WO2016208227A1 - Management system, vehicle, management device, vehicle-mounted computer, management method, and computer program - Google Patents

Management system, vehicle, management device, vehicle-mounted computer, management method, and computer program Download PDF

Info

Publication number
WO2016208227A1
WO2016208227A1 PCT/JP2016/057087 JP2016057087W WO2016208227A1 WO 2016208227 A1 WO2016208227 A1 WO 2016208227A1 JP 2016057087 W JP2016057087 W JP 2016057087W WO 2016208227 A1 WO2016208227 A1 WO 2016208227A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
root
public key
certificate
new
Prior art date
Application number
PCT/JP2016/057087
Other languages
French (fr)
Japanese (ja)
Inventor
竹森 敬祐
Original Assignee
Kddi株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kddi株式会社 filed Critical Kddi株式会社
Publication of WO2016208227A1 publication Critical patent/WO2016208227A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to a management system, a vehicle, a management device, an in-vehicle computer, a management method, and a computer program.
  • ECU Electronic Control Unit
  • the ECU is a kind of computer and realizes a desired function by a computer program.
  • the ECU computer program is usually updated at a general automobile maintenance shop during an automobile inspection or a periodic inspection.
  • Non-Patent Documents 1 and 2 describe security.
  • an electronic signature is attached to data such as a computer program used in the ECU and distributed to the vehicle management device, and the electronic signature of the distributed data is verified using a key held by the management device.
  • data such as a computer program used in the ECU
  • the management and update of the key held in the automobile is a key security issue.
  • the present invention has been made in view of such circumstances, and can contribute to management and update of a key held in a vehicle such as an automobile, a management system, a vehicle, a management device, an in-vehicle computer, a management method, and It is an object to provide a computer program.
  • One aspect of the present invention is a management system including a management device provided in a vehicle and an in-vehicle computer, wherein the management device and the in-vehicle computer communicate via a communication network provided in the vehicle.
  • the key storage unit includes a key storage unit that stores a root certificate that is a public key certificate of a root public key of a root private key and a root public key of the root private key pair.
  • the public key certificate used for the public key cryptosystem is issued using the pair of the root certificate and the root private key stored in the public key.
  • One aspect of the present invention is the management system according to (1), wherein the management device includes a key generation unit that generates a public / private key pair and a key storage unit of the management device.
  • An encryption processing unit that generates an electronic signature of the public key generated by the key generation unit using a stored Root private key, and the public key generated by the key generation unit and the encryption processing unit
  • the public key certificate composed of the electronic signature generated by the computer is transmitted to the in-vehicle computer, and the in-vehicle computer stores the public key certificate received from the management device in the key storage unit of the in-vehicle computer.
  • a verification unit that verifies using a root certificate may be provided.
  • An encryption processing unit that generates an electronic signature of a public key generated by the key generation unit of the in-vehicle computer using a stored Root private key, and the public generated by the key generation unit of the in-vehicle computer
  • a public key certificate composed of a key and an electronic signature generated by an encryption processing unit of the in-vehicle computer is transmitted to the management device, and the management device receives the public key certificate received from the in-vehicle computer, You may provide the verification part verified using the Root certificate memorize
  • One aspect of the present invention is the management system according to (3) above, wherein the key generation unit of the management device generates a key, and the encryption processing unit of the management device transmits the key to the in-vehicle computer Using the private key paired with the public key of the public key certificate, an electronic signature of the key generated by the key generation unit of the management apparatus is generated, and the key certificate configured by the key and the electronic signature Is encrypted with the public key of the public key certificate received from the in-vehicle computer, the management device transmits the encrypted data of the key certificate to the in-vehicle computer, and the encryption processing unit of the in-vehicle computer includes the management device Decrypting the encrypted data of the key certificate received from the private key with the public key of the public key certificate transmitted to the management device, and the verification unit of the in-vehicle computer uses the encrypted data of the key certificate Decryption data A, it may be verified using the public key of the public key certificate received from the management device.
  • One aspect of the present invention is the management system according to any one of (1) to (4), wherein the key generation unit of the management device sets a pair of a new Root public key and a new Root secret key.
  • the encryption processing unit of the management device generates an electronic signature of the new Root public key using a Root private key stored in the key storage unit of the management device, and the key storage unit of the management device , Storing a new Root private key, a new Root certificate that is a public key certificate composed of the new Root public key and an electronic signature of the new Root public key, and the management device stores the new Root private key
  • the private key and the new root certificate are encrypted with an encryption path key shared with the in-vehicle computer and transmitted to the in-vehicle computer, and the in-vehicle computer receives the new root private key received from the management device.
  • the encrypted data of the new root certificate is decrypted with the encryption path key, and the verification unit of the in-vehicle computer stores the decrypted new root certificate in the key storage unit of the in-vehicle computer.
  • the key storage unit of the in-vehicle computer may store the new root private key and the new root certificate when the verification of the new root certificate is successful.
  • One aspect of the present invention is a vehicle including the management system according to any one of (1) to (5) above.
  • One aspect of the present invention is a management device provided in the vehicle that communicates with an in-vehicle computer provided in the vehicle via a communication network provided in the vehicle, and includes a root of a pair of a root secret key and the root secret key
  • a key storage unit that stores a root certificate that is a public key certificate of a public key is provided in common with the in-vehicle computer, and a pair of a root certificate and a root private key stored in the key storage unit is used. Issue a public key certificate used for public key cryptography.
  • One aspect of the present invention is an in-vehicle computer provided in the vehicle that communicates with a management device provided in the vehicle via a communication network provided in the vehicle, wherein a root of a pair of a root secret key and the root secret key
  • a key storage unit that stores a Root certificate that is a public key certificate of a public key is provided in common with the management device, and a pair of a Root certificate and a Root private key stored in the key storage unit is used. Issue a public key certificate used for public key cryptography.
  • One aspect of the present invention is a management system management method including a management device and an in-vehicle computer provided in a vehicle, wherein the management device and the in-vehicle computer communicate via a communication network provided in the vehicle.
  • the management device and the in-vehicle computer store a Root secret key and a Root certificate that is a public key certificate of a Root public key of a pair of the Root secret key in each key storage unit in common. And issuing a public key certificate used for public key cryptography using a pair of a root certificate and a root secret key stored in the key storage unit.
  • a root of a pair of a root secret key and a root secret key is transmitted to a computer of a management device provided in the vehicle that communicates with an in-vehicle computer provided in the vehicle via a communication network provided in the vehicle.
  • an in-vehicle computer provided in the vehicle that communicates with a management device provided in the vehicle via a communication network provided in the vehicle has a Root public key that is a pair of a Root secret key and the Root secret key.
  • a root certificate which is a public key certificate of the same, is stored in the key storage unit in common with the management device, and a pair of the root certificate and the root private key stored in the key storage unit is used.
  • FIG. 1 is a diagram illustrating an automobile 1 according to the first embodiment.
  • the automobile 1 includes a management device 10 and an ECU 50.
  • the management device 10 is connected to the control in-vehicle network 40.
  • a CAN Controller Area Network
  • CAN is known as one of communication networks mounted on vehicles.
  • the in-vehicle network for control 40 is a CAN.
  • Various ECUs 50 are connected to the control in-vehicle network 40.
  • the ECU 50 is an in-vehicle computer provided in the automobile 1.
  • the ECU 50 is, for example, a drive system ECU, a vehicle body system ECU, a safety control system ECU, or the like.
  • the management device 10 exchanges data with each ECU 50 via the control in-vehicle network 40.
  • the ECU 50 exchanges data with other ECUs 50 via the control in-vehicle network 40.
  • the management device 10 includes a secure element 20.
  • the ECU 50 includes a secure element 60.
  • FIG. 2 is a configuration diagram illustrating the management apparatus 10 according to the first embodiment.
  • the management apparatus 10 includes a control unit 11, a CAN interface 12, and a secure element 20. Each of these units is configured to exchange data.
  • the secure element 20 includes a key generation unit 21, a key storage unit 22, a verification unit 23, and an encryption processing unit 24.
  • the control unit 11 has a control function of the management device 10.
  • the CAN interface 12 is a communication unit that communicates with the ECU 50.
  • the CAN interface 12 is connected to the control in-vehicle network 40 and exchanges data with each ECU 50 via the control in-vehicle network 40.
  • the secure element 20 has tamper resistance.
  • the key generation unit 21 generates a key.
  • the key storage unit 22 stores a key.
  • the verification unit 23 verifies data exchange.
  • the encryption processing unit 24 encrypts data and decrypts encrypted data.
  • FIG. 3 is a diagram showing the configuration of the key storage unit 22 shown in FIG. 3, the key storage unit 22 includes a root certificate storage unit 31, a root private key storage unit 32, an S public key certificate storage unit 33, an S private key storage unit 34, a C public key certificate storage unit 35, and a MAC.
  • a key storage unit 36 is provided.
  • the root certificate storage unit 31 stores a root certificate Cert_KRp.
  • the root secret key storage unit 32 stores the root secret key KRs.
  • the root certificate Cert_KRp is a public key certificate.
  • the public key certified by the root certificate Cert_KRp is the root public key KRp.
  • the root secret key KRs is a secret key paired with the root public key KRp.
  • the root certificate Cert_KRp and the root secret key KRs are safely written into the secure element 20 when the management apparatus 10 is manufactured, for example.
  • the root certificate Cert_KRp written in the secure element 20 is stored in the root certificate storage unit 31.
  • the root secret key KRs written in the secure element 20 is stored in the root secret key storage unit 32.
  • the Root certificate Cert_KRp and the Root secret key KRs are preferably managed and concealed so that they remain in plain text and are not output from the secure element 20 to the outside.
  • the S public key certificate storage unit 33 stores the S public key certificate Cert_KSp.
  • the S secret key storage unit 34 stores the S secret key KSs.
  • the S public key certificate KSp is a public key certificate.
  • the public key proved by the S public key certificate Cert_KSp is the S public key KSp.
  • the S secret key KSs is a secret key paired with the S public key KSp.
  • the S public key certificate Cert_KSp and the S private key KSs are generated by the key generation unit 21.
  • the S public key certificate Cert_KSp generated by the key generation unit 21 is stored in the S public key certificate storage unit 33.
  • the S secret key KSs generated by the key generation unit 21 is stored in the S secret key storage unit 34.
  • the C public key certificate storage unit 35 stores the C public key certificate.
  • the C public key certificate exists for each ECU 50.
  • the C public key certificate storage unit 35 stores the C public key certificate of each ECU 50.
  • a C public key certificate of an ECU 50 is a certificate of the public key of the ECU 50.
  • the public key certified by the C public key certificate Cert_KC1p of the first ECU 50 that is one of the ECUs 50 provided in the automobile 1 is the C public key KC1p.
  • the C public key KC1p is a public key of the first ECU 50.
  • the C public key KC1p is paired with a C secret key KC1s that is a secret key of the first ECU 50.
  • the C public key certificate received from each ECU 50 is stored in the C public key certificate storage unit 35.
  • the MAC key storage unit 36 stores the MAC key Km.
  • the MAC key Km is a common key generated by the key generation unit 21.
  • the MAC key Km generated by the key generation unit 21 is stored in the MAC key storage unit 36.
  • the MAC key Km is used when exchanging data between the ECUs 50, for example.
  • FIG. 4 is a configuration diagram showing the ECU 50 according to the first embodiment.
  • the ECU 50 includes a control unit 51, a CAN interface 52, and a secure element 60. Each of these units is configured to exchange data.
  • the secure element 60 includes a key generation unit 61, a key storage unit 62, a verification unit 63, and an encryption processing unit 64.
  • the control unit 51 has a predetermined control function corresponding to the ECU 50.
  • the CAN interface 52 is a communication unit that communicates with the management apparatus 10 and other ECUs 50.
  • the CAN interface 52 is connected to the control in-vehicle network 40 and exchanges data with the management apparatus 10 and other ECUs 50 through the control in-vehicle network 40.
  • the secure element 60 has tamper resistance.
  • the key generation unit 61 generates a key.
  • the key storage unit 62 stores a key.
  • the verification unit 63 verifies the exchange of data.
  • the encryption processing unit 64 performs data encryption and decryption of the encrypted data.
  • FIG. 5 is a diagram showing a configuration of the key storage unit 62 shown in FIG.
  • a key storage unit 62 includes a root certificate storage unit 71, a root private key storage unit 72, a C public key certificate storage unit 73, a C private key storage unit 74, an S public key certificate storage unit 75, and a MAC.
  • a key storage unit 76 is provided.
  • the root certificate storage unit 71 stores the same root certificate Cert_KRp as that of the management apparatus 10.
  • the root secret key storage unit 72 stores the same root secret key KRs as that of the management apparatus 10. Therefore, the management apparatus 10 and each ECU 50 include a pair of the same root certificate Cert_KRp and a root secret key KRs.
  • the root certificate Cert_KRp and the root secret key KRs are safely written in the secure element 60 when the ECU 50 is manufactured, for example.
  • the root certificate Cert_KRp written in the secure element 60 is stored in the root certificate storage unit 71.
  • the root secret key KRs written to the secure element 60 is stored in the root secret key storage unit 72.
  • the Root certificate Cert_KRp and the Root secret key KRs are preferably managed and concealed so that they remain in plain text and are not output from the secure element 60 to the outside.
  • the C public key certificate storage unit 73 stores the C public key certificate.
  • the C secret key storage unit 74 stores the C secret key.
  • the C public key certificate is a public key certificate.
  • the C private key is a private key paired with the public key of the C public key certificate.
  • the C public key certificate and the C private key are generated by the key generation unit 61.
  • the C public key certificate generated by the key generation unit 61 is stored in the C public key certificate storage unit 73.
  • the C secret key generated by the key generation unit 61 is stored in the C secret key storage unit 74.
  • the C public key certificate Cert_KC1p of the first ECU 50 is a certificate of the C public key KC1p of the first ECU 50.
  • the C public key KC1p is paired with the C secret key KC1s of the first ECU 50.
  • the C public key certificate Cert_KC1p generated by the key generation unit 61 of the first ECU 50 is stored in the C public key certificate storage unit 73 of the first ECU 50.
  • the C secret key KC1s generated by the key generation unit 61 of the first ECU 50 is stored in the C secret key storage unit 74 of the first ECU 50.
  • the S public key certificate storage unit 75 stores the S public key certificate Cert_KSp of the management apparatus 10.
  • the S public key certificate Cert_KSp received from the management apparatus 10 is stored in the S public key certificate storage unit 75.
  • the MAC key storage unit 76 stores the MAC key Km.
  • the MAC key Km received from the management apparatus 10 is stored in the MAC key storage unit 76.
  • the management device 10 and the ECU 50 transmit and receive data via the control in-vehicle network 40.
  • the secure element 20 of the management device 10 transmits / receives data to / from the secure element 60 of the ECU 50 via the CAN interface 12.
  • the secure element 60 of the ECU 50 transmits / receives data to / from the secure element 20 of the management apparatus 10 via the CAN interface 52.
  • data is exchanged between the secure element 20 of the management apparatus 10 and the secure element 60 of the ECU 50.
  • FIG. 6 is a sequence chart of the management method according to the first embodiment.
  • the first ECU 50 that is one of the ECUs 50 provided in the automobile 1 will be described as an example, but the same applies to the other ECUs 50.
  • Step S1 In the secure element 20 of the management apparatus 10, the key generation unit 21 generates a pair of the S public key KSp and the S secret key KSs.
  • RSA Raster Shamir Adleman
  • ECC Elliptic Curve ⁇ Cryptosystems
  • the key generation unit 21 generates an S public key certificate Cert_KSp for the generated S public key KSp.
  • the S public key certificate Cert_KSp includes an S public key KSp and an electronic signature of the S public key KSp.
  • the electronic signature of the S public key KSp is encrypted data obtained as a result of encrypting the hash value of the S public key KSp with the Root secret key KRs.
  • the key generation unit 21 calculates the hash value hash (KSp) of the S public key KSp.
  • the encryption processing unit 24 encrypts the hash value hash (KSp) calculated by the key generation unit 21 with the Root secret key KRs stored in the Root secret key storage unit 32.
  • the encrypted data KRs (hash (KSp)) is an electronic signature of the S public key KSp.
  • the key generation unit 21 configures the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” from the S public key KSp and the electronic signature KRs (hash (KSp)) of the S public key KSp.
  • the S public key certificate storage unit 33 stores the S public key certificate Cert_KSp “KSp, KRs (hash (Ksp))” generated by the key generation unit 21.
  • the S secret key storage unit 34 stores the S secret key KSs generated by the key generation unit 21.
  • the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” stored in the S public key certificate storage unit 33 and the S private key KSs stored in the S private key storage unit 34 are paired. Set the association information indicating that there is.
  • Step S2 In the secure element 60 of the first ECU 50, the key generation unit 61 generates a pair of the C public key KC1p and the C secret key KC1s. Further, the key generation unit 61 generates a C public key certificate Cert_KC1p of the generated C secret key KC1s.
  • the C public key certificate Cert_KC1p includes a C public key KC1p and an electronic signature of the C public key KC1p.
  • the electronic signature of the C public key KC1p is encrypted data obtained as a result of encrypting the hash value of the C public key KC1p with the Root secret key KRs.
  • the key generation unit 61 In generating the C public key certificate Cert_KC1p, the key generation unit 61 first calculates the hash value hash (KC1p) of the C public key KC1p. Next, the encryption processing unit 64 encrypts the hash value hash (KC1p) calculated by the key generation unit 61 with the Root secret key KRs stored in the Root secret key storage unit 72.
  • the encrypted data KRs (hash (KC1p)) is an electronic signature of the C public key KC1p.
  • the key generation unit 61 forms a C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” from the C public key KC1p and the electronic signature KRs (hash (KC1p)) of the C public key KC1p.
  • the C public key certificate storage unit 73 stores the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” generated by the key generation unit 61.
  • the C secret key storage unit 74 stores the C secret key KC1s generated by the key generation unit 61. Also, the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” stored in the C public key certificate storage unit 73 and the C secret key KC1s stored in the C secret key storage unit 74 are paired. Set the association information indicating that there is.
  • Step S3 Send public key certificate
  • the secure element 20 of the management apparatus 10 uses the CAN interface 12 to generate the S public key certificate Cert_KSp “KSp, KRs (hash (KSp)) generated in the above step S1. Is transmitted to the secure element 60 of the first ECU 50.
  • Step S4 The secure element 60 of the first ECU 50 receives the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” from the secure element 20 of the management apparatus 10 through the CAN interface 52.
  • the verification unit 63 verifies the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” received from the secure element 20 of the management apparatus 10.
  • the verification unit 63 In the verification of the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))”, the verification unit 63 first obtains the S public key KSp from the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))”. Acquire and calculate the hash value hash (KSp) of the acquired S public key KSp. Next, the verification unit 63 acquires the electronic signature KRs (hash (KSp)) from the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))”, and acquires the acquired electronic signature KRs (hash (KSp)).
  • Decryption is performed with the root public key KRp of the root certificate Cert_KRp stored in the root certificate storage unit 71. By this decryption, decrypted data “KRp ⁇ KRs (hash (KSp))” is obtained. Next, the verification unit 63 determines whether the calculated hash value hash (KSp) matches the decrypted data “KRp ⁇ KRs (hash (KSp))”.
  • the verification unit 63 obtains the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))”.
  • the data is stored in the S public key certificate storage unit 75. Thereafter, the process proceeds to step S5.
  • the control unit 51 may execute a predetermined error process.
  • Step S5 Send Public Key Certificate
  • the secure element 60 of the first ECU 50 uses the CAN interface 52 to generate the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p)) generated in step S2. ) "Is transmitted to the secure element 20 of the management apparatus 10.
  • Step S6 The secure element 20 of the management apparatus 10 receives the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” from the secure element 60 of the first ECU 50 through the CAN interface 12.
  • the verification unit 23 verifies the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” received from the secure element 60 of the first ECU 50.
  • the verification unit 23 In the verification of the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))”, the verification unit 23 first obtains the C public key KC1p from the C public key certificate Cert_KC1p “KC1, KRs (hash (KC1p))”. Acquire and calculate the hash value hash (KC1p) of the acquired C public key KC1p. Next, the verification unit 23 acquires the electronic signature KRs (hash (KC1p)) from the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))”, and acquires the acquired electronic signature KRs (hash (KC1p)).
  • Decryption is performed using the root public key KRp of the root certificate Cert_KRp stored in the root certificate storage unit 31. By this decryption, decrypted data “KRp ⁇ KRs (hash (KC1p))” is obtained.
  • the verification unit 23 determines whether or not the calculated hash value hash (KC1p) matches the decrypted data “KRp ⁇ KRs (hash (KC1p))”.
  • the verification unit 23 obtains the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))”.
  • the data is stored in the C public key certificate storage unit 35. Thereafter, the process of FIG. 6 is terminated.
  • the management apparatus 10 can issue the S public key certificate Cert_KSp and the ECU 50 can issue the C public key certificate. .
  • a public key certificate by closing it inside the automobile 1 without using a general PKI (Public Key Infrastructure).
  • PKI Public Key Infrastructure
  • the public key cryptosystem when using the public key cryptosystem to conceal the data inside the automobile 1, communication for using the PKI existing outside the automobile 1 is not required, and thus the number of communication devices can be reduced. Effects such as applying to an environment where communication is impossible and easily increasing the frequency of issuing public key certificates can be obtained.
  • the management device 10 and the ECU 50 repeatedly generate a public key / private key pair at a relatively short cycle to issue a public key certificate, and a new public key certificate is issued each time a public key certificate is issued. You may make it replace
  • FIG. 7 is a sequence chart of the management method according to the first embodiment.
  • the first ECU 50 that is one of the ECUs 50 provided in the automobile 1 will be described as an example, but the same applies to the other ECUs 50.
  • Step S11 In the secure element 20 of the management device 10, the key generation unit 21 generates the MAC key Km. Next, the key generation unit 21 applies an electronic signature to the generated MAC key Km. In the electronic signature for the MAC key Km, the key generation unit 21 first calculates a hash value hash (Km) of the MAC key Km. Next, the encryption processing unit 24 encrypts the hash value hash (Km) calculated by the key generation unit 21 with the S secret key KSs stored in the S secret key storage unit 34. The encrypted data KSs (hash (Km)) is an electronic signature of the MAC key Km.
  • the key generation unit 21 configures the MAC key certificate “Km, KSs (hash (Km))” from the MAC key Km and the electronic signature KSs (hash (Km)) of the MAC key Km.
  • the MAC key storage unit 36 stores the MAC key Km generated by the key generation unit 21.
  • Step S12 Sending the encryption path key
  • the encryption processing unit 24 uses the C public key certificate Cert_KC1p “KC1p, KRs (hash) stored in the C public key certificate storage unit 35.
  • C public key KC1p is obtained from (KC1p)).
  • the encryption processing unit 24 encrypts the MAC key certificate “Km, KSs (hash (Km))” generated by the key generation unit 21 with the acquired C public key KC1p.
  • the encrypted data KC1p (“Km, KSs (hash (Km))”) is the transmission data of the encryption path key.
  • the secure element 20 of the management device 10 transmits the encryption path key transmission data KC1p (“Km, KSs (hash (Km))”) to the secure element 60 of the first ECU 50 via the CAN interface 12.
  • Step S13 The secure element 60 of the first ECU 50 receives the encryption path key transmission data KC1p (“Km, KSs (hash (Km))”) from the secure element 20 of the management apparatus 10 through the CAN interface 52. To do.
  • the verification unit 63 verifies the encryption path key transmission data KC 1 p (“Km, KSs (hash (Km))”) received from the secure element 20 of the management device 10.
  • the encryption processing unit 64 uses the C secret key KC1s stored in the C secret key storage unit 74 as the encryption path key.
  • the transmission data KC1p (“Km, KSs (hash (Km))”) is decrypted.
  • decrypted data “KC1s ⁇ KC1p (“ Km, KSs (hash (Km)) ”)” is obtained.
  • the verification unit 63 acquires the MAC key Km from the decrypted data “KC1s ⁇ KC1p (“ Km, KSs (hash (Km)) ”)”, and calculates the hash value hash (Km) of the acquired MAC key Km. To do.
  • the verification unit 63 acquires the S public key KSp from the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” stored in the S public key certificate storage unit 75.
  • the verification unit 63 acquires the electronic signature KSs (hash (Km)) from the decrypted data “KC1s ⁇ KC1p (“ Km, KSs (hash (Km))) ”, and acquires the acquired electronic signature KSs (hash ( Km)) is decrypted with the S public key KSp.
  • decrypted data “KSp ⁇ KSs (hash (Km))” is obtained.
  • the verification unit 63 determines whether or not the calculated hash value hash (Km) matches the decrypted data “KSp ⁇ KSs (hash (Km))”. If the result of this determination is that they match, the verification of the encryption path key transmission data KC1p (“Km, KSs (hash (Km))”) is successful, and if they do not match, the encryption path key transmission data KC1p ( The verification of “Km, KSs (hash (Km))” is unsuccessful.
  • the verification unit 63 transmits the encryption path key transmission data KC1p (“Km, KSs (hash ( Km))))
  • the MAC key Km acquired from “)” is stored in the MAC key storage unit 76. Thereafter, the process of FIG. 7 is terminated.
  • the control unit 51 may execute predetermined error processing.
  • the MAC key Km used in the automobile 1 can be updated inside the automobile 1 and can be safely performed by a public key cryptosystem.
  • FIG. 8 and FIG. 9 are sequence charts of the management method according to the first embodiment.
  • the initial update stage of the root certificate will be described.
  • the root certificate Cert_KRp is referred to as the initial root certificate Cert_KRp
  • the root public key KRp is the initial The root public key KRp
  • the root secret key KRs is called the initial root secret key KRs.
  • the root certificate Cert_KRp is referred to as a new root certificate Cert_KRp_new
  • the root public key KRp is referred to as a new root public key KRp_new
  • a Root secret key Is referred to as a new root secret key KRs_new.
  • the first ECU 50 which is one of the ECUs 50 provided in the automobile 1, will be described as an example, but the same applies to the other ECUs 50.
  • Step S21 In the secure element 20 of the management apparatus 10, the key generation unit 21 generates a pair of a new root public key KRp_new and a new root secret key KRs_new. Further, the key generation unit 21 generates a new root certificate Cert_KRp_new which is a certificate of the generated new root public key KRp_new.
  • the new root certificate Cert_KRp_new is composed of a new root public key KRp_new and an electronic signature of the new root public key KRp_new.
  • the electronic signature of the new root public key KRp_new is encrypted data resulting from encrypting the hash value of the new root public key KRp_new with the initial root private key KRs.
  • the key generation unit 21 In generating the new root certificate Cert_KRp_new, the key generation unit 21 first calculates a hash value hash (KRp_new) of the new root public key KRp_new. Next, the encryption processing unit 24 encrypts the hash value hash (KRp_new) calculated by the key generation unit 21 with the initial root secret key KRs stored in the root secret key storage unit 32.
  • the encrypted data KRs (hash (KRp_new)) is an electronic signature of the new root public key KRp_new.
  • the key generation unit 21 creates a new Root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” from the new Root public key KRp_new and the electronic signature KRs (hash (KRp_new)) of the new Root public key KRp_new. .
  • the root certificate storage unit 31 stores the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” generated by the key generation unit 21.
  • the root secret key storage unit 32 stores the new root secret key KRs_new generated by the key generation unit 21.
  • the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” stored in the root certificate storage unit 31 and the new root secret key KRs_new stored in the root secret key storage unit 32 are paired. Set the association information indicating.
  • Step S22 Sending the encryption path key
  • the key generation unit 21 In the secure element 20 of the management apparatus 10, the key generation unit 21 generates the encryption path key Kc.
  • the cryptographic processing unit 24 acquires the C public key KC1p from the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” stored in the C public key certificate storage unit 35.
  • the encryption processing unit 24 encrypts the encryption path key Kc generated by the key generation unit 21 with the acquired C public key KC1p.
  • the encrypted data KC1p (Kc) is encryption path key transmission data.
  • the secure element 20 of the management apparatus 10 transmits the encryption path key transmission data KC1p (Kc) to the secure element 60 of the first ECU 50 through the CAN interface 12.
  • the secure element 60 of the first ECU 50 receives the encryption path key transmission data KC1p (Kc) from the secure element 20 of the management apparatus 10 through the CAN interface 52.
  • the encryption processing unit 64 stores the encryption path key transmission data KC 1 p (Kc) received from the secure element 20 of the management device 10 in the C secret key storage unit 74. Decrypt with key KC1s. By this decoding, decoded data “KC1s ⁇ KC1p (Kc)” is obtained. If the encryption path key sending data KC1p (Kc) is successfully decrypted, the decrypted data “KC1s ⁇ KC1p (Kc)” is the encryption path key Kc.
  • the encryption path key transmission data KC1p (Kc) has been successfully decrypted and the encryption path key Kc is obtained.
  • Step S23 Send New Root Private Key and New Root Certificate
  • the encryption processing unit 24 uses the encryption path key Kc generated by the key generation unit 21 in step S22.
  • the new root secret key KRs_new and the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” are encrypted.
  • the encrypted data Kc KRs_new, “KRp_new, KRs (hash (KRp_new))
  • the secure element 20 of the management device 10 transmits the encrypted data Kc (KRs_new, “KRp_new, KRs (hash (KRp_new))”) to the secure element 60 of the first ECU 50 via the CAN interface 12.
  • Step S24 The secure element 60 of the first ECU 50 receives the encrypted data Kc (KRs_new, “KRp_new, KRs (hash (KRp_new))”) from the secure element 20 of the management apparatus 10 through the CAN interface 52. .
  • the encryption processing unit 64 receives the encrypted data Kc (KRs_new, “KRp_new, KRs (hash (KRp_new))”) received from the secure element 20 of the management apparatus 10 in the above-described step.
  • decryption is performed with the encryption path key Kc obtained by decrypting the transmission data KC1p (Kc) of the encryption path key.
  • decrypted data “Kc ⁇ Kc (KRs_new,“ KRp_new, KRs (hash (KRp_new)) ”)” is obtained. If the decryption of the encrypted data Kc (KRs_new, “KRp_new, KRs (hash (KRp_new))”) is successful, the decrypted data “Kc ⁇ Kc (KRs_new,“ KRp_new, KRs (hash (KRp_new)) ”)”.
  • a new root secret key KRs_new and a new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” are obtained.
  • the encrypted data Kc KRs_new, “KRp_new, KRs (hash (KRp_new))”
  • the new Root secret key KRs_new and the new Root certificate Cert_KRp_new “KRp_new, KRs (pnew) ) "Is obtained.
  • the verification unit 63 verifies the obtained new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))”.
  • the verification unit 63 In the verification of the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))”, the verification unit 63 first obtains the new Root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” from the new Rot public key. Then, the hash value hash (KRp_new) of the acquired new Root public key KRp_new is calculated.
  • the verification unit 63 acquires the electronic signature KRs (hash (KRp_new)) from the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))”, and acquires the acquired electronic signature KRs (hash (KRp_new)).
  • Decryption is performed using the initial root public key KRp of the initial root certificate Cert_KRp stored in the root certificate storage unit 71. By this decoding, decoded data “KRp ⁇ KRs (hash (KRp_new))” is obtained.
  • the verification unit 63 determines whether or not the calculated hash value hash (KRp_new) matches the decrypted data “KRp ⁇ KRs (hash (KRp_new))”. As a result of this determination, if they match, the verification of the new Root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” is successful, and if they do not match, the new Root certificate Cert_KRp_new “KRp_new, KRs (hash ( KRp_new)) "is unsuccessful.
  • the root certificate storage unit 71 sets the new root certificate Cert_KRp_new “KRp_new, KRs (hash) (KRp_new)”.
  • the root secret key storage unit 72 stores the new root secret key KRs_new.
  • the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” stored in the root certificate storage unit 71 and the new root secret key KRs_new stored in the root secret key storage unit 72 are paired. Set the association information indicating. Thereafter, the process of FIG. 8 is terminated.
  • the control unit 51 may execute predetermined error processing.
  • the root certificate Cert_KRp is referred to as the old root certificate Cert_KRp_old
  • the root public key KRp is referred to as the root certificate Cert_KRp.
  • the old Root public key KRp_old is called
  • the Root secret key KRs is called the old Root secret key KRs_old.
  • the root certificate Cert_KRp is referred to as a new root certificate Cert_KRp_new
  • the root public key KRp is referred to as a new root public key KRp_new
  • a Root secret key Is referred to as a new root secret key KRs_new.
  • the first ECU 50 which is one of the ECUs 50 provided in the automobile 1, will be described as an example, but the same applies to the other ECUs 50.
  • Step S31 In the secure element 20 of the management apparatus 10, the key generation unit 21 generates a pair of a new root public key KRp_new and a new root secret key KRs_new. Further, the key generation unit 21 generates a new root certificate Cert_KRp_new which is a certificate of the generated new root public key KRp_new.
  • the new root certificate Cert_KRp_new is composed of a new root public key KRp_new and an electronic signature of the new root public key KRp_new.
  • the electronic signature of the new root public key KRp_new is encrypted data resulting from encrypting the hash value of the new root public key KRp_new with the old root private key KRs_old.
  • the key generation unit 21 In generating the new root certificate Cert_KRp_new, the key generation unit 21 first calculates a hash value hash (KRp_new) of the new root public key KRp_new. Next, the encryption processing unit 24 encrypts the hash value hash (KRp_new) calculated by the key generation unit 21 with the old Root secret key KRs_old stored in the Root secret key storage unit 32. This encrypted data KRs_old (hash (KRp_new)) is an electronic signature of the new Root public key KRp_new.
  • the key generation unit 21 creates a new Root certificate Cert_KRp_new “KRp_new, KRs_old (hash)” from the new Root public key KRp_new and the electronic signature KRs_old (hash (KRp_new)) of the new Root public key KRp_new (KRp_new) .
  • the root certificate storage unit 31 stores the new root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” generated by the key generation unit 21.
  • the root secret key storage unit 32 stores the new root secret key KRs_new generated by the key generation unit 21. Also, the new Root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” stored in the Root certificate storage unit 31 and the new Root secret key KRs_new stored in the Root secret key storage unit 32 are a pair. Set the association information indicating.
  • Step S32 Sending the encryption path key
  • the key generation unit 21 In the secure element 20 of the management apparatus 10, the key generation unit 21 generates the encryption path key Kc.
  • the cryptographic processing unit 24 acquires the C public key KC1p from the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” stored in the C public key certificate storage unit 35.
  • the encryption processing unit 24 encrypts the encryption path key Kc generated by the key generation unit 21 with the acquired C public key KC1p.
  • the encrypted data KC1p (Kc) is encryption path key transmission data.
  • the secure element 20 of the management apparatus 10 transmits the encryption path key transmission data KC1p (Kc) to the secure element 60 of the first ECU 50 through the CAN interface 12.
  • the secure element 60 of the first ECU 50 receives the encryption path key transmission data KC1p (Kc) from the secure element 20 of the management apparatus 10 through the CAN interface 52.
  • the encryption processing unit 64 stores the encryption path key transmission data KC 1 p (Kc) received from the secure element 20 of the management device 10 in the C secret key storage unit 74. Decrypt with key KC1s. By this decoding, decoded data “KC1s ⁇ KC1p (Kc)” is obtained. If the encryption path key sending data KC1p (Kc) is successfully decrypted, the decrypted data “KC1s ⁇ KC1p (Kc)” is the encryption path key Kc.
  • the encryption path key transmission data KC1p (Kc) has been successfully decrypted and the encryption path key Kc is obtained.
  • Step S33 Sending a New Root Private Key and New Root Certificate
  • the encryption processing unit 24 uses the encryption path key Kc generated by the key generation unit 21 in the above step S32.
  • the new root secret key KRs_new and the new root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” are encrypted.
  • encrypted data Kc KRs_new, “KRp_new, KRs_old (hash (KRp_new))
  • the secure element 20 of the management device 10 transmits the encrypted data Kc (KRs_new, “KRp_new, KRs_old (hash (KRp_new))”) to the secure element 60 of the first ECU 50 via the CAN interface 12.
  • Step S34 The secure element 60 of the first ECU 50 receives the encrypted data Kc (KRs_new, “KRp_new, KRs_old (hash (KRp_new))”) from the secure element 20 of the management apparatus 10 through the CAN interface 52. .
  • the encryption processing unit 64 receives the encrypted data Kc (KRs_new, “KRp_new, KRs_old (hash (KRp_new))”) received from the secure element 20 of the management apparatus 10 in the above steps.
  • decryption is performed with the encryption path key Kc obtained by decrypting the transmission data KC1p (Kc) of the encryption path key.
  • decrypted data “Kc ⁇ Kc (KRs_new,“ KRp_new, KRs_old (hash (KRp_new)) ”)” is obtained. If the decryption of the encrypted data Kc (KRs_new, “KRp_new, KRs_old (hash (KRp_new))”) is successful, the decrypted data “Kc ⁇ Kc (KRs_new,“ KRp_new, KRs_old (hash (KRp_new)) ”).
  • a new root secret key KRs_new and a new root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” are obtained.
  • the decryption of the encrypted data Kc (KRs_new, “KRp_new, KRs_old (hash (KRp_new))”) succeeds, and the new Root secret key KRs_new and the new Root certificate Cert_KRp_new (KRp_new, HRs_oldK_rKold_p) ) "Is obtained.
  • the verification unit 63 verifies the obtained new root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))”.
  • the verification unit 63 In the verification of the new Root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))”, the verification unit 63 first obtains the new Root certificate Cert_KRp_new “KRp_new, KRs_old (new from the hash (KRp_New) key”). Then, the hash value hash (KRp_new) of the acquired new Root public key KRp_new is calculated.
  • the verification unit 63 acquires the electronic signature KRs_old (hash (KRp_new)) from the new Root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))”, and acquires the acquired electronic signature KRs_old (hash (KRp_new)).
  • Decryption is performed with the old Root public key KRp_old of the old Root certificate Cert_KRp_old stored in the Root certificate storage unit 71. By this decryption, decrypted data “KRp_old ⁇ KRs_old (hash (KRp_new))” is obtained.
  • the verification unit 63 determines whether or not the calculated hash value hash (KRp_new) matches the decrypted data “KRp_old ⁇ KRs_old (hash (KRp_new))”. As a result of this determination, if they match, the verification of the new Root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” is successful, and if they do not match, the new Root certificate Cert_KRp_new “KRp_new, HRs_old (hs KRp_new)) "is unsuccessful.
  • the Root certificate storage unit 71 sets the new Root certificate Cert_KRp_new “KRp_new, KRs_old (p)”
  • the root secret key storage unit 72 stores the new root secret key KRs_new.
  • the new Root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” stored in the Root certificate storage unit 71 and the new Root secret key KRs_new stored in the Root secret key storage unit 72 are a pair. Set the association information indicating. Thereafter, the process of FIG. 9 is terminated.
  • the control unit 51 may execute a predetermined error process.
  • the root certificate and the root private key pair can be updated by being closed inside the automobile 1. Therefore, by periodically updating the pair of the root certificate and the root private key, the reliability of the pair of the root certificate and the root private key can be improved, so that the automobile 1 can be used without using a general PKI.
  • the security at the time of realizing the public key cryptosystem closed inside is improved. For example, when the pair of the initial root certificate Cert_KRp and the initial root secret key KRs is continuously used without being updated, even if the secure element has tamper resistance, the initial root certificate Cert_KRp and the initial root are obtained as a result of the leakage electromagnetic wave analysis. The possibility of leakage of the secret key KRs pair cannot be denied.
  • the use of the pair of the initial root certificate Cert_KRp and the initial root secret key KRs may be limited to a predetermined number of times (for example, only once).
  • the pair of the root certificate and the root secret key is preferably different for each automobile 1.
  • the pair of the root certificate and the root secret key can be updated by being closed inside the automobile 1, so that the pair of the initial root certificate Cert_KRp and the initial root secret key KRs is Even if it is common to each automobile 1, the pair of the root certificate and the root secret key of each automobile 1 can be made different by updating the pair of the root certificate and the root secret key.
  • FIG. 10 is a diagram illustrating a management system according to the second embodiment. 10, parts corresponding to those in FIG. 1 are given the same reference numerals, and descriptions thereof are omitted. 10, the management system includes a management device 10a and a management server device 80.
  • the management device 10a is provided in the automobile 1.
  • the management server device 80 is provided in a communication carrier of the wireless communication network 2.
  • the management device 10a includes a SIM_20a.
  • SIM_20a is a SIM in which subscriber information of the wireless communication network 2 is written. Therefore, the management apparatus 10a can use the wireless communication network 2 by using SIM_20a.
  • the management device 10a connects to the wireless communication network 2 through the wireless communication line 3 established using SIM_20a.
  • SIM_20a is a secure element.
  • the management server device 80 is connected to the wireless communication network 2 through the communication line 4 of the communication carrier of the wireless communication network 2.
  • the management device 10a and the management server device 80 communicate via the wireless communication network 2.
  • a dedicated line is established between the management apparatus 10a and the management server apparatus 80 via the wireless communication network 2, and the management apparatus 10a and the management server apparatus 80 transmit and receive data via the dedicated line. Good.
  • the management device 10 a is connected to the control in-vehicle network 40.
  • the in-vehicle network for control 40 is a CAN.
  • Various ECUs 50 are connected to the control in-vehicle network 40.
  • the management device 10a exchanges data with each ECU 50 via the control in-vehicle network 40.
  • FIG. 11 is a configuration diagram showing the management apparatus 10a according to the second embodiment.
  • the management device 10a includes a control unit 11, a CAN interface 12, a wireless communication unit 13, and SIM_20a. Each of these units is configured to exchange data.
  • the SIM_20a includes a key generation unit 21, a key storage unit 22, a verification unit 23, and an encryption processing unit 24. Also in the second embodiment, the configuration of the key storage unit 22 is the same as the configuration shown in FIG.
  • SIM_20a is a secure element and has tamper resistance.
  • eSIM may be used instead of SIM_20a.
  • SIM and eSIM are a kind of computer, and a desired function is realized by a computer program.
  • the wireless communication unit 13 transmits and receives data by wireless communication.
  • SIM_20a is a SIM in which subscriber information of the wireless communication network 2 is written. Therefore, the wireless communication unit 13 connects to the wireless communication network 2 via the wireless communication line 3 by using SIM_20a.
  • SIM_20a implements the same function as the secure element 20 shown in FIG. Thereby, the management method of the first embodiment described with reference to FIGS. 6 to 9 is realized.
  • the SIM_20a exchanges data with the management server device 80 via the wireless communication network 2 by the wireless communication unit 13.
  • the management server device 80 transmits a pair of a root certificate and a root secret key to the SIM_20a.
  • a dedicated line is established between the management device 10a and the management server device 80 via the wireless communication network 2 and established. It is preferable to send and receive data via a dedicated line.
  • SIM_20a stores the root certificate received from the management server device 80 in the root certificate storage unit 31.
  • the SIM_20a stores the Root secret key received from the management server device 80 in the Root secret key storage unit 32.
  • a pair of a root certificate and a root private key can be transmitted from the management server device 80 to the automobile 1 by wireless communication. Thereby, the pair of the Root certificate and the Root private key held in the automobile 1 can be updated from the management server device 80.
  • the management apparatus 10a cannot communicate with the management server apparatus 80 via the wireless communication network 2 because the radio wave of the wireless communication network 2 does not reach or the like, a new root is given to the automobile 1 as necessary.
  • the management apparatus 10a that holds a pair of a certificate and a root private key and the ECU 50 may be exchanged.
  • HSM Hardware Security Module
  • TPM Trusted Platform Module
  • HSM or TPM may be used for the secure element 20 of the management apparatus 10 and the secure element 60 of the ECU 50.
  • SIM or eSIM may be used for the secure elements 20 and 20a of the management devices 10 and 10a and the secure element 60 of the ECU 50.
  • SIM or eSIM may be used as the secure elements 20 and 20a of the management devices 10 and 10a
  • HSM or TPM may be used as the secure element 60 of the ECU 50.
  • any ECU 50 provided in the automobile 1 may function as the management device 10 or the management device 10a.
  • an automobile is given as an example of a vehicle
  • the present invention can also be applied to other vehicles such as a motorbike and a railway vehicle.
  • a computer program for realizing each step of the management method executed by the management device 10, the management device 10a, or the ECU 50 described above is recorded on a computer-readable recording medium, and the program recorded on the recording medium is stored in the computer. It may be read by the system and executed.
  • the “computer system” may include an OS and hardware such as peripheral devices.
  • “Computer-readable recording medium” refers to a flexible disk, a magneto-optical disk, a ROM, a writable nonvolatile memory such as a flash memory, a portable medium such as a DVD (Digital Versatile Disk), and a built-in computer system.
  • a storage device such as a hard disk.
  • the “computer-readable recording medium” means a volatile memory (for example, DRAM (Dynamic DRAM) in a computer system that becomes a server or a client when a program is transmitted through a network such as the Internet or a communication line such as a telephone line. Random Access Memory)), etc., which hold programs for a certain period of time.
  • the program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium.
  • the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.
  • the program may be for realizing a part of the functions described above. Furthermore, what can implement
  • the present invention may be applied to a management system, a vehicle, a management device, an in-vehicle computer, a management method, and a computer program.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Storage Device Security (AREA)

Abstract

This management system is provided with a vehicle-related management device and a vehicle-mounted computer, the management device and the vehicle-mounted computer communicating with one another by way of a communication network provided in a vehicle. The management device and the vehicle-mounted computer are provided in common with a key storage unit which stores a root private key and a root certificate, which is a public key certificate of a root public key forming a pair with the root private key. The management system uses the pair comprising the root certificate and the root private key stored in the key storage unit to issue a public key certificate to be used in a public key encryption scheme.

Description

管理システム、車両、管理装置、車載コンピュータ、管理方法、及びコンピュータプログラムManagement system, vehicle, management device, in-vehicle computer, management method, and computer program
 本発明は、管理システム、車両、管理装置、車載コンピュータ、管理方法、及びコンピュータプログラムに関する。
 本願は、2015年6月22日に、日本に出願された特願2015-124781号に基づき優先権を主張し、その内容をここに援用する。 The present invention relates to a management system, a vehicle, a management device, an in-vehicle computer, a management method, and a computer program.
This application claims priority on June 22, 2015 based on Japanese Patent Application No. 2015-124781 for which it applied to Japan, and uses the content here.
 近年、自動車は、ECU(Electronic Control Unit)を有し、ECUによってエンジン制御等の機能を実現する。ECUは、コンピュータの一種であり、コンピュータプログラムによって所望の機能を実現する。既に使用されている自動車について、ECUのコンピュータプログラムの更新は、通常、自動車の検査時や定期点検時などに、一般の自動車整備工場で行われる。 In recent years, automobiles have an ECU (Electronic Control Unit) and realize functions such as engine control by the ECU. The ECU is a kind of computer and realizes a desired function by a computer program. For an automobile that is already in use, the ECU computer program is usually updated at a general automobile maintenance shop during an automobile inspection or a periodic inspection.
 従来、ECUのコンピュータプログラムの更新では、作業者が、自動車のOBD(On-board Diagnostics)ポートと呼ばれる診断ポートにメンテナンス専用の診断端末を接続し、該診断端末から更新プログラムのインストール及びデータの設定変更などを行う。これに関し例えば非特許文献1、2にはセキュリティについて記載されている。 Conventionally, in updating an ECU computer program, an operator connects a diagnostic terminal dedicated for maintenance to a diagnostic port called an OBD (On-board Diagnostics) port of an automobile, and installs an update program and sets data from the diagnostic terminal. Make changes. In this regard, for example, Non-Patent Documents 1 and 2 describe security.
 上述した非特許文献1、2では、セキュリティの向上を実現する手段については記載されない。このため、自動車等の車両に備わるECU等の車載コンピュータに使用されるコンピュータプログラム等のデータの適用についての信頼性を向上させることが望まれる。
 例えば、ECUが起動した後に、ECUが保持する鍵を使用してデータの交換相手を相互認証することによって、車載コンピュータシステムの防御能力を向上させることが考えられる。また、例えば、ECUが保持する鍵を使用して、ECU間で交換するデータの正当性を検証することが考えられる。また、例えば、ECUに使用されるコンピュータプログラム等のデータに電子署名を付して自動車の管理装置へ配布し、管理装置が保持する鍵を使用して、配布されたデータの電子署名を検証することにより、ECUに使用されるコンピュータプログラム等のデータを検査することが考えられる。ここで、自動車に保持される鍵の管理や更新をどのようにして実現するのかが、鍵の保安上の課題である。 In the non-patent documents 1 and 2 described above, means for realizing improvement in security is not described. For this reason, it is desired to improve the reliability of application of data such as a computer program used in an in-vehicle computer such as an ECU provided in a vehicle such as an automobile.
For example, after the ECU is activated, it is conceivable to improve the defense capability of the in-vehicle computer system by mutually authenticating the data exchange partner using a key held by the ECU. For example, it is conceivable to verify the validity of data exchanged between ECUs using a key held by the ECU. In addition, for example, an electronic signature is attached to data such as a computer program used in the ECU and distributed to the vehicle management device, and the electronic signature of the distributed data is verified using a key held by the management device. Thus, it is conceivable to inspect data such as a computer program used in the ECU. Here, how to realize the management and update of the key held in the automobile is a key security issue.
 本発明は、このような事情を考慮してなされたものであり、自動車等の車両に保持される鍵の管理や更新に寄与できる、管理システム、車両、管理装置、車載コンピュータ、管理方法、及びコンピュータプログラムを提供することを課題とする。 The present invention has been made in view of such circumstances, and can contribute to management and update of a key held in a vehicle such as an automobile, a management system, a vehicle, a management device, an in-vehicle computer, a management method, and It is an object to provide a computer program.
 (1):本発明の一態様は、車両に備わる管理装置と車載コンピュータを備え、前記管理装置と前記車載コンピュータとが前記車両に備わる通信ネットワークを介して通信する管理システムであって、前記管理装置と前記車載コンピュータとが、Root秘密鍵と前記Root秘密鍵のペアのRoot公開鍵の公開鍵証明書であるRoot証明書とを記憶する鍵記憶部を、共通して備え、前記鍵記憶部に記憶されるRoot証明書とRoot秘密鍵のペアを使用して、公開鍵暗号方式に使用される公開鍵証明書を発行する。
 (2):本発明の一態様は、上記(1)の管理システムであって、前記管理装置は、公開鍵と秘密鍵のペアを生成する鍵生成部と、前記管理装置の鍵記憶部に記憶されるRoot秘密鍵を使用して、前記鍵生成部により生成された公開鍵の電子署名を生成する暗号処理部と、を備え、前記鍵生成部により生成された公開鍵と前記暗号処理部により生成された電子署名とから構成される公開鍵証明書を前記車載コンピュータへ送信し、前記車載コンピュータは、前記管理装置から受信した公開鍵証明書を、前記車載コンピュータの鍵記憶部に記憶されるRoot証明書を使用して検証する検証部を備えていてもよい。
 (3):本発明の一態様は、上記(2)の管理システムであって、前記車載コンピュータは、公開鍵と秘密鍵のペアを生成する鍵生成部と、前記車載コンピュータの鍵記憶部に記憶されるRoot秘密鍵を使用して、前記車載コンピュータの鍵生成部により生成された公開鍵の電子署名を生成する暗号処理部と、を備え、前記車載コンピュータの鍵生成部により生成された公開鍵と前記車載コンピュータの暗号処理部により生成された電子署名とから構成される公開鍵証明書を前記管理装置へ送信し、前記管理装置は、前記車載コンピュータから受信した公開鍵証明書を、前記管理装置の鍵記憶部に記憶されるRoot証明書を使用して検証する検証部を備えていてもよい。
 (4):本発明の一態様は、上記(3)の管理システムであって、前記管理装置の鍵生成部は鍵を生成し、前記管理装置の暗号処理部は、前記車載コンピュータへ送信した公開鍵証明書の公開鍵とペアの秘密鍵を使用して、前記管理装置の鍵生成部により生成された鍵の電子署名を生成し、当該鍵と当該電子署名とから構成される鍵証明書を前記車載コンピュータから受信した公開鍵証明書の公開鍵で暗号化し、前記管理装置は前記鍵証明書の暗号化データを前記車載コンピュータへ送信し、前記車載コンピュータの暗号処理部は、前記管理装置から受信した鍵証明書の暗号化データを、前記管理装置へ送信した公開鍵証明書の公開鍵とペアの秘密鍵で復号化し、前記車載コンピュータの検証部は、前記鍵証明書の暗号化データの復号化データを、前記管理装置から受信した公開鍵証明書の公開鍵を使用して検証してもよい。
 (5):本発明の一態様は、上記(1)から(4)のいずれかの管理システムであって、前記管理装置の鍵生成部は、新Root公開鍵と新Root秘密鍵のペアを生成し、前記管理装置の暗号処理部は、前記管理装置の鍵記憶部に記憶されるRoot秘密鍵を使用して前記新Root公開鍵の電子署名を生成し、前記管理装置の鍵記憶部は、前記新Root秘密鍵と、前記新Root公開鍵と当該新Root公開鍵の電子署名とから構成される公開鍵証明書である新Root証明書とを記憶し、前記管理装置は、前記新Root秘密鍵と前記新Root証明書を、前記車載コンピュータとの間で共有する暗号路鍵で暗号化して前記車載コンピュータへ送信し、前記車載コンピュータは、前記管理装置から受信した前記新Root秘密鍵と前記新Root証明書の暗号化データを前記暗号路鍵で復号化し、前記車載コンピュータの検証部は、復号化された前記新Root証明書を、前記車載コンピュータの鍵記憶部に記憶されるRoot証明書を使用して検証し、前記車載コンピュータの鍵記憶部は、前記新Root証明書の検証が成功である場合に、前記新Root秘密鍵と前記新Root証明書を記憶してもよい。 (1): One aspect of the present invention is a management system including a management device provided in a vehicle and an in-vehicle computer, wherein the management device and the in-vehicle computer communicate via a communication network provided in the vehicle. The key storage unit includes a key storage unit that stores a root certificate that is a public key certificate of a root public key of a root private key and a root public key of the root private key pair. The public key certificate used for the public key cryptosystem is issued using the pair of the root certificate and the root private key stored in the public key.
(2): One aspect of the present invention is the management system according to (1), wherein the management device includes a key generation unit that generates a public / private key pair and a key storage unit of the management device. An encryption processing unit that generates an electronic signature of the public key generated by the key generation unit using a stored Root private key, and the public key generated by the key generation unit and the encryption processing unit The public key certificate composed of the electronic signature generated by the computer is transmitted to the in-vehicle computer, and the in-vehicle computer stores the public key certificate received from the management device in the key storage unit of the in-vehicle computer. A verification unit that verifies using a root certificate may be provided.
(3): One aspect of the present invention is the management system according to (2), wherein the in-vehicle computer includes a key generation unit that generates a public key and private key pair, and a key storage unit of the in-vehicle computer. An encryption processing unit that generates an electronic signature of a public key generated by the key generation unit of the in-vehicle computer using a stored Root private key, and the public generated by the key generation unit of the in-vehicle computer A public key certificate composed of a key and an electronic signature generated by an encryption processing unit of the in-vehicle computer is transmitted to the management device, and the management device receives the public key certificate received from the in-vehicle computer, You may provide the verification part verified using the Root certificate memorize | stored in the key memory | storage part of a management apparatus.
(4): One aspect of the present invention is the management system according to (3) above, wherein the key generation unit of the management device generates a key, and the encryption processing unit of the management device transmits the key to the in-vehicle computer Using the private key paired with the public key of the public key certificate, an electronic signature of the key generated by the key generation unit of the management apparatus is generated, and the key certificate configured by the key and the electronic signature Is encrypted with the public key of the public key certificate received from the in-vehicle computer, the management device transmits the encrypted data of the key certificate to the in-vehicle computer, and the encryption processing unit of the in-vehicle computer includes the management device Decrypting the encrypted data of the key certificate received from the private key with the public key of the public key certificate transmitted to the management device, and the verification unit of the in-vehicle computer uses the encrypted data of the key certificate Decryption data A, it may be verified using the public key of the public key certificate received from the management device.
(5): One aspect of the present invention is the management system according to any one of (1) to (4), wherein the key generation unit of the management device sets a pair of a new Root public key and a new Root secret key. The encryption processing unit of the management device generates an electronic signature of the new Root public key using a Root private key stored in the key storage unit of the management device, and the key storage unit of the management device , Storing a new Root private key, a new Root certificate that is a public key certificate composed of the new Root public key and an electronic signature of the new Root public key, and the management device stores the new Root private key The private key and the new root certificate are encrypted with an encryption path key shared with the in-vehicle computer and transmitted to the in-vehicle computer, and the in-vehicle computer receives the new root private key received from the management device. in front The encrypted data of the new root certificate is decrypted with the encryption path key, and the verification unit of the in-vehicle computer stores the decrypted new root certificate in the key storage unit of the in-vehicle computer. The key storage unit of the in-vehicle computer may store the new root private key and the new root certificate when the verification of the new root certificate is successful.
 (6):本発明の一態様は、上記(1)から(5)のいずれかの管理システムを備える車両である。 (6): One aspect of the present invention is a vehicle including the management system according to any one of (1) to (5) above.
 (7):本発明の一態様は、車両に備わる通信ネットワークを介して前記車両に備わる車載コンピュータと通信する前記車両に備わる管理装置であって、Root秘密鍵と前記Root秘密鍵のペアのRoot公開鍵の公開鍵証明書であるRoot証明書とを記憶する鍵記憶部を、前記車載コンピュータと共通して備え、前記鍵記憶部に記憶されるRoot証明書とRoot秘密鍵のペアを使用して、公開鍵暗号方式に使用される公開鍵証明書を発行する。 (7): One aspect of the present invention is a management device provided in the vehicle that communicates with an in-vehicle computer provided in the vehicle via a communication network provided in the vehicle, and includes a root of a pair of a root secret key and the root secret key A key storage unit that stores a root certificate that is a public key certificate of a public key is provided in common with the in-vehicle computer, and a pair of a root certificate and a root private key stored in the key storage unit is used. Issue a public key certificate used for public key cryptography.
 (8):本発明の一態様は、車両に備わる通信ネットワークを介して前記車両に備わる管理装置と通信する前記車両に備わる車載コンピュータであって、Root秘密鍵と前記Root秘密鍵のペアのRoot公開鍵の公開鍵証明書であるRoot証明書とを記憶する鍵記憶部を、前記管理装置と共通して備え、前記鍵記憶部に記憶されるRoot証明書とRoot秘密鍵のペアを使用して、公開鍵暗号方式に使用される公開鍵証明書を発行する。 (8): One aspect of the present invention is an in-vehicle computer provided in the vehicle that communicates with a management device provided in the vehicle via a communication network provided in the vehicle, wherein a root of a pair of a root secret key and the root secret key A key storage unit that stores a Root certificate that is a public key certificate of a public key is provided in common with the management device, and a pair of a Root certificate and a Root private key stored in the key storage unit is used. Issue a public key certificate used for public key cryptography.
 (9):本発明の一態様は、車両に備わる管理装置と車載コンピュータを備え、前記管理装置と前記車載コンピュータとが前記車両に備わる通信ネットワークを介して通信する管理システムの管理方法であって、前記管理装置と前記車載コンピュータとが、Root秘密鍵と前記Root秘密鍵のペアのRoot公開鍵の公開鍵証明書であるRoot証明書とを、共通して各々の鍵記憶部に記憶するステップと、前記鍵記憶部に記憶されるRoot証明書とRoot秘密鍵のペアを使用して、公開鍵暗号方式に使用される公開鍵証明書を発行するステップと、を含む。 (9): One aspect of the present invention is a management system management method including a management device and an in-vehicle computer provided in a vehicle, wherein the management device and the in-vehicle computer communicate via a communication network provided in the vehicle. The management device and the in-vehicle computer store a Root secret key and a Root certificate that is a public key certificate of a Root public key of a pair of the Root secret key in each key storage unit in common. And issuing a public key certificate used for public key cryptography using a pair of a root certificate and a root secret key stored in the key storage unit.
 (10):本発明の一態様は、車両に備わる通信ネットワークを介して前記車両に備わる車載コンピュータと通信する前記車両に備わる管理装置のコンピュータに、Root秘密鍵と前記Root秘密鍵のペアのRoot公開鍵の公開鍵証明書であるRoot証明書とを、前記車載コンピュータと共通して鍵記憶部に記憶するステップと、前記鍵記憶部に記憶されるRoot証明書とRoot秘密鍵のペアを使用して、公開鍵暗号方式に使用される公開鍵証明書を発行するステップと、を実行させるためのコンピュータプログラムである。 (10): According to one aspect of the present invention, a root of a pair of a root secret key and a root secret key is transmitted to a computer of a management device provided in the vehicle that communicates with an in-vehicle computer provided in the vehicle via a communication network provided in the vehicle. Storing a Root certificate that is a public key certificate of a public key in a key storage unit in common with the in-vehicle computer, and using a pair of a Root certificate and a Root private key stored in the key storage unit And a step of issuing a public key certificate used in the public key cryptosystem.
 (11):本発明の一態様は、車両に備わる通信ネットワークを介して前記車両に備わる管理装置と通信する前記車両に備わる車載コンピュータに、Root秘密鍵と前記Root秘密鍵のペアのRoot公開鍵の公開鍵証明書であるRoot証明書とを、前記管理装置と共通して鍵記憶部に記憶するステップと、前記鍵記憶部に記憶されるRoot証明書とRoot秘密鍵のペアを使用して、公開鍵暗号方式に使用される公開鍵証明書を発行するステップと、を実行させるためのコンピュータプログラムである。 (11): One aspect of the present invention is that an in-vehicle computer provided in the vehicle that communicates with a management device provided in the vehicle via a communication network provided in the vehicle has a Root public key that is a pair of a Root secret key and the Root secret key. A root certificate, which is a public key certificate of the same, is stored in the key storage unit in common with the management device, and a pair of the root certificate and the root private key stored in the key storage unit is used. And a step of issuing a public key certificate used for a public key cryptosystem.
 本発明によれば、自動車等の車両に保持される鍵の管理や更新に寄与できるという効果が得られる。 According to the present invention, there is an effect that it is possible to contribute to management and update of a key held in a vehicle such as an automobile.
第1実施形態に係る自動車を示す図である。It is a figure which shows the motor vehicle which concerns on 1st Embodiment. 第1実施形態に係る管理装置を示す構成図である。It is a block diagram which shows the management apparatus which concerns on 1st Embodiment. 図2に示す鍵記憶部の構成を示す図である。It is a figure which shows the structure of the key memory | storage part shown in FIG. 第1実施形態に係るECUを示す構成図である。It is a block diagram which shows ECU which concerns on 1st Embodiment. 図4に示す鍵記憶部の構成を示す図である。It is a figure which shows the structure of the key memory | storage part shown in FIG. 第1の実施形態に係る管理方法のシーケンスチャートである。It is a sequence chart of the management method concerning a 1st embodiment. 第1の実施形態に係る管理方法のシーケンスチャートである。It is a sequence chart of the management method concerning a 1st embodiment. 第1の実施形態に係る管理方法のシーケンスチャートである。It is a sequence chart of the management method concerning a 1st embodiment. 第1の実施形態に係る管理方法のシーケンスチャートである。It is a sequence chart of the management method concerning a 1st embodiment. 第2実施形態に係る管理システムを示す図である。It is a figure which shows the management system which concerns on 2nd Embodiment. 第2実施形態に係る管理装置を示す構成図である。It is a block diagram which shows the management apparatus which concerns on 2nd Embodiment.
 以下、図面を参照し、本発明の実施形態について説明する。なお、以下に示す実施形態では、車両として自動車を例に挙げて説明する。 Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the following embodiment, a vehicle will be described as an example of a vehicle.
[第1実施形態]
 図1は、第1実施形態に係る自動車1を示す図である。図1において、自動車1は管理装置10とECU50を備える。管理装置10は制御用車載ネットワーク40に接続される。制御用車載ネットワーク40として、例えばCAN(Controller Area Network)が使用される。CANは車両に搭載される通信ネットワークの一つとして知られている。本実施形態では、制御用車載ネットワーク40はCANである。制御用車載ネットワーク40には、各種のECU50が接続される。ECU50は、自動車1に備わる車載コンピュータである。ECU50は、例えば、駆動系ECU、車体系ECU、安全制御系ECUなどである。管理装置10は、制御用車載ネットワーク40を介して、各ECU50との間でデータを交換する。ECU50は、制御用車載ネットワーク40を介して、他のECU50との間でデータを交換する。 [First Embodiment]
FIG. 1 is a diagram illustrating an automobile 1 according to the first embodiment. In FIG. 1, the automobile 1 includes a management device 10 and an ECU 50. The management device 10 is connected to the control in-vehicle network 40. For example, a CAN (Controller Area Network) is used as the in-vehicle network 40 for control. CAN is known as one of communication networks mounted on vehicles. In the present embodiment, the in-vehicle network for control 40 is a CAN. Various ECUs 50 are connected to the control in-vehicle network 40. The ECU 50 is an in-vehicle computer provided in the automobile 1. The ECU 50 is, for example, a drive system ECU, a vehicle body system ECU, a safety control system ECU, or the like. The management device 10 exchanges data with each ECU 50 via the control in-vehicle network 40. The ECU 50 exchanges data with other ECUs 50 via the control in-vehicle network 40.
 管理装置10はセキュアエレメント20を備える。ECU50はセキュアエレメント60を備える。 The management device 10 includes a secure element 20. The ECU 50 includes a secure element 60.
 図2は、第1実施形態に係る管理装置10を示す構成図である。図2において、管理装置10は、制御部11とCANインタフェース12とセキュアエレメント20を備える。
 これら各部はデータを交換できるように構成される。セキュアエレメント20は、鍵生成部21と鍵記憶部22と検証部23と暗号処理部24を備える。 FIG. 2 is a configuration diagram illustrating the management apparatus 10 according to the first embodiment. In FIG. 2, the management apparatus 10 includes a control unit 11, a CAN interface 12, and a secure element 20.
Each of these units is configured to exchange data. The secure element 20 includes a key generation unit 21, a key storage unit 22, a verification unit 23, and an encryption processing unit 24.
 制御部11は管理装置10の制御機能を有する。CANインタフェース12は、ECU50と通信する通信部である。CANインタフェース12は、制御用車載ネットワーク40と接続し、制御用車載ネットワーク40を介して各ECU50とデータを交換する。セキュアエレメント20は耐タンパー性(Tamper Resistant)を有する。 The control unit 11 has a control function of the management device 10. The CAN interface 12 is a communication unit that communicates with the ECU 50. The CAN interface 12 is connected to the control in-vehicle network 40 and exchanges data with each ECU 50 via the control in-vehicle network 40. The secure element 20 has tamper resistance.
 セキュアエレメント20において、鍵生成部21は鍵を生成する。鍵記憶部22は鍵を記憶する。検証部23は、データの交換についての検証を行う。暗号処理部24は、データの暗号化と暗号化データの復号化とを行う。 In the secure element 20, the key generation unit 21 generates a key. The key storage unit 22 stores a key. The verification unit 23 verifies data exchange. The encryption processing unit 24 encrypts data and decrypts encrypted data.
 図3は、図2に示す鍵記憶部22の構成を示す図である。図3において、鍵記憶部22は、Root証明書記憶部31とRoot秘密鍵記憶部32とS公開鍵証明書記憶部33とS秘密鍵記憶部34とC公開鍵証明書記憶部35とMAC鍵記憶部36を備える。 FIG. 3 is a diagram showing the configuration of the key storage unit 22 shown in FIG. 3, the key storage unit 22 includes a root certificate storage unit 31, a root private key storage unit 32, an S public key certificate storage unit 33, an S private key storage unit 34, a C public key certificate storage unit 35, and a MAC. A key storage unit 36 is provided.
 Root証明書記憶部31はRoot証明書Cert_KRpを記憶する。Root秘密鍵記憶部32はRoot秘密鍵KRsを記憶する。Root証明書Cert_KRpは公開鍵の証明書である。Root証明書Cert_KRpが証明する公開鍵はRoot公開鍵KRpである。Root秘密鍵KRsは、Root公開鍵KRpとペアの秘密鍵である。Root証明書Cert_KRpとRoot秘密鍵KRsとは、例えば管理装置10の製造時などに、安全にセキュアエレメント20に書き込まれる。セキュアエレメント20に書き込まれたRoot証明書Cert_KRpは、Root証明書記憶部31に記憶される。セキュアエレメント20に書き込まれたRoot秘密鍵KRsは、Root秘密鍵記憶部32に記憶される。Root証明書Cert_KRp及びRoot秘密鍵KRsについては、平文のままでセキュアエレメント20から外部に出力させないように管理し秘匿することが好ましい。 The root certificate storage unit 31 stores a root certificate Cert_KRp. The root secret key storage unit 32 stores the root secret key KRs. The root certificate Cert_KRp is a public key certificate. The public key certified by the root certificate Cert_KRp is the root public key KRp. The root secret key KRs is a secret key paired with the root public key KRp. The root certificate Cert_KRp and the root secret key KRs are safely written into the secure element 20 when the management apparatus 10 is manufactured, for example. The root certificate Cert_KRp written in the secure element 20 is stored in the root certificate storage unit 31. The root secret key KRs written in the secure element 20 is stored in the root secret key storage unit 32. The Root certificate Cert_KRp and the Root secret key KRs are preferably managed and concealed so that they remain in plain text and are not output from the secure element 20 to the outside.
 S公開鍵証明書記憶部33はS公開鍵証明書Cert_KSpを記憶する。S秘密鍵記憶部34はS秘密鍵KSsを記憶する。S公開鍵証明書KSpは公開鍵の証明書である。
 S公開鍵証明書Cert_KSpが証明する公開鍵はS公開鍵KSpである。S秘密鍵KSsは、S公開鍵KSpとペアの秘密鍵である。S公開鍵証明書Cert_KSpとS秘密鍵KSsとは鍵生成部21によって生成される。鍵生成部21によって生成されたS公開鍵証明書Cert_KSpは、S公開鍵証明書記憶部33に記憶される。鍵生成部21によって生成されたS秘密鍵KSsは、S秘密鍵記憶部34に記憶される。 The S public key certificate storage unit 33 stores the S public key certificate Cert_KSp. The S secret key storage unit 34 stores the S secret key KSs. The S public key certificate KSp is a public key certificate.
The public key proved by the S public key certificate Cert_KSp is the S public key KSp. The S secret key KSs is a secret key paired with the S public key KSp. The S public key certificate Cert_KSp and the S private key KSs are generated by the key generation unit 21. The S public key certificate Cert_KSp generated by the key generation unit 21 is stored in the S public key certificate storage unit 33. The S secret key KSs generated by the key generation unit 21 is stored in the S secret key storage unit 34.
 C公開鍵証明書記憶部35はC公開鍵証明書を記憶する。C公開鍵証明書は、ECU50毎に存在する。C公開鍵証明書記憶部35は、各ECU50のC公開鍵証明書を記憶する。あるECU50のC公開鍵証明書は、当該ECU50の公開鍵の証明書である。例えば、自動車1に備わるECU50のうちの一つである第1のECU50のC公開鍵証明書Cert_KC1pが証明する公開鍵はC公開鍵KC1pである。C公開鍵KC1pは、第1のECU50の公開鍵である。C公開鍵KC1pは、第1のECU50の秘密鍵であるC秘密鍵KC1sとペアである。各ECU50から受信されたC公開鍵証明書は、C公開鍵証明書記憶部35に記憶される。 The C public key certificate storage unit 35 stores the C public key certificate. The C public key certificate exists for each ECU 50. The C public key certificate storage unit 35 stores the C public key certificate of each ECU 50. A C public key certificate of an ECU 50 is a certificate of the public key of the ECU 50. For example, the public key certified by the C public key certificate Cert_KC1p of the first ECU 50 that is one of the ECUs 50 provided in the automobile 1 is the C public key KC1p. The C public key KC1p is a public key of the first ECU 50. The C public key KC1p is paired with a C secret key KC1s that is a secret key of the first ECU 50. The C public key certificate received from each ECU 50 is stored in the C public key certificate storage unit 35.
 MAC鍵記憶部36はMAC鍵Kmを記憶する。MAC鍵Kmは鍵生成部21によって生成される共通鍵である。鍵生成部21によって生成されたMAC鍵Kmは、MAC鍵記憶部36に記憶される。MAC鍵Kmは、例えば、ECU50間のデータ交換の際に使用される。 The MAC key storage unit 36 stores the MAC key Km. The MAC key Km is a common key generated by the key generation unit 21. The MAC key Km generated by the key generation unit 21 is stored in the MAC key storage unit 36. The MAC key Km is used when exchanging data between the ECUs 50, for example.
 図4は、第1実施形態に係るECU50を示す構成図である。図4において、ECU50は、制御部51とCANインタフェース52とセキュアエレメント60を備える。これら各部はデータを交換できるように構成される。セキュアエレメント60は、鍵生成部61と鍵記憶部62と検証部63と暗号処理部64を備える。 FIG. 4 is a configuration diagram showing the ECU 50 according to the first embodiment. In FIG. 4, the ECU 50 includes a control unit 51, a CAN interface 52, and a secure element 60. Each of these units is configured to exchange data. The secure element 60 includes a key generation unit 61, a key storage unit 62, a verification unit 63, and an encryption processing unit 64.
 制御部51は、ECU50に対応する所定の制御機能を備える。CANインタフェース52は、管理装置10や他のECU50と通信する通信部である。CANインタフェース52は、制御用車載ネットワーク40と接続し、制御用車載ネットワーク40を介して管理装置10や他のECU50とデータを交換する。セキュアエレメント60は耐タンパー性を有する。 The control unit 51 has a predetermined control function corresponding to the ECU 50. The CAN interface 52 is a communication unit that communicates with the management apparatus 10 and other ECUs 50. The CAN interface 52 is connected to the control in-vehicle network 40 and exchanges data with the management apparatus 10 and other ECUs 50 through the control in-vehicle network 40. The secure element 60 has tamper resistance.
 セキュアエレメント60において、鍵生成部61は鍵を生成する。鍵記憶部62は鍵を記憶する。検証部63は、データの交換についての検証を行う。暗号処理部64は、データの暗号化と暗号化データの復号化とを行う。 In the secure element 60, the key generation unit 61 generates a key. The key storage unit 62 stores a key. The verification unit 63 verifies the exchange of data. The encryption processing unit 64 performs data encryption and decryption of the encrypted data.
 図5は、図4に示す鍵記憶部62の構成を示す図である。図5において、鍵記憶部62は、Root証明書記憶部71とRoot秘密鍵記憶部72とC公開鍵証明書記憶部73とC秘密鍵記憶部74とS公開鍵証明書記憶部75とMAC鍵記憶部76を備える。 FIG. 5 is a diagram showing a configuration of the key storage unit 62 shown in FIG. In FIG. 5, a key storage unit 62 includes a root certificate storage unit 71, a root private key storage unit 72, a C public key certificate storage unit 73, a C private key storage unit 74, an S public key certificate storage unit 75, and a MAC. A key storage unit 76 is provided.
 Root証明書記憶部71は、管理装置10と同じRoot証明書Cert_KRpを記憶する。Root秘密鍵記憶部72は、管理装置10と同じRoot秘密鍵KRsを記憶する。したがって、管理装置10と各ECU50とは、同一のRoot証明書Cert_KRpとRoot秘密鍵KRsのペアを備える。Root証明書Cert_KRpとRoot秘密鍵KRsとは、例えばECU50の製造時などに、安全にセキュアエレメント60に書き込まれる。セキュアエレメント60に書き込まれたRoot証明書Cert_KRpは、Root証明書記憶部71に記憶される。セキュアエレメント60に書き込まれたRoot秘密鍵KRsは、Root秘密鍵記憶部72に記憶される。Root証明書Cert_KRp及びRoot秘密鍵KRsについては、平文のままでセキュアエレメント60から外部に出力させないように管理し秘匿することが好ましい。 The root certificate storage unit 71 stores the same root certificate Cert_KRp as that of the management apparatus 10. The root secret key storage unit 72 stores the same root secret key KRs as that of the management apparatus 10. Therefore, the management apparatus 10 and each ECU 50 include a pair of the same root certificate Cert_KRp and a root secret key KRs. The root certificate Cert_KRp and the root secret key KRs are safely written in the secure element 60 when the ECU 50 is manufactured, for example. The root certificate Cert_KRp written in the secure element 60 is stored in the root certificate storage unit 71. The root secret key KRs written to the secure element 60 is stored in the root secret key storage unit 72. The Root certificate Cert_KRp and the Root secret key KRs are preferably managed and concealed so that they remain in plain text and are not output from the secure element 60 to the outside.
 C公開鍵証明書記憶部73はC公開鍵証明書を記憶する。C秘密鍵記憶部74はC秘密鍵を記憶する。C公開鍵証明書は公開鍵の証明書である。C秘密鍵は、C公開鍵証明書の公開鍵とペアの秘密鍵である。C公開鍵証明書とC秘密鍵とは鍵生成部61によって生成される。鍵生成部61によって生成されたC公開鍵証明書は、C公開鍵証明書記憶部73に記憶される。鍵生成部61によって生成されたC秘密鍵は、C秘密鍵記憶部74に記憶される。例えば、第1のECU50のC公開鍵証明書Cert_KC1pは、第1のECU50のC公開鍵KC1pの証明書である。C公開鍵KC1pは、第1のECU50のC秘密鍵KC1sとペアである。第1のECU50の鍵生成部61によって生成されたC公開鍵証明書Cert_KC1pは、第1のECU50のC公開鍵証明書記憶部73に記憶される。第1のECU50の鍵生成部61によって生成されたC秘密鍵KC1sは、第1のECU50のC秘密鍵記憶部74に記憶される。 The C public key certificate storage unit 73 stores the C public key certificate. The C secret key storage unit 74 stores the C secret key. The C public key certificate is a public key certificate. The C private key is a private key paired with the public key of the C public key certificate. The C public key certificate and the C private key are generated by the key generation unit 61. The C public key certificate generated by the key generation unit 61 is stored in the C public key certificate storage unit 73. The C secret key generated by the key generation unit 61 is stored in the C secret key storage unit 74. For example, the C public key certificate Cert_KC1p of the first ECU 50 is a certificate of the C public key KC1p of the first ECU 50. The C public key KC1p is paired with the C secret key KC1s of the first ECU 50. The C public key certificate Cert_KC1p generated by the key generation unit 61 of the first ECU 50 is stored in the C public key certificate storage unit 73 of the first ECU 50. The C secret key KC1s generated by the key generation unit 61 of the first ECU 50 is stored in the C secret key storage unit 74 of the first ECU 50.
 S公開鍵証明書記憶部75は管理装置10のS公開鍵証明書Cert_KSpを記憶する。管理装置10から受信されたS公開鍵証明書Cert_KSpは、S公開鍵証明書記憶部75に記憶される。 The S public key certificate storage unit 75 stores the S public key certificate Cert_KSp of the management apparatus 10. The S public key certificate Cert_KSp received from the management apparatus 10 is stored in the S public key certificate storage unit 75.
 MAC鍵記憶部76はMAC鍵Kmを記憶する。管理装置10から受信されたMAC鍵Kmは、MAC鍵記憶部76に記憶される。 The MAC key storage unit 76 stores the MAC key Km. The MAC key Km received from the management apparatus 10 is stored in the MAC key storage unit 76.
 次に、図6から図9を参照して第1実施形態に係る管理方法を説明する。なお、以下の説明において、管理装置10とECU50とは、制御用車載ネットワーク40を介してデータを送受する。管理装置10のセキュアエレメント20は、CANインタフェース12を介して、ECU50のセキュアエレメント60とデータを送受する。ECU50のセキュアエレメント60は、CANインタフェース52を介して、管理装置10のセキュアエレメント20とデータを送受する。これにより、管理装置10のセキュアエレメント20とECU50のセキュアエレメント60との間でデータの交換が行われる。 Next, the management method according to the first embodiment will be described with reference to FIGS. In the following description, the management device 10 and the ECU 50 transmit and receive data via the control in-vehicle network 40. The secure element 20 of the management device 10 transmits / receives data to / from the secure element 60 of the ECU 50 via the CAN interface 12. The secure element 60 of the ECU 50 transmits / receives data to / from the secure element 20 of the management apparatus 10 via the CAN interface 52. As a result, data is exchanged between the secure element 20 of the management apparatus 10 and the secure element 60 of the ECU 50.
[公開鍵証明書の更新段階]
 図6を参照して、公開鍵証明書の更新段階を説明する。図6は、第1の実施形態に係る管理方法のシーケンスチャートである。ここでは、説明の便宜上、自動車1に備わるECU50のうちの一つである第1のECU50を例に挙げて説明するが、他のECU50についても同様である。 [Public key certificate renewal stage]
With reference to FIG. 6, the update stage of the public key certificate will be described. FIG. 6 is a sequence chart of the management method according to the first embodiment. Here, for convenience of explanation, the first ECU 50 that is one of the ECUs 50 provided in the automobile 1 will be described as an example, but the same applies to the other ECUs 50.
 (ステップS1):管理装置10のセキュアエレメント20において、鍵生成部21が、S公開鍵KSpとS秘密鍵KSsのペアを生成する。公開鍵と秘密鍵のペアの生成方法として、例えば、RSA(Rivest Shamir Adleman)やECC(Elliptic Curve Cryptosystems)などが利用可能である。さらに、鍵生成部21が、生成したS公開鍵KSpのS公開鍵証明書Cert_KSpを生成する。S公開鍵証明書Cert_KSpは、S公開鍵KSpと、S公開鍵KSpの電子署名とから構成される。S公開鍵KSpの電子署名は、S公開鍵KSpのハッシュ値をRoot秘密鍵KRsで暗号化した結果の暗号化データである。 (Step S1): In the secure element 20 of the management apparatus 10, the key generation unit 21 generates a pair of the S public key KSp and the S secret key KSs. As a method for generating a public / private key pair, for example, RSA (Rivest Shamir Adleman), ECC (Elliptic Curve 鍵 Cryptosystems), or the like can be used. Further, the key generation unit 21 generates an S public key certificate Cert_KSp for the generated S public key KSp. The S public key certificate Cert_KSp includes an S public key KSp and an electronic signature of the S public key KSp. The electronic signature of the S public key KSp is encrypted data obtained as a result of encrypting the hash value of the S public key KSp with the Root secret key KRs.
 S公開鍵証明書Cert_KSpの生成において、まず鍵生成部21が、S公開鍵KSpのハッシュ値hash(KSp)を算出する。次いで、暗号処理部24が、鍵生成部21により算出されたハッシュ値hash(KSp)を、Root秘密鍵記憶部32に記憶されるRoot秘密鍵KRsで暗号化する。この暗号化データKRs(hash(KSp))はS公開鍵KSpの電子署名である。次いで、鍵生成部21が、S公開鍵KSpとS公開鍵KSpの電子署名KRs(hash(KSp))とからS公開鍵証明書Cert_KSp「KSp,KRs(hash(KSp))」を構成する。 In the generation of the S public key certificate Cert_KSp, first, the key generation unit 21 calculates the hash value hash (KSp) of the S public key KSp. Next, the encryption processing unit 24 encrypts the hash value hash (KSp) calculated by the key generation unit 21 with the Root secret key KRs stored in the Root secret key storage unit 32. The encrypted data KRs (hash (KSp)) is an electronic signature of the S public key KSp. Next, the key generation unit 21 configures the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” from the S public key KSp and the electronic signature KRs (hash (KSp)) of the S public key KSp.
 S公開鍵証明書記憶部33は、鍵生成部21により生成されたS公開鍵証明書Cert_KSp「KSp,KRs(hash(KSp))」を記憶する。S秘密鍵記憶部34は、鍵生成部21により生成されたS秘密鍵KSsを記憶する。また、S公開鍵証明書記憶部33に記憶されるS公開鍵証明書Cert_KSp「KSp,KRs(hash(KSp))」とS秘密鍵記憶部34に記憶されるS秘密鍵KSsとがペアであることを示す関連付け情報を設定する。 The S public key certificate storage unit 33 stores the S public key certificate Cert_KSp “KSp, KRs (hash (Ksp))” generated by the key generation unit 21. The S secret key storage unit 34 stores the S secret key KSs generated by the key generation unit 21. In addition, the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” stored in the S public key certificate storage unit 33 and the S private key KSs stored in the S private key storage unit 34 are paired. Set the association information indicating that there is.
 (ステップS2):第1のECU50のセキュアエレメント60において、鍵生成部61が、C公開鍵KC1pとC秘密鍵KC1sのペアを生成する。さらに、鍵生成部61が、生成したC秘密鍵KC1sのC公開鍵証明書Cert_KC1pを生成する。C公開鍵証明書Cert_KC1pは、C公開鍵KC1pと、C公開鍵KC1pの電子署名とから構成される。C公開鍵KC1pの電子署名は、C公開鍵KC1pのハッシュ値をRoot秘密鍵KRsで暗号化した結果の暗号化データである。 (Step S2): In the secure element 60 of the first ECU 50, the key generation unit 61 generates a pair of the C public key KC1p and the C secret key KC1s. Further, the key generation unit 61 generates a C public key certificate Cert_KC1p of the generated C secret key KC1s. The C public key certificate Cert_KC1p includes a C public key KC1p and an electronic signature of the C public key KC1p. The electronic signature of the C public key KC1p is encrypted data obtained as a result of encrypting the hash value of the C public key KC1p with the Root secret key KRs.
 C公開鍵証明書Cert_KC1pの生成において、まず鍵生成部61が、C公開鍵KC1pのハッシュ値hash(KC1p)を算出する。次いで、暗号処理部64が、鍵生成部61により算出されたハッシュ値hash(KC1p)を、Root秘密鍵記憶部72に記憶されるRoot秘密鍵KRsで暗号化する。この暗号化データKRs(hash(KC1p))はC公開鍵KC1pの電子署名である。次いで、鍵生成部61が、C公開鍵KC1pとC公開鍵KC1pの電子署名KRs(hash(KC1p))とからC公開鍵証明書Cert_KC1p「KC1p,KRs(hash(KC1p))」を構成する。 In generating the C public key certificate Cert_KC1p, the key generation unit 61 first calculates the hash value hash (KC1p) of the C public key KC1p. Next, the encryption processing unit 64 encrypts the hash value hash (KC1p) calculated by the key generation unit 61 with the Root secret key KRs stored in the Root secret key storage unit 72. The encrypted data KRs (hash (KC1p)) is an electronic signature of the C public key KC1p. Next, the key generation unit 61 forms a C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” from the C public key KC1p and the electronic signature KRs (hash (KC1p)) of the C public key KC1p.
 C公開鍵証明書記憶部73は、鍵生成部61により生成されたC公開鍵証明書Cert_KC1p「KC1p,KRs(hash(KC1p))」を記憶する。C秘密鍵記憶部74は、鍵生成部61により生成されたC秘密鍵KC1sを記憶する。また、C公開鍵証明書記憶部73に記憶されるC公開鍵証明書Cert_KC1p「KC1p,KRs(hash(KC1p))」とC秘密鍵記憶部74に記憶されるC秘密鍵KC1sとがペアであることを示す関連付け情報を設定する。 The C public key certificate storage unit 73 stores the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” generated by the key generation unit 61. The C secret key storage unit 74 stores the C secret key KC1s generated by the key generation unit 61. Also, the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” stored in the C public key certificate storage unit 73 and the C secret key KC1s stored in the C secret key storage unit 74 are paired. Set the association information indicating that there is.
 (ステップS3:公開鍵証明書の送付):管理装置10のセキュアエレメント20が、CANインタフェース12により、上記のステップS1で生成されたS公開鍵証明書Cert_KSp「KSp,KRs(hash(KSp))」を第1のECU50のセキュアエレメント60へ送信する。 (Step S3: Send public key certificate): The secure element 20 of the management apparatus 10 uses the CAN interface 12 to generate the S public key certificate Cert_KSp “KSp, KRs (hash (KSp)) generated in the above step S1. Is transmitted to the secure element 60 of the first ECU 50.
 (ステップS4):第1のECU50のセキュアエレメント60が、CANインタフェース52により、管理装置10のセキュアエレメント20からS公開鍵証明書Cert_KSp「KSp,KRs(hash(KSp))」を受信する。第1のECU50のセキュアエレメント60において、検証部63が、管理装置10のセキュアエレメント20から受信したS公開鍵証明書Cert_KSp「KSp,KRs(hash(KSp))」を検証する。 (Step S4): The secure element 60 of the first ECU 50 receives the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” from the secure element 20 of the management apparatus 10 through the CAN interface 52. In the secure element 60 of the first ECU 50, the verification unit 63 verifies the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” received from the secure element 20 of the management apparatus 10.
 S公開鍵証明書Cert_KSp「KSp,KRs(hash(KSp))」の検証において、まず検証部63が、S公開鍵証明書Cert_KSp「KSp,KRs(hash(KSp))」からS公開鍵KSpを取得し、取得したS公開鍵KSpのハッシュ値hash(KSp)を算出する。次いで、検証部63が、S公開鍵証明書Cert_KSp「KSp,KRs(hash(KSp))」から電子署名KRs(hash(KSp))を取得し、取得した電子署名KRs(hash(KSp))を、Root証明書記憶部71に記憶されるRoot証明書Cert_KRpのRoot公開鍵KRpで復号化する。
 この復号化により、復号化データ「KRp・KRs(hash(KSp))」が得られる。次いで、検証部63が、算出したハッシュ値hash(KSp)と、復号化データ「KRp・KRs(hash(KSp))」とが一致するかを判定する。この判定の結果、一致する場合にはS公開鍵証明書Cert_KSp「KSp,KRs(hash(KSp))」の検証が成功であり、不一致する場合にはS公開鍵証明書Cert_KSp「KSp,KRs(hash(KSp))」の検証が失敗である。 In the verification of the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))”, the verification unit 63 first obtains the S public key KSp from the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))”. Acquire and calculate the hash value hash (KSp) of the acquired S public key KSp. Next, the verification unit 63 acquires the electronic signature KRs (hash (KSp)) from the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))”, and acquires the acquired electronic signature KRs (hash (KSp)). , Decryption is performed with the root public key KRp of the root certificate Cert_KRp stored in the root certificate storage unit 71.
By this decryption, decrypted data “KRp · KRs (hash (KSp))” is obtained. Next, the verification unit 63 determines whether the calculated hash value hash (KSp) matches the decrypted data “KRp · KRs (hash (KSp))”. As a result of this determination, if they match, the verification of the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” is successful, and if they do not match, the S public key certificate Cert_KSp “KSp, KRs ( “hash (KSp))” is unsuccessful.
 S公開鍵証明書Cert_KSp「KSp,KRs(hash(KSp))」の検証が成功である場合には、検証部63が、S公開鍵証明書Cert_KSp「KSp,KRs(hash(KSp))」をS公開鍵証明書記憶部75に記憶させる。この後、ステップS5に進む。 If the verification of the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” is successful, the verification unit 63 obtains the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))”. The data is stored in the S public key certificate storage unit 75. Thereafter, the process proceeds to step S5.
 一方、S公開鍵証明書Cert_KSp「KSp,KRs(hash(KSp))」の検証が失敗である場合には、図6の処理を終了する。よって、S公開鍵証明書Cert_KSp「KSp,KRs(hash(KSp))」は、S公開鍵証明書記憶部75に記憶されない。また、S公開鍵証明書Cert_KSp「KSp,KRs(hash(KSp))」の検証が失敗である場合に、制御部51が所定のエラー処理を実行してもよい。 On the other hand, if the verification of the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” is unsuccessful, the processing of FIG. Therefore, the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” is not stored in the S public key certificate storage unit 75. In addition, when the verification of the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” fails, the control unit 51 may execute a predetermined error process.
 (ステップS5:公開鍵証明書の送付):第1のECU50のセキュアエレメント60が、CANインタフェース52により、上記のステップS2で生成されたC公開鍵証明書Cert_KC1p「KC1p,KRs(hash(KC1p))」を管理装置10のセキュアエレメント20へ送信する。 (Step S5: Send Public Key Certificate): The secure element 60 of the first ECU 50 uses the CAN interface 52 to generate the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p)) generated in step S2. ) "Is transmitted to the secure element 20 of the management apparatus 10.
 (ステップS6):管理装置10のセキュアエレメント20が、CANインタフェース12により、第1のECU50のセキュアエレメント60からC公開鍵証明書Cert_KC1p「KC1p,KRs(hash(KC1p))」を受信する。管理装置10のセキュアエレメント20において、検証部23が、第1のECU50のセキュアエレメント60から受信したC公開鍵証明書Cert_KC1p「KC1p,KRs(hash(KC1p))」を検証する。 (Step S6): The secure element 20 of the management apparatus 10 receives the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” from the secure element 60 of the first ECU 50 through the CAN interface 12. In the secure element 20 of the management device 10, the verification unit 23 verifies the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” received from the secure element 60 of the first ECU 50.
 C公開鍵証明書Cert_KC1p「KC1p,KRs(hash(KC1p))」の検証において、まず検証部23が、C公開鍵証明書Cert_KC1p「KC1,KRs(hash(KC1p))」からC公開鍵KC1pを取得し、取得したC公開鍵KC1pのハッシュ値hash(KC1p)を算出する。次いで、検証部23が、C公開鍵証明書Cert_KC1p「KC1p,KRs(hash(KC1p))」から電子署名KRs(hash(KC1p))を取得し、取得した電子署名KRs(hash(KC1p))を、Root証明書記憶部31に記憶されるRoot証明書Cert_KRpのRoot公開鍵KRpで復号化する。この復号化により、復号化データ「KRp・KRs(hash(KC1p))」が得られる。次いで、検証部23が、算出したハッシュ値hash(KC1p)と、復号化データ「KRp・KRs(hash(KC1p))」とが一致するかを判定する。この判定の結果、一致する場合にはC公開鍵証明書Cert_KC1p「KC1p,KRs(hash(KC1p))」の検証が成功であり、不一致する場合にはC公開鍵証明書Cert_KC1p「KC1p,KRs(hash(KC1p))」の検証が失敗である。 In the verification of the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))”, the verification unit 23 first obtains the C public key KC1p from the C public key certificate Cert_KC1p “KC1, KRs (hash (KC1p))”. Acquire and calculate the hash value hash (KC1p) of the acquired C public key KC1p. Next, the verification unit 23 acquires the electronic signature KRs (hash (KC1p)) from the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))”, and acquires the acquired electronic signature KRs (hash (KC1p)). , Decryption is performed using the root public key KRp of the root certificate Cert_KRp stored in the root certificate storage unit 31. By this decryption, decrypted data “KRp · KRs (hash (KC1p))” is obtained. Next, the verification unit 23 determines whether or not the calculated hash value hash (KC1p) matches the decrypted data “KRp · KRs (hash (KC1p))”. As a result of this determination, if they match, the verification of the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” is successful, and if they do not match, the C public key certificate Cert_KC1p “KC1p, KRs ( “hash (KC1p))” is unsuccessful.
 C公開鍵証明書Cert_KC1p「KC1p,KRs(hash(KC1p))」の検証が成功である場合には、検証部23が、C公開鍵証明書Cert_KC1p「KC1p,KRs(hash(KC1p))」をC公開鍵証明書記憶部35に記憶させる。この後、図6の処理を終了する。 When the verification of the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” is successful, the verification unit 23 obtains the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))”. The data is stored in the C public key certificate storage unit 35. Thereafter, the process of FIG. 6 is terminated.
 一方、C公開鍵証明書Cert_KC1p「KC1p,KRs(hash(KC1p))」の検証が失敗である場合には、図6の処理を終了する。よって、C公開鍵証明書Cert_KC1p「KC1p,KRs(hash(KC1p))」は、C公開鍵証明書記憶部35に記憶されない。また、C公開鍵証明書Cert_KC1p「KC1p,KRs(hash(KC1p))」の検証が失敗である場合に、制御部11が所定のエラー処理を実行してもよい。 On the other hand, if the verification of the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” is unsuccessful, the processing in FIG. 6 ends. Therefore, the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” is not stored in the C public key certificate storage unit 35. In addition, when the verification of the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” is unsuccessful, the control unit 11 may execute predetermined error processing.
 上述した公開鍵証明書の更新段階によれば、自動車1の内部に閉じて、管理装置10がS公開鍵証明書Cert_KSpを発行し、また、ECU50がC公開鍵証明書を発行することができる。このため、一般のPKI(Public Key Infrastructure、公開鍵基盤)を使用することなく、自動車1の内部に閉じて公開鍵証明書の発行を行うことができる。
 これにより、一般のPKIを使用することなく自動車1の内部に閉じた公開鍵暗号方式を実現することができる。また、公開鍵暗号方式を使用して自動車1の内部のデータの秘匿を図る際に、自動車1の外部に存在するPKIを使用するための通信が不要となるので、通信装置を削減すること、通信ができない環境に適用すること、公開鍵証明書の発行頻度を容易に増加させることなどの効果が得られる。 According to the update stage of the public key certificate described above, the management apparatus 10 can issue the S public key certificate Cert_KSp and the ECU 50 can issue the C public key certificate. . For this reason, it is possible to issue a public key certificate by closing it inside the automobile 1 without using a general PKI (Public Key Infrastructure).
Thereby, it is possible to realize a public key cryptosystem closed inside the automobile 1 without using a general PKI. In addition, when using the public key cryptosystem to conceal the data inside the automobile 1, communication for using the PKI existing outside the automobile 1 is not required, and thus the number of communication devices can be reduced. Effects such as applying to an environment where communication is impossible and easily increasing the frequency of issuing public key certificates can be obtained.
 なお、管理装置10及びECU50は、比較的短い周期で繰り返し公開鍵と秘密鍵のペアを生成して公開鍵証明書を発行し、公開鍵証明書の発行の度に公開鍵証明書を新しいものに交換するようにしてもよい。これにより、公開鍵の失効リスト(リボケーションリスト)の管理を省略してもよい。 The management device 10 and the ECU 50 repeatedly generate a public key / private key pair at a relatively short cycle to issue a public key certificate, and a new public key certificate is issued each time a public key certificate is issued. You may make it replace | exchange. Thereby, management of the revocation list of the public key may be omitted.
[MAC鍵の更新段階]
 図7を参照して、MAC鍵の更新段階を説明する。図7は、第1の実施形態に係る管理方法のシーケンスチャートである。ここでは、説明の便宜上、自動車1に備わるECU50のうちの一つである第1のECU50を例に挙げて説明するが、他のECU50についても同様である。 [MAC key update stage]
With reference to FIG. 7, the update step of the MAC key will be described. FIG. 7 is a sequence chart of the management method according to the first embodiment. Here, for convenience of explanation, the first ECU 50 that is one of the ECUs 50 provided in the automobile 1 will be described as an example, but the same applies to the other ECUs 50.
 (ステップS11):管理装置10のセキュアエレメント20において、鍵生成部21が、MAC鍵Kmを生成する。次いで、鍵生成部21が、生成したMAC鍵Kmに対して電子署名を施す。MAC鍵Kmに対する電子署名では、まず鍵生成部21が、MAC鍵Kmのハッシュ値hash(Km)を算出する。次いで、暗号処理部24が、鍵生成部21により算出されたハッシュ値hash(Km)を、S秘密鍵記憶部34に記憶されるS秘密鍵KSsで暗号化する。この暗号化データKSs(hash(Km))はMAC鍵Kmの電子署名である。次いで、鍵生成部21が、MAC鍵KmとMAC鍵Kmの電子署名KSs(hash(Km))とからMAC鍵証明書「Km,KSs(hash(Km))」を構成する。MAC鍵記憶部36は、鍵生成部21により生成されたMAC鍵Kmを記憶する。 (Step S11): In the secure element 20 of the management device 10, the key generation unit 21 generates the MAC key Km. Next, the key generation unit 21 applies an electronic signature to the generated MAC key Km. In the electronic signature for the MAC key Km, the key generation unit 21 first calculates a hash value hash (Km) of the MAC key Km. Next, the encryption processing unit 24 encrypts the hash value hash (Km) calculated by the key generation unit 21 with the S secret key KSs stored in the S secret key storage unit 34. The encrypted data KSs (hash (Km)) is an electronic signature of the MAC key Km. Next, the key generation unit 21 configures the MAC key certificate “Km, KSs (hash (Km))” from the MAC key Km and the electronic signature KSs (hash (Km)) of the MAC key Km. The MAC key storage unit 36 stores the MAC key Km generated by the key generation unit 21.
 (ステップS12:暗号路鍵の送付):管理装置10のセキュアエレメント20において、暗号処理部24が、C公開鍵証明書記憶部35に記憶されるC公開鍵証明書Cert_KC1p「KC1p,KRs(hash(KC1p))」からC公開鍵KC1pを取得する。次いで、暗号処理部24が、取得したC公開鍵KC1pで、鍵生成部21により生成されたMAC鍵証明書「Km,KSs(hash(Km))」を暗号化する。この暗号化データKC1p(「Km,KSs(hash(Km))」)は暗号路鍵の送付データである。次いで、管理装置10のセキュアエレメント20が、CANインタフェース12により、暗号路鍵の送付データKC1p(「Km,KSs(hash(Km))」)を第1のECU50のセキュアエレメント60へ送信する。 (Step S12: Sending the encryption path key): In the secure element 20 of the management apparatus 10, the encryption processing unit 24 uses the C public key certificate Cert_KC1p “KC1p, KRs (hash) stored in the C public key certificate storage unit 35. C public key KC1p is obtained from (KC1p)). Next, the encryption processing unit 24 encrypts the MAC key certificate “Km, KSs (hash (Km))” generated by the key generation unit 21 with the acquired C public key KC1p. The encrypted data KC1p (“Km, KSs (hash (Km))”) is the transmission data of the encryption path key. Next, the secure element 20 of the management device 10 transmits the encryption path key transmission data KC1p (“Km, KSs (hash (Km))”) to the secure element 60 of the first ECU 50 via the CAN interface 12.
 (ステップS13):第1のECU50のセキュアエレメント60が、CANインタフェース52により、管理装置10のセキュアエレメント20から暗号路鍵の送付データKC1p(「Km,KSs(hash(Km))」)を受信する。第1のECU50のセキュアエレメント60において、検証部63が、管理装置10のセキュアエレメント20から受信した暗号路鍵の送付データKC1p(「Km,KSs(hash(Km))」)を検証する。 (Step S13): The secure element 60 of the first ECU 50 receives the encryption path key transmission data KC1p (“Km, KSs (hash (Km))”) from the secure element 20 of the management apparatus 10 through the CAN interface 52. To do. In the secure element 60 of the first ECU 50, the verification unit 63 verifies the encryption path key transmission data KC 1 p (“Km, KSs (hash (Km))”) received from the secure element 20 of the management device 10.
 暗号路鍵の送付データKC1p(「Km,KSs(hash(Km))」)の検証において、まず暗号処理部64が、C秘密鍵記憶部74に記憶されるC秘密鍵KC1sで、暗号路鍵の送付データKC1p(「Km,KSs(hash(Km))」)を復号化する。
 この復号化により、復号化データ「KC1s・KC1p(「Km,KSs(hash(Km))」)」が得られる。次いで、検証部63が、復号化データ「KC1s・KC1p(「Km,KSs(hash(Km))」)」からMAC鍵Kmを取得し、取得したMAC鍵Kmのハッシュ値hash(Km)を算出する。 In the verification of the transmission data KC1p (“Km, KSs (hash (Km))”) of the encryption path key, first, the encryption processing unit 64 uses the C secret key KC1s stored in the C secret key storage unit 74 as the encryption path key. The transmission data KC1p (“Km, KSs (hash (Km))”) is decrypted.
By this decryption, decrypted data “KC1s · KC1p (“ Km, KSs (hash (Km)) ”)” is obtained. Next, the verification unit 63 acquires the MAC key Km from the decrypted data “KC1s · KC1p (“ Km, KSs (hash (Km)) ”)”, and calculates the hash value hash (Km) of the acquired MAC key Km. To do.
 次いで、検証部63が、S公開鍵証明書記憶部75に記憶されるS公開鍵証明書Cert_KSp「KSp,KRs(hash(KSp))」からS公開鍵KSpを取得する。
 次いで、検証部63が、復号化データ「KC1s・KC1p(「Km,KSs(hash(Km))」)」から電子署名KSs(hash(Km))を取得し、取得した電子署名KSs(hash(Km))をS公開鍵KSpで復号化する。この復号化により、復号化データ「KSp・KSs(hash(Km))」が得られる。 Next, the verification unit 63 acquires the S public key KSp from the S public key certificate Cert_KSp “KSp, KRs (hash (KSp))” stored in the S public key certificate storage unit 75.
Next, the verification unit 63 acquires the electronic signature KSs (hash (Km)) from the decrypted data “KC1s · KC1p (“ Km, KSs (hash (Km))) ”, and acquires the acquired electronic signature KSs (hash ( Km)) is decrypted with the S public key KSp. By this decryption, decrypted data “KSp · KSs (hash (Km))” is obtained.
 次いで、検証部63が、算出したハッシュ値hash(Km)と、復号化データ「KSp・KSs(hash(Km))」とが一致するかを判定する。この判定の結果、一致する場合には暗号路鍵の送付データKC1p(「Km,KSs(hash(Km))」)の検証が成功であり、不一致する場合には暗号路鍵の送付データKC1p(「Km,KSs(hash(Km))」)の検証が失敗である。 Next, the verification unit 63 determines whether or not the calculated hash value hash (Km) matches the decrypted data “KSp · KSs (hash (Km))”. If the result of this determination is that they match, the verification of the encryption path key transmission data KC1p (“Km, KSs (hash (Km))”) is successful, and if they do not match, the encryption path key transmission data KC1p ( The verification of “Km, KSs (hash (Km))” is unsuccessful.
 暗号路鍵の送付データKC1p(「Km,KSs(hash(Km))」)の検証が成功である場合には、検証部63が、暗号路鍵の送付データKC1p(「Km,KSs(hash(Km))」)から取得したMAC鍵KmをMAC鍵記憶部76に記憶させる。この後、図7の処理を終了する。 If the verification of the encryption path key transmission data KC1p (“Km, KSs (hash (Km))”) is successful, the verification unit 63 transmits the encryption path key transmission data KC1p (“Km, KSs (hash ( Km)))) The MAC key Km acquired from “)” is stored in the MAC key storage unit 76. Thereafter, the process of FIG. 7 is terminated.
 一方、暗号路鍵の送付データKC1p(「Km,KSs(hash(Km))」)の検証が失敗である場合には、図7の処理を終了する。よって、暗号路鍵の送付データKC1p(「Km,KSs(hash(Km))」)に含まれるMAC鍵Kmは、MAC鍵記憶部76に記憶されない。また、暗号路鍵の送付データKC1p(「Km,KSs(hash(Km))」)の検証が失敗である場合に、制御部51が所定のエラー処理を実行してもよい。 On the other hand, if the verification of the encryption path key transmission data KC1p (“Km, KSs (hash (Km))”) is unsuccessful, the processing in FIG. 7 ends. Therefore, the MAC key Km included in the encryption path key transmission data KC1p (“Km, KSs (hash (Km))”) is not stored in the MAC key storage unit 76. In addition, when the verification of the encryption path key transmission data KC1p (“Km, KSs (hash (Km))”) fails, the control unit 51 may execute predetermined error processing.
 上述したMAC鍵の更新段階によれば、自動車1で使用されるMAC鍵Kmの更新を、自動車1の内部に閉じて、公開鍵暗号方式により安全に行うことができる。 According to the MAC key update stage described above, the MAC key Km used in the automobile 1 can be updated inside the automobile 1 and can be safely performed by a public key cryptosystem.
[Root証明書の更新段階]
 図8及び図9を参照して、Root証明書の更新段階を説明する。図8及び図9は、第1の実施形態に係る管理方法のシーケンスチャートである。 [Root certificate renewal stage]
With reference to FIG. 8 and FIG. 9, the update step of the Root certificate will be described. 8 and 9 are sequence charts of the management method according to the first embodiment.
(Root証明書の初回更新段階)
 まず図8を参照して、Root証明書の初回更新段階を説明する。ここでは、説明の便宜上、管理装置10及びECU50に最初に保持されるRoot証明書Cert_KRpとRoot秘密鍵KRsのペアにおいて、Root証明書Cert_KRpを初期Root証明書Cert_KRpと称し、Root公開鍵KRpを初期Root公開鍵KRpと称し、Root秘密鍵KRsを初期Root秘密鍵KRsと称する。また、新規に生成されるRoot証明書Cert_KRpとRoot秘密鍵KRsのペアにおいて、Root証明書Cert_KRpを新Root証明書Cert_KRp_newと称し、Root公開鍵KRpを新Root公開鍵KRp_newと称し、Root秘密鍵KRsを新Root秘密鍵KRs_newと称する。また、ここでは、自動車1に備わるECU50のうちの一つである第1のECU50を例に挙げて説明するが、他のECU50についても同様である。 (The first renewal stage of the root certificate)
First, referring to FIG. 8, the initial update stage of the root certificate will be described. Here, for convenience of explanation, in the pair of the root certificate Cert_KRp and the root secret key KRs initially held in the management apparatus 10 and the ECU 50, the root certificate Cert_KRp is referred to as the initial root certificate Cert_KRp, and the root public key KRp is the initial The root public key KRp is called, and the root secret key KRs is called the initial root secret key KRs. In the newly generated pair of the root certificate Cert_KRp and the root secret key KRs, the root certificate Cert_KRp is referred to as a new root certificate Cert_KRp_new, the root public key KRp is referred to as a new root public key KRp_new, and a Root secret key Is referred to as a new root secret key KRs_new. Here, the first ECU 50, which is one of the ECUs 50 provided in the automobile 1, will be described as an example, but the same applies to the other ECUs 50.
 (ステップS21):管理装置10のセキュアエレメント20において、鍵生成部21が、新Root公開鍵KRp_newと新Root秘密鍵KRs_newのペアを生成する。
 さらに、鍵生成部21が、生成した新Root公開鍵KRp_newの証明書である新Root証明書Cert_KRp_newを生成する。新Root証明書Cert_KRp_newは、新Root公開鍵KRp_newと、新Root公開鍵KRp_newの電子署名とから構成される。新Root公開鍵KRp_newの電子署名は、新Root公開鍵KRp_newのハッシュ値を初期Root秘密鍵KRsで暗号化した結果の暗号化データである。 (Step S21): In the secure element 20 of the management apparatus 10, the key generation unit 21 generates a pair of a new root public key KRp_new and a new root secret key KRs_new.
Further, the key generation unit 21 generates a new root certificate Cert_KRp_new which is a certificate of the generated new root public key KRp_new. The new root certificate Cert_KRp_new is composed of a new root public key KRp_new and an electronic signature of the new root public key KRp_new. The electronic signature of the new root public key KRp_new is encrypted data resulting from encrypting the hash value of the new root public key KRp_new with the initial root private key KRs.
 新Root証明書Cert_KRp_newの生成において、まず鍵生成部21が、新Root公開鍵KRp_newのハッシュ値hash(KRp_new)を算出する。次いで、暗号処理部24が、鍵生成部21により算出されたハッシュ値hash(KRp_new)を、Root秘密鍵記憶部32に記憶される初期Root秘密鍵KRsで暗号化する。この暗号化データKRs(hash(KRp_new))は新Root公開鍵KRp_newの電子署名である。次いで、鍵生成部21が、新Root公開鍵KRp_newと新Root公開鍵KRp_newの電子署名KRs(hash(KRp_new))とから新Root証明書Cert_KRp_new「KRp_new,KRs(hash(KRp_new))」を構成する。 In generating the new root certificate Cert_KRp_new, the key generation unit 21 first calculates a hash value hash (KRp_new) of the new root public key KRp_new. Next, the encryption processing unit 24 encrypts the hash value hash (KRp_new) calculated by the key generation unit 21 with the initial root secret key KRs stored in the root secret key storage unit 32. The encrypted data KRs (hash (KRp_new)) is an electronic signature of the new root public key KRp_new. Next, the key generation unit 21 creates a new Root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” from the new Root public key KRp_new and the electronic signature KRs (hash (KRp_new)) of the new Root public key KRp_new. .
 Root証明書記憶部31は、鍵生成部21により生成された新Root証明書Cert_KRp_new「KRp_new,KRs(hash(KRp_new))」を記憶する。Root秘密鍵記憶部32は、鍵生成部21により生成された新Root秘密鍵KRs_newを記憶する。また、Root証明書記憶部31に記憶される新Root証明書Cert_KRp_new「KRp_new,KRs(hash(KRp_new))」とRoot秘密鍵記憶部32に記憶される新Root秘密鍵KRs_newとがペアであることを示す関連付け情報を設定する。 The root certificate storage unit 31 stores the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” generated by the key generation unit 21. The root secret key storage unit 32 stores the new root secret key KRs_new generated by the key generation unit 21. In addition, the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” stored in the root certificate storage unit 31 and the new root secret key KRs_new stored in the root secret key storage unit 32 are paired. Set the association information indicating.
 (ステップS22:暗号路鍵の送付):管理装置10のセキュアエレメント20において、鍵生成部21が、暗号路鍵Kcを生成する。次いで、暗号処理部24が、C公開鍵証明書記憶部35に記憶されるC公開鍵証明書Cert_KC1p「KC1p,KRs(hash(KC1p))」からC公開鍵KC1pを取得する。次いで、暗号処理部24が、取得したC公開鍵KC1pで、鍵生成部21により生成された暗号路鍵Kcを暗号化する。この暗号化データKC1p(Kc)は暗号路鍵の送付データである。次いで、管理装置10のセキュアエレメント20が、CANインタフェース12により、暗号路鍵の送付データKC1p(Kc)を第1のECU50のセキュアエレメント60へ送信する。 (Step S22: Sending the encryption path key): In the secure element 20 of the management apparatus 10, the key generation unit 21 generates the encryption path key Kc. Next, the cryptographic processing unit 24 acquires the C public key KC1p from the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” stored in the C public key certificate storage unit 35. Next, the encryption processing unit 24 encrypts the encryption path key Kc generated by the key generation unit 21 with the acquired C public key KC1p. The encrypted data KC1p (Kc) is encryption path key transmission data. Next, the secure element 20 of the management apparatus 10 transmits the encryption path key transmission data KC1p (Kc) to the secure element 60 of the first ECU 50 through the CAN interface 12.
 第1のECU50のセキュアエレメント60が、CANインタフェース52により、管理装置10のセキュアエレメント20から暗号路鍵の送付データKC1p(Kc)を受信する。第1のECU50のセキュアエレメント60において、暗号処理部64が、管理装置10のセキュアエレメント20から受信した暗号路鍵の送付データKC1p(Kc)を、C秘密鍵記憶部74に記憶されるC秘密鍵KC1sで復号化する。この復号化により、復号化データ「KC1s・KC1p(Kc)」が得られる。暗号路鍵の送付データKC1p(Kc)の復号化が成功すれば、復号化データ「KC1s・KC1p(Kc)」は暗号路鍵Kcである。ここでは、暗号路鍵の送付データKC1p(Kc)の復号化が成功し、暗号路鍵Kcが得られたとする。 The secure element 60 of the first ECU 50 receives the encryption path key transmission data KC1p (Kc) from the secure element 20 of the management apparatus 10 through the CAN interface 52. In the secure element 60 of the first ECU 50, the encryption processing unit 64 stores the encryption path key transmission data KC 1 p (Kc) received from the secure element 20 of the management device 10 in the C secret key storage unit 74. Decrypt with key KC1s. By this decoding, decoded data “KC1s · KC1p (Kc)” is obtained. If the encryption path key sending data KC1p (Kc) is successfully decrypted, the decrypted data “KC1s · KC1p (Kc)” is the encryption path key Kc. Here, it is assumed that the encryption path key transmission data KC1p (Kc) has been successfully decrypted and the encryption path key Kc is obtained.
 (ステップS23:新Root秘密鍵、新Root証明書の送付):管理装置10のセキュアエレメント20において、暗号処理部24が、上記のステップS22で鍵生成部21により生成された暗号路鍵Kcで、新Root秘密鍵KRs_newと、新Root証明書Cert_KRp_new「KRp_new,KRs(hash(KRp_new))」とを暗号化する。これにより、暗号化データKc(KRs_new,「KRp_new,KRs(hash(KRp_new))」)が得られる。次いで、管理装置10のセキュアエレメント20が、CANインタフェース12により、暗号化データKc(KRs_new,「KRp_new,KRs(hash(KRp_new))」)を第1のECU50のセキュアエレメント60へ送信する。 (Step S23: Send New Root Private Key and New Root Certificate): In the secure element 20 of the management apparatus 10, the encryption processing unit 24 uses the encryption path key Kc generated by the key generation unit 21 in step S22. The new root secret key KRs_new and the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” are encrypted. Thereby, the encrypted data Kc (KRs_new, “KRp_new, KRs (hash (KRp_new))”) is obtained. Next, the secure element 20 of the management device 10 transmits the encrypted data Kc (KRs_new, “KRp_new, KRs (hash (KRp_new))”) to the secure element 60 of the first ECU 50 via the CAN interface 12.
 (ステップS24):第1のECU50のセキュアエレメント60が、CANインタフェース52により、管理装置10のセキュアエレメント20から暗号化データKc(KRs_new,「KRp_new,KRs(hash(KRp_new))」)を受信する。第1のECU50のセキュアエレメント60において、暗号処理部64が、管理装置10のセキュアエレメント20から受信した暗号化データKc(KRs_new,「KRp_new,KRs(hash(KRp_new))」)を、上記のステップS22で暗号路鍵の送付データKC1p(Kc)の復号化により得られた暗号路鍵Kcで復号化する。この復号化により、復号化データ「Kc・Kc(KRs_new,「KRp_new,KRs(hash(KRp_new))」)」が得られる。暗号化データKc(KRs_new,「KRp_new,KRs(hash(KRp_new))」)の復号化が成功すれば、復号化データ「Kc・Kc(KRs_new,「KRp_new,KRs(hash(KRp_new))」)」から、新Root秘密鍵KRs_newと、新Root証明書Cert_KRp_new「KRp_new,KRs(hash(KRp_new))」とが得られる。ここでは、暗号化データKc(KRs_new,「KRp_new,KRs(hash(KRp_new))」)の復号化が成功し、新Root秘密鍵KRs_newと、新Root証明書Cert_KRp_new「KRp_new,KRs(hash(KRp_new))」とが得られたとする。次いで、検証部63が、得られた新Root証明書Cert_KRp_new「KRp_new,KRs(hash(KRp_new))」を検証する。 (Step S24): The secure element 60 of the first ECU 50 receives the encrypted data Kc (KRs_new, “KRp_new, KRs (hash (KRp_new))”) from the secure element 20 of the management apparatus 10 through the CAN interface 52. . In the secure element 60 of the first ECU 50, the encryption processing unit 64 receives the encrypted data Kc (KRs_new, “KRp_new, KRs (hash (KRp_new))”) received from the secure element 20 of the management apparatus 10 in the above-described step. In S22, decryption is performed with the encryption path key Kc obtained by decrypting the transmission data KC1p (Kc) of the encryption path key. By this decryption, decrypted data “Kc · Kc (KRs_new,“ KRp_new, KRs (hash (KRp_new)) ”)” is obtained. If the decryption of the encrypted data Kc (KRs_new, “KRp_new, KRs (hash (KRp_new))”) is successful, the decrypted data “Kc · Kc (KRs_new,“ KRp_new, KRs (hash (KRp_new)) ”)”. Thus, a new root secret key KRs_new and a new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” are obtained. Here, the encrypted data Kc (KRs_new, “KRp_new, KRs (hash (KRp_new))”) has been successfully decrypted, and the new Root secret key KRs_new and the new Root certificate Cert_KRp_new “KRp_new, KRs (pnew) ) "Is obtained. Next, the verification unit 63 verifies the obtained new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))”.
 新Root証明書Cert_KRp_new「KRp_new,KRs(hash(KRp_new))」の検証において、まず検証部63が、新Root証明書Cert_KRp_new「KRp_new,KRs(hash(KRp_new))」から新Root公開鍵KRp_newを取得し、取得した新Root公開鍵KRp_newのハッシュ値hash(KRp_new)を算出する。次いで、検証部63が、新Root証明書Cert_KRp_new「KRp_new,KRs(hash(KRp_new))」から電子署名KRs(hash(KRp_new))を取得し、取得した電子署名KRs(hash(KRp_new))を、Root証明書記憶部71に記憶される初期Root証明書Cert_KRpの初期Root公開鍵KRpで復号化する。この復号化により、復号化データ「KRp・KRs(hash(KRp_new))」が得られる。 In the verification of the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))”, the verification unit 63 first obtains the new Root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” from the new Rot public key. Then, the hash value hash (KRp_new) of the acquired new Root public key KRp_new is calculated. Next, the verification unit 63 acquires the electronic signature KRs (hash (KRp_new)) from the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))”, and acquires the acquired electronic signature KRs (hash (KRp_new)). Decryption is performed using the initial root public key KRp of the initial root certificate Cert_KRp stored in the root certificate storage unit 71. By this decoding, decoded data “KRp · KRs (hash (KRp_new))” is obtained.
 次いで、検証部63が、算出したハッシュ値hash(KRp_new)と、復号化データ「KRp・KRs(hash(KRp_new))」とが一致するかを判定する。この判定の結果、一致する場合には新Root証明書Cert_KRp_new「KRp_new,KRs(hash(KRp_new))」の検証が成功であり、不一致する場合には新Root証明書Cert_KRp_new「KRp_new,KRs(hash(KRp_new))」の検証が失敗である。 Next, the verification unit 63 determines whether or not the calculated hash value hash (KRp_new) matches the decrypted data “KRp · KRs (hash (KRp_new))”. As a result of this determination, if they match, the verification of the new Root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” is successful, and if they do not match, the new Root certificate Cert_KRp_new “KRp_new, KRs (hash ( KRp_new)) "is unsuccessful.
 新Root証明書Cert_KRp_new「KRp_new,KRs(hash(KRp_new))」の検証が成功である場合には、Root証明書記憶部71が、新Root証明書Cert_KRp_new「KRp_new,KRs(hash(KRp_new))」を記憶する。Root秘密鍵記憶部72が、新Root秘密鍵KRs_newを記憶する。また、Root証明書記憶部71に記憶される新Root証明書Cert_KRp_new「KRp_new,KRs(hash(KRp_new))」とRoot秘密鍵記憶部72に記憶される新Root秘密鍵KRs_newとがペアであることを示す関連付け情報を設定する。この後、図8の処理を終了する。 If the verification of the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” is successful, the root certificate storage unit 71 sets the new root certificate Cert_KRp_new “KRp_new, KRs (hash) (KRp_new)”. Remember. The root secret key storage unit 72 stores the new root secret key KRs_new. The new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” stored in the root certificate storage unit 71 and the new root secret key KRs_new stored in the root secret key storage unit 72 are paired. Set the association information indicating. Thereafter, the process of FIG. 8 is terminated.
 一方、新Root証明書Cert_KRp_new「KRp_new,KRs(hash(KRp_new))」の検証が失敗である場合には、図8の処理を終了する。よって、新Root証明書Cert_KRp_new「KRp_new,KRs(hash(KRp_new))」は、Root証明書記憶部71に記憶されない。また、新Root証明書Cert_KRp_new「KRp_new,KRs(hash(KRp_new))」の検証が失敗である場合に、制御部51が所定のエラー処理を実行してもよい。 On the other hand, if the verification of the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” is unsuccessful, the processing of FIG. Therefore, the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” is not stored in the root certificate storage unit 71. In addition, when the verification of the new root certificate Cert_KRp_new “KRp_new, KRs (hash (KRp_new))” is unsuccessful, the control unit 51 may execute predetermined error processing.
(Root証明書の2回目以降の更新段階)
 次に図9を参照して、Root証明書の2回目以降の更新段階を説明する。ここでは、説明の便宜上、管理装置10及びECU50に保持される更新前のRoot証明書Cert_KRpとRoot秘密鍵KRsのペアにおいて、Root証明書Cert_KRpを旧Root証明書Cert_KRp_oldと称し、Root公開鍵KRpを旧Root公開鍵KRp_oldと称し、Root秘密鍵KRsを旧Root秘密鍵KRs_oldと称する。また、新規に生成されるRoot証明書Cert_KRpとRoot秘密鍵KRsのペアにおいて、Root証明書Cert_KRpを新Root証明書Cert_KRp_newと称し、Root公開鍵KRpを新Root公開鍵KRp_newと称し、Root秘密鍵KRsを新Root秘密鍵KRs_newと称する。また、ここでは、自動車1に備わるECU50のうちの一つである第1のECU50を例に挙げて説明するが、他のECU50についても同様である。 (The second and subsequent renewal stages of the root certificate)
Next, referring to FIG. 9, the second and subsequent update stages of the root certificate will be described. Here, for convenience of explanation, in the pair of the root certificate Cert_KRp before updating and the root secret key KRs held in the management apparatus 10 and the ECU 50, the root certificate Cert_KRp is referred to as the old root certificate Cert_KRp_old, and the root public key KRp is referred to as the root certificate Cert_KRp. The old Root public key KRp_old is called, and the Root secret key KRs is called the old Root secret key KRs_old. In the newly generated pair of the root certificate Cert_KRp and the root secret key KRs, the root certificate Cert_KRp is referred to as a new root certificate Cert_KRp_new, the root public key KRp is referred to as a new root public key KRp_new, and a Root secret key Is referred to as a new root secret key KRs_new. Here, the first ECU 50, which is one of the ECUs 50 provided in the automobile 1, will be described as an example, but the same applies to the other ECUs 50.
 (ステップS31):管理装置10のセキュアエレメント20において、鍵生成部21が、新Root公開鍵KRp_newと新Root秘密鍵KRs_newのペアを生成する。
 さらに、鍵生成部21が、生成した新Root公開鍵KRp_newの証明書である新Root証明書Cert_KRp_newを生成する。新Root証明書Cert_KRp_newは、新Root公開鍵KRp_newと、新Root公開鍵KRp_newの電子署名とから構成される。新Root公開鍵KRp_newの電子署名は、新Root公開鍵KRp_newのハッシュ値を旧Root秘密鍵KRs_oldで暗号化した結果の暗号化データである。 (Step S31): In the secure element 20 of the management apparatus 10, the key generation unit 21 generates a pair of a new root public key KRp_new and a new root secret key KRs_new.
Further, the key generation unit 21 generates a new root certificate Cert_KRp_new which is a certificate of the generated new root public key KRp_new. The new root certificate Cert_KRp_new is composed of a new root public key KRp_new and an electronic signature of the new root public key KRp_new. The electronic signature of the new root public key KRp_new is encrypted data resulting from encrypting the hash value of the new root public key KRp_new with the old root private key KRs_old.
 新Root証明書Cert_KRp_newの生成において、まず鍵生成部21が、新Root公開鍵KRp_newのハッシュ値hash(KRp_new)を算出する。次いで、暗号処理部24が、鍵生成部21により算出されたハッシュ値hash(KRp_new)を、Root秘密鍵記憶部32に記憶される旧Root秘密鍵KRs_oldで暗号化する。この暗号化データKRs_old(hash(KRp_new))は新Root公開鍵KRp_newの電子署名である。次いで、鍵生成部21が、新Root公開鍵KRp_newと新Root公開鍵KRp_newの電子署名KRs_old(hash(KRp_new))とから新Root証明書Cert_KRp_new「KRp_new,KRs_old(hash(KRp_new))」を構成する。 In generating the new root certificate Cert_KRp_new, the key generation unit 21 first calculates a hash value hash (KRp_new) of the new root public key KRp_new. Next, the encryption processing unit 24 encrypts the hash value hash (KRp_new) calculated by the key generation unit 21 with the old Root secret key KRs_old stored in the Root secret key storage unit 32. This encrypted data KRs_old (hash (KRp_new)) is an electronic signature of the new Root public key KRp_new. Next, the key generation unit 21 creates a new Root certificate Cert_KRp_new “KRp_new, KRs_old (hash)” from the new Root public key KRp_new and the electronic signature KRs_old (hash (KRp_new)) of the new Root public key KRp_new (KRp_new) .
 Root証明書記憶部31は、鍵生成部21により生成された新Root証明書Cert_KRp_new「KRp_new,KRs_old(hash(KRp_new))」を記憶する。Root秘密鍵記憶部32は、鍵生成部21により生成された新Root秘密鍵KRs_newを記憶する。また、Root証明書記憶部31に記憶される新Root証明書Cert_KRp_new「KRp_new,KRs_old(hash(KRp_new))」とRoot秘密鍵記憶部32に記憶される新Root秘密鍵KRs_newとがペアであることを示す関連付け情報を設定する。 The root certificate storage unit 31 stores the new root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” generated by the key generation unit 21. The root secret key storage unit 32 stores the new root secret key KRs_new generated by the key generation unit 21. Also, the new Root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” stored in the Root certificate storage unit 31 and the new Root secret key KRs_new stored in the Root secret key storage unit 32 are a pair. Set the association information indicating.
 (ステップS32:暗号路鍵の送付):管理装置10のセキュアエレメント20において、鍵生成部21が、暗号路鍵Kcを生成する。次いで、暗号処理部24が、C公開鍵証明書記憶部35に記憶されるC公開鍵証明書Cert_KC1p「KC1p,KRs(hash(KC1p))」からC公開鍵KC1pを取得する。次いで、暗号処理部24が、取得したC公開鍵KC1pで、鍵生成部21により生成された暗号路鍵Kcを暗号化する。この暗号化データKC1p(Kc)は暗号路鍵の送付データである。次いで、管理装置10のセキュアエレメント20が、CANインタフェース12により、暗号路鍵の送付データKC1p(Kc)を第1のECU50のセキュアエレメント60へ送信する。 (Step S32: Sending the encryption path key): In the secure element 20 of the management apparatus 10, the key generation unit 21 generates the encryption path key Kc. Next, the cryptographic processing unit 24 acquires the C public key KC1p from the C public key certificate Cert_KC1p “KC1p, KRs (hash (KC1p))” stored in the C public key certificate storage unit 35. Next, the encryption processing unit 24 encrypts the encryption path key Kc generated by the key generation unit 21 with the acquired C public key KC1p. The encrypted data KC1p (Kc) is encryption path key transmission data. Next, the secure element 20 of the management apparatus 10 transmits the encryption path key transmission data KC1p (Kc) to the secure element 60 of the first ECU 50 through the CAN interface 12.
 第1のECU50のセキュアエレメント60が、CANインタフェース52により、管理装置10のセキュアエレメント20から暗号路鍵の送付データKC1p(Kc)を受信する。第1のECU50のセキュアエレメント60において、暗号処理部64が、管理装置10のセキュアエレメント20から受信した暗号路鍵の送付データKC1p(Kc)を、C秘密鍵記憶部74に記憶されるC秘密鍵KC1sで復号化する。この復号化により、復号化データ「KC1s・KC1p(Kc)」が得られる。暗号路鍵の送付データKC1p(Kc)の復号化が成功すれば、復号化データ「KC1s・KC1p(Kc)」は暗号路鍵Kcである。ここでは、暗号路鍵の送付データKC1p(Kc)の復号化が成功し、暗号路鍵Kcが得られたとする。 The secure element 60 of the first ECU 50 receives the encryption path key transmission data KC1p (Kc) from the secure element 20 of the management apparatus 10 through the CAN interface 52. In the secure element 60 of the first ECU 50, the encryption processing unit 64 stores the encryption path key transmission data KC 1 p (Kc) received from the secure element 20 of the management device 10 in the C secret key storage unit 74. Decrypt with key KC1s. By this decoding, decoded data “KC1s · KC1p (Kc)” is obtained. If the encryption path key sending data KC1p (Kc) is successfully decrypted, the decrypted data “KC1s · KC1p (Kc)” is the encryption path key Kc. Here, it is assumed that the encryption path key transmission data KC1p (Kc) has been successfully decrypted and the encryption path key Kc is obtained.
 (ステップS33:新Root秘密鍵、新Root証明書の送付):管理装置10のセキュアエレメント20において、暗号処理部24が、上記のステップS32で鍵生成部21により生成された暗号路鍵Kcで、新Root秘密鍵KRs_newと、新Root証明書Cert_KRp_new「KRp_new,KRs_old(hash(KRp_new))」とを暗号化する。これにより、暗号化データKc(KRs_new,「KRp_new,KRs_old(hash(KRp_new))」)が得られる。次いで、管理装置10のセキュアエレメント20が、CANインタフェース12により、暗号化データKc(KRs_new,「KRp_new,KRs_old(hash(KRp_new))」)を第1のECU50のセキュアエレメント60へ送信する。 (Step S33: Sending a New Root Private Key and New Root Certificate): In the secure element 20 of the management apparatus 10, the encryption processing unit 24 uses the encryption path key Kc generated by the key generation unit 21 in the above step S32. The new root secret key KRs_new and the new root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” are encrypted. As a result, encrypted data Kc (KRs_new, “KRp_new, KRs_old (hash (KRp_new))”) is obtained. Next, the secure element 20 of the management device 10 transmits the encrypted data Kc (KRs_new, “KRp_new, KRs_old (hash (KRp_new))”) to the secure element 60 of the first ECU 50 via the CAN interface 12.
 (ステップS34):第1のECU50のセキュアエレメント60が、CANインタフェース52により、管理装置10のセキュアエレメント20から暗号化データKc(KRs_new,「KRp_new,KRs_old(hash(KRp_new))」)を受信する。第1のECU50のセキュアエレメント60において、暗号処理部64が、管理装置10のセキュアエレメント20から受信した暗号化データKc(KRs_new,「KRp_new,KRs_old(hash(KRp_new))」)を、上記のステップS32で暗号路鍵の送付データKC1p(Kc)の復号化により得られた暗号路鍵Kcで復号化する。この復号化により、復号化データ「Kc・Kc(KRs_new,「KRp_new,KRs_old(hash(KRp_new))」)」が得られる。暗号化データKc(KRs_new,「KRp_new,KRs_old(hash(KRp_new))」)の復号化が成功すれば、復号化データ「Kc・Kc(KRs_new,「KRp_new,KRs_old(hash(KRp_new))」)」から、新Root秘密鍵KRs_newと、新Root証明書Cert_KRp_new「KRp_new,KRs_old(hash(KRp_new))」とが得られる。ここでは、暗号化データKc(KRs_new,「KRp_new,KRs_old(hash(KRp_new))」)の復号化が成功し、新Root秘密鍵KRs_newと、新Root証明書Cert_KRp_new「KRp_new,KRs_old(hash(KRp_new))」とが得られたとする。次いで、検証部63が、得られた新Root証明書Cert_KRp_new「KRp_new,KRs_old(hash(KRp_new))」を検証する。 (Step S34): The secure element 60 of the first ECU 50 receives the encrypted data Kc (KRs_new, “KRp_new, KRs_old (hash (KRp_new))”) from the secure element 20 of the management apparatus 10 through the CAN interface 52. . In the secure element 60 of the first ECU 50, the encryption processing unit 64 receives the encrypted data Kc (KRs_new, “KRp_new, KRs_old (hash (KRp_new))”) received from the secure element 20 of the management apparatus 10 in the above steps. In S32, decryption is performed with the encryption path key Kc obtained by decrypting the transmission data KC1p (Kc) of the encryption path key. By this decryption, decrypted data “Kc · Kc (KRs_new,“ KRp_new, KRs_old (hash (KRp_new)) ”)” is obtained. If the decryption of the encrypted data Kc (KRs_new, “KRp_new, KRs_old (hash (KRp_new))”) is successful, the decrypted data “Kc · Kc (KRs_new,“ KRp_new, KRs_old (hash (KRp_new)) ”). Thus, a new root secret key KRs_new and a new root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” are obtained. Here, the decryption of the encrypted data Kc (KRs_new, “KRp_new, KRs_old (hash (KRp_new))”) succeeds, and the new Root secret key KRs_new and the new Root certificate Cert_KRp_new (KRp_new, HRs_oldK_rKold_p) ) "Is obtained. Next, the verification unit 63 verifies the obtained new root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))”.
 新Root証明書Cert_KRp_new「KRp_new,KRs_old(hash(KRp_new))」の検証において、まず検証部63が、新Root証明書Cert_KRp_new「KRp_new,KRs_old(hash(KRp_new))」から新Root公開鍵KRp_newを取得し、取得した新Root公開鍵KRp_newのハッシュ値hash(KRp_new)を算出する。次いで、検証部63が、新Root証明書Cert_KRp_new「KRp_new,KRs_old(hash(KRp_new))」から電子署名KRs_old(hash(KRp_new))を取得し、取得した電子署名KRs_old(hash(KRp_new))を、Root証明書記憶部71に記憶される旧Root証明書Cert_KRp_oldの旧Root公開鍵KRp_oldで復号化する。この復号化により、復号化データ「KRp_old・KRs_old(hash(KRp_new))」が得られる。 In the verification of the new Root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))”, the verification unit 63 first obtains the new Root certificate Cert_KRp_new “KRp_new, KRs_old (new from the hash (KRp_New) key”). Then, the hash value hash (KRp_new) of the acquired new Root public key KRp_new is calculated. Next, the verification unit 63 acquires the electronic signature KRs_old (hash (KRp_new)) from the new Root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))”, and acquires the acquired electronic signature KRs_old (hash (KRp_new)). Decryption is performed with the old Root public key KRp_old of the old Root certificate Cert_KRp_old stored in the Root certificate storage unit 71. By this decryption, decrypted data “KRp_old · KRs_old (hash (KRp_new))” is obtained.
 次いで、検証部63が、算出したハッシュ値hash(KRp_new)と、復号化データ「KRp_old・KRs_old(hash(KRp_new))」とが一致するかを判定する。この判定の結果、一致する場合には新Root証明書Cert_KRp_new「KRp_new,KRs_old(hash(KRp_new))」の検証が成功であり、不一致する場合には新Root証明書Cert_KRp_new「KRp_new,KRs_old(hash(KRp_new))」の検証が失敗である。 Next, the verification unit 63 determines whether or not the calculated hash value hash (KRp_new) matches the decrypted data “KRp_old · KRs_old (hash (KRp_new))”. As a result of this determination, if they match, the verification of the new Root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” is successful, and if they do not match, the new Root certificate Cert_KRp_new “KRp_new, HRs_old (hs KRp_new)) "is unsuccessful.
 新Root証明書Cert_KRp_new「KRp_new,KRs_old(hash(KRp_new))」の検証が成功である場合には、Root証明書記憶部71が、新Root証明書Cert_KRp_new「KRp_new,KRs_old(hash(KRp_new))」を記憶する。Root秘密鍵記憶部72が、新Root秘密鍵KRs_newを記憶する。また、Root証明書記憶部71に記憶される新Root証明書Cert_KRp_new「KRp_new,KRs_old(hash(KRp_new))」とRoot秘密鍵記憶部72に記憶される新Root秘密鍵KRs_newとがペアであることを示す関連付け情報を設定する。この後、図9の処理を終了する。 If the verification of the new Root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” is successful, the Root certificate storage unit 71 sets the new Root certificate Cert_KRp_new “KRp_new, KRs_old (p)” Remember. The root secret key storage unit 72 stores the new root secret key KRs_new. Also, the new Root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” stored in the Root certificate storage unit 71 and the new Root secret key KRs_new stored in the Root secret key storage unit 72 are a pair. Set the association information indicating. Thereafter, the process of FIG. 9 is terminated.
 一方、新Root証明書Cert_KRp_new「KRp_new,KRs_old(hash(KRp_new))」の検証が失敗である場合には、図9の処理を終了する。よって、新Root証明書Cert_KRp_new「KRp_new,KRs_old(hash(KRp_new))」は、Root証明書記憶部71に記憶されない。また、新Root証明書Cert_KRp_new「KRp_new,KRs_old(hash(KRp_new))」の検証が失敗である場合に、制御部51が所定のエラー処理を実行してもよい。 On the other hand, if the verification of the new root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” is unsuccessful, the processing in FIG. 9 is terminated. Therefore, the new root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” is not stored in the root certificate storage unit 71. In addition, when the verification of the new root certificate Cert_KRp_new “KRp_new, KRs_old (hash (KRp_new))” is unsuccessful, the control unit 51 may execute a predetermined error process.
 上述したRoot証明書の更新段階によれば、自動車1の内部に閉じて、Root証明書とRoot秘密鍵のペアを更新することができる。このため、Root証明書とRoot秘密鍵のペアを定期的に更新することにより、Root証明書とRoot秘密鍵のペアの信頼性を高めることができるので、一般のPKIを使用することなく自動車1の内部に閉じた公開鍵暗号方式を実現する際の安全性が向上する。例えば、初期Root証明書Cert_KRpと初期Root秘密鍵KRsのペアを更新することなく使い続ける場合、耐タンパー性を有するセキュアエレメントであっても、漏洩電磁波解析の結果として初期Root証明書Cert_KRpと初期Root秘密鍵KRsのペアが漏洩する可能性を否定できない。このため、Root証明書とRoot秘密鍵のペアを定期的に更新することは好ましい。また、初期Root証明書Cert_KRpと初期Root秘密鍵KRsのペアについては、信頼性の向上のために、できる限り使用回数を少なくすることは好ましい。例えば、初期Root証明書Cert_KRpと初期Root秘密鍵KRsのペアの使用は、所定回数(例えば1回のみ)に限定してもよい。 According to the above-described root certificate renewal stage, the root certificate and the root private key pair can be updated by being closed inside the automobile 1. Therefore, by periodically updating the pair of the root certificate and the root private key, the reliability of the pair of the root certificate and the root private key can be improved, so that the automobile 1 can be used without using a general PKI. The security at the time of realizing the public key cryptosystem closed inside is improved. For example, when the pair of the initial root certificate Cert_KRp and the initial root secret key KRs is continuously used without being updated, even if the secure element has tamper resistance, the initial root certificate Cert_KRp and the initial root are obtained as a result of the leakage electromagnetic wave analysis. The possibility of leakage of the secret key KRs pair cannot be denied. For this reason, it is preferable to periodically update the pair of the root certificate and the root private key. Further, it is preferable to reduce the number of times of use of the pair of the initial root certificate Cert_KRp and the initial root secret key KRs as much as possible in order to improve the reliability. For example, the use of the pair of the initial root certificate Cert_KRp and the initial root secret key KRs may be limited to a predetermined number of times (for example, only once).
 また、Root証明書とRoot秘密鍵のペアは自動車1毎に異なることが好ましい。
上述したRoot証明書の更新段階によれば、自動車1の内部に閉じてRoot証明書とRoot秘密鍵のペアを更新することができるので、初期Root証明書Cert_KRpと初期Root秘密鍵KRsのペアが各自動車1に共通であったとしても、Root証明書とRoot秘密鍵のペアの更新により、各自動車1のRoot証明書とRoot秘密鍵のペアが異なるようにすることができる。 The pair of the root certificate and the root secret key is preferably different for each automobile 1.
According to the above-described root certificate update stage, the pair of the root certificate and the root secret key can be updated by being closed inside the automobile 1, so that the pair of the initial root certificate Cert_KRp and the initial root secret key KRs is Even if it is common to each automobile 1, the pair of the root certificate and the root secret key of each automobile 1 can be made different by updating the pair of the root certificate and the root secret key.
[第2実施形態]
 図10は、第2実施形態に係る管理システムを示す図である。図10において図1の各部に対応する部分には同一の符号を付け、その説明を省略する。図10において、管理システムは、管理装置10aと管理サーバ装置80を備える。管理装置10aは自動車1に備わる。管理サーバ装置80は、無線通信ネットワーク2の通信事業者に備わる。 [Second Embodiment]
FIG. 10 is a diagram illustrating a management system according to the second embodiment. 10, parts corresponding to those in FIG. 1 are given the same reference numerals, and descriptions thereof are omitted. 10, the management system includes a management device 10a and a management server device 80. The management device 10a is provided in the automobile 1. The management server device 80 is provided in a communication carrier of the wireless communication network 2.
 無線通信ネットワーク2を利用するためには、無線通信ネットワーク2の契約者情報が書き込まれたSIM(Subscriber Identity Module)又はeSIM(Embedded Subscriber Identity Module)が必要である。管理装置10aは、SIM_20aを備える。SIM_20aは、無線通信ネットワーク2の契約者情報が書き込まれたSIMである。よって、管理装置10aは、SIM_20aを使用することにより無線通信ネットワーク2を利用できる。管理装置10aは、SIM_20aを使用して確立される無線通信回線3により無線通信ネットワーク2に接続する。SIM_20aはセキュアエレメントである。 In order to use the wireless communication network 2, a SIM (Subscriber Identity Module) or eSIM (Embedded Subscriber Identity Module) in which subscriber information of the wireless communication network 2 is written is necessary. The management device 10a includes a SIM_20a. SIM_20a is a SIM in which subscriber information of the wireless communication network 2 is written. Therefore, the management apparatus 10a can use the wireless communication network 2 by using SIM_20a. The management device 10a connects to the wireless communication network 2 through the wireless communication line 3 established using SIM_20a. SIM_20a is a secure element.
 管理サーバ装置80は、無線通信ネットワーク2の通信事業者の通信回線4により無線通信ネットワーク2に接続する。管理装置10aと管理サーバ装置80とは、無線通信ネットワーク2を介して通信する。 The management server device 80 is connected to the wireless communication network 2 through the communication line 4 of the communication carrier of the wireless communication network 2. The management device 10a and the management server device 80 communicate via the wireless communication network 2.
 なお、管理装置10aと管理サーバ装置80との間に無線通信ネットワーク2を介した専用線を確立し、管理装置10aと管理サーバ装置80とが専用線を介してデータを送受するようにしてもよい。 Note that a dedicated line is established between the management apparatus 10a and the management server apparatus 80 via the wireless communication network 2, and the management apparatus 10a and the management server apparatus 80 transmit and receive data via the dedicated line. Good.
 自動車1において、管理装置10aは制御用車載ネットワーク40に接続される。本実施形態では、制御用車載ネットワーク40はCANである。制御用車載ネットワーク40には、各種のECU50が接続される。管理装置10aは、制御用車載ネットワーク40を介して、各ECU50との間でデータを交換する。 In the automobile 1, the management device 10 a is connected to the control in-vehicle network 40. In the present embodiment, the in-vehicle network for control 40 is a CAN. Various ECUs 50 are connected to the control in-vehicle network 40. The management device 10a exchanges data with each ECU 50 via the control in-vehicle network 40.
 図11は、第2実施形態に係る管理装置10aを示す構成図である。図11において図2の各部に対応する部分には同一の符号を付け、その説明を省略する。図11において、管理装置10aは、制御部11とCANインタフェース12と無線通信部13とSIM_20aを備える。これら各部はデータを交換できるように構成される。SIM_20aは、鍵生成部21と鍵記憶部22と検証部23と暗号処理部24を備える。第2実施形態においても、鍵記憶部22の構成は上記の図3に示される構成と同じである。 FIG. 11 is a configuration diagram showing the management apparatus 10a according to the second embodiment. In FIG. 11, parts corresponding to those in FIG. In FIG. 11, the management device 10a includes a control unit 11, a CAN interface 12, a wireless communication unit 13, and SIM_20a. Each of these units is configured to exchange data. The SIM_20a includes a key generation unit 21, a key storage unit 22, a verification unit 23, and an encryption processing unit 24. Also in the second embodiment, the configuration of the key storage unit 22 is the same as the configuration shown in FIG.
 SIM_20aは、セキュアエレメントであり、耐タンパー性を有する。なお、セキュアエレメントとして、SIM_20aの代わりにeSIMを利用してもよい。SIM及びeSIMは、コンピュータの一種であり、コンピュータプログラムによって所望の機能を実現する。 SIM_20a is a secure element and has tamper resistance. As a secure element, eSIM may be used instead of SIM_20a. SIM and eSIM are a kind of computer, and a desired function is realized by a computer program.
 無線通信部13は無線通信によりデータを送受する。SIM_20aは、無線通信ネットワーク2の契約者情報が書き込まれたSIMである。よって、無線通信部13は、SIM_20aを使用することにより、無線通信回線3を介して無線通信ネットワーク2に接続する。 The wireless communication unit 13 transmits and receives data by wireless communication. SIM_20a is a SIM in which subscriber information of the wireless communication network 2 is written. Therefore, the wireless communication unit 13 connects to the wireless communication network 2 via the wireless communication line 3 by using SIM_20a.
 SIM_20aは、上記の図2に示すセキュアエレメント20と同様の機能を実現する。これにより、上記の図6から図9を参照して説明した第1実施形態の管理方法が実現される。 SIM_20a implements the same function as the secure element 20 shown in FIG. Thereby, the management method of the first embodiment described with reference to FIGS. 6 to 9 is realized.
 本実施形態では、SIM_20aは、無線通信部13により、無線通信ネットワーク2を介して管理サーバ装置80とデータを交換する。管理サーバ装置80は、SIM_20aへ、Root証明書とRoot秘密鍵のペアを送信する。管理サーバ装置80からSIM_20aへRoot証明書とRoot秘密鍵のペアを送信する際には、管理装置10aと管理サーバ装置80との間に無線通信ネットワーク2を介した専用線を確立し、確立した専用線を介してデータを送受することが好ましい。 In this embodiment, the SIM_20a exchanges data with the management server device 80 via the wireless communication network 2 by the wireless communication unit 13. The management server device 80 transmits a pair of a root certificate and a root secret key to the SIM_20a. When transmitting a pair of root certificate and root private key from the management server device 80 to the SIM_20a, a dedicated line is established between the management device 10a and the management server device 80 via the wireless communication network 2 and established. It is preferable to send and receive data via a dedicated line.
 SIM_20aは、管理サーバ装置80から受信したRoot証明書を、Root証明書記憶部31に記憶させる。SIM_20aは、管理サーバ装置80から受信したRoot秘密鍵を、Root秘密鍵記憶部32に記憶させる。 SIM_20a stores the root certificate received from the management server device 80 in the root certificate storage unit 31. The SIM_20a stores the Root secret key received from the management server device 80 in the Root secret key storage unit 32.
 本実施形態によれば、無線通信により、管理サーバ装置80から自動車1へRoot証明書とRoot秘密鍵のペアを送信することができる。これにより、自動車1に保持されるRoot証明書とRoot秘密鍵のペアを、管理サーバ装置80から更新することができる。 According to this embodiment, a pair of a root certificate and a root private key can be transmitted from the management server device 80 to the automobile 1 by wireless communication. Thereby, the pair of the Root certificate and the Root private key held in the automobile 1 can be updated from the management server device 80.
 なお、無線通信ネットワーク2の電波が届かない等の理由により管理装置10aが無線通信ネットワーク2を介して管理サーバ装置80と通信できない場合には、必要に応じて、自動車1に対し、新たなRoot証明書とRoot秘密鍵のペアを保持する管理装置10a及びECU50に交換してもよい。 If the management apparatus 10a cannot communicate with the management server apparatus 80 via the wireless communication network 2 because the radio wave of the wireless communication network 2 does not reach or the like, a new root is given to the automobile 1 as necessary. The management apparatus 10a that holds a pair of a certificate and a root private key and the ECU 50 may be exchanged.
 以上、本発明の実施形態について図面を参照して詳述してきたが、具体的な構成はこの実施形態に限られるものではなく、本発明の要旨を逸脱しない範囲の設計変更等も含まれる。 As described above, the embodiment of the present invention has been described in detail with reference to the drawings. However, the specific configuration is not limited to this embodiment, and includes design changes and the like within a scope not departing from the gist of the present invention.
 例えば、セキュアエレメントとして、SIM又はeSIMを使用する例を挙げたが、これに限定されない。セキュアエレメントとして、例えば、耐タンパー性のある暗号処理チップを使用してもよい。耐タンパー性のある暗号処理チップとして、例えば、HSM(Hardware Security Module)やTPM(Trusted Platform Module)と呼ばれる暗号処理チップが知られている。TPMについては、例えば非特許文献3に記載されている。例えば、管理装置10のセキュアエレメント20及びECU50のセキュアエレメント60にHSM又はTPMを使用してもよい。又は、管理装置10,10aのセキュアエレメント20,20a及びECU50のセキュアエレメント60にSIM又はeSIMを使用してもよい。又は、管理装置10,10aのセキュアエレメント20,20aとしてSIM又はeSIMを使用し、ECU50のセキュアエレメント60としてHSM又はTPMを使用してもよい。 For example, although the example using SIM or eSIM as a secure element was given, it is not limited to this. As the secure element, for example, a tamper resistant cryptographic processing chip may be used. As tamper-resistant cryptographic processing chips, for example, cryptographic processing chips called HSM (Hardware Security Module) and TPM (Trusted Platform Module) are known. About TPM, it describes in the nonpatent literature 3, for example. For example, HSM or TPM may be used for the secure element 20 of the management apparatus 10 and the secure element 60 of the ECU 50. Alternatively, SIM or eSIM may be used for the secure elements 20 and 20a of the management devices 10 and 10a and the secure element 60 of the ECU 50. Alternatively, SIM or eSIM may be used as the secure elements 20 and 20a of the management devices 10 and 10a, and HSM or TPM may be used as the secure element 60 of the ECU 50.
 また、自動車1に備わるいずれかのECU50を管理装置10又は管理装置10aとして機能させてもよい。 Further, any ECU 50 provided in the automobile 1 may function as the management device 10 or the management device 10a.
 また、車両として自動車を例に挙げたが、原動機付自転車や鉄道車両等の自動車以外の他の車両にも適用可能である。 In addition, although an automobile is given as an example of a vehicle, the present invention can also be applied to other vehicles such as a motorbike and a railway vehicle.
 また、上述した管理装置10、管理装置10a又はECU50が実行する管理方法の各ステップを実現するためのコンピュータプログラムをコンピュータ読み取り可能な記録媒体に記録して、この記録媒体に記録されたプログラムをコンピュータシステムに読み込ませ、実行するようにしてもよい。なお、ここでいう「コンピュータシステム」とは、OSや周辺機器等のハードウェアを含むものであってもよい。
 また、「コンピュータ読み取り可能な記録媒体」とは、フレキシブルディスク、光磁気ディスク、ROM、フラッシュメモリ等の書き込み可能な不揮発性メモリ、DVD(Digital Versatile Disk)等の可搬媒体、コンピュータシステムに内蔵されるハードディスク等の記憶装置のことをいう。 In addition, a computer program for realizing each step of the management method executed by the management device 10, the management device 10a, or the ECU 50 described above is recorded on a computer-readable recording medium, and the program recorded on the recording medium is stored in the computer. It may be read by the system and executed. Here, the “computer system” may include an OS and hardware such as peripheral devices.
“Computer-readable recording medium” refers to a flexible disk, a magneto-optical disk, a ROM, a writable nonvolatile memory such as a flash memory, a portable medium such as a DVD (Digital Versatile Disk), and a built-in computer system. A storage device such as a hard disk.
 さらに「コンピュータ読み取り可能な記録媒体」とは、インターネット等のネットワークや電話回線等の通信回線を介してプログラムが送信された場合のサーバやクライアントとなるコンピュータシステム内部の揮発性メモリ(例えばDRAM(Dynamic Random Access Memory))のように、一定時間プログラムを保持しているものも含むものとする。
 また、上記プログラムは、このプログラムを記憶装置等に格納したコンピュータシステムから、伝送媒体を介して、あるいは、伝送媒体中の伝送波により他のコンピュータシステムに伝送されてもよい。ここで、プログラムを伝送する「伝送媒体」は、インターネット等のネットワーク(通信網)や電話回線等の通信回線(通信線)のように情報を伝送する機能を有する媒体のことをいう。
 また、上記プログラムは、前述した機能の一部を実現するためのものであっても良い。
 さらに、前述した機能をコンピュータシステムにすでに記録されているプログラムとの組み合わせで実現できるもの、いわゆる差分ファイル(差分プログラム)であっても良い。 Further, the “computer-readable recording medium” means a volatile memory (for example, DRAM (Dynamic DRAM) in a computer system that becomes a server or a client when a program is transmitted through a network such as the Internet or a communication line such as a telephone line. Random Access Memory)), etc., which hold programs for a certain period of time.
The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.
The program may be for realizing a part of the functions described above.
Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.
 本発明は、管理システム、車両、管理装置、車載コンピュータ、管理方法、及びコンピュータプログラムに適用してもよい。 The present invention may be applied to a management system, a vehicle, a management device, an in-vehicle computer, a management method, and a computer program.
1…自動車
2…無線通信ネットワーク
3…無線通信回線
4…通信回線
10,10a…管理装置
11,51…制御部
12,52…CANインタフェース
13…無線通信部
20,60…セキュアエレメント
20a…SIM(セキュアエレメント)
21,61…鍵生成部
22,62…鍵記憶部
23,63…検証部
24,64…暗号処理部
31,71…Root証明書記憶部
32,72…Root秘密鍵記憶部
33,75…S公開鍵証明書記憶部
34…S秘密鍵記憶部
35,73…C公開鍵証明書記憶部
36,76…MAC鍵記憶部
80…管理サーバ装置 DESCRIPTION OF SYMBOLS 1 ... Automobile 2 ... Wireless communication network 3 ... Wireless communication line 4 ... Communication line 10, 10a ... Management apparatus 11, 51 ... Control part 12, 52 ... CAN interface 13 ... Wireless communication part 20, 60 ... Secure element 20a ... SIM ( Secure element)
21, 61 ... key generation unit 22, 62 ... key storage unit 23, 63 ... verification unit 24, 64 ... encryption processing unit 31, 71 ... Root certificate storage unit 32, 72 ... Root secret key storage unit 33, 75 ... S Public key certificate storage unit 34 ... S private key storage unit 35, 73 ... C public key certificate storage unit 36,76 ... MAC key storage unit 80 ... management server device

Claims (11)

  1.  車両に備わる管理装置と車載コンピュータを備え、前記管理装置と前記車載コンピュータとが前記車両に備わる通信ネットワークを介して通信する管理システムであって、
     前記管理装置と前記車載コンピュータとが、Root秘密鍵と前記Root秘密鍵のペアのRoot公開鍵の公開鍵証明書であるRoot証明書とを記憶する鍵記憶部を、共通して備え、
     前記鍵記憶部に記憶されるRoot証明書とRoot秘密鍵のペアを使用して、公開鍵暗号方式に使用される公開鍵証明書を発行する、
     管理システム。     A management system comprising a management device and an in-vehicle computer provided in a vehicle, wherein the management device and the in-vehicle computer communicate via a communication network provided in the vehicle,
    The management device and the in-vehicle computer commonly include a key storage unit that stores a root certificate that is a public key certificate of a root public key and a root public key of a pair of the root private key.
    Issuing a public key certificate used in a public key cryptosystem using a pair of a Root certificate and a Root private key stored in the key storage unit;
    Management system.
  2.  前記管理装置は、
     公開鍵と秘密鍵のペアを生成する鍵生成部と、
     前記管理装置の鍵記憶部に記憶されるRoot秘密鍵を使用して、前記鍵生成部により生成された公開鍵の電子署名を生成する暗号処理部と、を備え、
     前記鍵生成部により生成された公開鍵と前記暗号処理部により生成された電子署名とから構成される公開鍵証明書を前記車載コンピュータへ送信し、
     前記車載コンピュータは、
     前記管理装置から受信した公開鍵証明書を、前記車載コンピュータの鍵記憶部に記憶されるRoot証明書を使用して検証する検証部を備える、
     請求項1に記載の管理システム。     The management device
    A key generation unit that generates a public key and private key pair;
    An encryption processing unit that generates an electronic signature of the public key generated by the key generation unit using a Root private key stored in the key storage unit of the management device,
    A public key certificate composed of a public key generated by the key generation unit and an electronic signature generated by the cryptographic processing unit is transmitted to the in-vehicle computer,
    The in-vehicle computer is
    A verification unit that verifies the public key certificate received from the management device using a Root certificate stored in the key storage unit of the in-vehicle computer;
    The management system according to claim 1.
  3.  前記車載コンピュータは、
     公開鍵と秘密鍵のペアを生成する鍵生成部と、
     前記車載コンピュータの鍵記憶部に記憶されるRoot秘密鍵を使用して、前記車載コンピュータの鍵生成部により生成された公開鍵の電子署名を生成する暗号処理部と、を備え、
     前記車載コンピュータの鍵生成部により生成された公開鍵と前記車載コンピュータの暗号処理部により生成された電子署名とから構成される公開鍵証明書を前記管理装置へ送信し、
     前記管理装置は、
     前記車載コンピュータから受信した公開鍵証明書を、前記管理装置の鍵記憶部に記憶されるRoot証明書を使用して検証する検証部を備える、
     請求項2に記載の管理システム。     The in-vehicle computer is
    A key generation unit that generates a public key and private key pair;
    An encryption processing unit that generates an electronic signature of the public key generated by the key generation unit of the in-vehicle computer using a Root secret key stored in the key storage unit of the in-vehicle computer,
    A public key certificate generated by the public key generated by the key generation unit of the in-vehicle computer and the electronic signature generated by the encryption processing unit of the in-vehicle computer is transmitted to the management device;
    The management device
    A verification unit that verifies the public key certificate received from the in-vehicle computer using a Root certificate stored in the key storage unit of the management device;
    The management system according to claim 2.
  4.  前記管理装置の鍵生成部は鍵を生成し、
     前記管理装置の暗号処理部は、前記車載コンピュータへ送信した公開鍵証明書の公開鍵とペアの秘密鍵を使用して、前記管理装置の鍵生成部により生成された鍵の電子署名を生成し、当該鍵と当該電子署名とから構成される鍵証明書を前記車載コンピュータから受信した公開鍵証明書の公開鍵で暗号化し、
     前記管理装置は前記鍵証明書の暗号化データを前記車載コンピュータへ送信し、
     前記車載コンピュータの暗号処理部は、前記管理装置から受信した鍵証明書の暗号化データを、前記管理装置へ送信した公開鍵証明書の公開鍵とペアの秘密鍵で復号化し、
     前記車載コンピュータの検証部は、前記鍵証明書の暗号化データの復号化データを、前記管理装置から受信した公開鍵証明書の公開鍵を使用して検証する、
     請求項3に記載の管理システム。     A key generation unit of the management device generates a key;
    The encryption processing unit of the management device generates an electronic signature of the key generated by the key generation unit of the management device using a public key paired with the public key of the public key certificate transmitted to the in-vehicle computer. , Encrypt the key certificate composed of the key and the electronic signature with the public key of the public key certificate received from the in-vehicle computer,
    The management device transmits encrypted data of the key certificate to the in-vehicle computer,
    The encryption processing unit of the in-vehicle computer decrypts the encrypted data of the key certificate received from the management device with the private key paired with the public key of the public key certificate transmitted to the management device,
    The verification unit of the in-vehicle computer verifies the decrypted data of the encrypted data of the key certificate using the public key of the public key certificate received from the management device;
    The management system according to claim 3.
  5.  前記管理装置の鍵生成部は、新Root公開鍵と新Root秘密鍵のペアを生成し、
     前記管理装置の暗号処理部は、前記管理装置の鍵記憶部に記憶されるRoot秘密鍵を使用して前記新Root公開鍵の電子署名を生成し、
     前記管理装置の鍵記憶部は、前記新Root秘密鍵と、前記新Root公開鍵と当該新Root公開鍵の電子署名とから構成される公開鍵証明書である新Root証明書とを記憶し、
     前記管理装置は、前記新Root秘密鍵と前記新Root証明書を、前記車載コンピュータとの間で共有する暗号路鍵で暗号化して前記車載コンピュータへ送信し、
     前記車載コンピュータは、前記管理装置から受信した前記新Root秘密鍵と前記新Root証明書の暗号化データを前記暗号路鍵で復号化し、
     前記車載コンピュータの検証部は、復号化された前記新Root証明書を、前記車載コンピュータの鍵記憶部に記憶されるRoot証明書を使用して検証し、
     前記車載コンピュータの鍵記憶部は、前記新Root証明書の検証が成功である場合に、前記新Root秘密鍵と前記新Root証明書を記憶する、
     請求項1から4のいずれか1項に記載の管理システム。     The key generation unit of the management device generates a pair of a new root public key and a new root private key,
    The encryption processing unit of the management device generates an electronic signature of the new Root public key using a Root private key stored in the key storage unit of the management device,
    The key storage unit of the management device stores the new Root private key, a new Root certificate that is a public key certificate composed of the new Root public key and an electronic signature of the new Root public key,
    The management device encrypts the new Root private key and the new Root certificate with an encryption path key shared with the in-vehicle computer, and transmits the encrypted information to the in-vehicle computer.
    The in-vehicle computer decrypts the encrypted data of the new Root private key and the new Root certificate received from the management device with the encryption path key,
    The verification unit of the in-vehicle computer verifies the decrypted new Root certificate using a Root certificate stored in the key storage unit of the in-vehicle computer,
    The key storage unit of the in-vehicle computer stores the new Root private key and the new Root certificate when the verification of the new Root certificate is successful.
    The management system according to any one of claims 1 to 4.
  6.  請求項1から5のいずれか1項に記載の管理システムを備える車両。 A vehicle comprising the management system according to any one of claims 1 to 5.
  7.  車両に備わる通信ネットワークを介して前記車両に備わる車載コンピュータと通信する前記車両に備わる管理装置であって、
     Root秘密鍵と前記Root秘密鍵のペアのRoot公開鍵の公開鍵証明書であるRoot証明書とを記憶する鍵記憶部を、前記車載コンピュータと共通して備え、
     前記鍵記憶部に記憶されるRoot証明書とRoot秘密鍵のペアを使用して、公開鍵暗号方式に使用される公開鍵証明書を発行する、
     管理装置。     A management device provided in the vehicle that communicates with an in-vehicle computer provided in the vehicle via a communication network provided in the vehicle,
    A key storage unit that stores a Root private key and a Root certificate that is a public key certificate of a Root public key of the Root private key pair in common with the in-vehicle computer;
    Issuing a public key certificate used in a public key cryptosystem using a pair of a Root certificate and a Root private key stored in the key storage unit;
    Management device.
  8.  車両に備わる通信ネットワークを介して前記車両に備わる管理装置と通信する前記車両に備わる車載コンピュータであって、
     Root秘密鍵と前記Root秘密鍵のペアのRoot公開鍵の公開鍵証明書であるRoot証明書とを記憶する鍵記憶部を、前記管理装置と共通して備え、
     前記鍵記憶部に記憶されるRoot証明書とRoot秘密鍵のペアを使用して、公開鍵暗号方式に使用される公開鍵証明書を発行する、
     車載コンピュータ。     An in-vehicle computer provided in the vehicle that communicates with a management device provided in the vehicle via a communication network provided in the vehicle,
    A key storage unit for storing a Root private key and a Root certificate that is a public key certificate of a Root public key of the Root private key pair in common with the management device;
    Issuing a public key certificate used in a public key cryptosystem using a pair of a Root certificate and a Root private key stored in the key storage unit;
    In-vehicle computer.
  9.  車両に備わる管理装置と車載コンピュータを備え、前記管理装置と前記車載コンピュータとが前記車両に備わる通信ネットワークを介して通信する管理システムの管理方法であって、
     前記管理装置と前記車載コンピュータとが、Root秘密鍵と前記Root秘密鍵のペアのRoot公開鍵の公開鍵証明書であるRoot証明書とを、共通して各々の鍵記憶部に記憶するステップと、
     前記鍵記憶部に記憶されるRoot証明書とRoot秘密鍵のペアを使用して、公開鍵暗号方式に使用される公開鍵証明書を発行するステップと、
     を含む管理方法。     A management system comprising a management device and an in-vehicle computer provided in a vehicle, wherein the management device and the in-vehicle computer communicate via a communication network provided in the vehicle,
    The management device and the in-vehicle computer commonly store in each key storage unit a root certificate that is a public key certificate of a root public key and a root public key of a pair of the root private key. ,
    Issuing a public key certificate used in a public key cryptosystem using a pair of a Root certificate and a Root private key stored in the key storage unit;
    Management method including.
  10.  車両に備わる通信ネットワークを介して前記車両に備わる車載コンピュータと通信する前記車両に備わる管理装置のコンピュータに、
     Root秘密鍵と前記Root秘密鍵のペアのRoot公開鍵の公開鍵証明書であるRoot証明書とを、前記車載コンピュータと共通して鍵記憶部に記憶するステップと、
     前記鍵記憶部に記憶されるRoot証明書とRoot秘密鍵のペアを使用して、公開鍵暗号方式に使用される公開鍵証明書を発行するステップと、
     を実行させるためのコンピュータプログラム。     A computer of a management device provided in the vehicle that communicates with an in-vehicle computer provided in the vehicle via a communication network provided in the vehicle;
    Storing a Root certificate that is a public key certificate of a Root public key of a Root private key and a Root private key pair in the key storage unit in common with the in-vehicle computer;
    Issuing a public key certificate used in a public key cryptosystem using a pair of a Root certificate and a Root private key stored in the key storage unit;
    A computer program for running.
  11.  車両に備わる通信ネットワークを介して前記車両に備わる管理装置と通信する前記車両に備わる車載コンピュータに、
     Root秘密鍵と前記Root秘密鍵のペアのRoot公開鍵の公開鍵証明書であるRoot証明書とを、前記管理装置と共通して鍵記憶部に記憶するステップと、
     前記鍵記憶部に記憶されるRoot証明書とRoot秘密鍵のペアを使用して、公開鍵暗号方式に使用される公開鍵証明書を発行するステップと、
     を実行させるためのコンピュータプログラム。     An in-vehicle computer provided in the vehicle that communicates with a management device provided in the vehicle via a communication network provided in the vehicle;
    Storing a root certificate that is a public key certificate of a root public key and a root public key of a pair of the root secret key in a key storage unit in common with the management device;
    Issuing a public key certificate used in a public key cryptosystem using a pair of a Root certificate and a Root private key stored in the key storage unit;
    A computer program for running.
PCT/JP2016/057087 2015-06-22 2016-03-08 Management system, vehicle, management device, vehicle-mounted computer, management method, and computer program WO2016208227A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2015-124781 2015-06-22
JP2015124781A JP6188744B2 (en) 2015-06-22 2015-06-22 Management system, vehicle and management method

Publications (1)

Publication Number Publication Date
WO2016208227A1 true WO2016208227A1 (en) 2016-12-29

Family

ID=57585594

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/057087 WO2016208227A1 (en) 2015-06-22 2016-03-08 Management system, vehicle, management device, vehicle-mounted computer, management method, and computer program

Country Status (2)

Country Link
JP (1) JP6188744B2 (en)
WO (1) WO2016208227A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109150514A (en) * 2018-08-30 2019-01-04 北京新能源汽车股份有限公司 Key writing method and device
WO2024062811A1 (en) * 2022-09-20 2024-03-28 株式会社デンソー Electronic control device, key verification method, key verification program, and key management system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011148744A1 (en) * 2010-05-24 2011-12-01 ルネサスエレクトロニクス株式会社 Communication system, vehicle-mounted terminal, roadside device
JP2012186635A (en) * 2011-03-04 2012-09-27 Toyota Motor Corp Vehicle network system
JP2014107744A (en) * 2012-11-28 2014-06-09 Hitachi Industrial Equipment Systems Co Ltd Position information system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3761477B2 (en) * 2002-03-04 2006-03-29 エヌイーシーシステムテクノロジー株式会社 Mobile security system
JP5202646B2 (en) * 2008-12-11 2013-06-05 三菱電機株式会社 Self-authenticating communication device and device authentication system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011148744A1 (en) * 2010-05-24 2011-12-01 ルネサスエレクトロニクス株式会社 Communication system, vehicle-mounted terminal, roadside device
JP2012186635A (en) * 2011-03-04 2012-09-27 Toyota Motor Corp Vehicle network system
JP2014107744A (en) * 2012-11-28 2014-06-09 Hitachi Industrial Equipment Systems Co Ltd Position information system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109150514A (en) * 2018-08-30 2019-01-04 北京新能源汽车股份有限公司 Key writing method and device
CN109150514B (en) * 2018-08-30 2021-05-28 北京新能源汽车股份有限公司 Key writing method and device
WO2024062811A1 (en) * 2022-09-20 2024-03-28 株式会社デンソー Electronic control device, key verification method, key verification program, and key management system

Also Published As

Publication number Publication date
JP2017011482A (en) 2017-01-12
JP6188744B2 (en) 2017-08-30

Similar Documents

Publication Publication Date Title
JP6197000B2 (en) System, vehicle, and software distribution processing method
US10419220B2 (en) Management device, key generating device, vehicle, maintenance tool, management system, management method, and computer program
CN109076078B (en) Method for establishing and updating a key for secure on-board network communication
US20200177398A1 (en) System, certification authority, vehicle-mounted computer, vehicle, public key certificate issuance method, and program
CN109314640B (en) Vehicle information collection system, vehicle-mounted computer, vehicle information collection device, vehicle information collection method, and recording medium
WO2018029891A1 (en) Management system, key-generating device, on-board computer, management method, and computer program
JP6262681B2 (en) Management device, vehicle, management method, and computer program
JP6188672B2 (en) Key management system
US11212109B2 (en) Data provision system, data security device, data provision method, and computer program
JP6238939B2 (en) In-vehicle computer system, vehicle, management method, and computer program
JP2010011400A (en) Cipher communication system of common key system
JP6440334B2 (en) System, vehicle, and software distribution processing method
CN109314644B (en) Data providing system, data protection device, data providing method, and storage medium
JP2018082373A (en) Communication system
JP6192673B2 (en) Key management system, key management method, and computer program
CN108141444A (en) Improved authentication method and authentication device
CN114095919A (en) Certificate authorization processing method based on Internet of vehicles and related equipment
JP6476462B2 (en) In-vehicle computer system, vehicle, management method, and computer program
JP6188744B2 (en) Management system, vehicle and management method
JP2018082439A (en) Communication system, vehicle, server device, communication method, and computer program
US11570008B2 (en) Pseudonym credential configuration method and apparatus
WO2017126322A1 (en) In-car computer system, vehicle, key generation device, management method, key generation method, and computer program
JP6519060B2 (en) Management device, vehicle, management method, and computer program
JP2018026874A (en) Data providing system and data providing method
JP6787848B2 (en) Communication system and communication method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16813998

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16813998

Country of ref document: EP

Kind code of ref document: A1