AUTHENTICATION SYSTEM AND AUTHENTICATION METHOD

US 20150095997A1
Filed: 05/29/2012
Published: 04/02/2015
Est. Priority Date: 05/29/2012
Status: Active Grant

First Claim

Patent Images

1. An authentication system used to authenticate a plurality of nodes, wherein the nodes are connected to a network and transmit and receive communication data, the authentication system being characterized in that:

the plurality of nodes share and hold a key code, which is used to generate an authentication code used to verify a transmission source of the communication data, and a change code, which is used to change the authentication code and includes a predetermined random number, wherein the plurality of nodes includesan adding unit that adds the authentication code to the communication data, andan updating unit that updates the authentication code by performing a predetermined operation with the key code and the change code whenever communication of the communication data ends.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

On-vehicle control units include an attaching section for attaching a message code used to check the validity of the transmission source of communication data, to the communication data. The on-vehicle control units also include an update section for updating a key code and the message code every time communication of communication data has been completed. An authentication section checks communication data and the transmission source thereof on the basis of the result of comparison between the random code obtained by restoring a message code and the random code owned by the on-vehicle control units, which are authorized.

42 Citations

View as Search Results

15 Claims

1. An authentication system used to authenticate a plurality of nodes, wherein the nodes are connected to a network and transmit and receive communication data, the authentication system being characterized in that:
- the plurality of nodes share and hold a key code, which is used to generate an authentication code used to verify a transmission source of the communication data, and a change code, which is used to change the authentication code and includes a predetermined random number, wherein the plurality of nodes includesan adding unit that adds the authentication code to the communication data, andan updating unit that updates the authentication code by performing a predetermined operation with the key code and the change code whenever communication of the communication data ends.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10)
- - 3. The authentication system according to claim 1, wherein the updating unit selects a translation code, which includes a predetermined random number that serves as the change code, and executes a recursive operation on the key code using the selected translation code to update the key code from time to time and recursively generate the authentication code with the key code, which is updated from time to time.
  - 4. The authentication system according to claim 3, whereinthe key code includes an initial key, which is held in advance in the plurality of nodes and used when initially generating the authentication code, and an update key, which is generated in an operation performed on the initial key and the translation code from time to time whenever communication of the communication data ends;
    - andthe updating unit generates an authentication code used when initially communicating the communication data by performing an operation on the initial key and a random code, which includes a predetermined random number held in advance in the plurality of nodes, and updates the generated authentication code using an update key that is generated from time to time.
  - 5. The authentication system according to claim 1, further comprising:
    - an authenticating unit that authenticates a node that becomes a communication peer when transmitting and receiving the communication data;
      
      wherein the authentication system is characterized in thatwhen authenticating the node that becomes a communication peer, the authenticating unit acquires, from the communication peer, communication data to which a message code is added, wherein the message code is generated by performing an operation on a random code, which includes a predetermined random number held in advance in the plurality of nodes, and the key code, and wherein the authenticating unit verifies the communication data, to which the message code is added, by comparing a random code, which is restored by performing an operation on the acquired message code and the key code held by the authenticating unit, with a random code, which is held in advance by a node that receives the communication data from the communication subject; and
      
      the updating unit updates the message code as the authentication code.
  - 6. The authentication system according to claim 5, wherein before authenticating a node that becomes a communication peer, the authenticating unit restores a message code, which is generated by performing an operation on the key code and the random code, to a random code using the key code, which is held in advance in the authenticating unit, to acquire a random code used to verify the communication data.
  - 7. The authentication system according to claim 1, whereina node that transmits the communication data distributes the change code to a node that is a transmission peer together with an authentication code, which is added to the communication data;
    - andthe updating unit updates a key code using the change code as long as a transmission process of communication data, to which the authentication code and the change code are added, is completed.
  - 8. The authentication system according to claim 1, whereinthe plurality of nodes share and hold a key code, which is used to generate an authentication code, and a change code, which is used to change the authentication code;
    - the updating protocol sets a protocol for updating the authentication code with the key code and the change code; and
      
      the updating unit updates the authentication code by changing the type of operation for the authentication code using the change code whenever communication of the communication data ends.
  - 9. The authentication system according to claim 1, whereinthe plurality of nodes share and hold a key code, which is used to generate an authentication code, and a change code, which is used to change the authentication code;
    - the updating protocol sets a protocol for updating the authentication code with the key code and the change code; and
      
      the updating unit counts the number of communications of the communication data transmitted between the plurality of nodes and generates the authentication code using a number of key codes corresponding to the number of counted communications to update the authentication code.
  - 10. The authentication system according to claim 1, whereinthe plurality of nodes includes a plurality of on-board controllers arranged in a vehicle to configure a vehicle network;
    - the adding unit and the updating unit are each arranged in each of the plurality of on-board controllers; and
      
      the updating units arranged in the plurality of on-board controllers synchronously update the authentication code whenever communication data is transmitted and received through the vehicle network.

2. (canceled)

11. An authentication method used to authenticate a plurality of nodes, wherein the nodes are connected to a network and transmit and receive communication data, the authentication method comprising:
- adding an authentication code, which is used to verify a transmission source of the communication data, to the communication data;
  
  updating the authentication code based on a specified authentication code updating protocol whenever communication of the communication data ends;
  
  sharing and holding a key code, which is used to generate an authentication code, and a change code, which is used to change the authentication code, in the plurality of nodes; and
  
  setting a protocol for updating the authentication code with the key code and the change code as the updating protocol.
- View Dependent Claims (13, 14, 15)
- - 13. The authentication method according to claim 11, wherein the updating the authentication code includes selecting a translation code including a predetermined random number as the change code, and performing a recursive operation on the key code using the selected translation code to update the key code from time to time and recursively generate the authentication code with the key code, which is updated from time to time.
  - 14. The authentication method according to claim 13, comprising selecting, as the key code, an initial key, which is held in advance in the plurality of nodes and used when initially generating the authentication code, and an update key, which is generated from time to time whenever the communication data is communicated by performing an operation on the initial key and the translation code;
    - wherein the updating the authentication code includes generating an authentication code, which is used when initially communicating communication data through an operation performed on the initial key and the random code, and updating the generated authentication code with the update key that is generated from time to time.
  - 15. The authentication method according to claim 11, further comprising acquiring, when authenticating a node that becomes a communication subject, from the communication subject communication data to which a message code is added, wherein the message code is generated by performing an operation on a random code, which includes a predetermined random number held in advance in the plurality of nodes, and the key code, verifying the communication data to which the message code is added by comparing a random code, which is restored by performing an operation on the acquired message code and the key code that is held in advance, with a random code, which is held in advance by a node that receives the communication data from the communication subject, and authenticating a node that becomes the communication subject when transmitting and receiving the communication data based on the verification result;
    - wherein the updating the authentication code includes updating the message code as the authentication code.

12. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Toyota Jidosha Kabushiki Kaisha (Toyota Motor Corporation)
Original Assignee
Toyota Jidosha Kabushiki Kaisha (Toyota Motor Corporation)
Inventors
Mabuchi, Mitsuhiro

Granted Patent

US 9,577,997 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

B60R 25/20   Means to switch the anti-th...

G07C 5/085   using electronic data carriers

H04L 2209/84   Vehicles

H04L 63/068   using time-dependent keys, ...

H04L 63/08   for authentication of entit...

H04L 63/126   the source of the received ...

H04L 67/12   specially adapted for propr...

H04L 9/08   Key distribution or managem...

H04L 9/0891   Revocation or update of sec...

H04L 9/3226   using a predetermined code,...

AUTHENTICATION SYSTEM AND AUTHENTICATION METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATION SYSTEM AND AUTHENTICATION METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links