WO2019171525A1 - Determination device, terminal device, determination method, communication method, determination program, and communication program - Google Patents

Determination device, terminal device, determination method, communication method, determination program, and communication program Download PDF

Info

Publication number
WO2019171525A1
WO2019171525A1 PCT/JP2018/008931 JP2018008931W WO2019171525A1 WO 2019171525 A1 WO2019171525 A1 WO 2019171525A1 JP 2018008931 W JP2018008931 W JP 2018008931W WO 2019171525 A1 WO2019171525 A1 WO 2019171525A1
Authority
WO
WIPO (PCT)
Prior art keywords
vehicle
terminal device
reception intensity
portable device
determination
Prior art date
Application number
PCT/JP2018/008931
Other languages
French (fr)
Japanese (ja)
Inventor
一樹 米持
Original Assignee
三菱電機株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 三菱電機株式会社 filed Critical 三菱電機株式会社
Priority to JP2020504580A priority Critical patent/JP6811893B2/en
Priority to PCT/JP2018/008931 priority patent/WO2019171525A1/en
Publication of WO2019171525A1 publication Critical patent/WO2019171525A1/en

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/20Means to switch the anti-theft system on or off
    • B60R25/24Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user
    • EFIXED CONSTRUCTIONS
    • E05LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
    • E05BLOCKS; ACCESSORIES THEREFOR; HANDCUFFS
    • E05B49/00Electric permutation locks; Circuits therefor ; Mechanical aspects of electronic locks; Mechanical keys therefor
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S11/00Systems for determining distance or velocity not using reflection or reradiation
    • G01S11/02Systems for determining distance or velocity not using reflection or reradiation using radio waves
    • G01S11/06Systems for determining distance or velocity not using reflection or reradiation using radio waves using intensity measurements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q9/00Arrangements in telecontrol or telemetry systems for selectively calling a substation from a main station, in which substation desired apparatus is selected for applying a control signal thereto or for obtaining measured values therefrom

Definitions

  • the present invention relates to a vehicle management system.
  • a keyless entry system refers to a vehicle that performs wireless communication between an in-vehicle device provided in a vehicle and a terminal device (hereinafter referred to as a portable device) carried by a user, and ID (Identifier) authentication of the portable device is permitted.
  • a portable device a terminal device carried by a user
  • ID Identity
  • the mobile device is automatically locked when the mobile device leaves the vehicle, and is automatically unlocked when the mobile device approaches the vehicle. Therefore, the vehicle door can be locked or unlocked only by holding the portable device without operating the portable device.
  • an LF (low frequency) request signal with a limited reach is output from the in-vehicle device on the assumption that the user is near the vehicle for unlocking the vehicle door.
  • an RF (high frequency) response signal is output from the portable device to enable a door lock operation from a remote distance. Then, the distance between the in-vehicle device and the portable device is calculated based on the reception intensity of the request signal and the response signal, and the vehicle door is unlocked or locked.
  • a malicious third party may attack a keyless entry system in which a portable device approaches a vehicle and automatically unlocks the vehicle door, using a relay attack.
  • relay attack When relay attack is performed, the door may be unlocked even if the user with the portable device is at a position away from the vehicle. That is, the relay device relays a request signal and a response signal between the in-vehicle device and the portable device, so that wireless signals can be transmitted and received between the in-vehicle device and the portable device.
  • the repeater can transmit the response signal from the portable device to the in-vehicle device, and the distance calculation based on the received intensity cannot be performed correctly.
  • the in-vehicle device erroneously recognizes that the portable device is near the in-vehicle device, and unlocks the vehicle door.
  • Patent Document 1 discloses a countermeasure against a relay attack.
  • request signals are transmitted from transmission antennas installed at a plurality of locations of a vehicle.
  • the portable device includes three receiving antennas facing each axial direction in three-dimensional coordinates.
  • a portable machine detects the receiving intensity of each request signal in three receiving antennas.
  • the in-vehicle device is notified of the reception strength for each request signal from the portable device, and compares the three reception strengths for each request signal. If the reception intensity ratios are the same for all request signals, it can be determined that a relay attack is being performed on the assumption that a plurality of request signals are transmitted from one direction by the repeater.
  • the reception intensity ratio is different for each request signal, it can be determined that the relay attack is not performed. Since the three reception strengths by the three reception antennas differ depending on the arrival directions of the request signals, the request signals that are relayed by the repeater and arrive at the portable device can be distinguished by the ratio between the three reception strengths.
  • Patent Document 2 also discloses a countermeasure against a relay attack.
  • a request signal is transmitted from a plurality of transmission antennas installed in a vehicle while changing the output order every time.
  • the portable device includes one receiving antenna and confirms the change order of the reception intensity of each request signal. If the change order is not correct, it can be determined that a relay attack is being performed. On the other hand, if the change order is correct, it can be determined that the relay attack is not performed.
  • Patent Document 1 a plurality of request signals arrive at the portable device at different timings.
  • the ratio between the three reception strengths at the three reception antennas for each request signal cannot be calculated correctly.
  • the ratio between the three reception strengths for each request signal is usually all request signals. Match.
  • the ratio between the three reception strengths may be different for each request signal due to the shift of the direction of the reception axis.
  • Patent Document 2 when a repeater reproduces the intensity of each request signal and relays each request signal, it cannot be determined that a relay attack is being performed. This can be solved by the technique of Patent Document 1 focusing on the arrival direction of the request signal. However, as described above, Patent Document 1 cannot detect a relay attack when the portable device moves vertically and horizontally due to the movement of the user and the direction of the reception axis moves.
  • the main object of the present invention is to obtain a configuration capable of accurately detecting a relay attack even when a terminal device carried by the user moves according to the movement of the user.
  • the determination apparatus includes: A terminal device that is carried by a user of the vehicle, receives a plurality of radio signals transmitted from a plurality of transmission antennas arranged away from each other on the vehicle, and measures the reception strength of the radio signal for each transmission antenna.
  • a determination device included in a vehicle management system including A storage unit that stores reception strength information in which a value obtained from the actual value of the reception strength of a radio signal when the terminal device is located within a specified range from the vehicle is indicated for each transmission antenna as a reference value; For each transmission antenna, the degree of coincidence between the measurement value of the reception intensity measured by the terminal device and the reference value indicated by the reception intensity information is evaluated, and the terminal device is within the specified range from the vehicle. And a control unit for determining whether or not the user is present.
  • FIG. 1 is a diagram illustrating a configuration example of a keyless entry system according to Embodiment 1.
  • FIG. FIG. 3 is a diagram illustrating a hardware configuration example of the in-vehicle device according to the first embodiment.
  • FIG. 3 illustrates a hardware configuration example of a portable device according to Embodiment 1;
  • FIG. 3 is a diagram illustrating a functional configuration example of the in-vehicle device according to the first embodiment.
  • FIG. 3 illustrates a functional configuration example of a mobile device according to Embodiment 1;
  • 5 is a flowchart showing an operation example of the keyless entry system when the vehicle door is locked according to the first embodiment.
  • 5 is a flowchart showing an operation example of the keyless entry system when the vehicle door is unlocked according to the first embodiment.
  • FIG. 6 is a diagram illustrating an example of a reception intensity ratio rule according to the first embodiment.
  • FIG. 5 shows an example of a request signal according to the first embodiment.
  • FIG. 5 shows an example of a request signal according to the first embodiment.
  • FIG. 6 shows an example of a response signal according to the first embodiment.
  • FIG. 4 is a diagram showing reception strength of each axis according to the first embodiment.
  • FIG. 6 illustrates a hardware configuration example of a mobile device according to Embodiment 2;
  • FIG. 6 illustrates a functional configuration example of a mobile device according to Embodiment 2;
  • 7 is a flowchart showing an operation example of the keyless entry system when the vehicle door is unlocked according to the second embodiment.
  • 7 is a flowchart showing an operation example of the keyless entry system when the vehicle door is unlocked according to the second embodiment.
  • FIG. 6 shows an example of the directivity direction of the receiving antenna of the portable device according to Embodiment 1;
  • FIG. *** Explanation of configuration *** FIG. 1 shows a configuration example of a vehicle management system according to the present embodiment.
  • a keyless entry system will be described as a vehicle management system.
  • the keyless entry system locks or unlocks the vehicle door 30.
  • the vehicle 1 is provided with an in-vehicle device 10, and a user of the vehicle 1 carries a portable device 20 that is a terminal device. And the vehicle-mounted apparatus 10 and the portable device 20 perform radio
  • the in-vehicle device 10 wirelessly communicates with the portable device 20 using the transmission antennas 11 a, 11 b, 11 c and the reception antenna 12 installed in the vehicle 1.
  • the transmission antennas 11a, 11b, and 11c transmit request signals 40a, 40b, and 40c, which are low-frequency (LF) radio signals.
  • the portable device 20 that has received the request signals 40a, 40b, and 40c transmits a response signal 41 that is a radio frequency (RF) radio signal.
  • the receiving antenna 12 receives the response signal 41 transmitted from the portable device 20.
  • the transmission antennas 11a, 11b, and 11c are arranged on the vehicle 1 so as to be separated from each other.
  • the transmission antennas 11a, 11b, and 11c are arranged 50 cm or more apart from each other.
  • the transmission antennas 11a, 11b, and 11c are referred to as the transmission antenna 11.
  • the request signals 40a, 40b, and 40c are expressed as the request signal 40.
  • the number of transmission antennas 11 is three, but the number of transmission antennas 11 is not limited to three as long as the number is two or more.
  • the in-vehicle device 10 corresponds to a determination device.
  • the operations performed by the in-vehicle device 10 correspond to a determination method and a determination program.
  • FIG. 2 shows a hardware configuration example of the in-vehicle device 10.
  • the processor 201 is, for example, a CPU (Central Processing Unit).
  • the auxiliary storage device 202 is, for example, a hard disk device.
  • the main storage device 203 is, for example, a RAM (Random Access Memory).
  • the transmission device 204 and the reception device 205 are used for wireless communication with the portable device 20.
  • An ECU (Engine Control Unit) 206 controls locking and unlocking of the vehicle door 30.
  • FIG. 3 shows a hardware configuration example of the portable device 20.
  • the processor 301 is a CPU, for example.
  • the auxiliary storage device 302 is, for example, a hard disk device.
  • the main storage device 303 is, for example, a RAM.
  • the transmission device 304 and the reception device 305 are used for wireless communication with the in-vehicle device 10.
  • FIG. 4 shows a functional configuration example of the in-vehicle device 10. Since the transmission antennas 11a, 11b, and 11c and the reception antenna 12 have already been described, description thereof is omitted here.
  • the transmission unit 13, the control unit 14, the reception unit 15, and the reception intensity ratio rule generation unit 16 are realized by a program, for example.
  • a program for realizing the transmission unit 13, the control unit 14, the reception unit 15, and the reception intensity ratio rule generation unit 16 is stored in the auxiliary storage device 202, for example.
  • the program is loaded from the auxiliary storage device 202 into the main storage device 303 and executed by the processor 201.
  • FIG. 4 schematically shows a state in which the program is executed by the processor 201.
  • the transmission unit 13 controls transmission of the request signals 40a, 40b, and 40c transmitted from the transmission antennas 11a, 11b, and 11c. Specifically, the transmission unit 13 stores the identifier of the transmission antenna 11 to be transmitted to each request signal 40 as shown in FIG. 14 and controls the transmission timing of the request signal 40.
  • the receiving unit 15 processes the response signal 41 received by the receiving antenna 12. Specifically, as shown in FIG. 15, the response signal 41 stores an identifier indicating one of the transmission antennas 11 a, 11 b, and 11 c, its reception strength, and the authentication ID of the portable device 20. Extracts these from each request signal 40 and passes them to the control unit 14.
  • the control unit 14 controls processing of the keyless entry system. Specifically, the control unit 14 performs position calculation of the portable device 20, authentication of the portable device 20, and relay attack determination. The control unit 14 reads out a reception intensity ratio rule, which will be described later, from the main storage device 203 and determines whether the portable device 20 is located within a specified range from the vehicle 1 using the read reception intensity ratio rule. And the control part 14 permits operation (for example, locking or unlocking) from the portable device 20 to the vehicle 1, when it determines with the portable device 20 being located in the prescription
  • the specified range is, for example, 3 meters. The specified range can be arbitrarily set by the vehicle manufacturer or the in-vehicle device 10 manufacturer. Processing performed by the control unit 14 corresponds to reading processing and control processing.
  • the reception intensity ratio rule generation unit 16 generates a reception intensity ratio rule.
  • the reception intensity ratio rule corresponds to reception intensity information.
  • the reception intensity ratio rule is stored in the auxiliary storage device 202.
  • the reception intensity ratio rule is loaded into the main storage device 203.
  • the auxiliary storage device 202 and the main storage device 203 correspond to a storage unit.
  • FIG. 5 shows a functional configuration example of the portable device 20.
  • the receiving antennas 21a, 21b, and 21c are arranged in the portable device 20 so as to face axial directions (X axis, Y axis, and Z axis) that are orthogonal to each other, and magnetic fields in the corresponding directions.
  • the transmission antenna 22 transmits a response signal 41 toward the vehicle 1.
  • the reception unit 23, the control unit 24, and the transmission unit 25 are realized by a program, for example.
  • a program for realizing the reception unit 23, the control unit 24, and the transmission unit 25 is stored in the auxiliary storage device 302, for example.
  • the program is loaded from the auxiliary storage device 302 by the main storage device 303 and executed by the processor 301.
  • FIG. 5 schematically shows a state in which the program is executed by the processor 301.
  • the receiving unit 23 receives the reception intensity in the X-axis, Y-axis, and Z-axis directions of the request signal 40a received by the receiving antennas 21a, 21b, and 21c as shown in FIG. To detect. Similarly, the reception unit 23 detects the reception intensity in each axial direction for the request signals 40b and 40c. That is, the receiving unit 23 measures the reception intensity of the request signal 40 for each transmission antenna 11 and for each coordinate axis (X axis, Y axis, Z axis) in the three-dimensional coordinate axis.
  • the control unit 24 instructs the transmission unit 25 to transmit the response signal 41 when the reception unit 23 detects the reception intensity of the request signal 40.
  • the transmission unit 25 instructs the transmission antenna 22 to transmit the response signal 41.
  • the response signal 41 stores an identifier indicating one of the transmission antennas 11a, 11b, and 11c, the authentication ID of the portable device 20, and the reception intensity of each axis detected by the receiving unit 23. Has been.
  • FIG. 13 shows an example of the reception intensity ratio rule.
  • a value obtained from the actual value of the reception intensity of the request signal 40 is indicated for each transmission antenna 11 (for each request signal 40) as a reference value. More specifically, in the reception intensity ratio rule, a ratio between actual values for each coordinate axis (X axis, Y axis, Z axis) in a three-dimensional coordinate axis is indicated for each transmission antenna 11 as a reference value.
  • the reception intensity ratio rule generation unit 16 of the in-vehicle device 10 generates (updates) the reception intensity ratio rule using the actual value of the reception intensity measured when the vehicle door is locked.
  • the reception intensity ratio rule includes the actual value of the reception intensity for each transmission antenna and each coordinate axis measured when the portable device 20 is located within a specified range from the vehicle 1. Is shown as a reference value. In the present embodiment, an example in which the ratio between the actual received intensity values is indicated as a reference value in the received intensity ratio rule will be described, but the actual received intensity value may be indicated in the received intensity ratio rule. .
  • the reception intensity ratio rule generation unit 16 may not generate (update) the reception intensity ratio rule.
  • the reception value of the request signal when the portable device similar to the portable device 20 is located in the vicinity of the vehicle similar to the vehicle 1 is measured, and the actual value obtained by the measurement
  • a reception intensity ratio rule describing the ratio between the two it is also possible to use a reception intensity ratio rule describing the ratio between the two.
  • step S008 of FIG. 6 described later may be omitted.
  • the reception intensity ratio rule generation unit 16 may be omitted from the in-vehicle device 10.
  • Fig. 6 shows an example of the operation of the keyless entry system when the vehicle door is locked.
  • Step S001 The engine is stopped by the user's operation.
  • Step S002 Request signals 40a, 40b, and 40c to which transmission antenna identifiers are added are transmitted from the transmission antennas 11a, 11b, and 11c of the vehicle 1 as shown in FIG.
  • Step S003 The receiving antennas 21a, 21b, and 21c of the portable device 20 receive the request signals 40a, 40b, and 40c as shown in FIG. 8 or FIG. And the receiving part 23 detects the receiving intensity
  • Step S004 The transmission unit 25 of the portable device 20 transmits the response signal 41 from the transmission antenna 22.
  • the transmission unit 25 transmits one response signal 41 to one request signal 40. Therefore, when the receiving unit 23 receives the request signals 40a, 40b, and 40c, the transmitting unit 25 transmits three response signals 41 corresponding to each.
  • the response signal 41 includes the transmission antenna identifier stored in the corresponding request signal 40, the authentication ID of the portable device 20, and the reception of each axis of the request signal detected in (step S003). The intensity is stored.
  • Step S005 The receiving antenna 12 of the vehicle 1 receives three response signals 41 corresponding to the request signals 40a, 40b, and 40c, respectively. Then, the reception unit 15 acquires the reception intensity for each coordinate axis for each request signal as shown in FIG. 12 based on the reception intensity stored in the three response signals 41 and the transmission antenna identifier.
  • Step S006 Based on the reception intensity of each request signal 40 described in each response signal 41 received in (Step S005) described above, the control unit 14 determines whether the portable device 20 is in the vehicle or outside the vehicle. Determine if you are located in If the control unit 14 determines that the portable device 20 is located in the vehicle (YES in step S006), the process proceeds to (step S002). On the other hand, when the control unit 14 determines that the portable device 20 is located outside the vehicle (NO in step S006), the process proceeds to (step S007).
  • the control unit 14 refers to, for example, a table indicating typical reception strength when the portable device 20 is located in the vehicle, and determines whether the portable device 20 is located inside or outside the vehicle. You may judge. The table may be stored in the in-vehicle device 10 in advance, or may be received from the external device through communication with the external device.
  • Step S007 Based on the reception intensity of each request signal 40 described in each response signal 41 received in (Step S005) described above, the control unit 14 causes the portable device 20 to be located near the vehicle door. It is determined whether or not. When the control unit 14 determines that the portable device 20 is located near the vehicle door 30 (YES in step S007), the process proceeds to (step S008). On the other hand, if the control unit 14 determines that the portable device 20 is not located near the vehicle door 30 (YES in step S007), the process proceeds to (step S009).
  • the vicinity of the vehicle door 30 is, for example, a range of 3 meters from the vehicle 30.
  • the control unit 14 refers to the reception intensity ratio rule and the portable device 20 is located near the vehicle door 30. Determine whether you are doing.
  • the control unit 14 may refer to the reception intensity ratio rule generated at the time of the previous vehicle door locking described later.
  • the control part 14 may refer to the reception intensity ratio rule produced
  • the reception intensity ratio rule generated by the vehicle manufacturer or the in-vehicle device 10 manufacturer may be stored in the in-vehicle device 10 in advance, or may be received from the external device through communication with the external device.
  • Step S008 The reception intensity ratio rule generation unit 16 generates a reception intensity ratio rule. That is, the control unit 14 outputs the reception intensity for each request signal 40 received in (Step S005) to the reception intensity ratio rule generation unit 16. Then, the reception strength ratio rule generation unit 16 generates a reception strength ratio rule using the ratio between the input reception strengths. For example, the reception intensity ratio rule generation unit 16 adds the reception intensity ratio of the request signal 40 to the reception intensity ratio rule as shown in FIG. In this way, the reception intensity ratio added to the reception intensity ratio rule can be handled as a correct reception intensity ratio. As long as it is determined by the process of (Step S007) that the portable device 20 is in the vicinity of the vehicle 1 as shown in FIG. 10, the process of (Step S008) is repeated.
  • the reception intensity ratio rule is used in the unlocking determination (specifically, step S106 in FIG. 7) of the vehicle door 30 described later.
  • the reception intensity ratio rule records the reception intensity ratio when the portable device 20 is in the vicinity of the vehicle door 30 as shown in FIG. For this reason, if the measured value of the reception intensity of the request signal 40 when the vehicle door 30 is unlocked matches the reception intensity ratio indicated in the reception intensity ratio rule, it is determined that the relay attack is not performed. be able to.
  • Step S009) The control unit 14 checks the authentication ID of the portable device 20 stored in the response signal 41. If the authentication ID stored in the response signal 41 is the authentication ID of the portable device 20 used for the operation of the vehicle 1, the process proceeds to (Step S009). On the other hand, if the authentication ID stored in the response signal 41 is not the authentication ID of the portable device 20 used for the operation of the vehicle 1, the control unit 14 ends the process.
  • Step S010) Assuming that the portable device 20 is located away from the vehicle 1, the control unit 14 locks the vehicle door 30 via the ECU 206.
  • the method for locking the vehicle door 30 is not limited to this, and for example, there is a method of locking the vehicle door 30 after a certain period of time has elapsed since the engine stopped.
  • the reception intensity ratio rule generation unit 16 may generate a new reception intensity ratio rule each time the engine is stopped, or add a new record to the reception intensity ratio rule generated at the previous vehicle door locking. You may do it.
  • Fig. 7 shows an example of the operation of the keyless entry system when the vehicle door is unlocked.
  • Step S101 A switch on the vehicle door 30 is pushed by a user's operation.
  • the unlocking process is started by the user's operation.
  • Step S102 Request signals 40a, 40b, and 40c to which transmission antenna identifiers are added are transmitted from the transmission antennas 11a, 11b, and 11c of the vehicle 1 as shown in FIG.
  • Step S103 In the portable device 20, the receiving antennas 21a, 21b, and 21c receive the request signals 40a, 40b, and 40c. And the receiving part 23 detects the receiving intensity
  • Step S ⁇ b> 1014 In the portable device 20, the transmission unit 25 transmits the response signal 41 from the transmission antenna 22. The transmission unit 25 transmits one response signal 41 to one request signal 40. Therefore, when the request signals 40a, 40b, and 40c are received, the transmission unit 25 transmits three response signals 41 corresponding to the request signals 40a, 40b, and 40c. As shown in FIG. 15, the response signal 41 includes the transmission antenna identifier stored in the corresponding request signal 40, the authentication ID of the portable device 20, and the corresponding request signal detected in (step S103). The received intensity for each of the X axis, Y axis, and Z axis is stored.
  • Step S105 The receiving antenna 12 of the vehicle 1 receives three response signals 41 corresponding to the request signals 40a, 40b, and 40c, respectively.
  • the receiving unit 15 extracts the transmission antenna identifier, the authentication ID, and the reception strength from the three response signals 41, and outputs the extracted transmission antenna identifier, authentication ID, and reception strength to the control unit 14.
  • the control unit 14 collects the measurement values of the received intensity in units of coordinate axes for each request signal (for each transmission antenna).
  • Step S106 The control unit 14 determines the degree of coincidence between the reception intensity ratio of the reception intensity (FIG. 12) collected in (Step S105) and the reception intensity ratio described in the reception intensity ratio rule (FIG. 13). Evaluation is performed to determine whether or not the portable device 20 is near the vehicle door 30, that is, whether or not the portable device 20 is located within a specified range from the vehicle 1. More specifically, the control unit 14 obtains the reception intensity ratio of the X axis, the Y axis, and the Z axis for each of the request signals 40a, 40b, and 40c in FIG.
  • the control unit 14 receives the X-axis, Y-axis, and Z-axis reception signals 40a, 40b, and 40c of the request signals 40a, 40b, and 40c of any rule (record) of the reception intensity ratio rule of FIG. It is determined whether or not it matches the intensity ratio.
  • the received intensity ratio of the acquired request signal 40a is “ax: ay: az”
  • the received intensity ratio of the request signal 40b is “bx: by: bz”
  • the received intensity ratio of the request signal 40c is “cx: cy: cz”. ”Is assumed.
  • the control unit 14 compares the reception intensity ratios of the request signals 40 with the reception intensity ratios of the request signals 40 in the rule 2 (second line) in FIG. 13. As a result, “ax: ay: az ⁇ AX2: AY2: When the result of “AZ2” and “bx: by: bz ⁇ BX2: BY2: BZ2” and “cx: cy: cz ⁇ CX2: CY2: CZ2” is obtained, the control unit 14 satisfies the reception intensity ratio rule. It is determined that That is, the control unit 14 determines that the portable device 20 is located near the vehicle door 30.
  • the received signal strength ratio can be determined to match if it is within the prescribed allowable range even if it is not completely matched.
  • control unit 14 determines that “ax: ay: az ⁇ AX2: AY2: AZ2” and “bx: by: bz ⁇ BX2: BY2: BZ2” and “cx: cy: cz ⁇ CX2: CY2: CZ2”. And it is determined that the reception intensity ratio rule is satisfied.
  • the control unit 14 may determine that the portable device 20 is located within a specified range from the vehicle 1 when the degree of coincidence between the measurement value and the reference value exceeds the threshold value in all the transmission antennas.
  • the threshold value may be 90%.
  • step S106 If the control unit 14 determines that the portable device 20 is near the vehicle door 30 (YES in step S106), the process proceeds to (step S107). When it determines with the portable device 20 not being in the vehicle door 30 vicinity (it is NO at step S106), the control part 14 determines with the relay attack being performed, and complete
  • Step S107 The control unit 14 checks the authentication ID of the portable device 20 stored in the response signal 41. If the authentication ID stored in the response signal 41 is the authentication ID of the portable device 20 used for the operation of the vehicle 1, the process proceeds to (Step S108). On the other hand, if the authentication ID stored in the response signal 41 is not the authentication ID of the portable device 20 used for the operation of the vehicle 1, the control unit 14 ends the process. (Step S108): The control unit 14 determines that the portable device 20 is in the vicinity of the vehicle 1, and unlocks the vehicle door 30 via the ECU 206.
  • the reception intensity ratio rule is generated as shown in FIG. 13 by adding the actual reception intensity ratio extracted by the portable device 20 in (Step S008).
  • the method of generating the reception intensity ratio rule is not limited to this.
  • the reception intensity ratio rule may be generated using machine learning.
  • Step S008) and (Step S106) are as follows. (Step S008): Machine learning is performed using the reception intensity of each request signal 40 shown in FIG. 12 as the correct reception intensity when the portable device 20 receives the request signal 40 near the vehicle door 30, and the reception intensity ratio rule Is generated.
  • the reception intensity ratio rule is generated from machine learning based on the reception intensity ratios of the plurality of request signals 40. That is, the reception intensity ratio rule in this case is information indicating a ratio obtained by machine learning with respect to a ratio between the actual values for each coordinate axis for each transmission antenna.
  • the control unit 14 performs machine learning on the degree of coincidence between the reception intensity ratio obtained in (Step S105) as shown in FIG. 12 and the ratio indicated in the reception intensity ratio rule generated in (Step S008).
  • the used evaluation is performed to determine whether or not the portable device 20 is located near the vehicle door 30.
  • the in-vehicle device 10 performs relay attack determination, but the portable device 20 may perform relay attack determination.
  • the portable device 20 corresponds to the determination device.
  • the operation performed in the portable device 20 corresponds to the determination method.
  • the operations performed by the control unit 24 correspond to a read process and a control process.
  • the reception intensity ratio rule is stored in the auxiliary storage device 302 of the portable device 20.
  • the reception intensity ratio rule is loaded into the main storage device 303. For this reason, the auxiliary storage device 302 and the main storage device 303 correspond to a storage unit.
  • the control unit 24 performs (Step S007) in (Step S003) of FIG. If (YES in step S007), the control unit 24 also performs the process of (step S008) to generate a reception intensity ratio rule. On the other hand, if “NO” in the step S007, the process proceeds to the step S002. Thereafter, in FIG. 7, when the control unit 24 performs the process of (Step S106) in (Step S104) and determines that the portable device 20 is not near the vehicle 1 according to the reception intensity ratio rule, It determines with the attack being performed and complete
  • the portable device 20 transmits one response signal 41 to one request signal 40. Instead, after receiving all the request signals 40 from the respective transmission antennas 11, the portable device 20 transmits the transmission antenna identifier included in each request signal 40 and the X-axis, Y-axis, and Z-axis of each request signal 40.
  • the reception intensity of each axis may be included in the response signal 41 and transmitted. In that case, in the in-vehicle device 10, when one response signal 41 is received in (Step S 005) and (Step S 105), a measurement value of the reception intensity for each request signal 40 as shown in FIG. 12 is acquired.
  • the reception intensity ratio of each request signal is “ax: ay: az ⁇ bx: by: bz ⁇ cx: cy: cz”, and the reception intensity ratio does not match the reception intensity ratio rule generated when the vehicle door 30 is locked. . For this reason, it can be determined that a relay attack has occurred.
  • the portable device 20 may move due to the movement of the user. In this case, the portable device 20 receives the request signal 40 in a state where the direction of the reception axis of the portable device 20 is shifted. In this case, as shown in FIG. 8, the portable device may receive the request signals 40a, 40b, and 40c from different directions.
  • the reception intensity ratio between the request signals 40a, 40b, and 40c does not match, that is, “ax: ay: az ⁇ bx: by: bz ⁇ cx: cy: cz”.
  • the relay attack determination is performed only by matching / mismatching of the reception intensity ratio, it is determined that no relay attack has occurred.
  • the presence / absence of a relay attack is determined using the reception intensity ratio rule instead of “ax: ay: az ⁇ bx: by: bz ⁇ cx: cy: cz”.
  • the reception intensity ratio for each request signal 40 is received even if the reception intensity ratio is “ax: ay: az ⁇ bx: by: bz ⁇ cx: cy: cz”. It does not match the intensity ratio rule. Therefore, according to the present embodiment, even when the portable device 20 receives the request signal 40 in a state where the direction of the reception axis of the portable device 20 is shifted due to the movement of the user, the presence / absence of the relay attack is accurately determined. be able to.
  • Embodiment 2 a configuration in which the relay attack can be correctly detected even when the portable device 20 moves and the request signal 40 is received in a state in which the direction of the reception axis is shifted is described using the reception intensity ratio rule. did. However, depending on the accuracy of the reception intensity ratio rule, it may be determined that the portable device 20 is near the vehicle door 30 by the relay attack even if the portable device 20 is not near the vehicle door 30. For example, if the direction of the reception axis of the portable device 20 is shifted when a relay attack is occurring, the ratio between the measured reception strengths may coincide with the reception strength ratio rule.
  • the portable device 20 is not near the vehicle door 30, it is erroneously determined that the portable device 20 is near the vehicle door 30. Therefore, in the present embodiment, a configuration for preventing erroneous determination due to the problem of accuracy of the reception intensity ratio rule will be described. More specifically, in the present embodiment, a seismic device such as an acceleration sensor is built in the portable device 20. A configuration in which the in-vehicle device 10 does not authenticate the portable device 20 when it is detected that the portable device 20 is moving will be described.
  • a seismic device 306 is added in FIG. 17.
  • the seismic sensor 306 senses the vibration of the portable device 20.
  • the seismic device 306 measures the acceleration with respect to each of the X axis, the Y axis, and the Z axis of the portable device 20.
  • the seismic device 306 is, for example, an acceleration sensor.
  • the processor 301, the auxiliary storage device 302, the main storage device 303, the transmission device 304, and the reception device 305 are the same as those shown in FIG.
  • the functional configuration example of the in-vehicle device 10 is as shown in FIG.
  • a functional configuration example of the portable device 20 is as shown in FIG. Compared to FIG. 5, in FIG. 18, a portable device state determination unit 26 and a seismic data acquisition unit 27 are added.
  • the seismic data acquisition unit 27 acquires seismic data as a seismic result of the seismic device 306 from the seismic device 36. If the seismoscope 306 is an acceleration sensor, the seismic data is an acceleration value.
  • the portable device state determination unit 26 determines the movement state of the portable device 20. More specifically, the portable device state determination unit 26 is in a state where the portable device 20 is moving based on the seismic data acquired by the seismic data acquisition unit 27 (hereinafter also referred to as “moving”). Either in a stationary state (hereinafter also referred to as “still”) or in a state where it has transitioned from a moving state to a stationary state (hereinafter also referred to as “moving ⁇ stationary”) Determine if there is.
  • the seismic device 306 is an acceleration sensor that can measure the accelerations of the three axes of the X axis, the Y axis, and the Z axis
  • the portable device state determination unit 26 obtains an acceleration value as shown in FIG. obtain.
  • the acceleration values of the three axes vary greatly as shown in FIG.
  • the triaxial acceleration values are substantially constant as shown in FIG.
  • the x-axis and y-axis are axes that are horizontal to the ground and the z-axis is an axis that is perpendicular to the ground
  • the x-axis and y-axis accelerations are zero, and the z-axis acceleration becomes the gravitational acceleration.
  • the portable device 20 is “moving ⁇ still”, as shown in FIG. 23, the three-axis acceleration value varies from a dispersed state to a constant state.
  • the portable device state determination unit 26 determines the moving state of the portable device 20 by analyzing the time transition of the triaxial seismic data as shown in FIGS.
  • the portable device state determination unit 26 corresponds to a movement state determination unit.
  • the process performed by the portable device state determination unit 26 corresponds to a movement state determination process.
  • the control unit 24 determines the transmission form of the response signal 41 based on the determination result of the portable device state determination unit 26. More specifically, when the request signal 40 is received, the moving state of the portable device 20 has been changed from the moving state of the portable device 20 to the stationary state by the portable device state determination unit 26. When it is determined that the state (that is, “moving ⁇ still”), the control unit 24 determines to transmit the response signal 41. On the other hand, when the request signal 40 is received, the portable device state determination unit 26 moves the portable device 20 (ie, “moving”) and stands still (ie, “still”). When it is determined that the response signal 41 is invalid, the control unit 24 determines to transmit an invalid response signal 41.
  • the invalid response signal 41 is, for example, a response signal 41 including error information.
  • the error information is information notifying that the response signal 41 is invalid, and corresponds to invalid information.
  • the portable device state determination unit 26 moves the portable device 20 (that is, “moving”) and is stationary (that is, “still”).
  • the control unit 24 may determine not to transmit the response signal 41.
  • the request signal 40 according to the present embodiment corresponds to the first radio signal
  • the response signal 41 according to the present embodiment corresponds to the second radio signal.
  • the process performed by the control unit 24 corresponds to a control process.
  • the receiving antennas 21a, 21b, and 21c, the transmitting antenna 22, the receiving unit 23, and the transmitting unit 25 are the same as those shown in FIG.
  • the operation performed by the portable device 20 corresponds to a communication method and a communication program.
  • Step S201 Similar to (Step S101), the switch on the vehicle door 30 is pushed by the user's operation. The unlocking process is started by the user's operation.
  • Step S202 Similar to (Step S102), request signals 40a, 40b, and 40c to which a transmission antenna identifier is added are transmitted from the transmission antennas 11a, 11b, and 11c of the vehicle 1 as shown in FIG.
  • Step S203 In the portable device 20, the seismic data acquisition unit 27 starts acquiring seismic data.
  • Step S204 Similar to (Step S103), the receiving antennas 21a, 21b, 21c of the portable device 20 receive the request signals 40a, 40b, 40c. And the receiving part 23 detects the receiving intensity
  • Step S205 From the seismic data continuously acquired from (Step S203), the portable device state determination unit 26 determines that the movement state of the portable device 20 is “moving”, “still still”, and “moving ⁇ still”. It is determined which state.
  • the portable device state determination unit 26 determines that the moving state of the portable device 20 is “moving ⁇ still” (YES in step S205)
  • the process proceeds to (step S206). If the portable device state determination unit 26 determines that the moving state of the portable device 20 is “moving” or “still” (NO in step S205), the process proceeds to (step S207).
  • Step S206 Similar to (Step S104), the transmission unit 25 transmits the response signal 41 from the transmission antenna 22.
  • the transmission unit 25 transmits one response signal 41 to one request signal 40. Therefore, when the request signals 40a, 40b, and 40c are received, the transmission unit 25 transmits three response signals 41 corresponding to the request signals 40a, 40b, and 40c.
  • the response signal 41 transmitted in step S206 is as shown in FIG.
  • Step S207 In order to inform the in-vehicle device 10 that the moving state of the portable device 20 is not "moving to stationary", the transmitting unit 25 transmits a response signal 41 including error information from the transmitting antenna 22.
  • Step S208 Similar to (Step S105), the receiving antenna 12 of the vehicle 1 receives three response signals 41 corresponding to the request signals 40a, 40b, and 40c, respectively.
  • the receiving unit 15 extracts the transmission antenna identifier, the authentication ID, and the reception strength from the three response signals 41, and outputs the extracted transmission antenna identifier, authentication ID, and reception strength to the control unit 14.
  • the control unit 14 collects the reception intensity in units of coordinate axes for each request signal (for each transmission antenna) as shown in FIG.
  • Step S209 If the error information is included in any of the response signals 41 received in (Step S208), the control unit 14 indicates that the moving state of the portable device 20 is not “moving ⁇ still” but the vehicle door 30. It is determined that the unlocking operation is not performed in the vicinity, and the process is terminated. If no error information is included in all the response signals 41, the control unit 14 determines that the moving state of the portable device 20 is “moving ⁇ still”, and the process proceeds to (step S210).
  • Step S210 Same as (Step S106), and the received intensity ratio of the received intensity (FIG. 12) collected in (Step S208) and the received intensity ratio described in the received intensity ratio rule (FIG. 13). Are evaluated to determine whether or not the portable device 20 is near the vehicle door 30, that is, whether or not the portable device 20 is located within a specified range from the vehicle 1. If the control unit 14 determines that the portable device 20 is near the vehicle door 30 (YES in step S210), the process proceeds to (step S211). When it determines with the portable device 20 not being in the vehicle door 30 vicinity (it is NO at step S210), the control part 14 determines with the relay attack being performed, and complete
  • Step S211 Similar to (Step S107), the control unit 14 checks the authentication ID of the portable device 20 stored in the response signal 41. If the authentication ID stored in the response signal 41 is the authentication ID of the portable device 20 used for the operation of the vehicle 1, the process proceeds to (Step S212). On the other hand, if the authentication ID stored in the response signal 41 is not the authentication ID of the portable device 20 used for the operation of the vehicle 1, the control unit 14 ends the process.
  • Step S212 Similar to (Step S108)
  • the control unit 14 determines that the portable device 20 is in the vicinity of the vehicle 1, and unlocks the vehicle door 30 via the ECU 206.
  • the portable device state determination unit 26 sets the movement state of the portable device 20 to “moving” if the triaxial acceleration value changes by a certain threshold value or more. Can be determined.
  • the portable device state determination unit 26 can determine that the movement state of the portable device 20 is “still” when the triaxial acceleration value for a certain period of time changes only below a certain threshold value.
  • the portable device state determination unit 26 has a case where the X-axis and Y-axis acceleration values are 0 and the Z-axis acceleration value coincides with the gravitational acceleration, such as when the 3-axis acceleration value becomes a certain value.
  • the moving state of the portable device 20 can be determined as “still”.
  • step S205 If the determination in step S205 is made at a timing within a certain period after the determination in step S205 changes from the “moving” state to the “stationary” state, the portable device state determination unit 26 Is determined to be “moving ⁇ still”. On the other hand, when the determination in step S205 is performed at a timing after the “still state” state has elapsed for a certain period or longer, the portable device state determination unit 26 does not determine “moving ⁇ stationary” but “stationary” It is determined as “medium”. In addition, when the determination in step S205 is performed at a timing after the state of “still” is changed to “moving”, the portable device state determination unit 26 does not determine “movement ⁇ stationary”, It is determined as “moving”.
  • the in-vehicle device 10 performs the relay attack determination, but the portable device 20 may perform the relay attack determination.
  • the reception intensity ratio rule is stored in the auxiliary storage device 302 of the portable device 20.
  • the reception intensity ratio rule is loaded into the main storage device 303.
  • the control unit 24 performs (Step S007) in (Step S003) of FIG. If (YES in step S007), the control unit 24 also performs the process of (step S008) to generate a reception intensity ratio rule. On the other hand, if “NO” in the step S007, the process proceeds to the step S002. Thereafter, in FIG. 19 and FIG. 20, when the control unit 24 performs the process of (Step S210) in (Step S204) and determines that the portable device 20 is not near the vehicle 1 by the reception intensity ratio rule, the control unit 24 Determines that the relay attack is being performed and ends the process of the portable device 20. Thereafter, since the on-vehicle device 10 has passed for a certain period without receiving the response signal 41, the processing of the on-vehicle device 10 ends due to a timeout.
  • the in-vehicle device 10 since the mobile device 20 is not in the “moving ⁇ stationary” state, the in-vehicle device 10 does not perform the door unlocking process. Processing can also be performed by the portable device 20. In this case, the control unit 24 determines not to transmit the response signal 41 in (Step S207) in FIG. 19, and ends the processing of the portable device 20. Thereafter, the in-vehicle device 10 passes a certain period of time without receiving the response signal 41, and thus the processing of the in-vehicle device 10 ends due to a timeout.
  • the reception intensity ratio rule is used in the operation examples of FIGS. 6, 19, and 20, the door unlocking operation can be performed without using the reception intensity ratio rule. In this case, the processing of (Step S007) and (Step S008) in FIG. 6 is not necessary. If it is determined in (Step S006) that the portable device 20 is outside the vehicle, the process proceeds to (Step S009). After that, instead of the process of determining whether the portable device 20 is near the vehicle door 30 using the reception intensity ratio rule in (Step S210) of FIG. 20, the X axis, Y axis, and Z as shown in FIG.
  • step S211 If the axial reception intensity satisfies “ax: ay: az ⁇ bx: by: bz ⁇ cx: cy: cz”, the process proceeds to (step S211), and if not, the process of the in-vehicle device 10 ends. .
  • the accuracy of relay attack determination is reduced compared to the case where the reception intensity ratio rule is used.
  • the process of (Step S210) is not reached when the portable device 20 is moved and the direction of the reception axis is shifted by the process of (Step S205). For this reason, unlike the conventional method, it is possible to avoid a situation in which it is determined that the relay attack is not performed although the relay attack is performed due to the deviation of the direction of the reception axis.
  • the portable device 20 transmits one response signal 41 to one request signal 40 in (Step S004), (Step S206), and (Step S207). Instead, after receiving all the request signals 40 from the respective transmission antennas 11, the portable device 20 transmits the transmission antenna identifier included in each request signal 40 and the X-axis, Y-axis, and Z-axis of each request signal 40. The reception intensity of each axis may be included in the response signal 41 and transmitted. In that case, in the in-vehicle device 10, when one response signal 41 is received in (Step S 005) and (Step S 208), the reception strength for each request signal 40 as shown in FIG. 12 is acquired.
  • the unlocking of the vehicle door 30 by the relay attack as shown in FIG. 24 can be reliably prevented.
  • the attacker intentionally sets the arrival direction of each request signal 40 to the portable device 20 and disguises the situation where each request signal 40 is received near the vehicle door 30.
  • the conventional method cannot detect that a relay attack has occurred.
  • the unlocking operation of the vehicle door 30 is not performed. Therefore, the unlocking of the vehicle door 30 by the relay attack is not performed. It can be surely prevented.
  • the portable device 20 is “moving”, it is necessary for the attacker to follow the movement of the portable device 20 and arrange the repeaters 50a to 50f at appropriate positions. It is difficult to make the request signal 40 reach the machine 20 from different directions of arrival. Therefore, when the movement state of the portable device 20 is “moving” and “moving ⁇ stationary”, the possibility of receiving the attack pattern shown in FIG. 24 is low, and the relay attack is reliably detected against this attack. It can be carried out.
  • the auxiliary storage device 202 of the in-vehicle device 10 also stores an OS (Operating System). Then, at least a part of the OS is executed by the processor 201.
  • the processor 201 executes a program that realizes the functions of the transmission unit 13, the control unit 14, the reception unit 15, and the reception intensity ratio rule generation unit 16 while executing at least a part of the OS.
  • the processor 201 executes the OS, task management, memory management, file management, communication control, and the like are performed.
  • at least one of information, data, a signal value, and a variable value indicating processing results of the transmission unit 13, the control unit 14, the reception unit 15, and the reception intensity ratio rule generation unit 16 is stored in the storage device 902 and the processor 901.
  • the programs for realizing the functions of the transmission unit 13, the control unit 14, the reception unit 15, and the reception intensity ratio rule generation unit 16 are magnetic disks, flexible disks, optical disks, compact disks, Blu-ray (registered trademark) disks, DVDs, and the like. It may be stored in a portable recording medium.
  • the auxiliary storage device 302 of the portable device 20 also stores an OS. At least a part of the OS is executed by the processor 301.
  • the processor 301 executes a program that realizes the functions of the reception unit 23, the control unit 24, the transmission unit 25, the portable device state determination unit 26, and the seismic data acquisition unit 27 while executing at least a part of the OS.
  • the processor 301 executes the OS, task management, memory management, file management, communication control, and the like are performed.
  • at least one of information, data, a signal value, and a variable value indicating processing results of the reception unit 23, the control unit 24, the transmission unit 25, the portable device state determination unit 26, and the seismic data acquisition unit 27 is stored in the storage device.
  • achieves the function of the receiving part 23, the control part 24, the transmission part 25, the portable device state determination part 26, and the seismic sensitivity data acquisition part 27 is a magnetic disk, a flexible disk, an optical disk, a compact disk, Blu-ray (trademark). ) It may be stored in a portable recording medium such as a disk or DVD.
  • “part” of the transmission unit 13, the control unit 14, the reception unit 15, and the reception intensity ratio rule generation unit 16 may be read as “circuit”, “process”, “procedure”, or “processing”.
  • the vehicle-mounted apparatus 10 may be implement
  • the processing circuit is, for example, a logic IC (Integrated Circuit), a GA (Gate Array), an ASIC (Application Specific Integrated Circuit), or an FPGA (Field-Programmable Gate Array).
  • the “unit” in the receiving unit 23, the control unit 24, the transmitting unit 25, the portable device state determination unit 26, and the seismic data acquisition unit 27 is replaced with “circuit” or “process” or “procedure” or “processing”. May be.
  • the portable device 20 may be realized by a processing circuit. As described above, the processing circuit is a logic IC, GA, ASIC, or FPGA.
  • processing circuitry the superordinate concept of the processor and the processing circuit. That is, the processor and the processing circuit are specific examples of “processing circuitry”.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Remote Sensing (AREA)
  • Mechanical Engineering (AREA)
  • Lock And Its Accessories (AREA)
  • Selective Calling Equipment (AREA)

Abstract

A vehicle-mounted device (10) according to the present invention is included in a vehicle management system that includes a mobile device (20) that is carried by a user of a vehicle (1) and is for receiving wireless signals (40a, 40b, 40c) transmitted from a plurality of transmission antennas (11a, 11b, 11c) disposed on the vehicle (1) so as to be removed from each other and measuring the intensities of the wireless signals received from each of the transmission antennas. The vehicle-mounted device (10) stores reception intensity ratio rules indicating, for each transmission antenna, a value that serves as a reference value and has been obtained from an actual wireless signal reception intensity value when the mobile device (20) was within a prescribed range from the vehicle (1). The vehicle-mounted device (10) evaluates, for each transmission antenna, the degree of matching between a measured reception intensity value measured by the mobile device (20) and the reference value indicated by the reception intensity ratio rules and determines whether the mobile device (20) is within the prescribed range from the vehicle (1).

Description

判定装置、端末装置、判定方法、通信方法、判定プログラム及び通信プログラムDetermination device, terminal device, determination method, communication method, determination program, and communication program
 本発明は車両管理システムに関する。 The present invention relates to a vehicle management system.
 車両管理システムとして、車両ドアの施錠及び開錠に使われるキーレスエントリーシステムが普及している。キーレスエントリーシステムとは、車両に設けられた車載装置と利用者が携帯する端末装置(以下、携帯機という)の間で無線通信を行い、携帯機のID(Identifier)認証が許可されれば車両のドアを施錠又は開錠するシステムである。
 キーレスエントリーシステムが用いられる車両では、携帯機が車両から離れると自動的に施錠し、携帯機が車両に近づくと自動的に開錠する。従って、利用者が携帯機を操作しなくても保持しているだけで車両ドアを施錠又は開錠することができる。
 このようなキーレスエントリーシステムでは、車両ドアの開錠については利用者が車両の近くにいることを前提として、車載装置からは到達距離を限定したLF(低周波)のリクエスト信号が出力される。一方、携帯機からは遠隔距離からのドアロック操作も可能とするためRF(高周波)のレスポンス信号が出力されるようになっている。そして、リクエスト信号やレスポンス信号の受信強度をもとに車載装置と携帯機の距離が算出され、車両ドアの開錠又は施錠が行われる。 As a vehicle management system, a keyless entry system used for locking and unlocking a vehicle door has become widespread. A keyless entry system refers to a vehicle that performs wireless communication between an in-vehicle device provided in a vehicle and a terminal device (hereinafter referred to as a portable device) carried by a user, and ID (Identifier) authentication of the portable device is permitted. This is a system for locking or unlocking the door.
In a vehicle using a keyless entry system, the mobile device is automatically locked when the mobile device leaves the vehicle, and is automatically unlocked when the mobile device approaches the vehicle. Therefore, the vehicle door can be locked or unlocked only by holding the portable device without operating the portable device.
In such a keyless entry system, an LF (low frequency) request signal with a limited reach is output from the in-vehicle device on the assumption that the user is near the vehicle for unlocking the vehicle door. On the other hand, an RF (high frequency) response signal is output from the portable device to enable a door lock operation from a remote distance. Then, the distance between the in-vehicle device and the portable device is calculated based on the reception intensity of the request signal and the response signal, and the vehicle door is unlocked or locked.
 ところで、携帯機が車両に近づいて車両ドアを自動的に開錠するキーレスエントリーシステムに対して、悪意をもった第三者が中継器を用いるリレーアタックという攻撃を行うことがある。リレーアタックが行われると、携帯機を持った利用者が車両から離れた位置に居てもドアが開錠されてしまうおそれがある。すなわち、中継器が車載装置と携帯機間のリクエスト信号及びレスポンス信号を中継することで、車載装置と携帯機間の無線信号の送受信が可能となる。このため、携帯機を持った利用者が車両から離れた位置にいても、中継器は車載装置に携帯機からのレスポンス信号を送信することができ、受信強度による距離算出が正しくできなくなってしまう。この結果、車載装置が、携帯機が車載装置の近くにあると誤認識してしまい、車両ドアを開錠してしまう。 By the way, a malicious third party may attack a keyless entry system in which a portable device approaches a vehicle and automatically unlocks the vehicle door, using a relay attack. When relay attack is performed, the door may be unlocked even if the user with the portable device is at a position away from the vehicle. That is, the relay device relays a request signal and a response signal between the in-vehicle device and the portable device, so that wireless signals can be transmitted and received between the in-vehicle device and the portable device. For this reason, even if the user with the portable device is away from the vehicle, the repeater can transmit the response signal from the portable device to the in-vehicle device, and the distance calculation based on the received intensity cannot be performed correctly. . As a result, the in-vehicle device erroneously recognizes that the portable device is near the in-vehicle device, and unlocks the vehicle door.
 特許文献1には、リレーアタックに対する対策が開示されている。
 特許文献1では、車両の複数個所に設置した送信アンテナからそれぞれリクエスト信号が送信される。携帯機は3次元座標での各軸線方向を向いた3つの受信アンテナを備える。そして、携帯機は、3つの受信アンテナにおける各リクエスト信号の受信強度を検出する。車載装置は、携帯機からリクエスト信号ごとの受信強度を通知され、リクエスト信号ごとの3つの受信強度を比較する。そして、受信強度比が全てのリクエスト信号で一致していれば、中継器によって一方向から複数のリクエスト信号が送信されたとしてリレーアタックが行われていると判定することができる。一方、受信強度比がリクエスト信号ごとに異なっていれば、リレーアタックが行われていないと判定することができる。3つの受信アンテナによる3つの受信強度はリクエスト信号の到来方向によって異なるため、中継器によって中継されて携帯機に到来するリクエスト信号は3つの受信強度間の比によって区別できる。 Patent Document 1 discloses a countermeasure against a relay attack.
In Patent Document 1, request signals are transmitted from transmission antennas installed at a plurality of locations of a vehicle. The portable device includes three receiving antennas facing each axial direction in three-dimensional coordinates. And a portable machine detects the receiving intensity of each request signal in three receiving antennas. The in-vehicle device is notified of the reception strength for each request signal from the portable device, and compares the three reception strengths for each request signal. If the reception intensity ratios are the same for all request signals, it can be determined that a relay attack is being performed on the assumption that a plurality of request signals are transmitted from one direction by the repeater. On the other hand, if the reception intensity ratio is different for each request signal, it can be determined that the relay attack is not performed. Since the three reception strengths by the three reception antennas differ depending on the arrival directions of the request signals, the request signals that are relayed by the repeater and arrive at the portable device can be distinguished by the ratio between the three reception strengths.
 また、特許文献2にも、リレーアタックに対する対策が開示されている。
 特許文献2では、車両に設置した複数の送信アンテナから出力順を毎回変化させながらリクエスト信号が送信される。携帯機は1つの受信アンテナを備え、各リクエスト信号の受信強度の変化順序を確認する。そして、変化順序が正しくなければリレーアタックが行われていると判定することができる。一方、変化順序が正しければリレーアタックが行われていないと判定することができる。 Patent Document 2 also discloses a countermeasure against a relay attack.
In Patent Document 2, a request signal is transmitted from a plurality of transmission antennas installed in a vehicle while changing the output order every time. The portable device includes one receiving antenna and confirms the change order of the reception intensity of each request signal. If the change order is not correct, it can be determined that a relay attack is being performed. On the other hand, if the change order is correct, it can be determined that the relay attack is not performed.
特開2006-342545号公報JP 2006-342545 A 特開2016-035133号公報JP 2016-035133 A
 特許文献1では、複数のリクエスト信号が異なるタイミングで携帯機に到達する。
 しかしながら、携帯機が利用者の動きによって縦横に動き受信軸の方向が動いた場合は、リクエスト信号ごとの3つの受信アンテナにおける3つの受信強度の間の比が正しく算出できなくなってしまう。具体的には、リレーアタックが行われた場合は、携帯機は全てのリクエスト信号を同一方向から受信するため、通常ならばリクエスト信号ごとの3つの受信強度の間の比は、全てのリクエスト信号で一致する。しかし、携帯機が動いて受信軸の方向がずれながらリクエスト信号を受信した場合は、受信軸の方向がずれることによって3つの受信強度の間の比がリクエスト信号ごとに異なる可能性がある。このように3つの受信強度の間の比がリクエスト信号ごとに異なることになった場合は、リレーアタックが行われたと判定することができない。 In Patent Document 1, a plurality of request signals arrive at the portable device at different timings.
However, if the mobile device moves vertically and horizontally due to the movement of the user and the direction of the reception axis moves, the ratio between the three reception strengths at the three reception antennas for each request signal cannot be calculated correctly. Specifically, when a relay attack is performed, since the portable device receives all request signals from the same direction, the ratio between the three reception strengths for each request signal is usually all request signals. Match. However, when the portable device moves and receives a request signal while the direction of the reception axis is shifted, the ratio between the three reception strengths may be different for each request signal due to the shift of the direction of the reception axis. Thus, when the ratio between the three reception strengths differs for each request signal, it cannot be determined that the relay attack has been performed.
 一方、特許文献2では、中継器が各リクエスト信号の強度を再現して各リクエスト信号を中継した場合は、リレーアタックが行われていると判定することができない。これはリクエスト信号の到来方向に着目した特許文献1の技術によって解決できる。
 しかし、特許文献1は上記のように、携帯機が利用者の動きによって縦横に動き受信軸の方向が動いた場合にはリレーアタックを検出することができない。 On the other hand, in Patent Document 2, when a repeater reproduces the intensity of each request signal and relays each request signal, it cannot be determined that a relay attack is being performed. This can be solved by the technique of Patent Document 1 focusing on the arrival direction of the request signal.
However, as described above, Patent Document 1 cannot detect a relay attack when the portable device moves vertically and horizontally due to the movement of the user and the direction of the reception axis moves.
 本発明は、利用者の動きによって、利用者が携帯する端末装置が動いた場合でもリレーアタックを正確に検出できる構成を得ることを主な目的とする。 The main object of the present invention is to obtain a configuration capable of accurately detecting a relay attack even when a terminal device carried by the user moves according to the movement of the user.
 本発明に係る判定装置は、
 車両上に相互に離れて配置された複数の送信アンテナから送信された複数の無線信号を受信し、送信アンテナごとに無線信号の受信強度を計測する、前記車両の利用者に携帯される端末装置が含まれる車両管理システムに含まれる判定装置であって、
 前記端末装置が前記車両から規定の範囲内に所在する場合の無線信号の受信強度の実績値から得られる値が参照値として送信アンテナごとに示される受信強度情報を記憶する記憶部と、
 送信アンテナごとに、前記端末装置により計測された受信強度の計測値と前記受信強度情報に示される前記参照値との一致度を評価して、前記端末装置が前記車両から前記規定の範囲内に所在するか否かを判定する制御部とを有する。 The determination apparatus according to the present invention includes:
A terminal device that is carried by a user of the vehicle, receives a plurality of radio signals transmitted from a plurality of transmission antennas arranged away from each other on the vehicle, and measures the reception strength of the radio signal for each transmission antenna. A determination device included in a vehicle management system including
A storage unit that stores reception strength information in which a value obtained from the actual value of the reception strength of a radio signal when the terminal device is located within a specified range from the vehicle is indicated for each transmission antenna as a reference value;
For each transmission antenna, the degree of coincidence between the measurement value of the reception intensity measured by the terminal device and the reference value indicated by the reception intensity information is evaluated, and the terminal device is within the specified range from the vehicle. And a control unit for determining whether or not the user is present.
 本発明によれば、利用者の動きによって、利用者が携帯する端末装置が動いた場合でもリレーアタックを正確に検出することができる。 According to the present invention, it is possible to accurately detect a relay attack even when a terminal device carried by the user moves according to the movement of the user.
実施の形態1に係るキーレスエントリーシステムの構成例を示す図。1 is a diagram illustrating a configuration example of a keyless entry system according to Embodiment 1. FIG. 実施の形態1に係る車載装置のハードウェア構成例を示す図。FIG. 3 is a diagram illustrating a hardware configuration example of the in-vehicle device according to the first embodiment. 実施の形態1に係る携帯機のハードウェア構成例を示す図。FIG. 3 illustrates a hardware configuration example of a portable device according to Embodiment 1; 実施の形態1に係る車載装置の機能構成例を示す図。FIG. 3 is a diagram illustrating a functional configuration example of the in-vehicle device according to the first embodiment. 実施の形態1に係る携帯機の機能構成例を示す図。FIG. 3 illustrates a functional configuration example of a mobile device according to Embodiment 1; 実施の形態1に係る車両ドア施錠時のキーレスエントリーシステムの動作例を示すフローチャート。5 is a flowchart showing an operation example of the keyless entry system when the vehicle door is locked according to the first embodiment. 実施の形態1に係る車両ドア開錠時のキーレスエントリーシステムの動作例を示すフローチャート。5 is a flowchart showing an operation example of the keyless entry system when the vehicle door is unlocked according to the first embodiment. 実施の形態1に係るリレーアタックが行われていない場合のリクエスト信号の受信方向を示す図。The figure which shows the receiving direction of the request signal when the relay attack which concerns on Embodiment 1 is not performed. 実施の形態1に係るリレーアタックが行われている場合のリクエスト信号の受信方向を示す図。The figure which shows the receiving direction of the request signal in case the relay attack which concerns on Embodiment 1 is performed. 実施の形態1に係る携帯機が車両ドア付近にいる場合のリクエスト信号の受信状況を示す図。The figure which shows the reception condition of the request signal when the portable machine which concerns on Embodiment 1 exists in the vehicle door vicinity. 実施の形態1に係るリレーアタックが行われている場合のリクエスト信号の受信状況を示す図。The figure which shows the reception condition of the request signal in case the relay attack which concerns on Embodiment 1 is performed. 実施の形態1に係るリクエスト信号ごと、かつ軸ごとの受信強度の例を示す図。The figure which shows the example of the receiving strength for every request signal which concerns on Embodiment 1, and for every axis | shaft. 実施の形態1に係る受信強度比ルールの例を示す図。FIG. 6 is a diagram illustrating an example of a reception intensity ratio rule according to the first embodiment. 実施の形態1に係るリクエスト信号の例を示す図。FIG. 5 shows an example of a request signal according to the first embodiment. 実施の形態1に係るレスポンス信号の例を示す図。FIG. 6 shows an example of a response signal according to the first embodiment. 実施の形態1に係る各軸の受信強度を示す図。FIG. 4 is a diagram showing reception strength of each axis according to the first embodiment. 実施の形態2に係る携帯機のハードウェア構成例を示す図。FIG. 6 illustrates a hardware configuration example of a mobile device according to Embodiment 2; 実施の形態2に係る携帯機の機能構成例を示す図。FIG. 6 illustrates a functional configuration example of a mobile device according to Embodiment 2; 実施の形態2に係る車両ドア開錠時のキーレスエントリーシステムの動作例を示すフローチャート。7 is a flowchart showing an operation example of the keyless entry system when the vehicle door is unlocked according to the second embodiment. 実施の形態2に係る車両ドア開錠時のキーレスエントリーシステムの動作例を示すフローチャート。7 is a flowchart showing an operation example of the keyless entry system when the vehicle door is unlocked according to the second embodiment. 実施の形態2に係る利用者が移動中の加速度値の推移の例を示す図。The figure which shows the example of transition of the acceleration value in which the user which concerns on Embodiment 2 is moving. 実施の形態2に係る利用者が静止中の加速度値の推移の例を示す図。The figure which shows the example of transition of the acceleration value when the user which concerns on Embodiment 2 is still. 実施の形態2に係る利用者が移動状態から静止状態に遷移する際の加速度値の推移の例を示す図。The figure which shows the example of transition of the acceleration value at the time of the user concerning Embodiment 2 changing from a movement state to a stationary state. 複数の中継器を用いたリレーアタックの例を示す図。The figure which shows the example of the relay attack using a some repeater. 実施の形態1に係る携帯機の受信アンテナの指向方向の例を示す図。FIG. 6 shows an example of the directivity direction of the receiving antenna of the portable device according to Embodiment 1;
 以下、本発明の実施の形態について、図を用いて説明する。以下の実施の形態の説明及び図面において、同一の符号を付したものは、同一の部分又は相当する部分を示す。なお、この実施の形態によりこの発明が限定されるものではない。 Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the following description of the embodiments and drawings, the same reference numerals denote the same or corresponding parts. Note that the present invention is not limited to the embodiments.
 実施の形態1.
***構成の説明***
 図1は、本実施の形態に係る車両管理システムの構成例を示す。本実施の形態では、車両管理システムとしてキーレスエントリーシステムを説明する。 Embodiment 1 FIG.
*** Explanation of configuration ***
FIG. 1 shows a configuration example of a vehicle management system according to the present embodiment. In this embodiment, a keyless entry system will be described as a vehicle management system.
 本実施の形態に係るキーレスエントリーシステムは、車両ドア30を施錠または開錠する。
 車両1には車載装置10が設けられ、車両1の利用者は端末装置である携帯機20を携帯する。
 そして、車載装置10と携帯機20が無線通信を行って、認証、施錠及び開錠が行われる。 The keyless entry system according to the present embodiment locks or unlocks the vehicle door 30.
The vehicle 1 is provided with an in-vehicle device 10, and a user of the vehicle 1 carries a portable device 20 that is a terminal device.
And the vehicle-mounted apparatus 10 and the portable device 20 perform radio | wireless communication, and authentication, locking, and unlocking are performed.
 車載装置10は、車両1に設置された送信アンテナ11a、11b、11cと受信アンテナ12を利用して、携帯機20と無線通信する。送信アンテナ11a、11b、11cは低周波(LF)の無線信号であるリクエスト信号40a、40b、40cを送信する。
 リクエスト信号40a、40b、40cを受信した携帯機20は高周波(RF)の無線信号であるレスポンス信号41を送信する。
 受信アンテナ12は、携帯機20から送信されたレスポンス信号41を受信する。
 送信アンテナ11a、11b、11cは、車両1上に相互に離れて配置されている。例えば、送信アンテナ11a、11b、11cは、相互に50cm以上離れて配置されている。
 以下では、送信アンテナ11a、11b、11cを区別する必要が無いときは、送信アンテナ11a、11b、11cを送信アンテナ11と表記する。
 また、リクエスト信号40a、40b、40cを区別する必要が無いときは、リクエスト信号40a、40b、40cをリクエスト信号40と表記する。
 図1では送信アンテナ11の数を3つとしているが、送信アンテナ11の数は2つ以上であれば3つに限定されない。
 なお、本実施の形態では、車載装置10は判定装置に相当する。
 また、車載装置10により行われる動作は、判定方法及び判定プログラムに相当する。 The in-vehicle device 10 wirelessly communicates with the portable device 20 using the transmission antennas 11 a, 11 b, 11 c and the reception antenna 12 installed in the vehicle 1. The transmission antennas 11a, 11b, and 11c transmit request signals 40a, 40b, and 40c, which are low-frequency (LF) radio signals.
The portable device 20 that has received the request signals 40a, 40b, and 40c transmits a response signal 41 that is a radio frequency (RF) radio signal.
The receiving antenna 12 receives the response signal 41 transmitted from the portable device 20.
The transmission antennas 11a, 11b, and 11c are arranged on the vehicle 1 so as to be separated from each other. For example, the transmission antennas 11a, 11b, and 11c are arranged 50 cm or more apart from each other.
Hereinafter, when there is no need to distinguish between the transmission antennas 11a, 11b, and 11c, the transmission antennas 11a, 11b, and 11c are referred to as the transmission antenna 11.
Further, when it is not necessary to distinguish between the request signals 40a, 40b, and 40c, the request signals 40a, 40b, and 40c are expressed as the request signal 40.
In FIG. 1, the number of transmission antennas 11 is three, but the number of transmission antennas 11 is not limited to three as long as the number is two or more.
In the present embodiment, the in-vehicle device 10 corresponds to a determination device.
The operations performed by the in-vehicle device 10 correspond to a determination method and a determination program.
 図2及び図3は本実施の形態に係るキーレスエントリーシステムのハードウェア構成例を示す。 2 and 3 show examples of the hardware configuration of the keyless entry system according to the present embodiment.
 図2は、車載装置10のハードウェア構成例を示す。
 プロセッサ201は、例えばCPU(Central Processing Unit)である。
 補助記憶装置202は、例えばハードディスク装置である。
 主記憶装置203は、例えばRAM(Random Access Memory)である。
 送信装置204と受信装置205は、携帯機20との無線通信に利用される。
 ECU(Engine Control Unit)206は、車両ドア30の施錠及び開錠を制御する。 FIG. 2 shows a hardware configuration example of the in-vehicle device 10.
The processor 201 is, for example, a CPU (Central Processing Unit).
The auxiliary storage device 202 is, for example, a hard disk device.
The main storage device 203 is, for example, a RAM (Random Access Memory).
The transmission device 204 and the reception device 205 are used for wireless communication with the portable device 20.
An ECU (Engine Control Unit) 206 controls locking and unlocking of the vehicle door 30.
 図3は、携帯機20のハードウェア構成例を示す。
 プロセッサ301は、例えばCPUである。
 補助記憶装置302は、例えばハードディスク装置である。
 主記憶装置303は、例えばRAMである。
 送信装置304と受信装置305は、車載装置10との無線通信に利用される。 FIG. 3 shows a hardware configuration example of the portable device 20.
The processor 301 is a CPU, for example.
The auxiliary storage device 302 is, for example, a hard disk device.
The main storage device 303 is, for example, a RAM.
The transmission device 304 and the reception device 305 are used for wireless communication with the in-vehicle device 10.
 図4及び図5は本実施の形態に係るキーレスエントリーシステムの機能構成例を示す。 4 and 5 show functional configuration examples of the keyless entry system according to the present embodiment.
 図4は、車載装置10の機能構成例を示している。
 送信アンテナ11a、11b、11c及び受信アンテナ12については既に説明を行っているので、ここでは説明を省略する。
 送信部13、制御部14、受信部15及び受信強度比ルール生成部16は、例えばプログラムにより実現される。
 送信部13、制御部14、受信部15及び受信強度比ルール生成部16を実現するプログラムは、例えば、補助記憶装置202に記憶されている。そして、当該プログラムは、補助記憶装置202から主記憶装置303によりロードされ、プロセッサ201により実行される。
 図4では、プロセッサ201によりプログラムが実行されている状態を模式的に表している。 FIG. 4 shows a functional configuration example of the in-vehicle device 10.
Since the transmission antennas 11a, 11b, and 11c and the reception antenna 12 have already been described, description thereof is omitted here.
The transmission unit 13, the control unit 14, the reception unit 15, and the reception intensity ratio rule generation unit 16 are realized by a program, for example.
A program for realizing the transmission unit 13, the control unit 14, the reception unit 15, and the reception intensity ratio rule generation unit 16 is stored in the auxiliary storage device 202, for example. The program is loaded from the auxiliary storage device 202 into the main storage device 303 and executed by the processor 201.
FIG. 4 schematically shows a state in which the program is executed by the processor 201.
 送信部13は、送信アンテナ11a、11b、11cから送信するリクエスト信号40a、40b、40cの送信を制御する。具体的には、送信部13は、図14のように各リクエスト信号40に送信する送信アンテナ11の識別子を格納し、リクエスト信号40の送信タイミングを制御する。 The transmission unit 13 controls transmission of the request signals 40a, 40b, and 40c transmitted from the transmission antennas 11a, 11b, and 11c. Specifically, the transmission unit 13 stores the identifier of the transmission antenna 11 to be transmitted to each request signal 40 as shown in FIG. 14 and controls the transmission timing of the request signal 40.
 受信部15は、受信アンテナ12で受信したレスポンス信号41を処理する。
 具体的には、図15のようにレスポンス信号41に送信アンテナ11a、11b、11cのいずれかを示す識別子とその受信強度、更に携帯機20の認証用IDが格納されているため、受信部15は、これらを各リクエスト信号40から取り出して制御部14へ渡す。 The receiving unit 15 processes the response signal 41 received by the receiving antenna 12.
Specifically, as shown in FIG. 15, the response signal 41 stores an identifier indicating one of the transmission antennas 11 a, 11 b, and 11 c, its reception strength, and the authentication ID of the portable device 20. Extracts these from each request signal 40 and passes them to the control unit 14.
 制御部14は、キーレスエントリーシステムの処理を制御する。
 具体的には、制御部14は、携帯機20の位置算出、携帯機20の認証、リレーアタック判定を行う。
 制御部14は、後述する受信強度比ルールを主記憶装置203から読み出し、読み出した受信強度比ルールを用いて、携帯機20が車両1から規定の範囲内に所在するか否かを判定する。そして、制御部14は、携帯機20が車両1から規定の範囲内に所在すると判定した場合に、携帯機20から車両1への操作(例えば、施錠又は開錠)を許可する。規定の範囲は、例えば、3メートルである。当該規定の範囲は車両メーカー又は車載装置10メーカーが任意に設定することができる。
 制御部14により行われる処理は、読み出し処理及び制御処理に相当する。 The control unit 14 controls processing of the keyless entry system.
Specifically, the control unit 14 performs position calculation of the portable device 20, authentication of the portable device 20, and relay attack determination.
The control unit 14 reads out a reception intensity ratio rule, which will be described later, from the main storage device 203 and determines whether the portable device 20 is located within a specified range from the vehicle 1 using the read reception intensity ratio rule. And the control part 14 permits operation (for example, locking or unlocking) from the portable device 20 to the vehicle 1, when it determines with the portable device 20 being located in the prescription | regulation range from the vehicle 1. FIG. The specified range is, for example, 3 meters. The specified range can be arbitrarily set by the vehicle manufacturer or the in-vehicle device 10 manufacturer.
Processing performed by the control unit 14 corresponds to reading processing and control processing.
 受信強度比ルール生成部16は、受信強度比ルールを生成する。
 受信強度比ルールは、受信強度情報に相当する。
 受信強度比ルールは、補助記憶装置202で記憶されている。また、受信強度比ルールは、主記憶装置203にロードされる。
 補助記憶装置202及び主記憶装置203は、記憶部に相当する。 The reception intensity ratio rule generation unit 16 generates a reception intensity ratio rule.
The reception intensity ratio rule corresponds to reception intensity information.
The reception intensity ratio rule is stored in the auxiliary storage device 202. The reception intensity ratio rule is loaded into the main storage device 203.
The auxiliary storage device 202 and the main storage device 203 correspond to a storage unit.
 図5は、携帯機20の機能構成例を示す。
 受信アンテナ21a、21b、21cは、図25に示すようにそれぞれ互いに直交する軸線方向(X軸、Y軸、Z軸)を向くように携帯機20内に配置されており、対応する方向の磁界成分を検出する。
 送信アンテナ22は車両1に向けてレスポンス信号41を送信する。 FIG. 5 shows a functional configuration example of the portable device 20.
As shown in FIG. 25, the receiving antennas 21a, 21b, and 21c are arranged in the portable device 20 so as to face axial directions (X axis, Y axis, and Z axis) that are orthogonal to each other, and magnetic fields in the corresponding directions. Detect ingredients.
The transmission antenna 22 transmits a response signal 41 toward the vehicle 1.
 受信部23、制御部24及び送信部25は、例えばプログラムにより実現される。
 受信部23、制御部24及び送信部25を実現するプログラムは、例えば、補助記憶装置302に記憶されている。そして、当該プログラムは、補助記憶装置302から主記憶装置303によりロードされ、プロセッサ301により実行される。
 図5では、プロセッサ301によりプログラムが実行されている状態を模式的に表している。 The reception unit 23, the control unit 24, and the transmission unit 25 are realized by a program, for example.
A program for realizing the reception unit 23, the control unit 24, and the transmission unit 25 is stored in the auxiliary storage device 302, for example. The program is loaded from the auxiliary storage device 302 by the main storage device 303 and executed by the processor 301.
FIG. 5 schematically shows a state in which the program is executed by the processor 301.
 受信部23は、図12のように受信アンテナ21a、21b、21cで受信したリクエスト信号40aのX軸、Y軸、Z軸の各軸線方向における受信強度を、図16に示すような形でそれぞれ検出する。受信部23は、リクエスト信号40b、40cに対しても同様に各軸線方向における受信強度を検出する。
 つまり、受信部23は、送信アンテナ11ごと、かつ、3次元座標軸における座標軸(X軸、Y軸、Z軸)ごとにリクエスト信号40の受信強度を計測する。 As shown in FIG. 16, the receiving unit 23 receives the reception intensity in the X-axis, Y-axis, and Z-axis directions of the request signal 40a received by the receiving antennas 21a, 21b, and 21c as shown in FIG. To detect. Similarly, the reception unit 23 detects the reception intensity in each axial direction for the request signals 40b and 40c.
That is, the receiving unit 23 measures the reception intensity of the request signal 40 for each transmission antenna 11 and for each coordinate axis (X axis, Y axis, Z axis) in the three-dimensional coordinate axis.
 制御部24は、受信部23でリクエスト信号40の受信強度を検出した際に送信部25へレスポンス信号41の送信を指示する。 The control unit 24 instructs the transmission unit 25 to transmit the response signal 41 when the reception unit 23 detects the reception intensity of the request signal 40.
 送信部25は、送信アンテナ22にレスポンス信号41の送信を指示する。
 レスポンス信号41には、図15に示すように、送信アンテナ11a、11b、11cのいずれかを示す識別子と、携帯機20の認証用ID、受信部23により検出された各軸の受信強度が格納されている。 The transmission unit 25 instructs the transmission antenna 22 to transmit the response signal 41.
As shown in FIG. 15, the response signal 41 stores an identifier indicating one of the transmission antennas 11a, 11b, and 11c, the authentication ID of the portable device 20, and the reception intensity of each axis detected by the receiving unit 23. Has been.
 図13は、受信強度比ルールの例を示す。
 受信強度比ルールでは、リクエスト信号40の受信強度の実績値から得られる値が参照値として、送信アンテナ11ごと(リクエスト信号40ごと)に示される。
 より具体的には、受信強度比ルールでは、3次元座標軸における座標軸(X軸、Y軸、Z軸)ごとの実績値の間の比が参照値として送信アンテナ11ごとに示される。
 本実施の形態では、車載装置10の受信強度比ルール生成部16が、車両ドア施錠時に計測された受信強度の実績値を用いて受信強度比ルールを生成(更新)する。つまり、本実施の形態では、受信強度比ルールには、携帯機20が車両1から規定の範囲内に所在している際に計測された送信アンテナごとかつ座標軸ごとの受信強度の実績値の間の比が参照値として示される。本実施の形態では、受信強度比ルールに受信強度の実績値の間の比が参照値として示される例を説明するが、受信強度比ルールに受信強度の実績値そのものが示されていてもよい。
 なお、受信強度比ルール生成部16が受信強度比ルールを生成(更新)しないようにしてもよい。
 つまり、車両メーカー又は車載装置10メーカーにおいて、携帯機20と同様の携帯機が車両1と同様の車両付近に所在している際のリクエスト信号の受信強度を計測し、計測により得られた実績値の間の比が記述された受信強度比ルールを用いるようにしてもよい。
 この場合は、後述する図6のステップS008を省略してもよい。また、車載装置10から受信強度比ルール生成部16を省略するようにしてもよい。 FIG. 13 shows an example of the reception intensity ratio rule.
In the reception intensity ratio rule, a value obtained from the actual value of the reception intensity of the request signal 40 is indicated for each transmission antenna 11 (for each request signal 40) as a reference value.
More specifically, in the reception intensity ratio rule, a ratio between actual values for each coordinate axis (X axis, Y axis, Z axis) in a three-dimensional coordinate axis is indicated for each transmission antenna 11 as a reference value.
In the present embodiment, the reception intensity ratio rule generation unit 16 of the in-vehicle device 10 generates (updates) the reception intensity ratio rule using the actual value of the reception intensity measured when the vehicle door is locked. In other words, in the present embodiment, the reception intensity ratio rule includes the actual value of the reception intensity for each transmission antenna and each coordinate axis measured when the portable device 20 is located within a specified range from the vehicle 1. Is shown as a reference value. In the present embodiment, an example in which the ratio between the actual received intensity values is indicated as a reference value in the received intensity ratio rule will be described, but the actual received intensity value may be indicated in the received intensity ratio rule. .
The reception intensity ratio rule generation unit 16 may not generate (update) the reception intensity ratio rule.
That is, in the vehicle manufacturer or the vehicle-mounted device 10 manufacturer, the reception value of the request signal when the portable device similar to the portable device 20 is located in the vicinity of the vehicle similar to the vehicle 1 is measured, and the actual value obtained by the measurement It is also possible to use a reception intensity ratio rule describing the ratio between the two.
In this case, step S008 of FIG. 6 described later may be omitted. Further, the reception intensity ratio rule generation unit 16 may be omitted from the in-vehicle device 10.
***動作の説明***
 次に、本実施の形態に係るキーレスエントリーシステムの動作例を図6及び図7に沿って説明する。 *** Explanation of operation ***
Next, an operation example of the keyless entry system according to the present embodiment will be described with reference to FIGS.
 図6は車両ドア施錠時のキーレスエントリーシステムの動作例を示す。 Fig. 6 shows an example of the operation of the keyless entry system when the vehicle door is locked.
 (ステップS001):利用者の操作によってエンジンが停止する。
 (ステップS002):車両1の送信アンテナ11a、11b、11cから図14のように送信アンテナ識別子が付加されたリクエスト信号40a、40b、40cが送信される。 (Step S001): The engine is stopped by the user's operation.
(Step S002): Request signals 40a, 40b, and 40c to which transmission antenna identifiers are added are transmitted from the transmission antennas 11a, 11b, and 11c of the vehicle 1 as shown in FIG.
 (ステップS003):携帯機20の受信アンテナ21a、21b、21cが図8又は図9のようにリクエスト信号40a、40b、40cを受信する。そして、受信部23が、リクエスト信号40ごとに図16のようにX軸、Y軸、Z軸の各軸線方向の受信強度を検出する。 (Step S003): The receiving antennas 21a, 21b, and 21c of the portable device 20 receive the request signals 40a, 40b, and 40c as shown in FIG. 8 or FIG. And the receiving part 23 detects the receiving intensity | strength of each axis direction of a X-axis, a Y-axis, and a Z-axis for every request signal 40 like FIG.
 (ステップS004):携帯機20の送信部25が、送信アンテナ22からレスポンス信号41を送信する。送信部25は、1つのリクエスト信号40に対して1つのレスポンス信号41を送信する。そのため、受信部23がリクエスト信号40a、40b、40cを受信したら、送信部25は、それぞれに対応した3つのレスポンス信号41を送信することになる。
 レスポンス信号41には、図15のように、対応するリクエスト信号40に格納されていた送信アンテナ識別子と、携帯機20の認証用IDと、(ステップS003)で検出したリクエスト信号の各軸の受信強度が格納される。 (Step S004): The transmission unit 25 of the portable device 20 transmits the response signal 41 from the transmission antenna 22. The transmission unit 25 transmits one response signal 41 to one request signal 40. Therefore, when the receiving unit 23 receives the request signals 40a, 40b, and 40c, the transmitting unit 25 transmits three response signals 41 corresponding to each.
As shown in FIG. 15, the response signal 41 includes the transmission antenna identifier stored in the corresponding request signal 40, the authentication ID of the portable device 20, and the reception of each axis of the request signal detected in (step S003). The intensity is stored.
 (ステップS005):車両1の受信アンテナ12がリクエスト信号40a、40b、40cにそれぞれに対応した3つのレスポンス信号41を受信する。
 そして、受信部15が3つのレスポンス信号41に格納された受信強度と、送信アンテナ識別子をもとに、図12のように各リクエスト信号に対する座標軸ごとの受信強度を取得する。 (Step S005): The receiving antenna 12 of the vehicle 1 receives three response signals 41 corresponding to the request signals 40a, 40b, and 40c, respectively.
Then, the reception unit 15 acquires the reception intensity for each coordinate axis for each request signal as shown in FIG. 12 based on the reception intensity stored in the three response signals 41 and the transmission antenna identifier.
 (ステップS006):前述の(ステップS005)で受信された各レスポンス信号41に記述されている各リクエスト信号40の受信強度をもとに、制御部14が、携帯機20が車内、車外のいずれに所在しているかを判定する。
 制御部14が、携帯機20が車内に所在していると判定した場合(ステップS006でYES)は、処理が(ステップS002)に移る。
 一方、制御部14が、携帯機20が車外に所在していると判定した場合は(ステップS006でNO)は、処理が(ステップS007)に移る。
 なお、制御部14は、例えば、携帯機20が車内に所在している場合の典型的な受信強度が示されるテーブルを参照して携帯機20が車内、車外のいずれに所在しているかどうかを判定してもよい。なお、当該テーブルは、予め車載装置10内に格納されていてもよいし、外部装置との通信により当該外部装置から受信してもよい。 (Step S006): Based on the reception intensity of each request signal 40 described in each response signal 41 received in (Step S005) described above, the control unit 14 determines whether the portable device 20 is in the vehicle or outside the vehicle. Determine if you are located in
If the control unit 14 determines that the portable device 20 is located in the vehicle (YES in step S006), the process proceeds to (step S002).
On the other hand, when the control unit 14 determines that the portable device 20 is located outside the vehicle (NO in step S006), the process proceeds to (step S007).
Note that the control unit 14 refers to, for example, a table indicating typical reception strength when the portable device 20 is located in the vehicle, and determines whether the portable device 20 is located inside or outside the vehicle. You may judge. The table may be stored in the in-vehicle device 10 in advance, or may be received from the external device through communication with the external device.
 (ステップS007):前述の(ステップS005)で受信された各レスポンス信号41に記述されている各リクエスト信号40の受信強度をもとに、制御部14が、携帯機20が車両ドア付近に所在しているか否かを判定する。
 制御部14が、携帯機20が車両ドア30付近に所在していると判定した場合(ステップS007でYES)は、処理が(ステップS008)に移る。
 一方、制御部14が、携帯機20が車両ドア30付近に所在していないと判定した場合(ステップS007でYES)は、処理が(ステップS009)に移る。
 車両ドア30付近とは、例えば、車両30から3メートルの範囲である。
 なお、この段階で、受信強度比ルール生成部16により受信強度比ルールが生成済みであれば、制御部14は、当該受信強度比ルールを参照して、携帯機20が車両ドア30付近に所在しているかどうかを判定する。一方、受信強度比ルール生成部16により受信強度比ルールが生成されていなければ、制御部14は、後述する前回の車両ドア施錠時に生成した受信強度比ルールを参照してもよい。また、制御部14は、車両メーカー又は車載装置10メーカーで生成された受信強度比ルールを参照してもよい。なお、車両メーカー又は車載装置10メーカーで生成された受信強度比ルールは、予め車載装置10内に格納されていてもよいし、外部装置との通信により当該外部装置から受信してもよい。 (Step S007): Based on the reception intensity of each request signal 40 described in each response signal 41 received in (Step S005) described above, the control unit 14 causes the portable device 20 to be located near the vehicle door. It is determined whether or not.
When the control unit 14 determines that the portable device 20 is located near the vehicle door 30 (YES in step S007), the process proceeds to (step S008).
On the other hand, if the control unit 14 determines that the portable device 20 is not located near the vehicle door 30 (YES in step S007), the process proceeds to (step S009).
The vicinity of the vehicle door 30 is, for example, a range of 3 meters from the vehicle 30.
At this stage, if the reception intensity ratio rule generation unit 16 has already generated the reception intensity ratio rule, the control unit 14 refers to the reception intensity ratio rule and the portable device 20 is located near the vehicle door 30. Determine whether you are doing. On the other hand, if the reception intensity ratio rule generation unit 16 has not generated the reception intensity ratio rule, the control unit 14 may refer to the reception intensity ratio rule generated at the time of the previous vehicle door locking described later. Moreover, the control part 14 may refer to the reception intensity ratio rule produced | generated by the vehicle manufacturer or the vehicle equipment 10 manufacturer. The reception intensity ratio rule generated by the vehicle manufacturer or the in-vehicle device 10 manufacturer may be stored in the in-vehicle device 10 in advance, or may be received from the external device through communication with the external device.
 (ステップS008):受信強度比ルール生成部16が、受信強度比ルールを生成する。
 つまり、制御部14は、(ステップS005)で受信した各リクエスト信号40に対する受信強度を、受信強度比ルール生成部16に出力する。そして、受信強度比ルール生成部16が、入力された受信強度の間の比を用いて、受信強度比ルールを生成する。例えば、受信強度比ルール生成部16は、図13のようにリクエスト信号40の受信強度比を受信強度比ルールに追加していく。このようにすることで、受信強度比ルールに追加した受信強度比を、正しい受信強度比として扱うことができる。
 (ステップS007)の処理によって図10のように携帯機20が車両1付近にあると判定されている限り、(ステップS008)の処理が繰り返し行われる。このため、図13のように受信強度比ルールには、いくつもの受信強度比パターンが追加されることになる。
 受信強度比ルールは、後述する車両ドア30の開錠判定(具体的には図7のステップS106)で用いられる。
 受信強度比ルールには携帯機20が図10のように車両ドア30付近にある時の受信強度比が記録される。このため、車両ドア30の開錠時のリクエスト信号40の受信強度の計測値が、受信強度比ルールに示される受信強度の比と一致していれば、リレーアタックが行われていないと判定することができる。 (Step S008): The reception intensity ratio rule generation unit 16 generates a reception intensity ratio rule.
That is, the control unit 14 outputs the reception intensity for each request signal 40 received in (Step S005) to the reception intensity ratio rule generation unit 16. Then, the reception strength ratio rule generation unit 16 generates a reception strength ratio rule using the ratio between the input reception strengths. For example, the reception intensity ratio rule generation unit 16 adds the reception intensity ratio of the request signal 40 to the reception intensity ratio rule as shown in FIG. In this way, the reception intensity ratio added to the reception intensity ratio rule can be handled as a correct reception intensity ratio.
As long as it is determined by the process of (Step S007) that the portable device 20 is in the vicinity of the vehicle 1 as shown in FIG. 10, the process of (Step S008) is repeated. For this reason, a number of reception intensity ratio patterns are added to the reception intensity ratio rule as shown in FIG.
The reception intensity ratio rule is used in the unlocking determination (specifically, step S106 in FIG. 7) of the vehicle door 30 described later.
The reception intensity ratio rule records the reception intensity ratio when the portable device 20 is in the vicinity of the vehicle door 30 as shown in FIG. For this reason, if the measured value of the reception intensity of the request signal 40 when the vehicle door 30 is unlocked matches the reception intensity ratio indicated in the reception intensity ratio rule, it is determined that the relay attack is not performed. be able to.
 (ステップS009):制御部14は、レスポンス信号41に格納されていた携帯機20の認証用IDをチェックする。レスポンス信号41に格納されていた認証用IDが、車両1の操作に用いられる携帯機20の認証用IDであれば、処理が(ステップS009)に進む。一方、レスポンス信号41に格納されていた認証用IDが、車両1の操作に用いられる携帯機20の認証用IDでなければ、制御部14は処理を終了する。 (Step S009): The control unit 14 checks the authentication ID of the portable device 20 stored in the response signal 41. If the authentication ID stored in the response signal 41 is the authentication ID of the portable device 20 used for the operation of the vehicle 1, the process proceeds to (Step S009). On the other hand, if the authentication ID stored in the response signal 41 is not the authentication ID of the portable device 20 used for the operation of the vehicle 1, the control unit 14 ends the process.
 (ステップS010):携帯機20が車両1から離れた位置にあるとして、制御部14は、ECU206を介して車両ドア30を施錠する。
 なお、車両ドア30の施錠方法はこれに限らず、例えばエンジンが停止してから一定期間経過後に施錠するといった方法もある。 (Step S010): Assuming that the portable device 20 is located away from the vehicle 1, the control unit 14 locks the vehicle door 30 via the ECU 206.
Note that the method for locking the vehicle door 30 is not limited to this, and for example, there is a method of locking the vehicle door 30 after a certain period of time has elapsed since the engine stopped.
 なお、受信強度比ルール生成部16は、エンジンを停止する度に新しく受信強度比ルールを生成してもよいし、前回の車両ドア施錠時に生成した受信強度比ルールに新たなレコードを追加してくようにしてもよい。 The reception intensity ratio rule generation unit 16 may generate a new reception intensity ratio rule each time the engine is stopped, or add a new record to the reception intensity ratio rule generated at the previous vehicle door locking. You may do it.
 図7は車両ドア開錠時のキーレスエントリーシステムの動作例を示す。 Fig. 7 shows an example of the operation of the keyless entry system when the vehicle door is unlocked.
 (ステップS101):利用者の操作によって、車両ドア30にあるスイッチが押される。この利用者の操作によって開錠処理が開始される。 (Step S101): A switch on the vehicle door 30 is pushed by a user's operation. The unlocking process is started by the user's operation.
 (ステップS102):車両1の送信アンテナ11a、11b、11cから図14のように送信アンテナ識別子が付加されたリクエスト信号40a、40b、40cが送信される。 (Step S102): Request signals 40a, 40b, and 40c to which transmission antenna identifiers are added are transmitted from the transmission antennas 11a, 11b, and 11c of the vehicle 1 as shown in FIG.
 (ステップS103):携帯機20では、受信アンテナ21a、21b、21cがリクエスト信号40a、40b、40cを受信する。そして、受信部23が、リクエスト信号40ごとに図16のようにX軸、Y軸、Z軸の各軸線方向の受信強度を検出する。 (Step S103): In the portable device 20, the receiving antennas 21a, 21b, and 21c receive the request signals 40a, 40b, and 40c. And the receiving part 23 detects the receiving intensity | strength of each axis direction of a X-axis, a Y-axis, and a Z-axis for every request signal 40 like FIG.
 (ステップS104):携帯機20では、送信部25が送信アンテナ22からレスポンス信号41を送信する。送信部25は、1つのリクエスト信号40に対して1つのレスポンス信号41を送信する。そのため、リクエスト信号40a、40b、40cが受信された場合は、送信部25は、それぞれに対応した3つのレスポンス信号41を送信することになる。
 レスポンス信号41には、図15に示すように、対応するリクエスト信号40に格納されていた送信アンテナ識別子と、携帯機20の認証用IDと、(ステップS103)で検出された対応するリクエスト信号のX軸、Y軸、Z軸それぞれの受信強度が格納される。 (Step S <b> 104): In the portable device 20, the transmission unit 25 transmits the response signal 41 from the transmission antenna 22. The transmission unit 25 transmits one response signal 41 to one request signal 40. Therefore, when the request signals 40a, 40b, and 40c are received, the transmission unit 25 transmits three response signals 41 corresponding to the request signals 40a, 40b, and 40c.
As shown in FIG. 15, the response signal 41 includes the transmission antenna identifier stored in the corresponding request signal 40, the authentication ID of the portable device 20, and the corresponding request signal detected in (step S103). The received intensity for each of the X axis, Y axis, and Z axis is stored.
 (ステップS105):車両1の受信アンテナ12がリクエスト信号40a、40b、40cにそれぞれに対応した3つのレスポンス信号41を受信する。
 受信部15は、3つのレスポンス信号41から送信アンテナ識別子と認証用IDと受信強度を取り出し、取り出した送信アンテナ識別子と認証用IDと受信強度を制御部14に出力する。制御部14は、図12のようにリクエスト信号ごと(送信アンテナごと)に座標軸の単位で受信強度の計測値を収集する。 (Step S105): The receiving antenna 12 of the vehicle 1 receives three response signals 41 corresponding to the request signals 40a, 40b, and 40c, respectively.
The receiving unit 15 extracts the transmission antenna identifier, the authentication ID, and the reception strength from the three response signals 41, and outputs the extracted transmission antenna identifier, authentication ID, and reception strength to the control unit 14. As shown in FIG. 12, the control unit 14 collects the measurement values of the received intensity in units of coordinate axes for each request signal (for each transmission antenna).
 (ステップS106):制御部14は、(ステップS105)で収集した受信強度(図12)の受信強度比と、受信強度比ルール(図13)に記載されている受信強度比との一致度を評価して、携帯機20が車両ドア30付近にあるか否か、すなわち携帯機20が車両1から規定の範囲以内に所在しているか否かを判定する。
 より具体的には、制御部14は、図12のリクエスト信号40a、40b、40cのそれぞれについて、X軸、Y軸、Z軸の受信強度比を求める。そして、制御部14は、得られた受信強度比が、図13の受信強度比ルールのいずれかのルール(レコード)のリクエスト信号40a、40b、40cそれぞれのX軸、Y軸、Z軸の受信強度比と一致しているか否かを判定する。
 例えば、取得したリクエスト信号40aの受信強度比が「ax:ay:az」、リクエスト信号40bの受信強度比が「bx:by:bz」、リクエスト信号40cの受信強度比が「cx:cy:cz」である場合を想定する。
 制御部14が、これら各リクエスト信号40の受信強度比を図13のルール2(2行目)の各リクエスト信号40の受信強度比と比較した結果、「ax:ay:az≒AX2:AY2:AZ2」かつ「bx:by:bz≒BX2:BY2:BZ2」かつ「cx:cy:cz≒CX2:CY2:CZ2」という結果が得られた場合は、制御部14は、受信強度比ルールを満たしていると判定する。すなわち、制御部14は携帯機20が車両ドア30付近に所在していると判定する。
 なお、完全一致でなくても規定の許容範囲内に収まっていれば、受信強度比が一致していると判定することができる。
 制御部14の判定処理を具体的な値を用いて説明する。
 「ax:ay:az」=「1:3.1:2.8」であり、「AX2:AY2:AZ2」=「1:3.3:2.6」であると仮定する。また、「bx:by:bz」=「1:6.2:3.1」であり、BX2:BY2:BZ2」=「1:6.4:3.4」であると仮定する。また、「cx:cy:cz」=「1:9.4:18.2」であり、「CX2:CY2:CZ2」=「1:10.1:19.5」であると仮定する。この場合は、制御部14は、「ax:ay:az≒AX2:AY2:AZ2」かつ「bx:by:bz≒BX2:BY2:BZ2」かつ「cx:cy:cz≒CX2:CY2:CZ2」と判定し、受信強度比ルールを満たしていると判定する。
 制御部14は、全ての送信アンテナにおいて計測値と参照値との一致度が閾値を超える場合に、携帯機20が車両1から規定の範囲内に所在すると判定してもよい。
 閾値は例えば90%とすることが考えられる。
 上記の例では、制御部14は、ay/AY2=3.1/3.3≒94%、AZ/az=2.6/2.8≒93%というように、対応関係にある2つの受信強度比のうちの小さな値を大きな値で除算して得られる比率(一致度)が90%を超えるか否かを判定する。 (Step S106): The control unit 14 determines the degree of coincidence between the reception intensity ratio of the reception intensity (FIG. 12) collected in (Step S105) and the reception intensity ratio described in the reception intensity ratio rule (FIG. 13). Evaluation is performed to determine whether or not the portable device 20 is near the vehicle door 30, that is, whether or not the portable device 20 is located within a specified range from the vehicle 1.
More specifically, the control unit 14 obtains the reception intensity ratio of the X axis, the Y axis, and the Z axis for each of the request signals 40a, 40b, and 40c in FIG. Then, the control unit 14 receives the X-axis, Y-axis, and Z- axis reception signals 40a, 40b, and 40c of the request signals 40a, 40b, and 40c of any rule (record) of the reception intensity ratio rule of FIG. It is determined whether or not it matches the intensity ratio.
For example, the received intensity ratio of the acquired request signal 40a is “ax: ay: az”, the received intensity ratio of the request signal 40b is “bx: by: bz”, and the received intensity ratio of the request signal 40c is “cx: cy: cz”. ”Is assumed.
The control unit 14 compares the reception intensity ratios of the request signals 40 with the reception intensity ratios of the request signals 40 in the rule 2 (second line) in FIG. 13. As a result, “ax: ay: az≈AX2: AY2: When the result of “AZ2” and “bx: by: bz≈BX2: BY2: BZ2” and “cx: cy: cz≈CX2: CY2: CZ2” is obtained, the control unit 14 satisfies the reception intensity ratio rule. It is determined that That is, the control unit 14 determines that the portable device 20 is located near the vehicle door 30.
It should be noted that the received signal strength ratio can be determined to match if it is within the prescribed allowable range even if it is not completely matched.
The determination process of the control unit 14 will be described using specific values.
Assume that “ax: ay: az” = “1: 3.1: 2.8” and “AX2: AY2: AZ2” = “1: 3.3: 2.6”. Further, it is assumed that “bx: by: bz” = “1: 6.2: 3.1” and BX2: BY2: BZ2 ”=“ 1: 6.4: 3.4 ”. Further, it is assumed that “cx: cy: cz” = “1: 9.4: 18.2” and “CX2: CY2: CZ2” = “1: 10.1: 19.5”. In this case, the control unit 14 determines that “ax: ay: az≈AX2: AY2: AZ2” and “bx: by: bz≈BX2: BY2: BZ2” and “cx: cy: cz≈CX2: CY2: CZ2”. And it is determined that the reception intensity ratio rule is satisfied.
The control unit 14 may determine that the portable device 20 is located within a specified range from the vehicle 1 when the degree of coincidence between the measurement value and the reference value exceeds the threshold value in all the transmission antennas.
For example, the threshold value may be 90%.
In the above example, the control unit 14 receives two receptions having a correspondence relationship such as ay / AY2 = 3.1 / 3.3≈94% and AZ / az = 2.6 / 2.8≈93%. It is determined whether or not the ratio (degree of coincidence) obtained by dividing a small value of the intensity ratio by a large value exceeds 90%.
 制御部14が、携帯機20が車両ドア30付近にあると判定した場合(ステップS106でYES)は、処理が(ステップS107)に移る。
 携帯機20が車両ドア30付近にないと判定した場合(ステップS106でNO)は、制御部14は、リレーアタックが行われていると判定して、処理を終了する。 If the control unit 14 determines that the portable device 20 is near the vehicle door 30 (YES in step S106), the process proceeds to (step S107).
When it determines with the portable device 20 not being in the vehicle door 30 vicinity (it is NO at step S106), the control part 14 determines with the relay attack being performed, and complete | finishes a process.
 (ステップS107):制御部14は、レスポンス信号41に格納されていた携帯機20の認証用IDをチェックする。レスポンス信号41に格納されていた認証用IDが、車両1の操作に用いられる携帯機20の認証用IDであれば、処理が(ステップS108)に進む。一方、レスポンス信号41に格納されていた認証用IDが、車両1の操作に用いられる携帯機20の認証用IDでなければ、制御部14は処理を終了する。
 (ステップS108):制御部14は携帯機20が車両1付近にあると判定して、ECU206を介して車両ドア30を開錠する。 (Step S107): The control unit 14 checks the authentication ID of the portable device 20 stored in the response signal 41. If the authentication ID stored in the response signal 41 is the authentication ID of the portable device 20 used for the operation of the vehicle 1, the process proceeds to (Step S108). On the other hand, if the authentication ID stored in the response signal 41 is not the authentication ID of the portable device 20 used for the operation of the vehicle 1, the control unit 14 ends the process.
(Step S108): The control unit 14 determines that the portable device 20 is in the vicinity of the vehicle 1, and unlocks the vehicle door 30 via the ECU 206.
 図6及び図7のキーレスエントリーシステムの動作例では、(ステップS008)で、携帯機20で抽出した実際の受信強度比を追加していく形で受信強度比ルールを図13のように生成しているが、受信強度比ルールの生成方法はこれに限らない。
 例えば、機械学習を用いて受信強度比ルールを生成してもよい。機械学習を使って受信強度比ルールを生成する場合、(ステップS008)及びは(ステップS106)が以下のような処理となる。
 (ステップS008):図12に示した各リクエスト信号40の受信強度を車両ドア30付近で携帯機20がリクエスト信号40を受信する時の正しい受信強度として用いて機械学習を行い、受信強度比ルールを生成する。なお、(ステップS007)の処理によって(ステップS008)は複数回実施されるため、受信強度比ルールは複数のリクエスト信号40の受信強度比をもとに機械学習から生成されることになる。つまり、この場合の受信強度比ルールは、座標軸ごとの実績値の間の比に対する機械学習により得られた比が送信アンテナごとに示される情報である。
 (ステップS106):制御部14は、(ステップS105)で取得した図12に示すような受信強度比と(ステップS008)で生成した受信強度比ルールに示される比との一致度を機械学習を用いた評価を行って、携帯機20が車両ドア30付近に所在しているか否かを判定する。 In the operation example of the keyless entry system of FIG. 6 and FIG. 7, the reception intensity ratio rule is generated as shown in FIG. 13 by adding the actual reception intensity ratio extracted by the portable device 20 in (Step S008). However, the method of generating the reception intensity ratio rule is not limited to this.
For example, the reception intensity ratio rule may be generated using machine learning. When the reception intensity ratio rule is generated using machine learning, (Step S008) and (Step S106) are as follows.
(Step S008): Machine learning is performed using the reception intensity of each request signal 40 shown in FIG. 12 as the correct reception intensity when the portable device 20 receives the request signal 40 near the vehicle door 30, and the reception intensity ratio rule Is generated. Since (Step S008) is performed a plurality of times by the processing of (Step S007), the reception intensity ratio rule is generated from machine learning based on the reception intensity ratios of the plurality of request signals 40. That is, the reception intensity ratio rule in this case is information indicating a ratio obtained by machine learning with respect to a ratio between the actual values for each coordinate axis for each transmission antenna.
(Step S106): The control unit 14 performs machine learning on the degree of coincidence between the reception intensity ratio obtained in (Step S105) as shown in FIG. 12 and the ratio indicated in the reception intensity ratio rule generated in (Step S008). The used evaluation is performed to determine whether or not the portable device 20 is located near the vehicle door 30.
 図6及び図7の動作例では、車載装置10でリレーアタック判定をしているが、携帯機20がリレーアタック判定を行ってもよい。
 この場合は、携帯機20が判定装置に相当する。また、携帯機20で行われる動作が判定方法に相当する。更に、制御部24で行われる動作は読み出し処理及び制御処理に相当する。
 この場合は、受信強度比ルールは、携帯機20の補助記憶装置302で記憶されている。また、受信強度比ルールは、主記憶装置303にロードされる。このため、補助記憶装置302及び主記憶装置303は、記憶部に相当する。 In the operation examples of FIGS. 6 and 7, the in-vehicle device 10 performs relay attack determination, but the portable device 20 may perform relay attack determination.
In this case, the portable device 20 corresponds to the determination device. Moreover, the operation performed in the portable device 20 corresponds to the determination method. Furthermore, the operations performed by the control unit 24 correspond to a read process and a control process.
In this case, the reception intensity ratio rule is stored in the auxiliary storage device 302 of the portable device 20. The reception intensity ratio rule is loaded into the main storage device 303. For this reason, the auxiliary storage device 302 and the main storage device 303 correspond to a storage unit.
 また、携帯機20がリレーアタック判定を行う場合は、図6の(ステップS003)で制御部24が(ステップS007)を行う。そして、(ステップS007)でYESだった場合は、制御部24が(ステップS008)の処理も行い、受信強度比ルールを生成する。一方、(ステップS007)でNOだった場合は(ステップS002)に移る。
 その後、図7において、制御部24が(ステップS104)で(ステップS106)の処理を行い、受信強度比ルールによって携帯機20が車両1付近にないと判定した場合に、制御部24は、リレーアタックが行われていると判定して携帯機20の処理を終了する。
 その後、車載装置10ではレスポンス信号41を受信しないまま一定期間経過する為、タイムアウトにより車載装置10の処理が終了する。 When the portable device 20 performs the relay attack determination, the control unit 24 performs (Step S007) in (Step S003) of FIG. If (YES in step S007), the control unit 24 also performs the process of (step S008) to generate a reception intensity ratio rule. On the other hand, if “NO” in the step S007, the process proceeds to the step S002.
Thereafter, in FIG. 7, when the control unit 24 performs the process of (Step S106) in (Step S104) and determines that the portable device 20 is not near the vehicle 1 according to the reception intensity ratio rule, It determines with the attack being performed and complete | finishes the process of the portable device 20.
Thereafter, the in-vehicle device 10 passes a certain period of time without receiving the response signal 41, and thus the processing of the in-vehicle device 10 ends due to a timeout.
 また、(ステップS004)及び(ステップS104)で、携帯機20は、一つのリクエスト信号40に対して一つのレスポンス信号41を送信している。これに代えて、携帯機20は、各送信アンテナ11からのリクエスト信号40を全て受信した後、各リクエスト信号40に含まれていた送信アンテナ識別子と各リクエスト信号40のX軸、Y軸、Z軸それぞれの受信強度をレスポンス信号41に含めて送信してもよい。その場合、車載装置10では、(ステップS005)及び(ステップS105)で1つのレスポンス信号41を受信したら、図12に示すような各リクエスト信号40に対する受信強度の計測値を取得する。 Also, in (Step S004) and (Step S104), the portable device 20 transmits one response signal 41 to one request signal 40. Instead, after receiving all the request signals 40 from the respective transmission antennas 11, the portable device 20 transmits the transmission antenna identifier included in each request signal 40 and the X-axis, Y-axis, and Z-axis of each request signal 40. The reception intensity of each axis may be included in the response signal 41 and transmitted. In that case, in the in-vehicle device 10, when one response signal 41 is received in (Step S 005) and (Step S 105), a measurement value of the reception intensity for each request signal 40 as shown in FIG. 12 is acquired.
***実施の形態の効果の説明***
 以上、本実施の形態により、リレーアタックの判定を確実に行うことができる。
 車両ドア30の開錠時、図10のように携帯機20が車両ドア30付近にいる場合、携帯機20は図8のようにリクエスト信号40a、40b、40cを受信することになり、受信強度比は車両ドア施錠時に生成した受信強度比ルールと一致する。
 一方、図11のようにリレーアタックが発生している場合は、携帯機20は図9のようにリクエスト信号40a、40b、40cを受信することになる。この場合、各リクエスト信号の受信強度比は「ax:ay:az≒bx:by:bz≒cx:cy:cz」となり、受信強度比は車両ドア30施錠時に生成した受信強度比ルールと一致しない。このため、リレーアタックが発生していると判定することできる。
 また、図11のようにリレーアタックが発生している状況で、利用者の動きが原因で携帯機20が動いてしまうことがある。この場合は、携帯機20の受信軸の方向がずれた状態で携帯機20はリクエスト信号40を受信することになる。この場合は、携帯機は図8のように、異なる方向からリクエスト信号40a、40b、40cを受信したようになってしまう可能性がある。この時、リクエスト信号40a、40b、40cの間の受信強度比は一致しない、つまり「ax:ay:az≠bx:by:bz≠cx:cy:cz」となる。このため、受信強度比の一致/不一致のみでリレーアタック判定を行う従来手法によれば、リレーアタックが発生していないと判定してしまう。
 しかし、本実施の形態によれば、「ax:ay:az≠bx:by:bz≠cx:cy:cz」ではなく、受信強度比ルールを用いてリレーアタックの有無が判定される。
 車両ドア30から離れた携帯機20では、たとえ受信強度比が「ax:ay:az≠bx:by:bz≠cx:cy:cz」であっても、リクエスト信号40ごとの受信強度比は受信強度比ルールとは一致しない。
 従って、本実施の形態によれば、利用者の動きによって携帯機20の受信軸の方向がずれた状態で携帯機20がリクエスト信号40を受信した場合でも、正確にリレーアタックの有無を判定することができる。 *** Explanation of the effect of the embodiment ***
As described above, according to the present embodiment, it is possible to reliably determine the relay attack.
When the vehicle door 30 is unlocked and the portable device 20 is in the vicinity of the vehicle door 30 as shown in FIG. 10, the portable device 20 receives the request signals 40a, 40b, and 40c as shown in FIG. The ratio matches the reception intensity ratio rule generated when the vehicle door is locked.
On the other hand, when a relay attack occurs as shown in FIG. 11, the portable device 20 receives the request signals 40a, 40b, and 40c as shown in FIG. In this case, the reception intensity ratio of each request signal is “ax: ay: az≈bx: by: bz≈cx: cy: cz”, and the reception intensity ratio does not match the reception intensity ratio rule generated when the vehicle door 30 is locked. . For this reason, it can be determined that a relay attack has occurred.
In addition, in a situation where a relay attack occurs as shown in FIG. 11, the portable device 20 may move due to the movement of the user. In this case, the portable device 20 receives the request signal 40 in a state where the direction of the reception axis of the portable device 20 is shifted. In this case, as shown in FIG. 8, the portable device may receive the request signals 40a, 40b, and 40c from different directions. At this time, the reception intensity ratio between the request signals 40a, 40b, and 40c does not match, that is, “ax: ay: az ≠ bx: by: bz ≠ cx: cy: cz”. For this reason, according to the conventional method in which the relay attack determination is performed only by matching / mismatching of the reception intensity ratio, it is determined that no relay attack has occurred.
However, according to the present embodiment, the presence / absence of a relay attack is determined using the reception intensity ratio rule instead of “ax: ay: az ≠ bx: by: bz ≠ cx: cy: cz”.
In the portable device 20 away from the vehicle door 30, the reception intensity ratio for each request signal 40 is received even if the reception intensity ratio is “ax: ay: az ≠ bx: by: bz ≠ cx: cy: cz”. It does not match the intensity ratio rule.
Therefore, according to the present embodiment, even when the portable device 20 receives the request signal 40 in a state where the direction of the reception axis of the portable device 20 is shifted due to the movement of the user, the presence / absence of the relay attack is accurately determined. be able to.
実施の形態2.
 以上の実施の形態1では、受信強度比ルールを利用して、携帯機20が動いて受信軸の方向がずれた状態でリクエスト信号40を受信した場合でも、リレーアタックを正しく検出できる構成を説明した。
 しかし、受信強度比ルールの精度によっては、携帯機20が車両ドア30付近にいなくてもリレーアタックによって携帯機20が車両ドア30付近にいると判定してしまう場合がある。例えば、リレーアタックが発生しているときに携帯機20の受信軸の方向がずれていると、偶然、計測された受信強度間の比が受信強度比ルールに一致してしまうことがある。この場合は、携帯機20が車両ドア30付近にいないにもかかわらず、携帯機20が車両ドア30付近にあると誤って判定されてしまう。
 そこで、本実施の形態では、受信強度比ルールの精度の問題による誤判定を防ぐ構成を説明する。
 より具体的には、本実施の形態では、携帯機20に例えば加速度センサのような感震器を内蔵する。そして、携帯機20が動いていることが感知された場合は、車載装置10が携帯機20の認証を行わない構成を説明する。 Embodiment 2. FIG.
In the first embodiment described above, a configuration in which the relay attack can be correctly detected even when the portable device 20 moves and the request signal 40 is received in a state in which the direction of the reception axis is shifted is described using the reception intensity ratio rule. did.
However, depending on the accuracy of the reception intensity ratio rule, it may be determined that the portable device 20 is near the vehicle door 30 by the relay attack even if the portable device 20 is not near the vehicle door 30. For example, if the direction of the reception axis of the portable device 20 is shifted when a relay attack is occurring, the ratio between the measured reception strengths may coincide with the reception strength ratio rule. In this case, although the portable device 20 is not near the vehicle door 30, it is erroneously determined that the portable device 20 is near the vehicle door 30.
Therefore, in the present embodiment, a configuration for preventing erroneous determination due to the problem of accuracy of the reception intensity ratio rule will be described.
More specifically, in the present embodiment, a seismic device such as an acceleration sensor is built in the portable device 20. A configuration in which the in-vehicle device 10 does not authenticate the portable device 20 when it is detected that the portable device 20 is moving will be described.
 以下では、主に実施の形態1との差異を説明する。以下で説明していない事項は実施の形態1と同じである。 Hereinafter, differences from the first embodiment will be mainly described. Matters not described below are the same as those in the first embodiment.
***構成の説明***
 本実施の形態に係るキーレスエントリーシステムでは、車載装置10のハードウェア構成例は、実施の形態1と同様に図2に示す通りである。
 一方、携帯機20のハードウェア構成例は図17に示す通りである。 *** Explanation of configuration ***
In the keyless entry system according to the present embodiment, the hardware configuration example of the in-vehicle device 10 is as shown in FIG.
On the other hand, a hardware configuration example of the portable device 20 is as shown in FIG.
 図3と比較して、図17では、感震器306が追加されている。
 感震器306は、携帯機20の振動を感知する。感震器306は、携帯機20のX軸、Y軸、Z軸それぞれに対する加速度を計測する。感震器306は、例えば加速度センサである。
 プロセッサ301、補助記憶装置302、主記憶装置303、送信装置304及び受信装置305は、図3に示すものと同じであり、説明を省略する。 Compared to FIG. 3, a seismic device 306 is added in FIG. 17.
The seismic sensor 306 senses the vibration of the portable device 20. The seismic device 306 measures the acceleration with respect to each of the X axis, the Y axis, and the Z axis of the portable device 20. The seismic device 306 is, for example, an acceleration sensor.
The processor 301, the auxiliary storage device 302, the main storage device 303, the transmission device 304, and the reception device 305 are the same as those shown in FIG.
 本実施の形態に係るキーレスエントリーシステムでは、車載装置10の機能構成例は、実施の形態1と同様に図4に示す通りである。
 一方、携帯機20の機能構成例は図18に示す通りである。
 図5と比較して、図18では、携帯機状態判定部26及び感震データ取得部27が追加されている。 In the keyless entry system according to the present embodiment, the functional configuration example of the in-vehicle device 10 is as shown in FIG.
On the other hand, a functional configuration example of the portable device 20 is as shown in FIG.
Compared to FIG. 5, in FIG. 18, a portable device state determination unit 26 and a seismic data acquisition unit 27 are added.
 感震データ取得部27は、感震器306の感震結果である感震データを、感震器36から取得する。
 感震器306が加速度センサであれば、感震データは加速度値である。 The seismic data acquisition unit 27 acquires seismic data as a seismic result of the seismic device 306 from the seismic device 36.
If the seismoscope 306 is an acceleration sensor, the seismic data is an acceleration value.
 携帯機状態判定部26は、携帯機20の移動状態を判定する。より具体的には、携帯機状態判定部26は、感震データ取得部27が取得した感震データをもとに携帯機20が移動している状態(以下、「移動中」とも表記する)、静止している状態(以下、「静止中」とも表記する)及び移動している状態から静止している状態に遷移し終えた状態(以下、「移動→静止」とも表記する)のいずれであるかを判定する。
 感震器306がX軸、Y軸、Z軸の3軸の加速度を計測できる加速度センサである場合、携帯機状態判定部26は感震データ取得部27から図16に示すような加速度値を得る。
 携帯機20が「移動中」の場合、図21のように、3軸の加速度値が多くばらつく。
 携帯機20が「静止中」の場合、図22のように、3軸の加速度値がほぼ一定となる。
 x軸とy軸がそれぞれ地面に対して水平な軸であり、z軸が地面に対して垂直の軸である場合、x軸とy軸の加速度はゼロとなり、z軸の加速度が重力加速度になる。
 携帯機20が「移動→静止」の場合、図23のように、3軸の加速度値がばらついた状態から一定の状態に変化する。
 携帯機状態判定部26は、図21、図22及び図23に示すように3軸の感震データの時間推移を解析して、携帯機20の移動状態を判定する。
 携帯機状態判定部26は、移動状態判定部に相当する。また、携帯機状態判定部26により行われる処理は移動状態判定処理に相当する。 The portable device state determination unit 26 determines the movement state of the portable device 20. More specifically, the portable device state determination unit 26 is in a state where the portable device 20 is moving based on the seismic data acquired by the seismic data acquisition unit 27 (hereinafter also referred to as “moving”). Either in a stationary state (hereinafter also referred to as “still”) or in a state where it has transitioned from a moving state to a stationary state (hereinafter also referred to as “moving → stationary”) Determine if there is.
When the seismic device 306 is an acceleration sensor that can measure the accelerations of the three axes of the X axis, the Y axis, and the Z axis, the portable device state determination unit 26 obtains an acceleration value as shown in FIG. obtain.
When the portable device 20 is “moving”, the acceleration values of the three axes vary greatly as shown in FIG.
When the portable device 20 is “still”, the triaxial acceleration values are substantially constant as shown in FIG.
When the x-axis and y-axis are axes that are horizontal to the ground and the z-axis is an axis that is perpendicular to the ground, the x-axis and y-axis accelerations are zero, and the z-axis acceleration becomes the gravitational acceleration. Become.
When the portable device 20 is “moving → still”, as shown in FIG. 23, the three-axis acceleration value varies from a dispersed state to a constant state.
The portable device state determination unit 26 determines the moving state of the portable device 20 by analyzing the time transition of the triaxial seismic data as shown in FIGS.
The portable device state determination unit 26 corresponds to a movement state determination unit. The process performed by the portable device state determination unit 26 corresponds to a movement state determination process.
 本実施の形態では、制御部24は、リクエスト信号40が受信された際に、携帯機状態判定部26の判定結果に基づいて、レスポンス信号41の送信形態を決定する。
 より具体的には、リクエスト信号40が受信された際に、携帯機状態判定部26により携帯機20の移動状態が携帯機20が移動している状態から静止している状態に遷移し終えた状態(つまり、「移動→静止」)と判定されている場合に、制御部24はレスポンス信号41を送信することを決定する。
 一方、リクエスト信号40が受信された際に、携帯機状態判定部26により携帯機20が移動している状態(つまり、「移動中」)及び静止している状態(つまり、「静止中」)のいずれかであると判定された場合に、制御部24は無効なレスポンス信号41を送信することを決定する。無効なレスポンス信号41とは、例えば、エラー情報が含まれるレスポンス信号41である。エラー情報は、レスポンス信号41が無効であることを通知する情報であり、無効情報に対応する。
 また、リクエスト信号40が受信された際に、携帯機状態判定部26により携帯機20が移動している状態(つまり、「移動中」)及び静止している状態(つまり、「静止中」)のいずれかであると判定された場合に、制御部24はレスポンス信号41を送信しないことを決定してもよい。
 なお、本実施の形態に係るリクエスト信号40は第1の無線信号に対応し、本実施の形態に係るレスポンス信号41は第2の無線信号に対応する。
 制御部24により行われる処理は制御処理に相当する。 In the present embodiment, when the request signal 40 is received, the control unit 24 determines the transmission form of the response signal 41 based on the determination result of the portable device state determination unit 26.
More specifically, when the request signal 40 is received, the moving state of the portable device 20 has been changed from the moving state of the portable device 20 to the stationary state by the portable device state determination unit 26. When it is determined that the state (that is, “moving → still”), the control unit 24 determines to transmit the response signal 41.
On the other hand, when the request signal 40 is received, the portable device state determination unit 26 moves the portable device 20 (ie, “moving”) and stands still (ie, “still”). When it is determined that the response signal 41 is invalid, the control unit 24 determines to transmit an invalid response signal 41. The invalid response signal 41 is, for example, a response signal 41 including error information. The error information is information notifying that the response signal 41 is invalid, and corresponds to invalid information.
In addition, when the request signal 40 is received, the portable device state determination unit 26 moves the portable device 20 (that is, “moving”) and is stationary (that is, “still”). When it is determined that the response signal 41 is, the control unit 24 may determine not to transmit the response signal 41.
The request signal 40 according to the present embodiment corresponds to the first radio signal, and the response signal 41 according to the present embodiment corresponds to the second radio signal.
The process performed by the control unit 24 corresponds to a control process.
 受信アンテナ21a、21b、21c、送信アンテナ22、受信部23、送信部25は図5に示すものと同じであり、説明を省略する。 The receiving antennas 21a, 21b, and 21c, the transmitting antenna 22, the receiving unit 23, and the transmitting unit 25 are the same as those shown in FIG.
 なお、本実施の形態では、携帯機20が行う動作は、通信方法及び通信プログラムに相当する。 In the present embodiment, the operation performed by the portable device 20 corresponds to a communication method and a communication program.
***動作の説明***
 本実施の形態に係るキーレスエントリーシステムの動作例を説明する。
 車両ドア施錠時の動作例は図6と同じである。
 車両ドア開錠時の動作例は図19及び図20に示すようになる。 *** Explanation of operation ***
An operation example of the keyless entry system according to the present embodiment will be described.
An example of operation when the vehicle door is locked is the same as in FIG.
An example of operation when the vehicle door is unlocked is as shown in FIGS.
 (ステップS201):(ステップS101)と同様であり、利用者の操作によって、車両ドア30にあるスイッチが押される。この利用者の操作によって開錠処理が開始される。
 (ステップS202):(ステップS102)と同様であり、車両1の送信アンテナ11a、11b、11cから図14のように送信アンテナ識別子を付加したリクエスト信号40a、40b、40cが送信される。 (Step S201): Similar to (Step S101), the switch on the vehicle door 30 is pushed by the user's operation. The unlocking process is started by the user's operation.
(Step S202): Similar to (Step S102), request signals 40a, 40b, and 40c to which a transmission antenna identifier is added are transmitted from the transmission antennas 11a, 11b, and 11c of the vehicle 1 as shown in FIG.
 (ステップS203):携帯機20では、感震データ取得部27が感震データの取得を開始する。
 (ステップS204):(ステップS103)と同様であり、携帯機20の受信アンテナ21a、21b、21cがリクエスト信号40a、40b、40cを受信する。そして、受信部23が、リクエスト信号40ごとに図16のようにX軸、Y軸、Z軸の各軸線方向の受信強度を検出する。 (Step S203): In the portable device 20, the seismic data acquisition unit 27 starts acquiring seismic data.
(Step S204): Similar to (Step S103), the receiving antennas 21a, 21b, 21c of the portable device 20 receive the request signals 40a, 40b, 40c. And the receiving part 23 detects the receiving intensity | strength of each axis direction of a X-axis, a Y-axis, and a Z-axis for every request signal 40 like FIG.
 (ステップS205):(ステップS203)から取得を続けている感震データから、携帯機状態判定部26が、携帯機20の移動状態が「移動中」、「静止中」及び「移動→静止」のどの状態であるかを判定する。
 携帯機状態判定部26が携帯機20の移動状態が「移動→静止」であると判定した場合(ステップS205でYES)は、処理が(ステップS206)に移る。携帯機状態判定部26が携帯機20の移動状態が「移動中」または「静止中」であると判定した場合(ステップS205でNO)は、処理が(ステップS207)に移る。 (Step S205): From the seismic data continuously acquired from (Step S203), the portable device state determination unit 26 determines that the movement state of the portable device 20 is “moving”, “still still”, and “moving → still”. It is determined which state.
When the portable device state determination unit 26 determines that the moving state of the portable device 20 is “moving → still” (YES in step S205), the process proceeds to (step S206). If the portable device state determination unit 26 determines that the moving state of the portable device 20 is “moving” or “still” (NO in step S205), the process proceeds to (step S207).
 (ステップS206):(ステップS104)と同様であり、送信部25が送信アンテナ22からレスポンス信号41を送信する。送信部25は、1つのリクエスト信号40に対して1つのレスポンス信号41を送信する。そのため、リクエスト信号40a、40b、40cが受信された場合は、送信部25は、それぞれに対応した3つのレスポンス信号41を送信することになる。ステップS206で送信されるレスポンス信号41は図15に示す通りである。 (Step S206): Similar to (Step S104), the transmission unit 25 transmits the response signal 41 from the transmission antenna 22. The transmission unit 25 transmits one response signal 41 to one request signal 40. Therefore, when the request signals 40a, 40b, and 40c are received, the transmission unit 25 transmits three response signals 41 corresponding to the request signals 40a, 40b, and 40c. The response signal 41 transmitted in step S206 is as shown in FIG.
 (ステップS207):携帯機20の移動状態が「移動→静止」ではないことを車載装置10へ伝えるため、送信部25は、エラー情報が含まれるレスポンス信号41を送信アンテナ22から送信する。 (Step S207): In order to inform the in-vehicle device 10 that the moving state of the portable device 20 is not "moving to stationary", the transmitting unit 25 transmits a response signal 41 including error information from the transmitting antenna 22.
 (ステップS208):(ステップS105)と同様であり、車両1の受信アンテナ12がリクエスト信号40a、40b、40cにそれぞれに対応した3つのレスポンス信号41を受信する。
 受信部15は、3つのレスポンス信号41から送信アンテナ識別子と認証用IDと受信強度を取り出し、取り出した送信アンテナ識別子と認証用IDと受信強度を制御部14に出力する。制御部14は、図12のようにリクエスト信号ごと(送信アンテナごと)に座標軸の単位で受信強度を収集する。 (Step S208): Similar to (Step S105), the receiving antenna 12 of the vehicle 1 receives three response signals 41 corresponding to the request signals 40a, 40b, and 40c, respectively.
The receiving unit 15 extracts the transmission antenna identifier, the authentication ID, and the reception strength from the three response signals 41, and outputs the extracted transmission antenna identifier, authentication ID, and reception strength to the control unit 14. The control unit 14 collects the reception intensity in units of coordinate axes for each request signal (for each transmission antenna) as shown in FIG.
 (ステップS209):制御部14は、(ステップS208)で受信したレスポンス信号41のいずれかにエラー情報が含まれていたら、携帯機20の移動状態が「移動→静止」ではなく、車両ドア30付近で開錠の動作していないと判定して、処理を終了する。
 全てのレスポンス信号41にエラー情報が含まれていなければ、制御部14は、携帯機20の移動状態が「移動→静止」であると判定して、処理が(ステップS210)に移る。 (Step S209): If the error information is included in any of the response signals 41 received in (Step S208), the control unit 14 indicates that the moving state of the portable device 20 is not “moving → still” but the vehicle door 30. It is determined that the unlocking operation is not performed in the vicinity, and the process is terminated.
If no error information is included in all the response signals 41, the control unit 14 determines that the moving state of the portable device 20 is “moving → still”, and the process proceeds to (step S210).
 (ステップS210):(ステップS106)と同様であり、(ステップS208)で収集した受信強度(図12)の受信強度比と、受信強度比ルール(図13)に記載されている受信強度比との一致度を評価して、携帯機20が車両ドア30付近にあるか否か、すなわち携帯機20が車両1から規定の範囲以内に所在しているか否かを判定する。
 制御部14が携帯機20が車両ドア30付近にあると判定した場合(ステップS210でYES)は、処理が(ステップS211)に移る。
 携帯機20が車両ドア30付近にないと判定した場合(ステップS210でNO)は、制御部14は、リレーアタックが行われていると判定して、処理を終了する。 (Step S210): Same as (Step S106), and the received intensity ratio of the received intensity (FIG. 12) collected in (Step S208) and the received intensity ratio described in the received intensity ratio rule (FIG. 13). Are evaluated to determine whether or not the portable device 20 is near the vehicle door 30, that is, whether or not the portable device 20 is located within a specified range from the vehicle 1.
If the control unit 14 determines that the portable device 20 is near the vehicle door 30 (YES in step S210), the process proceeds to (step S211).
When it determines with the portable device 20 not being in the vehicle door 30 vicinity (it is NO at step S210), the control part 14 determines with the relay attack being performed, and complete | finishes a process.
 (ステップS211):(ステップS107)と同様であり、制御部14は、レスポンス信号41に格納されていた携帯機20の認証用IDをチェックする。レスポンス信号41に格納されていた認証用IDが、車両1の操作に用いられる携帯機20の認証用IDであれば、処理が(ステップS212)に進む。一方、レスポンス信号41に格納されていた認証用IDが、車両1の操作に用いられる携帯機20の認証用IDでなければ、制御部14は処理を終了する。
 (ステップS212):(ステップS108)と同様であり、制御部14は携帯機20が車両1付近にあると判定して、ECU206を介して車両ドア30を開錠する。 (Step S211): Similar to (Step S107), the control unit 14 checks the authentication ID of the portable device 20 stored in the response signal 41. If the authentication ID stored in the response signal 41 is the authentication ID of the portable device 20 used for the operation of the vehicle 1, the process proceeds to (Step S212). On the other hand, if the authentication ID stored in the response signal 41 is not the authentication ID of the portable device 20 used for the operation of the vehicle 1, the control unit 14 ends the process.
(Step S212): Similar to (Step S108), the control unit 14 determines that the portable device 20 is in the vicinity of the vehicle 1, and unlocks the vehicle door 30 via the ECU 206.
 携帯機状態判定部26は、感震器306として例えば加速度センサが用いられている場合は、3軸の加速度値がある閾値以上変化していれば、携帯機20の移動状態を「移動中」と判定することができる。
 また、携帯機状態判定部26は、ある一定期間3軸の加速度値がある閾値以下でしか変化しなかった場合に、携帯機20の移動状態を「静止中」と判定することができる。
 また、携帯機状態判定部26は、X軸とY軸の加速度値が0であり、Z軸の加速度値が重力加速度と一致した場合というように3軸の加速度値がある値になった場合に、携帯機20の移動状態を「静止中」と判定することができる。
 また、携帯機状態判定部26は、ステップS205の判定が「移動中」の状態から「静止中」の状態になってから一定期間内のタイミングで行われた場合は、携帯機20の移動状態を「移動→静止」と判定する。
 一方、ステップS205の判定が「静止中」の状態が一定期間以上経過した後のタイミングで行われた場合は、携帯機状態判定部26は、「移動→静止」と判定せずに、「静止中」と判定する。
 また、ステップS205の判定が「静止中」の状態から「移動中」となった後のタイミングで行われた場合は、携帯機状態判定部26は、「移動→静止」と判定せずに、「移動中」と判定する。 For example, when an acceleration sensor is used as the seismic sensor 306, the portable device state determination unit 26 sets the movement state of the portable device 20 to “moving” if the triaxial acceleration value changes by a certain threshold value or more. Can be determined.
In addition, the portable device state determination unit 26 can determine that the movement state of the portable device 20 is “still” when the triaxial acceleration value for a certain period of time changes only below a certain threshold value.
In addition, the portable device state determination unit 26 has a case where the X-axis and Y-axis acceleration values are 0 and the Z-axis acceleration value coincides with the gravitational acceleration, such as when the 3-axis acceleration value becomes a certain value. In addition, the moving state of the portable device 20 can be determined as “still”.
If the determination in step S205 is made at a timing within a certain period after the determination in step S205 changes from the “moving” state to the “stationary” state, the portable device state determination unit 26 Is determined to be “moving → still”.
On the other hand, when the determination in step S205 is performed at a timing after the “still state” state has elapsed for a certain period or longer, the portable device state determination unit 26 does not determine “moving → stationary” but “stationary” It is determined as “medium”.
In addition, when the determination in step S205 is performed at a timing after the state of “still” is changed to “moving”, the portable device state determination unit 26 does not determine “movement → stationary”, It is determined as “moving”.
 図6、図19及び図20の動作例では、車載装置10でリレーアタック判定をしているが、携帯機20がリレーアタック判定を行ってもよい。この場合は、受信強度比ルールは、携帯機20の補助記憶装置302で記憶されている。また、受信強度比ルールは、主記憶装置303にロードされる。 6, 19, and 20, the in-vehicle device 10 performs the relay attack determination, but the portable device 20 may perform the relay attack determination. In this case, the reception intensity ratio rule is stored in the auxiliary storage device 302 of the portable device 20. The reception intensity ratio rule is loaded into the main storage device 303.
 また、携帯機20がリレーアタック判定を行う場合は、図6の(ステップS003)で制御部24が(ステップS007)を行う。そして、(ステップS007)でYESだった場合は、制御部24が(ステップS008)の処理も行い、受信強度比ルールを生成する。一方、(ステップS007)でNOだった場合は(ステップS002)に移る。
 その後、図19及び図20において、制御部24が(ステップS204)で(ステップS210)の処理を行い、受信強度比ルールによって携帯機20が車両1付近にないと判定した場合に、制御部24は、リレーアタックが行われていると判定して携帯機20の処理を終了する。
 その後、車載装置10はレスポンス信号41を受信しないまま一定期間経過する為、タイムアウトにより車載装置10の処理が終了する。 When the portable device 20 performs the relay attack determination, the control unit 24 performs (Step S007) in (Step S003) of FIG. If (YES in step S007), the control unit 24 also performs the process of (step S008) to generate a reception intensity ratio rule. On the other hand, if “NO” in the step S007, the process proceeds to the step S002.
Thereafter, in FIG. 19 and FIG. 20, when the control unit 24 performs the process of (Step S210) in (Step S204) and determines that the portable device 20 is not near the vehicle 1 by the reception intensity ratio rule, the control unit 24 Determines that the relay attack is being performed and ends the process of the portable device 20.
Thereafter, since the on-vehicle device 10 has passed for a certain period without receiving the response signal 41, the processing of the on-vehicle device 10 ends due to a timeout.
 図6、図19及び図20の動作例では、携帯機20の移動状態が「移動→静止」の状態ではないため、車載装置10がドア開錠処理を行わない例を示しているが、この処理を携帯機20で行うこともできる。
 この場合は、図19の(ステップS207)で、制御部24は、レスポンス信号41を送信しないことを決定し、携帯機20の処理を終了する。
 その後、車載装置10ではレスポンス信号41を受信しないまま一定期間経過する為、タイムアウトにより車載装置10の処理が終了する。 In the operation examples of FIGS. 6, 19, and 20, since the mobile device 20 is not in the “moving → stationary” state, the in-vehicle device 10 does not perform the door unlocking process. Processing can also be performed by the portable device 20.
In this case, the control unit 24 determines not to transmit the response signal 41 in (Step S207) in FIG. 19, and ends the processing of the portable device 20.
Thereafter, the in-vehicle device 10 passes a certain period of time without receiving the response signal 41, and thus the processing of the in-vehicle device 10 ends due to a timeout.
 また、図6、図19及び図20の動作例では受信強度比ルールを利用しているが、受信強度比ルール利用せずにドア開錠動作を行うこともできる。
 この場合は、図6の(ステップS007)及び(ステップS008)の処理は不要である。また、(ステップS006)で携帯機20が車外にあると判定された場合に、処理が(ステップS009)に進む。
 その後、図20の(ステップS210)で受信強度比ルールを用いて携帯機20が車両ドア30付近にあるか否かを判定する処理に替わって、図12のようなX軸、Y軸、Z軸方向の受信強度において、「ax:ay:az≠bx:by:bz≠cx:cy:cz」を満たせば、処理が(ステップS211)に移り、満たさなければ車載装置10の処理を終了する。
 この処理だと、受信強度比ルールを用いる場合と比べるとリレーアタック判定の精度が落ちる。しかしながら、(ステップS205)の処理によって、携帯機20が動いて受信軸の方向がずれていた時は(ステップS210)の処理に到達しない。このため、従来手法と異なり、受信軸の方向がずれたことによってリレーアタックが行われているにも関わらず、リレーアタックが行われていないと判定する事態を回避することができる。 Moreover, although the reception intensity ratio rule is used in the operation examples of FIGS. 6, 19, and 20, the door unlocking operation can be performed without using the reception intensity ratio rule.
In this case, the processing of (Step S007) and (Step S008) in FIG. 6 is not necessary. If it is determined in (Step S006) that the portable device 20 is outside the vehicle, the process proceeds to (Step S009).
After that, instead of the process of determining whether the portable device 20 is near the vehicle door 30 using the reception intensity ratio rule in (Step S210) of FIG. 20, the X axis, Y axis, and Z as shown in FIG. If the axial reception intensity satisfies “ax: ay: az ≠ bx: by: bz ≠ cx: cy: cz”, the process proceeds to (step S211), and if not, the process of the in-vehicle device 10 ends. .
With this processing, the accuracy of relay attack determination is reduced compared to the case where the reception intensity ratio rule is used. However, the process of (Step S210) is not reached when the portable device 20 is moved and the direction of the reception axis is shifted by the process of (Step S205). For this reason, unlike the conventional method, it is possible to avoid a situation in which it is determined that the relay attack is not performed although the relay attack is performed due to the deviation of the direction of the reception axis.
 また、上記では、(ステップS004)、(ステップS206)及び(ステップS207)で、携帯機20は、一つのリクエスト信号40に対して一つのレスポンス信号41を送信している。これに代えて、携帯機20は、各送信アンテナ11からのリクエスト信号40を全て受信した後、各リクエスト信号40に含まれていた送信アンテナ識別子と各リクエスト信号40のX軸、Y軸、Z軸それぞれの受信強度をレスポンス信号41に含めて送信してもよい。その場合、車載装置10では、(ステップS005)及び(ステップS208)で1つのレスポンス信号41を受信したら、図12に示すような各リクエスト信号40に対する受信強度を取得する。 In the above description, the portable device 20 transmits one response signal 41 to one request signal 40 in (Step S004), (Step S206), and (Step S207). Instead, after receiving all the request signals 40 from the respective transmission antennas 11, the portable device 20 transmits the transmission antenna identifier included in each request signal 40 and the X-axis, Y-axis, and Z-axis of each request signal 40. The reception intensity of each axis may be included in the response signal 41 and transmitted. In that case, in the in-vehicle device 10, when one response signal 41 is received in (Step S 005) and (Step S 208), the reception strength for each request signal 40 as shown in FIG. 12 is acquired.
***実施の形態の効果の説明***
 以上、本実施の形態によれば、図24のようなリレーアタックによる車両ドア30の開錠を確実に防止することができる。
 図24では、攻撃者が意図的に各リクエスト信号40の携帯機20への到達方向を別々にして、各リクエスト信号40が車両ドア30付近で受信されている状況を偽装している。
 この場合、従来手法ではリレーアタックが発生していることを検出することができない。
 図24のようなリレーアタックの場合、実施の形態1による手法でも、受信強度比が受信強度比ルールを満たしていると判定され、この結果、携帯機20が車両ドア30付近にあると判定される可能性がある。従って、リレーアタックを検出できない可能性がある。
 しかし、本実施の形態によれば、携帯機20の状態が「静止中」または「移動中」であれば、車両ドア30開錠動作にはならないため、リレーアタックによる車両ドア30の開錠を確実に防ぐことができる。
 携帯機20が「移動中」の時は、攻撃者は携帯機20の動きに追従させて中継器50a~50fを適切な位置に配置する必要があるため、攻撃者が「移動中」の携帯機20に対して異なる到来方向からリクエスト信号40を到達させることは困難である。従って、携帯機20の移動状態が「移動中」及び「移動→静止」である時は、図24に示す攻撃パターンを受ける可能性は低く、この攻撃に対してはリレーアタックの検出を確実に行うことができる。 *** Explanation of the effect of the embodiment ***
As described above, according to the present embodiment, the unlocking of the vehicle door 30 by the relay attack as shown in FIG. 24 can be reliably prevented.
In FIG. 24, the attacker intentionally sets the arrival direction of each request signal 40 to the portable device 20 and disguises the situation where each request signal 40 is received near the vehicle door 30.
In this case, the conventional method cannot detect that a relay attack has occurred.
In the case of a relay attack as shown in FIG. 24, even with the technique according to the first embodiment, it is determined that the reception intensity ratio satisfies the reception intensity ratio rule, and as a result, it is determined that the portable device 20 is near the vehicle door 30. There is a possibility. Therefore, there is a possibility that the relay attack cannot be detected.
However, according to the present embodiment, if the state of the portable device 20 is “still” or “moving”, the unlocking operation of the vehicle door 30 is not performed. Therefore, the unlocking of the vehicle door 30 by the relay attack is not performed. It can be surely prevented.
When the portable device 20 is “moving”, it is necessary for the attacker to follow the movement of the portable device 20 and arrange the repeaters 50a to 50f at appropriate positions. It is difficult to make the request signal 40 reach the machine 20 from different directions of arrival. Therefore, when the movement state of the portable device 20 is “moving” and “moving → stationary”, the possibility of receiving the attack pattern shown in FIG. 24 is low, and the relay attack is reliably detected against this attack. It can be carried out.
 また、本実施の形態では「移動→静止」と「静止中」とを区別しており、この結果、図24のようなリレーアタックに対処可能になっている。
 このように、本実施の形態によれば、受信強度比ルールの精度が良くない場合、また携帯機20へのリクエスト信号40の到来方向を再現するリレーアタックが行われた場合でも、リレーアタックを防ぐことができる。 Further, in the present embodiment, “movement → stationary” and “stationary” are distinguished, and as a result, a relay attack as shown in FIG. 24 can be dealt with.
As described above, according to the present embodiment, even when the accuracy of the reception intensity ratio rule is not good, or even when the relay attack that reproduces the arrival direction of the request signal 40 to the portable device 20 is performed, the relay attack is not performed. Can be prevented.
 以上、本発明の実施の形態について説明したが、これら2つの実施の形態を組み合わせて実施しても構わない。
 あるいは、これら2つの実施の形態のうち、1つを部分的に実施しても構わない。
 あるいは、これら2つの実施の形態を部分的に組み合わせて実施しても構わない。
 なお、本発明は、これらの実施の形態に限定されるものではなく、必要に応じて種々の変更が可能である。 Although the embodiments of the present invention have been described above, these two embodiments may be combined and implemented.
Alternatively, one of these two embodiments may be partially implemented.
Alternatively, these two embodiments may be partially combined.
In addition, this invention is not limited to these embodiment, A various change is possible as needed.
***ハードウェア構成の説明***
 最後に、車載装置10及び携帯機20のハードウェア構成の補足説明を行う。 *** Explanation of hardware configuration ***
Finally, a supplementary explanation of the hardware configuration of the in-vehicle device 10 and the portable device 20 will be given.
 車載装置10の補助記憶装置202には、OS(Operating System)も記憶されている。
 そして、OSの少なくとも一部がプロセッサ201により実行される。
 プロセッサ201はOSの少なくとも一部を実行しながら、送信部13、制御部14、受信部15及び受信強度比ルール生成部16の機能を実現するプログラムを実行する。
 プロセッサ201がOSを実行することで、タスク管理、メモリ管理、ファイル管理、通信制御等が行われる。
 また、送信部13、制御部14、受信部15及び受信強度比ルール生成部16の処理の結果を示す情報、データ、信号値及び変数値の少なくともいずれかが、記憶装置902、プロセッサ901内のレジスタ及びキャッシュメモリの少なくともいずれかに記憶される。
 また、送信部13、制御部14、受信部15及び受信強度比ルール生成部16の機能を実現するプログラムは、磁気ディスク、フレキシブルディスク、光ディスク、コンパクトディスク、ブルーレイ(登録商標)ディスク、DVD等の可搬記録媒体に格納されていてもよい。 The auxiliary storage device 202 of the in-vehicle device 10 also stores an OS (Operating System).
Then, at least a part of the OS is executed by the processor 201.
The processor 201 executes a program that realizes the functions of the transmission unit 13, the control unit 14, the reception unit 15, and the reception intensity ratio rule generation unit 16 while executing at least a part of the OS.
When the processor 201 executes the OS, task management, memory management, file management, communication control, and the like are performed.
In addition, at least one of information, data, a signal value, and a variable value indicating processing results of the transmission unit 13, the control unit 14, the reception unit 15, and the reception intensity ratio rule generation unit 16 is stored in the storage device 902 and the processor 901. Stored in at least one of a register and a cache memory.
The programs for realizing the functions of the transmission unit 13, the control unit 14, the reception unit 15, and the reception intensity ratio rule generation unit 16 are magnetic disks, flexible disks, optical disks, compact disks, Blu-ray (registered trademark) disks, DVDs, and the like. It may be stored in a portable recording medium.
 携帯機20の補助記憶装置302には、OSも記憶されている。
 そして、OSの少なくとも一部がプロセッサ301により実行される。
 プロセッサ301はOSの少なくとも一部を実行しながら、受信部23、制御部24、送信部25、携帯機状態判定部26及び感震データ取得部27の機能を実現するプログラムを実行する。
 プロセッサ301がOSを実行することで、タスク管理、メモリ管理、ファイル管理、通信制御等が行われる。
 また、受信部23、制御部24、送信部25、携帯機状態判定部26及び感震データ取得部27の処理の結果を示す情報、データ、信号値及び変数値の少なくともいずれかが、記憶装置902、プロセッサ901内のレジスタ及びキャッシュメモリの少なくともいずれかに記憶される。
 また、受信部23、制御部24、送信部25、携帯機状態判定部26及び感震データ取得部27の機能を実現するプログラムは、磁気ディスク、フレキシブルディスク、光ディスク、コンパクトディスク、ブルーレイ(登録商標)ディスク、DVD等の可搬記録媒体に格納されていてもよい。 The auxiliary storage device 302 of the portable device 20 also stores an OS.
At least a part of the OS is executed by the processor 301.
The processor 301 executes a program that realizes the functions of the reception unit 23, the control unit 24, the transmission unit 25, the portable device state determination unit 26, and the seismic data acquisition unit 27 while executing at least a part of the OS.
When the processor 301 executes the OS, task management, memory management, file management, communication control, and the like are performed.
In addition, at least one of information, data, a signal value, and a variable value indicating processing results of the reception unit 23, the control unit 24, the transmission unit 25, the portable device state determination unit 26, and the seismic data acquisition unit 27 is stored in the storage device. 902, stored in at least one of a register and a cache memory in the processor 901.
Moreover, the program which implement | achieves the function of the receiving part 23, the control part 24, the transmission part 25, the portable device state determination part 26, and the seismic sensitivity data acquisition part 27 is a magnetic disk, a flexible disk, an optical disk, a compact disk, Blu-ray (trademark). ) It may be stored in a portable recording medium such as a disk or DVD.
 また、送信部13、制御部14、受信部15及び受信強度比ルール生成部16の「部」を、「回路」又は「工程」又は「手順」又は「処理」に読み替えてもよい。
 また、車載装置10は、処理回路により実現されてもよい。処理回路は、例えば、ロジックIC(Integrated Circuit)、GA(Gate Array)、ASIC(Application Specific Integrated Circuit)、FPGA(Field-Programmable Gate Array)である。
 更に、受信部23、制御部24、送信部25、携帯機状態判定部26及び感震データ取得部27の「部」を、「回路」又は「工程」又は「手順」又は「処理」に読み替えてもよい。
 また、携帯機20は、処理回路により実現されてもよい。処理回路は、前述したように、ロジックIC、GA、ASIC、FPGAである。 Further, “part” of the transmission unit 13, the control unit 14, the reception unit 15, and the reception intensity ratio rule generation unit 16 may be read as “circuit”, “process”, “procedure”, or “processing”.
Moreover, the vehicle-mounted apparatus 10 may be implement | achieved by the processing circuit. The processing circuit is, for example, a logic IC (Integrated Circuit), a GA (Gate Array), an ASIC (Application Specific Integrated Circuit), or an FPGA (Field-Programmable Gate Array).
Furthermore, the “unit” in the receiving unit 23, the control unit 24, the transmitting unit 25, the portable device state determination unit 26, and the seismic data acquisition unit 27 is replaced with “circuit” or “process” or “procedure” or “processing”. May be.
Moreover, the portable device 20 may be realized by a processing circuit. As described above, the processing circuit is a logic IC, GA, ASIC, or FPGA.
 なお、本明細書では、プロセッサと処理回路との上位概念を、「プロセッシングサーキットリー」という。
 つまり、プロセッサと処理回路とは、それぞれ「プロセッシングサーキットリー」の具体例である。 In this specification, the superordinate concept of the processor and the processing circuit is referred to as “processing circuitry”.
That is, the processor and the processing circuit are specific examples of “processing circuitry”.
 1 車両、10 車載装置、11 送信アンテナ、12 受信アンテナ、13 送信部、14 制御部、15 受信部、16 受信強度比ルール生成部、20 携帯機、21 受信アンテナ、22 送信アンテナ、23 受信部、24 制御部、25 送信部、26 携帯機状態判定部、27 感震データ取得部、30 車両ドア、40 リクエスト信号、41 レスポンス信号、50 中継器、201 プロセッサ、202 補助記憶装置、203 主記憶装置、204 送信装置、205 受信装置、206 ECU、301 プロセッサ、302 補助記憶装置、303 主記憶装置、304 送信装置、305 受信装置、306 感震器。 1 vehicle, 10 in-vehicle device, 11 transmitting antenna, 12 receiving antenna, 13 transmitting unit, 14 control unit, 15 receiving unit, 16 receiving intensity ratio rule generating unit, 20 portable device, 21 receiving antenna, 22 transmitting antenna, 23 receiving unit , 24 control unit, 25 transmission unit, 26 portable device state determination unit, 27 seismic data acquisition unit, 30 vehicle door, 40 request signal, 41 response signal, 50 relay, 201 processor, 202 auxiliary storage device, 203 main memory Device, 204 transmission device, 205 reception device, 206 ECU, 301 processor, 302 auxiliary storage device, 303 main storage device, 304 transmission device, 305 reception device, 306 vibration sensor.

Claims (14)

  1.  車両上に相互に離れて配置された複数の送信アンテナから送信された複数の無線信号を受信し、送信アンテナごとに無線信号の受信強度を計測する、前記車両の利用者に携帯される端末装置が含まれる車両管理システムに含まれる判定装置であって、
     前記端末装置が前記車両から規定の範囲内に所在する場合の無線信号の受信強度の実績値から得られる値が参照値として送信アンテナごとに示される受信強度情報を記憶する記憶部と、
     送信アンテナごとに、前記端末装置により計測された受信強度の計測値と前記受信強度情報に示される前記参照値との一致度を評価して、前記端末装置が前記車両から前記規定の範囲内に所在するか否かを判定する制御部とを有する判定装置。     A terminal device that is carried by a user of the vehicle, receives a plurality of radio signals transmitted from a plurality of transmission antennas arranged away from each other on the vehicle, and measures the reception strength of the radio signal for each transmission antenna. A determination device included in a vehicle management system including
    A storage unit that stores reception strength information in which a value obtained from the actual value of the reception strength of a radio signal when the terminal device is located within a specified range from the vehicle is indicated for each transmission antenna as a reference value;
    For each transmission antenna, the degree of coincidence between the measurement value of the reception intensity measured by the terminal device and the reference value indicated by the reception intensity information is evaluated, and the terminal device is within the specified range from the vehicle. And a control unit that determines whether or not the user is present.
  2.  前記端末装置は
     送信アンテナごと、かつ3次元座標軸における座標軸ごとに受信強度を計測し、
     前記記憶部は、
     前記受信強度情報として、前記座標軸ごとの実績値の間の比が前記参照値として送信アンテナごとに示される情報を記憶しており、
     前記制御部は、
     送信アンテナごとに、前記端末装置により計測された前記座標軸ごとの計測値の間の比と前記受信強度情報に前記参照値として示される比との一致度を評価して、前記端末装置が前記車両から前記規定の範囲内に所在するか否かを判定する請求項1に記載の判定装置。     The terminal device measures reception intensity for each transmission antenna and for each coordinate axis in the three-dimensional coordinate axis,
    The storage unit
    As the received intensity information, a ratio between the actual values for each coordinate axis is stored as information for each transmitting antenna as the reference value,
    The controller is
    For each transmitting antenna, the terminal device evaluates the degree of coincidence between the ratio between the measured values for each coordinate axis measured by the terminal device and the ratio indicated as the reference value in the received intensity information, and the terminal device The determination apparatus according to claim 1, wherein the determination apparatus determines whether the position is within the specified range.
  3.  前記端末装置は、
     送信アンテナごと、かつ、3次元座標軸における座標軸ごとに受信強度を計測し、
     前記記憶部は、
     前記受信強度情報として、前記座標軸ごとの実績値に対する機械学習により得られた比が前記参照値として送信アンテナごとに示される情報を記憶しており、
     前記制御部は、
     送信アンテナごとに、前記端末装置により計測された前記座標軸ごとの計測値の間の比と前記受信強度情報に前記参照値として示される比との一致度を評価して、前記端末装置が前記車両から前記規定の範囲内に所在するか否かを判定する請求項1に記載の判定装置。     The terminal device
    Measure the reception intensity for each transmitting antenna and for each coordinate axis in the three-dimensional coordinate axis,
    The storage unit
    As the received intensity information, a ratio obtained by machine learning with respect to the actual value for each coordinate axis is stored as information indicated for each transmitting antenna as the reference value,
    The controller is
    For each transmitting antenna, the terminal device evaluates the degree of coincidence between the ratio between the measured values for each coordinate axis measured by the terminal device and the ratio indicated as the reference value in the received intensity information, and the terminal device The determination apparatus according to claim 1, wherein the determination apparatus determines whether the position is within the specified range.
  4.  前記制御部は、
     全ての送信アンテナにおいて前記計測値と前記参照値との一致度が閾値を超える場合に、前記端末装置が前記車両から前記規定の範囲内に所在すると判定する請求項1に記載の判定装置。     The controller is
    The determination apparatus according to claim 1, wherein when the degree of coincidence between the measured value and the reference value exceeds a threshold value in all transmission antennas, the terminal apparatus determines that the terminal apparatus is located within the specified range from the vehicle.
  5.  前記制御部は、
     前記端末装置が前記車両から前記規定の範囲内に所在すると判定した場合に、前記端末装置から前記車両への操作を許可する請求項1に記載の判定装置。     The controller is
    The determination device according to claim 1, wherein when it is determined that the terminal device is located within the specified range from the vehicle, an operation from the terminal device to the vehicle is permitted.
  6.  前記判定装置は、
     前記車両に搭載される車載装置及び前記端末装置のいずれかに配備されている請求項1に記載の判定装置。     The determination device includes:
    The determination device according to claim 1, wherein the determination device is provided in any one of the in-vehicle device and the terminal device mounted on the vehicle.
  7.  前記車両管理システムは、キーレスエントリーシステムであり、
     前記記憶部は、
     前記受信強度情報として、前記端末装置から前記車両のドアを施錠するための操作があった際に計測された送信アンテナごとの受信強度の実績値から得られる値が前記参照値として示される情報を記憶している請求項1に記載の判定装置。     The vehicle management system is a keyless entry system,
    The storage unit
    Information indicating, as the reference value, a value obtained from the actual value of the reception intensity for each transmission antenna measured when the operation for locking the vehicle door is performed from the terminal device as the reception intensity information. The determination device according to claim 1, wherein the determination device is stored.
  8.  車両に搭載されている車載装置から送信された第1の無線信号を受信する、前記車両の利用者が携帯する端末装置であって、
     前記端末装置の移動状態を判定する移動状態判定部と、
     前記第1の無線信号が受信された際に、前記移動状態判定部により前記端末装置の移動状態が前記端末装置が移動している状態から静止している状態に遷移し終えた状態と判定されている場合に、前記第1の無線信号に応答する第2の無線信号を前記車載装置に送信する制御部とを有する端末装置。     A terminal device carried by a user of the vehicle that receives a first radio signal transmitted from an in-vehicle device mounted on the vehicle,
    A movement state determination unit for determining a movement state of the terminal device;
    When the first radio signal is received, the movement state determination unit determines that the movement state of the terminal device has finished transitioning from a state where the terminal device is moving to a state where it is stationary. And a control unit that transmits a second radio signal responding to the first radio signal to the in-vehicle device.
  9.  前記制御部は、
     前記移動状態判定部により前記端末装置が移動している状態及び静止している状態のいずれかであると判定された場合に、無効な第2の無線信号であることを通知する無効情報が含まれる第2の無線信号を前記車載装置に送信する請求項8に記載の端末装置。     The controller is
    When the movement state determination unit determines that the terminal device is in a moving state or a stationary state, invalid information notifying that it is an invalid second wireless signal is included. The terminal device according to claim 8, wherein the second wireless signal transmitted is transmitted to the in-vehicle device.
  10.  前記制御部は、
     前記移動状態判定部により前記端末装置が移動している状態及び静止している状態のいずれかであると判定された場合に、第2の無線信号を前記車載装置に送信しない請求項8に記載の端末装置。     The controller is
    9. The second wireless signal is not transmitted to the in-vehicle device when the movement state determination unit determines that the terminal device is in a moving state or a stationary state. Terminal equipment.
  11.  車両上に相互に離れて配置された複数の送信アンテナから送信された複数の無線信号を受信し、送信アンテナごとに無線信号の受信強度を計測する、前記車両の利用者に携帯される端末装置が含まれる車両管理システムに含まれるコンピュータが行う判定方法であって、
     前記コンピュータが、前記端末装置が前記車両から規定の範囲内に所在する場合の無線信号の受信強度の実績値から得られる値が参照値として送信アンテナごとに示される受信強度情報を記憶領域から読み出し、
     前記コンピュータが、送信アンテナごとに、前記端末装置により計測された受信強度の計測値と前記受信強度情報に示される前記参照値との一致度を評価して、前記端末装置が前記車両から前記規定の範囲内に所在するか否かを判定する判定方法。     A terminal device that is carried by a user of the vehicle, receives a plurality of radio signals transmitted from a plurality of transmission antennas arranged away from each other on the vehicle, and measures the reception strength of the radio signal for each transmission antenna. A determination method performed by a computer included in a vehicle management system including
    The computer reads, from the storage area, reception intensity information indicated for each transmission antenna as a reference value that is obtained from the actual value of the reception intensity of the radio signal when the terminal device is located within a specified range from the vehicle. ,
    The computer evaluates, for each transmission antenna, the degree of coincidence between the measurement value of the reception intensity measured by the terminal device and the reference value indicated in the reception intensity information, and the terminal device determines from the vehicle the regulation. The determination method which determines whether it exists in the range of.
  12.  車両に搭載されている車載装置から送信された第1の無線信号を受信する、前記車両の利用者が携帯するコンピュータである端末装置が行う通信方法であって、
     前記端末装置が、前記端末装置の移動状態を判定し、
     前記第1の無線信号が受信された際に、前記端末装置の移動状態が前記端末装置が移動している状態から静止している状態に遷移し終えた状態と判定されている場合に、前記端末装置が、前記第1の無線信号に応答する第2の無線信号を前記車載装置に送信する通信方法。     A communication method performed by a terminal device, which is a computer carried by a user of the vehicle, receives a first wireless signal transmitted from an in-vehicle device mounted on the vehicle,
    The terminal device determines a movement state of the terminal device;
    When it is determined that when the first wireless signal is received, the moving state of the terminal device has transitioned from a moving state to a stationary state, the terminal device has moved. A communication method in which a terminal device transmits a second radio signal responding to the first radio signal to the in-vehicle device.
  13.  車両上に相互に離れて配置された複数の送信アンテナから送信された複数の無線信号を受信し、送信アンテナごとに無線信号の受信強度を計測する、前記車両の利用者に携帯される端末装置が含まれる車両管理システムに含まれるコンピュータに、
     前記端末装置が前記車両から規定の範囲内に所在する場合の無線信号の受信強度の実績値から得られる値が参照値として送信アンテナごとに示される受信強度情報を記憶領域から読み出す読み出し処理と、
     送信アンテナごとに、前記端末装置により計測された受信強度の計測値と前記受信強度情報に示される前記参照値との一致度を評価して、前記端末装置が前記車両から前記規定の範囲内に所在するか否かを判定する制御処理とを実行させる判定プログラム。     A terminal device that is carried by a user of the vehicle, receives a plurality of radio signals transmitted from a plurality of transmission antennas arranged away from each other on the vehicle, and measures the reception strength of the radio signal for each transmission antenna. In the computer included in the vehicle management system that includes
    A reading process of reading out from the storage area reception intensity information indicated for each transmission antenna as a reference value obtained from the actual value of the reception intensity of the radio signal when the terminal device is located within a specified range from the vehicle;
    For each transmission antenna, the degree of coincidence between the measurement value of the reception intensity measured by the terminal device and the reference value indicated by the reception intensity information is evaluated, and the terminal device is within the specified range from the vehicle. A determination program for executing a control process for determining whether or not the user is present.
  14.  車両に搭載されている車載装置から送信された第1の無線信号を受信する、前記車両の利用者が携帯するコンピュータである端末装置に、
     前記端末装置の移動状態を判定する移動状態判定処理と、
     前記第1の無線信号が受信された際に、前記移動状態判定処理により前記端末装置の移動状態が前記端末装置が移動している状態から静止している状態に遷移し終えた状態と判定されている場合に、前記第1の無線信号に応答する第2の無線信号を前記車載装置に送信する制御処理とを実行させる通信プログラム。     In a terminal device that is a computer carried by a user of the vehicle that receives a first radio signal transmitted from an in-vehicle device mounted on the vehicle,
    A movement state determination process for determining a movement state of the terminal device;
    When the first radio signal is received, the movement state determination process determines that the movement state of the terminal device has finished transitioning from a state where the terminal device is moving to a state where it is stationary. And a control program for executing a control process for transmitting a second radio signal in response to the first radio signal to the in-vehicle device.
PCT/JP2018/008931 2018-03-08 2018-03-08 Determination device, terminal device, determination method, communication method, determination program, and communication program WO2019171525A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2020504580A JP6811893B2 (en) 2018-03-08 2018-03-08 Judgment device, terminal device, judgment method, communication method, judgment program and communication program
PCT/JP2018/008931 WO2019171525A1 (en) 2018-03-08 2018-03-08 Determination device, terminal device, determination method, communication method, determination program, and communication program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2018/008931 WO2019171525A1 (en) 2018-03-08 2018-03-08 Determination device, terminal device, determination method, communication method, determination program, and communication program

Publications (1)

Publication Number Publication Date
WO2019171525A1 true WO2019171525A1 (en) 2019-09-12

Family

ID=67845708

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2018/008931 WO2019171525A1 (en) 2018-03-08 2018-03-08 Determination device, terminal device, determination method, communication method, determination program, and communication program

Country Status (2)

Country Link
JP (1) JP6811893B2 (en)
WO (1) WO2019171525A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022004556A1 (en) * 2020-07-02 2022-01-06 株式会社東海理化電機製作所 Communication system, communication method, and communication device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010274682A (en) * 2009-05-26 2010-12-09 Tokai Rika Co Ltd Electronic key system
WO2016013680A1 (en) * 2014-07-25 2016-01-28 株式会社オートネットワーク技術研究所 Vehicle-mounted communication system and vehicle-mounted device
JP2017088016A (en) * 2015-11-12 2017-05-25 オムロンオートモーティブエレクトロニクス株式会社 On-vehicle equipment control system, and portable machine
JP2017210800A (en) * 2016-05-26 2017-11-30 三菱電機株式会社 Keyless system
US20170352211A1 (en) * 2016-06-01 2017-12-07 GM Global Technology Operations LLC Relay-attack deterrence relay-attack deterrence

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010274682A (en) * 2009-05-26 2010-12-09 Tokai Rika Co Ltd Electronic key system
WO2016013680A1 (en) * 2014-07-25 2016-01-28 株式会社オートネットワーク技術研究所 Vehicle-mounted communication system and vehicle-mounted device
JP2017088016A (en) * 2015-11-12 2017-05-25 オムロンオートモーティブエレクトロニクス株式会社 On-vehicle equipment control system, and portable machine
JP2017210800A (en) * 2016-05-26 2017-11-30 三菱電機株式会社 Keyless system
US20170352211A1 (en) * 2016-06-01 2017-12-07 GM Global Technology Operations LLC Relay-attack deterrence relay-attack deterrence

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022004556A1 (en) * 2020-07-02 2022-01-06 株式会社東海理化電機製作所 Communication system, communication method, and communication device

Also Published As

Publication number Publication date
JP6811893B2 (en) 2021-01-13
JPWO2019171525A1 (en) 2020-07-02

Similar Documents

Publication Publication Date Title
CN107650860B (en) Method, computer readable medium and device for verifying authorization of a mobile communication device
JP6725302B2 (en) Keyless entry system
CN105051794B (en) Method and device for issuing access authorization
US10336297B2 (en) Vehicle-use communication system, in-vehicle device, portable device, and non-transitory computer-readable recording medium
JP2018066174A (en) Position determination device, position determination method and program, and keyless entry system
CN108292931B (en) In-vehicle device, portable device, and wireless communication system for vehicle
JP6740980B2 (en) In-vehicle wireless communication device, distance information detection method
US20170050615A1 (en) Mobile device for a keyless access or actuation system for motor vehicles
JP2006143197A (en) Car protecting method and car protecting device
JP2019044535A (en) Keyless entry system
JP5394285B2 (en) Keyless entry device portable machine
WO2019171525A1 (en) Determination device, terminal device, determination method, communication method, determination program, and communication program
JP6789355B2 (en) On-board unit, program, and keyless entry system
JP6654258B2 (en) Authentication system, portable device, registration method, and program
JP5619223B1 (en) Wireless communication system
JP7124893B2 (en) Hemispherical antenna for locating remote devices
JP6549640B2 (en) Vehicle system, portable device, and in-vehicle device
JP2013040474A (en) Locking/unlocking control system, locking/unlocking control method, and electric wave transmitter/acceptor
JP2022184897A (en) Vehicle wireless communication system, on-vehicle device of vehicle wireless communication system, and portable device of vehicle wireless communication system
WO2021111741A1 (en) Relay attack determination device
WO2018088198A1 (en) Vehicle system, portable machine, and vehicle-mounted device
JP2019157426A (en) Door lock control system and door lock device
CN113544351B (en) Vehicle control system, portable terminal, and in-vehicle device
JP7262948B2 (en) Portable device, communication control method applied to portable device
JP6887334B2 (en) Keyless entry system and vehicle side equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18908543

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2020504580

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18908543

Country of ref document: EP

Kind code of ref document: A1