Information processing method, information processing system, information processing device, power storage device, program, and computer-readable storage medium
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Filing Date
- 2023-06-23
- Publication Date
- 2026-06-29
Abstract
Description
Information processing method, information processing system, information processing device, power storage device, program, and computer-readable storage medium
[0001] The present invention relates to an information processing method, an information processing system, an information processing device, a power storage device, a program, and a computer-readable storage medium.
[0002] Patent Document 1 discloses a management device that authenticates a battery by comparing an authentication key stored in a battery to be returned to the battery station with an authentication key stored in the battery station. Patent Document 2 discloses a battery station that uses a whitelist method to determine whether or not to accept a battery. (Prior art documents) (Patent documents) (Patent Document 1) WO 2019 / 181661 (Patent Document 2) WO 2020 / 059833 General disclosure
[0003] In a first aspect of the present invention, there is provided an information processing method, which includes, for example, a first confirmation step in which a first device confirms whether a second device is an authorized device, and a second confirmation step in which the second device confirms whether the first device is an authorized device.
[0004] In the above information processing method, the second confirmation step may include a step in which the second device confirmed to be an authentic device in the first confirmation step confirms whether the first device, which the second device confirmed to be an authentic device in the first confirmation step, is an authentic device. Any of the above information processing methods may include an update step in which, if the first device is confirmed to be an authentic device in the second confirmation step, update target information stored in the storage unit of the second device is updated based on an update request sent by the first device. In any of the above information processing methods, the update request may include control software or a control program used to control the second device, update software or an update program for updating the control software or the control program, and / or an instruction to cause the computer of the second device to execute the update software or the update program. In any of the above information processing methods, the update target information may be control software or a control program used to control the second device.
[0005] Any of the above information processing methods may include a first storage step in which the first device stores second device identification information for identifying the second device when the first device that transmitted the update request is unable to confirm that the update process for the update target information based on the update request has successfully completed. Any of the above information processing methods may include a second storage step in which the second device stores first device identification information for identifying the first device that transmitted the update request. Any of the above information processing methods may include a reading step in which the read target information stored in the memory unit of the second device is read into the first device when the first device is confirmed to be an authorized device in the second confirmation step. In any of the above information processing methods, the first confirmation step may include a step in which the first device converts the first information based on the second information to generate third information. The first confirmation step may include a step in which the first device transmits the third information to the second device. The first confirmation step may include a step in which the first device receives, from the second device, (i) fifth information generated by the second device by inversely converting the third information based on fourth information paired with the second information, or (ii) sixth information generated by the second device by processing the fifth information in accordance with a predetermined first algorithm. The first confirmation step may include a step in which the first device (a) compares the first information with the fifth information when the fifth information is received, or (b) when the sixth information is received, (i) compares the sixth information with seventh information generated by processing the first information in accordance with the first algorithm, or (ii) compares the first information with eighth information generated by processing the sixth information in accordance with a second algorithm related to the first algorithm.
[0006] In any of the above information processing methods, the second confirmation step may include a step in which the second device converts the first information based on the second information to generate third information. The second confirmation step may include a step in which the second device transmits the third information to the first device. The second confirmation step may include a step in which the second device receives from the first device (i) fifth information generated by the first device by inversely converting the third information based on fourth information paired with the second information, or (ii) sixth information generated by the first device by information processing the fifth information in accordance with a predetermined first algorithm. The second confirmation step may include a step in which the second device (a) compares the first information with the fifth information when the fifth information is received, or (b) when the sixth information is received, (i) compares the sixth information with seventh information generated by processing the first information according to the first algorithm, or (ii) compares the first information with eighth information generated by processing the sixth information according to a second algorithm related to the first algorithm. In any of the above information processing methods, the second confirmation step may include a step in which the second device acquires first device identification information for identifying the first device from the first device. The second confirmation step may include a step in which the second device compares one or more pieces of authorized device identification information for identifying each of the one or more authorized devices with the first device identification information acquired from the first device. In any of the above information processing methods, the second device may include a power storage device for storing electric energy. In any of the above information processing methods, the first device may include a storage device for storing the second device. In any of the above information processing methods, the first device may include a power device configured to be electrically connected to the power storage device of the second device, configured to be capable of supplying power to the power storage device of the second device, or configured to be capable of receiving power from the power storage device of the second device.
[0007] In any of the above information processing methods, the first device may be a power storage device having a power storage unit that accumulates electric energy and at least one of a memory unit that stores information and a computer that executes a program. The second device may be a power device that is configured to be electrically connectable to the power storage device, configured to be able to supply power to the power storage device, and / or configured to be able to receive power from the power storage device. Any of the above information processing methods may include at least one of (a) a first determination step of determining whether to permit a read process in which the power device reads read-target information stored in a memory unit of the power storage device, and (b) a second determination step of determining whether to permit at least one of a write process in which the power device writes write-target information to the memory unit of the power storage device, an alteration process in which the power device alters alter-target information stored in the memory unit of the power storage device, and an execution process in which the power device causes a computer of the power storage device to execute a program. In any of the above information processing methods, the first determination step may include (i) a first prohibition step of determining to prohibit execution of the read process when the first information and the fifth information do not match, the sixth information and the seventh information do not match, or the first information and the eighth information do not match, or (ii) a first permission step of determining to permit execution of the read process when the first information and the fifth information match, the sixth information and the seventh information match, or the first information and the eighth information match. In any of the above information processing methods, the second determination step may include (iii) a second prohibition step of determining to prohibit execution of at least one of the write process, the modify process, and the execute process when the first information and the fifth information do not match, the sixth information and the seventh information do not match, or the first information and the eighth information do not match, or (iv) a second permission step of determining to permit execution of at least one of the write process, the modify process, and the execute process when the first information and the fifth information match, the sixth information and the seventh information match, or the first information and the eighth information match. In any of the above information processing methods, the power device may be a storage device that stores a power storage device. The storage device may have a mounting section to which the power storage device is mounted.Any of the above information processing methods may include (i) a step of determining not to attach the power storage device to the attachment portion when the first information and the fifth information do not match, the sixth information and the seventh information do not match, or the first information and the eighth information do not match, or (ii) a step of determining to attach the power storage device to the attachment portion when the first information and the fifth information match, the sixth information and the seventh information match, or the first information and the eighth information match. Any of the above information processing methods may include (i) a step of determining to prohibit or suppress input / output of power between the power storage device and the power device when the first information and the fifth information do not match, the sixth information and the seventh information do not match, or the first information and the eighth information do not match, or (ii) a step of determining not to prohibit or suppress input / output of power between the power storage device and the power device when the first information and the fifth information match, the sixth information and the seventh information match, or the first information and the eighth information match.
[0008] In any of the above information processing methods, the storage unit of the power storage device may store a charge / discharge history. The charge / discharge history may be information in which (i) one or more pieces of device identification information for identifying each of one or more devices electrically connected to the power storage device during a target period that is a period before the power storage device executes a process to confirm whether the power device is a legitimate device, and (ii) information indicating an amount of power input / output between each of the one or more devices and the power storage device during the target period are associated with each other. Any of the above information processing methods may include a step of transmitting the charge / discharge history from the power storage device to the power device when it is determined in the first permission step that execution of the reading process is permitted. Any of the above information processing methods may include a step of receiving, from the power device, eleventh information, thirteenth information generated by converting the eleventh information based on the twelfth information, and second information. Any of the above information processing methods may include a step of comparing the eleventh information with fifteenth information generated by inversely converting the thirteenth information based on fourteenth information that is paired with the twelfth information. Any of the above information processing methods may include a step of confirming that the received second information is authentic when the eleventh information and the fifteenth information match. Any of the above information processing methods may include a step of receiving, from the power device, the eleventh information and thirteenth information generated by converting the eleventh information based on the twelfth information. Any of the above information processing methods may include a step of comparing the eleventh information with fifteenth information generated by inversely converting the thirteenth information based on fourteenth information that pairs with the twelfth information. Any of the above information processing methods may include a step of acquiring the eleventh information as the second information when the eleventh information and the fifteenth information match. Any of the above information processing methods may include a step of determining whether the power device is authentic based on a comparison result between the first information and the fifth information, a comparison result between the sixth information and the seventh information, or a comparison result between the first information and the eighth information.Any of the above information processing methods may include a step of confirming that the power device is not genuine or that the power device is non-genuine if the first information and the fifth information do not match, the sixth information and the seventh information do not match, or the first information and the eighth information do not match.
[0009] In a second aspect of the present invention, there is provided an information processing method. The information processing method is executed, for example, by an information processing device configured to be able to send and receive information to and from another information processing device. The information processing method includes, for example, a confirmation step of confirming whether the other information processing device is a legitimate device. The information processing method includes, for example, a confirmation information receiving step of receiving, from the other information processing device, confirmation information indicating that the other information processing device is performing processing to confirm whether the information processing device is a legitimate device. The information processing method includes, for example, a certification information transmitting step of transmitting, to the other information processing device, certification information indicating that the information processing device is a legitimate device, when the confirmation information is received in the confirmation information receiving step.
[0010] The above information processing method may include (i) an execution step of executing at least one of a process of writing information to be written to a storage unit of the other information processing device, a process of modifying information to be modified stored in the storage unit, and a process of executing a program running on the other information processing device, or (ii) an execution step of causing the other information processing device to execute at least one of a process of writing information to be written, a process of modifying information to be modified, and a process of executing a program. Any of the above information processing methods may include an execution request receiving step of receiving, from the other information processing device, an execution request requesting execution of at least one of a process of writing information to be written to a storage unit of the information processing device, a process of modifying information to be modified stored in the storage unit, and a process of executing a program running on the information processing device. Any of the above information processing methods may include an execution determination step of, when the execution request is received in the execution request receiving step, determining whether to execute the process requested by the execution request based on the confirmation result in the confirmation step. In any of the above information processing methods, the execution determination step may include (i) an authorization step of permitting execution of a process requested by the execution request when the execution request is received in the execution request receiving step and it is confirmed in the confirmation step that the other information processing device is an authorized device, and / or (ii) a prohibition step of prohibiting execution of the process requested by the execution request when the execution request is received in the execution request receiving step and it is not confirmed in the confirmation step that the other information processing device is an authorized device. In any of the above information processing methods, the confirmation step may be executed before the confirmation information receiving step. In any of the above information processing methods, the confirmation step may be executed after the confirmation information receiving step.
[0011] In any of the above information processing methods, the confirmation step may include a step of transmitting first verification information to the other information processing device. In any of the above information processing methods, the confirmation step may include a step of converting the first verification information based on the second verification information to generate third verification information. In any of the above information processing methods, the confirmation step may include a step of receiving from the other information processing device (i) fifth verification information generated by the other information processing device by converting the first verification information based on fourth verification information that satisfies a first mathematical relationship with the second verification information, or (ii) sixth verification information derived by the other information processing device from the first verification information and the fourth verification information or from the fifth verification information using a second mathematical relationship that the third verification information and the fifth verification information should satisfy if the other information processing device is a legitimate device. In any of the above information processing methods, the confirmation step may include a step of determining whether the other information processing device is a legitimate device based on the third verification information and the fifth verification information or the sixth verification information. In any of the above information processing methods, the determining step may include (a) determining whether the third verification information and the fifth verification information satisfy a second mathematical relationship when the fifth verification information is received, or (b) comparing the third verification information and the sixth verification information when the sixth verification information is received. In any of the above information processing methods, the second mathematical relationship may be determined based on the first mathematical relationship.
[0012] In any of the above information processing methods, the information processing device may store a pair of a first private key and a first public key. In any of the above information processing methods, the other information processing device may store a pair of a second private key and a second public key. In any of the above information processing methods, the confirmation information receiving step may include a step of receiving a second public key from the other information processing device. The proof information transmitting step may include a step of transmitting a first public key to the other information processing device. The confirmation step may include a step of generating a common key based on the first private key and the second public key. The confirmation step may include a step of transmitting information encrypted using the common key to the other information processing device. In any of the above information processing methods, the confirmation information receiving step may include a step of receiving a second public key from the other information processing device. The proof information transmitting step may include a step of generating a common key based on the first private key and the second public key. The proof information transmitting step may include a step of transmitting information encrypted using the common key to the other information processing device. The confirmation step may include a step of receiving, from the other information processing device, information indicating that the information encrypted using the common key has been received by the other information processing device. In any of the above information processing methods, the first private key and the first public key may be a pair of private key and public key used in elliptic curve cryptography. In any of the above information processing methods, the second private key and the second public key may be a pair of private key and public key used in elliptic curve cryptography. In any of the above information processing methods, the first private key may be one of a pair of parameters representing a specific elliptic curve. In any of the above information processing methods, the second private key may be the other of the pair of parameters. In any of the above information processing methods, the first public key may be generated based on a base point, which is a specific point on the specific elliptic curve, and the first private key. In any of the above information processing methods, the second public key may be generated based on the base point and the second private key. In any of the above information processing methods, the information processing device may store information indicating the base point. In any of the above information processing methods, the other information processing device may store information indicating the base point.
[0013] In a third aspect of the present invention, an information processing system is provided. The information processing system includes, for example, a first device and a second device. In the information processing system, the first device includes, for example, a first confirmation unit that confirms whether the second device is a legitimate device. In the information processing system, the second device includes, for example, a second confirmation unit that confirms whether the first device is a legitimate device. In the information processing system, for example, when the first confirmation unit confirms that the second device is a legitimate device, the second confirmation unit confirms whether the first device is a legitimate device.
[0014] In a fourth aspect of the present invention, there is provided an information processing device. The information processing device is configured to be able to send and receive information to and from another information processing device, for example. The information processing device includes, for example, a confirmation unit that confirms whether the other information processing device is a legitimate device. The information processing device includes, for example, a confirmation information receiving unit that receives, from the other information processing device, confirmation information indicating that the other information processing device is performing processing to confirm whether the information processing device is a legitimate device. The information processing device includes, for example, a certification information transmitting unit that, when the confirmation information receiving unit receives the confirmation information, transmits certification information indicating that the information processing device is a legitimate device to the other information processing device.
[0015] In a fifth aspect of the present invention, there is provided a power storage device. The power storage device includes, for example, the information processing device according to the fourth aspect. The power storage device includes, for example, a power storage unit that stores electric energy.
[0016] In a sixth aspect of the present invention, there is provided an information processing device. The information processing device, for example, verifies whether a power device is a legitimate device. The information processing device, for example, includes a power storage device. In the information processing device, the power storage device, for example, includes a power storage unit that stores electrical energy. In the information processing device, the power storage device, for example, includes at least one of a memory unit that stores information and a computer that executes a program. In the information processing device, the power device, for example, is a device configured to be electrically connectable to the power storage device, a device configured to supply power to the power storage device, and / or a device configured to receive power from the power storage device. The information processing device, for example, includes a third information generation unit that converts first information based on second information and generates third information. The information processing device, for example, includes a third information transmission unit that transmits the third information to the power device. The information processing device includes, for example, a response receiving unit that receives, from the power device, (i) fifth information generated by the power device by inversely converting the third information based on fourth information paired with the second information, or (ii) sixth information generated by the power device by processing the fifth information in accordance with a predetermined first algorithm. The information processing device includes, for example, (a) a comparison unit that, when the fifth information is received, compares the first information with the fifth information, or (b) a comparison unit that, when the sixth information is received, (i) compares the sixth information with seventh information generated by processing the first information in accordance with the first algorithm, or (ii) compares the first information with eighth information generated by processing the sixth information in accordance with a second algorithm related to the first algorithm. The above-mentioned information processing device, for example, includes (c) an execution control unit that determines whether to allow a read process in which the power device reads information to be read stored in the memory unit of the power storage device, and / or (d) an execution control unit that determines whether to allow at least one of a write process in which the power device writes information to be written to the memory unit of the power storage device, a modification process in which the power device modifies information to be modified stored in the memory unit of the power storage device, and an execution process in which the power device causes the computer of the power storage device to execute a program.In the above-mentioned information processing device, the execution control unit, for example, (i) decides to prohibit the execution of the read process when the first information and the fifth information do not match, the sixth information and the seventh information do not match, or the first information and the eighth information do not match, or (ii) decides to allow the execution of the read process when the first information and the fifth information match, the sixth information and the seventh information match, or the first information and the eighth information match, and / or (iii) decides to prohibit the execution of at least one of the write process, the modification process, and the execution process when the first information and the fifth information do not match, the sixth information and the seventh information do not match, or the first information and the eighth information do not match, or (iv) decides to allow the execution of at least one of the write process, the modification process, and the execution process when the first information and the fifth information match, the sixth information and the seventh information match, or the first information and the eighth information match.
[0017] In a seventh aspect of the present invention, a program is provided. The program may be a program for causing a computer to execute any of the information processing methods according to the first or second aspect. The program may be a program for causing a computer to function as the information processing system according to the third aspect. The program may be a program for causing a computer to function as any of the information processing devices according to the fourth or sixth aspect.
[0018] In an eighth aspect of the present invention, there is provided a computer-readable storage medium. The computer-readable storage medium stores, for example, any of the programs according to the seventh aspect. The computer-readable storage medium may be a non-transitory computer-readable medium.
[0019] The above summary of the invention does not list all of the necessary features of the present invention, and subcombinations of these features may also constitute inventions.
[0020] 1 shows an example of the system configuration of the battery management system 100. 1 shows an example of the internal configuration of the mobile battery 20. 1 shows an example of the internal configuration of the battery exchanger 120. 1 shows an example of an authentication procedure for the mobile battery 20. 1 shows an example of the internal configuration of the battery authentication unit 378. 1 shows an example of the internal configuration of the authentication response unit 232. 1 shows an example of the internal configuration of the on-board device 330. 1 shows an example of the internal configuration of the on-board device 370. 1 shows an example of the internal configuration of the mobile battery 920. 1 shows an example of a procedure for obtaining an authentication public key 74. 1 shows an example of a procedure for obtaining an authentication public key 74. 1 shows an example of a bidirectional authentication process for the battery management system 100. 1 shows an example of the internal configuration of the mobile battery 20. 1 shows an example of the internal configuration of the battery exchanger 120. 1 shows an example of a procedure for authenticating the mobile battery 20. 1 shows an example of a procedure for authenticating the battery exchanger 120. 10A and 10B schematically show an example of the internal configuration of the station authentication unit 1378. 10B schematically show an example of the internal configuration of the authentication response unit 1432. 10C schematically show another example of the bidirectional authentication processing of the battery management system 100. 10D schematically show another example of the internal configuration of the mobile battery 20. 10E schematically show another example of the internal configuration of the storage unit 250. 10F schematically show another example of the internal configuration of the on-board device 370. 10H schematically show another example of the internal configuration of the storage unit 520. 10H schematically show another example of the procedure for acquiring the authentication public key 74. 10H schematically show another example of the procedure for authenticating the mobile battery 20. 10H schematically show another example of the procedure for acquiring the authentication public key 174. 10H schematically show another example of the procedure for authenticating the battery exchange machine 120. 10H schematically show an example of the internal configuration of the control unit 230 and the control unit 376. 10H schematically show an example of a database stored in the storage unit 250. 10H schematically show an example of information processing in the battery management system 100. 10H schematically show another example of the authentication procedure for the mobile battery 20. 10A and 10B schematically illustrate an example of a relationship between a response code and a verification code. 10B schematically illustrate an example of a procedure for verifying a response code and a verification code. 10C schematically illustrate another example of a procedure for verifying a response code and a verification code. 10D schematically illustrate another example of a bidirectional authentication process of the battery management system 100. 10E schematically illustrate another example of a bidirectional authentication process of the battery management system 100.10A and 10B are schematic diagrams showing an example of a two-way authentication process using a plurality of electronic certificates; FIG. 10B is a schematic diagram showing an example of an electronic certificate for authenticating a mobile battery 20; FIG. 10C is a schematic diagram showing an example of an electronic certificate for authenticating a battery exchange machine 120; FIG. 10D is a schematic diagram showing another example of a two-way authentication process of a battery management system 100; FIG. 10E is a schematic diagram showing an example of the internal configuration of a computer 5000;
[0021] The present invention will be described below through embodiments of the invention, but the following embodiments do not limit the scope of the invention. Furthermore, not all of the combinations of features described in the embodiments are necessarily essential to the solution of the invention. In the drawings, the same reference numerals are used to designate the same or similar parts, and redundant explanations may be omitted.
[0022] (Overview of Battery Management System 100) Fig. 1 shows a schematic diagram of an example of the system configuration of the battery management system 100. In this embodiment, the battery management system 100 includes one or more (sometimes simply referred to as one or more) battery exchange machines 120 and a management server 140. In this embodiment, the battery exchange machine 120 has one or more storage units 122 and a communication unit 126. In this embodiment, the storage unit 122 includes one or more slots 124. In this embodiment, the communication unit 126 includes a communication interface 128. The battery exchange machine 120 may be referred to as a battery station.
[0023] In this embodiment, each component of the battery management system 100 operates by consuming power received from the power grid 12. The components of the battery management system 100 can transmit and receive information to and from each other via the communication network 14. The one or more storage units 122 and the communication unit 126 can transmit and receive information to and from each other via a wired or wireless communication line (not shown).
[0024] In this embodiment, the battery management system 100 manages one or more (sometimes referred to as one or more) mobile batteries 20. For the purpose of simplifying the explanation, in this embodiment, the details of the battery management system 100 will be explained using as an example a case in which the battery management system 100 provides a sharing service of the mobile batteries 20 to users 40 of electric motorcycles 30.
[0025] In this embodiment, each of the one or more slots 124 arranged in the storage unit 122 of the battery exchange machine 120 can store one or more mobile batteries 20. Furthermore, each of the one or more slots 124 arranged in the storage unit 122 of the battery exchange machine 120 can charge one or more mobile batteries 20.
[0026] A user 40 who has subscribed to a sharing service for the mobile battery 20 accesses the battery management system 100 using, for example, a communication terminal 42 and requests the rental of a mobile battery 20. The user 40 may reserve the rental of the mobile battery 20 by specifying the desired date, time, and location for the rental of the mobile battery 20, as well as the number of mobile batteries 20 that the user 40 wishes to rent. The communication terminal 42 may access the battery management system 100 via the communication network 14, or may access the battery management system 100 via the battery exchange machine 120. The user 40 may operate the battery exchange machine 120 to request the rental of a mobile battery 20.
[0027] When the request is accepted, the user 40 can remove the mobile battery 20 stored in the battery exchanger 120 (sometimes referred to as dispensing the mobile battery 20). This allows the user 40 to exchange the mobile battery 20 attached to the electric motorcycle 30 with the mobile battery 20 stored in the battery exchanger 120.
[0028] More specifically, the user 40 removes the mobile battery 20 attached to the electric motorcycle 30 from the electric motorcycle 30. The user 40 returns the mobile battery 20 removed from the electric motorcycle 30 to the battery exchange machine 120. When the user 40 returns the mobile battery 20, the battery exchange machine 120 dispenses the charged mobile battery 20 stored in the battery exchange machine 120. The user 40 receives the charged mobile battery 20 from the battery exchange machine 120 and attaches the charged mobile battery 20 to the electric motorcycle 30. In this way, the mobile battery 20 is exchanged between the electric motorcycle 30 and the battery exchange machine 120.
[0029] (Authentication of the mobile battery 20 in the battery management system 100) In this embodiment, the battery exchange machine 120 may be placed in a lockable building or site, or may be placed outdoors in an unlocked state. Considering the convenience of the users 40, it is preferable that the battery exchange machine 120 be placed in an environment where many users 40 can freely use it. On the other hand, if the battery exchange machine 120 is placed in an environment where many users 40 can freely use it, there is a possibility that a mobile battery 20 not under the management of the battery management system 100 (sometimes referred to as an unauthorized mobile battery 20) may be inserted into the slot 124 of the battery exchange machine 120.
[0030] When an unauthorized mobile battery 20 with specifications different from those of the authorized mobile battery 20 is inserted into the slot 124 and the electrical terminals of the unauthorized mobile battery 20 are mated with the electrical terminals of the slot 124, the usage conditions of the unauthorized mobile battery 20 may deviate from the appropriate range. Furthermore, because the battery exchange machine 120 is used by many users 40, there is a possibility that the unauthorized mobile battery 20 may be given to a user 40 other than the user 40 who inserted the unauthorized mobile battery 20 into the slot 124.
[0031] The non-genuine mobile battery 20 is not limited to a mobile battery 20 having specifications different from those of the mobile battery 20 (sometimes referred to as the genuine mobile battery 20) under the management of the battery management system 100. The non-genuine mobile battery 20 may have the same specifications as the genuine mobile battery 20, or may have specifications that comply with those of the genuine mobile battery 20.
[0032] For example, if a user 40 of an electric motorcycle 30 purchases a mobile battery 20, but the user 40 has not subscribed to the mobile battery 20 charging service or mobile battery 20 replacement service provided by the battery management system 100, the mobile battery 20 purchased by the user 40 will be treated as an unauthorized mobile battery 20 having the same specifications as an authorized mobile battery 20. According to this embodiment, the battery management system 100 manages the deterioration state of the authorized mobile battery 20 and performs maintenance or replacement of the mobile battery 20 at an appropriate time. This allows the user 40 to use the mobile battery 20 safely. Furthermore, since a mobile battery 20 with less deterioration is provided, the user 40's usage experience is improved.
[0033] On the other hand, the battery management system 100 cannot grasp the maintenance status of an unauthorized mobile battery 20. Therefore, if a poorly maintained mobile battery 20 is mixed in with the mobile batteries 20 stored in the battery exchanger 120, the user's 40 experience may be degraded. Therefore, according to the present embodiment, when the mobile battery 20 is inserted into the slot 124, the battery exchanger 120 executes an authentication process for the mobile battery 20.
[0034] Possible methods for authenticating the mobile battery 20 include (i) a method in which the electric motorcycle 30 or the battery exchanger 120 acquires identification information (sometimes referred to as a battery ID) of the mobile battery 20 to be authenticated and compares the battery ID of the mobile battery 20 to be authenticated with a list of battery IDs of legitimate mobile batteries 20 (sometimes referred to as a whitelist), and (ii) a method in which the electric motorcycle 30 or the battery exchanger 120 authenticates the mobile battery 20 by sending and receiving an authentication code using a common key encryption method.
[0035] However, with the above-mentioned methods, it is difficult to effectively prevent the leakage of battery IDs and the like due to eavesdropping, repeat attacks, and the like. For example, when authenticating the mobile battery 20 using a whitelist of battery IDs, if a battery ID registered on the whitelist is leaked, it becomes difficult to prevent the distribution of counterfeit mobile batteries 20. Furthermore, when authenticating the mobile battery 20 using a common key cryptosystem, if the common key is leaked, it becomes difficult to prevent the distribution of counterfeit mobile batteries 20. In particular, if multiple batteries have the same common key, the damage caused by counterfeiting will be magnified.
[0036] Therefore, in this embodiment, the battery management system 100 authenticates the mobile battery 20 using a public key cryptosystem. This allows the battery management system 100 to resolve the above-mentioned issues and to confirm whether the mobile battery 20 inserted in the slot 124 is a genuine mobile battery 20.
[0037] Additionally, according to this embodiment, the battery exchange device 120 authenticates the mobile battery 20 using a public key cryptosystem. A public key cryptosystem may be a known system. Examples of public key cryptosystem cryptosystems include RSA cryptosystems and elliptic curve cryptosystems.
[0038] Because the processor installed in the mobile battery 20 or electric motorcycle 30 has relatively low computing power, it is difficult for the mobile battery 20 or electric motorcycle 30 to perform complex calculations on its own. On the other hand, the battery exchange device 120 can be equipped with a processor with greater computing power than the processor installed in the mobile battery 20 or electric motorcycle 30. Public key cryptography imposes a greater computational load than symmetric key cryptography. Therefore, when authenticating the mobile battery 20 using public key cryptography, the processor that executes the authentication process is required to perform complex calculations at high speed. In this regard, the battery exchange device 120 can use a high-performance processor to authenticate the mobile battery 20 using public key cryptography.
[0039] Specifically, first, the key issuer 50 issues a pair of authentication private key 72 and authentication public key 74 for each of one or more mobile batteries 20. The key issuer 50 may be the manufacturer or transferor of the mobile battery 20, the manufacturer or transferor of the battery exchanger 120, or the administrator or operator of the battery management system 100. The key issuer 50 may be a natural person, a corporation, an organization, or an employee or staff member of the corporation or organization. The key issuer 50 may issue the pair of authentication private key 72 and authentication public key 74 using a communication terminal 52.
[0040] Next, the key issuer 50 stores the authentication private key 72 of each of the one or more mobile batteries 20 in a storage device (not shown) of each of the one or more mobile batteries 20. In one embodiment, the key issuer 50 communicatively connects the communication terminal 52 and the mobile battery 20, and causes the communication terminal 52 to transmit the authentication private key 72 corresponding to the mobile battery 20 connected to the communication terminal 52 to the mobile battery 20. The communication terminal 52 and the mobile battery 20 may transmit and receive information via wired communication or wireless communication. In another embodiment, the key issuer 50 may input the authentication private key 72 into an input device provided on the mobile battery 20, or may attach a storage device storing the authentication private key 72 to the mobile battery 20.
[0041] Furthermore, the key issuer 50 stores the authentication public key 74 of each of the one or more mobile batteries 20 in a storage device (not shown) of each of the one or more battery exchangers 120. In one embodiment, the key issuer 50 makes the authentication public key 74 of each of the one or more mobile batteries 20 available to each of the one or more battery exchangers 120. For example, the key issuer 50 operates the communication terminal 52 to set up each of the one or more battery exchangers 120 to be able to access a database that stores a battery ID and an authentication public key 74 associated with each other for each of the one or more mobile batteries 20. The database may be stored in the communication terminal 52 or in the management server 140.
[0042] In another embodiment, the key issuer 50 communicatively connects the communication terminal 52 and the battery exchange machine 120 and causes the communication terminal 52 to transmit the database to the battery exchange machine 120. The communication terminal 52 and the battery exchange machine 120 may transmit and receive information via wired communication or wireless communication. In yet another embodiment, the key issuer 50 may input the database from an input device provided in the battery exchange machine 120, or may attach a storage device storing the database to the battery exchange machine 120. The database is stored in the storage device of the battery exchange machine 120 when the battery exchange machine 120 is manufactured, shipped, transferred, or installed. The database may also be updated as appropriate.
[0043] In this state, when the user 40 inserts the mobile battery 20 into the slot 124 of the battery exchange machine 120 and the mobile battery 20 is attached to the slot 124, the battery exchange machine 120 first acquires the battery ID of the mobile battery 20 attached to the slot 124. The battery exchange machine 120 may acquire the battery ID of the mobile battery 20 from the mobile battery 20, or may acquire the battery ID of the mobile battery 20 from the communication terminal 42.
[0044] Next, based on the battery ID, the battery exchange machine 120 acquires the authentication public key 74 of the mobile battery 20 attached to the slot 124. In one embodiment, the battery exchange machine 120 refers to the database stored in the storage device of the battery exchange machine 120 using the battery ID as a key, and acquires the authentication public key 74 of the mobile battery 20 attached to the slot 124. In another embodiment, the battery exchange machine 120 accesses the communication terminal 52 or the management server 140, and uses the battery ID as a key to refer to the database stored in the communication terminal 52 or the management server 140, and acquires the authentication public key 74 of the mobile battery 20 attached to the slot 124.
[0045] Next, the battery exchange machine 120 prepares a code (sometimes referred to as an authentication code) for authenticating the mobile battery 20 inserted in the slot 124. The authentication code may be a combination of numbers, letters, and symbols. The authentication code may be image data or audio data. The authentication code may be generated each time authentication is performed, or may be generated each time a predetermined validity period elapses. The authentication code may be a code that is predetermined for each mobile battery 20. For example, the battery exchange machine 120 generates a random number each time an authentication process is performed, and uses the random number as the authentication code.
[0046] Next, the battery exchange device 120 converts the authentication code based on the authentication public key 74 of the mobile battery 20 installed in the slot 124. Specifically, the battery exchange device 120 encrypts the authentication code using the authentication public key 74 of the mobile battery 20 installed in the slot 124. As a result, a challenge code including the encrypted authentication code is generated.
[0047] The battery exchange device 120 transmits the generated challenge code to the mobile battery 20, requesting it to respond to the challenge code. As a response to the challenge code, for example, the mobile battery 20 transmits a response code including information indicating that it has successfully decrypted the authentication code encrypted with the authentication public key 74.
[0048] Examples of information indicating that the mobile battery 20 has successfully decrypted the authentication code encrypted with the authentication public key 74 include (i) the decrypted authentication code, and (ii) information generated by processing the decrypted authentication code in accordance with a predetermined algorithm (sometimes referred to as a first algorithm). Examples of the first algorithm include an algorithm related to arithmetic processing using a predetermined function (sometimes referred to as a first function), and an algorithm related to encryption processing using predetermined information. An example of the above function is a hash function.
[0049] The encryption process may be a common key encryption process using a common key, or a public key encryption process using a public key and a private key. Examples of public key encryption processes include the RSA encryption and elliptic curve encryption described above.
[0050] When the mobile battery 20 receives the challenge code and a response request to the challenge code (sometimes referred to as an authentication response request), it uses the authentication private key 72 of the mobile battery 20 to decrypt the authentication code encrypted with the authentication public key 74. If the mobile battery 20 succeeds in decrypting the authentication code encrypted with the authentication public key 74, the decrypted authentication code is obtained. This allows the mobile battery 20 to generate a decrypted authentication code using the challenge code or the authentication code encrypted with the authentication public key 74 included in the challenge code, and the authentication private key 72 of the mobile battery 20.
[0051] Next, the mobile battery 20 generates a response code in accordance with a predetermined rule. The rule may be information indicating the type of information or generation procedure indicating that the mobile battery 20 has successfully decrypted the authentication code encrypted with the authentication public key 74. Furthermore, the mobile battery 20 transmits the generated response code to the battery exchange machine 120 as a response to the authentication response request.
[0052] In one embodiment, the above rule indicates that the mobile battery 20 uses the decrypted authentication code as information indicating that it has successfully decrypted the authentication code encrypted with the authentication public key 74. In this case, the mobile battery 20 generates a response code including the decrypted authentication code.
[0053] In another embodiment, the above rule indicates that the mobile battery 20 uses information generated by processing the decrypted authentication code according to a first algorithm (sometimes referred to as a first processed value of the decrypted authentication code) as information indicating that the mobile battery 20 has successfully decrypted the authentication code encrypted with the authentication public key 74. In this case, the mobile battery 20 generates the first processed value by processing the decrypted authentication code according to the first algorithm. The mobile battery 20 also generates a response code including the first processed value. Use of the response code including the first processed value can prevent leakage of the authentication code due to eavesdropping, repeat attacks, etc., and reverse analysis of the authentication algorithm.
[0054] For example, if the first algorithm is an algorithm related to arithmetic processing using a hash function, the mobile battery 20 generates a response code including a hash value of the decrypted authentication code. If the first algorithm is a common key encryption process using a common key, the mobile battery 20 generates a response code including a ciphertext obtained by encrypting the decrypted authentication code using the common key. If the first algorithm is a public key encryption process using a public key and a private key, the mobile battery 20 generates a response code including a ciphertext obtained by encrypting the decrypted authentication code using the private key or the public key.
[0055] Next, the battery exchange device 120 receives a response code from the mobile battery 20. Based on the response code, the battery exchange device 120 confirms that the mobile battery 20 has successfully decrypted the authentication code encrypted with the authentication public key 74.
[0056] In one embodiment, if the response code includes a decrypted authentication code, the battery exchange device 120 compares the authentication code generated by the battery exchange device 120 with the authentication code included in the response code. For example, the battery exchange device 120 determines whether the authentication code generated by the battery exchange device 120 matches the authentication code included in the response code. Furthermore, based on the comparison result, the battery exchange device 120 confirms whether the mobile battery 20 has successfully decrypted the authentication code encrypted with the authentication public key 74. This allows the battery exchange device 120 to confirm whether the mobile battery 20 inserted in the slot 124 is a genuine mobile battery 20.
[0057] For example, if the authentication code generated by the battery exchange machine 120 matches the restored authentication code included in the response code, the battery exchange machine 120 confirms that the mobile battery 20 attached to the slot 124 is a genuine mobile battery 20. On the other hand, if the authentication code generated by the battery exchange machine 120 does not match the restored authentication code included in the response code, the battery exchange machine 120 confirms that the mobile battery 20 attached to the slot 124 is not a genuine mobile battery 20, or that the mobile battery 20 attached to the slot 124 is an unauthorized mobile battery 20.
[0058] In another embodiment, if the response code includes a first processed value of the decrypted authentication code, the battery exchange device 120 compares information generated by processing the authentication code generated by the battery exchange device 120 according to a first algorithm (sometimes referred to as the first processed value of the authentication code generated by the battery exchange device 120) with the first processed value of the decrypted authentication code included in the response code. For example, the battery exchange device 120 determines whether the first processed value of the authentication code generated by the battery exchange device 120 matches the first processed value of the decrypted authentication code. Furthermore, based on the comparison result, the battery exchange device 120 confirms whether the mobile battery 20 successfully decrypted the authentication code encrypted with the authentication public key 74. This allows the battery exchange device 120 to confirm whether the mobile battery 20 inserted in the slot 124 is a genuine mobile battery 20.
[0059] For example, if the first processed value of the authentication code generated by the battery exchange machine 120 matches the first processed value of the restored authentication code included in the response code, the battery exchange machine 120 confirms that the mobile battery 20 attached to the slot 124 is a genuine mobile battery 20. On the other hand, if the first processed value of the authentication code generated by the battery exchange machine 120 does not match the first processed value of the restored authentication code included in the response code, the battery exchange machine 120 confirms that the mobile battery 20 attached to the slot 124 is not a genuine mobile battery 20, or that the mobile battery 20 attached to the slot 124 is an unauthorized mobile battery 20.
[0060] In yet another embodiment, if the response code includes a first processed value of the decrypted authentication code, the battery exchange device 120 compares the authentication code generated by the battery exchange device 120 with information generated by processing the first processed value of the decrypted authentication code included in the response code according to a second algorithm (sometimes referred to as a second processed value of the restored authentication code). For example, the battery exchange device 120 determines whether the authentication code generated by the battery exchange device 120 matches the second processed value of the decrypted authentication code. Furthermore, based on the comparison result, the battery exchange device 120 confirms whether the mobile battery 20 successfully decrypted the authentication code encrypted with the authentication public key 74. This allows the battery exchange device 120 to confirm whether the mobile battery 20 inserted in the slot 124 is a genuine mobile battery 20.
[0061] The second algorithm may be an algorithm for a calculation process using a second function that is an inverse function of the first function, or an algorithm for a decryption process for decrypting information encrypted by the encryption process using the first algorithm. The decryption process may be a decryption process using key information used for the encryption using the first algorithm, or key information paired with the key information.
[0062] For example, if the authentication code generated by the battery exchange machine 120 matches the second processed value of the restored authentication code included in the response code, the battery exchange machine 120 confirms that the mobile battery 20 attached to the slot 124 is a genuine mobile battery 20. On the other hand, if the authentication code generated by the battery exchange machine 120 does not match the second processed value of the restored authentication code included in the response code, the battery exchange machine 120 confirms that the mobile battery 20 attached to the slot 124 is not a genuine mobile battery 20, or that the mobile battery 20 attached to the slot 124 is an unauthorized mobile battery 20.
[0063] As described above, the battery exchange device 120 can effectively prevent the leakage of the authentication code while verifying that the mobile battery 20 is a genuine mobile battery 20. Furthermore, the battery exchange device 120 can effectively prevent the leakage of information used to authenticate a genuine device, such as the authentication code (sometimes referred to as authentication information), while verifying that the mobile battery 20 attached to the slot 124 is not a genuine mobile battery 20 or that the mobile battery 20 attached to the slot 124 is an unauthorized mobile battery 20.
[0064] As described above, the battery exchange device 120 is configured to be able to exchange the mobile battery 20. Therefore, the battery exchange device 120 may determine whether or not to exchange the mobile battery 20 based on the above confirmation result. The battery exchange device 120 may determine whether or not to exchange the mobile battery 20 based on information (sometimes referred to as a white list) for identifying, among the multiple mobile batteries 20, mobile batteries 20 that can be shared by multiple mobile batteries 20. The battery exchange device 120 may determine whether or not to exchange the mobile battery 20 based on the above confirmation result and the white list.
[0065] Similarly, the battery exchange device 120 is configured to be able to charge or discharge the mobile battery 20. Therefore, the battery exchange device 120 may determine whether to charge or discharge the mobile battery 20 based on the above confirmation result. The battery exchange device 120 may determine whether to charge or discharge the mobile battery 20 based on a whitelist. The battery exchange device 120 may determine whether to charge or discharge the mobile battery 20 based on the above confirmation result and the whitelist.
[0066] (Overview of Components Related to the Battery Management System 100) In this embodiment, the communication network 14 transmits information. The communication network 14 may be a wired communication transmission path, a wireless communication transmission path, or a combination of a wireless communication transmission path and a wired communication transmission path. The communication network 14 may include a wireless packet communication network, the Internet, a P2P network, a dedicated line, a VPN, a power line communication line, etc.
[0067] The communication network 14 may include (i) a mobile communication network such as a mobile phone network, or (ii) a wireless communication network such as a wireless MAN (e.g., WiMAX (registered trademark)), a wireless LAN (e.g., WiFi (registered trademark)), Bluetooth (registered trademark), Zigbee (registered trademark), or NFC (Near Field Communication). The wireless LAN, Bluetooth (registered trademark), Zigbee (registered trademark), and NFC may be examples of short-range wireless communication.
[0068] In this embodiment, the mobile battery 20 stores electric energy. The mobile battery 20 may be configured to be detachable (sometimes referred to as "freely detachable") from the electric motorcycle 30. The mobile battery 20 may be configured to be detachable from the battery exchanger 120. This allows the user 40 to exchange the mobile battery 20 attached to the electric motorcycle 30 with the mobile battery 20 housed in the battery exchanger 120.
[0069] In one embodiment, the mobile battery 20 is attached to the electric motorcycle 30 and supplies power to the electric motorcycle 30. As described above, the mobile battery 20 may be detachably attached to the electric motorcycle 30. In another embodiment, the mobile battery 20 is charged by the battery exchange machine 120 while it is housed in the battery exchange machine 120.
[0070] The mobile battery 20 may supply power to the battery exchanger 120 while housed in the battery exchanger 120. This allows the battery exchanger 120 to use a portion of the mobile battery 20 housed in the battery exchanger 120 as, for example, an uninterruptible power supply (sometimes referred to as a UPS).
[0071] In this embodiment, the mobile battery 20 stores an authentication private key 72. The authentication private key 72 may be stored in any type of storage device (not shown) arranged in the mobile battery 20. The mobile battery 20 may also store various keys used for various encryption processes and / or decryption processes executed between the mobile battery 20 and the battery exchange machine 120. Examples of the above keys include a private key for electronic signatures and a public key for electronic signatures.
[0072] In this embodiment, the electric motorcycle 30 is equipped with a mobile battery 20. The electric motorcycle 30 may be equipped with a plurality of mobile batteries 20. The electric motorcycle 30 uses power stored in the mobile batteries 20. For example, the electric motorcycle 30 runs by consuming power supplied from the mobile batteries 20.
[0073] In the present embodiment, the communication terminal 42 transmits and receives information to and from each unit of the battery management system 100 via the communication network 14. The communication terminal 42 may function as a user interface when the user 40 accesses the battery management system 100. The communication terminal 42 may be used for user authentication processing by the battery management system 100.
[0074] Examples of the communication terminal 42 include a personal computer and a mobile terminal. Examples of the mobile terminal include a mobile phone, a smartphone, a PDA (registered trademark), a tablet, a notebook computer or laptop computer, and a wearable computer.
[0075] In this embodiment, the communication terminal 52 transmits and receives information to and from each unit of the battery management system 100 via the communication network 14. The communication terminal 52 may function as a user interface when the key issuer 50 accesses the battery management system 100.
[0076] The communication terminal 52 may be used for generating various keys such as an authentication private key 72 and an authentication public key 74. The communication terminal 52 may store the generated authentication private key 72 in a storage device of the mobile battery 20 corresponding to the key. After the authentication private key 72 is stored in the mobile battery 20, the communication terminal 52 may erase the authentication private key 72 from the storage device of the communication terminal 52. The communication terminal 52 may store the generated authentication public key 74 in a storage device of one or more battery exchange machines 120. The communication terminal 52 may have a database that stores, for each of one or more mobile batteries 20, a battery ID and the various public keys described above in association with each other. The database may store, for each of one or more mobile batteries 20, the battery ID of each of one or more mobile batteries 20 in association with each of the authentication public keys 74 of each of one or more mobile batteries 20.
[0077] The communication terminal 52 may be configured to be capable of wireless communication with one or more battery exchangers 120. The communication terminal 52 may be an information processing device that has confirmed that at least one of the one or more battery exchangers 120 is genuine. The communication terminal 52 may be an information processing device that is reliable for the one or more battery exchangers 120. The communication terminal 52 may be configured to be capable of wireless communication with one or more mobile batteries 20. The communication terminal 52 may be an information processing device that has confirmed that at least one of the one or more mobile batteries 20 is genuine. The communication terminal 52 may be an information processing device that is reliable for the one or more mobile batteries 20.
[0078] Examples of the communication terminal 52 include a personal computer and a mobile terminal. Examples of the mobile terminal include a mobile phone, a smartphone, a PDA, a tablet, a notebook computer or laptop computer, and a wearable computer.
[0079] In this embodiment, the battery exchanger 120 accommodates the mobile battery 20. The battery exchanger 120 may accommodate a plurality of mobile batteries 20. This allows the battery exchanger 120 to store one or more mobile batteries 20. In this embodiment, the battery exchanger 120 charges at least one of the one or more mobile batteries 20. The battery exchanger 120 may charge the mobile battery 20 until the charging rate or voltage of the mobile battery 20 reaches a predetermined set value.
[0080] In this embodiment, the battery exchange machine 120 makes the fully charged mobile battery 20 ready to be removed (sometimes referred to as dispensing). In response to a request from the user 40, the battery exchange machine 120 may dispense a mobile battery 20 that meets the request. The battery exchange machine 120 may obtain information indicating dispensing conditions, which are conditions related to the mobile battery 20 to be dispensed, from the management server 140, and may determine the mobile battery 20 to actually be dispensed from among the mobile batteries 20 that meet the dispensing conditions.
[0081] In another embodiment, the battery exchange device 120 may discharge at least some of the multiple mobile batteries 20. The battery exchange device 120 may use the power output by discharging the mobile batteries 20. For example, the battery exchange device 120 operates by consuming the power output by discharging the mobile batteries 20. When the battery exchange device 120 operates by consuming the power output by discharging one mobile battery 20, it may stop or interrupt the charging operation of the other mobile batteries 20. Even in this case, the battery exchange device 120 may continue the dispensing operation of the mobile batteries 20.
[0082] This allows the battery exchanger 120 to use some of the mobile batteries 20 housed in the battery exchanger 120 as an uninterruptible power supply. According to the battery exchanger 120 of this embodiment, for example, even if an abnormality occurs in the power supply from the power grid 12 to the battery exchanger 120, the power supply to the control device can be continued. As a result, for example, the battery exchanger 120 can continue to dispense mobile batteries 20. Therefore, even if the battery exchanger 120 is installed in an area where power outages occur relatively frequently, for example, an environment in which batteries can be exchanged stably can be provided.
[0083] In this embodiment, the storage unit 122 holds a plurality of slots 124. In this embodiment, the storage unit 122 is formed separately from the communication unit 126. The storage unit 122 may be installed separately from the communication unit 126, or may be installed adjacent to the communication unit 126.
[0084] Furthermore, in this embodiment, the storage unit 122 generates a processing flow including one or more processes for controlling the operation of at least one of the multiple slots 124 based on a first command transmitted from the communication unit 126. The storage unit 122 determines whether each of the one or more processes is executable. For a process determined to be executable, the storage unit 122 generates a second command for controlling the slot 124 that is the target of that process. The storage unit 122 controls the operation of the slot 124 based on the generated second command. This can restrict the execution of some of the instructions indicated by the first command.
[0085] For example, if one or more of the above processes includes an operation related to the safety of the mobile battery 20 or the safety of the user 40 or the maintenance personnel of the battery exchange machine 120, the storage unit 122 determines whether a condition for permitting the execution of the safety-related operation is met. If it is determined that the above condition is met, the storage unit 122 determines that the process is executable. As a result, the operation of the slot 124 is controlled based on a second command related to the above process. On the other hand, if it is determined that the above condition is not met, the storage unit 122 determines that the process is not executable. In this case, the second command related to the above process is not sent to the slot 124.
[0086] This ensures the safety of the mobile battery 20, the user 40, or the maintenance personnel even when the communication unit 126 outputs the first command based on a request from the management server 140. For example, even if the state of the battery exchange machine 120 changes after the management server 140 sends the request, the management server 140 can cancel the request if the communication environment of the battery exchange machine 120 is good. However, if the communication environment of the battery exchange machine 120 is not good, it may take some time for the management server 140 to cancel the request. According to this embodiment, the storage unit 122 determines whether to execute the second command based on the state of the battery exchange machine 120, so the battery exchange machine 120 can cancel or suspend the execution of some processes without waiting for a cancellation request from the management server 140.
[0087] In this embodiment, each of the multiple slots 124 is configured to be able to store at least one of one or more mobile batteries 20. At least one of one or more mobile batteries 20 is attached to each of the multiple slots 124. Furthermore, each of the multiple slots 124 has electrical terminals (not shown) that are electrically connected to electrical terminals (not shown) of one or more mobile batteries 20. This allows each of the multiple slots 124 to charge or discharge the mobile battery 20 stored therein.
[0088] Note that "electrically connected" does not necessarily mean that two elements are directly physically connected. A third element may be interposed between the two elements. Furthermore, it does not necessarily mean that the two elements are physically connected. For example, the input winding and output winding of a transformer are not physically connected, but are electrically connected. This allows the slot 124 to support not only wired charging and discharging of the mobile battery 20, but also wireless charging and discharging of the mobile battery 20.
[0089] Each of the plurality of slots 124 may include a communication terminal communicatively connected to the communication terminals of one or more mobile batteries 20. The communication method between the communication terminals of the slots 124 and the communication terminals of the mobile batteries 20 may be a wired communication method or a wireless communication method. This allows each of the plurality of slots 124 to read information from and write information to a storage device (not shown) of the mobile battery 20 stored in the slot.
[0090] In this embodiment, the communication unit 126 is responsible for information processing in the battery exchange machine 120 that involves at least one of the user 40 and the management server 140. For example, the communication unit 126 receives a request from at least one of the user 40 and the management server 140 and responds to the request. When the communication unit 126 determines that the storage unit 122 is necessary to process a request from at least one of the user 40 and the management server 140, the communication unit 126 transmits an instruction (sometimes referred to as a command) to the storage unit 122. The above-mentioned first instruction may be an example of an instruction.
[0091] If the communication unit 126 can process requests from at least one of the user 40 and the management server 140 without cooperating with the storage unit 122, the communication unit 126 does not need to send commands to the storage unit 122. This simplifies information processing in the storage unit 122. The communication unit 126 can perform, for example, communication control processing with the outside of the battery exchange machine 120, authentication processing for the user 40, and selection processing for the slot 124, without cooperating with the storage unit 122.
[0092] As described above, in this embodiment, the communication unit 126 is formed separately from the storage unit 122. The storage unit 122 may be installed apart from the communication unit 126 or may be installed adjacent to the communication unit 126.
[0093] The communication interface 128 is configured to be able to communicate with an information processing device external to the battery exchange machine 120. The communication interface 128 may support multiple communication methods. The communication interface 128 may support a wired communication method or a wireless communication method. In one embodiment, the communication interface 128 sends and receives information to and from the communication terminal 42 used by the user 40. In another embodiment, the communication interface 128 sends and receives information to and from the management server 140.
[0094] In this embodiment, the management server 140 is disposed outside the battery exchange machine 120. Furthermore, the management server 140 can send and receive information to and from the communication unit 126 of the battery exchange machine 120 via the communication network 14.
[0095] In this embodiment, the management server 140 manages one or more mobile batteries 20. For example, the management server 140 manages the status of each of the one or more mobile batteries 20. The management server 140 may manage the return and payment of each of the one or more mobile batteries 20. The management server 140 may send various requests for managing the mobile batteries 20 to at least one of the one or more battery exchangers 120.
[0096] The management server 140 may manage one or more battery exchangers 120. The management server 140 may manage the status of each of the one or more battery exchangers 120. Examples of the status of the battery exchanger 120 include the external power supply status, the number of mobile batteries 20 that can be accepted, the number of mobile batteries 20 that can be dispensed, the presence or absence of mobile batteries 20 that can be used as uninterruptible power supplies, the number of such mobile batteries 20 or their identification information, and the charge status of the mobile batteries 20. The management server 140 may send various requests for managing the battery exchanger 120 to at least one of the one or more battery exchangers 120.
[0097] The management server 140 may determine dispensing conditions, which are conditions related to the mobile batteries 20 to be dispensed, for at least some of the one or more battery exchangers 120. Examples of dispensing conditions include the priority order for dispensing each of the multiple mobile batteries 20 stored in the battery exchanger 120, identification information of the mobile batteries 20 to be preferentially dispensed, and characteristics of the mobile batteries 20 to be preferentially dispensed.
[0098] In this embodiment, the management server 140 may be used for distribution processing of various keys such as the authentication public key 74. The management server 140 may have a database that stores, for each of one or more mobile batteries 20, a battery ID and the above-mentioned various keys in association with each other. The database may store, for each of one or more mobile batteries 20, the battery ID of each of one or more mobile batteries 20 in association with the authentication public key 74 of each of one or more mobile batteries 20. In response to a request from each of one or more battery exchange machines 120, the management server 140 may extract the authentication public key 74 of the mobile battery 20 indicated by the request and transmit the extracted authentication public key 74.
[0099] The management server 140 may be configured to be capable of wireless communication with one or more battery exchangers 120. The management server 140 may be an information processing device that has confirmed that at least one of the one or more battery exchangers 120 is genuine. The management server 140 may be an information processing device that is reliable for the one or more battery exchangers 120. The management server 140 may be configured to be capable of wireless communication with one or more mobile batteries 20. The management server 140 may be an information processing device that has confirmed that at least one of the one or more mobile batteries 20 is genuine. The management server 140 may be an information processing device that is reliable for the one or more mobile batteries 20.
[0100] The mobile battery 20 may be an example of a device to be verified, a second power device, or a power storage device. The key issuer 50 may be an example of a manufacturer or transferor of the verification device, a manufacturer or transferor of the device to be verified, or an issuer of the second information and the fourth information. The communication terminal 52 may be an example of a first external device or a second external device. The battery management system 100 may be an example of a verification device or a verification system. The battery exchanger 120 may be an example of a verification device, a first power device, or a storage device. The storage unit 122 may be an example of a first power device or a storage device. The slot 124 may be an example of a first power device, a storage device, or an attachment section. The management server 140 may be an example of a first external device or a second external device.
[0101] The authentication code may be an example of first information. The authentication public key 74 may be an example of second information. The authentication code encrypted with the authentication public key 74 may be an example of third information. The challenge code may be an example of third information. The authentication private key 72 may be an example of fourth information. The decrypted authentication code may be an example of fifth information. The first processed value of the decrypted authentication code may be an example of sixth information. The first processed value of the authentication code generated by the battery exchange machine 120 may be an example of seventh information. The second processed value of the restored authentication code may be an example of eighth information. The information used in the encryption process using the first algorithm may be an example of ninth information. The information used in the decryption process using the second algorithm may be an example of ninth information or tenth information.
[0102] Encryption may be an example of information conversion. Decryption may be an example of information reverse conversion. A genuine mobile battery 20 may be an example of a genuine device. An ungenuine mobile battery 20 may be an example of an ungenuine device. A whitelist may be an example of shared identification information. A method of authenticating a mobile battery 20 may be an example of a method of verifying a mobile battery 20.
[0103] The authentication code may be an example of first verification information. The authentication public key 74 may be an example of second verification information. The authentication code encrypted with the authentication public key 74 may be an example of third verification information. The authentication private key 72 may be an example of fourth verification information. The authentication private key 72 may be an example of a first private key. The authentication public key 74 may be an example of a first public key corresponding to the first private key.
[0104] (Example of another embodiment) In the present embodiment, the details of the battery management system 100 have been described using as an example a case in which the battery management system 100 provides a sharing service for the mobile battery 20. However, the service provided by the battery management system 100 is not limited to this embodiment. In another embodiment, the battery management system 100 may provide a charging service for the mobile battery 20 to a user 40 of the mobile battery 20.
[0105] In this embodiment, the details of the battery exchange machine 120 have been described using an example in which the battery exchange machine 120 operates using power received from the power grid 12. However, the battery exchange machine 120 is not limited to this embodiment. In other embodiments, for example, if at least one of the one or more slots 124 arranged in the battery exchange machine 120 is equipped with a bidirectional DC / DC converter, the battery exchange machine 120 may operate using power discharged from at least one of the one or more mobile batteries 20 stored in the battery exchange machine 120.
[0106] In this embodiment, the details of the battery management system 100 have been described using an example in which the battery exchange machine 120 includes one or more storage units 122 and a single communication unit 126. However, the battery exchange machine 120 is not limited to this embodiment. In other embodiments, the battery exchange machine 120 may include multiple storage units 122 and multiple communication units 126. In this case, the number of storage units 122 may be greater than the number of communication units 126.
[0107] In this embodiment, the details of the battery management system 100 have been described using as an example a case where each of the one or more battery exchange devices 120 acquires the authentication public key 74 of one or more mobile batteries 20 from the key issuer 50, the communication terminal 52, or the management server 140. However, the method of acquiring the authentication public key 74 in the battery exchange device 120 is not limited to this embodiment. In other embodiments, each of the one or more battery exchange devices 120 may acquire the authentication public key 74 of the mobile battery from the mobile battery 20 attached to the slot 124.
[0108] In this embodiment, an example of a method for authenticating the mobile battery 20 has been described using as an example a case in which (i) the battery exchange device 120 generates an authentication code, (ii) the battery exchange device 120 encrypts the generated authentication code with the authentication public key 74 to generate a challenge code, and (iii) the mobile battery 20 decrypts the encrypted authentication code included in the challenge code with the authentication private key 72 to generate a response code. However, the method for authenticating the mobile battery 20 is not limited to this embodiment. According to other embodiments, the mobile battery 20 is authenticated using a digital signature or a digital certificate. An example of an authentication procedure using a digital signature is as follows.
[0109] For example, first, the mobile battery 20 generates an authentication code. Next, the mobile battery 20 signs the authentication code using a private key. Specifically, the mobile battery 20 encrypts the authentication code using the private key. At this time, the mobile battery 20 may use the private key to encrypt data (sometimes referred to as a message) including the authentication code, information transmitted from the battery exchange machine 120, and / or temporary information (for example, time information indicating the time of signing). This reduces damage caused by a repeat attack.
[0110] The mobile battery 20 transmits, for example, the battery ID, the generated authentication code (plain text), and the encrypted information (sometimes referred to as ciphertext) in association with each other to the battery exchange device 120. As described above, the ciphertext may be data in which the authentication code is encrypted. The ciphertext may also be data in which the message is encrypted.
[0111] Next, when the battery exchange device 120 receives the above data from the mobile battery 20, the battery exchange device 120 executes processing to acquire the public key of the mobile battery 20. For example, the battery exchange device 120 accesses a database of public keys stored in an arbitrary storage device to acquire the public key associated with the battery ID of the mobile battery 20. The battery exchange device 120 uses the public key of the mobile battery 20 to decrypt the encrypted text of the authentication code included in the data received from the mobile battery 20.
[0112] The battery exchange device 120 compares the above-mentioned decrypted authentication code with the authentication code (plain text) received from the mobile battery 20. For example, the battery exchange device 120 determines whether the above-mentioned decrypted authentication code matches the authentication code (plain text) received from the mobile battery 20. If the two match, the battery exchange device 120 confirms that the mobile battery 20 is authentic.
[0113] In this embodiment, an example of a method for a verification device to authenticate a verified device has been described using an example in which a challenge code including an encrypted authentication code is generated. However, the challenge code is not limited to this embodiment. In other embodiments, the challenge code may include an unencrypted authentication code.
[0114] (An example of another embodiment related to the subject of the verification process) In this embodiment, the details of the verification method by which the verification device verifies whether the verified device is a legitimate device will be described using an example in which the battery exchange device 120 authenticates the mobile battery 20. However, the verification method is not limited to this embodiment.
[0115] Those skilled in the art who have read the description of this specification will understand that regardless of the specific combination of the confirmation device and the confirmed device, the confirmation device can confirm the confirmed device using a procedure similar to the procedure by which the battery exchange device 120 confirms the mobile battery 20. For example, if the confirmation device is the mobile battery 20 and the confirmed device is the battery exchange device 120, the mobile battery 20 can confirm whether the battery exchange device 120 is a genuine device using a procedure similar to the procedure by which the battery exchange device 120 confirms the mobile battery 20.
[0116] For example, the verification device is not limited to the battery exchange machine 120. The entity that authenticates the mobile battery 20 may be (i) a device configured to be electrically connectable to the mobile battery 20, (ii) a device configured to be able to supply power to the mobile battery 20, or (iii) a device configured to be able to receive power from the mobile battery 20 (these devices may be referred to as power devices). Similarly, the device to be verified is not limited to the mobile battery 20. For example, when the mobile battery 20 authenticates another device, the object authenticated by the mobile battery 20 may be (i) a device configured to be electrically connectable to the mobile battery 20, (ii) a device configured to be able to supply power to the mobile battery 20, or (iii) a device configured to be able to receive power from the mobile battery 20 (these devices may be referred to as power devices).
[0117] Examples of the power device include an electric motorcycle 30 and a battery exchanger 120. Other examples of the power device include (a) a charger that has a function of charging the mobile battery 20 but does not have a function of supplying power to the outside, (b) a power supply device that has one or more mobile batteries 20 attached and supplies power stored in the one or more mobile batteries 20 to the outside, and (c) a device that has both a function of charging the mobile battery 20 (or a function of receiving power from the outside) and a function of discharging the mobile battery 20 (or a function of supplying power to the outside).
[0118] In other embodiments, the confirmation device may be the mobile battery 20, and the confirmed device may be the electric motorcycle 30, the communication terminal 52, or the battery exchanger 120. In yet another embodiment, the confirmation device may be the electric motorcycle 30, and the confirmed device may be the mobile battery 20. In yet another embodiment, the confirmation device may be the battery exchanger 120, and the confirmed device may be the communication terminal 52 or the management server 140. In yet another embodiment, the confirmation device may be the communication terminal 52, and the confirmed device may be the mobile battery 20, the battery exchanger 120, or the management server 140. In yet another embodiment, the confirmation device may be the management server 140, and the confirmed device may be the communication terminal 52 or the battery exchanger 120. In yet another embodiment, when the mobile battery 20 and the management server 140 can send and receive information to and from each other, the confirmation device may be the mobile battery 20, and the confirmed device may be the management server 140. Furthermore, the confirmation device may be the management server 140, and the confirmed device may be the mobile battery 20.
[0119] As described above, the mobile battery 20 may be an example of a verification device. The battery exchanger 120 may be an example of a verified device. The electric motorcycle 30 may be an example of a verification device or a verified device. An authorized battery exchanger 120 may be an example of an authorized device. An authorized electric motorcycle 30 may be an example of an authorized device. An authentication method for one device to authenticate another device may be an example of a verification method. An unauthorized battery exchanger 120 (sometimes referred to as an unauthorized battery exchanger 120) may be an example of an unauthorized device. An unauthorized electric motorcycle 30 (sometimes referred to as an unauthorized electric motorcycle 30) may be an example of an unauthorized device.
[0120] The confirmation device may be an example of one of the first device and the second device, and the confirmed device may be an example of the other of the first device and the second device. The confirmation device may be an example of one of the information processing device and the other information processing device, and the confirmed device may be an example of the other of the information processing device and the other information processing device.
[0121] The power device may be an example of a device, and the storage device of the mobile battery 20 may be an example of a storage unit.
[0122] 2 shows an example of the internal configuration of the mobile battery 20. In this embodiment, the mobile battery 20 includes a power connector 212, a communication connector 214, a power storage unit 220, a control unit 230, an authentication support unit 232, a sense unit 240, and a storage unit 250. In this embodiment, the storage unit 250 includes a battery ID storage unit 252 and an authentication private key storage unit 254.
[0123] In this embodiment, the power connector 212 includes an electrical terminal for transmitting and receiving power to and from the slot 124 or the electric motorcycle 30. In this embodiment, the communication connector 214 includes a communication terminal for transmitting and receiving information to and from the slot 124 or the electric motorcycle 30. In this embodiment, the power storage unit 220 includes a power storage cell that stores electrical energy.
[0124] In this embodiment, the control unit 230 controls the operation of the mobile battery 20. The control unit 230 may send and receive information to and from the storage unit 122 when the mobile battery 20 is stored in the slot 124.
[0125] In this embodiment, the authentication response unit 232 responds to an authentication response request from the battery exchange machine 120. For example, when the mobile battery 20 is inserted into one of the slots 124 of the battery exchange machine 120, the authentication response unit 232 receives a challenge code and an authentication response request from the battery exchange machine 120. In response to the authentication response request, the authentication response unit 232 transmits a response code to the battery exchange machine 120. Details of the authentication response unit 232 will be described later.
[0126] In this embodiment, the sense unit 240 acquires information indicating the state of the mobile battery 20. The sense unit 240 may include multiple types of sensors. Examples of sensors included in the sense unit 240 include a temperature sensor, a voltage sensor, and a current sensor.
[0127] The storage unit 250 stores various types of information related to the mobile battery 20. For example, the storage unit 250 stores identification information of the mobile battery 20. The storage unit 250 may store identification information of the electric motorcycle 30, the battery exchanger 120, or the slot 124 electrically connected to the mobile battery 20. The storage unit 250 may store the operation history of the mobile battery 20. For example, the storage unit 250 associates time with the measurement results of the sense unit 240 and stores them as the operation history of the mobile battery 20.
[0128] In this embodiment, the battery ID storage unit 252 stores the battery ID of the mobile battery 20. In this embodiment, the authentication private key storage unit 254 stores the authentication private key 72 of the mobile battery 20.
[0129] The power connector 212 may be an example of an electrical terminal or a second terminal. The power storage unit 220 may be an example of a power storage device. The authentication private key storage unit 254 may be an example of a storage unit. The authentication response unit 232 may be an example of a third information acquisition unit, a fifth information generation unit, or a response unit. The storage unit 250 may be an example of a memory unit. Storing information may be an example of information memory.
[0130] 3 schematically illustrates an example of the internal configuration of the battery exchange machine 120. In this embodiment, the battery exchange machine 120 includes one or more storage units 122, a communication unit 126, a communication line 310, an uninterruptible power supply 312, and a router 314. In this embodiment, each of the one or more storage units 122 includes a housing 320 and an on-board device 330. In this embodiment, the on-board device 330 includes one or more slots 124, a sensing unit 332, a setting storage unit 334, and a control unit 336. In this embodiment, the communication unit 126 includes a housing 360 and an on-board device 370. In this embodiment, the on-board device 370 includes a communication interface 128, a user interface 372, a user identification unit 374, a control unit 376, and a battery authentication unit 378.
[0131] In this embodiment, each of the one or more slots 124 is configured to be detachable from the mobile battery 20. Furthermore, each of the one or more slots 124 supplies power to the mobile battery 20 to charge the power storage unit 220 of the mobile battery 20. Each of the one or more slots 124 may receive power output by the mobile battery 20.
[0132] In this embodiment, the communication line 310 connects each of the one or more storage units 122 to the communication unit 126. In this embodiment, the uninterruptible power supply 312 is disposed between the power system 12 and the communication unit 126. The uninterruptible power supply 312 supplies power to the communication unit 126, for example, in the event of an abnormality in the power supply from the power system 12. In this embodiment, the router 314 relays and forwards communications between the communication unit 126 and the communication network 14.
[0133] In this embodiment, the housing 320 holds the mounted device 330. There are no particular limitations on the shape and material of the housing 320. The housing 320 may have a box-like shape, a plate-like shape, or a frame-like shape.
[0134] In this embodiment, the on-board device 330 is mounted on the housing 320. There are no particular limitations on the manner in which the on-board device 330 is mounted. The on-board device 330 may be housed inside the housing 320 or may be mounted on the surface of the housing 320.
[0135] In this embodiment, the sense unit 332 acquires information indicating the state of the slot 124 or the mobile battery 20 stored in the slot 124. The sense unit 332 may include multiple types of sensors. Examples of sensors included in the sense unit 240 include a temperature sensor, a voltage sensor, and a current sensor.
[0136] In this embodiment, the setting storage unit 334 stores various settings related to the storage unit 122. The setting storage unit 334 may include a physical switch or any type of storage medium such as a memory or a hard disk. The settings may (i) be indicated by the ON / OFF state of a physical switch, or (ii) be stored in the storage medium as electronic data. Examples of the settings include settings related to the ID of the storage unit 122, settings related to the installation location of the storage unit 122, and settings related to whether various operations in the storage unit 122 can be performed.
[0137] In this embodiment, the control unit 336 controls the operation of the storage unit 122. Examples of the operation include attaching or detaching the mobile battery 20 to or from the slot 124, charging or discharging the mobile battery 20, and the like.
[0138] In one embodiment, the control unit 336 controls the attachment and detachment of the mobile battery 20 to and from the slot 124. Examples of the above control include locking control of a shutter (not shown) arranged in the slot 124, control of a removal prevention member (not shown) arranged in the slot 124, control of a mechanism (not shown) for restraining the mobile battery 20 arranged in the slot 124, and control of a movable connector (not shown) arranged in the slot 124. The movable connector may be a mechanical connector or an electric connector.
[0139] In another embodiment, the control unit 336 controls charging or discharging of the mobile battery 20 stored in the slot 124. Examples of the above control include checking the connection of the electrical terminals, adjusting the charging voltage, adjusting the charging current, adjusting the discharging voltage, adjusting the discharging current, etc. This allows the charging or discharging of the mobile battery 20 via the electrical terminals to be controlled.
[0140] The control unit 336 may control the operation of the storage unit 122 based on the command received from the control unit 376. For example, the control unit 336 generates a process flow including one or more processes for controlling the operation of at least one of the multiple slots 124 based on the command received from the control unit 376. The control unit 336 determines whether each of the one or more processes is executable. The control unit 336 generates a command for a process determined to be executable and sends the command to the slot 124 to be controlled. On the other hand, the above command is not generated or sent for a process determined to be unexecutable.
[0141] The control unit 336 may transmit to the control unit 376 information indicating the result of the operation based on the command received from the control unit 376. For example, the control unit 336 transmits to the control unit 376 information indicating whether the storage unit 122 performed the operation in accordance with the command received from the control unit 376.
[0142] In this embodiment, the housing 360 holds the mounted device 370. There are no particular limitations on the shape and material of the housing 360. The housing 360 may have a box-like shape, a plate-like shape, or a frame-like shape.
[0143] In this embodiment, the on-board device 370 is mounted on the housing 360. There are no particular limitations on the manner in which the on-board device 370 is mounted. The on-board device 370 may be housed inside the housing 360 or may be mounted on the surface of the housing 360.
[0144] In this embodiment, the user interface 372 provides various information to the user 40 who uses the battery exchange machine 120. The user interface 372 also accepts input from the user 40 who uses the battery exchange machine 120. Examples of the user interface 372 include a display, a speaker, a keyboard, a pointing device, a touch panel, a microphone, a camera, a voice input system, and a gesture input system.
[0145] In this embodiment, the user identification unit 374 identifies the user 40 who uses the battery exchange machine 120. A known method may be adopted as the method for identifying the user 40. For example, the user identification unit 374 identifies the user 40 by analyzing an image of the user 40 and performing authentication processing for the user 40. The user identification unit 374 may identify the user 40 by performing authentication processing for the user 40 using an ID card carried by the user 40. The user identification unit 374 may identify the user 40 by performing authentication processing for the user 40 using a communication terminal 42 carried by the user 40.
[0146] In this embodiment, the control unit 376 is responsible for information processing involving at least one of the user 40 and the management server 140 among information processing in the battery exchange machine 120. For example, the control unit 376 receives a request from at least one of the user 40 and the management server 140 and responds to the request. When the control unit 376 determines that the storage unit 122 is necessary to process a request from at least one of the user 40 and the management server 140, the control unit 376 transmits a command (for example, the above-mentioned first command) to the storage unit 122.
[0147] If the control unit 376 can process requests from at least one of the user 40 and the management server 140 without cooperating with the storage unit 122, the control unit 376 does not need to send commands to the storage unit 122. The control unit 376 can execute, for example, communication control processing with the outside of the battery exchange machine 120, authentication processing for the user 40, and slot 124 selection processing, without cooperating with the storage unit 122.
[0148] More specifically, when the control unit 376 receives a request from at least one of the user 40 and the management server 140, the control unit 376 first generates a processing flow including one or more processes for processing the request. Next, the control unit 376 extracts, from the one or more processes, a process including processing in the storage unit 122. For each of the extracted processes, the control unit 376 generates a command indicating the content of the processing in the storage unit 122.
[0149] The above command may include information indicating the storage unit 122 to be controlled (sometimes referred to as the target unit). The above command may include information indicating the slot 124 to be controlled (sometimes referred to as the target slot). The above command may include identification information of the target slot and information indicating the content of the operation at the target slot.
[0150] The control unit 376 then transmits the command to the storage unit 122 that is the target of the command. The control unit 376 may obtain information indicating the execution result of the command from the storage unit 122 that received the command.
[0151] The control unit 376 may determine the storage mode of the mobile battery 20 based on the output of the battery authentication unit 378. The control unit 376 may determine the charging mode of the mobile battery 20 based on the authentication result of the battery authentication unit 378. The control unit 376 may determine the discharging mode of the mobile battery 20 based on the authentication result of the battery authentication unit 378.
[0152] As described below, the battery authentication unit 378 outputs, for example, information indicating whether or not the specific mobile battery 20 is an authorized device. The battery authentication unit 378 outputs, for example, information indicating whether or not the specific mobile battery 20 will continue to be attached to the slot 124. The battery authentication unit 378 outputs, for example, information indicating whether or not the specific mobile battery 20 will be stored in a manner different from that of an authorized device. The battery authentication unit 378 outputs, for example, information indicating whether or not the specific mobile battery 20 will be stored as an authorized device. The battery authentication unit 378 outputs, for example, information indicating whether or not charging and / or discharging of the specific mobile battery 20 will be performed. The battery authentication unit 378 outputs, for example, information indicating that the authentication process for the specific mobile battery 20 has failed.
[0153] When the control unit 376 acquires information indicating that the specific mobile battery 20 is not a genuine device, the control unit 376 may prohibit or not permit charging of the specific mobile battery 20. When the specific mobile battery 20 is not a genuine device, the control unit 376 may control charging of the specific mobile battery 20 so that the allowable value of charging current or charging power is smaller than when the specific mobile battery 20 is a genuine device. When the specific mobile battery 20 is not a genuine device, the control unit 376 may permit or not prohibit discharging of the specific mobile battery 20. When the specific mobile battery 20 is not a genuine device, the control unit 376 may control discharging of the specific mobile battery 20 so that the allowable value of discharging current or discharging power is smaller than when the specific mobile battery 20 is a genuine device.
[0154] In another embodiment, when the verification device is the electric motorcycle 30 and the verified device is the mobile battery 20, the computer of the electric motorcycle 30 may function as the control unit 376 and the battery authentication unit 378. In this case, the mobile battery 20 may be charged using regenerative power.
[0155] When the control unit 376 acquires information indicating that the authentication process for a specific mobile battery 20 has failed, the control unit 376 may execute the same process as when the mobile battery 20 has not been determined to be an authorized device. When the control unit 376 acquires information indicating that the authentication process for a specific mobile battery 20 has failed, the battery authentication unit 378 may decide to store the mobile battery 20 in a manner different from that of an authorized device. For example, the battery authentication unit 378 stores the mobile battery 20 only for a period of time when special conditions are met. Examples of the period include the period until the manager of the mobile battery 20 collects the mobile battery 20, such as a period when the conditions for issuing the mobile battery 20 are relaxed due to the occurrence of an emergency or emergency situation.
[0156] When the control unit 376 acquires information indicating that the authentication process for a specific mobile battery 20 has failed, the control unit 376 may prohibit or not allow charging of the specific mobile battery 20. When the authentication process for a specific mobile battery 20 has failed, the control unit 376 may control charging of the specific mobile battery 20 so that the allowable value of the charging current or charging power is smaller than when the authentication process for the specific mobile battery 20 has succeeded. When the control unit 376 acquires information indicating that the authentication process for a specific mobile battery 20 has failed, the control unit 376 may prohibit or not allow discharging of the specific mobile battery 20. When the authentication process for a specific mobile battery 20 has failed, the control unit 376 may control discharging of the specific mobile battery 20 so that the allowable value of the discharging current or discharging power is smaller than when the authentication process for the specific mobile battery 20 has succeeded.
[0157] When the control unit 376 acquires information indicating that the authentication process for a specific mobile battery 20 has failed, the control unit 376 may access the storage unit 250 of the specific mobile battery 20 to acquire specific information stored in the storage unit 250. For example, the control unit 376 may access the storage unit 250 of the specific mobile battery 20 to acquire identification information of the battery exchanger 120 (sometimes referred to as the immediately preceding battery exchanger 120) that was attached to the specific mobile battery 20 before it was attached to the current battery exchanger 120. For example, the control unit 376 may access the storage unit 250 of the specific mobile battery 20 to acquire identification information of the power device (a power device other than the battery exchanger 120, for example, an electric motorcycle 30) that was attached to the specific mobile battery 20 before it was attached to the current battery exchanger 120.
[0158] The control unit 376 may transmit the identification information of the immediately previous battery exchange machine 120 and / or the identification information of the power device to the management server 140. This allows the management server 140 to detect a failure or abnormality in the immediately previous battery exchange machine 120. The management server 140 may specify the immediately previous battery exchange machine 120 based on the identification information of the power device and the movement history or battery exchange history of the power device.
[0159] The battery authentication unit 378 executes authentication processing for the mobile battery 20. For example, the battery authentication unit 378 checks whether the mobile battery 20 inserted in the slot 124 is a genuine mobile battery 20. If the authentication processing for a specific mobile battery 20 fails, the battery authentication unit 378 may re-execute the authentication processing for the specific mobile battery 20. The number of retries may be determined in advance. The manner of re-execution is not particularly limited, and the process may be re-executed from the generation of an authentication code, or the authentication processing may be re-executed using the authentication code generated last time. Details of the battery authentication unit 378 will be described later.
[0160] The battery authentication unit 378 may be an example of a verification device. The slot 124 may be an example of a charging device. The slot 124 may be an example of a charging / discharging device.
[0161] An example of authentication processing of the mobile battery 20 in the battery exchange device 120 will be described in detail using Figures 4, 5, and 6. Figure 4 schematically shows an example of an authentication procedure of the mobile battery 20. Figure 5 schematically shows an example of the internal configuration of the battery authentication unit 378 for realizing the authentication procedure described in relation to Figure 4. Figure 6 schematically shows an example of the internal configuration of the authentication response unit 232 for realizing the authentication procedure described in relation to Figure 4. It should be noted that the authentication processing of the mobile battery 20 in the battery exchange device 120, the authentication response unit 232, and the battery authentication unit 378 are not limited to this embodiment.
[0162] In the embodiment described in relation to Fig. 4, an example of the authentication process of the mobile battery 20 will be described using as an example a case where the mobile battery 20 has already completed the step of acquiring the authentication private key 72 of the mobile battery 20 from the key issuer 50, the communication terminal 52, or the management server 140. In the above acquisition process, the mobile battery 20 stores the authentication private key 72 in, for example, the authentication private key storage unit 254.
[0163] 4, an example of the authentication process for the mobile battery 20 will be described using as an example a case where the battery exchange device 120 has already completed the step of acquiring the database related to the authentication public keys 74 of the one or more mobile batteries 20 from the key issuer 50, the communication terminal 52, or the management server 140. In the acquisition process, the battery exchange device 120 stores the database related to the authentication public keys 74 of the one or more mobile batteries 20 in a storage device disposed in the battery authentication unit 378 or the on-board device 370, for example.
[0164] In this embodiment, at the stage when the authentication process for the mobile battery 20 is started, the authentication private key storage unit 254 stores the authentication private key 72 of the mobile battery 20. Similarly, the battery authentication unit 378 of the battery exchange machine 120 has a database related to the authentication public keys 74 of one or more mobile batteries 20.
[0165] 4 , according to this embodiment, first, in step 420 (step may be abbreviated as S), the battery authentication unit 378 of the battery exchange machine 120 detects that the mobile battery 20 has been inserted into the slot 124. When the battery authentication unit 378 of the battery exchange machine 120 detects that the mobile battery 20 has been inserted into the slot 124, the battery authentication unit 378 of the battery exchange machine 120 transmits a start-up signal to the mobile battery 20.
[0166] In S422, when the control unit 230 of the mobile battery 20 receives the activation signal, for example, the control unit 230 and the authentication response unit 232 are activated. At this time, the control unit 230 may transmit an activation confirmation signal to the battery exchange machine 120 indicating that the authentication response unit 232 has been activated.
[0167] Next, in S424, the battery authentication unit 378 transmits a signal (sometimes referred to as an ID transmission request) requesting transmission of the battery ID to the mobile battery 20. In S426, for example, when the control unit 230 of the mobile battery 20 receives the ID transmission request signal, the control unit 230 transmits the battery ID stored in the battery ID storage unit 252 to the battery exchange machine 120.
[0168] Next, in S430, when the battery authentication unit 378 acquires the battery ID of the mobile battery 20, the battery authentication unit 378 refers to the database related to the authentication public key 74 described above using the battery ID as a key, and extracts the authentication public key 74 that matches the battery ID. If the authentication public key 74 that matches the battery ID is not extracted, the battery authentication unit 378 may access the communication terminal 52 or the management server 140 to acquire the authentication public key 74 that matches the battery ID.
[0169] The battery authentication unit 378 also prepares an authentication code. For example, the battery authentication unit 378 generates a random number and determines that the random number will be used as the authentication code.
[0170] Next, the battery authentication unit 378 converts the authentication code based on the authentication public key 74 of the mobile battery 20, and generates a challenge code including the converted authentication code. For example, the battery authentication unit 378 encrypts the authentication code using the authentication public key 74 of the mobile battery 20. The battery authentication unit 378 also generates a challenge code including the encrypted authentication code.
[0171] Furthermore, in this embodiment, the battery authentication unit 378 prepares a verification code. For example, the battery authentication unit 378 performs an arithmetic process using a hash function to generate a hash value of the authentication code. The battery authentication unit 378 determines to use the generated hash value as the verification code.
[0172] Next, in S432, the battery authentication unit 378 transmits the challenge code to the mobile battery 20. The battery authentication unit 378 may transmit the challenge code and an authentication response request to the mobile battery 20.
[0173] In S434, when the authentication handling unit 232 receives the challenge code, the authentication handling unit 232 reverse-converts the encrypted authentication code included in the challenge code based on the authentication private key 72 stored in the authentication private key storage unit 254. Specifically, the authentication handling unit 232 decrypts the encrypted authentication code included in the challenge code using the authentication private key 72 stored in the authentication private key storage unit 254. Because the authentication private key 72 is paired with the authentication public key 74, if the mobile battery 20 is a genuine mobile battery 20, the authentication handling unit 232 succeeds in decrypting the encrypted authentication code.
[0174] Next, in S436, the authentication response unit 232 generates a response code including information indicating that the mobile battery 20 has successfully decrypted the authentication code encrypted with the authentication public key 74. For example, the authentication response unit 232 performs an arithmetic process using a hash function to generate a hash value of the decrypted authentication code. The authentication response unit 232 generates a response code including the hash value of the decrypted authentication code. The authentication response unit 232 also transmits the response code to the battery exchange machine 120.
[0175] Next, in S438, when the battery authentication unit 378 receives the response code, the battery authentication unit 378 compares the hash value included in the response code with the hash value generated as the verification code. For example, the battery authentication unit 378 determines whether the hash value included in the response code matches the hash value generated as the verification code. Furthermore, in S440, based on the result of the comparison, the battery authentication unit 378 determines whether the mobile battery 20 is a genuine mobile battery 20 (sometimes referred to as a genuine device).
[0176] According to this embodiment, in S450, the battery authentication unit 378 may determine whether to replace the mobile battery 20 based on the determination result in S440. For example, if the mobile battery 20 is not determined to be a genuine device, the battery authentication unit 378 determines not to insert the mobile battery 20 into the slot 124.
[0177] The above-mentioned attachment does not have to include temporary attachment for authentication processing. For example, when the battery exchanger 120 and the mobile battery 20 communicate with each other via a wire, the mobile battery 20 may be temporarily attached to the battery exchanger 120 in order for the battery authentication unit 378 to authenticate the mobile battery 20. The above-mentioned attachment means, for example, that the mobile battery 20 is permanently attached to the battery exchanger 120. The above-mentioned attachment may also mean that the mobile battery 20 is stored as a regular device.
[0178] In one embodiment, if the mobile battery 20 is not determined to be an authentic device, the battery authentication unit 378 may decide not to continue to insert the mobile battery 20 into the slot 124. If the mobile battery 20 is not determined to be an authentic mobile battery 20, the battery authentication unit 378 may decide to store the mobile battery 20 in a manner different from that of an authentic device. For example, the battery authentication unit 378 stores the mobile battery 20 only for a period of time when special conditions are met. Examples of the period include the period until the manager of the mobile battery 20 collects the mobile battery 20, such as a period when the conditions for issuing the mobile battery 20 are relaxed due to the occurrence of an emergency or emergency situation.
[0179] In another embodiment, if the mobile battery 20 is determined to be an authorized device, the battery authentication unit 378 determines to insert the mobile battery 20 into the slot 124. If the mobile battery 20 is determined to be an authorized device, the battery authentication unit 378 may determine to continue inserting the mobile battery 20 into the slot 124. If the mobile battery 20 is determined to be an authorized device, the battery authentication unit 378 may determine to store the mobile battery 20 as an authorized device.
[0180] The battery authentication unit 378 may determine whether to replace the mobile battery 20 based on the determination result in S440 and the above-mentioned whitelist. For example, if the mobile battery 20 is determined to be a genuine mobile battery 20, the battery authentication unit 378 determines whether the mobile battery 20 is a mobile battery 20 that can be used by multiple users 40.
[0181] Specifically, the battery authentication unit 378 checks whether the battery ID of the above mobile battery 20 is listed on the whitelist. If the battery ID of the above mobile battery 20 is listed on the whitelist, the battery authentication unit 378 determines that the mobile battery 20 is a mobile battery 20 that can be used by multiple users 40. On the other hand, if the battery ID of the above mobile battery 20 is not listed on the whitelist, the battery authentication unit 378 determines that the mobile battery 20 is not a mobile battery 20 that can be used by multiple users 40.
[0182] If it is determined that the mobile battery 20 is not a mobile battery 20 that can be used by multiple users 40, the battery authentication unit 378 may decide not to attach the mobile battery 20 to the slot 124. This prevents the mobile battery 20 from being stored in the battery exchange machine 120, for example, even if the mobile battery 20 is a genuine mobile battery 20, if the user 40 of the mobile battery 20 has not subscribed to the mobile battery 20 charging service or mobile battery 20 exchange service provided by the battery management system 100.
[0183] If it is decided not to insert the mobile battery 20 into the slot 124, the battery exchange machine 120 may remove the mobile battery 20 from the slot 124 and return the mobile battery 20 to the user 40, even if the mobile battery 20 is inserted into the slot 124, in order to perform authentication processing for the mobile battery 20. Note that the manner in which the mobile battery 20 is inserted into the slot 124 is not particularly limited. The mobile battery 20 may be housed inside the slot 124, or may be placed on top of the slot 124.
[0184] If it is decided not to continue to insert the mobile battery 20 into the slot 124, information processing may be executed similar to that executed when it is decided not to insert the mobile battery 20 into the slot 124. If it is decided to store the mobile battery 20 in a manner different from that of an authorized device, information processing may be executed similar to that executed when it is decided not to insert the mobile battery 20 into the slot 124.
[0185] Furthermore, according to this embodiment, in S450, the battery authentication unit 378 may determine whether or not to charge and / or discharge the mobile battery 20 based on the determination in S440. For example, if the mobile battery 20 is not determined to be a genuine mobile battery 20, it may decide not to charge and / or discharge the mobile battery 20. This may prohibit or suppress the input and output of power between the slot 124 and the mobile battery 20. The battery authentication unit 378 may determine whether or not to charge and / or discharge the mobile battery 20 based on the determination result in S440 and the above-described whitelist using a procedure similar to that described above.
[0186] The processing in the mobile battery 20 may be executed by a single processor or by multiple processors working together. Similarly, the processing in the battery exchange machine 120 may be executed by a single processor or by multiple processors working together. This further improves security.
[0187] For example, the mobile battery 20 includes a control CPU for controlling various operations of the mobile battery 20 and a secure IC for executing encryption and decryption processes. S422 and S426 are executed by the control CPU. Furthermore, in S434, when the control CPU receives a challenge code, the control CPU transfers the challenge code to the secure IC. The secure IC decrypts the challenge code in S434 and generates a response code in S436. Furthermore, in S436, the secure IC outputs the generated response code to the control CPU. In S436, the control CPU transmits the response code generated by the secure IC to the battery exchange machine 120.
[0188] When the mobile battery 20 is determined or confirmed to be an unauthorized device, this may be an example of a case where the mobile battery 20 is not determined to be an authorized device. When the mobile battery 20 is determined or confirmed to be an unauthorized mobile battery 20, this may be an example of a case where the mobile battery 20 is not determined to be an authorized device.
[0189] A case where the mobile battery 20 is not determined to be a genuine device may be an example of a case where it is determined that the third verification information and the fifth verification information do not satisfy the second mathematical relationship, or a case where the third verification information and the sixth verification information do not match. A case where the mobile battery 20 is determined to be a genuine device may be an example of a case where it is determined that the third verification information and the fifth verification information satisfy the second mathematical relationship, or a case where the third verification information and the sixth verification information match.
[0190] 5 , in this embodiment, the battery authentication unit 378 includes a storage unit 520, a battery ID acquisition unit 530, an authentication code generation unit 540, a verification code generation unit 550, a challenge code generation unit 560, a challenge code transmission unit 562, a response code acquisition unit 570, a comparison unit 582, and a determination unit 584. In this embodiment, the storage unit 520 includes a public key database 522 and a whitelist 524.
[0191] In this embodiment, the storage unit 520 stores various types of information. In this embodiment, the public key database 522 stores the battery IDs of one or more mobile batteries 20 managed by the battery management system 100 in association with the authentication public keys 74 of the one or more mobile batteries 20. The whitelist 524 stores the battery IDs of one or more mobile batteries 20 managed by the battery management system 100. In other embodiments, the public key database 522 may be used as the whitelist 524.
[0192] In one embodiment, the battery authentication unit 378 acquires the public key database 522 from the key issuer 50. The battery authentication unit 378 stores the public key database 522 acquired from the key issuer 50 in the storage unit 520. In another embodiment, the battery authentication unit 378 acquires the public key database 522 from the communication terminal 52 or the management server 140. The battery authentication unit 378 stores the public key database 522 acquired from the communication terminal 52 or the management server 140 in the storage unit 520.
[0193] In this embodiment, the battery ID acquisition unit 530 acquires the battery ID of the mobile battery 20 accommodated in the slot 124, or the battery ID of the mobile battery 20 accommodated in the slot 124. The battery ID acquisition unit 530 may acquire the battery ID of the mobile battery 20 attached to the slot 124. The battery ID acquisition unit 530 may acquire the battery ID of the mobile battery 20 from the communication terminal 42 or the mobile battery 20.
[0194] In this embodiment, the authentication code generation unit 540 generates the authentication code 502. The authentication code generation unit 540 may generate the authentication code 502 by generating a random number.
[0195] In this embodiment, the verification code generation unit 550 generates a verification code. The verification code generation unit 550 generates the verification code according to the rules for generating a response code by the mobile battery 20. When the mobile battery 20 generates a response code including the restored authentication code itself, the verification code generation unit 550 does not need to generate a verification code, and may decide to use the authentication code as the verification code.
[0196] In this embodiment, the verification code generation unit 550 executes a calculation process using a hash function 552 to generate a hash value 504 of the authentication code 502. The verification code generation unit 550 determines to use the generated hash value 504 as the verification code. The verification code generation unit 550 outputs the hash value 504 to the comparison unit 582 as the verification code.
[0197] In this embodiment, the challenge code generation unit 560 generates the challenge code 512. For example, the challenge code generation unit 560 encrypts the authentication code 502 using the authentication public key 74 of the mobile battery 20. This allows the battery authentication unit 378 to generate the challenge code 512 including the encrypted authentication code 502.
[0198] In this embodiment, the challenge code transmission unit 562 transmits the challenge code 512 generated by the challenge code transmission unit 562 to the mobile battery 20. The challenge code transmission unit 562 may transmit the challenge code 512 and an authentication response request to the mobile battery 20.
[0199] In this embodiment, the response code acquisition unit 570 acquires a response code 516 corresponding to the challenge code 512 from the mobile battery 20. In this embodiment, the response code 516 includes a hash value 506 of the authentication code 502 restored in the mobile battery 20. The response code acquisition unit 570 outputs the hash value 506 of the restored authentication code 502 to the comparison unit 582.
[0200] In this embodiment, the comparison unit 582 obtains a hash value 504 as a verification code from the verification code generation unit 550. The comparison unit 582 also obtains a hash value 506 included in the response code 516 from the response code acquisition unit 570. The comparison unit 582 compares the hash value 504 as a verification code with the hash value 506 included in the response code 516. For example, the comparison unit 582 determines whether the hash value 504 as a verification code matches the hash value 506 included in the response code 516. The comparison unit 582 outputs information indicating the comparison result to the determination unit 584.
[0201] In this embodiment, the determination unit 584 acquires information indicating the comparison result of the comparison unit 582. The determination unit 584 determines whether the mobile battery 20 is a genuine mobile battery 20 based on the comparison result of the comparison unit 582.
[0202] The determination unit 584 may determine whether or not to replace the mobile battery 20 based on the determination result as to whether or not the mobile battery 20 is a genuine mobile battery 20. The determination unit 584 may determine whether or not to replace the mobile battery 20 based on the determination result as to whether or not the mobile battery 20 is a genuine mobile battery 20 and the whitelist 524.
[0203] The determination unit 584 may determine whether or not to charge and / or discharge the mobile battery 20 based on the determination result of whether or not the mobile battery 20 is a genuine mobile battery 20. This may prohibit or suppress the input and output of power between the slot 124 and the mobile battery 20. The determination unit 584 may determine whether or not to charge and / or discharge the mobile battery 20 based on the determination result of whether or not the mobile battery 20 is a genuine mobile battery 20 and the whitelist 524.
[0204] The storage unit 520 may be an example of a first storage device. The challenge code generation unit 560 may be an example of a third information generation unit. The challenge code transmission unit 562 may be an example of a third information transmission unit. The response code acquisition unit 570 may be an example of a response reception unit. The comparison unit 582 may be an example of a comparison unit.
[0205] As shown in FIG. 6, in this embodiment, the authentication response unit 232 includes a request receiving unit 620, an ID transmitting unit 630, a challenge code obtaining unit 640, a challenge code decoding unit 650, a response code generating unit 660, and a response code transmitting unit 670.
[0206] In this embodiment, the request receiving unit 620 receives various requests from the battery exchange machine 120. Examples of the requests include an ID transmission request, an authentication response request, etc. In this embodiment, when the request receiving unit 620 receives an ID transmission request from the battery exchange machine 120, the ID transmitting unit 630 transmits the battery ID of the mobile battery 20 to the battery exchange machine 120.
[0207] In this embodiment, when the request receiving unit 620 receives an authentication response request from the battery exchange machine 120, the challenge code acquiring unit 640 acquires the challenge code 512 transmitted by the battery exchange machine 120. In this embodiment, the challenge code decrypting unit 650 uses the authentication private key 72 to decrypt the encrypted authentication code 502 included in the challenge code 512. The challenge code decrypting unit 650 also outputs the decrypted authentication code 502 to the response code generating unit 660.
[0208] In this embodiment, the response code generator 660 generates the response code 516 based on the decrypted authentication code 502. The response code generator 660 may generate the response code 516 in any format according to the rules described above.
[0209] According to this embodiment, the response code generation unit 660 performs an arithmetic process using a hash function 662 to generate a hash value 506 of the restored authentication code 502. The response code generation unit 660 generates a response code 516 that includes the hash value 506 of the restored authentication code 502. In this embodiment, the response code transmission unit 670 transmits the response code 516 to the battery exchange machine 120.
[0210] The challenge code acquisition unit 640 may be an example of a third information acquisition unit, the challenge code decryption unit 650 may be an example of a fifth information generation unit, and the response code transmission unit 670 may be an example of a response unit.
[0211] (Another embodiment) In this embodiment, an example of information processing in the battery exchange machine 120 has been described, taking as an example a case where, when it is determined in S450 of FIG. 4 that the mobile battery 20 attached to the slot 124 is not a mobile battery 20 that can be used by multiple users 40, the battery authentication unit 378 decides not to attach the mobile battery 20 to the slot 124 or not to charge or discharge the mobile battery 20. However, the information processing when it is determined that the mobile battery 20 is not a mobile battery that can be used by multiple users 40 is not limited to this embodiment. In other embodiments, when it is determined that the mobile battery 20 is not a mobile battery that can be used by multiple users 40, the battery authentication unit 378 may execute a process of attaching the mobile battery 20 to the slot 124 in accordance with a predetermined first rule, or may execute a process of charging or discharging the mobile battery 20 in accordance with a predetermined second rule.
[0212] An example of a first rule is a rule that allows the mobile battery 20 to be attached to the slot 124, but does not allow any user 40 other than the user 40 who attached the mobile battery 20 to the slot 124 to remove the mobile battery 20. An example of a second rule is a rule that allows the mobile battery 20 to be charged or discharged until the number of times the mobile battery 20 is attached to the slot 124 reaches a predetermined number or frequency, but does not allow the mobile battery 20 to be charged or discharged if the number of times the mobile battery 20 is attached to the slot 124 exceeds the predetermined number or frequency.
[0213] In this embodiment, an example of the authentication process for the mobile battery 20 has been described using as an example a case where the battery exchange device 120 acquires the authentication public key 74 of the mobile battery 20 from the key issuer 50, the communication terminal 52, or the management server 140. However, the method for acquiring the authentication public key 74 in the battery exchange device 120 is not limited to this embodiment. In other embodiments, the battery exchange device 120 may acquire the authentication public key 74 from the mobile battery 20.
[0214] In this embodiment, an example of authentication processing of the mobile battery 20 has been described, taking as an example a case where a comparison process of the authentication code and the response code is executed by comparing a verification code generated from the authentication code with a response code. However, the comparison process of the authentication code and the response code is not limited to this embodiment. The authentication code and the response code may be compared using various methods described in relation to FIG. 1 .
[0215] 7 is a schematic diagram illustrating an example of the internal configuration of the on-board device 330. In this embodiment, for the purpose of simplifying the explanation, the details of the on-board device 330 will be described using an example in which the slot 124 does not have the function of discharging the mobile battery 20. However, a person skilled in the art who has read the description of this specification will understand that the slot 124 can be modified to have a configuration that allows charging and discharging the mobile battery 20.
[0216] In this embodiment, the mounted equipment 330 includes one or more slots 124, a breaker 710, a power line 712, an AC / DC power supply 714, a distributor 716, a power line 718, a main control board 730, a communication hub 732, a communication line 734, a temperature adjustment unit 742, a buzzer 744, a sensor unit 746, and a maintenance door 748. In this embodiment, the slot 124 includes an AC / DC charger 760, a power connector 762, a slot control board 770, a communication connector 772, a drive unit 774, a shutter 776, a lock unit 778, a temperature adjustment unit 782, a status display unit 784, and a sensor unit 786.
[0217] In this embodiment, breaker 710 receives power from power grid 12. Breaker 710 supplies the power received from power grid 12 to each AC / DC charger 760 in one or more slots 124 via power line 712. Breaker 710 supplies the power received from power grid 12 to AC / DC power source 714. Examples of breaker 710 include a circuit breaker and a residual current circuit breaker with overcurrent protection.
[0218] In this embodiment, the AC / DC power supply 714 functions as a power supply that supplies power for control. For example, the AC / DC power supply 714 converts AC power received from the breaker 710 into DC power having an appropriate voltage. The AC / DC power supply 714 supplies the converted DC power to each slot control board 770 of one or more slots 124 via a distributor 716 and a power line 718. The AC / DC power supply 714 also supplies the converted DC power to the main control board 730.
[0219] In this embodiment, the main control board 730 controls the operation of each part of the storage unit 122. The main control board 730 is connected to the CPU board 820 via the communication line 310. The main control board 730 may function as the control unit 336. The main control board 730 may function as the control unit 336 in cooperation with the slot control boards 770.
[0220] The main control board 730 transmits and receives information to and from each slot control board 770 of one or more slots 124 via a communication hub 732 and a communication line 734. The main control board 730 may control the operation of the temperature adjustment unit 742, the buzzer 744, the sense unit 746, and the maintenance door 748. The main control board 730 may obtain information indicating the status of the temperature adjustment unit 742, the buzzer 744, the sense unit 746, and the maintenance door 748.
[0221] For example, the main control board 730 acquires, from the sensing unit 746, information indicating the measurement results of the sensing unit 746. The main control board 730 also acquires, from the maintenance door 748, information indicating the open / closed state of the maintenance door 748.
[0222] In this embodiment, the temperature adjusting unit 742 adjusts the temperature inside the housing 320 of the storage unit 122. Examples of the temperature adjusting unit 742 include a fan and a water-cooling cooler.
[0223] In this embodiment, the buzzer 744 notifies the user 40 of the status of the storage unit 122. The buzzer 744 may output a warning sound. The buzzer 744 may output a warning designated by the main control board 730 from among a plurality of warning sounds with different warning patterns.
[0224] In this embodiment, the sense unit 746 acquires information indicating the state of the storage unit 122. The sense unit 746 may include multiple types of sensors. Examples of sensors included in the sense unit 746 include a temperature sensor, a vibration sensor, and a leakage sensor. The sense unit 746 may constitute at least a part of the sense unit 332.
[0225] In this embodiment, the maintenance door 748 is disposed in an opening (not shown) of the housing 320 and is used by maintenance personnel for the battery exchange machine 120 to perform maintenance management of the battery exchange machine 120. The maintenance door 748 may output information indicating an open / closed state to the main control board 730. For example, when the maintenance door 748 is opened, the maintenance door 748 outputs a signal indicating that the maintenance door 748 is opened.
[0226] In this embodiment, the AC / DC charger 760 charges the mobile battery 20 electrically connected to the power connector 762. The AC / DC charger 760 adjusts at least one of the voltage and current applied to the mobile battery 20 electrically connected to the power connector 762 in accordance with instructions from the slot control board 770.
[0227] In this embodiment, the power connector 762 includes an electrical terminal that is electrically connected to the power connector 212 of the mobile battery 20 when the mobile battery 20 is accommodated in the slot 124. In this embodiment, the power connector 762 is configured to be movable by a drive unit 774. Note that in other embodiments, the power connector 762 may be fixed inside the slot 124.
[0228] In this embodiment, the slot control board 770 controls the operation of each part of the slot 124. The slot control board 770 may control the operation of the slot 124 in accordance with instructions from the main control board 730. The slot control board 770 may function as the control unit 336. The slot control board 770 may function as the control unit 336 in cooperation with the main control board 730.
[0229] The slot control board 770 may send and receive information to and from the control unit 230 of the mobile battery 20 stored in the slot 124 via the communication connector 772. For example, the slot control board 770 can read information stored in the storage unit 250 of the mobile battery 20. In addition, the slot control board 770 can write information to the storage unit 250 of the mobile battery 20.
[0230] In this embodiment, the communication connector 772 includes a communication terminal that is communicatively connected to the communication connector 214 of the mobile battery 20 when the mobile battery 20 is accommodated in the slot 124. In this embodiment, the communication connector 772 is configured to be movable by a drive unit 774. Note that in other embodiments, the communication connector 772 may be fixed inside the slot 124.
[0231] In this embodiment, the drive unit 774 drives various movable members arranged in the slot 124. The drive unit 774 may drive the above movable members in accordance with instructions from the slot control board 770. Examples of the movable members include the power connector 762, the communication connector 772, the shutter 776, the lock unit 778, a removal prevention member arranged in the slot 124, and a mechanism for restraining the mobile battery 20 arranged in the slot 124.
[0232] In this embodiment, the shutter 776 is disposed at the opening (not shown) of the slot 124 and controls whether the user 40 inserts the mobile battery 20. The shutter 776 may control opening and closing in accordance with instructions from the slot control board 770.
[0233] For example, when the shutter 776 is in the open state, the user 40 can insert the mobile battery 20 into the slot 124 or remove the mobile battery 20 from the slot 124. On the other hand, when the shutter 776 is in the closed state, the user 40 cannot insert the mobile battery 20 into the slot 124 or remove the mobile battery 20 from the slot 124.
[0234] In this embodiment, the lock unit 778 switches between the locked and unlocked states of the shutter 776. The lock unit 778 may switch between the locked and unlocked states of the shutter 776 in accordance with an instruction from the slot control board 770.
[0235] In this embodiment, the temperature adjustment unit 782 adjusts the temperature inside the slot 124. In this embodiment, the temperature adjustment unit 782 may adjust the temperature inside the slot 124 in accordance with instructions from the slot control board 770. Examples of the temperature adjustment unit 782 include a fan and a water-cooled cooler.
[0236] In this embodiment, the status display unit 784 notifies the user 40 of the status of the slot 124. Examples of the status of the slot 124 include the presence or absence of the mobile battery 20, the presence or absence of an abnormality, etc. The status display unit 784 may notify the user 40 of the status of the slot 124 by, for example, a lighting pattern, blinking pattern, or display pattern designated by the slot control board 770 from among a plurality of lighting patterns, blinking patterns, or display patterns. Examples of the status display unit 784 include an LED, a display, etc.
[0237] In the present embodiment, the sense unit 786 acquires information indicating the state of the slot 124. The sense unit 786 may include multiple types of sensors. Examples of sensors included in the sense unit 786 include a temperature sensor, a voltage sensor, and a current sensor. For example, the sense unit 786 includes at least one of (i) a temperature sensor that measures the temperature inside the slot 124, the mobile battery 20, or the vicinity of the mobile battery 20, (ii) a voltage sensor that measures the voltage of the power connector 762, and (iii) a current sensor that measures the current flowing through the power connector 762. The sense unit 786 may constitute at least a part of the sense unit 332.
[0238] The main control board 730 may be an example of a verification device. The power connector 762 may be an example of a first terminal. The slot control board 770 may be an example of a verification device.
[0239] 8 schematically illustrates an example of the internal configuration of the on-board device 370. In this embodiment, the on-board device 370 includes an AC / DC power supply 814, a service outlet 816, a CPU board 820, an Ethernet interface 830 that is an Ethernet (registered trademark) communication interface, an NFC reader 842, a camera 844, a touch panel 852, a display 854, and a speaker 856.
[0240] In this embodiment, the AC / DC power supply 814 functions as a power supply that supplies control power. The AC / DC power supply 814 receives power from the power grid 12, for example, via the uninterruptible power supply 312. The AC / DC power supply 814 converts the AC power received from the power grid 12 into DC power having an appropriate voltage. The AC / DC power supply 814 supplies the converted DC power to the CPU board 820.
[0241] In this embodiment, the power outlet 816 supplies power to a device external to the communication unit 126. An example of the external device is the router 314.
[0242] The service outlet 816 receives power from the power system 12, for example, via the uninterruptible power supply 312. The service outlet 816 may control the supply of power to external devices in accordance with instructions from the CPU board 820. The service outlet 816 may transmit information regarding the power supplied to the external devices to the CPU board 820.
[0243] The CPU board 820 controls the operation of each part of the communication unit 126. The CPU board 820 is connected to the main control board 730 via the communication line 310. The CPU board 820 may function as the control unit 376.
[0244] In this embodiment, the Ethernet interface 830 is connected to the communication network 14 via the router 314. The Ethernet interface 830 may function as the communication interface 128.
[0245] In this embodiment, the NFC reader 842 transmits and receives information to and from the communication terminal 42 via short-range wireless communication. The NFC reader 842 may function as the communication interface 128. The NFC reader 842 may function as the user identification unit 374.
[0246] In this embodiment, the camera 844 captures an image of the user 40. The camera 844 may function as the user interface 372. The camera 844 may function as the user identification unit 374.
[0247] In this embodiment, the touch panel 852 accepts touch input from the user 40. The touch panel 852 may function as the user interface 372. In this embodiment, the display 854 presents information to the user 40 by outputting an image. The display 854 may function as the user interface 372. In this embodiment, the speaker 856 presents information to the user 40 by outputting sound. The speaker 856 may function as the user interface 372.
[0248] The CPU board 820 may be an example of a confirmation device. The touch panel 852 may be an example of the input device described above.
[0249] Another example of the procedure by which the battery exchange device 120 acquires the authentication public key 74 will be described using Figures 9, 10, and 11. Figure 9 schematically shows an example of the internal configuration of the mobile battery 920. Figure 10 schematically shows an example of the procedure for acquiring the authentication public key 74. Figure 11 schematically shows an example of the procedure for acquiring the authentication public key 74.
[0250] In the embodiment described with reference to Figures 1 to 6, the battery management system 100 was described in detail using as an example a case where the battery exchanger 120 acquires a database storing authentication public keys 74 of one or more mobile batteries 20 from the key issuer 50, the communication terminal 52, or the management server 140. The embodiment described with reference to Figures 9, 10, and 11 differs from the embodiment described with reference to Figures 1 to 6 in that the battery exchanger 120 acquires the authentication public key 74 of the mobile battery 20 from the mobile battery 20 inserted in the slot 124. With respect to features other than the above differences, the embodiment described with reference to Figures 9, 10, and 11 may have the same configuration as the embodiment described with reference to Figures 1 to 6.
[0251] 9 , in this embodiment, the mobile battery 920 differs from the mobile battery 20 in that the storage unit 250 includes a battery ID storage unit 252, an authentication private key storage unit 254, an authentication public key storage unit 955, a signature private key storage unit 956, and a signature verification public key storage unit 957. With respect to features other than the above differences, the mobile battery 920 may have the same configuration as the mobile battery 20.
[0252] 9 , the mobile battery 920 may not include the signature verification public key 84 and the signature verification public key storage unit 957. For example, if the battery exchange device 120 stores the signature verification public key 84 of the mobile battery 920, or if the battery exchange device 120 is able to acquire the signature verification public key 84 of the mobile battery 920, the mobile battery 920 may not include the signature verification public key 84 and the signature verification public key storage unit 957.
[0253] The mobile battery 920 does not need to include the signature private key 82 and the signature private key storage unit 956. In this case, the mobile battery 920 may store, in any storage device arranged in the mobile battery 920, at least one of (i) the authentication public key 74 encrypted with the signature private key 82, (ii) information in which the authentication public key 74 and any information are encrypted with the signature private key 82, and (iii) a digital certificate for the authentication public key 74, for example.
[0254] The authentication public key 74 encrypted with the signature private key 82, and the authentication public key 74 and any information encrypted with the signature private key 82, may be referred to as a digital signature. For example, a series of steps for creating a digital signature using elliptic curve cryptography is referred to as an elliptic curve digital signature algorithm.
[0255] The digital certificate of the authentication public key 74 includes, for example, the authentication public key 74 and the authentication public key 74 encrypted with the signature private key 82. The digital certificate of the authentication public key 74 includes, for example, the authentication public key 74 (or the authentication public key 74 and any information), and information in which the authentication public key 74 and the any information are encrypted with the signature private key 82. Note that in the embodiment described with reference to FIGS. 1 to 6 , the mobile battery 920 differs from the embodiment described with reference to FIG. 9 in that it does not include the signature private key 82 and the signature private key storage unit 956, and the signature verification public key 84 and the signature verification public key storage unit 957.
[0256] In this embodiment, the authentication public key storage unit 955 stores the authentication public key 74. In this embodiment, the signature private key storage unit 956 stores the signature private key 82 used by the mobile battery 20 to assign a digital signature. The signature verification public key storage unit 957 stores the signature verification public key 84 used by the battery exchange device 120 to verify the authenticity of information including the digital signature of the mobile battery 20 (for example, a digital certificate obtained by the battery exchange device 120 from the mobile battery 20).
[0257] The signature verification public key 84 is used to decrypt information encrypted using the signature private key 82. As described above, the digital signature of the mobile battery 20 is generated by encrypting any information using the signature private key 82. Furthermore, the digital certificate includes plaintext of the any information and ciphertext of the any information encrypted using the signature private key 82. The signature verification public key 84 is used to decrypt information encrypted using the signature private key 82. By comparing the plaintext information included in the digital certificate with the information decrypted using the signature verification public key 84, the authenticity of the plaintext information included in the digital certificate can be verified.
[0258] 10 schematically shows an example of a procedure for acquiring the authentication public key 74. In this embodiment, the battery authentication unit 378 has already acquired the signature verification public key 84 of the mobile battery 20, for example, from the key issuer 50, the communication terminal 52, or the management server 140. For example, a database that stores the battery IDs of one or more mobile batteries 20 and the signature verification public keys 84 of one or more mobile batteries 20 in correspondence with each other is stored in the storage unit 520. Note that the signature verification public keys 84 of multiple mobile batteries 20 may be the same, or the signature verification public keys 84 of all mobile batteries 20 may be the same.
[0259] In this embodiment, the authentication response unit 232 further includes a public key transmission unit 1012. The battery authentication unit 378 further includes a public key acquisition unit 1014.
[0260] According to this embodiment, first, in S1020, for example, the public key acquisition unit 1014 of the battery exchange machine 120 detects that the mobile battery 20 has been inserted into the slot 124. When the public key acquisition unit 1014 detects that the mobile battery 20 has been inserted into the slot 124, the public key acquisition unit 1014 transmits a start-up signal to the mobile battery 20.
[0261] In S1022, for example, when the public key transmission unit 1012 of the mobile battery 20 receives the activation signal, for example, the control unit 230 and the authentication response unit 232 are activated. At this time, the public key transmission unit 1012 may transmit an activation confirmation signal to the battery exchange machine 120 indicating that the authentication response unit 232 has been activated.
[0262] Next, in S1024, the public key acquisition unit 1014 transmits a signal (sometimes referred to as a public key transmission request) to the mobile battery 20 requesting transmission of the battery ID and the authentication public key 74. In S1030, for example, when the public key transmission unit 1012 of the mobile battery 20 receives the public key transmission request, the public key transmission unit 1012 encrypts the authentication public key 74 using the signature private key 82. In S1032, the public key transmission unit 1012 transmits the battery ID stored in the battery ID storage unit 252, the unencrypted authentication public key 74, and the authentication public key 74 encrypted with the signature private key 82 to the battery exchange machine 120.
[0263] The process of encrypting the authentication public key 74 using the signature private key 82 may be an example of a process of signing the authentication public key 74 using the signature private key 82 (sometimes referred to as a signature process). Various public key cryptosystems or public key infrastructures (PKIs) may be used in the signature process. Examples of signature process methods include the RSA cryptosystem, the DSA signature system, the ECDAS signature system, and the EdDSA signature system. The ECDAS signature system uses an encryption method using elliptic curves. The procedure of converting plaintext into ciphertext using a public key of public key cryptography may be referred to as encryption. The procedure of converting ciphertext into plaintext using a private key paired with the public key used for encryption may be referred to as decryption. The procedure of processing plaintext with a private key of public key cryptography may be referred to as signing. The procedure of converting a signature into the original information using a public key of public key cryptography may be referred to as verification.
[0264] Next, in S1040, when the public key acquisition unit 1014 receives the battery ID, the unencrypted authentication public key 74, and the authentication public key 74 encrypted with the signature private key 82 from the public key transmission unit 1012, the public key acquisition unit 1014 refers to a database that stores the battery IDs of one or more mobile batteries 20 in correspondence with the signature verification public keys 84 of one or more mobile batteries 20, and extracts the signature verification public key 84 that corresponds to the battery ID transmitted by the public key transmission unit 1012. The public key acquisition unit 1014 also uses the extracted signature verification public key 84 to decrypt the authentication public key 74 encrypted with the signature private key 82. Note that if the signature verification public keys 84 of all the mobile batteries 20 are the same, the step in which the public key acquisition unit 1014 refers to the database and extracts the signature verification public key 84 may be omitted.
[0265] Next, in S1042, the public key acquisition unit 1014 compares the unencrypted authentication public key 74 transmitted by the public key transmission unit 1012 with the authentication public key 74 decrypted in S1040. For example, the public key acquisition unit 1014 determines whether the unencrypted authentication public key 74 transmitted by the public key transmission unit 1012 matches the authentication public key 74 decrypted in S1040. If the unencrypted authentication public key 74 transmitted by the public key transmission unit 1012 matches the authentication public key 74 decrypted in S1040, in S1044 the public key acquisition unit 1014 stores the authentication public key 74 transmitted by the public key transmission unit 1012 in the storage unit 520 or the public key database 522 as the authentic authentication public key 74 of the mobile battery 20. The above comparison process may be an example of a process for verifying the signature of the authentication public key 74 (sometimes referred to as a verification process).
[0266] The authentication public key 74 may be an example of 11th information. The signature private key 82 may be an example of 12th information. The authentication public key 74 encrypted using the signature private key 82 may be an example of 13th information. The signature verification public key 84 may be an example of 14th information. The authentication public key 74 decrypted using the signature verification public key 84 may be an example of 15th information. The signature process may be an example of information conversion. The verification process may be an example of information conversion or inverse conversion.
[0267] (An example of another embodiment) In this embodiment, the procedure by which the battery exchanger 120 acquires the authentication public key 74 of the mobile battery 20 has been described in detail, taking as an example a case where the mobile battery 20 is attached to the battery exchanger 120. However, the entity that acquires the authentication public key 74 of the mobile battery 20 is not limited to the battery exchanger 120. In another embodiment, the entity that acquires the authentication public key 74 of the mobile battery 20 may be the above-mentioned power device.
[0268] Furthermore, as described above, the verification device is not limited to the battery exchange device 120. Any verification device may obtain the authentication public key of any verified device using a procedure similar to that of this embodiment. For example, when the mobile battery 20 authenticates the battery exchange device 120, the mobile battery 20 obtains the authentication public key of the battery exchange device 120 using a procedure similar to that of this embodiment.
[0269] In the present embodiment, the procedure by which the battery exchange device 120 acquires the authentication public key 74 of the mobile battery 20 has been described in detail using an example in which, in S1030, the authentication public key 74 is encrypted using the signature private key 82, and, in S1032, the battery ID stored in the battery ID storage unit 252, the unencrypted authentication public key 74, and the authentication public key 74 encrypted with the signature private key 82 are transmitted from the mobile battery 20 to the battery exchange device 120. However, the procedure by which the battery exchange device 120 acquires the authentication public key 74 of the mobile battery 20 is not limited to this embodiment. For example, the information encrypted using the signature private key 82 in S1030 is not limited to the authentication public key 74.
[0270] According to another embodiment, in S1030, an arbitrary code is encrypted using the signature private key 82. The code may have a configuration similar to the authentication code described above. The code may be a battery ID. In this case, for example, in S1032, the battery ID stored in the battery ID storage unit 252, the unencrypted authentication public key 74, the unencrypted code, and the code encrypted with the signature private key 82 are transmitted from the mobile battery 20 to the battery exchange machine 120.
[0271] Next, in S1040, the public key acquisition unit 1014 extracts the signature verification public key 84 corresponding to the battery ID transmitted by the public key transmission unit 1012, and uses the extracted signature verification public key 84 to decrypt the code encrypted with the signature private key 82. Also, in S1042, the public key acquisition unit 1014 compares the unencrypted code transmitted by the public key transmission unit 1012 with the code decrypted in S1040. For example, the public key acquisition unit 1014 determines whether the unencrypted code transmitted by the public key transmission unit 1012 matches the code decrypted in S1040. If the two match, the public key acquisition unit 1014 stores the authentication public key 74 transmitted by the public key transmission unit 1012 in the storage unit 520 or the public key database 522 as the authentic authentication public key 74 of the mobile battery 20. According to the above embodiment, similarly to this embodiment, the battery exchanger 120 can confirm that the authentication public key 74 received from the mobile battery 20 is a legitimate authentication public key.
[0272] According to yet another embodiment, in S1030, the hash value of the above-described arbitrary code is encrypted using the signature private key 82. Then, in S1032, the battery ID stored in the battery ID storage unit 252, the unencrypted authentication public key 74, the hash value of the above-described unencrypted code, and the hash value of the above-described code encrypted with the signature private key 82 are transmitted from the mobile battery 20 to the battery exchange machine 120. In this case, this embodiment differs from the other embodiments described above in that, in S1042, the public key acquisition unit 1014 derives a hash value of the code decrypted in S1040. Also, this embodiment differs from the other embodiments described above in that the public key acquisition unit 1014 compares the hash value of the unencrypted code transmitted by the public key transmission unit 1012 with the hash value of the code decrypted in S1040.
[0273] According to still another embodiment, the authentication public key 74 of the mobile battery 20 is transmitted from the mobile battery 20 to the battery exchange device 120 using any digital signature method or digital certificate method. This allows the battery exchange device 120 to confirm that the authentication public key 74 received from the mobile battery 20 is a legitimate authentication public key.
[0274] As described above, in this embodiment, in S1030, the authentication public key 74 is encrypted using the signature private key 82. In S1032, the procedure by which the battery exchange device 120 acquires the authentication public key 74 of the mobile battery 20 has been described in detail using the example in which the battery ID stored in the battery ID storage unit 252, the unencrypted authentication public key 74, and the authentication public key 74 encrypted with the signature private key 82 are transmitted from the mobile battery 20 to the battery exchange device 120. However, the procedure by which the battery exchange device 120 acquires the authentication public key 74 of the mobile battery 20 is not limited to this embodiment.
[0275] In another embodiment, the storage unit 250 of the mobile battery 20 stores the electronic certificate of the authentication public key 74. The electronic certificate of the authentication public key 74 includes, for example, an unencrypted authentication public key 74 and the authentication public key 74 encrypted with the signature private key 82. The electronic certificate of the authentication public key 74 includes, for example, an unencrypted battery ID and authentication public key 74, and the battery ID and authentication public key 74 encrypted with the signature private key 82. When the public key acquisition unit 1014 of the battery exchange device 120 requests transmission of the public key, the public key transmission unit 1012 of the mobile battery 20 transmits the electronic certificate of the authentication public key 74 to the public key acquisition unit 1014. This omits the process of the mobile battery 20 encrypting the authentication public key 74 using the signature private key 82. In this case, the mobile battery 20 does not need to store the signature private key 82.
[0276] In this embodiment, the details of the procedure by which the battery exchange device 120 acquires the authentication public key 74 of the mobile battery 20 have been described using as an example a case in which the public key acquisition unit 1014 refers to a database that stores the signature verification public keys 84 of one or more mobile batteries 20 in correspondence with each other, and extracts the signature verification public key 84 that corresponds to the battery ID transmitted by the public key transmission unit 1012. However, the procedure by which the battery exchange device 120 acquires the authentication public key 74 of the mobile battery 20 is not limited to this embodiment.
[0277] In another embodiment, the storage unit 250 of the mobile battery 20 stores an electronic certificate of the signature verification public key 84. The electronic certificate of the signature verification public key 84 includes, for example, an unencrypted signature verification public key 84 and the signature verification public key 84 encrypted with the private key of the certification authority. The electronic certificate of the signature verification public key 84 includes, for example, an unencrypted ID and signature verification public key 84 and the ID and signature verification public key 84 encrypted with the signature private key 82. The ID may be a battery ID, the ID of the manufacturer of the mobile battery 20, or the ID of the manufacturer of the control CPU or secure IC of the mobile battery 20. When the public key acquisition unit 1014 of the battery exchange machine 120 requests transmission of a public key, the public key transmission unit 1012 of the mobile battery 20 transmits the electronic certificate of the signature verification public key 84 to the public key acquisition unit 1014. The public key transmission unit 1012 acquires the public key corresponding to the private key of the certification authority. The public key corresponding to the private key of the certification authority may be stored in the battery exchange device 120 or may be transmitted to the battery exchange device 120 from the server of the certification authority in response to a request from the battery exchange device 120.
[0278] Fig. 11 schematically illustrates an example of a procedure for acquiring the authentication public key 74. According to the present embodiment, the procedure differs from the procedure for acquiring the authentication public key 74 described with reference to Fig. 10 in that, after S1030 is performed, S1132 is performed instead of S1032, and in that, after S1132 is performed, S1134 is performed. With respect to features other than the above differences, the procedure for acquiring the authentication public key 74 described with reference to Fig. 11 may have a configuration similar to the procedure for acquiring the authentication public key 74 described with reference to Fig. 10.
[0279] According to this embodiment, in S1132, the public key transmission unit 1012 transmits the battery ID stored in the battery ID storage unit 252, the unencrypted authentication public key 74, the authentication public key 74 encrypted with the signature private key 82, and the signature verification public key 84 to the battery exchange device 120. The public key transmission unit 1012 may transmit the signature verification public key 84 to the battery exchange device 120 by transmitting an electronic certificate including the signature verification public key 84 to the battery exchange device 120.
[0280] As described above, the public key transmission unit 1012 may transmit the battery ID stored in the battery ID storage unit 252, the digital certificate of the authentication public key 74, and the digital certificate of the signature verification public key 84 to the battery exchange device 120 in response to a request from the public key acquisition unit 1014. The public key acquisition unit 1014 may request transmission of the digital certificate instead of or together with the request for the public key. As described above, the digital certificate of the authentication public key 74 includes, for example, an unencrypted battery ID and authentication public key 74, and a battery ID and authentication public key 74 encrypted with the signature private key 82. In this case, the public key transmission unit 1012 may transmit the digital certificate of the authentication public key 74 and the digital certificate of the signature verification public key 84 to the battery exchange device 120 in response to a request from the public key acquisition unit 1014.
[0281] In S1134, the public key acquisition unit 1014 requests a trusted certificate authority (not shown) to confirm the validity or authenticity of the signature verification public key 84. If the validity or authenticity of the signature verification public key 84 is confirmed, the public key acquisition unit 1014 executes S1040, S1042, and S1044. The signature verification public key 84 is issued, for example, by the manufacturer or seller of the control CPU or secure IC described in relation to FIG. 4. Therefore, according to another embodiment, the public key acquisition unit 1014 can acquire the signature verification public key 84, for example, from the manufacturer or seller of the control CPU or secure IC.
[0282] The trusted certificate authority may be the management server 140 or a server different from the management server 140. The trusted certificate authority may be a server managed or operated by the manufacturer or seller of the control CPU or secure IC. The signature verification public key 84 may have an expiration date. The trusted certificate authority may manage the expiration date of the signature verification public key 84. For example, when the certificate authority receives a request from the public key transmission unit 1012 to confirm the validity or authenticity of the signature verification public key 84, the certificate authority may determine whether the expiration date of the signature verification public key 84 has expired. If the expiration date of the signature verification public key 84 has expired, the certificate authority transmits information indicating that the signature verification public key 84 is invalid to the public key transmission unit 1012 in response to the request. On the other hand, if the expiration date of the signature verification public key 84 has not expired, the certificate authority transmits information indicating that the signature verification public key 84 is valid to the public key transmission unit 1012 in response to the request.
[0283] (An example of another embodiment) In this embodiment, the procedure by which the battery exchanger 120 acquires the authentication public key 74 of the mobile battery 20 has been described in detail, taking as an example a case where the mobile battery 20 is attached to the battery exchanger 120. However, the entity that acquires the authentication public key 74 of the mobile battery 20 is not limited to the battery exchanger 120. In another embodiment, the entity that acquires the authentication public key 74 of the mobile battery 20 may be the above-mentioned power device.
[0284] Furthermore, as described above, the verification device is not limited to the battery exchange device 120. Any verification device may obtain the authentication public key of any verified device using a procedure similar to that of this embodiment. For example, when the mobile battery 20 authenticates the battery exchange device 120, the mobile battery 20 obtains the authentication public key of the battery exchange device 120 using a procedure similar to that of this embodiment.
[0285] In this embodiment, in S1030, the authentication public key 74 is encrypted using the signature private key 82. In S1132, the procedure by which the battery exchange device 120 acquires the authentication public key 74 of the mobile battery 20 has been described in detail, taking as an example a case in which the battery ID stored in the battery ID storage unit 252, the unencrypted authentication public key 74, the authentication public key 74 encrypted with the signature private key 82, and the signature verification public key 84 are transmitted from the mobile battery 20 to the battery exchange device 120. However, the procedure by which the battery exchange device 120 acquires the authentication public key 74 of the mobile battery 20 is not limited to this embodiment. For example, the information encrypted using the signature private key 82 in S1030 is not limited to the authentication public key 74.
[0286] According to another embodiment, in S1030, an arbitrary code is encrypted using the signature private key 82. The code may have a configuration similar to the authentication code described above. The code may be a battery ID. In this case, for example, in S1032, the battery ID stored in the battery ID storage unit 252, the unencrypted authentication public key 74, the unencrypted code, the code encrypted with the signature private key 82, and the signature verification public key 84 are transmitted from the mobile battery 20 to the battery exchange machine 120.
[0287] Next, in S1040, the public key acquisition unit 1014 decrypts the code encrypted with the signature private key 82 using the signature verification public key 84 whose validity or authenticity was confirmed in S1134. Also, in S1042, the public key acquisition unit 1014 compares the unencrypted code transmitted by the public key transmission unit 1012 with the code decrypted in S1040. For example, the public key acquisition unit 1014 determines whether the unencrypted code transmitted by the public key transmission unit 1012 matches the code decrypted in S1040. If the two match, the public key acquisition unit 1014 stores the authentication public key 74 transmitted by the public key transmission unit 1012 in the storage unit 520 or the public key database 522 as the authentic authentication public key 74 of the mobile battery 20. According to the above embodiment, similarly to this embodiment, the battery exchanger 120 can confirm that the authentication public key 74 received from the mobile battery 20 is a legitimate authentication public key.
[0288] According to yet another embodiment, in S1030, a hash value of any code described above is encrypted using the private signing key 82. Thereafter, a procedure similar to that described in connection with the alternative embodiment of FIG.
[0289] According to still another embodiment, the authentication public key 74 of the mobile battery 20 is transmitted from the mobile battery 20 to the battery exchange device 120 using any electronic signature method or any electronic certification method. This allows the battery exchange device 120 to confirm that the authentication public key 74 received from the mobile battery 20 is a legitimate authentication public key.
[0290] The embodiment described in relation to FIG. 11 may also be modified in the same manner as the other embodiment described in relation to FIG. 10 . For example, in another embodiment, the storage unit 250 of the mobile battery 20 may store an electronic certificate of the authentication public key 74. When the public key acquisition unit 1014 of the battery exchange device 120 requests transmission of the public key, the public key transmission unit 1012 of the mobile battery 20 may transmit the electronic certificate stored in the storage unit 250 to the public key acquisition unit 1014 without newly creating an electronic certificate of the authentication public key 74. This omits the process in which the mobile battery 20 encrypts the authentication public key 74 using the signature private key 82. In this case, the mobile battery 20 does not need to store the signature private key 82. Similar modifications may also be made in any of the embodiments described below.
[0291] (Two-way authentication process) Other examples of information processing in the battery management system 100 will be described using Figures 12 to 30. In the embodiment described with reference to Figures 1 to 11, the details of the authentication process in the battery management system 100 were described using as an example a case in which the battery exchange machine 120, which is an example of a verification device, verifies whether the mobile battery 20, which is an example of a verified device, is a legitimate device. However, the authentication process in the battery management system 100 is not limited to the above embodiment.
[0292] Fig. 12 schematically illustrates an example of a bidirectional authentication process of the battery management system 100. The embodiment described with reference to Fig. 12 differs from the embodiments described with reference to Figs. 1 to 11 in that a bidirectional authentication process is performed between the mobile battery 20 and the battery exchange machine 120.
[0293] Specifically, according to the embodiment described in relation to Figure 12, the battery exchange machine 120, which is an example of a confirmation device, performs a process (sometimes referred to as an authentication process for the mobile battery 20) to confirm whether the mobile battery 20, which is an example of a device to be confirmed, is a genuine mobile battery, and the mobile battery 20, which is an example of a confirmation device, performs a process (sometimes referred to as an authentication process for the battery exchange machine 120) to confirm whether the battery exchange machine 120, which is an example of a device to be confirmed, is a genuine battery station.
[0294] In this embodiment, the details of the bidirectional authentication process of the battery management system 100 will be described using as an example a case where the authentication process of the mobile battery 20 is executed, and the authentication process of the battery exchange device 120 is executed when the mobile battery 20 is authenticated. However, the timing at which the authentication process of the mobile battery 20 and the authentication process of the battery exchange device 120 are executed is not particularly limited.
[0295] 12 to 30, elements having the same configuration as the embodiment described with reference to Figures 1 to 11 are given the same reference numerals as those used in those embodiments, and detailed descriptions thereof may be omitted. Even if detailed descriptions of elements given the same reference numerals as those in the embodiment described with reference to Figures 1 to 11 are omitted, those elements may have the same configuration as the embodiment described with reference to Figures 1 to 11 to the extent that no technical contradiction occurs.
[0296] 12 , an example of the bidirectional authentication process of the battery management system 100 will be described using an example in which the key issuer 50 issues a pair of authentication private key 172 and authentication public key 174 used in the process of verifying whether the battery exchange device 120 is an authorized device. The authentication private key 172 of the battery exchange device 120 may have a similar configuration to the authentication private key 72 of the mobile battery 20. The authentication public key 174 of the battery exchange device 120 may have a similar configuration to the authentication public key 74 of the mobile battery 20.
[0297] The issuer of the pair of authentication private key 172 and authentication public key 174 is not limited to the key issuer 50. The procedure and timing by which the battery exchange machine 120, which is an example of the device to be verified, acquires the authentication private key 172 are not limited to this embodiment. The procedure and timing by which the mobile battery 20, which is an example of the verification device, acquires the authentication public key 174 are not limited to this embodiment.
[0298] (Outline of information processing in battery management system 100) As shown in Fig. 12 , according to this embodiment, first, in S1212, the mobile battery 20 acquires the authentication public key 174 of the battery exchange device 120. The mobile battery 20 may acquire the authentication public key 174 of the battery exchange device 120 by a procedure similar to the procedure by which the battery exchange device 120 acquires the authentication public key 174 of the mobile battery 20 in relation to Fig. 1 . The mobile battery 20 may acquire the authentication public keys 174 of one or more battery exchange devices 120 before distributing the mobile battery 20. The authentication public keys 174 of one or more battery exchange devices 120 are stored in the storage unit 250 of the mobile battery 20, for example.
[0299] Next, in S1214, the battery exchange device 120 acquires the authentication public key 74 of the mobile battery 20. The battery exchange device 120 may acquire the authentication public key 74 of one or more mobile batteries 20 by a procedure similar to the procedure described in relation to Fig. 1. The authentication public key 74 of one or more mobile batteries 20 is stored in the storage unit 520 of the battery exchange device 120, for example.
[0300] Next, in S420, when the battery authentication unit 378 of the battery exchange machine 120 detects that the mobile battery 20 has been inserted into the slot 124, the battery authentication unit 378 of the battery exchange machine 120 transmits a startup signal to the mobile battery 20. In S422, when the control unit 230 of the mobile battery 20 receives the startup signal, for example, the control unit 230 and the authentication response unit 232 are activated. At this time, the control unit 230 may transmit a startup confirmation signal to the battery exchange machine 120 indicating that the authentication response unit 232 has been activated.
[0301] Next, in S1230, the battery exchange device 120 executes authentication processing for the mobile battery 20. The battery exchange device 120 may execute authentication processing for the mobile battery 20 using a procedure similar to the procedure described in relation to Figures 1 to 11. Details of the authentication processing for the mobile battery 20 will be described later.
[0302] Next, in S450, the battery exchange machine 120 determines whether to replace the mobile battery 20. The battery exchange machine 120 may determine whether to replace the mobile battery 20 based on the confirmation result of whether the mobile battery 20 is a genuine device.
[0303] For example, if it is confirmed that the mobile battery 20 is a genuine device, the battery exchange machine 120 decides to replace the mobile battery 20. For example, the battery exchange machine 120 decides to insert the mobile battery 20 into the slot 124. As a result, for example, if all other conditions for replacing the mobile battery 20 are met, the replacement of the mobile battery 20 can be performed.
[0304] On the other hand, if it is not confirmed that the mobile battery 20 is an authentic device, the battery exchange machine 120 decides not to replace the mobile battery 20. For example, the battery exchange machine 120 decides not to insert the mobile battery 20 into the slot 124. If it is decided not to replace the mobile battery 20, the battery exchange machine 120 may output information indicating that the mobile battery 20 will not be replaced to the outside. For example, the battery exchange machine 120 presents or transmits information indicating that the mobile battery 20 will not be replaced to the user 40.
[0305] In S450, the battery exchange machine 120 may determine whether to charge the mobile battery 20. The battery exchange machine 120 may determine whether to charge the mobile battery 20 based on the confirmation result of whether the mobile battery 20 is a genuine device.
[0306] For example, if it is confirmed that the mobile battery 20 is a genuine device, the battery exchange machine 120 decides to charge the mobile battery 20. As a result, for example, if all other conditions for charging the mobile battery 20 are met, charging of the mobile battery 20 can be performed.
[0307] On the other hand, if it is not confirmed that the mobile battery 20 is an authentic device, the battery exchange device 120 may decide not to charge the mobile battery 20. If it is decided not to charge the mobile battery 20, the battery exchange device 120 may output information indicating that the mobile battery 20 will not be charged to the outside. For example, the battery exchange device 120 presents or transmits information indicating that the mobile battery 20 will not be charged to the user 40. Note that if it is not confirmed that the mobile battery 20 is an authentic device, the battery exchange device 120 does not need to determine whether to charge the mobile battery 20.
[0308] Next, in S1240, for example, the battery exchange device 120 requests access to the data stored in the mobile battery 20. In addition, the mobile battery 20 receives a request for access (sometimes referred to as an access request) from the battery exchange device 120.
[0309] An example of the above access is (i) a process (sometimes referred to as a read process) in which the battery exchange device 120 reads specific data (sometimes referred to as read target information) stored in the storage device of the mobile battery 20. The read process may include a process in which the battery exchange device 120 transmits the read target information read from the storage device of the mobile battery 20 to another device (for example, the management server 140).
[0310] Other examples of the above access include (ii) a process (sometimes referred to as a write process) by the battery exchange device 120 to write specific data (sometimes referred to as information to be written) to the storage device of the mobile battery 20, (iii) a process (sometimes referred to as a modification process) by the battery exchange device 120 to modify specific data (sometimes referred to as information to be modified) stored in the storage device of the mobile battery 20, and (iv) a process (sometimes referred to as an execution process) by the battery exchange device 120 to cause the computer of the mobile battery 20 to execute a program. The execution process may be a process to execute a program running on the mobile battery 20.
[0311] The storage device may be any storage medium such as a memory, a storage device, etc. The control unit 230 and / or the storage unit 250 may be an example of the storage device.
[0312] Examples of information to be read include the charge / discharge history of the mobile battery 20, the authentication history of the mobile battery 20, and the access history to the mobile battery 20. Details of the access history, charge / discharge history, and authentication history will be described later.
[0313] An example of information to be written or information to be modified is information that is the subject of an update process (sometimes referred to as information to be updated). The program running on the mobile battery 20 may be a program for updating the information to be updated. The information to be updated is updated by executing a write process, a modification process, or an execution process.
[0314] An example of the information to be updated is control software or a control program (sometimes referred to as firmware) used to control the mobile battery 20. In this case, the access request may include the firmware of the mobile battery 20, update software or an update program for updating the firmware, and / or an instruction to cause the computer of the mobile battery 20 to execute the update software or the update program.
[0315] Next, in S1250, the mobile battery 20 executes authentication processing of the battery exchange device 120. According to this embodiment, the mobile battery 20, which has been confirmed to be an authentic device in S1230, confirms whether the battery exchange device 120, which the mobile battery 20 confirmed to be an authentic device in S1230, is an authentic device. This allows two-way authentication between the mobile battery 20 and the battery exchange device 120 to be realized.
[0316] For example, in response to receiving an access request from the battery exchange device 120, the mobile battery 20 executes authentication processing of the battery exchange device 120. The mobile battery 20 may confirm whether the battery exchange device 120 is a legitimate battery station by a procedure similar to the procedure by which the battery exchange device 120 authenticates the mobile battery 20. Note that after S1250 is executed, processing similar to S450 may be executed, or processing similar to S450 may not be executed. Details of the authentication processing of the battery exchange device 120 will be described later.
[0317] Next, in S1252, the mobile battery 20 determines whether or not to allow access by the battery exchange device 120. As described above, the battery exchange device 120 requests the mobile battery 20 to perform at least one of a read process, a write process, a modify process, and an execute process by transmitting an access request to the mobile battery 20. When the mobile battery 20 receives the access request from the battery exchange device 120, the mobile battery 20 may determine whether or not to perform the process requested by the access request based on the confirmation result of whether or not the battery exchange device 120 is an authorized device.
[0318] If it is confirmed that the battery exchange device 120 is an authorized device, the mobile battery 20 permits the battery exchange device 120 to access the data of the mobile battery 20. For example, if an access request is received in S1240 and it is confirmed that the battery exchange device 120 is an authorized device in S1250, the mobile battery 20 permits the execution of the process requested by the access request. If the above access is permitted, the mobile battery 20 may transmit information indicating that the above access is permitted to the battery exchange device 120.
[0319] On the other hand, if it is not confirmed that the battery exchange device 120 is an authorized device, the mobile battery 20 prohibits the battery exchange device 120 from accessing the data of the mobile battery 20. For example, if an access request is received in S1240 and it is not confirmed that the battery exchange device 120 is an authorized device in S1250, the execution of the process requested by the access request is prohibited. If the access is prohibited, the mobile battery 20 may transmit information indicating that the access has been prohibited or information indicating that the access has not been permitted to the battery exchange device 120.
[0320] The mobile battery 20 may prohibit the above access by not permitting the above access. The mobile battery 20 may prohibit the above access by not outputting information indicating that the above access has been permitted to the outside.
[0321] Next, in S1254, the mobile battery 20 may store identification information (sometimes referred to as a station ID) for identifying the battery exchange machine 120 that sent the access request, thereby creating the above-mentioned access history.
[0322] Next, in S1260, the battery exchange device 120 accesses the data stored in the mobile battery 20. In one embodiment, the battery exchange device 120 executes at least one of a read process, a write process, a modify process, and an execute process. In another embodiment, the battery exchange device 120 causes the mobile battery 20 to execute at least one of a read process, a write process, a modify process, and an execute process.
[0323] For example, various types of information are transmitted from the mobile battery 20 to the battery exchange device 120. For example, a charge / discharge history is transmitted from the mobile battery 20 to the battery exchange device 120. As a result, the above-described information to be read is read into the battery exchange device 120. As a result, the battery exchange device 120 can acquire various types of information stored in the storage device of the mobile battery 20.
[0324] For example, the battery exchange device 120 can write various information to the storage device of the mobile battery 20 and modify various information stored in the storage device of the mobile battery 20. The battery exchange device 120 can also execute various programs on the mobile battery 20. This allows, for example, the firmware of the mobile battery 20 to be updated.
[0325] In S1260, if the battery exchange device 120 is unable to confirm that the processing based on the access request has been completed normally, the battery exchange device 120 may store the battery ID of the mobile battery 20. This allows an abnormality in the mobile battery 20 to be detected early.
[0326] Thereafter, in S1270, the battery exchange machine 120 executes processing for exchanging the mobile battery 20. The battery exchange machine 120 also charges the mobile battery 20. This ends the processing.
[0327] S1230 may be an example of one of the first and second confirmation steps, and S1250 may be an example of the other of the first and second confirmation steps.
[0328] S1240 may be an example of an execution request receiving step. S1250 may be an example of a confirmation step. S1252 may be an example of an execution determining step. S1254 may be an example of a second storage step. S1260 may be an example of a first storage step. S1260 may be an example of an execution step, a read step, or an update step.
[0329] The access request may be an example of an execution request or an update request. The processing based on the access request may be an example of an update processing of the information to be updated based on the update request. The station ID may be an example of first device identification information. The battery ID may be an example of second device identification information.
[0330] S1252 may be an example of a first determining step, a first prohibiting step, or a first allowing step. S1252 may be an example of a second determining step, a second prohibiting step, or a second allowing step.
[0331] (Another embodiment) In the present embodiment, an example of the battery exchange device 120 has been described, taking as an example a case where the battery exchange device 120 determines whether or not to replace the mobile battery 20 based on the confirmation result of whether or not the mobile battery 20 is a genuine device. However, the battery exchange device 120 is not limited to this embodiment. In other embodiments, the battery exchange device 120 may determine whether or not to replace the mobile battery 20 based on (i) the confirmation result of whether or not the mobile battery 20 is a genuine device or (ii) a whitelist.
[0332] In the present embodiment, an example of the battery exchange device 120 has been described in which the battery exchange device 120 determines whether to charge the mobile battery 20 based on the result of confirmation of whether the mobile battery 20 is a genuine device. However, the battery exchange device 120 is not limited to the present embodiment. In other embodiments, the battery exchange device 120 may determine whether to charge or discharge the mobile battery 20 based on (i) the result of confirmation of whether the mobile battery 20 is a genuine device or (ii) a whitelist.
[0333] Next, the details of the bidirectional authentication process described in relation to Fig. 12 will be described using Fig. 13, Fig. 14, Fig. 15, Fig. 16, Fig. 17, and Fig. 18. Fig. 13 schematically shows an example of the internal configuration of the mobile battery 20. Fig. 14 schematically shows an example of the internal configuration of the battery exchanger 120. Fig. 15 schematically shows an example of a procedure for authenticating the mobile battery 20. Fig. 16 schematically shows an example of a procedure for authenticating the battery exchanger 120. Fig. 17 schematically shows an example of the internal configuration of the station authentication unit 1378. Fig. 18 schematically shows an example of the internal configuration of the authentication response unit 1432.
[0334] As shown in Fig. 13, the mobile battery 20 with the two-way authentication function described in relation to Fig. 12 differs from the mobile battery 20 described in relation to Figs. 1 to 11 in that it includes a station authentication unit 1378 and that the storage unit 250 includes a public key database 1352 for station authentication and a whitelist 1354. Except for the above differences, the mobile battery 20 described in relation to this embodiment may have the same configuration as the mobile battery 20 described in relation to Figs. 1 to 11.
[0335] In this embodiment, the station authentication unit 1378 checks whether the battery exchanger 120 is an authorized battery station. For example, when the mobile battery 20 is stored in or attached to the battery exchanger 120, the station authentication unit 1378 checks whether the battery exchanger 120 that is to store or attach the mobile battery 20 is an authorized battery station. If the authentication of the battery exchanger 120 fails, the station authentication unit 1378 may execute the same process as when the battery authentication unit 378 fails to authenticate the mobile battery 20. Even in this case, access to data in the mobile battery 20 or external output of the data may be prohibited.
[0336] In one embodiment, when the battery authentication unit 378 of the battery exchanger 120 confirms that the mobile battery 20 is an authorized device, the station authentication unit 1378 of the mobile battery 20 confirms whether the battery exchanger 120 is an authorized device. In another embodiment, when the station authentication unit 1378 of the mobile battery 20 confirms that the battery exchanger 120 is an authorized device, the battery authentication unit 378 of the battery exchanger 120 confirms whether the mobile battery 20 is an authorized device. Details of the station authentication unit 1378 will be described later.
[0337] In this embodiment, the public key database 1352 stores the station IDs of the one or more battery exchangers 120 managed by the battery management system 100 in association with the authentication public keys 174 of the one or more battery exchangers 120. In this embodiment, the whitelist 1354 stores the station IDs of the one or more battery exchangers 120 managed by the battery management system 100. Note that in other embodiments, the public key database 1352 may be used as the whitelist 1354.
[0338] The station authentication unit 1378 may be an example of one of a first confirmation unit and a second confirmation unit. The battery authentication unit 378 may be an example of the other of the first confirmation unit and the second confirmation unit. The station authentication unit 1378 may be an example of a confirmation unit. The authentication response unit 232 may be an example of a confirmation information receiving unit or a certification information transmitting unit.
[0339] The control unit 230 may be an example of an execution unit that executes at least one of a read process, a write process, a modification process, and an execution process on the memory unit of the confirmed device. The control unit 230 may be an example of an execution unit that causes the confirmed device to execute at least one of a read process, a write process, a modification process, and an execution process. The control unit 230 may be an example of an execution request receiving unit that receives an execution request. The control unit 230 may be an example of an execution determination unit that, when the execution request receiving unit receives an execution request, determines whether to execute the process requested by the execution request based on the confirmation result of the confirmation unit.
[0340] As shown in Fig. 14 , the battery exchange machine 120 with the two-way authentication function described in relation to Fig. 12 differs from the battery exchange machine 120 described in relation to Figs. 1 to 11 in that it includes an authentication support unit 1432. Except for the above differences, the battery exchange machine 120 described in relation to this embodiment may have a similar configuration to the battery exchange machine 120 described in relation to Figs. 1 to 11 .
[0341] In this embodiment, the authentication response unit 1432 transmits a response code to the mobile battery 20 that transmitted the authentication response request as a response to the authentication response request from the mobile battery 20. The authentication response unit 1432 may transmit a response code in response to the authentication response request from the mobile battery 20 using a procedure similar to the procedure in which the authentication response unit 232 of the mobile battery 20 transmits a response code in response to the authentication response request from the battery exchange machine 120.
[0342] In another embodiment, the authentication response unit 1432 transmits the station ID of the battery exchange device 120 to the mobile battery 20 that transmitted the authentication response request in response to the ID transmission request from the mobile battery 20. The authentication response unit 1432 may transmit the station ID of the battery exchange device 120 in response to the ID transmission request from the mobile battery 20 using a procedure similar to the procedure in which the authentication response unit 232 of the mobile battery 20 transmits the battery ID of the mobile battery 20 in response to the ID transmission request from the battery exchange device 120. Details of the authentication response unit 1432 will be described later.
[0343] The communication unit 126 may be an example of an information processing device. The on-board device 370 may be an example of an information processing device. The battery authentication unit 378 may be an example of a confirmation unit. The authentication response unit 1432 may be an example of a confirmation information receiving unit or a certification information transmitting unit.
[0344] Fig. 15 schematically illustrates an example of a procedure for authenticating the mobile battery 20. As shown in Fig. 15, S1230 described in relation to Fig. 12 includes steps other than S420 and S422 described in relation to Fig. 4.
[0345] Fig. 16 schematically shows an example of a procedure for authenticating a battery exchange machine 120. As shown in Fig. 16, according to this embodiment, first, in S1624, the station authentication unit 1378 of the mobile battery 20 transmits a signal requesting transmission of a station ID (sometimes referred to as an ID transmission request) to the battery exchange machine 120 that authenticated the mobile battery 20 in S1230. In S1626, for example, when the control unit 376 of the battery exchange machine 120 receives the ID transmission request signal, the control unit 376 transmits the station ID stored in the storage unit 520 to the mobile battery 20.
[0346] When the station authentication unit 1378 sends an ID transmission request to the battery exchange device 120, the authentication response unit 1432 of the battery exchange device 120 can detect that the mobile battery 20 is executing processing to confirm whether or not the battery exchange device 120 is a legitimate device. Similarly, when the ID transmission request is obtained from the battery exchange device 120, the authentication response unit 232 of the mobile battery 20 can detect that the battery exchange device 120 is executing processing to confirm whether or not the mobile battery 20 is a legitimate device.
[0347] Next, in S430, when the station authentication unit 1378 of the mobile battery 20 acquires the station ID of the battery exchange machine 120, the station authentication unit 1378 refers to the public key database 1352 using the station ID as a key, and extracts the authentication public key 174 that matches the station ID. If the authentication public key 174 that matches the station ID is not extracted, the station authentication unit 1378 may access the communication terminal 52 or the management server 140 to acquire the authentication public key 174 that matches the station ID.
[0348] The station authentication unit 1378 also prepares an authentication code. For example, the station authentication unit 1378 generates a random number and determines that the random number will be used as the authentication code.
[0349] Next, the station authentication unit 1378 converts the authentication code based on the authentication public key 174 of the battery exchange device 120 and generates a challenge code including the converted authentication code. For example, the station authentication unit 1378 encrypts the authentication code using the authentication public key 174. The station authentication unit 1378 also generates a challenge code including the encrypted authentication code.
[0350] Furthermore, in this embodiment, the station authentication unit 1378 prepares a verification code. For example, the station authentication unit 1378 performs a calculation process using a hash function to generate a hash value of the authentication code. The station authentication unit 1378 determines to use the generated hash value as the verification code.
[0351] Next, in S432, the station authentication unit 1378 transmits the challenge code to the battery exchange device 120. The station authentication unit 1378 may transmit the challenge code and an authentication response request to the battery exchange device 120.
[0352] In S434, when the authentication response unit 1432 receives the challenge code, the authentication response unit 1432 reverse-converts the encrypted authentication code included in the challenge code, for example, based on the authentication private key 172 of the battery exchange machine 120. Specifically, the authentication response unit 1432 decrypts the encrypted authentication code included in the challenge code using the authentication private key 172 stored in the storage unit 520. Because the authentication private key 172 is paired with the authentication public key 174, if the battery exchange machine 120 is an authorized battery station, the authentication response unit 1432 succeeds in decrypting the encrypted authentication code.
[0353] Next, in S436, the authentication response unit 1432 generates a response code including information indicating that the battery exchange device 120 has successfully decrypted the authentication code encrypted with the authentication public key 174. For example, the authentication response unit 1432 performs an arithmetic process using a hash function to generate a hash value of the decrypted authentication code. The authentication response unit 1432 generates a response code including the hash value of the decrypted authentication code. The authentication response unit 1432 also transmits the response code to the mobile battery 20.
[0354] Next, in S438, when the station authentication unit 1378 of the mobile battery 20 receives the response code, the station authentication unit 1378 compares the hash value included in the response code with the hash value generated as the verification code. Furthermore, in S440, the station authentication unit 1378 determines whether the battery exchange machine 120 is a legitimate battery station based on the comparison result. For example, if the two match, the station authentication unit 1378 confirms that the battery exchange machine 120 is a legitimate battery station.
[0355] As described above, if the battery exchange device 120 is an authorized battery station, the authentication unit 1432 can successfully decrypt the encrypted authentication code and generate a correct response code. As a result, the battery exchange device 120 can transmit the correct response code to the mobile battery 20, thereby indicating to the mobile battery 20 that the battery exchange device 120 is an authorized device.
[0356] The authentication response unit 232 may be an example of a confirmation information receiving unit or a proof information transmitting unit. The authentication response unit 1432 may be an example of a proof information transmitting unit. The ID transmission request may be an example of confirmation information. The response code may be an example of proof information.
[0357] The request receiving unit 620 may be an example of a confirmation information receiving unit.
[0358] Fig. 17 schematically illustrates an example of the internal configuration of the station authentication unit 1378. As illustrated in Fig. 17 , the station authentication unit 1378 may have a configuration similar to that of the battery authentication unit 378, except that the station authentication unit 1378 includes a station ID acquisition unit 1730 instead of the battery ID acquisition unit 530, the storage unit 250 includes a public key database 1352 and a whitelist 1354, and the information processed in each unit is different.
[0359] In this embodiment, the station ID acquisition unit 1730 acquires the station ID of the battery exchange machine 120 that stores or installs the mobile battery 20. For example, the station ID acquisition unit 1730 acquires the station ID from the battery exchange machine 120 by transmitting an ID transmission request to the battery exchange machine 120.
[0360] In this embodiment, the authentication code generation unit 540 generates an authentication code 1702. The authentication code 1702 may have the same configuration as the authentication code 502. The authentication code 1702 may be generated by the same procedure as the authentication code 502.
[0361] In this embodiment, the verification code generation unit 550 generates a verification code corresponding to the authentication code 1702. The verification code corresponding to the authentication code 1702 may have the same configuration as the verification code corresponding to the authentication code 502. The verification code corresponding to the authentication code 1702 may be generated by the same procedure as the verification code corresponding to the authentication code 502. For example, the verification code generation unit 550 performs an arithmetic process using a hash function 1752 to generate a hash value 1704 of the authentication code 1702. The hash function 1752 may have the same configuration as the hash function 552.
[0362] In this embodiment, the challenge code generation unit 560 generates the challenge code 1712. The challenge code 1712 may have the same configuration as the challenge code 512. The challenge code 1712 may be generated by the same procedure as the challenge code 512. For example, the challenge code generation unit 560 encrypts the authentication code 1702 using the authentication public key 174 of the battery exchange machine 120. This allows the station authentication unit 1378 to generate the challenge code 1712 including the encrypted authentication code 1702.
[0363] In this embodiment, the challenge code transmission unit 562 transmits the challenge code 1712 generated by the challenge code generation unit 560 to the battery exchange device 120. The challenge code transmission unit 562 may transmit the challenge code 1712 and an authentication response request to the battery exchange device 120.
[0364] In this embodiment, the response code acquisition unit 570 acquires a response code 1716 corresponding to the challenge code 1712 from the battery exchange machine 120. In this embodiment, the response code 1716 includes a hash value 1706 of the authentication code 1702 restored in the battery exchange machine 120. The response code acquisition unit 570 outputs the hash value 1706 of the restored authentication code 1702 to the comparison unit 582.
[0365] In this embodiment, the comparing unit 582 obtains a hash value 1704 as a verification code from the verification code generating unit 550. The comparing unit 582 also obtains a hash value 1706 included in a response code 1716 from the response code obtaining unit 570. The comparing unit 582 compares the hash value 1704 as a verification code with the hash value 1706 included in the response code 1716. The comparing unit 582 outputs information indicating the comparison result to the determining unit 584.
[0366] In the present embodiment, the determination unit 584 acquires information indicating the comparison result of the comparison unit 582. The determination unit 584 determines whether the battery exchange machine 120 is an authorized battery exchange machine 120 based on the comparison result of the comparison unit 582.
[0367] The determination unit 584 may determine whether to replace the mobile battery 20 based on the determination result of whether the battery exchange machine 120 is an authorized battery exchange machine 120. The determination unit 584 may determine whether to charge and / or discharge the mobile battery 20 based on the determination result of whether the battery exchange machine 120 is an authorized battery exchange machine 120.
[0368] Fig. 18 schematically illustrates an example of the internal configuration of the authentication handling unit 1432. As illustrated in Fig. 18, the authentication handling unit 1432 may have the same configuration as the authentication handling unit 232, except that the information processed in each unit is different.
[0369] In this embodiment, the request receiving unit 620 receives various requests from the mobile battery 20. Examples of the requests include an ID transmission request and an authentication response request. In this embodiment, when the request receiving unit 620 receives an ID transmission request from the mobile battery 20, the ID transmitting unit 630 transmits the station ID of the battery exchange machine 120 to the mobile battery 20.
[0370] In this embodiment, when the request receiving unit 620 receives an authentication response request from the mobile battery 20, the challenge code acquisition unit 640 acquires the challenge code 1712 transmitted by the mobile battery 20. In this embodiment, the challenge code decryption unit 650 uses the authentication private key 172 to decrypt the encrypted authentication code 1702 included in the challenge code 1712. In addition, the challenge code decryption unit 650 outputs the decrypted authentication code 1702 to the response code generation unit 660.
[0371] In this embodiment, the response code generation unit 660 generates a response code 1716 based on the decrypted authentication code 1702. According to this embodiment, the response code generation unit 660 executes an arithmetic process using a hash function 1862 to generate a hash value 1706 of the restored authentication code 1702. The response code generation unit 660 generates a response code 1716 including the hash value 1706 of the restored authentication code 1702. In this embodiment, the response code transmission unit 670 transmits the response code 1716 to the mobile battery 20.
[0372] 19 schematically illustrates another example of the bidirectional authentication process of the battery management system 100. The bidirectional authentication process described in relation to Fig. 19 may have a similar configuration to the bidirectional authentication process described in relation to Fig. 12 except that S1912 is included instead of S1214 and S1914 is included instead of S1212.
[0373] In S1912, for example, the battery exchange device 120 acquires the authentication public key 74 of the mobile battery 20 by a procedure similar to that described with reference to Figure 10 or 11. In S1914, for example, the mobile battery 20 acquires the authentication public key 174 of the battery exchange device 120 by a procedure similar to that described with reference to Figure 10 or 11.
[0374] Next, the details of the bidirectional authentication process described in relation to FIG. 19 will be described using FIGS. 20, 21, 22, 23, 24, 25, 26, and 27. FIG. 20 schematically shows another example of the internal configuration of the mobile battery 20. FIG. 21 schematically shows another example of the internal configuration of the storage unit 250. FIG. 22 schematically shows another example of the internal configuration of the on-board device 370. FIG. 23 schematically shows another example of the internal configuration of the storage unit 520. FIG. 24 schematically shows another example of the procedure for acquiring the authentication public key 74. FIG. 25 schematically shows another example of the procedure for authenticating the mobile battery 20. FIG. 26 schematically shows another example of the procedure for acquiring the authentication public key 174. FIG. 27 schematically shows another example of the procedure for authenticating the battery exchange machine 120.
[0375] 20, the mobile battery 20 having the function of two-way authentication described in relation to Fig. 19 differs from the mobile battery 20 described in relation to Fig. 12 to Fig. 18 in that it includes a station authentication public key acquisition unit 2014. The station authentication public key acquisition unit 2014 may have a configuration similar to that of the public key acquisition unit 1014.
[0376] In this embodiment, the station authentication public key acquisition unit 2014 acquires the authentication public key 174, for example, from the battery exchange machine 120 that stores or installs the mobile battery 20. The station authentication public key acquisition unit 2014 transmits, for example, a signal (sometimes referred to as a public key transmission request) to the battery exchange machine 120 requesting transmission of the station ID and the authentication public key 174. This allows the station authentication public key acquisition unit 2014 to acquire, for example, the authentication public key 174 of the battery exchange machine 120 that stores or installs the mobile battery 20. Details of the process of acquiring the authentication public key 174 will be described later.
[0377] As shown in Figure 21, the storage unit 250 of the mobile battery 20 having the two-way authentication function described in relation to Figure 19 differs from the storage unit 250 of the mobile battery 20 described in relation to Figures 12 to 18 in that it has a public key database 2162 for station signature verification and a certificate storage unit 2170.
[0378] In this embodiment, the station signature verification public key database 2162 stores the station IDs of the one or more battery exchange machines 120 managed by the battery management system 100 in association with the signature verification public keys 184 of the one or more battery exchange machines 120. The signature verification public keys 184 of the one or more battery exchange machines 120 correspond to the signature private keys 182 of the one or more battery exchange machines 120.
[0379] In this embodiment, the certificate storage unit 2170 stores a digital certificate 2190 of the mobile battery 20. The digital certificate 2190 includes, for example, an arbitrary code 2192 and an encrypted code 2194. The encrypted code 2194 is obtained by encrypting the code 2192 using the signature private key 82. The code 2192 may have a configuration similar to the authentication code described above. The digital certificate 2190 may include a hash value of the arbitrary code 2192 and the encrypted code 2194.
[0380] 22, the on-board device 370 of the battery exchange machine 120 having the two-way authentication function described in relation to Fig. 19 differs from the storage unit 250 of the mobile battery 20 described in relation to Figs. 12 to 18 in that it includes a station authentication public key transmission unit 2012. The station authentication public key transmission unit 2012 may have a configuration similar to that of the public key transmission unit 1012.
[0381] In this embodiment, the station authentication public key transmitter 2012 transmits the authentication public key 174 of the battery exchange apparatus 120. The station authentication public key transmitter 2012 transmits the authentication public key 174 of the battery exchange apparatus 120 in response to a public key transmission request from the station authentication public key acquirer 2014. Details of the transmission process of the authentication public key 174 will be described later.
[0382] As shown in FIG. 23 , storage unit 520 of battery exchange device 120 having the two-way authentication function described in relation to FIG. 19 differs from storage unit 520 of battery exchange device 120 described in relation to FIGS. 12 to 18 in that it further includes a station ID storage unit 2352, a station authentication private key storage unit 2354, a station authentication public key storage unit 2355, a station signature private key storage unit 2356, a station signature verification public key storage unit 2357, a signature verification public key database 2362, and a certificate storage unit 2370.
[0383] In this embodiment, the station ID storage unit 2352 stores the station ID of the battery exchange device 120. In this embodiment, the station authentication private key storage unit 2354 stores the authentication private key 172 of the battery exchange device 120. In this embodiment, the station authentication public key storage unit 2355 stores the authentication public key 174 of the battery exchange device 120.
[0384] In this embodiment, the station signature private key storage unit 2356 stores the signature private key 182 of the battery exchange apparatus 120. In this embodiment, the station signature verification public key storage unit 2357 stores the signature verification public key 184 of the battery exchange apparatus 120.
[0385] In this embodiment, the signature verification public key database 2362 stores the battery ID of each of one or more mobile batteries 20 managed by the battery management system 100 in association with the signature verification public key 84 of each of the one or more mobile batteries 20.
[0386] In this embodiment, the certificate storage unit 2370 stores a digital certificate 2390 of the battery exchange machine 120. The digital certificate 2390 includes, for example, an arbitrary code 2392 and an encrypted code 2394. The encrypted code 2394 is obtained by encrypting the code 2392 using the signature private key 182. The code 2392 may have a configuration similar to the authentication code described above. The digital certificate 2390 may include a hash value of the arbitrary code 2392 and the encrypted code 2394.
[0387] Fig. 24 schematically shows another example of the procedure for acquiring the authentication public key 74 of the mobile battery 20. Using Fig. 24, an example of the procedure for the battery exchange machine 120 to acquire the authentication public key 74 of the mobile battery 20 from the mobile battery 20 will be described.
[0388] According to this embodiment, the mobile battery 20 transmits an electronic certificate 2190 including the authentication public key 74 of the mobile battery 20 to the battery exchange device 120. In one embodiment, in the electronic certificate 2190, the arbitrary code 2192 is the authentication public key 74, and the encrypted code 2194 is a ciphertext obtained by encrypting the authentication public key 74 using the signature private key 82. In another embodiment, in the electronic certificate 2190, the arbitrary code 2192 includes the authentication public key 74 and arbitrary other information, and the encrypted code 2194 is a ciphertext obtained by encrypting the authentication public key 74 and the other information using the signature private key 82. This allows the battery exchange device 120 to verify the authenticity of the authentication public key 74.
[0389] In this embodiment, the authenticity of the authentication public key 74 is confirmed by a procedure similar to that described in relation to Fig. 10. According to this embodiment, first, in S2420, the public key acquisition unit 1014 of the battery exchange machine 120 transmits the battery ID and a public key transmission request to the mobile battery 20.
[0390] Next, in S2422, a public key transmission process is executed. Specifically, the public key transmission unit 1012 generates a digital certificate 2190 using the signature private key 82. The public key transmission unit 1012 also transmits the battery ID of the mobile battery 20 and the digital certificate 2190 of the mobile battery 20 to the battery exchange device 120.
[0391] Next, in S2424, a public key acquisition process is executed. Specifically, the public key acquisition unit 1014 decrypts the encrypted authentication public key 74 included in the digital certificate 2190 using the signature verification public key 84. This generates a decrypted authentication public key 2492. Next, the public key acquisition unit 1014 compares the authentication public key 2492 with the authentication public key 74 included in the digital certificate 2190. If the authentication public key 2492 and the authentication public key 74 match, the public key acquisition unit 1014 stores the authentication public key 74 sent by the public key transmission unit 1012 of the mobile battery 20 in the storage unit 520 or the public key database 522 as the authentic authentication public key 74 of the mobile battery 20. This completes the process of acquiring the authentication public key 74.
[0392] (Another embodiment) In this embodiment, the details of the procedure for acquiring the authentication public key 74 of the mobile battery 20 have been described, taking as an example a case where the authenticity of the authentication public key 74 is confirmed by a procedure similar to the procedure described in relation to Fig. 10. However, the procedure for acquiring the authentication public key 74 of the mobile battery 20 is not limited to this embodiment.
[0393] In another embodiment, the authentication public key 74 of the mobile battery 20 may be transmitted from the mobile battery 20 to the battery exchange device 120 by a procedure similar to the procedure described in relation to Fig. 11. In still another embodiment, the authentication public key 74 of the mobile battery 20 may be transmitted from the mobile battery 20 to the battery exchange device 120 using any digital signature method or digital certificate method.
[0394] Fig. 25 schematically illustrates another example of a procedure for authenticating the mobile battery 20. This embodiment differs from the embodiment described in relation to Fig. 15 in that the response code includes a decrypted authentication code.
[0395] According to this embodiment, first, in S2522, the battery exchange machine 120 executes a challenge code transmission process. Specifically, the challenge code generation unit 560 of the battery exchange machine 120 generates the challenge code 512 using the authentication public key 74.
[0396] Next, in S2524, the mobile battery 20 executes a response code transmission process. Specifically, first, the challenge code decryption unit 650 of the mobile battery 20 uses the authentication private key 72 to decrypt the authentication code 502 included in the challenge code 512. This generates a decrypted authentication code 2502. The response code generation unit 660 of the mobile battery 20 transmits the decrypted authentication code 2502 to the battery exchange machine 120 as a response code.
[0397] Next, in S2526, the comparison unit 582 and determination unit 584 of the battery exchange machine 120 execute a determination process. Specifically, the comparison unit 582 compares the decrypted authentication code 2502 with the authentication code 502 generated by the authentication code generation unit 540. Furthermore, the determination unit 584 determines whether or not the mobile battery 20 is a genuine mobile battery 20 based on the comparison result of the comparison unit 582. This ends the process.
[0398] Fig. 26 schematically shows another example of the procedure for acquiring the authentication public key 174 of the battery exchange device 120. Using Fig. 26, an example of the procedure for the mobile battery 20 to acquire the authentication public key 174 of the battery exchange device 120 from the battery exchange device 120 will be described.
[0399] According to this embodiment, the battery exchange device 120 transmits to the mobile battery 20 an electronic certificate 2390 including the authentication public key 174 of the battery exchange device 120. In one embodiment, in the electronic certificate 2390, the arbitrary code 2392 is the authentication public key 174, and the encrypted code 2394 is a ciphertext obtained by encrypting the authentication public key 174 using the signature private key 182. In another embodiment, in the electronic certificate 2390, the arbitrary code 2392 includes the authentication public key 174 and arbitrary other information, and the encrypted code 2394 is a ciphertext obtained by encrypting the authentication public key 174 and the other information using the signature private key 182. This allows the mobile battery 20 to verify the authenticity of the authentication public key 174.
[0400] In this embodiment, the authenticity of the authentication public key 174 is confirmed by a procedure similar to that described in relation to Fig. 10. According to this embodiment, first, in S2620, the station authentication public key acquisition unit 2014 of the mobile battery 20 transmits the station ID and a public key transmission request to the battery exchange machine 120.
[0401] Next, in S2622, a public key transmission process is executed. Specifically, the station authentication public key transmission unit 2012 of the battery exchange device 120 generates a digital certificate 2390 using the signature private key 182. The station authentication public key transmission unit 2012 also transmits the station ID of the battery exchange device 120 and the digital certificate 2390 of the battery exchange device 120 to the mobile battery 20.
[0402] Next, in S2624, a public key acquisition process is executed. Specifically, the station authentication public key acquisition unit 2014 decrypts the encrypted authentication public key 174 included in the digital certificate 2390 using the signature verification public key 184. This generates a decrypted authentication public key 2692. Next, the station authentication public key acquisition unit 2014 compares the decrypted authentication public key 2692 with the authentication public key 174 included in the digital certificate 2390. If the authentication public key 2692 and the authentication public key 174 match, the station authentication public key acquisition unit 2014 stores the authentication public key 174 sent by the station authentication public key transmission unit 2012 of the battery exchange machine 120 in the storage unit 250 or the station authentication public key database 1352 as the authentic authentication public key 174 of the battery exchange machine 120. This completes the process of acquiring the authentication public key 174.
[0403] (Another embodiment) In this embodiment, the details of the procedure for acquiring the authentication public key 174 of the battery exchange device 120 have been described, taking as an example a case where the authenticity of the authentication public key 174 is confirmed by a procedure similar to the procedure described with reference to Fig. 10. However, the procedure for acquiring the authentication public key 174 of the battery exchange device 120 is not limited to this embodiment.
[0404] In another embodiment, the authentication public key 174 of the battery exchange device 120 may be transmitted from the battery exchange device 120 to the mobile battery 20 using a procedure similar to the procedure described in relation to Fig. 11. In still another embodiment, the authentication public key 174 of the battery exchange device 120 may be transmitted from the battery exchange device 120 to the mobile battery 20 using any digital signature method or digital certificate method.
[0405] 27 schematically shows another example of the procedure for authenticating the battery exchange machine 120. According to this embodiment, first, in S2722, the mobile battery 20 executes a challenge code transmission process. Specifically, the challenge code generation unit 560 of the mobile battery 20 generates a challenge code 1712 using the authentication public key 174.
[0406] Next, in S2724, the battery exchange device 120 executes a response code transmission process. Specifically, first, the challenge code decryption unit 650 of the battery exchange device 120 uses the authentication private key 172 to decrypt the authentication code 1702 included in the challenge code 1712. This generates a decrypted authentication code 2702. The response code generation unit 660 of the battery exchange device 120 transmits the decrypted authentication code 2702 to the mobile battery 20 as a response code.
[0407] Next, in S2726, the comparison unit 582 and determination unit 584 of the mobile battery 20 execute a determination process. Specifically, the comparison unit 582 compares the decrypted authentication code 2702 with the authentication code 1702 generated by the authentication code generation unit 540. Furthermore, the determination unit 584 determines whether or not the battery exchange machine 120 is an authorized battery exchange machine 120 based on the comparison result of the comparison unit 582. This ends the process.
[0408] 28 schematically illustrates an example of the internal configuration of the control unit 230 and the control unit 376. In this embodiment, the control unit 230 includes, for example, a history management unit 2832, an access control unit 2834, a request execution unit 2836, and a memory 2838. In this embodiment, the storage unit 250 includes, for example, a charge / discharge history storage unit 2852, an authentication history storage unit 2854, an access history storage unit 2856, and a firmware storage unit 2858. In this embodiment, the control unit 376 includes, for example, a data writing unit 2872, a program execution unit 2874, a data reading unit 2876, and a history management unit 2878.
[0409] In this embodiment, the history management unit 2832 manages the history of access to the mobile battery 20. For example, the history management unit 2832 generates an access history and stores it in the access history storage unit.
[0410] In this embodiment, the access control unit 2834 determines whether to execute a process requested by an access request from the battery exchange device 120. For example, if the battery exchange device 120 is an authorized device, the access control unit 2834 determines to execute a process requested by an access request from the battery exchange device 120. The access control unit 2834 may (a) determine whether to permit a read process and / or (b) determine whether to permit at least one of a write process, a modify process, and an execute process. If the battery exchange device 120 is an unauthorized device, the access control unit 2834 may (a) determine whether to permit a read process and / or (b) determine to prohibit the execution of at least one of a write process, a modify process, and an execute process. If the battery exchange device 120 is an authorized device, the access control unit 2834 may (a) determine whether to permit a read process and / or (b) determine to permit the execution of at least one of a write process, a modify process, and an execute process. The access control unit 2834 may be an example of an execution control unit.
[0411] In this embodiment, the request execution unit 2836 executes processing requested by an access request from the battery exchange machine 120. For example, when the access control unit 2834 determines to execute processing requested by an access request from the battery exchange machine 120, the request execution unit 2836 executes the processing.
[0412] In this embodiment, the charge / discharge history storage unit 2852 stores the charge / discharge history. Details of the charge / discharge history will be described later. In this embodiment, the authentication history storage unit 2854 stores the authentication history. Details of the authentication history will be described later. In this embodiment, the access history storage unit 2856 stores the access history. Details of the access history will be described later.
[0413] In this embodiment, the firmware storage unit 2858 stores firmware for the mobile battery 20. The firmware storage unit 2858 may store multiple pieces of firmware. For example, the specific firmware stored in the firmware storage unit 2858 is updated by executing the above-described write process, modify process, or execute process in response to an access request from the battery exchange machine 120.
[0414] In this embodiment, the data writing unit 2872 performs the write process and / or the modify process described above. In this embodiment, the program execution unit 2874 performs the execution process described above. In this embodiment, the data reading unit 2876 performs the read process described above.
[0415] In this embodiment, the history management unit 2878 manages various histories. The history management unit 2878 may output various histories to the management server 140 and / or the user 40. The history management unit 2878 may manage the authentication history of the mobile battery 20 in the battery exchange device 120. For example, the history management unit 2878 manages the results of the authentication process by the battery exchange device 120 for each mobile battery 20. The history management unit 2878 may manage the response status of the mobile battery 20 to an access request sent by the battery exchange device 120. For example, the history management unit 2878 manages the permission / denial status of the above access request in the mobile battery 20 for each mobile battery 20. The history management unit 2878 may manage the execution status of the process indicated by the access request sent by the battery exchange device 120. For example, the history management unit 2878 manages whether the above process has been successfully completed for each access request.
[0416] 29 schematically shows an example of a database stored in the storage unit 250. In this embodiment, the storage unit 250 stores, for example, an access history 2954, a charge / discharge history 2956, and an authentication history 2958.
[0417] In this embodiment, the access history 2954 stores the history of accesses to the mobile battery 20 from other devices (sometimes referred to as connected devices). Examples of connected devices include the above-mentioned power devices. Examples of power devices include the electric motorcycle 30, the battery exchanger 120, etc.
[0418] The access history 2954 includes, for example, one or more records corresponding to each of one or more accesses. Each of the one or more records stores, in association with each other, for example, the battery ID of the mobile battery 20, information indicating the time when the mobile battery 20 received an access request from a connected device, information indicating the type of the connected device, identification information for identifying the connected device (sometimes referred to as a device ID), and information indicating the status of the access. Examples of the status of the access include whether or not execution of the process requested by the access request was permitted, and whether or not the process requested by the access request was completed successfully.
[0419] In this embodiment, the charge / discharge history 2956 stores a history of electrical energy input / output between the mobile battery 20 and a connected device electrically connected to the mobile battery 20. The charge / discharge history 2956 may store a history of the amount of power input / output between the connected device and the mobile battery 20.
[0420] The charge / discharge history 2956 includes, for example, one or more records. For example, one record is generated each time a connected device is electrically connected to the mobile battery 20. Each of the one or more records stores, in association with each other, for example, the battery ID of the mobile battery 20, information indicating the period during which the mobile battery 20 and the connected device were electrically connected, information indicating the type of the connected device, the device ID of the connected device, and information indicating the amount of power [kWh] charged and discharged by the mobile battery 20 during that period.
[0421] The charge / discharge history 2956 is transmitted from the mobile battery 20 to the battery exchange device 120, for example, every time the mobile battery 20 is attached to the battery exchange device 120. The charge / discharge history 2956 may be transmitted from the mobile battery 20 to the battery exchange device 120 when authentication of both the mobile battery 20 and the battery exchange device 120 is successful. In this case, the charge / discharge history 2956 may include records related to each of one or more connected devices electrically connected to the mobile battery 20 during a period (sometimes referred to as a target period) before the mobile battery 20 is attached to the battery exchange device 120 and the mobile battery 20 executes the authentication process of the battery exchange device 120.
[0422] In this embodiment, the authentication history 2958 stores the history of authentication processing or bidirectional authentication processing between the connected device that stores or has the mobile battery 20 attached thereto and the mobile battery 20. Examples of connected devices that store or have the mobile battery 20 attached in the authentication history 2958 include (i) connected devices in which authentication of at least one of the mobile battery 20 and the connected device was successful but the mobile battery 20 was not actually stored or attached, and (ii) connected devices in which authentication of at least one of the mobile battery 20 and the connected device failed and the mobile battery 20 was not stored or attached.
[0423] The authentication history 2958 includes, for example, one or more records. For example, one record is generated each time the connected device and the mobile battery 20 are stored in or attached to the connected device, or each time authentication processing is executed. Each of the one or more records stores, in association with each other, for example, the battery ID of the mobile battery 20, information indicating the time when authentication processing was executed between the mobile battery 20 and the connected device, information indicating the type of the connected device, the device ID of the connected device, and information indicating the status of the authentication. Examples of authentication status include authentication failure, authentication success, one authentication success, and both authentication successes.
[0424] Fig. 30 schematically shows an example of information processing in the battery management system 100. An example of processing for billing the user 40 for the usage fee of the battery management system 100 will be described with reference to Fig. 30 .
[0425] According to this embodiment, first, in S3012, a user registration process is executed for the user 40. For example, personal information of the user 40, payment information of the user 40, the type and ID of the power device used by the user 40, etc. are registered in the database.
[0426] Examples of payment information include a payment method, user identification information associated with the payment method, and payment time. Examples of payment methods include credit card payment, QR code (registered trademark) payment, and prepaid payment. Examples of user identification information associated with a payment method include a credit card number, a credit card expiration date, a credit card security code, and an account assigned to the user 40 by a payment service provider. An example of an electric power device used by the user 40 is the electric motorcycle 30. This allows, for example, the identification information of the electric motorcycle 30 used by the user 40 to be associated with the identification information of the user 40. Furthermore, the identification information of the electric motorcycle 30 used by the user 40 is associated with the payment information of the user 40.
[0427] According to this embodiment, after the user registration process is completed, an activation process (sometimes referred to as activation) of the electric motorcycle 30 is executed. Examples of the activation process of the electric motorcycle 30 include a process for activating a function for the electric motorcycle 30 to authenticate the mobile battery 20, and a process for activating a function for the electric motorcycle 30 to respond to authentication from the mobile battery 20. The electric motorcycle 30 has a configuration similar to that of the battery authentication unit 378, for example. This allows the electric motorcycle 30 to respond to authentication from the mobile battery 20 using a procedure similar to that of the battery exchange machine 120 described above. Once these functions are activated, the electric motorcycle 30 becomes able to use the mobile battery 20.
[0428] In S3014, a valid electronic certificate 2190 is issued for the mobile battery 20. Similarly, a valid electronic certificate 2390 is issued for the battery exchange device 120. An expiration date may be set for at least one of the electronic certificate 2190 and the electronic certificate 2390. The expiration date of the valid electronic certificate 2190 for the mobile battery 20 may be updated, for example, when the mobile battery 20 is attached to the battery exchange device 120.
[0429] In addition, in S3014, the authentication response unit 232 of the mobile battery 20 is enabled. This enables the authentication response unit 232 to transmit a response code in response to receiving the challenge code. By completing S3012 and S3014, the user 40 can use the services provided by the battery management system 100.
[0430] Next, in S3020, the user 40 attaches the mobile battery 20 to the electric motorcycle 30. As a result, in S3022, a two-way authentication process is executed between the mobile battery 20 and the electric motorcycle 30. If at least one of the authentication of the mobile battery 20 and the authentication of the electric motorcycle 30 fails, the supply of power from the mobile battery 20 to the electric motorcycle 30 may be prohibited or limited. In addition, information indicating that the authentication has failed is presented to the user 40.
[0431] If authentication of both the mobile battery 20 and the electric motorcycle 30 is successful in S3022, in S3024 the electric motorcycle 30 permits the mobile battery 20 to execute a process to read the identification information of the electric motorcycle 30. As a result, the identification information of the electric motorcycle 30 is transmitted from the electric motorcycle 30 to the mobile battery 20. Also, in S3026 the history management unit 2832 of the mobile battery 20 associates the identification information of the electric motorcycle 30 with information indicating the amount of power supplied from the mobile battery 20 to the electric motorcycle 30 and stores this in the charge / discharge history storage unit 2852. As a result, a charge / discharge history for the period during which the mobile battery 20 is stored in or attached to the electric motorcycle 30 is generated.
[0432] Next, in S3030, the user 40 removes the mobile battery 20 from the electric motorcycle 30 and inserts the removed mobile battery 20 into the slot 124 of the battery exchanger 120. In this way, the mobile battery 20 can be attached to the battery exchanger 120.
[0433] When the mobile battery 20 is inserted into the slot 124 of the battery exchanger 120 in S3030, a bidirectional authentication process is executed between the mobile battery 20 and the battery exchanger 120 in S3032. If at least one of the authentication of the mobile battery 20 and the authentication of the battery exchanger 120 fails, for example, the mobile battery 20 is prohibited from being attached to the battery exchanger 120, and the mobile battery 20 is returned to the user 40. If at least one of the authentication of the mobile battery 20 and the authentication of the battery exchanger 120 fails, charging of the mobile battery 20 may be prohibited. If at least one of the authentication of the mobile battery 20 and the authentication of the battery exchanger 120 fails, the battery exchanger 120 may be collected by the operator of the battery management system 100. Furthermore, information indicating that the authentication has failed is presented to the user 40.
[0434] If authentication of both the mobile battery 20 and the battery exchange device 120 is successful in S3022, in S3034, the mobile battery 20 allows the battery exchange device 120 to execute a process of reading the charge / discharge history stored in the mobile battery 20. As a result, the charge / discharge history of the mobile battery 20 is transmitted from the mobile battery 20 to the battery exchange device 120.
[0435] Next, in S3042, the battery exchange machine 120 dispenses another mobile battery 20 that has been fully charged. The user 40 removes the mobile battery 20 dispensed from the battery exchange machine 120 and attaches it to the electric motorcycle 30. This completes the replacement of the mobile battery 20 of the electric motorcycle 30. Furthermore, in S3044, the battery exchange machine 120 starts the charging process of the mobile battery 20 that has been returned to the battery exchange machine 120 by the user 40.
[0436] Next, in S3050, the battery exchange machine 120 transmits the charge / discharge history read from the mobile battery 20 to the management server 140. If the transmission of the charge / discharge history to the management server 140 is not completed successfully, the battery exchange machine 120 may present to the user 40 information indicating that the transmission of the charge / discharge history was not completed successfully.
[0437] When the transmission of the charge / discharge history to the management server 140 is completed successfully, the management server 140 calculates the cumulative value of the amount of electricity used by each of one or more users 40 for each unit period (sometimes referred to as an accounting period) for calculating the usage fee. Based on the cumulative value of the amount of electricity used by each user for each accounting period, the management server 140 calculates the usage fee for each user for each accounting period. The management server 140 then transmits information indicating the usage fee for each user to each user. This completes the process.
[0438] (An example of another embodiment) In the present embodiment, the details of information processing in the battery management system 100 have been described using as an example a case in which the charge / discharge history of the mobile battery 20 is transmitted from the battery exchange device 120 to the management server 140 in S3050. However, the timing at which the charge / discharge history of the mobile battery 20 is transmitted from the battery exchange device 120 to the management server 140 is not limited to this embodiment.
[0439] In another embodiment, before S3042 and S3044, the charge / discharge history of the mobile battery 20 is transmitted from the battery exchange device 120 to the management server 140. In this case, if the transmission of the charge / discharge history to the management server 140 is not completed normally, the battery exchange device 120 may prohibit the replacement and / or charging of the mobile battery 20.
[0440] Another example of the authentication procedure for the mobile battery 20 will be described using Figures 31, 32, 33, and 34. Figure 31 schematically shows another example of the authentication procedure for the mobile battery 20. Figure 32 schematically shows an example of the relationship between the response code and the verification code. Figure 33 schematically shows an example of the verification procedure for the response code and the verification code. Figure 34 schematically shows another example of the verification procedure for the response code and the verification code.
[0441] The authentication procedure described with reference to Figure 31 differs from the authentication procedure described with reference to Figure 4 in that a plaintext authentication code is transmitted as a challenge code. Procedures that are the same as or similar to the authentication procedure described with reference to Figure 4 are given the same reference numbers as in Figure 4, and descriptions of those procedures may be omitted. Procedures that are the same as or similar to the authentication procedure described with reference to Figure 4 may have the same configuration as the authentication procedure described with reference to Figure 4.
[0442] In this embodiment, an example of information processing by a verification device to verify whether a verified device is a legitimate device will be described, taking as an example a case where the battery exchange device 120 authenticates the mobile battery 20. However, the above information processing is not limited to this embodiment. In other embodiments, the mobile battery 20 can authenticate the battery exchange device 120 using a procedure similar to this embodiment.
[0443] 31 , according to this embodiment, when the battery authentication unit 378 acquires the battery ID of the mobile battery 20 in S3130, the battery authentication unit 378 uses the battery ID as a key to refer to the database related to the authentication public key 74 described above, and extracts the authentication public key 74 that matches the battery ID in S3130. If the authentication public key 74 that matches the battery ID is not extracted, the battery authentication unit 378 may access the communication terminal 52 or the management server 140 to acquire the authentication public key 74 that matches the battery ID.
[0444] Furthermore, in S3130, when the battery authentication unit 378 acquires the battery ID of the mobile battery 20, the battery authentication unit 378 generates a challenge code and transmits the challenge code to the mobile battery 20. The generation and transmission of the challenge code are performed, for example, by the following procedure.
[0445] The battery authentication unit 378 first prepares an authentication code. For example, the battery authentication unit 378 generates a random number and determines to use the random number as the authentication code. The battery authentication unit 378 may generate the authentication code using the random number. The battery authentication unit 378 may generate the authentication code based on the random number and any parameter used in public key cryptography. An example of a parameter used in public key cryptography is a common parameter that is shared between the verification device and the device to be verified. An example of the common parameter is an elliptic curve E of elliptic curve cryptography, a generator P of the elliptic curve E, etc.
[0446] The battery authentication unit 378 transmits the above authentication code as a challenge code to the mobile battery 20. The battery authentication unit 378 transmits an authentication code that is not encrypted with the authentication public key 74 as a challenge code to the mobile battery 20. For example, the battery authentication unit 378 transmits a plaintext authentication code to the mobile battery 20 as a challenge code.
[0447] In S3132, the battery authentication unit 378 generates a verification code using the above authentication code and the authentication public key 74 of the mobile battery 20. If the authentication code is generated based on a random number and a common parameter, the battery authentication unit 378 may generate a verification code similar to the above using the random number used to generate the authentication code and the authentication public key 74 of the mobile battery 20. Details of the procedure for generating the verification code will be described later.
[0448] In S3134, when the control unit 230 of the mobile battery 20 receives the challenge code, the control unit 230 generates a response code using the authentication code included in the challenge code and the authentication private key 72 of the mobile battery 20. The procedure for generating the response code will be described in detail later. In addition, in S3136, the control unit 230 transmits the response code to the battery exchange machine 120. As a result, the control unit 230 ends the process for responding to the authentication process of the battery exchange machine 120 (sometimes referred to as authentication response process).
[0449] In S3138, when the battery authentication unit 378 receives the response code, the battery authentication unit 378 verifies whether the response code and the verification code have a predetermined mathematical relationship. The verification procedure will be described in detail later. Then, in S440, the battery authentication unit 378 determines or confirms whether the mobile battery 20 is an authorized device based on the verification result.
[0450] 32 schematically illustrates an example of the relationship between a response code and a verification code. In this embodiment, the response code and the verification code are generated using the authentication public key and the authentication private key of the device to be verified. When the device to be verified is the mobile battery 20, the response code and the verification code are generated using the authentication public key 74 and the authentication private key 72. The authentication private key 72 is stored in the storage unit 250, for example. When the device to be verified is the battery exchange machine 120, the response code and the verification code can be generated using the same procedure as when the device to be verified is the mobile battery 20.
[0451] The authentication public key and authentication private key of the device to be verified are generated so as to satisfy a mathematical relationship 3212. An example of the mathematical relationship 3212 is a relationship used in encryption using an elliptic curve (sometimes referred to as elliptic curve cryptography or ECC). An example of the above relationship is the following Equation 1. In Equation 1, p, a, and b are parameters of the elliptic curve (Equation 1), respectively. 2 = x 3 +ax+bmodp
[0452] A point nG(x, y) obtained by scalar multiplication of a base point G(x, y), which is a point on the elliptic curve expressed by Equation 1, by an integer n (sometimes referred to as the order) is located on the elliptic curve expressed by Equation 1. In this case, a sufficiently large order n is used as a private key, and nG(x, y) is used as a public key.
[0453] The response code and verification code are generated so that, if the device to be verified is a legitimate device, the response code and verification code satisfy mathematical relationship 3214. Mathematical relationship 3214 is determined based on mathematical relationship 3212. In one embodiment, the response code and verification code may be the same. In this case, mathematical relationship 3214 is response code = verification code, or response code ÷ verification code = 1. In other embodiments, the response code and verification code may be different. The result of the above calculation, 1, may be an example of a predetermined value.
[0454] 32, the battery authentication unit 378 includes an authentication code generation unit 3220, a verification code generation unit 3230, and a verification unit 3250. The control unit 230 includes a response code generation unit 3240.
[0455] In this embodiment, the authentication code generation unit 3220 generates the authentication code 3222. For example, the authentication code generation unit 3220 generates a random number using a random number generator, and generates the authentication code 3222 based on the random number. The authentication code generation unit 3220 may output the random number as the authentication code 3222. For example, the authentication code generation unit 3220 outputs the plaintext authentication code 3222 to the response code generation unit 3240 and the verification code generation unit 3230.
[0456] In this embodiment, the verification code generation unit 3230 acquires an authentication code 3222. The verification code generation unit 3230 acquires an authentication public key. The verification code generation unit 3230 derives a verification code 3232 using the authentication code 3222. For example, the verification code generation unit 3230 converts the authentication code 3222 based on the authentication public key to generate the verification code 3232. The verification code generation unit 3230 outputs the verification code 3232 to the verification unit 3250. Details of the verification code generation unit 3230 will be described later.
[0457] In this embodiment, the response code generation unit 3240 acquires the authentication code 3222. The response code generation unit 3240 acquires an authentication private key. The response code generation unit 3240 generates the response code 3242 based on the authentication code 3222 and the authentication private key. The response code generation unit 3240, for example, converts the authentication code 3222 based on the authentication private key to generate the response code 3242.
[0458] The response code generation unit 3240 may generate information identical to the information obtained by converting the authentication code 3222 based on the authentication public key (i.e., the verification code 3232). The response code generation unit 3240 generates information identical to the verification code 3232 based on, for example, the authentication code 3222, the authentication private key, and the mathematical relationship 3212 and / or the mathematical relationship 3214.
[0459] The response code generation unit 3240 outputs the response code 3242 to the verification unit 3250. Details of the response code generation unit 3240 will be described later.
[0460] In this embodiment, the verification unit 3250 obtains the verification code 3232 from the verification code generation unit 3230. The verification unit 3250 obtains the response code 3242 from the response code generation unit 3240. The verification unit 3250 determines whether the device to be verified is a legitimate device based on the verification code 3232 and the response code 3242.
[0461] When the response code generation unit 3240 outputs, as the response code 3242, information obtained by converting the authentication code 3222 based on the authentication private key, the verification unit 3250 may determine whether the verification code 3232 and the response code 3242 satisfy the mathematical relationship 3214. When the response code generation unit 3240 outputs, as the response code 3242, information identical to the verification code 3232, the verification unit 3250 may compare the verification code 3232 and the response code 3242. Details of the verification unit 3250 will be described later.
[0462] The mathematical relationship 3212 may be an example of a first mathematical relationship. The mathematical relationship 3214 may be an example of a second mathematical relationship. The authentication code generation unit 3220 may be an example of a first verification information generation unit. The authentication code 3222 may be an example of first verification information. The verification code generation unit 3230 may be an example of a third verification information generation unit. The verification code 3232 may be an example of third verification information. The response code generation unit 3240 may be an example of a first verification information acquisition unit or a response unit. The response code 3242 may be an example of fifth verification information or sixth verification information. The verification unit 3250 may be an example of a response receiving unit or a determination unit.
[0463] The output of the authentication code 3222 may be an example of transmitting first verification information. The procedure in which the response code generation unit 3240 acquires the authentication code 3222 may be an example of a step in which the verified device receives first verification information from the verification device or acquires first verification information from the first power device. The procedure in which the response code generation unit 3240 outputs the response code 3242 to the verification unit 3250 may be an example of a step in which the verified device generates fifth verification information based on the first verification information and the fourth verification information. The public key used to generate the verification code 3232 may be an example of second verification information. The private key used to generate the response code 3242 may be an example of fourth verification information.
[0464] FIG. 33 outlines an example of a procedure for verifying a response code and a verification code. In this embodiment, for the purpose of facilitating understanding of the embodiment, the verification procedure for the response code and the verification code is described in detail using an example in which the device to be verified is a mobile battery 20. Those skilled in the art who have read this specification will understand that, for example, even when the device to be verified is a battery exchange machine 120, the response code and the verification code can be verified using a procedure similar to that of this embodiment. In this embodiment, the verification procedure for the response code and the verification code is described in detail using an example in which the response code generation unit 3240 converts the authentication code 3222 based on the authentication private key and outputs the information obtained as the response code 3242.
[0465] In this embodiment, the verification code generation unit 3230 includes, for example, a first calculation unit 3310. The response code generation unit 3240 includes, for example, a first calculation unit 3310, a second calculation unit 3320, and a third calculation unit 3330. The verification unit 3250 includes, for example, a third calculation unit 3330 and a determination unit 3350.
[0466] In this embodiment, the first calculation unit 3310 obtains the authentication code 3222 and the authentication public key 74. The first calculation unit 3310, for example, converts the authentication code 3222 based on the authentication public key 74 to generate the verification code 3232. The first calculation unit 3310 may generate the verification code 3232 by encrypting the authentication code 3222 using the authentication public key 74. The first calculation unit 3310 outputs the verification code 3232 to the third calculation unit 3330.
[0467] In this embodiment, the second calculation unit 3320 obtains the authentication code 3222 and the authentication private key 72. The second calculation unit 3320, for example, converts the authentication code 3222 based on the authentication private key 72 to generate the response code 3242. The first calculation unit 3310 may generate the response code 3242 by encrypting the authentication code 3222 using the authentication private key 72. The second calculation unit 3320 outputs the response code 3242 to the third calculation unit 3330.
[0468] In this embodiment, the third calculation unit 3330 acquires the verification code 3232 and the response code 3242. The third calculation unit 3330 processes the verification code 3232 and the response code 3242 according to a first verification algorithm and outputs a calculation result of the information processing. The first verification algorithm may be an algorithm for verifying whether the verification code 3232 and the response code 3242 satisfy the mathematical relationship 3214. The first verification algorithm may include a procedure for deriving the parameter p of the above-described elliptic curve. The first verification algorithm may include a procedure for receiving the verification code 3232 and the response code 3242 and outputting a value determined in accordance with the mathematical relationship 3214 if the device to be verified is a legitimate device.
[0469] The third calculation unit 3330 of the response code generation unit 3240 executes information processing according to the first verification algorithm on the verification code 3232 output by the first calculation unit 3310 of the response code generation unit 3240 and the response code 3242 output by the second calculation unit 3320 of the response code generation unit 3240. The third calculation unit 3330 of the response code generation unit 3240 outputs the calculation result 3332 to the determination unit 3350.
[0470] If the mobile battery 20 is a legitimate device, the calculation result 3332 indicates the calculation result that would be obtained if the verification code 3232 and the response code 3242 were processed according to the first verification algorithm when the authentication private key 72 and the authentication public key 74 satisfy the mathematical relationship 3212. As described above, if the device to be verified is a legitimate device, the verification code 3232 and the response code 3242 satisfy the mathematical relationship 3212.
[0471] The third calculation unit 3330 of the verification unit 3250 executes information processing according to the first verification algorithm on the verification code 3232 output by the first calculation unit 3310 of the verification code generation unit 3230 and the response code 3242 output by the second calculation unit 3320 of the response code generation unit 3240. The third calculation unit 3330 of the verification unit 3250 outputs the calculation result to the determination unit 3350.
[0472] In this embodiment, the determination unit 3350 determines whether the verification code 3232 output by the verification code generation unit 3230 and the response code 3242 output by the response code generation unit 3240 satisfy the mathematical relationship 3214. For example, the determination unit 3350 compares the calculation result 3332 of the third calculation unit 3330 of the response code generation unit 3240 with the calculation result of the third calculation unit 3330 of the verification unit 3250. The determination unit 3350 may determine whether the calculation result 3332 of the third calculation unit 3330 of the response code generation unit 3240 matches the calculation result of the third calculation unit 3330 of the verification unit 3250. The determination unit 3350 may determine whether the mobile battery 20 is genuine based on the comparison result.
[0473] If the two match, the determination unit 3350 may determine that the verification code 3232 output by the verification code generation unit 3230 and the response code 3242 output by the response code generation unit 3240 satisfy the mathematical relationship 3214. In this case, the determination unit 3350 may determine that the mobile battery 20 is genuine. If the two do not match, the determination unit 3350 may determine that the verification code 3232 output by the verification code generation unit 3230 and the response code 3242 output by the response code generation unit 3240 do not satisfy the mathematical relationship 3214. In this case, the determination unit 3350 may determine that the mobile battery 20 is not genuine or that the mobile battery 20 is non-genuine.
[0474] The information indicating the calculation result of the third calculation unit 3330 of the response code generation unit 3240 may be an example of eighth verification information. The information indicating the calculation result of the third calculation unit 3330 of the verification unit 3250 may be an example of seventh verification information.
[0475] FIG. 34 schematically illustrates another example of the procedure for verifying the response code and verification code. In this embodiment, for the purpose of facilitating understanding of the embodiment, the verification procedure for the response code and verification code is described in detail using an example in which the device to be verified is the mobile battery 20. Those skilled in the art who have read this specification will understand that, for example, even when the device to be verified is the battery exchange machine 120, the response code and verification code can be verified using a procedure similar to that of this embodiment. In this embodiment, the verification procedure for the response code and verification code is described in detail using an example in which the response code generation unit 3240 outputs the same information as the verification code 3232 as the response code 3242.
[0476] In this embodiment, the verification code generation unit 3230 includes, for example, a first calculation unit 3310. The response code generation unit 3240 includes, for example, a fourth calculation unit 3440. The verification unit 3250 includes, for example, a determination unit 3350.
[0477] In this embodiment, the fourth calculation unit 3440 derives the same information as the verification code 3232 from the authentication code 3222 and the authentication private key 72. The response code generation unit 3240 may output the same information as the verification code 3232 as the response code 3242 to the determination unit 3350.
[0478] The fourth calculation unit 3440 generates information identical to the verification code 3232 based on, for example, the authentication code 3222, the authentication private key 72, and the mathematical relationship 3212 and / or the mathematical relationship 3214. The fourth calculation unit 3440 may use the mathematical relationship 3214 to generate information identical to the verification code 3232 from the authentication code 3222 and the authentication private key 72. The fourth calculation unit 3440 may use the mathematical relationship 3214 to generate information identical to the verification code 3232 from information obtained by converting the authentication code 3222 based on the authentication private key 72.
[0479] The fourth calculation unit 3440 may have a configuration similar to that of the response code generation unit 3240 described in relation to Fig. 33. The fourth calculation unit 3440 may generate information identical to the verification code 3232 based on the response code 3242 output by the second calculation unit 3320 and the calculation result 3332 output by the third calculation unit 3330.
[0480] In this embodiment, the determination unit 3350 compares the verification code 3232 output by the verification code generation unit 3230 with the response code 3242 output by the response code generation unit 3240. For example, the determination unit 3350 determines whether the verification code 3232 output by the verification code generation unit 3230 matches the response code 3242 output by the response code generation unit 3240. The determination unit 3350 may determine whether the mobile battery 20 is genuine based on the comparison result.
[0481] If the two match, the determination unit 3350 may determine that the mobile battery 20 is genuine. If the two do not match, the determination unit 3350 may determine that the mobile battery 20 is not genuine or that the mobile battery 20 is non-genuine.
[0482] An example of application of the authentication procedures described in relation to Figures 31 to 34 to bidirectional authentication processing will be described using Figures 35 and 36. Figure 35 schematically shows an example of a procedure in which the battery exchange device 120 authenticates the mobile battery 20 in the above-mentioned bidirectional authentication. Figure 35 shows, for example, another example of S1230 described in relation to Figure 12. Figure 36 schematically shows an example of a procedure in which the mobile battery 20 authenticates the battery exchange device 120 in the above-mentioned bidirectional authentication. Figure 36 shows, for example, another example of S1250 described in relation to Figure 12.
[0483] 35 , according to this embodiment, in S3520, the battery exchange device 120 transmits a challenge code to the mobile battery 20. As described above, in this embodiment, the plaintext authentication code 3222 is transmitted as the challenge code. Next, in S3530, the battery exchange device 120 generates a verification code 3232 based on the authentication public key 74 and the authentication code 3222. Next, in S3540, the mobile battery 20 generates a response code 3242 based on the authentication private key 72 and the authentication code 3222. Furthermore, the mobile battery 20 transmits the response code 3242 to the battery exchange device 120.
[0484] Next, in S3550, the battery exchange machine 120 determines whether the verification code 3232 and the response code 3242 satisfy the mathematical relationship 3214. Based on the determination result, the battery exchange machine 120 determines whether the mobile battery 20 is genuine.
[0485] 36 , according to this embodiment, in S3620, the mobile battery 20 transmits a challenge code to the battery exchange device 120. As described above, in this embodiment, the plaintext authentication code 3222 is transmitted as the challenge code. Next, in S3630, the mobile battery 20 generates a verification code 3232 based on the authentication public key 174 and the authentication code 3222. Next, in S3640, the battery exchange device 120 generates a response code 3242 based on the authentication private key 172 and the authentication code 3222. In addition, the battery exchange device 120 transmits the response code 3242 to the mobile battery 20.
[0486] Next, in S3650, the mobile battery 20 determines whether the verification code 3232 and the response code 3242 satisfy the mathematical relationship 3214. Based on the determination result, the mobile battery 20 determines whether the battery exchange machine 120 is authentic.
[0487] An example of bidirectional authentication processing using multiple electronic certificates will be described using Figures 37, 38, and 39. Figure 37 schematically shows an example of bidirectional authentication processing using multiple electronic certificates. Figure 38 schematically shows an example of an electronic certificate for authenticating the mobile battery 20. Figure 39 schematically shows an example of an electronic certificate for authenticating the battery exchange machine 120.
[0488] In this embodiment, an example of information processing by a verification device to verify whether a verified device is a legitimate device will be described, taking as an example a case where the battery exchange device 120 authenticates the mobile battery 20. However, the above information processing is not limited to this embodiment. In other embodiments, the mobile battery 20 can authenticate the battery exchange device 120 using a procedure similar to this embodiment.
[0489] As shown in Fig. 37, the embodiment described with reference to Fig. 37 differs from the embodiment described with reference to Fig. 10 in that a public key digital certificate is requested instead of a public key in S1024, and in that S3732 and S3734 are included instead of S1030 and S1032. Except for the above differences, the embodiment described with reference to Fig. 37 may have a similar configuration to the embodiment described with reference to Fig. 10.
[0490] According to this embodiment, in S3732, the public key transmission unit 1012 transmits the digital certificate of the authentication public key 74 (sometimes referred to as a product certificate 3720) and the digital certificate of the signature verification public key 84 (sometimes referred to as an IC manufacturer certificate 3730) to the public key acquisition unit 1014. Details of the product certificate 3720 and the IC manufacturer certificate 3730 will be described later.
[0491] In this embodiment, in S3734, the public key acquisition unit 1014 uses the public key 94 of the root certificate authority to verify the authenticity of the signature verification public key 84. For example, the public key acquisition unit 1014 compares (i) the plaintext signature verification public key 84 included in the IC manufacturer certificate 3730 with (ii) the signature verification public key 84 obtained by decrypting the encrypted signature verification public key 84 included in the IC manufacturer certificate 3730 using the public key 94. If the two match, the public key acquisition unit 1014 confirms that the signature verification public key 84 included in the IC manufacturer certificate 3730 is authentic. On the other hand, if the two do not match, the public key acquisition unit 1014 may determine that the signature verification public key 84 included in the IC manufacturer certificate 3730 is not authentic.
[0492] The public key 94 of the root certificate authority is stored, for example, in the storage unit 520 of the battery exchange machine 120. The storage unit 520 may store a root certificate 3740 issued by the root certificate authority. The root certificate 3740 will be described in detail later.
[0493] 38 , the product certificate 3720 is issued, for example, by an IC manufacturer 3812 that manufactures the control CPU or secure IC of the mobile battery 20. The product certificate 3720 is written to the storage unit 250 of the mobile battery 20, for example, when the mobile battery 20 is manufactured, sold, or begins to be distributed. In this embodiment, the product certificate 3720 includes an authentication public key 74, identification information for identifying the control CPU or secure IC (sometimes referred to as ICID 3722), and an electronic signature 3724 obtained by encrypting the authentication public key 74 and the ICID 3722 with a signature private key 82. The ICID 3722 may be used as a battery ID of the mobile battery 20 incorporating the control CPU or secure IC identified by the ICID.
[0494] Note that the product certificate 3720 is not limited to this embodiment. For example, in another embodiment, the product certificate 3720 includes the authentication public key 74 and the digital signature 3724 obtained by encrypting the authentication public key 74 with the signature private key 82.
[0495] The IC manufacturer certificate 3730 is issued, for example, by the root certificate authority 3814. The IC manufacturer certificate 3730 is written to the storage unit 250 of the mobile battery 20, for example, when the mobile battery 20 is manufactured, sold, or when distribution begins. In this embodiment, the IC manufacturer certificate 3730 includes a signature verification public key 84, identification information for identifying the IC manufacturer 3812 (sometimes referred to as an IC manufacturer ID 3732), and a digital signature 3734 obtained by encrypting the signature verification public key 84 and the IC manufacturer ID 3732 with the private key 92 of the root certificate authority 3814.
[0496] Note that the IC manufacturer certificate 3730 is not limited to this embodiment. For example, in another embodiment, the IC manufacturer certificate 3730 includes the signature verification public key 84 and the digital signature 3734 obtained by encrypting the signature verification public key 84 with the private key 92 of the root certificate authority 3814.
[0497] The root certificate 3740 is issued by, for example, a root certificate authority 3814. The root certificate authority 3814 generates a pair of a private key 92 and a public key 94. The root certificate 3740 is written to the storage unit 520 of the battery exchange device 120, for example, when the battery exchange device 120 is manufactured, sold, or begins to be distributed. In this embodiment, the root certificate 3740 includes the public key 94 and an electronic signature 3744 obtained by encrypting the public key 94 with the private key 92. Note that in other embodiments, the public key 94 may be written to the storage unit 520 of the battery exchange device 120 instead of the root certificate 3740, when the battery exchange device 120 is manufactured, sold, or begins to be distributed.
[0498] 39 schematically shows an example of an electronic certificate for authenticating the battery exchange machine 120. Examples of electronic certificates for authenticating the battery exchange machine 120 include a product certificate 3920, an IC manufacturer certificate 3930, and a root certificate 3940.
[0499] 39 , the product certificate 3920 is issued, for example, by an IC manufacturer 3912 that manufactures the control CPU or secure IC of the battery exchange machine 120. The product certificate 3920 is written to the storage unit 520 of the battery exchange machine 120, for example, when the battery exchange machine 120 is manufactured, sold, or begins distribution. In this embodiment, the product certificate 3920 includes the authentication public key 174, identification information for identifying the control CPU or secure IC (sometimes referred to as ICID 3922), and an electronic s...
Claims
1. The first device performs a first verification step to confirm whether the second device is a legitimate device, The second device performs a second verification step to confirm whether the first device is a genuine device, An information processing method having the following characteristics.
2. The second verification step includes a step of verifying whether the second device, which was verified as a legitimate device in the first verification step, is a legitimate device, and whether the first device, which was verified as a legitimate device in the first verification step, is a legitimate device. The information processing method according to claim 1.
3. If the first device is confirmed to be a legitimate device in the second verification step, an update step is performed in which the information to be updated stored in the storage unit of the second device is updated based on the update request transmitted by the first device. It further possesses, The information processing method according to claim 1 or claim 2.
4. The aforementioned update request is, Control software or control program used for controlling the second device, Update software or update program for updating the control software or control program used to control the second device, and / or An instruction to the computer of the second device to execute update software or update program for updating the control software or control program used to control the second device, including, The information processing method according to claim 3.
5. The information to be updated is the control software or control program used to control the second device. The information processing method according to claim 3.
6. If the first device that sent the update request is unable to confirm that the update process of the information to be updated based on the update request has been successfully completed, the first device performs a first storage step in which it stores second device identification information for identifying the second device. It further possesses, The information processing method according to claim 3.
7. The second device stores first device identification information for identifying the first device that sent the update request. It further possesses, The information processing method according to claim 3.
8. If the first device is confirmed to be a legitimate device in the second verification step, a reading step is performed in which the information to be read stored in the storage unit of the second device is read into the first device. It further possesses, The information processing method according to claim 1 or 2.
9. The first verification step is, The first device performs the steps of converting the first information based on the second information to generate the third information, The first device transmits the third information to the second device, The first device receives from the second device the following steps: (i) fifth information generated by the second device inversely transforming the third information based on fourth information paired with the second information, or (ii) sixth information generated by the second device processing the fifth information generated by the second device inversely transforming the third information based on fourth information paired with the second information, according to a predetermined first algorithm; The first device performs the steps of (a) comparing the first information with the fifth information when the fifth information is received, or (b) comparing the sixth information with the seventh information generated when the first information is processed according to the first algorithm, or (ii) comparing the first information with the eighth information generated when the sixth information is processed according to the second algorithm related to the first algorithm. including, The information processing method according to claim 1 or 2.
10. The second verification step described above is: The second device performs the steps of converting the first information based on the second information to generate the third information, The second device transmits the third information to the first device, The second device receives from the first device: (i) fifth information generated by the first device inversely transforming the third information based on fourth information paired with the second information, or (ii) sixth information generated by the first device processing the fifth information generated by the first device inversely transforming the third information based on fourth information paired with the second information, according to a predetermined first algorithm. The second device performs the steps of (a) comparing the first information with the fifth information when the fifth information is received, or (b) comparing the sixth information with the sixth information when the sixth information is received, (i) comparing the sixth information with the seventh information generated when the first information is processed according to the first algorithm, or (ii) comparing the first information with the eighth information generated when the sixth information is processed according to the second algorithm related to the first algorithm. including, The information processing method according to claim 1 or 2.
11. The second verification step described above is: The second device obtains first device identification information from the first device for identifying the first device, The second device performs a step of comparing one or more regular device identification pieces for identifying each of one or more regular devices with the first device identification piece obtained from the first device, including, The information processing method according to claim 1 or 2.
12. The second device includes an energy storage device for storing electrical energy, The first apparatus is A storage device for storing the second device, or A power device configured to be electrically connectable to the energy storage device of the second device, configured to supply power to the energy storage device of the second device, or configured to receive power from the energy storage device of the second device. Equipped with, The information processing method according to claim 1 or 2.
13. An information processing system comprising a first device and a second device, The first device includes a first verification unit for checking whether the second device is a genuine device, The second device includes a second verification unit for confirming whether the first device is a genuine device, If the first verification unit confirms that the second device is a legitimate device, the second verification unit confirms whether or not the first device is a legitimate device. Information processing system.
14. An information processing method performed by an information processing device configured to send and receive information with other information processing devices, A verification step to confirm whether the other information processing device is a legitimate device, A confirmation information receiving step in which the other information processing device receives confirmation information from the other information processing device indicating that the other information processing device is performing a process to confirm whether or not the information processing device is a legitimate device, If the confirmation information is received in the confirmation information receiving step, the certification information transmission step includes transmitting certification information indicating that the information processing device is a legitimate device to the other information processing device, An information processing method having the following characteristics.
15. (i) Execute at least one of the following: a process of writing information to be written to the storage unit of the other information processing device, a process of modifying information to be modified stored in the storage unit, and an execution process of a program that runs on the other information processing device, or (ii) Further, the execution step of causing the other information processing device to execute at least one of the following: a process of writing information to be written to the storage unit of the other information processing device, a process of modifying information to be modified stored in the storage unit, and an execution process of a program that runs on the other information processing device. The information processing method according to claim 14.
16. An execution request receiving step receives an execution request from the other information processing device requesting the execution of at least one of the following: writing information to be written to the storage unit of the information processing device, modifying information to be modified stored in the storage unit, and executing a program that runs on the information processing device. In the execution request receiving step, if the execution request is received, an execution determination step is performed to determine whether or not to execute the processing required by the execution request based on the confirmation result in the confirmation step, It further possesses, The execution determination step described above is: (i) If the execution request is received in the execution request receiving step and the other information processing device is confirmed to be a legitimate device in the confirmation step, a permission step is given to authorize the execution of the processing requested by the execution request, and / or (ii) If the execution request is received in the execution request receiving step and the other information processing device is not confirmed to be a legitimate device in the confirmation step, a prohibition step is performed to prohibit the execution of the processing requested by the execution request. including, The information processing method according to claim 14.
17. The aforementioned confirmation step is performed before the confirmation information reception step, or after the confirmation information reception step. The information processing method according to any one of claims 14 to 16.
18. The verification step to determine whether the other information processing device is a legitimate device is: The steps include transmitting the first verification information to the other information processing device, The steps include: converting the first verification information based on the second verification information to generate the third verification information; The steps of receiving from the other information processing device: (i) fifth verification information generated by the other information processing device converting the first verification information based on fourth verification information that satisfies a first mathematical relationship with the second verification information, or (ii) sixth verification information derived from the first verification information and the fourth verification information or derived from the fifth verification information, using the third verification information and a second mathematical relationship that the other information processing device should satisfy when the other information processing device is a normal device, generated by the other information processing device converting the first verification information based on fourth verification information that satisfies a first mathematical relationship with the second verification information; A step of determining whether the other information processing device is a legitimate device based on the third verification information and the fifth verification information or the sixth verification information, It has, The aforementioned determination step is, (a) When the fifth verification information is received, a step of determining whether the third verification information and the fifth verification information satisfy the second mathematical relationship, or (b) When the sixth verification information is received, a step of determining whether the third verification information and the sixth verification information match, Includes, The second mathematical relation is determined based on the first mathematical relation. The information processing method according to any one of claims 14 to 16.
19. The aforementioned information processing device stores a pair of first secret keys and first public keys. The aforementioned other information processing device stores a pair of second secret keys and second public keys. The confirmation information receiving step includes the step of receiving the second public key from the other information processing device, The certification information transmission step includes the step of transmitting the first public key to the other information processing device, The aforementioned verification step is, A step of generating a shared key based on the first private key and the second public key, The steps include transmitting information encrypted using the aforementioned shared key to the other information processing device, including, The information processing method according to any one of claims 14 to 16.
20. The aforementioned information processing device stores a pair of first secret keys and first public keys. The aforementioned other information processing device stores a pair of second secret keys and second public keys. The confirmation information receiving step includes the step of receiving the second public key from the other information processing device, The aforementioned step of transmitting certification information is: A step of generating a shared key based on the first private key and the second public key, The steps include transmitting information encrypted using the aforementioned shared key to the other information processing device, Includes, The verification step includes receiving information from the other information processing device indicating that the information encrypted using the common key has been received by the other information processing device. The information processing method according to any one of claims 14 to 16.
21. The first private key and the first public key are a pair of private and public keys used in elliptic curve cryptography. The second private key and the second public key are a pair of private and public keys used in elliptic curve cryptography. The first secret key is one of a pair of parameters that represent a particular elliptic curve, The second secret key is the other of the pair of parameters, The first public key is generated based on the base point, which is a specific point on the specific elliptic curve, and the first private key. The second public key is generated based on the base point and the second private key. The aforementioned information processing device further stores information indicating the base point, The other information processing device further stores information indicating the base point. The information processing method according to claim 19.
22. An information processing device configured to send and receive information with other information processing devices, A verification unit that verifies whether the other information processing device is a legitimate device, A confirmation information receiving unit receives confirmation information from the other information processing device indicating that the other information processing device is performing a process to confirm whether or not the information processing device is a legitimate device. When the verification information receiving unit receives the verification information, a certification information transmitting unit transmits certification information indicating that the information processing device is a legitimate device to the other information processing device, An information processing device equipped with the following features.
23. The information processing apparatus according to claim 22, A power storage unit that stores electrical energy, A power storage device equipped with the following features.
24. The first device is an energy storage device having an energy storage unit for storing electrical energy, and at least one of a storage unit for storing information and a computer for executing programs. The second device is a power device configured to be electrically connectable to the energy storage device, configured to supply power to the energy storage device, and / or configured to receive power from the energy storage device, The aforementioned information processing method is: (a) A first decision step in which the power device determines whether or not to allow a read operation in which it reads the information to be read stored in the storage unit of the energy storage device, (b) A second decision step in which the power device determines whether to permit or deny at least one of the following processes: a write process in which the power device writes information to be written to the storage unit of the energy storage device; a modification process in which the power device modifies information to be modified stored in the storage unit of the energy storage device; and an execution process in which the power device causes the computer of the energy storage device to execute a program. Having at least one of the following, The first decision step is, (i) A first prohibition step in which the execution of the read process is prohibited if the first information and the fifth information do not match, the sixth information and the seventh information do not match, or the first information and the eighth information do not match, (ii) A first permission step in which the first information and the fifth information match, the sixth information and the seventh information match, or the first information and the eighth information match, Includes, The aforementioned second decision step is, (iii) A second prohibition step in which, if the first information and the fifth information do not match, the sixth information and the seventh information do not match, or the first information and the eighth information do not match, a second prohibition step in which it is determined to prohibit the execution of at least one of the write process, the modification process and the execution process, (iv) A second permission step in which, if the first information and the fifth information match, the sixth information and the seventh information match, or the first information and the eighth information match, a second permission step in which a decision is made to permit the execution of at least one of the write process, the modification process and the execution process. including, The information processing method according to claim 9.
25. The power device is a storage device for storing the energy storage device, The storage device has a mounting section to which the energy storage device is attached, The aforementioned information processing method is: (i) A step of deciding not to install the energy storage device on the mounting section if the first information and the fifth information do not match, the sixth information and the seventh information do not match, or the first information and the eighth information do not match, (ii) A step of deciding to install the energy storage device onto the mounting section if the first information and the fifth information match, the sixth information and the seventh information match, or the first information and the eighth information match. It further possesses, The information processing method according to claim 24.
26. The aforementioned information processing method is: (i) A step of deciding to prohibit or suppress the input and output of power between the energy storage device and the power device if the first information and the fifth information do not match, the sixth information and the seventh information do not match, or the first information and the eighth information do not match, (ii) A step of deciding not to prohibit or suppress the input and output of power between the energy storage device and the power device if the first information and the fifth information match, the sixth information and the seventh information match, or the first information and the eighth information match. It further possesses, The information processing method according to claim 24.
27. The storage unit of the energy storage device stores a charge / discharge history associated with (i) one or more device identification pieces of information for identifying each of one or more devices electrically connected to the energy storage device during a target period which is the period before the energy storage device performs a process to confirm whether the power device is a legitimate device, and (ii) information indicating the amount of power input and output between each of the one or more devices and the energy storage device during the target period. The aforementioned information processing method is: In the first authorization step, if it is decided to authorize the execution of the read process, the charge and discharge history is transmitted from the energy storage device to the power device. It further possesses, The information processing method according to claim 24.
28. The steps include receiving the 11th information, the 13th information generated by converting the 11th information based on the 12th information, and the 2nd information from the power device, A step of comparing the 15th information, which is generated by inversely transforming the 13th information based on the 14th information that is paired with the 12th information, with the 11th information, If the 11th piece of information and the 15th piece of information match, the step of confirming that the received second piece of information is the genuine second piece of information, It further possesses, The information processing method according to claim 24.
29. The steps include receiving 11th information and 13th information generated by converting the 11th information based on the 12th information from the power device, A step of comparing the 15th information, which is generated by inversely transforming the 13th information based on the 14th information that is paired with the 12th information, with the 11th information, If the 11th piece of information and the 15th piece of information match, the step of acquiring the 11th piece of information as the second piece of information, It further possesses, The information processing method according to claim 24.
30. A step of determining whether the power device is a normal device based on the comparison result of the first information and the fifth information, the comparison result of the sixth information and the seventh information, or the comparison result of the first information and the eighth information. It further possesses, The information processing method according to claim 24.
31. Steps to confirm that the power device is not normal or is non-normal if the first information and the fifth information do not match, the sixth information and the seventh information do not match, or the first information and the eighth information do not match. It further possesses, The information processing method according to claim 24.
32. An information processing device for verifying whether a power device is a legitimate device, The information processing device comprises a power storage unit for storing electrical energy, and a power storage device having at least one of a storage unit for storing information and a computer for executing programs. The power device is a device configured to be electrically connectable to the energy storage device, a device configured to supply power to the energy storage device, and / or a device configured to receive power from the energy storage device. The aforementioned information processing device is A third information generation unit that converts the first information based on the second information to generate the third information, A third information transmission unit that transmits the third information to the power device, A response receiving unit that receives from the power device (i) fifth information generated by the power device inversely transforming the third information based on the fourth information which is paired with the second information, or (ii) sixth information generated by the power device processing the fifth information which is generated by the power device inversely transforming the third information based on the fourth information which is paired with the second information, according to a predetermined first algorithm, (a) When the fifth information is received, a comparison unit compares the first information with the fifth information, or (b) When the sixth information is received, (i) a comparison unit compares the seventh information generated by processing the first information according to the first algorithm with the sixth information, or (ii) a comparison unit compares the first information with the eighth information generated by processing the sixth information according to a second algorithm related to the first algorithm. (c) A power supply unit that determines whether to permit or deny a read operation in which the power supply unit reads information to be read stored in the storage unit of the energy storage unit, and / or (d) an execution control unit that determines whether to permit or deny at least one of the following operations: a write operation in which the power supply unit writes information to be written to the storage unit of the energy storage unit, a modification operation in which the power supply unit modifies information to be modified stored in the storage unit of the energy storage unit, and an execution operation in which the power supply unit causes the computer of the energy storage unit to execute a program. Furthermore, The execution control unit, (i) If the first information and the fifth information do not match, the sixth information and the seventh information do not match, or the first information and the eighth information do not match, it is decided to prohibit the execution of the reading process, or (ii) If the first information and the fifth information match, the sixth information and the seventh information match, or the first information and the eighth information match, it is decided to allow the execution of the read process, and / or (iii) If the first information and the fifth information do not match, the sixth information and the seventh information do not match, or the first information and the eighth information do not match, it is decided to prohibit the execution of at least one of the writing process, the modification process and the execution process, or (iv) If the first information and the fifth information match, the sixth information and the seventh information match, or the first information and the eighth information match, it is decided to permit the execution of at least one of the writing process, the modification process and the execution process. Information processing device.
33. A program for causing a computer to execute the information processing method described in claim 1 or 2, the information processing method described in any one of claims 14 to 16, or the information processing method described in claim 9.
34. A computer-readable recording medium having the program described in claim 33 recorded on it.