Key management method used in encryption processing for safely transmitting and receiving messages
First Claim
1. A key management method in an onboard network system having a plurality of electronic control units (ECUs) that perform communication by frames via a bus, the method comprising:
- storing, in a first-type electronic control unit out of the plurality of electronic control units, a shared key to be mutually shared with one or more second-type electronic control units other than the first-type electronic control unit, the shared key also being stored in the one or more second-type electronic control units other than the first-type electronic control unit;
acquiring, by each of the second-type electronic control units, a session key by communication with the first-type electronic control unit based on the stored shared key, and after this acquisition, executing encryption processing regarding a frame transmitted or received via the bus, using this session key; and
executing, by the first-type electronic control unit, inspection of a security state of the shared key stored by the second-type electronic control units in a case where a vehicle in which the onboard network system is installed is in a particular state,wherein the particular state is a state where the vehicle is not driving and is an accessory-on state.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided is a key management method to secure security in an onboard network system having multiple electronic control units storing a shared key. In the key management method of the onboard network system including multiple electronic units (ECUs) that perform communication by frames via a bus, a master ECU stores a shared key to be mutually shared with one or more ECUs. Each of the ECUs acquire a session key by communication with the master ECU based on the stored shared key, and after this acquisition, executes encryption processing regarding a frame transmitted or received via the bus, using this session key. In a case where a vehicle in which the onboard network system is installed is in a particular state, the master ECU executes inspection of a security state of the shared key stored by the ECU or the like.
8 Citations
28 Claims
-
1. A key management method in an onboard network system having a plurality of electronic control units (ECUs) that perform communication by frames via a bus, the method comprising:
-
storing, in a first-type electronic control unit out of the plurality of electronic control units, a shared key to be mutually shared with one or more second-type electronic control units other than the first-type electronic control unit, the shared key also being stored in the one or more second-type electronic control units other than the first-type electronic control unit; acquiring, by each of the second-type electronic control units, a session key by communication with the first-type electronic control unit based on the stored shared key, and after this acquisition, executing encryption processing regarding a frame transmitted or received via the bus, using this session key; and executing, by the first-type electronic control unit, inspection of a security state of the shared key stored by the second-type electronic control units in a case where a vehicle in which the onboard network system is installed is in a particular state, wherein the particular state is a state where the vehicle is not driving and is an accessory-on state. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An onboard network system having a plurality of electronic control units (ECUs) that perform communication by frames via a bus, the system comprising:
-
a first-type electronic control unit, out of the plurality of electronic control units, configured to store a shared key to be mutually shared with one or more second-type electronic control units other than the first-type electronic control unit, the shared key also being stored in the one or more second-type electronic control units other than the first-type electronic control unit; and each of the second-type electronic control units configured to (i) acquire a session key by communication with the first-type electronic control unit based on the stored shared key, and after this acquisition, (ii) execute encryption processing regarding a frame transmitted or received via the bus, using this session key, wherein the first-type electronic control unit executes inspection of a security state of the shared key stored by the second-type electronic control units in a case where a vehicle in which itself is installed is in a particular state, and wherein the particular state is a state where the vehicle is not driving and is an accessory-on state. - View Dependent Claims (13)
-
-
12. A key management device serving as an electronic control unit (ECU) in an onboard network system having a plurality of electronic control units (ECUs) that perform communication by frames via a bus, the device comprising:
-
a processor; and a memory having a computer program stored thereon, the computer program causing the processor to execute operations including storing a shared key to be mutually shared with one or more electronic control units other than itself out of the plurality of electronic control units, for transmission of a session key used for encryption relating to a frame, the shared key also being stored in the one or more second-type electronic control units other than the first-type electronic control unit, and inspecting of a security state of the shared key stored by the electronic control units other than itself in a case where a vehicle in which itself is installed is in a particular state, wherein the particular state is a state where the vehicle is not driving and is an accessory-on state. - View Dependent Claims (14)
-
-
15. A key management method in an onboard network system having a plurality of electronic control units (ECUs) that perform communication by frames via a bus, the method comprising:
-
storing, in a first-type electronic control unit out of the plurality of electronic control units, a shared key to be mutually shared with one or more second-type electronic control units other than the first-type electronic control unit, the shared key also being stored in the one or more second-type electronic control units other than the first-type electronic control unit; acquiring, by each of the second-type electronic control units, a session key by communication with the first-type electronic control unit based on the stored shared key, and after this acquisition, executing encryption processing regarding a frame transmitted or received via the bus, using this session key; executing, by the first-type electronic control unit, inspection of a security state of the shared key stored by the second-type electronic control units in a case where a vehicle in which the onboard network system is installed is not driving, and is fueling; determining whether a fuel cap of the vehicle is open or not; and determining whether the state of the vehicle is not driving, and is fueling when the fuel cap is open.
-
-
16. An onboard network system having a plurality of electronic control units (ECUs) that perform communication by frames via a bus, the system comprising:
-
a first-type electronic control unit, out of the plurality of electronic control units, configured to store a shared key to be mutually shared with one or more second-type electronic control units other than the first-type electronic control unit, the shared key also being stored in the one or more second-type electronic control units other than the first-type electronic control unit; and each of the second-type electronic control units configured to (i) acquire a session key by communication with the first-type electronic control unit based on the stored shared key, and after this acquisition, (ii) execute encryption processing regarding a frame transmitted or received via the bus, using this session key, wherein the first-type electronic control unit executes inspection of a security state of the shared key stored by the second-type electronic control units in a case where a vehicle in which itself is installed is not driving, and is fueling, determines whether a fuel cap of the vehicle is open or not, and determines whether the state of the vehicle is not driving, and is fueling when the fuel cap is open.
-
-
17. A key management device serving as an electronic control unit (ECU) in an onboard network system having a plurality of electronic control units (ECUs) that perform communication by frames via a bus, the device comprising:
-
a processor; and a memory having a computer program stored thereon, the computer program causing the processor to execute operations including storing a shared key to be mutually shared with one or more electronic control units other than itself out of the plurality of electronic control units, for transmission of a session key used for encryption relating to a frame, the shared key also being stored in the one or more second-type electronic control units other than the first-type electronic control unit, inspecting of a security state of the shared key stored by the electronic control units other than itself in a case where a vehicle in which itself is installed is not driving, and is fueling, determining whether a fuel cap of the vehicle is open or not, and determining whether the state of the vehicle is not driving, and is fueling when the fuel cap is open.
-
-
18. A key management method in an onboard network system having a plurality of electronic control units (ECUs) that perform communication by frames via a bus, the method comprising:
-
storing, in a first-type electronic control unit out of the plurality of electronic control units, a shared key to be mutually shared with one or more second-type electronic control units other than the first-type electronic control unit, the shared key also being stored in the one or more second-type electronic control units other than the first-type electronic control unit; acquiring, by each of the second-type electronic control units, a session key by communication with the first-type electronic control unit based on the stored shared key, and after this acquisition, executing encryption processing regarding a frame transmitted or received via the bus, using this session key; and executing, by the first-type electronic control unit, inspection of a security state of the shared key stored by the second-type electronic control units in a case where a vehicle in which the onboard network system is installed is parked, which is indicated by the gearshift. - View Dependent Claims (19)
-
-
20. An onboard network system having a plurality of electronic control units (ECUs) that perform communication by frames via a bus, the system comprising:
-
a first-type electronic control unit, out of the plurality of electronic control units, configured to store a shared key to be mutually shared with one or more second-type electronic control units other than the first-type electronic control unit, the shared key also being stored in the one or more second-type electronic control units other than the first-type electronic control unit; and each of the second-type electronic control units configured to (i) acquire a session key by communication with the first-type electronic control unit based on the stored shared key, and after this acquisition, (ii) execute encryption processing regarding a frame transmitted or received via the bus, using this session key, wherein the first-type electronic control unit executes inspection of a security state of the shared key stored by the second-type electronic control units in a case where a vehicle in which itself is installed is parked, which is indicated by the gearshift.
-
-
21. A key management device serving as an electronic control unit (ECU) in an onboard network system having a plurality of electronic control units (ECUs) that perform communication by frames via a bus, the device comprising:
-
a processor; and a memory having a computer program stored thereon, the computer program causing the processor to execute operations including storing a shared key to be mutually shared with one or more electronic control units other than itself out of the plurality of electronic control units, for transmission of a session key used for encryption relating to a frame, the shared key also being stored in the one or more second-type electronic control units other than the first-type electronic control unit, and inspecting of a security state of the shared key stored by the electronic control units other than itself in a case where a vehicle in which itself is parked, which is indicated by the gearshift.
-
-
22. A key management method in an onboard network system having a plurality of electronic control units (ECUs) that perform communication by frames via a bus, the method comprising:
-
storing, in a first-type electronic control unit out of the plurality of electronic control units, a shared key to be mutually shared with one or more second-type electronic control units other than the first-type electronic control unit, the shared key also being stored in the one or more second-type electronic control units other than the first-type electronic control unit; acquiring, by each of the second-type electronic control units, a session key by communication with the first-type electronic control unit based on the stored shared key, and after this acquisition, executing encryption processing regarding a frame transmitted or received via the bus, using this session key; and executing, by the first-type electronic control unit, inspection of a security state of the shared key stored by the second-type electronic control units in a case where a vehicle in which the onboard network system is installed is in a stopped state before driving, which is indicated by the gearshift. - View Dependent Claims (23)
-
-
24. An onboard network system having a plurality of electronic control units (ECUs) that perform communication by frames via a bus, the system comprising:
-
a first-type electronic control unit, out of the plurality of electronic control units, configured to store a shared key to be mutually shared with one or more second-type electronic control units other than the first-type electronic control unit, the shared key also being stored in the one or more second-type electronic control units other than the first-type electronic control unit; and each of the second-type electronic control units configured to (i) acquire a session key by communication with the first-type electronic control unit based on the stored shared key, and after this acquisition, (ii) execute encryption processing regarding a frame transmitted or received via the bus, using this session key, wherein the first-type electronic control unit executes inspection of a security state of the shared key stored by the second-type electronic control units in a case where a vehicle in which itself is installed is in a stopped state before driving, which is indicated by the gearshift.
-
-
25. A key management device serving as an electronic control unit (ECU) in an onboard network system having a plurality of electronic control units (ECUs) that perform communication by frames via a bus, the device comprising:
-
a processor; and a memory having a computer program stored thereon, the computer program causing the processor to execute operations including storing a shared key to be mutually shared with one or more electronic control units other than itself out of the plurality of electronic control units, for transmission of a session key used for encryption relating to a frame, the shared key also being stored in the one or more second-type electronic control units other than the first-type electronic control unit, and inspecting of a security state of the shared key stored by the electronic control units other than itself in a case where a vehicle in which itself in a stopped state before driving, which is indicated by the gearshift.
-
-
26. A key management method in an onboard network system having a plurality of electronic control units (ECUs) that perform communication by frames via a bus, the method comprising:
-
storing, in a first-type electronic control unit out of the plurality of electronic control units, a shared key to be mutually shared with one or more second-type electronic control units other than the first-type electronic control unit, the shared key also being stored in the one or more second-type electronic control units other than the first-type electronic control unit; acquiring, by each of the second-type electronic control units, a session key by communication with the first-type electronic control unit based on the stored shared key, and after this acquisition, executing encryption processing regarding a frame transmitted or received via the bus, using this session key; executing, by the first-type electronic control unit, inspection of a security state of the shared key stored by the second-type electronic control units in a case where an electrical vehicle in which the onboard network system is installed is electrically charging, determining whether a charging plug is connected to the electrical vehicle or not, and determining whether the state of the electrical vehicle is electrically charging when the charging plug is connected to the electrical vehicle.
-
-
27. An onboard network system having a plurality of electronic control units (ECUs) that perform communication by frames via a bus, the system comprising:
-
a first-type electronic control unit, out of the plurality of electronic control units, configured to store a shared key to be mutually shared with one or more second-type electronic control units other than the first-type electronic control unit, the shared key also being stored in the one or more second-type electronic control units other than the first-type electronic control unit; and each of the second-type electronic control units configured to (i) acquire a session key by communication with the first-type electronic control unit based on the stored shared key, and after this acquisition, (ii) execute encryption processing regarding a frame transmitted or received via the bus, using this session key, wherein the first-type electronic control unit executes inspection of a security state of the shared key stored by the second-type electronic control units in a case where an electrical vehicle in which itself is installed is electrically charging, determines whether a charging plug is connected to the electrical vehicle or not, and determines whether the state of the electrical vehicle is electrically charging when the charging plug is connected to the electrical vehicle.
-
-
28. A key management device serving as an electronic control unit (ECU) in an onboard network system having a plurality of electronic control units (ECUs) that perform communication by frames via a bus, the device comprising:
-
a processor; and a memory having a computer program stored thereon, the computer program causing the processor to execute operations including storing a shared key to be mutually shared with one or more electronic control units other than itself out of the plurality of electronic control units, for transmission of a session key used for encryption relating to a frame, the shared key also being stored in the one or more second-type electronic control units other than the first-type electronic control unit, and inspecting of a security state of the shared key stored by the electronic control units other than itself in a case where an electrical vehicle in which itself is installed is electrically charging, determining whether a charging plug is connected to the electrical vehicle or not, and determining whether the state of the electrical vehicle is electrically charging when the charging plug is connected to the electrical vehicle.
-
Specification