Communication system having plurality of nodes sharing a common cipher key, cipher key dispatching apparatus for use in the system, and anti-theft apparatus utilizing information derived from cipher key utilization

US 7,602,915 B2
Filed: 04/28/2005
Issued: 10/13/2009
Est. Priority Date: 04/28/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A communication system comprising at least one LAN (Local Area Network), said communication system having at least three nodes connected thereto, wherein said nodes perform mutual encrypted communication by utilizing a common cipher key for encrypting and decrypting communication data, and wherein:

one of said nodes functions as a main node and remaining ones of said nodes function as respective secondary nodes which receive said common cipher key from said main node, and said main node comprises means for executing a key replacement operation at successive regular or irregular intervals, said key replacement operation comprisinggenerating a cipher key to be utilized as said common cipher key, andtransmitting said generated common cipher key to each of said secondary nodes via said LAN by employing a broadcast communication mode; and

each of said nodes is provided beforehand with a class cipher key, said class cipher key being a cipher key that is identical for each of said nodes and is continuously held by each of said nodes,said main node comprises means for encrypting said common cipher key by using said class cipher key, and transmitting said common cipher key in encrypted form in said key replacement operation, andeach of said secondary nodes comprises means for decrypting said encrypted common cipher key when received from said main node, by using said class cipher key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication system has a plurality of nodes that perform encrypted communication via a LAN, each using an identical common cipher key. The common cipher key is replaced at fixed or irregular intervals, by being transmitted from a main node in a broadcast mode via the LAN to respective secondary nodes that are to share the key. When the key is successfully received by a secondary node, it returns a confirmation signal. The system can be configured such that a notification list of secondary nodes for which key acquisition has been confirmed is transmitted to all of the secondary nodes.

17 Citations

View as Search Results

23 Claims

1. A communication system comprising at least one LAN (Local Area Network), said communication system having at least three nodes connected thereto, wherein said nodes perform mutual encrypted communication by utilizing a common cipher key for encrypting and decrypting communication data, and wherein:
- one of said nodes functions as a main node and remaining ones of said nodes function as respective secondary nodes which receive said common cipher key from said main node, and said main node comprises means for executing a key replacement operation at successive regular or irregular intervals, said key replacement operation comprisinggenerating a cipher key to be utilized as said common cipher key, andtransmitting said generated common cipher key to each of said secondary nodes via said LAN by employing a broadcast communication mode; and
  
  each of said nodes is provided beforehand with a class cipher key, said class cipher key being a cipher key that is identical for each of said nodes and is continuously held by each of said nodes,said main node comprises means for encrypting said common cipher key by using said class cipher key, and transmitting said common cipher key in encrypted form in said key replacement operation, andeach of said secondary nodes comprises means for decrypting said encrypted common cipher key when received from said main node, by using said class cipher key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A communication system according to claim 1, wherein said key replacement operation is executed each time that operation of said communication system is restarted.
  - 3. A communication system according to claim 2 wherein following said restarting of operation of said communication system, said key replacement operation is executed in parallel with initialization of respective data processing sections of said nodes, and said key replacement operation is executed within an interval during which said initialization is performed to completion.
  - 4. A communication system according to claim 1, whereineach said secondary node comprises means responsive to receiving said common cipher key from said main node for transmitting a confirmation signal to said main node via said LAN, andsaid main node comprises means for detecting a condition, following execution of said key replacement operation, in which said confirmation signal has not been received from a secondary node that is permitted to share said common cipher key, and for retransmitting said common cipher key to said secondary nodes by said broadcast communication mode when said condition is detected.
  - 5. A communication system according to claim 4, whereinsaid main node comprises means for generating a key confirmation list following execution of said key replacement operation, and for transmitting said key confirmation list to each of said secondary nodes via said LAN using said broadcast communication mode, said key confirmation list having registered therein each of said secondary nodes from which a confirmation signal has been received, andeach of said secondary nodes comprises means for detecting a condition whereby said secondary node is omitted from said key confirmation list, and for responding to said retransmitting of said common cipher key by transmitting said confirmation signal only when said condition is detected.
  - 6. A communication system according to claim 1, whereinsaid main node comprises means for generating a notification list having registered therein each of said secondary nodes that is permitted to share said common cipher key, and for transmitting said notification list to each of said secondary nodes via said LAN using said broadcast communication mode, prior to executing said key replacement operation, andeach said secondary node comprises means for detecting a condition whereby said each secondary node is registered in said notification list and also has received said common cipher key in said key replacement operation that is executed following said transmitting of said notification list, and for transmitting a confirmation signal via said LAN to said main node when said condition is detected.
  - 7. A communication system according to claim 6, wherein said main node comprises means fordetecting a condition, following execution of said key replacement operation, in which said confirmation signal has not been received from a secondary node that is registered in said notification list, and, when said condition is detected,generating a modified notification list which specifies said secondary node from which a confirmation signal has not been received,transmitting said modified notification list to each of said secondary nodes via said LAN, using said broadcast communication mode andretransmitting said common cipher key to said secondary nodes via said LAN using said broadcast communication mode.
  - 8. A communication system according to claim 4, whereineach said secondary node comprises means forgenerating a random number to constitute said confirmation signal when said common cipher key has been received in said key replacement operation,encrypting said confirmation signal by using said received common cipher key, andtransmitting said encrypted confirmation signal via said LAN to said main node;
    - andsaid main node comprisesmeans responsive to receiving said encrypted confirmation signal from a secondary node for decrypting said encrypted confirmation signal to obtain said random number,attaching data constituting a predetermined confirmation indicator to said random number to thereby form a confirmation response signal,encrypting said confirmation response signal by using said common cipher key, andtransmitting said encrypted confirmation response signal via said LAN to said secondary node which transmitted said encrypted confirmation signal.
  - 9. A communication system according to claim 1, wherein each of said secondary nodes comprises means for detecting a condition whereby said common cipher key has not yet been received from said main node after a predetermined waiting interval has elapsed following a time point at which said key replacement operation has begun, and for transmitting to said main node via said LAN a request signal for requesting execution of said key replacement operation when said condition is detected.

10. In a communication system having a plurality of nodes and at least one LAN (Local Area Network) utilized for encrypted communication between said nodes, a cipher key dispatching apparatus that is constituted by one of said nodes, comprisingcipher key generating means for successively generating, at predetermined timings, respectively different versions of a common cipher key for use in encrypting and decrypting of communication data,key dispatching means provided beforehand with a class cipher key, for using said class cipher key to encrypt said common cipher key generated by said cipher key generating means, and transmitting a resultant encrypted common cipher key via said LAN by a broadcast communication mode,key confirmation list generating means for receiving confirmation signals transmitted via said LAN from other ones of said nodes upon receiving said encrypted common cipher key, and generating a key confirmation list having registered therein each of said nodes which have transmitted said confirmation signals, andlist dispatching means for transmitting said key confirmation list to said other nodes via said LAN, using a broadcast communication mode.
- View Dependent Claims (11, 12, 16, 19)
- - 11. A cipher key dispatching apparatus according to claim 10, wherein a specific set of said other nodes are predetermined as being permitted to share said common cipher key, and wherein said cipher key dispatching apparatus comprises re-dispatching means for detecting a condition whereby at least one of said nodes that are permitted to share said common cipher key has not transmitted a confirmation signal, and for executing retransmitting of said common cipher key via said LAN by using said broadcast communication mode, when said condition is detected.
  - 12. A cipher key dispatching apparatus according to claim 10, wherein said list generating means generates said key confirmation list as a list of nodes from which respective confirmation signals have been received before a predetermined waiting interval has elapsed following a commencement of transmitting said common cipher key by said key dispatching means.
  - 16. A key dispatching apparatus according to claim 10, wherein each said confirmation signal comprises a random number having data constituting a predetermined confirmation indicator attached thereto, and wherein said key dispatching apparatus comprises confirmation response signal transmitting means fordecrypting a received encrypted confirmation signal to extract said random number,attaching data constituting a predetermined confirmation indicator to said extracted random number, to constitute a confirmation response signal,encrypting said confirmation signal by using said common cipher key, andtransmitting a resultant encrypted confirmation response signal via said LAN to a node which originated said confirmation signal.
  - 19. A code processing apparatus according to claim 16, comprising request transmitting means for detecting a first condition whereby said common cipher key has not been received after a predetermined waiting interval has elapsed following a commencement of operation of said code processing apparatus and a second condition whereby said confirmation signal has been transmitted by said cipher key receiving means but said corresponding node is subsequently not found to be registered in said key confirmation list, and responsive to detection of either of said first and second conditions for transmitting a request signal via said LAN to said source of said transmitted common cipher key, to request retransmission of said common cipher key.

13. In a communication system having a plurality of nodes and at least one LAN (Local Area Network) utilized for encrypted communication between said nodes, a cipher key dispatching apparatus that is constituted by one of said nodes, comprisingcipher key generating means for generating, at predetermined timings, successively different versions of a common cipher key for use in encrypting and decrypting of communication data,notification list generating means for generating a notification list as a list of nodes which are permitted to share said common cipher key, and for transmitting said notification list via said LAN using a broadcast communication mode, andkey dispatching means, for using a class cipher key to encrypt each said common cipher key generated by said cipher key generating means and transmitting said encrypted common cipher key via said LAN by a broadcast communication mode, said class cipher key being provided beforehand to each of said nodes which are permitted to share each said common cipher key.
- View Dependent Claims (14, 15, 20, 21)
- - 14. A key dispatching apparatus according to claim 13, comprising re-dispatching means forreceiving respective confirmation signals transmitted from nodes which have received said common cipher key dispatched by said key dispatching means,detecting a condition whereby one of said nodes which are listed in said notification list has not transmitted a confirmation signal,when said condition is detected, generating a modified notification list which specifies said node which has not transmitted a confirmation signal, andtransmitting said modified notification list and re-transmitting said common cipher key via said LAN.
  - 15. A key dispatching apparatus according to claim 14, wherein said re-dispatching means utilizes said broadcast communication mode to transmit said modified notification list and re-transmit said common cipher key via said LAN.
  - 20. A code processing apparatus according to claim 15, comprising notification list receiving means forreceiving via said LAN a notification list which indicates respective ones of said nodes as being permitted to share said common cipher key,judging whether said node constituting said code processing apparatus is registered in said notification list, andwhen said node is found to be registered in said notification list, initiating operation of said cipher key receiving means.
  - 21. A code processing apparatus according to claim 20, comprising request transmitting means for detecting a first condition whereby said notification list has not been received after a first predetermined waiting interval has elapsed following a commencement of operation of said code processing apparatus and a second condition whereby a second predetermined waiting interval for receiving said common cipher key has elapsed following a time point at which said notification list is received, and responsive to detection of either of said first and second conditions for transmitting a request signal via said LAN to said source of said transmitted common cipher key, to request retransmission of said common cipher key.

17. In a communication system having a plurality of nodes and at least one LAN (Local Area Network) utilized for encrypted communication between said nodes, respective code processing apparatuses constituted by respective ones of a plurality of said nodes, each said code processing apparatus comprisingcipher key receiving means, for receiving via said LAN a common cipher key that has been encrypted by using a predetermined class cipher key, and responsive to receiving said common cipher key for generating a confirmation signal and transmitting said confirmation signal via said LAN to a source of said received common cipher key, andencrypting processing means provided beforehand with said class cipher key, for decrypting said received common cipher key and utilizing said common cipher key to perform encrypting and decrypting of communication data that are transmitted and received via said LAN.
- View Dependent Claims (18, 22)
- - 18. A code processing apparatus according to claim 17, comprising notification list receiving means forreceiving from said source of said received common cipher key a key confirmation list having registered therein each of respective nodes from which a confirmation signal has been received by said source,judging whether a node corresponding to said code processing apparatus is registered in said key confirmation list, andwhen said corresponding node is found to be registered in said key confirmation list, inhibiting operation of said cipher key receiving means.
  - 22. A code processing apparatus according to claim 17, wherein said cipher key receiving means generates said confirmation signal as a random number, encrypts said confirmation signal by utilizing said common cipher key, and transmits said confirmation signal in encrypted form, and comprising abnormality judgement means for detecting a condition wherebya confirmation response signal is received via said LAN in response to said confirmation signal,said confirmation response signal is decrypted to obtain a random number and confirmation indicator contained therein, andsaid random number does not match said random number contained in said confirmation signal or said confirmation indicator does not match said confirmation indicator that is held by said code processing apparatus,and for judging that there is an abnormality of functioning of said source which transmits said common cipher key, when said condition is detected.

23. An anti-theft apparatus installed in a vehicle having a communication system in which a plurality of electronic control units perform mutual encrypted communication via a vehicle LAN (Local Area Network) and in which key replacement operations are executed for updating a common cipher key that is used in common by said electronic control units for encrypting and decrypting transmitted and received communication data to perform said encrypted communication, whereinsaid anti-theft apparatus comprises abnormality handling means responsive to an occurrence of abnormality of results obtained from a key replacement operation for executing at least one of a plurality of predetermined operations which include emitting warning indications in the vicinity of said vehicle, transmitting a report to a predetermined apparatus that is external to said vehicle, and inhibiting a predetermined specific form of control of said vehicle.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DENSO Corporation
Original Assignee
DENSO Corporation
Inventors
Iwamura, Takahiro
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
RAHIM, MONJUR

Application Number

US11/116,415
Publication Number

US 20060115085A1
Time in Patent Office

1,629 Days
Field of Search

380/37, 380/281, 380/259, 380/42, 380/29, 380/72, 380/277, 340/539, 713/201, 173/183, 386/96
US Class Current

380/259
CPC Class Codes

H04L 2209/601   Broadcast encryption

H04L 2209/84   Vehicles

H04L 63/0435   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/065   for group communications cr...

H04L 63/1441   Countermeasures against mal...

H04L 9/0822   using key encryption key

H04L 9/083   involving central third par...

H04L 9/0891   Revocation or update of sec...

Communication system having plurality of nodes sharing a common cipher key, cipher key dispatching apparatus for use in the system, and anti-theft apparatus utilizing information derived from cipher key utilization

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Communication system having plurality of nodes sharing a common cipher key, cipher key dispatching apparatus for use in the system, and anti-theft apparatus utilizing information derived from cipher key utilization

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links