JP5332928B2 - Wireless communication apparatus and wireless communication method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a radio communication apparatus and a radio communication method which do not impair connectivity while securing a necessary security level by an I/O capability of a device. <P>SOLUTION: When Bluetooth-compatible equipment DbtA performs authentication without authenticating a user since the Bluetooth-compatible equipment Dbt does not have I/O capability for performing user authentication using a PIN number when the Bluetooth-compatible equipment Dbt takes the lead to perform the authentication, a control part 100 performs user authentication in accordance with equipment information of the opposite equipment and a service type. <P>COPYRIGHT: (C)2011,JPO&amp;INPIT

Description

  The present invention relates to a wireless communication apparatus that performs wireless communication with an authentication procedure such as Bluetooth (registered trademark).

  Non-Patent Document 1 defines a new connection authentication procedure called Secure Simple Pairing (hereinafter abbreviated as SSP). SSP has two purposes. One objective is to improve usability by simplifying the authentication procedure. The other is to improve security by introducing public key cryptosystems and improving resistance to spoofing (Passive Eavesdropping) and impersonation (Man-In-The-Middle, Active Eavesdropping).

  Next, a procedure for authenticating between device A and device B will be described. Here, device A can display numbers in the device shape, and can input numbers and Yes / No, and device B can be used regardless of shape (authentication processing is divided according to the shape of device B) ).

  In the conventional authentication procedure (Non-Patent Document 2), for example, let the user enter a common 4-digit PIN number for both device A and device B, and check whether both numbers match. This prevents impersonation, and also conceals the link key by generating a link key from the PIN number entered by the user, thereby preventing eavesdropping.

  If the device shape of device A can display numbers and numbers and Yes / No can be entered, but device B cannot enter numbers due to the shape of the device, the device B manual etc. The PIN number is entered in advance, and the user can maintain the security level by inputting the PIN number into device A.

  However, these methods have problems in terms of usability and security. From the viewpoint of usability, there is a problem that it is difficult for the user to input a four-digit number into both devices, or when a fixed PIN number is used, it is difficult for the user to hold the number. From the viewpoint of security, there are only 9999 link key candidates, so there was a problem that the link key could be found by brute force check.

  In SSP (Non-Patent Document 1, Version 2.1 or later), in order to solve the above problem, first, public key cryptography is applied to link key generation to increase resistance to listening and improve security performance. .

  Furthermore, SSP has two methods for authentication procedures. That is, there are an authentication method A that can prevent both spoofing and spoofing, and an authentication method B that prevents only spoofing and cannot prevent spoofing. The method is selected by authenticating device B in device A based on the I / O capability of device B notified in advance prior to the authentication procedure.

As an example of the authentication method A, the Numeric Comparison method (Non-Patent Document 1) will be described.
Impersonation means that a malicious intermediary exists between device A and device B, behaves as device B for device A, and behaves as device A for device B. It is assumed that authentication is successful, and wiretapping or tampering with communication data is performed.

  The Numeric Comparison method prevents impersonation by allowing the user to confirm that the connected device is the intended device with a simple operation. Specifically, in the middle of the authentication procedure, a 6-digit number is generated in both devices by a calculation determined from the public keys (Public Key A, Public Key B) of both devices. The user visually confirms that the same number is displayed on both devices and presses the Yes button to continue the procedure as a successful authentication. If the numbers displayed on both devices are different, pressing the No button will terminate the procedure as an authentication failure.

Explain that this method is resistant to impersonation.
When an intermediate person sends his / her Public key X to Device A (Device B), the number generated from Public Key A and Public Key X on Device A, and the number generated from Public Key B and Public Key X on Device B Will be displayed, so the numbers will not match and authentication will be NG, so communication security will be maintained.

  Also, if an intermediary sniffs the public key of device B (device A) to device A (device B) and transparently sends it to device A (device B), the same number is used on both devices. Is displayed, authentication by impersonation itself will be successful, but the impersonator does not have the private key of device A (device B), so it cannot generate the link key and wiretap by impersonation And cannot be tampered with. That is, even in this case, communication security is maintained.

  As described above, the Numeric Comparison method prevents impersonation by incorporating a user confirmation procedure into a part of the authentication procedure.

The Just Works method will be described as an example of authentication method B.
The Just Works method is basically the same as the Numeric Comparison authentication procedure, but the only difference is that there is no confirmation procedure by the user, and device A (device B) automatically obtains the number generated on the other side. The comparison is made and the authentication procedure is continued. Therefore, since the public key cryptosystem is applied, the resistance against standing-by is equivalent to the Numeric Comparison system, but since the numeric comparison is automatically performed, there is no resistance against impersonation.

  As described above, since the authentication method B does not require a confirmation procedure by the user, there is no burden on the user operation and is superior to the authentication method A from the viewpoint of usability. On the other hand, the authentication method A has a high burden on the user operation because the confirmation operation is necessary, but has high security performance because impersonation can be prevented.

  If the I / O capability of device B has a shape like a headset that does not have an input interface or output interface, means to confirm that the device is connected to the intended device (number display, etc.) There is no. Therefore, since authentication method A is an authentication method that assumes user confirmation, in such a case, authentication method A that has resistance against impersonation cannot be selected, and a method such as authentication method B is applied. As a result, impersonation cannot be prevented.

  In SSP, authentication method A or authentication method B is selected depending on the I / O capability of the device. Therefore, when the device B has an I / O capability that cannot perform user confirmation, the device B has to select an authentication method with a low security level regardless of the communication security level.

  Here, a case where a device B with I / O capability that cannot perform user confirmation requests device A for an authentication procedure will be described. The following two methods can be considered for the device A that has received an authentication request using an authentication method with a low security level.

  In the first method, device A accepts authentication by authentication method B regardless of the security level of communication. However, since the user confirmation is not performed in the authentication method B, there is no resistance against impersonation and the security performance is low. For this reason, security issues arise in communications that require a high security level.

  The second method avoids the risk that the device A connects to an unintended intermediate person by rejecting the authentication request itself of the device B. However, this method can maintain a high security level, but there is a problem that connectivity between devices is lowered. For example, if device B is a headset that does not have a display or a Yes / No button, the main purpose is to listen to music and there is no need to refuse the connection just because it cannot authenticate at a high security level. .

Bluetooth Core Specification version 2.1 + EDR Bluetooth Core Specification version 2.0 + EDR

  In conventional wireless communication devices, an authentication method that cannot prevent spoofing is used for connection requests from devices with I / O capability that cannot perform user confirmation, or a high security level is maintained. However, there was a problem that the authentication request itself had to be rejected.

  The present invention has been made to solve the above problem, and provides a wireless communication apparatus and a wireless communication method that do not impair connectivity while ensuring a necessary security level by the I / O capability of a device. With the goal.

  In order to achieve the above object, the present invention establishes a communication link corresponding to a security level with a counterpart device, and performs authentication according to the security level set by the counterpart device in a wireless communication apparatus that performs communication. And means for determining whether authentication by the user is necessary or not according to the type of the opposite device when the authentication performed by the authentication means is not authentication including confirmation by the user, and this determination means is necessary. If it is determined that there is none, a communication link is established with the opposite device, while if it is determined that a determination means is necessary, after receiving an instruction from the user to permit connection with the opposite device, A link establishing unit established with the opposite device is provided.

  As described above, according to the present invention, authentication is performed at the security level set by the opposite device, and when the authentication is not authentication including confirmation by the user, the user performs the authentication according to the type of the opposite device and the type of service. When it is determined whether or not authentication is necessary, and it is determined that the communication is not necessary, a communication link is established with the opposite device. After accepting the instruction to permit the connection, it is established with the opposite device.

  Therefore, according to the present invention, even when the user authentication is not performed due to the I / O capability of the opposite device, the user authentication is performed in the wireless communication device according to the type of the opposite device and the service type. Therefore, it is possible to provide a wireless communication apparatus and a wireless communication method capable of improving connectivity while ensuring a necessary security level.

1 is a circuit block diagram showing a configuration of an embodiment of a wireless communication apparatus according to the present invention. The functional block diagram which shows the structure in connection with control of the Bluetooth communication of the radio | wireless communication apparatus shown in FIG. 4 is a flowchart for explaining control of Bluetooth communication of the wireless communication apparatus shown in FIG. 1. The figure which shows the inquiry sequence with respect to the apparatus corresponding to the radio | wireless communication apparatus shown in FIG. The figure for demonstrating the structure of a FHS packet. The figure for demonstrating the structure of an EIR packet.

Hereinafter, an embodiment of the present invention will be described with reference to the drawings. In the following description, a cellular phone having a Bluetooth (registered trademark) communication function will be described as an example of a wireless communication apparatus according to the present invention.
FIG. 1 is a block diagram showing a configuration of a mobile phone UE according to an embodiment of the present invention. The mobile phone UE includes, as main components, a control unit 100, a first wireless communication unit 10, a second wireless communication unit 20, a call unit 30, an operation unit 40, a storage unit 50, and a display unit. 60, and a communication function as a mobile phone and a Bluetooth communication function as a short-range wireless device.

  The first radio communication unit 10 performs radio communication with the base station apparatus BS accommodated in the mobile communication network NW, for example, by LTE (Long Term Evolution) method according to the instruction of the control unit 100. Voice data and e-mail data are transmitted and received, and Web data and streaming data are received.

  The second wireless communication unit 20 wirelessly communicates with the Bluetooth compatible device Dbt in accordance with the Bluetooth Core Specification version 2.1 + EDR in accordance with the instruction of the control unit 100, and thus the Bluetooth compatible device Dbt. Send and receive various data.

The call unit 30 includes a speaker 31 and a microphone 32, converts the user's voice input through the microphone 32 into voice data that can be processed by the control unit 100, and outputs the voice data to the control unit 100, or the first wireless communication unit. 10 or the voice data received from the other party via the second wireless communication unit 20 is decoded and output from the speaker 31.
The operation unit 40 includes a plurality of key switches and the like, and receives instructions from the user through this.

  The storage unit 50 includes a control program and control data of the control unit 100, application software, address data that associates the name and telephone number of a communication partner, transmitted / received e-mail data, Web data downloaded by Web browsing, download The stored content data is stored, and streaming data and the like are temporarily stored. The storage unit 50 includes one or more storage units such as an HDD, a RAM, a ROM, and an IC memory.

  The display unit 60 displays images (still images and moving images), character information, and the like under the control of the control unit 100, and visually transmits information to the user.

  The control unit 100 includes a microprocessor, operates in accordance with a control program and control data stored in the storage unit 50, and controls each unit of the mobile phone in an integrated manner. Through the first wireless communication unit 10, A network communication control function for controlling each part of the communication system in order to perform voice communication and data communication; a short-range wireless communication control function for controlling the operation of the second wireless communication unit 20 to communicate with the Bluetooth-compatible device Dbt; Application processing that controls e-mail software for creating, sending and receiving e-mail, browser software for web browsing, media playback software for downloading and playing streaming data, etc. It has a function.

  In particular, the short-range wireless communication control function conforms to Bluetooth Core Specification version 2.0 + EDR and Bluetooth Core Specification version 2.1 + EDR. As a configuration for realizing this function, the control unit 100 is configured as shown in FIG. The second wireless communication unit 20 operates according to these controls.

The protocol control unit 101 controls the second wireless communication unit 20 and executes a function provided by the Bluetooth Stack from Baseband to RFCOMM.
The profile control unit 102 controls the second wireless communication unit 20 and executes functions provided by various profiles such as HFP, A2DP, and AVRCP.

The authentication control unit 103 controls the second wireless communication unit 20 and executes authentication procedures such as Pairing and Authentication defined by Bluetooth Core Spec such as Bluetooth Stack and Generic Access Profile.
The authentication determination unit 104 controls the second wireless communication unit 20, determines the Security Level set for each service (Profile) to be operated, and the Security Level to be authenticated by the input / output capability of the Bluetooth-compatible device Dbt, and the authentication control unit 103 is instructed to execute the authentication process.

The security level setting unit 105 controls the second wireless communication unit 20, manages the security level set for each service (Profile), and selects an inquiry from the authentication determination unit 104 during the authentication process. Responds to the appropriate Security Level.
The device information determination unit 106 controls the second wireless communication unit 20 to acquire device information (CoD, Class Of Device) of the Bluetooth compatible device Dbt, and determines a service (Profile) supported by the Bluetooth compatible device Dbt.

The device registration control unit 107 controls the second wireless communication unit 20, generates a key for authenticating with the Bluetooth-compatible device Dbt, and holds the key in association with the device address.
The short-range wireless communication control unit 108 controls the second wireless communication unit 20 and controls the baseband of Bluetooth communication.

  The Bluetooth-compatible device Dbt includes a functional block as illustrated in FIG. 2 in its control unit and a wireless communication unit for performing Bluetooth communication equivalent to the second wireless communication unit 20.

  Next, the operation of the mobile phone UE having the above configuration will be described. In the following description, a process of connecting to the mobile phone UE led by the Bluetooth-compatible device Dbt serving as the opposite device will be described. FIG. 3 shows a flowchart of this connection process. This connection process is performed by the control unit 100, and is started when the second wireless communication unit 20 receives a connection request from the Bluetooth-compatible device Dbt.

  Prior to this call, the profile control unit 102 controls the second wireless communication unit 20 in advance to detect a Bluetooth-compatible device Dbt that exists in the vicinity of the mobile phone UE. Specifically, it receives a signal transmitted from a Bluetooth-compatible device Dbt existing in the vicinity, extracts identification information (BDADDR) included in this signal, and detects its presence.

First, in step 3a, the protocol control unit 101 controls the second wireless communication unit 20 to establish a physical link with the opposing device, and proceeds to step 3b.
In step 3b, the authentication control unit 103 controls the second wireless communication unit 20, and acquires device information and I / O capability information from the opposite device as shown in FIG. 4 through the physical link established in step 3a. Then, the process proceeds to step 3c.

  Note that device information and capability information of the I / O device of the mobile phone UE are also transmitted to the opposite device to exchange information with each other. These pieces of information are exchanged through FHS packets. FIG. 5 shows the payload of the FHS packet. As shown in this figure, the FHS packet has a field called “Class of device”, which is further divided into several subfields, and these define the class of device.

  Some subfields indicate a service class, a major device class, and a minor device class. In the service class, a service category such as an audio system, an object transmission system, or a network system is defined. In the device class, the type of device corresponding to each service class, such as a computer, a mobile phone, or audio, is defined in detail. Details are shown in Non-Patent Document 1.

  In step 3c, the authentication control unit 103 controls the second wireless communication unit 20, executes the process according to a predetermined procedure in accordance with the authentication process performed by the opposite device, and proceeds to step 3d. In the opposite device, for example, on the basis of the device information (including the service type) acquired from the mobile phone UE in step 3b, something that is charged, something that accompanies transmission, or that can access user information Is set by determining that a high security level 3 is necessary, and otherwise (listening to music, etc.) is determined by setting the security level 2 to be low.

  And the authentication process of this set security level is performed between the said mobile telephones UE. Here, if the authentication is successful, the opposite device transmits information indicating the authentication success to the mobile phone UE, whereas if the authentication fails, the opposite device transmits information indicating the authentication success to the mobile phone UE. .

  In step 3d, the authentication control unit 103 controls the second wireless communication unit 20 and determines whether or not the authentication process in the opposite device has succeeded based on the information received from the opposite device. Here, when the authentication process is successful, after detecting the security level of the successful authentication, the process proceeds to step 3e. On the other hand, when the authentication fails, the process proceeds to step 3m.

  In step 3e, the authentication determination unit 104 determines whether the successful authentication with the opposite device is the security level 3 based on the authentication result executed by the authentication control unit 103 in step 3d. Here, if the successful authentication with the opposite device is the security level 3, the process proceeds to step 3i. On the other hand, if the authentication is not the security level 3, the process proceeds to step 3f.

  In step 3f, the authentication determination unit 104 considers the device information acquired by the authentication control unit 103 in step 3b and the service (profile) to be executed from this, and whether or not the counterpart device corresponds to the profile to be started from this. It is determined whether or not authorization by the user is necessary. If user authorization is required, the process proceeds to step 3g. On the other hand, if user authentication is not required, the process proceeds to step 3i.

  For example, when the profile to be activated from this is A2DP (profile for transmitting audio data), the category “Audio / Video” supporting A2DP is included in the major device class of the Class of device received from the opposite device. Check if it is. If “Audio / Video” is included in the major device class, it is determined that user authorization is not required because the counterpart device supports A2DP that is activated from now on. On the other hand, if “Audio / Video” is not included, it is determined that user authorization is required because A2DP is not supported.

In step 3g, the authentication control unit 103 makes an inquiry to the display unit 60, displays whether to connect to the opposite device, accepts an input through the operation unit 40, and proceeds to step 3h. To do.
In step 3h, the authentication control unit 103 determines whether or not the user has performed an operation of allowing the connection in step 3g. If the user accepts the connection, the process proceeds to step 3i. If the user does not accept the connection, the process proceeds to step 3j.

In step 3i, the authentication determination unit 104 controls the second wireless communication unit 20 to establish a logical link, and thereafter, communication for providing a service between the opposite device and the second wireless communication unit 20. To start.
On the other hand, in Step 3j, the authentication determination unit 104 displays that the authentication has failed on the display unit 60 without establishing a logical link because the authentication has failed, and notifies the user that the authentication has failed, and ends the processing.

  As described above, in the mobile phone UE configured as described above, the Bluetooth-compatible device Dbt takes the lead and performs authentication, and the Bluetooth-compatible device Dbt does not have the I / O capability for performing user authentication using the PIN number. Even when high security level 3 authentication is not performed, when user authentication is required, the mobile phone UE performs user authentication.

  For example, if the opposing device is a printer that does not have a display or numeric input keys, security level 2 is set in step 3c by authentication initiated by the opposing device (printer). However, in step 3g, it is determined that user authentication is necessary because the opposite device is a printer or a printing service, and in step 3h, the user interface (operation unit 40 and display unit) of the mobile phone UE is determined. 60), user authentication is performed, and permission for service execution is obtained from the user.

  Therefore, according to the mobile phone UE having the above configuration, even when the user authentication cannot be performed because the I / O capability of the opposite device is low, the user authentication is performed in the mobile phone UE according to the device information and service of the corresponding device. Therefore, a high security level can be set, and a necessary security level is ensured while connectivity is not impaired.

  Note that the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. In addition, various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the embodiment. Further, for example, a configuration in which some components are deleted from all the components shown in the embodiment is also conceivable. Furthermore, you may combine suitably the component described in different embodiment.

  As an example, for example, in the above-described embodiment, it has been described that information on the opposite device (device information and capability information) is acquired based on the FHS packet in step 3b. Instead, for example, EIR (Extended The above information may be acquired based on an Inquiry Response) packet. In step 3g, the security level setting unit 105 determines the necessity of user authentication based on these pieces of information.

  The EIR packet is a packet transmitted from the Slave (opposite device) to the Master (mobile phone UE) after a specified time from the FHS packet, and includes more detailed information such as a service class. The EIR packet format is shown in FIG. Details are in Non-Patent Document 1.

The service type (application software type) selected by the user through the operation unit 40 may be used as the information indicating the service type used in step 3g. For a connection request activated by an action from another service, the security level setting unit 105 may determine the security level based on the activation source service or action type.
In addition, it goes without saying that the present invention can be similarly implemented even if various modifications are made without departing from the gist of the present invention.

  DESCRIPTION OF SYMBOLS 10 ... 1st wireless communication part, 20 ... 2nd wireless communication part, 30 ... Call part, 31 ... Speaker, 32 ... Microphone, 40 ... Operation part, 50 ... Memory | storage part, 60 ... Display part, 100 ... Control part, 101 ... Protocol control unit, 102 ... Profile control unit, 103 ... Authentication control unit, 104 ... Authentication determination unit, 105 ... Security level setting unit, 106 ... Device information determination unit, 107 ... Device registration control unit, 108 ... Near field communication Control unit, UE ... mobile phone, Dbt ... compatible device, BS ... base station device, NW ... mobile communication network.

Claims (2)

A wireless communication apparatus for performing communication in accordance with the counterpart device and the security level,
And authenticating means for performing authentication in accordance with the security level the counter device is set,
It succeeded in the authentication, when the security level is not a predetermined value, on the basis of the service type and are attempting to start the counterpart device, a determination unit configured to determine whether require authentication by the user,
When said judging means authenticated the user is determined to have a need, while establishing a communications link between the opposed device, when the judging means judges that the authentication of the user is Ru Oh needed , the instructions to allow the connection with the opposite equipment after only a user or et received, the wireless communication device having a link establishment means for establishing a communications link between the opposed device. A wireless communication method performed by a wireless communication device that performs communication according to a security level with an opposite device ,
An authentication step for performing authentication according to the security level set by the opposite device;
Succeeded in the authentication, when the security level is not a predetermined value, on the basis of the service type and are attempting to start the counterpart device, a determination step whether or not it is necessary to authenticate a user,
When said determination authentication by the user in step determines that not a necessary, while establishing a communications link between the opposed device, when it is determined that the authentication by the user Ru Oh necessary in the judgment step , the instructions to allow the connection with the opposite equipment after only a user or et received, the radio communication method and a link establishment process of establishing a communications link between the opposed device.

Images