WO2018037894A1 - Dispositif d'authentification pour véhicules - Google Patents

Dispositif d'authentification pour véhicules Download PDF

Info

Publication number
WO2018037894A1
WO2018037894A1 PCT/JP2017/028567 JP2017028567W WO2018037894A1 WO 2018037894 A1 WO2018037894 A1 WO 2018037894A1 JP 2017028567 W JP2017028567 W JP 2017028567W WO 2018037894 A1 WO2018037894 A1 WO 2018037894A1
Authority
WO
WIPO (PCT)
Prior art keywords
identification information
unit
electronic control
ecu
generated
Prior art date
Application number
PCT/JP2017/028567
Other languages
English (en)
Japanese (ja)
Inventor
隼基 村田
Original Assignee
株式会社オートネットワーク技術研究所
住友電装株式会社
住友電気工業株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社オートネットワーク技術研究所, 住友電装株式会社, 住友電気工業株式会社 filed Critical 株式会社オートネットワーク技術研究所
Publication of WO2018037894A1 publication Critical patent/WO2018037894A1/fr

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R16/00Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
    • B60R16/02Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
    • B60R16/023Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for transmission of signals between vehicle parts or subsystems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to a vehicle authentication device.
  • the in-vehicle system disclosed in Patent Document 1 includes an electronic control unit (ECU) and a communication device, and the communication device can wirelessly communicate with an external device outside the vehicle using an Internet protocol.
  • the electronic control device and the communication device are connected via an in-vehicle network, and a part of the electronic control device functions as an authentication device (vehicle authentication device). If the authentication device determines in the state determination process that the vehicle state corresponds to the security ensured state, the authentication device registers the device identifier acquired in the identification information acquisition process in the memory, and determines that the vehicle does not correspond to the security ensured state. Does not register the device identifier in the memory.
  • the authentication device when it is determined in the registration process that the device identifier acquired in the identification information acquisition process is registered in the memory, the authentication device performs a connection between the external device specified by the device identifier and the electronic control unit (ECU). Exchange of information between them is permitted, and exchange of information is prohibited based on the determination that it is not registered.
  • ECU electronice control unit
  • the above-described vehicular authentication device disclosed in Patent Document 1 has a problem of ensuring vehicle security when communication is performed between an in-vehicle system and an external device using an Internet protocol.
  • this vehicular authentication device is a technique for dealing with unauthorized communication from the outside, and has a problem that it cannot cope with unauthorized communication from the inside that occurs in the in-vehicle network. For example, when an unauthorized electronic control device is connected in the vehicle due to some unauthorized work, unauthorized control (spoofing communication, etc.) by this unauthorized electronic control device cannot be prevented.
  • the present invention has been made based on the above-described circumstances, and an object thereof is to provide a vehicular authentication device that can detect an unauthorized connection when an unauthorized electronic control device is connected to a network in the vehicle. To do.
  • An authentication device for a vehicle which is an example of the present invention, A generation unit that generates identification information when a predetermined generation time arrives; A transmission unit that transmits the generated identification information to an electronic control device in response to the generation of the identification information by the generation unit; A registration unit for registering the generated identification information in response to the generation of the identification information by the generation unit; When a predetermined vehicle operation start condition is satisfied, a predetermined confirmation process is performed to confirm whether reflection information reflecting the identification information registered in the registration unit is stored in the electronic control device, A determination unit that determines whether or not the electronic control device is a regular device based on a result of the confirmation process; Have
  • the vehicular authentication device includes a generation unit that generates identification information when a predetermined generation time has arrived, and transmits the generated identification information to the electronic control unit in response to generation of the identification information by the generation unit. And a registration unit that registers the generated identification information in response to the generation of the identification information by the generation unit.
  • identification information can be generated in response to the arrival of a predetermined generation time and assigned to the registration unit and the electronic control device. Then, when a predetermined vehicle operation start condition is satisfied, a predetermined confirmation process is performed to confirm whether or not the reflection information reflecting the identification information registered in the registration unit is stored in the electronic control device. Based on the result, it can be determined whether or not the electronic control device is a regular device.
  • the reflection information reflecting the identification information is not stored in this electronic control device, so the identification information registered in the registration unit If the confirmation process for confirming whether or not the reflection information reflecting the above is stored in the electronic control device, it is possible to more accurately determine whether or not the electronic control device is illegally connected.
  • FIG. 1 is a block diagram schematically illustrating an in-vehicle system including the vehicle authentication device according to the first embodiment.
  • FIG. 2 is a flowchart illustrating an ID assignment process performed by the vehicular authentication device according to the first embodiment.
  • FIG. 3 is a flowchart illustrating an authentication process performed by the vehicular authentication device according to the first embodiment.
  • FIG. 4 is an explanatory diagram showing that the ID assigned to each ECU has been updated by the ID assignment process.
  • FIG. 5 is an explanatory diagram conceptually showing a data frame of CAN communication performed by the authentication device and each ECU.
  • FIG. 6A is an explanatory diagram for explaining an ID included in a message of each ECU when a regular ID is assigned to each ECU, and
  • FIG. 6B is a diagram in which an unauthorized ECU is connected. It is explanatory drawing explaining ID contained in the message of each ECU when there is.
  • the generation unit may function to generate identification information every time the vehicle operates.
  • the transmission unit may function to transmit the generated identification information to the electronic control device every time the generation unit generates the identification information.
  • the registration unit can function to register the generated identification information every time the generation unit generates the identification information.
  • the determination unit may function to perform a confirmation process every time the vehicle operation start condition is satisfied and determine whether or not the electronic control device is a regular device.
  • the vehicular authentication apparatus configured as described above can generate identification information every time the vehicle operates, and can assign new identification information to the registration unit and the electronic control device every time the vehicle operates. And a confirmation process can be performed for every vehicle operation
  • the generating unit can function to generate identification information every time a predetermined vehicle operation end condition is satisfied and before the next vehicle operation start condition is satisfied after the vehicle operation end condition is satisfied.
  • the transmission unit may function to transmit the identification information to the electronic control device after the generation of the identification information by the generation unit until the next vehicle operation start condition is satisfied.
  • the registration unit can function to register the identification information after the generation unit generates the identification information and until the next vehicle operation start condition is satisfied.
  • identification information is generated after the vehicle operation end condition is satisfied until the next vehicle operation start condition is satisfied, and according to this generation, until the next vehicle operation start condition is satisfied.
  • the generation information is registered and assigned to the electronic control device, these processes can be performed at a time when the influence on the vehicle operation is relatively small.
  • the timing may be a period from the end of the vehicle operation to the next start of the vehicle operation, such as parking without an owner. high. Therefore, if new identification information is generated and assigned after the vehicle operation end condition is satisfied, even if an unauthorized device is connected until the next vehicle operation start condition is satisfied, it is newly assigned. Based on the identified information, it can be more reliably specified that an unauthorized device is connected.
  • the vehicle authentication device may include a notification unit that performs notification to the outside when the determination unit determines that the electronic control device is not a legitimate device.
  • the vehicular authentication device configured in this way can notify the outside when an unauthorized electronic control device is connected.
  • the generation unit can generate identification information to be given to a plurality of electronic control devices.
  • the transmission unit may transmit each identification information generated by the generation unit to each electronic control device.
  • the registration unit can register each piece of identification information generated by the generation unit.
  • the determination unit performs a confirmation process so as to collate each identification information registered in the registration unit with information stored in the plurality of electronic control devices, and whether the plurality of electronic control devices include an unauthorized device. It may be determined whether or not.
  • the device can be specifically identified.
  • An in-vehicle communication system 100 shown in FIG. 1 includes a vehicle authentication device 1 (hereinafter also referred to as authentication device 1) and a plurality of electronic control devices 20 (hereinafter also referred to as ECU (Electronic Control Unit) 20).
  • the authentication device 1 and the electronic control device 20 are mounted on a vehicle, and these are connected by a communication line 10 and constitute an in-vehicle network 102 compliant with a communication protocol such as CAN (Controller Area Network).
  • CAN Controller Area Network
  • the authentication device 1 includes a control unit 2, a recording unit 4, a communication unit 6, and the like.
  • the authentication device 1 is configured as a gateway ECU in the in-vehicle network 102 and includes a known basic function as the gateway ECU.
  • the control unit 2 is configured using an arithmetic processing device such as a CPU (Central Processing Unit) or an MPU (Micro Processing Unit).
  • the control unit 2 has a function of performing various processes and computations. For example, the control unit 2 reads and executes a program stored in the recording unit 4 or a ROM (Read ⁇ ⁇ Only ⁇ ⁇ ⁇ Memory) not shown in FIG. 2 and FIG. 3.
  • Various processes such as the process shown in FIG.
  • the recording unit 4 is configured using, for example, an EEPROM (Electrically Erasable Programmable ROM) or a nonvolatile memory element capable of rewriting data such as a flash memory.
  • the recording unit 4 can store ID (identification) information generated by the processing of FIG. 2 described later, and the storage content of the recording unit 4 can be updated at least every time the processing of FIG. 2 is executed.
  • the communication unit 6 is configured as a communication interface connected to the communication line 10 configuring the in-vehicle network 102, and performs transmission and reception of information according to a communication standard such as CAN.
  • the communication unit 6 receives information transmitted from each ECU 20 (ECU 20A, 20B, etc.) of the in-vehicle network 102 by monitoring a signal transmitted through the communication line 10, and gives the received information to the control unit 2, for example. Further, the communication unit 6 transmits the information to the ECU 20 connected to the communication line 10 by outputting the transmission information given from the control unit 2 as a signal to the communication line 10.
  • the authentication device 1 is provided with a transmission / reception buffer composed of memory elements such as DRAM (Dynamic Random Access Memory) and SRAM (Static Random Access Memory), and temporarily stores various information. Can be memorized.
  • DRAM Dynamic Random Access Memory
  • SRAM Static Random Access Memory
  • the authentication apparatus 1 also includes an on signal (hereinafter also referred to as an IG on signal) indicating that the ignition switch has been turned on and an off signal (hereinafter also referred to as an IG off signal) indicating that the ignition switch has been turned off. ) May be entered. Specifically, when an ignition switch (not shown) provided in the vehicle on which the in-vehicle communication system 100 is mounted is turned on, the external device (for example, the power supply ECU) mounted on the vehicle is turned on for the authentication device 1. When the signal is input and the ignition switch is turned off, an IG off signal is input to the authentication device 1.
  • an on signal hereinafter also referred to as an IG on signal
  • an off signal hereinafter also referred to as an IG off signal
  • the plurality of ECUs 20 provided in the in-vehicle communication system 100 are configured as various known ECUs such as a powertrain ECU, a steering system ECU, a brake system ECU, a communication system ECU, a safety system ECU, a body system ECU, and a multimedia system ECU. Can be done.
  • Each ECU 20 includes a control unit 24, a recording unit 26, a communication unit 22, and the like.
  • a control unit 24A, a recording unit 26A, and a communication unit 22A are provided in the first ECU 20A
  • a control unit 24B, a recording unit 26B, and a communication unit 22B are provided in the second ECU 20B. Yes.
  • the control part 24 of ECU20 is comprised using arithmetic processing units, such as CPU (Central * Processing * Unit) or MPU (Micro * Processing * Unit).
  • the recording unit 26 is configured using, for example, an EEPROM (Electrically Erasable Programmable ROM) or a rewritable nonvolatile memory element such as a flash memory.
  • the ECU 20 is also provided with ROM, RAM, and the like other than the nonvolatile memory.
  • the communication unit 22 is configured as a communication interface connected to the communication line 10 and transmits and receives information according to a communication standard such as CAN.
  • the control unit 2 of the authentication device 1 monitors the input of the IG on signal to the authentication device 1 and the input of the IG off signal to the authentication device 1. For example, the IG off signal is input to the authentication device 1. 2 starts.
  • the control unit 2 first performs the process of step S1 to generate a new ID (identification information).
  • a new ID identification information
  • random numbers are generated using a known random number generation program, and random numerical values (random numbers) are extracted from a certain numerical range.
  • the extracted numerical value (random number) itself or a numerical value obtained by combining the numerical value (random number) with a predetermined numerical value is used as a new ID (identification information).
  • the control unit 2 generates such IDs (identification information) as many as the number of ECUs 20 to be communicated, and individually generates IDs (identification information) assigned to the respective ECUs 20.
  • the ID (identification information) assigned to one of the ECUs 20 and the ID (identification information) assigned to the other ECU 20 overlap when generating the ID, for example, by generating the ID for one ECU 20 again, The ID assigned to each ECU 20 should not be duplicated.
  • FIG. 4 conceptually shows the old ID assigned to each ECU 20 and the newly generated new ID.
  • ID11 is assigned to the ECU 20A and ID12 is assigned to the ECU 20B before execution of the process of FIG. 2, and a new ID is assigned to the ECU 20A by executing the process of step S1 of FIG. ID21 is produced
  • IDs assigned to ECUs other than the ECUs 20A and 20B are generated in the same manner.
  • control unit 2 corresponds to an example of a generation unit, and an ID (identification information) is generated every time the ignition switch is turned on and the vehicle operates. Specifically, the control unit 2 generates an ID (identification information) when a predetermined generation time arrives (from when the vehicle operation end condition is satisfied until the next vehicle operation start condition is satisfied). To function.
  • the control unit 2 performs the process of step S2 after the process of step S1 shown in FIG. 2, and transmits the ID (identification information) newly generated by the process of step S1 to each ECU 20.
  • the new ID 21 of the ECU 20A generated in the latest step S1 is transmitted to the ECU 20A to which the ID 11 has been assigned before the execution of the process of FIG.
  • the new ID 22 of the ECU 20B generated in the latest step S1 is transmitted to the ECU 20B to which the ID 12 has been assigned before the execution of the process of FIG.
  • a new ID is transmitted to ECUs other than ECUs 20A and 20B in the same manner.
  • a new ID is transmitted to each ECU 20 by the process of step S2, for example, a new ID is transmitted together with a predetermined update request command for requesting an ID update and an old ID.
  • the ECU 20 to be transmitted is specified by the old ID, and when the ECU 20 receives the data including the update request command and the new ID, its own ID stored so far is stored. Can be rewritten to the newly received ID.
  • the control unit 2 transmits data including the old ID (ID11 shown in FIG. 4), the update request command, and the new ID (ID21 shown in FIG. 4) to the ECU 20A by the process of step S2, the ECU 20A Can grasp and receive the data as data to be acquired by the old ID. Then, the ECU 20A receiving this data deletes the old ID (ID11 shown in FIG. 4) stored in the recording unit 26A from the recording unit 26A according to the update request command, and the new ID included in the received data. It is possible to update its own ID so as to store (ID 21 shown in FIG. 4) in the recording unit 26A. Similarly, when the control unit 2 transmits data including the old ID (ID12 shown in FIG.
  • the ECU 20B can grasp and receive the data as data to be acquired based on the old ID. Then, the ECU 20B that has received this data follows the update request command and deletes the old ID (ID12 shown in FIG. 4) that has been stored in the recording unit 26B from the recording unit 26B until then, and the new ID included in the received data. It is possible to update its own ID so as to store (ID 22 shown in FIG. 4) in the recording unit 26B. In this way, the ID stored in each recording unit 26 of the ECU 20 is updated.
  • the method for assigning IDs to the ECUs 20 shown here is merely an example, and the method is not limited to this method as long as the generated new IDs can be stored in each ECU 20.
  • the control unit 2 corresponds to an example of a transmission unit, and the ID (identification information) generated in response to the generation of the ID (identification information) in the process of step S1 is the ECU 20 (electronic control unit). ) To send to.
  • the control unit 2 functions to transmit the generated ID (identification information) to the ECU 20 (electronic control device) each time an ID (identification information) is generated by the process of step S1, and more specifically. After the ID (identification information) is generated by the processing in step S1, the vehicle operation start condition is satisfied next (specifically, until the next IG ON signal is input to the authentication device 1). It functions to transmit ID (identification information) to the ECU 20 (electronic control unit).
  • the control unit 2 performs the process of step S3 after the process of step S2 shown in FIG. 2, and performs a registration process so that the recording unit 4 stores the new ID transmitted to each ECU 20.
  • the authentication apparatus 1 stores data of new IDs stored in each ECU 20 as a list.
  • control unit 2 and the recording unit 4 correspond to an example of a registration unit
  • the ID (identification information) generated in response to the generation of the ID (identification information) by the processing in step S1 is an authentication device.
  • the registration unit functions to register the generated ID (identification information) every time an ID (identification information) is generated by the process of step S1, and specifically, the ID (identification information) is processed by the process of step S1. (Identification information) is generated until the next vehicle operation start condition is satisfied (specifically, until the next IG ON signal is input to the authentication device 1). Functions to register.
  • the authentication device 1 starts or continues the CAN communication in step S11 with the start of the process of FIG.
  • the authentication device 1 and the ECU 20 perform mutual communication according to a known CAN protocol when performing CAN communication.
  • a known CAN protocol when performing CAN communication.
  • the ECU 20 transmits a data frame as shown in FIG. 5 in CAN communication.
  • This data frame has a known frame structure used in CAN communication, and its own ID (the ID assigned by the above-described processing of FIG. 2 and recorded in the recording unit) after SOF (Start Of Frame).
  • SOF Start Of Frame
  • the transmission node can be identified by the ID after the SOF, and the priority order of communication arbitration can be determined. Since the frame structure other than the ID is known, the details are omitted.
  • step S11 the control unit 2 monitors a message transmitted via the communication line 10 (CAN communication line) while the CAN communication is continuing. If a transmitted message is detected, the determination in step S12 is performed. In step S12, the control unit 2 collates the ID included in the detected message with the ID recorded in the recording unit 4 (the list of IDs (identification information) registered in the process of the latest step S3). To do. If the ID of the detected message is a regular ID registered in the recording unit 4 (in the case of No determination in step S12), the authentication process in FIG. In this case, since the detected message is a regular message transmitted from the regular ECU 20, normal communication according to the CAN protocol is continued.
  • step S12 when it is determined in step S12 shown in FIG. 3 that the ID of the message (message transmitted to the communication line 10) detected by the control unit 2 is an unauthorized ID not registered in the recording unit 4 ( In step S12, Yes), the control unit 2 performs the process of step S13 and discards the message. Specifically, the control unit 2 transmits an error frame in step S13 in response to reception of this message (message including an illegal ID). As a result, the ECU 20 connected to the communication line 10 is notified of the occurrence of an error so that a message including an unauthorized ID is not used.
  • step S12 is a “predetermined confirmation process”, and reflected information (specifically, identification information itself) reflecting an ID (identification information) registered in the recording unit 4 (registration unit) is ECU 20 ( This is a process for confirming whether or not it is stored in the electronic control unit). That is, if the ID of the message transmitted from the ECU 20 is a regular ID registered in the recording unit 4, the reflection information (specifically the ID itself) reflecting the ID registered in the recording unit 4 is stored in the ECU 20. In step S12, this is confirmed.
  • the control unit 2 performs a notification process in step S14 after the process in step S13 shown in FIG.
  • the notification process in step S14 may be a process for notifying that an unauthorized device is connected.
  • the abnormality the unauthorized device is connected by a display device such as a lamp or a display provided in the vehicle.
  • a method of performing a predetermined display display of a predetermined mark, a predetermined message, or the like
  • the abnormality notification is not limited to such notification to the user, and is not limited to visual notification.
  • it may be transmission of abnormality information to a predetermined in-vehicle device, or transmission of abnormality information to an external device. Or you may perform alerting
  • the control unit 2 corresponds to an example of a determination unit, and is registered in the registration unit when a predetermined vehicle operation start condition is satisfied (for example, when an IG on signal is generated and the vehicle is started).
  • a predetermined confirmation process for confirming whether or not the reflection information reflecting the ID (identification information) is stored in the ECU 20 (electronic control apparatus) is performed, and the ECU 20 (electronic control apparatus) is authorized based on the result of the confirmation process. It functions to determine whether or not it is a device.
  • the control unit 2 functions to perform a confirmation process every time a vehicle operation start condition is satisfied and determine whether the ECU 20 (electronic control device) is a regular device.
  • control unit 2 corresponds to an example of a notification unit, and functions to perform notification to the outside when the determination unit determines that the ECU 20 (electronic control device) is not a regular device.
  • the authentication device 1 of the present configuration has a generation unit that generates an ID (identification information) when a predetermined generation time has arrived, and an ID (identification information) generated by the generation unit.
  • the transmission unit that transmits the generated ID (identification information) to the ECU 20 (electronic control device), and the ID (identification information) generated in response to the generation of the ID (identification information) by the generation unit A registration unit.
  • an ID (identification information) can be generated in response to the arrival of a predetermined generation time, and can be assigned to the registration unit of the authentication device 1 and each ECU 20 (electronic control device). Then, when a predetermined vehicle operation start condition is established, the control unit 2 corresponding to the determination unit reflects information (specifically, reflecting ID (identification information) registered in the recording unit 4 (registration unit). Is a predetermined confirmation process for confirming whether or not the identification information itself is stored in the ECU 20, and based on the confirmation result, it can be determined whether or not the ECU 20 is a legitimate device.
  • the electronic control device to be determined when the electronic control device to be determined is an unauthorized connection later, the electronic control device has reflection information reflecting the ID (identification information) registered in the recording unit 4 (registration unit). Since it is not stored, if the confirmation process is performed to check whether the reflection information reflecting the ID (identification information) registered in the recording unit 4 (registration unit) is stored in the electronic control unit, the electronic control unit It is possible to more accurately determine whether or not is an unauthorized connection.
  • each ECU 20 as shown in FIG. 6 (A). 3 is a regular ID stored in each ECU 20, the determination of Yes is not made in step S ⁇ b> 13 shown in FIG. 3 at the time of transmission of any message, and the authentication apparatus 1 is an unauthorized electronic device. It can be confirmed that the control device is not connected.
  • the ECU 20B shown in FIG. 1 is replaced with a fraudulent ECU, the fraudulent ECU cannot know the legitimate ID. Therefore, as shown in FIG.
  • the ID is an unauthorized ID that is not registered in the recording unit 4.
  • step S13 shown in FIG. 3 the authentication device 1 can specify that the unauthorized ECU is connected and from the unauthorized ECU. It is possible to appropriately deal with the message.
  • the control unit 2 corresponding to the generation unit functions to generate ID (identification information) every time the vehicle operates, and the control unit 2 and communication unit 6 corresponding to the transmission unit generate ID (identification information). Each time it is performed, it functions to transmit the generated ID (identification information) to the ECU 20 (electronic control unit).
  • the control unit 2 and the recording unit 4 corresponding to the registration unit function to register the generated ID (identification information) every time ID (identification information) is generated, and control corresponding to the determination unit.
  • the unit 2 performs a confirmation process every time the vehicle operation start condition is satisfied, and functions to determine whether or not the electronic control device is a regular device.
  • the vehicular authentication device 1 configured as described above can generate an ID (identification information) every time the vehicle operates, and each time the vehicle operates, a new ID (identification information) is recorded in the recording unit 4 and the ECU 20. (Electronic control unit). And a confirmation process can be performed for every vehicle operation
  • the control unit 2 corresponding to the generation unit obtains an ID (identification information) every time a predetermined vehicle operation end condition is satisfied until the next vehicle operation start condition is satisfied after the vehicle operation end condition is satisfied. Functions to generate.
  • the control unit 2 and the communication unit 6 corresponding to the transmission unit transmit the ID (identification information) to the ECU 20 (electronic control unit) after the ID (identification information) is generated and until the next vehicle operation start condition is satisfied.
  • the control unit 2 and the recording unit 4 corresponding to the registration unit generate ID (identification information) after the ID (identification information) is generated and until the next vehicle operation start condition is satisfied. ) To register.
  • ID identification information
  • ECU 20 electronic control unit
  • these processes can be performed at a time when the influence on the vehicle operation is relatively small.
  • the timing may be a period from the end of the vehicle operation to the next start of the vehicle operation, such as parking without an owner. high.
  • the vehicular authentication device 1 having this configuration includes a notification unit that performs notification to the outside when the control unit 2 corresponding to the determination unit determines that the electronic control device is not a legitimate device.
  • the vehicular authentication device 1 configured as described above can inform the outside when an unauthorized electronic control device is connected.
  • the control unit 2 corresponding to the generation unit generates IDs (identification information) to be given to the plurality of ECUs 20 (electronic control devices) in the process of step S1 in FIG. 2, and the control unit 2 corresponding to the transmission unit.
  • the communication part 6 can transmit each ID (identification information) produced
  • the control part 2 and the recording part 4 corresponded to a registration part can register each ID (identification information) produced
  • the control unit 2 corresponding to the determination unit is stored in each of the IDs (identification information) registered in the recording unit 4 (registration unit) and the plurality of ECUs 20 (electronic control devices) by the process of step S12 in FIG.
  • Confirmation processing is performed so that information is collated (specifically, IDs included in messages from the respective ECUs 20 are collated with the list of the recording unit 4), and an unauthorized device is included in the plurality of electronic control devices. It functions to determine whether or not.
  • an ID identification information
  • the device is specifically specified. It becomes possible to specify.
  • Example 1 although the example in which the vehicle-mounted network 102 was comprised by the authentication apparatus 1 and several ECU20 was shown, it is not limited to this example. In any example of the present specification, devices other than the authentication device 1 and the ECU 20 may be connected to the in-vehicle network 102.
  • the identification information is input after the IG OFF signal is input.
  • generates was shown, it is not limited to this example. In any example of the present specification, it is only necessary that the identification information can be generated and updated between the generation of the IG on signal and the generation of the next IG on signal.
  • the identification information (ID) may be generated and registered in the authentication device 1 and assigned to each ECU 20.
  • registration of identification information (ID) to the authentication device 1 and transmission to each ECU 20 may be performed during operation of the vehicle (while the ignition switch is on), or after the operation of the vehicle is completed (ignition switch). May be done promptly after is turned off.
  • the identification information (ID) is generated and registered in the authentication device 1 and assigned to each ECU 20 every time the vehicle operates once (every time the ignition switch is turned on once). It is not limited to this example. In any example of the present specification, for example, identification information (ID) is generated at a predetermined timing every time the vehicle operates a predetermined number of times (every time the ignition switch is turned on a predetermined number of times). You may make it assign to each ECU20 while registering to the authentication apparatus 1. FIG.
  • Example 1 although the example which produces
  • common identification information is generated as information different from the ID assigned to each ECU 20, and this identification information is connected to the authentication device 1. You may make it memorize
  • the identification information itself is illustrated as an example of “reflection information reflecting the identification information”.
  • the reflection information may be information obtained based on the identification information. Information obtained by applying a predetermined process to the identification information may be used. For example, it may be a part of the identification information, or information obtained by encrypting the identification information.
  • a part of the identification information is assigned to the ECU 20 as the reflection information, for example, in step S12, it is determined whether or not a part of the identification information recorded in the recording unit 4 is included in the message from the ECU 20. Good.
  • step S2 it is possible to use a method in which the encrypted information obtained by encrypting the identification information based on the predetermined key information is transmitted to the ECU 20 as reflected information in step S2, and this is assigned to the ECU 20.
  • step S2 or Key information for decrypting the encrypted information is recorded in the recording unit 4 at the timing of step S3 and the like, and in step S12, the encrypted information included in the message from the ECU 20 is decrypted with the key information and stored in the recording unit 4. What is necessary is just to judge whether it corresponds with the recorded identification information.
  • the process of determining whether or not the ID of the message transmitted from the ECU 20 is a regular ID registered in the recording unit 4 is exemplified, but the process is registered in the registration unit. Any method that can confirm whether or not the reflection information reflecting the identification information is stored in the electronic control device may be used.
  • the authentication device 1 requests the ECU 20 for newly registered information from the ECU 20 at the end of the previous vehicle operation, and compares the information returned from the ECU 20 with the identification information registered in the registration unit. It may be.
  • an IG ON signal has been input to the authentication device 1
  • the predetermined vehicle operation start condition any condition may be used as long as the vehicle operation start can be specified or estimated.
  • it may be “the accessory switch is turned on” or “an operation of a predetermined device such as a starter or an engine” may be started. It may be “injected” or the like, or an external signal such as a keyless signal may be detected by the vehicle.
  • the predetermined vehicle operation end condition is not limited to “an IG off signal has been input to the authentication device 1” as long as the vehicle operation end can be specified or estimated.
  • it may be “the operation of a predetermined device such as a starter or an engine has been stopped”, or “a battery power is no longer supplied to a predetermined circuit”. It may be “no longer detected by the vehicle”.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Mechanical Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)

Abstract

La présente invention concerne un dispositif d'authentification pour véhicules, capable de détecter la connexion d'un dispositif de commande électronique non autorisé à un réseau embarqué. Ce dispositif d'authentification (1) comprend : une unité de génération qui génère des informations d'identification au moment de la génération; une unité de transmission qui transmet les informations d'identification générées à une unité de commande électronique (20) en réponse à la génération d'informations d'identification par l'unité de génération; une unité d'enregistrement qui enregistre les informations d'identification générées en réponse à la génération d'informations d'identification par l'unité de génération; et une unité de détermination qui, si une condition de démarrage de déplacement de véhicule prédéterminée est satisfaite, effectue un traitement de confirmation prédéterminé pour confirmer si des informations de réflexion reflétant les informations d'identification enregistrées par l'unité d'enregistrement sont stockées dans l'unité de commande électronique (20), et détermine si l'unité de commande électronique (20) est un dispositif autorisé sur la base du résultat du traitement de confirmation.
PCT/JP2017/028567 2016-08-25 2017-08-07 Dispositif d'authentification pour véhicules WO2018037894A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2016-164288 2016-08-25
JP2016164288A JP2018030464A (ja) 2016-08-25 2016-08-25 車両用認証装置

Publications (1)

Publication Number Publication Date
WO2018037894A1 true WO2018037894A1 (fr) 2018-03-01

Family

ID=61246483

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2017/028567 WO2018037894A1 (fr) 2016-08-25 2017-08-07 Dispositif d'authentification pour véhicules

Country Status (2)

Country Link
JP (1) JP2018030464A (fr)
WO (1) WO2018037894A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021166321A1 (fr) * 2020-02-18 2021-08-26 住友電気工業株式会社 Système de sécurité, dispositif de sécurité et procédé de détermination de validité

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003212093A (ja) * 2002-01-21 2003-07-30 Denso Corp 車両の盗難防止装置及びプログラム
JP2005203882A (ja) * 2004-01-13 2005-07-28 Denso Corp 通信システム及び鍵送信方法
JP2012222527A (ja) * 2011-04-06 2012-11-12 Toyota Motor Corp 車載ネットワーク、管理ノード、番号付与方法
WO2015170452A1 (fr) * 2014-05-08 2015-11-12 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ Système de réseau dans une voiture, unité de commande électronique et procédé de traitement de mise à jour

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003212093A (ja) * 2002-01-21 2003-07-30 Denso Corp 車両の盗難防止装置及びプログラム
JP2005203882A (ja) * 2004-01-13 2005-07-28 Denso Corp 通信システム及び鍵送信方法
JP2012222527A (ja) * 2011-04-06 2012-11-12 Toyota Motor Corp 車載ネットワーク、管理ノード、番号付与方法
WO2015170452A1 (fr) * 2014-05-08 2015-11-12 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ Système de réseau dans une voiture, unité de commande électronique et procédé de traitement de mise à jour

Also Published As

Publication number Publication date
JP2018030464A (ja) 2018-03-01

Similar Documents

Publication Publication Date Title
JP7170780B2 (ja) 不正検知ルール更新方法、不正検知電子制御ユニット及び車載ネットワークシステム
US7602915B2 (en) Communication system having plurality of nodes sharing a common cipher key, cipher key dispatching apparatus for use in the system, and anti-theft apparatus utilizing information derived from cipher key utilization
US9648023B2 (en) Vehicle module update, protection and diagnostics
JP6782446B2 (ja) 監視装置、通信システム、車両、監視方法、およびコンピュータプログラム
JP5729337B2 (ja) 車両用認証装置、及び車両用認証システム
US10135866B2 (en) Method of preventing drive-by hacking, and apparatus and system therefor
JP6327344B2 (ja) ネットワークシステム、通信制御方法および記憶媒体
JP6192673B2 (ja) 鍵管理システム、鍵管理方法およびコンピュータプログラム
WO2019012888A1 (fr) Dispositif embarqué, procédé de gestion et programme de gestion
JP7412506B2 (ja) 不正検知ルール更新方法、不正検知電子制御ユニット及び車載ネットワークシステム
JP7006335B2 (ja) 車載通信システム、車載通信方法、およびプログラム
JP2005203882A (ja) 通信システム及び鍵送信方法
CN112153646A (zh) 认证方法、设备及系统
JP6981755B2 (ja) 車載ネットワークシステム
JP2005001534A (ja) 盗難防止システム
WO2018037894A1 (fr) Dispositif d'authentification pour véhicules
JP6769270B2 (ja) 車載電子制御装置、車載電子制御システム、中継装置
WO2017122402A1 (fr) Système de communication de données pour un véhicule
JP7013921B2 (ja) 検証端末
JP2015227157A (ja) データゲートウェイ及びその車両動作への干渉方法
JP2013112120A (ja) 車載通信システム
WO2018100789A1 (fr) Système de distribution, dispositif de génération de clé, ordinateur embarqué, dispositif de sécurité de données, procédé de distribution, et programme informatique
JP7281714B2 (ja) 情報処理装置、情報処理システム及びプログラム
JP2013110458A (ja) ゲートウェイ装置
JP2020137009A (ja) ネットワークシステム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17843379

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17843379

Country of ref document: EP

Kind code of ref document: A1