WO2024090461A1 - Système de clé, dispositif de verrouillage électronique, dispositif de clé électronique et système de communication d'informations - Google Patents

Système de clé, dispositif de verrouillage électronique, dispositif de clé électronique et système de communication d'informations Download PDF

Info

Publication number
WO2024090461A1
WO2024090461A1 PCT/JP2023/038451 JP2023038451W WO2024090461A1 WO 2024090461 A1 WO2024090461 A1 WO 2024090461A1 JP 2023038451 W JP2023038451 W JP 2023038451W WO 2024090461 A1 WO2024090461 A1 WO 2024090461A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
information processing
processing device
electronic
hash value
Prior art date
Application number
PCT/JP2023/038451
Other languages
English (en)
Japanese (ja)
Inventor
長谷部 淳
勝二 久保江
Original Assignee
株式会社ZK Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社ZK Corporation filed Critical 株式会社ZK Corporation
Publication of WO2024090461A1 publication Critical patent/WO2024090461A1/fr

Links

Images

Classifications

    • EFIXED CONSTRUCTIONS
    • E05LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
    • E05BLOCKS; ACCESSORIES THEREFOR; HANDCUFFS
    • E05B49/00Electric permutation locks; Circuits therefor ; Mechanical aspects of electronic locks; Mechanical keys therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • One embodiment of the present invention relates to a key system that uses an electronic key device to operate an electronic lock device. Another embodiment of the present invention relates to an electronic lock device or an electronic key device included in the key system. Another embodiment of the present invention relates to an information and communication system used to send and receive data between multiple electronic devices.
  • one embodiment of the present invention has as its object to provide a key system with high security. Also, one embodiment of the present invention has as its object to provide an information and communication system with high security.
  • a key system includes a first information processing device included in an electronic lock device, and a second information processing device included in an electronic key device that operates the electronic lock device and communicatively connected to the first information processing device.
  • the first information processing device acquires combined data in which at least first data and second data different from the first data are combined
  • the first information processing device transmits the combined data to the second information processing device
  • the first information processing device calculates a first hash value that satisfies a predetermined condition based on the first nonce value and the combined data
  • the second information processing device calculates a second hash value that satisfies a predetermined condition based on the second nonce value and the received combined data
  • the first information processing device determines whether the first hash value and the second hash value match.
  • a specified operation may be executed on the electronic lock device.
  • the first data is one-time data, and the one-time data may be date data, time data, or date and time data.
  • the first data is one-time data, and the one-time data may be location data of the electronic lock device.
  • the second data is unique data, which may be an identifier for the electronic lock device.
  • the second data is unique data, and the unique data may be one selected from the identifiers of multiple electronic key devices registered in the first information processing device.
  • the second data may be user data unique to the user.
  • the user data may be biometric information of the user.
  • the user data may be identification information of an item possessed by the user.
  • the electronic lock device may be installed in a vehicle, and the second data may be vehicle data specific to the vehicle.
  • the vehicle data may be individual identification information of the vehicle.
  • the vehicle data may be vehicle model information of the vehicle.
  • the electronic lock device does not need to be operated.
  • the first calculation unit that calculates the first hash value and the second calculation unit that calculates the second hash value may each be configured with an ASIC.
  • An electronic lock device includes an acquisition unit that acquires combined data in which at least first data and second data different from the first data are combined after a communication connection with an electronic key device is initiated, a communication unit that transmits the combined data to the electronic key device, a calculation unit that calculates a first hash value that satisfies a predetermined condition based on a nonce value and the combined data, and a determination unit that determines whether the first hash value matches the second hash value transmitted from the electronic key device.
  • An electronic key device includes a communication unit that receives combined data that combines at least first data acquired by the electronic lock device and second data different from the first data after a communication connection with the electronic lock device is initiated, and a calculation unit that calculates a hash value that satisfies a predetermined condition based on a nonce value and the received combined data.
  • An information communication system includes a first information processing device included in a first electronic device that transmits first data, and a second information processing device included in a second electronic device that receives the first data, the first information processing device acquires combined data in which at least the first data and second data different from the first data are combined, the first information processing device calculates a first hash value that satisfies a predetermined condition based on the first nonce value and the combined data, the second information processing device calculates a second hash value that satisfies a predetermined condition based on the second nonce value and the combined data transmitted from the first electronic device to the second electronic device, and the second information processing device determines whether the first hash value and the second hash value match.
  • At least one of the first electronic device and the second electronic device may be a router. At least one of the first electronic device and the second electronic device may be an information communication terminal.
  • the key system according to one embodiment of the present invention calculates a hash value that is difficult to decrypt not only in the electronic lock device but also in the electronic key device, making it possible to operate the electronic lock device. Therefore, it is extremely difficult to operate the electronic lock device even if only the electronic lock device is hacked, and the key system has a high level of security. Furthermore, the information and communication system according to one embodiment of the present invention uses a hash value that is difficult to calculate when sending and receiving encrypted data. Therefore, the information and communication system has a high level of security.
  • FIG. 1 is a schematic diagram illustrating an overview of a key system according to one embodiment of the present invention.
  • FIG. 1 is a block diagram showing the configuration of a key system according to an embodiment of the present invention; 1 is a schematic diagram illustrating calculation of a hash value in a key system according to an embodiment of the present invention.
  • FIG. FIG. 2 is a sequence diagram illustrating processing executed by a first information processing device and a second information processing device in a key system according to an embodiment of the present invention.
  • 4 is a flowchart illustrating processing executed by a first information processing device and a second information processing device in a key system according to an embodiment of the present invention.
  • 1 is a schematic diagram illustrating an overview of a key system according to one embodiment of the present invention.
  • FIG. 1 is a schematic diagram illustrating an overview of an information communication system according to an embodiment of the present invention. 1 is a block diagram showing a configuration of an nth information processing device mounted in an nth electronic device of an information communication system according to an embodiment of the present invention. 1 is a sequence diagram illustrating processing executed in an s-th information processing device and a t-th information processing device in an information communication system according to an embodiment of the present invention.
  • FIG. 11 is a flowchart illustrating processing executed in an s-th information processing device and a t-th information processing device in an information communication system according to an embodiment of the present invention.
  • 1 is a schematic diagram illustrating an overview of an information communication system according to an embodiment of the present invention.
  • FIG. 1 is a schematic diagram illustrating an overview of a key system 1 according to one embodiment of the present invention.
  • FIG. 2 is a block diagram illustrating the configuration of a key system 1 according to one embodiment of the present invention.
  • the key system 1 includes a first information processing device 100 and a second information processing device 200.
  • the first information processing device 100 and the second information processing device 200 are mounted on an electronic lock device 10 and an electronic key device 20, respectively, for use.
  • the electronic lock device 10 is installed on the door of an automobile 1000 and controls the door so that it can be opened and closed.
  • the electronic key device 20 is a smart key for the automobile 1000.
  • the electronic lock device 10 can be connected to the electronic key device 20 by wireless communication.
  • a user uses the electronic key device 20 to operate the unlocking and locking of the electronic lock device 10.
  • the electronic lock device 10 is unlocked, the user can open the door of the automobile 1000.
  • the electronic lock device 10 is locked, the user can close the door of the automobile 1000.
  • the operation of unlocking and locking the electronic lock device 10 may be initiated by the user directly operating the electronic key device 20, or may be initiated by the electronic key device 20 approaching or touching the electronic lock device 10 at a predetermined distance.
  • the electronic lock device 10 may also have an insertion port, and the operation of unlocking and locking the electronic lock device 10 may be initiated by inserting the electronic key device 20 into the insertion port.
  • the key system 1 can operate the unlocking and locking of the doors of an automobile 1000, but the usage of the key system 1 is not limited to this.
  • the key system 1 can also operate the unlocking and locking of doors of a house or apartment building, etc.
  • the use of the key system 1 is not limited to unlocking and locking doors.
  • the key system 1 can also start the engine of the automobile 1000.
  • the first information processing device 100 is installed so as to be connected to a start switch that starts the engine of the automobile 1000.
  • the start switch is pressed by a user, the first information processing device 100 communicates with the electronic key device 20 and starts the engine of the automobile 1000 according to the processing of the key system 1.
  • the key system 1 can be used not only to unlock and lock the doors of the automobile 1000, but also to start the engine of the automobile 1000.
  • a key system 1 including a first information processing device 100 and a second information processing device 200 will be described, but the key system 1 may also include an electronic lock device 10 and an electronic key device 20.
  • the first information processing device 100 is communicatively connected to the second information processing device 200 via a network NW.
  • the network NW is wireless and may be, for example, the Internet, Bluetooth (registered trademark), or Wi-Fi (registered trademark), but the configuration of the network NW is not limited to these.
  • the network NW may also be wired.
  • the first information processing device 100 and the second information processing device 200 are connected by a cable or the like.
  • the first information processing device 100 includes an authentication unit 110, an acquisition unit 120, a first calculation unit 130, a determination unit 140, a first communication unit 150, and a first memory unit 160.
  • the second information processing device 200 includes an operation unit 210, a second calculation unit 230, a second communication unit 250, and a second memory unit 260.
  • Each of the first memory unit 160 and the second memory unit 260 is a storage capable of storing data or information.
  • the first memory unit 160 stores a first identifier 161 and a seed value 162.
  • the second memory unit 260 stores a second identifier 261.
  • a hard disk drive (HDD), a solid state drive (SSD), a read only memory (ROM), a random access memory (RAM), or a flash memory can be used.
  • the first identifier 161 is unique data for identifying the first information processing device 100.
  • the second identifier 261 is unique data for identifying the second information processing device 200.
  • the first information processing device 100 can be identified based on the first identifier 161
  • the second information processing device 200 can be identified based on the second identifier 261.
  • the seed value 162 is data used in the calculations performed by the first calculation unit 130 and the second calculation unit 230.
  • the seed value 162 is data registered in advance and may be registered by the user.
  • the data registered as the seed value 162 may be not only one but also multiple.
  • the first identifier 161 and the second identifier 261, which are unique data of the key system 1 can be registered as the seed value 162.
  • vehicle data unique to the vehicle can also be registered as the seed value 162.
  • the vehicle data is individual identification information of the vehicle (e.g., the vehicle registration number or the vehicle number, etc.) and classification information of the vehicle (e.g., the vehicle model, the vehicle name, the vehicle type, or the vehicle rank, etc.), but is not limited to these.
  • user data unique to the user who uses the electronic key device 20 can also be registered as the seed value 162.
  • User data includes, but is not limited to, the user's biometric information (e.g., iris pattern, vein pattern, fingerprint pattern, or face pattern) and identification information of an item possessed by the user (e.g., IC card identification number or information terminal identification number).
  • the authentication unit 110 determines whether the second identifier 261 is a registered identifier.
  • identifiers are registered in advance, and the electronic lock device 10 can be operated by authenticating the electronic key device 20 including the registered identifier by the authentication unit 110.
  • the registered identifier may be stored in the first storage unit 160. If the electronic lock device 10 is operated by multiple electronic key devices 20, multiple identifiers may be registered. Note that if the electronic lock device 10 is operated by multiple electronic key devices 20, multiple second identifiers 261 can also be registered as the seed value 162.
  • the acquisition unit 120 acquires data necessary for the calculations in the first calculation unit 130 and the second calculation unit 230. Specifically, the acquisition unit 120 acquires at least two different pieces of data from the seed value 162 and time data (or date data or date and time data), and combines the acquired data. That is, the acquisition unit 120 acquires combined data in which at least first data and second data different from the first data are combined. Specifically, the acquisition unit 120 acquires combined data in which time data and the first identifier 161 are combined. The acquisition unit 120 also selects one from a plurality of registered second identifiers 261 (which may be an approved second identifier 261), and acquires combined data in which time data and the selected second identifier 261 are combined.
  • a plurality of registered second identifiers 261 which may be an approved second identifier 261
  • the acquisition unit 120 can also acquire data other than the seed value 162.
  • the acquisition unit 120 can acquire the position data of the automobile 1000 (corresponding to the position data of the electronic lock device 10) or mileage data.
  • the position data of the automobile 1000 can be acquired by a Global Positioning System (GPS), a Global Navigation Satellite System (GNSS), a positioning device installed in the automobile 1000, or a network.
  • GPS Global Positioning System
  • GNSS Global Navigation Satellite System
  • the mileage data of the automobile 1000 can be acquired by an odometer or trip meter, etc.
  • the first identifier 161, the second identifier 261, the vehicle data, and the user data described above are unique data that do not change depending on the time or location acquired by the acquisition unit 120.
  • the time data, the date data, the date and time data, the location data, and the driving data described above are one-time data that change depending on the time or location acquired by the acquisition unit 120.
  • the combined data acquired by the acquisition unit 120 includes one-time data.
  • the acquisition unit 120 can also acquire location data as one-time data instead of time data or in addition to time data.
  • the combined data also becomes one-time data.
  • the combined data used as input values for the calculations of the first calculation unit 130 and the second calculation unit 230 changes every time the electronic lock device 10 is operated by the electronic key device 20, which prevents hacking and improves security.
  • FIG. 3 is a schematic diagram illustrating the calculation of a hash value in the key system 1 according to one embodiment of the present invention.
  • a nonce value and combined data e.g., combined data of the seed value 162 and time data
  • each of the first calculation unit 130 and the second calculation unit 230 calculates a hash value using a hash function (e.g., an algorithm such as SHA256).
  • SHA256 an algorithm such as SHA256
  • the calculated hash value is set to satisfy a common predetermined condition. Therefore, each of the first calculation unit 130 and the second calculation unit 230 repeatedly calculates the nonce value while varying it until a hash value that satisfies the predetermined condition is obtained.
  • the calculations of the first calculation unit 130 and the second calculation unit 230 use the same hash function and combined data. If the nonce value is different, a different hash value is obtained, but a specific condition is set for the calculated hash value, and by repeatedly performing calculations while varying the nonce value, the first hash value calculated by the calculation of the first calculation unit 130 and the second hash value calculated by the calculation of the second calculation unit 230 will be the same.
  • the determination unit 140 determines whether the first hash value and the second hash value match. Normally, the first hash value and the second hash value match. However, if data different from the combined data acquired by the acquisition unit 120 is acquired through hacking, and a calculation is performed using the hacked data, a hash value different from the first hash value is obtained. Therefore, by determining whether the first hash value and the second hash value match, it is possible to prevent hacking and improve security.
  • the operation unit 210 generates an operation request based on the user's operation of the electronic key device 20. Specifically, when the user presses the unlock switch of the electronic key device 20, the operation unit 210 generates an operation request to unlock the doors of the automobile 1000. Also, when the user presses the lock switch of the electronic key device 20, the operation unit 210 generates an operation request to lock the doors of the automobile 1000.
  • Each of the first calculation unit 130 and the second calculation unit 230 is configured with an ASIC (Application Specific Integrated Circuit).
  • the first calculation unit 130 and the second calculation unit 230 are circuit configurations specialized for hash calculations that calculate hash values while varying nonce values. Therefore, the calculation speed of the first calculation unit 130 and the second calculation unit 230 is fast, for example, the calculation speed is about several seconds to 30 seconds.
  • hash calculations using software often require several hours. Therefore, hacking the electronic lock device 10 requires time, and in reality, hacking the electronic lock device 10 is impossible.
  • the authentication unit 110, acquisition unit 120, judgment unit 140, and operation unit 210 can function by a central processing unit (CPU) or a microprocessor (MPU) executing a program.
  • CPU central processing unit
  • MPU microprocessor
  • the authentication unit 110, acquisition unit 120, and judgment unit 140 may be incorporated in an ASIC in the first information processing device 100
  • the operation unit 210 may be incorporated in an ASIC in the second information processing device 200.
  • Each of the first communication unit 150 and the second communication unit 250 is a communication interface capable of wirelessly transmitting or receiving data or information. Specifically, the first communication unit 150 transmits combined data required for the calculation in the second calculation unit 230. In addition, the second communication unit 250 transmits an operation request based on an operation instruction from a user, a second identifier 261 required for processing in the authentication unit 110, and a second hash value calculated by the second calculation unit 230. For example, a wireless LAN module, a Bluetooth module, or a Wi-Fi module can be used as each of the first communication unit 150 and the second communication unit 250.
  • FIG. 4 is a sequence diagram explaining the processing executed by the first information processing device 100 and the second information processing device 200 of the key system 1 according to one embodiment of the present invention.
  • FIG. 5 is a flowchart explaining the processing executed by the first information processing device 100 and the second information processing device 200 of the key system 1 according to one embodiment of the present invention.
  • the process shown in Figures 4 and 5 is started when the user uses the electronic key device 20 to instruct the electronic lock device 10 to operate. For example, the user presses an unlock button or a lock button provided on the electronic key device 20 to instruct the electronic lock device 10 to be unlocked or locked. That is, the process shown in Figures 4 and 5 is started in response to an instruction from the user using the electronic key device 20, and steps S110 to S200 are executed. Note that the process shown in Figures 4 and 5 may also be started when the electronic key device 20 approaches the electronic lock device 10 within a predetermined distance. Below, the process of each step will be explained in the order of steps S110 to S200 shown in Figure 5.
  • step S110 the operation unit 210 generates an operation request based on the user's operation instruction. For example, when the user presses the release button on the electronic key device 20, the operation unit 210 generates an operation request to unlock the electronic lock device 10. Also, when the user presses the lock button on the electronic key device 20, the operation unit 210 generates an operation request to lock the electronic lock device 10.
  • step S120 the second identifier 261 and the operation request generated in step S110 are sent from the second information processing device 200 to the first information processing device 100.
  • step S130 the authentication unit 110 determines whether the transmitted second identifier 261 is a registered identifier. If the second identifier 261 is a registered identifier (step S130: YES), the second identifier 261 is authenticated, and step S140 is executed. If the second identifier 261 is not a registered identifier (step S130: NO), the second identifier 261 is not authenticated, and the processing in the key system 1 ends.
  • the electronic lock device 10 may be operated by multiple electronic key devices 20. In such cases, it is necessary to distinguish between electronic key devices 20 that can operate the electronic lock device 10 and electronic key devices 20 that cannot operate the electronic lock device 10. Therefore, in step S130, the identifiers assigned to each of the multiple electronic key devices 20 are authenticated, so that only authenticated electronic key devices 20 can operate the electronic lock device 10.
  • step S140 the acquisition unit 120 acquires and combines the seed value 162 and the time data. That is, in step S140, the acquisition unit 120 acquires combined data in which the seed value 162 and the time data are combined.
  • the combined data may contain multiple seed values 162. It is also preferable that the combined data contains one-time data. If the combined data contains one-time data, different combined data is acquired each time step S140 is executed, thereby preventing hacking and improving security.
  • step S150 the combined data acquired in step S140 is transmitted from the first information processing device 100 to the second information processing device 200.
  • step S160 the first calculation unit 130 repeats a hash calculation that varies the nonce value, and calculates a first hash value that satisfies a predetermined condition based on the first nonce value and the combined data.
  • step S170 the second calculation unit 230 repeats a hash calculation that varies the nonce value, and calculates a second hash value that satisfies a predetermined condition based on the second nonce value and the combined data.
  • step S180 the second hash value calculated in step S170 is transmitted from the second information processing device 200 to the first information processing device 100.
  • step S190 the determination unit 140 determines whether the first hash value calculated in step S160 and the second hash value transmitted in step S180 match. If the first hash value matches the second hash value (step S190: YES), step S200 is executed. If the first hash value does not match the second hash value (step S190: NO), processing in the key system 1 ends.
  • the first calculation unit 130 and the second calculation unit 230 may set a time limit for determining the first hash value and the second hash value, taking advantage of the fact that the calculation speed is faster than software hacking. Specifically, when the first hash value and the second hash value do not match within a predetermined time (e.g., 30 seconds) from a predetermined reference time (e.g., when the communication connection is started, when the first communication unit 150 transmits the combined data, or when the first calculation unit 130 starts calculation) after the communication connection between the first information processing device and the second information processing device is started in step S120, the electronic lock device 10 is prevented from being operated. Therefore, in step S190, the determination unit 140 can also determine that the first hash value and the second hash value do not match when the second hash value is not acquired within the predetermined time.
  • a predetermined time e.g. 30 seconds
  • a predetermined reference time e.g., when the communication connection is started, when the first communication unit 150 transmits the combined data, or when the first calculation
  • step S200 a predetermined operation is performed on the electronic lock device 10 in accordance with the operation request sent in step S120.
  • step S200 is executed, processing in the key system 1 ends.
  • a hash value that is difficult to decrypt is calculated in each of the first information processing device 100 mounted on the electronic lock device 10 of the automobile 1000 and the second information processing device 200 mounted on the electronic key device 20, making it possible to operate the automobile 1000. Therefore, it is very difficult to operate the automobile 1000 by hacking only the electronic lock device 10, and the key system 1 has high security.
  • FIG. 6 is a schematic diagram illustrating an overview of a key system 1A according to one embodiment of the present invention.
  • FIG. 7 is a sequence diagram illustrating the processing executed by a first information processing device 100A and a second information processing device 200 of a key system 1A according to one embodiment of the present invention.
  • FIG. 8 is a flowchart illustrating the processing executed by a first information processing device 100A and a second information processing device 200 of a key system 1A according to one embodiment of the present invention.
  • an electronic lock device 10A equipped with a first information processing device 100A is connected to a camera 30A.
  • the electronic lock device 10A may also include a camera 30A.
  • the electronic lock device 10A is installed near the camera 30A, but the installation position of the electronic lock device 10A is not limited to this.
  • the electronic lock device 10A may be installed in the door.
  • a start switch 40A for starting the engine of the automobile 1000 is installed.
  • the processing of the key system 1A is used and the user's face is authenticated. Specifically, when the user presses the start switch 40A, the camera 30A captures a picture of the user's face. Facial authentication is performed based on the captured facial data, and the engine of the automobile 1000 can be started.
  • the authentication unit 110 not only performs authentication using an identifier, but also performs face authentication by determining whether the facial data captured by the camera 30A is the face of a pre-registered user. Specifically, the authentication unit 110 can perform face authentication based on feature points such as the eyes, nose, or mouth of the captured face. Once the captured facial data has been authenticated, the engine of the automobile 1000 can be started via the electronic lock device 10A.
  • step S135A is executed after step S130.
  • step S135A the authentication unit 110 determines whether the facial data captured by the camera 30A is the face of a pre-registered user. If the captured facial data is the face of a registered user (step S135A: YES), the facial data is authenticated and step S140 is executed. If the captured facial data is not the face of a registered user (step S135A: NO), the facial data is not authenticated and processing in the key system 1 ends.
  • the engine of the automobile 1000 can be started using biometric authentication such as facial recognition.
  • biometric authentication can improve security, it can also be hacked.
  • a determination is made based on a first hash value calculated by the first calculation unit 130 and a second hash value calculated by the second calculation unit 230. Since the second hash value cannot be calculated without the electronic key device 20, it is very difficult to hack the automobile 1000 and steal it. Therefore, the key system 1A can significantly prevent hacking and improve security.
  • the acquisition unit 120 may also acquire combined data including face data captured by the camera 30A.
  • the face data is generated each time the engine is started, and can therefore be used as one-time data.
  • a hash value that is difficult to decrypt is calculated in each of the first information processing device 100A mounted on the electronic lock device 10A of the automobile 1000 and the second information processing device 200 mounted on the electronic key device 20, and the engine of the automobile 1000 is started by the calculation. Therefore, it is very difficult to start the engine of the automobile 1000 by hacking only the electronic lock device 10A, and the key system 1A has high security.
  • the key system described in the first and second embodiments is a system that uses an electronic key device (there may be multiple electronic key devices) to operate an electronic lock device corresponding to the electronic key device.
  • the basic configuration of the first information processing device 100 and the second information processing device 200 can also be used in transmitting and receiving data between multiple electronic devices. In this case, highly secure data can be transmitted and received between the multiple electronic devices. Therefore, an information communication system 2 according to an embodiment of the present invention will be described with reference to Figs. 9 to 12.
  • the description of the configuration of the information communication system 2 may be omitted.
  • FIG. 9 is a schematic diagram illustrating an overview of an information communication system 2 according to an embodiment of the present invention.
  • the information and communication system 2 includes a first electronic device 2000-1, a second electronic device 2000-2, a third electronic device 2000-3, and a fourth electronic device 2000-4. Although four electronic devices 2000 are illustrated in FIG. 9 for convenience, the information and communication system 2 can be used among a plurality of electronic devices 2000 (hereinafter, the plurality of electronic devices 2000 may be described as an n-th electronic device 2000-n (n is an integer of 2 or more)).
  • the first electronic device 2000-1 to the fourth electronic device 2000-4 are connected to each other so as to be able to communicate with each other via a network NW.
  • the network NW may be wired or wireless.
  • some of the plurality of electronic devices 2000 may be connected to each other so as to be able to communicate with each other via a wire. If the network NW is wired, communication may be possible only among the electronic devices 2000 connected by wire.
  • the information and communication system 2 can be installed, for example, in an office, a home, or a factory, and can be used for encrypted communication.
  • the electronic device 2000 is any device capable of transmitting or receiving data or information.
  • the electronic device 2000 may be, but is not limited to, a server (first electronic device 2000-1) or an information communication terminal (second electronic device 2000-2) that transmits and receives data or information, a camera (third electronic device 2000-3) that transmits captured video data, or a sensor (fourth electronic device 2000-4) that transmits detected signal data.
  • the nth electronic device 2000-n is equipped with the nth information processing device 300-n described below.
  • the nth information processing device 300-n may be incorporated as part of the components that configure the functions of the nth electronic device 2000-n, or may be installed separately from the components that configure the functions of the nth electronic device 2000-n. In the latter case, the information communication system 2 can be used by inserting, attaching, or replacing the nth information processing device 300-n into the nth electronic device 2000-n. Note that, hereinafter, when the n nth information processing devices 300-n are not particularly distinguished from one another, they may be simply described as information processing devices 300.
  • FIG. 10 is a block diagram showing the configuration of the nth information processing device 300-n installed in the nth electronic device 2000-n of an information communication system 2 according to one embodiment of the present invention.
  • the nth information processing device 300-n includes an nth authentication unit 310-n, an nth acquisition unit 320-n, an nth calculation unit 330-n, an nth judgment unit 340-n, and an nth storage unit 360-n.
  • the nth storage unit 360-n also includes an nth identifier 361-n.
  • the nth authentication unit 310-n, the nth calculation unit 330-n, the nth judgment unit 340-n, and the nth storage unit 360-n are similar to the authentication unit 110, the first calculation unit 130, the judgment unit 140, and the first storage unit 160 of the first information processing device 100, respectively, and therefore will not be described here.
  • the nth information processing device 300-n may include a communication unit.
  • the nth acquisition unit 320-n acquires data to be transmitted to another information processing device (hereinafter referred to as "transmission data") and time data, and combines the acquired data.
  • transmission data another information processing device
  • the nth acquisition unit 320-n acquires combined data in which the transmission data and the time data are combined.
  • the transmission data is encrypted by combining it with the time data.
  • the nth acquisition unit 320-n can also acquire data other than time data.
  • the nth acquisition unit 320-n can also acquire the nth identifier 361-n or the identifier of an information processing device of another information processing device.
  • the nth acquisition unit 320-n can also acquire a portion of the data to be transmitted.
  • the nth acquisition unit 320-n combines at least one of the acquired data with the data to be transmitted to acquire encrypted combined data.
  • the nth identifier 361-n is unique data for identifying the nth information processing device 300-n.
  • a communication connection is established between multiple electronic devices 2000, so each of the multiple electronic devices 2000 can be identified through the registered nth identifier 361-n.
  • FIG. 11 is a sequence diagram explaining the processing executed by the sth information processing device 300-s and the tth information processing device 300-t in an information communication system 2 according to one embodiment of the present invention.
  • FIG. 12 is a flowchart explaining the processing executed by the tth information processing device 300-t in an information communication system 2 according to one embodiment of the present invention.
  • step S310 the sth identifier 361-s is transmitted from the sth electronic device 2000-s to the tth electronic device 2000-t.
  • step S320 the tth authentication unit 310-t determines whether the transmitted sth identifier 361-s is a registered identifier. If the sth identifier 361-s is a registered identifier (step S320: YES), the sth identifier 361-s is authenticated, and step S330 is executed. If the sth identifier 361-s is not a registered identifier (step S320: NO), the sth identifier 361-s is not authenticated, and the processing in the information communication system 2 ends.
  • step S330 authenticated information is transmitted from the t-th electronic device 2000-t to the s-th electronic device 2000-s, indicating that the s-th identifier 361-s has been authenticated in the t-th electronic device 2000-t (i.e., indicating that a communication connection is possible between the s-th electronic device 2000-s and the t-th electronic device 2000-t).
  • the authenticated information may be generated by the t-th authentication unit 310-t.
  • step S340 the acquisition unit 320 acquires the transmission data and time data and forms an image.
  • step S350 the combined data is transmitted from the sth electronic device 2000-s to the tth electronic device 2000-t.
  • step S360 the sth calculation unit 330-s repeats a hash calculation that varies the nonce value, and calculates the sth hash value that satisfies a predetermined condition based on the sth nonce value and the combined data.
  • step S370 the t-th calculation unit 330-t repeats the hash calculation that varies the nonce value, and calculates the t-th hash value that satisfies a predetermined condition based on the t-th nonce value and the combined data.
  • step S380 the sth hash value calculated in step S360 is transmitted from the sth electronic device 2000-s to the tth electronic device 2000-t.
  • step S390 the tth determination unit determines whether the tth hash value calculated in step S370 and the sth hash value transmitted in step S380 match.
  • step S390: YES the tth hash value matches the sth hash value
  • step S400 is executed.
  • step S390: NO processing in the information and communication system 2 ends.
  • step S400 the t-th electronic device 2000-t decrypts the transmission data from the combined data. This allows the t-th electronic device 2000-t to obtain the transmission data. When decrypting the transmission data, necessary information may be obtained from the s-th electronic device 2000-s. In this case, the t-th hash value calculated in step S370 may be transmitted from the t-th electronic device 2000-t to the s-th electronic device 2000-s.
  • the s-th determination unit 340-s determines whether the s-th hash value and the t-th hash value match, and when the s-th hash value and the t-th hash value match, the necessary information is transmitted from the s-th electronic device 2000-s to the t-th electronic device 2000-t.
  • the transmission data transmitted from the sth electronic device 2000-s to the tth electronic device 2000-t is encrypted as combined data. Furthermore, when the sth hash value calculated using the sth information processing device 300-s of the sth electronic device 2000-s matches the tth hash value calculated using the tth information processing device 300-t of the tth electronic device 2000-t, the combined data is decrypted and the transmission data is obtained. Since it is very difficult to calculate a hash value using software, the information communication system 2 has a high level of security.
  • the information processing device 300 of the information communication system 2 described in the third embodiment can also be used for encrypted communication in a network environment connected for communication via a router. Therefore, an information communication system 3 according to an embodiment of the present invention will be described with reference to Fig. 13. Note that, in the following, when the configuration of the information communication system 3 according to this embodiment is the same as that of the information communication system 2 according to the third embodiment, the description of the configuration of the information communication system 3 may be omitted.
  • FIG. 13 is a schematic diagram illustrating an overview of an information and communication system 3 according to one embodiment of the present invention.
  • the information communication system 3 includes information communication terminals 2100 (first information communication terminal 2100-1, second information communication terminal 2100-2, and third information communication terminal 2100-3) that do not include an information processing device 300, an information communication terminal 2200 that includes an information processing device 300, a router 2300 that does not include an information processing device 300, and a router 2400 that includes an information processing device 300.
  • the information communication terminals 2100 and 2200, and the routers 2300 and 2400 correspond to the electronic device 2000 described in the third embodiment.
  • the information communication terminal 2200 can make a communication connection using the information processing device 300.
  • the router 2400 can make a communication connection using the information processing device 300.
  • Each of the first information communication terminal 2100-1 and the information communication terminal 2200 is communicatively connected to the router 2300 via the network NW1.
  • Each of the second information communication terminal 2100-2 and the third information communication terminal 2100-3 is communicatively connected to the router 2400 via the network NW2.
  • the router 2300 is communicatively connected to the router 2400 via the network NW3.
  • the networks NW1 and NW2 are, for example, LANs.
  • the network NW3 is, for example, the Internet or a WAN.
  • the networks NW1, NW2, and NW3 may be wired or wireless.
  • the network environments in the information communication system 3 can be roughly divided into three types.
  • the first network environment NE1 is constructed by only the first information communication terminal 2100-1 or the first information communication terminal 2100-1 and the router 2300, and is a network environment in which the information processing device 300 cannot be used. In the first network environment NE1, the information processing device 300 cannot be used when communicating with the outside.
  • the second network environment NE2 is constructed by the information communication terminal 2200 or the information communication terminal 2200 and the router 2300, and is a network environment in which the information processing device 300 can be used.
  • the third network environment NE3 is constructed by the second information communication terminal 2100-2, the third information communication terminal 2100-3, and the router 2400, and is a network environment in which the information processing device 300 can be used.
  • the third network environment NE3 can also be said to be an in-house LAN in a company, etc.
  • the information processing device 300 can be used when establishing a communication connection with the outside.
  • the communication connections in the first network environment NE1 to the third network environment NE3 are described in detail below.
  • the first information communication terminal 2100-1 does not include the information processing device 300. Also, the router 2300 does not include the information processing device 300. Therefore, the first information communication terminal 2100-1 cannot transmit and receive encrypted data using the information processing device 300 when transmitting and receiving data with the second information communication terminal 2100-2, the third information communication terminal 2100-3, or the information communication terminal 2200. In this case, transmission and reception of data encrypted by a conventional method is performed. Note that, when multiple first network environments NE1 exist, the communication connection between the multiple first network environments NE1 is the same as described above.
  • the information communication terminal 2200 includes the information processing device 300. Therefore, when a plurality of second network environments NE2 exist, encrypted data can be transmitted and received between the information communication terminals 2200 using the information processing device 300. In data transmission and reception between the second network environments NE2, even if a malicious third party intercepts the data, the data cannot be easily decrypted.
  • Each of the second information communication terminal 2100-2 and the third information communication terminal 2100-3 does not include the information processing device 300. Therefore, in data transmission and reception between the second information communication terminal 2100-2 and the third information communication terminal 2100-3, it is not possible to transmit and receive encrypted data using the information processing device 300. In this case, transmission and reception of unencrypted data or data encrypted by a conventional method is performed.
  • the information communication terminal 2200 in the second network environment NE2 includes an information processing device 300.
  • the router 2400 in the third network environment NE3 also includes an information processing device 300.
  • data can be encrypted or decrypted by the information processing device 300 of the router 2400. Therefore, encrypted data can be transmitted and received between the information communication terminal 2200 and the second information communication terminal 2100-2 or the third information communication terminal 2100-3 using the information processing device 300.
  • transmitting and receiving data between the second network environment NE2 and the third network environment NE3 even if a malicious third party intercepts the data, the data cannot be easily decrypted.
  • encrypted data can be transmitted and received between the information communication terminals 2200 including the information processing device 300, or between the information communication terminal 2200 including the information processing device 300 and the router 2400 including the information processing device 300.
  • the information processing device 300 can be provided as a component (e.g., a chip). Therefore, by inserting, mounting, or replacing the information processing device 300 into the information communication terminal 2100, it is possible to use the information communication terminal 2100 as the information communication terminal 2200. Similarly, by inserting, mounting, or replacing the information processing device 300 into the router 2300, it is possible to use the router 2300 as the router 2400. In this way, in the information communication system 3, by introducing the information processing device 300 into the network environment, it is possible to transmit and receive encrypted data using the information processing device 300. As a result, in the information communication system 3, security can be increased according to the network environment.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Lock And Its Accessories (AREA)

Abstract

Le présent système de clé comprend : un premier dispositif de traitement d'informations inclus dans un dispositif de verrouillage électronique ; et un second dispositif de traitement d'informations qui est inclus dans un dispositif de clé électronique pour faire fonctionner le dispositif de verrouillage électronique et est connecté de façon à communiquer avec le premier dispositif de traitement d'informations. Après l'établissement d'une connexion de communication entre le premier dispositif de traitement d'informations et le second dispositif de traitement d'informations, le premier dispositif de traitement d'informations acquiert des données combinées dans lesquelles au moins des premières données et des secondes données différentes des premières données ont été combinées. Le premier dispositif de traitement d'informations transmet les données combinées au second dispositif de traitement d'informations. Le premier dispositif de traitement d'informations calcule une première valeur de hachage qui satisfait une condition prescrite en fonction d'une première valeur de nonce et des données combinées. Le second dispositif de traitement d'informations calcule une seconde valeur de hachage qui satisfait la condition prescrite en fonction d'une seconde valeur de nonce et des données combinées. Le premier dispositif de traitement d'informations détermine si la première valeur de hachage et la seconde valeur de hachage correspondent.
PCT/JP2023/038451 2022-10-27 2023-10-25 Système de clé, dispositif de verrouillage électronique, dispositif de clé électronique et système de communication d'informations WO2024090461A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2022172721 2022-10-27
JP2022-172721 2022-10-27

Publications (1)

Publication Number Publication Date
WO2024090461A1 true WO2024090461A1 (fr) 2024-05-02

Family

ID=90830860

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2023/038451 WO2024090461A1 (fr) 2022-10-27 2023-10-25 Système de clé, dispositif de verrouillage électronique, dispositif de clé électronique et système de communication d'informations

Country Status (1)

Country Link
WO (1) WO2024090461A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006009333A (ja) * 2004-06-24 2006-01-12 Dainippon Printing Co Ltd 携帯電話機を利用したキーレスエントリーシステム
JP2015231177A (ja) * 2014-06-06 2015-12-21 日本電信電話株式会社 装置認証方法、装置認証システム及び装置認証プログラム
JP2019116784A (ja) * 2017-12-27 2019-07-18 健 坪井 電子錠ユニット、宅配便確認方法及び宅配便確認支援システム
JP2020528691A (ja) * 2017-07-24 2020-09-24 エヌチェーン ホールディングス リミテッドNchain Holdings Limited 複数のストレージノードにわたる大きいブロックチェーンのセキュアな記憶を可能にする、コンピュータにより実現されるシステム及び方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006009333A (ja) * 2004-06-24 2006-01-12 Dainippon Printing Co Ltd 携帯電話機を利用したキーレスエントリーシステム
JP2015231177A (ja) * 2014-06-06 2015-12-21 日本電信電話株式会社 装置認証方法、装置認証システム及び装置認証プログラム
JP2020528691A (ja) * 2017-07-24 2020-09-24 エヌチェーン ホールディングス リミテッドNchain Holdings Limited 複数のストレージノードにわたる大きいブロックチェーンのセキュアな記憶を可能にする、コンピュータにより実現されるシステム及び方法
JP2019116784A (ja) * 2017-12-27 2019-07-18 健 坪井 電子錠ユニット、宅配便確認方法及び宅配便確認支援システム

Similar Documents

Publication Publication Date Title
EP3426528B1 (fr) Système sécurisé d'accès et de démarrrage par smartphone pour véhicules
CN104412537B (zh) 用于配对的方法、配对装置以及遥控钥匙
US10911949B2 (en) Systems and methods for a vehicle authenticating and enrolling a wireless device
US9571284B2 (en) Controlling access to personal information stored in a vehicle using a cryptographic key
EP2672655B1 (fr) Système d'enregistrement de clé électronique
US9855918B1 (en) Proximity confirming passive access system for vehicle
US20180232971A1 (en) Systems And Methods For Managing Access To A Vehicle Or Other Object Using Environmental Data
US20210070252A1 (en) Method and device for authenticating a user to a transportation vehicle
WO2013114972A1 (fr) Procédé d'enregistrement de clé à puce et système d'enregistrement de clé à puce
US20150291129A1 (en) Information processing system
CN106912046B (zh) 单向密钥卡和交通工具配对
JP2010146095A (ja) 生体認証システム
JP2005343430A (ja) 車両制御システム
JP2010041411A (ja) 通信システム
CN108116367B (zh) 无钥匙系统匹配方法及无钥匙匹配系统
CN111063070B (zh) 数字钥匙的共享方法、验证方法、及设备
WO2024090461A1 (fr) Système de clé, dispositif de verrouillage électronique, dispositif de clé électronique et système de communication d'informations
Dolev et al. Peripheral authentication for autonomous vehicles
JP6276023B2 (ja) 通信システム、通信方法、通信アダプタおよびサーバ
CN117837121A (zh) 用于安全无钥匙系统的系统和方法
JP2007311960A (ja) 相互認証デバイスの試験方法
JP6850314B2 (ja) ユーザ認証装置及びユーザ認証方法
JP2020004044A (ja) 認証システム及び認証方法
US20230161859A1 (en) Control device and control method
US20230242076A1 (en) Fingerprint Data Reset System and Fingerprint Data Reset Method