Authentication system and authentication method

US 9,577,997 B2
Filed: 05/29/2012
Issued: 02/21/2017
Est. Priority Date: 05/29/2012
Status: Active Grant

First Claim

Patent Images

1. An authentication system used to authenticate a plurality of nodes, wherein the plurality of nodes are connected to a network and transmit and receive communication data, whereinthe plurality of nodes share and hold a key code, which is used to generate an authentication code used to verify a transmission source of the communication data, and a change code, which is used to change the authentication code and includes a predetermined random number, wherein the plurality of nodes includes one or more of Electronic Control Units (ECUs), including:

an adding circuitry that adds the authentication code to the communication data, andan updating circuitry that updates the authentication code by performing a predetermined operation with the key code and the change code whenever communication of the communication data ends,wherein the updating circuitry selects a translation code, which includes a predetermined random number that serves as the change code, and executes a recursive operation on the key code using the selected translation code to update the key code from time to time and recursively generate the authentication code with the key code, which is updated from time to time, whereinthe key code includes an initial key, which is held in advance in the plurality of nodes and used when initially generating the authentication code, and an update key, which is generated in an operation performed on the initial key and the translation code from time to time whenever communication of the communication data ends; and

the updating circuitry generates an authentication code used when initially communicating the communication data by performing an operation on the initial key and a random code, which includes a predetermined random number held in advance in the plurality of nodes, and updates the generated authentication code using an update key that is generated from time to time.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

On-vehicle control units include an attaching section for attaching a message code used to check the validity of the transmission source of communication data, to the communication data. The on-vehicle control units also include an update section for updating a key code and the message code every time communication of communication data has been completed. An authentication section checks communication data and the transmission source thereof on the basis of the result of comparison between the random code obtained by restoring a message code and the random code owned by the on-vehicle control units, which are authorized.

22 Citations

View as Search Results

9 Claims

1. An authentication system used to authenticate a plurality of nodes, wherein the plurality of nodes are connected to a network and transmit and receive communication data, whereinthe plurality of nodes share and hold a key code, which is used to generate an authentication code used to verify a transmission source of the communication data, and a change code, which is used to change the authentication code and includes a predetermined random number, wherein the plurality of nodes includes one or more of Electronic Control Units (ECUs), including:
- an adding circuitry that adds the authentication code to the communication data, andan updating circuitry that updates the authentication code by performing a predetermined operation with the key code and the change code whenever communication of the communication data ends,wherein the updating circuitry selects a translation code, which includes a predetermined random number that serves as the change code, and executes a recursive operation on the key code using the selected translation code to update the key code from time to time and recursively generate the authentication code with the key code, which is updated from time to time, whereinthe key code includes an initial key, which is held in advance in the plurality of nodes and used when initially generating the authentication code, and an update key, which is generated in an operation performed on the initial key and the translation code from time to time whenever communication of the communication data ends; and
  
  the updating circuitry generates an authentication code used when initially communicating the communication data by performing an operation on the initial key and a random code, which includes a predetermined random number held in advance in the plurality of nodes, and updates the generated authentication code using an update key that is generated from time to time.
- View Dependent Claims (4, 5, 6, 7)
- - 4. The authentication system according to claim 1, whereina node that transmits the communication data distributes the change code to a node that is a transmission peer together with an authentication code, which is added to the communication data;
    - andthe updating circuitry updates a key code using the change code as long as a transmission process of communication data, to which the authentication code and the change code are added, is completed.
  - 5. The authentication system according to claim 1, whereinthe plurality of nodes share and hold a key code, which is used to generate an authentication code, and a change code, which is used to change the authentication code;
    - an updating protocol sets a protocol for updating the authentication code with the key code and the change code; and
      
      the updating circuitry updates the authentication code by changing a type of operation for the authentication code using the change code whenever communication of the communication data ends.
  - 6. The authentication system according to claim 1, whereinthe updating protocol sets a protocol for updating the authentication code with the key code and the change code;
    - andthe updating circuitry counts a number of communications of the communication data transmitted between the plurality of nodes and generates the authentication code using a number of key codes corresponding to the number of counted communications to update the authentication code.
  - 7. The authentication system according to claim 1, whereinthe plurality of nodes includes a plurality of on-board controllers arranged in a vehicle to configure a vehicle network;
    - the adding circuitry and the updating circuitry are each arranged in each of the plurality of onboard controllers; and
      
      the updating circuitry arranged in the plurality of on-board controllers synchronously update the authentication code whenever communication data is transmitted and received through the vehicle network.

2. An authentication system used to authenticate a plurality of nodes, wherein the plurality of nodes are connected to a network and transmit and receive communication data, whereinthe plurality of nodes share and hold a key code, which is used to generate an authentication code used to verify a transmission source of the communication data, and a change code, which is used to change the authentication code and includes a predetermined random number, wherein the plurality of nodes includes one or more of Electronic Control Units (ECUs), including:
- an adding circuitry that adds the authentication code to the communication data,an updating circuitry that updates the authentication code by performing a predetermined operation with the key code and the change code whenever communication of the communication data ends,an authenticating circuitry that authenticates a node that becomes a communication peer when transmitting and receiving the communication data,whereinwhen authenticating the node that becomes a communication peer, the authenticating circuitry acquires, from the communication peer, communication data to which a message code is added, wherein the message code is generated by performing an operation on a random code, which includes a predetermined random number held in advance in the plurality of nodes, and the key code, and wherein the authenticating circuitry verifies the communication data, to which the message code is added, by comparing a random code, which is restored by performing an operation on the acquired message code and the key code held by the authenticating circuitry, with a random code, which is held in advance by a node that receives the communication data from the communication peer; and
  
  the updating circuitry updates the message code as the authentication code.
- View Dependent Claims (3)
- - 3. The authentication system according to claim 2, wherein before authenticating a node that becomes a communication peer, the authenticating circuitry restores a message code, which is generated by performing an operation on the key code and the random code, to a random code using the key code, which is held in advance in the authenticating circuitry, to acquire a random code used to verify the communication data.

8. An authentication method used to authenticate a plurality of nodes, wherein the plurality of nodes are connected to a network and transmit and receive communication data, wherein the plurality of nodes includes one or more of Electronic Control Units (ECUs), the authentication method comprising:
- by adding circuitry of the ECUs, adding an authentication code, which is used to verify a transmission source of the communication data, to the communication data;
  
  by updating circuitry of the ECUs, updating the authentication code based on a specified authentication code updating protocol whenever communication of the communication data ends;
  
  sharing and holding a key code, which is used to generate an authentication code, and a change code, which is used to change the authentication code, in the plurality of nodes; and
  
  setting a protocol for updating the authentication code with the key code and the change code as the updating protocol,wherein the updating the authentication code includes selecting a translation code including a predetermined random number as the change code, and performing a recursive operation on the key code using the selected translation code to update the key code from time to time and recursively generate the authentication code with the key code, which is updated from time to time,the method further comprisingselecting, as the key code, an initial key, which is held in advance in the plurality of nodes and used when initially generating the authentication code, and an update key, which is generated from time to time whenever the communication data is communicated by performing an operation on the initial key and the translation code; and
  
  wherein the updating the authentication code includes generating an authentication code, which is used when initially communicating communication data through an operation performed on the initial key and the random code, and updating the generated authentication code with the update key that is generated from time to time.

9. An authentication method used to authenticate a plurality of nodes, wherein the plurality of nodes are connected to a network and transmit and receive communication data, wherein the plurality of nodes includes one or more of Electronic Control Units (ECUs), the authentication method comprising:
- by adding circuitry of the ECUs, adding an authentication code, which is used to verify a transmission source of the communication data, to the communication data;
  
  by updating circuitry of the ECUs, updating the authentication code based on a specified authentication code updating protocol whenever communication of the communication data ends;
  
  sharing and holding a key code, which is used to generate an authentication code, and change code, which is used to change the authentication code, in the plurality of nodes; and
  
  setting a protocol for updating the authentication code with the key code and the change code as the updating protocol,the authentication method further comprisingby authenticating circuitry of the ECUs, acquiring, when authenticating a node that becomes a communication subject, from the communication subject communication data to which a message code is added, wherein the message code is generated by performing an operation on a random code, which includes a predetermined random number held in advance in the plurality of nodes, and the key code, verifying the communication data to which the message code is added by comparing a random code, which is restored by performing an operation on the acquired message code and the key code that is held in advance, with a random code, which is held in advance by a node that receives the communication data from the communication subject, and authenticating a node that becomes the communication subject when transmitting and receiving the communication data based on the verification result;
  
  wherein the updating the authentication code includes updating the message code as the authentication code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Toyota Jidosha Kabushiki Kaisha (Toyota Motor Corporation)
Original Assignee
Toyota Jidosha Kabushiki Kaisha (Toyota Motor Corporation)
Inventors
Mabuchi, Mitsuhiro
Primary Examiner(s)
JHAVERI, JAYESH M

Application Number

US14/399,224
Publication Number

US 20150095997A1
Time in Patent Office

1,729 Days
Field of Search
US Class Current

1/1
CPC Class Codes

B60R 25/20   Means to switch the anti-th...

G07C 5/085   using electronic data carriers

H04L 2209/84   Vehicles

H04L 63/068   using time-dependent keys, ...

H04L 63/08   for authentication of entit...

H04L 63/126   the source of the received ...

H04L 67/12   specially adapted for propr...

H04L 9/08   Key distribution or managem...

H04L 9/0891   Revocation or update of sec...

H04L 9/3226   using a predetermined code,...

Authentication system and authentication method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

9 Claims

Specification

Use Cases

Quick Links

Others

Authentication system and authentication method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

9 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others