Abstract: An on-vehicle gateway device connected to an information system network and a control system network of a vehicle executes monitoring the status of an information system via an information system access circuit taking charge of message transmission and reception to and from the information system network, and an information system management step to manage information acquired by the information system monitoring, monitoring the status of a control system via a control system access circuit taking charge of message transmission and reception to and from the control system network, and a control system management step to manage information acquired by the control system monitoring, managing policies for access control by the access control circuit controlling data flows between the information system access circuit and the control system access circuit, and determining whether or not to update the policies managed by policy management and to update the policies.

Abstract: There is a need to reduce the certificate verification time in a communication system. A communication system (10) includes a certificate authority (100) for performing authentication, a roadside device (110), a vehicle-mounted terminal (120), a first server (130), and a second server (140). The vehicle-mounted terminal transmits its own position information to the first server. The certificate authority acquires information about a vehicle-mounted terminal highly likely to appear according to place and time from the first server. The certificate authority allows the second server to verify validity of a certificate for a vehicle-mounted terminal acquired from the first server. The certificate authority generates a first list of vehicle-mounted terminals having valid certificates and a second list of vehicle-mounted terminals having invalid certificates according to place and time based on a verification result.

Abstract: A terminal to be connected to a network has: a data acquisition unit for acquiring first data from the network; an extraction unit for extracting second data regarding a physical quantity in accordance with the first data; a random number generation unit for generating a random number in accordance with the second data; and an enciphering unit for enciphering the first data in accordance with the random number. The terminal has further a counter unit for counting the number of the first data, wherein the random number generation unit generates a random number in accordance with the second data or a value counted by the counter unit.

Abstract: An authentication method is provided which is capable of performing message authentication within an allowable time regardless of the magnitude of the number of messages and performing message authentication high in accuracy within a range for which the allowable time allows. Upon transmission by wireless communications with another mobile or a fixed station, a message authentication code of communication data and a digital signature are generated (S200 and S300). The generated message authentication cod and digital signature are transmitted with being added to the communication data. Upon reception, whether authentication should be done using either one of the message authentication code and the digital signature included in received information is determined according to its own state for the authentication (S400 and S500). This state includes, for example, a load state of a central processing unit or the like that performs an authentication process.

Abstract: An on-vehicle gateway device connected to an information system network and a control system network of a vehicle executes monitoring the status of an information system via an information system access circuit taking charge of message transmission and reception to and from the information system network, and an information system management step to manage information acquired by the information system monitoring, monitoring the status of a control system via a control system access circuit taking charge of message transmission and reception to and from the control system network, and a control system management step to manage information acquired by the control system monitoring, managing policies for access control by the access control circuit controlling data flows between the information system access circuit and the control system access circuit, and determining whether or not to update the policies managed by policy management and to update the policies.

Abstract: In an indoor positioning system, for establishment of a cost sharing system, the positioning information transmission device does not directly transmit positional information but performs concealment and variablization on the device ID and transmits the concealed and variablized device ID. The positioning information management server stores and manages correspondence between the device IDs and positional information, and performs conversion from the device ID to the positional information in accordance with the correspondence. Further, the problem of conflict between concealed IDs upon concealment of positioning identification information by the positioning information transmission devices, which occurs when all the positioning information transmission devices use the same secret key, can be prevented. The system can be operated even when the bit length of the device ID is short.

Abstract: An on-vehicle gateway device connected to an information system network and a control system network of a vehicle executes monitoring the status of an information system via an information system access circuit taking charge of message transmission and reception to and from the information system network, and an information system management step to manage information acquired by the information system monitoring, monitoring the status of a control system via a control system access circuit taking charge of message transmission and reception to and from the control system network, and a control system management step to manage information acquired by the control system monitoring, managing policies for access control by the access control circuit controlling data flows between the information system access circuit and the control system access circuit, and determining whether or not to update the policies managed by policy management and to update the policies.

Abstract: In an indoor positioning system, for establishment of a cost sharing system, the positioning information transmission device does not directly transmit positional information but performs concealment and variablization on the device ID and transmits the concealed and variablized device ID. The positioning information management server stores and manages correspondence between the device IDs and positional information, and performs conversion from the device ID to the positional information in accordance with the correspondence. Further, the problem of conflict between concealed IDs upon concealment of positioning identification information by the positioning information transmission devices, which occurs when all the positioning information transmission devices use the same secret key, can be prevented. The system can be operated even when the bit length of the device ID is short.

Abstract: On ad hoc networks in which connection relationships among communication terminals constantly change, the processing load increases when authentication is performed each time a connection relationship changes. According to this invention, when communication terminals possess the same common key, mutual authentication is conducted with that common key, and when communication terminals do not possess the same common key, mutual authentication is conducted with a public key. Communication terminals that conducted mutual authentication exchange and retain a common key that they selected and common keys received from other communication terminals. When neither communication terminal possesses a common key at authentication, one terminal creates a common key and distributes it to the other terminal, and when one terminal has a common key it creates that common key and distributes it to the other terminal.

Abstract: The present invention relates to a common key sharing method in an ad hoc network constituted by wireless communication terminals implemented with relay functions thereon, comprising a common key generating step in which a first wireless communication terminal responsible for relaying generates a common key, a common key distributing step in which the first wireless communication terminal responsible for relaying distributes the common key to a second wireless communication terminal within a wireless communication area, and a transferring step in which the second wireless communication terminal which received the common key holds the common key, and the second wireless communication terminal transfers the common key to a third wireless communication terminal within a wireless communication area, when the second wireless communication terminal is responsible for relaying. Accordingly, it is possible to share a common encryption key within the ad hoc network.

Abstract: An on-vehicle gateway device connected to an information system network and a control system network of a vehicle executes monitoring the status of an information system via an information system access circuit taking charge of message transmission and reception to and from the information system network, and an information system management step to manage information acquired by the information system monitoring, monitoring the status of a control system via a control system access circuit taking charge of message transmission and reception to and from the control system network, and a control system management step to manage information acquired by the control system monitoring, managing policies for access control by the access control circuit controlling data flows between the information system access circuit and the control system access circuit, and determining whether or not to update the policies managed by policy management and to update the policies.

Abstract: A terminal to be connected to a network has: a data acquisition unit for acquiring first data from the network; an extraction unit for extracting second data regarding a physical quantity in accordance with the first data; a random number generation unit for generating a random number in accordance with the second data; and an enciphering unit for enciphering the first data in accordance with the random number. The terminal has further a counter unit for counting the number of the first data, wherein the random number generation unit generates a random number in accordance with the second data or a value counted by the counter unit.

Abstract: On ad hoc networks in which connection relationships among communication terminals constantly change, the processing load increases when authentication is performed each time a connection relationship changes. According to this invention, when communication terminals possess the same common key, mutual authentication is conducted with that common key, and when communication terminals do not possess the same common key, mutual authentication is conducted with a public key. Communication terminals that conducted mutual authentication exchange and retain a common key that they selected and common keys received from other communication terminals. When neither communication terminal possesses a common key at authentication, one terminal creates a common key and distributes it to the other terminal, and when one terminal has a common key it creates that common key and distributes it to the other terminal.

Abstract: The present invention relates to a common key sharing method in an ad hoc network constituted by wireless communication terminals implemented with relay functions thereon, comprising a common key generating step in which a first wireless communication terminal responsible for relaying generates a common key, a common key distributing step in which the first wireless communication terminal responsible for relaying distributes the common key to a second wireless communication terminal within a wireless communication area, and a transferring step in which the second wireless communication terminal which received the common key holds the common key, and the second wireless communication terminal transfers the common key to a third wireless communication terminal within a wireless communication area, when the second wireless communication terminal is responsible for relaying. Accordingly, it is possible to share a common encryption key within the ad hoc network.