • an unauthenticated navigation message a navigation message (hereinafter referred to as an unauthenticated navigation message) other than a navigation message (ie, an authenticated navigation message) for which authentication has been established among the navigation messages used for positioning is acquired.
  • step S112 it is determined whether or not the transmission time included in the unauthenticated navigation message acquired in S111 matches the transmission time included in the authenticated navigation message.
  • the term “match” includes not only the case of a complete match but also the case of a close match within an error range.
  • the transmission time included in the authenticated navigation message corresponds to the matching information, and S112 corresponds to the consistency determining unit.
  • the navigation message transmitted from the GPS satellite 2a is authenticated by the second in-vehicle device 300 using the authentication center 120, and the GPS satellite 2b. It is assumed that the navigation message transmitted from is not yet authenticated.
  • the transmission time of the navigation message (that is, authenticated navigation message) transmitted from the GPS satellite 2a is Ti5
  • the transmission time of the navigation message (that is, unauthenticated navigation message) transmitted from the GPS satellite 2b is Ti6.
  • a plurality of navigation messages received within one cycle at the satellite receiver 330 are transmitted unless a repeater that duplicates a signal from the GPS satellite 2 or a simulator that can artificially generate a signal from the GPS satellite 2 is used. There is a relationship in which the times match.
  • step S113 If it is determined in step S113 that the transmission times match (YES in S113), a transmission time that is consistent with the transmission time included in the authenticated navigation message is included in the unauthenticated navigation message. Determine and proceed to S114. In S114, it is determined that the unauthenticated navigation message acquired in S111 is a regular navigation message, and the process ends. On the other hand, if it is determined that the transmission times do not match (NO in S113), the unauthenticated navigation message acquired in S111 is not determined to be a regular navigation message, and the process ends. S113 to S114 also correspond to the simple determination unit.
  • the unauthenticated navigation message acquired in S111 may be determined not to be a regular navigation message.
  • the third simple determination process is performed to reinforce the determination result by the first simple determination process, or the first simple determination process is performed to reinforce the determination result by the third simple determination process. What is necessary is just to be the structure to do.
  • the third simple determination process is performed to reinforce the determination result of the second simple determination process, or the determination result of the third simple determination process is determined. In order to reinforce the above, the second simple determination process may be performed.
  • ⁇ Summary of Embodiment 3> when authentication is established in the second in-vehicle device 300 using the authentication center 120 for one navigation message among a plurality of navigation messages used for positioning, other navigation messages used for positioning are used. It is possible to determine whether it is genuine based on the transmission time. Accordingly, the communication processing load of the authentication center 120 can be reduced by the amount that the second in-vehicle device 300 does not have to receive the H matrix from the authentication center 120 for other navigation messages used for positioning.
  • the transmission times included in the plurality of navigation messages used for positioning match.
  • the transmission time is determined to be a legitimate navigation message based on whether or not the authentication is successful, the legitimate navigation message is used when a repeater or a simulator is used. It can be determined not to be a message. Therefore, it is possible to improve the accuracy of determining a regular navigation message.
  • the unauthenticated navigation message is determined depending on whether or not the transmission time included in the authenticated navigation message and the transmission time included in the unauthenticated navigation message match among the plurality of navigation messages used for positioning.
  • the satellite position determined from the orbit information of the GPS satellite 2 included in the authenticated navigation message and the transmission time included in the authenticated navigation message, and the GPS satellite 2 included in the unauthenticated navigation message As a configuration for determining whether the unauthenticated navigation message is genuine (hereinafter, modified example 5) based on whether or not the satellite position determined from the orbit information and the transmission time included in the unauthenticated navigation message matches. Good.
  • the modified example 5 is the same as that of the third embodiment except that the processing in the control unit 320 of the second in-vehicle device 300 is partially different. Specifically, in the fifth modification, a part of the third simple determination process in the control unit 320 is different from that in the third embodiment.
  • the navigation message includes ephemeris data and almanac data as is well known.
  • the almanac data includes orbit information about all the GPS satellites 2 in the orbit, not limited to the GPS satellite 2 that is the origin of the navigation message. From this orbit information and the origination time of the navigation message, all GPS satellites are included. 2 satellite positions can be calculated.
  • the ephemeris data includes orbit information about the GPS satellite 2 that is the origin of the navigation message. From this orbit information and the origination time of the navigation message, the ephemeris data has a higher accuracy of the GPS satellite 2 that is the origin of the navigation message. High satellite position can be calculated.
  • Modification 5 uses the trajectory information included in the almanac data among the trajectory information included in the almanac data and the trajectory information included in the ephemeris data.
  • the trajectory information included in the almanac data is simply referred to as trajectory information.
  • the flowchart of FIG. 21 may also be configured to start when authentication is established in the authentication-related processing for at least one navigation message among a plurality of navigation messages used for positioning.
  • the flowchart of FIG. 21 may also be configured to perform processing for each navigation message that has not yet been authenticated by authentication-related processing among the plurality of navigation messages used for positioning.
  • the GPS satellite 2 that is the source of the authenticated navigation message is the GPS satellite 2a.
  • step S121 an unauthenticated navigation message other than the authenticated navigation message is acquired from the navigation messages used for positioning in the same manner as in S111 described above.
  • step S122 the position of the GPS satellite 2a is calculated from the transmission time included in the authenticated navigation message used for positioning and the orbit information of the GPS satellite 2a included in the authenticated navigation message. Therefore, the transmission time and orbit information correspond to the satellite position calculation information.
  • step S123 the position of the GPS satellite 2a is calculated from the transmission time included in the unauthenticated navigation message used for positioning and the orbit information of the GPS satellite 2a included in the unauthenticated navigation message.
  • the reason why the satellite position of the GPS satellite 2a can be calculated from the orbit information included in the unauthenticated navigation message received from the GPS satellite 2 other than the GPS satellite 2a that has transmitted the authenticated navigation message is as follows. GPS satellites 2 other than the GPS satellite 2a from which the authenticated navigation message is transmitted correspond to unauthenticated satellites.
  • the orbit information included in the almanac data includes orbit information for GPS satellites 2a other than the GPS satellite 2 that is the source of the unauthenticated navigation message.
  • a plurality of navigation messages received within one cycle by the satellite receiver 330 are in a relationship in which the transmission times coincide unless the repeater or simulator described above is used. Therefore, the satellite position of the GPS satellite 2a can be calculated from the transmission time and the orbit information included in the unauthenticated navigation message.
  • step S124 it is determined whether or not the satellite position of the GPS satellite 2a calculated in S122 matches the satellite position of the GPS satellite 2a calculated in S123.
  • the term “match” includes not only the case of a complete match but also the case of a close match within an error range. This S124 corresponds to a consistency determination unit.
  • the unauthenticated navigation message used for positioning and the authenticated navigation message should have the same transmission time. Therefore, if no repeater or simulator is used, the satellite position of the GPS satellite 2a calculated from the transmission time and the orbit information included in the authenticated navigation message from the transmission time and the orbit information included in the unauthenticated navigation message. The same satellite position can be calculated. Therefore, if no repeater or simulator is used, the satellite position of the GPS satellite 2a calculated in S122 matches the satellite position of the GPS satellite 2a calculated in S123.
  • step S125 If it is determined in step S125 that the satellite positions match (YES in S125), the orbit information and the transmission time that are consistent with the orbit information and the transmission time included in the authenticated navigation message are not authenticated. It is determined that it is included in the navigation message, and the process proceeds to S126. In S126, it is determined that the unauthenticated navigation message acquired in S121 is a regular navigation message, and the process ends. On the other hand, if it is determined that the satellite positions do not match (NO in S125), the unauthenticated navigation message acquired in S121 is not determined to be a regular navigation message, and the process ends. S125 to S126 also correspond to the simple determination unit.
  • the unauthenticated navigation message acquired in S121 may be determined not to be a regular navigation message.
  • the third simple determination process is performed to reinforce the determination result by the first simple determination process, or the first simple determination process is performed to reinforce the determination result by the third simple determination process. What is necessary is just to be the structure to do. Further, when the second simple determination process is configured in the fifth modification, the third simple determination process is performed to reinforce the determination result by the second simple determination process, or the determination result by the third simple determination process. In order to reinforce the above, the second simple determination process may be performed.
  • the transmission times included in the plurality of navigation messages used for positioning do not match, and the satellite positions of the same GPS satellites 2 calculated from the transmission times and the orbit information do not match. It becomes like this.
  • the satellite position is determined to be a legitimate navigation message based on whether or not the navigation message has been authenticated, when the repeater or simulator is used, the navigation message is changed to the legitimate navigation message. It can be determined not to be a message. Therefore, it is possible to improve the accuracy of determining a regular navigation message.
  • the satellite position of the GPS satellite 2a that is the origin of the authenticated navigation message is used as the satellite position for determining the match has been described as an example.
  • a satellite position other than the GPS satellite 2a may be used.
  • ⁇ Modification 6> In the above-described embodiment, an example in which only the navigation message received from the GPS satellite 2 is used for positioning has been described. However, the navigation message received from the QZS satellite 3 may be used for positioning. . In this case, the navigation message received from the QZS satellite 3 may be authenticated in the same manner as the GPS satellite 2.
  • a RAND message is generated from the navigation message received by the monitor station 110 from the QZS satellite 3, and the parity data is created by the authentication center 120 based on the RAND message. Then, the created parity data is sent to the master control station 130, and the parity data is transmitted from the master control station 130 to the QZS satellite 3.
  • the QZS satellite 3 broadcasts a navigation message including the parity data toward the ground.
  • the first in-vehicle device 200 and the second in-vehicle device 300 in the second and subsequent embodiments create a RAND message from the navigation message received from the QZS satellite 3, and compare parity data from this RAND message and the H matrix acquired from the authentication center 120. Create Then, a configuration in which authentication is performed by comparing the created comparison parity data with the parity data received from the QZS satellite 3 may be adopted.
  • ⁇ Modification 7> The navigation message authentication type authentication method described in the above embodiment is merely an example, and any other authentication method (hereinafter, modified example 7) may be used as long as it is an authentication method that requires access to a certification authority. Good.
  • the first in-vehicle device 200 and the second in-vehicle device 300 used in the vehicle have been described as examples.
  • the present invention is not necessarily limited thereto.
  • a navigation message receiver similar to the first in-vehicle device 200 and the second in-vehicle device 300 may be applied to a portable terminal or the like carried by the user.
  • embodiment and composition concerning this indication are not limited to each embodiment and each composition mentioned above.
  • Embodiments and configurations obtained by appropriately combining technical elements disclosed in different embodiments and configurations are also included in the scope of the embodiments and configurations according to the present disclosure.

Landscapes

  • Engineering & Computer Science (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Remote Sensing (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Multimedia (AREA)
  • Position Fixing By Use Of Radio Waves (AREA)
  • Navigation (AREA)
  • Traffic Control Systems (AREA)
  • Mobile Radio Communication Systems (AREA)
PCT/JP2015/000743 2014-02-27 2015-02-18 航法メッセージ受信装置及び簡易認証システム WO2015129203A1 (ja)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN201580010543.4A CN106030341B (zh) 2014-02-27 2015-02-18 导航消息接收装置以及简易认证系统
DE112015001048.3T DE112015001048B4 (de) 2014-02-27 2015-02-18 Navigationsnachrichtenempfangsvorrichtung und vereinfachtes Authentifizierungssystem
SG11201606725TA SG11201606725TA (en) 2014-02-27 2015-02-18 Navigation message reception device and simple authentication system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2014-037044 2014-02-27
JP2014037044A JP6252245B2 (ja) 2014-02-27 2014-02-27 航法メッセージ受信装置及び簡易認証システム

Publications (1)

Publication Number Publication Date
WO2015129203A1 true WO2015129203A1 (ja) 2015-09-03

Family

ID=54008540

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2015/000743 WO2015129203A1 (ja) 2014-02-27 2015-02-18 航法メッセージ受信装置及び簡易認証システム

Country Status (5)

Country Link
JP (1) JP6252245B2 (zh)
CN (1) CN106030341B (zh)
DE (1) DE112015001048B4 (zh)
SG (1) SG11201606725TA (zh)
WO (1) WO2015129203A1 (zh)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017173067A (ja) 2016-03-23 2017-09-28 カシオ計算機株式会社 測位装置、測位方法及びプログラム

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002183188A (ja) * 2000-12-19 2002-06-28 Fuji Xerox Co Ltd 位置認証システム
US20100134352A1 (en) * 2008-12-01 2010-06-03 Andrew Llc System and method for protecting against spoofed a-gnss measurement data
JP2013130395A (ja) * 2011-12-20 2013-07-04 Hitachi Information & Control Solutions Ltd 位置情報認証システムおよび位置情報認証方法
JP2013529289A (ja) * 2010-03-22 2013-07-18 クアルコム,インコーポレイテッド アンチスプーフィング検出システム

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070200756A1 (en) * 2004-04-08 2007-08-30 Kenichi Saito Position Guarantee Server, Position Guarantee System, And Position Guarantee Method
JP4036217B2 (ja) * 2004-10-27 2008-01-23 セイコーエプソン株式会社 測位システム、端末装置、測位装置及びプログラム
JP2007335961A (ja) * 2006-06-12 2007-12-27 Hitachi Ltd 認証システム
JP5400529B2 (ja) 2009-08-12 2014-01-29 株式会社日立情報制御ソリューションズ 秘匿された暗号コードを用いた位置情報認証方法および位置情報認証システム
EP2397868A1 (en) 2010-06-15 2011-12-21 The European Union, represented by the European Commission Method of providing an authenticable time-and-location indication
EA201300061A1 (ru) 2010-06-30 2013-05-30 Антонио Пуханте Куадрупани Способ, устройство и сеть для подтверждения положения навигационного приемника
EP2780738B1 (en) 2011-11-18 2018-05-02 Qualcomm Incorporated Sps authentication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002183188A (ja) * 2000-12-19 2002-06-28 Fuji Xerox Co Ltd 位置認証システム
US20100134352A1 (en) * 2008-12-01 2010-06-03 Andrew Llc System and method for protecting against spoofed a-gnss measurement data
JP2013529289A (ja) * 2010-03-22 2013-07-18 クアルコム,インコーポレイテッド アンチスプーフィング検出システム
JP2013130395A (ja) * 2011-12-20 2013-07-04 Hitachi Information & Control Solutions Ltd 位置情報認証システムおよび位置情報認証方法

Also Published As

Publication number Publication date
JP6252245B2 (ja) 2017-12-27
CN106030341B (zh) 2017-12-08
CN106030341A (zh) 2016-10-12
DE112015001048B4 (de) 2024-08-29
DE112015001048T5 (de) 2016-12-08
SG11201606725TA (en) 2016-10-28
JP2015161588A (ja) 2015-09-07

Similar Documents

Publication Publication Date Title
WO2015118819A1 (ja) 航法メッセージ認証型測位装置
RU2013127396A (ru) Аутентификация радиоприемника спутниковой связи на основе сфокусированного луча
US10667100B2 (en) Communication system and in-vehicle communication apparatus
WO2018110323A1 (ja) 路車間通信システム、路側通信装置、車載通信装置及び路車間通信方法
KR102534209B1 (ko) 차량용 업데이트 시스템 및 제어 방법
KR20180044345A (ko) 검증된 위치 정보를 생성하고 퍼블리시하기
JP6344970B2 (ja) 位置情報検証装置、中継装置、移動体装置、位置情報検証プログラム、中継プログラムおよび移動体プログラム
CN104160673A (zh) 基于信任度的安全路由
US20190066412A1 (en) Vehicle remote key system and smart key authentication method for the same
WO2015111109A1 (ja) 位置情報認証システム、測位端末、および位置情報取得装置
JP6427889B2 (ja) 航法メッセージ認証システム、受信端末、及び認証処理装置
JP6252245B2 (ja) 航法メッセージ受信装置及び簡易認証システム
WO2015118805A1 (ja) 測位端末
US9408063B2 (en) Jurisdiction-based adaptive communication systems and methods
JP6269123B2 (ja) 測位機能付き装置、測位結果受信装置、及び測位結果利用システム
JP6252247B2 (ja) 航法メッセージ受信装置
JP2019149707A (ja) 検証装置および検証システム
JP6252246B2 (ja) 航法メッセージ受信装置
JP6379503B2 (ja) 航法メッセージ認証型測位装置
RU2663817C1 (ru) Способ активирования функций в радиоприемнике

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15755289

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 112015001048

Country of ref document: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15755289

Country of ref document: EP

Kind code of ref document: A1