Authentication system and authentication method
First Claim
1. An authentication system used to authenticate a plurality of nodes, wherein the plurality of nodes are connected to a network and transmit and receive communication data, whereinthe plurality of nodes share and hold a key code, which is used to generate an authentication code used to verify a transmission source of the communication data, and a change code, which is used to change the authentication code and includes a predetermined random number, wherein the plurality of nodes includes one or more of Electronic Control Units (ECUs), including:
- an adding circuitry that adds the authentication code to the communication data, andan updating circuitry that updates the authentication code by performing a predetermined operation with the key code and the change code whenever communication of the communication data ends,wherein the updating circuitry selects a translation code, which includes a predetermined random number that serves as the change code, and executes a recursive operation on the key code using the selected translation code to update the key code from time to time and recursively generate the authentication code with the key code, which is updated from time to time, whereinthe key code includes an initial key, which is held in advance in the plurality of nodes and used when initially generating the authentication code, and an update key, which is generated in an operation performed on the initial key and the translation code from time to time whenever communication of the communication data ends; and
the updating circuitry generates an authentication code used when initially communicating the communication data by performing an operation on the initial key and a random code, which includes a predetermined random number held in advance in the plurality of nodes, and updates the generated authentication code using an update key that is generated from time to time.
1 Assignment
0 Petitions
Accused Products
Abstract
On-vehicle control units include an attaching section for attaching a message code used to check the validity of the transmission source of communication data, to the communication data. The on-vehicle control units also include an update section for updating a key code and the message code every time communication of communication data has been completed. An authentication section checks communication data and the transmission source thereof on the basis of the result of comparison between the random code obtained by restoring a message code and the random code owned by the on-vehicle control units, which are authorized.
22 Citations
9 Claims
-
1. An authentication system used to authenticate a plurality of nodes, wherein the plurality of nodes are connected to a network and transmit and receive communication data, wherein
the plurality of nodes share and hold a key code, which is used to generate an authentication code used to verify a transmission source of the communication data, and a change code, which is used to change the authentication code and includes a predetermined random number, wherein the plurality of nodes includes one or more of Electronic Control Units (ECUs), including: -
an adding circuitry that adds the authentication code to the communication data, and an updating circuitry that updates the authentication code by performing a predetermined operation with the key code and the change code whenever communication of the communication data ends, wherein the updating circuitry selects a translation code, which includes a predetermined random number that serves as the change code, and executes a recursive operation on the key code using the selected translation code to update the key code from time to time and recursively generate the authentication code with the key code, which is updated from time to time, wherein the key code includes an initial key, which is held in advance in the plurality of nodes and used when initially generating the authentication code, and an update key, which is generated in an operation performed on the initial key and the translation code from time to time whenever communication of the communication data ends; and the updating circuitry generates an authentication code used when initially communicating the communication data by performing an operation on the initial key and a random code, which includes a predetermined random number held in advance in the plurality of nodes, and updates the generated authentication code using an update key that is generated from time to time. - View Dependent Claims (4, 5, 6, 7)
-
-
2. An authentication system used to authenticate a plurality of nodes, wherein the plurality of nodes are connected to a network and transmit and receive communication data, wherein
the plurality of nodes share and hold a key code, which is used to generate an authentication code used to verify a transmission source of the communication data, and a change code, which is used to change the authentication code and includes a predetermined random number, wherein the plurality of nodes includes one or more of Electronic Control Units (ECUs), including: -
an adding circuitry that adds the authentication code to the communication data, an updating circuitry that updates the authentication code by performing a predetermined operation with the key code and the change code whenever communication of the communication data ends, an authenticating circuitry that authenticates a node that becomes a communication peer when transmitting and receiving the communication data, wherein when authenticating the node that becomes a communication peer, the authenticating circuitry acquires, from the communication peer, communication data to which a message code is added, wherein the message code is generated by performing an operation on a random code, which includes a predetermined random number held in advance in the plurality of nodes, and the key code, and wherein the authenticating circuitry verifies the communication data, to which the message code is added, by comparing a random code, which is restored by performing an operation on the acquired message code and the key code held by the authenticating circuitry, with a random code, which is held in advance by a node that receives the communication data from the communication peer; and the updating circuitry updates the message code as the authentication code. - View Dependent Claims (3)
-
-
8. An authentication method used to authenticate a plurality of nodes, wherein the plurality of nodes are connected to a network and transmit and receive communication data, wherein the plurality of nodes includes one or more of Electronic Control Units (ECUs), the authentication method comprising:
-
by adding circuitry of the ECUs, adding an authentication code, which is used to verify a transmission source of the communication data, to the communication data; by updating circuitry of the ECUs, updating the authentication code based on a specified authentication code updating protocol whenever communication of the communication data ends; sharing and holding a key code, which is used to generate an authentication code, and a change code, which is used to change the authentication code, in the plurality of nodes; and setting a protocol for updating the authentication code with the key code and the change code as the updating protocol, wherein the updating the authentication code includes selecting a translation code including a predetermined random number as the change code, and performing a recursive operation on the key code using the selected translation code to update the key code from time to time and recursively generate the authentication code with the key code, which is updated from time to time, the method further comprising selecting, as the key code, an initial key, which is held in advance in the plurality of nodes and used when initially generating the authentication code, and an update key, which is generated from time to time whenever the communication data is communicated by performing an operation on the initial key and the translation code; and wherein the updating the authentication code includes generating an authentication code, which is used when initially communicating communication data through an operation performed on the initial key and the random code, and updating the generated authentication code with the update key that is generated from time to time.
-
-
9. An authentication method used to authenticate a plurality of nodes, wherein the plurality of nodes are connected to a network and transmit and receive communication data, wherein the plurality of nodes includes one or more of Electronic Control Units (ECUs), the authentication method comprising:
-
by adding circuitry of the ECUs, adding an authentication code, which is used to verify a transmission source of the communication data, to the communication data; by updating circuitry of the ECUs, updating the authentication code based on a specified authentication code updating protocol whenever communication of the communication data ends; sharing and holding a key code, which is used to generate an authentication code, and change code, which is used to change the authentication code, in the plurality of nodes; and setting a protocol for updating the authentication code with the key code and the change code as the updating protocol, the authentication method further comprising by authenticating circuitry of the ECUs, acquiring, when authenticating a node that becomes a communication subject, from the communication subject communication data to which a message code is added, wherein the message code is generated by performing an operation on a random code, which includes a predetermined random number held in advance in the plurality of nodes, and the key code, verifying the communication data to which the message code is added by comparing a random code, which is restored by performing an operation on the acquired message code and the key code that is held in advance, with a random code, which is held in advance by a node that receives the communication data from the communication subject, and authenticating a node that becomes the communication subject when transmitting and receiving the communication data based on the verification result; wherein the updating the authentication code includes updating the message code as the authentication code.
-
Specification