Abstract: An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), via at least one bus includes: receiving a data frame transmitted on the bus; generating a first MAC by using a MAC key and a value of a counter that counts the number of times a data frame having added thereto a MAC is transmitted; in a case where the verification has failed, (i) generating as second MAC by using an old MAC key; (ii) re-verifying that the received data frame has added thereto the generated second MAC; transmitting, in a case where the re-verification has succeeded, via the bus a key-update frame indicating a request for updating the MAC key; and updating the MAC key in response to the transmission of the key-update frame.

Abstract: An authentication system according to the present disclosure includes a first controller connected to a first server via a first network, a second controller connected to a second server via a second network, and a device. The device compares a next issue date described in a first certificate revocation list acquired from the first controller and an issue date described in a second certificate revocation list acquired from the second controller thereby determining whether the first controller is invalid or not.

Abstract: A gateway device, connected to one or more buses used in communication by a plurality of ECUs on-board a vehicle, is provided with: a receiving unit that receives, from a server that acts as an external device external to the vehicle, firmware update information that includes updated firmware to be applied to one ECU from among the plurality of ECUs; and a control unit that determines, based on certain information about the ECU on which to apply the updated firmware, whether or not the ECU satisfies a certain condition, and if the certain condition is satisfied, causes the ECU to execute a certain process related to updating firmware, whereas if the certain condition is not satisfied, causes equipment other than the ECU to execute the certain process.

Abstract: A server holds correspondence information in which a device identifier of a device for which an authentication process is successful and area network information concerning an area network including a controller are associated with each other. In the case where the authentication process is successful, the device holds area network information concerning an area network including a controller for which authentication is successful. In response to a connection request from a new device, the server checks whether an identifier of the new device is registered in the correspondence information. If the identifier is registered, the server determines whether the area network information associated with the identifier matches the area network information held by the new device. If the pieces of information do not match, the server detects the new device as an unauthorized device.

Abstract: A data processing method for processing usage history data of at least one electrical device used by a user, including: obtaining first usage history data indicating a usage history of at least one electrical device used by the user; obtaining second usage history data indicating a fixed dummy usage history; generating third usage history data by combining the first usage history data and the second usage history data; and transmitting the third usage history data from a first apparatus to a second apparatus.

Abstract: A communication system, including: a NW management device which (i) forms a network together with an authenticated target device, and (ii) manages the network by delivering a session key for use in communication in the network to the authenticated target device; and a device authenticated by the NW management device, wherein the NW management device: determines whether or not to permit the device to be an alternative management device which manages the network in replace of the NW management device when communication is impossible in the network; shares, with the device, authentication information about the authenticated target device, when permitting the device to be the alternative management device; and the device shares the authentication information with the NW management device, and starts managing the network using the authentication information as the alternative management device when determining that the NW management device cannot communicate in the network.

Abstract: An update management method causes an external tool, capable of transmitting an update message to update data such as shared keys within electronic control units (ECUs) making up an onboard network, to update shared keys and the like within the ECUs, while reducing the risk of all ECUs being unauthorizedly rewritten in a case where secret information given to the external tool is leaked. The update management method receives and verifies update authority information indicating authority of the external tool. In a case that an update message instructing updating of shared keys or the like of one or multiple ECUs has been transmitted from the external tool, if the verification is successful and the update authority information indicates that the transmission of the update message is within the range of authority of the external tool, the update is executed at the ECU, and otherwise, update at the ECU is inhibited.

Abstract: At least one controller in a group selects a coordinator that manages a group key to be used in common in the group from among controllers in the group in accordance with an attribute of the controllers. The selected coordinator generates a group key, performs mutual authentication with devices and the controllers in the group, and shares the generated group key with devices and controllers that have been successfully authenticated. The coordinator then generates encrypted data and authentication data by using the group key and simultaneously broadcasts a message including the encrypted data and the authentication data.

Abstract: A controller and a first device perform mutual authentication, create a group key, and share the group key, and the first device is set as a reference device. Thereafter, at a group key update timing when the controller and the reference device update the group key to an updated group key, the controller and a second device, which is not the reference device, perform mutual authentication, and the updated group key is also shared by the second device. Further, encrypted data is generated by encrypting transmission data by using the group key, a MAC (Message Authentication Code) is generated from the transmission data, a header, a transmission source address, and a transmission destination address, and a message that includes the encrypted data, the header, the transmission source address, the transmission destination address, and the MAC is broadcast.

Abstract: A first controller generates a first group key, executes first mutual authentication with devices within a group, and shares a first group key with devices that have succeeded in authentication. At least one controller within the group decides a coordinator that manages a group key used in common in the group, from controllers including one or more controllers and a second controller newly joined in the group, in accordance with attributes of the controllers. The first controller executes second mutual authentication with the coordinator, and shares the first group key with the coordinator in a case where the authentication is successful. The coordinator performs encrypted communication within the group using the first group key.

Abstract: To aim provide a software update apparatus including an install module group composed of a plurality of install modules. Each of the install modules has a function of receiving, from an external server, a replacement protection control module to be used for updating a protection control module having a function of verifying whether a predetermined application has been tampered with. Each of the install modules simultaneously running is verified by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations. If any of the install modules is verified as having the possibility of performing the malicious operations, any another one of the install modules that is verified as not having the possibility revokes the any install module verified as having the possibility.

Abstract: A vehicle air conditioner includes a cooling heat exchanger arranged in a casing, a compressor control portion which controls a compressor such that a cooling temperature at the cooling heat exchanger approaches a target cooling temperature, and a dryness determination portion which determines whether an outer surface of the cooing heat exchanger is dry or not based on a humidity in the casing. A target temperature determination portion determines the target cooling temperature to be any one of target temperatures including a first target temperature that is lower than a dew-point temperature in the casing, when the dryness determination portion determines that the cooling heat exchanger is not dry. The target temperature determination portion determines the target cooling temperature to be any one of the target temperatures other than the first target temperature, when the dryness determination portion determines that the cooling heat exchanger is dry.

Abstract: In a fraud-detection method for use in an in-vehicle network system including a plurality of electronic control units (ECUs) that exchange messages on a plurality of buses, a plurality of fraud-detection ECUs each connected to a different one of the buses, and a gateway device, a fraud-detection ECU determines whether a message transmitted on a bus connected to the fraud-detection ECU is malicious by using rule information stored in a memory. The fraud-detection ECU transmits an error message including a message identifier of a message determined to be malicious. The gateway device receives updated rule information transmitted to a first bus among the buses, selects a second bus different from the first bus, and transfers the updated rule information only to the second bus. A fraud-detection ECU connected to the second bus acquires the updated rule information and updates the rule information stored therein by using the updated rule information.

Abstract: A method for use in a network communication system including a plurality of electronic controllers that communicate with each other via a bus in accordance with a Controller Area Network (CAN) protocol includes determining whether or not content of a predetermined field in a transmitted frame meets a predetermined condition indicating fraud, transmitting an error frame before an end of the frame is transmitted in a case where it is determined that the frame meets the predetermined condition, recording a number of times the error frame is transmitted, for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted, and providing a notification in a case where the number of times recorded for an ID exceeds a predetermined count.

Abstract: In an authentication method according to the present disclosure, (1) a device transmits device history information with a CRL added thereto (hereinafter, device history information with added CRL) to a controller, (2) the controller transmits the device history information with added CRL to a server, and (3) if the version of the CRL included in the device history information with added CRL is older than the version of the CRL stored on the server, the server judges that the controller is unauthorized.

Abstract: An information providing apparatus includes: an inputter that obtains log information and personal information corresponding thereto; a tentative ID giver that gives each tentative ID to the personal information at each predetermined timing; a first storage that stores correspondence-relationship information indicating a correspondence relationship between the personal information and the each tentative ID; a receiver that receives a request for outputting information including a requested tentative ID identified by a current tentative ID given and the one past timing when the requested ID was given; an information processor that determines, in accordance with the request, link-relationship information indicating a correspondence relationship between the requested tentative ID and the current tentative ID; a second storage that stores the determined link-relationship information; and an outputter that outputs first information including the requested tentative ID or second information indicating that first-in

Abstract: An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), via at least one bus includes: receiving a data frame transmitted on the bus; generating a first MAC by using a MAC key and a value of a counter that counts the number of times a data frame having added thereto a MAC is transmitted; in a case where the verification has failed, (i) generating as second MAC by using an old MAC key; (ii) re-verifying that the received data frame has added thereto the generated second MAC; transmitting, in a case where the re-verification has succeeded, via the bus a key-update frame indicating a request for updating the MAC key; and updating the MAC key in response to the transmission of the key-update frame.

Abstract: An access control method including: receiving a log information item indicating use history of electrical equipment that is used together with an intended product; receiving product information including information for identifying the intended product; storing the log information item received in the receiving of a log information item and the product information received in the receiving of product information, in association with each other; and controlling whether or not to allow access to the log information item based on the product information associated with the log information item when access to the log information item is attempted.

Abstract: A fraud sensing method for use in an in-vehicle network system including a plurality of electronic control units that communicate with each other via a bus includes detecting that a state of a vehicle satisfies a predetermined condition, and switching, upon detecting that the state of the vehicle satisfies the predetermined condition, an operation mode of a fraud-sensing electronic control unit connected to the bus between a first mode in which a first type of sensing process for sensing a fraudulent message in the bus is performed and a second mode in which the first type of sensing process is not performed.

Abstract: A first device, upon detecting participation in an authentication system, transmits new and old identification information of a first certificate revocation list that the first device manages to a second device. In a case where the new and old identification information of a second certificate revocation list that the second device manages is older than the new and old identification information of the received first certificate revocation list, the second device transmits a transmission request for the first certificate revocation list to the first device. Upon receiving the transmission request for the first certificate revocation list from the second device, the first device transmits the first certificate revocation list to the second device. the second device updates the second certificate revocation list using the received first certificate revocation list.