Recent vehicles such as automobiles include on-board controllers that configure navigation systems and on-board controllers that electronically control various types of on-board devices such as an engine, brake, and the like. A vehicle includes many on-board controllers such as an on-board controller that controls a device such as a meter, which shows various states of the vehicle. The on-board controllers are electrically connected by a communication line to form a vehicle network, and various types of vehicle data are transmitted and received between the on-board controllers through the vehicle network.
In a vehicle such as an automobile that is nowadays highly computerized, to determine whether or not the user who is using the vehicle or the various types of on-board devices in the vehicle is an authorized user, authentication is performed with an authentication key used to exchange an encryption code between the vehicle and the on-board device. Alternatively, user authentication is performed using a predetermined password.
In order to maintain security, the authentication key used for such authentication has to be possessed only by the user or device having the correct authorization. For example, as described in patent document 1, a system may encrypt a private key, which is used for authentication, with a key that is held in advance at a distributing destination of the private key, and distribute the encrypted private key to the distributing destination.
As shown in FIG. 14, in such a system, an on-board device center key 22, which is a key unique to a vehicle 1, is written in advance by a write device 18 to the vehicle 1, which is the distributing destination of a private key 16 used for authentication. An electronic key center key 23 unique to an electronic key 2 is also written in advance by the write device 18 to the electronic key 2, which is the distributing destination of the private key 16.
A center 20 for generating and distributing the private key 16 holds, in advance, the on-board device center key 22 and the electronic key center key 23 respectively held by the vehicle 1 and the electronic key 2. When distributing the private key 16, the center 20 uses the on-board device center key 22, which is a key shared with the key held by the vehicle 1, to encrypt the private key 16 that is distributed to the vehicle 1. The center 20 also uses the electronic key center key 23, which is a key shared with the electronic key 2, to encrypt the private key 16 that is distributed to the electronic key 2. The center 20 distributes the encrypted private key 16 to each of the vehicle 1 and the electronic key 2. In the vehicle 1 and the electronic key 2, the encrypted private key 16 is decrypted by the corresponding on-board device center key 22 and the electronic key center key 23. Then, the center 20 performs cryptographic communication with the vehicle 1 and the electronic key 2 using the decrypted private key 16. In this manner, in the system described in patent document 1, the private key 16 is encrypted with the on-board device center key 22 and the electronic key center key 23 of the vehicle 1 and the electronic key 2, respectively. Thus, even if the private key 16 is acquired in an unauthorized manner during distribution, improper use of the private key 16 when acquired in an unauthorized manner may be limited.