WO2022113440A1 - Transmitter, receiver, communication system, and program - Google Patents

Transmitter, receiver, communication system, and program Download PDF

Info

Publication number
WO2022113440A1
WO2022113440A1 PCT/JP2021/030616 JP2021030616W WO2022113440A1 WO 2022113440 A1 WO2022113440 A1 WO 2022113440A1 JP 2021030616 W JP2021030616 W JP 2021030616W WO 2022113440 A1 WO2022113440 A1 WO 2022113440A1
Authority
WO
WIPO (PCT)
Prior art keywords
authenticator
transmitter
encryption key
receiver
ecu
Prior art date
Application number
PCT/JP2021/030616
Other languages
French (fr)
Japanese (ja)
Inventor
隆弘 小島
Original Assignee
株式会社東海理化電機製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社東海理化電機製作所 filed Critical 株式会社東海理化電機製作所
Publication of WO2022113440A1 publication Critical patent/WO2022113440A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Definitions

  • the present disclosure relates to transmitters, receivers, communication systems, and programs for controlling transmitters that perform service-oriented communication.
  • a plurality of ECUs mounted on a vehicle are connected by wire or wirelessly to form a communication system capable of communicating information possessed by each ECU with each other.
  • ECUs Electronic Control Units
  • the ECU that receives the illegal ECU may process the illegal message in the same manner as the legitimate message. be.
  • service-oriented communication In which the transmitter (server) provides services (data) to the receiver in response to the request of the receiver (client). do.
  • one common encryption key is stored in advance in each of the transmitter and the receiver.
  • the transmitter generates an authenticator (for example, a random number) using the encryption key stored in itself, and sends a message to which the authenticator is attached to one service to the receiver.
  • the receiver generates a judgment authenticator using the encryption key stored in itself, and determines whether or not the authenticator included in the message received from the transmitter matches the judgment authenticator. It is common to prevent communication by malicious messages.
  • the present disclosure has been made to solve the above-mentioned problems, and the purpose of the present disclosure is to perform unauthorized communication without the trouble of rewriting the encryption key from the outside when performing encrypted communication such as service-oriented communication. It is to improve the security against.
  • the transmitter performs encrypted communication with the receiver.
  • This transmitter calculates using the first storage unit that stores information including a plurality of identification numbers and a plurality of encryption keys corresponding to the plurality of identification numbers, and the information stored in the first storage unit. It is provided with a first calculation unit.
  • the first arithmetic unit sets one of a plurality of identification numbers for one service as the current identification number, and refers to the information stored in the first storage unit to correspond to the current identification number.
  • the encryption key is specified, the specified encryption key is used to generate the first authenticator, and one service and the first authenticator are transmitted to the receiver.
  • a plurality of identification numbers and a plurality of encryption keys corresponding to the plurality of identification numbers are stored in advance in the transmitter. Therefore, the encryption key can be changed by changing the current identification number to any one of a plurality of identification numbers in the transmitter. Then, the transmitter generates the first authenticator using the encryption key corresponding to the current identification number, and transmits one service and the first authenticator to the receiver. As a result, it is possible to improve the security against unauthorized communication without taking the trouble of rewriting the encryption key from the outside when performing encrypted communication with the receiver.
  • the communication system includes a transmitter and a receiver for performing encrypted communication.
  • the transmitter calculates using the first storage unit that stores information including a plurality of identification numbers and a plurality of encryption keys corresponding to the plurality of identification numbers, and the information stored in the first storage unit. It is provided with one arithmetic unit.
  • the first arithmetic unit sets one of a plurality of identification numbers for one service as the current identification number, and refers to the information stored in the first storage unit to correspond to the current identification number.
  • the encryption key is specified, the specified encryption key is used to generate the first authenticator, and the combination of one service and the first authenticator is transmitted to the receiver.
  • the receiver includes a second storage unit that stores the same information as the information stored in the first storage unit of the transmitter, and a second calculation unit.
  • the second arithmetic unit refers to the information stored in the second storage unit, identifies the encryption key corresponding to the current identification number, generates the second authenticator using the specified encryption key, and transmits the transmitter. It is determined whether or not the first authenticator received from is matched with the second authenticator, and the current identification is performed when the number of times the first authenticator is determined not to match the second authenticator exceeds the specified number of times. Ask the transmitter to change the number.
  • the program according to one aspect of the present disclosure is a program for controlling a transmitter that performs encrypted communication with a receiver.
  • the transmitter stores information including a plurality of identification numbers and a plurality of encryption keys corresponding to the plurality of identification numbers.
  • the program sets one of multiple identification numbers for one service as the current identification number, and refers to the information stored in the transmitter to provide the encryption key corresponding to the current identification number.
  • the arithmetic unit is made to execute a step of specifying, a step of generating a first authenticator using the specified encryption key, and a step of transmitting a combination of one service and the first authenticator to the receiver.
  • FIG. 1 It is a figure which shows an example of the structure of the communication system schematically. It is a figure which illustrates the instance ID and the encryption key prepared for one service. It is a flowchart which shows an example of the processing procedure which is executed when the server ECU and the client ECU perform service-oriented communication. It is a sequence diagram of the process performed by a server ECU and a client ECU.
  • FIG. 1 is a diagram schematically showing an example of the configuration of the communication system 1 according to the present embodiment.
  • the communication system 1 includes a server ECU (transmitter) 10 and a client ECU (receiver) 20.
  • the server ECU 10 and the client ECU 20 are configured to be connected to each other by wire or wirelessly to perform service-oriented communication.
  • the server ECU 10 and the client ECU 20 may perform encrypted communication other than service-oriented communication.
  • the server ECU 10 and the client ECU 20 are applied to, for example, vehicle control.
  • vehicle control For example, when the server ECU 10 is mounted on the user's mobile key and the client ECU 20 is mounted on the user's vehicle, the client ECU 20 controls the vehicle (for example, locks and unlocks the door of the vehicle) in response to a command from the server ECU 10. Control, control to drive the engine of the vehicle, etc.) may be performed.
  • the server ECU 10 and the client ECU 20 may be mounted on a vehicle other than the vehicle.
  • the client ECU 20 may control the speaker so as to output voice from the speaker in response to a command from the server ECU 10.
  • the server ECU 10 is mounted on the user's mobile key and the client ECU 20 is installed in the user's house
  • the client ECU 20 controls locking and unlocking of the door of the house in response to a command from the server ECU 10. You may do so.
  • the server ECU 10 includes a CPU (Central Processing Unit) 11 and a memory 12.
  • the control performed by the server ECU 10 is realized by the CPU 11 executing a program stored in the memory 12.
  • the control performed by the server ECU 10 is not limited to processing by software, but can also be processed by dedicated hardware (electronic circuit).
  • the client ECU 20 includes a CPU 21 and a memory 22.
  • the control performed by the client ECU 20 is realized by the CPU 21 executing a program stored in the memory 22.
  • the control performed by the client ECU 20 is not limited to processing by software, but can also be processed by dedicated hardware (electronic circuit).
  • the server ECU 10 and the client ECU 20 are configured to perform service-oriented communication. Specifically, the server ECU 10 provides a service (data) 31 to the client ECU 20 in response to a request from the client ECU 20. At this time, the server ECU 10 generates an authenticator 32 (first authenticator) using the encryption key stored in advance in the memory 12, assigns the generated authenticator 32 to the service 31, and transmits the generated authenticator 32 to the client ECU 20. .. That is, the message 30 transmitted from the server ECU 10 to the client ECU 20 includes the service 31 and the authenticator 32 generated by using the encryption key.
  • the authenticator 32 is, for example, a random number.
  • the client ECU 20 When the client ECU 20 receives the message 30 from the outside, the client ECU 20 generates a determination authenticator (second authenticator) using the encryption key stored in advance in its own memory 22, and the authentication included in the message 30 received from the outside. It is determined whether or not the child 32 (first authenticator) matches the determination authenticator (second authenticator). Then, when the authenticator 32 received from the outside matches the authenticator for determination, the client ECU 20 determines that the authentication is established, that is, the message 30 is transmitted from the legitimate server ECU 10, and the message is displayed. The service 31 included in 30 is accepted.
  • second authenticator determination authenticator
  • the client ECU 20 determines that the authentication is unsuccessful, that is, the message 30 is not transmitted from the legitimate server ECU 10, and the message 30 is determined.
  • the service 31 included in the above is not accepted. As a result, unauthorized communication is suppressed.
  • a plurality of instance IDs (identification numbers) are prepared for one service, and a plurality of encryption keys corresponding to the plurality of instance IDs are set. Will be done.
  • FIG. 2 is a diagram illustrating an instance ID and an encryption key prepared for one service.
  • three instance IDs "01", “02", and “03” are prepared for one service (Service1), and three encryption keys "" are prepared for each of the three instance IDs. "111", "222", and "333” are set.
  • the information defining the correspondence between the instance ID and the encryption key shown in FIG. 2 is stored in advance in both the memory 12 of the server ECU 10 and the memory 22 of the client ECU 20.
  • the server ECU 10 and the client ECU 20 improve the security against unauthorized communication by changing the encryption key while synchronizing them when performing service-oriented communication, without taking the trouble of rewriting the encryption key from the outside. This point will be described in detail below.
  • FIG. 3 is a flowchart showing an example of a processing procedure executed when the server ECU 10 and the client ECU 20 perform service-oriented communication.
  • the flowchart shown in FIG. 3 is repeatedly executed every time a predetermined condition is satisfied (for example, every predetermined cycle).
  • the client ECU 20 first performs a service search (step S20). Specifically, the client ECU 20 sends a message (Find Service) to the server ECU 10 to inquire whether or not it is possible to provide a service with the instance ID (hereinafter, also referred to as “request ID”) requested by the client ECU 20. Send.
  • the request ID is one of the three instance IDs "01", "02", and "03" stored in the memory 22 of the client ECU 20.
  • the server ECU 10 responds to the service in response to the inquiry from the client ECU 20 in the service search (step S10). Specifically, the server ECU 10 confirms that the request ID received from the client ECU 20 is included in the instance ID stored in its own memory 12, and then provides the service with the request ID. A message (Offer Service) to the effect that is possible is transmitted to the client ECU 20.
  • the client ECU 20 makes a service request in response to receiving a service response from the server ECU 10 (step S22). Specifically, the client ECU 20 sends a message (Subscribe Event Group) formally requesting the provision of the service with the request ID to the server ECU 10.
  • a message Subscribe Event Group
  • the server ECU 10 When the server ECU 10 receives the service request from the client ECU 20, it transmits a message (Subscribe Event Group Ack) to the effect that the service request has been accepted to the client ECU 20 (step S12).
  • a message Subscribe Event Group Ack
  • the server ECU 10 sets the request ID received from the client ECU 20 to the current instance ID (hereinafter, also referred to as “current ID”) (step S14). Then, the server ECU 10 refers to the information stored in the memory 12 and identifies the encryption key corresponding to the current ID (step S16). For example, when the current ID is "01", the encryption key is specified as "111" as shown in FIG. 2 above.
  • the server ECU 10 generates an authenticator 32 using the specified encryption key (step S18), and sends a message 30 to which the generated authenticator 32 is attached to the service 31 to the client ECU 20 (step S19).
  • the message 30 also includes information indicating the current ID.
  • the client ECU 20 When the client ECU 20 receives the message 30 from the outside, the client ECU 20 identifies the password key corresponding to the current ID included in the message 30 with reference to the information stored in the memory 22 (step S24), and uses the specified password key. To generate a determination authenticator (step S26).
  • the client ECU 20 determines whether or not the authenticator 32 included in the message 30 matches the authenticator for determination (step S28).
  • the authenticator 32 included in the message 30 matches the determination authenticator (YES in step S28)
  • the client ECU 20 has been authenticated, that is, the message 30 has been transmitted from the legitimate server ECU 10. (Step S30).
  • step S40 If the authenticator 32 included in the message 30 does not match the authenticator for determination (NO in step S28), the client ECU 20 does not authenticate, that is, the message 30 is not transmitted from the legitimate server ECU 10. Determination (step S40).
  • the client ECU 20 counts up the "authentication NG number of times" which is the number of times when the authentication is determined to be unsuccessful (that is, the number of times when the authenticator 32 included in the message 30 is determined not to match the determination authenticator). (Step S42).
  • the number of authentication NGs is stored in the memory 22.
  • the client ECU 20 determines whether or not the number of times of authentication NG exceeds a predetermined number of times (step S44).
  • This specified number of times is limited to a small number of times (for example, several times) that it is predicted that the encryption key cannot be decrypted even if the non-genuine ECU trying to decrypt the encryption key repeatedly sends an unauthorized message.
  • step S44 the client ECU 20 skips the subsequent processing and shifts the processing to the return.
  • the client ECU 20 sends a message (Stop Subscribe Event Group) requesting to stop the service provision by the current ID to the server ECU 10 (YES). Step S46). As a result, the service provision with the ID is currently stopped.
  • the client ECU 20 changes the request ID (step S48). For example, when the current request ID is "01”, the client ECU 20 is different from “01” among the three instance IDs "01", "02", and "03" stored in the memory 22. Change the request ID to "02" or "03". As a result, in the next calculation cycle, the changed request ID will be set to the current ID.
  • FIG. 4 is a sequence diagram of processing performed by the server ECU 10 and the client ECU 20.
  • FIG. 4 illustrates a case where an unauthorized message is transmitted to the communication system 1 from a non-genuine ECU that does not have a legitimate encryption key.
  • the client ECU 20 When the client ECU 20 receives an invalid message from a non-genuine ECU, the client ECU 20 identifies and identifies the encryption key "111" corresponding to the current ID "01" included in the illegal message by referring to the information stored in the memory 22. A determination authenticator is generated with the encryption key "111", and it is determined whether or not the authenticator included in the invalid message matches the determination authenticator. At this time, if the non-genuine ECU cannot currently decrypt the legitimate encryption key corresponding to the ID "01", the authenticator included in the invalid message does not match the authenticator for determination, so it is determined that the authentication has not been established. Will be done. Every time the non-genuine ECU sends an unauthorized message in an attempt to decrypt the encryption key, it is determined that the authentication has not been established, and the number of times of authentication NG is counted up.
  • the client ECU 20 should stop the service with the ID "01" to the server ECU 10 at present. Request to. Further, the client ECU 20 changes the request ID from the current "01" to "02", and performs a service search with the request ID "02" for the server ECU 10.
  • the legitimate server ECU 10 that has received this service search sets the current ID to the request ID "02”, generates an authenticator using the legitimate encryption key "222" corresponding to the current ID "02", and is generated.
  • the authenticator is attached to the service and transmitted to the client ECU 20. As a result, authentication between the server ECU 10 and the client ECU 20 is established.
  • the non-genuine ECU trying to decrypt the encryption key repeatedly sends an illegal message
  • the non-genuine ECU decrypts the encryption key currently in use.
  • the encryption key can be changed while being automatically synchronized between the server ECU 10 and the client ECU 20. Therefore, it is possible to improve the security against unauthorized communication without taking the trouble of rewriting the encryption key from the outside.
  • the current ID and the encryption key can be changed every time the request ID transmitted from the client ECU 20 to the server ECU 10 is changed. Therefore, the security against unauthorized communication can be improved in response to the request from the client ECU 20.
  • the transmitter according to one aspect of the present disclosure performs encrypted communication with the receiver.
  • This transmitter calculates using the first storage unit that stores information including a plurality of identification numbers and a plurality of encryption keys corresponding to the plurality of identification numbers, and the information stored in the first storage unit. It is provided with a first calculation unit.
  • the first arithmetic unit sets one of a plurality of identification numbers for one service as the current identification number, and refers to the information stored in the first storage unit to correspond to the current identification number.
  • the encryption key is specified, the specified encryption key is used to generate the first authenticator, and one service and the first authenticator are transmitted to the receiver.
  • a plurality of identification numbers and a plurality of encryption keys corresponding to the plurality of identification numbers are stored in advance in the transmitter. Therefore, the encryption key can be changed by changing the current identification number to any one of a plurality of identification numbers in the transmitter. Then, the transmitter generates the first authenticator using the encryption key corresponding to the current identification number, and transmits one service and the first authenticator to the receiver. As a result, when performing encrypted communication such as service-oriented communication with the receiver, it is possible to improve the security against unauthorized communication without taking the trouble of rewriting the encryption key from the outside.
  • the first calculation unit changes the current identification number when a predetermined condition is satisfied, and refers to the information stored in the first storage unit to change the current identification number.
  • the encryption key corresponding to the identification number is specified, the first authenticator is generated using the specified encryption key, and one service and the first authenticator are transmitted to the receiver.
  • the encryption key can be changed every time a predetermined condition is satisfied. Therefore, the security against unauthorized communication can be further improved.
  • the predetermined condition includes the condition that the receiver has requested to change the current identification number.
  • the encryption key can be changed every time the receiver requests to change the current identification number. Therefore, the security against unauthorized communication can be improved in response to a request from the receiver.
  • the receiver performs encrypted communication with the transmitter described in (3) above.
  • This receiver includes a second storage unit that stores the same information as a plurality of identification numbers and a plurality of encryption keys stored in the first storage unit of the transmitter, and a second calculation unit.
  • the second arithmetic unit refers to the information stored in the second storage unit, identifies the encryption key corresponding to the current identification number, generates the second authenticator using the specified encryption key, and transmits the transmitter. It is determined whether or not the first authenticator received from is matched with the second authenticator, and the current identification is performed when the number of times the first authenticator is determined not to match the second authenticator exceeds the specified number of times. Ask the transmitter to change the number.
  • the receiver when the number of times that the first authenticator generated by the transmitter is determined not to match the second authenticator generated by the receiver exceeds the specified number of times, the receiver to the transmitter. , You will be asked to change the current identification number and the current identification number will be changed. Therefore, if a non-genuine transmitter trying to break the encryption key repeatedly sends a malicious message, the legitimate transmitter and the legitimate receiver before the non-genuine transmitter breaks the current encryption key. It can be changed while automatically synchronizing the encryption key with and.
  • the communication system includes a transmitter and a receiver for performing encrypted communication.
  • the transmitter calculates using the first storage unit that stores information including a plurality of identification numbers and a plurality of encryption keys corresponding to the plurality of identification numbers, and the information stored in the first storage unit. It is provided with one arithmetic unit.
  • the first arithmetic unit sets one of a plurality of identification numbers for one service as the current identification number, and refers to the information stored in the first storage unit to correspond to the current identification number.
  • the encryption key is specified, the specified encryption key is used to generate the first authenticator, and the combination of one service and the first authenticator is transmitted to the receiver.
  • the receiver includes a second storage unit that stores the same information as the information stored in the first storage unit of the transmitter, and a second calculation unit.
  • the second arithmetic unit refers to the information stored in the second storage unit, identifies the encryption key corresponding to the current identification number, generates the second authenticator using the specified encryption key, and transmits the transmitter. It is determined whether or not the first authenticator received from is matched with the second authenticator, and the current identification is performed when the number of times the first authenticator is determined not to match the second authenticator exceeds the specified number of times. Ask the transmitter to change the number.
  • the program according to one aspect of the present disclosure is a program for controlling a transmitter that performs encrypted communication with a receiver.
  • the transmitter stores information including a plurality of identification numbers and a plurality of encryption keys corresponding to the plurality of identification numbers.
  • the program sets one of multiple identification numbers for one service as the current identification number, and refers to the information stored in the transmitter to provide the encryption key corresponding to the current identification number.
  • the arithmetic unit is made to execute a step of specifying, a step of generating a first authenticator using the specified encryption key, and a step of transmitting a combination of one service and the first authenticator to the receiver.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

This server ECU (10) performs service-oriented communications with a client ECU (20). The server ECU (10) comprises: a memory (12) that stores a plurality of instance IDs and a plurality of cryptographic keys respectively corresponding to the plurality of instance IDs; and a CPU (11). The CPU (11) sets, as a current ID, one of the plurality of instance IDs with respect to a single service (31); identifies a cryptographic key corresponding to the current ID with reference to the information stored in the memory (12); uses the identified cryptographic key to generate an authenticator (32); and transmits the single service (31) and the first authenticator (32) to the client ECU (20).

Description

送信機、受信機、通信システム、およびプログラムTransmitters, receivers, communication systems, and programs
 本開示は、サービス指向通信を行なう送信機、受信機、通信システム、および送信機を制御するためのプログラムに関する。 The present disclosure relates to transmitters, receivers, communication systems, and programs for controlling transmitters that perform service-oriented communication.
 たとえば車両に搭載される複数のECU(Electronic Control Unit、電子制御装置)は、有線あるいは無線で接続されることによって、各ECUの有する情報を相互に通信可能とする通信システムを構成していることが多い。このような通信システムに不正なECUが接続され、不正なECUから不正なメッセージが送信されると、これを受信したECUでは、当該不正なメッセージを正規のメッセージと同様に処理してしまうおそれがある。 For example, a plurality of ECUs (Electronic Control Units) mounted on a vehicle are connected by wire or wirelessly to form a communication system capable of communicating information possessed by each ECU with each other. There are many. If an illegal ECU is connected to such a communication system and an illegal message is transmitted from the illegal ECU, the ECU that receives the illegal ECU may process the illegal message in the same manner as the legitimate message. be.
 このような問題に鑑み、従来、不正なメッセージによる通信(「不正通信」ともいう)を防ぐためのさまざまな暗号化通信技術が提案されている(たとえば国際公開第2013/175633号)。 In view of such problems, various encrypted communication techniques for preventing communication by unauthorized messages (also referred to as "illegal communication") have been proposed (for example, International Publication No. 2013/175633).
国際公開第2013/175633号International Publication No. 2013/175633
 通信システムで用いられる暗号化通信のなかには、受信機(クライアント)の要求に応じて、送信機(サーバ)が受信機にサービス(データ)を提供する「サービス指向通信」と称される技術が存在する。 Among the encrypted communications used in communication systems, there is a technology called "service-oriented communication" in which the transmitter (server) provides services (data) to the receiver in response to the request of the receiver (client). do.
 従来のサービス指向通信においては、送信機および受信機の各々に、共通の1つの暗号鍵が予め記憶される。送信機は、自らに記憶された暗号鍵を用いて認証子(たとえば乱数など)を生成し、1つのサービスに対して認証子を付与したメッセージを受信機に送信する。受信機は、自らに記憶された暗号鍵を用いて判定用認証子を生成し、送信機から受信したメッセージに含まれる認証子が判定用認証子と一致するか否かを判定することによって、不正なメッセージによる通信を防ぐのが一般的である。 In conventional service-oriented communication, one common encryption key is stored in advance in each of the transmitter and the receiver. The transmitter generates an authenticator (for example, a random number) using the encryption key stored in itself, and sends a message to which the authenticator is attached to one service to the receiver. The receiver generates a judgment authenticator using the encryption key stored in itself, and determines whether or not the authenticator included in the message received from the transmitter matches the judgment authenticator. It is common to prevent communication by malicious messages.
 しかしながら、従来の手法では、暗号鍵が一度不正に解読されてしまうと、送信機および受信機の双方の暗号鍵を書き換えるまでは、不正通信が行なわれるおそれがある。また、送信機および受信機の双方の暗号鍵を外部から書き換えるためには、手間と時間がかかる。 However, in the conventional method, once the encryption key is illegally decrypted, there is a possibility that unauthorized communication will be performed until the encryption keys of both the transmitter and the receiver are rewritten. Further, it takes time and effort to rewrite the encryption keys of both the transmitter and the receiver from the outside.
 本開示は、上述の課題を解決するためになされたものであって、その目的は、サービス指向通信などの暗号化通信を行なう際に、暗号鍵を外部から書き換える手間をかけることなく、不正通信に対するセキュリティ性を向上させることである。 The present disclosure has been made to solve the above-mentioned problems, and the purpose of the present disclosure is to perform unauthorized communication without the trouble of rewriting the encryption key from the outside when performing encrypted communication such as service-oriented communication. It is to improve the security against.
 本開示の一態様による送信機は、受信機との間で暗号化通信を行なう。この送信機は、複数の識別番号と、複数の識別番号にそれぞれ対応する複数の暗号鍵とを含む情報を記憶する第1記憶部と、第1記憶部に記憶された情報を用いて演算する第1演算部とを備える。第1演算部は、1つのサービスに対して複数の識別番号のうちのいずれかを現在の識別番号に設定し、第1記憶部に記憶された情報を参照して現在の識別番号に対応する暗号鍵を特定し、特定された暗号鍵を用いて第1認証子を生成し、1つのサービスと第1認証子とを受信機に送信する。 The transmitter according to one aspect of the present disclosure performs encrypted communication with the receiver. This transmitter calculates using the first storage unit that stores information including a plurality of identification numbers and a plurality of encryption keys corresponding to the plurality of identification numbers, and the information stored in the first storage unit. It is provided with a first calculation unit. The first arithmetic unit sets one of a plurality of identification numbers for one service as the current identification number, and refers to the information stored in the first storage unit to correspond to the current identification number. The encryption key is specified, the specified encryption key is used to generate the first authenticator, and one service and the first authenticator are transmitted to the receiver.
 上記の態様によれば、送信機に、複数の識別番号と、複数の識別番号にそれぞれ対応する複数の暗号鍵とが予め記憶されている。そのため、送信機内において現在の識別番号を複数の識別番号のうちのいずれかに変更することによって、暗号鍵を変更することができる。そして、送信機は、現在の識別番号に対応する暗号鍵を用いて第1認証子を生成し、1つのサービスと第1認証子とを受信機に送信する。これにより、受信機との間で暗号化通信を行なう際に、暗号鍵を外部から書き換える手間をかけることなく、不正通信に対するセキュリティ性を向上させることができる。 According to the above aspect, a plurality of identification numbers and a plurality of encryption keys corresponding to the plurality of identification numbers are stored in advance in the transmitter. Therefore, the encryption key can be changed by changing the current identification number to any one of a plurality of identification numbers in the transmitter. Then, the transmitter generates the first authenticator using the encryption key corresponding to the current identification number, and transmits one service and the first authenticator to the receiver. As a result, it is possible to improve the security against unauthorized communication without taking the trouble of rewriting the encryption key from the outside when performing encrypted communication with the receiver.
 本開示の一態様による通信システムは、暗号化通信を行なう送信機および受信機を備える。送信機は、複数の識別番号と、複数の識別番号にそれぞれ対応する複数の暗号鍵とを含む情報を記憶する第1記憶部と、第1記憶部に記憶された情報を用いて演算する第1演算部とを備える。第1演算部は、1つのサービスに対して複数の識別番号のうちのいずれかを現在の識別番号に設定し、第1記憶部に記憶された情報を参照して現在の識別番号に対応する暗号鍵を特定し、特定された暗号鍵を用いて第1認証子を生成し、1つのサービスと第1認証子との組合せを受信機に送信する。受信機は、送信機の第1記憶部に記憶された情報と同じ情報を記憶する第2記憶部と、第2演算部とを備える。第2演算部は、第2記憶部に記憶された情報を参照して現在の識別番号に対応する暗号鍵を特定し、特定された暗号鍵を用いて第2認証子を生成し、送信機から受信した第1認証子が第2認証子と一致するか否かを判定し、第1認証子が第2認証子と一致しないと判定された回数が規定回数を超えた場合に現在の識別番号を変更するように送信機に要求する。 The communication system according to one aspect of the present disclosure includes a transmitter and a receiver for performing encrypted communication. The transmitter calculates using the first storage unit that stores information including a plurality of identification numbers and a plurality of encryption keys corresponding to the plurality of identification numbers, and the information stored in the first storage unit. It is provided with one arithmetic unit. The first arithmetic unit sets one of a plurality of identification numbers for one service as the current identification number, and refers to the information stored in the first storage unit to correspond to the current identification number. The encryption key is specified, the specified encryption key is used to generate the first authenticator, and the combination of one service and the first authenticator is transmitted to the receiver. The receiver includes a second storage unit that stores the same information as the information stored in the first storage unit of the transmitter, and a second calculation unit. The second arithmetic unit refers to the information stored in the second storage unit, identifies the encryption key corresponding to the current identification number, generates the second authenticator using the specified encryption key, and transmits the transmitter. It is determined whether or not the first authenticator received from is matched with the second authenticator, and the current identification is performed when the number of times the first authenticator is determined not to match the second authenticator exceeds the specified number of times. Ask the transmitter to change the number.
 上記の通信システムによれば、上記の送信機と同様の作用効果を奏することができる。
 本開示の一態様によるプログラムは、受信機との間で暗号化通信を行なう送信機を制御するためのプログラムである。送信機には、複数の識別番号と、複数の識別番号にそれぞれ対応する複数の暗号鍵とを含む情報が記憶されている。プログラムは、1つのサービスに対して複数の識別番号のうちのいずれかを現在の識別番号に設定するステップと、送信機に記憶された情報を参照して現在の識別番号に対応する暗号鍵を特定するステップと、特定された暗号鍵を用いて第1認証子を生成するステップと、1つのサービスと第1認証子との組合せを受信機に送信するステップと、を演算装置に実行させる。 According to the above-mentioned communication system, the same operation and effect as the above-mentioned transmitter can be obtained.
The program according to one aspect of the present disclosure is a program for controlling a transmitter that performs encrypted communication with a receiver. The transmitter stores information including a plurality of identification numbers and a plurality of encryption keys corresponding to the plurality of identification numbers. The program sets one of multiple identification numbers for one service as the current identification number, and refers to the information stored in the transmitter to provide the encryption key corresponding to the current identification number. The arithmetic unit is made to execute a step of specifying, a step of generating a first authenticator using the specified encryption key, and a step of transmitting a combination of one service and the first authenticator to the receiver.
 上記態様によれば、上記のプログラムを演算装置に実行させることによって、上記の送信機と同様の作用効果を奏することができる。 According to the above aspect, by causing the arithmetic unit to execute the above program, the same operation and effect as the above transmitter can be obtained.
 本開示によれば、サービス指向通信などの暗号化通信を行なう際に、暗号鍵を外部から書き換える手間をかけることなく、不正通信に対するセキュリティ性を向上させることができる。 According to the present disclosure, it is possible to improve the security against unauthorized communication without taking the trouble of rewriting the encryption key from the outside when performing encrypted communication such as service-oriented communication.
通信システムの構成の一例を模式的に示す図である。It is a figure which shows an example of the structure of the communication system schematically. 1つのサービスに対して用意されるインスタンスIDおよび暗号鍵を例示した図である。It is a figure which illustrates the instance ID and the encryption key prepared for one service. サーバECUおよびクライアントECUがサービス指向通信を行なう際に実行する処理手順の一例を示すフローチャートである。It is a flowchart which shows an example of the processing procedure which is executed when the server ECU and the client ECU perform service-oriented communication. サーバECUおよびクライアントECUが行なう処理のシーケンス図である。It is a sequence diagram of the process performed by a server ECU and a client ECU.
 以下、本開示の実施の形態について、図面を参照しながら詳細に説明する。なお、図中同一または相当部分には同一符号を付してその説明は繰返さない。 Hereinafter, embodiments of the present disclosure will be described in detail with reference to the drawings. The same or corresponding parts in the drawings are designated by the same reference numerals and the description thereof will not be repeated.
 図1は、本実施の形態による通信システム1の構成の一例を模式的に示す図である。通信システム1は、サーバECU(送信機)10とクライアントECU(受信機)20とを備える。サーバECU10およびクライアントECU20は、互いに有線あるいは無線で接続されてサービス指向通信を行なうように構成される。なお、サーバECU10およびクライアントECU20は、サービス指向通信以外の暗号化通信を行なうようにしてもよい。 FIG. 1 is a diagram schematically showing an example of the configuration of the communication system 1 according to the present embodiment. The communication system 1 includes a server ECU (transmitter) 10 and a client ECU (receiver) 20. The server ECU 10 and the client ECU 20 are configured to be connected to each other by wire or wirelessly to perform service-oriented communication. The server ECU 10 and the client ECU 20 may perform encrypted communication other than service-oriented communication.
 サーバECU10およびクライアントECU20は、たとえば車両の制御に適用される。たとえば、サーバECU10がユーザの携帯キーに搭載され、クライアントECU20がユーザの車両に搭載される場合、クライアントECU20が、サーバECU10からの指令に応じて車両の制御(たとえば車両のドアを施錠および開錠する制御、車両のエンジンを駆動する制御など)を行なうようにしてもよい。 The server ECU 10 and the client ECU 20 are applied to, for example, vehicle control. For example, when the server ECU 10 is mounted on the user's mobile key and the client ECU 20 is mounted on the user's vehicle, the client ECU 20 controls the vehicle (for example, locks and unlocks the door of the vehicle) in response to a command from the server ECU 10. Control, control to drive the engine of the vehicle, etc.) may be performed.
 また、サーバECU10およびクライアントECU20が車両以外に搭載されてもよい。たとえば、サーバECU10がスマートフォンに搭載され、クライアントECU20がスピーカに搭載される場合、クライアントECU20が、サーバECU10からの指令に応じてスピーカから音声を出力させるようにスピーカを制御するようにしてもよい。また、たとえば、サーバECU10がユーザの携帯キーに搭載され、クライアントECU20がユーザの住宅に設置される場合、クライアントECU20が、サーバECU10からの指令に応じて住宅のドアの施錠および解錠を制御するようにしてもよい。 Further, the server ECU 10 and the client ECU 20 may be mounted on a vehicle other than the vehicle. For example, when the server ECU 10 is mounted on the smartphone and the client ECU 20 is mounted on the speaker, the client ECU 20 may control the speaker so as to output voice from the speaker in response to a command from the server ECU 10. Further, for example, when the server ECU 10 is mounted on the user's mobile key and the client ECU 20 is installed in the user's house, the client ECU 20 controls locking and unlocking of the door of the house in response to a command from the server ECU 10. You may do so.
 サーバECU10は、CPU(Central Processing Unit)11と、メモリ12とを備える。サーバECU10が行なう制御は、CPU11がメモリ12に記憶されているプログラムを実行することにより実現される。なお、サーバECU10が行なう制御については、ソフトウェアによる処理に限られず、専用のハードウェア(電子回路)により処理することも可能である。 The server ECU 10 includes a CPU (Central Processing Unit) 11 and a memory 12. The control performed by the server ECU 10 is realized by the CPU 11 executing a program stored in the memory 12. The control performed by the server ECU 10 is not limited to processing by software, but can also be processed by dedicated hardware (electronic circuit).
 同様に、クライアントECU20は、CPU21と、メモリ22とを備える。クライアントECU20が行なう制御は、CPU21がメモリ22に記憶されているプログラムを実行することにより実現される。なお、クライアントECU20が行なう制御については、ソフトウェアによる処理に限られず、専用のハードウェア(電子回路)により処理することも可能である。 Similarly, the client ECU 20 includes a CPU 21 and a memory 22. The control performed by the client ECU 20 is realized by the CPU 21 executing a program stored in the memory 22. The control performed by the client ECU 20 is not limited to processing by software, but can also be processed by dedicated hardware (electronic circuit).
 上述のように、サーバECU10およびクライアントECU20はサービス指向通信を行なうように構成される。具体的には、サーバECU10は、クライアントECU20からの要求に応じて、クライアントECU20にサービス(データ)31を提供する。この際、サーバECU10は、メモリ12に予め記憶される暗号鍵を用いて認証子32(第1認証子)を生成し、生成された認証子32をサービス31に付与してクライアントECU20に送信する。すなわち、サーバECU10からクライアントECU20に送信されるメッセージ30には、サービス31と、暗号鍵を用いて生成された認証子32とが含まれる。なお、認証子32は、たとえば乱数などである。 As described above, the server ECU 10 and the client ECU 20 are configured to perform service-oriented communication. Specifically, the server ECU 10 provides a service (data) 31 to the client ECU 20 in response to a request from the client ECU 20. At this time, the server ECU 10 generates an authenticator 32 (first authenticator) using the encryption key stored in advance in the memory 12, assigns the generated authenticator 32 to the service 31, and transmits the generated authenticator 32 to the client ECU 20. .. That is, the message 30 transmitted from the server ECU 10 to the client ECU 20 includes the service 31 and the authenticator 32 generated by using the encryption key. The authenticator 32 is, for example, a random number.
 クライアントECU20は、外部からメッセージ30を受信すると、自らのメモリ22に予め記憶される暗号鍵を用いて判定用認証子(第2認証子)を生成し、外部から受信したメッセージ30に含まれる認証子32(第1認証子)が判定用認証子(第2認証子)と一致するか否かを判定する。そして、外部から受信した認証子32が判定用認証子と一致する場合、クライアントECU20は、認証が成立している、すなわちメッセージ30が正規のサーバECU10から送信されたものであると判定し、メッセージ30に含まれるサービス31を受け付ける。一方、外部から受信した認証子32が判定用認証子と一致しない場合、クライアントECU20は、認証が不成立である、すなわちメッセージ30が正規のサーバECU10から送信されたものではないと判定し、メッセージ30に含まれるサービス31を受け付けない。これにより、不正通信が抑制される。 When the client ECU 20 receives the message 30 from the outside, the client ECU 20 generates a determination authenticator (second authenticator) using the encryption key stored in advance in its own memory 22, and the authentication included in the message 30 received from the outside. It is determined whether or not the child 32 (first authenticator) matches the determination authenticator (second authenticator). Then, when the authenticator 32 received from the outside matches the authenticator for determination, the client ECU 20 determines that the authentication is established, that is, the message 30 is transmitted from the legitimate server ECU 10, and the message is displayed. The service 31 included in 30 is accepted. On the other hand, if the authenticator 32 received from the outside does not match the authenticator for determination, the client ECU 20 determines that the authentication is unsuccessful, that is, the message 30 is not transmitted from the legitimate server ECU 10, and the message 30 is determined. The service 31 included in the above is not accepted. As a result, unauthorized communication is suppressed.
 (複数の暗号鍵の設定)
 従来のサービス指向通信においては、サーバECU(送信機)およびクライアントECU(受信機)の各々に共通の1つの暗号鍵を予め記憶しておき、1つのサービスに対して、1つの暗号鍵で生成した認証子を付与するのが一般的である。 (Setting of multiple encryption keys)
In conventional service-oriented communication, one encryption key common to each of the server ECU (transmitter) and client ECU (receiver) is stored in advance, and one encryption key is generated for one service. It is common to give an authenticator.
 しかしながら、従来の手法では、暗号鍵が一度不正に解読されてしまうと、サーバECUおよびクライアントECUの双方の暗号鍵を書き換えるまでは、不正通信が行なわれるおそれがある。また、サーバECUおよびクライアントECUの双方の暗号鍵を外部から書き換えるためには、手間と時間がかかる。 However, in the conventional method, once the encryption key is illegally decrypted, there is a possibility that unauthorized communication will be performed until the encryption keys of both the server ECU and the client ECU are rewritten. Further, it takes time and effort to rewrite the encryption keys of both the server ECU and the client ECU from the outside.
 上記の点に鑑み、本実施の形態による通信システム1においては、1つのサービスに対して、複数のインスタンスID(識別番号)が用意され、複数のインスタンスIDにそれぞれ対応する複数の暗号鍵が設定される。 In view of the above points, in the communication system 1 according to the present embodiment, a plurality of instance IDs (identification numbers) are prepared for one service, and a plurality of encryption keys corresponding to the plurality of instance IDs are set. Will be done.
 図2は、1つのサービスに対して用意されるインスタンスIDおよび暗号鍵を例示した図である。図2に示される例では、1つのサービス(Service1)に対して、3つのインスタンスID「01」、「02」、「03」が用意され、3つのインスタンスIDに対してそれぞれ3つの暗号鍵「111」、「222」、「333」が設定される。図2に示すインスタンスIDと暗号鍵との対応関係を規定する情報は、サーバECU10のメモリ12およびクライアントECU20のメモリ22の双方に予め記憶されている。 FIG. 2 is a diagram illustrating an instance ID and an encryption key prepared for one service. In the example shown in FIG. 2, three instance IDs "01", "02", and "03" are prepared for one service (Service1), and three encryption keys "" are prepared for each of the three instance IDs. "111", "222", and "333" are set. The information defining the correspondence between the instance ID and the encryption key shown in FIG. 2 is stored in advance in both the memory 12 of the server ECU 10 and the memory 22 of the client ECU 20.
 サーバECU10およびクライアントECU20は、サービス指向通信を行なう際に、暗号鍵を同期させながら変更することによって、暗号鍵を外部から書き換える手間をかけることなく、不正通信に対するセキュリティ性を向上させる。以下、この点について詳しく説明する。 The server ECU 10 and the client ECU 20 improve the security against unauthorized communication by changing the encryption key while synchronizing them when performing service-oriented communication, without taking the trouble of rewriting the encryption key from the outside. This point will be described in detail below.
 なお、以下では、図2に示されるように、1つのサービス(Service1)に対して、3つのインスタンスID「01」、「02」、「03」が用意され、3つのインスタンスIDに対してそれぞれ3つの暗号鍵「111」、「222」、「333」が設定されている場合について例示的に説明する。なお、インスタンスIDおよび暗号鍵の数は、3つに限定されず、2つであってもよいし、4つ以上であってもよい。 In the following, as shown in FIG. 2, three instance IDs "01", "02", and "03" are prepared for one service (Service1), and each of the three instance IDs is provided. An example will be described when three encryption keys "111", "222", and "333" are set. The number of instance IDs and encryption keys is not limited to three, and may be two or four or more.
 図3は、サーバECU10およびクライアントECU20がサービス指向通信を行なう際に実行する処理手順の一例を示すフローチャートである。図3に示すフローチャートは、予め定められた条件が成立する毎(たとえば所定周期毎)に繰り返し実行される。 FIG. 3 is a flowchart showing an example of a processing procedure executed when the server ECU 10 and the client ECU 20 perform service-oriented communication. The flowchart shown in FIG. 3 is repeatedly executed every time a predetermined condition is satisfied (for example, every predetermined cycle).
 クライアントECU20は、まず、サービス検索を行なう(ステップS20)。具体的には、クライアントECU20は、自らが要求するインスタンスID(以下「要求ID」ともいう)でサービスを提供することが可能であるか否かを問合せる旨のメッセージ(Find Service)をサーバECU10に送信する。なお、要求IDは、クライアントECU20のメモリ22に記憶されている3つのインスタンスID「01」、「02」、「03」のうちのいずれかである。 The client ECU 20 first performs a service search (step S20). Specifically, the client ECU 20 sends a message (Find Service) to the server ECU 10 to inquire whether or not it is possible to provide a service with the instance ID (hereinafter, also referred to as “request ID”) requested by the client ECU 20. Send. The request ID is one of the three instance IDs "01", "02", and "03" stored in the memory 22 of the client ECU 20.
 サーバECU10は、クライアントECU20からサービス検索での問合せを受けたことに応じて、サービス回答を行なう(ステップS10)。具体的には、サーバECU10は、クライアントECU20から受信した要求IDが自らのメモリ12に記憶されているインスタンスIDのなかに含まれていることを確認した上で、要求IDでサービスを提供することが可能である旨のメッセージ(Offer Service)をクライアントECU20に送信する。 The server ECU 10 responds to the service in response to the inquiry from the client ECU 20 in the service search (step S10). Specifically, the server ECU 10 confirms that the request ID received from the client ECU 20 is included in the instance ID stored in its own memory 12, and then provides the service with the request ID. A message (Offer Service) to the effect that is possible is transmitted to the client ECU 20.
 クライアントECU20は、サーバECU10からサービス回答を受けたことに応じて、サービス要求を行なう(ステップS22)。具体的には、クライアントECU20は、要求IDでサービスを提供することを正式に要求するメッセージ(Subscribe Event Group)をサーバECU10に送信する。 The client ECU 20 makes a service request in response to receiving a service response from the server ECU 10 (step S22). Specifically, the client ECU 20 sends a message (Subscribe Event Group) formally requesting the provision of the service with the request ID to the server ECU 10.
 サーバECU10は、クライアントECU20からサービス要求を受けると、サービス要求を了承した旨のメッセージ(Subscribe Event Group Ack)をクライアントECU20に送信する(ステップS12)。 When the server ECU 10 receives the service request from the client ECU 20, it transmits a message (Subscribe Event Group Ack) to the effect that the service request has been accepted to the client ECU 20 (step S12).
 その後、サーバECU10は、クライアントECU20から受信した要求IDを、現在のインスタンスID(以下「現在ID」ともいう)に設定する(ステップS14)。そして、サーバECU10は、メモリ12に記憶された情報を参照して、現在IDに対応する暗号鍵を特定する(ステップS16)。たとえば、現在IDが「01」である場合、上述の図2に示すように、暗号鍵は「111」と特定される。 After that, the server ECU 10 sets the request ID received from the client ECU 20 to the current instance ID (hereinafter, also referred to as “current ID”) (step S14). Then, the server ECU 10 refers to the information stored in the memory 12 and identifies the encryption key corresponding to the current ID (step S16). For example, when the current ID is "01", the encryption key is specified as "111" as shown in FIG. 2 above.
 そして、サーバECU10は、特定された暗号鍵を用いて認証子32を生成し(ステップS18)、生成された認証子32をサービス31に付与したメッセージ30をクライアントECU20に送信する(ステップS19)。なお、メッセージ30には、サービス31および認証子32に加えて、現在IDを示す情報も含まれる。 Then, the server ECU 10 generates an authenticator 32 using the specified encryption key (step S18), and sends a message 30 to which the generated authenticator 32 is attached to the service 31 to the client ECU 20 (step S19). In addition to the service 31 and the authenticator 32, the message 30 also includes information indicating the current ID.
 クライアントECU20は、外部からメッセージ30を受信すると、メッセージ30に含まれる現在IDに対応する暗証鍵をメモリ22に記憶された情報を参照して特定し(ステップS24)、特定された暗証鍵を用いて判定用認証子を生成する(ステップS26)。 When the client ECU 20 receives the message 30 from the outside, the client ECU 20 identifies the password key corresponding to the current ID included in the message 30 with reference to the information stored in the memory 22 (step S24), and uses the specified password key. To generate a determination authenticator (step S26).
 そして、クライアントECU20は、メッセージ30に含まれる認証子32が判定用認証子と一致するか否かを判定する(ステップS28)。メッセージ30に含まれる認証子32が判定用認証子と一致する場合(ステップS28においてYES)、クライアントECU20は、認証が成立している、すなわちメッセージ30が正規のサーバECU10から送信されたものであると判定する(ステップS30)。 Then, the client ECU 20 determines whether or not the authenticator 32 included in the message 30 matches the authenticator for determination (step S28). When the authenticator 32 included in the message 30 matches the determination authenticator (YES in step S28), the client ECU 20 has been authenticated, that is, the message 30 has been transmitted from the legitimate server ECU 10. (Step S30).
 メッセージ30に含まれる認証子32が判定用認証子と一致しない場合(ステップS28においてNO)、クライアントECU20は、認証が不成立である、すなわちメッセージ30が正規のサーバECU10から送信されたものではないと判定する(ステップS40)。 If the authenticator 32 included in the message 30 does not match the authenticator for determination (NO in step S28), the client ECU 20 does not authenticate, that is, the message 30 is not transmitted from the legitimate server ECU 10. Determination (step S40).
 その後、クライアントECU20は、認証が不成立であると認定された回数(すなわちメッセージ30に含まれる認証子32が判定用認証子と一致しないと判定された回数)である「認証NG回数」をカウントアップする(ステップS42)。なお、認証NG回数は、メモリ22に記憶される。 After that, the client ECU 20 counts up the "authentication NG number of times" which is the number of times when the authentication is determined to be unsuccessful (that is, the number of times when the authenticator 32 included in the message 30 is determined not to match the determination authenticator). (Step S42). The number of authentication NGs is stored in the memory 22.
 そして、クライアントECU20は、認証NG回数が予め定められた規定回数を超えたか否かを判定する(ステップS44)。この規定回数は、暗号鍵を解読しようとする非正規のECUが不正メッセージの送信を繰り返したとしても暗号鍵を解読できないと予測される程度の少ない回数(たとえば数回)に制限される。 Then, the client ECU 20 determines whether or not the number of times of authentication NG exceeds a predetermined number of times (step S44). This specified number of times is limited to a small number of times (for example, several times) that it is predicted that the encryption key cannot be decrypted even if the non-genuine ECU trying to decrypt the encryption key repeatedly sends an unauthorized message.
 認証NG回数が規定回数を超えていない場合(ステップS44においてNO)、クライアントECU20は、以降の処理をスキップしてリターンへと処理を移す。 If the number of authentication NGs does not exceed the specified number (NO in step S44), the client ECU 20 skips the subsequent processing and shifts the processing to the return.
 認証NG回数が規定回数を超えた場合(ステップS44においてYES)、クライアントECU20は、現在IDでのサービス提供を停止するように要求する旨のメッセージ(Stop Subscribe Event Group)をサーバECU10に送信する(ステップS46)。これにより、現在IDでのサービス提供が停止される。 When the number of authentication NGs exceeds the specified number (YES in step S44), the client ECU 20 sends a message (Stop Subscribe Event Group) requesting to stop the service provision by the current ID to the server ECU 10 (YES). Step S46). As a result, the service provision with the ID is currently stopped.
 その後、クライアントECU20は、要求IDを変更する(ステップS48)。たとえば、クライアントECU20は、現在の要求IDが「01」である場合、メモリ22に記憶されている3つのインスタンスID「01」、「02」、「03」のうちの、「01」とは異なる「02」あるいは「03」に要求IDを変更する。これにより、次回の演算サイクルにおいて、変更後の要求IDが現在IDに設定されることになる。 After that, the client ECU 20 changes the request ID (step S48). For example, when the current request ID is "01", the client ECU 20 is different from "01" among the three instance IDs "01", "02", and "03" stored in the memory 22. Change the request ID to "02" or "03". As a result, in the next calculation cycle, the changed request ID will be set to the current ID.
 図4は、サーバECU10およびクライアントECU20が行なう処理のシーケンス図である。図4には、正規の暗号鍵を有しない非正規のECUから通信システム1に対して不正メッセージが送信された場合が例示されている。 FIG. 4 is a sequence diagram of processing performed by the server ECU 10 and the client ECU 20. FIG. 4 illustrates a case where an unauthorized message is transmitted to the communication system 1 from a non-genuine ECU that does not have a legitimate encryption key.
 クライアントECU20は、非正規のECUから不正メッセージを受信すると、不正メッセージに含まれる現在ID「01」に対応する暗号鍵「111」をメモリ22に記憶された情報を参照して特定し、特定された暗号鍵「111」で判定用認証子を生成し、不正メッセージに含まれる認証子が判定用認証子と一致するか否かを判定する。この際、非正規のECUが現在ID「01」に対応する正規の暗号鍵を解読できていない場合には、不正メッセージに含まれる認証子は判定用認証子と一致しないため、認証不成立と判定される。非正規のECUが暗号鍵を解読しようとして不正メッセージを送信する毎に、認証不成立と判定され、認証NG回数がカウントアップされる。 When the client ECU 20 receives an invalid message from a non-genuine ECU, the client ECU 20 identifies and identifies the encryption key "111" corresponding to the current ID "01" included in the illegal message by referring to the information stored in the memory 22. A determination authenticator is generated with the encryption key "111", and it is determined whether or not the authenticator included in the invalid message matches the determination authenticator. At this time, if the non-genuine ECU cannot currently decrypt the legitimate encryption key corresponding to the ID "01", the authenticator included in the invalid message does not match the authenticator for determination, so it is determined that the authentication has not been established. Will be done. Every time the non-genuine ECU sends an unauthorized message in an attempt to decrypt the encryption key, it is determined that the authentication has not been established, and the number of times of authentication NG is counted up.
 認証NG回数が規定回数を超えた場合、非正規のECUが暗号鍵を解読しようとしている可能性があるため、クライアントECU20は、サーバECU10に対して現在ID「01」でのサービスを停止するように要求する。さらに、クライアントECU20は、要求IDを現在の「01」から「02」に変更し、サーバECU10に対して要求ID「02」でのサービス検索を行なう。このサービス検索を受信した正規のサーバECU10は、現在IDを要求ID「02」に設定し、現在ID「02」に対応する正規の暗号鍵「222」を用いて認証子を生成し、生成された認証子をサービスに付与してクライアントECU20に送信する。これにより、サーバECU10とクライアントECU20との間での認証が成立することになる。 If the number of authentication NGs exceeds the specified number, there is a possibility that the non-genuine ECU is trying to decrypt the encryption key, so the client ECU 20 should stop the service with the ID "01" to the server ECU 10 at present. Request to. Further, the client ECU 20 changes the request ID from the current "01" to "02", and performs a service search with the request ID "02" for the server ECU 10. The legitimate server ECU 10 that has received this service search sets the current ID to the request ID "02", generates an authenticator using the legitimate encryption key "222" corresponding to the current ID "02", and is generated. The authenticator is attached to the service and transmitted to the client ECU 20. As a result, authentication between the server ECU 10 and the client ECU 20 is established.
 このように、本実施の形態による通信システム1においては、暗号鍵を解読しようとする非正規のECUが不正メッセージの送信を繰り返した場合において、非正規のECUが現在使用中の暗号鍵を解読する前に、サーバECU10とクライアントECU20との間で自動的に暗号鍵を同期させながら変更することができる。そのため、暗号鍵を外部から書き換える手間を掛けることなく、不正通信に対するセキュリティ性を向上させることができる。 As described above, in the communication system 1 according to the present embodiment, when the non-genuine ECU trying to decrypt the encryption key repeatedly sends an illegal message, the non-genuine ECU decrypts the encryption key currently in use. Before this, the encryption key can be changed while being automatically synchronized between the server ECU 10 and the client ECU 20. Therefore, it is possible to improve the security against unauthorized communication without taking the trouble of rewriting the encryption key from the outside.
 さらに、本実施の形態による通信システム1においては、クライアントECU20からサーバECU10に送信される要求IDが変更される毎に、現在IDおよび暗号鍵を変更することができる。そのため、不正通信に対するセキュリティ性をクライアントECU20からの要求に応じて向上させることができる。 Further, in the communication system 1 according to the present embodiment, the current ID and the encryption key can be changed every time the request ID transmitted from the client ECU 20 to the server ECU 10 is changed. Therefore, the security against unauthorized communication can be improved in response to the request from the client ECU 20.
 今回開示された実施の形態はすべての点で例示であって制限的なものではないと考えられるべきである。本開示の範囲は上記した説明ではなくて請求の範囲によって示され、請求の範囲と均等の意味および範囲内でのすべての変更が含まれることが意図される。 The embodiments disclosed this time should be considered to be exemplary in all respects and not restrictive. The scope of this disclosure is set forth by the claims rather than the description above and is intended to include all modifications within the meaning and scope of the claims.
 以上に説明した例示的な実施の形態およびその変形例は、以下の態様の具体例である。
 (1) 本開示の一態様による送信機は、受信機との間で暗号化通信を行なう。この送信機は、複数の識別番号と、複数の識別番号にそれぞれ対応する複数の暗号鍵とを含む情報を記憶する第1記憶部と、第1記憶部に記憶された情報を用いて演算する第1演算部とを備える。第1演算部は、1つのサービスに対して複数の識別番号のうちのいずれかを現在の識別番号に設定し、第1記憶部に記憶された情報を参照して現在の識別番号に対応する暗号鍵を特定し、特定された暗号鍵を用いて第1認証子を生成し、1つのサービスと第1認証子とを受信機に送信する。 The exemplary embodiments and modifications thereof described above are specific examples of the following embodiments.
(1) The transmitter according to one aspect of the present disclosure performs encrypted communication with the receiver. This transmitter calculates using the first storage unit that stores information including a plurality of identification numbers and a plurality of encryption keys corresponding to the plurality of identification numbers, and the information stored in the first storage unit. It is provided with a first calculation unit. The first arithmetic unit sets one of a plurality of identification numbers for one service as the current identification number, and refers to the information stored in the first storage unit to correspond to the current identification number. The encryption key is specified, the specified encryption key is used to generate the first authenticator, and one service and the first authenticator are transmitted to the receiver.
 上記の態様によれば、送信機に、複数の識別番号と、複数の識別番号にそれぞれ対応する複数の暗号鍵とが予め記憶されている。そのため、送信機内において現在の識別番号を複数の識別番号のうちのいずれかに変更することによって、暗号鍵を変更することができる。そして、送信機は、現在の識別番号に対応する暗号鍵を用いて第1認証子を生成し、1つのサービスと第1認証子とを受信機に送信する。これにより、受信機との間でサービス指向通信などの暗号化通信を行なう際に、暗号鍵を外部から書き換える手間をかけることなく、不正通信に対するセキュリティ性を向上させることができる。 According to the above aspect, a plurality of identification numbers and a plurality of encryption keys corresponding to the plurality of identification numbers are stored in advance in the transmitter. Therefore, the encryption key can be changed by changing the current identification number to any one of a plurality of identification numbers in the transmitter. Then, the transmitter generates the first authenticator using the encryption key corresponding to the current identification number, and transmits one service and the first authenticator to the receiver. As a result, when performing encrypted communication such as service-oriented communication with the receiver, it is possible to improve the security against unauthorized communication without taking the trouble of rewriting the encryption key from the outside.
 (2) ある態様においては、第1演算部は、予め定められた条件が成立した場合に現在の識別番号を変更し、第1記憶部に記憶された情報を参照して変更後の現在の識別番号に対応する暗号鍵を特定し、特定された暗号鍵を用いて第1認証子を生成し、1つのサービスと第1認証子とを受信機に送信する。 (2) In a certain aspect, the first calculation unit changes the current identification number when a predetermined condition is satisfied, and refers to the information stored in the first storage unit to change the current identification number. The encryption key corresponding to the identification number is specified, the first authenticator is generated using the specified encryption key, and one service and the first authenticator are transmitted to the receiver.
 上記態様によれば、予め定められた条件が成立する毎に、暗号鍵を変更することができる。そのため、不正通信に対するセキュリティ性をより向上させることができる。 According to the above aspect, the encryption key can be changed every time a predetermined condition is satisfied. Therefore, the security against unauthorized communication can be further improved.
 (3) ある態様においては、予め定められた条件は、受信機から現在の識別番号を変更するように要求されたという条件を含む。 (3) In some embodiments, the predetermined condition includes the condition that the receiver has requested to change the current identification number.
 上記態様によれば、受信機から現在の識別番号を変更するように要求される毎に、暗号鍵を変更することができる。そのため、不正通信に対するセキュリティ性を受信機からの要求に応じて向上させることができる。 According to the above aspect, the encryption key can be changed every time the receiver requests to change the current identification number. Therefore, the security against unauthorized communication can be improved in response to a request from the receiver.
 (4) 本開示の一態様による受信機は、上記(3)に記載の送信機との間で暗号化通信を行なう。この受信機は、送信機の第1記憶部に記憶された複数の識別番号および複数の暗号鍵と同じ情報を記憶する第2記憶部と、第2演算部とを備える。第2演算部は、第2記憶部に記憶された情報を参照して現在の識別番号に対応する暗号鍵を特定し、特定された暗号鍵を用いて第2認証子を生成し、送信機から受信した第1認証子が第2認証子と一致するか否かを判定し、第1認証子が第2認証子と一致しないと判定された回数が規定回数を超えた場合に現在の識別番号を変更するように送信機に要求する。 (4) The receiver according to one aspect of the present disclosure performs encrypted communication with the transmitter described in (3) above. This receiver includes a second storage unit that stores the same information as a plurality of identification numbers and a plurality of encryption keys stored in the first storage unit of the transmitter, and a second calculation unit. The second arithmetic unit refers to the information stored in the second storage unit, identifies the encryption key corresponding to the current identification number, generates the second authenticator using the specified encryption key, and transmits the transmitter. It is determined whether or not the first authenticator received from is matched with the second authenticator, and the current identification is performed when the number of times the first authenticator is determined not to match the second authenticator exceeds the specified number of times. Ask the transmitter to change the number.
 上記態様によれば、送信機が生成した第1認証子が受信機が生成した第2認証子と一致しないと判定された回数が規定回数を超えた場合に、受信機から送信機に対して、現在の識別番号を変更するように要求され、現在の識別番号が変更される。そのため、暗号鍵を解読しようとする非正規の送信機が不正メッセージの送信を繰り返した場合において、非正規の送信機が現在の暗号鍵を解読する前に、正規の送信機と正規の受信機との間で自動的に暗号鍵を同期させながら変更することができる。 According to the above aspect, when the number of times that the first authenticator generated by the transmitter is determined not to match the second authenticator generated by the receiver exceeds the specified number of times, the receiver to the transmitter. , You will be asked to change the current identification number and the current identification number will be changed. Therefore, if a non-genuine transmitter trying to break the encryption key repeatedly sends a malicious message, the legitimate transmitter and the legitimate receiver before the non-genuine transmitter breaks the current encryption key. It can be changed while automatically synchronizing the encryption key with and.
 (5) 本開示の一態様による通信システムは、暗号化通信を行なう送信機および受信機を備える。送信機は、複数の識別番号と、複数の識別番号にそれぞれ対応する複数の暗号鍵とを含む情報を記憶する第1記憶部と、第1記憶部に記憶された情報を用いて演算する第1演算部とを備える。第1演算部は、1つのサービスに対して複数の識別番号のうちのいずれかを現在の識別番号に設定し、第1記憶部に記憶された情報を参照して現在の識別番号に対応する暗号鍵を特定し、特定された暗号鍵を用いて第1認証子を生成し、1つのサービスと第1認証子との組合せを受信機に送信する。受信機は、送信機の第1記憶部に記憶された情報と同じ情報を記憶する第2記憶部と、第2演算部とを備える。第2演算部は、第2記憶部に記憶された情報を参照して現在の識別番号に対応する暗号鍵を特定し、特定された暗号鍵を用いて第2認証子を生成し、送信機から受信した第1認証子が第2認証子と一致するか否かを判定し、第1認証子が第2認証子と一致しないと判定された回数が規定回数を超えた場合に現在の識別番号を変更するように送信機に要求する。 (5) The communication system according to one aspect of the present disclosure includes a transmitter and a receiver for performing encrypted communication. The transmitter calculates using the first storage unit that stores information including a plurality of identification numbers and a plurality of encryption keys corresponding to the plurality of identification numbers, and the information stored in the first storage unit. It is provided with one arithmetic unit. The first arithmetic unit sets one of a plurality of identification numbers for one service as the current identification number, and refers to the information stored in the first storage unit to correspond to the current identification number. The encryption key is specified, the specified encryption key is used to generate the first authenticator, and the combination of one service and the first authenticator is transmitted to the receiver. The receiver includes a second storage unit that stores the same information as the information stored in the first storage unit of the transmitter, and a second calculation unit. The second arithmetic unit refers to the information stored in the second storage unit, identifies the encryption key corresponding to the current identification number, generates the second authenticator using the specified encryption key, and transmits the transmitter. It is determined whether or not the first authenticator received from is matched with the second authenticator, and the current identification is performed when the number of times the first authenticator is determined not to match the second authenticator exceeds the specified number of times. Ask the transmitter to change the number.
 上記の通信システムによれば、上記(1)の送信機と同様の作用効果を奏することができる。 According to the above communication system, the same operation and effect as the transmitter of the above (1) can be obtained.
 (6) 本開示の一態様によるプログラムは、受信機との間で暗号化通信を行なう送信機を制御するためのプログラムである。送信機には、複数の識別番号と、複数の識別番号にそれぞれ対応する複数の暗号鍵とを含む情報が記憶されている。プログラムは、1つのサービスに対して複数の識別番号のうちのいずれかを現在の識別番号に設定するステップと、送信機に記憶された情報を参照して現在の識別番号に対応する暗号鍵を特定するステップと、特定された暗号鍵を用いて第1認証子を生成するステップと、1つのサービスと第1認証子との組合せを受信機に送信するステップと、を演算装置に実行させる。 (6) The program according to one aspect of the present disclosure is a program for controlling a transmitter that performs encrypted communication with a receiver. The transmitter stores information including a plurality of identification numbers and a plurality of encryption keys corresponding to the plurality of identification numbers. The program sets one of multiple identification numbers for one service as the current identification number, and refers to the information stored in the transmitter to provide the encryption key corresponding to the current identification number. The arithmetic unit is made to execute a step of specifying, a step of generating a first authenticator using the specified encryption key, and a step of transmitting a combination of one service and the first authenticator to the receiver.
 上記態様によれば、上記のプログラムを演算装置に実行させることによって、上記(1)の送信機と同様の作用効果を奏することができる。 According to the above aspect, by causing the arithmetic unit to execute the above program, the same operation and effect as that of the transmitter of the above (1) can be obtained.
 1 通信システム、11,21 CPU、12,22 メモリ、30 メッセージ、31 サービス、32 認証子、10 サーバECU、20 クライアントECU。 1 communication system, 11,21 CPU, 12,22 memory, 30 messages, 31 services, 32 authenticators, 10 server ECUs, 20 client ECUs.

Claims (6)

  1.  受信機との間で暗号化通信を行なう送信機であって、
     複数の識別番号と、前記複数の識別番号にそれぞれ対応する複数の暗号鍵とを含む情報を記憶する第1記憶部と、
     前記第1記憶部に記憶された情報を用いて演算する第1演算部とを備え、
     前記第1演算部は、
      1つのサービスに対して前記複数の識別番号のうちのいずれかを現在の識別番号に設定し、
      前記第1記憶部に記憶された情報を参照して前記現在の識別番号に対応する暗号鍵を特定し、
      特定された暗号鍵を用いて第1認証子を生成し、
      前記1つのサービスと前記第1認証子とを前記受信機に送信する、送信機。     A transmitter that performs encrypted communication with the receiver.
    A first storage unit that stores information including a plurality of identification numbers and a plurality of encryption keys corresponding to the plurality of identification numbers.
    It is provided with a first calculation unit that calculates using the information stored in the first storage unit.
    The first calculation unit is
    One of the plurality of identification numbers is set as the current identification number for one service.
    The encryption key corresponding to the current identification number is specified by referring to the information stored in the first storage unit.
    Generate a first authenticator using the specified encryption key and
    A transmitter that transmits the one service and the first authenticator to the receiver.
  2.  前記第1演算部は、
      予め定められた条件が成立した場合に前記現在の識別番号を変更し、
      前記第1記憶部に記憶された情報を参照して変更後の現在の識別番号に対応する暗号鍵を特定し、
      特定された暗号鍵を用いて前記第1認証子を生成し、
      前記1つのサービスと前記第1認証子とを前記受信機に送信する、請求項1に記載の送信機。     The first calculation unit is
    If the predetermined conditions are met, the current identification number will be changed.
    The encryption key corresponding to the changed current identification number is specified by referring to the information stored in the first storage unit.
    The first authenticator is generated using the specified encryption key,
    The transmitter according to claim 1, wherein the one service and the first authenticator are transmitted to the receiver.
  3.  前記予め定められた条件は、前記受信機から前記現在の識別番号を変更するように要求されたという条件を含む、請求項2に記載の送信機。 The transmitter according to claim 2, wherein the predetermined condition includes a condition that the receiver has requested to change the current identification number.
  4.  請求項3に記載の送信機との間で暗号化通信を行なう受信機であって、
     前記送信機の前記第1記憶部に記憶された前記複数の識別番号および前記複数の暗号鍵と同じ情報を記憶する第2記憶部と、
     第2演算部とを備え、
     前記第2演算部は、
      前記第2記憶部に記憶された情報を参照して前記現在の識別番号に対応する暗号鍵を特定し、
      特定された暗号鍵を用いて第2認証子を生成し、
      前記送信機から受信した前記第1認証子が前記第2認証子と一致するか否かを判定し、
      前記第1認証子が前記第2認証子と一致しないと判定された回数が規定回数を超えた場合に前記現在の識別番号を変更するように前記送信機に要求する、受信機。     A receiver that performs encrypted communication with the transmitter according to claim 3.
    A second storage unit that stores the same information as the plurality of identification numbers and the plurality of encryption keys stored in the first storage unit of the transmitter.
    Equipped with a second calculation unit
    The second calculation unit is
    The encryption key corresponding to the current identification number is specified by referring to the information stored in the second storage unit.
    Generate a second authenticator using the specified encryption key and
    It is determined whether or not the first authenticator received from the transmitter matches the second authenticator, and it is determined.
    A receiver that requests the transmitter to change the current identification number when the number of times the first authenticator is determined not to match the second authenticator exceeds a specified number of times.
  5.  暗号化通信を行なう送信機および受信機を備える通信システムであって、
     前記送信機は、
      複数の識別番号と、前記複数の識別番号にそれぞれ対応する複数の暗号鍵とを含む情報を記憶する第1記憶部と、
      前記第1記憶部に記憶された情報を用いて演算する第1演算部とを備え、
      前記第1演算部は、
       1つのサービスに対して前記複数の識別番号のうちのいずれかを現在の識別番号に設定し、
       前記第1記憶部に記憶された情報を参照して前記現在の識別番号に対応する暗号鍵を特定し、特定された暗号鍵を用いて第1認証子を生成し、
       前記1つのサービスと前記第1認証子との組合せを前記受信機に送信し、
     前記受信機は、
      前記送信機の前記第1記憶部に記憶された情報と同じ情報を記憶する第2記憶部と、
     第2演算部とを備え、
     前記第2演算部は、
      前記第2記憶部に記憶された情報を参照して前記現在の識別番号に対応する暗号鍵を特定し、
      特定された暗号鍵を用いて第2認証子を生成し、
      前記送信機から受信した前記第1認証子が前記第2認証子と一致するか否かを判定し、
      前記第1認証子が前記第2認証子と一致しないと判定された回数が規定回数を超えた場合に前記現在の識別番号を変更するように前記送信機に要求する、通信システム。     A communication system equipped with a transmitter and a receiver for encrypted communication.
    The transmitter is
    A first storage unit that stores information including a plurality of identification numbers and a plurality of encryption keys corresponding to the plurality of identification numbers.
    It is provided with a first calculation unit that calculates using the information stored in the first storage unit.
    The first calculation unit is
    One of the plurality of identification numbers is set as the current identification number for one service.
    The encryption key corresponding to the current identification number is specified with reference to the information stored in the first storage unit, and the first authenticator is generated using the specified encryption key.
    The combination of the one service and the first authenticator is transmitted to the receiver.
    The receiver is
    A second storage unit that stores the same information as the information stored in the first storage unit of the transmitter, and a second storage unit.
    Equipped with a second calculation unit
    The second calculation unit is
    The encryption key corresponding to the current identification number is specified by referring to the information stored in the second storage unit.
    Generate a second authenticator using the specified encryption key and
    It is determined whether or not the first authenticator received from the transmitter matches the second authenticator, and it is determined.
    A communication system that requests the transmitter to change the current identification number when the number of times the first authenticator is determined not to match the second authenticator exceeds a specified number of times.
  6.  受信機との間で暗号化通信を行なう送信機を制御するためのプログラムであって、前記送信機には、複数の識別番号と、前記複数の識別番号にそれぞれ対応する複数の暗号鍵とを含む情報が記憶されており、
     前記プログラムは、
      1つのサービスに対して前記複数の識別番号のうちのいずれかを現在の識別番号に設定するステップと、
      前記送信機に記憶された情報を参照して前記現在の識別番号に対応する暗号鍵を特定するステップと、
      特定された暗号鍵を用いて第1認証子を生成するステップと、
      前記1つのサービスと前記第1認証子との組合せを前記受信機に送信するステップと、
     を演算装置に実行させるためのプログラム。     It is a program for controlling a transmitter that performs encrypted communication with a receiver, and the transmitter has a plurality of identification numbers and a plurality of encryption keys corresponding to the plurality of identification numbers. The information it contains is stored
    The program
    A step of setting one of the plurality of identification numbers to the current identification number for one service, and
    A step of identifying the encryption key corresponding to the current identification number by referring to the information stored in the transmitter, and
    Steps to generate a first authenticator using the identified encryption key,
    A step of transmitting the combination of the one service and the first authenticator to the receiver,
    Program to make the arithmetic unit execute.
PCT/JP2021/030616 2020-11-30 2021-08-20 Transmitter, receiver, communication system, and program WO2022113440A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2020-198308 2020-11-30
JP2020198308A JP2022086355A (en) 2020-11-30 2020-11-30 Transmitter, receiver, communication system, and program

Publications (1)

Publication Number Publication Date
WO2022113440A1 true WO2022113440A1 (en) 2022-06-02

Family

ID=81754498

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2021/030616 WO2022113440A1 (en) 2020-11-30 2021-08-20 Transmitter, receiver, communication system, and program

Country Status (2)

Country Link
JP (1) JP2022086355A (en)
WO (1) WO2022113440A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10143695A (en) * 1996-11-15 1998-05-29 Toshiba Corp Mutual authentication system, toll receiving system of toll road and mutual authentication method of toll receiving system
JP2000514625A (en) * 1996-07-11 2000-10-31 ジェムプリュス エス.セー.アー. Synchronization and security method of short enhanced message exchange and short enhanced message exchange in cellular wireless communication system
JP2011066834A (en) * 2009-09-18 2011-03-31 Sony Corp Information processing apparatus, method for processing information, communication apparatus, method of communication, program, and mutual authentication system
WO2015170453A1 (en) * 2014-05-08 2015-11-12 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ On-vehicle network system, fraud-detection electronic control unit, and method for tackling fraud
JP2019140577A (en) * 2018-02-13 2019-08-22 株式会社デンソー Electronic control device and communication system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000514625A (en) * 1996-07-11 2000-10-31 ジェムプリュス エス.セー.アー. Synchronization and security method of short enhanced message exchange and short enhanced message exchange in cellular wireless communication system
JPH10143695A (en) * 1996-11-15 1998-05-29 Toshiba Corp Mutual authentication system, toll receiving system of toll road and mutual authentication method of toll receiving system
JP2011066834A (en) * 2009-09-18 2011-03-31 Sony Corp Information processing apparatus, method for processing information, communication apparatus, method of communication, program, and mutual authentication system
WO2015170453A1 (en) * 2014-05-08 2015-11-12 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ On-vehicle network system, fraud-detection electronic control unit, and method for tackling fraud
JP2019140577A (en) * 2018-02-13 2019-08-22 株式会社デンソー Electronic control device and communication system

Also Published As

Publication number Publication date
JP2022086355A (en) 2022-06-09

Similar Documents

Publication Publication Date Title
US11329979B1 (en) Mutli-factor authentication systems and methods
US7953976B2 (en) Method and apparatus for pervasive authentication domains
US5892828A (en) User presence verification with single password across applications
US8196186B2 (en) Security architecture for peer-to-peer storage system
CN109547445B (en) Method and system for verifying legality of network request of client
US10348706B2 (en) Assuring external accessibility for devices on a network
US20060159268A1 (en) Method and system for device authentication in home network
US10904256B2 (en) External accessibility for computing devices
US20220368542A1 (en) Key fob authentication, retention, and revocation
CA2959794C (en) Monitoring user activity
US7318234B1 (en) Request persistence during session authentication
CN111432374A (en) Method and device for authenticating identity of network-connected automobile network node and readable storage medium
CN114070559A (en) Industrial Internet of things session key negotiation method based on multiple factors
JP2000148689A (en) Method for authenticating users of network system
JP4608929B2 (en) Authentication system, server authentication program, and client authentication program
JP6475366B2 (en) How to manage access to services
WO2022113440A1 (en) Transmitter, receiver, communication system, and program
CN112953724B (en) Authentication method of anti-theft chain, and related device and equipment
AU2017412654B2 (en) Assuring external accessibility for devices on a network
US11943349B2 (en) Authentication through secure sharing of digital secrets previously established between devices
EP2641208B1 (en) Method to detect cloned software
US20230129128A1 (en) Secure and documented key access by an application
CN116781297A (en) Security authentication method, management and control platform, network equipment and storage medium
EP4356634A1 (en) Digest access authentication for a client device
CN113038196A (en) Sender device and receiver device for transmitting media data in a communication network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21897419

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21897419

Country of ref document: EP

Kind code of ref document: A1