JP7160443B2 - Wireless communication system, server, terminal, wireless communication method, and program - Google Patents

Description

TECHNICAL FIELD The present invention relates to a wireless communication system, a server, a terminal, a wireless communication method, and a program, and particularly to a wireless communication system based on short-range wireless communication technology such as BLE (Bluetooth (registered trademark) Low Energy) capable of communicating with extremely low power. The present invention relates to a communication system, a key server that provides a common key used in such wireless communication, a beacon terminal that transmits advertisement packets, a receiving terminal that receives advertisement packets, a wireless communication method, and a program.

2. Description of the Related Art In recent years, there are increasing opportunities to install beacon terminals as communication devices in stores, exhibition booths, and the like. A beacon terminal transmits an advertisement packet including an identifier of the beacon terminal based on BLE (Bluetooth Low Energy) technology that enables communication with extremely low power. When a terminal (for example, a smartphone, a tablet terminal, a notebook PC (Personal Computer), etc., hereinafter referred to as a "receiving terminal") approaches a predetermined distance from the beacon terminal, it receives an advertisement packet sent from the beacon terminal. Then, the application software pre-installed in the receiving terminal extracts the identifier of the beacon terminal from the advertisement packet and sends the extracted identifier to a predetermined distribution server. The distribution server transmits information such as store product information and exhibition booth product information to the receiving terminal according to the identifier received from the receiving terminal. The receiving terminal displays the information received from the distribution server on the display. This enables, for example, push-type advertisements regarding products in stores, products in exhibition booths, and the like.

As related technology of the present invention, Patent Literature 1 discloses a technology for communicating using a common key between a beacon device and a server.

In addition, in Patent Document 2, BLE is used in communication between a communication terminal and an electronic device (health equipment, housing equipment, peripheral equipment) to be operated by the communication terminal, and security is provided by encryption technology based on a common key. Techniques for securing are described.

Further, Patent Literature 3 describes a technique in which a service control device generates an authentication key used in communication between itself and a service using device at arbitrary intervals and distributes it to the service using device.

In addition, Non-Patent Document 1 describes a key derivation function (KDF, Key Derivation Function) for generating a key.

WO2015/118971 WO2015/111444 JP-A-2003-244135

3GPP TS 33.401 v13.0.0 (2015-09): "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3GPP System Architecture Evolution (SAE); Security architecture (Release 13)."

The entire disclosures of the above patents and non-patent documents are incorporated herein by reference. The following analysis was made by the inventor.

A technology is known in which a beacon terminal (hereinafter also referred to as a "transmitting terminal") encrypts information contained in an advertisement packet using a common key scheme. Specifically, the transmitting terminal encrypts information such as the identifier of the transmitting terminal with a common key and sends it as an advertisement packet, and the receiving terminal decrypts the information such as the identifier of the transmitting terminal with the common key. to extract Here, the common key is generally embedded in hardware in each of the transmitting terminal and the receiving terminal and is difficult to change. In this case, when a malicious person obtains the common key, information such as the identifier of the transmitting terminal may be deciphered, making it possible to "spoof" the transmitting terminal.

In the techniques described in Patent Documents 1 and 2 as well, the common key is immutable, so if the common key is leaked, a similar security problem may arise.

Patent Literature 3 discloses a technique for generating an authentication key used in communication between itself and another device at arbitrary intervals. However, when this technology is applied to a transmitting terminal (beacon terminal) and a receiving terminal that communicate based on BLE, the transmitting terminal itself generates a common key. However, since it is difficult to establish communication for secure key distribution between a sending terminal and a receiving terminal that communicate with BLE, the key generated or updated by the sending terminal is received from the sending terminal. The problem arises that it cannot be safely distributed to terminals.

Therefore, in the short-range wireless communication system, it becomes a problem to improve the security of communication between the transmitting terminal and the receiving terminal. An object of the present invention is to provide a wireless communication system, a terminal, a server, a wireless communication method, and a program that contribute to solving such problems.

A wireless communication system according to a first aspect of the present invention includes a server that updates a common key at a predetermined timing, and a packet containing predetermined information encrypted using the server's updated common key. and a first terminal transmitting to a second terminal based on a communication technology, wherein the second terminal receives the packet from the first terminal and transmits predetermined information contained in the packet to the Decrypt using the shared key updated by the server.

A server according to a second aspect of the present invention includes: a key updating unit that updates a common key at a predetermined timing; For a first terminal that transmits and a second terminal that receives the packet from the first terminal and decrypts predetermined information contained in the packet using a common key, the key updating unit and a key providing unit for providing the updated common key.

A first terminal according to a third aspect of the present invention includes a key reception unit that receives a common key updated by a server at a predetermined timing, and a packet containing predetermined information encrypted using the common key. and a second terminal that receives the packet from the first terminal and decrypts predetermined information contained in the packet using the common key generated by the server. and a packet transmission unit that transmits based on short-range wireless communication technology.

A second terminal according to a fourth aspect of the present invention includes a key reception unit that receives a common key updated by a server at a predetermined timing, and a packet containing predetermined information encrypted using the common key. a packet receiving unit that receives the packet from a first terminal that is transmitted based on short-range wireless communication technology; and a decoding unit that decodes predetermined information included in the packet using the common key. there is

A wireless communication method according to a fifth aspect of the present invention includes a step in which a server updates a common key at a predetermined timing; a step of transmitting a packet containing information based on a short-range wireless communication technology, a second terminal receiving the packet from the first terminal, and the server updating predetermined information contained in the packet; and decrypting using the obtained common key.

A wireless communication method according to a sixth aspect of the present invention includes a step in which a server updates a common key at a predetermined timing; and a second terminal that receives the packet from the first terminal and decrypts predetermined information contained in the packet using a common key. and providing a shared key.

A wireless communication method according to a seventh aspect of the present invention includes a step in which a first terminal receives a common key updated by a server at a predetermined timing; for a second terminal that receives the packet from the first terminal and decrypts predetermined information contained in the packet using a common key generated by the server, and transmitting the packet based on short-range wireless communication technology.

A wireless communication method according to an eighth aspect of the present invention includes the step of a second terminal receiving a common key updated by a server at a predetermined timing; receiving the packet from a first terminal that transmits the packet based on short-range wireless communication technology; and decrypting predetermined information included in the packet using the common key.

A program according to a ninth aspect of the present invention transmits a process of updating a common key at a predetermined timing and a packet containing predetermined information encrypted using the common key based on short-range wireless communication technology. Providing an updated common key to a first terminal and a second terminal that receives the packet from the first terminal and decrypts predetermined information contained in the packet using the common key to the server.

A program according to a tenth aspect of the present invention provides a computer provided in a first terminal with a process of accepting a common key updated by a server at a predetermined timing, and performing encryption using the common key. a second step of receiving the packet from the first terminal and decrypting the predetermined information contained in the packet using a common key generated by the server; and causing the terminal to perform a process of transmitting the packet based on short-range wireless communication technology.

A program according to an eleventh aspect of the present invention provides a computer provided in a second terminal with a process of receiving a common key updated by a server at a predetermined timing, and a process encrypted using the common key. A process of receiving the packet containing the predetermined information based on the short-range wireless communication technology from the first terminal that transmits the packet, and a process of decrypting the predetermined information contained in the packet using the common key. and let it run.

The program can also be provided as a program product recorded on a non-transitory computer-readable storage medium.

According to the wireless communication system, server, terminal, wireless communication method, and program according to the present invention, it is possible to improve the security of communication between a transmitting terminal and a receiving terminal in a short-range wireless communication system.

1 is a diagram illustrating the configuration of a wireless communication system according to one embodiment; FIG. FIG. 4 is a diagram illustrating another configuration of a wireless communication system according to one embodiment; 3 is a block diagram illustrating the configuration of a server according to one embodiment; FIG. 1 is a block diagram illustrating the configuration of a first terminal (transmitting terminal) according to an embodiment; FIG. FIG. 4 is a block diagram illustrating the configuration of a second terminal (receiving terminal) according to one embodiment; 1 is a diagram illustrating the configuration of a wireless communication system according to a first embodiment; FIG. 1 is a block diagram illustrating the configuration of a wireless communication system according to a first embodiment; FIG. FIG. 4 is a sequence diagram illustrating an operation of distributing a common key to beacon terminals in the wireless communication system according to the first embodiment; 4 is a sequence diagram illustrating an operation of distributing a common key to receiving terminals in the wireless communication system according to the first embodiment; FIG. 4 is a sequence diagram illustrating an operation of authenticating a receiving terminal in the wireless communication system according to the first embodiment; FIG. FIG. 3 is a block diagram illustrating the configuration of a radio communication system according to a second embodiment; FIG. FIG. 11 is a sequence diagram illustrating an operation of distributing a common key to beacon terminals in the wireless communication system according to the second embodiment; FIG. 12 is a block diagram illustrating the configuration of a wireless communication system according to a third embodiment; FIG. FIG. 11 is a sequence diagram illustrating an operation of distributing a common key to receiving terminals in the wireless communication system according to the third embodiment;

First, an overview of one embodiment will be described. It should be noted that the drawing reference numerals added to this outline are examples solely for helping understanding, and are not intended to limit the present invention to the illustrated embodiments.

FIG. 1 is a diagram illustrating the configuration of a wireless communication system according to one embodiment. Referring to FIG. 1, a wireless communication system includes a server 2 (for example, a key server) that updates a common key at a predetermined timing, and predetermined information (for example, a beacon terminal) encrypted using the shared key updated by the server 2. Identifier of the terminal 4 which is) to the second terminal 6 (e.g. receiving terminal) based on short-range wireless communication technology (e.g. BLE (Bluetooth Low Energy)) (e.g. advertisement packet) terminal 4 (for example, a beacon terminal). Here, the second terminal 6 receives the packet from the first terminal 4 and decrypts the predetermined information included in the packet using the shared key updated by the server 2 .

According to such a wireless communication system, it is possible to improve the security of communication between the terminal 4 on the transmitting side and the terminal 6 on the receiving side in the short-range wireless communication system. This is because the common key used by the terminal 4 to encrypt predetermined information contained in the packet and used by the terminal 6 for decryption is updated by the server 2 at a predetermined timing. However, security problems are only temporary.

FIG. 2 is a diagram illustrating another configuration of the wireless communication system according to one embodiment. Referring to FIG. 2, the wireless communication system further comprises a relay station 8 that relays the shared key updated by the server 2 . At this time, the first terminal 4 (for example, a beacon terminal) receives the shared key updated by the server 2 via the relay station 8 (for example, connectable to WAN (Wide Area Network)). According to this wireless communication system, even when the first terminal 4 cannot directly communicate with the server 2 (for example, when the terminal 4, which is a beacon terminal, cannot be connected to a LAN (Local Area Network)/WAN (Wide Area Network)), However, the common key used for encryption by the first terminal 4 can be updated.

Here, the relay station 8 can receive the shared key updated by the server 2 from the server 2 via SSL (Secure Socket Layer) communication established between the server 2 and the relay station 8 . Also, the relay station 8 may display the common key received from the server 2 . Also, the first terminal 4 may receive a manual input of the common key by the user referring to the common key displayed by the relay station 8 . According to such a wireless communication system, it is possible to safely distribute the shared key updated by the server 2 to the first terminal 4 on the assumption that the user who inputs the shared key can be trusted.

Furthermore, the second terminal 6 (for example, the receiving terminal) may receive the shared key updated by the server 2 from the server 2 via SSL communication established between the server 2 and the second terminal 6. good. According to such a wireless communication system, it is possible to safely distribute the shared key updated by the server 2 to the second terminal 6 .

FIG. 3 is a block diagram illustrating the configuration of the server 2 (eg, key server) according to one embodiment. Referring to FIG. 3, the server 2 includes a key updating unit 10 that updates the common key at a predetermined timing, and a packet (for example, an advertisement packet) containing predetermined information encrypted using the common key. A first terminal (terminal 4 in FIG. 1 or FIG. 2) that transmits based on a wireless communication technology (for example, BLE) and a packet are received from the first terminal, and predetermined information contained in the packet is used as a common key. and a key providing unit 12 for providing the common key updated by the key updating unit 10 to the second terminal (terminal 6 in FIG. 1 or FIG. 2) that decrypts using .

FIG. 4 is a block diagram illustrating the configuration of the terminal 4 (eg, beacon terminal) according to one embodiment. Referring to FIG. 4, the terminal 4 includes a key reception unit 14 that receives a common key updated by a server (server 2 in FIG. 1 or 2) at a predetermined timing, and a predetermined key encrypted using the common key. An encryption unit 16 that generates a packet (eg, an advertisement packet) containing information (eg, an identifier of the terminal 4), and a server that receives the packet from the first terminal 4 and generates predetermined information included in the packet. a packet transmission unit 18 that transmits a packet based on short-range wireless communication technology (for example, BLE) to a second terminal (terminal 6 in FIG. 1 or 2) that decrypts using the common key obtained by ing.

FIG. 5 is a block diagram illustrating the configuration of the terminal 6 (eg, receiving terminal) according to one embodiment. Referring to FIG. 5, a key reception unit 20 that receives a common key updated by a server (server 2 in FIG. 1 or FIG. 2) at a predetermined timing, and a packet containing predetermined information encrypted using the common key. based on short-range wireless communication technology, a packet receiving unit 22 that receives a packet from the first terminal (terminal 4 in FIG. 1 or FIG. 2), and predetermined information contained in the packet, using a common key and a decoding unit 24 for decoding.

According to these server 2 (FIG. 3), terminal 4 (FIG. 4), or terminal 6 (FIG. 5), communication between terminal 4 on the transmitting side and terminal 6 on the receiving side in a short-range wireless communication system security can be improved. This is because the common key used by the terminal 4 to encrypt predetermined information contained in the packet and used by the terminal 6 for decryption is updated by the server 2 at a predetermined timing. Even if there is, the security problem will only occur temporarily.

As described above, according to one embodiment, for example, information included in the advertisement packet of the beacon terminal (for example, the identifier of the beacon terminal) is encrypted by the common key method, and the common key is periodically updated to update the transmitter ( By distributing it to the beacon terminal) and the receiver (BLE receiving terminal), security can be strengthened. Further, according to one embodiment, the key can be distributed safely (for example, by SSL) between the server 2 that updates the key and the relay station 8 or the terminal 6, and the technology described in Patent Document 2 The problem of not being able to securely distribute the generated key does not occur as in the case of applying

<Embodiment 1>
Next, the wireless communication system according to the first embodiment will be described in detail with reference to the drawings.

[Constitution]
FIG. 6 is a diagram illustrating the configuration of a wireless communication system according to this embodiment. Referring to FIG. 6, the wireless communication system comprises a key server 32, a relay station 38, a beacon terminal 34 and a receiving terminal 36. FIG. The key server 32 and relay station 38 are connected via a WAN (Wide Area Network). Similarly, key server 32 and receiving terminal 36 are also connected via the WAN. On the other hand, the beacon terminal 34 and the receiving terminal 36 communicate based on short-range wireless communication technology (here, BLE (Bluetooth Low Energy) technology is used as an example).

The key server 32 updates the common key used in BLE communication between the beacon terminal 34 and the receiving terminal 36 at a predetermined timing. The relay station 38 relays the shared key updated by the key server 32 to the beacon terminal 34 . The beacon terminal 34 receives the shared key updated by the key server 32 via the relay station 38 . The beacon terminal 34 transmits an advertisement packet including the identifier of the beacon terminal 34 encrypted using the shared key updated by the key server 32 based on BLE. The receiving terminal 36 receives the advertisement packet from the beacon terminal 34 and decrypts the identifier of the beacon terminal 34 included in the advertisement packet using the shared key updated by the key server 32 . The application software pre-installed in the receiving terminal 36 transmits the identifier of the beacon terminal 34 extracted from the advertisement packet to a predetermined distribution server (not shown), and from the distribution server, according to the identifier, the product of the store Receive information such as information, product information of exhibition booths.

FIG. 7 is a block diagram illustrating the configuration of each device included in the wireless communication system shown in FIG. Detailed configurations of the key server 32, the relay station 38, the beacon terminal 34, and the receiving terminal 36 will be described below with reference to the block diagram of FIG.

Referring to FIG. 7, the key server 32 comprises a key updater 40 and a key provider 42 .

The key update unit 40 updates the common key at predetermined timing (for example, at regular intervals). The key updating unit 40 may use the message digest obtained by inputting the code assigned to each business operator and the common key before updating as a message and a key into a one-way hash function as the common key after updating. . The key update unit 40 can use the following function as an example of the one-way hash function.

derived key = HMAC-SHA-256(key, S)

Here, HMAC-SHA-256 is a one-way hash function for generating a Hash Message Authentication Code (HMAC). A one-way hash function has the property (irreversibility) that the input cannot be read from the generated code. The message digest (derived key) on the left side is the updated common key. The input key on the right side is the previous common key. Also, the input S is a message for mixing keys, and here, it is assumed to be a code (for example, 6 octets, that is, 48 bits) uniquely assigned to each business operator. Note that the length of the common key can be, for example, 16, 24 or 32 octets, ie 128, 192 or 256 bits.

The key update unit 40 generates an initial common key based on pseudorandom numbers, for example. On the other hand, when updating the key, the key updating unit 40 substitutes the previous common key for the input key on the right side of the above equation, and obtains the updated key as a derived key. Note that if the common key is generated based on pseudorandom numbers each time, there is a risk that the random number generation algorithm, the random numbers, and the common key generated from the random numbers may be guessed. However, by generating a new key using the immediately preceding key as in this embodiment, it becomes difficult to guess the common key and it is possible to safely generate the common key.

Also, the frequency with which the key updating unit 40 updates the common key (that is, the expiration date of the common key) can be, for example, about several days. Extending the validity period of the common key has the advantage of reducing the time and effort required to update the key, but there is a trade-off in that if the common key is leaked, the security will be compromised for a long period of time.

The key providing unit 42 provides the common key updated by the key updating unit 40 to the beacon terminal 34 via the relay station 38 and to the receiving terminal 36 . Here, when providing the common key to the relay station 38 and the receiving terminal 36, the key providing unit 42 may also notify the expiration date of the common key. Further, the key providing unit 42 may transmit the common key updated by the key updating unit 40 to the relay station 38 via SSL (Secure Socket Layer) communication established with the relay station 38 . Similarly, the key providing unit 42 may transmit the common key updated by the key updating unit 40 to the receiving terminal 36 via SSL communication established with the receiving terminal 36 .

Referring to FIG. 7, the relay station 38 has a key reception section 56 and a display section 58 . The key accepting unit 56 receives the common key from the key providing unit 42 of the key server 32 . The display unit 58 displays the common key received by the key reception unit 56 on a display or the like.

Referring to FIG. 7 , the beacon terminal 34 includes a key reception section 44 , an encryption section 46 and a packet transmission section 48 .

The key accepting unit 44 accepts the common key updated by the key server 32 via the relay station 38 . Specifically, the key accepting unit 44 accepts manual input (for example, keyboard input) of the common key by the user who refers to the common key displayed by the display unit 58 of the relay station 38 .

The encryption unit 46 encrypts the identifier of the beacon terminal 34 using the common key accepted by the key acceptance unit 44, and generates an advertisement packet including the encrypted identifier. The packet transmission unit 48 transmits the advertisement packet generated by the encryption unit 46 to the receiving terminal 36 based on short-range wireless communication technology such as BLE.

Referring to FIG. 7, the receiving terminal 36 includes a key receiving section 50, a packet receiving section 52, and a decoding section 54. FIG. The key accepting unit 50 accepts the common key updated by the key server 32 and its expiration date. Here, the key reception unit 50 may receive the shared key updated by the key server 32 from the key server 32 via SSL communication established between the key server 32 and the receiving terminal 36 . Further, the key accepting unit 50 may acquire a new common key from the key server 32 when the expiration date given to the common key updated by the key server 32 expires. The packet receiver 52 receives advertisement packets from the beacon terminal 34 . The decryption unit 54 decrypts the identifier of the beacon terminal 34 included in the advertisement packet using the common key received by the key reception unit 50 .

[motion]
Next, the operation of the wireless communication system according to this embodiment will be described with reference to the drawings.

FIG. 8 is a sequence diagram illustrating the operation of distributing the common key from the key server 32 to the beacon terminal 34. As shown in FIG.

Referring to FIG. 8, the key updating unit 40 of the key server 32 generates a common key using pseudorandom numbers (step A1).

Next, the key provider 42 of the key server 32 and the key receiver 56 of the relay station 38 establish SSL communication (step A2). At this time, a server certificate for the key server 32 and a client certificate for the relay station 38 are used. Since communication based on SSL is publicly known, detailed description thereof will be omitted.

When SSL communication is established, the key providing unit 42 of the key server 32 transmits the common key to the key receiving unit 56 of the relay station 38 (step A3).

The display unit 58 of the relay station 38 displays the common key received by the key reception unit 56 on a display or the like (step A4).

The key reception unit 44 of the beacon terminal 34 receives input of the common key from the user who refers to the common key displayed on the relay station 38 (for example, via a numeric keypad) (step A5).

The sequence (steps A1 to A5) in FIG. 8 is repeated each time the key updating unit 40 of the key server 32 updates the common key at a predetermined timing (for example, a constant period).

FIG. 9 is a sequence diagram illustrating the operation of distributing the common key from the key server 32 to the receiving terminal 36. As shown in FIG.

Referring to FIG. 9, the packet receiving unit 52 of the receiving terminal 36 receives an advertisement packet containing the encrypted identifier of the beacon terminal 34 from the packet transmitting unit 48 of the beacon terminal 34 (step B1).

Next, the decryption unit 54 of the receiving terminal 36 decrypts the identifier of the beacon terminal 34 using the common key (step B2).

When the validity period given to the common key updated by the key server 32 expires (step B3), the key accepting unit 50 obtains a new common key from the key server 32 by the following operations (steps B4 to B6). get.

First, the key server 32 authenticates the receiving terminal 36 (step B4).

FIG. 10 is a sequence diagram illustrating the authentication operation of the receiving terminal 36. As shown in FIG. Here, as an authentication procedure, RADIUS authentication (IEEE802.1X authentication) can be used as an example.

Referring to FIG. 10, receiving terminal 36 sends an authentication request to key server 32 (step C1).

Next, the key server 32 transmits an authentication request to an authentication server (also called a RADIUS server, not shown in FIGS. 6 and 7) (step C2).

The authentication server verifies whether or not the receiving terminal 36 belongs to a pre-registered member (step C3).

If the receiving terminal 36 has already been registered, the authentication server sends a notification of "authentication OK" to the key server 32 (step C4).

When the key server 32 receives the "authentication OK" notification, it further transmits the notification to the receiving terminal 36 (step C5).

Through the above procedure, authentication of the receiving terminal 36 by the key server 32 (step B4 in FIG. 9) is completed.

Returning to FIG. 9, the key provider 42 of the key server 32 and the key receiver 50 of the receiving terminal 36 establish SSL communication (step B5). At this time, a server certificate for the key server 32 and a client certificate for the receiving terminal 36 are used. Since communication based on SSL is publicly known, detailed description thereof will be omitted.

When SSL communication is established, the key providing unit 42 of the key server 32 transmits the common key to the key receiving unit 50 of the receiving terminal 36 (step B6).

The decrypting unit 54 of the receiving terminal 36 decrypts the information included in the advertisement packet using the updated common key received by the key accepting unit 50 (step B7).

[effect]
According to the wireless communication system of this embodiment, it is possible to improve the security of communication between the beacon terminal 34 and the receiving terminal 36 that perform BLE communication. This is because the beacon terminal 34 uses it to encrypt the identifier of the beacon terminal 34 included in the advertisement packet, and the common key used by the receiving terminal 36 for decryption is updated by the key server 32 at a predetermined timing. Therefore, even if the common key is leaked, the security problem will only occur temporarily.

Further, in this embodiment, a relay station 38 that relays the shared key updated by the key server 32 is provided, and the beacon terminal 34 receives the shared key updated by the key server 32 via the relay station 38 that can be connected to the WAN. accept. As a result, even when the beacon terminal 34 cannot be connected to a LAN (Local Area Network)/WAN (Wide Area Network) or the like, it is possible to update the common key that the beacon terminal 34 uses for encryption.

In addition, relay station 38 may receive a common key from key server 32 via SSL communication established between key server 32 and relay station 38 . The receiving terminal 36 also receives the common key from the key server 32 via SSL communication established between the receiving terminal 36 and the key server 32 . Thereby, it is possible to safely distribute the shared key updated by the key server 32 to the beacon terminal 34 and the receiving terminal 36 .

<Embodiment 2>
Next, a wireless communication system according to the second embodiment will be described in detail with reference to the drawings. In the first embodiment, the user manually sends the key from the relay station to the beacon terminal. In this embodiment, key distribution from relay stations to beacon terminals is automated.

[Constitution]
FIG. 11 is a diagram illustrating the configuration of a wireless communication system according to this embodiment. Referring to FIG. 11 , the wireless communication system comprises key server 32 , relay station 39 , beacon terminal 35 and receiving terminal 36 . The configurations of the key server 32 and the receiving terminal 36 are the same as in the first embodiment. The following description focuses on differences between the present embodiment and the first embodiment.

In this embodiment, between the relay station 39 and the beacon terminal 35, WiFi (Wireless Fidelity) connection setting based on a passphrase (for example, WPA2 (WiFi Protected Access 2) encryption setting) is completed in advance, and always It is assumed that a connection has been established.

Referring to FIG. 11 , the relay station 39 of this embodiment includes a key reception section 56 and a key transmission section 59 . When the key reception unit 56 receives the common key from the key server 32, the key transmission unit 59 notifies the beacon terminal 35 to that effect. Further, upon receiving a request for the common key from the beacon terminal 35 , the key transmission unit 59 transmits the common key to the beacon terminal 35 .

Referring to FIG. 11 , the beacon terminal 35 of this embodiment includes a key reception section 45 , an encryption section 46 and a packet transmission section 48 . When the relay station 39 receives a notification that the relay station 39 has received the common key from the key server 32, the key reception unit 45 requests the relay station 39 for the common key. Further, the key accepting unit 45 receives the common key transmitted from the relay station 39 in response to the request, and provides the common key to the encryption unit 46 .

[motion]
Next, the operation of distributing the common key to the beacon terminal 35 in the wireless communication system of the embodiment will be described. FIG. 12 is a sequence diagram illustrating such operations.

The key server 32 transmits the common key to the relay station 39 via the SSL communication path when the common key is generated (step A1) or when the common key expires (steps A2, A3).

When the key reception unit 56 receives a new or updated common key from the key server 32, the key transmission unit 59 of the relay station 39 notifies the beacon terminal 35 of the issuance of the common key via WiFi (step A6).

Upon receiving such notification, the key reception unit 45 of the beacon terminal 35 requests the relay station 39 for the common key (step A7).

Then, the key transmission unit 59 of the relay station 39 transmits the common key to the beacon terminal 35 via WiFi (for example, WPA2 encrypted), and the key reception unit 45 of the beacon terminal 35 receives the common key (step A8). .

The beacon terminal 35 starts using the received common key when it newly receives the common key. Moreover, a beacon terminal updates the common key in use with the received common key, when the common key already in use exists.

[effect]
According to this embodiment, distribution of the common key to the beacon terminals 35 is automated. Therefore, unlike the first embodiment, it is possible to save the user the trouble of periodically referring to the display of the relay station and manually inputting the common key to the beacon terminal. In addition, in this embodiment, when distributing the common key to the beacon terminal, SSL communication is used between the key server and the relay station, and WiFi communication encrypted by WPA2 or the like is used between the relay station and the beacon terminal. Use This makes it possible to safely distribute the common key.

<Embodiment 3>
Next, a radio communication system according to the third embodiment will be described in detail with reference to the drawings. In the wireless communication systems according to the first and second embodiments, when the receiving terminal detects that the common key issued or updated by the key server has expired (step B3 in FIG. 9), it receives a new common key from the key server. (steps B4 to B6). On the other hand, in this embodiment, when the receiving terminal detects that the common key does not match between the beacon terminal and the receiving terminal, it acquires a new common key from the key server. In this embodiment, as an example, an example in which such a function is applied to the second embodiment will be described. However, such functions can be similarly applied to the first embodiment. In addition, in this embodiment, it is assumed that the beacon terminal holds the latest common key updated by the key server.

[Constitution]
FIG. 13 is a diagram illustrating the configuration of a wireless communication system according to this embodiment. Referring to FIG. 13 , the wireless communication system comprises key server 32 , relay station 39 , beacon terminal 60 and receiving terminal 37 . The configurations of the key server 32 and the relay station 39 are the same as in the second embodiment. Below, the difference between the present embodiment and the second embodiment will be mainly described.

Referring to FIG. 13 , the beacon terminal 60 of this embodiment includes a key reception section 45 , an encryption section 47 and a packet transmission section 48 . The encryption unit 47 encrypts the identifier of the beacon terminal 60 using the common key accepted by the key acceptance unit 45 . The encryption unit 47 also applies a predetermined hash algorithm to the identifier of the beacon terminal 60 to obtain a hash value. Further, the encryption unit 47 generates an advertisement packet containing the encrypted identifier and the calculated hash value (for example, including the encrypted identifier with the calculated hash value added to the beginning). do. Here, the encryption unit 47 uses hash algorithms such as MD5 (Message Digest Algorithm 5), SHA1 (Secure Hash Algorithm 1), SHA-256, SHA-384, SHA-512, RIPEMD-160 (RACE Integrity Primitives Evaluation Message Digest 160) or the like can be used.

Referring to FIG. 13, the receiving terminal 37 of this embodiment comprises a packet receiving section 52, a decrypting section 55 and a key accepting section 50. FIG. The decryption unit 55 separates the encrypted identifier from the hash value included in the advertisement packet received by the packet reception unit 52 . Also, the decryption unit 55 decrypts the encrypted identifier using the common key. Further, the decryption unit 55 applies the same hash algorithm as that used by the encryption unit 47 of the beacon terminal 60 to the decrypted identifier to calculate a hash value. Here, the decoding unit 55 compares the calculated hash value with the hash value extracted from the advertisement packet. When both hash values match, the decoding unit 55 grasps that the common key held by the beacon terminal 60 and the common key held by the receiving terminal 37 match. On the other hand, when both hash values do not match, the decoding unit 55 determines that the common key held by the beacon terminal 60 and the common key held by the receiving terminal 37 do not match. If it is determined that they do not match, the decoding unit 55 instructs the key receiving unit 50 to newly receive a common key from the key server 32 . The key accepting unit 50 accepts the common key updated by the key server 32 in response to such an instruction.

[motion]
Next, the operation of distributing the common key to the receiving terminal 37 in the wireless communication system of the embodiment will be described. FIG. 14 is a sequence diagram illustrating such operations.

Referring to FIG. 14, the beacon terminal 60 transmits an advertisement packet containing the identifier of the beacon terminal 60 encrypted using the common key and the hash value of the identifier (step B8).

The receiving terminal 37 separates the encrypted identifier from the hash value contained in the received advertisement packet, and decrypts the encrypted identifier using the common key (step B9). Furthermore, the receiving terminal 37 applies the same hash algorithm as the beacon terminal 60 to the decrypted identifier to calculate a hash value. Here, when the calculated hash value and the hash value included in the advertisement packet do not match, the receiving terminal 37 determines that the common key held by the beacon terminal 60 and the common key held by the receiving terminal 37 do not match. (step B10). After making such determination, the receiving terminal 37 receives a new common key from the key server 32 (steps B4 to B6) in the same manner as in the first embodiment (see FIG. 9).

[effect]
In this embodiment, when the receiving terminal detects a match between the common key held by the beacon terminal and the common key held by the receiving terminal, it receives a new common key from the key server. According to such a configuration, it is possible to resolve the mismatch between the two common keys. Further, in this embodiment, the receiving terminal detects a mismatch of the common key based on the advertisement packet received from the beacon terminal. Therefore, when the key server distributes the common key, it is no longer necessary to notify the information about the expiration date.

<Modification>
The following modifications are possible for the above embodiment.

In the above embodiment, a configuration has been described in which a common key is distributed to beacon terminals via a relay station. However, it is also possible to omit the relay station by assuming that a specific receiving terminal among the plurality of receiving terminals (for example, the receiving terminal of the operator who installed the beacon terminal) bears the function of the relay station.

Also, the key server in the above embodiment can be shared among a plurality of beacon terminals installed by a plurality of businesses. At this time, the key server may generate a separate common key for each different beacon terminal, or may distribute the same common key to a plurality of beacon terminals.

When updating the common key for a single operator, the key server may be omitted and the relay station may perform the function of the key server. In this case, if secure communication can be established between the beacon terminal and the receiving terminal, the relay station is also omitted, the beacon terminal itself updates the common key, and the updated common key is transmitted to the receiving terminal. can also be distributed to At this time, the beacon terminal serves as an advertiser that generates an advertisement packet, and at the same time plays a role of a key update server.

In addition, in this invention, the following forms are possible.
[Mode 1]
This is the wireless communication system according to the first aspect.
[Mode 2]
A relay station that relays the shared key updated by the server;
the first terminal receives the shared key updated by the server via the relay station;
The wireless communication system according to aspect 1.
[Mode 3]
The relay station receives the shared key updated by the server from the server via Secure Socket Layer (SSL) communication established between the server and the relay station.
The wireless communication system according to aspect 2.
[Mode 4]
The relay station displays the common key received from the server,
the first terminal accepts input of a common key by a user;
The radio communication system according to mode 2 or 3.
[Mode 5]
When the relay station receives the common key from the server, the relay station notifies the first terminal to that effect,
the first terminal acquires the common key from the relay station in response to the notification;
The radio communication system according to mode 2 or 3.
[Mode 6]
the second terminal receives a common key updated by the server from the server via SSL communication established between the server and the second terminal;
6. The wireless communication system according to any one of modes 1 to 5.
[Mode 7]
The server updates the common key at a predetermined cycle,
7. The wireless communication system according to any one of modes 1 to 6.
[Mode 8]
The server uses a message digest obtained by inputting a code assigned to each business operator and a common key before updating as a message and a key into a one-way hash function, respectively, as a common key after updating.
8. The radio communication system according to any one of modes 1 to 7.
[Mode 9]
The second terminal acquires a new common key from the server when the expiration date given to the common key updated by the server expires.
9. The wireless communication system according to any one of modes 1 to 8.
[Mode 10]
The first terminal transmits a hash value obtained by applying a predetermined hash algorithm to the predetermined information in the packet,
If the hash value included in the packet and the hash value obtained by applying the predetermined hash algorithm to the decrypted value of the predetermined information included in the packet do not match, the second terminal causes the server to obtain a new common key from
10. The wireless communication system according to any one of modes 1 to 9.
[Mode 11]
The first terminal is a beacon terminal that transmits, based on BLE (Bluetooth Low Energy), an advertisement packet containing the identifier of the first terminal encrypted using the shared key updated by the server. can be,
The second terminal has an application that acquires and displays information from a distribution server using the identifier of the first terminal,
11. The wireless communication system according to any one of modes 1 to 10.
[Mode 12]
It is as the server which concerns on the said 2nd aspect.
[Mode 13]
The key providing unit provides the common key updated by the key updating unit to the first terminal via a relay station that relays it.
The server according to aspect 12.
[Mode 14]
The key providing unit transmits the common key updated by the key updating unit to the relay station via SSL communication established with the relay station.
The server according to form 13.
[Mode 15]
The key providing unit transmits the common key updated by the key updating unit to the second terminal via SSL communication established with the second terminal.
15. The server according to any one of aspects 12-14.
[Mode 16]
The key update unit updates the common key at a predetermined cycle,
A server according to any one of aspects 12-15.
[Mode 17]
The key update unit uses a message digest obtained by inputting a code assigned to each business operator and a common key before update into a one-way hash function as a message and a key, respectively, as a common key after update.
17. The server according to any one of aspects 12-16.
[Mode 18]
It is as the 1st terminal which concerns on the said 3rd aspect.
[Mode 19]
the key reception unit receives input of a common key by a user;
The first terminal according to aspect 18.
[Form 20]
When the key reception unit receives a notification from a relay station that relays the common key updated by the server that the common key has been received from the server, the key reception unit acquires the common key updated by the server from the relay station.
The first terminal according to aspect 18.
[Mode 21] BLE communication by beacon terminal A beacon that transmits an advertisement packet including the identifier of the first terminal encrypted using the shared key updated by the server based on BLE (Bluetooth Low Energy) is a terminal,
21. The first terminal according to any one of aspects 18-20.
[Form 22]
It is as the second terminal according to the fourth aspect.
[Form 23]
The key reception unit receives a common key updated by the server from the server via SSL communication established between the server and the second terminal.
The second terminal according to aspect 22.
[Form 24]
The key reception unit acquires a new common key from the server when the expiration date given to the common key updated by the server expires.
A second terminal according to aspect 22 or 23.
[Form 25]
The first terminal transmits a hash value obtained by applying a predetermined hash algorithm to the predetermined information in the packet,
If the hash value included in the packet and the hash value obtained by applying the predetermined hash algorithm to the decrypted value of the predetermined information included in the packet do not match, the key reception unit receives the to obtain a new common key,
A second terminal according to any one of aspects 22-24.
[Form 26]
The first terminal is a beacon terminal that transmits, based on BLE (Bluetooth Low Energy), an advertisement packet containing the identifier of the first terminal encrypted using the shared key updated by the server. can be,
The second terminal has an application that acquires and displays information from a distribution server using the identifier of the first terminal,
A second terminal according to any one of aspects 22-25.
[Form 27]
This is the wireless communication method according to the fifth aspect.
[Form 28]
This is the wireless communication method according to the sixth aspect.
[Form 29]
This is the wireless communication method according to the seventh aspect.
[Mode 30]
This is the wireless communication method according to the eighth aspect.
[Mode 31]
It is as the program according to the above ninth aspect.
[Mode 32]
It is as the program according to the tenth aspect.
[Mode 33]
It is as the program according to the eleventh aspect.

It should be noted that the entire disclosure contents of the above patent documents and non-patent documents are incorporated herein by reference. Within the framework of the full disclosure of the present invention (including the scope of claims), modifications and adjustments of the embodiments are possible based on the basic technical concept thereof. Also, various combinations or selections of various disclosure elements (including each element of each claim, each element of each embodiment, each element of each drawing, etc.) are possible within the framework of the full disclosure of the present invention. be. That is, the present invention naturally includes various variations and modifications that can be made by those skilled in the art according to the entire disclosure including claims and technical ideas. In particular, any numerical range recited herein should be construed as specifically recited for any numerical value or subrange within that range, even if not otherwise stated.

2 Server 4 Terminal 6 Terminal 8 Relay station 10 Key updating unit 12 Key providing unit 14 Key receiving unit 16 Encryption unit 18 Packet transmission unit 20 Key reception unit 22 Packet reception unit 24 Decryption unit 32 Key server 34, 35, 60 Beacon terminal 36, 37 receiving terminals 38, 39 relay station 40 key updating unit 42 key providing units 44, 45 key accepting units 46, 47 encrypting unit 48 packet transmitting unit 50 key accepting unit 52 packet receiving units 54, 55 decrypting unit 56 key accepting Unit 58 Display unit 59 Key transmission unit

Claims (13)

a server that updates the common key at a predetermined timing;
a first terminal that transmits a packet containing predetermined information encrypted using a common key updated by the server to a second terminal based on short-range wireless communication technology;
a relay station that relays the shared key updated by the server;
with
The relay station displays the server-updated common key received from the server,
The first terminal receives input of a common key updated by the server by the user,
The second terminal receives the packet from the first terminal, and decrypts predetermined information included in the packet using the shared key updated by the server.
A wireless communication system characterized by: The relay station receives the shared key updated by the server from the server via Secure Socket Layer (SSL) communication established between the server and the relay station.
A wireless communication system according to claim 1 . When the relay station receives the common key from the server, the relay station notifies the first terminal to that effect,
the first terminal acquires the common key from the relay station in response to the notification;
The radio communication system according to claim 1 or 2. the second terminal receives a common key updated by the server from the server via SSL communication established between the server and the second terminal;
A radio communication system according to any one of claims 1 to 3. The server updates the common key at a predetermined cycle,
A radio communication system according to any one of claims 1 to 4. The server uses a message digest obtained by inputting a code assigned to each business operator and a common key before updating as a message and a key into a one-way hash function, respectively, as a common key after updating.
A radio communication system according to any one of claims 1 to 5. The second terminal acquires a new common key from the server when the expiration date given to the common key updated by the server expires.
A radio communication system according to any one of claims 1 to 6. The first terminal transmits a hash value obtained by applying a predetermined hash algorithm to the predetermined information in the packet,
If the hash value included in the packet and the hash value obtained by applying the predetermined hash algorithm to the decrypted value of the predetermined information included in the packet do not match, the second terminal causes the server to obtain a new common key from
A radio communication system according to any one of claims 1 to 7. The first terminal is a beacon terminal that transmits, based on BLE (Bluetooth Low Energy), an advertisement packet containing the identifier of the first terminal encrypted using the shared key updated by the server. can be,
The second terminal has an application that acquires and displays information from a distribution server using the identifier of the first terminal,
A radio communication system according to any one of claims 1 to 8. a key reception unit that receives input by a user of the common key that is updated by the server at a predetermined timing and received and displayed by the relay station;
an encryption unit that generates a packet containing predetermined information encrypted using the common key;
a second terminal that receives the packet from the first terminal and decrypts predetermined information contained in the packet using a common key generated by the server; a packet transmitter that transmits based on
A first terminal characterized by: a step in which the server updates the common key at a predetermined timing;
the relay station displaying the server-updated common key received from the server;
a step in which a first terminal receives an input of a common key updated by the server by a user;
a step in which the first terminal transmits a packet containing predetermined information encrypted using the shared key updated by the server based on short-range wireless communication technology;
a second terminal receiving the packet from the first terminal and decrypting predetermined information contained in the packet using the shared key updated by the server;
A wireless communication method characterized by: a step in which the first terminal accepts input by the user of the common key updated by the server at a predetermined timing and received and displayed by the relay station;
generating a packet containing predetermined information encrypted using the common key;
short-range wireless communication technology for transmitting the packet to a second terminal that receives the packet from the first terminal and decrypts predetermined information contained in the packet using a common key generated by the server; transmitting based on
A wireless communication method characterized by: A process of accepting input by a user of a common key that is updated by a server at a predetermined timing and received and displayed by a relay station for a computer provided in a first terminal;
generating a packet containing predetermined information encrypted using the common key;
short-range wireless communication technology for transmitting the packet to a second terminal that receives the packet from the first terminal and decrypts predetermined information contained in the packet using a common key generated by the server; and cause to be executed based on
A program characterized by:

Images