1. Field of the Invention
The present invention relates to a communication technology, and it particularly relates to a communication apparatus that transmits and receives signals containing predetermined information.
2. Description of the Related Art
There are two main types of radio communication for automobiles; a road-to-vehicle communication and a vehicle-to-vehicle (inter-vehicular) communication. Note also that the inter-vehicular communication includes a vehicle-to-road communication. Either communication can be used to prevent collision of vehicles on a sudden encounter at an intersection and prevent rear-end collisions due to the congestion around corners, for instance. Current position information is detected in real time by GPS (Global Positioning System) or the like and the position information is exchanged between their in-vehicle units, thereby making it possible to prevent the collision of vehicles at the intersection. In the road-to-vehicle communication, roadside units are installed at an intersection and on road sides, so that the aforementioned drive support information is transmitted to the in-vehicle units from the road sides.
The wireless communications are more susceptible to an interception of communication and an unauthorized intervention by a fake third party than the wired communications. It is therefore more important to countermeasure such interception and intervention in the wireless communications than in the wired communications. In order to ensure the secrecy of communication content, it is effective to encrypt the communication data. There are two main encryption schemes; a public key encryption scheme and a common key encryption scheme. The former has a higher security than the latter but has more data amount than the latter. Besides, the former has a larger processing load than the latter and therefore the overall implementation cost is higher than the latter. In other words, the public key encryption scheme and the common key encryption scheme are in a trade-off relation with each other.
When messages are to be sent in the road-to-vehicle communication and the inter-vehicular communication where broadcasting is assumed, it is plausible to use the common key encryption scheme because key data cannot be exchanged and the real-timeliness needs to be emphasized. In this case, all the common keys are basically shared by the in-vehicle units and the roadside units operated on the same system. If, however, an encryption key is leaked from any one of the in-vehicle units or roadside units, the security level of the system as a whole will be significantly reduced. In the light of the foregoing circumstances, a method has been under investigation where an encryption table including a plurality of encryption keys are prepared, an encryption key used at the time of data transmission is selected randomly, and these encryption tables are updated periodically so as to enhance the security.
In order to resolve the above-described problems, a communication apparatus according to one embodiment of the present invention includes: a storage configured to store a common key table, its own identification information, and an update key associated with the identification information, the common key table containing a plurality of kinds of common keys usable for a communication with another communication apparatus within a single system; a transmitter configured to transmit the identification information to a system management apparatus for managing the common key table, used in the system, the identification information on the communication apparatus within the system, and the update key associated with the identification information thereon; an acquiring unit configured to acquire, from the system management apparatus that has received the identification information, a common key table for use in update (updating common key table) encrypted using the update key associated with the identification information; and a decryption unit configured to decrypt the encrypted updating common key table by use of the update key stored in the storage.
Another embodiment of the present invention relates also to a communication apparatus. The communication apparatus includes: a security processing unit configured to decrypt received data; a storage configured to store a common key table, registration information on the security processing unit, and a registration key associated with the registration information, the common key table containing a plurality of kinds of common keys usable for a communication with another communication apparatus within a single system; a transmitter configured to transmit the registration information to a system management apparatus for managing the common key table used within the system, the registration information on the security processing of the communication system within the system, and the registration key associated with the registration information; and an acquiring unit configured to acquire, from the system management apparatus that has received the registration information, a common key table for use in update (updating common key table) encrypted using the registration key associated with the registration information. The security processing unit decrypts the encrypted updating common table by use of the registration key stored in the storage.
Still another embodiment of the present invention relates also to a communication apparatus. The communication apparatus includes: a storage configured to store a common key table, which contains a plurality of kinds of common keys usable for a communication with another communication apparatus within a single system, and an update master key commonly used in the system; an acquiring unit configured to acquire a table updating key, used to encrypt a common key table for use in update (updating common key table), and the updating common key table encrypted using the table updating key, which are transmitted from a system management apparatus for managing the common key table, and configured to acquire identification information, on an communication apparatus, transmitted from said communication apparatus to be updated; and an encryption unit configured to encrypt the table updating key using the update master key and the identification information on said communication apparatus; and a broadcasting unit configured to broadcast the table updating key encrypted by the encryption unit and the encrypted updating common key table.
Still another embodiment of the present invention relates also to a communication apparatus. The communication apparatus includes: a storage configured to store a common key table, which contains a plurality of kinds of common keys usable for a communication with another communication apparatus within a single system, an update master key commonly used in the system, and its own identification information; a broadcasting unit configured to broadcast the identification information; an acquiring unit configured to acquire, from a communication apparatus that has received the identification information, a table updating key, encrypted using the identification information and the update master key owned by said communication apparatus, and a common key table for use in update (updating common key table) encrypted using the table updating key; and a decryption unit configured to decrypt the encrypted table updating key by use of the identification information and the update master key stored in the storage and configured to decrypt the encrypted updating common key table by use of the decrypted table updating key.
Still another embodiment of the present invention relates also to a communication apparatus. The communication apparatus includes: a storage configured to store a key table containing a plurality of communication keys usable for a communication with another communication apparatus within a single system; an acquiring unit configured to acquire identification information on a communication key, which is to be determined unusable, transmitted from a system operations management apparatus for managing use and operation of the key table; and a broadcasting unit configured to broadcast the identification information on the communication key, which is to be determined unusable, acquired by the acquiring unit.
Still another embodiment of the present invention relates also to a communication apparatus. The communication apparatus includes: a storage configured to store a key table containing a plurality of communication keys usable for a communication with another communication apparatus within a single system; an acquiring unit configured to acquire identification information on a communication key, which is to be determined unusable, transmitted from the other communication apparatus; and an update unit configured to invalidate said communication key contained in the key table based on the identification information on said communication key, which is to be determined unusable, acquired by the acquiring unit.
Still another embodiment of the present invention relates also to a communication apparatus. The communication apparatus includes: a storage configured to store a common key table, which contains a plurality of common keys usable for a communication with another communication apparatus within a single system, and an update master key commonly used in the system; an acquiring unit configured to acquire a table updating key, used to encrypt a common key table with a negative flag indicating a common key to be invalidated, and an updating common key table encrypted using the table updating key, which are transmitted from a system management apparatus for managing the common key table, and configured to acquire identification information, on an communication apparatus, transmitted from said communication apparatus to be updated; and an encryption unit configured to encrypt the table updating key using the update master key and the identification information on said communication apparatus; and a broadcasting unit configured to broadcast the table updating key encrypted by the encryption unit and the encrypted updating common key table.
Still another embodiment of the present invention relates also to a communication apparatus. The communication apparatus includes: a storage configured to store a common key table, which contains a plurality of common keys usable for a communication with another communication apparatus within a single system, an update master key commonly used in the system, and its own identification information; a broadcasting unit configured to broadcast the identification information; an acquiring unit configured to acquire, from a communication apparatus that has received the identification information, a table updating key, encrypted using the identification information and the update master key owned by said communication apparatus, and a common key table, with a negative flag, which is encrypted using the table updating key; a decryption unit configured to decrypt the encrypted table updating key by use of the identification information and the update master key stored in the storage and configured to decrypt the encrypted common key table with the negative flag by use of the decrypted table updating key.
Optional combinations of the aforementioned constituting elements, and implementations of the invention in the form of methods, apparatuses, systems, recording media, computer programs and so forth may also be practiced as additional modes of the present invention.
Embodiments will now be described by way of examples only, with reference to the accompanying drawings which are meant to be exemplary, not limiting and wherein like elements are numbered alike in several Figures in which:
The invention will now be described by reference to the preferred embodiments. This does not intend to limit the scope of the present invention, but to exemplify the invention.
The present invention will be outlined before it is explained in detail. Exemplary embodiments of the present invention relate to a communication system such as ITS (Intelligent Transport System). Here, the communication system such as ITS uses both a road-to-vehicle communication carried out to provide information from a base station apparatus installed in an intersection, on a road side and the like to vehicles and an inter-vehicular communication carried out to provide information from a terminal apparatus mounted in a vehicle to another vehicle.
Use of wireless LAN compliant with IEEE 802.11 and the like in ITS has been under consideration. An access control function called CSMA/CA (Carrier-Sense Multiple Access with Collision Avoidance) is used in such wireless LAN. Thus, in this wireless LAN, the same radio channel is shared by the base station apparatus and a plurality of terminal apparatuses. In such a scheme as CSMA, a packet signal is transmitted by broadcast after it has been verified by carrier sense that other packet signals are not transmitted. Note that the transmission of packet signals by broadcast will hereinafter be called “broadcasting”, “being broadcast” or “by broadcast” also.
As the inter-vehicular communication, a terminal apparatus transmits, by broadcast, a packet signal in which vehicle information indicating the traveling speed, position and so forth of a vehicle that installs the terminal apparatus is stored. A terminal apparatus, which receives said packet signal, recognizes the approach or the like of the vehicle based on the information stored in said packet signal. As the road-to-vehicle communication, the base station apparatus broadcasts a packet signal in which intersection information and traffic congestion information are stored.
The intersection information includes information on conditions at an intersection such as the position of the intersection, images captured of the intersection, where the base station apparatus is installed, and positional information on vehicles at or near the intersection. A terminal apparatus displays the intersection information on a monitor. Also, the terminal apparatus may recognize the conditions at the intersection based on the intersection information, and may broadcast audio messages to a user for the purpose of preventing collision between vehicles, bicycles, and pedestrians due to a right turn or a left turn at a sudden encounter at the intersection. The traffic congestion information includes information concerning the congestion situation in a road, where the base station apparatus is installed, and the information concerning road repairing and accidents that have happened. Based on the traffic congestion information, the terminal apparatus conveys to the user how much the road ahead may be congested. Also, the terminal apparatus may present any possible detour to the user.
The MAC frame processing unit 24, the security processing unit 25, the data generator 26, the network communication unit 27, the storage 28 and the control unit 29 may be configured hardwarewise by elements such as any given processor, memory and other LSIs and/or may be configured softwarewise by memory-loaded programs or the like. Depicted herein are functional blocks implemented by cooperation of hardware and software. Therefore, it will be obvious to those skilled in the art that theses functional blocks may be implemented by a variety of manners including hardware only, software only or a combination of both.
Primarily, “payload” is data to be authenticated and encrypted. However, “nonce” and “payload length” are also counted as and contained in the to-be-authenticated data for the purpose of enhancing the reliability. More specifically, “nonce” and “payload length” are assigned to a leading block and “payload” is assigned to a second block and the subsequent blocks, all of which constitute a block sequence to be authenticated, and then a message authentication code will be obtained for this block sequence. Here, “block” is a unit of computing the message authentication code. “Nonce” is data by which to intend to make the “message authentication code” different per signal even though the “payloads” are identical, so that a unique value is set to the nonce for each message. “Payload length” indicates the data length of “payload” and improves the reliability against the falsification of data including the insertion and/or deletion of data, for instance. Similarly, “message authentication code” is also counted as and contained in the to-be-encrypted data.
In this data structure, “nonce”, “payload length”, “device ID”, “application data length”, “application data”, “management data length”, and “management data” are to be authenticated. Also, “device ID”, “application data length”, “application data”, “management data length”, “management data”, and “message authentication code” are to be encrypted.
As the security header, the data structure of messages shown in
Either “0” or “1” is set to the “management data”. Here, “0” indicates that the message does not contain management data. In this case, a management data field, namely the management data length and the management data, is not set. In the inter-vehicular communication, “0” is generally set. “1” indicates that the message contains the management data field. Where “0” is set, a change may be made such that no application data length is set for the purpose of eliminating the redundancy. In
“Device ID” is constructed of “type” and “individual information”. Information by which to identify whether an applicable device or vehicle is a roadside unit, an emergency vehicle or an ordinary vehicle is set to the “type”. A unique value to identify each device is set to the “individual information”.
A unique value is set to the “nonce” in
The aforementioned intersection information, traffic congestion information, vehicle information and so forth are set to the “application data”. Maintenance information on the security, such as the updating of a key, and so forth are set to the “management data”.
A single common key table for use with the transmission (hereinafter referred to as “transmitting table” also) is selected from among a plurality of common key tables. The transmitting table is switched among the plurality of common key tables on a periodic basis of 6 months or one or two years, for instance. In the example of
The road-to-vehicle service company terminal apparatus 400 transmits to the roadside unit (base station apparatus 20) a message containing a common key included in a transmitting table after the switching. Upon receiving the message, the roadside unit sets the common key table including said common key to a new transmitting table. The roadside unit broadcasts the message using the common key included in the common key table newly set to the transmitting table. Upon receiving the message, an in-vehicle unit (terminal apparatus 10) of an existing vehicle 100 sets the common key table including said common key to a new transmitting table. Then the in-vehicle unit broadcasts the message containing the common key included in a common key table newly set to the transmitting table. Upon receiving the message, an in-vehicle unit of another existing vehicle 100 sets the common key table including said common key to a new transmitting table. This process will be repeated.
Also, the vehicle-maker terminal apparatus 600 instructs an in-vehicle (terminal apparatus 10) of a new vehicle 100 to set a common key table, specified by the road-to-vehicle service company terminal apparatus 400, to the transmitting table. The in-vehicle unit broadcasts a message containing a common key (communication key) included in the common key table set to the transmitting table. Upon receiving the message, the in-vehicle unit of the existing vehicle 100 sets the common key table including said common key to a new transmitting table. Then the in-vehicle unit broadcasts the message containing the common key included in a common key table newly set to the transmitting table. Upon receiving the message, an in-vehicle unit of another existing vehicle 100 sets the common key table including said common key to a new transmitting table. This process will be repeated.
By carrying out the above-described processes, the transmitting tables in each device of the communication system 500 are switched in a propagating manner, namely, switched in succession. Instead of such a propagating system, the transmitting tables may be switched according to a scheduling program that has been set beforehand in each device. However, this alternative method may be employed on the condition that (1) a watch or time measuring device is provided, (2) the watch or time measuring device is accurate, and (3) the watch of a roadside unit and the watch of an in-vehicle unit are synchronized with each other. Thus, the both methods may be used in combination to complement each other. Though the road-to-vehicle service company terminal apparatus 400, the vehicle-maker terminal apparatus 600, and the roadside unit are each provided in a single piece in
Now refer back to
The RF unit 22 performs a frequency conversion on the received packet signal of a radiofrequency and thereby generates a packet signal of baseband. The RF unit 22 outputs the baseband packet signal to the modem unit 23. Generally, a baseband packet signal is formed of an in-phase component and a quadrature component, and therefore it should be represented by two signal lines. However, it is represented by a single signal line here to make the illustration clearer for understanding. The RF unit 22 includes an LNA (Low Noise Amplifier), a mixer, an AGC (Automatic Gain Control) unit, an A/D converter, and so forth, all of which are not-shown components constituting a receiving system.
The RF unit 22 transmits the thus generated packet signal from the base station apparatus 20, as a transmission processing. In the present exemplary embodiment, the RF unit 22 broadcasts a packet signal, in which a table updating key encrypted by the security processing unit 25 (hereinafter referred to as “encrypted table updating key” also) is stored, and a packet signal, in which an update common key table in an encrypted state (hereinafter referred to as “encrypted update common key table” also) is stored. The timing with which the encrypted table updating key is broadcast and the timing with which the encrypted update common key table is broadcast may differ from each other or may be identical. If the timings are different, the encrypted table updating key may be broadcast before or after the encrypted update common key table is broadcast.
The RF unit 22 performs a frequency conversion on the baseband packet signal inputted from the modem unit 23 and thereby generates a radiofrequency packet signal. The RF unit 22 transmits, through the antenna 21, the radiofrequency packet signal in a road-to-vehicle transmission period. The RF unit 22 also includes a PA (Power Amplifier), a mixer, a D-A converter, and so forth, all of which are not-shown components constituting a transmission system.
The modem unit 23 demodulates the baseband packet signal fed from the RF unit 22, as a receiving processing. The modem unit 23 outputs a MAC frame obtained from the demodulation result, to the MAC processing unit 24. Also, the modem unit 23 modulates the MAC frame fed from the MAC frame processing unit 24, as a transmission processing. The modem unit 23 outputs the modulation result to the RF unit 22 as a baseband packet signal.
The communication system 100 according to the present exemplary embodiment uses an OFDM (Orthogonal Frequency Division Multiplexing) modulation scheme. In this case, the modem unit 23 performs FFT (Fast Fourier Transform) as a receiving processing and performs IFFT (Inverse Fast Fourier Transform) as a transmission processing.
As a receiving processing, the MAC frame processing unit 24 retrieves a security frame from the MAC frame fed from the modem unit 23 and outputs the security frame to the security processing unit 25. As a transmission processing, the MAC frame processing unit 24 adds the MAC header, the LLC header and the information header to the security frame fed from the security processing unit 25, generates a MAC frame, and outputs the MAC frame to the modem unit 23. Also, the timing with which packet signals are transmitted and received is controlled so that the packet signals sent from the other base station apparatus 10 or other terminal apparatuses collide with those sent from its own terminal apparatus 10.
The network communication unit 27 connects to the external network 200. The network communication unit 27 receives road information, regarding the road repairing, congestion situation and the like, from the external network 200. In the present exemplary embodiment, an expired key ID (described later) sent from the system operations management apparatus 300 is received via the road-to-vehicle service company terminal apparatus 400. Also, in the present exemplary embodiment, a table updating key, used to encrypt a common key table for use in update (updating common key table) sent from the system operations management apparatus 300, and an encrypted update common key table, which is encrypted with this table updating key, are received via the road-to-service operations terminal apparatus 400. A list of terminal apparatuses 10, sent from the system operations management apparatus 300, for which the common key table is not to be updated (hereinafter referred to as “device negative list” also) is also received. Those devices registered in the device negative list correspond to a falsified in-vehicle unit and a device where a malfunction has been found and therefore a product recall procedure by a maker is under way, for instance.
Also, the network communication unit 27 outputs the processing result by the security processing unit 25 to the external network 200 and accumulates those processing results and then outputs them to the external network 200 on a regular basis. The data generator 26 generates application data. For example, the road information is set to the application data. Then the protection format is specified according to the content of the application data, and the thus generated application data and its data length are outputted to the security processing unit 25.
The storage 28 stores various items of information. In the present exemplary embodiment, the storage 28 stores the aforementioned common key table, an update master key, which is commonly used within the communication system 500, and the aforementioned device negative list. Note that the common key table and the update master key may be incorporated before the shipment from a factory or they may be obtained thereafter via the network communication unit 27. Also, the storage 28 temporarily stores the device ID and vehicle information acquired from a terminal apparatus 10 and the encrypted update common key table, the table updating key and the road information acquired from the system operations management apparatus 300. The control unit 29 controls the entire processing of the base station apparatus 20.
The security processing unit 25 generates or reads (interprets) a security frame. The security processing unit 25 generates the security frame, which is to be outputted to the MAC frame processing unit 24, based on the data stored in the storage 28. The application data received from the data generator 26 is set to the “application data” of the payload, and the data length is set to the “application data length” of the payload. Alternatively, the expired key ID described later, the encrypted table updating key described later or the encrypted update common key table described later is set to the “management data” as necessary, and then the security header and the security footer are appended so as to generate the security frame. In so doing, the message authentication code is generated and appended, as described above, so that the data can be authenticated. Further, the message can be kept secret by encrypting the payload and the message authentication code.
The security processing unit 25 includes an encryption/decryption unit 251 and an encryption unit 252. The encryption/decryption unit 251 is capable of performing data authentication and encryption on the payload. The security processing unit 25 selects a protection function of the security frame in the light of both a request from the application data instructed by the data generator 26 and a request from the management data set by the security processing unit 25. If the management data is to be sent out, encrypted data with data authentication (=3) will be generally selected. Then the protection function is set to the field of the security frame. Then the security frame to which the protection frame has been set is outputted to the encryption/decryption unit 251. If the protection function is a plain text (=0), the encryption/decryption unit 251 will skip the processing. If it is data with data authentication (=1), a key will be selected from the transmitting table and a message authentication code will be generated using the selected key. Then the key ID of the selected key and the message authentication code are set to the field of the security frame. If it is encrypted data with data authentication (=3), a key will be selected from the transmitting table and a message authentication code will be generated using the selected key and then the key ID of the selected key and the message authentication code will be set to the field of the security frame. Then the payload and the message authentication code are encrypted using the selected key.
To broadcast the identification information on communication keys, which are to be determined unusable, out of a plurality of communication keys included in the common key table (hereinafter referred to as “expired key(s)”), the security processing unit 25 sets the identification information on the expired keys (hereinafter referred to as “expired key ID(s)”) to the management data, as a transmission processing. This expired key ID is data where the message authentication code by which to verify its authenticity is added to the key ID of a communication key to be expired. Also, the security processing unit 25 sets the encrypted table updating key and the encrypted update common key table to the management data. Note that the update common key table is a new common key table to rewrite (update) the common key table stored in the storage 18 of the terminal apparatus 10. The table updating key is a decryption key used to decrypt the encrypted update common key table. Packets in which the expired key ID, the encrypted table updating key and the encrypted update common key table are set may be different or may be identical. If the timings are different, the encrypted table updating key may be broadcast before or after the encrypted update common key table is broadcast. Also, the number of expired key IDs and the number of encrypted table updating keys may each be a single or in plurality.
The encryption unit 252 can generate and encrypt a message authentication code for the management data. In the present exemplary embodiment, the encryption unit 252 runs a predetermined encryption function, which uses the aforementioned update master key and the device ID of a terminal apparatus 10, before the aforementioned table updating key is set to the “management data”. Thereby, an encryption key with which to encrypt the aforementioned table updating key is produced. If the table updating key is sent as the management data, an encrypted table updating key, which has been encrypted with the thus generated encryption key, is set to the “management data”.
Note that the encryption unit 252 does not regard the device IDs of terminal apparatuses 10 included in the aforementioned device negative list, as those for which the encryption key is to be generated. If a table updating key is encrypted using such a device ID, this encrypted table updating key will be removed from those to be broadcast. That is, broadcasting the table updating keys encrypted using such device IDs and the updating master key is stopped. Also, it is obvious that after the data encrypted by the encryption unit 252 has been set to the “management data”, the encryption unit 251 encrypts this data according the protection function of the message type.
As a receiving processing, the security processing unit 25 receives the security frame sent fed from the MAC frame processing unit 24. The security processing unit 25 verifies the content of the security header in the received security frame. If the message type is data with data authentication, the message will be verified at the encryption/decryption unit 251. If the message type is encrypted data with data authentication, the message will be verified at the encryption/decryption unit 251 and then decrypted. If the message is a plain text, these processes will be skipped.
The MAC frame processing unit 14, the security processing unit 15, the receiving processing unit 161, the notification unit 162, the data generator 17, the storage 18 and the control unit 19 may be configured hardwarewise by elements such as any given processor, memory and other LSIs and/or may be configured softwarewise by memory-loaded programs or the like. Depicted herein are functional blocks implemented by cooperation of hardware and software. Therefore, it will be obvious to those skilled in the art that theses functional blocks may be implemented by a variety of manners including hardware only, software only or a combination of both.
The structures and operations of the antenna 11, the RF unit 12, the modem unit 13 and the MAC frame processing unit 14 are basically similar to those of the antenna 21, the RF unit 22, the modem unit 23 and the MAC frame processing unit 24 of
The receiving processing unit 161 estimates a crash risk, an approach of an emergency vehicle, such as an ambulance vehicle and a fire-extinguishing vehicle, a congestion situation in a road ahead and intersections, and the like, based on the information on his/her own vehicle received from the data generator 17. If the data is image information, the data will be processed so that it can be displayed by the notification unit 162.
The notification unit 162 includes a means for notifying the user such as a monitor, a lamp, and a speaker, all of which are not shown. The approach of other vehicles (not shown) and the like are conveyed to a driver, via the notifying means, according to instructions given from the receiving processing unit 161. Also, the congestion information, the image information on the intersections and other information are displayed on the monitor.
The data generator 17 identifies the present position, traveling direction, traveling speed and so forth of the vehicles 100 that are carrying the terminal apparatuses 10, based on the information supplied from a GPS receiver, a gyroscope, a vehicle speed sensor, and so forth all of which are not shown in
The storage 18 stores various items of information. In the present exemplary embodiment, the storage 28 stores the aforementioned common key table, the update master key, which is commonly used within the communication system 500, and its own device ID. Note that the common key table and the update master key may be incorporated before the shipment from a factory or they may be obtained thereafter via the RF unit 12. Also, the storage 18 temporarily stores the vehicle information on its own vehicle, the vehicle information, acquired from other terminal apparatuses 10, regarding vehicles other than its own vehicle, the expired key IDs acquired from the base station apparatus 20, the encrypted update common key table, the encrypted table updating key and the road information. The control unit 19 controls the entire processing of the terminal apparatus 10.
The security processing unit 15 generates or reads (interprets) a security frame. The security processing unit 15 generates the security frame, which is to be outputted to the MAC frame processing unit 14, based on the data stored in the storage 18. For example, the security frame is generated such that the vehicle information on its own vehicle is set to the “application data” of the payload or its own device ID is set to the “device ID” and then the security header and the security footer are appended. In so doing, the message authentication code is generated, as described above, so that the data can be authenticated. Further, the payload and the message authentication code can be encrypted.
The security processing unit 15 includes an encryption/decryption unit 151 and a decryption unit 152. The encryption/decryption unit 151 is capable of performing data authentication and encryption on the payload. In other words, the security processing unit 15 performs a processing according the protection function of the message type and includes the function equivalent to that of the encryption/decryption unit 251 of the base station apparatus 20. Thus the transmission processing and the receiving processing of the security processing unit 15 are basically the same as those of the encryption/decryption unit 251 of the base station apparatus 20 and therefore the repeated description thereof is omitted here.
In the present exemplary embodiment, the security processing unit 15 generates the security frame in which its own device ID has been set to the “device ID” and then outputs the thus generated frame to the MAC frame processing unit 14. The MAC frame processing unit 14, the modem unit 13 and the RF unit 12 broadcast, from the antenna 11, a packet signal in which a MAC frame including this security frame is stored. As a result, its own device ID can be broadcast.
The RF unit 12 receives a packet signal from the base station apparatus 20. The RF unit 12 outputs the received packet signal to the modem unit 13. More specifically, the RF unit 12 receives, from the base station apparatus 20 that has acquired the device ID, a packet signal in which an encrypted table updating key encrypted using the device ID and the master key possessed by the base station apparatus 20 is stored. Also, the RF unit 12 receives, from the base station apparatus 20, a packet signal in which an encrypted update common key table encrypted with the table updating key is stored. The encrypted table updating key and the encrypted common key table are set to the “management data” of the payload. The encrypted table updating key and the encrypted common key table may be stored in the same packet signal.
The RF unit 12 outputs these packet signals to the modem unit 13, and the modem unit 13 demodulates the packet signals and outputs the demodulated signals to the MAC processing unit 14. The MAC processing unit 14 retries the security frame from the MAC frame and outputs it to the security processing unit 15.
The security processing unit 15 outputs the security frame, received from the MAC frame processing unit 14, to the encryption/decryption unit 151. Upon receiving the security frame, the encryption/decryption unit 151 performs a processing according the protection function of the message type and returns the security frame to the security processing unit 15. At this time, the result of the data verification is also conveyed. Upon receiving an output from the encryption/decryption unit 151, the security processing unit 15 outputs the processing result, the application data length and the application data to the receiving processing unit 161. If the data is authenticated, the management data length and device management data will be outputted to the decryption unit 152. If an encrypted table updating key is included in the management data, the decryption unit 152 will use its own device ID and the update master key so as to decrypt the encrypted table updating key. Then the thus decrypted table updating key is held inside. If an encrypted update common key table is included in the management data inputted from the encryption/decryption unit 151, the encrypted update common key table will be decrypted using the table updating key kept therein and the result of the decryption will be verified. Then if the verification is successful, it will be determined to be an updating common key table. A detail description of this verification processing will be discussed later. If an expired key ID is included in the management data, the expired key ID will be verified using the message authentication code appended to the expired key ID. A detailed description of this verification processing will be discussed later.
The encryption/decryption unit 251 reads out a communication key of a common key table based on the generated key ID, as the communication key to be used this time. The encryption/decryption unit 251 generates a message authentication code (MAC) based on data, available in a data authentication range of a message to be broadcast to the in-vehicle unit, and the communication key. Then the thus generated MAC is set to the “message authentication code” of the message and is encrypted together with the “payload” using the communication key. Note that data included in the payload of this message may be application data or management data or may be the both. The message generated in this manner is broadcast as a road-to-vehicle message.
The encryption/decryption unit 151 reads out a communication key (i.e., communication key) of a common key table set in the transmitting table, based on the key ID contained in the received message. The encryption/decryption unit 151 decrypts an encrypted part of the message using the communication key. As a result, the message authentication code is also decrypted. The encryption/decryption unit 151 verifies the received message using the decrypted MAC and the communication key. If the verification is successful, the received message will be reported as an authentic message. For the sake of simplicity in explanation, a description regarding the generation of the MAC frame and the modulation process is omitted here. The procedure shown in
Next a description is given of a process for rewriting a common key table. What is to be rewritten is a common key table that is not set in the transmitting table. Though a certain security level can be ensured by switching a plurality of common key tables to be used, the security level will naturally deteriorate as a whole if used for a long period of time. Thus the following is conceivable to enhance the security level. That is, the common key table, which is not set in the transmitting table and which is ready and waiting, is rewritten or renewed in units of table.
The roadside unit acquires a device ID from the in-vehicle unit (terminal apparatus 10) of an existing vehicle 100, encrypts the table updating key using its device ID, and supplies the encrypted table updating key and the encrypted update common key table to the in-vehicle unit. Similarly, the maintenance company terminal apparatus 700 acquires the device ID from the in-vehicle unit (terminal apparatus 10) of the existing vehicle 100, encrypts the table updating key using its device ID, and supplies the encrypted table updating key and the encrypted update common key table to the in-vehicle unit.
An area of 1 byte is assigned to each of “version”, “table ID” and “the number of keys”. An area of 16 bytes are assigned to each of “table master”, “key 0”, . . . , and “key n”. An area of 14 bytes is assigned to “MAC”.
A table number is set to the “table ID”. A number n, which indicates the number of keys in a table, is set to “the number of keys”. In the example of
If the retrieved device ID is not registered in the device negative list, the encryption unit 252 will run a predetermined encryption function that uses the update master key stored in the storage 28 and the device ID so as to generate another encryption key. The encryption unit 252 encrypts the table updating key using the other encryption key. The security processing unit 25 sets this encrypted table updating key in the “management data” of the payload in the message. Then the message is processed at the encryption/decryption unit 251 and then the thus processed message is broadcast in the road-to-vehicle communication. Also, in another communication packet, the security processing unit 25 sets the encrypted update common key table to the “management data” of the payload in the message. Then the message is processed at the encryption/decryption unit 251 and then the thus processed message is broadcast in the road-to-vehicle communication. Though, in the example of
When the common key table is updated, the in-vehicle unit receives a message containing the management data, namely the encrypted table updating key, or a message containing the encrypted update common key table. The decryption unit 152 of the in-vehicle unit runs a predetermined encryption function that uses its own device ID and the update master key stored in the storage 18 so as to generate an encryption key. The encryption function used here is the same encryption function run at the roadside unit.
The decryption unit 152 further decrypts the encrypted table updating key contained in the message received from the roadside unit by use of the generated encryption key. Thereby, the encrypted update common key table contained in the message received from the roadside unit is decrypted.
The decryption unit 152 references the table number m included in the updating common key table obtained by further decrypting the encrypted update common key table and then reads out a table key included in a common key table of the same table number m stored in the storage 18. The generation management of tables denoted by an identical table number is done by identifying its version. If the version differs, this means that a different table key is set. Then the message authentication code included in the updating common key table is verified using the table key. If the verification is successful, it will be determined that the received common key table is authentic and is a common key table that is stored in the storage 18, and then the common key table, whose table number is m, which is stored in the storage 18 will be rewritten with the updating common key table. If encrypted data with data authentication is selected as the message type, the encrypted data with data authentication must be verified authentic; that is, the encrypted data with data authentication needs to be decrypted and the message authentication code needs to be verified by the encryption/decryption unit 151 before it is decrypted by the decryption unit 152 so as to be verified authentic. For the sake of simplicity in explanation, a description regarding the generation of the MAC frame and the modulation process is omitted in
If the retrieved device ID is not registered in the device negative list, the encryption/decryption unit 251 will run a predetermined encryption function that uses the update master key and the device ID stored in the storage 28 so as to generate another encryption key. The encryption/decryption unit 251 encrypts the table updating key using the other encryption key and combines it with the table number m of the updating common key table. This concatenated data where the encrypted table updating key and the table number are combined together is set to the “management data” of the payload in the message and then this message is broadcast via the road-to-vehicle communication. The encrypted update common key table is also set to the “management data” of the payload in the message and this message is broadcast via the road-to-vehicle communication.
The in-vehicle unit receives a message containing the concatenated data, where the encrypted table updating key and the table number are combined together, and a message containing the encrypted update common key table. The encryption/decryption unit 151 of the in-vehicle unit runs a predetermined encryption function that uses its own device ID and the update master key stored in the storage 18 so as to generate an encryption key. The encryption function used here is the same encryption function run at the roadside unit.
The decryption unit 152 separates the encrypted table updating key and the table number contained in the message received from the roadside unit by use of the generated encryption key so as to decrypt the encrypted table updating key. Then the decryption unit 152 references the table number m of the common key table and reads out a table key included in the common key table, whose table number is m of one generation earlier, stored in the storage 18. The generation management of tables denoted by an identical table number is done by identifying its version.
The decryption unit 152 runs a predetermined encryption function, which uses the further decrypted table updating key and the read-out table key, so as to generate another decryption key. The encryption function used here is different from the encryption function that uses the device ID and the update master key.
The decryption unit 152 decrypts the encrypted update common key table using this encryption key and, at the same time, verifies a message authentication code included in the decrypted common key table.
An area of 1 byte is assigned to each of “version”, “table ID” and “the number of keys”. An area of (int(n/8)+1) bytes (i.e., the minimum number of bytes for which the area of (n+1) bits can be ensured) is assigned to “nega-flags” (negative flags). Here, int( ) is a function by which an integral part is retrieved. An area of 16 bytes is assigned to each of “table master”, “key 0”, . . . , and “key n”. The area of 14 bytes is assigned to “MAC”.
A table number is set to the “table ID”. A number n, which indicates the number of keys in a table minus 1, is set to “the number of keys”. In the example of
When a common key table with a negative flag is to be used, the procedure performed at a receiving side is changed, as follows, in the procedure for transmitting messages in both the road-to-vehicle communication and the inter-vehicular communication described with reference to
A description is now given of a process for rewriting the “nega-flags” of a common key table due to the expired key IDs. An expired key is a communication key that has been leaked or might have possibly been leaked. If, for example, it is verified that the communication key has been leaked through an unauthorized communication interception, the expired key will correspond to the communication key used in the communication message. Besides theses, a communication key, which is determined to be invalid by the system operations management agency 30, is regarded as an expired key. For example, a communication key in which error occurs in encryption/decryption computation is regarded as an expired key.
The common key table including the expired key (i.e., common key table with a negative flag) can also be rewritten in its entirety. The system operations management apparatus 300 transmits the encrypted update common key table, in which the common key table with the negative flag has been encrypted, the table updating key with which to decrypt the encrypted update common key table, and the device negative list to the maintenance company terminal apparatus 700 of a maintenance company 70. In the present exemplary embodiment, a roadside unit (base station apparatus 20) installed at a maintenance facility is assumed as the maintenance company terminal apparatus 700
This roadside unit acquires the device ID from the in-vehicle unit of the existing vehicle 100 (terminal apparatus 10), encrypts the table updating key by use of the device ID, and supplied this encrypted table updating key and the aforementioned encrypted update common key table to the in-vehicle unit. It goes without saying that the encrypted table updating key and the encrypted update common key table may be supplied from a general roadside unit installed at a site excluding the maintenance facility.
Upon receiving the road-to-vehicle message, the security processing unit 15 of the in-vehicle unit outputs the received road-to-vehicle message to the encryption/decryption unit 151. The encryption/decryption unit 151 performs a receiving processing concerning the message type and returns its result to the security processing unit 15. If the received message is determined to be authentic by the verification and if the expired key ID is included in the management data, the expired key ID will be outputted to the decryption unit 152. The decryption unit 152 references the table number included in this expired key ID and reads out a table key included the common key table of this table number. Then the message authentication code included in the expired key ID is verified using this read-out table key. If the verification is successful, the encryption/decryption key 151 will reference the table number and the key number included in this expired key ID and invalidate the communication key included in the corresponding common key table. That is, “1” indicating that the key is not usable is set to a bit corresponding to the key number included in the expired key ID in the “nega-flags” of the common key table specified by the table number included in the expired key ID. Though a description has been given of the transmission processing and the receiving processing of the road-to-vehicle message including the expired ID, there is no need to have the expired key ID included in the road-to-vehicle communication message if there is no need to distribute the expired key ID. Even though the expired key ID needs to be distributed, it is not necessary to have the expired key ID included in all road-to-vehicle communication messages. It is only necessary to transmit road-to-vehicle messages including the expired key ID so long as there is no hindrance of normal servicing by the road-to-vehicle messages.
If the received device ID is not registered in the device negative list, the encryption unit 252 will run a predetermined encryption function that uses the update master key stored in the storage 28 and the device ID so as to generate another encryption key. The encryption unit 252 encrypts the table updating key using the other encryption key. The security processing unit 25 sets this encrypted table updating key to the “management data” of the payload in the message. Then the message is processed at the encryption/decryption unit 251 and then the thus processed message is broadcast in the road-to-vehicle communication. Also, in another road-to-vehicle message, the security processing unit 25 sets the encrypted update common key table to the “management data” of the payload in the message. Then the message is processed at the encryption/decryption unit 251 and then the thus processed message is broadcast in the road-to-vehicle communication. Though, in the example of
Upon receiving the road-to-vehicle message, the security processing unit 15 of the in-vehicle unit outputs the received road-to-vehicle message to the encryption/decryption unit 151. The encryption/decryption unit 151 performs a receiving processing concerning the message type and returns its result to the security processing unit 15. If the received message is determined to be authentic by the verification and if an encrypted table updating key addressed to its own message is included, the security processing unit 15 will output the encrypted table updating key to the decryption unit 152. The decryption unit 152 of the in-vehicle unit runs a predetermined encryption function that uses its own device ID and the update master key stored in the storage 18 so as to generate an encryption key, and the thus generated encryption key is held inside. The encryption function used here is the same encryption function run at the roadside unit.
If the received message is determined to be authentic by the verification and if the encrypted update common key table is included, the security processing unit 15 will output the encrypted update common key table to the decryption unit 152. If the encrypted update key table is received while the generated encryption key is being held inside, the decryption unit 152 will further decrypt the encrypted table updating key contained in the message received from the roadside unit by use of the generated encryption key. Thereby, the encrypted update common key table contained in the message received from the roadside unit is decrypted.
The decryption unit 152 references the table number m included in the common key table with a negative flag obtained by further decrypting the encrypted table updating key and the encrypted update common key table and then reads out a table key included in a common key table of the same table number m stored in the storage 18. The generation management of tables denoted by an identical number m is done by identifying its version. If the version differs, this means that a different table key m is set. Then the message authentication code included in the common key table with the negative flag is verified using the table key. If the verification is successful, it will be determined that the received common key table with the negative flag is authentic and is a common key table that is stored in the storage 18, and then the common key table, whose table number is m, which is stored in the storage 18 will be rewritten with the common key table with the negative flag. Though a description has been given of the transmission processing and the receiving processing of the road-to-vehicle message including the encrypted table updating key or the encrypted update common key table, there is no need to have the encrypted table updating key or the encrypted update common key table included in the road-to-vehicle communication message if there is no need to update the common key table. Even though the common key table needs to be updated, it is not necessary to have the encrypted table updating key or the encrypted update common key table included in all road-to-vehicle communication messages. It is only necessary to transmit road-to-vehicle messages including the encrypted table updating key or the encrypted update common key table so long as there is no hindrance of normal servicing by the road-to-vehicle messages. The road-to-vehicle messages are distributed, as appropriate, to the extent that the normal servicing is not obstructed.
By employing the present exemplary embodiment as described above, a table updating key, which is used to decrypt an encrypted update common key table, is encrypted and then this encrypted table updating key and the encrypted update common key table are broadcast from a base station apparatus to terminal apparatuses. Thus the safety in updating a common key table can be enhanced. Also, a message authentication code is given in the common key table, so that the authenticity of a common key table for use in update can be verified. Also, the message authentication code is generated using a table key of a common key table which is one generation earlier than the updating common key table. This can prevent the updating common key table from being repeatedly updated at a terminal apparatus.
The expired key IDs are broadcast from the base station apparatus to the terminal apparatuses. This can recover the reduced security resulting from the leakage of a common key in the road-to-vehicle communication or the inter-vehicular communication. Provision of a message authentication code in an expired key ID can verify the authenticity of the expired key ID. Also, use of a common key table with a negative flag can broadcast an unusable common key in units of common key table.
The present invention has been described based on the exemplary embodiments. The exemplary embodiments are intended to be illustrative only, and it is understood by those skilled in the art that various modifications to constituting elements and processes as well as arbitrary combinations thereof could be further developed and that such modifications and combinations are also within the scope of the present invention.
As for a message containing an encrypted table updating key, this message may be transmitted by unicast, for example, where its destination is specified, instead of being transmitted by broadcast.
Though in the above-description exemplary embodiments a description has been given of an example where a message authentication code is appended to a security footer, an electronic signature may be appended thereto instead. Since an electronic signature is encrypted using a public key encryption scheme, a secret key and a public key are used in addition to a common key.
In the above-described exemplary embodiments, a description has been given of a method where the negative flag of the common key table with the negative flag stored in an in-vehicle unit is updated using the management data of the road-to-vehicle message. This should not be considered as limiting and, for example, the common key table with the negative flag at the roadside unit may be updated using a similar encryption process. Also, an inter-vehicular message may be distributed by changing the negative flag such that the management data is included in the inter-vehicular message. This can smoothly transmit the expired key IDs in an area where not many roadside units are available. Also, in the above-described embodiments, a description has been given of an example where the system operations management apparatus 300 of the system operations management agency 30 sets a message authentication code (MAC) included in an expired key ID, encrypts the common key table with the negative flag and so forth. This should not be considered as limiting and, for example, these can be done by the roadside unit. In such a case, these are carried out by the encryption unit 252.
In the above-described exemplary embodiments, a description has been given of cases where a message authentication code (MAC) using a common key encryption method is used to verify the authenticity of messages or data. Instead, an electronic signature using a public key method may be used. In this case, the common key table is used to encrypt the payload and the electronic signature. Also, in this case, it is preferable that a public key certificate with the device ID included therein be set to the “device ID” of a security frame and that the electronic signature be set to the “message authentication code”. Similarly, it is preferable that a public key for use in verification is set to the “table master” and the electronic signature be set to the “MAC” in verifying the authenticity of the common key table with the negative flag.
In the above-described embodiments, a description has been given of a case where the expired key ID is distributed from a roadside unit that provides a normal service or the encrypted table updating key and the encrypted update common key table are distributed therefrom. Instead, a roadside unit that does not provide the normal service may be used. A vehicle moves to a communication spot where there is a roadside unit used exclusively for the distribution and then receives the distribution of the expired key ID, the encrypted table updating key and the encrypted update common key table.
In the above-described embodiments, a description has been given of a case where a common key table is updated with reference to
A registration key embedded at the time when the security module is manufactured may be used as the key bounded to the in-vehicle unit. The registration key is managed such that it is bounded to registration information (e.g., registration number) embedded simultaneously at the time of manufacture. The registration key cannot be rewritten or renewed. An update key stored in the SAM in a non-volatile manner may be used as the key bound to the in-vehicle. The update key is managed such that it is bounded to the device ID embedded simultaneously at the time of manufacture. The update key can be rewritten or renewed with the registration key.
An exclusive-use roadside unit 20a is a low power base station apparatus installed in a facility that does maintenance of automobiles (hereinafter referred to as “service facility”). This unit 20a is not a roadside unit that broadcasts the real-time road information to the terminal apparatuses 10 but is a dedicated unit that wirelessly transmits the information concerning a system operation, such as a common key table, to a specific terminal apparatus 10. The exclusive-use roadside unit 20a and the system operations management apparatus 200 may connect to the Internet or may be connected to each other through a dedicated line.
The in-vehicle unit (terminal apparatus 10) of
In the present modification, a new common key table to be updated is transmitted from the system operations management apparatus 300 to the in-vehicle unit through two routes. A first route is a route through the external terminal 191. A second route is a route through the exclusive-use roadside unit 20a and the radio unit 144.
The system operations management apparatus 300 identifies a destination terminal apparatus 10, based on the received concatenated data of the registration number and the device ID and the above-described not-shown database. If, at this time, the identified terminal apparatus 10 is one of terminal apparatuses registered in the device negative list, the system operations management apparatus 300 will not permit the updating of the common key table.
If the identified terminal apparatus 10 is one of terminal apparatuses not registered in the device negative list, the system operations management apparatus 300 will encrypt security information including update data of the common key table by use of a registration key or update key of the identified terminal apparatus 10 and then send the encrypted security information to the terminal apparatus 10. If the device ID has not yet been set to the security processing unit 15 of the terminal apparatus 10, the registration key will be used. Either the registration key or update key may be used after the device ID has been set. The security information is not stored in the management data of payload but stored in the application data thereof.
The security processing unit 15 of the terminal apparatus 10 decrypts the security information using its own registration key or update key and determines the likelihood of authenticity of payload by verifying the message authentication code (MAC). The terminal apparatus 10 responds to the system operations management apparatus 300 as to whether the decryption and the verification have been successful or not.
b shows a procedure for updating a common key table through the second route. If a vehicle carrying a terminal apparatus 10 is located in the neighborhood of the exclusive-use roadside unit 20a, the road-to-vehicle communication is performed between the terminal apparatus 10 and the exclusive-use roadside unit 20a. In this road-to-vehicle communication, the device ID is transmitted from the terminal apparatus 10 to the exclusive-use roadside unit 20a. Thus, the system operations management apparatus 300 can acquire the device ID of the terminal apparatus 10 via the exclusive-use roadside unit 20a without requesting the terminal apparatus 10 to send the ID as shown in
The system operations management apparatus 300 identifies a destination terminal apparatus 10, based on the received device ID and the above-described not-shown database. If, at this time, the identified terminal apparatus 10 is one of terminal apparatuses registered in the device negative list, the system operations management apparatus 300 will not permit the updating of the common key table.
If the identified terminal apparatus 10 is one of terminal apparatuses not registered in the device negative list, the system operations management apparatus 300 will encrypt security information including update data of the common key table by use of an update key of the identified terminal apparatus 10 and then send the encrypted security information to the terminal apparatus 10.
The security processing unit 15 of the terminal apparatus 10 passes the application data, in which this security information has been stored, on to the receiving processing unit 161. The receiving processing unit 161 references the registration number of a security module included in the security information stored in this application data and then determines if the security information is one addressed to this terminal apparatus 10. If the security information is one addressed to this terminal apparatus 10, the receiving processing unit 161 will pass this security information on to the control unit 19. If the security information is not the one addressed to this terminal apparatus 10, the receiving processing unit 161 will discard this security information.
The control unit 19 passes this security information on to the security processing unit 15. The security processing unit 15 decrypts this security information using its own update key and determines the likelihood of authenticity of payload by verifying the message authentication code (MAC). The terminal apparatus 10 responds to the system operations management apparatus 300 as to whether the decryption and the verification have been successful or not.
The “key list for RVC” includes “key 0” to “key P (P being a natural number)”. And a key (e.g., AES key) of a road-to-vehicle key number “0” to a key of a road-to-vehicle key number “P” are set to “key 0” to “key P”, respectively. The “key list for IVC” includes “key 0” to “key Q (Q being a natural number)”. And a key of an inter-vehicular key number “0” to a key of an inter-vehicular key number “Q” are set to “key 0” to “key Q”, respectively. On the assumption that the road-to-vehicle communication and the inter-vehicular communication use different communication schemes whose security levels differ from each other, this common key table provides the road-to-vehicle keys and the inter-vehicular keys separately. The security level of the road-to-vehicle communication is set higher than that of the inter-vehicular communication. For example, the former is used such that a key used in the road-to-vehicle communication is encrypted by combining each key with a random number, whereas the latter (key used in the inter-vehicular communication) is encrypted by using each key as it is.
A flag indicating whether or not a key/encryption field is present is set to the “field flags”.
In the first format, this flag is set to indicate “significant”. The security module references this flag and recognizes a data structure in the security information. The registration number of a security module to be written is set to the “licensed number”. A random number is set to the “nonce”. The data length of payload is set to the “length”. The registration number of a security module to be written is set to the “licensed number” in the “payload”. Since this “licensed number” is encrypted, another “licensed number” is also assigned to a part of the field excluding the “payload”. The device ID of the in-vehicle unit is set to the “device ID”.
The table ID of a transmitting key table is set to the “active table ID”. As will be discussed later, one of a plurality of key tables is assigned to the transmitting key table. The number of key tables (=L (L being a natural number)) included in the security information is set to “the number of key tables”. The key table 1 to the key table L are set to the “key table 1” to the “key table L”, respectively. The format shown in
The management of common key tables is done by use of the version and the table IDs. Thus, the common key tables identified by the same table ID of different version will not be used simultaneously. Of different versions, a common key table whose version is more recent (i.e., whose version value (number) is larger) is always used. The table ID is denoted by 0 to N (N: natural number). In other words, it is set as a system of residues modulo N. In this modification, N=8. For example, the table ID of the first common table and the table ID of the ninth common table are both “0”. Every time a new common key table of the same table ID is generated, the version value (number) is incremented. Thus, the former is “0” and the latter is “1”.
Of a plurality of common key tables stored in the storage areas, a single common key table is assigned to a transmitting common key table (hereinafter referred to as “transmitting key table” also) and a plurality of common key tables are assigned to receiving common key tables (hereinafter referred to as “receiving key tables” also). The plurality of receiving key tables include a transmitting key table and includes common key tables up to a common key table of a future generation than the transmitting key table by a (a: natural number). A table ID of a future generation by n is computed such that {(the table ID of a transmitting key table+n) mod N}. The plurality of receiving key tables may include those up to a common key table of a previous generation by m (m: 0 or a natural number). Similarly, a table ID of a previous generation by m is computed such that {(the table ID of a transmitting key table−m) mod N}. The example of
Even though the system operations management apparatus 300 instructs the switching of the transmitting key tables, the transmitting key tables in all terminal apparatuses 10 will not be simultaneously switched. Time lags occur in the timing with which to switch the transmitting key tables among the terminal apparatuses 10. For example, in a terminal apparatus 10 installed, in the vehicle 100, which has not been used for a long period of time, a transmitting key table of a previous generation by two or more than the most recent table may have been set to the transmitting key table. If this vehicle 100 is used, a terminal apparatus installed in another vehicle 100 will receive packet signals processed with the common key table of two or more generations past. When an encryption system is applied and implemented in practice, the security will be set higher as the range of a receiving key table gets narrower. Thus there may be many cases where the packet signals sent from valid terminal apparatuses 10 fail to be decrypted. The range of the receiving key table is set in consideration of the both demands.
If a cycle, in which the transmitting key tables are switched, is a long period of time (e.g., a few years or so), the receiving key tables may preferably be comprised of a transmitting key table and the next common key table (n=1). If the cycle, in which the transmitting key tables are switched, is a short period of time (e.g., equal to or less than a year), the receiving key tables may preferably be comprised of a transmitting key table, the next common key table (n=1) and the subsequent common key tables (n>1). Many common key tables are preferably incorporated into the receiving key tables such that the shorter the switching period is, the larger the “n” will be. If the switching period is short, the variation in the transmitting key table gets larger among a plurality of terminal apparatuses 10. In contrast thereto, an increase in the number of common key tables incorporated into the receiving key tables reduces the mismatch of the transmitting key tables. Note that 1 or 0 is suitable for m.
A plurality of common key tables are encrypted and then stored in the storage 18. In the example shown in
When the terminal apparatus 10 is activated, the security processing unit 15 reads out common key tables from the storage 18 and, at the same time, generates a key negative map. Registered in this key negative map are keys stored in common key tables excluding the common key tables assigned to the transmitting key table and the receiving key tables. For example, the key negative map is generated in a bit map format. The security processing unit 15 stores the thus generated key negative map in the work area as well. When receiving messages in the road-to-vehicle communication or the inter-vehicular communication, the security processing unit 15 references the key negative map to determine if any unusable key is in use. If a key registered in the key negative map is in use, it will be determined that error has occurred. When transmitting message from the terminal apparatus 10, the security processing unit 15 uses any one of the keys included in the transmitting key tables and therefore there is no need to determine if the key in use is registered in the key negative map.
By employing the present modifications as described above, the updating common key table is encrypted using the registration key or update key of the security module and then the encrypted update common key table is transmitted to the in-vehicle unit, thereby simplifying the updating process of common key tables. Also, the updating common key table is not stored in the management data of the payload but stored in the application data, so that an update system excelling in flexibility and extendability can be constructed.
In the processes, for updating the common key tables, according to the exemplary embodiments as shown in
Number | Date | Country | Kind |
---|---|---|---|
2011-013486 | Jan 2011 | JP | national |
2011-019072 | Jan 2011 | JP | national |
Number | Date | Country | |
---|---|---|---|
Parent | PCT/JP2011/007128 | Dec 2011 | US |
Child | 13853763 | US |