Key Information Management System
The key information management system addresses the vulnerability of digital key systems by using a distribution device and sharing terminal to verify and hash unique information, ensuring secure and efficient management of key information.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- MINEBEA ACCESSSOLUTIONS INC
- Filing Date
- 2024-12-26
- Publication Date
- 2026-07-08
AI Technical Summary
Existing systems for managing digital keys, such as those described in Patent Document 1, are vulnerable to unauthorized use due to the ease of replicating and stealing key information, particularly when provided as two-dimensional codes, leading to concerns about third-party access.
A key information management system that includes a distribution device and a sharing terminal, where unique information is input during the registration process, allowing the target device to verify and hash the information, preventing unauthorized registration and use, and includes a management device for centralized key information management.
The system securely manages key information by verifying and hashing unique information, preventing unauthorized use and deletion, thus enhancing security and efficiency in key distribution and management.
Smart Images

Figure 2026114530000001_ABST
Abstract
Description
Technical Field
[0001] The present invention relates to a key information management system.
Background Art
[0002] Patent Document 1 discloses a system including a cloud system that acquires authentication information of a digital key for using a vehicle, a vehicle that performs authentication of the digital key, and an information processing terminal that can be carried by a user and includes a mobile device that transmits the digital key to the vehicle. In the above system, when the authentication of the digital key transmitted from the mobile device is successful, the vehicle can be used.
Prior Art Documents
Patent Documents
[0003]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0004] In a system as disclosed in Patent Document 1, an owner who is the owner of a vehicle can make it possible for a guest to use the vehicle by making a share key acquisition request to the cloud system. In such a system, for example, when key information necessary for authentication of a digital key by a guest is provided to the guest in the form of a two-dimensional code, the two-dimensional code is easily replicated and easily stolen by a third party, so there is a concern about unauthorized use of the vehicle by a third party. For this reason, a system that can safely manage key information is desired.
[0005] The present invention has been made in view of the above problems, and provides a key information management system that can safely manage key information.
Means for Solving the Problems
[0006] As a means to solve the above problems, the present invention provides a key information management system for managing key information used for authenticating a digital key to control a target device, comprising: a distribution device that distributes key information to be registered in the target device; and a sharing terminal that receives the key information, wherein the sharing terminal transmits unique information to the distribution device, and the unique information is input to the target device during the registration process in which the key information is registered in the target device.
[0007] According to the above configuration, unique information is transmitted to the distribution device and input into the target device during the registration process. This allows the target device to verify the unique information, preventing unauthorized registration of key information. In other words, key information can be managed securely. As a result, unauthorized use of the target device by third parties can be prevented.
[0008] The distribution device may transmit the converted information obtained by converting the unique information into data to the sharing destination terminal, and the sharing destination terminal may transmit the converted information to the target device.
[0009] According to the above configuration, since the unique information used in the registration process to register key information with the target device is converted into data, it is possible to prevent unauthorized use of the target device even if the key information falls into the hands of a third party.
[0010] The distribution device may transmit to the sharing destination terminal a first hash value, which is obtained by hashing the hashed information and the unique information that are stored in advance in the target device, and the sharing destination terminal may transmit the first hash value to the target device.
[0011] According to the above configuration, the unique information used in the registration process to register key information with the target device is hashed in a way that makes it impossible to decrypt, thus preventing unauthorized use of the target device even if the key information falls into the hands of a third party.
[0012] The target device may obtain a second hash value obtained by hashing the unique information and the hashed information, and if the first hash value transmitted from the sharing terminal matches the second hash value, it may register the key information.
[0013] According to the above configuration, if the first hash value and the second hash value match, the key information is registered in the target device. In other words, if the first hash value and the second hash value do not match, the key information is not registered in the target device. Therefore, the key information can be managed securely. As a result, unauthorized use of the target device by third parties can be prevented.
[0014] The unique information may also be input to the target device during a deletion process to delete the key information registered in the target device.
[0015] According to the above configuration, unauthorized deletion of key information by third parties can be prevented, and key information can be managed securely.
[0016] The unique information may be manually entered into the target device by the user who owns the shared terminal.
[0017] With the above configuration, since the sharing user manually enters the unique information, theft of the unique information can be prevented compared to when the unique information is transmitted as data from the sharing terminal to the target device, and a greater security effect can be expected.
[0018] The distribution device is a sharing terminal owned by a sharing user who is the source of the sharing of the target device, and the sharing terminal may convert the first hash value and the key information into a two-dimensional code and transmit it to the receiving terminal.
[0019] According to the above configuration, since the key information is converted into a two-dimensional code and transmitted to the sharing destination terminal, even if the sharing source user does not know the contact information (such as email address, account information of the communication application, etc.) of the sharing destination user, the key information can be easily transmitted from the sharing source terminal to the sharing destination terminal.
[0020] The distribution device is a management device that manages key information by associating the target device and the sharing destination terminal, and the management device may transmit website access information for registering the key information.
[0021] According to the above configuration, the key information can be centrally managed by a management device (for example, a server), and the management of the key information can be made more efficient.
Effects of the Invention
[0022] According to the key information sharing system of the present invention, the key information can be managed more securely.
Brief Description of the Drawings
[0023] [Figure 1] Schematic configuration diagram of the key information management system according to the first embodiment. [Figure 2] Block diagram showing the configuration of the key information management system according to the first embodiment. [Figure 3] Flow diagram of the information used in the key registration process according to the first embodiment. [Figure 4] Sequence diagram showing the key registration process according to the first embodiment. [Figure 5] Sequence diagram showing the unlocking process according to the first embodiment. [Figure 6] Sequence diagram showing the key deletion process according to the first embodiment. [Figure 7] Block diagram showing the configuration of the key information management system according to the second embodiment. [Figure 8A] Sequence diagram showing the first half of the key registration process according to the second embodiment. [Figure 8B]A sequence diagram showing the latter half of the key registration process according to the second embodiment. [Figure 9] A sequence diagram showing the key deletion process according to the second embodiment. [Figure 10A] A sequence diagram showing the first half of the key registration process according to a modified example of the second embodiment. [Figure 10B] A sequence diagram showing the latter half of the key registration process according to a modified example of the second embodiment. [Modes for carrying out the invention]
[0024] Embodiments of the present invention will be described below with reference to the drawings. The same or corresponding elements are denoted by the same reference numerals throughout the drawings, and redundant detailed descriptions will be omitted.
[0025] (First Embodiment) The digital key management system 100 (an example of a key information management system) according to this embodiment is a system for managing digital keys DKs for controlling (using) target devices such as vehicles, entrance doors of residences, and delivery boxes. Users can use the target devices by locking and unlocking them (hereinafter referred to as "locking and unlocking") using the digital key DKs. The digital key management system 100 manages not only the digital key DKs of the owners of the target devices, but also digital key DKs for sharing and using the target devices among multiple users. In the following, an embodiment will be described using a vehicle 1 as an example of a target device.
[0026] (Schematic configuration) First, the general configuration of the digital key management system 100 will be explained with reference to Figure 1. Figure 1 is a schematic diagram of the digital key management system 100.
[0027] As shown in Figure 1, the digital key management system 100 includes a vehicle 1, such as a motorcycle or automobile, which is shared by a first user U1 and a second user U2, a first terminal 2 owned by the first user U1, and a second terminal 3 owned by the second user U2. In this embodiment, the first user U1 is the sharing user U1 who shares the vehicle 1, and the second user U2 is the sharing user U2 who receives the vehicle. Hereafter, the first terminal 2 owned by the sharing user U1 will be referred to as "sharing terminal 2," and the second terminal 3 owned by the sharing user U2 will be referred to as "sharing terminal 3."
[0028] Figure 2 is a block diagram showing the configuration of the digital key management system 100. As shown in Figure 2, the vehicle 1 has a vehicle control device 11, a vehicle communication unit 12, and a vehicle input / output unit 13. The vehicle control device 11 controls the operation of each part of the vehicle 1. The vehicle control device 11 also manages the locking and unlocking of the vehicle 1, and the digital key DK is authenticated (verified) based on the contents of the key information DT related to the digital key DK that is pre-registered in the vehicle 1. The sharing user U1 and the sharing recipient user U2 can use the vehicle 1 (use its functions) if the authentication by the digital key DK is successful.
[0029] The sharing terminal 2 comprises a sharing control device 21, a sharing communication unit 22, and a sharing input / output unit 23. The sharing terminal 2 is authorized to issue a share key for vehicle 1. The receiving terminal 3 comprises a receiving control device 31, a receiving communication unit 32, and a receiving input / output unit 33. Both the sharing terminal 2 and the receiving terminal 3 are information processing terminals such as smartphones and tablets. Alternatively, the sharing terminal 2 and the receiving terminal 3 may be dedicated terminals for the digital key management system 100.
[0030] The vehicle control device 11, the source control device 21, and the destination control device 31 each include a processor such as a CPU (Central Processing Unit) or MPU (Micro Processing Unit) that works in cooperation with software to realize predetermined functions. The vehicle control device 11, the source control device 21, and the destination control device 31 may consist of hardware circuits such as dedicated electronic circuits or reconfigurable electronic circuits designed to realize predetermined functions, or they may consist of various semiconductor integrated circuits. Examples of various semiconductor integrated circuits include, in addition to CPUs and MPUs, microcomputers, DSPs (Digital Signal Processors), FPGAs (Field Programmable Gate Arrays), and ASICs (Application Specific Integrated Circuits).
[0031] The vehicle control device 11, the source control device 21, and the destination control device 31 include memory such as RAM (Random Access Memory), ROM (Read Only Memory), and EEPROM (Electrically Erasable Programmable Read-Only Memory). Hereinafter, the memory included in the vehicle control device 11 will be referred to as vehicle memory 11a, the memory included in the source control device 21 as source memory 21a, and the memory included in the destination control device 31 as destination memory 31a.
[0032] The vehicle memory 11a, the source memory 21a, and the destination memory 31a store programs for executing the key registration process and key deletion process described later, and can store the digital key DK and the key information DT necessary for the authentication of the digital key DK. The processors of the vehicle control device 11, the source control device 21, and the destination control device 31 execute the programs for executing the key registration process and the programs for executing the key deletion process stored in the vehicle memory 11a, the source memory 21a, and the destination memory 31a, respectively.
[0033] The vehicle communication unit 12, the source communication unit 22, and the destination communication unit 32 are hardware devices configured to communicate with each other and perform wireless communication according to wireless communication standards such as Ethernet, mobile-specific communication standards, Wi-Fi®, and Bluetooth®. Each of the vehicle communication unit 12, the source communication unit 22, and the destination communication unit 32 includes an antenna for transmitting and receiving signals.
[0034] The vehicle input / output unit 13, the source input / output unit 23, and the destination input / output unit 33 are, for example, touch displays that combine an input unit that accepts user touches and a display unit that displays image information, text information, etc. to the user.
[0035] (Key registration process) Next, referring to Figures 3 and 4, we will explain the key registration process for registering the digital key DK for using vehicle 1 with vehicle 1.
[0036] Figure 3 is a flowchart of information in the key registration process. As shown in Figure 3, the key registration process involves the exchange of random number information (an example of hashed information), friend information (an example of unique information), and information indicating hash values (first hash value and second hash value) (hereinafter simply referred to as hash values).
[0037] Random number information is a type of unpredictable information that represents random numbers without predictability or regularity, and consists of a string of characters, a sequence of numbers, or a combination thereof. Random number information is pre-stored in the vehicle memory 11a of vehicle 1 (see Figure 2). Random number information is stored in the vehicle memory 11a of vehicle 1, for example, when vehicle 1 is shipped from the factory.
[0038] Random number information is transmitted in advance from vehicle 1 to sharing terminal 2 before the key registration process (step S1). Random number information is transmitted from vehicle 1 to sharing terminal 2, for example, when vehicle 1 and sharing terminal 3 are paired. Pairing between vehicle 1 and sharing terminal 3 is performed, for example, when or before the registration of the digital key DK (hereinafter referred to as "sharing key DK1") owned by sharing terminal 2 (sharing user U1).
[0039] Next, the sharing destination control device 31 of the sharing destination terminal 3 sends friend information to the sharing source control device 21 of the sharing source terminal 2 (step S2).
[0040] For example, the sharing destination terminal 3 sends friend information to the sharing source terminal 2 using a messaging application such as email. In this embodiment, the friend information is unique information that the sharing destination user U2 can arbitrarily determine, and is, for example, information indicating the sharing destination user U2's date of birth.
[0041] Next, the share source control device 21 obtains a hash value (hereinafter referred to as the "first hash value") obtained by hashing the random number information and the friend information (step S3), and transmits the first hash value to the share destination terminal 3 (step S4). The first hash value is converted into, for example, a two-dimensional code and provided to the share destination terminal 3.
[0042] Next, friend information is entered into vehicle 1 (step S5), and the first hash value is sent to vehicle 1 (step S6). The friend information and the first hash value are stored in vehicle memory 11a.
[0043] The vehicle control device 11 hashes the random number information and the friend information to obtain a hash value (hereinafter referred to as the "second hash value") (step S7).
[0044] Next, the vehicle control device 11 compares the first hash value and the second hash value (step S8). If the vehicle control device 11 determines that the first hash value and the second hash value match, it completes the registration of the digital key (hereinafter referred to as "shared key DK2") held by the shared terminal 3. As a result, the vehicle 1 can be used with the shared key DK2.
[0045] As described above, the key registration process according to this embodiment determines whether the first hash value and the second hash value match. The first and second hash values are values obtained by hashing random number information and friend information, respectively. Friend information is information that only the sharing user U2, who owns the sharing terminal 3, can know, and is entered into the vehicle 1 during the key registration process. Therefore, the sharing key DK2 can be managed securely, and even if, for example, the two-dimensional code into which the first hash value has been converted is stolen, unauthorized use of the vehicle 1 by a third party can be prevented.
[0046] Next, with reference to Figure 4, the sequence of the key registration process according to the first embodiment will be specifically described. Figure 4 is a sequence diagram showing the key registration process. As a prerequisite for explaining the sequence of the key registration process with reference to Figure 4, it is assumed that the registration of the share source key DK1 of the share source terminal 2 to vehicle 1 has been completed, and that the key information used for authentication of the share source key DK1 (hereinafter referred to as "share source key information") is stored (registered in vehicle 1) in the vehicle memory 11a of vehicle 1. The share source key information includes the ID information of vehicle 1, public key information, the number of times the share source key DK1 has been used, and information indicating the expiration date of the share source key DK1. Furthermore, it is assumed that the share source terminal 2 has already obtained random number information from vehicle 1, and that the share source memory 21a of the share source terminal 2 stores the random number information.
[0047] As shown in Figure 4, first, the sharing destination control device 31 of the sharing destination terminal 3 transmits friend information to the sharing source terminal 2 (an example of a distribution device) (step S101). Next, the sharing source control device 21 obtains a first hash value obtained by hashing the random number information and the friend information (step S103). Note that the first hash value is an example of transformed information, and hashing is an example of data transformation.
[0048] Next, the sharing source control device 21 creates a digital key (hereinafter referred to as "shared user key DK2") for shared user U2 to use vehicle 1 and key information (hereinafter referred to as "shared user key information DT2") used for authentication of the shared user key DK2 (step S105). The shared user key DK2 and shared user key information DT2 are created based on the sharing information. The sharing information is created when the necessary items are input to the sharing source control device 21 by the sharing user U1 via the sharing source input / output unit 23 of the sharing source terminal 2.
[0049] The shared key information DT2 includes the ID information of vehicle 1, the public key information of the shared key DK2, the ID information of the sharing terminal 2, the number of times the shared key DK2 has been used, and information indicating the expiration date of the shared key DK2. If the authentication method used during key registration is a symmetric key encryption method, the public key information included in the shared key information DT2 is omitted, and after the key registration process is completed, the symmetric key is shared between vehicle 1 and the shared terminal 3 via BLE (Bluetooth® Low Energy) communication or the like.
[0050] The share source control device 21 signs the share destination key information DT2 using the share source key (private key in the case of public-key cryptography, or common key in the case of symmetric-key cryptography) stored in the share source memory 21a (step S107).
[0051] Next, the share source control device 21 converts the first hash value, the share destination key DK2, and the signed share destination key information DT2 into a QR code (registered trademark) (an example of a two-dimensional code) (step S109), and provides the QR code (registered trademark) to the share destination terminal 3 (step S111).
[0052] The share destination control device 31 reads the QR code (registered trademark) indicated by the transmitted conversion data and obtains the first hash value, the share destination key DK2, and the signed share destination key information DT2 (step S113). In other words, the share source control device 21 of the share source terminal 2 transmits (distributes) the first hash value, the share destination key DK2, and the signed share destination key information DT2 to the share destination terminal 3, and the share destination control device 31 of the share destination terminal 3 receives the first hash value, the share destination key DK2, and the signed share destination key information DT2.
[0053] Next, the share destination control device 31 transmits the first hash value and the signed share destination key information DT2 to the vehicle 1 (step S115). The share destination key information DT2 (share destination key DK2) is also stored in the share source memory 21a of the share source terminal 2.
[0054] The vehicle control device 11 verifies the signature of the shared key information DT2 based on the shared key DK1 (public key in the case of public-key cryptography, or symmetric key in the case of symmetric-key cryptography) (step S117). In the verification of the shared key information DT2, it is confirmed whether the ID information of vehicle 1 and the digital key DK (a hash of the shared key DK2) are correct.
[0055] In addition, the sharing user U2 of the sharing terminal 3 manually inputs friend information into vehicle 1 (vehicle control device 11) by operating the vehicle input / output unit 13 of vehicle 1 (step S119). The friend information is stored in the vehicle memory 11a.
[0056] The vehicle control device 11 obtains a second hash value based on the input friend information and random number information (step S121).
[0057] The vehicle control device 11 compares the first hash value and the second hash value (step S123). Specifically, the vehicle control device 11 determines whether the first hash value and the second hash value match, and if it determines that the first hash value and the second hash value match, it associates the signed share destination key information DT2 with the friend information and stores it in the vehicle memory 11a of vehicle 1 (registers it in vehicle 1). This completes the key registration process and authorizes the use of the share destination key DK2 on vehicle 1. As a result, vehicle 1 can be locked and unlocked using the share destination key DK2, and vehicle 1 can be used.
[0058] (Unlocking process) Next, with reference to Figure 5, the unlocking process performed when unlocking vehicle 1 will be explained. Figure 5 is a sequence diagram showing the unlocking process. In the unlocking process, authentication is performed on the shared key DK2 of the shared terminal 3 in response to the unlocking request from the shared terminal 3. If authentication is successful, vehicle 1 is unlocked, and shared user U2 can use vehicle 1.
[0059] As shown in Figure 5, the shared device control unit 31 creates an action message to execute the functions of vehicle 1 (step S201) and sends it to vehicle 1 (step S203). The vehicle control unit 11 generates, for example, a random number (for example, a random string of 16 bytes) (step S205) and sends the random number information to the shared terminal 3 (step S207).
[0060] In the vehicle control device 11, while waiting for a signed third hash value to be received from the sharing terminal 3, the random number information sent to the sharing terminal 3 and the action message received from the sharing terminal 3 are hashed to obtain a third hash value (step S209).
[0061] Meanwhile, the sharing destination control device 31 hashes the random number information received from vehicle 1 and the action message to obtain a fourth hash value (step S211). The sharing destination control device 31 signs the fourth hash value with the sharing source key DK1 (private key in the case of public key scheme, or common key in the case of symmetric key scheme) (step S213), and sends the signed fourth hash value to vehicle 1 (step S215).
[0062] Vehicle 1 verifies the signed fourth hash value transmitted from the sharing terminal 3 (step S217). Specifically, the vehicle control device 11 verifies the signature of the fourth hash value using the sharing key DK2 (private key in the case of public key scheme, or common key in the case of symmetric key scheme). Next, the vehicle control device 11 compares the third hash value and the fourth hash value (step S219). Specifically, Vehicle 1 determines whether the third hash value and the fourth hash value match, and if it determines that the third hash value and the fourth hash value match, it checks the information contained in the sharing key information DT2 (step S221). For example, Vehicle 1 checks the authentication conditions of the sharing key DK2 contained in the sharing key information DT2, such as the expiration date and number of uses, and if the authentication conditions are met, it determines that authentication is successful, unlocks Vehicle 1, and completes the unlocking process. As a result, the sharing user U2 can use Vehicle 1.
[0063] (Key deletion process) Next, with reference to Figure 6, the key deletion process for deleting the shared key DK2 will be explained. Figure 6 is a sequence diagram showing the key deletion process. Friend information is also entered (manually) into vehicle 1 during the deletion process to delete the shared key DK2 (shared key information DT2) registered in vehicle 1.
[0064] As shown in Figure 6, the sharing terminal 3 requests vehicle 1 to delete the sharing key DK2 (sharing key information DT2) (step S301). At the same time, the sharing user U2 inputs friend information to the vehicle control device 11 via the vehicle input / output unit 13 of vehicle 1.
[0065] Vehicle 1 verifies the entered friend information (step S303). Specifically, Vehicle 1 determines whether the entered friend information matches the friend information stored in vehicle memory 11a. If Vehicle 1 determines that the entered friend information matches the friend information stored in vehicle memory 11a, it deletes the share destination key information DT2 stored in vehicle memory 11a (step S305). Note that in the key deletion process, the friend information is also deleted from vehicle memory 11a.
[0066] When the vehicle control device 11 has finished deleting the shared key information DT2, it sends a deletion completion notification to the shared terminal 3 (step S307). When the shared control device 31 receives the deletion completion notification from vehicle 1, it deletes the shared key DK2 and the shared key information DT2 stored in the shared memory 31a (step S309). This completes the key deletion process.
[0067] (Effects of the first embodiment) As described above, with the digital key management system 100 according to this embodiment, friend information is transmitted to the sharing terminal 2, so the shared key information DT2 can be managed securely. In particular, during the registration process to register the shared key information DT2 to the vehicle 1, a first hash value obtained by hashing the friend information is transmitted to the vehicle 1 via the sharing terminal 3, and the friend information is input to the vehicle 1. In the vehicle 1, by comparing the first hash value with the second hash value (a hash value obtained by hashing the friend information input to the vehicle 1 and random number information previously stored in the vehicle memory 11a), the friend information (shared user U2) can be verified, and unauthorized registration of the shared key DK2 and deletion of the shared key DK2 by anyone other than the shared user U2 can be prevented. In other words, the shared key information DT2 can be managed securely. As a result, unauthorized use of the vehicle 1 by a third party can be prevented.
[0068] (Second Embodiment) Next, the digital key management system 100 according to the second embodiment will be described. Figure 7 is a block diagram showing the configuration of the digital key management system 100 according to the second embodiment. As shown in Figure 7, the second embodiment differs from the first embodiment in that the digital key management system 100 further includes a server (an example of a management device) for managing digital keys. Hereinafter, the second embodiment will be described focusing on the differences from the first embodiment, and the description of the configuration similar to that of the first embodiment will be omitted.
[0069] Server 4 is, for example, a cloud server and includes a server control unit 41 and a server communication unit 42. The server control unit 41 includes a CPU or MPU that works in cooperation with software to perform predetermined functions. The server control unit 41 also includes memory such as RAM, ROM, and EEPROM, and storage devices such as an HDD (hard disk drive) and an SSD (Solid State Drive). The server control unit 41 manages the correspondence between vehicle 1 and the shared terminal 3. Hereinafter, the memory of the server control unit 41 will be referred to as server memory 41a.
[0070] The server communication unit 42 is configured to communicate with the vehicle communication unit 12, the sharing source communication unit 22, and the sharing destination communication unit 32, and is a hardware device for performing wireless communication according to wireless communication standards such as Ethernet, mobile-specific communication standards, Wi-Fi®, and Bluetooth®. The server communication unit 42 includes an antenna for transmitting and receiving signals.
[0071] Figures 8A and 8B are sequence diagrams showing the key registration process according to the second embodiment. As shown in Figure 8A, the share source control device 21 receives friend information from the share destination terminal 3 (step S401), obtains a first hash value (step S403), creates sharing information including the ID of vehicle 1, etc. (step S405), and sends the sharing information to the server 4 to request sharing (step S407). The sharing information is created by the share source user U1 via the share source input / output unit 23 of the share source terminal 2, similar to the first embodiment.
[0072] The server control device 41 registers the sharing information (stores it in the server memory 41a) (step S409), issues website access information (hereinafter referred to as URL) for registering the share destination key DK2 (step S411), and sends the URL to the sharing source terminal 2 (step S413). The URL is set to have an expiration date of, for example, 24 hours.
[0073] When the sharing source control device 21 receives a URL from the server 4, it converts the URL and the first hash value into a QR code (registered trademark) (step S415) and sends it to the sharing destination terminal 3 (step S417).
[0074] When the share destination control device 31 obtains a QR code (registered trademark), it reads the obtained QR code (registered trademark) and obtains a first hash value (step S419). The share destination control device 31 also obtains a URL by reading the QR code (registered trademark).
[0075] Next, the share destination control device 31 creates a share destination key DK2 and share destination key information DT2 (step S421), and as shown in Figure 8B, accesses the site indicated by the URL sent from the share source terminal 2 and sends the share destination key information DT2 to the server 4 (step S423).
[0076] The server control device 41 verifies the shared key information DT2 transmitted from the shared terminal 3 (step S425) and signs it with the server key DK3 (step S427).
[0077] Next, the server control device 41 sends the signed share destination key information DT2 to the share destination terminal 3 (step S429), and the share destination control device 31 sends the server 4's signed share destination key information DT2 and the first hash value to the vehicle 1 (step S431).
[0078] The vehicle control device 11 verifies the shared key information DT2 based on the server key DK3 (private key in the case of public-key cryptography, or common key in the case of symmetric-key cryptography) that has been stored in the vehicle memory 11a in advance (step S433).
[0079] Subsequently, as explained with reference to Figure 4, in the same manner as in the first embodiment, the sharing user U2 of the sharing terminal 3 inputs friend information to the vehicle 1 (vehicle control device 11) (step S119), and the vehicle control device 11 obtains a second hash value based on the input friend information and random number information (step S121). The vehicle control device 11 determines whether the first hash value and the second hash value match (step S123), and if it determines that they match, it stores the sharing key information DT2 in the vehicle memory 11a. With this, the key registration process is completed, and the use of the sharing key DK2 on the vehicle 1 is permitted. As a result, the vehicle 1 can be locked and unlocked (used) with the sharing key DK2.
[0080] (Deletion process) In the example of the second embodiment, as shown in Figure 9, the share destination control device 31 requests the vehicle 1 to delete the share destination key DK2 (share destination key information DT2) in the same manner as in the first embodiment (step S601). At the same time, the share destination user U2 inputs (manually inputs) friend information to the vehicle control device 11 via the vehicle input / output unit 13 of the vehicle 1.
[0081] The vehicle control device 11 verifies the input friend information (step S603). Specifically, the vehicle control device 11 determines whether the input friend information matches the friend information stored in the vehicle memory 11a. If the vehicle control device 11 determines that the input friend information matches the friend information stored in the vehicle memory 11a, it deletes the share destination key information DT2 stored in the vehicle memory 11a (step S605). Note that in the key deletion process, the friend information is also deleted from the vehicle memory 11a.
[0082] When the vehicle control device 11 has finished deleting the shared key information DT2, it sends a deletion completion notification to the shared terminal 3 (step S607). Upon receiving the deletion completion notification from vehicle 1, the shared control device 31 deletes the shared key DK2 and shared key information DT2 stored in the shared memory 31a (step S609), and a deletion completion notification is sent to the server 4 (step S611). Upon receiving the deletion completion notification, the server control device 41 deletes the shared key DK2 and shared key information DT2 stored in the server memory 41a (step S613), and the key deletion process is completed. The server 4 may also notify the sharing terminal 2 that the key deletion is complete.
[0083] (Modified version of the second embodiment) Next, with reference to Figures 10A and 10B, a modified digital key management system 100 according to the second embodiment will be described. Figures 10A and 10B are sequence diagrams of the key registration process according to the modified second embodiment. Note that the modified second embodiment differs from the second embodiment in that the server 4, rather than the sharing terminal 2, obtains the first hash value. Below, the modified second embodiment will be described focusing on the differences from the second embodiment, and the description of the configuration similar to the second embodiment will be omitted.
[0084] As shown in Figure 10A, the share source control device 21 creates sharing information (step S501) in the same manner as described in the second embodiment, and sends the random number information and sharing information, which are pre-stored in the share source memory 21a, to the server 4 (step S503).
[0085] The server control device 41 stores the sharing information (step S505), issues a URL for sharing registration (step S507), and sends the URL to the sharing source terminal 2 (step S509), as described with reference to Figures 8A and 8B.
[0086] When the sharing source control device 21 receives a URL from the server 4, it converts only the URL into a QR code (registered trademark) (step S511) and sends it to the sharing destination terminal 3 (step S513).
[0087] When the share destination control device 31 reads the QR code (registered trademark) (step S515), it creates a share destination key DK2 and share destination key information DT2, similar to the second embodiment (step S517), and, as shown in Figure 10B, it accesses the site indicated by the URL sent from the share source terminal 2 and sends the share destination key information DT2 and friend information to the server 4 (step S519).
[0088] The server control device 41 verifies the shared key information DT2 transmitted from the shared terminal 3 (step S521) and signs it with the server key DK3 (step S523).
[0089] Next, the server control device 41 hashes the random number information sent from the sharing source terminal 2 and the friend information sent from the sharing destination terminal 3 to obtain a first hash value (step S525). Then, the server control device 41 sends the signed sharing destination key information DT2 and the first hash value to the sharing destination terminal 3 (step S527), and the sharing destination control device 31 sends the signed sharing destination key information DT2 and the first hash value to the vehicle 1 (step S529).
[0090] Hereafter, in the same manner as the first embodiment described with reference to Figure 4 and the second embodiment described with reference to Figures 8A and 8B, the sharing user U2 of the sharing terminal 3 inputs friend information to the vehicle 1 (vehicle control device 11) (step S119), and the vehicle control device 11 obtains a second hash value based on the input friend information and random number information (step S121). The vehicle control device 11 determines whether the first hash value and the second hash value match (step S123), and if it determines that they match, it stores the sharing key information DT2 in the vehicle memory 11a. With this, the key registration process is completed, and the use of the sharing key DK2 on the vehicle 1 is permitted. As a result, the vehicle 1 can be locked and unlocked (used) with the sharing key DK2.
[0091] (Deletion process) In the example relating to a modification of the second embodiment, the deletion process is the same as described with reference to Figure 9.
[0092] (Effects of the second embodiment) As described above, the digital key management system 100 according to this embodiment allows for secure management of shared key information DT2, similar to the first embodiment. As a result, unauthorized use of the vehicle 1 by a third party can be prevented.
[0093] As described above, the digital key management system 100 executes a digital key registration method (key registration process) which includes the steps of: sending friend information from the sharing terminal 3 to the sharing terminal 2 or server 4; the sharing terminal 2 or server 4 obtaining a first hash value based on the friend information and pre-stored random number information; sending the first hash value to the vehicle 1 via the sharing terminal; inputting the friend information into the vehicle 1; the vehicle 1 obtaining a second hash value based on the friend information and random number information; and the vehicle 1 determining whether the first hash value and the second hash value match, and if it determines that the first hash value and the second hash value match, registering the sharing key information DT2 used for authentication of the sharing key DK2 used by the sharing user.
[0094] Furthermore, the computer program used to cause a computer to perform the key registration process, unlocking process, and key deletion process described in the above embodiment may be stored and distributed on a computer-readable recording medium such as a flexible disk, CD-ROM (Compact Disc - Read Only Memory), or DVD-ROM (Digital Versatile Disc - Read Only Memory), and at least one of the vehicle 1, sharing terminal 2, sharing terminal 3, and server 4 that perform the aforementioned processes may be configured by installing the computer program on a computer. Alternatively, the computer program may be stored in the storage area of a server device (cloud server) on a communication network such as the Internet, and at least one of the vehicle 1, sharing terminal 2, sharing terminal 3, and server 4 may be configured by downloading it from a normal computer system.
[0095] In the above embodiment, we described a case where the friend information is unique information that the sharing user U2 can arbitrarily determine, such as information indicating the date of birth of the sharing user U2. However, the friend information may also be information that the sharing user U2 cannot arbitrarily determine, such as the MAC address of the sharing terminal 3. In this case, the friend information to be input to the vehicle 1 is not manually entered by the sharing user U2, but is transmitted from the sharing control device 31 to the vehicle control device 11 via the sharing communication unit 32 and the vehicle communication unit 12. As a result, the friend information is input to the vehicle control device 11.
[0096] In the above embodiment, random number information was used as an example of the information to be hashed, but the information to be hashed is not limited to random number information and can be any information representing alphanumeric characters that do not overlap with each other. [Explanation of Symbols]
[0097] 1. Vehicle (Target device) 2. Sharing source device (distribution device) 3. Shared devices 4. Server (distribution device) 11. Vehicle control system 11a Vehicle Memory 12. Vehicle Communications Department 13. Vehicle Input / Output Section 21 Share source control device 21a Shared memory 22 Share Source Communications Department 23. Share Source Input / Output Section 31 Shared Control Device 31a Shared memory 32 Shared Communications Department 33. Shared Input / Output Section 41 Server Control Unit 41a Server Memory 42 Server Communication Unit 100 Digital Key Management Systems DK Digital Key DK1 Shared Key DK2 Shared Key DK3 Server Key DT Key Information DT2 Share Key Information U1 Shared by user U2 Shared Users
Claims
1. A key information management system for managing key information used for authenticating digital keys to control a target device of a controlled object, A distribution device that distributes key information registered to the aforementioned target device, A sharing terminal that receives the aforementioned key information, Equipped with, The shared terminal transmits unique information to the distribution device. The aforementioned unique information is a key information management system that is input to the target device during the registration process in which the key information is registered to the target device.
2. The distribution device transmits the converted information obtained by converting the unique information into data to the sharing destination terminal. The key information management system according to claim 1, wherein the shared terminal transmits the conversion information to the target device.
3. The distribution device transmits to the sharing destination terminal a first hash value, which is the converted information obtained by hashing the hashed information and the unique information that are stored in advance in the target device, The key information management system according to claim 2, wherein the shared terminal transmits the first hash value to the target device.
4. The key information management system according to claim 3, wherein the target device obtains a second hash value obtained by hashing the unique information and the hashed information, and when the first hash value transmitted from the sharing terminal matches the second hash value, the key information is registered.
5. The key information management system according to claim 4, wherein the unique information is also input to the target device during a deletion process to delete the key information registered in the target device.
6. The key information management system according to claim 5, wherein the unique information is manually entered into the target device by the sharing user who owns the sharing terminal.
7. The distribution device is a sharing terminal owned by a sharing user who is the source of the sharing of the target device. The key information management system according to any one of claims 3 to 6, wherein the sharing source terminal converts the first hash value and the key information into a two-dimensional code and transmits it to the sharing destination terminal.
8. The distribution device is a management device that manages key information by associating the target device with the sharing destination terminal. The key information management system according to any one of claims 1 to 6, wherein the management device transmits website access information for registering the key information.