[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2016170834A1 - System and method for managing vehicle - Google Patents

System and method for managing vehicle Download PDF

Info

Publication number
WO2016170834A1
WO2016170834A1 PCT/JP2016/054948 JP2016054948W WO2016170834A1 WO 2016170834 A1 WO2016170834 A1 WO 2016170834A1 JP 2016054948 W JP2016054948 W JP 2016054948W WO 2016170834 A1 WO2016170834 A1 WO 2016170834A1
Authority
WO
WIPO (PCT)
Prior art keywords
vehicle
terminal
server
user
user terminal
Prior art date
Application number
PCT/JP2016/054948
Other languages
French (fr)
Japanese (ja)
Inventor
川崎 修平
周平 大見
典子 大庭
和哉 内田
Original Assignee
株式会社ディー・エヌ・エー
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社ディー・エヌ・エー filed Critical 株式会社ディー・エヌ・エー
Publication of WO2016170834A1 publication Critical patent/WO2016170834A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to a system and a method for managing a vehicle, and more particularly, to a system for managing the vehicle, including a user terminal, a vehicle terminal provided in the vehicle, and a server, and a method executed by these. .
  • a car sharing service for jointly using a car among members has been provided.
  • a user of a car can use a smart card distributed in advance to open the door of the car.
  • Is configured to perform locking / unlocking see, for example, Patent Document 1).
  • information such as a user-specific registration code stored in the IC card is read by a card reader or the like provided in the automobile, and this registration code or the like is used.
  • the door is locked / unlocked by receiving the authentication.
  • information such as a registration code is used for user authentication.
  • the information such as the registration code is illegal from the management server.
  • the risk of unauthorized use of the car increases.
  • the information such as the registration code stored in the IC card may be encrypted and decrypted on the card reader side. Since the processing capacity of the card reader is low, it is difficult to complicate the processing of the card reader. Therefore, it is desired to implement user authentication associated with vehicle control such as door locking / unlocking with a simple mechanism while maintaining security.
  • An embodiment of the present invention has an object to realize user authentication associated with vehicle control with a simple mechanism while maintaining security. Other objects of the embodiments of the present invention will become apparent by referring to the entire specification.
  • the system which concerns on one Embodiment of this invention is a system which comprises a user terminal, the vehicle terminal provided in the vehicle, and the server, and manages the said vehicle, Comprising:
  • the said user terminal memorize
  • the method which concerns on one Embodiment of this invention is a method of managing the said vehicle by a user terminal, the vehicle terminal provided in the vehicle, and the server, Comprising:
  • the server stores the public key corresponding to the secret key in association with the vehicle terminal, and the user terminal stores a request for predetermined control of the vehicle, A step of transmitting to the vehicle terminal together with a digital signature generated using a secret key; and the server stores the digital signature received from the user terminal in association with the vehicle terminal. And executing the predetermined control of the vehicle based on a verification result of verification using a public key.
  • user authentication associated with vehicle control can be realized with a simple mechanism while maintaining security.
  • the lineblock diagram showing roughly the composition of system 1 concerning one embodiment of the present invention The block diagram which shows schematically the structure of communication I / F33 with which the vehicle terminal 30 in one Embodiment is provided.
  • the block diagram which shows roughly the function which the server 10, the user terminal 20, and the vehicle terminal 30 with which the system 1 in one Embodiment has is provided.
  • the sequence diagram which shows the mode of the communication performed between the server 10, the user terminal 20, and the vehicle terminal 30 when a user locks / unlocks the door of a motor vehicle in one Embodiment The sequence diagram which shows the mode of the communication performed between the vehicle terminal 30 and the server 10, when the vehicle terminal 30 transmits the operation information of a motor vehicle with respect to the server 10 in one Embodiment.
  • FIG. 1 is a configuration diagram schematically showing a network configuration of a system 1 according to an embodiment of the present invention.
  • a system 1 according to an embodiment includes a server 10, a user terminal 20, and a vehicle terminal 30 installed in an automobile, and a communication network including a mobile communication network and the Internet. 40 are communicably connected to each other.
  • the system 1 in one embodiment functions as a car sharing system that provides a car sharing service that enables users to share a car.
  • FIG. 1 only one user terminal 20 and one vehicle terminal 30 are illustrated, but the system 1 in one embodiment includes a plurality of user terminals 20 and a plurality of vehicle terminals 30.
  • the server 10 is configured as a general computer, and as illustrated, a CPU (computer processor) 11, a main memory 12, a user I / F 13, a communication I / F 14, a storage (storage device) 15, and These components are electrically connected to each other through a bus.
  • the CPU 11 loads an operating system and various other programs from the storage 15 into the main memory 12 and executes instructions included in the loaded programs.
  • the main memory 12 is used for storing a program executed by the CPU 11, and is configured by a DRAM or the like, for example.
  • the server 10 in one embodiment may be configured using a plurality of computers each having a hardware configuration as described above.
  • the user I / F 13 includes, for example, an information input device such as a keyboard and a mouse that accepts an operator's input, and an information output device such as a liquid crystal display that outputs a calculation result of the CPU 11.
  • the communication I / F 14 is implemented as hardware, firmware, communication software such as a TCP / IP driver or PPP driver, or a combination thereof, and is configured to be able to communicate with the user terminal 20 and the vehicle terminal 30 via the communication network 40. Is done.
  • the storage 15 is composed of, for example, a magnetic disk drive, and stores various programs such as a control program for providing a management function of a car sharing service.
  • the storage 15 can also store various data for providing the management function.
  • Various data that can be stored in the storage 15 may be stored in a database server or the like that is physically separate from the server 10 that is communicably connected to the server 10.
  • the server 10 also functions as a web server that performs HTTP communication with the user terminal 20 and the vehicle terminal 30.
  • the server 10 can manage a website including a plurality of web pages having a hierarchical structure, and can provide a management function of the car sharing service to the user of the user terminal 20 via the website.
  • the storage 15 can also store HTML data corresponding to this web page. HTML data is associated with various image data, and various programs described in a script language such as JavaScript (registered trademark) can be embedded.
  • the server 10 can provide a management function of a car sharing service via an application executed on an execution environment other than the web browser in the user terminal 20.
  • Such applications can also be stored in the storage 15.
  • This application is created using a programming language such as Objective-C or Java (registered trademark).
  • the application stored in the storage 15 is distributed to the user terminal 20 in response to the distribution request.
  • the user terminal 20 can also download such an application from a server other than the server 10 (a server that provides an application market) or the like.
  • the server 10 manages the website for providing the management function of the car sharing service, and distributes the web page (HTML data) constituting the website in response to a request from the user terminal 20. be able to.
  • the server 10 may be an application executed on the user terminal 20 in place of or in addition to the provision of the management function using such a web page (web browser).
  • the management function can be provided based on the communication. Regardless of which mode is provided, the server 10 transmits and receives various data (including data necessary for screen display) necessary for providing the management function of the car sharing service to and from the user terminal 20. be able to.
  • the server 10 can store various data for each identification information (for example, user ID) for identifying each user, and can manage the provision status of the car sharing service for each user. Although detailed description is omitted, the server 10 may have a function of performing user authentication processing, billing processing, and the like.
  • the user terminal 20 is an arbitrary portable information processing device that displays a web page on a web browser and implements an execution environment for executing an application, such as a smartphone, a tablet terminal, a wearable device, and a game dedicated terminal. Can be included.
  • the user terminal 20 is configured as a general computer, and as shown in FIG. 1, a CPU (computer processor) 21, a main memory 22, a user I / F 23, a communication I / F 24, and a storage (storage device) 25. These components are electrically connected to each other through a bus.
  • the CPU 21 loads an operating system and various other programs from the storage 25 to the main memory 22 and executes instructions included in the loaded programs.
  • the main memory 22 is used for storing a program executed by the CPU 21 and is configured by, for example, a DRAM or the like.
  • the user I / F 23 includes, for example, an information input device such as a touch panel and a button that accepts user input, and an information output device such as a liquid crystal display that outputs a calculation result of the CPU 21.
  • the communication I / F 24 is implemented as hardware, firmware, software, or a combination thereof.
  • the communication I / F 24 includes a 3G / LTE module 24a for performing communication via a mobile communication network such as 3G or LTE included in the communication network 40, and Bluetooth (registered) as illustrated.
  • a short-range wireless communication module 24b for performing short-range wireless communication such as a trademark), BLE (Bluetooth Low Energy), or NFC.
  • the storage 25 is composed of, for example, a magnetic disk drive or a flash memory, and stores various programs such as an operating system.
  • the storage 25 can store various applications received from the server 10 or the like.
  • the user terminal 20 includes, for example, a web browser for interpreting an HTML format file (HTML data) and displaying the screen, and interprets and receives the HTML data acquired from the server 10 by the function of the web browser. A web page corresponding to the HTML data thus displayed can be displayed. Further, plug-in software capable of executing various types of files associated with HTML data can be incorporated in the web browser of the user terminal 20.
  • HTML data HTML format file
  • plug-in software capable of executing various types of files associated with HTML data can be incorporated in the web browser of the user terminal 20.
  • the user of the user terminal 20 uses the management function of the car sharing service provided by the server 10, for example, HTML data, an animation instructed by an application, an operation icon, or the like is displayed on the user terminal 20. .
  • the user can input various instructions using the touch panel of the user terminal 20 or the like.
  • An instruction input from the user is transmitted to the server 10 via a function of an application execution environment such as a web browser of the user terminal 20 or NgCore (trademark).
  • the vehicle terminal 30 is configured as a general computer, and as illustrated, a CPU (computer processor) 31, a main memory 32, a communication I / F 33, and a storage (storage device). 34, and each of these components is electrically connected to each other via a bus.
  • a CPU computer processor
  • main memory main memory
  • communication I / F 33 main memory
  • storage storage device
  • the CPU 31 loads an operating system and various other programs from the storage 34 to the main memory 32 and executes instructions included in the loaded programs.
  • the main memory 32 is used for storing a program executed by the CPU 31, and is configured by, for example, a DRAM or the like.
  • the communication I / F 33 is implemented as hardware, firmware, software, or a combination thereof.
  • FIG. 2 schematically shows the configuration of the communication I / F 33 of the vehicle terminal 30 in one embodiment.
  • the communication I / F 33 in the embodiment includes a 3G / LTE module 33a (first communication module) for executing communication via a mobile communication network such as 3G or LTE included in the communication network 40. ), A short-range wireless communication module 33b (second communication module) for performing short-range wireless communication such as Bluetooth (registered trademark), BLE, or NFC, and the vehicle control unit 110 of the automobile 100. (Controller Area Network) CAN communication module 33c for executing communication.
  • the 3G / LTE module 33a is configured to acquire position information of the vehicle terminal 30 (vehicle 100) by a GPS antenna and a 3G / LTE antenna (not shown). That is, the 3G / LTE module 33a receives GPS data from a GPS satellite by a GPS antenna, and acquires position information of the vehicle terminal 30 based on this data. Further, the 3G / LTE module 33a receives A-GPS data from the base station of the mobile communication network by the 3G / LTE antenna, for example, at a place where the GPS antenna cannot receive GPS data (for example, underground parking lot). The position information of the vehicle terminal 30 is acquired based on this data.
  • the CAN communication module 33 c is detachably connected to a vehicle diagnosis connector (OBDII) 111 included in the vehicle control unit 110 of the automobile 100 via a connection connector 120.
  • the vehicle control unit 110 includes a vehicle diagnosis connector 111, an engine control unit (ECU) 112, a meter control unit (M & A) 113, a body control unit (BCM) 114 for controlling a body such as a door, and a steering control unit (STRG). ) 115, various control units such as a vehicle attitude control unit (TRC) 116 such as a traction control and a power management unit (IPDM) 117.
  • ECU engine control unit
  • M & A meter control unit
  • BCM body control unit
  • STG steering control unit
  • TRC vehicle attitude control unit
  • IPDM power management unit
  • control unit and vehicle diagnosis connector 111 are electrically connected to each other by CAN bus 118H (CAN H line) and 118L (CAN L line), and various control signals are transmitted via these buses 118H and L. Send and receive each other. Therefore, the vehicle terminal 30 can control each part of the automobile 100 by transmitting control signals to various control units via the vehicle diagnosis connector 111.
  • CAN bus 118H CAN H line
  • 118L CAN L line
  • the CPU 31 of the vehicle terminal 30 can convert information received via the 3G / LTE module 33a or the short-range wireless communication module 33b into a signal suitable for CAN communication and provide it to the CAN communication module 33c. Further, the CPU 31 converts the signal received from the CAN communication module 33c into information suitable for communication via a mobile communication network or short-range wireless communication, and provides the information to the 3G / LTE module 33a or the short-range wireless communication module 33b. can do.
  • FIG. 3 is a block diagram schematically showing functions of the system 1 (the server 10, the user terminal 20, and the vehicle terminal 30).
  • the server 10 includes an information storage unit 51 that stores various information, and processing related to management of basic information of a car sharing service such as a user or a car (vehicle terminal 30).
  • the basic information management unit 52 that executes the above, the reservation management unit 53 that executes the processing related to the reservation of the vehicle by the user, and the user authentication management unit 54 that executes the processing related to the user authentication accompanying the control of the vehicle.
  • the information storage unit 51 of the server 10 is realized by the storage 15 or the like, and as shown in FIG. 3A, the vehicle terminal management table 51a for managing information related to the vehicle terminal 30 and the user who is a member of the car sharing service. It has a user management table 51b for managing information and a reservation management table 51c for managing information related to car reservation by the user.
  • FIG. 4 shows an example of information managed in the vehicle terminal management table 51a in the embodiment. As shown in the figure, the vehicle terminal management table 51a is associated with a “vehicle terminal ID” that identifies an individual vehicle terminal 30, and a “common key” that indicates a common key used for encryption of communication with the vehicle terminal 30.
  • Vehicle ID that identifies the vehicle on which the vehicle terminal 30 is provided
  • Vehicle basic information that is basic information such as the vehicle type, year, and displacement of the vehicle, travel distance, fuel remaining amount, and position of the vehicle Information such as information (current location), door locking status, and driving status (statistical information such as engine speed, vehicle speed, steering angle, and number of sudden braking operations), etc.
  • the vehicle terminal ID and the common key are registered at the time of initial setting of the vehicle terminal 30 as will be described in detail later. Further, as will be described in detail later, the vehicle operation information is registered by receiving information collected from the vehicle control unit 110 of the automobile 100, position information, and the like from the vehicle terminal 30.
  • the vehicles used jointly in the car sharing service of the embodiment may include vehicles owned by general owners other than the business operator of the car sharing service.
  • the vehicle terminal 30 is provided by a car sharing service operator or the like to the vehicle owner who wishes to use the vehicle jointly, and the vehicle owner connects the provided vehicle terminal 30 to his / her vehicle. To do.
  • the car owner can get a price in response to the use of the car he owns in the car sharing service.
  • information related to the vehicle on which the vehicle terminal 30 is provided is registered by the vehicle owner or a car shelling service provider.
  • FIG. 5 shows an example of information managed in the user management table 51b in the embodiment.
  • the user management table 51b is associated with a “user ID” for identifying an individual user
  • “user basic information” is basic information about the user such as name, address, contact information, billing information, and payment information.
  • Manages information such as“ public key ”which is a public key used for user authentication when the user controls the vehicle.
  • the public key which will be described in detail later, is registered by transmitting the public key generated by the user terminal 20 from the user terminal 20.
  • FIG. 6 shows an example of information managed in the reservation management table 51c in one embodiment.
  • the reservation management table 51c is associated with a combination of “vehicle ID” that identifies a car and “reservation date and time”, and “user ID” that identifies a user who reserves this car at this reservation date and time. Etc. "is managed. Although these details will be described later, these pieces of information are registered in response to a car reservation by the user via the user terminal 20.
  • the basic information management unit 52 of the server 10 executes various processes related to management of basic information such as a user and a car (vehicle terminal 30). For example, the basic information management unit 52 executes processing related to registration, update, deletion, and the like of information managed in the vehicle terminal management table 51a and the user management table 51b described above. For example, the basic information management unit 52 associates the public key received from the user terminal 20 with the user and registers them in the user management table 51b.
  • the reservation management unit 53 of the server 10 executes various processes related to the car reservation by the user. For example, when the reservation management unit 53 receives a reservation for a vehicle by the user via the user terminal 20, the reservation management unit 53 associates the user, the reserved vehicle, and the date and time of reservation with each other and registers them in the reservation management table 51c. .
  • the user authentication management unit 54 of the server 10 executes various processes related to user authentication accompanying the control of the automobile. For example, the user authentication management unit 54 verifies the digital signature received from the vehicle terminal 30 using a public key stored in association with the vehicle terminal 30 and transmits the verification result of the verification to the vehicle terminal 30. .
  • the verification of the digital signature includes, for example, verifying the digital signature using the date and time corresponding to the current date and time and the public key stored in association with the vehicle terminal 30.
  • the user terminal 20 includes an information storage unit 61 that stores various information, and a key management unit 62 that performs processing related to key (private key and public key) management. And a vehicle control requesting unit 63 that executes processing related to a request for control of the automobile.
  • These functions are realized by the hardware such as the CPU 21 and the main memory 22 and various programs stored in the storage 25 operating in cooperation.
  • the CPU 21 can execute instructions included in the loaded program. Is realized by executing.
  • part or all of the functions of the user terminal 20 illustrated in FIG. 3B can be realized by the cooperation of the user terminal 20, the server 10, and / or the vehicle terminal 30.
  • the information storage unit 61 of the user terminal 20 is realized by the storage 25 or the like, and stores, for example, a secret key used for user authentication accompanying control of the automobile.
  • the key management unit 62 of the user terminal 20 executes various processes related to management of a secret key and a public key used for user authentication accompanying the control of the automobile. For example, the key management unit 62 generates a secret key and a public key in response to a request from the user, stores the secret key in the information storage unit 61 (such as the storage 25), and transmits the public key to the server 10 To do.
  • the key management unit 62 generates a secret key and a public key in response to a request from the user, stores the secret key in the information storage unit 61 (such as the storage 25), and transmits the public key to the server 10 To do.
  • the vehicle control request unit 63 of the user terminal 20 executes various processes related to the request for control of the automobile. For example, the vehicle control request unit 63 transmits a request for control of the automobile to the vehicle terminal 30 together with a digital signature generated using a secret key stored in the information storage unit 61.
  • the predetermined control of the automobile includes locking / unlocking of the door of the automobile.
  • the vehicle terminal 30 includes an information storage unit 71 that stores various types of information, a vehicle control unit 72 that performs processing related to automobile control, and a server 10. And a server cooperation unit 73 that executes a process related to.
  • These functions are realized by the cooperation of hardware such as the CPU 31 and the main memory 32, and various programs stored in the storage 34.
  • the CPU 31 can execute instructions included in the loaded program. Is realized by executing.
  • part or all of the functions of the vehicle terminal 30 illustrated in FIG. 3C can be realized by the cooperation of the vehicle terminal 30, the server 10, and / or the user terminal 20.
  • the information storage unit 71 of the vehicle terminal 30 is realized by the storage 34 or the like, and stores, for example, a vehicle ID for identifying the vehicle terminal 30 and a common key used for encryption of communication with the server 10.
  • the vehicle control unit 72 of the vehicle terminal 30 executes various processes related to the control of each unit of the automobile 100 connected via the vehicle diagnosis connector 111. For example, the vehicle control unit 72 controls each unit of the automobile 100 based on the verification result of the digital signature received from the user terminal 20. For example, the vehicle control unit 72 transmits a request for verifying the digital signature received from the user terminal 20 to the server 10 together with the digital signature, and controls each unit of the automobile 100 based on the verification result received from the server 10. Execute. The control of the automobile 100 is performed, for example, by transmitting a control signal to various control units via the CAN communication module 33c.
  • the server cooperation unit 73 of the vehicle terminal 30 executes various processes related to cooperation with the server 10. For example, the server cooperation unit 73 collects various operation information from the vehicle control unit 110 of the automobile 100 and transmits it to the server 10. For example, the server cooperation unit 73 transmits the position information of the vehicle terminal 30 to the server 10. For example, the server cooperation unit 73 executes various communications with the server 10 when the vehicle terminal 30 is initially set.
  • FIG. 7 is a sequence diagram illustrating a state of communication performed between the vehicle terminal 30 and the server 10 when the vehicle terminal 30 is initially set.
  • the vehicle terminal 30 requests the server 10 for initial setting (step S100).
  • the request for the initial setting is executed by the vehicle terminal 30 when the initial setting is instructed from a terminal device such as a general smartphone to the vehicle terminal 30 via short-range wireless communication or the like.
  • a terminal device such as a general smartphone
  • a terminal device such as a smartphone
  • a terminal device such as a smartphone
  • the server 10 generates and registers the vehicle terminal ID of the vehicle terminal 30 that requested the initial setting, and the common key used for encryption of communication between the vehicle terminal 30 and the server 10, and the vehicle terminal 30. (Step S110).
  • the vehicle terminal ID and the common key are registered in the vehicle terminal management table 51a.
  • the common key can be generated by applying various key generation algorithms according to a common key encryption method such as DES and AES.
  • the vehicle terminal 30 registers the received vehicle terminal ID and common key (step S120).
  • the vehicle terminal ID and the common key are registered in a predetermined area of the information storage unit 71 (such as the storage 34) of the vehicle terminal 30.
  • the vehicle terminal ID and the common key of the vehicle terminal 30 are generated in the server 10 and registered in the server 10 and the vehicle terminal 30, respectively.
  • the communication between the vehicle terminal 30 and the server 10 after the initial setting is encrypted using a common key registered and shared during the initial setting. Note that it is not always necessary to perform encryption using such a common key. If encryption using a common key is not performed, generation and sharing of a common key is not necessary.
  • FIG. 8 is a sequence diagram illustrating a state of communication performed between the user terminal 20 and the server 10 when the user generates a public key and a secret key.
  • the user terminal 20 When generating a public key and a secret key, first, as shown in the figure, the user terminal 20 generates a public key and a secret key (step S200).
  • a public key and a secret key are required for user authentication accompanying locking / unlocking of a car door.
  • a user who has registered as a car sharing service instructs the generation of a public key and a private key via a screen displayed on the user terminal 20, for example, before starting the use of the service (use of a car). To do.
  • the user terminal 20 In response to the instruction, the user terminal 20 generates a public key and a secret key.
  • the generation of a public key and a secret key can be performed by applying various key generation algorithms according to a public key cryptosystem such as RSA, for example.
  • the user terminal 20 transmits the generated public key to the server 10 (step S210) and registers the secret key (step S220).
  • the secret key is registered in a predetermined area of the information storage unit 61 (storage 25 or the like) of the user terminal 20.
  • the server 10 registers the public key received from the user terminal 20 (step S230).
  • the public key is registered in the user management table 51b.
  • the secret key is registered in the user terminal 20 among the public key and the secret key generated in the user terminal 20 according to the public key cryptosystem, and the public key is the server 10. Sent to and registered.
  • FIG. 9 is a sequence diagram illustrating a state of communication performed between the user terminal 20 and the server 10 when the user reserves a car.
  • the server 10 transmits screen data of a reservation screen to the user terminal 20 (step S300).
  • the user accesses the website of the car sharing service via the user terminal 20 or executes the application for the service on the user terminal 20 and transmits the screen data of the reservation screen to the server 10.
  • the server 10 transmits the screen data to the user terminal 20.
  • FIG. 10 shows an example of the reservation screen 80 displayed on the user terminal 20 that has received the screen data.
  • the reservation screen 80 includes a date input area 81 for inputting a reservation date, a start time input area 82 for inputting a start time of a reservation time, and an end time of the reservation time, as illustrated. End time input area 83, an area input area 84 for inputting the area where the automobile to be reserved is located, a search button 85, and a search result display area 86.
  • the user inputs information in each of the input areas 81-84 as search conditions for a car to be reserved and selects the search button 85, information related to the car that meets the input search conditions is displayed in a list in the search result display area 86.
  • the car that is located is identified by referring to the vehicle terminal management table 51a, the reservation management table 51c, etc., and information about the identified automobile (for example, images, basic vehicle information, etc.) is displayed in a list in the search result display area 86. Is done.
  • a vehicle detail screen 90 illustrated in FIG. 11 is displayed.
  • the vehicle detail screen 90 displays information related to automobiles (for example, images, basic vehicle information, etc.) and reservation information (reservation date and time), and a reservation button 94 is arranged at the bottom of the screen.
  • a request for reservation is made from the user terminal 20 to the server 10 (step S310), and reservation is registered by the server 10 (step S320).
  • the reservation is registered by associating the vehicle ID of the car, the reservation date and time, and the user ID of the user in the reservation management table 51c.
  • the vehicle ID, the reservation date and time, and the user ID are registered in association with each other.
  • the vehicle ID is associated with the vehicle terminal ID in the vehicle terminal management table 51a
  • the user ID is associated with the public key in the user management table 51b. It can also be said that the date and time are registered in association with the public key.
  • FIG. 12 is a sequence diagram illustrating a state of communication performed between the server 10, the user terminal 20, and the vehicle terminal 30 when the user locks / unlocks the door of the automobile.
  • the user terminal 20 stores reserved vehicle information, which is information related to the car (vehicle terminal 30) reserved by the user at the current date and time, as a server. 10 is requested (step S400).
  • the user can instruct locking / unlocking of a car via a screen displayed on the user terminal 20, and when the instruction is given, the user terminal 20 makes a reservation to the server 10.
  • a request for vehicle information is made. For example, when the reserved start time (or a predetermined time before the start time (for example, 10 minutes before) or the like) is reached, the user uses the user terminal 20 to instruct to unlock the door of the automobile.
  • the server 10 transmits reserved vehicle information to the user terminal 20 (step S410).
  • the vehicle terminal ID of the vehicle terminal 30 associated with the automobile reserved by the user of the user terminal 20 at the current date and time (see the vehicle terminal management table 51a and the reservation management table 51c).
  • the current date and time (system date and time of the server 10) is included.
  • the user terminal 20 that has received the reserved vehicle information generates a digital signature based on the current date and time included in the received reserved vehicle information and the stored secret key (step S415).
  • a digital signature using a secret key is performed for the current date and time.
  • the digital signature is generated, for example, by encrypting a hash value of the current date and time with a predetermined encryption method using a secret key stored in the information storage unit 61.
  • the user terminal 20 requests the vehicle terminal 30 to lock / unlock the door (step S420).
  • the lock / unlock request is made between the user terminal 20 and the vehicle terminal 30 using near field communication.
  • the vehicle terminal ID included in the reserved vehicle information and the vehicle terminal ID acquired from the vehicle terminal 30 are Is matched.
  • the lock / unlock request includes, for example, a “vehicle terminal ID” included in the reserved vehicle information, a “mode” identifying whether the request is a lock request or an unlock request, and the current date and time included in the reserved vehicle information. Information such as “date and time” to be shown and the generated digital signature is included.
  • the vehicle terminal 30 requests the server 10 to verify the digital signature included in the lock / unlock request received from the user terminal 20 (step S430).
  • the request for verifying the digital signature includes information such as the vehicle terminal ID, the date and time, and the digital signature.
  • the lock / unlock request received from the user terminal 20 is sent to the server 10. Sent. Note that, as described above, in one embodiment, the communication between the vehicle terminal 30 and the server 10 is encrypted using a common key generated and shared when the vehicle terminal 30 is initially set.
  • the server 10 verifies the digital signature received from the vehicle terminal 30 (step S440), and transmits the verification result to the vehicle terminal 30 (step S450).
  • the verification of the digital signature first specifies a vehicle ID corresponding to the received vehicle terminal ID with reference to the vehicle terminal management table 51a, and corresponds to a combination of the specified vehicle ID and the received date and time.
  • the user ID (that is, the user ID of the user who has reserved the car identified by the specified vehicle ID at the received date and time (current date and time)) is specified with reference to the reservation management table 51c, and corresponds to this user ID.
  • the public key is specified with reference to the user management table 51b.
  • the digital signature is verified using the received date and time and the specified public key. For example, the hash value of the received date and time is compared with the hash value obtained by decrypting the digital signature using the public key.
  • the secret key and the digital signature when the digital signature is generated Since the public key for verifying both is the key of the user (the public key generated by the user on the user terminal 20 and the corresponding private key), it is determined that the verification is OK.
  • the hash value obtained by decrypting the digital signature and the hash value of the date and time received from the vehicle terminal 30 match, it is determined as verification OK, and when these values do not match, it is determined as verification NG.
  • the vehicle terminal 30 that has received the verification result of the digital signature executes lock / unlock processing based on the verification result (steps S460 and S470). That is, when the verification result is verification OK, the lock / unlock process is executed as it is, and when the verification result is verification NG, a predetermined error process is executed without executing the lock / unlock process. Execute. In one embodiment, the lock / unlock process is executed when the vehicle terminal 30 sends a control signal corresponding to the lock / unlock of the door to the vehicle control unit 110 (body control unit 114) via the CAN communication module 33c. Is done by sending.
  • a digital signature (digital signature added to the current date and time) generated using the current date and time (temporary information) and the secret key is used as a public key corresponding to the secret key.
  • the user who requests the lock / unlock is authenticated by using the verification.
  • the lock / unlock request for the vehicle terminal 30 is made by the user terminal 20 using short-range wireless communication, the lock / unlock by a third party located remotely from the vehicle terminal 30 (automobile) is performed. Requests can be prevented.
  • a digital signature is added to the current date and time, which is temporary information, there is little security problem even if the current date and time are illegally leaked.
  • the server 10 performs verification of the digital signature, it can be said that the processing load of the vehicle terminal 30 is reduced.
  • FIG. 13 is a sequence diagram illustrating a state of communication performed between the vehicle terminal 30 and the server 10 when the vehicle terminal 30 transmits automobile operation information to the server 10.
  • the vehicle operation information is transmitted periodically (for example, every hour).
  • the vehicle terminal 30 transmits the operation information to the server 10 (step S500).
  • the operation information is transmitted, for example, by the vehicle terminal 30 transmitting information collected from various control units included in the vehicle control unit 110 of the automobile 100, position information, and the like to the server 10. Is done by.
  • the server 10 registers the operation information received from the vehicle terminal 30 (step S510).
  • the operation information is registered in the vehicle terminal management table 51a.
  • the server 10 determines whether or not the door needs to be locked / unlocked based on the received operation information (step S520). If it is determined that the lock / unlock is necessary, the server 10 locks / unlocks. Is transmitted to the vehicle terminal 30 (step S530). In one embodiment, the determination of whether locking / unlocking is necessary can be performed by applying various criteria. For example, if the engine is stopped for a certain period of time and the door is unlocked, it is determined that the user is likely to have forgotten to lock the door, and the door is locked. Criteria that determine that it is necessary may be applied.
  • step S540 the vehicle terminal 30 which received the request
  • the door lock / unlock is performed. Locking is performed.
  • the digital signature is generated using the current date and time (the digital signature is added to the current date and time).
  • the mode for identifying whether the request is a lock request or the unlock request, the current date and time A digital signature may be generated using
  • a digital signature can be generated based on various other information. In this case, similarly to the current date and time, it is preferable to generate the digital signature based on temporary information with a small security problem in the case of outflow.
  • the user authentication using the digital signature is performed for the lock / unlock of the automobile door.
  • the same user authentication can be applied to various automobiles other than the door lock / unlock. (For example, engine ON / OFF, etc.).
  • the car sharing system that provides the car sharing service is illustrated, but the embodiment of the present invention is not limited thereto.
  • a system that jointly uses a vehicle (such as a bicycle) other than an automobile and in which a user controls the vehicle (for example, lock / unlock of a lock mechanism) can be included in the embodiments of the present invention.
  • systems other than the system of the aspect which uses a vehicle jointly can also be contained in embodiment of this invention.
  • a system that controls a vehicle that it owns can be included in an embodiment of the present invention. In this case, since it is not necessary to manage the reservation of the vehicle, it is only necessary to manage the association between the vehicle ID (vehicle terminal 30) and the user ID (public key), and the association with the date and time becomes unnecessary.
  • the user terminal 20 stores the secret key and the server 10 stores the public key corresponding to the secret key and the vehicle terminal 30 in association with each other.
  • the control (door lock / unlock) request is transmitted to the vehicle terminal 30 together with the digital signature generated using the secret key stored in the user terminal 20, and the vehicle terminal 30 receives from the user terminal 20.
  • the predetermined control of the vehicle is executed based on the verification result of the verification using the public key stored in the server 10 in association with the vehicle terminal 30 of the digital signature.
  • user authentication associated with vehicle control can be realized with a simple mechanism while maintaining security by using a digital signature according to a public key cryptosystem.
  • the vehicle operation information is configured to be transmitted from the vehicle terminal 30 to the server 10, but instead of this, or in addition to this, the vehicle terminal 30 to the user terminal 20.
  • it can also be configured to be transmitted using short-range wireless communication.
  • all or part of the received operation information may be displayed on the user terminal 20.
  • you may enable it to perform a failure diagnosis of a motor vehicle based on operation information by installing and executing a failure diagnosis application in the user terminal 20.
  • the processes and procedures described in this specification are realized by software, hardware, or any combination thereof other than those explicitly described in the embodiment. More specifically, the processes and procedures described in this specification are performed by mounting logic corresponding to the processes on a medium such as an integrated circuit, a volatile memory, a nonvolatile memory, a magnetic disk, or an optical storage. Realized. Further, the processes and procedures described in this specification can be implemented as a computer program and executed by various computers.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Tourism & Hospitality (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Economics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Primary Health Care (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Lock And Its Accessories (AREA)

Abstract

User authentication involved in vehicle control is achieved with a simple mechanism while maintaining security. In a system according to an embodiment, a user terminal stores a secret key, a server stores a public key corresponding to the secret key in association with a vehicle terminal, the user terminal transmits, to the vehicle terminal, a request for predetermined control of a vehicle, together with a digital signature that is generated using the secret key stored in the user terminal, and the vehicle terminal performs the predetermined control of the vehicle on the basis of a verification result of a verification of the digital signature, received from the user terminal, using the public key, which is stored in the server in association with the vehicle terminal.

Description

車両を管理するシステム及び方法System and method for managing vehicles
相互参照
 本出願は、日本国特許出願2015-085563(2015年4月20日出願)に基づく優先権を主張し、その内容は参照により全体として本明細書に組み込まれる。
 本発明は、車両を管理するシステム及び方法に関し、詳しくは、ユーザ端末と、車両に設けられた車両端末と、サーバと、を備え、前記車両を管理するシステム、及びこれらによって実行される方法に関する。
This cross-reference application claims priority based on Japanese Patent Application No. 2015-085563 (filed Apr. 20, 2015), the contents of which are hereby incorporated by reference in their entirety.
The present invention relates to a system and a method for managing a vehicle, and more particularly, to a system for managing the vehicle, including a user terminal, a vehicle terminal provided in the vehicle, and a server, and a method executed by these. .
 従来より、会員間で自動車を共同使用するカーシェアリングサービスが提供されており、当該サービスを提供するシステムでは、例えば、自動車を使用するユーザが、予め配布されているICカードを用いて自動車のドアのロック/アンロックを行うように構成されている(例えば、特許文献1参照)。このように構成されたシステムでは、具体的には、ICカードに記憶されているユーザ固有の登録コード等の情報が自動車に設けられているカードリーダー等によって読み取られ、この登録コード等を用いた認証を受けることによりドアのロック/アンロックがなされる。 2. Description of the Related Art Conventionally, a car sharing service for jointly using a car among members has been provided. In a system that provides the service, for example, a user of a car can use a smart card distributed in advance to open the door of the car. Is configured to perform locking / unlocking (see, for example, Patent Document 1). In the system configured as described above, specifically, information such as a user-specific registration code stored in the IC card is read by a card reader or the like provided in the automobile, and this registration code or the like is used. The door is locked / unlocked by receiving the authentication.
特開2012-243228号公報JP 2012-243228 A
 しかしながら、上述した従来のシステムでは、ユーザの認証に登録コード等の情報を用いるが、こうした情報はシステムの管理サーバ等によっても通常は管理されるから、登録コード等の情報が管理サーバ等から不正に流出してしまうと、自動車の不正使用のリスクが高まってしまう。こうした不正使用のリスクを低減するために、例えば、ICカードに記憶されている登録コード等の情報を暗号化すると共にカードリーダー側で復号化する等の対応も考えられるものの、通常は、カードリーダー側の処理能力は低いから、カードリーダー側の処理を複雑化するのは難しい。従って、ドアのロック/アンロック等の車両の制御に伴うユーザ認証を、セキュリティを維持しつつ簡易な仕組みで実現することが望まれる。 However, in the above-described conventional system, information such as a registration code is used for user authentication. However, since such information is normally managed by the management server of the system, the information such as the registration code is illegal from the management server. The risk of unauthorized use of the car increases. In order to reduce the risk of such unauthorized use, for example, the information such as the registration code stored in the IC card may be encrypted and decrypted on the card reader side. Since the processing capacity of the card reader is low, it is difficult to complicate the processing of the card reader. Therefore, it is desired to implement user authentication associated with vehicle control such as door locking / unlocking with a simple mechanism while maintaining security.
 本発明の実施形態は、車両の制御に伴うユーザ認証を、セキュリティを維持しつつ簡易な仕組みで実現することを目的の一つとする。本発明の実施形態の他の目的は、本明細書全体を参照することにより明らかとなる。 An embodiment of the present invention has an object to realize user authentication associated with vehicle control with a simple mechanism while maintaining security. Other objects of the embodiments of the present invention will become apparent by referring to the entire specification.
 本発明の一実施形態に係るシステムは、ユーザ端末と、車両に設けられた車両端末と、サーバと、を備え、前記車両を管理するシステムであって、前記ユーザ端末が、秘密鍵を記憶するステップと、前記サーバが、前記秘密鍵に対応する公開鍵と前記車両端末とを関連付けて記憶するステップと、前記ユーザ端末が、前記車両の所定の制御の要求を、当該ユーザ端末が記憶している前記秘密鍵を用いて生成されたデジタル署名と共に前記車両端末に送信するステップと、前記車両端末が、前記ユーザ端末から受信した前記デジタル署名の、前記サーバが当該車両端末と関連付けて記憶している前記公開鍵を用いた検証の検証結果に基づいて、前記車両の前記所定の制御を実行するステップと、を実行する。 The system which concerns on one Embodiment of this invention is a system which comprises a user terminal, the vehicle terminal provided in the vehicle, and the server, and manages the said vehicle, Comprising: The said user terminal memorize | stores a secret key. A step in which the server stores the public key corresponding to the secret key in association with the vehicle terminal, and the user terminal stores a request for predetermined control of the vehicle in the user terminal. Transmitting to the vehicle terminal together with the digital signature generated using the secret key, and the server stores the digital signature received from the user terminal in association with the vehicle terminal. Executing the predetermined control of the vehicle based on a verification result of verification using the public key.
 本発明の一実施形態に係る方法は、ユーザ端末と、車両に設けられた車両端末と、サーバと、によって前記車両を管理する方法であって、前記ユーザ端末が、秘密鍵を記憶するステップと、前記サーバが、前記秘密鍵に対応する公開鍵と前記車両端末とを関連付けて記憶するステップと、前記ユーザ端末が、前記車両の所定の制御の要求を、当該ユーザ端末が記憶している前記秘密鍵を用いて生成されたデジタル署名と共に前記車両端末に送信するステップと、前記車両端末が、前記ユーザ端末から受信した前記デジタル署名の、前記サーバが当該車両端末と関連付けて記憶している前記公開鍵を用いた検証の検証結果に基づいて、前記車両の前記所定の制御を実行するステップと、を備える。 The method which concerns on one Embodiment of this invention is a method of managing the said vehicle by a user terminal, the vehicle terminal provided in the vehicle, and the server, Comprising: The said user terminal memorize | stores a secret key, The server stores the public key corresponding to the secret key in association with the vehicle terminal, and the user terminal stores a request for predetermined control of the vehicle, A step of transmitting to the vehicle terminal together with a digital signature generated using a secret key; and the server stores the digital signature received from the user terminal in association with the vehicle terminal. And executing the predetermined control of the vehicle based on a verification result of verification using a public key.
 本発明の様々な実施形態によって、車両の制御に伴うユーザ認証を、セキュリティを維持しつつ簡易な仕組みで実現することができる。 According to various embodiments of the present invention, user authentication associated with vehicle control can be realized with a simple mechanism while maintaining security.
本発明の一実施形態に係るシステム1の構成を概略的に示す構成図。The lineblock diagram showing roughly the composition of system 1 concerning one embodiment of the present invention. 一実施形態における車両端末30が備える通信I/F33の構成を概略的に示す構成図。The block diagram which shows schematically the structure of communication I / F33 with which the vehicle terminal 30 in one Embodiment is provided. 一実施形態におけるシステム1が備えるサーバ10、ユーザ端末20及び車両端末30が有する機能を概略的に示すブロック図。The block diagram which shows roughly the function which the server 10, the user terminal 20, and the vehicle terminal 30 with which the system 1 in one Embodiment has is provided. 一実施形態における車両端末管理テーブル51aにおいて管理される情報の一例を示す図。The figure which shows an example of the information managed in the vehicle terminal management table 51a in one Embodiment. 一実施形態におけるユーザ管理テーブル51bにおいて管理される情報の一例を示す図。The figure which shows an example of the information managed in the user management table 51b in one Embodiment. 一実施形態における予約管理テーブル51cにおいて管理される情報の一例を示す図。The figure which shows an example of the information managed in the reservation management table 51c in one Embodiment. 一実施形態において車両端末30を初期設定するときに車両端末30とサーバ10との間で行われる通信の様子を示すシーケンス図。The sequence diagram which shows the mode of the communication performed between the vehicle terminal 30 and the server 10 when initializing the vehicle terminal 30 in one Embodiment. 一実施形態においてユーザが公開鍵及び秘密鍵を生成するときにユーザ端末20とサーバ10との間で行われる通信の様子を示すシーケンス図。The sequence diagram which shows the mode of the communication performed between the user terminal 20 and the server 10 when a user produces | generates a public key and a secret key in one Embodiment. 一実施形態においてユーザが自動車を予約するときにユーザ端末20とサーバ10との間で行われる通信の様子を示すシーケンス図。The sequence diagram which shows the mode of the communication performed between the user terminal 20 and the server 10 when a user reserves a motor vehicle in one Embodiment. 一実施形態における予約画面80の一例を示す図。The figure which shows an example of the reservation screen 80 in one Embodiment. 一実施形態における車両詳細画面90の一例を示す図。The figure which shows an example of the vehicle detail screen 90 in one Embodiment. 一実施形態においてユーザが自動車のドアをロック/アンロックするときにサーバ10、ユーザ端末20、及び車両端末30との間で行われる通信の様子を示すシーケンス図。The sequence diagram which shows the mode of the communication performed between the server 10, the user terminal 20, and the vehicle terminal 30 when a user locks / unlocks the door of a motor vehicle in one Embodiment. 一実施形態において車両端末30が自動車の稼動情報をサーバ10に対して送信するときに車両端末30とサーバ10との間で行われる通信の様子を示すシーケンス図。The sequence diagram which shows the mode of the communication performed between the vehicle terminal 30 and the server 10, when the vehicle terminal 30 transmits the operation information of a motor vehicle with respect to the server 10 in one Embodiment.
 図1は、本発明の一実施形態に係るシステム1のネットワーク構成を概略的に示す構成図である。一実施形態におけるシステム1は、図示するように、サーバ10と、ユーザ端末20と、自動車に設置される車両端末30と、を備え、これらが移動体通信網及びインターネット等によって構成される通信網40を介して相互に通信可能に接続されている。一実施形態におけるシステム1は、ユーザによる自動車の共同使用を可能とするカーシェアリングサービスを提供するカーシェアリングシステムとして機能する。なお、図1においては、1つのユーザ端末20及び1つの車両端末30のみを図示しているが、一実施形態におけるシステム1は、複数のユーザ端末20及び複数の車両端末30を備える。 FIG. 1 is a configuration diagram schematically showing a network configuration of a system 1 according to an embodiment of the present invention. As shown in the figure, a system 1 according to an embodiment includes a server 10, a user terminal 20, and a vehicle terminal 30 installed in an automobile, and a communication network including a mobile communication network and the Internet. 40 are communicably connected to each other. The system 1 in one embodiment functions as a car sharing system that provides a car sharing service that enables users to share a car. In FIG. 1, only one user terminal 20 and one vehicle terminal 30 are illustrated, but the system 1 in one embodiment includes a plurality of user terminals 20 and a plurality of vehicle terminals 30.
 まず、一実施形態におけるカーシェアリングサービスの管理サーバとして機能するサーバ10のハードウェア構成について説明する。サーバ10は、一般的なコンピュータとして構成されており、図示のとおり、CPU(コンピュータプロセッサ)11と、メインメモリ12と、ユーザI/F13と、通信I/F14と、ストレージ(記憶装置)15と、を含み、これらの各構成要素がバスを介して互いに電気的に接続されている。CPU11は、ストレージ15からオペレーティングシステムやその他様々なプログラムをメインメモリ12にロードし、このロードしたプログラムに含まれる命令を実行する。メインメモリ12は、CPU11が実行するプログラムを格納するために用いられ、例えば、DRAM等によって構成される。なお、一実施形態におけるサーバ10は、それぞれ上述したようなハードウェア構成を有する複数のコンピュータを用いて構成され得る。 First, the hardware configuration of the server 10 that functions as a management server for the car sharing service in one embodiment will be described. The server 10 is configured as a general computer, and as illustrated, a CPU (computer processor) 11, a main memory 12, a user I / F 13, a communication I / F 14, a storage (storage device) 15, and These components are electrically connected to each other through a bus. The CPU 11 loads an operating system and various other programs from the storage 15 into the main memory 12 and executes instructions included in the loaded programs. The main memory 12 is used for storing a program executed by the CPU 11, and is configured by a DRAM or the like, for example. In addition, the server 10 in one embodiment may be configured using a plurality of computers each having a hardware configuration as described above.
 ユーザI/F13は、例えば、オペレータの入力を受け付けるキーボードやマウス等の情報入力装置と、CPU11の演算結果を出力する液晶ディスプレイ等の情報出力装置とを含む。通信I/F14は、ハードウェア、ファームウェア、又はTCP/IPドライバやPPPドライバ等の通信用ソフトウェア又はこれらの組み合わせとして実装され、通信網40を介してユーザ端末20及び車両端末30と通信可能に構成される。 The user I / F 13 includes, for example, an information input device such as a keyboard and a mouse that accepts an operator's input, and an information output device such as a liquid crystal display that outputs a calculation result of the CPU 11. The communication I / F 14 is implemented as hardware, firmware, communication software such as a TCP / IP driver or PPP driver, or a combination thereof, and is configured to be able to communicate with the user terminal 20 and the vehicle terminal 30 via the communication network 40. Is done.
 ストレージ15は、例えば磁気ディスクドライブで構成され、カーシェアリングサービスの管理機能を提供するための制御用プログラム等の様々なプログラムが記憶される。また、ストレージ15には、当該管理機能を提供するための各種データも記憶され得る。ストレージ15に記憶され得る各種データは、サーバ10と通信可能に接続されるサーバ10とは物理的に別体のデータベースサーバ等に格納されてもよい。 The storage 15 is composed of, for example, a magnetic disk drive, and stores various programs such as a control program for providing a management function of a car sharing service. The storage 15 can also store various data for providing the management function. Various data that can be stored in the storage 15 may be stored in a database server or the like that is physically separate from the server 10 that is communicably connected to the server 10.
 一実施形態において、サーバ10は、ユーザ端末20及び車両端末30との間でHTTP通信を行うウェブサーバとしても機能する。また、サーバ10は、階層構造の複数のウェブページから成るウェブサイトを管理し、こうしたウェブサイトを介してカーシェアリングサービスの管理機能をユーザ端末20のユーザに対して提供し得る。ストレージ15には、このウェブページに対応するHTMLデータも記憶され得る。HTMLデータは、様々な画像データが関連付けられ、又、JavaScript(登録商標)等のスクリプト言語等で記述された様々なプログラムが埋め込まれ得る。 In one embodiment, the server 10 also functions as a web server that performs HTTP communication with the user terminal 20 and the vehicle terminal 30. In addition, the server 10 can manage a website including a plurality of web pages having a hierarchical structure, and can provide a management function of the car sharing service to the user of the user terminal 20 via the website. The storage 15 can also store HTML data corresponding to this web page. HTML data is associated with various image data, and various programs described in a script language such as JavaScript (registered trademark) can be embedded.
 また、一実施形態において、サーバ10は、ユーザ端末20においてウェブブラウザ以外の実行環境上で実行されるアプリケーションを介してカーシェアリングサービスの管理機能を提供し得る。ストレージ15には、こうしたアプリケーションも記憶され得る。このアプリケーションは、例えば、Objective-CやJava(登録商標)等のプログラミング言語を用いて作成される。ストレージ15に記憶されたアプリケーションは、配信要求に応じてユーザ端末20に配信される。なお、ユーザ端末20は、こうしたアプリケーションを、サーバ10以外の他のサーバ(アプリケーションマーケットを提供するサーバ)等からダウンロードすることもできる。 In one embodiment, the server 10 can provide a management function of a car sharing service via an application executed on an execution environment other than the web browser in the user terminal 20. Such applications can also be stored in the storage 15. This application is created using a programming language such as Objective-C or Java (registered trademark). The application stored in the storage 15 is distributed to the user terminal 20 in response to the distribution request. Note that the user terminal 20 can also download such an application from a server other than the server 10 (a server that provides an application market) or the like.
 このように、サーバ10は、カーシェアリングサービスの管理機能を提供するためのウェブサイトを管理し、当該ウェブサイトを構成するウェブページ(HTMLデータ)をユーザ端末20からの要求に応答して配信することができる。また、上述したように、サーバ10は、このようなウェブページ(ウェブブラウザ)を用いた当該管理機能の提供とは代替的に、又は、これに加えて、ユーザ端末20において実行されるアプリケーションとの通信に基づいて当該管理機能を提供することができる。いずれの態様で当該機能を提供するにしても、サーバ10は、カーシェアリングサービスの管理機能の提供に必要な各種データ(画面表示に必要なデータを含む)をユーザ端末20との間で送受信することができる。また、サーバ10は、各ユーザを識別する識別情報(例えば、ユーザID)毎に各種データを記憶し、ユーザ毎にカーシェアリングサービスの提供状況を管理することができる。詳細な説明は省略するが、サーバ10は、ユーザの認証処理や課金処理等を行う機能を有することもできる。 As described above, the server 10 manages the website for providing the management function of the car sharing service, and distributes the web page (HTML data) constituting the website in response to a request from the user terminal 20. be able to. In addition, as described above, the server 10 may be an application executed on the user terminal 20 in place of or in addition to the provision of the management function using such a web page (web browser). The management function can be provided based on the communication. Regardless of which mode is provided, the server 10 transmits and receives various data (including data necessary for screen display) necessary for providing the management function of the car sharing service to and from the user terminal 20. be able to. Further, the server 10 can store various data for each identification information (for example, user ID) for identifying each user, and can manage the provision status of the car sharing service for each user. Although detailed description is omitted, the server 10 may have a function of performing user authentication processing, billing processing, and the like.
 次に、一実施形態におけるカーシェアリングサービスのユーザ(会員)が使用するユーザ端末20のハードウェア構成について説明する。ユーザ端末20は、ウェブページをウェブブラウザ上で表示すると共にアプリケーションを実行するための実行環境を実装した任意の携帯型の情報処理装置であり、スマートフォン、タブレット端末、ウェアラブルデバイス、及びゲーム専用端末等が含まれ得る。 Next, the hardware configuration of the user terminal 20 used by the user (member) of the car sharing service in one embodiment will be described. The user terminal 20 is an arbitrary portable information processing device that displays a web page on a web browser and implements an execution environment for executing an application, such as a smartphone, a tablet terminal, a wearable device, and a game dedicated terminal. Can be included.
 ユーザ端末20は、一般的なコンピュータとして構成され、図1に示すとおり、CPU(コンピュータプロセッサ)21と、メインメモリ22と、ユーザI/F23と、通信I/F24と、ストレージ(記憶装置)25と、を含み、これらの各構成要素がバスを介して互いに電気的に接続されている。 The user terminal 20 is configured as a general computer, and as shown in FIG. 1, a CPU (computer processor) 21, a main memory 22, a user I / F 23, a communication I / F 24, and a storage (storage device) 25. These components are electrically connected to each other through a bus.
 CPU21は、ストレージ25からオペレーティングシステムやその他様々なプログラムをメインメモリ22にロードし、このロードしたプログラムに含まれる命令を実行する。メインメモリ22は、CPU21が実行するプログラムを格納するために用いられ、例えば、DRAM等によって構成される。 The CPU 21 loads an operating system and various other programs from the storage 25 to the main memory 22 and executes instructions included in the loaded programs. The main memory 22 is used for storing a program executed by the CPU 21 and is configured by, for example, a DRAM or the like.
 ユーザI/F23は、例えば、ユーザの入力を受け付けるタッチパネル及びボタン等の情報入力装置と、CPU21の演算結果を出力する液晶ディスプレイ等の情報出力装置とを含む。 The user I / F 23 includes, for example, an information input device such as a touch panel and a button that accepts user input, and an information output device such as a liquid crystal display that outputs a calculation result of the CPU 21.
 通信I/F24は、ハードウェア、ファームウェア、ソフトウェア又はこれらの組み合わせとして実装される。一実施形態において、通信I/F24は、図示するように、通信網40に含まれる3G又はLTE等の移動体通信網を介した通信を実行するための3G/LTEモジュール24aと、Bluetooth(登録商標)、BLE(Bluetooth Low Energy)又はNFC等の近距離無線通信を実行するための近距離無線通信モジュール24bと、を備える。 The communication I / F 24 is implemented as hardware, firmware, software, or a combination thereof. In one embodiment, the communication I / F 24 includes a 3G / LTE module 24a for performing communication via a mobile communication network such as 3G or LTE included in the communication network 40, and Bluetooth (registered) as illustrated. A short-range wireless communication module 24b for performing short-range wireless communication such as a trademark), BLE (Bluetooth Low Energy), or NFC.
 ストレージ25は、例えば磁気ディスクドライブやフラッシュメモリ等により構成され、オペレーティングシステム等の様々なプログラムが記憶される。また、ストレージ25は、サーバ10等から受信した様々なアプリケーションが記憶され得る。 The storage 25 is composed of, for example, a magnetic disk drive or a flash memory, and stores various programs such as an operating system. The storage 25 can store various applications received from the server 10 or the like.
 ユーザ端末20は、例えば、HTML形式のファイル(HTMLデータ)を解釈して画面表示するためのウェブブラウザを備えており、このウェブブラウザの機能によりサーバ10から取得したHTMLデータを解釈して、受信したHTMLデータに対応するウェブページを表示することができる。また、ユーザ端末20のウェブブラウザには、HTMLデータに関連付けられた様々な形式のファイルを実行可能なプラグインソフトが組み込まれ得る。 The user terminal 20 includes, for example, a web browser for interpreting an HTML format file (HTML data) and displaying the screen, and interprets and receives the HTML data acquired from the server 10 by the function of the web browser. A web page corresponding to the HTML data thus displayed can be displayed. Further, plug-in software capable of executing various types of files associated with HTML data can be incorporated in the web browser of the user terminal 20.
 ユーザ端末20のユーザがサーバ10によって提供されるカーシェアリングサービスの管理機能を利用する際には、例えば、HTMLデータやアプリケーションによって指示されたアニメーションや操作用アイコン等がユーザ端末20に画面表示される。ユーザは、ユーザ端末20のタッチパネル等を用いて各種指示を入力することができる。ユーザから入力された指示は、ユーザ端末20のウェブブラウザやNgCore(商標)等のアプリケーション実行環境の機能を介してサーバ10に伝達される。 When the user of the user terminal 20 uses the management function of the car sharing service provided by the server 10, for example, HTML data, an animation instructed by an application, an operation icon, or the like is displayed on the user terminal 20. . The user can input various instructions using the touch panel of the user terminal 20 or the like. An instruction input from the user is transmitted to the server 10 via a function of an application execution environment such as a web browser of the user terminal 20 or NgCore (trademark).
 次に、一実施形態のカーシェアリングサービスにおいて共同使用される自動車に設けられる車両端末30のハードウェア構成について説明する。車両端末30は、図1に示すように、一般的なコンピュータとして構成されており、図示のとおり、CPU(コンピュータプロセッサ)31と、メインメモリ32と、通信I/F33と、ストレージ(記憶装置)34と、を含み、これらの各構成要素がバスを介して互いに電気的に接続されている。 Next, the hardware configuration of the vehicle terminal 30 provided in the automobile used jointly in the car sharing service of the embodiment will be described. As shown in FIG. 1, the vehicle terminal 30 is configured as a general computer, and as illustrated, a CPU (computer processor) 31, a main memory 32, a communication I / F 33, and a storage (storage device). 34, and each of these components is electrically connected to each other via a bus.
 CPU31は、ストレージ34からオペレーティングシステムやその他様々なプログラムをメインメモリ32にロードし、このロードしたプログラムに含まれる命令を実行する。メインメモリ32は、CPU31が実行するプログラムを格納するために用いられ、例えば、DRAM等によって構成される。 The CPU 31 loads an operating system and various other programs from the storage 34 to the main memory 32 and executes instructions included in the loaded programs. The main memory 32 is used for storing a program executed by the CPU 31, and is configured by, for example, a DRAM or the like.
 通信I/F33は、ハードウェア、ファームウェア、ソフトウェア又はこれらの組み合わせとして実装される。図2は、一実施形態における車両端末30の通信I/F33の構成を概略的に示す。一実施形態における通信I/F33は、図示するように、通信網40に含まれる3G又はLTE等の移動体通信網を介した通信を実行するための3G/LTEモジュール33a(第1の通信モジュール)と、Bluetooth(登録商標)、BLE又はNFC等の近距離無線通信を実行するための近距離無線通信モジュール33b(第2の通信モジュール)と、自動車100の車両制御部110との間でCAN(Controller Area Network)通信を実行するためのCAN通信モジュール33cと、を備える。 The communication I / F 33 is implemented as hardware, firmware, software, or a combination thereof. FIG. 2 schematically shows the configuration of the communication I / F 33 of the vehicle terminal 30 in one embodiment. As shown in the figure, the communication I / F 33 in the embodiment includes a 3G / LTE module 33a (first communication module) for executing communication via a mobile communication network such as 3G or LTE included in the communication network 40. ), A short-range wireless communication module 33b (second communication module) for performing short-range wireless communication such as Bluetooth (registered trademark), BLE, or NFC, and the vehicle control unit 110 of the automobile 100. (Controller Area Network) CAN communication module 33c for executing communication.
 3G/LTEモジュール33aは、図示しないGPSアンテナ及び3G/LTEアンテナによって、車両端末30(車両100)の位置情報を取得できるように構成されている。即ち、3G/LTEモジュール33aはGPS衛星からのGPSデータをGPSアンテナによって受信し、このデータに基づき車両端末30の位置情報を取得する。また、3G/LTEモジュール33aは、例えばGPSアンテナがGPSデータを受信できない場所(例えば、地下駐車場等)において、移動体通信網の基地局からのA-GPSデータを3G/LTEアンテナによって受信し、このデータに基づき車両端末30の位置情報を取得する。 The 3G / LTE module 33a is configured to acquire position information of the vehicle terminal 30 (vehicle 100) by a GPS antenna and a 3G / LTE antenna (not shown). That is, the 3G / LTE module 33a receives GPS data from a GPS satellite by a GPS antenna, and acquires position information of the vehicle terminal 30 based on this data. Further, the 3G / LTE module 33a receives A-GPS data from the base station of the mobile communication network by the 3G / LTE antenna, for example, at a place where the GPS antenna cannot receive GPS data (for example, underground parking lot). The position information of the vehicle terminal 30 is acquired based on this data.
 CAN通信モジュール33cは、図2に示すように、自動車100の車両制御部110が有する車両診断用コネクタ(OBDII)111に接続用コネクタ120を介して着脱可能に接続される。車両制御部110は、車両診断用コネクタ111の他、エンジン制御ユニット(ECU)112、メータ制御ユニット(M&A)113、ドア等のボディを制御するボディ制御ユニット(BCM)114、ステアリング制御ユニット(STRG)115、トラクションコントロール等の車両姿勢制御ユニット(TRC)116、及び電源管理ユニット(IPDM)117等の各種の制御ユニットによって構成されている。これらの制御ユニット及び車両診断用コネクタ111は、CANバス118H(CAN Hラ
イン)及び118L(CAN Lライン)によって相互に電気的に接続されており、このバス118H、Lを介して各種の制御信号を相互に送受信する。従って、車両端末30は、車両診断用コネクタ111を介して各種の制御ユニットに制御信号を送信することによって、自動車100の各部を制御することができる。
As shown in FIG. 2, the CAN communication module 33 c is detachably connected to a vehicle diagnosis connector (OBDII) 111 included in the vehicle control unit 110 of the automobile 100 via a connection connector 120. The vehicle control unit 110 includes a vehicle diagnosis connector 111, an engine control unit (ECU) 112, a meter control unit (M & A) 113, a body control unit (BCM) 114 for controlling a body such as a door, and a steering control unit (STRG). ) 115, various control units such as a vehicle attitude control unit (TRC) 116 such as a traction control and a power management unit (IPDM) 117. These control unit and vehicle diagnosis connector 111 are electrically connected to each other by CAN bus 118H (CAN H line) and 118L (CAN L line), and various control signals are transmitted via these buses 118H and L. Send and receive each other. Therefore, the vehicle terminal 30 can control each part of the automobile 100 by transmitting control signals to various control units via the vehicle diagnosis connector 111.
 車両端末30のCPU31は、3G/LTEジュール33a又は近距離無線通信モジュール33bを介して受信した情報を、CAN通信に適合する信号に変換してCAN通信モジュール33cに提供することができる。また、CPU31は、CAN通信モジュール33cから受信した信号を、移動体通信網を介した通信又は近距離無線通信に適合する情報に変換して3G/LTEジュール33a又は近距離無線通信モジュール33bに提供することができる。 The CPU 31 of the vehicle terminal 30 can convert information received via the 3G / LTE module 33a or the short-range wireless communication module 33b into a signal suitable for CAN communication and provide it to the CAN communication module 33c. Further, the CPU 31 converts the signal received from the CAN communication module 33c into information suitable for communication via a mobile communication network or short-range wireless communication, and provides the information to the 3G / LTE module 33a or the short-range wireless communication module 33b. can do.
 次に、このようなハードウェア構成を有する一実施形態におけるシステム1が有する機能について説明する。図3は、システム1(サーバ10、ユーザ端末20及び車両端末30)が有する機能を概略的に示すブロック図である。一実施形態におけるサーバ10は、図3(A)に示すように、様々な情報を記憶する情報記憶部51と、ユーザや自動車(車両端末30)等のカーシェアリングサービスの基本情報の管理に関する処理を実行する基本情報管理部52と、ユーザによる自動車の予約に関する処理を実行する予約管理部53と、自動車の制御に伴うユーザ認証に関する処理を実行するユーザ認証管理部54と、を有する。これらの機能は、CPU11及びメインメモリ12等のハードウェア、並びに、ストレージ15に記憶されている各種プログラムやテーブル等が協働して動作することによって実現され、例えば、ロードしたプログラムに含まれる命令をCPU11が実行することによって実現される。また、図3(A)に例示したサーバ10が有する機能の一部又は全部は、サーバ10と、ユーザ端末20及び/又は車両端末30とが協働することによって実現され得る。 Next, functions of the system 1 according to an embodiment having such a hardware configuration will be described. FIG. 3 is a block diagram schematically showing functions of the system 1 (the server 10, the user terminal 20, and the vehicle terminal 30). As shown in FIG. 3A, the server 10 according to the embodiment includes an information storage unit 51 that stores various information, and processing related to management of basic information of a car sharing service such as a user or a car (vehicle terminal 30). The basic information management unit 52 that executes the above, the reservation management unit 53 that executes the processing related to the reservation of the vehicle by the user, and the user authentication management unit 54 that executes the processing related to the user authentication accompanying the control of the vehicle. These functions are realized by the cooperative operation of hardware such as the CPU 11 and the main memory 12 and various programs and tables stored in the storage 15, for example, instructions included in the loaded program This is realized by the CPU 11 executing. In addition, part or all of the functions of the server 10 illustrated in FIG. 3A can be realized by the cooperation of the server 10, the user terminal 20, and / or the vehicle terminal 30.
 サーバ10の情報記憶部51は、ストレージ15等によって実現され、図3(A)に示すように、車両端末30に関する情報を管理する車両端末管理テーブル51aと、カーシェアリングサービスの会員であるユーザに関する情報を管理するユーザ管理テーブル51bと、ユーザによる自動車の予約に関する情報を管理する予約管理テーブル51cと、を有する。図4は、一実施形態における車両端末管理テーブル51aにおいて管理される情報の一例を示す。車両端末管理テーブル51aは、図示するように、個別の車両端末30を識別する「車両端末ID」に対応付けて、この車両端末30との通信の暗号化に用いる共通鍵を示す「共通鍵」、この車両端末30が設けられる自動車を識別する「車両ID」、この自動車の車種、年式、排気量等の基本情報である「車両基本情報」、この自動車の走行距離、燃料残量、位置情報(現在地)、ドアのロック状態、及び、運転状態(エンジン回転数、車速、ステアリング角度、及び急ブレーキ作動数等の統計情報等)等の稼動情報である「車両稼動情報」、等の情報を管理する。車両端末ID及び共通鍵は、詳しくは後述するが、車両端末30の初期設定時に登録される。また、車両稼動情報は、詳しくは後述するが、自動車100の車両制御部110から収集された情報、及び、位置情報等を車両端末30から受信して登録される。 The information storage unit 51 of the server 10 is realized by the storage 15 or the like, and as shown in FIG. 3A, the vehicle terminal management table 51a for managing information related to the vehicle terminal 30 and the user who is a member of the car sharing service. It has a user management table 51b for managing information and a reservation management table 51c for managing information related to car reservation by the user. FIG. 4 shows an example of information managed in the vehicle terminal management table 51a in the embodiment. As shown in the figure, the vehicle terminal management table 51a is associated with a “vehicle terminal ID” that identifies an individual vehicle terminal 30, and a “common key” that indicates a common key used for encryption of communication with the vehicle terminal 30. "Vehicle ID" that identifies the vehicle on which the vehicle terminal 30 is provided, "Vehicle basic information" that is basic information such as the vehicle type, year, and displacement of the vehicle, travel distance, fuel remaining amount, and position of the vehicle Information such as information (current location), door locking status, and driving status (statistical information such as engine speed, vehicle speed, steering angle, and number of sudden braking operations), etc. Manage. The vehicle terminal ID and the common key are registered at the time of initial setting of the vehicle terminal 30 as will be described in detail later. Further, as will be described in detail later, the vehicle operation information is registered by receiving information collected from the vehicle control unit 110 of the automobile 100, position information, and the like from the vehicle terminal 30.
 ここで、一実施形態のカーシェアリングサービスにおいて共同使用される自動車には、カーシェアリングサービスの事業者以外の一般のオーナーが所有する自動車が含まれ得る。この場合、自動車が共同使用されることを希望する自動車オーナーに対して、カーシェアリングサービスの事業者等から車両端末30が提供され、自動車オーナーは、提供された車両端末30を自身の自動車に接続する。自動車オーナーは、自身が所有する自動車がカーシェアリングサービスにおいて使用されることに応じて対価を得ることができる。なお、車両端末管理テーブル51aの車両ID及び車両基本情報には、車両端末30が設けられる自動車に関する情報が、自動車オーナー又はカーシェリングサービスの事業者等によって登録される。 Here, the vehicles used jointly in the car sharing service of the embodiment may include vehicles owned by general owners other than the business operator of the car sharing service. In this case, the vehicle terminal 30 is provided by a car sharing service operator or the like to the vehicle owner who wishes to use the vehicle jointly, and the vehicle owner connects the provided vehicle terminal 30 to his / her vehicle. To do. The car owner can get a price in response to the use of the car he owns in the car sharing service. In addition, in the vehicle ID and vehicle basic information of the vehicle terminal management table 51a, information related to the vehicle on which the vehicle terminal 30 is provided is registered by the vehicle owner or a car shelling service provider.
 図5は、一実施形態におけるユーザ管理テーブル51bにおいて管理される情報の一例を示す。ユーザ管理テーブル51bは、図示するように、個別のユーザを識別する「ユーザID」に対応付けて、氏名、住所、連絡先、請求情報、支払情報等のユーザに関する基本情報である「ユーザ基本情報」、このユーザが自動車の制御を行うときのユーザ認証に用いられる公開鍵である「公開鍵」等の情報を管理する。ユーザ基本情報は、カーシェアリングサービスにユーザ登録するとき等のタイミングにおいてユーザから提供される情報が登録される。また、公開鍵は、詳しくは後述するが、ユーザ端末20によって生成された公開鍵が当該ユーザ端末20から送信されて登録される。 FIG. 5 shows an example of information managed in the user management table 51b in the embodiment. As shown in the figure, the user management table 51b is associated with a “user ID” for identifying an individual user, and “user basic information” is basic information about the user such as name, address, contact information, billing information, and payment information. ”Manages information such as“ public key ”which is a public key used for user authentication when the user controls the vehicle. As the user basic information, information provided by the user at a timing such as when the user is registered in the car sharing service is registered. The public key, which will be described in detail later, is registered by transmitting the public key generated by the user terminal 20 from the user terminal 20.
 図6は、一実施形態における予約管理テーブル51cにおいて管理される情報の一例を示す。予約管理テーブル51cは、図示するように、自動車を識別する「車両ID」と「予約日時」との組合せに対応付けて、この自動車をこの予約日時において予約しているユーザを識別する「ユーザID」等の情報を管理する。これらの情報は、詳しくは後述するが、ユーザ端末20を介したユーザによる自動車の予約に応じて登録される。 FIG. 6 shows an example of information managed in the reservation management table 51c in one embodiment. As shown in the figure, the reservation management table 51c is associated with a combination of “vehicle ID” that identifies a car and “reservation date and time”, and “user ID” that identifies a user who reserves this car at this reservation date and time. Etc. "is managed. Although these details will be described later, these pieces of information are registered in response to a car reservation by the user via the user terminal 20.
 サーバ10の基本情報管理部52は、ユーザや自動車(車両端末30)等の基本情報の管理に関する様々な処理を実行する。例えば、基本情報管理部52は、上述した車両端末管理テーブル51a及びユーザ管理テーブル51bにおいて管理される情報の登録、更新、削除等に関する処理を実行する。例えば、基本情報管理部52は、ユーザ端末20から受信した公開鍵とユーザとを関連付けてユーザ管理テーブル51bに登録する。 The basic information management unit 52 of the server 10 executes various processes related to management of basic information such as a user and a car (vehicle terminal 30). For example, the basic information management unit 52 executes processing related to registration, update, deletion, and the like of information managed in the vehicle terminal management table 51a and the user management table 51b described above. For example, the basic information management unit 52 associates the public key received from the user terminal 20 with the user and registers them in the user management table 51b.
 サーバ10の予約管理部53は、ユーザによる自動車の予約に関する様々な処理を実行する。例えば、予約管理部53は、ユーザ端末20を介したユーザによる自動車の予約を受け付けたときに、当該ユーザと、予約された自動車と、予約された日時とを関連付けて予約管理テーブル51cに登録する。 The reservation management unit 53 of the server 10 executes various processes related to the car reservation by the user. For example, when the reservation management unit 53 receives a reservation for a vehicle by the user via the user terminal 20, the reservation management unit 53 associates the user, the reserved vehicle, and the date and time of reservation with each other and registers them in the reservation management table 51c. .
 サーバ10のユーザ認証管理部54は、自動車の制御に伴うユーザ認証に関する様々な処理を実行する。例えば、ユーザ認証管理部54は、車両端末30から受信したデジタル署名を、当該車両端末30と関連付けて記憶されている公開鍵を用いて検証し、当該検証の検証結果を車両端末30に送信する。デジタル署名の検証は、例えば、現在日時に対応する日時及び車両端末30に関連付けて記憶されている公開鍵を用いてデジタル署名を検証することが含まれる。 The user authentication management unit 54 of the server 10 executes various processes related to user authentication accompanying the control of the automobile. For example, the user authentication management unit 54 verifies the digital signature received from the vehicle terminal 30 using a public key stored in association with the vehicle terminal 30 and transmits the verification result of the verification to the vehicle terminal 30. . The verification of the digital signature includes, for example, verifying the digital signature using the date and time corresponding to the current date and time and the public key stored in association with the vehicle terminal 30.
 一実施形態におけるユーザ端末20は、図3(B)に示すように、様々な情報を記憶する情報記憶部61と、鍵(秘密鍵及び公開鍵)の管理に関する処理を実行する鍵管理部62と、自動車の制御の要求に関する処理を実行する車両制御要求部63と、を有する。これらの機能は、CPU21及びメインメモリ22等のハードウェア、並びに、ストレージ25に記憶されている各種プログラム等が協働して動作することによって実現され、例えば、ロードしたプログラムに含まれる命令をCPU21が実行することによって実現される。また、図3(B)に例示したユーザ端末20が有する機能の一部又は全部は、ユーザ端末20と、サーバ10及び/又は車両端末30とが協働することによって実現され得る。 As illustrated in FIG. 3B, the user terminal 20 according to the embodiment includes an information storage unit 61 that stores various information, and a key management unit 62 that performs processing related to key (private key and public key) management. And a vehicle control requesting unit 63 that executes processing related to a request for control of the automobile. These functions are realized by the hardware such as the CPU 21 and the main memory 22 and various programs stored in the storage 25 operating in cooperation. For example, the CPU 21 can execute instructions included in the loaded program. Is realized by executing. In addition, part or all of the functions of the user terminal 20 illustrated in FIG. 3B can be realized by the cooperation of the user terminal 20, the server 10, and / or the vehicle terminal 30.
 ユーザ端末20の情報記憶部61は、ストレージ25等によって実現され、例えば、自動車の制御に伴うユーザ認証に用いられる秘密鍵を記憶する。 The information storage unit 61 of the user terminal 20 is realized by the storage 25 or the like, and stores, for example, a secret key used for user authentication accompanying control of the automobile.
 ユーザ端末20の鍵管理部62は、自動車の制御に伴うユーザ認証に用いられる秘密鍵及び公開鍵の管理に関する様々な処理を実行する。例えば、鍵管理部62は、ユーザからの要求に応答して秘密鍵及び公開鍵を生成し、当該秘密鍵を情報記憶部61(ストレージ25等)に記憶すると共に当該公開鍵をサーバ10に送信する。 The key management unit 62 of the user terminal 20 executes various processes related to management of a secret key and a public key used for user authentication accompanying the control of the automobile. For example, the key management unit 62 generates a secret key and a public key in response to a request from the user, stores the secret key in the information storage unit 61 (such as the storage 25), and transmits the public key to the server 10 To do.
 ユーザ端末20の車両制御要求部63は、自動車の制御の要求に関する様々な処理を実行する。例えば、車両制御要求部63は、自動車の制御の要求を、情報記憶部61に記憶されている秘密鍵を用いて生成されたデジタル署名と共に車両端末30に送信する。ここで、自動車の所定の制御には、自動車のドアのロック/アンロックが含まれる。 The vehicle control request unit 63 of the user terminal 20 executes various processes related to the request for control of the automobile. For example, the vehicle control request unit 63 transmits a request for control of the automobile to the vehicle terminal 30 together with a digital signature generated using a secret key stored in the information storage unit 61. Here, the predetermined control of the automobile includes locking / unlocking of the door of the automobile.
 一実施形態における車両端末30は、図3(C)に示すように、様々な情報を記憶する情報記憶部71と、自動車の制御に関する処理を実行する車両制御部72と、サーバ10との連携に関する処理を実行するサーバ連携部73と、を有する。これらの機能は、CPU31及びメインメモリ32等のハードウェア、並びに、ストレージ34に記憶されている各種プログラム等が協働して動作することによって実現され、例えば、ロードしたプログラムに含まれる命令をCPU31が実行することによって実現される。また、図3(C)に例示した車両端末30が有する機能の一部又は全部は、車両端末30と、サーバ10及び/又はユーザ端末20とが協働することによって実現され得る。 As illustrated in FIG. 3C, the vehicle terminal 30 according to the embodiment includes an information storage unit 71 that stores various types of information, a vehicle control unit 72 that performs processing related to automobile control, and a server 10. And a server cooperation unit 73 that executes a process related to. These functions are realized by the cooperation of hardware such as the CPU 31 and the main memory 32, and various programs stored in the storage 34. For example, the CPU 31 can execute instructions included in the loaded program. Is realized by executing. In addition, part or all of the functions of the vehicle terminal 30 illustrated in FIG. 3C can be realized by the cooperation of the vehicle terminal 30, the server 10, and / or the user terminal 20.
 車両端末30の情報記憶部71は、ストレージ34等によって実現され、例えば、当該車両端末30を識別する車両ID、及び、サーバ10との通信の暗号化に用いる共通鍵を記憶する。 The information storage unit 71 of the vehicle terminal 30 is realized by the storage 34 or the like, and stores, for example, a vehicle ID for identifying the vehicle terminal 30 and a common key used for encryption of communication with the server 10.
 車両端末30の車両制御部72は、車両診断用コネクタ111を介して接続されている自動車100の各部の制御に関する様々な処理を実行する。例えば、車両制御部72は、ユーザ端末20から受信したデジタル署名の検証結果に基づいて、自動車100の各部の制御を実行する。例えば、車両制御部72は、ユーザ端末20から受信したデジタル署名の検証の要求を、当該デジタル署名と共にサーバ10に送信し、当該サーバ10から受信した検証結果に基づいて自動車100の各部の制御を実行する。自動車100の制御は、例えば、CAN通信モジュール33cを介して各種の制御ユニットに制御信号を送信することによって行われる。 The vehicle control unit 72 of the vehicle terminal 30 executes various processes related to the control of each unit of the automobile 100 connected via the vehicle diagnosis connector 111. For example, the vehicle control unit 72 controls each unit of the automobile 100 based on the verification result of the digital signature received from the user terminal 20. For example, the vehicle control unit 72 transmits a request for verifying the digital signature received from the user terminal 20 to the server 10 together with the digital signature, and controls each unit of the automobile 100 based on the verification result received from the server 10. Execute. The control of the automobile 100 is performed, for example, by transmitting a control signal to various control units via the CAN communication module 33c.
 車両端末30のサーバ連携部73は、サーバ10との連携に関する様々な処理を実行する。例えば、サーバ連携部73は、自動車100の車両制御部110から様々な稼動情報を収集してサーバ10に送信する。例えば、サーバ連携部73は、車両端末30の位置情報をサーバ10に送信する。例えば、サーバ連携部73は、車両端末30の初期設定時におけるサーバ10との様々な通信を実行する。 The server cooperation unit 73 of the vehicle terminal 30 executes various processes related to cooperation with the server 10. For example, the server cooperation unit 73 collects various operation information from the vehicle control unit 110 of the automobile 100 and transmits it to the server 10. For example, the server cooperation unit 73 transmits the position information of the vehicle terminal 30 to the server 10. For example, the server cooperation unit 73 executes various communications with the server 10 when the vehicle terminal 30 is initially set.
 次に、このような機能を有する一実施形態におけるシステム1の動作について説明する。まず、車両端末30の初期設定に関する動作について説明する。図7は、車両端末30を初期設定するときに車両端末30とサーバ10との間で行われる通信の様子を示すシーケンス図である。車両端末30を初期設定するときには、まず、図示するように、車両端末30が、サーバ10に対して初期設定を要求する(ステップS100)。この初期設定の要求は、例えば、一般的なスマートフォン等の端末装置から車両端末30に対して近距離無線通信等を介して初期設定が指示されたときに、車両端末30によって実行される。例えば、車両端末30を提供された自動車オーナー、又は、カーシェアリングサービスの事業者等がスマートフォン等の端末装置を介して車両端末30に対して初期設定を指示する。 Next, the operation of the system 1 in one embodiment having such a function will be described. First, an operation related to the initial setting of the vehicle terminal 30 will be described. FIG. 7 is a sequence diagram illustrating a state of communication performed between the vehicle terminal 30 and the server 10 when the vehicle terminal 30 is initially set. When the vehicle terminal 30 is initially set, first, as shown in the figure, the vehicle terminal 30 requests the server 10 for initial setting (step S100). The request for the initial setting is executed by the vehicle terminal 30 when the initial setting is instructed from a terminal device such as a general smartphone to the vehicle terminal 30 via short-range wireless communication or the like. For example, an automobile owner who is provided with the vehicle terminal 30 or an operator of a car sharing service instructs the vehicle terminal 30 to perform initial settings via a terminal device such as a smartphone.
 次に、サーバ10が、初期設定を要求した車両端末30の車両端末ID、及び、この車両端末30とサーバ10との間の通信の暗号化に用いる共通鍵を生成、登録すると共に車両端末30に送信する(ステップS110)。一実施形態において、車両端末ID及び共通鍵は、車両端末管理テーブル51aに登録される。共通鍵の生成は、例えば、DES、AES等の共通鍵暗号方式に従う様々な鍵生成アルゴリズムを適用して行うことができる。 Next, the server 10 generates and registers the vehicle terminal ID of the vehicle terminal 30 that requested the initial setting, and the common key used for encryption of communication between the vehicle terminal 30 and the server 10, and the vehicle terminal 30. (Step S110). In one embodiment, the vehicle terminal ID and the common key are registered in the vehicle terminal management table 51a. The common key can be generated by applying various key generation algorithms according to a common key encryption method such as DES and AES.
 そして、車両端末30が、受信した車両端末ID及び共通鍵を登録する(ステップS120)。一実施形態において、車両端末ID及び共通鍵は、車両端末30の情報記憶部71(ストレージ34等)の予め定められた領域に登録される。このように、車両端末30の初期設定では、車両端末30の車両端末ID及び共通鍵がサーバ10において生成され、サーバ10及び車両端末30においてそれぞれ登録される。ここで、初期設定後の車両端末30とサーバ10との間の通信は、初期設定時に登録、共有された共通鍵を用いて暗号化される。なお、こうした共通鍵を用いた暗号化は必ずしも行う必要はなく、共通鍵を用いた暗号化を行わない場合には、共通鍵の生成、共有は不要である。 Then, the vehicle terminal 30 registers the received vehicle terminal ID and common key (step S120). In one embodiment, the vehicle terminal ID and the common key are registered in a predetermined area of the information storage unit 71 (such as the storage 34) of the vehicle terminal 30. As described above, in the initial setting of the vehicle terminal 30, the vehicle terminal ID and the common key of the vehicle terminal 30 are generated in the server 10 and registered in the server 10 and the vehicle terminal 30, respectively. Here, the communication between the vehicle terminal 30 and the server 10 after the initial setting is encrypted using a common key registered and shared during the initial setting. Note that it is not always necessary to perform encryption using such a common key. If encryption using a common key is not performed, generation and sharing of a common key is not necessary.
 以上、車両端末30の初期設定に関する動作について説明した。次に、ユーザによる公開鍵及び秘密鍵の生成に関する動作について説明する。図8は、ユーザが公開鍵及び秘密鍵を生成するときにユーザ端末20とサーバ10との間で行われる通信の様子を示すシーケンス図である。公開鍵及び秘密鍵を生成するときには、まず、図示するように、ユーザ端末20が公開鍵及び秘密鍵を生成する(ステップS200)。一実施形態におけるカーシェアリングサービスでは、自動車のドアのロック/アンロックに伴うユーザ認証において公開鍵及び秘密鍵が必要とされる。従って、カーシェアリングサービスにユーザ登録したユーザは、当該サービスの利用(自動車の使用)を開始する前に、例えば、ユーザ端末20上で表示される画面を介して公開鍵及び秘密鍵の生成を指示する。そして、当該指示に応答して、ユーザ端末20が公開鍵及び秘密鍵を生成する。一実施形態において、公開鍵及び秘密鍵の生成は、例えば、RSA等の公開鍵暗号方式に従う様々な鍵生成アルゴリズムを適用して行なうことができる。 The operation related to the initial setting of the vehicle terminal 30 has been described above. Next, the operation related to the generation of the public key and the secret key by the user will be described. FIG. 8 is a sequence diagram illustrating a state of communication performed between the user terminal 20 and the server 10 when the user generates a public key and a secret key. When generating a public key and a secret key, first, as shown in the figure, the user terminal 20 generates a public key and a secret key (step S200). In the car sharing service in one embodiment, a public key and a secret key are required for user authentication accompanying locking / unlocking of a car door. Therefore, a user who has registered as a car sharing service instructs the generation of a public key and a private key via a screen displayed on the user terminal 20, for example, before starting the use of the service (use of a car). To do. In response to the instruction, the user terminal 20 generates a public key and a secret key. In one embodiment, the generation of a public key and a secret key can be performed by applying various key generation algorithms according to a public key cryptosystem such as RSA, for example.
 次に、ユーザ端末20が、生成した公開鍵をサーバ10に送信すると共に(ステップS210)、秘密鍵を登録する(ステップS220)。一実施形態において、秘密鍵は、ユーザ端末20の情報記憶部61(ストレージ25等)の予め定められた領域に登録される。 Next, the user terminal 20 transmits the generated public key to the server 10 (step S210) and registers the secret key (step S220). In one embodiment, the secret key is registered in a predetermined area of the information storage unit 61 (storage 25 or the like) of the user terminal 20.
 そして、サーバ10が、ユーザ端末20から受信した公開鍵を登録する(ステップS230)。一実施形態において、公開鍵は、ユーザ管理テーブル51bに登録される。このように、ユーザによる公開鍵及び秘密鍵の生成では、ユーザ端末20において生成された公開鍵暗号方式に従う公開鍵及び秘密鍵のうち、秘密鍵がユーザ端末20に登録され、公開鍵がサーバ10に送信されて登録される。 Then, the server 10 registers the public key received from the user terminal 20 (step S230). In one embodiment, the public key is registered in the user management table 51b. As described above, in the generation of the public key and the secret key by the user, the secret key is registered in the user terminal 20 among the public key and the secret key generated in the user terminal 20 according to the public key cryptosystem, and the public key is the server 10. Sent to and registered.
 以上、ユーザによる公開鍵及び秘密鍵の生成に関する動作について説明した。次に、ユーザによる自動車の予約に関する動作について説明する。図9は、ユーザが自動車を予約するときにユーザ端末20とサーバ10との間で行われる通信の様子を示すシーケンス図である。ユーザが自動車を予約するときには、まず、図示するように、サーバ10が予約画面の画面データをユーザ端末20に送信する(ステップS300)。例えば、ユーザが、ユーザ端末20を介してカーシェアリングサービスのウェブサイトにアクセスし、又は、ユーザ端末20上で当該サービス用のアプリケーションを実行し、サーバ10に対して予約画面の画面データの送信を要求すると、サーバ10から当該画面データがユーザ端末20に対して送信される。 In the above, the operation related to the generation of the public key and the secret key by the user has been described. Next, an operation related to a car reservation by the user will be described. FIG. 9 is a sequence diagram illustrating a state of communication performed between the user terminal 20 and the server 10 when the user reserves a car. When a user reserves a car, first, as shown in the figure, the server 10 transmits screen data of a reservation screen to the user terminal 20 (step S300). For example, the user accesses the website of the car sharing service via the user terminal 20 or executes the application for the service on the user terminal 20 and transmits the screen data of the reservation screen to the server 10. When requested, the server 10 transmits the screen data to the user terminal 20.
 図10は、画面データを受信したユーザ端末20において表示される予約画面80の一例を示す。一実施形態における予約画面80は、図示するように、予約する日付を入力するための日付入力領域81と、予約時間の開始時刻を入力するための開始時刻入力領域82と、予約時間の終了時刻を入力するための終了時刻入力領域83と、予約する自動車が所在する地域を入力するための地域入力領域84と、検索ボタン85と、検索結果表示領域86と、を有する。ユーザが、予約する自動車の検索条件として入力領域81-84それぞれに情報を入力した上で検索ボタン85を選択すると、入力した検索条件に適合する自動車に関する情報が検索結果表示領域86に一覧表示される。具体的には、入力した予約日時(日付、並びに、開始時刻及び終了時刻によって特定される時間帯)に使用可能であり(他のユーザによって予約されておらず)、且つ、入力された地域に所在する自動車が、車両端末管理テーブル51a及び予約管理テーブル51c等を参照することによって特定され、特定された自動車に関する情報(例えば、画像、車両基本情報等)が、検索結果表示領域86に一覧表示される。 FIG. 10 shows an example of the reservation screen 80 displayed on the user terminal 20 that has received the screen data. The reservation screen 80 according to the embodiment includes a date input area 81 for inputting a reservation date, a start time input area 82 for inputting a start time of a reservation time, and an end time of the reservation time, as illustrated. End time input area 83, an area input area 84 for inputting the area where the automobile to be reserved is located, a search button 85, and a search result display area 86. When the user inputs information in each of the input areas 81-84 as search conditions for a car to be reserved and selects the search button 85, information related to the car that meets the input search conditions is displayed in a list in the search result display area 86. The Specifically, it can be used for the input reservation date and time (date and time zone specified by the start time and end time) (not reserved by other users) and in the input region. The car that is located is identified by referring to the vehicle terminal management table 51a, the reservation management table 51c, etc., and information about the identified automobile (for example, images, basic vehicle information, etc.) is displayed in a list in the search result display area 86. Is done.
 そして、ユーザが、予約画面80の検索結果表示領域86に一覧表示されている自動車の中から所望の自動車を選択すると、図11に例示する車両詳細画面90が表示される。車両詳細画面90は、図示するように、自動車に関する情報(例えば、画像、車両基本情報等)と、予約情報(予約日時)とが表示され、予約ボタン94が画面下方に配置されている。 Then, when the user selects a desired vehicle from among the vehicles displayed in the search result display area 86 of the reservation screen 80, a vehicle detail screen 90 illustrated in FIG. 11 is displayed. As shown in the figure, the vehicle detail screen 90 displays information related to automobiles (for example, images, basic vehicle information, etc.) and reservation information (reservation date and time), and a reservation button 94 is arranged at the bottom of the screen.
 そして、ユーザが予約ボタン94を選択すると、ユーザ端末20からサーバ10に対して予約の要求(ステップS310)が行われ、サーバ10によって予約の登録が行われる(ステップS320)。一実施形態において、予約の登録は、自動車の車両IDと、予約日時と、ユーザのユーザIDと、を関連付けて予約管理テーブル51cに登録することによって行われる。このように、ユーザによる自動車の予約では、車両IDと予約日時とユーザIDとが関連付けて登録される。ここで、車両IDは車両端末管理テーブル51aにおいて車両端末IDに関連付けられており、ユーザIDはユーザ管理テーブル51bにおいて公開鍵に関連付けられているから、ユーザによる自動車の予約によって、車両端末30と予約日時と公開鍵とが関連付けて登録される、と言うこともできる。 When the user selects the reservation button 94, a request for reservation is made from the user terminal 20 to the server 10 (step S310), and reservation is registered by the server 10 (step S320). In one embodiment, the reservation is registered by associating the vehicle ID of the car, the reservation date and time, and the user ID of the user in the reservation management table 51c. As described above, in the automobile reservation by the user, the vehicle ID, the reservation date and time, and the user ID are registered in association with each other. Here, the vehicle ID is associated with the vehicle terminal ID in the vehicle terminal management table 51a, and the user ID is associated with the public key in the user management table 51b. It can also be said that the date and time are registered in association with the public key.
 以上、ユーザによる自動車の予約に関する動作について説明した。次に、自動車のドアのロック/アンロックに関する動作について説明する。図12は、ユーザが自動車のドアをロック/アンロックするときにサーバ10、ユーザ端末20、及び車両端末30との間で行われる通信の様子を示すシーケンス図である。ユーザが自動車のドアをロック/アンロックするときには、まず、図示するように、ユーザ端末20が、ユーザが現在日時において予約している自動車(車両端末30)に関する情報である予約車両情報を、サーバ10に対して要求する(ステップS400)。一実施形態において、ユーザは、ユーザ端末20上に表示される画面を介して自動車のロック/アンロックを指示することができ、当該指示がなされると、ユーザ端末20からサーバ10に対して予約車両情報の要求が行なわれる。ユーザは、例えば、予約している開始時刻(又は開始時刻の所定時間前(例えば10分前)等)になったときに、ユーザ端末20を用いて自動車のドアのアンロックを指示する。 In the above, the operation related to the car reservation by the user has been described. Next, an operation related to locking / unlocking the door of an automobile will be described. FIG. 12 is a sequence diagram illustrating a state of communication performed between the server 10, the user terminal 20, and the vehicle terminal 30 when the user locks / unlocks the door of the automobile. When the user locks / unlocks the door of the car, first, as shown in the figure, the user terminal 20 stores reserved vehicle information, which is information related to the car (vehicle terminal 30) reserved by the user at the current date and time, as a server. 10 is requested (step S400). In one embodiment, the user can instruct locking / unlocking of a car via a screen displayed on the user terminal 20, and when the instruction is given, the user terminal 20 makes a reservation to the server 10. A request for vehicle information is made. For example, when the reserved start time (or a predetermined time before the start time (for example, 10 minutes before) or the like) is reached, the user uses the user terminal 20 to instruct to unlock the door of the automobile.
 次に、サーバ10が予約車両情報をユーザ端末20に送信する(ステップS410)。一実施形態において、予約車両情報には、ユーザ端末20のユーザが現在日時において予約している自動車に関連付けられている車両端末30の車両端末ID(車両端末管理テーブル51a及び予約管理テーブル51cを参照することによって特定することができる)の他、現在日時(サーバ10のシステム日時)が含まれる。 Next, the server 10 transmits reserved vehicle information to the user terminal 20 (step S410). In one embodiment, in the reserved vehicle information, the vehicle terminal ID of the vehicle terminal 30 associated with the automobile reserved by the user of the user terminal 20 at the current date and time (see the vehicle terminal management table 51a and the reservation management table 51c). The current date and time (system date and time of the server 10) is included.
 そして、予約車両情報を受信したユーザ端末20は、受信した予約車両情報に含まれる現在日時と記憶している秘密鍵とに基づいてデジタル署名を生成する(ステップS415)。言い換えると、現在日時に対して秘密鍵を用いたデジタル署名が行われる。一実施形態において、デジタル署名は、例えば、現在日時のハッシュ値を、情報記憶部61に記憶されている秘密鍵を用いて予め定められた暗号化方式で暗号化することによって生成される。 Then, the user terminal 20 that has received the reserved vehicle information generates a digital signature based on the current date and time included in the received reserved vehicle information and the stored secret key (step S415). In other words, a digital signature using a secret key is performed for the current date and time. In one embodiment, the digital signature is generated, for example, by encrypting a hash value of the current date and time with a predetermined encryption method using a secret key stored in the information storage unit 61.
 続いて、ユーザ端末20がドアのロック/アンロックを車両端末30に対して要求する(ステップS420)。一実施形態において、ロック/アンロックの要求は、ユーザ端末20と車両端末30との間で近距離無線通信を用いて行われる。ここで、一実施形態においては、ユーザ端末20が車両端末30との近距離無線通信による接続を確立するときに、予約車両情報に含まれる車両端末IDと車両端末30から取得した車両端末IDとを照合する。また、ロック/アンロックの要求には、例えば、予約車両情報に含まれる「車両端末ID」、ロックの要求かアンロックの要求かを識別する「モード」、予約車両情報に含まれる現在日時を示す「日時」、及び、生成したデジタル署名、等の情報が含まれる。 Subsequently, the user terminal 20 requests the vehicle terminal 30 to lock / unlock the door (step S420). In one embodiment, the lock / unlock request is made between the user terminal 20 and the vehicle terminal 30 using near field communication. Here, in one embodiment, when the user terminal 20 establishes a short-distance wireless communication connection with the vehicle terminal 30, the vehicle terminal ID included in the reserved vehicle information and the vehicle terminal ID acquired from the vehicle terminal 30 are Is matched. The lock / unlock request includes, for example, a “vehicle terminal ID” included in the reserved vehicle information, a “mode” identifying whether the request is a lock request or an unlock request, and the current date and time included in the reserved vehicle information. Information such as “date and time” to be shown and the generated digital signature is included.
 そして、車両端末30が、ユーザ端末20から受信したロック/アンロックの要求に含まれるデジタル署名の検証を、サーバ10に対して要求する(ステップS430)。デジタル署名の検証の要求には、車両端末ID、日時、及びデジタル署名、等の情報が含まれ、一実施形態においては、ユーザ端末20から受信したロック/アンロックの要求が、サーバ10に対して送信される。なお、上述したように、一実施形態において、車両端末30とサーバ10との通信は、車両端末30の初期設定時に生成、共有された共通鍵を用いて暗号化される。 Then, the vehicle terminal 30 requests the server 10 to verify the digital signature included in the lock / unlock request received from the user terminal 20 (step S430). The request for verifying the digital signature includes information such as the vehicle terminal ID, the date and time, and the digital signature. In one embodiment, the lock / unlock request received from the user terminal 20 is sent to the server 10. Sent. Note that, as described above, in one embodiment, the communication between the vehicle terminal 30 and the server 10 is encrypted using a common key generated and shared when the vehicle terminal 30 is initially set.
 そして、サーバ10が、車両端末30から受信したデジタル署名を検証し(ステップS440)、検証結果を車両端末30に送信する(ステップS450)。一実施形態において、デジタル署名の検証は、まず、受信した車両端末IDに対応する車両IDを車両端末管理テーブル51aを参照して特定し、特定した車両IDと受信した日時との組合せに対応するユーザID(即ち、特定した車両IDが識別する自動車を、受信した日時(現在日時)において予約しているユーザのユーザID)を予約管理テーブル51cを参照して特定し、このユーザIDに対応する公開鍵をユーザ管理テーブル51bを参照して特定する。そして、受信した日時と特定した公開鍵とを用いてデジタル署名を検証する。例えば、受信した日時のハッシュ値と、デジタル署名を公開鍵を用いて復号化して得られるハッシュ値とを比較する。 Then, the server 10 verifies the digital signature received from the vehicle terminal 30 (step S440), and transmits the verification result to the vehicle terminal 30 (step S450). In one embodiment, the verification of the digital signature first specifies a vehicle ID corresponding to the received vehicle terminal ID with reference to the vehicle terminal management table 51a, and corresponds to a combination of the specified vehicle ID and the received date and time. The user ID (that is, the user ID of the user who has reserved the car identified by the specified vehicle ID at the received date and time (current date and time)) is specified with reference to the reservation management table 51c, and corresponds to this user ID. The public key is specified with reference to the user management table 51b. Then, the digital signature is verified using the received date and time and the specified public key. For example, the hash value of the received date and time is compared with the hash value obtained by decrypting the digital signature using the public key.
 ここで、ドアのロック/アンロックを要求したユーザが、車両端末30が設けられている自動車を現在日時において適正に予約している場合には、デジタル署名を生成したときの秘密鍵とデジタル署名を検証するときの公開鍵は、共に当該ユーザの鍵(当該ユーザがユーザ端末20上で生成した公開鍵とこれに対応する秘密鍵)であるから、検証OKと判断される。例えば、デジタル署名を復号化して得られるハッシュ値と車両端末30から受信した日時のハッシュ値とが一致する場合には検証OKと判断され、これらの値が一致しない場合には検証NGと判断される。 Here, when the user who has requested the lock / unlock of the door appropriately reserves the automobile on which the vehicle terminal 30 is provided at the current date and time, the secret key and the digital signature when the digital signature is generated Since the public key for verifying both is the key of the user (the public key generated by the user on the user terminal 20 and the corresponding private key), it is determined that the verification is OK. For example, when the hash value obtained by decrypting the digital signature and the hash value of the date and time received from the vehicle terminal 30 match, it is determined as verification OK, and when these values do not match, it is determined as verification NG. The
 続いて、デジタル署名の検証結果を受信した車両端末30は、検証結果に基づいてロック/アンロック処理を実行する(ステップS460、S470)。即ち、検証結果が検証OKである場合には、ロック/アンロック処理をそのまま実行し、検証結果が検証NGである場合には、ロック/アンロック処理を実行することなく予め定められたエラー処理を実行する。一実施形態において、ロック/アンロック処理の実行は、車両端末30が、CAN通信モジュール33cを介してドアのロック/アンロックに対応する制御信号を車両制御部110(ボディ制御ユニット114)に対して送信することによって行われる。 Subsequently, the vehicle terminal 30 that has received the verification result of the digital signature executes lock / unlock processing based on the verification result (steps S460 and S470). That is, when the verification result is verification OK, the lock / unlock process is executed as it is, and when the verification result is verification NG, a predetermined error process is executed without executing the lock / unlock process. Execute. In one embodiment, the lock / unlock process is executed when the vehicle terminal 30 sends a control signal corresponding to the lock / unlock of the door to the vehicle control unit 110 (body control unit 114) via the CAN communication module 33c. Is done by sending.
 このように、自動車のドアのロック/アンロックでは、現在日時(一時情報)と秘密鍵とを用いて生成したデジタル署名(現在日時に付加されたデジタル署名)を、秘密鍵に対応する公開鍵を用いて検証することにより、ロック/アンロックを要求するユーザの認証が行われる。ここで、車両端末30に対するロック/アンロックの要求は、ユーザ端末20によって近距離無線通信を用いて行われるから、車両端末30(自動車)から遠隔に所在する第三者によるロック/アンロックの要求を防止することができる。また、一時的な情報である現在日時にデジタル署名を付加するから、仮に、不正に現在日時が流出してもセキュリティ上の問題は小さい。更に、ユーザ端末20において生成、登録された秘密鍵は他の装置に送信されないため、秘密鍵が流出するリスクも低い。また、デジタル署名の検証をサーバ10が行うため、車両端末30の処理負荷が低減されている仕組みであると言える。 As described above, in locking / unlocking a car door, a digital signature (digital signature added to the current date and time) generated using the current date and time (temporary information) and the secret key is used as a public key corresponding to the secret key. The user who requests the lock / unlock is authenticated by using the verification. Here, since the lock / unlock request for the vehicle terminal 30 is made by the user terminal 20 using short-range wireless communication, the lock / unlock by a third party located remotely from the vehicle terminal 30 (automobile) is performed. Requests can be prevented. In addition, since a digital signature is added to the current date and time, which is temporary information, there is little security problem even if the current date and time are illegally leaked. Furthermore, since the secret key generated and registered in the user terminal 20 is not transmitted to other devices, the risk of the secret key being leaked is low. Moreover, since the server 10 performs verification of the digital signature, it can be said that the processing load of the vehicle terminal 30 is reduced.
 以上、自動車のドアのロック/アンロックに関する動作について説明した。次に、車両端末30による自動車の稼動情報の送信に関する動作について説明する。図13は、車両端末30が自動車の稼動情報をサーバ10に対して送信するときに車両端末30とサーバ10との間で行われる通信の様子を示すシーケンス図である。一実施形態において、自動車の稼動情報の送信は、定期的(例えば、1時間毎)に行われ、まず、図示するように、車両端末30がサーバ10に稼動情報を送信する(ステップS500)。一実施形態において、稼動情報の送信は、例えば、車両端末30が自動車100の車両制御部110に含まれる各種の制御ユニットから収集した情報、及び、位置情報等を、サーバ10に対して送信することによって行われる。 This completes the description of the operation related to locking / unlocking the doors of automobiles. Next, an operation related to transmission of vehicle operation information by the vehicle terminal 30 will be described. FIG. 13 is a sequence diagram illustrating a state of communication performed between the vehicle terminal 30 and the server 10 when the vehicle terminal 30 transmits automobile operation information to the server 10. In one embodiment, the vehicle operation information is transmitted periodically (for example, every hour). First, as shown in the figure, the vehicle terminal 30 transmits the operation information to the server 10 (step S500). In one embodiment, the operation information is transmitted, for example, by the vehicle terminal 30 transmitting information collected from various control units included in the vehicle control unit 110 of the automobile 100, position information, and the like to the server 10. Is done by.
 次に、サーバ10が車両端末30から受信した稼動情報を登録する(ステップS510)。一実施形態において、稼動情報は、車両端末管理テーブル51aに登録される。 Next, the server 10 registers the operation information received from the vehicle terminal 30 (step S510). In one embodiment, the operation information is registered in the vehicle terminal management table 51a.
 そして、サーバ10が、受信した稼動情報に基づいてドアのロック/アンロックの要否を判定し(ステップS520)、ロック/アンロックが必要であると判定された場合には、ロック/アンロックの要求を車両端末30に対して送信する(ステップS530)。一実施形態において、ロック/アンロックの要否の判定は、様々な基準を適用して行うことができる。例えば、一定時間を超えてエンジンが停止状態となっており、且つ、ドアがアンロック状態となっているときには、ユーザがドアのロックを忘れている可能性が高いと判断し、ドアのロックが必要であると判定する基準を適用し得る。 Then, the server 10 determines whether or not the door needs to be locked / unlocked based on the received operation information (step S520). If it is determined that the lock / unlock is necessary, the server 10 locks / unlocks. Is transmitted to the vehicle terminal 30 (step S530). In one embodiment, the determination of whether locking / unlocking is necessary can be performed by applying various criteria. For example, if the engine is stopped for a certain period of time and the door is unlocked, it is determined that the user is likely to have forgotten to lock the door, and the door is locked. Criteria that determine that it is necessary may be applied.
 そして、ロック/アンロックの要求を受信した車両端末30は、要求内容に応じてドアのロック/アンロック処理を実行する(ステップS540)。このように、車両端末30による自動車の稼動情報の送信では、自動車の稼動情報がサーバ10に対して定期的に送信され、稼動情報に基づいて必要と判定された場合に、ドアのロック/アンロックが行なわれる。 And the vehicle terminal 30 which received the request | requirement of lock / unlock performs the lock / unlock process of a door according to the request | requirement content (step S540). As described above, in the transmission of the vehicle operation information by the vehicle terminal 30, when the vehicle operation information is periodically transmitted to the server 10 and determined to be necessary based on the operation information, the door lock / unlock is performed. Locking is performed.
 上述した一実施形態では、現在日時を用いてデジタル署名を生成する(現在日時にデジタル署名を付加する)ように構成したが、ロックの要求かアンロックの要求かを識別するモードと現在日時とを用いてデジタル署名を生成するように構成しても良い。また、これら以外の様々な情報に基づいてデジタル署名を生成するように構成することもできる。この場合、現在日時と同様に、流出した場合のセキュリティ上の問題が小さい一時的な情報に基づいてデジタル署名を生成するのが好ましい。 In the above-described embodiment, the digital signature is generated using the current date and time (the digital signature is added to the current date and time). However, the mode for identifying whether the request is a lock request or the unlock request, the current date and time, A digital signature may be generated using In addition, a digital signature can be generated based on various other information. In this case, similarly to the current date and time, it is preferable to generate the digital signature based on temporary information with a small security problem in the case of outflow.
 上述した一実施形態では、自動車のドアのロック/アンロックに対してデジタル署名を用いたユーザ認証を行うように構成したが、同様のユーザ認証は、ドアのロック/アンロック以外の様々な自動車の制御(例えば、エンジンのON/OFF等)に適用され得る。 In the above-described embodiment, the user authentication using the digital signature is performed for the lock / unlock of the automobile door. However, the same user authentication can be applied to various automobiles other than the door lock / unlock. (For example, engine ON / OFF, etc.).
 上述した一実施形態では、カーシェアリングサービスを提供するカーシェアリングシステムを例示したが、本発明の実施形態はこれに限られない。例えば、自動車以外の車両(自転車等)を共同使用するシステムであって、ユーザが当該車両の制御(例えば、ロック機構のロック/アンロック)を行うシステムは、本発明の実施形態に含まれ得る。また、車両を共同使用する態様のシステム以外のシステムもまた、本発明の実施形態に含まれ得る。例えば、自身が所有する車両を制御するシステムは、本発明の実施形態に含まれ得る。この場合、車両の予約を管理する必要がないから、車両ID(車両端末30)とユーザID(公開鍵)との関連付けのみを管理すれば良く、日時との関連付けは不要となる。 In the above-described embodiment, the car sharing system that provides the car sharing service is illustrated, but the embodiment of the present invention is not limited thereto. For example, a system that jointly uses a vehicle (such as a bicycle) other than an automobile and in which a user controls the vehicle (for example, lock / unlock of a lock mechanism) can be included in the embodiments of the present invention. . Moreover, systems other than the system of the aspect which uses a vehicle jointly can also be contained in embodiment of this invention. For example, a system that controls a vehicle that it owns can be included in an embodiment of the present invention. In this case, since it is not necessary to manage the reservation of the vehicle, it is only necessary to manage the association between the vehicle ID (vehicle terminal 30) and the user ID (public key), and the association with the date and time becomes unnecessary.
 以上説明した本発明の実施形態は、ユーザ端末20が秘密鍵を記憶すると共にサーバ10が秘密鍵に対応する公開鍵と車両端末30とを関連付けて記憶し、ユーザ端末20が、車両の所定の制御(ドアのロック/アンロック)の要求を、当該ユーザ端末20が記憶している秘密鍵を用いて生成されたデジタル署名と共に車両端末30に送信し、車両端末30が、ユーザ端末20から受信したデジタル署名の、サーバ10が車両端末30と関連付けて記憶している公開鍵を用いた検証の検証結果に基づいて、車両の所定の制御を実行する。このように、本発明の実施形態は、公開鍵暗号方式に従うデジタル署名を用いて、車両の制御に伴うユーザ認証を、セキュリティを維持しつつ簡易な仕組みで実現することができる。 In the embodiment of the present invention described above, the user terminal 20 stores the secret key and the server 10 stores the public key corresponding to the secret key and the vehicle terminal 30 in association with each other. The control (door lock / unlock) request is transmitted to the vehicle terminal 30 together with the digital signature generated using the secret key stored in the user terminal 20, and the vehicle terminal 30 receives from the user terminal 20. The predetermined control of the vehicle is executed based on the verification result of the verification using the public key stored in the server 10 in association with the vehicle terminal 30 of the digital signature. As described above, according to the embodiment of the present invention, user authentication associated with vehicle control can be realized with a simple mechanism while maintaining security by using a digital signature according to a public key cryptosystem.
 上述した実施形態では、自動車の稼動情報は、車両端末30からサーバ10に対して送信されるように構成したが、これに代えて、又は、これに加えて、車両端末30からユーザ端末20に対して近距離無線通信を用いて送信されるように構成することもできる。この場合、更に、受信した稼動情報の全部又は一部をユーザ端末20上で表示するように構成し得る。こうすれば、車室内のユーザは、メーターには表示されない様々な稼動情報をユーザ端末20上で確認することができる。また、ユーザ端末20に故障診断アプリをインストールして実行することにより、稼動情報に基づいて、自動車の故障診断を行えるようにしてもよい。 In the above-described embodiment, the vehicle operation information is configured to be transmitted from the vehicle terminal 30 to the server 10, but instead of this, or in addition to this, the vehicle terminal 30 to the user terminal 20. On the other hand, it can also be configured to be transmitted using short-range wireless communication. In this case, all or part of the received operation information may be displayed on the user terminal 20. In this way, the user in the vehicle compartment can check various operation information not displayed on the meter on the user terminal 20. Moreover, you may enable it to perform a failure diagnosis of a motor vehicle based on operation information by installing and executing a failure diagnosis application in the user terminal 20.
 本明細書で説明された処理及び手順は、実施形態中で明示的に説明されたもの以外にも、ソフトウェア、ハードウェアまたはこれらの任意の組み合わせによって実現される。より具体的には、本明細書で説明される処理及び手順は、集積回路、揮発性メモリ、不揮発性メモリ、磁気ディスク、光ストレージ等の媒体に、当該処理に相当するロジックを実装することによって実現される。また、本明細書で説明される処理及び手順は、それらの処理・手順をコンピュータプログラムとして実装し、各種のコンピュータに実行させることが可能である。 The processes and procedures described in this specification are realized by software, hardware, or any combination thereof other than those explicitly described in the embodiment. More specifically, the processes and procedures described in this specification are performed by mounting logic corresponding to the processes on a medium such as an integrated circuit, a volatile memory, a nonvolatile memory, a magnetic disk, or an optical storage. Realized. Further, the processes and procedures described in this specification can be implemented as a computer program and executed by various computers.
 本明細書中で説明される処理及び手順が単一の装置、ソフトウェア、コンポーネント、モジュールによって実行される旨が説明されたとしても、そのような処理または手順は複数の装置、複数のソフトウェア、複数のコンポーネント、及び/又は複数のモジュールによって実行され得る。また、本明細書中で説明されるデータ、テーブル、又はデータベースが単一のメモリに格納される旨説明されたとしても、そのようなデータ、テーブル、又はデータベースは、単一の装置に備えられた複数のメモリまたは複数の装置に分散して配置された複数のメモリに分散して格納され得る。さらに、本明細書において説明されるソフトウェアおよびハードウェアの要素は、それらをより少ない構成要素に統合して、またはより多い構成要素に分解することによって実現することも可能である。 Even if the processes and procedures described herein are described as being performed by a single device, software, component, or module, such processes or procedures may be performed by multiple devices, multiple software, multiple Component and / or multiple modules. In addition, even though the data, tables, or databases described herein are described as being stored in a single memory, such data, tables, or databases are provided on a single device. Alternatively, the data can be distributed and stored in a plurality of memories or a plurality of memories arranged in a plurality of devices. Further, the software and hardware elements described herein may be implemented by integrating them into fewer components or by decomposing them into more components.
 本明細書において、発明の構成要素が単数もしくは複数のいずれか一方として説明された場合、又は、単数もしくは複数のいずれとも限定せずに説明された場合であっても、文脈上別に解すべき場合を除き、当該構成要素は単数又は複数のいずれであってもよい。 In the present specification, when the constituent elements of the invention are described as one or a plurality, or when they are described without being limited to one or a plurality of cases, they should be understood separately in context. The component may be either singular or plural.
 1 システム
 10 サーバ
 20 ユーザ端末
 30 車両端末
 40 通信網
 51 情報記憶部
 52 基本情報管理部
 53 予約管理部
 54 ユーザ認証管理部
 61 情報記憶部
 62 鍵管理部
 63 車両制御要求部
 71 情報記憶部
 72 車両制御部
 73 サーバ連携部
 80 予約画面
 90 車両詳細画面
 100 自動車
 110 車両制御部
 111 車両診断用コネクタ
 120 接続用コネクタ
1 system 10 server 20 user terminal 30 vehicle terminal 40 communication network 51 information storage unit 52 basic information management unit 53 reservation management unit 54 user authentication management unit 61 information storage unit 62 key management unit 63 vehicle control request unit 71 information storage unit 72 vehicle Control unit 73 Server cooperation unit 80 Reservation screen 90 Vehicle detail screen 100 Automobile 110 Vehicle control unit 111 Vehicle diagnostic connector 120 Connector for connection

Claims (10)

  1.  ユーザ端末と、車両に設けられた車両端末と、サーバと、を備え、前記車両を管理するシステムであって、
     前記ユーザ端末が、秘密鍵を記憶するステップと、
     前記サーバが、前記秘密鍵に対応する公開鍵と前記車両端末とを関連付けて記憶するステップと、
     前記ユーザ端末が、前記車両の所定の制御の要求を、当該ユーザ端末が記憶している前記秘密鍵を用いて生成されたデジタル署名と共に前記車両端末に送信するステップと、
     前記車両端末が、前記ユーザ端末から受信した前記デジタル署名の、前記サーバが当該車両端末と関連付けて記憶している前記公開鍵を用いた検証の検証結果に基づいて、前記車両の前記所定の制御を実行するステップと、を実行する、
     システム。
    A system comprising a user terminal, a vehicle terminal provided in a vehicle, and a server, and managing the vehicle,
    The user terminal storing a secret key;
    The server stores the public key corresponding to the secret key in association with the vehicle terminal; and
    The user terminal transmitting a request for predetermined control of the vehicle to the vehicle terminal together with a digital signature generated using the secret key stored in the user terminal;
    The predetermined control of the vehicle based on a verification result of verification of the digital signature received from the user terminal by the vehicle terminal using the public key stored in association with the vehicle terminal by the server. Performing steps, performing,
    system.
  2.  請求項1に記載のシステムであって、
     前記所定の制御を実行するステップは、
     前記車両端末が、前記ユーザ端末から受信した前記デジタル署名の検証の要求を、当該デジタル署名と共に前記サーバに送信するステップと、
     前記サーバが、前記車両端末から受信した前記デジタル署名を、当該サーバが当該車両端末と関連付けて記憶している前記公開鍵を用いて検証し、当該検証の検証結果を前記車両端末に送信するステップと、を含む、
     システム。
    The system of claim 1, comprising:
    The step of executing the predetermined control includes:
    The vehicle terminal transmitting a request for verification of the digital signature received from the user terminal to the server together with the digital signature;
    The server verifies the digital signature received from the vehicle terminal using the public key stored in association with the vehicle terminal, and transmits the verification result of the verification to the vehicle terminal. Including,
    system.
  3.  請求項2に記載のシステムであって、
     前記所定の制御の要求を送信するステップは、前記ユーザ端末が、一時的な一時情報と、当該一時情報と前記秘密鍵とを用いて生成された前記デジタル署名とを前記車両端末に送信することを含み、
     前記デジタル署名の検証の要求を送信するステップは、前記車両端末が、前記一時情報と前記デジタル署名とを前記サーバに送信することを含み、
     前記検証結果を送信するステップは、前記サーバが、前記車両端末から受信した前記一時情報と前記公開鍵とを用いて前記デジタル署名を検証することを含む、
     システム。
    The system of claim 2, comprising:
    In the step of transmitting the predetermined control request, the user terminal transmits temporary temporary information and the digital signature generated using the temporary information and the secret key to the vehicle terminal. Including
    Transmitting the request for verification of the digital signature includes the vehicle terminal transmitting the temporary information and the digital signature to the server;
    The step of transmitting the verification result includes the server verifying the digital signature using the temporary information received from the vehicle terminal and the public key.
    system.
  4.  前記公開鍵と前記車両端末とを関連付けて記憶するステップは、前記サーバが、前記公開鍵が関連付けられているユーザと、前記車両端末が関連付けられている車両と、を関連付けて記憶することを含む請求項1ないし3何れかに記載のシステム。 The step of associating and storing the public key and the vehicle terminal includes the server associating and storing the user associated with the public key and the vehicle associated with the vehicle terminal. The system according to claim 1.
  5.  請求項4に記載のシステムであって、
     前記秘密鍵を記憶するステップは、
     前記ユーザ端末が、ユーザからの指示に応答して前記秘密鍵及び前記公開鍵を生成し、当該秘密鍵を当該ユーザ端末に記憶すると共に当該公開鍵を前記サーバに送信し、
     前記サーバが、前記ユーザ端末から受信した前記公開鍵と前記ユーザとを関連付けて記憶する、ことを含む、
     システム。
    5. The system according to claim 4, wherein
    Storing the secret key comprises:
    The user terminal generates the secret key and the public key in response to an instruction from the user, stores the secret key in the user terminal and transmits the public key to the server,
    The server stores the public key received from the user terminal in association with the user,
    system.
  6.  請求項4又は5に記載のシステムであって、
     前記公開鍵と前記車両端末とを関連付けて記憶するステップは、前記サーバが、前記公開鍵と前記車両端末と日時とを関連付けて記憶することを含み、
     前記デジタル署名の検証は、現在日時に対応する前記日時及び前記車両端末に関連付けて前記サーバが記憶している前記公開鍵を用いて前記デジタル署名を検証することを含む、
     システム。
    The system according to claim 4 or 5, wherein
    The step of storing the public key and the vehicle terminal in association includes the server storing the public key, the vehicle terminal, and the date and time in association with each other,
    The verification of the digital signature includes verifying the digital signature using the date and time corresponding to the current date and time and the public key stored in the server in association with the vehicle terminal.
    system.
  7.  前記公開鍵と前記車両端末とを関連付けて記憶するステップは、前記サーバが、前記ユーザ端末を介したユーザによる車両の予約を受け付けたときに、当該ユーザと、予約された当該車両と、予約された日時とを関連付けて記憶することを含む請求項6に記載のシステム。 The step of associating and storing the public key and the vehicle terminal is reserved when the server accepts a reservation of the vehicle by the user via the user terminal and the user and the reserved vehicle. The system according to claim 6, further comprising storing the date and time in association with each other.
  8.  請求項1ないし7何れかに記載のシステムであって、
     前記車両端末は、
     CPUと、
     前記車両の1又は複数の車両制御ユニットに接続されている車両診断用コネクタに接続用コネクタを介して接続され、当該複数の車両制御ユニットとの間でCAN通信を実行するCAN通信モジュールと、
     前記サーバと移動体通信網を介した通信を実行する第1の通信モジュールと、
     前記ユーザ端末と近距離無線通信を実行する第2の通信モジュールと、を備える、
     システム
    A system according to any one of claims 1 to 7,
    The vehicle terminal is
    CPU,
    A CAN communication module that is connected to a vehicle diagnostic connector connected to one or a plurality of vehicle control units of the vehicle via a connection connector and performs CAN communication with the plurality of vehicle control units;
    A first communication module for performing communication with the server via a mobile communication network;
    A second communication module for performing near field communication with the user terminal,
    system
  9.  前記車両の前記所定の制御は、車両のドアのロック/アンロックを含む請求項1ないし8何れかに記載のシステム。 9. The system according to claim 1, wherein the predetermined control of the vehicle includes locking / unlocking of a vehicle door.
  10.  ユーザ端末と、車両に設けられた車両端末と、サーバと、によって前記車両を管理する方法であって、
     前記ユーザ端末が、秘密鍵を記憶するステップと、
     前記サーバが、前記秘密鍵に対応する公開鍵と前記車両端末とを関連付けて記憶するステップと、
     前記ユーザ端末が、前記車両の所定の制御の要求を、当該ユーザ端末が記憶している前記秘密鍵を用いて生成されたデジタル署名と共に前記車両端末に送信するステップと、
     前記車両端末が、前記ユーザ端末から受信した前記デジタル署名の、前記サーバが当該車両端末と関連付けて記憶している前記公開鍵を用いた検証の検証結果に基づいて、前記車両の前記所定の制御を実行するステップと、を備える、
     方法。
    A method of managing the vehicle by a user terminal, a vehicle terminal provided in the vehicle, and a server,
    The user terminal storing a secret key;
    The server stores the public key corresponding to the secret key in association with the vehicle terminal; and
    The user terminal transmitting a request for predetermined control of the vehicle to the vehicle terminal together with a digital signature generated using the secret key stored in the user terminal;
    The predetermined control of the vehicle based on a verification result of verification of the digital signature received from the user terminal by the vehicle terminal using the public key stored in association with the vehicle terminal by the server. Performing the steps of:
    Method.
PCT/JP2016/054948 2015-04-20 2016-02-19 System and method for managing vehicle WO2016170834A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2015-085563 2015-04-20
JP2015085563A JP5879451B1 (en) 2015-04-20 2015-04-20 System and method for managing vehicles

Publications (1)

Publication Number Publication Date
WO2016170834A1 true WO2016170834A1 (en) 2016-10-27

Family

ID=55440643

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/054948 WO2016170834A1 (en) 2015-04-20 2016-02-19 System and method for managing vehicle

Country Status (2)

Country Link
JP (1) JP5879451B1 (en)
WO (1) WO2016170834A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106980059A (en) * 2017-04-11 2017-07-25 宁波如意股份有限公司 Storage haulage equipment remote failure diagnosis system and method based on Internet of Things
CN109902989A (en) * 2017-12-07 2019-06-18 丰田自动车株式会社 It collects delivering control system and collects delivering control method
CN111200496A (en) * 2019-11-05 2020-05-26 储长青 Digital key implementation method based on vehicle
CN112702170A (en) * 2020-12-23 2021-04-23 北京新能源汽车技术创新中心有限公司 Management method, management system, viewing method and viewing terminal for vehicle data
CN113442871A (en) * 2021-06-30 2021-09-28 重庆长安新能源汽车科技有限公司 NFC-based keyless entry method and system
CN114599030A (en) * 2020-12-04 2022-06-07 宝能汽车集团有限公司 Vehicle, remote control method thereof, storage medium and terminal device

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SG11201811007TA (en) * 2016-07-29 2019-02-27 Nchain Holdings Ltd Blockchain-implemented method and system
JP6181336B1 (en) 2017-03-22 2017-08-16 俊之介 島野 Sharing system
CN115966038A (en) * 2021-10-13 2023-04-14 华为技术有限公司 Digital key opening method, equipment and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001255953A (en) * 2000-02-25 2001-09-21 Bayerische Motoren Werke Ag Method for applying competence by using license
JP2004178385A (en) * 2002-11-28 2004-06-24 Park 24 Co Ltd Car sharing supporting system, method for supporting car sharing, and computer program
JP2009275363A (en) * 2008-05-12 2009-11-26 Tokai Rika Co Ltd Electronic key system
JP2012172325A (en) * 2011-02-18 2012-09-10 Kddi Corp Smart key system of vehicle, vehicle operation method by smart key, and program
WO2013076760A1 (en) * 2011-11-22 2013-05-30 三菱電機株式会社 Electronic key system, and lock-side terminal and portable terminal employed in same
JP2013257653A (en) * 2012-06-11 2013-12-26 Toyota Infotechnology Center Co Ltd Car sharing system, communication terminal, communication program, and communication method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001255953A (en) * 2000-02-25 2001-09-21 Bayerische Motoren Werke Ag Method for applying competence by using license
JP2004178385A (en) * 2002-11-28 2004-06-24 Park 24 Co Ltd Car sharing supporting system, method for supporting car sharing, and computer program
JP2009275363A (en) * 2008-05-12 2009-11-26 Tokai Rika Co Ltd Electronic key system
JP2012172325A (en) * 2011-02-18 2012-09-10 Kddi Corp Smart key system of vehicle, vehicle operation method by smart key, and program
WO2013076760A1 (en) * 2011-11-22 2013-05-30 三菱電機株式会社 Electronic key system, and lock-side terminal and portable terminal employed in same
JP2013257653A (en) * 2012-06-11 2013-12-26 Toyota Infotechnology Center Co Ltd Car sharing system, communication terminal, communication program, and communication method

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106980059A (en) * 2017-04-11 2017-07-25 宁波如意股份有限公司 Storage haulage equipment remote failure diagnosis system and method based on Internet of Things
CN109902989A (en) * 2017-12-07 2019-06-18 丰田自动车株式会社 It collects delivering control system and collects delivering control method
CN111200496A (en) * 2019-11-05 2020-05-26 储长青 Digital key implementation method based on vehicle
CN111200496B (en) * 2019-11-05 2022-10-14 广州明锐物联网络科技有限公司 Digital key implementation method based on vehicle
CN114599030A (en) * 2020-12-04 2022-06-07 宝能汽车集团有限公司 Vehicle, remote control method thereof, storage medium and terminal device
CN112702170A (en) * 2020-12-23 2021-04-23 北京新能源汽车技术创新中心有限公司 Management method, management system, viewing method and viewing terminal for vehicle data
CN113442871A (en) * 2021-06-30 2021-09-28 重庆长安新能源汽车科技有限公司 NFC-based keyless entry method and system

Also Published As

Publication number Publication date
JP5879451B1 (en) 2016-03-08
JP2016206813A (en) 2016-12-08

Similar Documents

Publication Publication Date Title
JP5879451B1 (en) System and method for managing vehicles
US11444933B2 (en) Onboard vehicle digital identification transmission
US10924271B2 (en) Vehicle access systems and methods
CN100593166C (en) Portable computing environment
US10645578B2 (en) System for using mobile terminals as keys for vehicles
US8863256B1 (en) System and method for enabling secure transactions using flexible identity management in a vehicular environment
JP2016208494A (en) System and method for managing vehicle
US9515829B2 (en) Information distribution method, information distribution system and in-vehicle terminal
EP3653454A1 (en) Multi-factor authentication for vehicles
JP2012203428A (en) Authentication system and authentication method
JP2019109630A (en) Management device for designated parking service, method for supporting usage of the same, and program
JP2011039712A (en) Car sharing system
JP2013258491A (en) Car sharing system and car sharing provisioning method
US10467429B2 (en) Systems and methods for secure user profiles
JP2013257653A (en) Car sharing system, communication terminal, communication program, and communication method
CN110297865B (en) Vehicle control method, system, and computer-readable storage medium
KR20200089562A (en) Method and apparatus for managing a shared digital key
CN114364575A (en) Method for identifying and authenticating a user profile for using a service installed on a motor vehicle
JP7478596B2 (en) Rescue system, rescue method, and rescue program
KR20130094673A (en) Method and system for subscribing one-day car insurance
US20220121221A1 (en) Selective digital key
JP2023153138A (en) request processing system
CN116714549A (en) Vehicle keyless driving control method and system
CN118354311A (en) Method and apparatus for sharing digital keys
JP2019125307A (en) vehicle

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16782856

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16782856

Country of ref document: EP

Kind code of ref document: A1