Abstract: A gateway connected to a bus, a bus, and the like used by a plurality of electronic control units for communication includes a frame communication unit that receives a frame, a transfer control unit that removes verification information used to verify a frame from the content of the frame received by the frame communication unit and transfers the frame to a destination bus or that adds verification information to the content of the frame and transfers the frame to the destination bus, and the like.

Abstract: An anomaly detection electronic controller performs anomaly detection processing and is connected to a bus, which a plurality of electronic controllers use for communication to communicate following a Controller Area Network (CAN) protocol. The anomaly detection electronic controller includes an anomaly detection processor that performs anomaly detection processing regarding a data frame. The anomaly detection controller also includes an anomaly detection processing requester that decides an anomaly detection processing timing in accordance with a state of a vehicle in which the bus is installed when receiving the data frame, the anomaly detection processing timing being a reception timing of one or multiple fields in the data frame. The anomaly detection processor further performs the anomaly detection processing regarding the data frame at the anomaly detection processing timing decided by the anomaly detection processing requester.

Abstract: A method for use in a network communication system including a plurality of electronic controllers that communicate with each other via a bus in accordance with a Controller Area Network (CAN) protocol determines whether or not content of a predetermined field in a frame which has started to be transmitted meets a predetermined condition indicating fraud. In a case where the content of the predetermined field meets the predetermined condition, an error frame is transmitted before an end of the frame is transmitted. A number of times the error frame is transmitted is recorded for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted. A malicious electronic controller is determined in accordance with the number of times recorded for each ID.

Abstract: A first controller generates a first group key, executes first mutual authentication with devices within a group, and shares the first group key with the devices that have succeeded in first mutual authentication. When a second controller joins the group, the first controller decides a coordinator that manages a group key used in common in the group. The first controller executes second mutual authentication with the coordinator, and shares the first group key with the coordinator when the second mutual authentication is successful. The coordinator performs encrypted communication within the group using the first group key, generates a second group key when valid time of the first group key is equal to or smaller than a predetermined value, executes third mutual authentication with the devices and a third controller, and updates the first group key of the devices and the third controller that have succeeded in the third authentication.

Abstract: A vehicle monitoring apparatus includes: a first communicator that receives specifying information for specifying a target vehicle from a server; and an acquirer that acquires driving information from the target vehicle, the driving information being information regarding driving of the target vehicle specified by the specifying information received by the first communicator. The first communicator transmits the driving information acquired by the acquirer to the server. For example, the acquirer may acquire the driving information obtained from the target vehicle through communication.

Abstract: In a fraud-detection method for use in an in-vehicle network system including a plurality of electronic control units (ECUs) that exchange messages on a plurality of networks, a plurality of fraud-detection ECUs each connected to a different one of the networks, and a gateway device, a fraud-detection ECU determines whether a message transmitted on a network connected to the fraud-detection ECU is malicious by using rule information stored in a memory. The gateway device receives updated rule information transmitted to a first network among the networks, selects a second network different from the first network, and transfers the updated rule information only to the second network. A fraud-detection ECU connected to the second network acquires the updated rule information and updates the rule information stored therein by using the updated rule information.

Abstract: A gateway that notifies a fraud detection server located outside a vehicle of information about an in-vehicle network system including an in-vehicle network includes: a priority determiner that determines a priority using at least one of: a state of the vehicle including the in-vehicle network system; an identifier of a message communicated on the in-vehicle network; and a result of fraud detection performed on the message; a frame transmitter-receiver that transmits and receives the message communicated on the in-vehicle network; a frame interpreter that extracts information about the in-vehicle network based on the message received by the frame transmitter-receiver; and a frame uploader that notifies the fraud detection server of notification information including the priority and the information about the in-vehicle network.

Abstract: An authentication method for a group of devices connected to a network includes selecting the first controller as a coordinator, the coordinator being configured to manage a group key to be used in common in the group. The method includes generating the group key, and performing first mutual authentication and second mutual authentication. The method also includes sharing the group key with each device for which the first mutual authentication has been successful, and sharing the group key with each second controller for which the second mutual authentication has been successful. The method further includes encrypting transmission data by using the group key to generate encrypted data, generating, authentication data by using the group key, and simultaneously broadcasting a message to each device for which the first mutual authentication has been successful and each second controller for which the second mutual authentication has been successful.

Abstract: A fraud detection method for use in an in-vehicle network system including a plurality of electronic control units that communicate with one another via an in-vehicle network is provided. The method includes receiving at least one data frame sent to the in-vehicle network, verifying a specific identifier in the received data frame only when the received data frame is event-driven data and a state of a vehicle having the in-vehicle network system mounted therein is a predetermined state, detecting the received data frame as an authenticated data frame when the verifying is successful, and detecting the received data frame as a fraudulent data frame when the verifying fails. The predetermined state of the vehicle is the vehicle traveling.

Abstract: A method for use in a network communication system including a plurality of electronic controllers that communicate with each other via a bus in accordance with a Controller Area Network (CAN) protocol includes determining whether or not content of a predetermined field in a transmitted frame meets a predetermined condition indicating fraud, transmitting an error frame before an end of the frame is transmitted in a case where it is determined that the frame meets the predetermined condition, recording a number of times the error frame is transmitted, for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted, and providing a notification in a case where the number of times recorded for an ID exceeds a predetermined count.

Abstract: An information providing method and apparatus a) transmits a request via a network, for recommended driving information for a first user to be received and displayed on a display of the first user, b) receives from the network driving data from a plurality of vehicles about how a plurality of users drive their vehicles including the first user, c) extracts a similar user from among the plurality of users who drives a vehicle with a predetermined similarity to how the first user drives a vehicle, and determines recommended driving information of the similar user from the similar user's driving history, d) transmits over the network to the first user the recommended driving information of the similar user, and e) displays on a display of the first user the recommended driving information of the similar user.

Abstract: A first controller generates a first group key, executes first mutual authentication with devices within a group, and shares a first group key with devices that have succeeded in authentication. At least one controller within the group decides a coordinator that manages a group key used in common in the group, from controllers including a second controller newly joined in the group. The first controller executes second mutual authentication with the coordinator, and shares the first group key with the coordinator. The coordinator performs encrypted communication within the group using the first group key. The coordinator generates a second group key when valid time of the first group key is equal to or smaller than a predetermined value, executes third mutual authentication with the devices and controllers within the group, and updates the group key of the devices and controllers that have succeeded in authentication to the second group key.

Abstract: In a fraud-detection method for use in an in-vehicle network system including a plurality of electronic control units (ECUs) that exchange messages on a plurality of buses, a plurality of fraud-detection ECUs each connected to a different one of the buses, and a gateway device, a fraud-detection ECU determines whether a message transmitted on a bus connected to the fraud-detection ECU is malicious by using rule information stored in a memory. The fraud-detection ECU transmits an error message including a message identifier of a message determined to be malicious. The gateway device receives updated rule information transmitted to a first bus among the buses, selects a second bus different from the first bus, and transfers the updated rule information only to the second bus. A fraud-detection ECU connected to the second bus acquires the updated rule information and updates the rule information stored therein by using the updated rule information.

Abstract: A method for a fraud detecting controller connected to networks for communication by a plurality of controllers, includes, storing fraud detection rules, determining whether a message transmitted on the network connected to the fraud detecting controller conforms to the rules, receiving data including updated fraud detection rules and network type information indicating one network type to which the updated fraud detection rules are to be applied; and determining whether a vehicle having an on-board network is running, the on-board network including the plurality of controllers. When the vehicle is running, additionally determining whether the network type information indicates a drive network which is connected to a controller related to vehicle travel, when the network type information indicates the drive network, not updating to the updated fraud detection rules, and when the network type information does not indicate the drive network, updating to the updated fraud detection rules.

Abstract: A first device, upon detecting participation in an authentication system, transmits new and old identification information of a first certificate revocation list that the first device manages to a second device. In a case where the new and old identification information of a second certificate revocation list that the second device manages is older than the new and old identification information of the received first certificate revocation list, the second device transmits a transmission request for the first certificate revocation list to the first device. Upon receiving the transmission request for the first certificate revocation list from the second device, the first device transmits the first certificate revocation list to the second device. the second device updates the second certificate revocation list using the received first certificate revocation list.

Abstract: Provided is a control method including: receiving, from first power equipment, first transaction data including, for example, transmitted power amount information indicating the amount of power transmitted to power accumulation equipment; obtaining, from the power accumulation equipment, received power information including, for example, received power amount information indicating the amount of power received from the first power equipment; verifying the first transaction data by referring to the received power information; executing a first consensus algorithm with second servers when the first transaction data is verified successfully; and recording a block including the first transaction data in a distributed ledger of a first server when the validity of the first transaction data is verified through the first consensus algorithm.

Abstract: At least one controller in a group selects a coordinator that manages a group key to be used in common in the group from among controllers in the group in accordance with an attribute of the controllers. The selected coordinator generates a group key, performs mutual authentication with devices and the controllers in the group, and shares the generated group key with devices and controllers that have been successfully authenticated. The coordinator then generates encrypted data and authentication data by using the group key and simultaneously broadcasts a message including the encrypted data and the authentication data.

Abstract: An anomaly handling method using a roadside device is disclosed. The method includes receiving, from a vehicle, an anomaly detection notification, which includes level information indicating a level affecting safety, and a location of the vehicle. The method also includes obtaining a location of the roadside device and determining whether a distance between the location of the vehicle and the location of the roadside device is within a predetermined range. When the distance is within the predetermined range and shorter than a first predetermined distance, transmitting the received anomaly detection notification externally from the roadside device. When the distance is within the predetermined range and is longer than or equal to the first predetermined distance, changing to decrement a level indicated by the level information, and transmitting changed anomaly detection notification. When the distance is not within the predetermined range, not transmitting the received anomaly detection notification.

Abstract: An anomaly detection electronic controller performs anomaly detection processing and is connected to a bus, which a plurality of electronic controllers use for communication to communicate following a Controller Area Network (CAN) protocol. The anomaly detection electronic controller includes an anomaly detection processor that performs anomaly detection processing regarding a data frame. The anomaly detection controller also includes an anomaly detection processing requester that decides an anomaly detection processing timing in accordance with a state of a vehicle in which the bus is installed when receiving the data frame, the anomaly detection processing timing being a reception timing of one or multiple fields in the data frame. The anomaly detection processor further performs the anomaly detection processing regarding the data frame at the anomaly detection processing timing decided by the anomaly detection processing requester.

Abstract: A program execution device capable of protecting a program against unauthorized analysis and alteration is provided. The program execution device includes an execution unit, a first protection unit, and a second protection unit. The execution unit executes a first program and a second program, and is connected with an external device that is capable of controlling the execution. The first protection unit disconnects the execution unit from the external device while the execution unit is executing the first program. The second protection unit protects the first program while the execution unit is executing the second program.