A network technology that is called a CAN (controller area network) may be used for performing transmission and reception of data between devices that are used for anon-board network of a vehicle or a factory automation of a vehicle. A system in which the CAN is used includes a plurality of ECUs (electronic control unit). The ECUs communicate with one another by performing transmission and reception of a message. A message that is used for a CAN communication includes identification information (ID) on the message. Further, each of the ECUs has stored therein an ID of a message to be received. A message is broadcast, and each of the ECUs receives a message that includes a set ID but discards a message that includes an ID that is not set to be received.
With respect to a network that is a CAN, a technology is known that rewrites data of a vehicle control device that controls a vehicle. A vehicle is equipped with a device for controlling transmission of data used for rewriting, the device monitoring a transmission state of data transmitted to a CAN bus and transmitting, to the CAN bus, a data frame of data used for rewriting according to the monitored transmission state of data (see, for example, Patent document 1).
A technology is known that permits a vehicle to perform authentication processing so as to determine the validity of an external device such as a maintenance device, which makes an access to an electronic control device of the vehicle. According to a result of the determination, the vehicle determines a range in which the maintenance device is allowed to access the electronic control device. This inhibits the external device from making an unwanted access to the electronic control device of the vehicle (see, for example, Patent document 2).
A technology is known that suppresses the occurrence of an inconvenient event that may be caused due to a communication performed between an external device and an in-vehicle communication system. An indirect route is provided as a communication route that leads to the in-vehicle communication system. The indirect route is provided with a switch that connects an upstream and a downstream or blocks a connection between them. The switch is controlled to connect to the indirect route when an indirect-route connecting request is received from an allowable external tool, and to block the indirect route in other cases (see, for example, Patent document 3).
A vehicle control device is known that detects a malicious message transmitted to an on-board communication network at a lower processing load. With respect to a message to be transmitted, the device performs message-related processing including a validity determination on the basis of whether an identifier included in the message to be transmitted is consistent with an identifier of the device. While performing the message-related processing with respect to a message transmitted by another control device, the device performs control so as not to perform the message-related processing with respect to a message transmitted by itself (see, for example, Patent document 4).
Patent document 1: Japanese Laid-open Patent Publication No. 2012-178035
Patent document 2: International Publication Pamphlet No. WO 2009/147734
Patent document 3: Japanese Laid-open Patent Publication No. 2015-5825
Patent document 4: Japanese Laid-open Patent Publication No. 2015-65546