阅读说明：本技术 车载认证系统、车载认证方法以及车载认证程序 (Vehicle-mounted authentication system, vehicle-mounted authentication method, and vehicle-mounted authentication program ) 是由 中岛纯子 西山博仁 村松龙 高塚雄也 于 2017-05-09 设计创作，主要内容包括：车载认证系统具有设置于搭载多个ECU的车辆并与各ECU进行通信的车辆通信装置(100)。认证部(101)对于各ECU执行认证结构的合法性的结构认证,将结构认证失败的ECU登记到认证错误列表。判定部(102)根据表示在车辆中实现的车辆搭载功能与用于实现车辆搭载功能的ECU之间的相关性的功能相关表以及认证错误列表,判定在车辆中能实现的车辆搭载功能。显示部(107)将由判定部(102)判定为在车辆中能实现的车辆搭载功能显示到显示设备(805)。(The vehicle-mounted authentication system is provided with a vehicle communication device (100) which is provided in a vehicle equipped with a plurality of ECUs and communicates with each ECU. An authentication unit (101) performs a configuration authentication for the validity of the authentication configuration for each ECU, and registers the ECU for which the configuration authentication has failed in the authentication error list. A determination unit (102) determines a vehicle-mounted function that can be implemented in a vehicle on the basis of a function correlation table and an authentication error list, the function correlation table indicating the correlation between the vehicle-mounted function that can be implemented in the vehicle and an ECU that implements the vehicle-mounted function. The display unit (107) displays the vehicle-mounted function determined to be available in the vehicle by the determination unit (102) on a display device (805).)

1. a vehicle-mounted authentication system having a vehicle communication device provided in a vehicle mounting a plurality of electronic control devices, the vehicle communication device communicating with each of the plurality of electronic control devices,

The vehicle-mounted authentication system is provided with:

An authentication unit that performs a structure authentication for authenticating the validity of the structure for each of the plurality of electronic control apparatuses, and registers the electronic control apparatus that failed the structure authentication in an authentication error list;

A determination unit that determines a vehicle-mounted function that can be implemented in the vehicle, based on a function correlation table indicating a correlation between the vehicle-mounted function implemented in the vehicle and an electronic control device for implementing the vehicle-mounted function, and the authentication error list; and

A display unit that displays the vehicle-mounted function determined by the determination unit to be available in the vehicle, on a display device of the vehicle communication apparatus.

2. The in-vehicle authentication system according to claim 1,

The plurality of electronic control apparatuses communicate with each other via an in-vehicle network,

The determination unit disconnects the electronic control device registered in the authentication error list from the in-vehicle network.

3. The in-vehicle authentication system according to claim 1 or 2,

The vehicle-mounted authentication system includes a storage unit that stores a configuration data table including configuration data information in which configuration data generated based on attribute information indicating an attribute of each of the plurality of electronic control devices is associated with each of the plurality of electronic control devices,

The authentication unit acquires attribute information indicating an attribute of the electronic control device from each of the plurality of electronic control devices, calculates a signature of the electronic control device based on the attribute information, compares the signature with the configuration data included in the configuration data table, and determines that the configuration authentication of the electronic control device has succeeded when the signature matches the configuration data.

4. The in-vehicle authentication system according to claim 3,

The vehicle-mounted authentication system further comprises an authentication management device having the storage unit,

The authentication management device includes a configuration data generation unit that updates the configuration data table based on device change information when the device change information indicating a change regarding each of the plurality of electronic control devices is received.

5. The in-vehicle authentication system according to claim 4,

The device change information contains the attribute information of the electronic control device,

The authentication management device includes a function-related generation unit that updates the function-related table based on the device change information.

6. The in-vehicle authentication system according to claim 5,

The authentication management device includes an update data processing unit that generates update information including a structure data difference that is a difference between before and after updating in the structure data table and a function-related difference that is a difference between before and after updating in the function-related table, and transmits the update information to the vehicle communication device.

7. The in-vehicle authentication system according to claim 3,

The vehicle-mounted authentication system is provided with:

A configuration data generation unit that updates the configuration data table based on device change information when the device change information indicating a change regarding each of the plurality of electronic control devices is received; and

And a function-related generation unit that updates the function-related table based on the device change information.

8. The in-vehicle authentication system according to claim 7,

The vehicle-mounted authentication system further comprises an authentication management device having the storage unit,

The vehicle communication device includes a control unit that collects the attribute information of the electronic control device from each of the plurality of electronic control devices, and transmits the collected attribute information to the authentication management device,

The authentication management device includes the authentication unit, the determination unit, the configuration data generation unit, and the function-related generation unit,

The authentication section transmits the authentication error list to the control section,

the determination unit transmits a vehicle-mounted function that can be realized in the vehicle to the control unit as a determination result.

9. The in-vehicle authentication system according to claim 7,

The vehicle communication device includes the authentication unit, the determination unit, the configuration data generation unit, the function-related generation unit, and the display unit.

10. An on-vehicle authentication method of an on-vehicle authentication system having a vehicle communication device provided in a vehicle mounting a plurality of electronic control devices, the vehicle communication device communicating with each of the plurality of electronic control devices,

The authentication unit performs a configuration authentication for authenticating the validity of the configuration for each of the plurality of electronic control apparatuses, registers the electronic control apparatus that failed the configuration authentication in the authentication error list,

The determination unit determines a vehicle-mounted function that can be implemented in the vehicle, based on a function correlation table indicating a correlation between the vehicle-mounted function implemented in the vehicle and an electronic control device for implementing the vehicle-mounted function, and the authentication error list,

The display unit displays the vehicle-mounted function determined by the determination unit to be available in the vehicle, to a display device of the vehicle communication apparatus.

11. An in-vehicle authentication program of an in-vehicle authentication system having a vehicle communication device provided in a vehicle on which a plurality of electronic control devices are mounted, the vehicle communication device communicating with each of the plurality of electronic control devices, the in-vehicle authentication program causing a computer to execute:

An authentication process of performing a structure authentication for authenticating validity of a structure for each of the plurality of electronic control apparatuses, and registering an electronic control apparatus that has failed in the structure authentication in an authentication error list;

A determination process of determining a vehicle-mounted function that can be realized in the vehicle, based on a function correlation table indicating a correlation between a vehicle-mounted function realized in the vehicle and an electronic control apparatus for realizing the vehicle-mounted function, and the authentication error list; and

And a display process of displaying the vehicle-mounted function determined to be available in the vehicle by the determination process on a display device of the vehicle communication apparatus.

Technical Field

The invention relates to a vehicle-mounted authentication system, a vehicle-mounted authentication method and a vehicle-mounted authentication program.

Background

In recent years, a large number of ECUs (electronic Control units) for controlling various functions are mounted in an in-vehicle system. Each ECU is connected to other ECUs via an in-vehicle network, and performs coordinated operations with the other ECUs. On the other hand, an attack by an unauthorized operation, such as connecting an unauthorized device to a vehicle-mounted network or replacing an authorized device with an unauthorized device, is a problem. Therefore, a technique for protecting an in-vehicle system from such an attack is very important. Technologies for protecting the in-vehicle system include a technology for preventing an attack in advance and a technology for suppressing the influence of an illegal control when the possibility that the vehicle is illegally controlled is high.

In order to mount a technology for protecting an in-vehicle system on an ECU, it is obvious to update software for changing and adding functions to the ECU. Furthermore, it is necessary to cope with PnP (Plug and Play: Plug and Play) when a new ECU is added. In order to safely perform these operations, it is necessary to perform authentication for discriminating an unauthorized ECU from a legitimate ECU and to perform structural authentication in a situation where the structure is changed.

by adding the ECU function, a new vehicle-mounted function is provided to the user. At this time, the correlation between the ECU and the other ECUs performing the cooperative operation changes in the vehicle. Therefore, a structure for managing the latest information according to the change is required.

Patent document 1 discloses the following technique: a correspondence information table defining a security level corresponding to the ECU and an illegal correspondence process corresponding to the security level is set, and an illegal correspondence process corresponding to the ECU detected as illegal is performed.

Further, patent document 2 describes the following technique: the main ECU has a database of information on all ECUs that may be mounted in the vehicle, and the main ECU performs a configuration certification by performing authentication on ECUs other than the main ECU.

Disclosure of Invention

Problems to be solved by the invention

in the technique of patent document 1, the unauthorized coping process of "stop, jog, travel at intervals, and notification" is performed only in accordance with the safety level of the ECU. Therefore, in the technique of patent document 1, the vehicle-mounted function may be excessively stopped.

Further, patent document 2 discloses only a technique for invalidating communication between the subject ECU and another ECU when the structural certification cannot be confirmed. Therefore, in the technique of patent document 2, the driver cannot confirm the state of the function of the vehicle, and safety and convenience are poor.

The purpose of the present invention is to improve safety and convenience by displaying vehicle-mounted functions that can be realized by an ECU other than an unauthorized ECU when the unauthorized ECU is detected.

Means for solving the problems

The vehicle-mounted authentication system of the present invention includes a vehicle communication device provided in a vehicle having a plurality of electronic control devices mounted thereon, the vehicle communication device communicating with each of the plurality of electronic control devices,

the vehicle-mounted authentication system is provided with:

An authentication unit that performs a structure authentication for authenticating the validity of the structure for each of the plurality of electronic control apparatuses, and registers the electronic control apparatus that failed the structure authentication in an authentication error list;

A determination unit that determines a vehicle-mounted function that can be implemented in the vehicle, based on a function correlation table indicating a correlation between the vehicle-mounted function implemented in the vehicle and an electronic control device for implementing the vehicle-mounted function, and the authentication error list; and

a display unit that displays the vehicle-mounted function determined by the determination unit to be available in the vehicle, on a display device of the vehicle communication apparatus.

Effects of the invention

In the vehicle-mounted authentication system of the present invention, the authentication unit registers the electronic control device, the structure of which failed in authentication, in the authentication error list. The determination unit determines a vehicle-mounted function that can be realized in the vehicle, based on a function correlation table and an authentication error list that indicate a correlation between the vehicle-mounted function and an electronic control device for realizing the vehicle-mounted function. The display unit displays the vehicle-mounted function determined to be available in the vehicle on a display device of the vehicle communication device. Therefore, according to the in-vehicle authentication system of the present invention, even when an unauthorized electronic control device is detected, it is not necessary to stop the vehicle-mounted function excessively, and safety and convenience can be improved.

Drawings

Fig. 1 is a configuration diagram of an in-vehicle authentication system 10 according to embodiment 1.

Fig. 2 is a configuration diagram of vehicle communication device 100 according to embodiment 1.

Fig. 3 is a configuration diagram of vehicle 200 according to embodiment 1.

Fig. 4 is a configuration diagram of the authentication management apparatus 300 according to embodiment 1.

fig. 5 is an example showing details of the ECU information table 620 of embodiment 1.

Fig. 6 is an example showing details of the configuration data table 610 according to embodiment 1.

Fig. 7 is an example showing details of the function correlation table 640 according to embodiment 1.

Fig. 8 is a flowchart of the function management processing of embodiment 1.

Fig. 9 is a flowchart of the authentication process according to embodiment 1.

Fig. 10 is a diagram showing an example of the authentication error list 630 according to embodiment 1.

fig. 11 is a diagram showing an example of the authentication error table 631 according to embodiment 1.

Fig. 12 is a flowchart showing the details of the configuration authentication process according to embodiment 1.

Fig. 13 is a flowchart of the determination process in embodiment 1.

Fig. 14 is a diagram showing a specific example of the function correlation table 640 according to embodiment 1.

fig. 15 is a diagram illustrating a function display screen 500 according to embodiment 1.

Fig. 16 is a diagram showing the structure of update information 650 according to embodiment 1.

Fig. 17 is a flowchart of the update processing in embodiment 1.

Fig. 18 is a flowchart of the software update processing according to embodiment 1.

fig. 19 is a flowchart of the table update processing of embodiment 1.

Fig. 20 is a configuration diagram of the auxiliary storage 903 of the authentication management apparatus 300 according to embodiment 1.

fig. 21 is a flowchart of the authentication management process according to embodiment 1.

Fig. 22 is a flowchart of the configuration data generation processing of embodiment 1.

Fig. 23 is a flowchart of function-related generation processing according to embodiment 1.

Fig. 24 is a configuration diagram of a vehicle communication device 100 according to a modification of embodiment 1.

Fig. 25 is a configuration diagram of an authentication management apparatus 300 according to a modification of embodiment 1.

Fig. 26 is a configuration diagram of the in-vehicle authentication system 10 according to embodiment 2.

Fig. 27 is a configuration diagram of a vehicle communication device 100a according to embodiment 2.

Fig. 28 is a configuration diagram of an authentication management apparatus 300a according to embodiment 2.

Fig. 29 is a configuration diagram of the in-vehicle authentication system 10b according to embodiment 3.

Fig. 30 is a configuration diagram of a vehicle communication device 100b according to embodiment 3.

Detailed Description

Embodiments of the present invention will be described below with reference to the drawings. In the drawings, the same or corresponding portions are denoted by the same reference numerals. In the description of the embodiments, the same or corresponding portions will be omitted or simplified as appropriate.