1. Field of Application
The present invention relates to a communication system for performing encrypted communication via a data network, and to a cipher key dispatching apparatus that is located at a node of such a communication system, a code processing apparatus, and an anti-theft apparatus that is applicable to a motor vehicle (referred to in the following simply as a “vehicle”) having such a communication system installed.
2. Description of the Prior Art
In the prior art, various methods are known for encrypting communication data in order to prevent data theft or unauthorized access to data. With one method of encryption, a cipher key is used in common by persons who perform encrypted communication with one another (with such a cipher key being referred to in the following as a common cipher key). In using such a cipher key, it is important to ensure that only persons who are eligible to participate in the encrypted communication will have access to the common cipher key. One method of achieving this is to use a third party Confirmation technique, for example the SSL (Secure Socket Layer) technique, or Kerberos, etc., whereby a key transfer operation (for dispatching a cipher key to each of respective authorized parties who are to perform mutual encrypted communication) is performed by some trustworthy third party, as described for example in “Modern Encrypting”, by Okamoto et al, published by Sangyozusho Co., Japan, p198˜199.
Performing such a key transfer operation will be described referring to FIG. 15A. As shown, nodes A and B, which are in mutual encrypted communication, have been previously allocated respectively different individual cipher keys (with such keys being referred to in the following as class cipher keys) designated as Ka and Kb. A key dispatching center S, which is a third-party facility, possesses the class cipher keys Ka, Kb of all of the nodes, recorded beforehand. When for example node A is to communicate with node B, it sends notification (of this intention to communicate) to the key dispatching center S, with that notification indicated as (A,B) in FIG. 15A, whereupon the key dispatching center S generates a cipher key Kab that can be used as a common cipher key for communication between the nodes A and B. The key dispatching center S then uses the respective class cipher keys Ka, Kb of the nodes A, B in conjunction with the common cipher key Kab to generate respective code words (i.e., respective sets of encrypted data) Ea and Eb. The key dispatching center S then sends each of these code words Ea, Eb to the node A. Node A then uses its class cipher key Ka to decrypt the code word Ea, and thereby acquire the common cipher key Kab. Node A then uses this common cipher key Kab to generate a code word Eabs, and sends that code word together with the code word Eb (received from the key dispatching center S) to the node B.
Node B thereupon uses its class cipher key Kb to decrypt the code word Eb, and thereby acquire the common cipher key Kab. Node B then uses the common cipher key Kab to decrypt the code word Eabs, and if the decrypting is successful, node B then uses the common cipher key Kab to generate a code word Eabr, and sends this to node A. Thereafter, node B can perform encrypted communication with node A by using the common cipher key Kab, and node A can similarly communicate with node B, i.e., when the node A receives the code word Eabr, it uses the common cipher key Kab to decrypt that code word, and if the decryption is successful, it uses the common cipher key Kab to communication with node B. The common cipher key Kab is thereby shared by the nodes A and B.
In the case of a communication system that is installed in a vehicle, in order to achieve a high degree of control and to facilitate servicing, apparatuses such as ECUs (Electronic Control Units), etc., constituting nodes of the system are connected via a vehicle LAN (Local Area Network) for sharing of information relating to equipment of the vehicle. It is expected that encrypting of such communication within a vehicle LAN will soon begin to be utilized, to achieve increased security.
If a common cipher key method of encrypted communication were to be applied to a vehicle LAN, then as shown in FIG. 5B, it would be necessary to be able to allocate respective common cipher keys to each of the possible combinations of ECUs that are connected to the vehicle LAN. Thus if the total number of ECUs is designated as N, it would be necessary to be able to provide a total of [N×(N−1)/2] common cipher keys. Typically, a vehicle LAN may have more than ten ECUs (or several tens of ECUs) connected to it, so that it would become necessary to provide a capability for generating a very large number of common cipher keys.
Furthermore when utilizing encrypting communication using common cipher keys, in order to enhance security, it is necessary to periodically change the common cipher keys, by performing a key replacement operation. However since such an operation must be done for all of the ECUs of a vehicle, the time actually available for communication within the vehicle LAN would be restricted, due to the amount of time required to perform such an operation, which includes dispatching of respective cipher keys to the various ECUs, and confirmation of correct reception of the cipher keys by the respective ECUs, as illustrated in FIG. 6.
Hence, if such a key replacement operation were to be performed for a vehicle LAN, with a large number of common cipher keys being necessary as described above, then a large amount of processing time would be required for generating the (new) common cipher keys, and for distributing these common cipher keys to the ECUs.
It might be envisaged for example that such a key replacement operation would be executed each time that the vehicle ignition is switched on. However in that case, communication between the ECUs would be enabled only after the key replacement operation has been completed, so that a normal control condition would not established until after a substantially long interval has elapsed. Thus, the vehicle driver would be given an adverse impression.
Such problems are not limited to vehicle LANs, but are applicable in general to LANs for which a high speed of response is required.
Furthermore, in Europe and the USA in recent years, the problem of vehicle thefts has become severe. These thefts are performed in some cases for the purpose of acquiring the vehicles, however in many cases, theft is performed in order to strip the vehicle of its equipment, such as ECUs, etc., for sale as vehicle parts. It would be desirable to provide a communication system for a motor vehicle which would reduce the incentive for vehicle thefts to acquire equipment of the vehicles, and thereby reduce the incidence of such thefts.