JP2006101073A - Wireless lan system and security improving method used for the wireless lan system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a wireless LAN system which neither increases loads on equipment that a user uses and communication data nor significantly increases the operating and processing costs, etc., and can surely prevent a radio waves used for communication from leaking and used, and also surely improve the security. <P>SOLUTION: The wireless LAN system for wireless communication with equipment 230 that the user uses in a prescribed communication network 210 via the radio wave 110 for communication emits radio wave for protection, excluding the use of the radio wave 110 for communication by an external user, in a space 310 outside the communication network space 210 for protecting the radio wave 110 for communication used in the communication network 210, from being used by the external user. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention wirelessly communicates with a device such as a portable terminal or a personal computer (PC) compatible with an IP used by a user in a specific communication network space such as a company premises, a building, a room, a small space, or a personal residence. BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a wireless LAN system for communication and a security improvement method used for the wireless LAN system. In particular, a specific communication network space in which the wireless LAN system can be used and an external space are reliably separated, and an external person can communicate with the communication network. The present invention relates to a wireless LAN system that protects radio waves transmitted and received inside a space from being intercepted and from entering an internal network, and a security improvement method used for the wireless LAN system.

http://it.jeita.or.jp/perinfo/committee/pc/wirelessLAN2/2.html JETA wireless LAN problems http://internet.watch.impress.co.jp/cda/news/2003/08/20/192.html Kumahira Wireless LAN Shield Office http://www.macniac.net/airespase/airespase.html Airespase materials Wireless LAN output adjustment

  Conventionally, this type of local area network (LAN) system is compatible with base stations and IP used by users in specific communication network spaces such as company premises, buildings, rooms, small spaces, and private houses. It is possible to communicate with devices such as portable terminals and personal computers (PCs).

  Compared to a wired LAN such as Ethernet (registered trademark), the above wireless LAN system does not require the troublesome work of laying a LAN cable when constructing a LAN, and increases or decreases the number of terminal devices used by the user, It has an excellent feature that it can flexibly cope with changes in the arrangement of terminal devices, and has been widely used.

  Such a wireless LAN system communicates information such as voice and data by transmitting and receiving radio waves of a specific wavelength between the base station and the terminal device. As long as the radio waves used for communication reach within the range, not only a specific user but also a third party can eavesdrop on the communication contents or a third party may enter the network built by the wireless LAN system. Therefore, personal computer (PC) or server files may be stolen, and security measures are required to prevent information leakage.

  Furthermore, in the wireless LAN system, a malicious attacker can use this situation to launch a DOS attack on the inside of the network constructed by the wireless LAN system, or to sabotage (destructive work) by virus injection. In addition, there is a risk that important data inside the company may be stolen by using a weakness of security, and further security measures are required.

  Therefore, in order to improve the security of the wireless LAN system, the following various techniques have already been proposed and put into practical use.

  First, in Non-Patent Document 1, in order to improve the security of the wireless LAN system, a specific password is used when encrypting a signal communicated with the wireless LAN system or accessing the wireless LAN system. There has been proposed a configuration in which an authentication system for requesting input of a user ID or requesting authentication of a fingerprint is added.

  More specifically, encryption means data converted based on a predetermined rule. The procedure for generating this data is called “encryption”, and the procedure for restoring the encrypted data to “original” is called “encryption”. Say “decryption”. Since the encrypted data cannot be restored to the original data without knowing the determined rules, security can be improved.

  Further, specific encryption techniques include those called WEP (Wired Equivalent Privacy), WEP2, or IPsec (IP Security). WEP and WEP2 are one of the “encryption” methods standardized by the wireless LAN standard (IEEE 802.11), and the literal translation is “a privacy function equivalent to a wired LAN”. It is an effective means. By setting WEP, even if a radio wave is intercepted by a third party, the contents of the data cannot be read unless the encryption is decrypted, and the wireless LAN cannot be penetrated.

IPsec is a technique for improving security by encrypting and authenticating IP packets in a TCP / IP environment. This IPsec is based on L2TP (Layer2 Tunneling
Unlike the tunneling protocol in the data link layer such as Protocol), it operates in the network layer.

  On the other hand, in the above authentication system, it is confirmed whether the user or device connected to the wireless LAN system is a user or device permitted to connect to the LAN, and connection is possible only after being approved.

  This authentication system includes SSID and MAC address filtering. The SSID is an ID for identifying a connection destination network, and can be set within a range of up to 32 alphanumeric characters. Communication is possible by setting an SSID in a wireless access point and setting the same SSID in a personal computer (PC) connected to the wireless access point.

  The MAC address is a number assigned to a card for connecting to all networks, and is represented by a 12-digit hexadecimal number (48 bits). The first 24 bits are IDs unique to the manufacturer, and the last 24 bits are serial numbers within each manufacturer. Different values are set for all network cards, making this unique number unique to the world. ing. Then, by registering the MAC address of the wireless LAN card in the wireless access point, it becomes impossible to connect to the wireless access point except for an authorized personal computer (PC), and this function is called MAC address filtering. .

  Secondly, in Non-Patent Document 2, a building or room where a wireless LAN system is used, or a small space is made of a material that completely blocks radio waves used in the wireless LAN system, A method for improving security by applying processing has been proposed. In this method, a shield cloth is stretched on the wall or ceiling of a space such as an office, and a shield film is stretched on the glass to prevent radio waves from leaking from a specific network space such as an office. It is composed.

  Thirdly, in Non-Patent Document 3 described above, by reducing the intensity of radio waves radiated from a wireless base station of a wireless LAN system from about 100 mW to about 50 mW or 25 mW, communication is performed outside a specific building. There has been proposed a method for improving security by making the configuration difficult.

  However, the above prior art has the following problems. That is, in the case of the technique disclosed in the first non-patent document 1, in order to improve the security of the wireless LAN system, an encryption or authentication system is added to the wireless LAN system. However, in the case of such technology, although it can contribute to improvement of security, communication data increases due to encryption and authentication system, etc., or for decryption of encryption and complicated authentication, etc. This increases the load on the CPU, memory, battery, etc., and there is a problem that the operation is accompanied by a significant increase in cost.

  In the case of the technique disclosed in the second non-patent document 2, security is improved by applying materials and processing to buildings, rooms, and small spaces that completely block radio waves of the wireless LAN system. Although it is possible to prevent radio waves from leaking from office walls, ceilings, window glass, etc., radio waves can be emitted from slight openings such as office doors and air conditioning vents. Therefore, it is difficult to completely prevent the leakage, and it is difficult to sufficiently improve the security, and the processing cost is very high.

  Furthermore, in the case of the technique disclosed in the third non-patent document 3, the strength of the radio wave transmitted by the radio base station is weakened, making it difficult to communicate with the outside of the building. By weakening the strength of radio waves transmitted by wireless base stations, the strength of radio waves can be weakened even in a specific communication network space, and the S / N ratio can be deteriorated or communication data can be lost such as dropped packets. In addition to the above, even if the strength of the radio wave transmitted by the wireless base station is weakened, there is a fatal security problem that wiretapping is possible if a highly sensitive receiver is used. ing.

  Therefore, the present invention has been made to solve the above-described problems of the prior art, and the object of the present invention is to increase the load of equipment and communication data used by the user, as well as to reduce the operational and processing costs. The radio waves used for communication can be reliably prevented from leaking outside and used, and security can be improved reliably. It is an object of the present invention to provide a wireless LAN system that can be arbitrarily combined with a conventional security technique and can further improve security, and a security improvement method used for the wireless LAN system.

In order to achieve the above object, the invention described in claim 1 is a wireless LAN system for performing wireless communication with a device used by a user inside a specific communication network space via a communication radio wave. In the space outside the communication network space, the communication radio wave used in the communication network space is transmitted to the external user by radiating a protective radio wave that excludes external users from using the communication radio wave. It is a wireless LAN system characterized by protection from

  Examples of the specific communication network space include a company premises, a building, a room, a small space, or a private house. In this specific communication network space, communication using a wireless LAN system is possible. The present invention is for improving the security of the wireless LAN system.

  Further, as a device used by a user inside the specific communication network space, for example, a portable terminal corresponding to IP such as a portable terminal of an IP (Internet Protocol) telephone, a personal computer (PC), or a PDA (PDA) Personal Digital Assistants), but is not limited to these.

  Further, the communication radio wave includes a 2.4 GHz band radio wave used in the IEEE 802.11b / g standard, a 5.2 GHz band radio wave used in the IEEE 802.11a standard, and the like.

  The space outside the communication network space means a space other than a specific communication network space, and does not necessarily mean all spaces other than the communication network space. That is, the present invention is intended to improve the security of communication performed inside the communication network space, so it is not necessary to take security measures even in a space other than the communication network space. For example, if a part of the space other than the communication network space faces the sea or cliff, it can be considered except for the space, but security measures are also taken for such space. Of course, it is also good.

  Furthermore, the use of radio waves for communication by external users literally means that external users use radio waves for communication. External users can eavesdrop on communication contents or use external radio waves. In addition to leaking information as a result of a person entering the network built by a wireless LAN system and stealing personal computer (PC) files or server files, malicious attacks Perform DOS attacks on the inside of a network constructed by a wireless LAN system, sabotage by virus injection, or steal important internal data using security weaknesses. This includes all actions that can be problematic in terms of security measures.

  In addition, as long as external users use radio waves for communication, even if they are bona fide, they are included, and for external bona fide users, the use of protective radio waves Is intended.

  Further, the protection radio wave that excludes external users from using the communication radio wave includes all radio waves that exclude external users from using the communication radio wave. The strength of the protective radio wave is not limited to the radio wave having the same frequency as that of the radio wave for communication or the frequency of the radio wave causing interference with the communication radio wave. It is desirable that the intensity is stronger than the radio wave for communication.

  Furthermore, the antenna that radiates the protective radio wave may be a directional antenna such as a patch antenna or a coaxial leakage cable, or a non-directional antenna such as a rod antenna. Also good.

  Further, the information transmitted by the protection radio wave is not particularly limited, but a warning is given to a third party who attempts to use the communication radio wave for constructing the wireless LAN system, and information on the connected terminal is obtained. It may be one that detects unauthorized invaders in advance by constantly monitoring. If it is determined to be an unauthorized intruder, a large number of packets are sent from a personal computer (PC) or server connected to the network space that radiates protective radio waves to interfere with communication, And information for taking measures such as prohibiting access to the communication network.

  Furthermore, as information to be transmitted by the above-mentioned protective radio wave, considering the active use, as a service to the surroundings, the network constructed with the protective radio wave is an independent network. The website may be used for advertisement activities, or may be provided with a chargeable or free Internet connection service to specific residents and visitors. The protection radio wave may be linked with a specific terminal to provide information such as road guidance to buildings, periodic updates, and signs.

The security improvement method used for the wireless LAN system according to the present invention is a security used for a wireless LAN system for performing wireless communication with a device used by a user inside a specific communication network space via a communication radio wave. In the improvement method,
In a space outside the communication network space, at least when a communication using a communication radio wave is performed in the communication network space, an external user is excluded from using the communication radio wave. A security improvement method used in a wireless LAN system, wherein a radio wave is radiated to protect a communication radio wave used in the communication network space from an external user to improve security.

  According to the present invention, there is no increase in the load of equipment and communication data used by the user, and the operation and processing costs are not significantly increased. Moreover, radio waves used for communication leak outside and are used. Can be surely prevented, security can be improved reliably, can be arbitrarily combined with the above-described conventional security technology, and security can be further improved A wireless LAN system and a security improvement method used for the wireless LAN system can be provided.

  In addition, according to the present invention, as a secondary effect, information is provided to neighboring residents and information is provided to visitors by effectively using protective radio waves in a space outside the communication network space. Service etc. become possible.

  Embodiments of the present invention will be described below with reference to the drawings.

Embodiment 1
FIG. 1 is a configuration diagram showing a wireless LAN system to which a security improvement method used in a wireless LAN system according to Embodiment 1 of the present invention is applied.

  As shown in FIG. 1, the wireless LAN system 100 is roughly divided into a host network 200 that is an original communication network whose security is to be improved, and an external network in order to increase the security of the host network 200. The access network is configured with a visitor network 300 that excludes external users from using communication radio waves used in the host network 200 by, for example, preferentially connecting access.

  The host network 200 includes a base station 220 for constructing the communication network space 210 of the wireless LAN system 100, and terminal devices such as a portable terminal 231, a personal computer (PC) 232, or a PDA 233 compatible with the IP used by the user. 230 is a communication network for performing wireless communication with 230. The host network 200 uses any standard such as IEEE 802.11b / g that uses 2.4 GHz band radio waves and IEEE 802.11a that uses 5.2 GHz band radio waves. It may be a thing.

  The host network 200 includes a base station 220 of the wireless LAN system 100 and a plurality of servers 240 to 260 that provide information used in the host network 200. The station 220 and the plurality of servers 240 to 260 are connected to each other via a wired LAN 270 so as to communicate with each other.

  As shown in FIG. 1, the base station 220 exchanges information with the control device 221 that controls the operation of the entire base station 220 and the control device 221, and transmits information used in the host network 200. A wireless control device 222 that controls transmission / reception operations, a network interface 223 for the control device 221 to communicate with the wired LAN 270, and a wireless interface 224 that is controlled by the wireless control device 222 to transmit and receive radio waves of a predetermined frequency And a transmitting / receiving rod antenna 225 connected to the wireless interface 224. Of course, an antenna other than a rod antenna may be used as an antenna for transmission and reception.

  The first server 240 includes a SIP server 241, a database 242 for storing data handled by the SIP server 241, and a network interface 243 for the SIP server 241 to communicate with the wired LAN 270.

  Further, the second server 250 includes a groupware server 251, a database 252 that stores data handled by the groupware server 251, and a network interface 253 for the groupware server 251 to communicate with the wired LAN 270. ing.

  The third server 260 includes a WEB server 261, a database 262 for storing data handled by the WEB server 261, and a network interface 263 for the WEB server 261 to communicate with the wired LAN 270.

  The host network 200 can also be connected to the Internet 290 via a Gateway 280 connected to a wired LAN 270, as shown in FIG.

  On the other hand, the visitor network 300 includes a base station 320 that constructs a visitor communication network space 310 different from the wireless LAN system 100, and a plurality of information that provides information used in the visitor network 300. The base station 320 and the plurality of servers 330 to 350 are connected to each other via a wired LAN 360 so that they can communicate with each other. In FIG. 1, the base station 320 that constructs the communication network space 310 for visitors is indicated by a specific figure in which LAN is written in a square. In FIG. 1, a total of eight base stations are shown. It is shown in the figure.

  The base station 320 exchanges information with the control device 321 that controls the operation of the base station 320 and controls information transmission / reception operations used in the visitor network 300. 322, a network interface 323 for the control device 321 to communicate with the wired LAN 360, a wireless interface 324 that is controlled by the wireless control device 322 and transmits / receives radio waves of a predetermined frequency, and is connected to the wireless interface 324. And a rod antenna 325 for transmission / reception. The antenna used in the base station 320 may be a non-directional antenna such as the rod antenna 325, but may be a directional antenna.

  Further, as described above, a total of eight base stations 320 including the base stations 371 to 377 are provided in the illustrated example, and these base stations 320 are connected to each other via a wired LAN 360. . The base station 320 and the base stations 371 to 377 form a visitor communication network space 310 by radio waves radiated from the antenna of the base station.

  Further, the first server 330 includes a SIP server 331, a database 332 for storing data handled by the SIP server 331, and a network interface 333 for the SIP server 331 to communicate with the wired LAN 360.

  Further, the second server 340 includes a groupware server 341, a database 342 for storing data handled by the groupware server 341, and a network interface 343 for the groupware server 341 to communicate with the wired LAN 360. ing.

  The third server 350 includes a WEB server 351, a database 352 for storing data handled by the WEB server 351, and a network interface 353 for the WEB server 351 to communicate with the wired LAN 360.

  The visitor network 300 can be connected to the Internet 390 via a Gateway 380 connected to a wired LAN 350 as shown in FIG.

  By the way, in this embodiment, in a wireless LAN system for performing wireless communication with a device used by a user inside a specific communication network space via a communication radio wave, in a space outside the communication network space, The communication radio wave used in the communication network space is protected from the external user by radiating a protective radio wave that excludes an external user from using the communication radio wave. Yes.

  FIG. 2 is a schematic diagram showing a horizontal section of a communication network space to which the wireless LAN system 100 according to this embodiment is applied.

  That is, in the wireless LAN system 100 according to this embodiment, as shown in FIG. 2, the interior of a building 400 such as a company building is a specific communication network space 210. In the illustrated example, the communication network space 210 is a substantially rectangular space, and the communication network space 210 includes, for example, a base station 220 that constructs the wireless LAN system 100 in the center of the building 400. A transmission / reception rod antenna 225 is provided.

  In the wireless LAN system 100, for example, communication using the 2.4 GHz band communication radio wave 110 of the IEEE 802.11b or 802.11g standard is performed. As shown in Fig. 3, 14ch (channel) is defined as the center frequency from 2.412GHz to 2.484GHz in Japan's 2.4GHz band. In order to interfere, as shown in FIG. 4, it is prescribed that it is necessary to make a pitch of 22 MHz (+3 MHz and 25 MHz).

  Assuming that there is no other base station in the surroundings and only the base station 220 constructing the wireless LAN system 100 exists, the wireless LAN system 100 may use any of the 14 channels (channels). . Here, for example, it is assumed that a communication radio wave 110 having a frequency of 2.412 GHz, which is 1ch (channel), is used.

  Further, outside the building 400 as the specific communication network space 210, a protection radio wave that excludes external users from using the communication radio wave is radiated, thereby being used in the communication network space 210. Communication radio waves are protected from external users.

  Therefore, as shown in FIG. 2, patch antennas 411 to 414 each having directivity are attached to the four corners of the building 400 in a predetermined direction. As shown in FIG. 5, the patch antennas 411 to 414 having these directivities are predetermined on both sides with respect to a center line C standing vertically to the surface of the patch antennas 411 to 414 in the horizontal cross section and the vertical cross section. Are configured to transmit and receive radio waves within a range of angles α and β. Note that, within the hatched range of FIG. 5, for example, communication is possible at a communication rate of 11 Mbps, which is the maximum transmission rate, and communication is possible at a communication rate of, for example, about 1 Mbps within the other white range. It has become. As shown in FIG. 2, each of the directional patch antennas 411 to 414 has a directional one end surface 421 along the side surface of the building 400, and the other end surface 422 has a predetermined angle 2α from the side surface of the building 400. And are arranged to radiate outward.

  The protective radio wave 430 radiated to the outside from the patch antennas 411 to 414 is not particularly limited as long as it can exclude external users from using the communication radio wave 110. It is optional. As the protection radio wave 430, for example, a radio wave having a frequency of 2.412 GHz of 1ch (channel) which is the same frequency as the radio wave 110 used in the wireless LAN system 100 is used. Further, the protective radio wave 430 may not be the same frequency as the communication radio wave 110 but may be a frequency causing interference with the communication radio wave 110.

  In this embodiment, since the frequency of the communication radio wave 110 is set to 2.412 GHz, the protection radio wave 430 is a 5ch (channel) within 2.432 GHz that causes interference with the communication radio wave 110. Any frequency is acceptable.

  In addition, the intensity of the protection radio wave 430 is not particularly limited, and is preferably about the same or higher than that of the communication radio wave 110. A sufficient effect can be expected even at a strength of about １ ／. It should be noted that, when the protective radio wave 430 is used for advertisements or advertisements as will be described later, it is desirable that the protection radio wave 430 has a sufficient strength in consideration of convenience and the like.

  In addition, as information to be transmitted by the protection radio wave 430 radiated from the patch antennas 411 to 414, for example, a warning is issued to a third party who attempts to use the communication radio wave 110 for constructing the wireless LAN system 100. It may be one that detects unauthorized intruders in advance by constantly monitoring information of connected terminals.

  In this case, the information of the terminal connected via the protective radio wave 430 is constantly monitored by the first to third servers 330 to 350, and the information of the connected terminal is analyzed and connected. You may comprise so that the address of a terminal, etc. may be detected.

  In addition, when it is determined that the intruder is an unauthorized intruder, a large amount of packets are sent from the Gateway 380 or the servers 330 to 350 connected to the network space 310 that radiates the protection radio wave 430, and communication is interrupted. The station 320 may be instructed to take measures such as prohibiting access to the communication network 210.

  Furthermore, as information to be transmitted by the protective radio wave 430, taking into account active use, as a service to the surroundings, utilizing the fact that the network constructed with the protective radio wave is an independent network, A company homepage may be used, used for advertising activities, or an Internet connection service may be provided for a specific local resident or visitor for a fee or free of charge. In addition, in cooperation with a specific terminal, it may be configured to provide information such as road guidance to buildings, announcements to be updated regularly, and signs.

  As a result, it is possible to eliminate the use of the communication radio wave 110 used in the specific communication network space 200 by an external user, and the communication radio wave 110 used in the communication network space 210 can be externally used. It is possible to protect from users.

  FIG. 6 is a block diagram showing a modification of the first embodiment.

  In this modified example, in addition to the embodiment shown in FIG. 2, patch antennas 421 having four directivities directed in opposite directions to the patch antennas 411 to 414 shown in FIG. 424 is added, and a space is not generated in the protective radio wave 430 in the space outside the building 400.

  FIG. 7 is a configuration diagram showing still another modification of the first embodiment.

  In this modified example, in addition to the embodiment shown in FIG. 6, patch antennas 431 to 434 having four directivities directed outward in a direction perpendicular to the respective wall surfaces at the center of each wall surface of the building 400. In addition, there is no gap in the protective radio wave 430 in the space outside the building 400, and protection that enables communication around the building 400 at a maximum transmission speed of 11 Mbps. By surrounding with the radio wave 430, access to the network space 310 from the outside is more reliably prevented.

  In the above configuration, in the wireless LAN system to which the security improvement method used in the wireless LAN system according to this embodiment is applied, the load of equipment and communication data used by the user is increased as follows. And processing costs are not significantly increased, and it is possible to reliably prevent radio waves used for communication from leaking to the outside and to improve security. It is possible to arbitrarily combine with the above-described conventional security technology, and it is possible to further improve the security.

  That is, the wireless LAN system 100 according to this embodiment includes a base station 220 and a base station 220 in a specific communication network space 210 such as a building 400 such as a company building as shown in FIG. It is used for wireless communication with a terminal device 230 such as a portable terminal 231, a personal computer (PC) 232, or a PDA 233 corresponding to the IP used by the user.

  At that time, if no security measures are taken, the communication radio wave 110 used in the specific communication network space 210 leaks outside the building 400, and an external user can wiretap the communication contents. Intrusion into the network constructed by the wireless LAN system 100 and theft of personal computer (PC) or server files may lead to information leakage.

  Therefore, in the wireless LAN system 100 according to this embodiment, as shown in FIG. 2, patch antennas 411 to 414 having directivity are arranged at each corner portion outside the building 400, and the communication network space 210 A protective radio wave 430 that excludes external users from using the communication radio wave 110 is radiated to the external space. Therefore, even if an external user tries to access the communication radio wave 110 used in the wireless LAN system 100, the outside of the communication network space 210 is covered with the visitor communication network space 310 without any gaps. An external user cannot use the communication radio wave 110 and is excluded.

  Therefore, even if an external user attempts to access the communication radio wave 110, the user is inevitably connected to the visitor's communication network space 310. It is impossible for a personal computer (PC) or a server file to be stolen by intruding into the network constructed by the system 100.

  As described above, in the wireless LAN system 100 according to the above-described embodiment, as shown in FIG. 1, it is only necessary to construct a communication network space 310 for a visitor, thereby increasing the load of equipment and communication data used by the user. Without any significant increase in operational and processing costs, and it is possible to reliably prevent the radio waves used for communication from leaking to the outside and using them to improve security. It is possible.

  Further, in the wireless LAN system 100 according to the above-described embodiment, a technique for blocking leakage of radio waves from a building or room where a wireless LAN system is used or a small space, combined with a conventional encryption or authentication system, or the like. It is possible to further improve security.

Embodiment 2
FIG. 8 shows a second embodiment of the present invention. The same parts as those of the first embodiment will be described with the same reference numerals. In the second embodiment, a wireless LAN system is used. When a specific communication network space is a building such as a company building, a visitor communication network space can be constructed in the building with a smaller number of antennas.

  That is, in the second embodiment, as shown in FIG. 8, a patch antenna having directivity is not arranged on a corner or wall surface of a building 400 such as a company building, but a rooftop in the building 400 such as a building. By arranging patch antennas 411 to 414 having directivity of each base station 320 downward along the wall surface of the building 400 in the central part of each side, the number of antennas is smaller. The four patch antennas can cover the entire exterior of the building 400.

  In the case of the second embodiment, since the protective radio wave is radiated downward from the upper part of the building 400, the electric field strength of the radio wave tends to become weaker as it goes downward. In this case, the intensity of the protective radio wave radiated from the directional patch antenna is increased, or the directional patch antenna is placed in the middle of the building as shown in FIG. It is possible to obtain a protective radio wave having a sufficient strength by arranging in the above.

  Since other configurations and operations are the same as those of the first embodiment, the description thereof is omitted.

Embodiment 3
FIG. 10 shows a third embodiment of the present invention. The same reference numerals are given to the same parts as those in the first embodiment. In the second embodiment, a communication network space for visitors is shown. As an antenna for constructing the antenna, an antenna such as a rod antenna having no directivity is used instead of an antenna having directivity.

  That is, in this Embodiment 3, as shown in FIG. 10, it is comprised so that the rod antennas 441-446 with no directivity may be used as an antenna for constructing the communication network space 310 for visitors. As shown in FIG. 11, the non-directional rod antennas 441 to 446 can transmit and receive concentric radio waves in all directions in the vertical section, and in the horizontal section, the rod antenna 441. It is possible to transmit and receive concentric radio waves around ˜446.

  Further, in the third embodiment, as shown in FIG. 10, rod antennas 441 to 446 as antennas of a base station are arranged along the circumferential direction at a predetermined distance on the outer periphery of a specific communication network space 210. The communication network space 310 for visitors is constructed by arranging them at substantially equal intervals. Since the rod antennas 441 to 446 have no directivity, the radio waves 430 for protection are radiated to the inside as well as the outside of the communication network space 310 for visitors. The protective radio wave 430 radiated from the rod antennas 441 to 446 is sufficiently attenuated by arranging it at a predetermined distance from the end of the specific communication network space 210 or by setting the strength of the protective radio wave 430 as appropriate. It is possible to avoid affecting communications within a specific communication network space 210.

  Further, in the third embodiment, as shown in FIG. 12, by arranging the small output rod antennas 451 to 458 outside the specific communication network space 210 at a relatively small interval, a specific communication network is provided. It is possible to maintain high security characteristics while minimizing the influence on the space 210.

  Note that the specific communication network space 210 and the visitor communication network space 310 do not necessarily have to be arranged consecutively. When a large site is secured as in a suburban company. The inside of the building on the site is used as a specific communication network space, the vicinity of the fence on the outer periphery of the site is arranged as a communication network space for visitors, and the specific communication network space is separated from the communication network space for visitors You may do it. Even in this case, it is not desirable to radiate protective radio waves to land outside the company premises.

  Since other configurations and operations are the same as those of the first embodiment, the description thereof is omitted.

Embodiment 4
FIGS. 13 to 15 show a fourth embodiment of the present invention. The same reference numerals are given to the same parts as those in the first embodiment, and the fourth embodiment will be described in the same room. Etc., a specific communication network space and a visitor communication network space are set.

  That is, in the fourth embodiment, as shown in FIG. 15, a third party V having good intentions or malicious intrusions into a limited space 500 such as a specific room or a specific booth at a trade fair hall, The communication contents used in the specific communication network space 210 are configured to be prevented from being eavesdropped.

  In the specific room 500, as shown in FIGS. 13 and 14, an antenna 511 having directivity downward is arranged at the center of the ceiling of the room. A communication network space 210 is formed.

  In the specific room 500, the directivity is directed obliquely downward so as to form a visitor communication network space 310 outside the specific communication network space 210 in the vicinity of the center of the ceiling of the room. Antennas 521 to 525 having the above are arranged.

  For this reason, even in the same room, a user located in a specific communication network space 210 can communicate using the wireless LAN system 100, but visitor communication outside the specific communication network space 210 is possible. An external third party V located in the network space 310 cannot access the wireless LAN system 100 and sets a specific communication network space 210 and a visitor communication network space 310 in the same room or the like. It is possible to do.

  Since other configurations and operations are the same as those of the first embodiment, the description thereof is omitted.

Embodiment 5
FIGS. 16 to 18 show the fifth embodiment of the present invention. The same reference numerals are given to the same parts as those of the first embodiment, and the fifth embodiment will be described as an antenna. A leaky coaxial cable that is a directional antenna and can continuously radiate radio waves along a longitudinal direction of a cable only in a specific direction in a cross section of the flexible cable having flexibility. It is comprised as follows.

  That is, in the fifth embodiment, as shown in FIG. 16, in order to construct a communication network space for visitors outside the building 400, the leaky coaxial cable 600 is arranged so as to surround the outer periphery of the building 400. It is configured as follows. As shown in FIG. 17, the leaky coaxial cable 600 radiates radio waves having a certain range only in one specific direction in the cross-sectional direction of the leaky coaxial cable 17. For this reason, it is possible to form the communication network space 310 for a visitor very easily and without a gap by simply arranging the leaky coaxial cable so as to surround the outer periphery of the building 400.

  In the fifth embodiment, as shown in FIG. 18, leaky coaxial cables 610 and 620 are arranged inside and outside the room 400 or the building 400 inside or outside the building 400 such as a specific room or building, respectively. This makes it possible to form a specific communication network space 210 and a visitor communication network space 310 very easily and without any gaps.

  Since other configurations and operations are the same as those of the first embodiment, the description thereof is omitted.

FIG. 1 is a system configuration diagram showing a wireless LAN system to which a security improvement method according to Embodiment 1 of the present invention is applied. FIG. 2 is a schematic diagram showing a building to which the wireless LAN system according to Embodiment 1 of the present invention is applied. FIG. 3 is a chart showing frequency bands used in the wireless LAN system. FIG. 4 is an explanatory diagram showing frequency bands used in the wireless LAN system. FIG. 5 is an explanatory diagram showing the transmission / reception characteristics of the antenna. FIG. 6 is a schematic diagram showing a building to which a modification of the wireless LAN system according to Embodiment 1 of the present invention is applied. FIG. 7 is a schematic diagram showing a building to which a modification of the wireless LAN system according to Embodiment 1 of the present invention is applied. FIG. 8 is a schematic diagram showing a building to which a wireless LAN system according to Embodiment 2 of the present invention is applied. FIG. 9 is a schematic diagram showing a building to which a modification of the wireless LAN system according to Embodiment 2 of the present invention is applied. FIG. 10 is a schematic diagram showing a building to which a wireless LAN system according to Embodiment 3 of the present invention is applied. FIG. 11 is an explanatory diagram showing the transmission / reception characteristics of the antenna. FIG. 12 is a schematic diagram showing a building to which a modification of the wireless LAN system according to Embodiment 3 of the present invention is applied. FIG. 13 is a schematic diagram showing an empty plan to which a wireless LAN system according to Embodiment 4 of the present invention is applied. FIG. 14 is a schematic diagram showing a space to which a wireless LAN system according to Embodiment 4 of the present invention is applied. FIG. 15 is a schematic diagram showing a space where a wireless LAN system according to Embodiment 4 of the present invention can be applied. FIG. 16 is a schematic diagram showing a building to which a wireless LAN system according to Embodiment 5 of the present invention is applied. FIG. 17 is an explanatory diagram showing the transmission / reception characteristics of the antenna. FIG. 18 is a schematic diagram showing a space to which a wireless LAN system according to Embodiment 5 of the present invention is applied.

Explanation of symbols

  100: wireless LAN system, 200: network for host, 300: network for visitor.

Claims (8)

In a wireless LAN system for wirelessly communicating with a device used by a user inside a specific communication network space via a communication radio wave,
In the space outside the communication network space, the communication radio wave used in the communication network space is externally used by radiating a protective radio wave that excludes external users from using the communication radio wave. A wireless LAN system characterized by protection from a user. In a wireless LAN system for wirelessly communicating with a device used by a user inside a specific communication network space via a communication radio wave,
A base station that is arranged inside the communication network space and communicates wirelessly with a device used by a user inside the communication network space via radio waves for communication;
A visitor base station that is disposed outside the communication network space and emits a protective radio wave that excludes an external user from using the communication radio wave;
A wireless LAN system for protecting communication radio waves used in the communication network space from outside users. 3. The wireless LAN system according to claim 2, wherein the communication radio wave is a radio wave defined by at least one of IEEE 802.11a / b / g standards. The wireless LAN system according to claim 2 or 3, wherein the protective radio wave is set to the same frequency as the communication radio wave or a frequency causing interference with the communication radio wave. The wireless LAN system according to any one of claims 1 to 4, wherein a space outside the communication network space is set so as to surround at least a part of the communication network space. 2. The protection radio wave prevents the third party from using the communication radio wave, thereby preventing the third party from using the communication radio wave as a result. The wireless LAN system according to any one of 1 to 5. 6. The protective radio wave provides useful information for use by a third party, thereby eliminating the use of the communication radio wave by a third party as a result. The wireless LAN system according to any one of the above. In a security improvement method used for a wireless LAN system for wirelessly communicating with a device used by a user within a specific communication network space via a communication radio wave,
In a space outside the communication network space, at least when a communication using a communication radio wave is performed in the communication network space, an external user is excluded from using the communication radio wave. A security improvement method used for a wireless LAN system, wherein a radio wave is radiated to protect a communication radio wave used in the communication network space from an external user and improve security.

Images