Abstract: An in-vehicle computer generates a message authentication code about its own log using its own signature key and thereby transmits a log annotated with its message authentication code to a vehicle information collection device. The vehicle information collection device generates the signature key of the in-vehicle computer, verifies the message authentication code, which is included in the log annotated with its message authentication code received from the in-vehicle computer, using generated signature key, and thereby stores the log relating to the successfully verified message authentication code on storage media.

Abstract: A data provision system includes a data provision device and a data security device installed in a vehicle. The data provision device includes a vehicle interface configured to transmit data to and receive data from the vehicle; and an cryptographic processing unit configured to generate an electronic signature of application data to be applied to an in-vehicle computer installed in the vehicle by using a secret key of the data provision device, wherein application data with the electronic signature, which is obtained by attaching the electronic signature to the application data, is transmitted to the vehicle through the vehicle interface. The data security device includes an interface unit configured to transmit data to and receive data from a device outside the data security device; and an cryptographic processing unit configured to verify the electronic signature of the application data with the electronic signature received from the data provision device.

Abstract: A communication system is provided that allows communication between a vehicle and a server device. This communication system includes: the server device; a first arithmetic processing device installed in the vehicle; and a second arithmetic processing device that is a secure element and is installed in the vehicle. The second arithmetic processing device includes: a vehicle key storage unit that stores a first key and a second key; a vehicle authentication processing unit that performs authentication with the server device using the first key; and a vehicle key transmission/reception unit that transmits or receives a third key to or from the server device by encryption communication which uses the second key. The first arithmetic processing device includes a vehicle communication unit that performs encryption communication with the server device using the third key.

Abstract: Provided are a key generation device and an in-vehicle computer which is installed in a vehicle. The key generation device includes a vehicle interface, a key generation unit that generates first and second keys, a cryptographic processing unit that encrypts the first key with an initial key to generate first encrypted data and encrypts the second key with the first key to generate second encrypted data, an expected value calculation unit that calculates an expected value of stored data using the second key, and a verification unit that verifies a received measured value on the basis of the expected value, and the key generation device transmits the first and second encrypted data to the vehicle. The in-vehicle computer includes an interface unit, a cryptographic processing unit that decrypts the received first encrypted data, and decrypts the received second encrypted data, and a measured value calculation unit.

Abstract: A communication network system, in which a transmission node for transmitting a message is connected to a reception node for receiving the message, is configured to periodically transmit a count-value notification message to notify a count value, which is used to generate and check a message authentication code for the message, to the transmission node and the reception node.

Abstract: A reuse system includes: a key generation device; an in-vehicle computer that is detached from a first vehicle and is installed in a second vehicle; and a data security device that is installed in the second vehicle. The key generation device includes a vehicle interface, and a key generation unit that generates a first key that is the same as a key stored in the in-vehicle computer from a time when being installed in the first vehicle by using an in-vehicle computer identifier, and a master key that is common to the first and second vehicles, and transmits the first key to the second vehicle. The data security device includes a first interface unit, and a first cryptographic processing unit that encrypts first data, which is applied to the in-vehicle computer, with the first key to generate encrypted first data, and transmits the encrypted first data to the in-vehicle computer.

Abstract: A software distribution processing device stores a common key for each ECU and a verification key for an electronic signature of software updating data, verifies an electronic signature of the updating data received from management server equipment by use of the verification key, attaches an electronic signature using the common key for each ECU to the updating data succeeded in verification of the electronic signature, and then transmits to each ECU the updating data attached with the electronic signature using the common key for each ECU.

Abstract: A data provision system includes a data provision device and a data security device installed in a vehicle. The data provision device includes a vehicle interface configured to transmit data to and receive data from the vehicle and an expected value calculation unit configured to calculate an expected value of application data to be applied to an in-vehicle computer installed in the vehicle. The application data and the expected value are transmitted to the vehicle through the vehicle interface. The data security device includes an interface unit configured to transmit data to and receive data from a device outside the data security device and a measurement unit configured to calculate a measurement value of the application data received from the data provision device through the interface unit and verify the measurement value on the basis of the expected value received from the data provision device through the interface unit.

Abstract: In a secure hardware extension (SHE)-B, an initial key is set to a KEY_N key usable in a verification process and a generation process for a message authentication code. In an SHE-A, a master key is set to a KEY_N key usable in the verification process and the generation process for the message authentication code, the master key being used together with an identifier of an authenticated electronic control unit (ECU) for generating the message authentication code to be used as the initial key. A central processing unit (CPU) causes the message authentication code for the identifier of the authenticated ECU to be generated using the master key through the SHE-A and executes a process of authenticating validity of the authenticated ECU by using the generated message authentication code.

Abstract: A system includes a certification authority and a vehicle-mounted computer mounted in a vehicle. The certification authority includes a certification authority key storage that stores a certification authority public key certificate and a certification authority private key, a first communicator that receives an issuance request that is configured to request issuance of a vehicle-mounted computer public key certificate, and a vehicle-mounted computer public key certificate issuer that is configured to apply a signature to the vehicle-mounted computer public key included in the issuance request with the certification authority private key and issue the vehicle-mounted computer public key certificate. The first communicator is configured to transmit the vehicle-mounted computer public key certificate to the vehicle-mounted computer that is a transmission source of the issuance request. The vehicle-mounted computer includes a vehicle-mounted computer key generator and a public key certificate acquirer.

Abstract: A data provision system includes a data provision device and a data security device installed in a vehicle. The data provision device includes a vehicle interface configured to transmit data to and receive data from the vehicle and an expected value calculation unit configured to calculate an expected value of application data to be applied to an in-vehicle computer installed in the vehicle. The application data and the expected value are transmitted to the vehicle through the vehicle interface. The data security device includes an interface unit configured to transmit data to and receive data from a device outside the data security device and a measurement unit configured to calculate a measurement value of the application data received from the data provision device through the interface unit and verify the measurement value on the basis of the expected value received from the data provision device through the interface unit.

Abstract: A data provision system includes a data provision device and a data security device installed in a vehicle. The data provision device includes a vehicle interface configured to transmit data to and receive data from the vehicle; and an cryptographic processing unit configured to generate an electronic signature of application data to be applied to an in-vehicle computer installed in the vehicle by using a secret key of the data provision device, wherein application data with the electronic signature, which is obtained by attaching the electronic signature to the application data, is transmitted to the vehicle through the vehicle interface. The data security device includes an interface unit configured to transmit data to and receive data from a device outside the data security device; and an cryptographic processing unit configured to verify the electronic signature of the application data with the electronic signature received from the data provision device.

Abstract: A reuse system includes: a key generation device; an in-vehicle computer that is detached from a first vehicle and is installed in a second vehicle; and a data security device that is installed in the second vehicle. The key generation device includes a vehicle interface, and a key generation unit that generates a first key that is the same as a key stored in the in-vehicle computer from a time when being installed in the first vehicle by using an in-vehicle computer identifier, and a master key that is common to the first and second vehicles, and transmits the first key to the second vehicle. The data security device includes a first interface unit, and a first cryptographic processing unit that encrypts first data, which is applied to the in-vehicle computer, with the first key to generate encrypted first data, and transmits the encrypted first data to the in-vehicle computer.

Abstract: A communication system is provided that allows communication between a vehicle and a server device. This communication system includes: the server device; a first arithmetic processing device installed in the vehicle; and a second arithmetic processing device that is a secure element and is installed in the vehicle. The second arithmetic processing device includes: a vehicle key storage unit that stores a first key and a second key; a vehicle authentication processing unit that performs authentication with the server device using the first key; and a vehicle key transmission/reception unit that transmits or receives a third key to or from the server device by encryption communication which uses the second key. The first arithmetic processing device includes a vehicle communication unit that performs encryption communication with the server device using the third key.

Abstract: An in-vehicle computer generates a message authentication code about its own log using its own signature key and thereby transmits a log annotated with its message authentication code to a vehicle information collection device. The vehicle information collection device generates the signature key of the in-vehicle computer, verifies the message authentication code, which is included in the log annotated with its message authentication code received from the in-vehicle computer, using generated signature key, and thereby stores the log relating to the successfully verified message authentication code on storage media.

Abstract: Provided are a key generation device and an in-vehicle computer which is installed in a vehicle. The key generation device includes a vehicle interface, a key generation unit that generates first and second keys, an cryptographic processing unit that encrypts the first key with an initial key to generate first encrypted data and encrypts the second key with the first key to generate second encrypted data, an expected value calculation unit that calculates an expected value of stored data using the second key, and a verification unit that verifies a received measured value on the basis of the expected value, and the key generation device transmits the first and second encrypted data to the vehicle. The in-vehicle computer includes an interface unit, an cryptographic processing unit that decrypts the received first encrypted data, and decrypts the received second encrypted data, and a measured value calculation unit.

Abstract: A communication network system, in which a transmission node for transmitting a message is connected to a reception node for receiving the message, is configured to periodically transmit a count-value notification message to notify a count value, which is used to generate and check a message authentication code for the message, to the transmission node and the reception node.

Abstract: In a secure hardware extension (SHE)-B, an initial key is set to a KEY_N key usable in a verification process and a generation process for a message authentication code. In an SHE-A, a master key is set to a KEY_N key usable in the verification process and the generation process for the message authentication code, the master key being used together with an identifier of an authenticated electronic control unit (ECU) for generating the message authentication code to be used as the initial key. A central processing unit (CPU) causes the message authentication code for the identifier of the authenticated ECU to be generated using the master key through the SHE-A and executes a process of authenticating validity of the authenticated ECU by using the generated message authentication code.

Abstract: A software distribution processing device stores a common key for each ECU and a verification key for an electronic signature of software updating data, verifies an electronic signature of the updating data received from management server equipment by use of the verification key, attaches an electronic signature using the common key for each ECU to the updating data succeeded in verification of the electronic signature, and then transmits to each ECU the updating data attached with the electronic signature using the common key for each ECU.

Abstract: A computer system, method, and computer program product for mitigating TOCTOU attacks, which includes: as processor requesting measurements representing operation of a first process on a host that is untrusted and based on the requesting, obtaining the measurements, which include a checksum that is a result of a second process executing checksum code to verify at least one last branch record on the host. A processor also determined, based on the measurements, whether the first process was compromised.