In-vehicle information communication system and authentication method
US-2019007215-A1 · Jan 3, 2019 · US
Management system, key generation device, in-vehicle computer, management method, and computer program
US11212087B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11212087-B2 |
| Application number | US-201716307681-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 28, 2017 |
| Priority date | Aug 9, 2016 |
| Publication date | Dec 28, 2021 |
| Grant date | Dec 28, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Provided are a key generation device and an in-vehicle computer which is installed in a vehicle. The key generation device includes a vehicle interface, a key generation unit that generates first and second keys, a cryptographic processing unit that encrypts the first key with an initial key to generate first encrypted data and encrypts the second key with the first key to generate second encrypted data, an expected value calculation unit that calculates an expected value of stored data using the second key, and a verification unit that verifies a received measured value on the basis of the expected value, and the key generation device transmits the first and second encrypted data to the vehicle. The in-vehicle computer includes an interface unit, a cryptographic processing unit that decrypts the received first encrypted data, and decrypts the received second encrypted data, and a measured value calculation unit.
First claim
Opening claim text (preview).
The invention claimed is: 1. A management system comprising: a key generation device; and a plurality of in-vehicle computers which are installed in a vehicle, wherein the key generation device includes: at least one first memory configured to store instructions; and at least one first processor configured to execute the instructions to: generate a first key and a second key which are stored in the plurality of in-vehicle computers, encrypt the first key with an initial key which is stored in advance in the plurality of in-vehicle computers to generate first encrypted data, and encrypt the second key with the first key to generate second encrypted data, calculate an expected value of stored data which is stored in advance in the plurality of in-vehicle computers using the second key, and decrypt third encrypted data received from the vehicle with the first key to acquire a measured value, and verify on the basis of the measured value acquired by decrypting and the calculated expected value, wherein the first encrypted data and the second encrypted data are transmitted to the vehicle, and wherein each of the plurality of in-vehicle computers includes: at least one second memory configured to store instructions; and at least one second processor configured to execute the instructions to: decrypt the first encrypted data transmitted from the key generation device with the initial key which is stored in advance in the plurality of in-vehicle computers to acquire the first key, and decrypt the second encrypted data transmitted from the key generation device with the acquired first key to acquire the second key, and calculate the measured value of the stored data which is stored in advance in the plurality of in-vehicle computers using the acquired second key, wherein: the at least one second processor is configured to encrypt the measured value with the acquired first key to generate the third encrypted data, the third encrypted data is transmitted to the key generation device, and a first in-vehicle computer out of the plurality of in-vehicle computers relays, to a second in-vehicle computer out of the plurality of in-vehicle computers, the first encrypted data and the second encrypted data, which are transmitted from the key generation device when the measured value acquired by decrypting matches the calculated expected value. 2. A management system comprising: a key generation device; and an in-vehicle computer which is installed in a vehicle, wherein the key generation device includes: at least one first memory configured to store instructions; and at least one first processor configured to execute the instructions to: generate a first key and a second key which are stored in the in-vehicle computer, calculate an expected value of stored data which is stored in advance in the in-vehicle computer using the second key, and encrypt the first key with an initial key which is stored in advance in the in-vehicle computer to generate first encrypted data, encrypt the second key with the first key to generate second encrypted data, and encrypt the expected value with the first key, which is the same key used to encrypt the second key, to generate fourth encrypted data, wherein the first encrypted data, the second encrypted data and the fourth encrypted data are transmitted to the vehicle, and wherein the in-vehicle computer includes: at least one second memory configured to store instructions; and at least one second processor configured to execute the instructions to: decrypt the first encrypted data received from the key generation device with the initial key which is stored in advance in the in-vehicle computer to acquire the first key, decrypt the second encrypted data received from the key generation device with the first key acquired by the decryption with the initial key to acquire the second key, and decrypt the fourth encrypted data received from the key generation device with the first key, which is acquired by the decryption with the initial key and being the same key used to acquire the second key, to acquire the expected value, and calculate a measured value of the stored data which is stored in advance in the in-vehicle computer using the acquired second key, and verify the measured value on the basis of the expected value, which is acquired using the first key which is the same key used to acquire the second key, wherein a verification result for the measured value is transmitted. 3. The management system according to claim 2 , wherein a plurality of the in-vehicle computers are installed in the vehicle, and a first in-vehicle computer out of the plurality of in-vehicle computers relays the first encrypted data, the second encrypted data and the fourth encrypted data, transmitted from the key generation device, to a second in-vehicle computer out of the plurality of in-vehicle computers. 4. A management system comprising: a key generation device; and an in-vehicle computer which is installed in a vehicle, wherein the key generation device includes: at least one first memory configured to store instructions; and at least one first processor configured to execute the instructions to: generate a first key and a second key which are stored in the in-vehicle computer, calculate an expected value of stored data which is stored in advance in the in-vehicle computer using the second key, and encrypt the first key with an initial key which is stored in advance in the in-vehicle computer to generate first encrypted data, encrypt the second key with the first key to generate second encrypted data, and encrypt the expected value with the first key to generate fourth encrypted data, wherein a verification value, the first encrypted data, the second encrypted data and the fourth encrypted data are transmitted to the vehicle, wherein the in-vehicle computer includes: at least one second memory configured to store instructions; and at least one second processor configured to execute the instructions to: decrypt the first encrypted data received from the key generation device with the initial key which is stored in advance in the in-vehicle computer to acquire the first key, decrypt the second encrypted data received from the key generation device with the acquired first key to acquire the second key, and decrypt the fourth encrypted data received from the key generation device with the acquired first key to acquire the expected value, and calculate a measured value of the stored data which is stored in advance in the in-vehicle computer using the acquired second key, and verify the measured value on the basis of the acquired expected value, wherein a verification result for the measured value is transmitted, wherein the at least one second processor is configured to transmit the verification result which is inclusive of the verification value received from the key generation device in a case where the verification of the measured value has been passed, and transmit the verification result which is not inclusive of the verification value received from the key generation device in a case where the verification of the measured value has failed, and wherein the at least one first processor is configured to verify the verification value included in the verification result received from the vehicle on the basis of the verification value supplied to the vehicle. 5. The management system according to claim 4 , wherein a plurality of the in-vehicle computers are installed in the vehicle, and a first in-vehicle computer out of the plurality of in-vehicle computers relays the first encrypted data, the second encrypted data and the fourth encrypted data, transmitted from the key generation device, to a second in-vehicle computer out of the plurality of in-veh
Assignees
Inventors
Classifications
- H04L9/0861Primary
Generation of secret information including derivation or calculation of cryptographic keys or passwords · CPC title
involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC · CPC title
Protecting data integrity, e.g. using checksums, certificates or signatures · CPC title
including means for verifying the identity or authority of a user of the system {or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials} · CPC title
using a plurality of keys or algorithms · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11212087B2 cover?
- Provided are a key generation device and an in-vehicle computer which is installed in a vehicle. The key generation device includes a vehicle interface, a key generation unit that generates first and second keys, a cryptographic processing unit that encrypts the first key with an initial key to generate first encrypted data and encrypts the second key with the first key to generate second encry…
- Who is the assignee on this patent?
- Kddi Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0861. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 28 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).