Abstract: A vehicle security system includes a terminal device, a server device, and a vehicle. The terminal device includes a token acquisition unit and a terminal communication unit configured to transmit the token, terminal identification information, and vehicle identification information to the server device. The server device includes a server communication unit, a server determination unit configured to determine that authentication has succeeded, and a server storage unit configured to store the terminal identification information and the vehicle identification information received from an authenticated terminal device in association. The server communication unit transmits the token and the terminal identification information to the vehicle of the vehicle identification information.

Abstract: A maintenance system includes a server device, a terminal device, and an in-vehicle device installed in a vehicle. The server device includes a worker authentication information reception unit configured to receive worker authentication information from the terminal device, a server authentication processing unit configured to perform an authentication process on the worker authentication information, and a server key transmission unit configured to transmit a first key to be used with the in-vehicle device to the terminal device whose worker authentication information has been successfully authenticated by the server authentication processing unit.

Abstract: An in-vehicle computer generates a message authentication code about its own log using its own signature key and thereby transmits a log annotated with its message authentication code to a vehicle information collection device. The vehicle information collection device generates the signature key of the in-vehicle computer, verifies the message authentication code, which is included in the log annotated with its message authentication code received from the in-vehicle computer, using generated signature key, and thereby stores the log relating to the successfully verified message authentication code on storage media.

Abstract: A data provision system includes a data provision device and a data security device installed in a vehicle. The data provision device includes a vehicle interface configured to transmit data to and receive data from the vehicle; and an cryptographic processing unit configured to generate an electronic signature of application data to be applied to an in-vehicle computer installed in the vehicle by using a secret key of the data provision device, wherein application data with the electronic signature, which is obtained by attaching the electronic signature to the application data, is transmitted to the vehicle through the vehicle interface. The data security device includes an interface unit configured to transmit data to and receive data from a device outside the data security device; and an cryptographic processing unit configured to verify the electronic signature of the application data with the electronic signature received from the data provision device.

Abstract: A communication system is provided that allows communication between a vehicle and a server device. This communication system includes: the server device; a first arithmetic processing device installed in the vehicle; and a second arithmetic processing device that is a secure element and is installed in the vehicle. The second arithmetic processing device includes: a vehicle key storage unit that stores a first key and a second key; a vehicle authentication processing unit that performs authentication with the server device using the first key; and a vehicle key transmission/reception unit that transmits or receives a third key to or from the server device by encryption communication which uses the second key. The first arithmetic processing device includes a vehicle communication unit that performs encryption communication with the server device using the third key.

Abstract: Provided are a key generation device and an in-vehicle computer which is installed in a vehicle. The key generation device includes a vehicle interface, a key generation unit that generates first and second keys, a cryptographic processing unit that encrypts the first key with an initial key to generate first encrypted data and encrypts the second key with the first key to generate second encrypted data, an expected value calculation unit that calculates an expected value of stored data using the second key, and a verification unit that verifies a received measured value on the basis of the expected value, and the key generation device transmits the first and second encrypted data to the vehicle. The in-vehicle computer includes an interface unit, a cryptographic processing unit that decrypts the received first encrypted data, and decrypts the received second encrypted data, and a measured value calculation unit.

Abstract: A management device installed in a vehicle includes a master key storing part configured to share the master key that is used to generate an initial key held by an ECU together with an identifier of the ECU; a communication part configured to communicate with the ECU; a key generation part configured to generate the initial key of the ECU by use of the master key stored on the master key storing part and the identifier of the ECU received from the ECU via the communication part; and an initial key storing part configured to store the initial key of the ECU that is generated by the key generation part in connection with the identifier of the ECU.

Abstract: A communication network system, in which a transmission node for transmitting a message is connected to a reception node for receiving the message, is configured to periodically transmit a count-value notification message to notify a count value, which is used to generate and check a message authentication code for the message, to the transmission node and the reception node.

Abstract: A reuse system includes: a key generation device; an in-vehicle computer that is detached from a first vehicle and is installed in a second vehicle; and a data security device that is installed in the second vehicle. The key generation device includes a vehicle interface, and a key generation unit that generates a first key that is the same as a key stored in the in-vehicle computer from a time when being installed in the first vehicle by using an in-vehicle computer identifier, and a master key that is common to the first and second vehicles, and transmits the first key to the second vehicle. The data security device includes a first interface unit, and a first cryptographic processing unit that encrypts first data, which is applied to the in-vehicle computer, with the first key to generate encrypted first data, and transmits the encrypted first data to the in-vehicle computer.

Abstract: An information distributing device includes a provision information transmitting unit configured to transmit provision information to be provided to a user of a terminal device to the terminal device. The terminal device includes a vehicle interface configured to communicate with a vehicle, a vehicle information acquiring unit configured to acquire parking state information indicating whether or not the vehicle has parked through the vehicle interface, and a provision control unit configured to control whether or not the provision information is to be displayed on a display screen of the terminal device on the basis of the parking state information.

Abstract: A data provision system includes a data provision device and a data security device installed in a vehicle. The data provision device includes a vehicle interface configured to transmit data to and receive data from the vehicle and an expected value calculation unit configured to calculate an expected value of application data to be applied to an in-vehicle computer installed in the vehicle. The application data and the expected value are transmitted to the vehicle through the vehicle interface. The data security device includes an interface unit configured to transmit data to and receive data from a device outside the data security device and a measurement unit configured to calculate a measurement value of the application data received from the data provision device through the interface unit and verify the measurement value on the basis of the expected value received from the data provision device through the interface unit.

Abstract: An onboard computer system includes a first onboard computer configured to store a first public key certificate of a data delivering apparatus, a second onboard computer, and a secure element configured to store a second public key certificate relative to a second secret key used to generate the first public key certificate. The secure element verifies the first public key certificate by use of the second public key certificate. The first onboard computer includes an encryption processor configured to verify a first electronic signature attached to data delivered from the data delivering apparatus by use of the first public key certificate which is successfully verified by the secure element. The data attached with the first electronic signature, which is successfully verified by the encryption processor, is applied to the first onboard computer or the second onboard computer.

Abstract: A communication system is provided, including a plurality of terminal devices and a root certification authority. Each of the plurality of terminal devices includes a certification authority key generation unit, a certification authority public key certificate acquisition unit that acquires a certification authority public key certificate, a certification authority key storage unit, a transmission unit, and a verification unit that verifies the certification authority public key certificate with a root certification authority public key certificate, and verifies a user in a case where the verification succeeds. The root certification authority includes a root certification authority key storage unit, a communication unit, and a certification authority public key certificate generation unit that generates the certification authority public key certificate by encrypting the certification authority public key with the root certification authority secret key.

Abstract: A maintenance system includes a server device, a terminal device, and an in-vehicle device installed in a vehicle. The server device includes a worker authentication information reception unit configured to receive worker authentication information from the terminal device, a server authentication processing unit configured to perform an authentication process on the worker authentication information, and a server key transmission unit configured to transmit a first key to be used with the in-vehicle device to the terminal device whose worker authentication information has been successfully authenticated by the server authentication processing unit.

Abstract: In a secure hardware extension (SHE)-B, an initial key is set to a KEY_N key usable in a verification process and a generation process for a message authentication code. In an SHE-A, a master key is set to a KEY_N key usable in the verification process and the generation process for the message authentication code, the master key being used together with an identifier of an authenticated electronic control unit (ECU) for generating the message authentication code to be used as the initial key. A central processing unit (CPU) causes the message authentication code for the identifier of the authenticated ECU to be generated using the master key through the SHE-A and executes a process of authenticating validity of the authenticated ECU by using the generated message authentication code.

Abstract: A vehicle security system includes a terminal device, a server device, and a vehicle. The terminal device includes a token acquisition unit and a terminal communication unit configured to transmit the token, terminal identification information, and vehicle identification information to the server device. The server device includes a server communication unit, a server determination unit configured to determine that authentication has succeeded, and a server storage unit configured to store the terminal identification information and the vehicle identification information received from an authenticated terminal device in association. The server communication unit transmits the token and the terminal identification information to the vehicle of the vehicle identification information.

Abstract: In a communication network system connected between a transmission node and a reception node, both the transmission node and the reception node store the same secret information with their secret information storage units. The transmission node includes a counter configured to increase its transmission count value by 1 for transmitting each message, wherein a MAC generator generates MAC based on secret information, transmission data, and its transmission count value, thus transmitting a message including transmission data and MAC. The reception node includes a counter configured to increase a reception count value by 1 for receiving each message, wherein a MAC checking part generates MAC based on secret information, reception data, and its reception count value, obtained from the received message, thus checking whether the generated MAC matches the MAC obtained from the received message.

Abstract: A system includes a certification authority and a vehicle-mounted computer mounted in a vehicle. The certification authority includes a certification authority key storage that stores a certification authority public key certificate and a certification authority private key, a first communicator that receives an issuance request that is configured to request issuance of a vehicle-mounted computer public key certificate, and a vehicle-mounted computer public key certificate issuer that is configured to apply a signature to the vehicle-mounted computer public key included in the issuance request with the certification authority private key and issue the vehicle-mounted computer public key certificate. The first communicator is configured to transmit the vehicle-mounted computer public key certificate to the vehicle-mounted computer that is a transmission source of the issuance request. The vehicle-mounted computer includes a vehicle-mounted computer key generator and a public key certificate acquirer.

Abstract: A management device installed in an automobile includes an initially-delivered key storage unit for storing a plurality of initially-delivered keys corresponding to candidates of initially-delivered keys held by an ECU, a communication part for communicating with the ECU, a verification part for verifying encrypted data from the ECU with the initially-delivered key of the initially-delivered key storage unit, and a wireless communication part for receiving a new initially-delivered key held by a new ECU newly installed in the automobile from management server equipment through a wireless communication network. The initially-delivered key storage unit stores the new initially-delivered key received with the wireless communication part.

Abstract: A communication device includes: a first subscriber identification unit that stores first subscriber identification unit identification information associated with user identification information; and a communication unit that communicates with another communication device, the other communication device including a second subscriber identification unit that stores second subscriber identification unit identification information associated with user identification information.