JP2006262184A - Authority owning device, authority impersonating device, control unit, authority delegation system, authority owning program and authority owning method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To always delegate authority to use a vehicle or the like from an authority owner to an authority borrower when the authority is managed by a portable terminal or the like in a smart key system for controlling the vehicle or the like. The purpose is to do.
The ticket is directly transmitted from the smart key of the authority holder to the smart key of the authority borrower. Since it does not go through the management server or the like, it is possible to always delegate the authority to use the vehicle or the like from the authority owner to the authority borrower without being affected by the status of the management server.
[Selection] Figure 1

Description

  The present invention relates to, for example, an authority possessing apparatus, an authority adopting apparatus, a control apparatus, an authority delegating system, an authority possessing program, and an authority possessing method for delegating authority possessed by an authority possessing apparatus to an authority adopting apparatus.

For example, in Japanese Patent Application Laid-Open No. 2004-88339, a smart key system acquires an identification code from a management server connected by a vehicle borrower using registration information notified from the owner of the vehicle. A car key was loaned to the borrower. Here, the registration information is a password or the like. The identification code is a vehicle key or the like.
JP 2004-88339 A

  A conventional smart key system always connects to a management server in order for a vehicle borrower to obtain a vehicle key. Therefore, when the management server stops, or when a load is concentrated on the management server and a connection with the management server occurs, it becomes difficult for the vehicle borrower to obtain the identification code. was there.

  The authority possessing device according to the present invention acquires a ticket that can be identified as having authority to instruct a control device that controls a predetermined device, and connects the network to the authority impersonating device that instructs the control device. In the authority possessing device that transmits the ticket via the ticket generation section, a ticket generation section that generates a ticket with a signature that can be identified as having the authority, and the ticket generated by the ticket generation section is transmitted to the authority borrowing apparatus. A possessing device transmitting unit.

  According to the authority delegation system of the present invention, a ticket is transmitted from an authority possessing apparatus to an authority borrowing apparatus. Therefore, authority can be transferred from the authority possessing apparatus to the authority adopting apparatus without going through the management server.

  Hereinafter, an example of the present invention will be described based on an embodiment shown in the drawings.

  FIG. 1 is an example of a hardware configuration diagram of an authority holding device 100, an authority borrowing device 200, and a control device 300 according to the embodiment. Here, it is assumed that the authority holding device 100 and the authority impersonation device 200 are mobile phones. The authority holding device 100 and the authority impersonation device 200 are not limited to this, but are portable terminals represented by PHS (Personal Handyphone System) and PDA (Personal Digital Assistance), smart keys, personal computers, A computer represented by a workstation or the like may be used. Here, control device 300 is assumed to be a vehicle. The control device 300 is not limited to this, and may be an entrance door, a building entrance / exit, a computer, an electrical appliance, or other general control devices.

A vehicle owner's mobile phone 11001 is a mobile phone held by a person who owns the vehicle 11201 (hereinafter, vehicle owner). Here, it is assumed that the authority possessing device 100 is the mobile phone 11001 of the vehicle owner.
A vehicle borrower's mobile phone 11101 is a mobile phone owned by a person who borrows the vehicle 11201 (hereinafter, vehicle borrower). Here, it is assumed that the authority borrowing apparatus 200 is a mobile phone 11101 of a vehicle borrower.
The vehicle 11201 is held by the vehicle owner and is lent to a vehicle borrower. Here, control device 300 is assumed to be vehicle 11201.

A mobile phone 11001 of the vehicle owner includes a communication unit 11002, a display unit 11003, an input unit 11004, a control unit 11005, a storage unit 11006, and a card unit 11007.
The communication unit 11002 communicates with other devices using wireless communication, infrared communication, or the like. The communication unit 11002 includes, for example, a communication board and an antenna.
The display unit 11003 displays information transmitted from the control unit 11005 on the screen. The display unit 11003 is, for example, an LCD (Liquid Crystal Display).
The input unit 11004 causes the vehicle owner to input information. The input unit 11004 is, for example, an operation button or a touch panel.
Control unit 11005 controls processing of mobile phone 11001 of the vehicle owner.
The storage unit 11006 stores programs and data necessary for processing of the mobile phone 11001 of the vehicle owner. The storage unit 11006 is a volatile memory such as a RAM or a nonvolatile memory such as a ROM.
The card unit 11007 can be equipped with a UIM (User Identity Module) 11008 or the like. The card unit 11007 may be an SD (Secure Digital) slot and an SD memory card. The UIM 11008 may store information using other storage devices or storage units of mobile phones.
The UIM 11008 includes a communication unit 11009, a control unit 11010, and a storage unit 11011.
A communication unit 11009 is responsible for communication with other devices using wireless communication or other communication means. The communication unit 11009 includes, for example, a communication board and an antenna.
The control unit 11010 controls processing of the UIM 11008.
The storage unit 11011 stores programs and data necessary for the processing of the UIM 11008. The storage unit 11011 is a volatile memory such as a RAM or a nonvolatile memory such as a ROM. The program stored in the storage unit 11011 is processed by a CPU (Central Processing Unit) provided in the mobile phone 11001 of the vehicle owner.
For example, when a vehicle owner purchases a vehicle, the vehicle owner stores a program and data necessary for operating the vehicle in the mobile phone 11001 of the vehicle owner. As a storage method, there is a method in which the mobile phone 11001 of the vehicle owner is connected to a dedicated terminal of a dealer and downloaded. As another storage method, an external storage medium such as a CD-ROM (Compact Disk Read-Only Memory) created by a dealer is installed in the vehicle owner's computer, and the vehicle owner's mobile phone 11001 is installed in the computer. There is a way to connect and download.

  The vehicle borrower's mobile phone 11101 includes a communication unit 11102, a display unit 11103, an input unit 11104, a control unit 11105, a storage unit 11106, and a card unit 11107. The function of each part of the vehicle borrower's mobile phone 11101 has the same configuration as that of the vehicle owner's mobile phone 11001.

The vehicle 11201 includes a communication unit 11202, a control unit 11203, and a storage unit 11204.
A communication unit 11202 communicates with other devices using wireless communication, infrared communication, or the like. The communication unit 11002 includes, for example, a communication board and an antenna.
Control unit 11203 controls operation of vehicle 11201.
The storage unit 11204 stores programs and data necessary for the vehicle 11201 to operate. The storage unit 11204 is a volatile memory such as a RAM or a nonvolatile memory such as a ROM. As a method for storing programs, data, and the like, for example, the storage unit 11204 is connected to a dedicated device or a dedicated terminal of a vehicle manufacturer and downloaded. The program stored in the storage unit 11204 is processed by a CPU provided in the vehicle 11201.

Embodiment 1 FIG.
First, the first embodiment will be described. In the first embodiment, the vehicle owner's mobile phone 11001 delegates the vehicle operating authority to the vehicle borrower's mobile phone 11101, and the vehicle borrower's mobile phone 11101 to which the vehicle operating authority is delegated is the vehicle 11201. Will be described.

  FIG. 2 is a functional block diagram of the authority possessing device 100, the authority borrowing device 200, and the control device 300 according to the first embodiment. That is, FIG. 2 is a functional block diagram of the mobile phone 11001 of the vehicle owner, the mobile phone 11101 of the vehicle borrower, and the vehicle 11201.

The authority possessing device 100 includes a ticket generating unit 101, an owned device transmitting unit 102, an owned device receiving unit 103, and an owned device storage unit 104.
The ticket generation unit 101 generates a ticket that can be identified as having authority to instruct the control device. That is, here, the ticket generation unit 101 generates a ticket that can be identified as having authority to instruct the vehicle 11201.
The owning device transmission unit 102 transmits the ticket generated by the ticket generation unit 101 to the authority borrowing device 200.
The owning device reception unit 103 receives information transmitted by the authority impersonation device 200.
The owned device storage unit 104 stores programs and data necessary for processing of the authorized device 100. The owned device storage unit 104 may store the ticket generated by the ticket generation unit 101. Here, the owned device storage unit 104 is the storage unit 11006, the storage unit 11011 of the UIM 11008, or the like.

The authority borrowing apparatus 200 includes a borrowing apparatus transmitting unit 201, a borrowing apparatus receiving unit 202, a borrowing apparatus storage unit 203, a borrowing apparatus instruction unit 204, and a borrowing apparatus determination unit 205.
The borrowing device transmission unit 201 transmits the ticket stored in the borrowing device storage unit 203 described later to the control device 300.
The borrower receiving unit 202 receives a ticket with a signature that can be identified as authorized from the authorized device 100.
The borrowing device storage unit 203 stores the ticket received by the borrowing device receiving unit 202.
The borrowing device instruction unit 204 instructs the control device 300. That is, the borrowing apparatus instruction unit 204 instructs the vehicle 11201.
The borrowing device determination unit 205 verifies the ticket received from the authority possessing device 100.

The control device 300 includes a control device transmission unit 301, a control device reception unit 302, a control device storage unit 303, a control device determination unit 304, and a control unit 305.
The control device transmission unit 301 transmits information to the authority possessing device 100, the authority borrowing device 200, and the like.
The control device receiving unit 302 receives, from the authority impersonation device 200, a ticket with a signature that can be identified as authorized. Further, the control device receiving unit 302 receives instructions from the authority possessing device 100 and the authority borrowing device 200.
The control device storage unit 303 stores information for determining whether the ticket is correct.
The control device determination unit 304 determines whether the ticket is correct based on the information stored in the control device storage unit 303.
When the control device determination unit 304 determines that the ticket is correct, the control unit 305 receives the instruction received from the authority impersonation device 200. In addition, the control unit 305 receives an instruction from the authority possessing device 100.

  Here, the programs stored in the mobile phone 11001 of the vehicle owner who is the authority holding device 100, the mobile phone 11101 of the vehicle borrower who is the authority borrowing device 200, and the vehicle 11201 which is the control device 300 are described above. A description will be given on the assumption that each part operates.

FIG. 3 shows a program stored in the storage unit 11006 of the mobile phone 11001 of the vehicle owner. The vehicle operation authority lending program 21001 is a program that performs processing for lending the operation authority of the vehicle 11201 to the mobile phone 11101 of the vehicle borrower. The vehicle operation authority borrowing program 21002 is a program that performs a process for borrowing the operation authority of the vehicle 11201 from the mobile phone 11001 of the vehicle owner. The terminal-side vehicle operation program 21003 is a program that performs processing for operating the vehicle 11201.
FIG. 4 shows data stored in the storage unit 11011 of the UIM 11008 in the mobile phone 11001 of the vehicle owner. The vehicle owner's secret key 31001 is a secret key in the public key cryptosystem, and corresponds to the vehicle owner's mobile phone 11001. The vehicle owner's public key 31002 is a public key in the public key cryptosystem, and is paired with the vehicle owner's private key 31001.

  FIG. 5 shows a program stored in the storage unit 11106 of the mobile phone 11101 of the vehicle borrower. FIG. 6 shows data stored in the storage unit 11111 of the UIM 11108 in the mobile phone 11101 of the vehicle lessee. The functions of each program and each data are the same as in the case of the mobile phone 11001 of the vehicle owner, and are omitted here.

  FIG. 7 shows programs and data stored in the storage unit 11204 of the vehicle 11201. A vehicle secret key 61001 is a secret key in the public key cryptosystem and corresponds to the vehicle 11201. The public key 61002 of the vehicle is a public key in the public key cryptosystem and is paired with the private key 61001 of the vehicle. The vehicle owner's public key 31002 is a public key in the public key cryptosystem, and is the same as the vehicle owner's public key 31002. The vehicle-side vehicle operation program 61004 is a program that performs processing for operating the vehicle 11201.

  Next, the operation of the first embodiment configured as described above will be described. In the operation of the first embodiment, the mobile phone 11001 of the vehicle owner delegates the vehicle operating authority to the mobile phone 11101 of the vehicle borrower, and the mobile phone 11101 of the vehicle borrower to whom the vehicle operating authority has been delegated. An operation of operating the vehicle 11201.

  First, the operation of delegating the vehicle operating authority will be described with reference to FIGS. FIG. 8 is a message sequence diagram illustrating a series of operations in which the vehicle owner's mobile phone 11001 delegates vehicle operating authority to the vehicle borrower's mobile phone 11101. FIG. 9 is a flowchart showing a series of operations of the vehicle operation authority lending program 21001 of the mobile phone 11001 of the vehicle owner. FIG. 10 is a flowchart showing a series of operations of the vehicle operation authority borrowing program 41002 of the cell phone 11101 of the vehicle borrower.

  First, the vehicle owner's mobile phone 11001 activates the vehicle operation authority lending program 21001. Also, the vehicle borrower's mobile phone 11101 activates the vehicle operation authority borrowing program 41002.

  In the owning device public key request step S91001, the owning device transmission unit 102 transmits the vehicle borrower's public key request to the cell phone 11101 of the vehicle borrower.

  In the borrowing device public key request receiving step S101001, the borrowing device receiving unit 202 receives the public key request of the vehicle borrower.

  In the borrowing device public key transmission step S101002, the borrowing device transmitting unit 201 transmits the vehicle borrower's public key 51002 to the mobile phone 11001 of the vehicle owner.

  In the owning device public key receiving step S91002, the owning device receiving unit 103 receives the public key 51002 of the vehicle borrower. The owning device storage unit 104 temporarily stores the received public key. For example, the storage unit 11011 of the UIM 11008 illustrated in FIG. 1 temporarily stores the received public key.

  In owning device public key transmission step S91003, the owning device transmission unit 102 transmits the vehicle owner's public key 31002 to the vehicle borrower's mobile phone 11101.

  In the borrower public key reception step S101003, the borrower receiver 202 receives the vehicle owner's public key 31002. The borrower storage unit 203 temporarily stores the received public key. For example, the UIM storage unit 11111 illustrated in FIG. 1 temporarily stores the received public key.

  In the borrower public key reception completion notification step S101004, the borrower transmission unit 201 transmits a public key reception completion notification to the mobile phone 11001 of the vehicle owner.

  In own device public key reception completion reception step S91004, the own device receiving unit 103 receives a public key reception completion notification.

In the ticket generation step S91005, the ticket generation unit 101 generates a vehicle borrower's ticket. The ticket generated by the ticket generation unit 101 includes a vehicle borrower's public key 51002, vehicle borrower's operation permission information 111112, and operation restriction information 111113. Here, the owned device storage unit 104 may store the ticket generated by the ticket generation unit 101.
The vehicle borrower's operation permission information 111112 and the operation restriction information 111113 are set in advance by the vehicle owner before delegating the vehicle operation authority. For example, the mobile phone 11001 of the vehicle owner displays an input screen for the operation permission information 111112 and the operation restriction information 111113 of the vehicle lessee and prompts the vehicle owner to input. The operation permission information 111112 is information including a vehicle operation permitted to the vehicle borrower. For example, the operation permission information 111112 includes door locking and unlocking, engine starting, trunk locking and unlocking, presence / absence of use of in-vehicle devices such as car navigation and audio. The operation restriction information 111113 is information including a range of vehicle operations permitted to the vehicle borrower. For example, the operation restriction information 111113 includes a travel distance, a travel range, a usage time, and the like. FIG. 11 shows an example of an input screen for the vehicle borrower's operation permission information 111112 and the operation restriction information 111113.
The input of the vehicle borrower's operation permission information 111112 and the operation restriction information 111113 is not necessarily performed first in the process of delegating the operation authority of the vehicle 11201. As for the operation permission information 111112 and the operation restriction information 111113 of the vehicle borrower, the vehicle owner inputs the operation permission information 111112 and the operation restriction information 111113 in advance and stores them in the storage unit 11006 of the mobile phone 11001 of the vehicle owner. You may keep it. In this case, when delegating the operation authority of the vehicle 11201, the input process can be omitted, or the vehicle owner can select the most appropriate information from among some registered information. Convenience is improved.

  In the ticket signature step S91006, the ticket generation unit 101 creates ticket signature information using the private key 31001 of the vehicle owner.

  In the ticket transmission step (owning device transmission step) S91007, the owning device transmission unit 102 transmits the signed ticket to the mobile phone 11101 of the vehicle borrower.

  In the ticket receiving step S101005, the borrower receiving unit 202 receives a signed ticket.

  In the borrowing device ticket verification step S101006, the borrowing device determination unit 205 verifies the signature information using the public key 31002 of the vehicle owner.

  In the borrowing apparatus ticket verification step S101007, the borrowing apparatus determination unit 205 proceeds to the next step when the verification is successful. If the verification fails, the borrower determination unit 205 ends the program.

  In the borrowing device ticket storage step S101008, the borrowing device storage unit 203 stores the signed ticket. That is, the UIM storage unit 11111 illustrated in FIG. 1 stores a signed ticket.

  In ticket reception completion notification step S101010, the borrower transmission unit 201 transmits a ticket reception completion notification to the mobile phone 11001 of the vehicle owner. The cell phone 11101 of the vehicle borrower terminates the program after the borrowing device transmission unit 201 transmits a ticket reception completion notification.

  In the ticket reception completion notification reception step S91008, the owning device reception unit 103 receives a ticket reception completion notification. The mobile phone 11001 of the vehicle owner ends the program after the owning device receiving unit 103 receives the ticket reception completion notification.

  The vehicle owner's mobile phone 11001 and the vehicle borrower's mobile phone 11101 communicate on a safe communication path. For example, a mobile phone and a mobile phone are brought into contact with each other using a non-contact IC card function such as communication using a mobile phone with an encryption function or a non-contact IC card / reader / writer integrated mobile phone. Communication using the data exchange function is performed.

  FIG. 12 shows information stored in the storage unit 11111 of the UIM 11108 of the vehicle borrower's mobile phone 11101 after the vehicle owner's mobile phone 11001 delegates the vehicle operating authority to the vehicle borrower's mobile phone 11101. is there. The storage unit 11111 of the UIM 11108 includes a ticket 111001 with a signature of the vehicle owner as compared to before the vehicle operation authority is delegated.

  Next, the operation in which the vehicle owner's mobile phone 11001 operates the vehicle 11201 will be described with reference to FIGS. 13, 14, and 15. FIG. 13 is a message sequence diagram showing a series of operations in which the vehicle owner's mobile phone 11001 operates the vehicle 11201. FIG. 14 is a flowchart showing a series of operations of the terminal-side vehicle operation program 21003 or 41003 of the mobile phone 11001 or 11101 of the vehicle owner or vehicle borrower (hereinafter referred to as vehicle user). FIG. 15 is a flowchart showing a series of operations of the vehicle-side vehicle operation program 61004 of the vehicle 11201.

  In communication link establishment steps S131001 and S141001, the vehicle-side vehicle operation program 61004 transmits a response request to the mobile phone via the control device transmission unit 301. A communication link between the vehicle 11201 and the vehicle owner's mobile phone 11001 when the vehicle owner's mobile phone 11001 approaches the vehicle 11201 and the terminal-side vehicle operation program 21003 of the vehicle owner's mobile phone 11001 receives the response request. Establish.

In the control device public key request step S141002, the control device transmission unit 301 transmits a public key request to the mobile phone 11001 of the vehicle owner when the communication link is established between the mobile phone 11001 of the vehicle owner and the vehicle 11201.
For example, the vehicle-side vehicle operation program 61004 executes the authentication process after step S141002 when the vehicle owner turns the door, engine, or trunk knob of the vehicle 11201. For devices that are frequently operated, such as ETC, car navigation, and audio, the authentication process may not be performed for each operation, and the operation may be shifted to the operable state in step S141007 based on the result of the authentication process performed immediately before.

  In use device public key request reception step S131002, the owning device receiving unit 103 receives a public key request.

  In the utilization device data transmission step S131003, the possession device transmission unit 102 transmits the vehicle owner's public key 31002 to the vehicle 11201. After the vehicle owner's mobile phone 11001 transmits the vehicle owner's public key 31002, the program ends.

  In control device data reception step S141003, the control device reception unit 302 receives the vehicle owner's public key 31002.

  In data analysis step S141004, the control device determination unit 304 analyzes the type of received data.

  In the control device signature verification step S141105, the control device determination unit 304 compares the data with the vehicle user's public key stored in the control device storage unit 303 if the data is from the mobile phone 11001 of the vehicle owner. That is, the control device determination unit 304 collates with the vehicle user's public key stored in the storage unit 11204 of the vehicle 11201.

  In control device signature verification step S141106, if the verification is successful, the control device determination unit 304 proceeds to the next step. If the verification fails, the control device determination unit 304 ends the program.

  In the operable state transition step S141007, the vehicle-side vehicle operation program 61004 shifts to a vehicle operable state. The vehicle-side vehicle operation program 61004 makes it possible to perform operations such as door unlocking and engine starting, for example.

  The vehicle owner's mobile phone 11001 and the vehicle 11201 communicate with each other by infrared communication or the like.

  Next, an operation in which the vehicle borrower's mobile phone 11101 operates the vehicle 11201 will be described with reference to FIGS. 16, 14, and 15. FIG. 16 is a message sequence diagram showing a series of operations in which the vehicle borrower's mobile phone 11101 operates the vehicle 11201.

  Steps S131001 to S131002 and Steps S141001 to S141002 are the same as the operation of the vehicle owner's mobile phone 11001 operating the vehicle 11201 described above, and are therefore omitted here.

  In utilization device data transmission step S131003, the borrower transmission unit 201 transmits a ticket with a signature to the vehicle 11201. The vehicle borrower's mobile phone 11101 ends the program after sending the signed ticket.

  In control device data reception step S141003, the control device reception unit 302 receives a signed ticket.

  In data analysis step S141004, the control device determination unit 304 analyzes the type of received data.

  In the control device signature verification step S141105, the control device determination unit 304 verifies the signature using the public key of the user stored in the storage unit 11204 if the data is from the mobile borrower's mobile phone 11101. .

  In control device signature verification step S141106, if the verification is successful, the control device determination unit 304 proceeds to the next step. If the verification fails, the control device determination unit 304 ends the program.

In the operable state transition step S141007, the vehicle-side vehicle operation program 61004 shifts to the vehicle operable state based on the operation permission information 111112 and the operation restriction information 111113.
For example, in the vehicle-side vehicle operation program 61004, when the operation permission information 111112 includes door and engine operation permission, and the operation restriction information 111113 includes the usage time and the travel distance, first, the vehicle-side vehicle operation program The program 61004 obtains the current time and compares it with the usage time. When the current time is within the usage time, the vehicle-side vehicle operation program 61004 can execute the door and engine operations. If the current time has passed the usage time, the vehicle-side vehicle operation program 61004 does not allow the door and engine operations to be executed. Further, the vehicle-side vehicle operation program 61004 calculates the total distance traveled by the vehicle lessee by the vehicle 11201 and compares it with the travel distance of the operation restriction information 111113. When the total distance exceeds the travel distance, the vehicle-side vehicle operation program 61004 does not execute the engine operation.

  The vehicle borrower's mobile phone 11101 and the vehicle 11201 communicate with each other by infrared communication or the like.

  As described above, in the first embodiment, communication is performed between the mobile phone 11001 of the vehicle owner and the mobile phone 11101 of the vehicle borrower. The mobile phone 11001 of the vehicle owner transmits information (tickets) necessary for operating the vehicle 11201 to the mobile phone 11101 of the vehicle borrower. Therefore, in Embodiment 1, vehicle operation authority can be delegated between the vehicle owner's mobile phone 11001 and the vehicle borrower's mobile phone 11101 without going through the management server.

  Further, the owner of the vehicle can finely set the range of authority that can be operated by the borrower of the vehicle by a highly convenient operation.

Embodiment 2. FIG.
Next, a second embodiment will be described. In the first embodiment described above, a vehicle is transmitted from the vehicle owner's mobile phone 11001 to the vehicle borrower's mobile phone 11101 by transmitting a ticket from the vehicle owner's mobile phone 11001 to the vehicle borrower's mobile phone 11101. The operation authority was transferred. In the second embodiment, an operation for preventing impersonation of a vehicle borrower when delegating the vehicle operating authority and an operation for preventing impersonation of the vehicle user when operating the vehicle 11201 will be described.

  In the second embodiment, when the vehicle operation authority is delegated by the vehicle operation authority delegation system in the first embodiment, a procedure is added in which the vehicle owner's mobile phone 11001 verifies the vehicle borrower's signature. Therefore, in the second embodiment, in addition to the effects of the first embodiment, it is possible to prevent a third party from impersonating a vehicle borrower and delegating an unauthorized vehicle operation authority when delegating the vehicle operation authority.

  In the second embodiment, a procedure for the vehicle 11201 to verify the signature of the vehicle user when the mobile phone of the vehicle user operates the vehicle 11201 is added. Therefore, in the second embodiment, it is possible to prevent the third party who has obtained the ticket from operating the vehicle 11201 illegally by impersonating the vehicle borrower.

  FIG. 17 is a functional block diagram of the authority possessing device 100, the authority borrowing device 200, and the control device 300 according to the second embodiment. Since the functional block diagram shown in FIG. 17 is substantially the same as the functional block diagram shown in FIG. 2, only the differences will be described.

  The authorized device 100 further includes an owned device determination unit 105 and an owned device identification information creation unit 106. The owning device determination unit 105 determines the identification information received from the authority impersonation device 200 or the like. The owning device identification information creating unit 106 creates identification information of the authority owning device 100. The identification information created by the owned device identification information creating unit 106 is owned device authentication information that can authenticate that the device is an authorized device.

The authority borrowing apparatus 200 further includes a borrowing apparatus identification information creating unit 206. The borrowing device identification information creating unit 206 creates identification information of the authority borrowing device 200. The identification information created by the borrowing device identification information creating unit 206 is borrowing device authentication information that can authenticate that the device is an authority borrowing device.
The control device 300 further includes a control device identification information creation unit 306. The control device identification information creation unit 306 creates identification information of the control device 300. The identification information created by the control device identification information creation unit 306 is control device authentication information that can authenticate the control device.

  The configuration of the storage unit of the vehicle operation authority delegation system in the second embodiment is the same as that of the first embodiment except for the storage unit 11011 of the UIM 11008 of the mobile phone 11001 of the vehicle owner. Therefore, only the difference will be described here.

  FIG. 18 shows data stored in storage unit 11011 of UIM 11008 of mobile phone 11001 of the vehicle owner in the second embodiment. The vehicle owner's secret key 31001 is a secret key in the public key cryptosystem, and corresponds to the vehicle owner's mobile phone 11001. The vehicle owner's public key 31002 is a public key in the public key cryptosystem, and is paired with the vehicle owner's private key 31001. The identification information of the vehicle 11201 is information for identifying the vehicle 11201.

  Next, the operation of the second embodiment configured as described above will be described. In the operation of the second embodiment, the mobile phone 11001 of the vehicle owner delegates the vehicle operating authority to the mobile phone 11101 of the vehicle borrower, and the mobile phone 11101 of the vehicle borrower to whom the vehicle operating authority has been delegated. An operation of operating the vehicle 11201.

  First, the operation for delegating the vehicle operating authority will be described with reference to FIGS. FIG. 19 is a message sequence diagram showing a series of operations in which the vehicle owner's mobile phone 11001 delegates the vehicle operating authority to the vehicle borrower's mobile phone 11101. FIG. 20 is a flowchart showing a series of operations of the vehicle operation authority lending program 21001 of the mobile phone 11001 of the vehicle owner. FIG. 21 is a flowchart showing a series of operations of the vehicle operation authority borrowing program 41002 of the cell phone 11101 of the vehicle borrower.

  Steps S92001 and S102001 to S102002 are the same as steps S91001 and S101001 to S101002 of the first embodiment, and thus description thereof is omitted here.

  In own device public key reception step S92002, the own device receiving unit 103 receives the public key 51002 of the vehicle borrower. The owning device storage unit 104 temporarily stores the received public key. For example, the storage unit 11011 of the UIM 11008 illustrated in FIG. 1 temporarily stores the received public key.

  In the owned device public key transmission step S92003, the owned device transmitting unit 102 transmits the vehicle owner's public key 31002 to the vehicle borrower's mobile phone 11101.

  In the borrower public key reception step S102003, the borrower receiver 202 receives the public key 31002 of the vehicle owner. The borrower storage unit 203 temporarily stores the received public key. For example, the UIM storage unit 11111 illustrated in FIG. 1 temporarily stores the received public key.

  In borrowing device public key reception completion notification step S102004, the borrowing device transmission unit 201 transmits a public key reception completion notification to the mobile phone 11001 of the vehicle owner.

  In own device public key reception completion reception step S92004, the own device reception unit 103 receives a public key reception completion notification.

  In the owned device random number generation step S92005, the owned device identification information creating unit 106 generates a random number.

  In the owned device random number transmission step S92006, the owned device transmission unit 102 transmits a random number to the mobile phone 11101 of the vehicle borrower.

  In borrowing device random number reception step S102005, the borrowing device receiving unit 202 receives a random number.

  In borrowing device identification information creation step S102006, the borrowing device identification information creation unit 206 creates identification information of the mobile phone 11001 of the vehicle owner. Here, a hash value of the public key 31002 of the vehicle owner is generated and used as identification information of the mobile phone 11001 of the vehicle owner.

  In the borrowing apparatus signature creating step S102007, the borrowing apparatus identification information creating unit 206 uses the vehicle borrower's private key 51001 to sign the identification information of the vehicle owner's mobile phone 11001 and the received random number, and the signature information. Create

  In borrowing apparatus identification information transmission step S102008, the borrowing apparatus transmitting unit 201 transmits the signature information to the mobile phone 11001 of the vehicle owner.

  In the own device identification information receiving step S92007, the own device receiving unit 103 receives the signature information.

  In owned device identification information verification step S92008, the owned device determination unit 105 verifies the received signature information. For example, the owned device determination unit 105 first creates identification information of the mobile phone 11001 of the vehicle owner from the public key 31002 of the vehicle owner. Next, the owning device determination unit 105 creates signature target information from the identification information of the mobile phone 11001 of the vehicle owner and the random number. Next, the owning device determination unit 105 creates signature target information from the received signature information using the vehicle borrower's public key 51002, and compares it with the signature target information.

  In the owned device identification information verification step S92009, the owned device determination unit 105 proceeds to the next step if the verification is successful. If the verification fails, the owning device determination unit 105 ends the program.

  In ticket generation step S92010, the ticket generation unit 101 generates a ticket.

  In the ticket signature step S92011, the ticket generation unit 101 uses the vehicle owner's private key 31001 to create signature information for the identification information of the ticket and the vehicle 11201.

  Step S92012 to step S92013 and step S102009 to step S102013 are the same as step S91007 to step S91008 and step S101005 to step S101010 of the first embodiment, and thus description thereof is omitted here.

  The vehicle owner's mobile phone 11001 and the vehicle borrower's mobile phone 11101 communicate via a secure communication path, as in the first embodiment.

  FIG. 22 shows information stored in the storage unit 11111 of the UIM 11108 of the vehicle borrower's mobile phone 11101 after the vehicle owner's mobile phone 11001 delegates the vehicle operating authority to the vehicle borrower's mobile phone 11101. .

  Next, the operation in which the vehicle owner's mobile phone 11001 operates the vehicle 11201 will be described with reference to FIGS. 23, 24, and 25. FIG. 23 is a message sequence diagram illustrating a series of operations in which the vehicle owner's mobile phone 11001 operates the vehicle 11201. FIG. 24 is a flowchart showing a series of operations of the terminal-side vehicle operation program 21003 or 41003 of the mobile phone 11001 or 11101 of the vehicle owner or vehicle borrower (hereinafter referred to as vehicle user). FIG. 25 is a flowchart showing a series of operations of the vehicle-side vehicle operation program 61004 of the vehicle 11201.

  Steps S132001 to S132003 and Steps S142001 to S142006 are the same as Steps S131001 to S131003 and Steps S141001 to S141106 in Embodiment 1, and thus description thereof is omitted here.

  In control device random number generation step S142007, the control device identification information creating unit 306 generates a random number.

  In the control device random number transmission step S142008, the control device transmission unit 301 transmits a random number to the mobile phone 11001 of the vehicle owner.

  In utilization device random number reception step S132004, the owning device reception unit 103 receives a random number.

  In the use device signature creation step S132005, the owned device identification information creation unit 106 signs the identification information and random number of the vehicle 11201 using the vehicle owner's private key 31001, and creates signature information.

  In use device identification information transmission step S132006, the owned device transmission unit 102 transmits signature information to the vehicle 11201. The vehicle owner's mobile phone 11001 ends the program after transmitting the signature information.

  In control device identification information reception step S142009, the control device reception unit 302 receives signature information.

  In control device identification information verification step S142010, the control device determination unit 304 verifies the signature information. For example, the control device determination unit 304 first creates identification information of the vehicle 11201 from the public key 61002 of the vehicle. Next, the control device determination unit 304 creates signature target information from the identification information of the vehicle 11201 and a random number. Next, the control device determination unit 304 creates signature target information from the received signature information using the vehicle owner's public key 31002 and compares it with the signature target information.

  In the control device identification information verification step S142011, if the verification is successful, the control device determination unit 304 proceeds to the next step. If the verification fails, the control device determination unit 304 ends the program.

  Since step S142012 is the same as step S141007 of the first embodiment, description thereof is omitted here.

  The vehicle owner's mobile phone 11001 and the vehicle 11201 communicate with each other by infrared communication or the like.

  Next, an operation in which the vehicle borrower's mobile phone 11101 operates the vehicle 11201 will be described with reference to FIGS. 26, 24, and 25. FIG. 26 is a message sequence diagram showing a series of operations in which the vehicle borrower's mobile phone 11101 operates the vehicle 11201.

Steps S132001 to S132003 and Steps S142001 to S142006 are the same as Steps S131001 to S131003 and Steps S141001 to S141106 in Embodiment 1, and thus description thereof is omitted here. Steps S142007 to S142012 are the same as when the vehicle owner's mobile phone 11001 operates the vehicle 11201, and thus the description thereof is omitted here. However, the private key used for signing in the utilization device signature creation step S132005 is not the vehicle owner's private key 31001 but the vehicle borrower's private key 51001.
The vehicle borrower's mobile phone 11101 and the vehicle 11201 communicate with each other by infrared communication or the like.

  The random number generated above may use data that changes each time data is transmitted, such as the current time and a message counter. The same applies when generating random numbers.

In the second embodiment, the authentication is performed at the time of delegating the operation authority of the vehicle 11201 and the operation of the vehicle 11201. However, the authentication may be performed only at the time of delegation of the operation authority of the vehicle 11201 or the operation of the vehicle 11201.
In the second embodiment, other authentication procedures that can obtain the same effect may be used other than the above-described authentication procedures.

  As described above, the second embodiment adds a procedure in which the vehicle owner's mobile phone 11001 verifies the signature of the vehicle borrower's mobile phone 11101 when the vehicle operation authority is transferred in the vehicle operation authority transfer system in the first embodiment. ing. Therefore, in the second embodiment, in addition to the effects of the first embodiment, it is possible to prevent a third party from impersonating the vehicle borrower's mobile phone 11101 and delegating an unauthorized vehicle operation authority when delegating the vehicle operation authority. it can.

  Further, in the second embodiment, by adding a procedure for the vehicle 11201 to verify the vehicle user's signature when the vehicle user operates the vehicle 11201, the third party who obtained the ticket impersonates the vehicle borrower, etc. Unauthorized operation of the vehicle 11201 can be prevented.

Embodiment 3 FIG.
Next, a third embodiment will be described. In the second embodiment described above, the vehicle owner's mobile phone 11001 verifies the vehicle borrower's signature when the vehicle operating authority is transferred from the vehicle owner's mobile phone 11001 to the vehicle borrower's mobile phone 11101. Therefore, the act of impersonating a vehicle borrower at the time of delegation of vehicle operation authority was prevented. Further, when the vehicle user operates the vehicle 11201, the vehicle 11201 verifies the signature of the vehicle user, thereby preventing the vehicle user from impersonating the vehicle. In the third embodiment, when the vehicle operating authority is delegated, mutual impersonation between the vehicle borrower and the vehicle owner is prevented, and when the vehicle 11201 is operated, mutual impersonation between the vehicle user and the vehicle is prevented. The operation will be described.

  In the third embodiment, instead of the procedure in which the vehicle owner's mobile phone 11001 verifies the vehicle borrower's signature at the time of the vehicle operation authority transfer of the vehicle operation authority transfer system in the second embodiment, the vehicle borrower's mobile phone 11101. The mobile phone 11001 of the vehicle owner executes a procedure for verifying the signature of the other party. Therefore, in the third embodiment, in addition to the effects of the second embodiment, it is possible to prevent a third party from impersonating the vehicle owner and giving an illegal vehicle operation authority transfer when the vehicle operation authority is transferred.

  Further, in the third embodiment, instead of the procedure in which the vehicle 11201 verifies the signature of the vehicle user when the vehicle user operates the vehicle 11201, the mobile phone of the vehicle user and the vehicle 11201 verify each other's signature. Perform the steps to Therefore, in Embodiment 3, in addition to the effects of Embodiment 2, it is possible to prevent a vehicle user from operating an unauthorized vehicle.

  Since the functional block diagram and the configuration of the storage unit of the vehicle operation authority delegation system in the third embodiment are the same as those in the second embodiment, description thereof is omitted here.

  Next, the operation of the third embodiment configured as described above will be described. In the operation of the third embodiment, the vehicle owner's mobile phone 11001 delegates vehicle operation authority to the vehicle borrower's mobile phone 11101, and the vehicle borrower's mobile phone 11101 delegated vehicle operation authority. An operation of operating the vehicle 11201.

  First, the operation of delegating the vehicle operating authority will be described with reference to FIGS. 27, 28, and 29. FIG. FIG. 27 is a message sequence diagram illustrating a series of operations in which the vehicle owner's mobile phone 11001 delegates vehicle operating authority to the vehicle borrower's mobile phone 11101. FIG. 28 is a flowchart showing a series of operations of the vehicle operation authority lending program 21001 of the mobile phone 11001 of the vehicle owner. FIG. 29 is a flowchart showing a series of operations of the vehicle operation authority borrowing program 41002 of the cellular phone 11101 of the vehicle borrower.

  Steps S93001 to S93006 and Steps S103001 to S103005 are the same as Steps S92001 to S92006 and Steps S102001 to S102005 of the second embodiment, and thus description thereof is omitted here.

  In borrowing device random number generation step S103006, the borrowing device identification information creating unit 206 generates a random number.

  In borrowing device identification information creating step S103007, the borrowing device identification information creating unit 206 creates the identification information of the mobile phone 11001 of the vehicle owner.

  In the borrowing device signature creation step S103008, the borrowing device identification information creation unit 206 uses the vehicle borrower's private key 51001 to generate a random number (hereinafter, random number b), a received random number (hereinafter, random number a), a vehicle possession. The signature information is created by adding a signature to the identification information of the person's mobile phone 11001.

  In the borrowing device identification information transmission step S103010, the borrowing device transmission unit 201 transmits the random number b, the random number a, the identification information of the vehicle owner's mobile phone 11001, and the signature information to the mobile phone 11001 of the vehicle owner.

  In the owning device identification information receiving step S93007, the owning device receiving unit 103 receives the random number b, the random number a, the identification information of the vehicle owner's mobile phone 11001, and the signature information.

  In the owned device identification information verification step S93008, the owned device determination unit 105 verifies the received signature information. For example, the owned device determination unit 105 first creates signature target information from the random number b, the random number a, and the identification information of the mobile phone 11001 of the vehicle owner. Next, the owning device determination unit 105 creates signature target information from the signature information using the vehicle borrower's public key 51002 and compares it with the signature target information.

  In the owned device identification information verification step S93009, if the verification is successful, the owned device determination unit 105 proceeds to the next step. If the verification fails, the owning device determination unit 105 ends the program.

  In owned device random number verification step S93010, owned device determination section 105 verifies random number a and identification information of mobile phone 11001 of the vehicle owner. For example, the owned device determination unit 105 first collates the random number generated in step S93005 with the random number a. Next, the owning device determination unit 105 creates identification information of the mobile phone 11001 of the vehicle owner and compares it with the received identification information of the mobile phone 11001 of the vehicle owner.

  In the owned device random number verification step S93011, the owned device determination unit 105 determines that the verification is successful if both of the owned device determination unit 105 match, and proceeds to the next step. As a result of the comparison by the owned device determination unit 105, the owned device determination unit 105 regards the verification as a failure if any of them does not match, and ends the program.

  In the owned device identification information creation step S93012, the owned device identification information creation unit 106 creates identification information of the mobile phone 11101 of the vehicle borrower.

  In the owned device signature creation step S93013, signatures are created by signing the random numbers a and b and the identification information of the vehicle borrower's mobile phone 11101 using the vehicle owner's private key 31001.

  In owned device identification information transmission step S93014, the owned device transmitting unit 102 transmits the random number a, the random number b, the identification information of the vehicle borrower's mobile phone 11101, and the signature information to the vehicle borrower's mobile phone 11101.

  In borrowing device identification information receiving step S103010, the borrowing device receiving unit 202 receives a random number a, a random number b, identification information of the vehicle borrower's mobile phone 11101, and signature information.

  In the borrower identification information verification step S103011, the borrower determination unit 205 verifies the received signature information. For example, the borrower determination unit 205 first creates signature target information from the random number a, the random number b, and the identification information of the vehicle borrower. Next, the borrower determination unit 205 creates signature target information from the signature information using the vehicle owner's public key 31002 and compares it with the signature target information.

  In the borrower identification information verification step S103001, the borrower identification unit 205 proceeds to the next step if the verification is successful. If the verification fails, the borrower determining unit 205 ends the program.

  In the borrower random number verification step S1030301, the borrower determination unit 205 verifies the random number a, the random number b, and the identification information of the vehicle borrower's mobile phone 11101. For example, the borrower determining unit 205 first collates the random number received in step S103005 with the random number a. Next, the borrower determination unit 205 collates the random number generated in step S103006 with the random number b. Next, the borrower determination unit 205 creates identification information of the vehicle borrower's mobile phone 11101 and compares it with the received identification information of the vehicle borrower's mobile phone 11101.

  In the borrowing device random number verification step S103014, the borrowing device determination unit 205 determines that the verification is successful if both match as a result of the comparison by the borrowing device determination unit 205, and proceeds to the next step. As a result of the comparison by the borrowing device determination unit 205, if any of the borrowing device determination unit 205 does not match, the borrowing device determination unit 205 regards the verification as failure and ends the program.

  In the ticket request transmission step S103015, the borrower transmission unit 201 transmits a ticket request to the mobile phone 11001 of the vehicle owner.

  In ticket request reception step S93015, the owning device reception unit 103 receives a ticket request.

  Steps S93016 to S93019 and Steps S103016 to S103020 are the same as Steps S92010 to S92013 and Steps S102009 to S102013 of the second embodiment, and thus description thereof is omitted here.

  The vehicle owner's mobile phone 11001 and the vehicle borrower's mobile phone 11101 communicate via a safe communication path, as in the second embodiment.

  FIG. 22 shows information stored in the storage unit of the vehicle borrower's mobile phone 11101 after the vehicle owner's mobile phone 11001 delegates the vehicle operating authority to the vehicle borrower's mobile phone 11101.

  Next, the operation in which the vehicle owner's mobile phone 11001 operates the vehicle 11201 will be described with reference to FIGS. 30, 31, and 32. FIG. FIG. 30 is a message sequence diagram showing a series of operations in which the vehicle owner's mobile phone 11001 operates the vehicle 11201. FIG. 31 is a flowchart showing a series of operations of the terminal-side vehicle operation program 21003 or 41003 of the mobile phone 11001 or 11101 of the vehicle owner or vehicle borrower (hereinafter referred to as vehicle user). FIG. 32 is a flowchart showing a series of operations of the vehicle-side vehicle operation program 61004 of the vehicle 11201.

  Steps S133001 to S133004 and Steps S143001 to S143008 are the same as Steps S132001 to S132004 and Steps S142001 to S142008 of the second embodiment, and thus description thereof is omitted here.

  In use device random number generation step S133005, the owned device identification information creation unit 106 generates a random number.

  In the utilization device signature creation step S133006, the owning device identification information creation unit 106 uses the vehicle owner's private key 31001 to generate a generated random number (hereinafter, random number b), a received random number (hereinafter, random number a), and the vehicle 11201. A signature is added to the identification information of, and signature information is created.

  In use device identification information transmission step S133007, random number b, random number a, identification information of vehicle 11201, and signature information are transmitted to vehicle 11201.

  In control device identification information reception step S143309, the control device reception unit 302 receives a random number b, a random number a, identification information of the vehicle 11201, and signature information.

  In control device identification information verification step S143010, the control device determination unit 304 verifies the signature information. For example, the control device determination unit 304 first creates signature target information from the random number b, the random number a, and the identification information of the vehicle 11201. Next, the control device determination unit 304 creates signature target information from the signature information using the vehicle borrower's public key 51002, and compares it with the signature target information.

  In control device identification information verification step S143011, if the verification is successful, the control device determination unit 304 proceeds to the next step. If the verification fails, the control device determination unit 304 ends the program.

  In the control device random number verification step S143012, the control device determination unit 304 verifies the random number a and the identification information of the vehicle 11201. For example, the control device determination unit 304 first collates the random number generated in step S143007 with the random number a. Next, the control device determination unit 304 creates identification information of the vehicle 11201 and collates it with the received identification information of the mobile phone 11001 of the vehicle owner.

  In the control device random number verification step S143013, the control device determination unit 304 determines that the verification is successful if both match as a result of the comparison by the control device determination unit 304, and proceeds to the next step. As a result of the comparison made by the control device determination unit 304, the control device determination unit 304 determines that the verification has failed if any of them does not match, and ends the program.

  In the control device identification information creation step S143014, the control device identification information creation unit 306 creates the identification information of the mobile phone 11001 of the vehicle owner.

  In the control device signature creation step S143015, the control device identification information creation unit 306 signs the random number a, the random number b, and the identification information of the mobile phone 11001 of the vehicle owner using the vehicle secret key 61001, and adds the signature information. create.

  In control device identification information transmission step S143016, control device transmission section 301 transmits random number a, random number b, identification information of vehicle owner's mobile phone 11001, and signature information to mobile phone 11001 of the vehicle owner.

  In use device identification information reception step S133008, the owning device receiving unit 103 receives the random number a, the random number b, the identification information of the vehicle owner's mobile phone 11001, and the signature information.

  In using device identification information verification step S133003, the owning device determination unit 105 verifies the received signature information. For example, the owning device determination unit 105 first creates signature target information from the random number a, the random number b, and the identification information of the mobile phone 11001 of the vehicle owner. Next, the owning device determination unit 105 creates signature target information from the signature information using the vehicle owner's public key 31002 and compares it with the signature target information.

  In utilization device identification information verification step S133010, the owned device determination unit 105 proceeds to the next step if the verification is successful. If the verification fails, the owning device determination unit 105 ends the program.

  In the utilization device random number verification step S133011, the possession device determination unit 105 verifies the random number a, the random number b, and the identification information of the mobile phone 11001 of the vehicle owner. For example, the owned device determination unit 105 first collates the random number received in step S133004 with the random number a. Next, the owned device determination unit 105 collates the random number generated in step S133005 with the random number b. Next, the owning device determination unit 105 creates identification information of the mobile phone 11001 of the vehicle owner and compares it with the received identification information of the mobile phone 11001 of the vehicle owner.

  In the utilization device random number verification step S133012, the owned device determination unit 105 determines that the verification is successful if both of the owned device determination units 105 match, and proceeds to the next step. As a result of the comparison by the owned device determination unit 105, the owned device determination unit 105 regards the verification as a failure if any of them does not match, and ends the program.

  In operation start request transmission step S1330301, the owning device transmission unit 102 transmits an operation start request to the vehicle 11201. After transmitting the operation start request, the vehicle owner's mobile phone 11001 ends the program.

  In operation start request reception step S143017, control device reception section 302 receives an operation start request.

  In the operable state transition step S143018, the vehicle-side vehicle operation program 61004 shifts to an operable state. The vehicle 11201 ends the program after shifting to the operable state.

  The vehicle owner's mobile phone 11001 and the vehicle 11201 communicate with each other by infrared communication or the like.

  Next, an operation in which the vehicle borrower's mobile phone 11101 operates the vehicle 11201 will be described with reference to FIGS. 33, 31, and 32. FIG. 33 is a message sequence diagram illustrating a series of operations in which the vehicle borrower's mobile phone 11101 operates the vehicle 11201.

  Steps S133001 to S133004 and Steps S143001 to S143008 are the same as Steps S132001 to S132004 and Steps S142001 to S142008 of the second embodiment, and thus description thereof is omitted here. Steps S133005 to S1330301, and steps S143309 to S143018 are the same as when the vehicle owner's mobile phone 11001 operates the vehicle 11201, and thus the description thereof is omitted here.

  The vehicle borrower's mobile phone 11101 and the vehicle 11201 communicate with each other by infrared communication or the like.

  In the third embodiment, the authentication is performed at the time of delegating the operation authority of the vehicle and the operation of the vehicle 11201. However, the authentication may be performed only at the time of delegating the operation authority of the vehicle 11201 or the operation of the vehicle 11201.

  In the third embodiment, the authentication procedure shown in ISO / IEC 98970-3 three-pass mutual authentication is used. However, other authentication procedures that can obtain the same effect may be used.

  As described above, in the third embodiment, instead of the procedure in which the vehicle owner's mobile phone 11001 verifies the signature of the vehicle borrower's mobile phone 11101 at the time of the vehicle operation authority transfer of the vehicle operation authority transfer system in the second embodiment. Furthermore, the vehicle borrower's mobile phone 11101 and the vehicle owner's mobile phone 11001 executed a procedure for verifying each other's signature. Therefore, in the third embodiment, in addition to the effects of the second embodiment, it is possible to prevent a third party from impersonating the vehicle owner's mobile phone 11001 and granting an illegal vehicle operation authority transfer when the vehicle operation authority is transferred. it can.

  Further, in the third embodiment, instead of the procedure in which the vehicle 11201 verifies the signature of the vehicle user when the vehicle user operates the vehicle 11201, the mobile phone of the vehicle user and the vehicle 11201 verify each other's signature. Performed the procedure. Therefore, in Embodiment 3, in addition to the effects of Embodiment 2, it is possible to prevent a vehicle user from operating an unauthorized vehicle.

Embodiment 4 FIG.
Next, a fourth embodiment will be described. In the above-described embodiment, the information transmitted in the communication between the vehicle owner's mobile phone 11001 and the vehicle borrower's mobile phone 11101 or in the communication between the vehicle user's mobile phone and the vehicle 11201 is not subjected to special processing. It is possible to think that it is not done. In the fourth embodiment, an operation of encrypting transmitted information to prevent eavesdropping from a third party and using an interrupt will be described.

  In the fourth embodiment, a message is encrypted between the vehicle owner's mobile phone 11001 and the vehicle borrower's mobile phone 11101 at the time of vehicle operation authority transfer of the vehicle operation authority transfer system in the above-described embodiment. Share a common key. Therefore, in the fourth embodiment, in addition to the effects of the previous embodiments, it is possible to prevent eavesdropping and interrupt use from a third party when the vehicle operation authority is transferred.

  In the fourth embodiment, a common key for encrypting a message is shared between the vehicle 11201 and the vehicle user when the vehicle is operated. Therefore, in the fourth embodiment, in addition to the effects of the above-described embodiments, it is possible to prevent eavesdropping and interrupt use from a third party during vehicle operation.

  Further, in the fourth embodiment, the vehicle owner's public key 31002, the vehicle borrower's public key 51002, the vehicle's public key 61002, instead of the vehicle owner's certificate 34002, the vehicle borrower's certificate 54002, By using the certificate 64002, an existing authentication system for a computer such as a personal computer can be used. Therefore, in the fourth embodiment, the authority can be safely delegated even when the vehicle owner's mobile phone 11001 and the vehicle borrower's mobile phone 11101 are remote.

  FIG. 34 is a functional block diagram of the authority possessing device 100, the authority borrowing device 200, and the control device 300 according to the fourth embodiment. The functional block diagram shown in FIG. 34 is almost the same as the functional block diagram shown in FIG. 17, so only the differences will be described.

  The authorized device 100 further includes an owned device encryption unit 107, an owned device key generation unit 108, and an owned device decryption unit 109. The owning device encryption unit 107 encrypts the ticket generated by the ticket generation unit 101 and uses it as an encryption ticket. The owning device key generation unit 108 generates a key from the borrowing device arbitrary information that is arbitrary information of the authority adopting device 200 and the owning device arbitrary information that is arbitrary information of the authority owning device. The owning device decrypting unit 109 decrypts the encryption ticket and the like.

  The authority borrowing device 200 further includes a borrowing device encryption unit 207, a borrowing device key generation unit 208, and a borrowing device decryption unit 209. The borrowing device encryption unit 207 encrypts the ticket received from the authority possessing device 100 and makes it an encrypted ticket. The borrowing device key generation unit 208 generates a key from borrowing device arbitrary information that is arbitrary information of the authority borrowing device 200, owned device arbitrary information that is arbitrary information of the authority owning device, and the like. The borrower decrypting unit 209 decrypts the encryption ticket and the like.

  The control device 300 further includes a control device key generation unit 307, a control device encryption unit 308, and a control device decryption unit 309. The control device key generation unit 307 generates a key from control device arbitrary information that is arbitrary information of the control device 300, borrowed device arbitrary information that is arbitrary information of the authority borrowing device 200, and the like. The control device encryption unit 308 encrypts the certificate of the control device 300 and the like. The control device decryption unit 309 decrypts the encryption ticket and the like.

  The configuration of the storage unit of the vehicle operating authority delegation system according to the fourth embodiment includes the storage unit 11011 of the UIM 11008 of the mobile phone 11001 of the vehicle owner, the storage unit 11111 of the UIM 11108 of the mobile phone 11101 of the vehicle borrower, and the storage unit of the vehicle 11201. Since it is the same as that of Embodiment 1 except for 11204, only the difference will be described here.

  FIG. 35 shows data stored in the storage unit 11011 of the UIM 11008 of the mobile phone 11001 of the vehicle owner. The vehicle owner's secret key 31001 is a secret key in the public key cryptosystem, and corresponds to the vehicle owner's mobile phone 11001. The vehicle owner certificate 34002 is a public key certificate and includes a public key that is paired with the vehicle owner private key 31001.

  FIG. 36 shows data stored in the storage unit 11111 of the UIM 11108 of the mobile phone 11101 of the vehicle lessee. The functions of each program and each data are the same as in the case of the mobile phone 11001 of the vehicle owner, and are omitted here.

  FIG. 37 shows programs and data stored in the storage unit 11204 of the vehicle 11201. The vehicle-side vehicle operation program 61004 is a program that performs processing for the vehicle 11201 to operate. A vehicle secret key 61001 is a secret key in the public key cryptosystem and corresponds to the vehicle 11201. The vehicle certificate 64002 is a public key certificate and includes a public key paired with the vehicle private key 61001. The vehicle owner certificate 34002 is a public key certificate and is the same as the vehicle owner certificate 34002.

  Next, the operation of the fourth embodiment configured as described above will be described. In the operation of the fourth embodiment, the mobile phone 11001 of the vehicle owner delegates the vehicle operating authority to the mobile phone 11101 of the vehicle borrower, and the mobile phone 11101 of the vehicle borrower to whom the vehicle operating authority has been delegated. An operation of operating the vehicle 11201.

  First, the operation for delegating the vehicle operating authority will be described with reference to FIGS. 38, 39, 40, and 41. FIG. FIG. 38 is a message sequence diagram showing a series of operations in which the vehicle owner's mobile phone 11001 delegates vehicle operating authority to the vehicle borrower's mobile phone 11101. FIG. 39 is a flowchart showing a series of operations of the vehicle operation authority lending program 21001 of the mobile phone 11001 of the vehicle owner. 40 and 41 are flowcharts showing a series of operations of the vehicle operation authority borrowing program 41002 of the cell phone 11101 of the vehicle borrower.

  First, the vehicle owner's mobile phone 11001 activates the vehicle operation authority lending program 21001. Also, the vehicle borrower's mobile phone 11101 activates the vehicle operation authority borrowing program 41002.

  In owned device certificate request step S94001, the owned device transmission unit 102 transmits a vehicle borrower's certificate request to the vehicle borrower's mobile phone 11101.

  In the borrowing device certificate request receiving step S104101, the borrowing device receiving unit 202 receives a vehicle borrower's certificate request.

  In the borrowing device certificate transmission step S104102, the borrowing device transmitting unit 201 transmits the vehicle borrower certificate 54002 to the mobile phone 11001 of the vehicle owner.

  In owned device certificate reception step S94002, the owned device receiving unit 103 receives a vehicle borrower certificate 54002.

  In the owned device certificate verification step S94003, the owned device determination unit 105 verifies the certificate. For example, the owned device determination unit 105 verifies the certificate using an existing program or server for a computer such as a personal computer. The owning device determination unit 105 connects to a certificate verification server, requests certificate verification, and obtains a verification result.

  In owned device certificate verification step S94004, if the verification is successful, the owned device determination unit 105 temporarily stores the certificate in the storage unit 11011 of the UIM 11008, and proceeds to the next step. If the verification fails, the owning device determination unit 105 ends the program.

  In own device certificate transmission step S94005, the own device transmitting unit 102 transmits the vehicle owner's certificate 34002 to the cell phone 11101 of the vehicle borrower.

  In the borrowing device certificate receiving step S104103, the borrowing device receiving unit 202 receives the vehicle owner's certificate 34002.

  In the borrowing device certificate verification step S104104, the borrowing device determination unit 205 performs certificate verification. As a verification method, the same method as in the owned device certificate verification step S94003 can be considered.

  In the borrowing device certificate verification step S104105, if the verification is successful, the borrowing device determination unit 205 temporarily stores the certificate in the storage unit 11111 of the UIM 11108, and proceeds to the next step. If the verification fails, the borrower determining unit 205 ends the program.

  In the borrowing device certificate reception completion notification step S104106, the borrowing device transmission unit 201 transmits a certificate reception completion notification to the mobile phone 11001 of the vehicle owner.

  In own device certificate reception completion reception step S94006, the own device reception unit 103 receives a certificate reception completion notification.

  In the own device key random number generation step S94007, the own device key generation unit 108 generates a common key generation random number.

  In the owned device random number generation step S94008, the owned device identification information creating unit 106 generates a random number.

  In the owned device random number encryption step S94009, the owned device encryption unit 107 encrypts the identification information of the vehicle owner's mobile phone 11001, the common key generation random number, and the random number with the vehicle borrower's public key 51002.

  In the owned device random number transmission step S94010, the owned device transmission unit 102 transmits the data encrypted in the owned device random number encryption step S94009 to the mobile phone 11101 of the vehicle borrower. Here, the identification information of the vehicle owner's mobile phone 11001 is the issuer name and serial number included in the vehicle owner's certificate 34002. Further, the vehicle borrower's public key 51002 is obtained from the vehicle borrower's certificate 54002.

  In the borrowing device random number reception step S104107, the borrowing device receiving unit 202 receives the encrypted identification information of the mobile phone 11001 of the vehicle owner, the common key generation random number, and the random number.

  In the borrower identification information decryption step S104108, the borrower decryption unit 209 uses the encrypted identification information of the mobile phone 11001 of the vehicle owner, the common key generation random number and the random number, and the private key 51001 of the vehicle borrower. To decrypt.

  In the borrower identification information verification step S104109, the borrower identification unit 205 verifies the identification information of the vehicle owner's mobile phone 11001 using the vehicle owner certificate 34002.

  In the borrowing apparatus identification information verification step S104110, the borrowing apparatus determination unit 205 proceeds to the next step when the verification is successful. If the verification fails, the borrower determination unit 205 ends the program.

  In the borrowing device key random number generation step S104111, the borrowing device key generation unit 208 generates a common key generation random number.

  In the borrowing device random number generation step S104112, the borrowing device identification information creating unit 206 generates a random number.

  In the borrowing device random number encryption step S104113, the borrowing device encryption unit 207 identifies the identification information of the mobile phone 11101 of the vehicle borrower, the common key generation random number generated in the borrowing device key random number generation step S104111, and the borrowing device random number generation step. The random number generated in S104112 is encrypted with the vehicle owner's public key 31002.

  In the borrower random number transmission step S104114, the borrower transmission unit 201 uses the vehicle borrower's mobile phone 11101 identification information encrypted in the borrower random number encryption step S104113, the common key generation random number, and the random number as the vehicle owner. To the mobile phone 11001. Here, the identification information of the vehicle borrower's mobile phone 11101 is the issuer name and serial number included in the vehicle borrower's certificate 54002. Also, the vehicle owner's public key 31002 is obtained from the vehicle owner's certificate 34002.

  In owning device random number reception step S94011, the owning device receiving unit 103 receives the encrypted identification information of the vehicle borrower's mobile phone 11101, a common key generation random number, and a random number.

  In the owned device identification information decryption step S94012, the owned device decryption unit 109 uses the encrypted identification information of the vehicle borrower's mobile phone 11101, the common key generation random number and the random number, and the private key 31001 of the vehicle owner. To decrypt.

  In the owned device identification information verification step S94013, the owned device determination unit 105 verifies the identification information of the vehicle borrower's mobile phone 11101 using the vehicle borrower's certificate 54002.

  In the owned device identification information verification step S94014, the owned device determination unit 105 proceeds to the next step if the verification is successful. The owning device determination unit 105 ends the program when the verification fails.

  In own device common key generation step S94015, the own device key generation unit 108 generates a common key from the common key generation random number generated in step S94007 and the common key generation random number received in step S94011. For example, the owned device key generation unit 108 uses a value from the beginning of the hash value acquired by concatenating the common key generation random numbers to the key length as the common key.

  In owned device random number retransmission step S94016, the owned device transmission unit 102 transmits the random number received in step S94011 to the mobile phone 11101 of the vehicle borrower.

  In borrowing device random number re-receiving step S104115, the borrowing device receiving unit 202 receives a random number.

  In the borrower random number verification step S104116, the borrower random number determination unit 205 verifies the received random number against the random number generated in step S104112.

  In the borrower random number verification step S104117, the borrower determination unit 205 proceeds to the next step if the verification is successful. If the verification fails, the borrower determining unit 205 ends the program.

  In the borrowing device common key generation step S104118, the borrowing device key generation unit 208 generates a common key from the common key generation random number received in step S104107 and the common key generation random number generated in step S104111.

  In the ticket request encryption step S104191, the borrower encryption unit 207 encrypts the ticket request with the common key.

  In ticket request transmission step S104192, the borrower transmission unit 201 transmits the encrypted ticket request to the mobile phone 11001 of the vehicle owner.

  In the ticket request receiving step S94017, the owning device receiving unit 103 receives the encrypted ticket request.

  In the ticket request decryption step S94018, the owning device decrypting unit 109 decrypts the encrypted ticket request with the common key.

  In the ticket generation step S94019, the ticket generation unit 101 generates a vehicle borrower's ticket. The ticket generated by the ticket generation unit 101 includes a vehicle borrower certificate 54002, vehicle borrower operation permission information 111112, and operation restriction information 111113.

  In the ticket signature step S94020, the ticket generation unit 101 creates ticket signature information using the private key 31001 of the vehicle owner.

  In the ticket encryption step S94021, the owning device encryption unit 107 encrypts the signed ticket created by the ticket generation unit 101 with the common key.

  In ticket transmission step S94022, the owning device transmission unit 102 transmits the encrypted signed ticket to the mobile phone 11101 of the vehicle borrower.

  In the ticket receiving step S104193, the borrower receiving unit 202 receives the encrypted signed ticket.

  In the ticket decrypting step S104194, the borrower decrypting unit 209 decrypts the encrypted signed ticket with the common key.

  In the ticket verification step S104195, the borrower determination unit 205 verifies the signature information using the public key 31002 of the vehicle owner.

  In the ticket verification step S104196, the borrowing apparatus determination unit 205 proceeds to the next step when the verification is successful. If the verification fails, the borrower determination unit 205 ends the program.

  In the ticket storage step S104197, the borrower storage unit 203 stores the signed ticket.

  In the ticket reception completion notification encryption step S104198, the borrower encryption unit 207 encrypts the ticket reception completion notification with the common key.

  In ticket reception completion notification step S104199, the borrower transmission unit 201 transmits an encrypted ticket reception completion notification to the mobile phone 11001 of the vehicle owner. The mobile phone 11101 of the vehicle lessee ends the program after transmitting the encrypted ticket reception completion notification.

  In the ticket reception completion notification reception step S94023, the owning device reception unit 103 receives the encrypted ticket reception completion notification.

  In the ticket reception completion notification decryption step S94024, the owning device decryption unit 109 decrypts the encrypted ticket reception completion notification with the common key. The mobile phone 11001 of the vehicle owner ends the program after decrypting the encrypted ticket reception completion notification with the common key.

  The vehicle owner's mobile phone 11001 and the vehicle borrower's mobile phone 11101 communicate via a secure communication path, as in the first embodiment.

  FIG. 42 shows information stored in the storage unit 11111 of the UIM 11108 of the vehicle borrower's mobile phone 11101 after the vehicle owner's mobile phone 11001 delegates the vehicle operating authority to the vehicle borrower's mobile phone 11101. . The storage unit 11111 of the UIM 11108 is added with a vehicle owner-signed ticket 111001 including a vehicle borrower certificate 54002 as compared to before delegating the vehicle operating authority.

  Next, an operation in which the vehicle owner's mobile phone 11001 operates the vehicle 11201 will be described with reference to FIGS. 43, 44, and 45. FIG. 43 is a message sequence diagram illustrating a series of operations in which the vehicle owner's mobile phone 11001 operates the vehicle 11201. FIG. 44 is a flowchart showing a series of operations of the terminal-side vehicle operation program 21003 or 41003 of the mobile phone 11001 or 11101 of the vehicle owner or vehicle borrower (hereinafter referred to as vehicle user). FIG. 45 is a flowchart showing a series of operations of the vehicle-side vehicle operation program 61004 of the vehicle 11201.

  In communication link establishment steps S134001 and S144001, the vehicle-side vehicle operation program 61004 periodically transmits a response request to the mobile phone via the control device transmission unit 301. When the vehicle owner's mobile phone 11001 approaches the vehicle 11201 and the terminal side vehicle operation program 21003 of the vehicle owner's mobile phone 11001 receives the response request, the communication link between the vehicle 11201 and the vehicle owner's mobile phone 11001 Establish.

  In the control device certificate request step S144002, when the vehicle owner's mobile phone 11001 starts operating the vehicle 11201, the control device transmission unit 301 transmits a certificate request to the vehicle owner's mobile phone 11001.

  In use device certificate request reception step S134002, the owning device receiving unit 103 receives a request for a certificate 34002 of the vehicle owner.

  In the utilization device certificate transmission step S134003, the possession device transmission unit 102 transmits the vehicle owner's certificate 34002 to the vehicle 11201.

  In control device certificate receiving step S144003, the control device receiving unit 302 receives the vehicle borrower certificate 34002.

  In control device certificate analysis step S144004, the control device determination unit 304 analyzes the type of received data.

  In control device certificate collation step S144105, control device determination unit 304 collates the received certificate with the vehicle user certificate stored in storage unit 11204.

  In control device certificate verification step S144106, control device determination unit 304 proceeds to the next step if the verification is successful. When the verification fails, the control device determination unit 304 ends the program.

  In the control device certificate verification step S144007, the control device determination unit 304 verifies the vehicle owner's certificate 34002 when the verification is successful.

  In control device certificate verification step S144008, the control device determination unit 304 proceeds to the next step when the control device determination unit 304 succeeds in verification. The control device determination unit 304 ends the program when the control device determination unit 304 fails verification.

  In the control device certificate transmission step S144409, the control device transmission unit 301 transmits the vehicle certificate 64002 to the mobile phone 11001 of the vehicle owner.

  In the use device certificate reception step S134004, the possession device reception unit 103 receives the vehicle certificate 64002.

  In the use device certificate verification step S134005, the owned device determination unit 105 verifies the certificate.

  In use device certificate verification step S134006, if the verification is successful, the owned device determination unit 105 proceeds to the next step. If the verification fails, the owning device determination unit 105 ends the program.

  In use device certificate reception completion notification step S134007, the owning device transmission unit 102 transmits a certificate reception completion notification to the vehicle 11201.

  In control device certificate reception completion reception step S144010, control device reception section 302 receives a certificate reception completion notification.

  In control device key random number generation step S144011, the control device key generation unit 307 generates a common key generation random number.

  In control device random number generation step S144012, the control device identification information creating unit 306 generates a random number.

  In the control device random number encryption step S144013, the identification information of the vehicle 11201, the common key generation random number, and the random number are encrypted with the public key 31002 of the vehicle owner.

  In the control device random number transmission step S144014, the control device transmission unit 301 transmits the encrypted identification information of the vehicle 11201, the common key generation random number, and the random number to the mobile phone 11001 of the vehicle owner. Here, the identification information of the vehicle 11201 is the issuer name and serial number included in the vehicle certificate 64002. Also, the vehicle owner's public key 31002 is obtained from the vehicle owner's certificate 34002.

  In the utilization device random number reception step S134008, the owning device reception unit 103 receives the encrypted identification information of the vehicle 11201, the common key generation random number, and the random number.

  In the utilization device identification information decryption step S134409, the possession device decryption unit 109 decrypts the encrypted identification information of the vehicle 11201, the common key generation random number, and the random number using the private key 31001 of the vehicle owner.

  In the utilization device identification information verification step S134010, the owning device determination unit 105 verifies the identification information of the vehicle 11201 using the vehicle certificate 64002.

  In use device identification information verification step S134011, if the verification is successful, the owned device determination unit 105 proceeds to the next step. The owning device determination unit 105 ends the program when the verification fails.

  In the use device key random number generation step S134012, the owned device key generation unit 108 generates a common key generation random number.

  In the use device random number generation step S134013, the owned device identification information creation unit 106 generates a random number.

  In the use device random number encryption step S134014, the own device encryption unit 107 encrypts the identification information of the mobile phone 11001 of the vehicle owner, the common key generation random number, and the random number with the public key 61002 of the vehicle.

  In the use device random number transmission step S134015, the own device transmission unit 102 transmits the encrypted identification information of the mobile phone 11001 of the vehicle owner, the common key generation random number, and the random number to the vehicle 11201. Here, the identification information of the vehicle owner's mobile phone 11001 is the issuer name and serial number included in the vehicle owner's certificate 34002. The vehicle public key 61002 is obtained from the vehicle certificate 64002.

  In control device random number reception step S144015, the control device reception unit 302 receives the encrypted identification information of the vehicle 11201, the common key generation random number, and the random number.

  In the control device identification information decryption step S144016, the control device decryption unit 309 decrypts the encrypted identification information of the vehicle 11201, the common key generation random number, and the random number using the vehicle secret key 61001.

  In the control device identification information verification step S144017, the control device determination unit 304 verifies the identification information of the vehicle owner's mobile phone 11001 using the vehicle borrower certificate 34002.

  In the control device identification information verification step S144018, if the verification is successful, the control device determination unit 304 proceeds to the next step. If the verification fails, the control device determination unit 304 ends the program.

  In control device common key generation step S144019, the control device key generation unit 307 generates a common key from the common key generation random number generated in step S144011 and the common key generation random number received in step S144015. For example, the control device key generation unit 307 uses the value from the beginning of the hash value acquired by concatenating the common key generation random numbers to the key length as the common key.

  In the control device random number retransmission step S144020, the control device transmission unit 301 transmits the random number received in step S144015 to the mobile phone 11001 of the vehicle owner.

  In using device random number re-receiving step S134016, the owning device receiving unit 103 receives a random number.

  In use device random number verification step S134017, the owning device determination unit 105 verifies the received random number against the random number generated in step S134013.

  In the use device random number verification step S134018, the owned device determination unit 105 proceeds to the next step if the verification is successful. If the verification fails, the owning device determination unit 105 ends the program.

  In use device common key generation step S134019, the owning device key generation unit 108 generates a common key from the common key generation random number received in step S134008 and the common key generation random number generated in step S134012.

  In operation start request encryption step S134020, the owning device encryption unit 107 encrypts the operation start request using the common key.

  In operation start request transmission step S 134021, owned device transmission section 102 transmits the encrypted operation start request to vehicle 11201. The mobile phone 11001 of the vehicle owner ends the program after transmitting the encrypted operation start request to the vehicle 11201.

  In operation start request reception step S144021, the control device reception unit 302 receives an encrypted operation start request.

  In operation start request decryption step S144402, the control device decryption unit 309 decrypts the encrypted operation start request with the common key.

  In the operable state transition step S144023, the vehicle-side vehicle operation program 61004 shifts to a vehicle operable state. The vehicle 11201 ends the program after shifting to the vehicle operable state.

  The vehicle owner's mobile phone 11001 and the vehicle 11201 communicate with each other by infrared communication or the like as in the first embodiment.

  Next, an operation in which the vehicle borrower's mobile phone 11101 operates the vehicle 11201 will be described with reference to FIGS. 46, 44, and 45. FIG. FIG. 46 is a message sequence diagram illustrating a series of operations in which the vehicle borrower's mobile phone 11101 operates the vehicle 11201.

  Since steps S134001 to S134002 and steps S144001 to S144003 are the same as the operation of the vehicle owner's mobile phone 11001 operating the vehicle 11201, they are omitted here.

  In the utilization device certificate transmission step S134003, the borrowing device transmission unit 201 transmits a signed ticket to the vehicle 11201.

  In control device certificate reception step S144003, the control device reception unit 302 receives a signed ticket.

  In control device certificate analysis step S144004, the control device determination unit 304 analyzes the type of received data.

  In control device certificate verification step S144005, the control device determination unit 304 verifies the signature using the user certificate stored in the storage unit 11204.

  In the control device certificate verification step S144006, if the verification is successful, the control device determination unit 304 proceeds to the next step. If the verification fails, the control device determination unit 304 ends the program.

  In the control device certificate verification step S144007, the control device determination unit 304 verifies the vehicle borrower certificate 54002 included in the ticket when the verification is successful.

  Hereafter, steps S144008 to S144402 and steps S134004 to S134021 are the same as the operation of the vehicle owner's mobile phone 11001 operating the vehicle 11201, and are therefore omitted here.

  In the operable state transition step S144023, the vehicle-side vehicle operation program 61004 shifts to the vehicle operable state based on the operation permission information 111112 and the operation restriction information 111113. The vehicle side vehicle operation program 61004 ends the program after shifting to the vehicle operable state.

  The vehicle borrower's mobile phone 11101 and the vehicle 11201 communicate with each other through the first embodiment and infrared communication.

  In the fourth embodiment, a public key certificate is used. However, in other embodiments, a public key certificate may be used instead of the public key.

  Further, although the public key certificate is used in the fourth embodiment, any information including the public key may be used.

  In the fourth embodiment, the authentication procedure shown in ISO / IEC 11770-3 Key Transport Mechanism 6 is used, but other authentication procedures that can obtain the same effect may be used.

  As described above, in the fourth embodiment, a message is transmitted between the vehicle owner's mobile phone 11001 and the vehicle borrower's mobile phone 11101 when the vehicle operation authority is transferred in the vehicle operation authority transfer system in the above-described embodiment. Shared a common key for encrypting. Therefore, in addition to the effects of the above-described embodiment, it is possible to prevent eavesdropping and interrupt use from a third party when the vehicle operation authority is transferred.

  Further, a common key for encrypting a message is shared between the vehicle 11201 and the vehicle user during vehicle operation. Therefore, in addition to the effects of the above-described embodiment, it is possible to prevent eavesdropping and interrupt use from a third party during vehicle operation.

  Further, the vehicle owner's public key 31002, the vehicle borrower's public key 51002, and the vehicle's public key 61002 are replaced by the vehicle owner's certificate 34002, the vehicle borrower's certificate 54002, and the vehicle's certificate 64002. Thus, an existing authentication system for a computer such as a personal computer can be used, and the authority can be safely delegated even if the mobile phone 11001 of the vehicle owner and the mobile phone 11101 of the vehicle borrower are remote.

Embodiment 5. FIG.
Next, a fifth embodiment will be described. In the above-described first embodiment, a ticket is transmitted from the vehicle owner's mobile phone 11001 to the vehicle borrower's mobile phone 11101, so that the vehicle owner's mobile phone 11001 transfers to the vehicle borrower's mobile phone 11101. The vehicle operation authority was delegated. In the fifth embodiment, the vehicle borrower can operate only the vehicle 11201 specified by the mobile phone 11001 of the vehicle owner. Therefore, in the fifth embodiment, a plurality of vehicles 11201 can be operated efficiently.

  In the fifth embodiment, the vehicle public key 61002 is added to the ticket of the vehicle operation authority delegation system in the first embodiment. Therefore, in the fifth embodiment, in addition to the effects of the first embodiment, the vehicle borrower can operate only the vehicle 11201 specified by the mobile phone 11001 of the vehicle owner.

  In the fifth embodiment, the vehicle user can efficiently operate a plurality of vehicles 11201 by adding a procedure for receiving the vehicle public key 61002 from the vehicle 11201 when the vehicle user operates the vehicle 11201. it can.

  FIG. 47 is a functional block diagram of the authority possessing device 100, the authority borrowing device 200, and the control device 300 according to the fifth embodiment. The functional block diagram shown in FIG. 47 is substantially the same as the functional block diagram shown in FIG. 2, so only the differences will be described.

  The authorized device 100 further includes an owned device search unit 110. The owning device search unit 110 searches the public key 31002 of the vehicle owner for the public key for the vehicle 11201 to be operated.

  The authority borrowing apparatus 200 further includes a borrowing apparatus search unit 210. The borrowing device search unit 210 searches for a ticket for the vehicle 11201 to be operated from the public key 51002 of the vehicle borrower.

  The configuration of the storage unit of the vehicle operating authority delegation system in the fifth embodiment is the same as that of the first embodiment except for the storage unit 11011 of the UIM 11008 of the mobile phone 11001 of the vehicle owner, and therefore only the difference will be described here. To do.

  FIG. 48 shows data stored in the storage unit 11011 of the UIM 11008 of the mobile phone 11001 of the vehicle owner. The vehicle owner's secret key 31001 is a secret key in the public key cryptosystem and corresponds to the vehicle owner. The vehicle owner's public key 31002 is a public key in the public key cryptosystem, and is paired with the vehicle owner's private key 31001. The public key 61002 of the vehicle is a public key in the public key cryptosystem and is paired with the private key 61001 of the vehicle.

  Next, the operation of the fifth embodiment configured as described above will be described. In the operation of the fifth embodiment, the mobile phone 11001 of the vehicle owner delegates the vehicle operating authority to the mobile phone 11101 of the vehicle borrower, and the mobile phone 11101 of the vehicle borrower to whom the vehicle operating authority has been delegated. An operation of operating the vehicle 11201.

  First, the operation of delegating the vehicle operating authority will be described with reference to FIGS.

  Steps S91001 to S91004 and steps S101001 to S101004 are the same as those in the first embodiment, and thus the description thereof is omitted here.

  In the ticket generation step S91005, the ticket generation unit 101 generates a ticket for the vehicle borrower. The ticket generated by the ticket generation unit 101 includes a vehicle borrower's public key 51002, vehicle borrower's operation permission information 111112, and operation restriction information 111113. The vehicle borrower's operation permission information 111112 and the operation restriction information 111113 are set in advance by the vehicle owner before delegating the vehicle operation authority.

  In the ticket signature step S91006, the ticket generation unit 101 creates signature information between the ticket and the vehicle public key 61002 using the vehicle owner's private key 31001. Here, the public key 61002 of the vehicle is control device restriction information for restricting vehicles that can be controlled by this ticket.

  In the ticket transmission step S91007, the possessing device transmission unit 102 transmits the signed ticket to the mobile phone 11101 of the vehicle borrower.

  In the ticket receiving step S101005, the borrower receiving unit 202 receives a signed ticket.

  Steps S91008 and S101006 to S101010 are the same as those in the first embodiment, and thus description thereof is omitted here.

  The vehicle owner's mobile phone 11001 and the vehicle borrower's mobile phone 11101 communicate via a safe communication path.

  FIG. 49 shows information stored in the storage unit 11111 of the UIM 11108 of the vehicle borrower's mobile phone 11101 after the vehicle owner's mobile phone 11001 delegates the vehicle operating authority to the vehicle borrower's mobile phone 11101. . Compared to before the vehicle operation authority is delegated, a vehicle owner-signed ticket 111001 including the vehicle borrower's public key 51002 is added.

  Next, the operation in which the vehicle owner's mobile phone 11001 operates the vehicle 11201 will be described with reference to FIGS. 50, 51, and 52. FIG. FIG. 50 is a message sequence diagram illustrating a series of operations in which the vehicle owner's mobile phone 11001 operates the vehicle 11201. FIG. 51 is a flowchart showing a series of operations of the terminal-side vehicle operation program 21003 or 41003 of the mobile phone 11001 or 11101 of the vehicle owner or vehicle borrower (hereinafter referred to as vehicle user). FIG. 52 is a flowchart showing a series of operations of the vehicle-side vehicle operation program 61004 of the vehicle 11201.

  Steps S135001 and S145001 are the same as steps S131001 and S141001 of the first embodiment, and thus description thereof is omitted here.

  In control device public key transmission step S145002, control device transmission section 301 transmits the vehicle public key 61002 to mobile phone 11001 of the vehicle owner.

In the using device public key receiving step S135002, the owning device receiving unit 103
The vehicle public key 61002 is received.

  In the utilization device search step S135003, the owned device search unit 110 searches for the vehicle owner's public key 31002 corresponding to the vehicle's public key 61002.

  In the utilization device data transmission step S135004, the possession device transmission unit 102 transmits the vehicle owner's public key 31002 to the vehicle 11201. The mobile phone 11001 of the vehicle owner ends the program after transmitting the public key 35002.

  In control device data reception step S145003, the control device reception unit 302 receives the vehicle owner's public key 31002.

  Steps S145004 to S145099 are the same as steps S141004 to S141007 of the first embodiment, and thus description thereof is omitted here.

  The vehicle owner's mobile phone 11001 and the vehicle 11201 communicate with each other by infrared communication or the like.

  Next, an operation in which the vehicle borrower's mobile phone 11101 operates the vehicle 11201 will be described with reference to FIGS. 53, 51, and 52. FIG. FIG. 53 is a message sequence diagram showing a series of operations in which vehicle borrower's mobile phone 11101 operates vehicle 11201.

  Steps S135001 to S135003 and S145001 to S145002 are the same as when the vehicle owner's mobile phone 11001 operates the vehicle 11201, and thus description thereof is omitted here.

  In utilization device data transmission step S135004, the borrowing device transmission unit 201 transmits a ticket with a signature to the vehicle 11201. After the vehicle borrower's mobile phone 11101 transmits the public key 35002, the program ends.

  In control device data reception step S145003, the control device reception unit 302 receives a ticket with a signature.

  In data analysis step S145004, the control device determination unit 304 analyzes the type of received data.

  In the control device public information verification step S145005, the public key 61002 of the vehicle included in the ticket is checked against the public key 61002 of the vehicle stored in the storage unit 11204.

  In the control device public information verification step S145006, the control device determination unit 304 proceeds to the next step when the collation is successful. If the verification fails, the control device determination unit 304 ends the program.

  In control device signature verification step S145007, the control device determination unit 304 verifies the signature using the user's public key stored in the storage unit 11204.

  In the control device signature verification step S145008, the control device determination unit 304 proceeds to the next step if the verification is successful, and the control device determination unit 304 ends the program if the verification fails.

  In the operable state transition step S145099, the vehicle-side vehicle operation program 61004 shifts to the vehicle operable state based on the operation permission information 111112 and the operation restriction information 111113. The vehicle 11201 ends the program after shifting to the vehicle operable state.

  The vehicle borrower's mobile phone 11101 and the vehicle 11201 communicate with each other by infrared communication or the like.

  As described above, in the fifth embodiment, the vehicle public key 61002 is added to the ticket of the vehicle operation authority delegation system in the first embodiment. Therefore, in the fifth embodiment, in addition to the effects of the first embodiment, the vehicle borrower can operate only the vehicle 11201 specified by the mobile phone 11001 of the vehicle owner.

  In the fifth embodiment, a procedure for receiving the public key 61002 of the vehicle from the vehicle 11201 when the vehicle user operates the vehicle 11201 is added. Therefore, in the fifth embodiment, the vehicle user can efficiently operate a plurality of vehicles 11201.

Embodiment 6 FIG.
Next, a sixth embodiment will be described. In the first embodiment described above, a vehicle is transmitted from the vehicle owner's mobile phone 11001 to the vehicle borrower's mobile phone 11101 by transmitting a ticket from the vehicle owner's mobile phone 11001 to the vehicle borrower's mobile phone 11101. The operation authority was transferred. In the sixth embodiment, an embodiment in which the vehicle borrower's mobile phone 11101 can be operated only during a period designated by the vehicle owner's mobile phone 11001 will be described.

  In the sixth embodiment, the ticket expiration date is added to the ticket of the vehicle operation authority delegation system in the first embodiment. Therefore, in the sixth embodiment, in addition to the effects of the first embodiment, the vehicle borrower's mobile phone 11101 can be operated only during the period designated by the vehicle owner's mobile phone 11001.

  Since the functional block diagram and the configuration of the storage unit of the vehicle operation authority delegation system in the sixth embodiment are the same as those in the first embodiment, description thereof is omitted here.

  Next, the operation of the sixth embodiment configured as described above will be described. In the operation of the sixth embodiment, the mobile phone 11001 of the vehicle owner delegates the vehicle operating authority to the mobile phone 11101 of the vehicle borrower, and the mobile phone 11101 of the vehicle borrower to whom the vehicle operating authority has been delegated. An operation of operating the vehicle 11201.

  First, the operation of delegating the vehicle operating authority will be described with reference to FIGS.

  Steps S91001 to S91004 and steps S101001 to S101004 are the same as those in the first embodiment, and thus the description thereof is omitted here.

  In the ticket generation step S91005, the ticket generation unit 101 generates a vehicle borrower's ticket. The ticket includes a vehicle borrower's public key 51002, vehicle borrower's operation permission information 111112, operation restriction information 111113, and a ticket expiration date 111114. The vehicle borrower's operation permission information 111112, operation restriction information 111113, and expiration date 111114 are set in advance by the vehicle owner before delegating the vehicle operation authority.

  In the ticket signature step S91006, the ticket generation unit 101 creates ticket signature information using the private key 31001 of the vehicle owner.

  In the ticket transmission step S91007, the possessing device transmission unit 102 transmits the signed ticket to the mobile phone 11101 of the vehicle borrower.

  In the ticket receiving step S101005, the borrower receiving unit 202 receives a signed ticket.

  Steps S91008 and S101006 to S101010 are the same as those in the first embodiment, and thus description thereof is omitted here.

  The vehicle owner's mobile phone 11001 and the vehicle borrower's mobile phone 11101 communicate via a safe communication path.

  FIG. 54 shows information stored in the storage unit of the vehicle borrower's mobile phone 11101 after the vehicle owner's mobile phone 11001 delegates the vehicle operating authority to the vehicle borrower's mobile phone 11101. The storage unit 11111 of the UIM 11108 includes a ticket 111001 signed by the vehicle owner that includes the expiration date of the ticket, as compared to before delegating the vehicle operation authority.

  Next, the operation of the vehicle owner's mobile phone 11001 for operating the vehicle 11201 is the same as that in step S141001 to step S141007 of the first embodiment, and thus description thereof is omitted here.

  The vehicle owner's mobile phone 11001 and the vehicle 11201 communicate with each other by infrared communication or the like.

  Next, an operation in which the vehicle borrower's mobile phone 11101 operates the vehicle 11201 will be described with reference to FIGS. 16, 14, and 55. FIG. 55 is a flowchart showing a series of operations of the terminal-side vehicle operation program 21003 or 41003 of the mobile phone 11001 or 11101 of the vehicle owner or vehicle borrower (hereinafter referred to as vehicle user).

  Steps S146001 to S146003 are the same as when the vehicle owner's mobile phone 11001 operates the vehicle 11201, and thus the description thereof is omitted here.

  In control device certificate analysis step S146004, the control device determination unit 304 analyzes the type of received data.

  In control device certificate verification step S146005, the control device determination unit 304 verifies the signature using the user's public key stored in the storage unit 11204.

  In control device certificate verification step S146006, if the verification is successful, the control device determination unit 304 proceeds to the next step. When the verification fails, the control device determination unit 304 ends the program.

  In time acquisition step S146007, the control device determination unit 304 acquires the current time.

  In the expiration date determination step S146008, the control device determination unit 304 determines whether it is within the expiration date included in the ticket. If it is within the expiration date, the control device determination unit 304 proceeds to the next step. The control device determination unit 304 ends the program if the expiration date has been exceeded.

  In the operable state transition step S146010, the state shifts to the vehicle operable state based on the operation permission information 111112 and the operation restriction information 111113. The vehicle side vehicle operation program 61004 ends the program after shifting to the vehicle operable state.

  The vehicle borrower's mobile phone 11101 and the vehicle 11201 communicate with each other by infrared communication or the like.

  When a ticket is stored in the vehicle 11201, an expired ticket may be deleted. In this case, the used capacity of the storage unit of the vehicle 11201 can be saved.

  As described above, in the sixth embodiment, the ticket expiration date is added to the ticket of the vehicle operation authority delegation system in the first embodiment. Therefore, in the sixth embodiment, in addition to the effects of the first embodiment, the vehicle borrower's mobile phone 11101 can be operated only during the period specified by the vehicle owner.

Embodiment 7 FIG.
Next, a seventh embodiment will be described. In the embodiment described above, the vehicle user does not operate the mobile phone when operating the vehicle 11201. In the above-described embodiment, the vehicle operation authority is delegated in the smart key system that automatically operates the vehicle 11201. In the seventh embodiment, a vehicle operation authority can be delegated in a remote control smart key system in which a vehicle user operates a vehicle 11201 by operating a mobile phone.

  The vehicle operation authority delegation system in the seventh embodiment adds a vehicle operation command to a ticket with a signature of the vehicle owner that is sent when the vehicle operation authority delegation system in the previous embodiments is operated. Therefore, the vehicle operation authority delegation system according to the seventh embodiment can delegate the vehicle operation authority in a remote control smart key system in which a vehicle user operates vehicle 11201 with a mobile phone.

  FIG. 56 is a functional block diagram of the authority possessing device 100, the authority borrowing device 200, and the control device 300 according to the seventh embodiment. The functional block diagram shown in FIG. 56 is almost the same as the functional block diagram shown in FIG. 2, and therefore only the differences will be described.

The authorized device 100 further includes an owned device input unit 111. The owning device input unit 111 inputs an instruction to the control device 300.
The authority borrowing apparatus 200 further includes a borrowing apparatus input unit 211. The borrower input unit 211 inputs an instruction to the control device 300.

  Since the structure of the memory | storage part of the vehicle operation authority transfer system in Embodiment 7 is the same as that of Embodiment 1, description is abbreviate | omitted here.

  Next, the operation of the seventh embodiment configured as described above will be described. In the operation of the seventh embodiment, the mobile phone 11001 of the vehicle owner delegates the vehicle operating authority to the mobile phone 11101 of the vehicle borrower, and the mobile phone 11101 of the vehicle borrower who has been delegated the vehicle operating authority. An operation of operating the vehicle 11201.

  Since the operation for delegating the vehicle operating authority is the same as that of the first embodiment, the description thereof is omitted here.

  Next, the operation in which the vehicle owner's mobile phone 11001 operates the vehicle 11201 will be described with reference to FIGS. 57, 58, and 59. FIG. FIG. 57 is a message sequence diagram illustrating a series of operations in which the vehicle owner's mobile phone 11001 operates the vehicle 11201. FIG. 58 is a flowchart showing a series of operations of the terminal-side vehicle operation program 21003 or 41003 of the mobile phone 11001 or 11101 of the vehicle owner or vehicle borrower (hereinafter referred to as vehicle user). FIG. 59 is a flowchart showing a series of operations of the vehicle-side vehicle operation program 61004 of the vehicle 11201.

  In communication link establishment steps S137001 and S147001, the vehicle-side vehicle operation program 61004 periodically transmits a response request to the mobile phone via the control device transmission unit 301. When the vehicle owner's mobile phone 11001 approaches the vehicle 11201 and the terminal side vehicle operation program 21003 of the vehicle owner's mobile phone 11001 receives the response request, the communication link between the vehicle 11201 and the vehicle owner's mobile phone 11001 Establish.

  In operation command input step S137002, the owning device input unit 111 inputs an operation command for the vehicle 11201. For example, when the operation command for the vehicle 11201 is assigned to the operation button of the mobile phone 11001 of the vehicle owner, the owner device input unit 111 presses the operation button of the mobile phone to open the door. The vehicle 11201 such as a lock is operated.

  In operation command transmission step S137003, the owning device transmission unit 102 transmits the vehicle owner's public key 31002 and the operation command of the vehicle 11201 to the vehicle 11201. After the vehicle owner's mobile phone 11001 transmits the vehicle owner's public key 31002 and the operation command of the vehicle 11201, the program ends.

  In operation command reception step S147002, the control device reception unit 302 receives the vehicle owner's public key 31002 and the operation command of the vehicle 11201.

  In control device data analysis step S147003, the control device determination unit 304 analyzes the type of received data.

  In the control device data verification step S147104, the control device determination unit 304 checks the public key of the vehicle user stored in the storage unit 11204.

  In the control device data verification step S147105, the control device determination unit 304 proceeds to the next step if the verification is successful. When the verification fails, the control device determination unit 304 ends the program.

  In the operable state transition step S147006, the vehicle-side vehicle operation program 61004 shifts to the vehicle operable state based on the operation command of the vehicle 11201. The vehicle-side vehicle operation program 61004 shifts to a vehicle operable state such as door unlocking and engine starting, for example. The vehicle 11201 ends the program after shifting to the vehicle operable state.

  The vehicle owner's mobile phone 11001 and the vehicle 11201 communicate with each other by infrared communication or the like.

  Next, the operation of the vehicle borrower's mobile phone 11101 for operating the vehicle 11201 will be described with reference to FIGS. 60, 58, and 59. FIG. FIG. 60 is a message sequence diagram showing a series of operations in which vehicle borrower's mobile phone 11101 operates vehicle 11201.

  Steps S137001 to S137002 and step S147001 are the same as the operation of the vehicle owner's mobile phone 11001 operating the vehicle 11201, and are therefore omitted here.

  In operation command transmission step S137003, the borrower transmission unit 201 transmits the signed ticket and the operation command of the vehicle 11201 to the vehicle 11201. The cell phone 11101 of the vehicle lessee transmits the signed ticket and the operation command of the vehicle 11201, and then ends the program.

  In operation command reception step S147002, the control device reception unit 302 receives a signed ticket.

  In control device data analysis step S147003, the control device determination unit 304 analyzes the type of received data.

  In control device data verification step S147004, the control device determination unit 304 verifies the signature using the user's public key stored in the storage unit 11204.

  In the control device data verification step S147005, the control device determination unit 304 proceeds to the next step when the verification is successful. If the verification fails, the control device determination unit 304 ends the program.

  In the operable state transition step S147006, the vehicle-side vehicle operation program 61004 shifts to the vehicle operable state based on the operation command, the operation permission information 111112, and the operation restriction information 111113. The vehicle 11201 ends the program after shifting to the vehicle operable state.

  The vehicle borrower's mobile phone 11101 and the vehicle 11201 communicate with each other by infrared communication or the like.

  As described above, in the seventh embodiment, the vehicle operation command is added to the ticket with the signature of the vehicle owner to be sent when the vehicle operation authority delegation system in the above-described embodiment is operated. Therefore, in the seventh embodiment, vehicle operation authority can be delegated in a remote control smart key system in which a vehicle user operates the vehicle 11201 with a mobile phone.

Embodiment 8 FIG.
Next, an eighth embodiment will be described. In the embodiment described above, the operation authority of the vehicle 11201 is delegated by sending a ticket from the mobile phone 11001 of the vehicle owner to the mobile phone 11101 of the vehicle borrower. In the eighth embodiment, the operation authority of the vehicle 11201 is delegated by sending a ticket from the vehicle owner's mobile phone 11001 to the vehicle 11201.

  In the eighth embodiment, instead of sending a ticket from the vehicle owner's mobile phone 11001 to the vehicle borrower's mobile phone 11101 at the time of the vehicle operation authority transfer of the vehicle operation authority transfer system in the above-described embodiment, A ticket is sent from the mobile phone 11001 to the vehicle 11201. Therefore, in the eighth embodiment, similarly to the above-described embodiment, the operation authority of the vehicle 11201 can be delegated without requiring a management server.

  Further, there is no need to store additional information for delegating the vehicle operating authority in the vehicle borrower's mobile phone 11101, and the labor of the vehicle borrower can be saved.

  Since the functional block diagram in the eighth embodiment is the same as that in the first embodiment, the description thereof is omitted here.

  Since the configuration of the storage unit of the vehicle operation authority delegation system in the eighth embodiment is the same as that of the first embodiment except for the storage unit 11204 of the vehicle 11201, only the difference will be described here.

  FIG. 61 shows programs and data stored in the storage unit 11204 of the vehicle 11201. The vehicle operation authority setting program 61005 is a program for performing settings for delegating the operation authority of the vehicle 11201. The vehicle-side vehicle operation program 61004 is a program that performs processing for operating the vehicle 11201. A vehicle secret key 61001 is a secret key in the public key cryptosystem and corresponds to the vehicle 11201. The public key 61002 of the vehicle is a public key in the public key cryptosystem and is paired with the private key 61001 of the vehicle. The vehicle owner's public key 31002 is a public key in the public key cryptosystem, and is the same as the vehicle owner's public key 31002.

  Next, the operation of the eighth embodiment configured as described above will be described. In the operation of the eighth embodiment, the mobile phone 11001 of the vehicle owner delegates the vehicle operating authority to the mobile phone 11101 of the vehicle borrower, and the mobile phone 11101 of the vehicle borrower to whom the vehicle operating authority has been delegated. An operation of operating the vehicle 11201.

  First, the operation for delegating the vehicle operating authority will be described with reference to FIGS. 62, 63, 64, and 65. FIG. FIG. 62 is a message sequence diagram showing a series of operations in which the vehicle owner's mobile phone 11001 delegates vehicle operating authority to the vehicle borrower's mobile phone 11101. FIG. 63 is a flowchart showing a series of operations of the vehicle operation authority lending program 21001 of the mobile phone 11001 of the vehicle owner. FIG. 64 is a flowchart showing a series of operations of the vehicle operation authority borrowing program 41002 of the cell phone 11101 of the vehicle borrower. FIG. 65 is a flowchart showing a series of operations of the vehicle operation authority setting program 61005 of the vehicle 11201.

  First, the vehicle owner's mobile phone 11001 activates the vehicle operation authority lending program 21001. The vehicle borrower's mobile phone 11101 starts the vehicle operation authority borrowing program 41001.

  In owned device public key request step S98001, the owned device transmission unit 102 transmits the vehicle borrower's public key request to the vehicle borrower's mobile phone 11101.

  In the borrowing device public key request reception step S108001, the borrowing device receiving unit 202 receives the public key request of the vehicle borrower.

  In the borrower public key transmission step S108002, the borrower transmission unit 201 transmits the vehicle borrower's public key 51002 to the mobile phone 11001 of the vehicle owner. After the vehicle borrower's mobile phone 11101 transmits the vehicle borrower's public key 51002, the program ends.

  In owned device public key reception step S98002, the owned device receiving unit 103 receives the public key 51002 of the vehicle borrower. The owning device storage unit 104 temporarily stores the received public key. For example, the storage unit 11011 of the UIM 11008 illustrated in FIG. 1 temporarily stores the received public key.

  In ticket generation step S98003, the ticket generation unit 101 generates a vehicle borrower's ticket. The ticket includes a vehicle borrower's public key 51002, vehicle borrower's operation permission information 111112, and operation restriction information 111113. The vehicle borrower's operation permission information 111112 and the operation restriction information 111113 are set in advance by the mobile phone 11001 of the vehicle owner before delegating the vehicle operation authority.

  In the ticket signature step S98004, the ticket generation unit 101 uses the vehicle owner's private key 31001 to create ticket signature information.

  In communication link establishment steps S98005 and S178001, the vehicle operation authority lending program 21001 establishes a communication link with the vehicle 11201.

  In the ticket transmission step S98006, a ticket with a signature of the owning device transmission unit 102 is transmitted to the vehicle 11201.

  In ticket reception step S178002, the control device reception unit 302 receives a signed ticket.

  In the control device ticket verification step S178003, the control device determination unit 304 verifies the signature information using the public key 31002 of the vehicle owner.

  In control device ticket verification step S178004, if the verification is successful, the control device determination unit 304 proceeds to the next step. If the verification fails, the control device determination unit 304 ends the program.

  In control device ticket storage step S178005, the control device storage unit 303 stores the signed ticket.

  In ticket reception completion notification step S178006, the control device transmission unit 301 transmits a signed ticket reception completion notification to the mobile phone 11001 of the vehicle owner. The vehicle 11201 terminates the program after transmitting the signed ticket reception completion notification.

  In the ticket reception completion notification reception step S98007, the owning device reception unit 103 receives a ticket reception completion notification. The mobile phone 11001 of the vehicle owner ends the program after the owning device receiving unit 103 receives the ticket reception completion notification.

  The vehicle owner's mobile phone 11001 and the vehicle borrower's mobile phone 11101 communicate via a secure communication path, as in the first embodiment.

  As in the first embodiment, communication is performed between the mobile phone 11001 of the vehicle owner and the vehicle 11201 by infrared communication or the like.

  FIG. 66 shows information stored in the storage unit 11204 of the vehicle 11201 after the vehicle owner's mobile phone 11001 delegates the vehicle operating authority to the vehicle borrower's mobile phone 11101. A ticket 111101 is added to the storage unit 11204 as compared to before the vehicle operation authority is delegated.

  Next, the operation in which the vehicle owner operates the vehicle 11201 will be described with reference to FIGS. FIG. 67 is a flowchart showing a series of operations of the terminal-side vehicle operation program 21003 or 41003 of the mobile phone 11001 or 11101 of the vehicle owner or vehicle borrower (hereinafter referred to as vehicle user). FIG. 68 is a flowchart showing a series of operations of the vehicle-side vehicle operation program 61004 of the vehicle 11201.

  In communication link establishment steps S138001 and S148001, the vehicle-side vehicle operation program 61004 periodically transmits a response request to a mobile phone, for example, via the control device transmission unit 301. When the vehicle owner's mobile phone 11001 approaches the vehicle 11201 and the terminal side vehicle operation program 21003 of the vehicle owner's mobile phone 11001 receives the response request, the communication link between the vehicle 11201 and the vehicle owner's mobile phone 11001 Establish.

  In the control device public key request step S148002, the control device transmission unit 301 transmits a public key request to the vehicle owner's mobile phone 11001 when the vehicle owner's mobile phone 11001 starts operating the vehicle 11201.

  In using device public key request reception step S138002, the owning device receiving unit 103 receives a public key request.

  In the utilization device public key transmission step S138003, the possession device transmission unit 102 transmits the vehicle owner's public key 31002 to the vehicle 11201. After the vehicle owner's mobile phone 11001 transmits the vehicle owner's public key 31002, the program ends.

  In control device public key reception step S148003, control device reception section 302 receives vehicle owner's public key 31002.

  In control device certificate collation step S148004, control device determination unit 304 collates the received vehicle owner's public key 31002 with the vehicle user's public key stored in storage unit 11204.

  In control device certificate verification step S148005, if the verification is successful, control device determination unit 304 proceeds to the next step. When the verification fails, the control device determination unit 304 ends the program.

  In the operable state transition step S148006, the vehicle-side vehicle operation program 61004 shifts to the vehicle operable state. The vehicle-side vehicle operation program 61004 shifts to a vehicle operable state such as door unlocking and engine starting, for example. The vehicle 11201 ends the program after shifting to the vehicle operable state.

  The vehicle owner's mobile phone 11001 and the vehicle 11201 communicate with each other by infrared communication or the like.

  Next, the operation of the vehicle borrower's mobile phone 11101 for operating the vehicle 11201 is the same as the operation of the vehicle owner's mobile phone 11001 for operating the vehicle 11201, and the description thereof is omitted here.

  As described above, in the eighth embodiment, instead of sending a ticket from the vehicle owner's mobile phone 11001 to the vehicle borrower's mobile phone 11101 when the vehicle operation authority is transferred in the vehicle operation authority transfer system in the above-described embodiment. In addition, a ticket is sent from the mobile phone 11001 of the vehicle owner to the vehicle 11201. Therefore, in the eighth embodiment, the operation authority of the vehicle 11201 can be delegated without requiring a management server.

  Further, in the eighth embodiment, it is not necessary to store additional information for delegating the vehicle operating authority in the mobile phone 11101 of the vehicle borrower, and the labor of the vehicle borrower can be saved.

Embodiment 9 FIG.
Next, a ninth embodiment will be described. In the ninth embodiment, the mobile phone 11001 of the vehicle owner in the first embodiment stores the generated ticket. Therefore, in the ninth embodiment, the mobile phone 11001 of the vehicle owner can confirm the delegated authority.
In the ninth embodiment, the mobile phone 11001 of the vehicle owner in the seventh embodiment deletes the stored ticket when the ticket expires.
Furthermore, in the ninth embodiment, the vehicle 11201 in the eighth embodiment deletes the stored ticket when the expiration date of the ticket has expired.

  FIG. 69 is a functional block diagram of the authority possessing device 100, the authority borrowing device 200, and the control device 300 according to the ninth embodiment. The functional block diagram shown in FIG. 69 is almost the same as the functional block diagram shown in FIG. 2, so only the differences will be described.

The authority possessing device 100 further includes an owned device input unit 111, an owned device display unit 112, and an owned device deletion unit 113.
The owning device input unit 111 inputs a reference request for the generated ticket. The owning device display unit 112 displays the contents of the ticket when requested by the owning device input unit 111. The owned device deletion unit 113 deletes a ticket whose expiration date has expired.
The control device 300 further includes a control device deletion unit 310. The control device deletion unit 310 deletes the expired ticket.

Next, the operation of the ninth embodiment will be described.
First, in ticket generation step S91005 in Embodiment 1, the owning device storage unit 104 stores the ticket generated by the ticket generation unit 101.

  The owning device input unit 111 inputs a reference request for the generated ticket. For example, a reference request is input by designating a mobile phone 11101 of a vehicle or a vehicle lessee. Then, when there is a request from the owning device input unit 111, the owning device display unit 112 displays the contents of the ticket.

  Further, as shown in the seventh embodiment, when the ticket has an expiration date, the owning device deletion unit 113 deletes the ticket whose expiration date has expired. Similarly, as shown in the eighth embodiment, when the vehicle 11201 stores a ticket, the control device deletion unit 310 deletes the ticket whose expiration date has expired.

  As described above, in the ninth embodiment, the vehicle owner's mobile phone 11001 can check the status of delegation of authority. The generated ticket information is not limited to being stored in the vehicle owner's mobile phone 11001 but may be stored in an external computer or server.

  In the ninth embodiment, the stored ticket is deleted when the expiration date has expired. Therefore, it is possible to prevent the storage device from being compressed. For example, the expired ticket can be deleted from the mobile phone 11001 or the vehicle 11201 of the vehicle owner and left on an external computer or server.

  By applying it to a key such as a vehicle or an entrance, the authority to use the key can be delegated to another person without going through a server or the like. Further, the lending of operation authority can be applied not only to personal use but also to a scene of lending authority such as car sharing and car rental.

2 is an example of a hardware configuration diagram of an authority possessing device 100, an authority borrowing device 200, and a control device 300 according to an embodiment. FIG. 2 is a functional block diagram of an authority possessing device 100, an authority borrowing device 200, and a control device 300 according to the first embodiment. FIG. This is a program stored in the storage unit 11006 of the mobile phone 11001 of the vehicle owner. This is data stored in the storage unit 11011 of the UIM 11008 in the mobile phone 11001 of the vehicle owner. This is a program stored in the storage unit 11106 of the mobile phone 11101 of the vehicle borrower. This is data stored in the storage unit 11111 of the UIM 11108 in the mobile phone 11101 of the vehicle borrower. These are programs and data stored in the storage unit 11204 of the vehicle 11201. FIG. 11 is a message sequence diagram illustrating a series of operations in which a vehicle owner's mobile phone 11001 delegates vehicle operating authority to a vehicle borrower's mobile phone 11101. It is a flowchart which shows a series of operation | movement of the vehicle operation authority lending program 21001 of the mobile telephone 11001 of a vehicle owner. 10 is a flowchart showing a series of operations of a vehicle operation authority borrowing program 41002 of a vehicle borrower's mobile phone 11101. It is an example of an input screen of operation permission information 111112 and operation restriction information 111113 of a vehicle borrower. This information is stored in the storage unit 11111 of the UIM 11108 of the vehicle borrower's mobile phone 11101 after the vehicle owner's mobile phone 11001 delegates the vehicle operating authority to the vehicle borrower's mobile phone 11101. FIG. 11 is a message sequence diagram illustrating a series of operations in which the vehicle owner's mobile phone 11001 operates the vehicle 11201. It is a flowchart which shows a series of operation | movement of the terminal side vehicle operation program 21003 or 41003 of the mobile phone 11001 or 11101 of a vehicle owner or a vehicle borrower. 12 is a flowchart showing a series of operations of a vehicle-side vehicle operation program 61004 for a vehicle 11201. FIG. 11 is a message sequence diagram showing a series of operations in which a vehicle borrower's mobile phone 11101 operates a vehicle 11201. FIG. 4 is a functional block diagram of an authority possessing device 100, an authority borrowing device 200, and a control device 300 according to a second embodiment. This is data stored in storage unit 11011 of UIM 11008 of mobile phone 11001 of the vehicle owner in the second embodiment. FIG. 11 is a message sequence diagram illustrating a series of operations in which a vehicle owner's mobile phone 11001 delegates vehicle operating authority to a vehicle borrower's mobile phone 11101. It is a flowchart which shows a series of operation | movement of the vehicle operation authority lending program 21001 of the mobile telephone 11001 of a vehicle owner. 10 is a flowchart showing a series of operations of a vehicle operation authority borrowing program 41002 of a vehicle borrower's mobile phone 11101. This information is stored in the storage unit 11111 of the UIM 11108 of the vehicle borrower's mobile phone 11101 after the vehicle owner's mobile phone 11001 delegates the vehicle operating authority to the vehicle borrower's mobile phone 11101. FIG. 11 is a message sequence diagram illustrating a series of operations in which the vehicle owner's mobile phone 11001 operates the vehicle 11201. It is a flowchart which shows a series of operation | movement of the terminal side vehicle operation program 21003 or 41003 of the mobile phone 11001 or 11101 of a vehicle owner or a vehicle borrower. 12 is a flowchart showing a series of operations of a vehicle-side vehicle operation program 61004 for a vehicle 11201. FIG. 11 is a message sequence diagram showing a series of operations in which a vehicle borrower's mobile phone 11101 operates a vehicle 11201. FIG. 11 is a message sequence diagram illustrating a series of operations in which a vehicle owner's mobile phone 11001 delegates vehicle operating authority to a vehicle borrower's mobile phone 11101. It is a flowchart which shows a series of operation | movement of the vehicle operation authority lending program 21001 of the mobile telephone 11001 of a vehicle owner. 10 is a flowchart showing a series of operations of a vehicle operation authority borrowing program 41002 of a vehicle borrower's mobile phone 11101. FIG. 11 is a message sequence diagram illustrating a series of operations in which the vehicle owner's mobile phone 11001 operates the vehicle 11201. It is a flowchart which shows a series of operation | movement of the terminal side vehicle operation program 21003 or 41003 of the mobile phone 11001 or 11101 of a vehicle owner or a vehicle borrower. 12 is a flowchart showing a series of operations of a vehicle-side vehicle operation program 61004 for a vehicle 11201. FIG. 11 is a message sequence diagram showing a series of operations in which a vehicle borrower's mobile phone 11101 operates a vehicle 11201. FIG. 10 is a functional block diagram of an authority possessing device 100, an authority borrowing device 200, and a control device 300 according to a fourth embodiment. This is data stored in the storage unit 11011 of the UIM 11008 of the mobile phone 11001 of the vehicle owner. This is data stored in the storage unit 11111 of the UIM 11108 of the mobile phone 11101 of the vehicle lessee. These are programs and data stored in the storage unit 11204 of the vehicle 11201. FIG. 11 is a message sequence diagram illustrating a series of operations in which a vehicle owner's mobile phone 11001 delegates vehicle operating authority to a vehicle borrower's mobile phone 11101. It is a flowchart which shows a series of operation | movement of the vehicle operation authority lending program 21001 of the mobile telephone 11001 of a vehicle owner. 10 is a flowchart showing a series of operations of a vehicle operation authority borrowing program 41002 of a vehicle borrower's mobile phone 11101. 10 is a flowchart showing a series of operations of a vehicle operation authority borrowing program 41002 of a vehicle borrower's mobile phone 11101. This information is stored in the storage unit 11111 of the UIM 11108 of the vehicle borrower's mobile phone 11101 after the vehicle owner's mobile phone 11001 delegates the vehicle operating authority to the vehicle borrower's mobile phone 11101. FIG. 11 is a message sequence diagram illustrating a series of operations in which the vehicle owner's mobile phone 11001 operates the vehicle 11201. It is a flowchart which shows a series of operation | movement of the terminal side vehicle operation program 21003 or 41003 of the mobile phone 11001 or 11101 of a vehicle owner or a vehicle borrower. 12 is a flowchart showing a series of operations of a vehicle-side vehicle operation program 61004 for a vehicle 11201. FIG. 11 is a message sequence diagram showing a series of operations in which a vehicle borrower's mobile phone 11101 operates a vehicle 11201. FIG. 10 is a functional block diagram of an authority possessing device 100, an authority borrowing device 200, and a control device 300 according to a fifth embodiment. This is data stored in the storage unit 11011 of the UIM 11008 of the mobile phone 11001 of the vehicle owner. This information is stored in the storage unit 11111 of the UIM 11108 of the vehicle borrower's mobile phone 11101 after the vehicle owner's mobile phone 11001 delegates the vehicle operating authority to the vehicle borrower's mobile phone 11101. FIG. 11 is a message sequence diagram illustrating a series of operations in which the vehicle owner's mobile phone 11001 operates the vehicle 11201. It is a flowchart which shows a series of operation | movement of the terminal side vehicle operation program 21003 or 41003 of the mobile phone 11001 or 11101 of a vehicle owner or a vehicle borrower. 12 is a flowchart showing a series of operations of a vehicle-side vehicle operation program 61004 for a vehicle 11201. FIG. 11 is a message sequence diagram showing a series of operations in which a vehicle borrower's mobile phone 11101 operates a vehicle 11201. This information is stored in the storage unit of the vehicle borrower's mobile phone 11101 after the vehicle owner's mobile phone 11001 delegates the vehicle operating authority to the vehicle borrower's mobile phone 11101. It is a flowchart which shows a series of operation | movement of the terminal side vehicle operation program 21003 or 41003 of the mobile phone 11001 or 11101 of a vehicle owner or a vehicle borrower. FIG. 10 is a functional block diagram of an authority possessing device 100, an authority borrowing device 200, and a control device 300 according to a seventh embodiment. FIG. 11 is a message sequence diagram illustrating a series of operations in which the vehicle owner's mobile phone 11001 operates the vehicle 11201. It is a flowchart which shows a series of operation | movement of the terminal side vehicle operation program 21003 or 41003 of the mobile telephone 11001 or 11101 of a vehicle owner or a vehicle borrower (henceforth vehicle user). 12 is a flowchart showing a series of operations of a vehicle-side vehicle operation program 61004 for a vehicle 11201. FIG. 11 is a message sequence diagram showing a series of operations in which a vehicle borrower's mobile phone 11101 operates a vehicle 11201. These are programs and data stored in the storage unit 11204 of the vehicle 11201. FIG. 11 is a message sequence diagram illustrating a series of operations in which a vehicle owner's mobile phone 11001 delegates vehicle operating authority to a vehicle borrower's mobile phone 11101. It is a flowchart which shows a series of operation | movement of the vehicle operation authority lending program 21001 of the mobile telephone 11001 of a vehicle owner. 10 is a flowchart showing a series of operations of a vehicle operation authority borrowing program 41001 of a vehicle borrower's mobile phone 11101. 10 is a flowchart showing a series of operations of a vehicle operation authority setting program 61005 of a vehicle 11201. The information is stored in the storage unit 11204 of the vehicle 11201 after the vehicle owner's mobile phone 11001 delegates the vehicle operating authority to the vehicle borrower's mobile phone 11101. It is a flowchart which shows a series of operation | movement of the terminal side vehicle operation program 21003 or 41003 of the mobile phone 11001 or 11101 of a vehicle owner or a vehicle borrower. 12 is a flowchart showing a series of operations of a vehicle-side vehicle operation program 61004 for a vehicle 11201. FIG. 20 is a functional block diagram of an authority possessing device 100, an authority borrowing device 200, and a control device 300 according to a ninth embodiment.

Explanation of symbols

  11001 Mobile phone of vehicle owner, 11002 communication unit, 11003 display unit, 11004 input unit, 11005 control unit, 11006 storage unit, 11007 card unit, 11008 UIM, 11009 communication unit, 11010 control unit, 11011 storage unit, 11101 vehicle borrowing Mobile phone, 11102 communication unit, 11103 display unit, 11104 input unit, 11105 control unit, 11106 storage unit, 11107 card unit, 11108 UIM, 11109 communication unit, 11110 control unit, 11111 storage unit, 11201 vehicle, 11202 communication unit , 11203 control unit, 11204 storage unit, 100 authority owned device, 101 ticket generation unit, 102 owned device transmission unit, 103 owned device reception unit, 104 owned device storage unit, 105 owned device determination , 106 owned device identification information creation unit, 107 owned device encryption unit, 108 owned device key generation unit, 109 owned device decryption unit, 110 owned device search unit, 111 owned device input unit, 112 owned device display unit, 113 owned Device deletion unit, 200 Authority borrowing device, 201 Borrowing device transmission unit, 202 Borrowing device reception unit, 203 Borrowing device storage unit, 204 Borrowing device instruction unit, 205 Borrowing device determination unit, 206 Borrowing device identification information creation unit, 207 Borrowing device Encryption unit, 208 borrowed device key generation unit, 209 borrowed device decryption unit, 210 borrowed device search unit, 211 borrowed device input unit, 300 control device, 301 control device transmission unit, 302 control device reception unit, 303 control device storage unit 304, control device determination unit, 305 control unit, 306 control device identification information creation unit, 307 control device Generator, 308 a control device encryption unit, 309 controller decoding unit, 310 controller deletion unit.

Claims (22)

The above-mentioned authority possession that obtains a ticket that can be identified as having authority to instruct the control device that controls a predetermined device and transmits the ticket to the authority impersonating device that instructs the control device via the network In the device
A ticket generation unit that generates a ticket with a signature that can be identified as having the authority;
An authority possessing device, comprising: an possessing device transmitting unit that transmits the ticket generated by the ticket generating unit to the authority borrowing device.   2. The authority holding device according to claim 1, wherein the ticket generation unit generates a ticket including restriction information for limiting a range that can be instructed by the authority borrowing device.   2. The authority holding device according to claim 1, wherein the ticket generation unit generates the ticket including an expiration date that is a time limit during which the authority borrowing device can instruct the control device. The authority possessing device further includes:
An owning device receiver that receives from the authority impersonating device the borrowing device authentication information that can authenticate the authority impersonating device;
An owning device determination unit that determines whether the device is an authority borrowing device based on the borrowing device authentication information received by the owning device reception unit;
2. The authority holding apparatus according to claim 1, wherein the ticket generation section generates the ticket when the possession apparatus determination section determines that the apparatus is an authority borrowing apparatus. The authority possessing device further includes:
An owning device storage unit for storing a common key created with the authority impersonation device;
An owned device encryption unit that encrypts the ticket with the common key stored in the owned device storage unit to form an encrypted ticket,
The authority possessing device according to claim 1, wherein the possessing device transmitting unit transmits the encryption ticket encrypted by the possessing device encrypting unit to the authority borrowing device. The authority possessing device further includes:
An owning device receiving unit that receives from the authority adopting device optional borrowing device information that is arbitrary information of the authority adopting device;
An owned device key generation unit that generates a key from the borrowed device arbitrary information received by the owned device receiving unit and the owned device arbitrary information that is arbitrary information of the authority-owning device;
6. The authority possessing device according to claim 5, wherein the owning device storage unit stores the key generated by the owning device key generation unit as the common key. When there are a plurality of the control devices,
2. The authority possessing device according to claim 1, wherein the ticket generating unit generates a ticket including control device restriction information for restricting the control device that can be instructed by the authority borrowing device as the ticket. The authority possessing device further includes:
When the ticket generation unit generates the ticket, an owned device storage unit that stores the ticket;
Owning device input section for inputting instructions;
2. The authority possessing device according to claim 1, further comprising: an owning device display unit that displays the ticket stored in the owning device storage unit when the owning device input unit inputs the instruction. The authority possessing device further includes:
When the ticket generation unit generates the ticket, an owned device storage unit that stores the ticket;
4. The authority possessing device according to claim 3, further comprising: an owning device deleting unit that deletes the ticket stored in the owning device storage unit when the expiration date included in the ticket becomes invalid. In the impersonation device that obtains a ticket that can be identified from the authority-owning device and gives an instruction to the control device to identify that it has the authority to instruct the control device that controls the predetermined device,
A borrowing device receiving unit that receives a ticket with a signature that can be identified as authorized from the authorized device; and
A borrowing device storage unit for storing the ticket received by the borrowing device reception unit;
A borrowing device transmission unit for transmitting the ticket stored in the borrowing device storage unit to the control device;
A borrowing apparatus instruction unit for instructing the control apparatus. The borrowing device receiving unit receives control device identification information that can be identified as a control device from the control device,
The impersonation device further includes
A borrowing device search unit that searches the borrowing device storage unit for a ticket that can be identified as having the authority to instruct the control device specified by the control device identification information received by the borrowing device receiving unit; The impersonation device according to claim 10, wherein A control device that controls a predetermined device, an authority impersonation device that obtains a ticket that can be identified as having authority to instruct the control device and instructs the control device, and an authority impersonation device In an authority delegation system in which an authorized device that transmits a ticket is connected via a network,
The above authorized device is
A ticket generation unit that generates a ticket with a signature that can be identified as the authority-owning device;
A possessing device transmitting unit that transmits the ticket generated by the ticket generating unit to the authority borrowing device;
The impersonation device is
A borrowing device receiving unit that receives the ticket transmitted by the owned device transmitting unit;
A borrowing device storage unit for storing the ticket received by the borrowing device reception unit;
A borrowing device transmission unit that transmits the ticket stored in the borrowing device storage unit to the control device; and a borrowing device instruction unit that instructs the control device;
The control device
An authority delegation system comprising: a control unit that controls the predetermined device based on an instruction given by the borrowing device instruction unit when the signature of the ticket transmitted by the borrowing device transmission unit is correct. The borrowing device transmission unit transmits borrowing device authentication information that can be authenticated as the authority borrowing device to the authority possessing device,
The authority possessing device further includes:
An owning device receiving unit that receives the borrowing device authentication information transmitted by the borrowing device transmitting unit;
An owning device determination unit that determines whether the device is an authority borrowing device based on the borrowing device authentication information received by the owning device reception unit;
13. The authority delegation system according to claim 12, wherein the ticket generation section generates the ticket when the possession apparatus determination section determines that it is the authority borrowing apparatus. The owned device transmission unit transmits owned device authentication information that can be authenticated as the authorized device to the authorized device,
The borrowed device receiving unit receives the owned device authentication information transmitted by the owned device transmitting unit,
The impersonation device further includes
Based on the owned device authentication information received by the borrowed device receiving unit, a borrowed device determination unit that determines whether the device is the authority-owned device,
When the borrowing device determination unit determines that the borrowing device transmission unit is the authority-owned device, the borrowing device transmission unit transmits a ticket generation request to the authority-owning device,
The owned device receiving unit receives the ticket generation request transmitted by the borrowed device transmitting unit,
The ticket generation unit generates the ticket when the owning device determination unit determines that the device is an authority borrowing device and the owning device reception unit receives the ticket generation request. Item 14. The authority delegation system according to item 13. The authority possessing device further includes:
An owning device storage unit for storing a common key created with the authority impersonation device;
An owned device encryption unit that encrypts the ticket with the common key stored in the owned device storage unit to form an encrypted ticket,
The owned device transmission unit transmits the encryption ticket encrypted by the owned device encryption unit to the authority impersonation device,
The borrower receiving unit receives the encryption ticket transmitted by the owned device transmitter,
The borrower storage unit stores the common key,
The impersonation device further includes
A borrowing device decrypting unit for decrypting the encryption ticket received by the borrowing device receiving unit with the common key stored in the borrowing device storage unit;
13. The authority delegation system according to claim 12, wherein the borrower storage unit stores the encryption ticket decrypted by the borrower decryptor as the ticket. The borrowing device transmission unit transmits borrowing device arbitrary information which is arbitrary information of the authority borrowing device to the authority possessing device,
The authority possessing device further includes:
An owning device receiving unit that receives the borrowing device arbitrary information transmitted by the borrowing device transmitting unit;
An owned device key generation unit that generates a key from the borrowed device arbitrary information received by the owned device receiving unit and the owned device arbitrary information that is arbitrary information of the authority-owning device;
The owned device storage unit stores the key generated by the owned device key generation unit as the common key,
The owned device transmission unit transmits the owned device arbitrary information to the authority adopting device,
The borrower receiving unit receives the owned device arbitrary information,
The impersonation device further includes
A borrowing device key generating unit for generating a key from the owned device arbitrary information received by the borrowing device receiving unit and the borrowed device arbitrary information transmitted by the borrowing device transmitting unit;
16. The authority delegation system according to claim 15, wherein the borrowing device storage unit stores the key generated by the borrowing device key generation unit as the common key. In a control device that controls a predetermined device based on an instruction of a device to which authority has been delegated from an authority-owning device, an authority impersonation device that instructs the control device, and the authority-owning device connected via a network,
An owning device receiver that receives from the authority adopting device the borrowing device identification information that can be identified as the authority adopting device;
Inserting the borrowed device identification information received by the owning device receiving unit, and attaching a signature that can be identified as the authority-owning device, thereby generating a ticket indicating that authority has been delegated to the authority adopting device A ticket generator,
An authority possessing device comprising: an possessing device transmitting unit that transmits the ticket generated by the ticket generating unit to the control device. In a control device that controls a predetermined device based on an instruction of a device to which authority has been delegated from an authorized device,
A first control device receiving unit for receiving a ticket including identification information of a device to which authority has been delegated from the authority possessing device;
A control device storage unit for storing the ticket received by the first control device reception unit;
A second control device receiver for receiving device identification information and instructions;
A control device determination unit that refers to the ticket stored in the control device storage unit and determines whether there is a ticket including the identification information of the device received by the second control device reception unit;
A control unit that controls the predetermined device based on the instruction received by the second control device receiving unit when the control device determining unit determines that there is a ticket including the identification information of the device. Control device characterized. The first control device receiving unit receives a ticket including an expiration date indicating the end of a period for delegating the authority,
The control device storage unit stores the ticket,
The control device further includes:
19. The control device according to claim 18, further comprising a control device deletion unit that deletes the ticket stored in the control device storage unit when the expiration date included in the ticket becomes invalid. Authority for controlling a predetermined device based on an instruction of a device whose authority has been delegated from the authority-owning device, an authority adopting device for instructing the control device, and the authority-owning device connected via a network In the delegation system,
The impersonation device is
A first borrowing device transmitting unit that transmits borrowing device identification information that can be identified as the authority borrowing device to the authority possessing device;
The above authorized device is
An owning device receiving unit that receives the borrowing device identification information transmitted by the first borrowing device transmitting unit;
A ticket generation unit that generates a ticket into which the borrowed device identification information received by the owned device reception unit is inserted;
A possessing device transmitting unit that transmits the ticket generated by the ticket generating unit to the control device;
The control device
A first control device receiving unit that receives the ticket transmitted by the owned device transmitting unit;
A control device storage unit for storing the ticket received by the first control device reception unit,
The impersonation device further includes
A second borrowing device transmission unit for transmitting the borrowing device identification information to the control device;
The control device further includes:
A second control device receiving unit that receives the borrowed device identification information transmitted by the second borrowed device transmitting unit;
A control device determination unit that refers to the ticket stored in the control device storage unit and determines whether there is a ticket including the borrowed device identification information received by the second control device reception unit;
An authority delegation system comprising: a control unit that controls the predetermined device based on an instruction from the authority borrowing device when the control device determination unit determines that a ticket including the borrowing device identification information exists. The above-mentioned authority possession that obtains a ticket that can be identified as having authority to instruct the control device that controls a predetermined device and transmits the ticket to the authority impersonating device that instructs the control device via the network In the authority-owning program that runs on the device,
A ticket generation step for generating a ticket with a signature that can be identified as the authority-owning device;
An authority possessing program for causing a computer to execute an owning device transmitting step for transmitting the ticket generated in the ticket generating step to the authority borrowing device. The above-mentioned authority possession that obtains a ticket that can be identified as having authority to instruct the control device that controls a predetermined device and transmits the ticket to the authority impersonating device that instructs the control device via the network In the device authority holding method,
A ticket generation step for generating a ticket with a signature that can be identified as the authority-owning device;
An authority possessing method comprising: an owning device transmitting step for transmitting the ticket generated in the ticket generating step to the authority borrowing device.

Images