WO2016035466A1 - Communication system, program for server device, recording medium recording this program, program for communication device, recording medium recording this program, program for terminal device, and recording medium recording this program - Google Patents
Communication system, program for server device, recording medium recording this program, program for communication device, recording medium recording this program, program for terminal device, and recording medium recording this program Download PDFInfo
- Publication number
- WO2016035466A1 WO2016035466A1 PCT/JP2015/070735 JP2015070735W WO2016035466A1 WO 2016035466 A1 WO2016035466 A1 WO 2016035466A1 JP 2015070735 W JP2015070735 W JP 2015070735W WO 2016035466 A1 WO2016035466 A1 WO 2016035466A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- communication
- shared key
- encrypted
- key
- terminal
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Definitions
- the present invention relates to a communication system for managing keys used for communication, a server apparatus program used in the communication system, a recording medium recording the same, a communication apparatus program, a recording medium recording the program, and a terminal apparatus program. And a recording medium recording the same.
- short-range wireless communication technologies such as WiFi (Wireless Fidelity), ZigBee, Bluetooth (registered trademark), NFC (Near Field Communication), and IrDA (Infrared Data Association) are widely spread.
- terminal devices hereinafter referred to as short-range wireless terminal devices
- These short-range wireless terminal devices also have a need to perform encrypted communication.
- the above-described technology has a disadvantage that the encryption key cannot be distributed from the server to the short-range wireless terminal device when the server is installed outside the communication range of the short-range wireless terminal device.
- An object of the present invention is to provide a communication system capable of distributing an encryption key from a server to a short-range wireless terminal device regardless of the installation location of the server that manages the encryption key, a program for the server device, and a recording medium recording the same, A communication apparatus program and a recording medium recording the same, a terminal apparatus program and a recording medium recording the same.
- a communication system is a communication system including a server device, a communication device capable of transmitting / receiving data to / from the server device, and a terminal device capable of transmitting / receiving data to / from the communication device by a wireless communication method.
- the communication device includes a communication-side storage unit that stores a communication unique key unique to the communication device
- the terminal device includes a terminal-side storage unit that stores a terminal unique key unique to the terminal device.
- the server device encrypts a key storage unit that stores the communication unique key and the terminal unique key, and a shared key for sharing between the communication device and the terminal device based on the communication unique key.
- Encrypted shared key transmission for executing encrypted shared key transmission processing for transmitting the first encrypted shared key and the second encrypted shared key obtained by encrypting the shared key based on the terminal unique key to the communication device
- the communication device receives the first and second encrypted shared keys from the server device, and transmits the second encrypted shared key to the terminal device, and the first encrypted key
- a communication-side shared key decryption unit that obtains the shared key by decrypting a shared key based on the communication unique key, and the terminal device receives the second encrypted shared key from the communication device.
- a terminal-side shared key decryption unit that obtains the shared key by decrypting the second encrypted shared key based on the terminal unique key.
- the first encrypted shared key and the second encrypted shared key are transmitted from the server device to the communication device, and the second encrypted The shared secret key is transmitted from the communication device to the terminal device.
- the communication device acquires the shared key by decrypting the first encrypted shared key based on the communication unique key, and the terminal device receives the second encrypted shared key from the communication device, and receives the second encryption key.
- the shared key is obtained by decrypting the encrypted shared key based on the terminal unique key. Accordingly, the shared key that is the encryption key can be distributed from the server device to the communication device and the terminal device regardless of the installation location of the server device that manages the encryption key.
- the shared key is encrypted and transmitted from the server device to the communication device and from the communication device to the terminal device, the shared key can be distributed to the communication device and the terminal device while maintaining security. Further, since the communication device only transfers the second encrypted shared key encrypted by the server device to the terminal device, it is not necessary for the communication device to perform encryption when the communication device transmits the common key to the terminal device. . If the communication device encrypts the common key and transmits it to the terminal device, the communication device can provide the terminal unique to the terminal device to enable encryption that can be decrypted by the terminal device. It becomes necessary to inform the unique key.
- the terminal device is configured to be able to transmit and receive data to and from the communication device by a wireless communication method having a communication distance of 100 m or less.
- the terminal device further includes an encrypted communication processing unit that performs encrypted communication with the communication device using the shared key acquired by the terminal-side shared key decryption unit.
- the security of the wireless communication can be improved.
- the shared key required for encryption communication is automatically distributed from the server device to the communication device and the terminal device, the user does not need to be aware of encryption, and security can be reduced while reducing the user's effort. Can be improved.
- the communication device further includes a key issue requesting unit that transmits identification information for identifying the device itself to the terminal device, the terminal device receiving the identification information of the communication device received from the communication device; It further includes a terminal information transmission unit that encrypts identification information for identifying its own device based on the terminal unique key and transmits the encrypted information as encrypted terminal information to the communication device, and the communication device is transmitted from the terminal device. And an encryption terminal information transfer unit that transmits the encryption terminal information and identification information for identifying the own device to the server device, wherein the server device transmits the encryption terminal transmitted from the communication device.
- the encrypted shared key transmission unit executes the encrypted shared key transmission process.
- the encrypted shared key It is preferable to further include a terminal management unit that prevents the transmission unit from executing the encrypted shared key transmission process.
- the encrypted terminal information is transmitted to the server device by a communication device different from the communication device that transmitted the identification information for identifying the own device to the terminal device, the encrypted shared key transmission process is performed. Since it is not executed, acquisition of an encryption key by impersonation is prevented.
- the communication device further includes a router processing unit that is connected to a communication network and performs routing by being interposed between the terminal device and the communication network.
- the wireless router device can be used as the communication device.
- the communication device further includes a router processing unit that is connected to a communication network and performs routing between the terminal device and the communication network, and the router processing unit receives the encryption from the terminal device.
- the encrypted data is preferably decrypted using the shared key and transmitted to the communication network.
- the terminal device can access the communication network via the communication device including the router processing unit.
- the terminal device transmits data to a node on a communication network that does not have an encryption key and cannot perform encrypted communication with the terminal device
- the terminal device performs communication by encrypting and transmitting the data to the communication device. Since the data is decrypted by the device and transmitted to the communication network, the data can be transmitted to the communication network having no encryption key while improving the security of wireless communication between the terminal device and the communication device. It becomes possible.
- the router processing unit prohibits access from the terminal device to a node other than the server device when the shared key corresponding to the terminal device is not acquired by the communication-side shared key decryption unit. Is preferred.
- the router processing unit prohibits access from the terminal device to nodes other than the server device. As a result, a chance that a radio signal transmitted / received between the communication apparatus and the terminal apparatus is transmitted without being encrypted based on the shared key is reduced. As a result, the security of wireless communication is improved.
- the router processing unit authenticates the terminal device based on the shared key, and prohibits access to the communication network by the terminal device when the authentication fails.
- the terminal device since the terminal device can access the communication network via the communication device only when the authentication is successful, an unauthorized terminal device is prevented from accessing the communication network via the communication device. it can.
- the communication device may be a portable terminal device that can be carried by a user, and the terminal device may further include an authentication unit that authenticates the communication device based on the shared key.
- the user's portable terminal device can be used as a communication device.
- the communication device becomes the property of an unspecified user, by authenticating the communication device, it becomes easy to prevent an unauthorized user (communication device) from using the communication system.
- the terminal device can be mounted on a vehicle, and the terminal device controls the vehicle according to data transmitted from the communication device when the authentication unit succeeds in the authentication. It is preferable to further comprise.
- a server device program is a server device program for operating the server device of the communication system described above, and is a shared key for sharing between the communication device and the terminal device.
- Encrypted shared key transmission in which a first encrypted shared key obtained by encrypting the shared key based on the communication unique key and a second encrypted shared key obtained by encrypting the shared key based on the terminal unique key are transmitted to the communication device.
- the server device is caused to function as an encrypted shared key transmission unit that executes processing.
- the recording medium which recorded the program for server apparatuses which concerns on this invention is a recording medium which recorded the program for server apparatuses for operating the said server apparatus of the above-mentioned communication system, Comprising: The said communication apparatus and the said terminal device A first encrypted shared key obtained by encrypting a shared key based on the communication unique key and a second encrypted shared key obtained by encrypting the shared key based on the terminal unique key. It is a recording medium recording a server device program that causes the server device to function as an encrypted shared key transmission unit that executes encrypted shared key transmission processing to be transmitted to a communication device.
- the computer can function as the above-described server device.
- a communication device program is a communication device program for operating the communication device of the communication system described above, and receives the first and second encrypted shared keys from the server device.
- An encrypted shared key transfer unit that transmits the second encrypted shared key to the terminal device, and a shared communication side that acquires the shared key by decrypting the first encrypted shared key based on the communication unique key
- the communication apparatus functions as a key decryption unit.
- a recording medium recording a communication device program is a recording medium recording a communication device program for operating the communication device of the communication system described above. And an encrypted shared key transfer unit that receives the second encrypted shared key and transmits the second encrypted shared key to the terminal device, and decrypts the first encrypted shared key based on the communication unique key. Is a recording medium on which a communication device program that causes the communication device to function as a communication-side shared key decryption unit that acquires the shared key is recorded.
- the computer can function as the communication device described above.
- a terminal device program is a terminal device program for operating the terminal device of the communication system described above, receives the second encrypted shared key from the communication device, and (2) The terminal device is caused to function as a terminal-side shared key decryption unit that acquires the shared key by decrypting the encrypted shared key based on the terminal unique key.
- a recording medium on which a terminal device program according to the present invention is recorded is a recording medium on which a terminal device program for operating the terminal device of the communication system described above is recorded.
- a program for a terminal device that receives an encrypted shared key and causes the terminal device to function as a terminal-side shared key decryption unit that acquires the shared key by decrypting the second encrypted shared key based on the terminal unique key Is a recording medium.
- the computer can be operated as the above-described terminal device.
- the encryption key can be distributed from the server to the short-range wireless terminal device regardless of the installation location of the server to be managed.
- FIG. 1 It is a block diagram which shows an example of a structure of the communication system which concerns on one Embodiment of this invention. It is explanatory drawing which shows an example of operation
- FIG. 1 is a block diagram showing an example of the configuration of a communication system according to an embodiment of the present invention.
- a communication system 1 illustrated in FIG. 1 includes a server device 2, a WiFi router 3 (communication device), and a terminal device 4.
- the server device 2 and the WiFi router 3 can transmit and receive data to and from each other via the network 5.
- the network 5 is a communication network configured by, for example, a WAN (Wide Area Network) such as the Internet, a public line such as a telephone line or a mobile phone network, and a LAN (Local Area Network).
- a node N is connected to the network 5.
- the node N is a communication terminal device such as a Web server operated by a third party, for example.
- the terminal device 4 is a terminal device used by a user, for example, a portable personal computer (so-called notebook personal computer) or a tablet-type terminal device.
- the terminal device 4 is a short-range wireless terminal device, and is capable of transmitting and receiving data to and from the WiFi router 3 by wireless communication using WiFi, for example.
- the terminal device 4 cannot directly communicate with the server device 2.
- the terminal device 4 can communicate with the server device 2 and another terminal device (node N) connected to the network 5 via the WiFi router 3.
- the terminal device 4 includes, for example, a CPU (Central Processing Unit) that executes predetermined arithmetic processing, a RAM (Random Access Memory) that temporarily stores data, and an HDD that stores a terminal device program according to an embodiment of the present invention. (Hard Disk Drive) and a nonvolatile storage unit such as a flash memory, a short-range wireless communication circuit, and peripheral circuits thereof. For example, a part of the non-volatile storage unit is used as the terminal-side storage unit 44.
- the terminal-side storage unit 44 stores a terminal unique key unique to the terminal device 4 in advance.
- the terminal device 4 functions as an access processing unit 41, a terminal-side shared key decryption unit 42, and an encrypted communication processing unit 43, for example, by executing a terminal device program stored in a nonvolatile storage unit.
- the terminal device program may be stored in a recording medium such as a USB (Universal Serial Bus) memory, a CD-ROM, or a DVD-ROM.
- the terminal device 4 may be configured to be able to read the storage medium and execute a terminal device program read from the storage medium.
- the storage medium is readable by a computer connected to the network 5, and the terminal device 4 downloads the terminal device program read from the storage medium by the computer via the network 5. It may be a configuration.
- the access processing unit 41 executes a communication process for accessing the server device 2 and other terminal devices connected to the network 5 via the WiFi router 3. For example, when the access processing unit 41 accesses the WiFi router 3 for the first time, the access processing unit 41 requests the WiFi router 3 to register the terminal device 4.
- the communication system 1, the server device 2, and the WiFi router 3 each provide identification information (for example, an ID, an IP address, etc.) for identifying the own device when accessing another node N or the network 5. Send to the destination node or network.
- identification information for example, an ID, an IP address, etc.
- the terminal-side shared key decryption unit 42 receives a second encrypted shared key (to be described later) from the WiFi router 3 and decrypts the second encrypted shared key based on the terminal unique key stored in the terminal-side storage unit 44. To obtain the shared key.
- the encrypted communication processing unit 43 performs encrypted communication with the WiFi router 3 using the shared key acquired by the terminal-side shared key decrypting unit 42.
- the WiFi router 3 is a so-called router device that performs network routing.
- the WiFi router 3 includes, for example, a CPU that executes predetermined arithmetic processing, a RAM that temporarily stores data, a non-volatile storage unit such as a flash memory that stores a communication device program according to an embodiment of the present invention, and a network 5.
- a communication interface circuit (not shown) for accessing the terminal device, a short-range wireless communication circuit for performing wireless communication with the terminal device 4, peripheral circuits thereof, and the like are provided.
- a part of the nonvolatile storage unit is used as the communication-side storage unit 35.
- the communication side storage unit 35 stores a communication unique key unique to the WiFi router 3 in advance.
- the WiFi router 3 executes, for example, a communication device program stored in a nonvolatile storage unit, thereby causing a router processing unit 31, a registration request processing unit 32, an encrypted shared key transfer unit 33, and a communication-side shared key decryption unit. 34 functions.
- the communication device program may be stored in a recording medium such as a USB memory, a CD-ROM, or a DVD-ROM.
- the WiFi router 3 may be configured to be able to read this storage medium and execute a communication device program read from the storage medium.
- the storage medium is readable by a computer connected to the network 5, and the WiFi router 3 downloads the communication device program read from the storage medium by the computer via the network 5. It may be a configuration.
- WiFi router 3 was shown as an example of a communication apparatus, a communication apparatus is not restricted to what performs wireless communication by WiFi.
- a communication method between the communication device and the terminal device 4 in addition to WiFi, for example, a wireless communication method having a communication distance of 100 m or less, such as ZigBee, Bluetooth (registered trademark), NFC, IrDA, etc.
- Various short-range wireless communication systems such as those using light such as infrared rays and ultraviolet rays can be employed.
- the router processing unit 31 performs routing by being interposed between the terminal device 4 and the network 5.
- the router processing unit 31 prohibits access from the terminal device 4 to the nodes N other than the server device 2 when the shared key corresponding to the terminal device 4 is not acquired by the communication-side shared key decryption unit 34.
- the router processing unit 31 receives data addressed to the network 5 encrypted by encrypted communication from the terminal device 4, the encrypted data is acquired by the communication-side shared key decryption unit 34. It is decrypted using the shared key and transmitted to the network 5.
- the registration request processing unit 32 registers the terminal device 4 together with the identification information of the terminal device 4 to the server device 2 via the network 5.
- the encrypted shared key transfer unit 33 receives the first and second encrypted shared keys from the server device 2 and transmits the second encrypted shared key to the terminal device 4.
- the communication side shared key decryption unit 34 obtains the shared key by decrypting the first encrypted shared key based on the communication unique key stored in the communication side storage unit 35.
- the server device 2 includes, for example, a CPU that executes predetermined arithmetic processing, a RAM that temporarily stores data, a non-volatile storage unit such as an HDD or a flash memory that stores a server device program according to an embodiment of the present invention,
- the communication interface circuit (not shown) for accessing the network 5 and peripheral circuits thereof are configured.
- a part of the nonvolatile storage unit is used as the key storage unit 24.
- the key storage unit 24 stores in advance a communication unique key unique to the WiFi router 3 and a terminal unique key unique to the terminal device 4.
- the communication unique key and the terminal unique key are input to the server device 2 in advance using an operation unit such as a keyboard (not shown) and stored in the key storage unit 24 in advance.
- an operation unit such as a keyboard (not shown) and stored in the key storage unit 24 in advance.
- the method for storing the communication unique key and the terminal unique key in advance in the key storage unit 24 is not limited, and various methods can be used.
- the server device 2 functions as a terminal registration processing unit 21, a shared key generation unit 22, and an encrypted shared key transmission unit 23, for example, by executing a server device program stored in a nonvolatile storage unit.
- the server device program may be stored in a recording medium such as a USB memory, a CD-ROM, or a DVD-ROM.
- the server device 2 may be configured to be able to read the storage medium and execute a server device program read from the storage medium.
- the storage medium is readable by a computer connected to the network 5, and the server apparatus 2 downloads the server apparatus program read from the storage medium by the computer via the network 5. It may be a configuration.
- the terminal registration processing unit 21 Upon receiving the registration request for the terminal device 4 from the WiFi router 3, the terminal registration processing unit 21 stores the identification information of the WiFi router 3 and the identification information of the terminal device 4 in association with each other in the key storage unit 24 and generates a shared key.
- the unit 22 generates a shared key K for use in encrypted communication between the WiFi router 3 and the terminal device 4 and an authentication password P for use in authentication.
- the shared key generation unit 22 generates a shared key K and an authentication password P using, for example, random numbers.
- the encrypted shared key transmission unit 23 encrypts the shared key K and the authentication password P generated by the shared key generation unit 22 based on the communication unique key stored in the key storage unit 24 to thereby generate the first cipher.
- the shared encryption key E1 and the first encrypted password P1 are generated, and the shared key K and the authentication password P are encrypted based on the terminal unique key to obtain the second encrypted shared key E2 and the second encrypted password P2.
- the encrypted shared key transmission unit 23 sends the first encrypted shared key E1, the second encrypted shared key E2, the first encrypted password P1, and the second encrypted password P2 to the WiFi router via the network 5.
- 3 encrypted shared key transmission process).
- FIG. 2 is an explanatory diagram showing an example of the operation of the communication system 1 shown in FIG.
- the access processing unit 41 of the terminal device 4 executes “(1) registration request”, and transmits a registration request to the WiFi router 3 by WiFi wireless communication.
- the WiFi router 3 and the terminal device 4 do not need to encrypt communication, or perform communication by performing standard encryption such as WPA (Wi-Fi Protected Access). May be.
- WPA Wi-Fi Protected Access
- the registration request processing unit 32 executes “(2) registration request”, and sends the terminal device 4 and the WiFi to the server device 2 via the network 5.
- a registration request for requesting registration of the terminal device 4 is transmitted together with the identification information of the router 3.
- the terminal registration processing unit 21 associates the identification information of the WiFi router 3 with the identification information of the terminal device 4, and stores the key storage unit.
- the shared key generation unit 22 generates a shared key K and an authentication password P for use in authentication.
- the encrypted shared key transmission unit 23 performs “(3) transmission of the first and second encrypted shared keys E1 and E2 and the first and second encrypted passwords P1 and P2” (encrypted shared key transmission process). Is executed. Specifically, the shared key K and the authentication password P generated by the shared key generation unit 22 are encrypted by the encrypted shared key transmission unit 23 based on the communication unique key, respectively, and the first encrypted shared key E1, A first encrypted password P1 is generated, and the shared key K and the authentication password P are encrypted based on the terminal unique key to generate a second encrypted shared key E2 and a second encrypted password P2.
- the encrypted shared key transmission unit 23 sends the first encrypted shared key E1, the second encrypted shared key E2, the first encrypted password P1, and the second encrypted password P2 via the network 5 to the WiFi router 3. Sent to.
- the WiFi router 3 executes “(4) transmission of the second encrypted shared key E2 and the second encrypted password P2”. Specifically, the first encrypted shared key E1, the second encrypted shared key E2, the first encrypted password P1, and the second encrypted password received from the server device 2 by the encrypted shared key transfer unit 33. Of P2, the second encrypted shared key E2 and the second encrypted password P2 are transmitted to the terminal device 4. In “(4) Transmission of second encrypted shared key E2 and second encrypted password P2”, the encrypted second encrypted shared key E2 and second encrypted password P2 are transmitted by radio signals.
- the encrypted second shared encryption key E2 and second encrypted password P2 may be further encrypted by a standard encryption method such as WPA for transmission. This further improves security.
- first encrypted shared key E1 ⁇ shared key K, first encrypted password P1 ⁇ authentication password P is executed. Specifically, the first encrypted shared key E1 and the first encrypted password P1 received from the server device 2 are used as communication unique keys stored in the communication side storage unit 35 by the communication side shared key decryption unit 34. Based on the decryption, the shared key K and the authentication password P are acquired and stored in the communication-side storage unit 35.
- “(6) second encrypted shared key E2 ⁇ shared key K, second encrypted password P2 ⁇ authentication password P” is executed. Specifically, the second encrypted shared key E2 and the second encrypted password P2 received from the WiFi router 3 by the terminal side shared key decryption unit 42 are used as the terminal unique key stored in the terminal side storage unit 44. Based on the decryption, the shared key K and the authentication password P are acquired and stored in the terminal-side storage unit 44.
- the shared key K and the authentication password P are encrypted and transmitted from the server device 2 to the WiFi router 3 and from the WiFi router 3 to the terminal device 4. Even if the server device 2 that generates the shared key K or the authentication password P used as the encryption key is installed farther than the communication distance of the wireless communication by WiFi from the terminal device 4, the short-range wireless communication The shared key K and the authentication password P can be distributed to the terminal device 4 and the WiFi router 3 that are terminal devices while ensuring security.
- encrypted communication based on the shared key K cannot be executed before “(5) first encrypted shared key E1 ⁇ shared key K”, that is, between the WiFi router 3 and the terminal device 4.
- the router processing unit 31 prohibits access from the terminal device 4 to the node N other than the server device 2.
- a chance that a radio signal transmitted and received between the WiFi router 3 and the terminal device 4 is transmitted without being encrypted based on the shared key K is reduced.
- the security of wireless communication between the WiFi router 3 and the terminal device 4 is improved.
- the WiFi router 3 only transfers the second encrypted shared key E1 encrypted by the server device 2 to the terminal device 4, so that the WiFi router 3 is shared by the terminal device 4.
- the WiFi router 3 does not need to perform encryption. If the WiFi router 3 encrypts the common key K and transmits it to the terminal device 4, the WiFi router 3 can be encrypted by the WiFi router 3 so that the terminal device 4 can decrypt it.
- the terminal device 4 needs to be notified of a unique terminal unique key.
- the access processing unit 41 of the terminal device 4 encrypts the authentication password P with the shared key K and transmits it to the WiFi router 3.
- the router processing unit 31 decrypts the data transmitted from the terminal device 4 using the shared key K stored in the communication-side storage unit 35, and stores the decrypted data in the communication-side storage.
- the authentication password P is compared with the authentication password P stored in the unit 35. If they match as a result of the comparison, the router processing unit 31 notifies the terminal device 4 of successful authentication. On the other hand, if they do not match, the router processing unit 31 notifies the terminal device 4 of the authentication failure, and prohibits the terminal device 4 from accessing the network 5.
- the access processing unit 41 "(8) transmits data addressed to the node N encrypted with the shared key K".
- the WiFi router 3 transmits “(9) data decrypted with the shared key K to the node N”. Specifically, the router processing unit 31 decrypts the encrypted data transmitted from the terminal device 4 using the shared key K, and performs routing to the node N designated as the destination. The decrypted data is transmitted to the node N via the network 5.
- the security of the wireless communication between the terminal device 4 and the WiFi router 3 can be improved.
- an encryption method with high encryption strength can be appropriately selected and applied according to the importance of the transmitted data.
- the security level can be flexibly improved as necessary.
- the encrypted authentication password P and data are transmitted by radio signals.
- the encrypted authentication password P and data are further transferred to a standard encryption method such as WPA. It is also possible to send data after encryption. This further improves security.
- the authentication process does not necessarily have to be executed, and the transmission of the first and second encrypted passwords P1 and P2 and the transfer of the second encrypted password P2 are executed in (3) and (4). You don't have to. Further, the router processing unit 31 does not necessarily prohibit the access to the node N when “(5) first encrypted shared key E1 ⁇ shared key K” is not executed.
- FIG. 3 is a block diagram showing an example of the configuration of the car sharing system 1a according to the second embodiment of the present invention.
- the car sharing system 1a shown in FIG. 3 differs from the communication system 1 shown in FIG. 1 in the following points.
- the car sharing system 1 a shown in FIG. 3 includes a mobile terminal device 3 a (communication device) instead of the WiFi router 3 and a vehicle control device 4 a (terminal device) instead of the terminal device 4.
- a wireless public line such as a cellular phone network or PHS (Personal Handy-phone System) is used.
- the vehicle control device 4a is mounted on the vehicle A shared in the car sharing system 1a and controls the operation of the vehicle A.
- the mobile terminal device 3a is a wireless communication terminal device that can be carried by the user, such as a so-called smartphone, mobile phone, or tablet terminal.
- the mobile terminal device 3a can communicate with the server device 2a via the network 5 and a short-range wireless communication circuit (not shown) capable of short-range wireless communication with a vehicle control device 4a of 100m or less.
- a short-range wireless communication circuit (not shown) capable of short-range wireless communication with a vehicle control device 4a of 100m or less.
- An abbreviated wireless communication circuit is an abbreviated wireless communication circuit.
- the mobile terminal device 3a is different from the WiFi router 3 in that it does not include the router processing unit 31, but includes a reservation processing unit 30, a key issuance request unit 36, a command transmission unit 37, a display unit 38, and an operation unit 39. Further, instead of the registration request processing unit 32, a registration request processing unit 32a (encrypted terminal information transfer unit) is provided.
- the registration request processing unit 32a, the encrypted shared key transfer unit 33, and the communication side shared key decryption unit 34 operate using the server device 2a and the vehicle control device 4a as processing targets instead of the server device 2 and the terminal device 4, respectively.
- the mobile terminal device 3a executes the communication device program according to the embodiment of the present invention, thereby executing the reservation processing unit 30, the key issue requesting unit 36, the registration request processing unit 32a, the encrypted shared key transfer unit 33, the communication It functions as a side shared key decryption unit 34 and a command transmission unit 37.
- the communication device program may be stored in a recording medium such as a USB memory, a CD-ROM, or a DVD-ROM.
- the mobile terminal device 3a may be configured to be able to read this storage medium and execute a communication device program read from the storage medium.
- the storage medium is readable by a computer connected to the network 5, and the mobile terminal device 3 a downloads the communication device program read from the storage medium by the computer via the network 5. It may be configured to.
- the display unit 38 is a display device such as a liquid crystal display device.
- the operation unit 39 is an operation input device such as a key switch or a touch panel.
- the display part 38 and the operation part 39 may be integrally comprised, for example as a touch-panel display in which the liquid crystal display and the touch panel were comprised integrally.
- the operation unit 39 is, for example, a registration instruction operation for registering the mobile terminal device 3a as an operation terminal of the vehicle control device 4a by a user, and a key operation for locking or unlocking the door lock of the vehicle A by the vehicle control device 4a.
- Various operation instructions such as an instruction and an engine operation instruction for starting or stopping the engine of the vehicle A can be received.
- the reservation processing unit 30 accesses the server device 2a via the network 5 and transmits a vehicle use reservation request to the server device 2a, for example, when a vehicle use reservation operation is accepted by the operation unit 39. Further, the reservation processing unit 30 receives information indicating available vehicles from the server device 2a, and causes the display unit 38 to display a vehicle that the user wants to use from among these vehicles. And the reservation process part 30 transmits the information which shows the vehicle which the user operated and selected the operation part 39 to the server apparatus 2a.
- the key issue request unit 36 requests a vehicle information transmission request for requesting transmission of vehicle information necessary to issue a shared key for enabling the vehicle A. Is transmitted to the vehicle control device 4a by short-range wireless communication together with the identification information of the own device.
- the registration request processing unit 32a When the registration request processing unit 32a receives encrypted vehicle information, which will be described later, from the vehicle control device 4a, the registration request processing unit 32a transfers the encrypted vehicle information to the server device 2a via the network 5, whereby the mobile terminal device 3a and the vehicle A Requests registration with the (vehicle control device 4a) and issuance of a shared key for enabling the vehicle A by the mobile terminal device 3a.
- the command transmission part 37 transmits the command according to the user's operation instruction received by the operation part 39 to the vehicle control apparatus 4a by short-range wireless communication. Specifically, a registration command, a key command, and an engine command are transmitted in response to a registration instruction operation, a key operation instruction, and an engine operation instruction, respectively.
- the vehicle control device 4a is different from the terminal device 4 in that it does not include the access processing unit 41 but further includes a vehicle information transmission unit 45 (terminal information transmission unit), an authentication unit 46, and a vehicle control unit 47.
- the terminal-side shared key decryption unit 42 operates with the server device 2a and the mobile terminal device 3a as processing targets instead of the server device 2 and the WiFi router 3.
- the terminal-side storage unit 44 stores in advance a terminal unique key unique to the vehicle control device 4a.
- the vehicle control device 4a functions as a vehicle information transmission unit 45, a terminal-side shared key decryption unit 42, an authentication unit 46, and a vehicle control unit 47 by executing a terminal device program according to an embodiment of the present invention. .
- the vehicle information transmission unit 45 transmits the vehicle ID (identification information) for identifying the vehicle A and the identification information of the transmission source mobile terminal device 3a to the terminal side. It encrypts based on the terminal specific key memorize
- the authentication unit 46 performs authentication of the mobile terminal device 3a based on the shared key K and the authentication password P acquired by the terminal-side shared key decryption unit 42.
- the vehicle control unit 47 controls the vehicle A according to the command transmitted from the mobile terminal device 3a.
- the server device 2a executes vehicle management in the car sharing system.
- the server device 2a differs from the server device 2 in that a car sharing management unit 25 (terminal management unit) is provided instead of the terminal registration processing unit 21 and a management information storage unit 26 is further provided.
- the car sharing management unit 25, the shared key generation unit 22, and the encrypted shared key transmission unit 23 operate with the mobile terminal device 3a and the vehicle control device 4a as processing targets instead of the WiFi router 3 and the terminal device 4, respectively.
- the server device 2a functions as the car sharing management unit 25, the shared key generation unit 22, and the encrypted shared key transmission unit 23 by executing the server device program according to the embodiment of the present invention.
- the key storage unit 24 stores in advance the vehicle ID of the vehicle that is the target of car sharing and the terminal unique key of the vehicle in association with each other.
- the vehicle ID corresponds to an example of identification information of the vehicle control device 4a.
- the terminal unique key corresponds to an example of a terminal unique key of the vehicle control device 4a.
- identification information of the mobile terminal device 3a of the user who performs car sharing and a communication unique key of the mobile terminal device 3a are stored in association with each other.
- the management information storage unit 26 is configured by a storage device such as an HDD device, for example, and stores management information of vehicles to be shared.
- the car sharing management unit 25 When the car sharing management unit 25 receives a vehicle use reservation request from the mobile terminal device 3a, the car sharing management unit 25 transmits information indicating the available vehicle to the mobile terminal device 3a. When the car sharing management unit 25 receives information indicating the vehicle selected by the user from the mobile terminal device 3a, the car sharing management unit 25 associates the vehicle ID indicating the vehicle with the identification information of the mobile terminal device 3a, and manages it as reservation information. The information is stored in the information storage unit 26.
- the car sharing management unit 25 when the car sharing management unit 25 receives the encrypted vehicle information from the registration request processing unit 32a of the mobile terminal device 3a, the car sharing management unit 25 refers to the management information storage unit 26, and uses the reservation information as the transmission source of the encrypted vehicle information.
- the vehicle ID associated with the identification information of the mobile terminal device 3a is acquired as the vehicle ID of the rental reservation target.
- the car sharing management unit 25 refers to the key storage unit 24, obtains the terminal unique key of the vehicle associated with the rental reservation target vehicle ID, and decrypts the encrypted vehicle information with the terminal unique key. By doing this, the vehicle ID of the vehicle A and the identification information of the mobile terminal device 3a are acquired.
- the car sharing management unit 25 when the identification information of the mobile terminal device 3a obtained by decrypting the encrypted vehicle information matches the identification information of the mobile terminal device 3a that is the transmission source of the encrypted vehicle information
- the vehicle ID of the vehicle A obtained by decrypting the encrypted vehicle information and the identification information of the portable terminal device 3a are associated with each other and stored in the management information storage unit 26 as the rental information of the vehicle A, and the shared key generation unit 22 generates a shared key K and an authentication password P for use in authentication between the mobile terminal device 3a and the vehicle control device 4a.
- the shared key generation unit 22 and the encrypted shared key transmission unit 23 are the same as the above-described shared key generation unit 22 and the encrypted shared key transmission unit 23 except that the transmission destination is the mobile terminal device 3a. Is omitted.
- FIG. 4 is an explanatory diagram showing an example of the operation of the car sharing system 1a shown in FIG.
- the reservation processing unit 30 and the car sharing management unit 25 execute “(11) reservation processing”. Specifically, for example, when a vehicle use reservation operation is received by the operation unit 39, a vehicle use reservation request is transmitted from the reservation processing unit 30 to the server device 2a via the network 5.
- the car sharing management unit 25 transmits information indicating a usable vehicle to the mobile terminal device 3a.
- the reservation processing unit 30 causes the display unit 38 to display a vehicle that the user wants to use from among these vehicles. And if a user operates the operation part 39 and selects a vehicle, the reservation process part 30 will transmit the information which shows the selected vehicle to the server apparatus 2a.
- the car sharing management unit 25 associates the vehicle ID indicating the vehicle with the identification information of the portable terminal device 3a as reservation information.
- the information is stored in the management information storage unit 26. Thereby, “(11) reservation process” is completed.
- the key issue request unit 36 performs “(12) vehicle An “information transmission request” is transmitted to the vehicle control device 4a by short-range wireless communication.
- the vehicle information transmission unit 45 determines that the vehicle ID of the vehicle A and the identification information of the mobile terminal device 3a that is the transmission source are the vehicle control device. Encrypted vehicle information is generated by encryption based on the terminal unique key of 4a, and “(13) Encrypted vehicle information encrypted with the terminal unique key” is transmitted to the portable terminal device 3a by short-range wireless communication. .
- the registration request processing unit 32a executes "(14) Encrypted vehicle information transfer (registration request)". Specifically, the registration request processing unit 32a requests registration between the mobile terminal device 3a and the vehicle A (vehicle control device 4a), and issuance of a shared key for making the vehicle A usable by the mobile terminal device 3a. As the registration request, the encrypted vehicle information is transferred to the server device 2a.
- the car sharing management unit 25 executes “(15) reservation confirmation and use registration”. Specifically, the car sharing management unit 25 refers to the management information storage unit 26, acquires the vehicle ID targeted for lending reservation based on the reservation information, and further refers to the key storage unit 24 for the vehicle reserved for lending reservation. Is obtained, and the vehicle ID of the vehicle A and the identification information of the portable terminal device 3a are obtained by decrypting the encrypted vehicle information with the terminal unique key.
- the car sharing management unit 25 when the identification information of the mobile terminal device 3a obtained by decrypting the encrypted vehicle information matches the identification information of the mobile terminal device 3a that is the transmission source of the encrypted vehicle information
- the vehicle ID of the vehicle A obtained by decrypting the encrypted vehicle information and the identification information of the mobile terminal device 3a are associated with each other, stored as rental registration information of the vehicle A in the management information storage unit 26 as a use registration, and shared
- the key generation unit 22 generates a shared key K and an authentication password P for use in authentication between the mobile terminal device 3a and the vehicle control device 4a, and the encrypted shared key transmission unit 23 performs an encrypted shared key transmission process.
- the vehicle ID and the identification information of the mobile terminal device 3a included in the encrypted vehicle information obtained in (14) are the vehicle ID and the mobile terminal device 3a reserved in advance. If it is different from the identification information, the car sharing management unit 25 cannot obtain the terminal unique key that can decrypt the encrypted vehicle information, and therefore cannot decrypt the encrypted vehicle information. As a result, since the process (16) is not executed, it is possible to prevent a user who has not made a reservation from borrowing the vehicle A by mistake.
- the vehicle A equipped with the vehicle control device 4a is normally located far away from the range where communication with the server device 2a is possible. According to the processes (11) to (19), (1) Similarly to (6), even when the vehicle A (vehicle control device 4a) is installed far away, the shared key K is transferred from the server device 2a to the portable terminal device 3a, which is a short-distance wireless terminal device, and It can be distributed to the vehicle control device 4a while ensuring security.
- the mobile terminal device 3a uses the second encrypted shared key E1 and the second encrypted password P2 encrypted by the server device 2a as the vehicle. Since it is only transferred to the control device 4a, it is not necessary for the mobile terminal device 3a to perform encryption when the mobile terminal device 3a transmits the common key K to the vehicle control device 4a. Therefore, since it is not necessary to notify the terminal unique key used for encryption by the vehicle control device 4a to other than the vehicle control device 4a and the server device 2, security when the vehicle control device 4a performs encrypted communication is improved.
- the server device 2a and the vehicle A are equipment of a car sharing company, whereas the mobile terminal device 3a is owned by an unspecified user.
- the fact that there is no need to inform the mobile terminal device 3a of the terminal unique key of the vehicle control device 4a has a great security advantage.
- the command transmission unit 37 executes “(20) Request for control of the vehicle A” and transmits the control command to the vehicle control device 4a.
- the command transmission unit 37 transmits the key command and the authentication password P to the shared key. It encrypts using K, and transmits to the vehicle control apparatus 4a as a control request.
- the authentication unit 46 executes “(21) authentication process”. Specifically, the authentication unit 46 decrypts the control request based on the shared key K, and acquires the key command and the authentication password P. Then, the authentication unit 46 compares the authentication password P obtained by decryption with the authentication password P stored in the terminal-side storage unit 44. If they match, the authentication unit 46 determines that the authentication is successful. Judge as failure.
- the vehicle control unit 47 executes control according to the above-described control request, for example, control for switching the door lock of the vehicle A to unlocking or locking according to a key command.
- the vehicle control unit 47 does not perform control according to the above-described control request.
- the mobile terminal device 3a is authenticated based on the shared key K, and the user (mobile terminal device 3a) can operate the vehicle A only when the authentication is successful. Therefore, a third party other than the user (mobile terminal device 3a) registered in the server device 2a is prevented from using (borrowing) the vehicle A. As a result, a so-called unmanned car sharing system that does not require an administrator of the vehicle A can be easily configured.
- the car sharing system 1a was shown as an example of a communication system, a communication system is not restricted to a car sharing system.
- the vehicle control device 4a may be a terminal device that is not mounted on the vehicle A, and the server device 2a is not limited to one that manages the vehicle A.
Abstract
Description
(第1実施形態) Embodiments according to the present invention will be described below with reference to the drawings. In addition, the structure which attached | subjected the same code | symbol in each figure shows that it is the same structure, The description is abbreviate | omitted.
(First embodiment)
(第2実施形態) Further, (7) the authentication process does not necessarily have to be executed, and the transmission of the first and second encrypted passwords P1 and P2 and the transfer of the second encrypted password P2 are executed in (3) and (4). You don't have to. Further, the
(Second Embodiment)
1a カーシェアリングシステム
2,2a サーバ装置
3 WiFiルータ(通信装置)
3a 携帯端末装置(通信装置)
4 端末装置
4a 車両制御装置(端末装置)
5 ネットワーク
21 端末登録処理部
22 共有鍵生成部
23 暗号化共有鍵送信部
24 鍵記憶部
25 カーシェアリング管理部(端末管理部)
26 管理情報記憶部
30 予約処理部
31 ルータ処理部
32 登録依頼処理部
32a 登録依頼処理部(暗号化端末情報転送部)
33 暗号化共有鍵転送部
34 通信側共有鍵復号部
35 通信側記憶部
36 キー発行依頼部
37 コマンド送信部
38 表示部
39 操作部
41 アクセス処理部
42 端末側共有鍵復号部
43 暗号化通信処理部
44 端末側記憶部
45 車両情報送信部
46 認証部
47 車両制御部
A 車両
E1 第1暗号化共有鍵
E2 第2暗号化共有鍵
K 共有鍵
N ノード
P 認証パスワード
P1 第1暗号化パスワード
P2 第2暗号化パスワード DESCRIPTION OF SYMBOLS 1 Communication system 1a
3a Mobile terminal device (communication device)
4
5
26 Management
33 Encryption shared
Claims (16)
- サーバ装置と、前記サーバ装置との間でデータ送受信可能な通信装置と、前記通信装置との間で無線通信方式によりデータ送受信可能な端末装置とを含む通信システムであって、
前記通信装置は、当該通信装置に固有の通信固有鍵を記憶する通信側記憶部を備え、
前記端末装置は、当該端末装置に固有の端末固有鍵を記憶する端末側記憶部を備え、
前記サーバ装置は、
前記通信固有鍵と前記端末固有鍵とを記憶する鍵記憶部と、
前記通信装置と前記端末装置との間で共有させるための共有鍵を前記通信固有鍵に基づき暗号化した第1暗号化共有鍵と、前記共有鍵を前記端末固有鍵に基づき暗号化した第2暗号化共有鍵とを前記通信装置へ送信する暗号化共有鍵送信処理を実行する暗号化共有鍵送信部とを備え、
前記通信装置は、
前記サーバ装置から前記第1及び第2暗号化共有鍵を受信し、その第2暗号化共有鍵を前記端末装置へ送信する暗号化共有鍵転送部と、
前記第1暗号化共有鍵を前記通信固有鍵に基づき復号化することにより前記共有鍵を取得する通信側共有鍵復号部とをさらに備え、
前記端末装置は、
前記通信装置から前記第2暗号化共有鍵を受信し、その第2暗号化共有鍵を前記端末固有鍵に基づき復号化することにより前記共有鍵を取得する端末側共有鍵復号部とをさらに備える通信システム。 A communication system including a server device, a communication device capable of transmitting / receiving data to / from the server device, and a terminal device capable of transmitting / receiving data to / from the communication device by a wireless communication method,
The communication device includes a communication-side storage unit that stores a communication unique key unique to the communication device,
The terminal device includes a terminal-side storage unit that stores a terminal unique key unique to the terminal device,
The server device
A key storage unit for storing the communication unique key and the terminal unique key;
A first encrypted shared key obtained by encrypting a shared key for sharing between the communication device and the terminal device based on the communication unique key; and a second encrypted key obtained by encrypting the shared key based on the terminal unique key. An encrypted shared key transmitting unit that executes an encrypted shared key transmission process for transmitting an encrypted shared key to the communication device;
The communication device
An encrypted shared key transfer unit that receives the first and second encrypted shared keys from the server device and transmits the second encrypted shared key to the terminal device;
A communication-side shared key decryption unit that acquires the shared key by decrypting the first encrypted shared key based on the communication unique key;
The terminal device
A terminal-side shared key decryption unit that receives the second encrypted shared key from the communication device and obtains the shared key by decrypting the second encrypted shared key based on the terminal unique key; Communications system. - 前記端末装置は、通信距離が100m以下の無線通信方式によって前記通信装置との間での前記データ送受信可能にされている請求項1記載の通信システム。 The communication system according to claim 1, wherein the terminal device is configured to be able to transmit and receive data to and from the communication device by a wireless communication method having a communication distance of 100 m or less.
- 前記端末装置は、前記端末側共有鍵復号部によって取得された前記共有鍵を用いて、前記通信装置との間で暗号化通信を行う暗号化通信処理部をさらに備える請求項1又は2記載の通信システム。 The said terminal device is further equipped with the encryption communication process part which performs encrypted communication between the said communication apparatuses using the said shared key acquired by the said terminal side shared key decoding part. Communications system.
- 前記通信装置は、自機を識別するための識別情報を前記端末装置へ送信する鍵発行依頼部をさらに備え、
前記端末装置は、前記通信装置から受信した前記通信装置の識別情報と、自機を識別するための識別情報とを前記端末固有鍵に基づき暗号化して暗号化端末情報として前記通信装置へ送信する端末情報送信部をさらに備え、
前記通信装置は、前記端末装置から送信された前記暗号化端末情報と自機を識別するための識別情報とを前記サーバ装置へ送信する暗号化端末情報転送部をさらに備え、
前記サーバ装置は、前記通信装置から送信された前記暗号化端末情報を前記端末固有鍵に基づき復号化して前記通信装置の識別情報を取得し、その復号化された前記通信装置の識別情報と、その暗号化端末情報を送信した前記通信装置を識別するための識別情報とを比較し、当該比較結果が一致した場合に前記暗号化共有鍵送信部によって前記暗号化共有鍵送信処理を実行させ、一致しなかった場合には前記暗号化共有鍵送信部によって前記暗号化共有鍵送信処理を実行させない端末管理部をさらに備える請求項1~3のいずれか1項に記載の通信システム。 The communication device further includes a key issue request unit that transmits identification information for identifying the device itself to the terminal device,
The terminal device encrypts the identification information of the communication device received from the communication device and the identification information for identifying the own device based on the terminal unique key, and transmits the encrypted information to the communication device as encrypted terminal information. A terminal information transmission unit;
The communication device further includes an encrypted terminal information transfer unit that transmits the encrypted terminal information transmitted from the terminal device and identification information for identifying the own device to the server device,
The server device decrypts the encrypted terminal information transmitted from the communication device based on the terminal unique key to obtain the identification information of the communication device, and the decrypted identification information of the communication device; Compared with the identification information for identifying the communication device that has transmitted the encrypted terminal information, if the comparison result matches, the encrypted shared key transmission unit to execute the encrypted shared key transmission process, The communication system according to any one of claims 1 to 3, further comprising: a terminal management unit that prevents the encrypted shared key transmission unit from executing the encrypted shared key transmission process if they do not match. - 前記通信装置は、
通信ネットワークに接続され、前記端末装置と前記通信ネットワークとの間に介在してルーティングを行うルータ処理部をさらに備える請求項1~4のいずれか1項に記載の通信システム。 The communication device
The communication system according to any one of claims 1 to 4, further comprising a router processing unit that is connected to a communication network and performs routing by being interposed between the terminal device and the communication network. - 前記通信装置は、
通信ネットワークに接続され、前記端末装置と前記通信ネットワークとの間に介在してルーティングを行うルータ処理部をさらに備え、
前記ルータ処理部は、前記端末装置から前記暗号化通信により暗号化された前記通信ネットワーク宛てのデータが受信されたとき、前記暗号化されたデータを、前記共有鍵を用いて復号化して前記通信ネットワークへ送信する請求項3記載の通信システム。 The communication device
A router processing unit connected to a communication network, further comprising a router that performs intervening between the terminal device and the communication network,
When the router processing unit receives data addressed to the communication network encrypted by the encrypted communication from the terminal device, the router processing unit decrypts the encrypted data using the shared key and performs the communication The communication system according to claim 3, wherein the communication system transmits to a network. - 前記ルータ処理部は、
前記通信側共有鍵復号部によって前記端末装置に対応する前記共有鍵が取得されていないとき、前記端末装置からの前記サーバ装置以外のノードへのアクセスを禁止する請求項5又は6記載の通信システム。 The router processing unit
The communication system according to claim 5 or 6, wherein when the shared key corresponding to the terminal device is not acquired by the communication-side shared key decryption unit, access from the terminal device to a node other than the server device is prohibited. . - 前記ルータ処理部は、
前記共有鍵に基づき前記端末装置の認証を行い、その認証が失敗したとき、その端末装置による前記通信ネットワークへのアクセスを禁止する請求項5~7のいずれか1項に記載の通信システム。 The router processing unit
The communication system according to any one of claims 5 to 7, wherein authentication of the terminal device is performed based on the shared key, and access to the communication network by the terminal device is prohibited when the authentication fails. - 前記通信装置は、ユーザが携帯可能な携帯端末装置であり、
前記端末装置は、前記共有鍵に基づき前記通信装置の認証を行う認証部をさらに備える請求項1~4のいずれか1項に記載の通信システム。 The communication device is a portable terminal device that can be carried by a user,
The communication system according to any one of claims 1 to 4, wherein the terminal device further includes an authentication unit that authenticates the communication device based on the shared key. - 前記端末装置は車両に搭載可能とされており、
前記端末装置は、前記認証部が前記認証に成功した場合、前記通信装置から送信されたデータに応じて前記車両を制御する車両制御部をさらに備える請求項9記載の通信システム。 The terminal device can be mounted on a vehicle,
The communication system according to claim 9, wherein the terminal device further includes a vehicle control unit that controls the vehicle according to data transmitted from the communication device when the authentication unit succeeds in the authentication. - 請求項1~10のいずれか1項に記載の通信システムの前記サーバ装置を動作させるためのサーバ装置用プログラムであって、
前記通信装置と前記端末装置との間で共有させるための共有鍵を前記通信固有鍵に基づき暗号化した第1暗号化共有鍵と、前記共有鍵を前記端末固有鍵に基づき暗号化した第2暗号化共有鍵とを前記通信装置へ送信する暗号化共有鍵送信処理を実行する暗号化共有鍵送信部として前記サーバ装置を機能させるサーバ装置用プログラム。 A server device program for operating the server device of the communication system according to any one of claims 1 to 10,
A first encrypted shared key obtained by encrypting a shared key for sharing between the communication device and the terminal device based on the communication unique key; and a second encrypted key obtained by encrypting the shared key based on the terminal unique key. A program for a server device that causes the server device to function as an encrypted shared key transmission unit that executes an encrypted shared key transmission process for transmitting an encrypted shared key to the communication device. - 請求項1~10のいずれか1項に記載の通信システムの前記通信装置を動作させるための通信装置用プログラムであって、
前記サーバ装置から前記第1及び第2暗号化共有鍵を受信し、その第2暗号化共有鍵を前記端末装置へ送信する暗号化共有鍵転送部、
前記第1暗号化共有鍵を前記通信固有鍵に基づき復号化することにより前記共有鍵を取得する通信側共有鍵復号部として前記通信装置を機能させる通信装置用プログラム。 A communication device program for operating the communication device of the communication system according to any one of claims 1 to 10,
An encrypted shared key transfer unit that receives the first and second encrypted shared keys from the server device and transmits the second encrypted shared key to the terminal device;
A program for a communication device that causes the communication device to function as a communication-side shared key decryption unit that acquires the shared key by decrypting the first encrypted shared key based on the communication unique key. - 請求項1~10のいずれか1項に記載の通信システムの前記端末装置を動作させるための端末装置用プログラムであって、
前記通信装置から前記第2暗号化共有鍵を受信し、その第2暗号化共有鍵を前記端末固有鍵に基づき復号化することにより前記共有鍵を取得する端末側共有鍵復号部として前記端末装置を機能させる端末装置用プログラム。 A terminal device program for operating the terminal device of the communication system according to any one of claims 1 to 10,
The terminal device as a terminal-side shared key decryption unit that receives the second encrypted shared key from the communication device and obtains the shared key by decrypting the second encrypted shared key based on the terminal unique key A program for a terminal device that functions. - 請求項1~10のいずれか1項に記載の通信システムの前記サーバ装置を動作させるためのサーバ装置用プログラムを記録した記録媒体であって、
前記通信装置と前記端末装置との間で共有させるための共有鍵を前記通信固有鍵に基づき暗号化した第1暗号化共有鍵と、前記共有鍵を前記端末固有鍵に基づき暗号化した第2暗号化共有鍵とを前記通信装置へ送信する暗号化共有鍵送信処理を実行する暗号化共有鍵送信部として前記サーバ装置を機能させるサーバ装置用プログラムを記録した記録媒体。 A recording medium recording a server device program for operating the server device of the communication system according to any one of claims 1 to 10,
A first encrypted shared key obtained by encrypting a shared key for sharing between the communication device and the terminal device based on the communication unique key; and a second encrypted key obtained by encrypting the shared key based on the terminal unique key. A recording medium storing a server device program that causes the server device to function as an encrypted shared key transmission unit that executes an encrypted shared key transmission process of transmitting an encrypted shared key to the communication device. - 請求項1~10のいずれか1項に記載の通信システムの前記通信装置を動作させるための通信装置用プログラムを記録した記録媒体であって、
前記サーバ装置から前記第1及び第2暗号化共有鍵を受信し、その第2暗号化共有鍵を前記端末装置へ送信する暗号化共有鍵転送部、
前記第1暗号化共有鍵を前記通信固有鍵に基づき復号化することにより前記共有鍵を取得する通信側共有鍵復号部として前記通信装置を機能させる通信装置用プログラムを記録した記録媒体。 A recording medium recording a communication device program for operating the communication device of the communication system according to any one of claims 1 to 10,
An encrypted shared key transfer unit that receives the first and second encrypted shared keys from the server device and transmits the second encrypted shared key to the terminal device;
A recording medium storing a communication device program that causes the communication device to function as a communication-side shared key decryption unit that acquires the shared key by decrypting the first encrypted shared key based on the communication unique key. - 請求項1~10のいずれか1項に記載の通信システムの前記端末装置を動作させるための端末装置用プログラムを記録した記録媒体であって、
前記通信装置から前記第2暗号化共有鍵を受信し、その第2暗号化共有鍵を前記端末固有鍵に基づき復号化することにより前記共有鍵を取得する端末側共有鍵復号部として前記端末装置を機能させる端末装置用プログラムを記録した記録媒体。
A recording medium recording a terminal device program for operating the terminal device of the communication system according to any one of claims 1 to 10,
The terminal device as a terminal-side shared key decryption unit that receives the second encrypted shared key from the communication device and obtains the shared key by decrypting the second encrypted shared key based on the terminal unique key A recording medium that records a program for a terminal device that causes the device to function.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2016546379A JPWO2016035466A1 (en) | 2014-09-03 | 2015-07-21 | COMMUNICATION SYSTEM, SERVER DEVICE PROGRAM AND RECORDING MEDIUM RECORDING THE SAME, COMMUNICATION DEVICE PROGRAM AND RECORDING MEDIUM RECORDING THE SAME, TERMINAL DEVICE PROGRAM AND RECORDING MEDIUM RECORDING THE SAME |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2014179030 | 2014-09-03 | ||
JP2014-179030 | 2014-09-03 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016035466A1 true WO2016035466A1 (en) | 2016-03-10 |
Family
ID=55439536
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2015/070735 WO2016035466A1 (en) | 2014-09-03 | 2015-07-21 | Communication system, program for server device, recording medium recording this program, program for communication device, recording medium recording this program, program for terminal device, and recording medium recording this program |
Country Status (2)
Country | Link |
---|---|
JP (1) | JPWO2016035466A1 (en) |
WO (1) | WO2016035466A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106961417A (en) * | 2016-12-23 | 2017-07-18 | 中国银联股份有限公司 | Auth method based on ciphertext |
JP2018142823A (en) * | 2017-02-27 | 2018-09-13 | Kddi株式会社 | Communication system and communication method |
JP2020088836A (en) * | 2018-11-15 | 2020-06-04 | Kddi株式会社 | Vehicle maintenance system, maintenance server device, management server device, on-vehicle device, maintenance tool, computer program, and vehicle maintenance method |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP6810714B2 (en) * | 2017-10-12 | 2021-01-06 | 株式会社日立製作所 | Terminal vehicle tying method, terminal vehicle tying device and terminal vehicle tying program |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002247047A (en) * | 2000-12-14 | 2002-08-30 | Furukawa Electric Co Ltd:The | Session shared key sharing method, radio terminal authenticating method, radio terminal and base station device |
US7073066B1 (en) * | 2001-08-28 | 2006-07-04 | 3Com Corporation | Offloading cryptographic processing from an access point to an access point server using Otway-Rees key distribution |
JP2012100188A (en) * | 2010-11-05 | 2012-05-24 | Tokai Rika Co Ltd | Authentication system |
-
2015
- 2015-07-21 JP JP2016546379A patent/JPWO2016035466A1/en active Pending
- 2015-07-21 WO PCT/JP2015/070735 patent/WO2016035466A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002247047A (en) * | 2000-12-14 | 2002-08-30 | Furukawa Electric Co Ltd:The | Session shared key sharing method, radio terminal authenticating method, radio terminal and base station device |
US7073066B1 (en) * | 2001-08-28 | 2006-07-04 | 3Com Corporation | Offloading cryptographic processing from an access point to an access point server using Otway-Rees key distribution |
JP2012100188A (en) * | 2010-11-05 | 2012-05-24 | Tokai Rika Co Ltd | Authentication system |
Non-Patent Citations (1)
Title |
---|
OTWAY, D. ET AL.: "Efficient and timely mutual authentication", ACM SIGOPS OPERATING SYSTEMS REVIEW, vol. 21, no. 1, January 1987 (1987-01-01), pages 8 - 10, XP002008756, DOI: doi:10.1145/24592.24594 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106961417A (en) * | 2016-12-23 | 2017-07-18 | 中国银联股份有限公司 | Auth method based on ciphertext |
JP2018142823A (en) * | 2017-02-27 | 2018-09-13 | Kddi株式会社 | Communication system and communication method |
JP2020088836A (en) * | 2018-11-15 | 2020-06-04 | Kddi株式会社 | Vehicle maintenance system, maintenance server device, management server device, on-vehicle device, maintenance tool, computer program, and vehicle maintenance method |
Also Published As
Publication number | Publication date |
---|---|
JPWO2016035466A1 (en) | 2017-04-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111049660B (en) | Certificate distribution method, system, device and equipment, and storage medium | |
CA2738157C (en) | Assignment and distribution of access credentials to mobile communication devices | |
JP6365410B2 (en) | Vehicle communication system | |
CN104731612B (en) | Mobile equipment safety component software is tied to SIM | |
US20210070252A1 (en) | Method and device for authenticating a user to a transportation vehicle | |
CN110637328A (en) | Vehicle access method based on portable equipment | |
JP5380583B1 (en) | Device authentication method and system | |
JP5276940B2 (en) | Center device, terminal device, and authentication system | |
JP2011511350A (en) | Access control management method and apparatus | |
WO2006083125A1 (en) | Wireless network system and communication method for external device to temporarily access wireless network | |
US20150020180A1 (en) | Wireless two-factor authentication, authorization and audit system with close proximity between mass storage device and communication device | |
CN107733652B (en) | Unlocking method and system for shared vehicle and vehicle lock | |
JP2021511743A (en) | Methods, application servers, IOT devices and media for implementing IOT services | |
CN101772024A (en) | User identification method, device and system | |
WO2016035466A1 (en) | Communication system, program for server device, recording medium recording this program, program for communication device, recording medium recording this program, program for terminal device, and recording medium recording this program | |
KR101873828B1 (en) | Wireless door key sharing service method and system using user terminal in trusted execution environment | |
US20220400015A1 (en) | Method and device for performing access control by using authentication certificate based on authority information | |
KR102146748B1 (en) | Digital key based service system and method thereof in mobile trusted environment | |
JP2018148463A (en) | Authentication system, authentication information generator, apparatus to be authenticated, and authentication apparatus | |
CN115868189A (en) | Method, vehicle, terminal and system for establishing vehicle safety communication | |
JP6719503B2 (en) | Login control method | |
JP6905950B2 (en) | Authentication methods and computer programs for terminal devices, automobiles, and remote-controlled terminals for automobiles | |
JP2009212625A (en) | Membership authentication system and mobile terminal unit | |
JP2013257653A (en) | Car sharing system, communication terminal, communication program, and communication method | |
KR102053993B1 (en) | Method for Authenticating by using Certificate |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15838140 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2016546379 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 14.06.2017) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 15838140 Country of ref document: EP Kind code of ref document: A1 |