[go: up one dir, main page]

WO2017110207A1 - Vehicular on-board device and authentication system - Google Patents

Vehicular on-board device and authentication system Download PDF

Info

Publication number
WO2017110207A1
WO2017110207A1 PCT/JP2016/079727 JP2016079727W WO2017110207A1 WO 2017110207 A1 WO2017110207 A1 WO 2017110207A1 JP 2016079727 W JP2016079727 W JP 2016079727W WO 2017110207 A1 WO2017110207 A1 WO 2017110207A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
vehicle
unit
wireless communication
user
Prior art date
Application number
PCT/JP2016/079727
Other languages
French (fr)
Japanese (ja)
Inventor
竜介 石川
昇錫 呉
Original Assignee
株式会社デンソー
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社デンソー filed Critical 株式会社デンソー
Priority to KR1020187013154A priority Critical patent/KR102071406B1/en
Publication of WO2017110207A1 publication Critical patent/WO2017110207A1/en

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/10Fittings or systems for preventing or indicating unauthorised use or theft of vehicles actuating a signalling device
    • B60R25/102Fittings or systems for preventing or indicating unauthorised use or theft of vehicles actuating a signalling device a signal being sent to a remote location, e.g. a radio signal being transmitted to a police station, a security company or the owner
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/01Fittings or systems for preventing or indicating unauthorised use or theft of vehicles operating on vehicle systems or fittings, e.g. on doors, seats or windscreens
    • B60R25/04Fittings or systems for preventing or indicating unauthorised use or theft of vehicles operating on vehicle systems or fittings, e.g. on doors, seats or windscreens operating on the propulsion system, e.g. engine or drive motor
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/20Means to switch the anti-theft system on or off
    • B60R25/24Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/20Means to switch the anti-theft system on or off
    • B60R25/25Means to switch the anti-theft system on or off using biometry
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/30Detection related to theft or to other events relevant to anti-theft systems
    • B60R25/34Detection related to theft or to other events relevant to anti-theft systems of conditions of vehicle components, e.g. of windows, door locks or gear selectors
    • EFIXED CONSTRUCTIONS
    • E05LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
    • E05BLOCKS; ACCESSORIES THEREFOR; HANDCUFFS
    • E05B49/00Electric permutation locks; Circuits therefor ; Mechanical aspects of electronic locks; Mechanical keys therefor

Definitions

  • This disclosure relates to an in-vehicle device that performs authentication using wireless communication with a portable device carried by a user, and an authentication system including the in-vehicle device.
  • Patent Document 1 the intensity of a request signal transmitted from an in-vehicle device mounted on a vehicle (also referred to as the subject vehicle or the host vehicle) changes midway.
  • a technique for preventing a relay attack by responding only when a change in strength is detected is disclosed.
  • An object of the present disclosure is to provide an in-vehicle device and an authentication system that allow a user to recognize that unauthorized authentication using wireless communication has been performed on the vehicle.
  • an in-vehicle device is used in a vehicle and authenticated by code verification via wireless communication with a portable device used as an electronic key.
  • An in-vehicle device including a first authenticating unit that performs authentication, the second authenticating unit that authenticates by a method other than code verification via wireless communication used in the first authenticating unit, and the first authenticating unit, And a notification instructing unit that notifies the vehicle user's communication terminal that unauthorized authentication using wireless communication has been performed on the vehicle when the second authentication unit has not been authenticated.
  • an authentication system performs wireless communication between a portable device used as an electronic key and a vehicle used in a vehicle.
  • a first authentication unit that includes a first authentication unit that performs authentication by code verification via a second authentication unit that performs authentication by a method other than code verification via wireless communication used in the first authentication unit; If the authentication is established in the second authentication unit but is not established in the second authentication unit, the communication terminal of the user of the own vehicle is notified that the unauthorized authentication using the wireless communication has been performed on the own vehicle.
  • an in-vehicle device including a notification instruction unit.
  • indication part can notify this to the communication terminal of the user of the own vehicle, when the unauthorized authentication via wireless communication is performed with respect to the own vehicle.
  • the communication terminal of the user of the own vehicle is notified that the unauthorized authentication via the wireless communication has been performed on the own vehicle, the user automatically performs the unauthorized authentication via the wireless communication from the communication terminal. You can recognize what happened to the car.
  • An authentication system 1 shown in FIG. 1 includes an electronic key 2 and a personal portable device 3 (also referred to as a portable terminal) carried by a user, a sensor 5 used in a vehicle HV, a DCM (Data Communication Module) 6, and an authentication. ECU7.
  • the configuration including at least the electronic key 2 and the authentication ECU 7 in the authentication system 1 corresponds to the authentication system.
  • the vehicle HV is also referred to as the subject vehicle or the host vehicle.
  • the authentication system 1 performs biometric authentication based on the user's biometric information acquired by the sensor 5, and permits the unlocking of the door of the vehicle HV when biometric authentication is established. Further, when code verification is performed by wireless communication between the electronic key 2 and the authentication ECU 7 and authentication by code verification via wireless communication is established, and when biometric authentication is established, the vehicle HV In addition to locking and unlocking the door, the vehicle HV is allowed to start.
  • the electronic key 2 and the authentication ECU 7 will be described in detail later. “Information” is used not only as a countable noun but also as a countable noun, and is equivalent to an information item. One information item is equivalent to one information item, and a plurality of information items are equivalent to a plurality of information items.
  • the personal portable device 3 is a communication terminal that a user carries or wears, and communicates with the DCM 6 via a public communication line network.
  • Examples of the personal portable device 3 include a multi-function mobile phone and a wearable communication terminal. In the first embodiment, the case where the personal portable device 3 is a multi-function mobile phone will be described as an example.
  • the sensor 5 is a contact-type biometric sensor that is provided on the outer door handle 4 of the vehicle HV and acquires biometric information from a user who holds the outer door handle 4.
  • Examples of the sensor 5 include a contact light emission type fingerprint sensor and a vein recognition sensor.
  • the sensor 5 is a contact light emission type fingerprint sensor, and the biological information acquired by the sensor 5 is fingerprint information. An example will be described.
  • the sensor 5 may be provided on all outer door handles 4 of the driver's seat door, passenger seat door, rear seat door, and trunk room door of the vehicle HV, or may be provided on some outer door handles 4. Good. When it is provided on some outer door handles 4, for example, it may be configured to be provided on the outer door handle 4 of the driver's seat door.
  • DCM 6 is an in-vehicle communication module used for a telematics service, and communicates with a personal portable device via a public communication line network.
  • the electronic key 2 includes a main controller 21 (also referred to as a main control circuit), an LF receiver 22, and a UHF transmitter 23.
  • This electronic key 2 corresponds to a portable device.
  • the LF receiver 22 has an LF antenna provided on the outer door handle 4 and receives an LF band request signal transmitted from the authentication ECU 7 via the LF antenna.
  • the LF receiver 22 is connected to the main controller 21 and outputs a request signal received by the LF antenna to the main controller 21.
  • the UHF transmitter 23 has a UHF antenna, and transmits a response signal by radio waves in the UHF band to the authentication ECU 7 via the UHF antenna.
  • the UHF transmitter 23 is connected to the main controller 21 and transmits a response signal output from the main controller 21 from the UHF antenna.
  • the main controller 21 includes a CPU, a volatile memory, a nonvolatile memory, an I / O, and a bus connecting them, and executes various processes by executing a control program stored in the nonvolatile memory. For example, the main controller 21 executes response-related processing such as transmitting a response signal corresponding to the request signal transmitted from the authentication ECU 7.
  • a vehicle identification code for identifying the vehicle HV of the authorized user is registered in an electrically rewritable nonvolatile memory.
  • the main controller 21 verifies whether or not the vehicle HV on which the authentication ECU 7 as the transmission source of the request signal received by the LF receiver 22 is a legitimate user's vehicle.
  • the code verification is performed between the vehicle identification code included in the request signal received from the authentication ECU 7 and the vehicle identification code registered in the nonvolatile memory of the main controller 21.
  • the main controller 21 returns a response signal including an electronic key identification code for identifying the own device when the code verification is established. What is necessary is just to set it as the structure which reads and uses what was stored in the non-volatile memory of the main controller 21 for an electronic key identification code.
  • the authentication ECU 7 is connected to the sensor 5, the DCM 6, the body ECU 8, and the power unit control ECU 9.
  • the sensor 5, the DCM 6, the body ECU 8, the power unit control ECU 9, and the authentication ECU 7 may be connected by an in-vehicle LAN.
  • This authentication ECU 7 corresponds to an in-vehicle device.
  • the body ECU 8 locks and unlocks each vehicle door by outputting a drive signal for controlling locking and unlocking of each vehicle door of the vehicle HV to a door lock motor provided in each vehicle door.
  • the body ECU 8 is connected to a touch sensor provided on the outer door handle 4 of each vehicle door, and detects that the user touches the outer door handle of each vehicle door.
  • the power unit control ECU 9 controls the travel drive source of the vehicle HV.
  • Examples of the driving source include an engine and a motor.
  • the power unit control ECU 9 obtains the start permission signal for the travel drive source from the authentication ECU 7, the power unit control ECU 9 enters a start standby state in which the travel drive source can be started.
  • the traveling drive source is an engine as an example, an engine start standby state in which a starter motor or the like can be started is set.
  • the authentication ECU 7 includes a main controller 71 (also referred to as a main control circuit), an LF transmitter 72, and a UHF receiver 73.
  • the LF transmitter 72 transmits a request signal to the electronic key 2 using an LF band radio wave via an LF antenna such as the door antenna 10 of each vehicle door.
  • the LF band is a frequency band of 30 kHz to 300 kHz, for example.
  • the range in which signals can be transmitted from the LF antenna using radio waves in the LF band corresponds to the short-range wireless communication area in which short-range wireless communication is possible.
  • the request signal is a signal for requesting transmission of an electronic key identification code for code verification, and includes a vehicle identification code for identifying the vehicle HV.
  • the door antenna 10 is provided on a door handle of a vehicle door of the vehicle HV.
  • the LF transmitter 72 may be configured to transmit a request signal by radio waves in the LF band to the vehicle interior via an indoor antenna provided in the vehicle interior.
  • a request signal is transmitted to the outside of the passenger compartment via the door antenna 10.
  • the UHF receiver 73 has a UHF antenna 11 and receives a response signal transmitted from the electronic key 2 by radio waves in the UHF band by the UHF antenna 11.
  • the UHF band is a frequency band of 300 MHz to 3 GHz, for example.
  • the response signal is a signal returned from the electronic key 2 in response to a request signal transmitted from the authentication ECU 7.
  • the main controller 71 includes a volatile memory, a non-volatile memory, an I / O, and a bus connecting them, and executes various processes by executing a control program stored in the non-volatile memory.
  • the main controller 71 executes processing related to authentication (hereinafter, authentication-related processing).
  • authentication-related processing processing related to authentication
  • the main controller 71 will be described in detail later. Note that some or all of the functions executed by the main controller 71 may be configured in hardware by one or a plurality of ICs.
  • the main controller 71 includes a transmission processing unit 711, a reception processing unit 712, a registration unit 713, a first authentication unit 714, a second authentication unit 715, an authentication result integration unit 716, and an unlocking / unlocking permission unit 717.
  • a start permission unit 718 and a notification instruction unit 719 are provided.
  • the transmission processing unit 711 transmits a request signal including the vehicle identification code of the vehicle HV from the door antenna 10 via the LF transmitter 72.
  • the transmission of the request signal may be performed intermittently while the vehicle HV is parked.
  • the vehicle identification code may be the device ID of the authentication ECU 7 mounted on the vehicle HV or the vehicle ID of the vehicle HV. What is necessary is just to set it as the structure which reads and uses what was stored in the non-volatile memory of authentication ECU7 for vehicle identification code.
  • the reception processing unit 712 receives a response signal transmitted from the electronic key 2 using a UHF band radio wave in response to the request signal via the UHF receiver 73.
  • the registration device 713 is, for example, an electrically rewritable nonvolatile memory, and the electronic key identification code of the authorized user's electronic key 2 is registered among the electronic key identification codes. In addition, the biological information of the legitimate user is also registered.
  • fingerprint information hereinafter, regular fingerprint information
  • regular fingerprint information acquired by a sensor 5 from a regular user is registered.
  • the first authentication unit 714 verifies whether the electronic key 2 that is the transmission source of the response signal received by the reception processing unit 712 is the electronic key 2 of the authorized user.
  • the code verification is performed between the electronic key identification code included in the response signal received from the electronic key 2 and the electronic key identification code registered in the register 713. And when both correspond, the authentication by the code collation via wireless communication shall be materialized. If they do not match, the authentication is not established.
  • the second authentication unit 715 performs fingerprint authentication to check whether the fingerprint information acquired by the sensor 5 matches the regular fingerprint information. Fingerprint authentication is performed between the fingerprint information acquired by the sensor 5 and the regular fingerprint information registered in the register 713. It is assumed that fingerprint authentication is established when the two match. If they do not match, the authentication is not established.
  • the authentication result integration unit 716 integrates the authentication result from the first authentication unit 714 and the authentication result from the second authentication unit 715 and outputs the result to the locking / unlocking permission unit 717, the start permission unit 718, and the notification instruction unit 719. .
  • the locking / unlocking permission unit 717 sends a signal permitting the locking / unlocking of the vehicle door to the body ECU 8 when either of the first authentication unit 714 and the second authentication unit 715 is authenticated.
  • the locking / unlocking permission unit 717 corresponds to an unlocking permission unit.
  • the body ECU 8 starts energizing the touch sensor provided on the outer door handle 4 of the vehicle door, and enters a standby state in which the user can detect the outer door handle operation.
  • the body ECU 8 detects that the user has touched the touch sensor, the body ECU 8 outputs a drive signal to the door lock motor to lock and unlock the vehicle door.
  • the vehicle door that is locked and unlocked by the locking / unlocking permission unit 717 may be limited to the vehicle door that has detected the outer door handle operation. According to this, it becomes possible to lock / unlock only the vehicle door touched by the user on the outer door handle 4.
  • the vehicle door that is locked and unlocked by the locking / unlocking permission unit 717 may be configured as all the vehicle doors of the vehicle HV.
  • Locking and unlocking all the vehicle doors of the vehicle HV by touching the outer door handle 4 of the vehicle door of the driver's seat is the same as the function of the existing electronic key system. good. Therefore, according to the above configuration, it is possible to reduce the cost by reducing the number of sensors 5 provided on the vehicle HV while maintaining good convenience for the user.
  • the locking / unlocking permission part 717 performs both locking and unlocking here was shown, it does not necessarily restrict to this. For example, it is good also as a structure which performs only locking or unlocking.
  • the start permission unit 718 sends a start permission signal of the travel drive source to the power unit control ECU 9 when both the first authentication unit 714 and the second authentication unit 715 have been authenticated.
  • the power unit control ECU 9 that has acquired the start permission signal sets the travel drive source in the start standby state as described above.
  • the notification instruction unit 719 has been authenticated by the first authentication unit 714, but if the authentication has not been established by the second authentication unit 715, unauthorized authentication using wireless communication has been performed on the vehicle. This is notified from the DCM 6 to the personal portable device 3.
  • the described flowchart includes a plurality of sections (or referred to as steps), and each section is expressed as, for example, S1. Further, each section can be divided into a plurality of subsections, while a plurality of sections can be combined into one section.
  • Each section can be referred to as a device or a unique name and with structural modifiers, for example, an authentication section can be referred to as an authentication device, an authenticator.
  • the section includes (i) not only a section of software combined with a hardware unit (eg, a computer) but also (ii) a section of hardware (eg, an integrated circuit, a wiring logic circuit) and related devices. It can be realized with or without the function.
  • the hardware section can be included inside the microcomputer.
  • the transmission processing unit 711 transmits a request signal including the vehicle identification code from the door antenna 10 via the LF transmitter 72.
  • the reception processing unit 712 can receive the response signal transmitted from the electronic key 2 in response to the request signal via the UHF receiver 73 (YES in S4), the process proceeds to S5. On the other hand, if it cannot be received (NO in S4), the process proceeds to S10.
  • the reception processing unit 712 may determine whether or not the response signal has been received depending on whether or not the response is received within a predetermined time after the request signal is transmitted.
  • the predetermined time is longer than the time until the electronic key 2 that has sent the request signal transmits the response signal, and can be arbitrarily set.
  • the reception processing unit 712 may determine that the response signal is not received when the response signal is not received despite the request signal being transmitted a plurality of times periodically such as every 100 msec. .
  • the first authentication unit 714 performs authentication by code verification between the electronic key identification code included in the response signal received by the reception processing unit 712 and the electronic key identification code registered in the registration unit 713.
  • the locking / unlocking permission unit 717 permits the unlocking of the vehicle HV
  • the start permission unit 718 permits the starting of the vehicle HV
  • the authentication-related processing ends.
  • an unauthorized authentication such as a relay attack has been performed on the own vehicle
  • the locking / unlocking permission unit 717 does not permit the unlocking of the vehicle HV
  • the start permission unit 718 does not permit the starting of the vehicle HV.
  • the notification instruction unit 719 notifies the personal portable device 3 from the DCM 6 that unauthorized authentication using wireless communication has been performed on the vehicle. Then, the authentication related process ends.
  • the personal portable device 3 In the personal portable device 3 that has received the notification, by performing display and / or voice output indicating that unauthorized authentication using wireless communication has been performed on the vehicle, unauthorized authentication using wireless communication is performed. Let the user know what has been done to the vehicle.
  • An example of the notification may be text display or icon display as long as it is a display. As long as it is an audio output, text may be read out or a buzzer sound may be output.
  • the start permission unit 718 does not permit the starting of the vehicle HV and ends the authentication-related processing.
  • the locking / unlocking permission unit 717 does not permit the unlocking of the vehicle HV
  • the start permission unit 718 does not permit the starting of the vehicle HV, and the authentication-related processing is ended.
  • FIG. 6 is used to summarize an example of a correspondence relationship between a combination of authentication results of code verification by wireless communication in the first authentication unit 714 and fingerprint authentication in the second authentication unit 715 and processing corresponding thereto. .
  • both code verification and fingerprint authentication by wireless communication are established, both unlocking and starting of the vehicle HV are permitted. If code verification by wireless communication is established but fingerprint authentication is not established, both the unlocking and starting of the vehicle HV are not permitted, and unauthorized authentication using wireless communication is applied to the vehicle. The personal portable device 3 is notified that this has been done. Code verification by wireless communication is not established, but when fingerprint authentication is established, starting of the vehicle HV is not permitted, but unlocking is permitted. When neither the code verification by wireless communication nor the fingerprint authentication is established, neither unlocking nor starting of the vehicle HV is permitted.
  • authentication is not established by code verification via wireless communication in the first authentication unit 714, but when fingerprint authentication is established in the second authentication unit 715, The vehicle HV is not allowed to start but is allowed to unlock. According to this, when a legitimate user does not need to start the vehicle HV and loads and unloads the luggage, the vehicle HV can be unlocked without having the electronic key 2, which is convenient. improves.
  • the vehicle HV is started unless both authentication by code verification through wireless communication in the first authentication unit 714 and fingerprint authentication in the second authentication unit 715 are not established. Therefore, the anti-theft effect is enhanced by double authentication.
  • the fingerprint authentication at the second authentication unit 715 can be performed only by the user performing an operation at the time of getting on. Therefore, it is not necessary to force the user to perform an extra operation for authentication in the second authentication unit 715, and convenience is not impaired.
  • Embodiment 2 In Embodiment 1, although the structure which provides the sensor 5 in the outer door handle 4 was shown, it does not necessarily restrict to this.
  • the sensor 5 may be provided on the start / stop button 12 (hereinafter, a second embodiment).
  • the authentication system 1 a is provided with a sensor 5 provided on the start / stop button 12 instead of the outer door handle 4 and a point including the authentication ECU 7 a instead of the authentication ECU 7.
  • the authentication ECU 7a is the same as the authentication ECU 7 of the first embodiment except that a main controller 71a (also referred to as a main control circuit) is provided instead of the main controller 71.
  • the main controller 71a is the same as the main controller 71 of the first embodiment except that the processing procedure of authentication-related processing is different. Similar to the main controller 71, the main controller 71a includes a transmission processing unit 711, a reception processing unit 712, a registration unit 713, a first authentication unit 714, a second authentication unit 715, an authentication result integration unit 716, an unlocking / unlocking permission unit. 717, a start permission unit 718, and a notification instruction unit 719 are provided.
  • the start / stop button 12 is a button operated by the user to start the traveling drive source of the vehicle HV, and is provided in the passenger compartment.
  • the start / stop button 12 corresponds to a start input unit.
  • the sensor 5 acquires biological information from the user who operates the start / stop button 12. Also in the second embodiment, the case where the sensor 5 is a contact light emission type fingerprint sensor and the biological information acquired by the sensor 5 is fingerprint information will be described as an example.
  • the LF transmitter 72 in Embodiment 2 assumes that the short-range wireless communication area includes a driver seat of a vehicle HV.
  • the reason why the sensor 5 is provided on the start / stop button 12 is that the number of required sensors 5 can be reduced as compared with the configuration in which the sensor 5 is provided on all vehicle doors of the vehicle HV. .
  • the transmission processing unit 711 transmits a request signal including a vehicle identification code.
  • the reception processing unit 712 has received a response signal (YES in S22)
  • the process proceeds to S23.
  • it cannot be received NO in S22
  • the process proceeds to S33.
  • the first authentication unit 714 performs authentication by code verification.
  • S24 when the authentication by the code verification in the first authentication unit 714 is established (YES in S24), the process proceeds to S25. On the other hand, if authentication by code verification is not established (NO in S24), the process proceeds to S33.
  • the main controller 71a enables power transfer of the vehicle HV, and proceeds to S26.
  • the power transfer mentioned here is a power transfer from turning off the vehicle HV to turning on the accessory (ie, ACC) and turning on the ignition (ie, IGN), and excluding permission to start the vehicle HV.
  • the start permission unit 718 permits the start of the vehicle HV and ends the authentication-related processing.
  • the start permission unit 718 does not permit the vehicle HV to start, and the notification instruction unit 719 performs an unauthorized authentication using wireless communication. Is notified from the DCM 6 to the personal portable device 3. Then, the authentication related process ends.
  • the start permission unit 718 does not permit the start of the vehicle HV, and proceeds to S32. If it is the end timing of the authentication related process in S32 (YES in S32), the authentication related process is ended. On the other hand, if it is not the end timing of the authentication related process (NO in S32), the process returns to S26 and is repeated.
  • the end timing of the authentication-related processing here is when the user gets off the vehicle HV.
  • the main controller 71a may determine that the user has exited the vehicle HV from the detection result of the seating sensor of the vehicle HV, the presence or absence of a response of the electronic key 2 to the request signal transmitted from the indoor antenna of the vehicle HV, and the like.
  • the start permission unit 718 does not permit the start of the vehicle HV and ends the authentication related process.
  • the second embodiment a configuration in which the sensor 5 is provided in the start / stop button 12 in the vehicle interior is employed instead of the configuration in which the sensor 5 of the first embodiment is provided in the outer door handle 4. Even when such a configuration is adopted, the same effects as in the first embodiment can be obtained except that the vehicle HV can be unlocked without having the electronic key 2. Can do.
  • the sensor 5 is provided on the start / stop button 12 of the vehicle HV, the user can perform fingerprint authentication at the second authentication unit 715 only by performing an operation at the time of starting. Therefore, it is not necessary to force the user to perform an extra operation for authentication in the second authentication unit 715, and convenience is not impaired.
  • Modification 1 When a contact-type biometric sensor is used as the sensor 5, the sensor 5 is provided on a member other than the outer door handle 4 and the start / stop button 12 as long as the user touches the vehicle HV when getting on or starting the vehicle. It is good also as a structure.
  • the configuration using a contact-type biometric sensor as the sensor 5 is not necessarily limited.
  • a configuration using a non-contact type biometric sensor may be used.
  • a configuration using a non-contact type fingerprint sensor or a vein recognition sensor may be used.
  • the authentication performed by the second authentication unit 715 is not necessarily biometric authentication as long as the authentication is performed by a method other than code verification via wireless communication used by the first authentication unit 714.
  • authentication via wireless communication with the personal portable device 3 may be used.
  • the second authentication unit 715 may perform authentication by collating a PIN code used during pairing.
  • a communication unit for mediating communication between the personal portable device 3 and the main controller 71 is provided. What is necessary is just to set it as the structure with which authentication ECU7 is further provided.
  • the same effect as that of the first embodiment can be obtained as long as authentication is performed by a method other than code verification via wireless communication used by the first authentication unit 714. it can.
  • Modification 4 a display and / or audio output indicating that unauthorized authentication using wireless communication has been performed on the own vehicle, which is performed by the personal portable device 3 that is notified from the notification instruction unit 719 via the DCM 6, It may be immediately after the notification or may not be immediately after. As a configuration not immediately after, there is a configuration in which the notification is received by the personal portable device 3 and the user confirms the content of the notification at an arbitrary timing.
  • Modification 5 In the first and second embodiments, the configuration in which the personal portable device 3 such as a multi-function mobile phone is used as a communication terminal has been described. For example, it is good also as a structure which uses PC in a user's home, a home security terminal, etc. as a communication terminal.
  • the authentication ECU 7b of Modification 6 includes a notification instruction unit 719b instead of the notification instruction unit 719, and notifies the display device 13 instead of notifying the portable device 3 via the DCM 6. Except for the point to perform, it is the same as the authentication ECU 7 of the first embodiment.
  • the display device 13 is a display device mounted on the vehicle HV. Examples of the display device 13 include a combination meter, CID (Center Information Display), and HUD (Head-Up Display).
  • the notification instructing unit 719b is authenticated by the first authenticating unit 714, but when the authentication is not established by the second authenticating unit 715, unauthorized authentication using wireless communication is performed on the own vehicle. This is notified to the display device 13 when the user gets on the vehicle HV. The display device 13 that has received the notification causes the display device 13 to display that unauthorized authentication using wireless communication has been performed on the vehicle.
  • the notification instruction unit 719b may determine from the vehicle door opening / closing signal obtained from the body ECU 8, the signal from the seating sensor, and the like.
  • the notification instruction unit 719b may also notify the personal portable device 3 from the DCM 6.
  • Modification 7 In the first and second embodiments, the configuration in which the body ECU 8 that locks and unlocks the vehicle door is provided separately from the authentication ECUs 7 and 7a is shown, but the configuration is not necessarily limited thereto.
  • the body ECU 8 that locks and unlocks the vehicle door may be configured to be integrated with the authentication ECUs 7 and 7a (hereinafter, modified example 7).
  • the authentication ECU 7c according to the modified example 7 is the same as the authentication ECU 7 according to the first embodiment except that a locking / unlocking operation unit 720 is provided.
  • the locking / unlocking operation unit 720 performs a process similar to that of the body ECU 8 described in the first embodiment, thereby outputting a drive signal to the door lock motor 14 to lock / unlock the vehicle door.
  • This locking / unlocking operation unit 720 corresponds to an unlocking operation unit.

Landscapes

  • Engineering & Computer Science (AREA)
  • Mechanical Engineering (AREA)
  • Human Computer Interaction (AREA)
  • Lock And Its Accessories (AREA)

Abstract

Provided is a vehicular on-board device that is used in a vehicle and that comprises a first authentication unit (714) to authenticate using code verification via wireless communication with an electronic key, wherein the vehicular on-board device comprises: a second authentication unit (715) that authenticates with a method not using the code verification via wireless communication used by the first authentication unit; and a notification instruction unit (719) that notifies a personal mobile device (3) of a vehicle user that an illegal authentication using wireless communication has been performed on the vehicle when authentication with the first authentication unit 714 was successful but authentication with the second authentication unit 715 was not successful .

Description

車載装置及び認証システムIn-vehicle device and authentication system 関連出願の相互参照Cross-reference of related applications
 本出願は、2015年12月24日に出願された日本出願番号2015-252252号に基づくもので、ここにその記載内容を援用する。 This application is based on Japanese Application No. 2015-252252 filed on December 24, 2015, the contents of which are incorporated herein by reference.
 本開示は、ユーザに携行される携帯機との間で無線通信を利用した認証を実施する車載装置、及びその車載装置を含む認証システムに関するものである。 This disclosure relates to an in-vehicle device that performs authentication using wireless communication with a portable device carried by a user, and an authentication system including the in-vehicle device.
 従来、車載装置と電子キーといった携帯機との間で無線通信によるコード照合が成立したことに基づいて、車両ドアの施解錠やエンジン始動等の車両制御を可能にする認証システムが知られている。この無線通信が可能となる距離範囲は、車両周辺の近距離に制限されているので、通常、無線通信を利用した認証は、携帯機が車両の近傍に位置する場合に限って可能となる。 2. Description of the Related Art Conventionally, there is known an authentication system that enables vehicle control such as locking / unlocking of a vehicle door and engine starting based on the fact that code verification by wireless communication is established between an in-vehicle device and a portable device such as an electronic key. . Since the distance range in which wireless communication is possible is limited to a short distance around the vehicle, authentication using wireless communication is normally possible only when the portable device is located in the vicinity of the vehicle.
 しかしながら、このような認証システムでは、悪意を持った第三者が、中継器を用いて携帯機と車載装置との通信を間接的に実現させることで認証を成立させるリレーアタックが懸念されている。リレーアタックでは、正規のユーザが意図しないにも関わらず、認証を成立させて車両ドアの解錠やエンジン始動等の車両制御を可能にしてしまう。 However, in such an authentication system, there is a concern about a relay attack in which a malicious third party indirectly establishes authentication by indirectly realizing communication between the portable device and the in-vehicle device using a repeater. . In the relay attack, although it is not intended by a legitimate user, authentication is established and vehicle control such as unlocking the vehicle door and starting the engine becomes possible.
 これに対して、例えば、特許文献1には、車両(当該車両(subject vehicle)あるいは自車(host vehicle)とも言及される)に搭載された車載装置から送信するリクエスト信号の強度を途中で変化させ、携帯機では、この強度の変化を検出した場合に限って応答することで、リレーアタックを防止する技術が開示されている。 On the other hand, for example, in Patent Document 1, the intensity of a request signal transmitted from an in-vehicle device mounted on a vehicle (also referred to as the subject vehicle or the host vehicle) changes midway. In a portable device, a technique for preventing a relay attack by responding only when a change in strength is detected is disclosed.
JP 2010-185186 AJP 2010-185186 A
 しかしながら、特許文献1に開示の技術では、リレーアタックを防止することが可能となったとしても、ユーザは自車に対してリレーアタックが行われたか否かを認知することはできない。自車に対してリレーアタックが行われていることをユーザが認知できない場合、ユーザは自車が盗難の標的になっていることを認知できず、自車盗難に対する防犯を強化することができない。 However, with the technique disclosed in Patent Document 1, even if it becomes possible to prevent relay attack, the user cannot recognize whether or not relay attack has been performed on the vehicle. When the user cannot recognize that the relay attack is being performed on the own vehicle, the user cannot recognize that the own vehicle is the target of theft, and cannot strengthen the crime prevention against the own vehicle theft.
 本開示の目的は、無線通信を利用した不正な認証が自車に対して行われたことをユーザが認知できるようにする車載装置及び認証システムを提供することにある。 An object of the present disclosure is to provide an in-vehicle device and an authentication system that allow a user to recognize that unauthorized authentication using wireless communication has been performed on the vehicle.
 上記目的を達成するために、本開示の一つの観点によれば、車載装置は、車両で用いられて、電子キーとして用いられる携帯機との間での無線通信を介したコード照合によって認証を行う第1認証部を備える車載装置であって、第1認証部で用いる無線通信を介したコード照合以外の方法で認証を行う第2認証部と、第1認証部で認証が成立したが、第2認証部で認証が成立しなかった場合に、無線通信を利用した不正な認証が車両に対して行われたことを車両のユーザの通信端末へ通知させる通知指示部とを備える。 In order to achieve the above object, according to one aspect of the present disclosure, an in-vehicle device is used in a vehicle and authenticated by code verification via wireless communication with a portable device used as an electronic key. An in-vehicle device including a first authenticating unit that performs authentication, the second authenticating unit that authenticates by a method other than code verification via wireless communication used in the first authenticating unit, and the first authenticating unit, And a notification instructing unit that notifies the vehicle user's communication terminal that unauthorized authentication using wireless communication has been performed on the vehicle when the second authentication unit has not been authenticated.
 また、上記目的を達成するために、本開示のもう一つの観点によれば、認証システムは、電子キーとして用いられる携帯機と、車両で用いられて、携帯機との間での無線通信を介したコード照合によって認証を行う第1認証部を備える車載装置であって、第1認証部で用いる無線通信を介したコード照合以外の方法で認証を行う第2認証部と、第1認証部で認証が成立したが、第2認証部で認証が成立しなかった場合に、無線通信を利用した不正な認証が自車に対して行われたことを自車のユーザの通信端末へ通知させる通知指示部とを備える車載装置とを含む。 In order to achieve the above object, according to another aspect of the present disclosure, an authentication system performs wireless communication between a portable device used as an electronic key and a vehicle used in a vehicle. A first authentication unit that includes a first authentication unit that performs authentication by code verification via a second authentication unit that performs authentication by a method other than code verification via wireless communication used in the first authentication unit; If the authentication is established in the second authentication unit but is not established in the second authentication unit, the communication terminal of the user of the own vehicle is notified that the unauthorized authentication using the wireless communication has been performed on the own vehicle. And an in-vehicle device including a notification instruction unit.
 第1認証部で用いる無線通信を介したコード照合で認証が成立したが、これ以外の方法によって第2認証部で認証が成立しなかった場合には、第1認証部での無線通信を利用した認証が不正に成立したものと言える。よって、通知指示部は、無線通信を介した不正な認証が自車に対して行われた場合に、このことを自車のユーザの通信端末へ通知させることができる。また、無線通信を介した不正な認証が自車に対して行われたことを自車のユーザの通信端末へ通知させるので、ユーザがこの通信端末から、無線通信を介した不正な認証が自車に対して行われたことを認知することができる。 If authentication is established by code verification via wireless communication used in the first authentication unit, but authentication is not established in the second authentication unit by any other method, wireless communication in the first authentication unit is used. It can be said that the authenticated authentication was illegally established. Therefore, the notification instruction | indication part can notify this to the communication terminal of the user of the own vehicle, when the unauthorized authentication via wireless communication is performed with respect to the own vehicle. In addition, since the communication terminal of the user of the own vehicle is notified that the unauthorized authentication via the wireless communication has been performed on the own vehicle, the user automatically performs the unauthorized authentication via the wireless communication from the communication terminal. You can recognize what happened to the car.
 本開示についての上記目的およびその他の目的、特徴や利点は、添付の図面を参照しながら下記の詳細な記述により、より明確になる。
第1実施形態の認証システムの概略的な構成の一例を示す図である。 電子キーの概略的な構成の一例を示す図である。 認証ECUの概略的な構成の一例を示す図である。 認証ECUの主制御器の概略的な構成の一例を示す図である。 認証ECUの主制御器での認証関連処理の流れの一例を示すフローチャートである。 第1認証部と第2認証部との認証結果の組み合わせとそれに対応する処理との対応関係の一例を示す図である。 第2実施形態の認証システムの概略的な構成の一例を示す図である。 第2実施形態の認証ECUの概略的な構成の一例を示す図である。 第2実施形態の認証ECUの主制御器での認証関連処理の流れの一例を示すフローチャートである。 変形例の認証ECUの概略的な構成の一例を示す図である。 他の変形例の認証ECUの概略的な構成の一例を示す図である。 The above and other objects, features and advantages of the present disclosure will become more apparent from the following detailed description with reference to the accompanying drawings.
It is a figure which shows an example of a schematic structure of the authentication system of 1st Embodiment. It is a figure which shows an example of a schematic structure of an electronic key. It is a figure which shows an example of schematic structure of authentication ECU. It is a figure which shows an example of a schematic structure of the main controller of authentication ECU. It is a flowchart which shows an example of the flow of the authentication related process in the main controller of authentication ECU. It is a figure which shows an example of the correspondence of the combination of the authentication result of a 1st authentication part and a 2nd authentication part, and the process corresponding to it. It is a figure which shows an example of a schematic structure of the authentication system of 2nd Embodiment. It is a figure which shows an example of a schematic structure of authentication ECU of 2nd Embodiment. It is a flowchart which shows an example of the flow of the authentication related process in the main controller of authentication ECU of 2nd Embodiment. It is a figure which shows an example of schematic structure of authentication ECU of a modification. It is a figure which shows an example of schematic structure of authentication ECU of another modification.
 図面を参照しながら、開示のための複数の実施形態や変形例を説明する。なお、説明の便宜上、複数の実施形態や変形例の間において、それまでの説明に用いた図に示した部分と同一の機能を有する部分については、同一の符号を付し、その説明を省略する場合がある。同一の符号を付した部分については、他の実施形態や変形例における説明を参照することができる。 A plurality of embodiments and modifications for disclosure will be described with reference to the drawings. For convenience of explanation, among the plurality of embodiments and modifications, portions having the same functions as those shown in the drawings used in the previous description are denoted by the same reference numerals and description thereof is omitted. There is a case. For the portions with the same reference numerals, the description in other embodiments and modifications can be referred to.
 (実施形態1)
 <認証システム1の概略構成>
 以下、本開示の実施形態1について図面を用いて説明する。図1に示す認証システム1は、ユーザに携帯される電子キー2及び個人携帯機3(携帯端末とも言及される)と、車両HVで用いられるセンサ5、DCM(Data Communication Module)6、及び認証ECU7とを含んでいる。この認証システム1のうち、電子キー2と認証ECU7とを少なくとも含む構成は認証システムに相当する。車両HVは、当該車両(subject vehicle)あるいは自車(host vehicle)とも言及される。 (Embodiment 1)
<Schematic configuration of authentication system 1>
Hereinafter, Embodiment 1 of the present disclosure will be described with reference to the drawings. An authentication system 1 shown in FIG. 1 includes an electronic key 2 and a personal portable device 3 (also referred to as a portable terminal) carried by a user, a sensor 5 used in a vehicle HV, a DCM (Data Communication Module) 6, and an authentication. ECU7. The configuration including at least the electronic key 2 and the authentication ECU 7 in the authentication system 1 corresponds to the authentication system. The vehicle HV is also referred to as the subject vehicle or the host vehicle.
 認証システム1では、センサ5で取得するユーザの生体情報によって生体認証を行い、生体認証が成立した場合に、車両HVのドアの解錠を許可する。また、電子キー2と認証ECU7との間で無線通信によってコード照合を行い、無線通信を介したコード照合による認証が成立した場合であって、且つ、生体認証が成立した場合に、車両HVのドアの施解錠に加え車両HVの始動を許可する。電子キー2及び認証ECU7については後に詳述する。尚、「情報」は、不可算名詞のみならず、可算名詞としても使用され、情報項目と同等である。一つの情報は一つの情報項目と、複数の情報は、複数の情報項目と同等である。 The authentication system 1 performs biometric authentication based on the user's biometric information acquired by the sensor 5, and permits the unlocking of the door of the vehicle HV when biometric authentication is established. Further, when code verification is performed by wireless communication between the electronic key 2 and the authentication ECU 7 and authentication by code verification via wireless communication is established, and when biometric authentication is established, the vehicle HV In addition to locking and unlocking the door, the vehicle HV is allowed to start. The electronic key 2 and the authentication ECU 7 will be described in detail later. “Information” is used not only as a countable noun but also as a countable noun, and is equivalent to an information item. One information item is equivalent to one information item, and a plurality of information items are equivalent to a plurality of information items.
 個人携帯機3は、ユーザが携帯若しくは装着する通信端末であって、DCM6と公衆通信回線網を介して通信を行う。個人携帯機3の一例としては、多機能携帯電話機、ウェアラブル通信端末等があるが、実施形態1では、個人携帯機3が多機能携帯電話機である場合を例に挙げて説明を行う。 The personal portable device 3 is a communication terminal that a user carries or wears, and communicates with the DCM 6 via a public communication line network. Examples of the personal portable device 3 include a multi-function mobile phone and a wearable communication terminal. In the first embodiment, the case where the personal portable device 3 is a multi-function mobile phone will be described as an example.
 センサ5は、車両HVのアウタードアハンドル4に設けられており、アウタードアハンドル4を握ったユーザから生体情報を取得する接触式の生体認証センサである。センサ5の一例としては、接触発光式指紋センサ、静脈認識センサ等があるが、実施形態1では、センサ5が接触発光式指紋センサであり、センサ5で取得する生体情報が指紋情報である場合を例に挙げて説明を行う。 The sensor 5 is a contact-type biometric sensor that is provided on the outer door handle 4 of the vehicle HV and acquires biometric information from a user who holds the outer door handle 4. Examples of the sensor 5 include a contact light emission type fingerprint sensor and a vein recognition sensor. In the first embodiment, the sensor 5 is a contact light emission type fingerprint sensor, and the biological information acquired by the sensor 5 is fingerprint information. An example will be described.
 センサ5は、車両HVの運転席ドア、助手席ドア、後部座席ドア、トランクルームドアの全てのアウタードアハンドル4に設けられる構成としてもよいし、一部のアウタードアハンドル4に設けられる構成としてもよい。一部のアウタードアハンドル4に設ける場合には、例えば運転席ドアのアウタードアハンドル4に設ける構成とすればよい。 The sensor 5 may be provided on all outer door handles 4 of the driver's seat door, passenger seat door, rear seat door, and trunk room door of the vehicle HV, or may be provided on some outer door handles 4. Good. When it is provided on some outer door handles 4, for example, it may be configured to be provided on the outer door handle 4 of the driver's seat door.
 DCM6は、テレマティクスサービスに用いられる車載通信モジュールであって、公衆通信回線網を介して個人携帯機と通信を行う。 DCM 6 is an in-vehicle communication module used for a telematics service, and communicates with a personal portable device via a public communication line network.
 <電子キー2の概略構成>
 続いて、図2を用いて、電子キー2の概略的な構成について説明を行う。図2に示すように電子キー2は、主制御器21(主制御回路とも言及される)、LF受信器22、及びUHF送信器23を備えている。この電子キー2は携帯機に相当する。 <Schematic configuration of electronic key 2>
Next, a schematic configuration of the electronic key 2 will be described with reference to FIG. As shown in FIG. 2, the electronic key 2 includes a main controller 21 (also referred to as a main control circuit), an LF receiver 22, and a UHF transmitter 23. This electronic key 2 corresponds to a portable device.
 LF受信器22は、アウタードアハンドル4に設けられたLFアンテナを有しており、認証ECU7から送信されてくるLF帯のリクエスト信号をこのLFアンテナを介して受信する。また、LF受信器22は、主制御器21に接続されており、LFアンテナにて受信したリクエスト信号を主制御器21に出力する。 The LF receiver 22 has an LF antenna provided on the outer door handle 4 and receives an LF band request signal transmitted from the authentication ECU 7 via the LF antenna. The LF receiver 22 is connected to the main controller 21 and outputs a request signal received by the LF antenna to the main controller 21.
 UHF送信器23は、UHFアンテナを有しており、UHFアンテナを介して認証ECU7へUHF帯の電波にてレスポンス信号を送信する。UHF送信器23は、主制御器21に接続されており、この主制御器21から出力されたレスポンス信号をUHFアンテナから送信する。 The UHF transmitter 23 has a UHF antenna, and transmits a response signal by radio waves in the UHF band to the authentication ECU 7 via the UHF antenna. The UHF transmitter 23 is connected to the main controller 21 and transmits a response signal output from the main controller 21 from the UHF antenna.
 主制御器21は、CPU、揮発性メモリ、不揮発性メモリ、I/O、及びこれらを接続するバスを備え、不揮発性メモリに記憶された制御プログラムを実行することで各種の処理を実行する。例えば、主制御器21は、認証ECU7から送信されるリクエスト信号に応じた応答信号を送信するなどの応答関連処理等を実行する。 The main controller 21 includes a CPU, a volatile memory, a nonvolatile memory, an I / O, and a bus connecting them, and executes various processes by executing a control program stored in the nonvolatile memory. For example, the main controller 21 executes response-related processing such as transmitting a response signal corresponding to the request signal transmitted from the authentication ECU 7.
 主制御器21では、電気的に書き換え可能な不揮発性メモリに、正規のユーザの車両HVを識別するための車両識別コードが登録されている。主制御器21は、LF受信器22で受信したリクエスト信号の送信元の認証ECU7を搭載した車両HVが正規のユーザの車両であるかコード照合を行う。コード照合は、認証ECU7から受信するリクエスト信号に含まれる車両識別コードと、主制御器21の不揮発性メモリに登録されている車両識別コードとの間で行う。 In the main controller 21, a vehicle identification code for identifying the vehicle HV of the authorized user is registered in an electrically rewritable nonvolatile memory. The main controller 21 verifies whether or not the vehicle HV on which the authentication ECU 7 as the transmission source of the request signal received by the LF receiver 22 is a legitimate user's vehicle. The code verification is performed between the vehicle identification code included in the request signal received from the authentication ECU 7 and the vehicle identification code registered in the nonvolatile memory of the main controller 21.
 そして、主制御器21は、コード照合が成立した場合に、自機器を識別するための電子キー識別コードを含んだレスポンス信号を返信する。電子キー識別コードは、主制御器21の不揮発性メモリに格納しておいたものを読み出して用いる構成とすればよい。 The main controller 21 returns a response signal including an electronic key identification code for identifying the own device when the code verification is established. What is necessary is just to set it as the structure which reads and uses what was stored in the non-volatile memory of the main controller 21 for an electronic key identification code.
 <認証ECU7の概略構成>
 続いて、図3を用いて、認証ECU7の概略的な構成について説明を行う。図3に示すように認証ECU7は、センサ5、DCM6、ボデーECU8、及びパワーユニット制御ECU9と接続されている。一例としては、車載LANによってセンサ5、DCM6、ボデーECU8、及びパワーユニット制御ECU9と認証ECU7とを接続すればよい。この認証ECU7は車載装置に相当する。 <Schematic configuration of authentication ECU 7>
Next, a schematic configuration of the authentication ECU 7 will be described with reference to FIG. As shown in FIG. 3, the authentication ECU 7 is connected to the sensor 5, the DCM 6, the body ECU 8, and the power unit control ECU 9. As an example, the sensor 5, the DCM 6, the body ECU 8, the power unit control ECU 9, and the authentication ECU 7 may be connected by an in-vehicle LAN. This authentication ECU 7 corresponds to an in-vehicle device.
 ボデーECU8は、車両HVの各車両ドアの施解錠を制御するための駆動信号を各車両ドアに設けられたドアロックモータに出力することで、各車両ドアの施解錠を行う。また、ボデーECU8には、各車両ドアのアウタードアハンドル4に設けられたタッチセンサが接続されており、各車両ドアのアウタードアハンドルがユーザに触れられたことを検出する。 The body ECU 8 locks and unlocks each vehicle door by outputting a drive signal for controlling locking and unlocking of each vehicle door of the vehicle HV to a door lock motor provided in each vehicle door. The body ECU 8 is connected to a touch sensor provided on the outer door handle 4 of each vehicle door, and detects that the user touches the outer door handle of each vehicle door.
 パワーユニット制御ECU9は、車両HVの走行駆動源を制御する。走行駆動源としては、エンジン、モータ等がある。パワーユニット制御ECU9は、認証ECU7から走行駆動源の始動許可信号を取得すると、走行駆動源を始動できる始動待機状態とする。例えば、走行駆動源がエンジンの場合を例に挙げると、スタータモータなどが始動できる状態であるエンジン始動待機状態とする。 The power unit control ECU 9 controls the travel drive source of the vehicle HV. Examples of the driving source include an engine and a motor. When the power unit control ECU 9 obtains the start permission signal for the travel drive source from the authentication ECU 7, the power unit control ECU 9 enters a start standby state in which the travel drive source can be started. For example, taking the case where the traveling drive source is an engine as an example, an engine start standby state in which a starter motor or the like can be started is set.
 また、図3に示すように、認証ECU7は、主制御器71(主制御回路とも言及される)、LF送信器72、UHF受信器73を備えている。 Further, as shown in FIG. 3, the authentication ECU 7 includes a main controller 71 (also referred to as a main control circuit), an LF transmitter 72, and a UHF receiver 73.
 LF送信器72は、各車両ドアのドアアンテナ10といったLFアンテナを介し、電子キー2にLF帯の電波にてリクエスト信号を送信する。LF帯とは、例えば30kHz~300kHzの周波数帯である。LFアンテナからLF帯の電波で信号を送信できる範囲が、近距離無線通信が可能な近距離無線通信エリアにあたる。リクエスト信号は、コード照合のための電子キー識別コードの送信を要求する信号であって、車両HVを識別するための車両識別コードを含んでいる。ドアアンテナ10は、車両HVの車両ドアのドアハンドルに設けられる。 The LF transmitter 72 transmits a request signal to the electronic key 2 using an LF band radio wave via an LF antenna such as the door antenna 10 of each vehicle door. The LF band is a frequency band of 30 kHz to 300 kHz, for example. The range in which signals can be transmitted from the LF antenna using radio waves in the LF band corresponds to the short-range wireless communication area in which short-range wireless communication is possible. The request signal is a signal for requesting transmission of an electronic key identification code for code verification, and includes a vehicle identification code for identifying the vehicle HV. The door antenna 10 is provided on a door handle of a vehicle door of the vehicle HV.
 LF送信器72は、車室内に設けられた室内アンテナを介して、車室内にもLF帯の電波にてリクエスト信号を送信する構成としてもよい。しかしながら、便宜上、実施形態1では、ドアアンテナ10を介して車室外にリクエスト信号を送信する場合に限って説明を行う。 The LF transmitter 72 may be configured to transmit a request signal by radio waves in the LF band to the vehicle interior via an indoor antenna provided in the vehicle interior. However, for convenience, the first embodiment will be described only when a request signal is transmitted to the outside of the passenger compartment via the door antenna 10.
 UHF受信器73は、UHFアンテナ11を有しており、UHF帯の電波にて電子キー2から送信されてくるレスポンス信号をUHFアンテナ11で受信する。UHF帯とは、例えば300MHz~3GHzの周波数帯である。また、レスポンス信号とは、認証ECU7から送信するリクエスト信号に対して電子キー2から返信される信号である。 The UHF receiver 73 has a UHF antenna 11 and receives a response signal transmitted from the electronic key 2 by radio waves in the UHF band by the UHF antenna 11. The UHF band is a frequency band of 300 MHz to 3 GHz, for example. The response signal is a signal returned from the electronic key 2 in response to a request signal transmitted from the authentication ECU 7.
 主制御器71は、揮発性メモリ、不揮発性メモリ、I/O、及びこれらを接続するバスを備え、不揮発性メモリに記憶された制御プログラムを実行することで各種の処理を実行する。主制御器71は、認証に関連する処理(以下、認証関連処理)を実行する。主制御部71については後に詳述する。なお、主制御器71が実行する機能の一部又は全部を、一つ或いは複数のIC等によりハードウェア的に構成してもよい。 The main controller 71 includes a volatile memory, a non-volatile memory, an I / O, and a bus connecting them, and executes various processes by executing a control program stored in the non-volatile memory. The main controller 71 executes processing related to authentication (hereinafter, authentication-related processing). The main controller 71 will be described in detail later. Note that some or all of the functions executed by the main controller 71 may be configured in hardware by one or a plurality of ICs.
 <主制御器71の詳細構成>
 図4に示すように、主制御器71は、送信処理部711、受信処理部712、登録器713、第1認証部714、第2認証部715、認証結果統合部716、施解錠許可部717、始動許可部718、及び通知指示部719を備えている。 <Detailed configuration of main controller 71>
As shown in FIG. 4, the main controller 71 includes a transmission processing unit 711, a reception processing unit 712, a registration unit 713, a first authentication unit 714, a second authentication unit 715, an authentication result integration unit 716, and an unlocking / unlocking permission unit 717. A start permission unit 718 and a notification instruction unit 719 are provided.
 送信処理部711は、LF送信器72を介してドアアンテナ10から、車両HVの車両識別コードを含むリクエスト信号を送信させる。一例としてリクエスト信号の送信は、車両HVの駐車中に間欠的に行われるものとすればよい。車両識別コードは、車両HVに搭載された認証ECU7の機器IDであってもよいし、車両HVの車両IDであってもよい。車両識別コードは、認証ECU7の不揮発性メモリに格納しておいたものを読み出して用いる構成とすればよい。受信処理部712は、リクエスト信号に応答してUHF帯の電波にて電子キー2から送信されてくるレスポンス信号を、UHF受信器73を介して受信する。 The transmission processing unit 711 transmits a request signal including the vehicle identification code of the vehicle HV from the door antenna 10 via the LF transmitter 72. As an example, the transmission of the request signal may be performed intermittently while the vehicle HV is parked. The vehicle identification code may be the device ID of the authentication ECU 7 mounted on the vehicle HV or the vehicle ID of the vehicle HV. What is necessary is just to set it as the structure which reads and uses what was stored in the non-volatile memory of authentication ECU7 for vehicle identification code. The reception processing unit 712 receives a response signal transmitted from the electronic key 2 using a UHF band radio wave in response to the request signal via the UHF receiver 73.
 登録器713は、例えば電気的に書き換え可能な不揮発性メモリであって、電子キー識別コードのうち、正規のユーザの電子キー2の電子キー識別コードが登録されている。また、正規のユーザの生体情報も登録されている。実施形態1の例では、正規のユーザからセンサ5で取得した指紋情報(以下、正規の指紋情報)が登録されている。 The registration device 713 is, for example, an electrically rewritable nonvolatile memory, and the electronic key identification code of the authorized user's electronic key 2 is registered among the electronic key identification codes. In addition, the biological information of the legitimate user is also registered. In the example of the first embodiment, fingerprint information (hereinafter, regular fingerprint information) acquired by a sensor 5 from a regular user is registered.
 第1認証部714は、受信処理部712で受信したレスポンス信号の送信元の電子キー2が正規のユーザの電子キー2であるかコード照合を行う。コード照合は、電子キー2から受信したレスポンス信号に含まれる電子キー識別コードと、登録器713に登録されている電子キー識別コードとの間で行う。そして、両者が一致した場合に、無線通信を介したコード照合による認証が成立したものとする。両者が一致しなかった場合には、認証は不成立となる。 The first authentication unit 714 verifies whether the electronic key 2 that is the transmission source of the response signal received by the reception processing unit 712 is the electronic key 2 of the authorized user. The code verification is performed between the electronic key identification code included in the response signal received from the electronic key 2 and the electronic key identification code registered in the register 713. And when both correspond, the authentication by the code collation via wireless communication shall be materialized. If they do not match, the authentication is not established.
 第2認証部715は、センサ5で取得した指紋情報が、正規の指紋情報と一致するか照合する指紋認証を行う。指紋認証は、センサ5で取得した指紋情報と、登録器713に登録されている正規の指紋情報との間で行う。そして、両者が一致した場合に、指紋認証が成立したものとする。両者が一致しなかった場合には、認証は不成立となる。 The second authentication unit 715 performs fingerprint authentication to check whether the fingerprint information acquired by the sensor 5 matches the regular fingerprint information. Fingerprint authentication is performed between the fingerprint information acquired by the sensor 5 and the regular fingerprint information registered in the register 713. It is assumed that fingerprint authentication is established when the two match. If they do not match, the authentication is not established.
 認証結果統合部716は、第1認証部714での認証結果と第2認証部715での認証結果とを統合して、施解錠許可部717、始動許可部718、通知指示部719に出力する。 The authentication result integration unit 716 integrates the authentication result from the first authentication unit 714 and the authentication result from the second authentication unit 715 and outputs the result to the locking / unlocking permission unit 717, the start permission unit 718, and the notification instruction unit 719. .
 施解錠許可部717は、第1認証部714と第2認証部715とのいずれか一方でも認証成立であった場合に、車両ドアの施解錠を許可する信号をボデーECU8に送る。この施解錠許可部717は解錠許可部に相当する。車両ドアの施解錠が許可された場合、ボデーECU8は、車両ドアのアウタードアハンドル4に設けられたタッチセンサへの通電を開始させ、ユーザによるアウタードアハンドル操作を検出可能なスタンバイ状態となる。そして、ユーザがこのタッチセンサに触れたことをボデーECU8で検出した場合に、ボデーECU8が駆動信号をドアロックモータに出力し、車両ドアの施解錠を行う。 The locking / unlocking permission unit 717 sends a signal permitting the locking / unlocking of the vehicle door to the body ECU 8 when either of the first authentication unit 714 and the second authentication unit 715 is authenticated. The locking / unlocking permission unit 717 corresponds to an unlocking permission unit. When the locking / unlocking of the vehicle door is permitted, the body ECU 8 starts energizing the touch sensor provided on the outer door handle 4 of the vehicle door, and enters a standby state in which the user can detect the outer door handle operation. When the body ECU 8 detects that the user has touched the touch sensor, the body ECU 8 outputs a drive signal to the door lock motor to lock and unlock the vehicle door.
 センサ5を車両HVの各車両ドアに設ける構成とした場合には、施解錠許可部717で施解錠を行う車両ドアは、アウタードアハンドル操作を検出した車両ドアに限る構成とすればよい。これによれば、ユーザがアウタードアハンドル4に触れた車両ドアに限って施解錠を行うことが可能になる。 When the sensor 5 is configured to be provided on each vehicle door of the vehicle HV, the vehicle door that is locked and unlocked by the locking / unlocking permission unit 717 may be limited to the vehicle door that has detected the outer door handle operation. According to this, it becomes possible to lock / unlock only the vehicle door touched by the user on the outer door handle 4.
 センサ5を車両HVの運転席の車両ドアに限って設ける構成とした場合には、施解錠許可部717で施解錠を行う車両ドアは、車両HVの全ての車両ドアとする構成とすればよい。運転席の車両ドアのアウタードアハンドル4に触れることで車両HVの全車両ドアの施解錠を行うのは、既存の電子キーシステムの機能と同様であるので、ユーザにとっては馴染みがあり利便性が良い。よって、以上の構成によれば、ユーザにとっての利便性を良好に保ちながら、センサ5を車両HVに設ける数を減らしてコストダウンすることが可能になる。 When the sensor 5 is configured to be provided only in the vehicle door of the driver's seat of the vehicle HV, the vehicle door that is locked and unlocked by the locking / unlocking permission unit 717 may be configured as all the vehicle doors of the vehicle HV. . Locking and unlocking all the vehicle doors of the vehicle HV by touching the outer door handle 4 of the vehicle door of the driver's seat is the same as the function of the existing electronic key system. good. Therefore, according to the above configuration, it is possible to reduce the cost by reducing the number of sensors 5 provided on the vehicle HV while maintaining good convenience for the user.
 なお、ここでは、施解錠許可部717が施解錠の両方を行う構成を示したが、必ずしもこれに限らない。例えば、施錠のみや解錠のみを行う構成としてもよい。 In addition, although the structure where the locking / unlocking permission part 717 performs both locking and unlocking here was shown, it does not necessarily restrict to this. For example, it is good also as a structure which performs only locking or unlocking.
 始動許可部718は、第1認証部714と第2認証部715との両方で認証成立であった場合に、走行駆動源の始動許可信号をパワーユニット制御ECU9に送る。始動許可信号を取得したパワーユニット制御ECU9は、前述したようにして、走行駆動源を始動待機状態とする。これら施解錠許可部717及び始動許可部718は許可部に相当する。 The start permission unit 718 sends a start permission signal of the travel drive source to the power unit control ECU 9 when both the first authentication unit 714 and the second authentication unit 715 have been authenticated. The power unit control ECU 9 that has acquired the start permission signal sets the travel drive source in the start standby state as described above. These locking / unlocking permission unit 717 and start permission unit 718 correspond to a permission unit.
 通知指示部719は、第1認証部714で認証成立であったが、第2認証部715で認証不成立であった場合に、無線通信を利用した不正な認証が自車に対して行われたことを、DCM6から個人携帯機3へ通知させる。 The notification instruction unit 719 has been authenticated by the first authentication unit 714, but if the authentication has not been established by the second authentication unit 715, unauthorized authentication using wireless communication has been performed on the vehicle. This is notified from the DCM 6 to the personal portable device 3.
 <主制御器71での認証関連処理>
 ここで、図5のフローチャートを用いて、認証ECU7の主制御器71での認証関連処理の流れの一例について説明を行う。図5のフローチャートは、車両HVの車両ドアが施錠されたときに開始される。 <Authentication-related processing in the main controller 71>
Here, an example of the flow of authentication-related processing in the main controller 71 of the authentication ECU 7 will be described using the flowchart of FIG. The flowchart of FIG. 5 is started when the vehicle door of the vehicle HV is locked.
 記載されるフローチャートは、複数のセクション(あるいはステップと言及される)を含み、各セクションは、たとえば、S1と表現される。さらに、各セクションは、複数のサブセクションに分割されることができる、一方、複数のセクションが合わさって一つのセクションにすることも可能である。各セクションは、デバイス、あるいは、固有名として、また、構造的な修飾語を伴って、例えば、認証セクションは、認証デバイス、認証器として、言及されることができる。また、セクションは、(i)ハードウエアユニット(例えば、コンピュータ)と組み合わさったソフトウエアのセクションのみならず、(ii)ハードウエア(例えば、集積回路、配線論理回路)のセクションとして、関連する装置の機能を含みあるいは含まずに実現できる。さらに、ハードウエアのセクションは、マイクロコンピュータの内部に含まれることもできる。 The described flowchart includes a plurality of sections (or referred to as steps), and each section is expressed as, for example, S1. Further, each section can be divided into a plurality of subsections, while a plurality of sections can be combined into one section. Each section can be referred to as a device or a unique name and with structural modifiers, for example, an authentication section can be referred to as an authentication device, an authenticator. In addition, the section includes (i) not only a section of software combined with a hardware unit (eg, a computer) but also (ii) a section of hardware (eg, an integrated circuit, a wiring logic circuit) and related devices. It can be realized with or without the function. Furthermore, the hardware section can be included inside the microcomputer.
 まず、S1では、第2認証部715が、センサ5を介して指紋情報を取得した場合(S1でYES)には、S2に移る。一方、指紋情報を取得していない場合(S1でNO)には、S1の処理を繰り返す。S2では、第2認証部715が、センサ5を介して取得した指紋情報が、正規の指紋情報と一致するか照合する指紋認証を行う。 First, in S1, when the second authentication unit 715 acquires fingerprint information via the sensor 5 (YES in S1), the process proceeds to S2. On the other hand, if fingerprint information has not been acquired (NO in S1), the process of S1 is repeated. In S <b> 2, the second authentication unit 715 performs fingerprint authentication for verifying whether the fingerprint information acquired via the sensor 5 matches the regular fingerprint information.
 S3では、送信処理部711が、LF送信器72を介してドアアンテナ10から、車両識別コードを含むリクエスト信号を送信させる。S4では、受信処理部712が、電子キー2からリクエスト信号に応答して送信されてくるレスポンス信号を、UHF受信器73を介して受信できた場合(S4でYES)には、S5に移る。一方、受信できなかった場合(S4でNO)には、S10に移る。 In S3, the transmission processing unit 711 transmits a request signal including the vehicle identification code from the door antenna 10 via the LF transmitter 72. In S4, when the reception processing unit 712 can receive the response signal transmitted from the electronic key 2 in response to the request signal via the UHF receiver 73 (YES in S4), the process proceeds to S5. On the other hand, if it cannot be received (NO in S4), the process proceeds to S10.
 S4の処理では、ドアアンテナ10の通信範囲内に電子キー2が存在しない場合、若しくは電子キー2で車両識別コードのコード照合が不成立であった場合に、電子キー2からのレスポンス信号を受信できなくなる。 In the process of S4, when the electronic key 2 does not exist within the communication range of the door antenna 10, or when the code verification of the vehicle identification code is not established with the electronic key 2, the response signal from the electronic key 2 can be received. Disappear.
 受信処理部712でのレスポンス信号を受信できたか否かの判断は、リクエスト信号を送信してから所定時間内にレスポンスを受信したか否かによって行う構成とすればよい。所定時間は、リクエスト信号をした電子キー2がレスポンス信号を送信するまでの時間よりも長い時間であって、任意に設定可能な時間である。また、100msecごと等の周期的に複数回リクエスト信号を送信したにも関わらず、レスポンス信号の受信をしなかった場合に、レスポンス信号を受信できなかったと受信処理部712で判断する構成としてもよい。 The reception processing unit 712 may determine whether or not the response signal has been received depending on whether or not the response is received within a predetermined time after the request signal is transmitted. The predetermined time is longer than the time until the electronic key 2 that has sent the request signal transmits the response signal, and can be arbitrarily set. In addition, the reception processing unit 712 may determine that the response signal is not received when the response signal is not received despite the request signal being transmitted a plurality of times periodically such as every 100 msec. .
 S5では、第1認証部714が、受信処理部712で受信したレスポンス信号に含まれる電子キー識別コードと、登録器713に登録されている電子キー識別コードとのコード照合による認証を行う。 In S <b> 5, the first authentication unit 714 performs authentication by code verification between the electronic key identification code included in the response signal received by the reception processing unit 712 and the electronic key identification code registered in the registration unit 713.
 S6では、第1認証部714でのコード照合による認証が成立した場合(S6でYES)には、S7に移る。一方、コード照合による認証が不成立であった場合(S6でNO)には、S10に移る。 In S6, when the authentication by the code verification in the first authentication unit 714 is established (YES in S6), the process proceeds to S7. On the other hand, if authentication by code verification is not established (NO in S6), the process proceeds to S10.
 S7では、S2において第2認証部715での指紋認証が成立していた場合(S7でYES)には、S8に移る。一方、指紋認証が不成立であった場合(S7でNO)には、S9に移る。 In S7, if fingerprint authentication is established in the second authentication unit 715 in S2 (YES in S7), the process proceeds to S8. On the other hand, if fingerprint authentication has not been established (NO in S7), the process proceeds to S9.
 S8では、施解錠許可部717が車両HVの解錠を許可するとともに、始動許可部718が車両HVの始動を許可し、認証関連処理を終了する。S9では、リレーアタックといった不正な認証が自車に行われたものとし、施解錠許可部717が車両HVの解錠を許可しないとともに、始動許可部718が車両HVの始動を許可しない。また、通知指示部719が、無線通信を利用した不正な認証が自車に対して行われたことを、DCM6から個人携帯機3へ通知させる。そして、認証関連処理を終了する。 In S8, the locking / unlocking permission unit 717 permits the unlocking of the vehicle HV, and the start permission unit 718 permits the starting of the vehicle HV, and the authentication-related processing ends. In S9, it is assumed that an unauthorized authentication such as a relay attack has been performed on the own vehicle, the locking / unlocking permission unit 717 does not permit the unlocking of the vehicle HV, and the start permission unit 718 does not permit the starting of the vehicle HV. In addition, the notification instruction unit 719 notifies the personal portable device 3 from the DCM 6 that unauthorized authentication using wireless communication has been performed on the vehicle. Then, the authentication related process ends.
 通知を受けた個人携帯機3では、無線通信を利用した不正な認証が自車に対して行われたことを示す表示及び/又は音声出力を行うことで、無線通信を利用した不正な認証が自車に対して行われたことをユーザに認知させる。通知の一例としては、表示であれば、テキスト表示であってもよいし、アイコン表示であってもよい。音声出力であれば、テキストの読み上げであってもよいし、ブザー音の出力であってもよい。 In the personal portable device 3 that has received the notification, by performing display and / or voice output indicating that unauthorized authentication using wireless communication has been performed on the vehicle, unauthorized authentication using wireless communication is performed. Let the user know what has been done to the vehicle. An example of the notification may be text display or icon display as long as it is a display. As long as it is an audio output, text may be read out or a buzzer sound may be output.
 S4でレスポンス信号を受信できなかった場合、若しくはS6でコード照合による認証が不成立であった場合のS10では、S2において第2認証部715での指紋認証が成立していた場合(S10でYES)には、S11に移る。一方、指紋認証が不成立であった場合(S10でNO)には、S12に移る。 When the response signal cannot be received in S4, or in S10 when the authentication by code verification is not established in S6, the fingerprint authentication in the second authentication unit 715 is established in S2 (YES in S10) To S11. On the other hand, if fingerprint authentication has not been established (NO in S10), the process proceeds to S12.
 S11では、施解錠許可部717が車両HVの解錠を許可する一方、始動許可部718は車両HVの始動を許可せず、認証関連処理を終了する。S12では、施解錠許可部717が車両HVの解錠を許可しないとともに、始動許可部718が車両HVの始動を許可せず、認証関連処理を終了する。 In S11, while the locking / unlocking permission unit 717 permits the unlocking of the vehicle HV, the start permission unit 718 does not permit the starting of the vehicle HV and ends the authentication-related processing. In S12, the locking / unlocking permission unit 717 does not permit the unlocking of the vehicle HV, and the start permission unit 718 does not permit the starting of the vehicle HV, and the authentication-related processing is ended.
 ここで、図6を用いて、第1認証部714での無線通信によるコード照合と第2認証部715での指紋認証との認証結果の組み合わせとそれに対応する処理との対応関係の一例をまとめる。 Here, FIG. 6 is used to summarize an example of a correspondence relationship between a combination of authentication results of code verification by wireless communication in the first authentication unit 714 and fingerprint authentication in the second authentication unit 715 and processing corresponding thereto. .
 図6に示すように、無線通信によるコード照合と指紋認証とのいずれも成立の場合には、車両HVの解錠と始動とのいずれも許可される。無線通信によるコード照合が成立したが、指紋認証が不成立の場合には、車両HVの解錠と始動とのいずれも不許可となるだけでなく、無線通信を利用した不正な認証が自車に対して行われたことが個人携帯機3へ通知される。無線通信によるコード照合は不成立だが、指紋認証が成立した場合には、車両HVの始動は許可しないが、解錠は許可される。無線通信によるコード照合と指紋認証とのいずれも不成立の場合には、車両HVの解錠と始動とのいずれも不許可となる。 As shown in FIG. 6, when both code verification and fingerprint authentication by wireless communication are established, both unlocking and starting of the vehicle HV are permitted. If code verification by wireless communication is established but fingerprint authentication is not established, both the unlocking and starting of the vehicle HV are not permitted, and unauthorized authentication using wireless communication is applied to the vehicle. The personal portable device 3 is notified that this has been done. Code verification by wireless communication is not established, but when fingerprint authentication is established, starting of the vehicle HV is not permitted, but unlocking is permitted. When neither the code verification by wireless communication nor the fingerprint authentication is established, neither unlocking nor starting of the vehicle HV is permitted.
 <実施形態1のまとめ>
 第1認証部714での無線通信を介したコード照合で認証が成立したが、第2認証部715での指紋認証が成立しなかった場合には、第1認証部714での無線通信を利用した認証がリレーアタック等によって不正に成立したものと推定できる。これに対して、実施形態1の構成によれば、第1認証部714での無線通信を介したコード照合で認証が成立したが、第2認証部715での指紋認証が成立しなかった場合には、無線通信を介した不正な認証が自車に対して行われたことを個人携帯機3へ通知させる。よって、ユーザがこの個人携帯機3から、無線通信を介した不正な認証が自車に対して行われたことを認知することができる。従って、ユーザは車両HVが盗難の標的になっていることを認知でき、例えば車両HVの車輪に盗難防止用のロックをかける等、車両盗難に対する防犯を強化することができる。 <Summary of Embodiment 1>
If authentication is established by code verification via wireless communication in the first authentication unit 714, but fingerprint authentication is not established in the second authentication unit 715, wireless communication in the first authentication unit 714 is used. It can be presumed that the authenticated authentication was illegally established by a relay attack or the like. On the other hand, according to the configuration of the first embodiment, when authentication is established by code verification via wireless communication in the first authentication unit 714, but fingerprint authentication is not established in the second authentication unit 715. In this case, the personal portable device 3 is notified that unauthorized authentication via wireless communication has been performed on the vehicle. Therefore, the user can recognize from this personal portable device 3 that unauthorized authentication via wireless communication has been performed on the vehicle. Therefore, the user can recognize that the vehicle HV is the target of theft, and can enhance crime prevention against the vehicle theft, for example, by locking the anti-theft on the wheel of the vehicle HV.
 また、実施形態1の構成によれば、第1認証部714での無線通信を介したコード照合で認証が成立しなかったが、第2認証部715での指紋認証が成立した場合には、車両HVの始動は許可しないものの解錠は許可する。これによれば、正規のユーザが車両HVの始動は必要とせず、荷物の積み下ろしを行う場合に、電子キー2を持たなくても車両HVの解錠を行うことが可能になり、利便性が向上する。 Further, according to the configuration of the first embodiment, authentication is not established by code verification via wireless communication in the first authentication unit 714, but when fingerprint authentication is established in the second authentication unit 715, The vehicle HV is not allowed to start but is allowed to unlock. According to this, when a legitimate user does not need to start the vehicle HV and loads and unloads the luggage, the vehicle HV can be unlocked without having the electronic key 2, which is convenient. improves.
 さらに、実施形態1の構成によれば、第1認証部714での無線通信を介したコード照合での認証と、第2認証部715での指紋認証との両方が成立しないと車両HVの始動を許可しないので、2重の認証によって盗難防止の効果が高まる。 Furthermore, according to the configuration of the first embodiment, the vehicle HV is started unless both authentication by code verification through wireless communication in the first authentication unit 714 and fingerprint authentication in the second authentication unit 715 are not established. Therefore, the anti-theft effect is enhanced by double authentication.
 また、センサ5が車両HVのアウタードアハンドル4に設けられているため、ユーザが乗車時の動作を行うだけで第2認証部715での指紋認証を行うことができる。よって、第2認証部715での認証のための余分な動作をユーザに強いる必要がなく、利便性を損なわない。 Further, since the sensor 5 is provided on the outer door handle 4 of the vehicle HV, the fingerprint authentication at the second authentication unit 715 can be performed only by the user performing an operation at the time of getting on. Therefore, it is not necessary to force the user to perform an extra operation for authentication in the second authentication unit 715, and convenience is not impaired.
 (実施形態2)
 実施形態1では、センサ5をアウタードアハンドル4に設ける構成を示したが、必ずしもこれに限らない。例えば、センサ5をスタートストップボタン12に設ける構成(以下、実施形態2)としてもよい。 (Embodiment 2)
In Embodiment 1, although the structure which provides the sensor 5 in the outer door handle 4 was shown, it does not necessarily restrict to this. For example, the sensor 5 may be provided on the start / stop button 12 (hereinafter, a second embodiment).
 <認証システム1a,認証ECU7a,主制御器71aの概略構成>
 実施形態2の認証システム1aは、図7に示すように、センサ5をアウタードアハンドル4に設ける代わりにスタートストップボタン12に設ける点と、認証ECU7の代わりに認証ECU7aを含む点を除けば、実施形態1の認証システム1と同様である。認証ECU7aは、図8に示すように、主制御器71の代わりに主制御器71a(主制御回路とも言及される)を備える点を除けば、実施形態1の認証ECU7と同様である。 <Schematic configuration of authentication system 1a, authentication ECU 7a, main controller 71a>
As shown in FIG. 7, the authentication system 1 a according to the second embodiment is provided with a sensor 5 provided on the start / stop button 12 instead of the outer door handle 4 and a point including the authentication ECU 7 a instead of the authentication ECU 7. This is the same as the authentication system 1 of the first embodiment. As shown in FIG. 8, the authentication ECU 7a is the same as the authentication ECU 7 of the first embodiment except that a main controller 71a (also referred to as a main control circuit) is provided instead of the main controller 71.
 主制御器71aは、認証関連処理の処理手順が異なる点を除けば、実施形態1の主制御器71と同様である。主制御器71aは、主制御器71と同様に、送信処理部711、受信処理部712、登録器713、第1認証部714、第2認証部715、認証結果統合部716、施解錠許可部717、始動許可部718、及び通知指示部719を備えている。 The main controller 71a is the same as the main controller 71 of the first embodiment except that the processing procedure of authentication-related processing is different. Similar to the main controller 71, the main controller 71a includes a transmission processing unit 711, a reception processing unit 712, a registration unit 713, a first authentication unit 714, a second authentication unit 715, an authentication result integration unit 716, an unlocking / unlocking permission unit. 717, a start permission unit 718, and a notification instruction unit 719 are provided.
 スタートストップボタン12は、車両HVの走行駆動源を始動させるためにユーザが操作するボタンであって、車室内に設けられている。このスタートストップボタン12は始動用入力部に相当する。実施形態2では、センサ5は、スタートストップボタン12を操作したユーザから生体情報を取得する。実施形態2でも、センサ5が接触発光式指紋センサであり、センサ5で取得する生体情報が指紋情報である場合を例に挙げて説明を行う。 The start / stop button 12 is a button operated by the user to start the traveling drive source of the vehicle HV, and is provided in the passenger compartment. The start / stop button 12 corresponds to a start input unit. In the second embodiment, the sensor 5 acquires biological information from the user who operates the start / stop button 12. Also in the second embodiment, the case where the sensor 5 is a contact light emission type fingerprint sensor and the biological information acquired by the sensor 5 is fingerprint information will be described as an example.
 実施形態2におけるLF送信器72は、近距離無線通信エリアが車両HVの運転席を含むものとする。なお、実施形態2において、センサ5をスタートストップボタン12に設ける理由は、センサ5を車両HVの全車両ドアに設ける構成に比べて、必要となるセンサ5の数を減らすことができるためである。 LF transmitter 72 in Embodiment 2 assumes that the short-range wireless communication area includes a driver seat of a vehicle HV. In the second embodiment, the reason why the sensor 5 is provided on the start / stop button 12 is that the number of required sensors 5 can be reduced as compared with the configuration in which the sensor 5 is provided on all vehicle doors of the vehicle HV. .
 <主制御器71aでの認証関連処理>
 ここで、図9のフローチャートを用いて、認証ECU7aの主制御器71aでの認証関連処理の流れの一例について説明を行う。図9のフローチャートは、車両HVの運転席の車両ドアが解錠されて車両ドアが開けられた後、スタートストップボタン12が操作されたときに開始される。例えば、解錠については第1認証部714での無線通信によるコード照合が成立した場合に許可すればよい。 <Authentication-related processing in the main controller 71a>
Here, an example of the flow of authentication-related processing in the main controller 71a of the authentication ECU 7a will be described using the flowchart of FIG. The flowchart of FIG. 9 is started when the start / stop button 12 is operated after the vehicle door of the driver's seat of the vehicle HV is unlocked and the vehicle door is opened. For example, unlocking may be permitted when code verification by wireless communication in the first authentication unit 714 is established.
 まず、S21では、S3と同様にして、送信処理部711が、車両識別コードを含むリクエスト信号を送信させる。S22では、S4と同様にして、受信処理部712が、レスポンス信号を受信できた場合(S22でYES)には、S23に移る。一方、受信できなかった場合(S22でNO)には、S33に移る。 First, in S21, similarly to S3, the transmission processing unit 711 transmits a request signal including a vehicle identification code. In S22, similarly to S4, when the reception processing unit 712 has received a response signal (YES in S22), the process proceeds to S23. On the other hand, if it cannot be received (NO in S22), the process proceeds to S33.
 S23では、S5と同様にして、第1認証部714がコード照合による認証を行う。S24では、第1認証部714でのコード照合による認証が成立した場合(S24でYES)には、S25に移る。一方、コード照合による認証が不成立であった場合(S24でNO)には、S33に移る。 In S23, as in S5, the first authentication unit 714 performs authentication by code verification. In S24, when the authentication by the code verification in the first authentication unit 714 is established (YES in S24), the process proceeds to S25. On the other hand, if authentication by code verification is not established (NO in S24), the process proceeds to S33.
 なお、第1認証部714での無線通信によるコード照合によって解錠を許可する構成とした場合には、S21~S24,及び後述のS33の処理を省略してもよい。 In addition, when it is set as the structure which permits unlocking by the code verification by the wireless communication in the 1st authentication part 714, you may abbreviate | omit the process of S21-S24 and below-mentioned S33.
 S25では、主制御器71aが、車両HVの電源転移を可能にし、S26に移る。ここで言うところの電源転移とは、車両HVの電源オフから、アクセサリ(つまり、ACC)電源オン、イグニッション(つまり、IGN)オンまでの電源転移であって、車両HVの始動の許可は除くものとする。 In S25, the main controller 71a enables power transfer of the vehicle HV, and proceeds to S26. The power transfer mentioned here is a power transfer from turning off the vehicle HV to turning on the accessory (ie, ACC) and turning on the ignition (ie, IGN), and excluding permission to start the vehicle HV. And
 S26では、第2認証部715が、センサ5を介して指紋情報を取得した場合(S26でYES)には、S27に移る。一方、指紋情報を取得していない場合(S26でNO)には、S31に移る。S27では、S2と同様にして、第2認証部715が指紋認証を行う。 In S26, when the second authentication unit 715 acquires fingerprint information via the sensor 5 (YES in S26), the process proceeds to S27. On the other hand, if fingerprint information has not been acquired (NO in S26), the process proceeds to S31. In S27, the second authentication unit 715 performs fingerprint authentication in the same manner as S2.
 S28では、第2認証部715での指紋認証が成立した場合(S28でYES)には、S29に移る。一方、指紋認証が不成立であった場合(S28でNO)には、S30に移る。 In S28, when fingerprint authentication is established in the second authentication unit 715 (YES in S28), the process proceeds to S29. On the other hand, if fingerprint authentication has not been established (NO in S28), the process proceeds to S30.
 S29では、始動許可部718が車両HVの始動を許可し、認証関連処理を終了する。S30では、リレーアタックといった不正な認証が自車に行われたものとし、始動許可部718が車両HVの始動を許可しないとともに、通知指示部719が、無線通信を利用した不正な認証が自車に対して行われたことを、DCM6から個人携帯機3へ通知させる。そして、認証関連処理を終了する。 In S29, the start permission unit 718 permits the start of the vehicle HV and ends the authentication-related processing. In S30, it is assumed that an unauthorized authentication such as a relay attack has been performed on the vehicle, the start permission unit 718 does not permit the vehicle HV to start, and the notification instruction unit 719 performs an unauthorized authentication using wireless communication. Is notified from the DCM 6 to the personal portable device 3. Then, the authentication related process ends.
 S26で指紋情報を取得していない場合のS31では、始動許可部718が車両HVの始動を許可せずに、S32に移る。S32では、認証関連処理の終了タイミングであった場合(S32でYES)には、認証関連処理を終了する。一方、認証関連処理の終了タイミングでなかった場合(S32でNO)には、S26に戻って処理を繰り返す。ここでの認証関連処理の終了タイミングとは、車両HVからユーザが降車したとき等が挙げられる。車両HVからユーザが降車したことは、車両HVの着座センサでの検出結果、車両HVの室内アンテナから送信するリクエスト信号に対する電子キー2の応答の有無等から主制御器71aが判断すればよい。 In S31 when fingerprint information is not acquired in S26, the start permission unit 718 does not permit the start of the vehicle HV, and proceeds to S32. If it is the end timing of the authentication related process in S32 (YES in S32), the authentication related process is ended. On the other hand, if it is not the end timing of the authentication related process (NO in S32), the process returns to S26 and is repeated. The end timing of the authentication-related processing here is when the user gets off the vehicle HV. The main controller 71a may determine that the user has exited the vehicle HV from the detection result of the seating sensor of the vehicle HV, the presence or absence of a response of the electronic key 2 to the request signal transmitted from the indoor antenna of the vehicle HV, and the like.
 S22でレスポンス信号を受信できなかった場合、若しくはS24でコード照合による認証が不成立であった場合のS33では、始動許可部718が車両HVの始動を許可せず、認証関連処理を終了する。 In S33 when the response signal cannot be received in S22, or in the case where the authentication by the code verification is not established in S24, the start permission unit 718 does not permit the start of the vehicle HV and ends the authentication related process.
 実施形態2では、実施形態1のセンサ5をアウタードアハンドル4に設けるという構成に代えて、センサ5を車室内のスタートストップボタン12に設けるという構成を採用している。このような構成を採用した場合であっても、電子キー2を持たなくても車両HVの解錠を行うことが可能になる点の効果を除けば、実施形態1と同様の効果を得ることができる。 In the second embodiment, a configuration in which the sensor 5 is provided in the start / stop button 12 in the vehicle interior is employed instead of the configuration in which the sensor 5 of the first embodiment is provided in the outer door handle 4. Even when such a configuration is adopted, the same effects as in the first embodiment can be obtained except that the vehicle HV can be unlocked without having the electronic key 2. Can do.
 また、センサ5が車両HVのスタートストップボタン12に設けられているため、ユーザが始動時の動作を行うだけで第2認証部715での指紋認証を行うことができる。よって、第2認証部715での認証のための余分な動作をユーザに強いる必要がなく、利便性を損なわない。 Further, since the sensor 5 is provided on the start / stop button 12 of the vehicle HV, the user can perform fingerprint authentication at the second authentication unit 715 only by performing an operation at the time of starting. Therefore, it is not necessary to force the user to perform an extra operation for authentication in the second authentication unit 715, and convenience is not impaired.
 (変形例1)
 センサ5として接触式の生体認証センサを用いる場合には、ユーザが車両HVへの乗車時若しくは始動時に触れる部材であれば、アウタードアハンドル4及びスタートストップボタン12以外の部材にセンサ5が設けられる構成としてもよい。 (Modification 1)
When a contact-type biometric sensor is used as the sensor 5, the sensor 5 is provided on a member other than the outer door handle 4 and the start / stop button 12 as long as the user touches the vehicle HV when getting on or starting the vehicle. It is good also as a structure.
 (変形例2)
 センサ5として接触式の生体認証センサを用いる構成に必ずしも限らない。例えば、非接触式の生体認証センサを用いる構成としてもよい。一例としては、非接触式の指紋センサ、静脈認識センサを用いる構成とすればよい。他にも、ユーザを撮像した撮像画像から個人認証を行う装置で用いられる撮像装置をセンサ5として用いる構成としてもよい。 (Modification 2)
The configuration using a contact-type biometric sensor as the sensor 5 is not necessarily limited. For example, a configuration using a non-contact type biometric sensor may be used. As an example, a configuration using a non-contact type fingerprint sensor or a vein recognition sensor may be used. In addition, it is good also as a structure which uses the imaging device used with the apparatus which performs a personal authentication from the captured image which imaged the user as the sensor 5. FIG.
 (変形例3)
 第2認証部715で行う認証は、第1認証部714で用いる無線通信を介したコード照合以外の方法による認証であれば、必ずしも生体認証でなくてもよい。例えば、個人携帯機3との間での無線通信を介した認証であってもよい。一例を述べると、無線通信規格としてBluetooth(登録商標)を用いる場合には、ペアリング時に用いるPINコードの照合によって第2認証部715が認証を行う構成とすればよい。第2認証部715で個人携帯機3との間での無線通信を介した認証を行う場合には、個人携帯機3と主制御器71との間での通信を仲介するための通信部を認証ECU7がさらに備える構成とすればよい。 (Modification 3)
The authentication performed by the second authentication unit 715 is not necessarily biometric authentication as long as the authentication is performed by a method other than code verification via wireless communication used by the first authentication unit 714. For example, authentication via wireless communication with the personal portable device 3 may be used. For example, when Bluetooth (registered trademark) is used as a wireless communication standard, the second authentication unit 715 may perform authentication by collating a PIN code used during pairing. When the second authentication unit 715 performs authentication via wireless communication with the personal portable device 3, a communication unit for mediating communication between the personal portable device 3 and the main controller 71 is provided. What is necessary is just to set it as the structure with which authentication ECU7 is further provided.
 第2認証部715で行う認証が生体認証でなくても、第1認証部714で用いる無線通信を介したコード照合以外の方法による認証であれば、実施形態1と同様の効果を得ることができる。 Even if the authentication performed by the second authentication unit 715 is not biometric authentication, the same effect as that of the first embodiment can be obtained as long as authentication is performed by a method other than code verification via wireless communication used by the first authentication unit 714. it can.
 (変形例4)
 また、通知指示部719からDCM6を介して通知を受けた個人携帯機3が行う、無線通信を利用した不正な認証が自車に対して行われたことを示す表示及び/又は音声出力は、通知の直後であってもよいし、直後でなくてもよい。直後でない場合の構成としては、個人携帯機3で通知を受けたことを記録しておき、ユーザが任意のタイミングで通知の内容を確認する構成等がある。 (Modification 4)
In addition, a display and / or audio output indicating that unauthorized authentication using wireless communication has been performed on the own vehicle, which is performed by the personal portable device 3 that is notified from the notification instruction unit 719 via the DCM 6, It may be immediately after the notification or may not be immediately after. As a configuration not immediately after, there is a configuration in which the notification is received by the personal portable device 3 and the user confirms the content of the notification at an arbitrary timing.
 (変形例5)
 実施形態1、実施形態2では、通信端末として多機能携帯電話機といった個人携帯機3を用いる構成を示したが、必ずしもユーザが携帯若しくは装着する通信端末に限らない。例えば、通信端末としてユーザの自宅にあるPC、ホームセキュリティ端末等を用いる構成としてもよい。 (Modification 5)
In the first and second embodiments, the configuration in which the personal portable device 3 such as a multi-function mobile phone is used as a communication terminal has been described. For example, it is good also as a structure which uses PC in a user's home, a home security terminal, etc. as a communication terminal.
 (変形例6)
 実施形態1,2では、無線通信を利用した不正な認証が自車に対して行われたことを、通知指示部719がDCM6から個人携帯機3へ通知させる構成を示したが、必ずしもこれに限らない。例えば、ユーザの車両HVへの乗車時に、無線通信を利用した不正な認証が自車に対して行われたことを、通知指示部719bが自車に搭載された表示装置13に通知して表示させる構成(以下、変形例6)としてもよい。 (Modification 6)
In the first and second embodiments, the configuration in which the notification instruction unit 719 notifies the personal portable device 3 from the DCM 6 that unauthorized authentication using wireless communication has been performed on the own vehicle has been described. Not exclusively. For example, when the user gets on the vehicle HV, the notification instructing unit 719b notifies the display device 13 mounted on the own vehicle that the unauthorized authentication using wireless communication has been performed on the own vehicle. It is good also as a structure (henceforth modification 6) to be made.
 以下、本開示の変形例6について図面を用いて説明する。変形例6の認証ECU7bは、図10に示すように、通知指示部719の代わりに通知指示部719bを備える点、及びDCM6を介して携帯機3に通知を行う代わりに表示装置13に通知を行う点を除けば、実施形態1の認証ECU7と同様である。 Hereinafter, Modification 6 of the present disclosure will be described with reference to the drawings. As shown in FIG. 10, the authentication ECU 7b of Modification 6 includes a notification instruction unit 719b instead of the notification instruction unit 719, and notifies the display device 13 instead of notifying the portable device 3 via the DCM 6. Except for the point to perform, it is the same as the authentication ECU 7 of the first embodiment.
 表示装置13は、車両HVに搭載される表示装置である。表示装置13としては、例えばコンビネーションメータ、CID(Center Information Display)、HUD(Head-Up Display)等がある。 The display device 13 is a display device mounted on the vehicle HV. Examples of the display device 13 include a combination meter, CID (Center Information Display), and HUD (Head-Up Display).
 通知指示部719bは、第1認証部714で認証成立であったが、第2認証部715で認証不成立であった場合に、無線通信を利用した不正な認証が自車に対して行われたことを、ユーザの車両HVの乗車時に、表示装置13へ通知する。通知を受けた表示装置13は、無線通信を利用した不正な認証が自車に対して行われたことを表示装置13に表示させる。 The notification instructing unit 719b is authenticated by the first authenticating unit 714, but when the authentication is not established by the second authenticating unit 715, unauthorized authentication using wireless communication is performed on the own vehicle. This is notified to the display device 13 when the user gets on the vehicle HV. The display device 13 that has received the notification causes the display device 13 to display that unauthorized authentication using wireless communication has been performed on the vehicle.
 ユーザの車両HVの乗車時は、ボデーECU8から得られる車両ドア開閉の信号、着座センサの信号等から通知指示部719bが判断する構成とすればよい。 When the user rides on the vehicle HV, the notification instruction unit 719b may determine from the vehicle door opening / closing signal obtained from the body ECU 8, the signal from the seating sensor, and the like.
 変形例6の構成によれば、無線通信を介した不正な認証が自車に対して行われたことを、車両HVへの乗車時にユーザが認知することができる。なお、変形例6において、通知指示部719bがDCM6から個人携帯機3への通知も行う構成としてもよい。 According to the configuration of Modification 6, the user can recognize that unauthorized authentication via wireless communication has been performed on the host vehicle when the vehicle HV is boarded. In the sixth modification, the notification instruction unit 719b may also notify the personal portable device 3 from the DCM 6.
 (変形例7)
 実施形態1,2では、車両ドアの施解錠を行うボデーECU8が認証ECU7,7aと別個に設けられている構成を示したが、必ずしもこれに限らない。例えば、車両ドアの施解錠を行うボデーECU8が認証ECU7,7aと統合されている構成(以下、変形例7)としてもよい。 (Modification 7)
In the first and second embodiments, the configuration in which the body ECU 8 that locks and unlocks the vehicle door is provided separately from the authentication ECUs 7 and 7a is shown, but the configuration is not necessarily limited thereto. For example, the body ECU 8 that locks and unlocks the vehicle door may be configured to be integrated with the authentication ECUs 7 and 7a (hereinafter, modified example 7).
 以下、本開示の変形例7について図面を用いて説明する。変形例7の認証ECU7cは、図11に示すように、施解錠操作部720を備える点を除けば、実施形態1の認証ECU7と同様である。 Hereinafter, Modification 7 of the present disclosure will be described with reference to the drawings. As shown in FIG. 11, the authentication ECU 7c according to the modified example 7 is the same as the authentication ECU 7 according to the first embodiment except that a locking / unlocking operation unit 720 is provided.
 施解錠操作部720は、実施形態1で説明したボデーECU8と同様の処理を行うことで、駆動信号をドアロックモータ14に出力し、車両ドアの施解錠を行う。この施解錠操作部720は解錠操作部に相当する。 The locking / unlocking operation unit 720 performs a process similar to that of the body ECU 8 described in the first embodiment, thereby outputting a drive signal to the door lock motor 14 to lock / unlock the vehicle door. This locking / unlocking operation unit 720 corresponds to an unlocking operation unit.
 本開示は、実施例に準拠して記述されたが、本開示は当該実施例や構造に限定されるものではないと理解される。本開示は、様々な変形例や均等範囲内の変形をも包含する。加えて、様々な組み合わせや形態、さらには、それらに一要素のみ、それ以上、あるいはそれ以下、を含む他の組み合わせや形態をも、本開示の範疇や思想範囲に入るものである。

  Although the present disclosure has been described with reference to the embodiments, it is understood that the present disclosure is not limited to the embodiments and structures. The present disclosure includes various modifications and modifications within the equivalent range. In addition, various combinations and forms, as well as other combinations and forms including only one element, more or less, are within the scope and spirit of the present disclosure.

Claims (12)

  1.  車両で用いられて、
     電子キーとして用いられる携帯機(2)との間での無線通信を介したコード照合によって認証を行う第1認証部(714)を備える車載装置であって、
     前記第1認証部で用いる無線通信を介したコード照合以外の方法で認証を行う第2認証部(715)と、
     前記第1認証部で認証が成立したが、前記第2認証部で認証が成立しなかった場合に、無線通信を利用した不正な認証が前記車両に対して行われたことを前記車両のユーザの通信端末(3)へ通知させる通知指示部(719,719b)とを備える車載装置。     Used in vehicles,
    An in-vehicle device including a first authentication unit (714) for performing authentication by code verification via wireless communication with a portable device (2) used as an electronic key,
    A second authentication unit (715) that performs authentication by a method other than code verification via wireless communication used in the first authentication unit;
    If authentication is established in the first authentication unit, but authentication is not established in the second authentication unit, an unauthorized authentication using wireless communication has been performed on the vehicle. Vehicle-mounted apparatus provided with the notification instruction | indication part (719,719b) which notifies to the communication terminal (3).
  2.  請求項1において、
     前記車両の始動を許可する始動許可部(718)をさらに備え、
     前記始動許可部は、前記第1認証部と前記第2認証部との両方で認証が成立しないと前記車両の始動を許可しない車載装置。     In claim 1,
    A start permission unit (718) for allowing the vehicle to start;
    The start permission unit is an in-vehicle device that does not permit start of the vehicle unless authentication is established in both the first authentication unit and the second authentication unit.
  3.  請求項2において、
     前記車両のドアの解錠を許可する解錠許可部(717)をさらに備え、
     前記解錠許可部は、前記第2認証部で認証が成立すれば前記車両のドアの解錠を許可する車載装置。     In claim 2,
    An unlocking permission unit (717) for permitting unlocking of the vehicle door;
    The unlocking permission unit is an in-vehicle device that permits unlocking of the door of the vehicle if authentication is established by the second authentication unit.
  4.  請求項3において、
     前記車両のドアの解錠を行わせる解錠操作部(720)をさらに備える車載装置。     In claim 3,
    An in-vehicle device further comprising an unlocking operation unit (720) for unlocking the door of the vehicle.
  5.  請求項1~4のいずれか1項において、
     前記第2認証部は、生体認証によって認証を行う車載装置。     In any one of claims 1 to 4,
    The second authentication unit is an in-vehicle device that performs authentication by biometric authentication.
  6.  請求項5において、
     前記第2認証部は、ユーザが接触するセンサ(5)で取得したこのユーザの生体情報を用いて生体認証を行う車載装置。     In claim 5,
    The second authentication unit is an in-vehicle device that performs biometric authentication using the biometric information of the user acquired by the sensor (5) that the user contacts.
  7.  請求項6において、
     前記第2認証部は、前記車両のアウタードアハンドル(4)に設けられた前記センサで取得したユーザの生体情報を用いて生体認証を行う車載装置。     In claim 6,
    The second authentication unit is an in-vehicle device that performs biometric authentication using user biometric information acquired by the sensor provided on the outer door handle (4) of the vehicle.
  8.  請求項6において、
     前記第2認証部は、前記車両の走行駆動源を始動させるためにユーザが操作する始動用入力部(12)に設けられた前記センサで取得したユーザの生体情報を用いて生体認証を行う車載装置。     In claim 6,
    The second authenticating unit performs biometric authentication using the biometric information of the user acquired by the sensor provided in the starting input unit (12) operated by the user to start the traveling drive source of the vehicle. apparatus.
  9.  請求項1~8のいずれか1項において、
     前記通知指示部は、無線通信を利用した不正な認証が前記車両に対して行われたことを、前記車両のユーザに携帯若しくは装着される前記通信端末へ通知させる車載装置。     In any one of claims 1 to 8,
    The in-vehicle device that causes the user of the vehicle to notify the communication terminal carried or worn by the vehicle user that the unauthorized authentication using wireless communication has been performed on the vehicle.
  10.  請求項1~9のいずれか1項において、
     前記通知指示部(719)は、無線通信を利用した不正な認証が前記車両に対して行われたことを、テレマティクスサービスに用いる車載通信モジュール(6)を介して、前記車両のユーザの通信端末へ通知させる車載装置。     In any one of claims 1 to 9,
    The notification instructing unit (719) communicates that the unauthorized authentication using wireless communication has been performed on the vehicle via a vehicle-mounted communication module (6) used for a telematics service. In-vehicle device to notify
  11.  請求項1~9のいずれか1項において、
     前記通知指示部(719b)は、無線通信を利用した不正な認証が前記車両に対して行われたことを、前記車両のユーザの前記車両への乗車時に、前記車両に搭載された表示装置(13)に表示させる車載装置。     In any one of claims 1 to 9,
    The notification instructing unit (719b) indicates that unauthorized authentication using wireless communication has been performed on the vehicle when a user of the vehicle gets on the vehicle. 13) In-vehicle device to be displayed.
  12.  電子キーとして用いられる携帯機(2)と、
     車両で用いられて、前記携帯機との間での無線通信を介したコード照合によって認証を行う第1認証部(714)を備える車載装置であって、
     前記第1認証部で用いる無線通信を介したコード照合以外の方法で認証を行う第2認証部(715)と、
     前記第1認証部で認証が成立したが、前記第2認証部で認証が成立しなかった場合に、無線通信を利用した不正な認証が前記車両に対して行われたことを前記車両のユーザの通信端末(3)へ通知させる通知指示部(719,719b)とを備える車載装置(7,7a,7b,7c)とを含む認証システム。

          A portable device (2) used as an electronic key;
    An in-vehicle device including a first authentication unit (714) used in a vehicle and performing authentication by code verification via wireless communication with the portable device,
    A second authentication unit (715) that performs authentication by a method other than code verification via wireless communication used in the first authentication unit;
    If authentication is established in the first authentication unit, but authentication is not established in the second authentication unit, an unauthorized authentication using wireless communication has been performed on the vehicle. An in-vehicle device (7, 7a, 7b, 7c) provided with a notification instructing unit (719, 719b) for notifying the communication terminal (3).

PCT/JP2016/079727 2015-12-24 2016-10-06 Vehicular on-board device and authentication system WO2017110207A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020187013154A KR102071406B1 (en) 2015-12-24 2016-10-06 In-vehicle Devices and Authentication Systems

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2015252252A JP6451622B2 (en) 2015-12-24 2015-12-24 In-vehicle device and authentication system
JP2015-252252 2015-12-24

Publications (1)

Publication Number Publication Date
WO2017110207A1 true WO2017110207A1 (en) 2017-06-29

Family

ID=59089996

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/079727 WO2017110207A1 (en) 2015-12-24 2016-10-06 Vehicular on-board device and authentication system

Country Status (3)

Country Link
JP (1) JP6451622B2 (en)
KR (1) KR102071406B1 (en)
WO (1) WO2017110207A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109249895A (en) * 2017-07-13 2019-01-22 上海荆虹电子科技有限公司 A kind of automobile and management control system and method based on living things feature recognition
WO2020080076A1 (en) * 2018-10-19 2020-04-23 住友電装株式会社 Vehicle-mounted control device, vehicle-mounted control method, and computer program
EP3643569A1 (en) * 2018-10-23 2020-04-29 DURA Automotive Holdings U.K., Ltd. Method for accessing and starting a vehicle
WO2020139296A3 (en) * 2018-12-25 2020-07-30 Turkcell Teknoloji̇ Araştirma Ve Geli̇şti̇rme Anoni̇m Şi̇rketi̇ A vehicle owner identification system over key-fob
RU2730683C1 (en) * 2019-04-10 2020-08-25 Тойота Дзидося Кабусики Кайся Communication device, communication system and method of communication
CN111619508A (en) * 2019-02-26 2020-09-04 现代摩比斯株式会社 Remote control system for vehicle and operation method thereof
CN111767528A (en) * 2019-03-28 2020-10-13 丰田自动车株式会社 Vehicle authentication device and vehicle authentication method

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6962301B2 (en) 2018-09-25 2021-11-05 株式会社オートネットワーク技術研究所 Relay device
JP7198682B2 (en) * 2019-02-01 2023-01-04 株式会社東海理化電機製作所 Authentication system and authentication method
JP7233285B2 (en) * 2019-03-29 2023-03-06 株式会社Subaru vehicle authentication system
JP7412145B2 (en) 2019-11-20 2024-01-12 株式会社Subaru vehicle control system
KR102241775B1 (en) * 2019-11-20 2021-04-19 삼보모터스주식회사 Dual security control method for vehicle, and device and system using the same
KR102314798B1 (en) * 2019-12-31 2021-10-19 주식회사 성우하이텍 retractable door handle
JP2021161724A (en) * 2020-03-31 2021-10-11 株式会社東海理化電機製作所 Communication system and communication method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11298640A (en) * 1998-04-10 1999-10-29 Sony Corp Car security system
JP2002302016A (en) * 2001-04-09 2002-10-15 Nippon Telegr & Teleph Corp <Ntt> Vehicle security system, vehicle, and security center
JP2003221960A (en) * 2002-01-29 2003-08-08 Tokai Rika Co Ltd Door opening and closing device
JP2005273281A (en) * 2004-03-24 2005-10-06 Teruhiko Ishiguro Locking/unlocking system of door and transmission device using the same, locking/unlocking system of vehicle, locking/unlocking system of taxi, and locking/unlocking system of gas station
JP2009288944A (en) * 2008-05-28 2009-12-10 Tokai Rika Co Ltd Personal identification system
JP2014134082A (en) * 2013-01-14 2014-07-24 Denso Corp Vehicular system, electronic key, portable terminal, and on-vehicle device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5400407B2 (en) 2009-02-10 2014-01-29 アルプス電気株式会社 Keyless entry device
US9031712B2 (en) * 2012-06-30 2015-05-12 Intel Corporation Remote management and control of vehicular functions via multiple networks

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11298640A (en) * 1998-04-10 1999-10-29 Sony Corp Car security system
JP2002302016A (en) * 2001-04-09 2002-10-15 Nippon Telegr & Teleph Corp <Ntt> Vehicle security system, vehicle, and security center
JP2003221960A (en) * 2002-01-29 2003-08-08 Tokai Rika Co Ltd Door opening and closing device
JP2005273281A (en) * 2004-03-24 2005-10-06 Teruhiko Ishiguro Locking/unlocking system of door and transmission device using the same, locking/unlocking system of vehicle, locking/unlocking system of taxi, and locking/unlocking system of gas station
JP2009288944A (en) * 2008-05-28 2009-12-10 Tokai Rika Co Ltd Personal identification system
JP2014134082A (en) * 2013-01-14 2014-07-24 Denso Corp Vehicular system, electronic key, portable terminal, and on-vehicle device

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109249895A (en) * 2017-07-13 2019-01-22 上海荆虹电子科技有限公司 A kind of automobile and management control system and method based on living things feature recognition
WO2020080076A1 (en) * 2018-10-19 2020-04-23 住友電装株式会社 Vehicle-mounted control device, vehicle-mounted control method, and computer program
JP2020063022A (en) * 2018-10-19 2020-04-23 住友電装株式会社 On-vehicle control device, on-vehicle control method and computer program
JP7125323B2 (en) 2018-10-19 2022-08-24 住友電装株式会社 VEHICLE CONTROL DEVICE, VEHICLE CONTROL METHOD AND COMPUTER PROGRAM
US11993226B2 (en) 2018-10-19 2024-05-28 Sumitomo Wiring Systems, Ltd. On-vehicle control device, on-vehicle control method and computer program
EP3643569A1 (en) * 2018-10-23 2020-04-29 DURA Automotive Holdings U.K., Ltd. Method for accessing and starting a vehicle
WO2020139296A3 (en) * 2018-12-25 2020-07-30 Turkcell Teknoloji̇ Araştirma Ve Geli̇şti̇rme Anoni̇m Şi̇rketi̇ A vehicle owner identification system over key-fob
CN111619508A (en) * 2019-02-26 2020-09-04 现代摩比斯株式会社 Remote control system for vehicle and operation method thereof
CN111619508B (en) * 2019-02-26 2022-09-13 现代摩比斯株式会社 Remote control system for vehicle and operation method thereof
CN111767528A (en) * 2019-03-28 2020-10-13 丰田自动车株式会社 Vehicle authentication device and vehicle authentication method
RU2730683C1 (en) * 2019-04-10 2020-08-25 Тойота Дзидося Кабусики Кайся Communication device, communication system and method of communication

Also Published As

Publication number Publication date
JP2017115439A (en) 2017-06-29
JP6451622B2 (en) 2019-01-16
KR20180067605A (en) 2018-06-20
KR102071406B1 (en) 2020-01-30

Similar Documents

Publication Publication Date Title
JP6451622B2 (en) In-vehicle device and authentication system
JP6447610B2 (en) Vehicle control system and vehicle control device
WO2019150898A1 (en) Authentication system for vehicle and vehicle-mounted apparatus
US10984616B2 (en) Car sharing system and car sharing program
JP5425446B2 (en) Smart keyless entry system
JP5298807B2 (en) Electronic key system
JP6695774B2 (en) Electronic key system with biometrics
US20130099940A1 (en) Method and Apparatus for User Authentication and Security
JP6372707B2 (en) Vehicle control system
CN106469480A (en) Control system, control device and mobile device of carrier
JP2016168946A (en) Vehicle wireless communication system, vehicle control unit, and handheld equipment
US11110894B2 (en) Car sharing system
US20220198856A1 (en) Communication control system and communication control method
JP2018145615A (en) On-vehicle equipment control method using key system and key system
JP7125323B2 (en) VEHICLE CONTROL DEVICE, VEHICLE CONTROL METHOD AND COMPUTER PROGRAM
JP5177689B2 (en) Remote control system
JP4140731B2 (en) Vehicle communication device
JP5193730B2 (en) Authentication system and authentication method for articles equipped with position teaching function
KR100958746B1 (en) Vehicle control method using manual key and smart key and vehicle and smart key signal processor using the same
WO2017208481A1 (en) Vehicle authentication system and mobile device
JP2018053489A (en) Smart key system
JP2020113065A (en) Information management system
JP6894345B2 (en) Wireless communication system
JP2013100717A (en) Smart keyless entry system
KR20130113160A (en) Car starting control method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16878105

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 20187013154

Country of ref document: KR

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16878105

Country of ref document: EP

Kind code of ref document: A1