JP2012036659A - Registration system for electronic key - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a registration system for an electronic key that eliminates the need to deliver on-vehicle equipment and an electronic key in a pair while ensuring security against crime.SOLUTION: A writing device 41 generates an encryption key according to a first encryption key generation program by using an ID code at the time of initial registration, and generates an encryption key according to a second encryption key generation program by using an ID code and the serial number of ECU 13 at the time of additional registration. The same process as in the writing device 41 is also performed in the ECU 13. At the time of the initial registration, only the ID code of an electronic key 12 is used to generate the encryption key. Accordingly, there is no need to deliver the electronic key 12 and the ECU 13 in a pair to a factory and the like at the time of initial registration. At the time of additional registration in the market and the like, only the electronic key 12 manufactured for the ECU 13 can be registered with the ECU 13. This provides security against crime.

Description

  The present invention relates to a system for registering an electronic key in a communication target such as a vehicle.

  2. Description of the Related Art Conventionally, an electronic key system that locks and unlocks a door through transmission / reception of identification information through wireless communication between an electronic key held by a vehicle user and the vehicle is known. In order to maintain the security of the system, it is necessary to protect communication between the electronic key and the vehicle. For this reason, for example, in the system of Patent Document 1, encrypted communication is performed between the electronic key and the vehicle. In the encrypted communication, all information to be communicated is encrypted, so that the confidentiality is ensured even if the identification information exchanged between the electronic key and the vehicle is intercepted.

  As an encryption method for the encryption communication, for example, a common key encryption method is adopted. This method uses the same encryption key for encryption and decryption. For this reason, in this method, it is necessary to have the same encryption key between communication partners (here, the vehicle and the electronic key). The registration of the electronic key and the encryption key to the vehicle is performed in the process of registering the electronic key to the vehicle at a manufacturer's factory or the like. Registration of an electronic key to a vehicle means that identification information unique to the electronic key is stored in a vehicle, more precisely, an electronic control device (hereinafter referred to as “ECU”) that performs overall control of the electronic key system. The ECU authenticates the electronic key through verification of identification information wirelessly transmitted from the electronic key and identification information stored in the ECU.

As a system for registering an electronic key in an ECU, the applicant of the present application is considering adopting the following configuration, for example.
That is, as shown in FIG. 11, in the system, when registering the electronic key 151, the writing device 152 is first connected to the ECU 153 via a cable or the like. The writing device 152 writes various information in the electronic key 151 (more precisely, its storage device) through wireless communication. First, the writing device 152 reads the serial number 154 stored in advance in the connected ECU 153 (step S501). Next, the writing device 152 generates an encryption key 156 by a specific algorithm using the read serial number 154 and the ID code 155 generated by itself (step S502). Then, the writing device 152 wirelessly transmits the generated ID code 155 and encryption key 156 to the electronic key 151 (step S503). The electronic key 151 stores the transmitted ID code 155 and encryption key 156, and wirelessly transmits the ID code 155 to the ECU 153 (step S504). The ECU 153 stores the received ID code 155, generates an encryption key 156 by a specific algorithm using the ID code 155 and its own serial number 154, and stores this (step S505). The algorithm is the same as that used in the writing device 152. The original data for generating the encryption key is also the serial number 154 and the ID code 155 and is the same as the original data used in the writing device 152. For this reason, the encryption key 156 generated in the ECU 153 is the same as the one generated by the writing device 152 and thus the one previously stored in the electronic key 151. Thus, the registration work of the electronic key 151 to the ECU 153 is completed.

  As described above, the electronic key 151 and the ECU 153 store the encryption key 156 generated using the serial number 154 of the ECU 153, respectively. As a result, the electronic key 151 is paired with the ECU 153. That is, the ECU 153 can exchange information only with the electronic key 151 having the encryption key 156 generated by using its own serial number 154. Since the ECU 153 cannot decrypt information encrypted with an encryption key different from the encryption key 156 stored in the ECU 153, the ECU 153 may not decrypt the information stored in the ECU 153 with another electronic key having an encryption key different from the encryption key stored in the ECU 153. Exchange of information is prevented. For this reason, communication between the regular electronic key 151 and the ECU 153 is suitably protected, and the security of the electronic key system is also maintained.

JP 2009-302848 A

  However, according to the registration system described above, although the security of the electronic key system can be surely secured, the serial number 154 of the ECU 153 is used to generate the encryption key. Therefore, when registering the electronic key 151 in the ECU 153, These must be delivered to the manufacturer's factory as a set. This is complicated. In the market, for example, when the ECU 153 breaks down, the electronic key 151 and the ECU 153 need to be exchanged as a set. This is because the electronic key 151 and the ECU 153 are associated one-on-one. In this case, the normal electronic key 151 may be wasted. Note that a residential electronic key system is also known, and the same problem may occur when registering an electronic key related to the system.

  The present invention has been made to solve the above-described problems, and an object of the present invention is to register an electronic key that can ensure crime prevention and eliminate the need for a set of an in-vehicle device and an electronic key. Is to provide.

  According to the first aspect of the present invention, an encrypted communication using a common key encryption method for encrypting information using the same encryption key with an in-vehicle device that is a registration target, and from the in-vehicle device. In an electronic key registration system that is authenticated through confirmation of the validity of identification information transmitted in response to the response request, identification information unique to the electronic key and an encryption key generated using only the identification information A first registration mode stored in the electronic key and the vehicle-mounted device, identification information unique to the electronic key, and an encryption key generated using the identification information and identification information unique to the vehicle-mounted device A second registration mode that is stored in each machine, and the first registration mode is used for the first registration when the electronic key is registered in the vehicle-mounted device for the first time, while the electronic key is subsequently added and registered in the vehicle-mounted device. When registering as its gist the use of second registration mode.

  According to the present invention, at the time of initial registration, an encryption key is generated using only identification information unique to the electronic key. That is, any electronic key can be registered in the in-vehicle device. For this reason, it is not necessary to deliver the electronic key and the vehicle-mounted device as a set to the manufacturer's factory or the like at the time of initial registration. Since the factory of the manufacturer is basically safe, there is no problem in terms of crime prevention. Further, at the time of additional registration after the initial registration is completed, an encryption key is generated using identification information unique to the electronic key and identification information unique to the vehicle-mounted device. That is, only an electronic key manufactured corresponding to this can be registered in the in-vehicle device. Crime prevention is ensured by preventing unauthorized registration of the electronic key by a third party after the vehicle is shipped.

  According to a second aspect of the present invention, in the electronic key registration system according to the first aspect, the number of electronic keys registered in the in-vehicle device is set as the number of electronic keys to be registered at the first registration. The gist is to use the first registration mode when the number is less than the prescribed number, and to use the second registration mode when the number of electronic keys registered in the vehicle-mounted device exceeds the prescribed number.

  According to the present invention, for example, when the prescribed number is set to a plurality, a plurality of electronic keys can be registered in the simple first registration mode up to the prescribed number at the time of initial registration. . It is assumed that a plurality of electronic keys such as a master key and a sub key are often initially registered in the in-vehicle device. Corresponding to such a situation, the workability of initial registration of a plurality of electronic keys can be improved. On the other hand, it is assumed that registration of electronic keys exceeding the specified number is basically performed after the vehicle is shipped. At the time of such additional registration, registration in the second registration mode with higher crime prevention is performed. For this reason, unauthorized registration of the electronic key by a third party can be suppressed. Note that the prescribed number may be set to one depending on product specifications and the like.

  The invention according to claim 3 is the electronic key registration system according to claim 1 or claim 2, and when receiving a command to delete all electronic key information registered in the in-vehicle device, The in-vehicle device apparently deletes the registered electronic key information by storing the deleted information indicating that the information is deleted in a manner associated with the registered electronic key information. When registering a key, the electronic key to be registered is verified by comparing the identification information unique to the electronic key to be registered with the identification information unique to the electronic key that has been registered in the past in the in-vehicle device. Is determined to be registered in the past, it is determined that the electronic key to be registered is not registered in the past while using the first registration mode. Kiniwa, as its gist the use of the second registration mode.

  There may be a case where it becomes necessary to delete all information of the electronic key registered in the in-vehicle device for some reason. In order to use the vehicle again, it is necessary to re-register the electronic key with the in-vehicle device. At that time, according to the present invention, re-registration of the electronic key registered in the past can be easily performed in the first registration mode. On the other hand, for the registration of a new electronic key that has not been registered in the past, crime prevention is ensured by adopting the second registration mode in which it is registered after making it an exclusive product for the vehicle-mounted device. .

  According to a fourth aspect of the present invention, in the electronic key registration system according to any one of the first to third aspects, the identification information unique to the in-vehicle device is a predetermined number of times through an external operation. The gist is that it can only be changed.

  It is also assumed that the in-vehicle device is replaced for some reason. In this case, since the electronic key added and registered after the initial registration is completed is a dedicated product for the vehicle-mounted device before replacement, it cannot be registered in the vehicle-mounted device after replacement. In this regard, according to the present invention, since the identification information unique to the in-vehicle device can be changed a predetermined number of times, all the electronic keys registered in the in-vehicle device before replacement are initially stored in the in-vehicle device after replacement. Registration is possible. In the initial registration, any electronic key can be registered by using the first registration mode in which the encryption key is generated using only the identification information unique to the electronic key. For electronic keys that are additionally registered as dedicated products in the in-vehicle device before replacement, change the identification information unique to the in-vehicle device after replacement to the identification information of the in-vehicle device before replacement. Can be registered. For this reason, the compatibility of the electronic key is ensured before and after the replacement of the in-vehicle device. This is convenient because the user can continue to use all the electronic keys registered in the vehicle-mounted device before replacement.

  According to a fifth aspect of the present invention, in the electronic key registration system according to any one of the first to fourth aspects, the identification information unique to the electronic key is generated and written to the electronic key. And the electronic key can be stored in the in-vehicle device through wireless transmission of the written identification information, and the writing device and the in-vehicle device use an identification key unique to the electronic key to encrypt the key. A first encryption key generation program that generates the encryption key, and a second encryption key generation program that generates the encryption key using the identification information unique to the electronic key and the identification information unique to the vehicle-mounted device, When the first registration mode is used, the first encryption key generation program is executed in the writing device and in-vehicle device, respectively, while when the second registration mode is used, the writing device and car The second encryption key generation program is executed in each machine, the encryption key generated in the writing device is written in the electronic key together with identification information unique to the electronic key, and the encryption key generated in the in-vehicle device is itself The main point is that it is memorized.

  For example, an electronic key registration system can be constructed as in the present invention.

  ADVANTAGE OF THE INVENTION According to this invention, the delivery of a set with a vehicle equipment and an electronic key can be made unnecessary, ensuring crime prevention.

The block diagram which shows schematic structure of an immobilizer system. The block diagram which shows schematic structure of an immobilizer system. The flowchart which shows the authentication process procedure of an electronic key. The block diagram which shows schematic structure of the registration system of the electronic key of 1st Embodiment. The flowchart which similarly shows the registration processing procedure at the time of the initial registration of an electronic key. The flowchart which similarly shows the registration processing procedure at the time of additional registration of an electronic key. (A) is a block diagram which shows schematic structure of the registration apparatus and immobilizer ECU of 2nd Embodiment, (b) is a flowchart which similarly shows the registration process procedure of an electronic key. (A) is a block diagram showing the connection mode of the erasing device and immobilizer ECU in the third embodiment, (b) is a list showing the storage mode of information of the erased electronic key, (c) FIG. 6 is a flowchart showing a procedure for electronic key registration processing. FIG. (A) is a block diagram showing an aspect of connection between the registration device and the immobilizer ECU in the fourth embodiment, (b) is a block diagram showing an aspect of changing the serial number of the immobilizer ECU, and (c) is an illustration. The block diagram which similarly shows immobilizer ECU before replacement | exchange, and immobilizer ECU after replacement | exchange. The block diagram which shows the outline of the electronic key system in other embodiment. The flowchart which shows the registration processing procedure of another electronic key.

Hereinafter, an embodiment in which the present invention is embodied in an immobilizer system mounted on a vehicle will be described with reference to FIGS. The system is provided for the purpose of preventing the vehicle from being stolen.
<Immobilizer system>
As shown in FIG. 1, the immobilizer system 11 is a wireless communication between an electronic key 12 possessed by a user and an immobilizer ECU (hereinafter referred to as “ECU (Electronic Control Unit) 13”) mounted on the vehicle. The engine 14 which is a power source for traveling is permitted to start through. An engine ECU 15 that controls the engine 14 is connected to the ECU 13 via an in-vehicle LAN 16. The engine ECU 15 executes control of the engine 14 through exchange of information with the ECU 13.

  Between the electronic key 12 and the ECU 13, bidirectional short-range wireless communication according to RFID (Radio Frequency IDentification) is performed. Further, challenge response authentication using encryption communication is performed between the electronic key 12 and the ECU 13. As an encryption method for the encryption communication, a common key encryption method that uses the same encryption key for encryption and decryption of information is adopted.

  The electronic key 12 includes a key plate 22 inserted into a key cylinder 21 provided near the driver's seat, a grip 23 provided at an end of the key plate 22 and gripped by a user, and a transponder built in the grip 23. 24. As shown in FIG. 2, the storage device 25 of the transponder 24 stores an ID code 26 that is identification information unique to the transponder 24 and an encryption key 27 used for challenge-response authentication. The transponder 24 automatically drives using a driving radio wave (electromagnetic field) supplied from the outside as an operation power supply, and transmits a radio signal including the ID code 26 stored in the storage device 25.

  As shown in FIG. 2, the storage device 31 of the ECU 13 stores an ID code 32 that is identification information unique to the ECU 13 and an encryption key 33 used for challenge response authentication. The ECU 13 transmits a driving radio wave for driving the transponder through the coil antenna 34 connected to the ECU 13. Further, the ECU 13 receives a radio signal transmitted from the electronic key 12 through the coil antenna 34, and determines the validity of the ID code 26 included in the radio signal. As shown in FIG. 1, the coil antenna 34 is provided in such a manner that it is wound around the end of the key cylinder 21 on the side where the key plate 22 is inserted.

<Electronic key authentication processing procedure>
Next, an authentication process procedure of the electronic key 12 executed through wireless communication between the electronic key 12 and the ECU 13 will be described with reference to the flowchart of FIG.

  As shown in the flowchart, when the ECU 13 detects that the key plate 22 is inserted into the key cylinder 21 (step S1), the ECU 13 generates a challenge including a random number (binary random number) (step S2). . The ECU 13 transmits a driving radio wave including the generated challenge through the coil antenna 34 (step S3). When the ECU 13 transmits the driving radio wave, it encrypts the challenge generated in the previous step S2 according to a predetermined encryption algorithm using its own encryption key 33, thereby calculating the response itself (step S1). S4) This is temporarily stored in its own storage device 31.

  When the transponder 24 receives the driving radio wave from the coil antenna 34 (step S5), the transponder 24 starts up using the driving radio wave as an operating power supply (step S6). The transponder 24 calculates a response by encrypting the challenge included in the drive radio wave according to a predetermined encryption algorithm using its own encryption key 27 (step S7). Then, the transponder 24 transmits a wireless signal including the generated response and its own ID code 26 (step S8), and ends the process.

  When the ECU 13 receives a radio signal from the transponder 24 through the coil antenna 34 (step S9), the ECU 13 first collates the response included in the radio signal with the response calculated by itself in the previous step S4 (step S10). When these responses match, the ECU 13 recognizes that challenge response authentication has been established (step S11). Next, the ECU 13 collates the ID code included in the radio signal with its own ID code (step S12). When the collation is established, the ECU 13 recognizes that the transponder 24 that is the current communication partner, that is, the electronic key 12 on which the transponder 24 is mounted is a proper one corresponding to itself (step S13), and ends the process.

  Note that when the response verification in the previous step S10 or the ID code verification in the previous step S12 is not established, the ECU 13 corresponds to the transponder 24 that is the current communication partner, that is, the electronic key 12 on which the transponder 24 is mounted. The processing is terminated assuming that it is not legitimate.

  The state in which both the response verification in the previous step S10 and the ID code verification in the previous step S12 are established is a state in which the start of the engine 14 is permitted. That is, when the engine ECU 15 detects that the key cylinder 21 has been rotated to the engine start position via the key plate 22, the engine ECU 15 requests the ECU 13 to transmit the authentication result of the electronic key 12. When the engine ECU 15 receives the information indicating that the authentication of the electronic key 12 has been established, the engine ECU 15 starts the engine 14 by starting the ignition control and the fuel injection control of the engine 14 assuming that the engine 14 is allowed to start. On the other hand, when the engine ECU 15 receives information indicating that the authentication of the electronic key 12 is not established, the engine ECU 15 maintains the engine 14 in a stopped state, assuming that the engine 14 is not allowed to start.

<Electronic key registration system>
In order to perform the challenge response authentication described above, it is necessary to register in advance the same encryption key and the same ID code in the electronic key 12 and the ECU 13 which are communication partners. This registration work is performed through the following registration system in a manufacturer's factory or the like.

<ECU>
First, it supplements about the structure of ECU13 in which an electronic key is registered using this registration system. That is, as shown in FIG. 4, the storage device 31 of the ECU 13 stores a serial number 62 unique to the ECU 13 and first and second encryption key generation programs 63 and 64. The first encryption key generation program 63 is for generating an encryption key based on the ID code according to a predetermined algorithm. The second encryption key generation program 64 is for generating an encryption key based on the ID code and the serial number 62 of the ECU 13 according to a predetermined algorithm.

  The ECU 13 includes a control circuit 61 in addition to the storage device 31 described above. The control circuit 61 is detachably provided with a coil antenna 66 for registration. The control circuit 61 has a normal mode and first and second registration modes as its operation mode. The normal mode is an operation mode during normal use of the vehicle, and refers to an operation mode in which the ECU 13 executes an authentication process through wireless communication with the electronic key 12. The first and second registration modes refer to operation modes when registering the electronic key 12 in the ECU 13. The first and second registration modes differ from each other in terms of an encryption key generation algorithm. The ECU 13 switches its operation mode between the normal mode and the first and second registration modes based on a command signal supplied from the outside.

  When the operation mode is the first or second registration mode, the control circuit 61 receives a radio signal from the electronic key 12 to be registered, which is acquired through the coil antenna 66, and the received ID The code is stored in its own storage device 31. When the first registration mode is set, the control circuit 61 generates an encryption key through the execution of the first encryption key generation program 63 using only the received ID code, and stores the encryption key in the storage device 31. To remember. When the control circuit 61 is in the second registration mode, the control circuit 61 generates an encryption key through the execution of the second encryption key generation program 64 using the received ID code and its serial number 62, This is stored in the storage device 31. The ECU 13 can be connected to the writing device 41 via a cable 65.

  On the premise of such a configuration of the ECU 13, the registration system has the following configuration. That is, as shown in FIG. 4, the electronic key registration system includes a writing device 41 and a registration device 51.

<Writing device>
The writing device 41 is for writing various information into the electronic key 12, more precisely, the storage device 25 of the transponder 24. The writing device 41 includes a storage device 42, a communication circuit 43, a control circuit 44, and third and fourth switches 45 and 46. The storage device 42 stores an ID code generation program 47 and first and second encryption key generation programs 48 and 49. The ID code generation program 47 is for generating an ID code of the electronic key 12 using a random number (binary random number). The ID code is a digital signal composed of a combination of logic “1” and logic “0”. The first and second encryption key generation programs 48 and 49 are the same as those stored in the storage device 31 of the ECU 13.

  When it is detected that the third switch 45 or the fourth switch 46 is operated, the control circuit 44 generates an ID code through the execution of the ID code generation program 47 stored in its own storage device 42. Is temporarily stored in the storage device 42.

  When the operation of the third switch 45 is detected, the control circuit 44 generates an encryption key through the execution of the first encryption key generation program 48 stored in the storage device 42 as the first registration mode. . At this time, the control circuit 44 generates an encryption key using only the ID code generated by itself. On the other hand, when it is detected that the fourth switch 46 has been operated, the control circuit 44 uses the second encryption key generation program 49 stored in the storage device 42 as the second registration mode. Generate an encryption key. At this time, the control circuit 44 generates an encryption key using the ID code generated by itself and the serial number 62 of the ECU 13 acquired through the cable 65.

Further, the control circuit 44 transmits the driving radio wave including the ID code and the encryption key generated by itself through the communication circuit 43.
<Registration device>
The registration device 51 is for switching the operation mode of the ECU 13 between the normal mode and the registration mode. The registration device 51 includes a signal generation circuit 52 and first and second switches 53 and 54 that can be externally operated. It is equipped with. The registration device 51, more precisely the signal generation circuit 52, can be connected to the ECU 13 via the cable 55. When registering the electronic key 12 in the ECU 13, the registration device 51 is connected to the ECU 13 via the cable 55. When the operation of the first switch 53 is detected, the signal generation circuit 52 generates a first command signal for instructing the ECU 13 to shift to the first registration mode, and this is transmitted via the cable 55. To the ECU 13. When the operation of the second switch 54 is detected, the signal generation circuit 52 generates a second command signal that instructs the ECU 13 to shift to the second registration mode, and sends the second command signal via the cable 55. To the ECU 13. The signal generation circuit 52 instructs to cancel the first or second registration mode when these operations are detected again after the first and second switches 53 and 54 are operated. The command signal is generated and transmitted to the ECU 13 via the cable 55.

<Registration procedure>
Next, a procedure for registering the electronic key in the ECU 13 using the above-described registration system will be described. The following two situations (A) and (B) are assumed as situations where the electronic key is registered in the ECU 13.

(A) When the electronic key 12 is registered in the ECU 13 for the first time at the manufacturer's factory or the like when the vehicle is shipped (hereinafter referred to as “during initial registration”)
(B) A case where a new electronic key 12 is added and registered in the ECU 13 at a dealer or the like after the vehicle is shipped (hereinafter referred to as “at the time of additional registration”).

<At first registration>
First, (A) the procedure for initial registration will be described. When the electronic key 12 is started to be registered with the ECU 13, the operation mode of the ECU 13 to which the electronic key 12 is to be registered is set to the first registration mode through the operation of the first switch 53 of the registration device 51. .

  Now, when it is detected that the third switch 45 is operated, the writing device 41 generates an ID code 71 using a random number (binary random number) as shown in FIG. 5 (step S101). . Further, the writing device 41 generates the encryption key 72 using the generated ID code 71 in accordance with the first encryption key generation program 48 for initial registration (step S102). Then, the writing device 41 transmits a wireless signal including the generated ID code 71 and encryption key 72 to the unregistered electronic key 12 (step S103). The transponder 24 of the electronic key 12 is activated using the wireless signal from the writing device 41 as an operation power supply, and stores the ID code 71 and the encryption key 72 included in the wireless signal in its own storage device 25 (step S104). . Further, the transponder 24 wirelessly transmits the ID code 71 stored in its own storage device 25 to the ECU 13 to be paired with itself (step S105).

  When the ECU 13 receives a radio signal from the electronic key 12 in a state where the operation mode is maintained in the first registration mode, the ECU 13 stores the ID code 71 included in the radio signal in its own storage device 31. (Step S106). The ECU 13 generates an encryption key according to the first encryption key generation program 63 for initial registration using the ID code 71 stored in the storage device 31, and stores the generated encryption key in its storage device 31. (Step S107).

  Here, the first encryption key generation program 63 is the same as that used in the writing device 41. The original data for generating the encryption key is the ID code 71, which is the same as the original data used when the writing device 41 generates the encryption key 72. For this reason, the encryption key generated in the ECU 13 is the same as the encryption key generated by the writing device 41, and hence the encryption key 72 previously stored in the electronic key 12.

  This completes the registration of one electronic key 12 to the ECU 13. At the time of initial registration, it is assumed that two or more electronic keys 12 are registered in the ECU 13. In this case, each time one electronic key 12 is registered in the ECU 13, the third of the writing device 41 is registered. Through the operation of the switch 45, the processes of the previous steps S101 to S107 are repeatedly executed.

  Thereafter, when the ECU 13 receives a third command signal for canceling the registration mode through the re-operation of the first switch 53 of the registration device 51, the ECU 13 changes its operation mode from the first registration mode to the normal mode. Migrate to This completes the registration of the electronic key 12 to the ECU 13.

  Through the registration operation, the ECU 13 can exchange information only with the registered electronic key 12 through encrypted communication. Since the encryption key 72 is generated using only the ID code 71, basically any electronic key 12 can be registered in the ECU 13. For this reason, it is not necessary to deliver the electronic key 12 and the ECU 13 as a set to a factory or the like. Note that factories and the like are basically safe, and it is not necessary to associate the electronic key 12 and the ECU 13 one-on-one. For this reason, crime prevention can be maintained without producing a dedicated electronic key 12 for a specific ECU 13.

<At the time of additional registration>
Next, even after the vehicle is shipped to the market, it is assumed that it is desired to register a new electronic key in the vehicle. In this case, the registration of the new electronic key 12 to the ECU 13 is performed, for example, at a vehicle sales company.

  When the electronic key 12 is additionally registered, the operation mode of the ECU 13 is set to the second registration mode through the operation of the second switch 54 of the registration device 51. The writing device 41 is connected to the ECU 13 that is the registration target of the electronic key 12 via the cable 65.

  When it is detected that the fourth switch 46 is operated, the writing device 41 reads the serial number 62 of the ECU 13 connected via the cable 65 as shown in FIG. 6 (step S201). Further, the writing device 41 generates an ID code 81 using a random number (binary random number) (step S202). This ID code 81 is different from the ID code 71 generated at the time of initial registration.

  Next, the writing device 41 uses the serial number 62 read from the ECU 13 and the ID code 81 generated by itself to generate the encryption key 82 according to the second encryption key generation program 49 for additional registration. (Step S203). This encryption key 82 is different from the encryption key 72 generated at the time of initial registration.

  Then, the writing device 41 transmits a wireless signal including the generated ID code 81 and the encryption key 82 to the unregistered electronic key 12 (step S204). The transponder 24 of the electronic key 12 is activated using the wireless signal from the writing device 41 as an operation power supply, and stores the ID code 81 and the encryption key 82 included in the wireless signal in its own storage device 25 (step S205). . Further, the transponder 24 wirelessly transmits the ID code 81 stored in its own storage device 25 to the ECU 13 that should pair with itself (step S206).

  When the ECU 13 receives the wireless signal from the electronic key 12, the ECU 13 stores the ID code 81 included in the wireless signal in its own storage device 31 (step S207). Further, the ECU 13 generates an encryption key according to the second encryption key generation program 64 for additional registration using the ID code 81 stored in the storage device 31, and stores the generated encryption key in its own storage device 31. (Step S208).

  Here, the second encryption key generation program 64 is the same as that used in the writing device 41. The original data for generating the encryption key is the ID code 81, which is the same as the original data used when the writing device 41 generates the encryption key 82. For this reason, the encryption key generated in the ECU 13 is the same as the one generated by the writing device 41, and hence the encryption key 82 previously stored in the electronic key 12.

  Thereafter, when the ECU 13 receives a third command signal for canceling the second registration mode through the second operation of the second switch 54 of the registration device 51, the ECU 13 sets its own operation mode to the second registration mode. To normal mode. Thus, the additional registration work of the electronic key 12 to the ECU 13 is completed.

  At the time of additional registration, it is assumed that two or more electronic keys 12 are registered in the ECU 13. In this case, every time one electronic key 12 is registered in the ECU 13, the fourth of the writing device 41. Through the operation of the switch 46, the processes of the previous steps S201 to S208 are repeatedly executed.

  Through the additional registration work, the ECU 13 can exchange information with the newly registered electronic key 12 through encrypted communication. The encryption key 82 is generated using a serial number 62 unique to the ECU 13 and an ID code 81 generated randomly in the writing device 41. For this reason, unlike the initial registration, the additionally registered electronic key 12 is a dedicated product for the specific ECU 13. That is, only the electronic key 12 manufactured for a specific ECU 13 can be registered in the ECU 13. For example, even when only the ID code of the electronic key 12 or the encryption key generated based on the ID code is registered in the specific ECU 13 as in the first registration, the electronic key 12 is not authenticated by the specific ECU 13. . This is because the same encryption key cannot be shared between the electronic key 12 and the specific ECU 13, and thus the above-described challenge response authentication is not established.

  Unlike a safe factory or the like, there is a concern that the electronic key 12 is illegally registered in the ECU 13 by a third party in the market. In this regard, in this example, when the electronic key 12 is registered after the initial registration, an encryption key is generated using the second encryption key generation program 64 described above. That is, only the dedicated electronic key 12 corresponding to the specific ECU 13 can be registered. Thereby, unauthorized registration of the electronic key 12 by a third party is suppressed. Security against vehicle theft is also ensured.

<Effect of Embodiment>
Therefore, according to the present embodiment, the following effects can be obtained.
(1) At the time of initial registration, an encryption key is generated using only an ID code unique to the electronic key 12. That is, any electronic key 12 can be registered in the ECU 13. For this reason, it is not necessary to deliver the electronic key 12 and the ECU 13 to the manufacturer's factory or the like as a set at the time of initial registration. Manufacturers' factories are basically safe. That is, there is no fear of unauthorized registration of the electronic key 12, and there is no problem in terms of crime prevention.

  (2) At the time of additional registration after the initial registration is completed, an encryption key is generated using an ID code unique to the electronic key 12 and a serial number unique to the ECU 13. That is, only the electronic key 12 manufactured corresponding to this can be registered in the ECU 13. Crime prevention is ensured by preventing unauthorized registration of the electronic key 12 by a third party after the vehicle is shipped.

  (3) Further, when the ECU 13 breaks down or the like, it is necessary to replace it with a new ECU 13, and at the time of initial registration with the new ECU 13, any electronic key 12 can be initially registered with the ECU 13. . For this reason, when the electronic key 12 registered in the ECU 13 before the replacement is registered in the new ECU 13 for the first time, it can be used as it is.

<Second Embodiment>
Next, a second embodiment of the present invention will be described. The present embodiment is basically the same configuration as the first embodiment. In the first embodiment, when the first and second registration modes of the ECU 13 are selected by operating the first and second switches 53 and 54, the ECU 13 itself determines the selection of the registration mode. This is different from the first embodiment in that it is made.

  That is, as shown in FIG. 7 (a), the storage device 31 of the ECU 13 includes the number information indicating the number of electronic keys 12 to be registered in the ECU 13 at the time of initial registration, whether or not the initial registration work has been completed. Is stored as a threshold (registration mode determination threshold) 90. The number information, that is, the threshold value 90 is determined according to product specifications and the like. In this example, the two electronic keys 12 of the master key and the sub key are set to be registered in the ECU 13 at the time of initial registration. That is, in this case, information indicating “2” is stored in the storage device 31 as the threshold 90. In addition, the storage device 31 stores a registration mode selection program 91 that selects a registration mode of the ECU 13 between the first and second registration modes based on the number of electronic keys 12 registered in the ECU 13.

  When the ECU 13 (more precisely, the control circuit 61) determines that the number of electronic keys 12 registered in the ECU 13 has reached the threshold value 90, the ECU 13 indicates that the initial registration of the electronic keys 12 has been completed. The flag is set in the flag area 92 of the storage device 31. For example, when it is determined that the number of registered electronic keys 12 has reached the threshold value 90, a logic “1” is written in the flag area 92, and when it is determined that the threshold value 90 has not been reached, a logic “0” is written. The ECU 13 checks whether or not the initial registration of the electronic key 12 is completed depending on whether the information written in the flag area 92 is logic “1” or logic “0”.

  Further, the registration device 51 is provided with a fifth switch 93 instead of the first and second switches 53 and 54 in the first embodiment. The fifth switch 93 is connected to the signal generation circuit 52. Unlike the first and second switches 53 and 54, the fifth switch 93 is not for selecting the first and second registration modes, but simply registers the operation mode of the ECU 13 as the normal mode. Operated to switch between modes.

  That is, when the operation of the fifth switch 93 is detected, the signal generation circuit 52 generates a command signal that instructs the ECU 13 to shift to the registration mode, and transmits this to the ECU 13 via the cable 55. To do. The ECU 13 executes the registration mode selection program stored in the storage device 31 when the command signal is received. In addition, when the operation is detected again after the fifth switch 93 is operated, the signal generation circuit 52 generates a command signal instructing to cancel the registration mode, and this is transmitted via the cable 55. It transmits to ECU13.

  Now, the operation of the ECU 13 when registering the electronic key 12 is as follows. That is, as shown in the flowchart of FIG. 7B, when the ECU 13 receives a command signal from the registration device 51, the number of electronic keys 12 registered in the ECU 13 reaches a threshold value (registration mode determination threshold value) 90. It is determined whether or not (step S301).

  When it is determined that the number of electronic keys 12 registered in the ECU 13 has not reached the threshold value 90 (NO in step S301), the ECU 13 sets the registration mode as the first registration mode and generates the first encryption key. An encryption key is generated according to the program 63 (step S302). That is, the ECU 13 generates an encryption key using only the ID code from the unregistered electronic key 12 and stores it in the storage device 31 in the same manner as the procedure shown in FIG.

  In contrast, when it is determined that the number of electronic keys 12 registered in the ECU 13 has reached the threshold value 90 (YES in step S301), the ECU 13 sets the registration mode as the second registration mode. The encryption key is generated according to the encryption key generation program 64 of No. 2 (step S303). That is, the ECU 13 generates an encryption key using the ID code from the unregistered electronic key 12 and its own serial number 62 in the same manner as the procedure shown in FIG. Remember.

  Then, after the storage of the encryption key is completed in the previous step S302 or step S303, the ECU 13 determines whether or not a release command signal indicating release of the registration mode is received from the registration device 51 (step S304). If the ECU 13 determines that the release command signal has not been received (NO in step S304), the ECU 13 proceeds to the previous step S301. In contrast, if ECU 13 determines that the release command signal has been received (YES in step S303), ECU 13 shifts its own operation mode from the registration mode to the normal mode, and ends the process. The operation on the writing device 41 side or various processing procedures are the same as those in the first embodiment.

Therefore, according to the present embodiment, the following effects can be obtained.
(4) As long as the registration mode is set through the operation of the fifth switch 93, the ECU 13 automatically determines whether to register the electronic key 12 in the first or second registration mode. For this reason, it is not necessary to operate different switches according to the initial registration and the additional registration, which is convenient.

  (5) Also, for example, when a prescribed number is set to a plurality, a plurality of electronic keys 12 can be registered in the simple first registration mode as long as the prescribed number is reached at the time of initial registration. . It is assumed that a plurality of electronic keys 12 such as a master key and a sub key are often initially registered in the ECU 13. Corresponding to such a situation, the workability of initial registration of a plurality of electronic keys 12 is improved. On the other hand, it is assumed that registration of the electronic keys 12 exceeding the specified number is basically performed after the vehicle is shipped. At the time of such additional registration, registration in the second registration mode with higher crime prevention is performed. For this reason, unauthorized registration of the electronic key 12 by a third party can be suppressed.

<Third Embodiment>
Next, a third embodiment of the present invention will be described. The present embodiment is basically the same configuration as the second embodiment. That is, when the electronic key 12 is registered, the ECU 13 automatically determines one of the first and second registration modes.

  In this example, the information on the electronic key 12 registered in the ECU 13 can be deleted individually or collectively. This is because it may be necessary to delete the information of the electronic key 12 registered in the ECU 13 for some reason. This erasing operation is performed through an erasing device 101 that is detachably connected to the ECU 13 as shown in FIG. Through the operation of the erasing device 101, the information on the specific electronic key 12 stored in the storage device 31 or the information on all the registered electronic keys 12 is deleted. However, the information of the electronic key 12 written in the storage device 31 is not completely erased, but is associated with information such as the ID code of the electronic key 12 to be deleted as shown in FIG. Thus, only the deletion information indicating that the information is deleted is written. That is, all the information of the electronic key 12 registered in the past is left in the storage device 31. It just disappears in appearance.

  In order to use the vehicle again, it is necessary to re-register the electronic key 12 in the ECU 13. At that time, a case where the electronic key 12 previously registered in the ECU 13 is re-registered, or a case where a new electronic key 12 not previously registered is registered is considered. In this example, re-registration after erasing the information of the electronic key 12 is performed as follows.

  That is, as shown in the flowchart of FIG. 8C, when the ECU 13 receives a command signal from the registration device 51, the ECU 13 determines whether or not all the information on the electronic key 12 stored in the storage device 31 has been erased. Judgment is made (step S401).

  When the ECU 13 determines that not all information of the electronic key 12 is erased, that is, the information of at least one electronic key 12 is maintained in a registered state (NO in step S401), the ECU 13 Using the registration mode as the second registration mode, an encryption key is generated according to the second encryption key generation program 64 (step S402). That is, the ECU 13 generates an encryption key using the ID code acquired from the electronic key 12 to be registered and its own serial number 62 in the same manner as the procedure shown in FIG. 31. When there is at least one usable electronic key 12, it is preferable to register a new electronic key 12 in the second registration mode with higher security.

  On the other hand, if the ECU 13 determines that all the information on the electronic key 12 has been deleted (YES in step S401), the ID code acquired from the electronic key 12 to be registered has been registered in the past. It is determined whether or not the electronic key 12 is used (step S403).

  For example, the ECU 13 compares the received ID code with the ID code of the electronic key 12 registered in the past. When the ID code that matches the received ID code exists in the storage device 31, the ECU 13 determines that the electronic key 12 that has transmitted the radio signal has been registered in the ECU 13 in the past. In addition, when the ID code matching the received ID code does not exist in the storage device 31, the ECU 13 determines that the electronic key 12 that has transmitted the radio signal has not been registered in the ECU 13 in the past.

  If the ECU 13 determines that the received ID code is that of the electronic key 12 that has been registered in the past (YES in step S403), the ECU 13 sets its own registration mode as the first registration mode and generates the first encryption key. An encryption key is generated according to the program 63 (step S404). That is, the ECU 13 generates an encryption key using only the ID code of the electronic key 12 and stores it in the storage device 31 in the same manner as the procedure shown in FIG. The process ends. In this way, re-registration of the electronic key 12 previously registered in the ECU 13 can be easily performed.

  On the other hand, when the ECU 13 determines that the received ID code is not for the electronic key 12 registered in the past (NO in step S403), the ECU 13 sets its own registration mode in the same manner as in the previous step S402. As the second registration mode, an encryption key is generated according to the second encryption key generation program 64 (step S405). Then, the ECU 13 stores the generated encryption key in the storage device 31 and ends the process. When registering a new electronic key 12, it is preferable to use the second registration mode with higher crime prevention.

Therefore, according to the present embodiment, the following effects can be obtained.
(6) When all the information of the electronic key 12 registered in the ECU 13 is deleted, the registration in the first registration mode is made possible only when the electronic key 12 registered in the past is re-registered. For this reason, re-registration of the electronic key 12 registered in the past can be easily performed. This is because the association with the ECU 13 becomes unnecessary. In addition, when registering an electronic key 12 that has not been registered in the past even if at least one usable electronic key 12 remains or is completely erased, the second registration mode is used. Registration is performed. From the viewpoint of suppressing unauthorized registration of the electronic key 12 by a third party, it is preferable to use the second registration mode for registering the electronic key 12 as much as possible with the ECU 13 as a dedicated product. . Thereby, crime prevention is ensured.

<Fourth embodiment>
Next, a fourth embodiment of the present invention will be described. The present embodiment is basically the same configuration as the second embodiment. That is, the ECU 13 registers the first number of electronic keys 12 to be registered at the time of initial registration at the manufacturer's factory or the like in the first registration mode using only those ID codes. Execute. Further, the ECU 13 executes registration in the second registration mode using the ID code and the serial number of the ECU 13 for the electronic keys 12 exceeding the prescribed number.

  Now, if the ECU 13 breaks down, it is replaced. In this case, in order to continue using the electronic key 12 registered in the failed ECU 13, it is necessary to register them in the new ECU 13. The prescribed number of electronic keys 12 described above can be easily registered in a new ECU 13 in the first registration mode using only those ID codes. However, registration of the electronic keys 12 exceeding the specified number is performed in the second registration mode using the serial number of the ECU 13. Here, the encryption key of the electronic key 12 that has been additionally registered in the ECU 13 before replacement is generated using the serial number of the ECU 13 before replacement. That is, the additionally registered electronic key 12 is a dedicated product for the ECU 13 before replacement. For this reason, when the electronic key 12 that is the dedicated product is registered in the second registration mode, the ID code of the electronic key 12 that is the dedicated product and the serial number of the new ECU 13 after the replacement are used to obtain the encryption key. Will be generated. However, this encryption key is different from the one stored in the electronic key 12 which is the dedicated product. For this reason, the electronic key 12 which is the exclusive product cannot be continuously used after the ECU 13 is replaced.

  Therefore, in this example, the serial number 62 of the ECU 13 can be changed a specific number of times (for example, once). That is, when the electronic key 12 that was a dedicated product for the ECU 13 before replacement is registered in the new ECU 13, the serial number 62 of the new ECU 13 is changed to the same serial number as that of the ECU 13 before replacement. The serial number can be changed through the registration device 51, for example. That is, as shown in FIG. 9A, the registration device 51 is provided with an input device 102 such as a keyboard. The operation mode of the new ECU 13 is changed to a state in which the serial number can be rewritten through the operation of the input device 102, and the serial number of the ECU 13 before replacement is input. For example, as illustrated in FIG. 9B, when the serial number of the ECU 13 before replacement is “11111” and the serial number of the new ECU 13 is “00000”, the serial number of the ECU 13 before replacement is input through the input device 102. “11111” is input. As a result, the same serial number “11111” as that of the ECU 13 before replacement is stored in the storage device 31 of the new ECU 13. Then, the electronic key 12 that is a dedicated product can be registered in the new ECU 13. That is, the new ECU 13 can generate the same encryption key as the encryption key stored in the electronic key 12 that was a dedicated product of the ECU 13 before replacement.

  When the serial number is changed a predetermined number of times, a flag indicating that is written in the storage device 31 of the ECU 13. When changing the serial number through the input device 102, the control circuit 61 of the ECU 13 determines whether or not the number of serial number changes has reached a specified number by checking the state of the flag. When the control circuit 61 determines that the number of changes has not reached the specified number of times, the control circuit 61 writes the input serial number to the storage device 31, while when it determines that the number of changes has reached the specified number of times, Without writing the input serial number in the storage device 31, a notification to that effect is made through the registration device 51.

  After the serial number changing operation is completed, the registration processing procedure shown in FIG. 7B is executed. Here, since it is assumed that more than a predetermined number of electronic keys 12 are registered, the process proceeds to step S303 in the flowchart of FIG. 7B, and the electronic keys 12 are registered in the second registration mode. Is done. That is, the new ECU 13 generates an encryption key using the ID code of the electronic key 12 that was a dedicated product of the ECU 13 before the replacement and the same serial number as the ECU 13 before the replacement, and stores the encryption key in the storage device 31. Is done. The stored encryption key is the same as that stored in the electronic key 12 that was a dedicated product. Therefore, even after the electronic key 12 that was a dedicated product of the ECU 13 before the replacement is replaced with a new ECU 13, it can be used continuously.

  As described above, by changing the serial number of the new ECU 13, all the electronic keys 12 registered in the ECU 13 before replacement can be registered in the new ECU 13. For example, as shown in FIG. 9C, when two electronic keys 12 are registered for the first time and one electronic key 12 is additionally registered in the ECU 13 before replacement, all three electronic keys 12 are registered. Registration to a new ECU 13 is possible. In addition, although the number of times the serial number can be changed can be set to a plurality of times, it is preferable to reduce the number as much as possible from the viewpoint of crime prevention.

Therefore, according to the present embodiment, the following effects can be obtained.
(7) It is assumed that the ECU 13 is replaced for some reason. In this case, since the electronic key 12 additionally registered after the initial registration is completed is a dedicated product for the ECU 13 before replacement, it cannot be registered in the ECU 13 after replacement. In this regard, according to the present embodiment, by making the serial number of the ECU 13 changeable a predetermined number of times, all electronic keys 12 registered in the ECU 13 before replacement can be initially registered in the ECU 13 after replacement. It becomes. In the initial registration, any electronic key 12 can be registered by using the first registration mode in which an encryption key is generated using only the ID code of the electronic key 12. The electronic key 12 that was a dedicated product for the ECU 13 before replacement can also be registered in the new ECU 13 after replacement by changing the serial number of the ECU 13 after replacement to the serial number of the ECU 13 before replacement. For this reason, the compatibility of the electronic key 12 is ensured before and after the replacement of the ECU 13. This is convenient because the user can continue to use all the electronic keys 12 registered in the ECU 13 before the replacement.

<Other embodiments>
Each of the above embodiments may be modified as follows.
-In 1st-4th embodiment, although applied to the vehicle by which the immobilizer system was mounted, you may apply to the vehicle by which the following electronic key systems are mounted. That is, as shown in FIG. 10, when the electronic key (portable device) 12 enters the communication area 103 set around the vehicle door or the communication area 104 set in the vehicle interior, Various signals are exchanged with the electronic key 12 through wireless signals. The in-vehicle device 105 performs the above-described challenge response authentication through the transmission and reception of these various signals, and the electronic authentication of the electronic key 12 through the verification of its own ID code and the ID code of the electronic key 12. The in-vehicle device 105 executes vehicle control such as unlocking the vehicle door or permitting engine start when determining that the communication partner is the regular electronic key 12 through challenge response authentication and ID code verification. The electronic key 12 incorporates a battery as an operating power source. The transponder can be omitted.

-It is also possible to carry out by appropriately combining the first to fourth embodiments.
-Although applied to the electronic key system of the vehicle in the 1st-4th embodiment, you may apply to the electronic key system of a house.

  DESCRIPTION OF SYMBOLS 12 ... Electronic key, 13 ... Immobilizer ECU (vehicle equipment), 41 ... Writing apparatus, 48, 63 ... 1st encryption key generation program, 49, 64 ... 2nd encryption key generation program.

Claims (5)

Sent via encrypted communication using a common key encryption method that encrypts information using the same encryption key with the in-vehicle device to be registered, and in response to a response request from the in-vehicle device In an electronic key registration system that is authenticated through verification of the validity of identification information
A first registration mode in which identification information unique to the electronic key and an encryption key generated using only the identification information are stored in the electronic key and the vehicle-mounted device, respectively;
A second registration mode for storing the identification information unique to the electronic key and the encryption key generated using the identification information and the identification information unique to the on-vehicle device in the electronic key and the on-vehicle device, respectively.
An electronic key registration system that uses the first registration mode at the time of initial registration when the electronic key is registered in the vehicle-mounted device for the first time, and then uses the second registration mode at the time of additional registration in which the electronic key is added and registered in the vehicle-mounted device. . The electronic key registration system according to claim 1,
When the number of electronic keys registered in the in-vehicle device is equal to or less than the specified number set as the number of electronic keys to be registered in the initial registration, the first registration mode is used, while the registration is performed in the in-vehicle device. An electronic key registration system that uses the second registration mode when the number of electronic keys exceeds the prescribed number. In the electronic key registration system according to claim 1 or 2,
When receiving an instruction to delete all the electronic key information registered in the in-vehicle device, the in-vehicle device associates the deleted information indicating that the information is deleted with the registered electronic key information. By storing in the form, apparently erase the information of the registered electronic key,
Subsequent registration of the electronic key is performed by comparing the identification information unique to the electronic key to be registered with the identification information unique to the electronic key previously registered in the in-vehicle device. When it is determined that the electronic key to be registered has been registered in the past, the first registration mode is used, while it is determined that the electronic key to be registered has not been registered in the past. Sometimes an electronic key registration system that uses the second registration mode. In the electronic key registration system according to any one of claims 1 to 3,
An electronic key registration system in which identification information unique to the vehicle-mounted device can be changed a predetermined number of times through an external operation. In the electronic key registration system according to any one of claims 1 to 4,
A writing device for generating identification information unique to the electronic key and writing it to the electronic key is provided, and the electronic key can be stored in the vehicle-mounted device through wireless transmission of the written identification information,
The writing device and the vehicle-mounted device include a first encryption key generation program that generates an encryption key using identification information unique to the electronic key, identification information unique to the electronic key, and identification information unique to the vehicle-mounted device. A second encryption key generation program for generating an encryption key by using the second encryption key generation program,
When the first registration mode is used, the first encryption key generation program is executed in the writing device and in-vehicle device, respectively, while when the second registration mode is used, the writing device and The second encryption key generation program is executed in each in-vehicle device,
An electronic key registration system in which an encryption key generated in a writing device is written in an electronic key together with identification information unique to the electronic key, and an encryption key generated in an in-vehicle device is stored as it is.

Images