Abstract: Provided is a key management method to secure security in an onboard network system having multiple electronic control units storing a shared key. In the key management method of the onboard network system including multiple electronic units (ECUs) that perform communication by frames via a bus, a master ECU stores a shared key to be mutually shared with one or more ECUs. Each of the ECUs acquire a session key by communication with the master ECU based on the stored shared key, and after this acquisition, executes encryption processing regarding a frame transmitted or received via the bus, using this session key. In a case where a vehicle in which the onboard network system is installed is in a particular state, the master ECU executes inspection of a security state of the shared key stored by the ECU or the like.

Abstract: A gateway connected to a bus, a bus, and the like used by a plurality of electronic control units for communication includes a frame communication unit that receives a frame, a transfer control unit that removes verification information used to verify a frame from the content of the frame received by the frame communication unit and transfers the frame to a destination bus or that adds verification information to the content of the frame and transfers the frame to the destination bus, and the like.

Abstract: An electronic control apparatus includes: an obtaining unit configured to obtain data transmitted via a network in a system; and a judging unit configured to judge presence or absence of an anomaly in the data obtained by the obtaining unit, based on a transmission state of the data. The judging unit is configured to judge that an anomaly is present in the data, when the transmission state of the data is a transmission stopped state.

Abstract: The monitoring device includes a receiver and a processor. The receiver receives a frame from a communication network. The processor performs a first determination that determines whether the frame is illegal based on a result of message authentication for the frame and a second determination that determines whether the frame is illegal based on a state of the frame and a predetermined rule. In addition, the processor executes, in accordance with a combination of a result of the first determination and a result of the second determination, at least one of processing for the frame, processing for a transmission source device of the frame, change of contents to be notified to an external device, and change of priority of notification to the external device.

Abstract: A fraud detection electronic control unit is connected to an electronic control unit through an in-vehicle network system. The fraud detection electronic control unit includes a storage and a determination unit. The storage stores a first regulation for determining whether the frame transmitted from the electronic control unit is fraudulent. The determination unit determines whether the frame transmitted from the electronic control unit is fraudulent in pursuant to the first regulation. When a predetermined condition is satisfied, the storage acquires a second regulation retained by the electronic control unit and updates the stored first regulation.

Abstract: An information device includes a reader, and a data processor. The reader reads, from a removable medium, ticket data that is provided from a server upon successful authentication, and that includes information representing a content of data processing to be executable upon the successful authentication. The data processor executes the data processing represented in the ticket data.

Abstract: A master control device is communicatively coupled to a first slave control device and a second slave control device via a first network and a second network, respectively. The master control device provides output data to the first slave control device based on input data received from the second slave control device. A monitoring apparatus which monitors an operation of the master control device stores determination data indicating a correspondence relationship between the input data and the output data, obtains the input data provided to the second network by the second slave control device and the output data provided to the first slave control device via the first network, and determines a presence or an absence of an anomaly in the operation of the master control device by determining whether the input data and the output data correspond to the determination data.

Abstract: A frame transmission prevention apparatus connected to a network of a network system including a plurality of electronic control units communicating with one another via the network is provided. The apparatus includes a processor and a memory. The memory includes at least one set of instructions that causes the processor to perform processes when executed by the processor. The processes include receiving a first frame from the network and switching whether to perform a first process for preventing transmission of the first frame on the basis of management information indicating whether prevention of transmission of a frame is permitted if the first frame satisfies a first condition.

Abstract: A method for verifying content data to be used in a vehicle is provided. The method includes acquiring content data, acquiring, from partial data divided from the content data, a respective plurality of first hash values, acquiring a signature generated by using the first hash values and a key, acquiring state information that indicates a state of a vehicle, determining an integer N that is greater than or equal to one based on the acquired state information, generating, from N pieces of partial data included in the partial data, respective second hash values, verifying the content data by using each of (a) a subset of the plurality of first hash values respectively generated from partial data other than the N pieces of partial data, (b) the second hash values, and (c) the signature, and outputting information that indicates a result of the verifying.

Abstract: An electronic control unit is connected to an in-vehicle network bus in an in-vehicle network system. The electronic control unit includes a first control circuit and a second control circuit. The first control circuit is connected to the in-vehicle network bus via the second control circuit over wired communication and/or wireless communication. The first control circuit performs a first determination process on a frame to determine conformity of the frame with a first rule. The second control circuit performs a second determination process on the frame to determine conformity of the frame with a second rule, and, upon determining that the frame conforms to the second rule, transmits the frame to the in-vehicle network bus.

Abstract: An electronic control unit is connected to an in-vehicle network bus in an in-vehicle network system including a plurality of apparatuses that perform communication of frames via the bus. The electronic control unit includes a first control circuit and a second control circuit. The first control circuit is connected to the bus via the second control circuit over wired communication and/or wireless communication. The second control circuit performs a first determination process on a received frame received from the bus to determine the conformity with a first rule related to at least a reception interval, and, upon determining that the received frame conforms to the first rule, executes a predetermined process based on the content of the received frame. The first control circuit performs a second determination process on the received frame, received via the second control circuit, to determine the conformity with a second rule different from the first rule.

Abstract: A security apparatus is provided that is connected to a bus. The security apparatus includes a receiver that receives a first frame from the bus, a memory that stores an examination parameter defining a content of an examination on the first frame, and processing circuitry that performs operations. The performed operations include first determining whether a predetermined condition is satisfied for the first frame. The performed operations also include, in a case where the first determining determined that the predetermined condition is satisfied, updating the examination parameter stored in the memory. The performed operations further include second determining whether the first frame is an attack frame based on the updated examination parameter stored in the memory.

Abstract: A transmission device has a detector, a generator, and a transmitter. When the detector has detected that a communication rule of a message that has been broadcasted to a network by another transmission device coincides with a communication rule of a message that is broadcasted to the network by the present transmission device, the generator generates an abnormality notification message. Then, the transmitter broadcasts an abnormality notification message to the network.

Abstract: An information processing device includes: a first communication unit which transmits and receives communication data through a network connected to a first GW, a second GW, and at least one electronic control unit; a monitoring unit which determines whether the communication data is normal; and a notification unit which transmits, at least to the second GW, a notification that brings the network to a state in which one of a transfer function of the first GW and a transfer function of the second GW gateway is active and the other one of the transfer functions is inactive, when the monitoring unit does not determine that the communication data is normal.

Abstract: A communication unit receives a message in a network. A first anomaly detector detects an anomalous message by detecting values of a plurality of monitoring items from the message received by the communication unit and determining whether each of the detected values of the plurality of monitoring items is inside a corresponding first reference range and a corresponding second reference range. The second reference range is narrower than the first reference range. The first anomaly detector detects the message as the anomalous message, when any of the detected values is outside the first reference range, and detects the message as the anomalous message, when any of the detected values is inside the first reference range and is outside the second reference range and when a predetermined rule is satisfied.

Abstract: An information processing device is provided. A first communication unit transmits and receives communication data through a network. The network is connected to a first gateway, a second gateway, and at least one electronic control unit. A monitoring unit determines whether the communication data is normal. A notification unit transmits, at least to the second gateway, a notification that brings the network to a state in which one of a transfer function of the first gateway and a transfer function of the second gateway is active and the other one of the transfer functions is inactive, when the monitoring unit determines that the communication data is not normal.

Abstract: An unauthorized activity detection method is provided in an onboard network system having multiple electronic units (ECU) that perform communication via a bus, such that an occurrence of an unauthorized state can be detected by monitoring frames transmitted over the bus. The unauthorized activity detection method determines, by a monitoring electronic control unit using unauthorized activity detection rule information indicating a first condition, whether or not a set of frames received from the bus satisfies the first condition. The first condition being a condition regarding a relation in content between a first frame having a first identifier and a second frame having a second identifier that differs from the first identifier. And the method further detects the occurrence of the unauthorized state in a case where the first condition is not satisfied.

Abstract: An anomaly detection server is provided. The anomaly detection server is a server for counteracting an anomalous frame transmitted on an on-board network of a single vehicle. The anomaly detection server acquires information about multiple frames received on one or multiple on-board networks of one or multiple vehicles, including the single vehicle. The anomaly detection server, acting as an assessment unit that, based on the information about the multiple frames and information about a frame received on the on-board network of the single vehicle after the acquisition of the information about the multiple frames, assesses an anomaly level of the frame received on the on-board network of the single vehicle.

Abstract: A monitoring apparatus includes a storage unit, a reception unit, a collation information generation unit, and a response unit. The storage unit stores a criterion for determining normality of a frame transmitted from a first electronic device. The reception unit receives the frame from a bus network. The collation information generation unit generates, when the reception unit receives a frame of a first identifier (ID) transmitted from the first electronic device, collation information which is information for collation with the criterion stored in the storage unit, based on the frame. The response unit transmits, when the reception unit receives a frame of a second ID transmitted from the second electronic device, information which is based on the criterion stored in the storage unit and the collation information generated by the collation information generation unit and which enables a check whether the first electronic device is valid, to the second electronic device.

Abstract: A communication system includes a first electronic device, and a second electronic device that monitors a state of the first electronic device. The first electronic device includes a transmitter that transmits a first frame including a first verification value forming a Hash chain to a bus network. The second electronic device includes a storage unit that stores the first verification value included in the first frame received from the bus network. The transmitter transmits, after transmission of the first frame, a second frame including a second verification value forming the Hash chain to the bus network. The second electronic device further includes a determination unit that determines that the state of the first electronic device is normal when the second verification value included in the second frame received from the bus network and the first verification value stored in the storage unit construct the Hash chain.