Management device, vehicle, management method, and computer program

US 10,673,621 B2
Filed: 03/10/2016
Issued: 06/02/2020
Est. Priority Date: 03/26/2015
Status: Active Grant

First Claim

Patent Images

1. A management device, comprising:

an initially-delivered key storage configured to store a plurality of initially-delivered keys serving as candidates of initially-delivered keys in connection with a plurality of onboard computers installed in a vehicle;

a communication circuit configured to communicate with an onboard computer among the plurality of onboard computers installed in the vehicle to receive encrypted data from the onboard computer;

verification logic configured to verify the encrypted data using an initially-delivered key among the plurality of initially-delivered keys stored on the initially-delivered key storage; and

a wireless communication circuit configured to receive, from a management server equipment through a wireless communication network, a new initially-delivered key in connection with a new onboard computer newly installed in the vehicle,wherein the initially-delivered key storage stores the new initially-delivered key received by the wireless communication circuit, andwherein a management key utilized in updating a key used for an encrypted communication between the plurality of each onboard computer is updated via (i) through (v),(i) verifying whether the new initially-delivered key is stored in the new onboard computer,(ii) encrypting a latest management key using the new initially-delivered key,(iii) sending the encrypted latest management key to the new onboard computer,(iv) decrypting, by the new onboard computer, the encrypted latest management key using the new initially-delivered key, and(v) storing, by the new onboard computer, the latest management key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A management device installed in an automobile includes an initially-delivered key storage unit for storing a plurality of initially-delivered keys corresponding to candidates of initially-delivered keys held by an ECU, a communication part for communicating with the ECU, a verification part for verifying encrypted data from the ECU with the initially-delivered key of the initially-delivered key storage unit, and a wireless communication part for receiving a new initially-delivered key held by a new ECU newly installed in the automobile from management server equipment through a wireless communication network. The initially-delivered key storage unit stores the new initially-delivered key received with the wireless communication part.

Citations

13 Claims

1. A management device, comprising:
- an initially-delivered key storage configured to store a plurality of initially-delivered keys serving as candidates of initially-delivered keys in connection with a plurality of onboard computers installed in a vehicle;
  
  a communication circuit configured to communicate with an onboard computer among the plurality of onboard computers installed in the vehicle to receive encrypted data from the onboard computer;
  
  verification logic configured to verify the encrypted data using an initially-delivered key among the plurality of initially-delivered keys stored on the initially-delivered key storage; and
  
  a wireless communication circuit configured to receive, from a management server equipment through a wireless communication network, a new initially-delivered key in connection with a new onboard computer newly installed in the vehicle,wherein the initially-delivered key storage stores the new initially-delivered key received by the wireless communication circuit, andwherein a management key utilized in updating a key used for an encrypted communication between the plurality of each onboard computer is updated via (i) through (v),(i) verifying whether the new initially-delivered key is stored in the new onboard computer,(ii) encrypting a latest management key using the new initially-delivered key,(iii) sending the encrypted latest management key to the new onboard computer,(iv) decrypting, by the new onboard computer, the encrypted latest management key using the new initially-delivered key, and(v) storing, by the new onboard computer, the latest management key.
- View Dependent Claims (2, 3, 4)
- - 2. The management device according to claim 1, further comprising:
    - key generation logic configured to generate the management key utilized in updating the key for each onboard computer;
      
      an encryption processor configured to generate an encrypted key by encrypting the key generated by the key generation logic; and
      
      a key storage configured to store the key generated by the key generation logic,wherein the communication circuit sends the encrypted key to an onboard computer successfully verified with the verification logic among the plurality of onboard computers installed in the vehicle.
  - 3. The management device according to claim 2, which is configured of a secure element installed in the vehicle.
  - 4. The management device according to claim 1, which is configured of a secure element installed in the vehicle.

5. A management device, comprising:
- an initially-delivered key storage configured to store a plurality of initially-delivered keys in connection with a plurality of onboard computers installed in a vehicle and a new initially-delivered key in connection with a new onboard computer newly installed in the vehicle;
  
  a communication circuit configured to communicate with the plurality of onboard computers installed in the vehicle; and
  
  verification logic configured to receive encrypted data from an onboard computer among the plurality of onboard computers installed in the vehicle via the communication circuit to verify the encrypted data with an initially-delivered key among the plurality of initially-delivered keys stored on the initially-delivered key storage,wherein a management key utilized in updating a key used for an encrypted communication between the plurality of each onboard computer is updated via (i) through (v),(i) verifying whether the new initially-delivered key is stored in the new onboard computer,(ii) encrypting a latest management key using the new initially-delivered key,(iii) sending the encrypted latest management key to the new onboard computer,(iv) decrypting, by the new onboard computer, the encrypted latest management key using the new initially-delivered key, and(v) storing, by the new onboard computer, the latest management key.
- View Dependent Claims (6, 7, 8)
- - 6. The management device according to claim 5, further comprising:
    - key generation logic configured to generate the management key utilized in updating the key for each onboard computer;
      
      an encryption processor configured to generate an encrypted key by encrypting the key generated by the key generation logic; and
      
      a key storage configured to store the key generated by the key generation logic,wherein the communication circuit sends the encrypted key to an onboard computer successfully verified with the verification logic among the plurality of onboard computers installed in the vehicle.
  - 7. The management device according to claim 6, which is configured of a secure element installed in the vehicle.
  - 8. The management device according to claim 5, which is configured of a secure element installed in the vehicle.

9. A management method, comprising:
- storing, in a management device, a plurality of initially-delivered keys serving as candidates of initially-delivered keys in connection with a plurality of onboard computers installed in a vehicle on an initially-delivered key storage;
  
  communicating, by the management device, with an onboard computer among the plurality of onboard computers installed in the vehicle to receive encrypted data from the onboard computer;
  
  verifying, by the management device, the encrypted data of an initially-delivered key among the plurality of initially-delivered keys stored on the initially-delivered key storage;
  
  wirelessly communicating, by the management device, to receive a new initially-delivered key in connection with a new onboard computer newly installed in the vehicle from a management server equipment through a wireless communication network;
  
  storing, in the initially-delivered key storage, the new initially-delivered key; and
  
  updating a management key utilized in updating a key used for an encrypted communication between the plurality of each onboard computer via (i) through (v),(i) verifying whether the new initially-delivered key is stored in the new onboard computer,(ii) encrypting a latest management key using the new initially-delivered key,(iii) sending the encrypted latest management key to the new onboard computer,(iv) decrypting, by the new onboard computer, the encrypted latest management key using the new initially-delivered key, and(v) storing, by the new onboard computer, the latest management key.

10. A management method, comprising:
- storing, in an initially-delivered key storage of a management device, a plurality of initially-delivered keys in connection with a plurality of onboard computers installed in a vehicle and a new initially-delivered key in connection with a new onboard computer newly installed in the vehicle;
  
  communicating, by the management device, to communicate with an onboard computer among the plurality of onboard computers installed in the vehicle to receive encrypted data from the onboard computer installed in the vehicle;
  
  verifying, by the management device, the encrypted data with an initially-delivered key among a plurality of initially-delivered keys stored on the initially-delivered key storage; and
  
  updating a management key utilized in updating a key used for an encrypted communication between the plurality of each onboard computer via (i) through (v),(i) verifying whether the new initially-delivered key is stored in the new onboard computer,(ii) encrypting a latest management key using the new initially-delivered key,(iii) sending the encrypted latest management key to the new onboard computer,(iv) decrypting, by the new onboard computer, the encrypted latest management key using the new initially-delivered key, and(v) storing, by the new onboard computer, the latest management key.

11. A non-transitory computer-readable storing medium storing a computer program causing a computer to execute:
- storing, in an initially-delivered key storage, a plurality of initially-delivered keys serving as candidates of initially-delivered keys in connection with a plurality of onboard computers installed in a vehicle;
  
  communicating with an onboard computer among the plurality of onboard computers installed in the vehicle;
  
  receiving, during the communicating, encrypted data from the onboard computer to verify the encrypted data utilizing an initially-delivered key among the plurality of initially-delivered keys stored on the initially-delivered key storage;
  
  receiving, via wireless communication, a new initially-delivered key in connection with a new onboard computer newly installed in the vehicle from a management server equipment through a wireless communication network;
  
  storing, in the initially-delivered key storage, the new initially-delivered key; and
  
  updating a management key utilized in updating a key used for an encrypted communication between the plurality of each onboard computer via (i) through (v),(i) verifying whether the new initially-delivered key is stored in the new onboard computer,(ii) encrypting a latest management key using the new initially-delivered key,(iii) sending the encrypted latest management key to the new onboard computer,(iv) decrypting, by the new onboard computer, the encrypted latest management key using the new initially-delivered key, and(v) storing, by the new onboard computer, the latest management key.

12. A non-transitory computer-readable storing medium storing a computer program causing a computer to execute:
- storing a plurality of initially-delivered keys in connection with a plurality of onboard computers installed in a vehicle and a new initially-delivered key in connection with a new onboard computer newly installed in the vehicle on an initially-delivered key storage;
  
  communicating with an onboard computer among the plurality of onboard computers installed in the vehicle;
  
  receiving, during the communicating, encrypted data from the onboard computer to verify the encrypted data with an initially-delivered key among the plurality of initially-delivered keys stored on the initially-delivered key storage; and
  
  updating a management key utilized in updating a key used for an encrypted communication between the plurality of each onboard computer via (i) through (v),(i) verifying whether the new initially-delivered key is stored in the new onboard computer,(ii) encrypting a latest management key using the new initially-delivered key,(iii) sending the encrypted latest management key to the new onboard computer,(iv) decrypting, by the new onboard computer, the encrypted latest management key using the new initially-delivered key, and(v) storing, by the new onboard computer, the latest management key.

13. A management method for managing a plurality of onboard computers installed in a vehicle, wherein data communication among the plurality of onboard computers is verified using a plurality of initially-delivered keys stored on an initially-delivered key storage, the management method comprising:
- detecting a new onboard computer newly installed in the vehicle;
  
  receiving a new initially-delivered key issued by a management server equipment;
  
  storing the new initially-delivered key on the initially-delivered key storage;
  
  verifying whether the new initially-delivered key is held by the new onboard computer; and
  
  updating a management key utilized in updating a key used for an encrypted communication between the plurality of each onboard computer via (i) through (v),(i) verifying whether the new initially-delivered key is stored in the new onboard computer,(ii) encrypting a latest management key using the new initially-delivered key,(iii) sending the encrypted latest management key to the new onboard computer,(iv) decrypting, by the new onboard computer, the encrypted latest management key using the new initially-delivered key, and(v) storing, by the new onboard computer, the latest management key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
KDDI Corporation
Original Assignee
KDDI Corporation
Inventors
Takemori, Keisuke, Kawabata, Hideaki
Primary Examiner(s)
Holder, Bradley W

Application Number

US15/559,944
Publication Number

US 20180068107A1
Time in Patent Office

1,545 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

H04L 2209/84   Vehicles

H04L 9/08   Key distribution or managem...

H04L 9/0822   using key encryption key

H04L 9/0891   Revocation or update of sec...

H04L 9/16   the keys or algorithms bein...

H04L 9/32   including means for verifyi...

H04L 9/3271   using challenge-response

Management device, vehicle, management method, and computer program

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Management device, vehicle, management method, and computer program

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links