JP2006314138A - Control method for wireless lan terminal to take part in wireless lan, wireless lan base station device and wireless lan terminal device - Google Patents

Control method for wireless lan terminal to take part in wireless lan, wireless lan base station device and wireless lan terminal device Download PDF

Info

Publication number
JP2006314138A
JP2006314138A JP2006216961A JP2006216961A JP2006314138A JP 2006314138 A JP2006314138 A JP 2006314138A JP 2006216961 A JP2006216961 A JP 2006216961A JP 2006216961 A JP2006216961 A JP 2006216961A JP 2006314138 A JP2006314138 A JP 2006314138A
Authority
JP
Japan
Prior art keywords
wireless lan
wireless
base station
terminal
configuration information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP2006216961A
Other languages
Japanese (ja)
Inventor
Seiichiro Iketani
誠一郎 池谷
Hiroaki Takahashi
宏彰 高橋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hitachi Software Engineering Co Ltd
Original Assignee
Hitachi Software Engineering Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hitachi Software Engineering Co Ltd filed Critical Hitachi Software Engineering Co Ltd
Priority to JP2006216961A priority Critical patent/JP2006314138A/en
Publication of JP2006314138A publication Critical patent/JP2006314138A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Small-Scale Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

<P>PROBLEM TO BE SOLVED: To provide a method for a wireless LAN terminal to take part in a LAN with which the wireless LAN terminal can be connected without menacing security of resources or the like in the wireless LAN. <P>SOLUTION: The disclosed method comprises the steps of: detecting a wireless LAN terminal which invades a radio wave arrival range of the present device at a wireless base station, and acquiring authentication information from a wireless component added to the relevant wireless LAN terminal; collating authentication information set into the wireless base station with the authentication information acquired from the wireless component and determining whether to permit connection to the wireless LAN; transmitting configuration information of the wireless LAN set into the wireless base station to the wireless LAN terminal; setting into the present terminal wireless LAN configuration information received from the wireless base station at the wireless LAN terminal; and transmitting data received from the wireless LAN terminal at the wireless base station to the wireless LAN selected according to the wireless LAN configuration information contained in a high-order protocol of a wireless protocol. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

本発明は、無線基地局の電波到達範囲内に侵入した無線LAN端末を検知し、無線基地局との送受信装置を備えた無線LANに対し前記無線LAN端末を接続可能に制御する方法および無線LAN基地局装置並びに無線LAN端末装置に関するものである。   The present invention detects a wireless LAN terminal that has entered a radio base station reachable range and controls the wireless LAN terminal to be connectable to a wireless LAN provided with a transmitting / receiving device with the wireless base station. The present invention relates to a base station apparatus and a wireless LAN terminal apparatus.

無線LANシステムでは、LAN(Local Area Network)プロトコルの1つのネットワーク上に無線LAN基地局が存在し、同一の無線LAN基地局と通信を行なう無線LAN端末は、無線LAN基地局が接続している無線LANにのみ接続を行なうことが可能である。無線LAN基地局は、無線インタフェースとLANインタフェースを1つずつ備え、双方の通信を透過的に通過させることで無線プロトコル、LANプロトコルの交換を行なう。このため、インタフェースは1:1となり、1つの無線周波数帯に対して、1つのLANとの接続となっている。   In a wireless LAN system, a wireless LAN base station exists on one LAN (Local Area Network) protocol network, and a wireless LAN terminal that communicates with the same wireless LAN base station is connected to the wireless LAN base station. It is possible to connect only to the wireless LAN. The wireless LAN base station has one wireless interface and one LAN interface, and exchanges the wireless protocol and the LAN protocol by allowing both communications to pass through transparently. For this reason, the interface is 1: 1, and one radio frequency band is connected to one LAN.

また、無線LAN端末が無線LAN基地局を介して無線LANに接続を行なう際には、接続する(あるいは参加する)無線LANのネットワークアドレス等の構成情報を予め入手した上で、無線LAN端末自身の内部に設定する処理を行い、無線LAN基地局との接続、無線LANとの接続を行なう。また、無線LAN上のリソースを使用することを許可する認証処理は、無線LANへの接続が行われた後、無線LAN端末と無線LAN上に設置されている認証装置との間で行われる。これは、TCP/IPなどのLANプロトコルの上で行われるもので、基本的な通信が可能な状態になってから認証のみが行われる。
本発明に関連する従来技術として下記の特許文献1に開示されたものがある。 When a wireless LAN terminal connects to a wireless LAN via a wireless LAN base station, the wireless LAN terminal itself obtains configuration information such as a network address of the wireless LAN to be connected (or participates) in advance. Is set inside, and the connection with the wireless LAN base station and the connection with the wireless LAN are performed. Further, the authentication process for permitting the use of the resources on the wireless LAN is performed between the wireless LAN terminal and the authentication device installed on the wireless LAN after the connection to the wireless LAN is performed. This is performed over a LAN protocol such as TCP / IP, and only authentication is performed after basic communication is possible.
As a related art related to the present invention, there is one disclosed in Patent Document 1 below.

特願2000−138777号(特開2001−320755)Japanese Patent Application No. 2000-138777 (Japanese Patent Laid-Open No. 2001-320755)

ところで、オフィスや工場などでは、単一の無線LANのみでなく、用途に合わせた複数の無線LANが敷設されていることも多い。このような環境においては、敷設された無線LANに合わせて、複数の無線LAN基地局を設置する必要がある。
一方、接続する無線LAN端末の利用者は、接続先の無線LANに合わせたLAN構成情報(ネットワークアドレス、サブネットマスクなど)を事前入手し、端末上の設定を行なう必要がある。 By the way, in offices and factories, not only a single wireless LAN but also a plurality of wireless LANs suitable for the application are often laid. In such an environment, it is necessary to install a plurality of wireless LAN base stations in accordance with the installed wireless LAN.
On the other hand, a user of a wireless LAN terminal to be connected needs to obtain LAN configuration information (network address, subnet mask, etc.) in accordance with the wireless LAN of the connection destination in advance and make settings on the terminal.

しかし、無線LANの構成情報を予め無線LAN端末の利用者に入手させるということは、無線LAN上の一定の範囲のリソースにアクセスすることが可能となるため、リソースの不正アクセスを招く原因となり、リソースの管理やセキュリティ管理の上での好ましくないという問題がある。
また、ネットワークアドレスなどの構成情報は、一定のルールに従って付与されることが多く、無線LAN上の構成情報を開示するということは、無線LAN上の他の装置構成が類推可能になることを示し、これもまたセキュリティ管理という点で好ましくないという問題がある。 However, having the wireless LAN terminal user obtain the configuration information of the wireless LAN in advance makes it possible to access a certain range of resources on the wireless LAN. There is a problem that it is not preferable in terms of resource management and security management.
In addition, configuration information such as a network address is often assigned according to a certain rule, and the disclosure of configuration information on the wireless LAN indicates that other device configurations on the wireless LAN can be inferred. This also has a problem that it is not preferable in terms of security management.

一方、無線LANの構成情報は、管理者により管理されていることが多いが、一時的に無線LANに接続を希望する無線LAN端末の利用者にあっては、管理者が不在であった場合には構成情報を入手できないために、一時利用ができないという問題がある。
また、電話などの公衆回線を用いLANへのリモートアクセスでは、接続段階で認証を行なうが、無線LANでは、通信を可能にする接続レベルでの認証を行なうことは少なく、構成情報を設定し、無線LAN基地局との接続を行なうことで無線LANへの接続が可能になることが多い。
しかし、無線LAN上には、認証を行なわなくてもアクセスすることが可能なリソースも存在するため、接続後の認証処理では、十分なセキュリティが確保できなくなるという問題がある。 On the other hand, the configuration information of the wireless LAN is often managed by an administrator, but the administrator of the wireless LAN terminal user who wishes to temporarily connect to the wireless LAN is absent. Has a problem that it cannot be used temporarily because configuration information is not available.
In remote access to a LAN using a public line such as a telephone, authentication is performed at the connection stage. However, in a wireless LAN, authentication at a connection level enabling communication is rare, and configuration information is set. By connecting to a wireless LAN base station, it is often possible to connect to a wireless LAN.
However, since there are resources on the wireless LAN that can be accessed without authentication, there is a problem that sufficient security cannot be secured in the authentication process after connection.

本発明は、このような問題を解決するためになされたものであり、その目的は、無線LAN内のリソースなどの安全性を脅かすことなく、無線LAN端末の接続を可能にする無線LAN端末のLANへの参加制御方法および無線LAN基地局装置並びに無線LAN端末装置を提供することにある。   The present invention has been made to solve such a problem, and an object of the present invention is to provide a wireless LAN terminal that enables connection of a wireless LAN terminal without threatening the safety of resources in the wireless LAN. A LAN participation control method, a wireless LAN base station apparatus, and a wireless LAN terminal apparatus are provided.

上記目的を達成するために、本発明の無線LAN端末の無線LANへの参加制御方法は、無線基地局の電波到達範囲内に侵入した無線LAN端末を検知し、前記無線基地局との送受信装置を備えた無線LANに対し前記無線LAN端末を接続可能に制御する方法であって、前記無線基地局において自装置の電波到達範囲内に侵入した無線LAN端末を検知し、当該無線LAN端末に付加された無線部品から認証情報を取得するステップと、無線基地局内に設定された認証情報または無線基地局と接続された認証装置から取得した認証情報と前記無線部品から取得した認証情報とを照合し、前記無線LANへの接続を許可するか否かを判定するステップと、接続許可の判定結果をもとに、無線基地局内に設定された無線LANの構成情報または無線基地局と接続された外部装置から取得した無線LANの構成情報を前記無線LAN端末に送信するステップと、無線LAN端末において前記無線基地局から受信した前記無線LAN構成情報を自端末内に設定するステップと、前記無線基地局において前記無線LAN端末から当該無線LAN端末との無線プロトコルに従って受信したデータを当該無線プロトコルの上位プロトコルに含まれる前記無線LAN構成情報に従って選択した前記無線LANに送信するステップとを備えることを特徴とする。   In order to achieve the above object, a wireless LAN terminal participation control method for a wireless LAN terminal according to the present invention detects a wireless LAN terminal that has entered a radio base station reachable range and transmits / receives data to / from the wireless base station. The wireless base station is connected to the wireless LAN terminal so that the wireless LAN terminal can be connected to the wireless base station. The authentication information acquired from the wireless component is compared with the authentication information set in the wireless base station or the authentication information acquired from the authentication device connected to the wireless base station and the authentication information acquired from the wireless component. Determining whether or not to permit connection to the wireless LAN, and configuration information of the wireless LAN set in the wireless base station based on the determination result of connection permission or Transmitting wireless LAN configuration information acquired from an external device connected to the line base station to the wireless LAN terminal; and setting the wireless LAN configuration information received from the wireless base station in the wireless LAN terminal in its own terminal Transmitting data received from the wireless LAN terminal according to a wireless protocol with the wireless LAN terminal at the wireless base station to the wireless LAN selected according to the wireless LAN configuration information included in an upper protocol of the wireless protocol. And a step.

本発明の無線LANシステムは、無線基地局の電波到達範囲内に侵入した無線LAN端末を検知し、前記無線基地局との送受信装置を備えた無線LANに対し前記無線LAN端末を接続する無線LANシステムであって、
前記無線基地局が、
自装置の電波到達範囲内に侵入した無線LAN端末を検知し、当該無線LAN端末に付加された無線部品から認証情報を取得する手段と、自無線基地局内に設定された認証情報または無線基地局と接続された認証装置から取得した認証情報と前記無線部品から取得した認証情報とを照合し、前記無線LANへの接続を許可するか否かを判定する手段と、接続許可の判定結果をもとに、無線基地局内に設定された無線LANの構成情報または無線基地局と接続された外部装置から取得した無線LANの構成情報を前記無線LAN端末に送信する手段と、前記無線LAN端末から当該無線LAN端末との無線プロトコルに従って受信したデータを当該無線プロトコルの上位プロトコルに含まれる前記無線LAN構成情報に従って選択した前記無線LANに送信する手段とを備え、
前記無線LAN端末が、
前記無線基地局から受信した前記無線LAN構成情報を自端末内に設定する手段と、前記無線基地局との無線プロトコルの上位プロトコル中に前記無線LAN構成情報を設定したデータを送信し、前記無線LAN構成情報に従って前記無線基地局で選択接続された無線LANと通信する手段を備えることを特徴とする。 The wireless LAN system of the present invention detects a wireless LAN terminal that has entered the radio wave reach of a wireless base station, and connects the wireless LAN terminal to a wireless LAN provided with a transceiver device with the wireless base station. A system,
The radio base station is
Means for detecting a wireless LAN terminal that has entered the radio wave reach of its own device and acquiring authentication information from wireless components attached to the wireless LAN terminal, and authentication information or wireless base station set in its own wireless base station The authentication information acquired from the authentication device connected to the authentication information and the authentication information acquired from the wireless component, a means for determining whether to permit connection to the wireless LAN, and a determination result of connection permission And means for transmitting wireless LAN configuration information set in the wireless base station or wireless LAN configuration information acquired from an external device connected to the wireless base station to the wireless LAN terminal, from the wireless LAN terminal The wireless data selected according to the wireless LAN configuration information included in the higher-level protocol of the wireless protocol data received according to the wireless protocol with the wireless LAN terminal And means for transmitting to the AN,
The wireless LAN terminal is
Means for setting the wireless LAN configuration information received from the wireless base station in its own terminal, and transmitting data in which the wireless LAN configuration information is set in an upper protocol of a wireless protocol with the wireless base station, Means for communicating with a wireless LAN selectively connected by the wireless base station according to the LAN configuration information.

本発明の無線LAN基地局装置は、自装置の電波到達範囲内に侵入した無線LAN端末を検知し、自装置との送受信装置を備えた無線LANに対し前記無線LAN端末を接続可能に制御する無線LAN基地局装置であって、
自装置の電波到達範囲内に侵入した無線LAN端末を検知し、当該無線LAN端末に付加された無線部品から認証情報を取得する手段と、自装置内に設定された認証情報または自装置と接続された認証装置から取得した認証情報と前記無線部品から取得した認証情報とを照合し、前記無線LANへの接続を許可するか否かを判定する手段と、接続許可の判定結果をもとに、自装置内に設定された無線LANの構成情報または自装置と接続された外部装置から取得した無線LANの構成情報を前記無線LAN端末に送信し、設定する手段と、前記無線LAN端末から当該無線LAN端末との無線プロトコルに従って受信したデータを当該無線プロトコルの上位プロトコルに含まれる前記無線LAN構成情報に従って選択した前記無線LANに送信する手段とを備えることを特徴とする。 The wireless LAN base station apparatus of the present invention detects a wireless LAN terminal that has entered the radio wave reach of its own device, and controls the wireless LAN terminal so that it can be connected to a wireless LAN provided with a transmitting / receiving device with the own device. A wireless LAN base station device,
A means for detecting a wireless LAN terminal that has entered the radio wave reach of its own device and acquiring authentication information from a wireless component attached to the wireless LAN terminal, and connection with authentication information set in its own device or its own device The authentication information acquired from the authenticated authentication device and the authentication information acquired from the wireless component are collated to determine whether to permit connection to the wireless LAN, and based on the determination result of connection permission Means for transmitting and setting the wireless LAN configuration information set in the own device or the wireless LAN configuration information acquired from the external device connected to the own device to the wireless LAN terminal, and from the wireless LAN terminal Data received according to the wireless protocol with the wireless LAN terminal is transmitted to the wireless LAN selected according to the wireless LAN configuration information included in the higher-level protocol of the wireless protocol. Characterized in that it comprises means for.

本発明の無線LAN端末装置は、無線基地局からの制御に基づき、当該無線基地局との送受信装置を備えた無線LANに対し接続可能状態に制御される無線LAN端末装置であって、
前記無線基地局からの要求に従い自装置の認証情報を無線によって返信する無線部品と、前記無線基地局における認証処理に応じて前記無線基地局から送信される無線LAN構成情報を受信し、自装置内に設定する手段と、前記無線基地局との無線プロトコルの上位プロトコル中に前記無線LAN構成情報を設定したデータを送信し、前記無線LAN構成情報に従って前記無線基地局で選択接続された無線LANと通信する手段とを備えることを特徴とする。 The wireless LAN terminal device of the present invention is a wireless LAN terminal device that is controlled to be connectable to a wireless LAN provided with a transmitting / receiving device with the wireless base station based on control from the wireless base station,
A wireless component that wirelessly sends back authentication information of the device according to a request from the wireless base station, and wireless LAN configuration information transmitted from the wireless base station in response to an authentication process in the wireless base station; A wireless LAN that transmits data in which the wireless LAN configuration information is set in an upper protocol of a wireless protocol with the wireless base station, and is selectively connected by the wireless base station according to the wireless LAN configuration information And means for communicating with.

本発明によれば、無線LAN端末中に認証を行なうための認証情報を保持するだけで、使用者がLAN構成を意識することなく、また無線LAN内のリソースなどの安全性を脅かすことなく、無線LANの選択、参加、通信を行なうことが可能になる。また、1つの無線LAN基地局により無線LANに対し無線LAN端末装置を選択的に接続することが可能になる。   According to the present invention, only by holding authentication information for performing authentication in the wireless LAN terminal, the user is not aware of the LAN configuration and does not threaten the safety of resources in the wireless LAN. Wireless LAN selection, participation, and communication can be performed. In addition, it becomes possible to selectively connect the wireless LAN terminal device to the wireless LAN by one wireless LAN base station.

以下、本発明を実施する場合の一形態を図面に基づいて具体的に説明する。
図1は、本発明の実施形態を示すシステム構成図である。
本発明は、アンテナを内蔵または外部接続した無線LANの基地局101と、この1つの無線LAN基地局101に収容された複数のLAN102A〜102Cと、これらのLAN102A〜102Cへの参加を許すか否かを認証するための認証サーバ103と、LAN102A〜102Cへの接続を制御する無線LAN基地局101と通信を可能とする複数の無線LAN端末104A,104Bから構成される。複数のLAN102A〜102Cは、無線LAN基地局101との間で無線回線により通信を行なう送受信装置105A〜105Cが接続されている。この送受信装置105A〜105Cが接続されたことにより、LAN102A〜102Cは同一域内で同一の周波数帯を使用する無線LANとしての機能が付加される。 Hereinafter, an embodiment for carrying out the present invention will be specifically described with reference to the drawings.
FIG. 1 is a system configuration diagram showing an embodiment of the present invention.
In the present invention, a wireless LAN base station 101 with a built-in antenna or externally connected, a plurality of LANs 102A to 102C accommodated in this single wireless LAN base station 101, and whether to allow participation in these LANs 102A to 102C The authentication server 103 for authenticating the above and a plurality of wireless LAN terminals 104A and 104B that enable communication with the wireless LAN base station 101 that controls connection to the LANs 102A to 102C. The plurality of LANs 102 </ b> A to 102 </ b> C are connected to transmission / reception devices 105 </ b> A to 105 </ b> C that communicate with the wireless LAN base station 101 through a wireless line. By connecting the transmission / reception devices 105A to 105C, the LANs 102A to 102C are added with a function as a wireless LAN using the same frequency band in the same area.

一方、無線LAN基地局101は、自局101の電波到達範囲内に侵入した無線LAN端末104A,104Bを検知し、その検知した無線LAN端末104A104Bから認証情報を無線回線で取得し、その取得した認証情報を認証サーバ102に無線または有線回線で転送し、LAN102A〜102Cへの接続を許可するか否かの認証処理を実行させ、認証OKの応答が得られたならば、LAN102A〜102Cの構成情報をLAN端末104A,104Bに送信する。LAN102A〜102Cの構成情報を受信したLAN端末104A,104Bでは、その構成情報を自装置内のメモリ内に登録し、その登録内容を参照してLAN102A〜102Cのいずれかに接続要求を発し、通信を行なう。   On the other hand, the wireless LAN base station 101 detects the wireless LAN terminals 104A and 104B that have entered the radio wave reach of the local station 101, acquires authentication information from the detected wireless LAN terminals 104A104B via a wireless line, and acquires the acquired information. If the authentication information is transferred to the authentication server 102 via a wireless or wired line, an authentication process for determining whether or not to permit connection to the LANs 102A to 102C is executed, and an authentication OK response is obtained, the configuration of the LANs 102A to 102C Information is transmitted to the LAN terminals 104A and 104B. The LAN terminals 104A and 104B that have received the configuration information of the LANs 102A to 102C register the configuration information in the memory in their own devices, refer to the registered content, and issue a connection request to one of the LANs 102A to 102C to perform communication. To do.

無線LAN端末104A,104Bには、LAN102A〜102Cに接続するための認証情報が登録された無線タグ(無線部品)106A,106Bが筐体の一部に付加されている。この無線タグ106A,106Bに登録された認証情報は、無線LAN基地局101からの問い合わせ信号に応答して無線LAN基地局101へ返信される。この無線タグ106A,106Bは、無指向性のアンテナと電池、LSIメモリを内蔵しており、無線LAN基地局101からの問い合わせ信号に応じて、登録されている認証情報を応答信号として返信する。   Wireless tags (wireless parts) 106A and 106B in which authentication information for connecting to the LANs 102A to 102C is registered are attached to a part of the housing of the wireless LAN terminals 104A and 104B. The authentication information registered in the wireless tags 106A and 106B is returned to the wireless LAN base station 101 in response to an inquiry signal from the wireless LAN base station 101. The wireless tags 106A and 106B incorporate a non-directional antenna, a battery, and an LSI memory, and return registered authentication information as a response signal in response to an inquiry signal from the wireless LAN base station 101.

図2は、無線LAN端末104Aの詳細構成例を示した図である。
無線LAN端末104Aは、無線LAN基地局101との通信を行なうための送受信アンテナ1041と通信したデータの処理、分析を行なう演算処理装置1042とから構成され、筐体の一部に無線タグ106Aが取り付けられている。演算処理装置1042には、無線LAN基地局1011より送信されてくるLAN102A〜102Cに接続するための構成情報を保持するためのLAN構成情報設定領域1043がメモリ内に確保されている。
このLAN構成情報設定領域1043に設定される情報は、無線接続を行なう構成情報のほかに、LAN102A〜102Cとの接続を可能とする構成情報を保持する。一般的には、TCP/IPが使用され、IPアドレス、ネットワークアドレス、ゲートウェイアドレス、各種サーバアドレス等の情報がLAN構成情報の内容である。 FIG. 2 is a diagram illustrating a detailed configuration example of the wireless LAN terminal 104A.
The wireless LAN terminal 104A includes an arithmetic processing unit 1042 that processes and analyzes data communicated with the transmission / reception antenna 1041 for performing communication with the wireless LAN base station 101. A wireless tag 106A is provided in a part of the casing. It is attached. In the arithmetic processing unit 1042, a LAN configuration information setting area 1043 for holding configuration information for connecting to the LANs 102A to 102C transmitted from the wireless LAN base station 1011 is secured in the memory.
The information set in the LAN configuration information setting area 1043 holds configuration information that enables connection to the LANs 102A to 102C in addition to the configuration information for wireless connection. Generally, TCP / IP is used, and information such as an IP address, a network address, a gateway address, and various server addresses is the contents of the LAN configuration information.

一方、無線タグ106Aに登録される認証情報は、LAN102A〜102Cに参加をするための認証情報であり、最低限、自装置104Aを特定するためのユニークな識別子とパスワードより構成される。
図3は、無線LAN基地局101の詳細構成例を示した図である。無線LAN基地局101は、従来における基地局の持つ機能である無線LAN端末とLAN間の無線通信のみでなく、無線LAN端末の侵入監視、接続前認証処理、LAN間通信の交換の機能を持つ。 On the other hand, the authentication information registered in the wireless tag 106A is authentication information for participating in the LANs 102A to 102C, and is composed at least of a unique identifier and password for identifying the own device 104A.
FIG. 3 is a diagram illustrating a detailed configuration example of the wireless LAN base station 101. The wireless LAN base station 101 has not only wireless communication between the wireless LAN terminal and the LAN, which is a function of the conventional base station, but also functions of intrusion monitoring of the wireless LAN terminal, authentication processing before connection, and exchange of communication between LANs. .

この例の無線LAN基地局101は、通信、認証などの機能の中心となる処理制御装置1011を有し、処理制御装置1011には、無線通信の制御を行なうLAN通信交換機構1012、認証の制御を行なう認証制御機構1013より構成される。
処理制御装置1011には、通信対象となるLAN102A〜102Cの送受信装置105A〜105Cと通信を行なうLAN送受信アンテナ1014、無線LAN端末104A,104Bとの通信を行なう端末送受信アンテナ1015を有する。また、無線LAN基地局101は、認証サーバ103と接続するための認証サーバ接続インタフェース1016を有する。 The wireless LAN base station 101 in this example includes a processing control device 1011 that is the center of functions such as communication and authentication. The processing control device 1011 includes a LAN communication switching mechanism 1012 that controls wireless communication, and authentication control. It is comprised from the authentication control mechanism 1013 which performs.
The processing control apparatus 1011 includes a LAN transmission / reception antenna 1014 that communicates with the transmission / reception apparatuses 105A to 105C of the LANs 102A to 102C to be communicated, and a terminal transmission / reception antenna 1015 that communicates with the wireless LAN terminals 104A and 104B. The wireless LAN base station 101 has an authentication server connection interface 1016 for connecting to the authentication server 103.

無線LAN基地局101は、端末送受信アンテナ1015から端末検知のための電波を所定時間間隔で送出し、いずれかの無線LAN端末が自局の電波到達範囲内に侵入したかどうかを監視しており、侵入した検知した場合には、その検知した無線LAN端末の無線タグ106Aまたは106Bから認証情報を取得し、その取得した認証情報を認証制御機構1013の処理によって認証サーバ103に転送し、認証処理を実行させる。認証OKの応答が認証サーバ103から返信されたならば、LAN102A102Cのネットワークアドレスなどの構成情報を認証サーバ103から取得し、侵入を検知した無線LAN端末に送信し、その無線LAN端末のLAN構成情報設定領域1403の設定させる。   The wireless LAN base station 101 transmits radio waves for terminal detection from the terminal transmitting / receiving antenna 1015 at predetermined time intervals, and monitors whether any of the wireless LAN terminals have entered the radio wave reachable range of the local station. When the intrusion is detected, the authentication information is acquired from the wireless tag 106A or 106B of the detected wireless LAN terminal, and the acquired authentication information is transferred to the authentication server 103 by the processing of the authentication control mechanism 1013. Is executed. If an authentication OK response is returned from the authentication server 103, configuration information such as the network address of the LAN 102A102C is acquired from the authentication server 103, transmitted to the wireless LAN terminal that detected the intrusion, and the LAN configuration information of the wireless LAN terminal The setting area 1403 is set.

これにより、無線LAN基地局101の電波到達範囲内に侵入した無線LAN端末104Aまたは104Bは無線LAN基地局101を通じて102A〜102Cのいずれかに接続可能になる。この場合、接続対象となるLAN102A〜102Cは、TCP/IPなどの上位プロトコル情報をLAN通信交換機構1012で解析し、その解析結果に従って選択される。
このような1つの無線LAN基地局101における複数のLANへの接続振り分け処理によって、全体としては、1つの無線LAN基地局内に複数のLANを多重化して収容した無線LANシステムが構築されたことになる。 As a result, the wireless LAN terminal 104A or 104B that has entered the radio wave reach of the wireless LAN base station 101 can be connected to any of 102A to 102C through the wireless LAN base station 101. In this case, the LANs 102A to 102C to be connected are selected by the LAN communication switching mechanism 1012 after analyzing the upper protocol information such as TCP / IP according to the analysis result.
By such connection distribution processing to a plurality of LANs in one wireless LAN base station 101, as a whole, a wireless LAN system in which a plurality of LANs are multiplexed and accommodated in one wireless LAN base station is constructed. Become.

図4は、無線LAN端末104A,104Bと認証サーバ103間で行われるLAN接続認証処理の説明図である。
無線LAN基地局101は、自局の電波影響範囲内への無線LAN端末104A,104Bの侵入を常時監視しているが、侵入が検知されると、無線LAN基地局101、無線LAN端末104A,104B、認証サーバ103の間で認証処理を実行する。
無線LAN端末104A,104Bには、少なくともユーザID4011、パスワード4012から成る認証情報401を保持した無線タグ106A、106Bが付加されている。
ユーザID4011は、無線LAN端末104A,104Bをユニークに特定するための情報であり、認証サーバ103上のデータを検索するためのキー情報となる。
パスワード4012は、認証サーバ103上のパスワードと照合され、無線LAN端末104A,104B上の認証情報が正規に登録されたものか(正規にLANへの接続を許可されたものか)を識別するための情報として使用される。 FIG. 4 is an explanatory diagram of a LAN connection authentication process performed between the wireless LAN terminals 104A and 104B and the authentication server 103.
The wireless LAN base station 101 constantly monitors the intrusion of the wireless LAN terminals 104A and 104B into the radio wave influence range of the local station. When the intrusion is detected, the wireless LAN base station 101, the wireless LAN terminal 104A, An authentication process is executed between the authentication server 103 and 104B.
Wireless tags 106A and 106B holding authentication information 401 including at least a user ID 4011 and a password 4012 are added to the wireless LAN terminals 104A and 104B.
The user ID 4011 is information for uniquely specifying the wireless LAN terminals 104 </ b> A and 104 </ b> B, and is key information for searching for data on the authentication server 103.
The password 4012 is collated with the password on the authentication server 103 to identify whether the authentication information on the wireless LAN terminals 104A and 104B is properly registered (whether it is normally allowed to connect to the LAN). Used as information.

認証サーバ103には、パスワード4021と接続をLAN102A〜102Cへの接続を許可するLAN構成情報4022をユーザIDをキーとして検索できるように保持されている。
無線LAN基地局101は、侵入を検知した無線LAN端末104Aまたは104Bから取得した認証情報401のユーザID4011、パスワード4012を認証サーバ103に送信する。
認証サーバ103では、受信したユーザID4011をキーとして、内部に保持されている認証情報402を検索する。対応する認証情報が保持されている場合は、パスワード4012の照合を行い、一致することを確認する。一致した場合、認証成功とし、ユーザID4011で検索されるLAN構成情報4022を認証結果として無線LAN基地局101に返信する。 The authentication server 103 holds the password 4021 and LAN configuration information 4022 that permits connection to the LANs 102A to 102C so that the user ID can be used as a key.
The wireless LAN base station 101 transmits the user ID 4011 and password 4012 of the authentication information 401 acquired from the wireless LAN terminal 104 </ b> A or 104 </ b> B that detected the intrusion to the authentication server 103.
The authentication server 103 searches the authentication information 402 held inside using the received user ID 4011 as a key. If the corresponding authentication information is held, the password 4012 is checked to confirm that they match. If they match, the authentication is successful and the LAN configuration information 4022 searched by the user ID 4011 is returned to the wireless LAN base station 101 as an authentication result.

無線LAN基地局101は、返信されたLAN構成情報4022を侵入検知した無線LAN端末104Aまたは104Bに送信する。これに対し、無線LAN端末104Aまたは104Bでは、受信したLAN構成情報4022をLAN構成情報設定領域1403に登録する。これにより、LAN構成情報4022を用いて、LAN102A〜1025Cへの参加が可能となる。
この場合、ユーザID毎に、LAN構成情報4022の内容を異なるように設定できるので、ユーザによってLAN102A〜102Cのいずれに接続可能であるかを制御することができる。 The wireless LAN base station 101 transmits the returned LAN configuration information 4022 to the wireless LAN terminal 104A or 104B that detected the intrusion. On the other hand, the wireless LAN terminal 104A or 104B registers the received LAN configuration information 4022 in the LAN configuration information setting area 1403. As a result, the LAN configuration information 4022 can be used to participate in the LANs 102A to 1025C.
In this case, since the content of the LAN configuration information 4022 can be set differently for each user ID, it is possible to control which of the LANs 102A to 102C can be connected by the user.

なお、認証失敗となった場合には、該当する無線LAN端末にはエラー応答が送信され、LAN構成情報は送信されない。従って、LAN102A〜12Cへの参加は不可能になり、正規に許されたユーザIDおよびパスワードを保持した無線タグを付加した無線LAN端末以外はLAN102A〜102Cのリソースへアクセスすることができなくなり、不正利用者に不正アクセスを防止することができる。
また、LAN構成情報が不正利用者に全く開示されないので、LAN102A〜102Cの安全性を高めることができる。 If authentication fails, an error response is transmitted to the corresponding wireless LAN terminal, and no LAN configuration information is transmitted. Accordingly, participation in the LANs 102A to 12C becomes impossible, and it becomes impossible to access the resources of the LANs 102A to 102C except for a wireless LAN terminal to which a wireless tag holding a user ID and a password that are properly permitted is added. Unauthorized access to users can be prevented.
In addition, since the LAN configuration information is not disclosed to unauthorized users, the safety of the LANs 102A to 102C can be improved.

また、LAN102A〜102Cの管理者が不在であっても、正規に許されたユーザIDおよびパスワードを保持した無線タグを付加した無線LAN端末であれば、ユーザに意識させることなく、LAN構成情報がLAN構成情報設定領域1403に設定されるので、管理者不在であっても一時的利用も可能になる。   Further, even if there is no administrator of the LANs 102A to 102C, the LAN configuration information can be obtained without making the user aware of the wireless LAN terminal to which the wireless tag holding the authorized user ID and password is added. Since it is set in the LAN configuration information setting area 1403, it can be temporarily used even if the administrator is absent.

なお、認証処理は認証サーバ103で行なう代わりに、無線LAN基地局101で行なうようにしても良い。その場合、認証情報502は、認証サーバ103または他の外部装置から取得するようにしてもよいし、無線LAN基地局101内に予め保持しておくようにしても良い。   Note that the authentication process may be performed by the wireless LAN base station 101 instead of the authentication server 103. In that case, the authentication information 502 may be acquired from the authentication server 103 or another external device, or may be stored in the wireless LAN base station 101 in advance.

図5は、無線LAN端末の認証、LAN接続の手順を示したフロー図である。
無線LAN基地局101は、無線LAN端末104A,104Bを探索する信号を発し、自域内に無線LAN端末104A、104Bが侵入したことを監視している(ステップ501)。
侵入した無線LAN端末が未発見であれば、継続して走査を行なう。いずれかの無線LAN端末を発見した場合(ステップ502)、無線LAN基地局101は、その無線LAN端末に対して認証を行なうための認証情報取得要求を送信する(ステップ503)。
認証情報取得要求を受信した無線LAN端末は、自端末の無線タグ内に保持している認証情報を返送する(ステップ504)。 FIG. 5 is a flowchart showing procedures for authentication of a wireless LAN terminal and LAN connection.
The wireless LAN base station 101 issues a signal for searching for the wireless LAN terminals 104A and 104B, and monitors that the wireless LAN terminals 104A and 104B have entered the local area (step 501).
If an intruded wireless LAN terminal is not found, scanning is continued. When one of the wireless LAN terminals is found (step 502), the wireless LAN base station 101 transmits an authentication information acquisition request for performing authentication to the wireless LAN terminal (step 503).
The wireless LAN terminal that has received the authentication information acquisition request returns the authentication information held in the wireless tag of the terminal itself (step 504).

無線LAN基地局101は、返送された認証情報を使用し、無線LAN端末の認証を行なうために、認証サーバ103に対して認証情報を含む認証処理要求を送信する(ステップ505)。
認証サーバ103は、送信されてきた認証情報を用いて、認証処理を行なう(ステップ506)。この認証処理は、認証サーバ103内の認証情報402と照合することにより行われる。認証が成功した場合は、認証情報402内に保持されているLANに参加するためのLAN構成情報が無線LAN基地局101を経由し、無線LAN端末に返送される(ステップ507,508)。 The wireless LAN base station 101 transmits an authentication processing request including the authentication information to the authentication server 103 in order to authenticate the wireless LAN terminal using the returned authentication information (step 505).
The authentication server 103 performs an authentication process using the transmitted authentication information (step 506). This authentication process is performed by collating with authentication information 402 in the authentication server 103. When the authentication is successful, LAN configuration information for participating in the LAN held in the authentication information 402 is returned to the wireless LAN terminal via the wireless LAN base station 101 (steps 507 and 508).

無線LAN端末では、LAN構成情報が返送された場合、無線LAN端末内にLAN構成情報を設定し(ステップ509)、無線LAN通信が行なえる状態にする。LAN構成情報を設定し、LAN102A〜102Cとの接続が行なえる状態になれば、通常の通信としてデータ通信を行なう(ステップ510)。すなわち、無線LAN端末は、無線LAN基地局101に対して無線によりデータを送出する。データを受信した無線LAN基地局101は受信データに基づき、自装置に接続されているLAN102A〜102Cの選択を行い(ステップ511)、その選択したLANの1つにデータを転送する。
これにより、無線LAN端末は、自端末内に認証情報を保持するのみで、LAN102A〜102Cへの接続認証、LAN選択、データ通信を行なうことが可能になる。 In the wireless LAN terminal, when the LAN configuration information is returned, the LAN configuration information is set in the wireless LAN terminal (step 509) so that wireless LAN communication can be performed. When the LAN configuration information is set and the connection to the LANs 102A to 102C is established, data communication is performed as normal communication (step 510). That is, the wireless LAN terminal transmits data to the wireless LAN base station 101 wirelessly. The wireless LAN base station 101 that has received the data selects the LANs 102A to 102C connected to its own apparatus based on the received data (step 511), and transfers the data to one of the selected LANs.
Accordingly, the wireless LAN terminal can perform connection authentication to the LANs 102A to 102C, LAN selection, and data communication only by holding the authentication information in the terminal itself.

なお、無線LAN端末104Aまたは104Bが無線LAN基地局101の電波到達範囲内に侵入したかを検知する場合、質問信号を無線LANと同一周波数帯で送信し、その応答として無線タグの識別子または当該無線タグが付加された無線LAN端末の識別子が無線タグから返信されたことによって、侵入検知とするようにしてもよい。
このようにすれば、LAN102A〜102Cへの接続を許可する認証情報を保持した無線タグ106Aを、ユーザが所有する無線LAN端末に付加しておくのみでよく、無線LAN端末内に認証情報を送受するための処理(ステップ503,504の処理)を組み込んでおく必要がなくなる。 When detecting whether the wireless LAN terminal 104A or 104B has entered the radio wave reach of the wireless LAN base station 101, the interrogation signal is transmitted in the same frequency band as the wireless LAN, and the wireless tag identifier or Intrusion detection may be performed when the identifier of the wireless LAN terminal to which the wireless tag is added is returned from the wireless tag.
In this way, it is only necessary to add the wireless tag 106A holding the authentication information for permitting connection to the LANs 102A to 102C to the wireless LAN terminal owned by the user, and sending and receiving the authentication information within the wireless LAN terminal. This eliminates the need for incorporating the processing (steps 503 and 504) for the purpose.

図6は、無線LAN基地局101内で行われるLAN選択の概要を示した図である。
無線LAN基地局101は、無線LAN端末104A,104Bからのデータを受信する。
無線LAN基地局101は、通常は、自装置に接続されているLAN側のインタフェースに受信データを転送することで、無線LAN通信を可能にするが、本発明においては、受信したデータ内のプロトコル情報に応じて、接続されている複数のLANから適切なものを選択して、転送する。受信データ601は、通信を制御するプロトコルとして、無線通信を行なうためのプロトコル部602、転送されたLAN上のプロトコル603で構成される。
無線LAN基地局101は、無線プロトコル602で無線通信を行なうと同時に、その上位に構成されるLANプロトコル603を用いて、転送するLANの判定604行なう。LANプロトコル603中には、送信元アドレス、送信先アドレスが含まれるため、送信先アドレスを抽出し、自装置に接続されるLAN102A〜102Cの中から同一のアドレスで構成されるLANを選択する。
同一アドレスで構成されるLANが存在しない場合、転送先のLANは中継点であるため、自装置内に設定されるルーティング情報に基づいて、適切なLANを選択して転送を行なう。 FIG. 6 is a diagram showing an outline of LAN selection performed in the wireless LAN base station 101.
The wireless LAN base station 101 receives data from the wireless LAN terminals 104A and 104B.
The wireless LAN base station 101 normally enables wireless LAN communication by transferring received data to an interface on the LAN side connected to its own device. In the present invention, the protocol in the received data is used. According to the information, an appropriate one is selected from a plurality of connected LANs and transferred. The received data 601 includes a protocol unit 602 for performing wireless communication and a transferred protocol 603 on the LAN as protocols for controlling communication.
The wireless LAN base station 101 performs wireless communication using the wireless protocol 602, and at the same time, performs determination 604 of the LAN to be transferred using the LAN protocol 603 configured on the upper side. Since the LAN protocol 603 includes a transmission source address and a transmission destination address, the transmission destination address is extracted, and a LAN configured with the same address is selected from the LANs 102A to 102C connected to the own apparatus.
When there is no LAN configured with the same address, the transfer destination LAN is a relay point, and therefore, an appropriate LAN is selected based on the routing information set in the own apparatus for transfer.

図7は、認証サーバ103を遠隔地に設置し、認証を行なうようにした実施形態を示すシステム構成図である。
この実施形態は、無線基地局101と認証サーバ103の接続インタフェースとして、汎用的なインタフェース形態、プロトコルを使用することで、認証サーバ103の設置場所を自由にすることが可能である。
これにより、複数のLANの認証情報を一箇所で集中管理することが可能になる。 FIG. 7 is a system configuration diagram showing an embodiment in which the authentication server 103 is installed in a remote place and authentication is performed.
In this embodiment, the installation location of the authentication server 103 can be freely set by using a general-purpose interface form and protocol as a connection interface between the radio base station 101 and the authentication server 103.
This makes it possible to centrally manage authentication information of a plurality of LANs at one place.

この実施形態では、携帯電話端末204を使用し、認証サーバ202を接続している。
無線LAN端末の接続により認証が必要になった際、無線基地局101は自装置に接続さている認証サーバインタフェースを開く。すなわち、ここでは、携帯電話機701と702の間の通信路を確立し、認証サーバ103との接続を確立した上で、認証を行なう。 In this embodiment, the mobile phone terminal 204 is used and the authentication server 202 is connected.
When authentication is required due to the connection of the wireless LAN terminal, the wireless base station 101 opens an authentication server interface connected to its own device. That is, here, a communication path between the mobile phones 701 and 702 is established and a connection with the authentication server 103 is established, and then authentication is performed.

本発明の実施形態を示すシステム構成図である。It is a system configuration figure showing an embodiment of the present invention. 無線LAN端末の構成例を示した図である。It is the figure which showed the structural example of the wireless LAN terminal. 無線LAN基地局の構成例を示した図である。It is the figure which showed the structural example of the wireless LAN base station. 無線LAN端末と認証サーバ間で行われる認証処理の説明図である。It is explanatory drawing of the authentication process performed between a wireless LAN terminal and an authentication server. 無線LAN端末の認証、LAN接続処理の手順を示すフロー図である。It is a flowchart which shows the procedure of the authentication of a wireless LAN terminal, and a LAN connection process. 無線LAN基地局内で行われるLAN選択の概要を示す説明図である。It is explanatory drawing which shows the outline | summary of LAN selection performed within a wireless LAN base station. 認証サーバを遠隔地に設置し、認証を行なう場合の実施形態を示す図である。It is a figure which shows embodiment which installs an authentication server in a remote place and performs authentication.

符号の説明Explanation of symbols

101…無線LAN基地局、102A〜102C…LAN、103…認証サーバ、104A,104B…無線LAN端末、106A、106B…無線タグ、401…認証情報、402…認証情報、1013…認証制御機構、1012…LAN通信交換機構、1042…演算処理装置、1043…LAN構成情報設定領域、4022…LAN構成情報。 DESCRIPTION OF SYMBOLS 101 ... Wireless LAN base station, 102A-102C ... LAN, 103 ... Authentication server, 104A, 104B ... Wireless LAN terminal, 106A, 106B ... Wireless tag, 401 ... Authentication information, 402 ... Authentication information, 1013 ... Authentication control mechanism, 1012 ... LAN communication exchange mechanism, 1042 ... arithmetic processing unit, 1043 ... LAN configuration information setting area, 4022 ... LAN configuration information.

Claims (4)

無線基地局の電波到達範囲内に侵入した無線LAN端末を検知し、前記無線基地局との送受信装置を備えた無線LANに対し前記無線LAN端末を接続可能に制御する方法であって、
前記無線基地局において自装置の電波到達範囲内に侵入した無線LAN端末を検知し、当該無線LAN端末に付加された無線部品から認証情報を取得するステップと、無線基地局内に設定された認証情報または無線基地局と接続された認証装置から取得した認証情報と前記無線部品から取得した認証情報とを照合し、前記無線LANへの接続を許可するか否かを判定するステップと、
接続許可の判定結果をもとに、無線基地局内に設定された無線LANの構成情報または無線基地局と接続された外部装置から取得した無線LANの構成情報を前記無線LAN端末に送信するステップと、
無線LAN端末において前記無線基地局から受信した前記無線LAN構成情報を自端末内に設定するステップと、
前記無線基地局において前記無線LAN端末から当該無線LAN端末との無線プロトコルに従って受信したデータを当該無線プロトコルの上位プロトコルに含まれる前記無線LAN構成情報に従って選択した前記無線LANに送信するステップとを備えることを特徴とする無線LAN端末の無線LANへの参加制御方法。 A method of detecting a wireless LAN terminal that has entered a radio base station reachable range and controlling the wireless LAN terminal to be connectable to a wireless LAN including a transmitting / receiving device with the wireless base station,
Detecting a wireless LAN terminal that has entered the radio wave reach of its own device in the wireless base station, obtaining authentication information from a wireless component attached to the wireless LAN terminal, and authentication information set in the wireless base station Or collating authentication information acquired from an authentication device connected to a wireless base station and authentication information acquired from the wireless component, and determining whether to permit connection to the wireless LAN;
Transmitting wireless LAN configuration information set in the wireless base station or wireless LAN configuration information acquired from an external device connected to the wireless base station to the wireless LAN terminal based on the determination result of the connection permission; ,
Setting the wireless LAN configuration information received from the wireless base station in the wireless LAN terminal in the own terminal;
Transmitting data received from the wireless LAN terminal according to a wireless protocol with the wireless LAN terminal at the wireless base station to the wireless LAN selected according to the wireless LAN configuration information included in an upper protocol of the wireless protocol. A wireless LAN terminal participation control method for wireless LAN. 無線基地局の電波到達範囲内に侵入した無線LAN端末を検知し、前記無線基地局との送受信装置を備えた無線LANに対し前記無線LAN端末を接続する無線LANシステムであって、
前記無線基地局が、
自装置の電波到達範囲内に侵入した無線LAN端末を検知し、当該無線LAN端末に付加された無線部品から認証情報を取得する手段と、自無線基地局内に設定された認証情報または無線基地局と接続された認証装置から取得した認証情報と前記無線部品から取得した認証情報とを照合し、前記無線LANへの接続を許可するか否かを判定する手段と、接続許可の判定結果をもとに、無線基地局内に設定された無線LANの構成情報または無線基地局と接続された外部装置から取得した無線LANの構成情報を前記無線LAN端末に送信する手段と、前記無線LAN端末から当該無線LAN端末との無線プロトコルに従って受信したデータを当該無線プロトコルの上位プロトコルに含まれる前記無線LAN構成情報に従って選択した前記無線LANに送信する手段とを備え、
前記無線LAN端末が、
前記無線基地局から受信した前記無線LAN構成情報を自端末内に設定する手段と、前記無線基地局との無線プロトコルの上位プロトコル中に前記無線LAN構成情報を設定したデータを送信し、前記無線LAN構成情報に従って前記無線基地局で選択された無線LANと通信する手段を備えることを特徴とする無線LANシステム。 A wireless LAN system that detects a wireless LAN terminal that has entered a radio base station reachable range and connects the wireless LAN terminal to a wireless LAN provided with a transmitting / receiving device with the wireless base station,
The radio base station is
Means for detecting a wireless LAN terminal that has entered the radio wave reach of its own device and acquiring authentication information from wireless components attached to the wireless LAN terminal, and authentication information or wireless base station set in its own wireless base station The authentication information acquired from the authentication device connected to the authentication information and the authentication information acquired from the wireless component, a means for determining whether to permit connection to the wireless LAN, and a determination result of connection permission And means for transmitting wireless LAN configuration information set in the wireless base station or wireless LAN configuration information acquired from an external device connected to the wireless base station to the wireless LAN terminal, from the wireless LAN terminal The wireless data selected according to the wireless LAN configuration information included in the higher-level protocol of the wireless protocol data received according to the wireless protocol with the wireless LAN terminal And means for transmitting to the AN,
The wireless LAN terminal is
Means for setting the wireless LAN configuration information received from the wireless base station in its own terminal, and transmitting data in which the wireless LAN configuration information is set in an upper protocol of a wireless protocol with the wireless base station, A wireless LAN system comprising means for communicating with a wireless LAN selected by the wireless base station according to LAN configuration information. 自装置の電波到達範囲内に侵入した無線LAN端末を検知し、自装置との送受信装置を備えた無線LANに対し前記無線LAN端末を接続可能に制御する無線LAN基地局装置であって、
自装置の電波到達範囲内に侵入した無線LAN端末を検知し、当該無線LAN端末に付加された無線部品から認証情報を取得する手段と、
自装置内に設定された認証情報または自装置と接続された認証装置から取得した認証情報と前記無線部品から取得した認証情報とを照合し、前記無線LANへの接続を許可するか否かを判定する手段と、
接続許可の判定結果をもとに、自装置内に設定された無線LANの構成情報または自装置と接続された外部装置から取得した無線LANの構成情報を前記無線LAN端末に送信し、設定する手段と、
前記無線LAN端末から当該無線LAN端末との無線プロトコルに従って受信したデータを当該無線プロトコルの上位プロトコルに含まれる前記無線LAN構成情報に従って選択した前記無線LANに送信する手段と
を備えることを特徴とする無線LAN基地局装置。 A wireless LAN base station device that detects a wireless LAN terminal that has entered the radio wave reach of its own device and controls the wireless LAN terminal to be connectable to a wireless LAN provided with a transmission / reception device with its own device,
Means for detecting a wireless LAN terminal that has entered the radio wave reach of its own device and obtaining authentication information from a wireless component attached to the wireless LAN terminal;
Whether authentication information set in the own device or authentication information acquired from an authentication device connected to the own device is compared with authentication information acquired from the wireless component, and whether to permit connection to the wireless LAN is determined. Means for determining;
Based on the determination result of the connection permission, the wireless LAN configuration information set in the own device or the wireless LAN configuration information acquired from the external device connected to the own device is transmitted to the wireless LAN terminal and set. Means,
Means for transmitting data received from the wireless LAN terminal in accordance with a wireless protocol with the wireless LAN terminal to the wireless LAN selected in accordance with the wireless LAN configuration information included in an upper protocol of the wireless protocol. Wireless LAN base station device. 無線基地局からの制御に基づき、当該無線基地局との送受信装置を備えた無線LANに対し接続可能状態に制御される無線LAN端末装置であって、
前記無線基地局からの要求に従い自装置の認証情報を無線によって返信する無線部品と、前記無線基地局における認証処理に応じて前記無線基地局から送信される無線LAN構成情報を受信し、自装置内に設定する手段と、
前記無線基地局との無線プロトコルの上位プロトコル中に前記無線LAN構成情報を設定したデータを送信し、前記無線LAN構成情報に従って前記無線基地局で選択接続された無線LANと通信する手段とを備えることを特徴とする無線LAN端末装置。 Based on the control from the wireless base station, a wireless LAN terminal device that is controlled to be connectable to a wireless LAN provided with a transmitting / receiving device with the wireless base station,
A wireless component that wirelessly sends back authentication information of the device according to a request from the wireless base station, and wireless LAN configuration information transmitted from the wireless base station in response to an authentication process in the wireless base station; Means to set in,
Means for transmitting data in which the wireless LAN configuration information is set in an upper protocol of a wireless protocol with the wireless base station, and communicating with a wireless LAN selectively connected by the wireless base station according to the wireless LAN configuration information A wireless LAN terminal device.
JP2006216961A 2006-08-09 2006-08-09 Control method for wireless lan terminal to take part in wireless lan, wireless lan base station device and wireless lan terminal device Pending JP2006314138A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2006216961A JP2006314138A (en) 2006-08-09 2006-08-09 Control method for wireless lan terminal to take part in wireless lan, wireless lan base station device and wireless lan terminal device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2006216961A JP2006314138A (en) 2006-08-09 2006-08-09 Control method for wireless lan terminal to take part in wireless lan, wireless lan base station device and wireless lan terminal device

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
JP2001285854A Division JP3865317B2 (en) 2001-09-19 2001-09-19 Wireless LAN terminal participation control method, wireless LAN base station apparatus, and wireless LAN terminal apparatus

Publications (1)

Publication Number Publication Date
JP2006314138A true JP2006314138A (en) 2006-11-16

Family

ID=37535405

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2006216961A Pending JP2006314138A (en) 2006-08-09 2006-08-09 Control method for wireless lan terminal to take part in wireless lan, wireless lan base station device and wireless lan terminal device

Country Status (1)

Country Link
JP (1) JP2006314138A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012051376A (en) * 2011-10-11 2012-03-15 Ricoh Co Ltd Apparatus, authentification method and program
JP2016534619A (en) * 2013-08-14 2016-11-04 ゼットティーイー コーポレーションZte Corporation Method and apparatus for constructing simple and easy wireless connection
JP2017068537A (en) * 2015-09-30 2017-04-06 株式会社オプティム Image sharing system, image sharing method, and image sharing program

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003101545A (en) * 2001-09-19 2003-04-04 Hitachi Software Eng Co Ltd Method for controlling access to lan from wireless lan terminal, wireless lan base station apparatus and wireless lan terminal apparatus

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003101545A (en) * 2001-09-19 2003-04-04 Hitachi Software Eng Co Ltd Method for controlling access to lan from wireless lan terminal, wireless lan base station apparatus and wireless lan terminal apparatus
JP3865317B2 (en) * 2001-09-19 2007-01-10 日立ソフトウエアエンジニアリング株式会社 Wireless LAN terminal participation control method, wireless LAN base station apparatus, and wireless LAN terminal apparatus

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012051376A (en) * 2011-10-11 2012-03-15 Ricoh Co Ltd Apparatus, authentification method and program
JP2016534619A (en) * 2013-08-14 2016-11-04 ゼットティーイー コーポレーションZte Corporation Method and apparatus for constructing simple and easy wireless connection
JP2017068537A (en) * 2015-09-30 2017-04-06 株式会社オプティム Image sharing system, image sharing method, and image sharing program

Similar Documents

Publication Publication Date Title
US9401901B2 (en) Self-configuring wireless network
US20140247941A1 (en) Self-configuring wireless network
KR101551315B1 (en) Using a mobile device to enable another device to connect to a wireless network
US20170048700A1 (en) Self-configuring wireless network
JP4174535B2 (en) Authentication system and authentication method for authenticating wireless terminal
US20100122338A1 (en) Network system, dhcp server device, and dhcp client device
US8244212B2 (en) Communication method, communication apparatus, cell phone terminal, and communication system for performing connection via a network
US8549593B2 (en) Network access control system and method
US20060089127A1 (en) Wireless lan system, wireless terminal, wireless base station, communication configuration method for wireless terminal, and program thereof
JP2004201046A (en) Access authentication technology for radio network
CN104837136B (en) Wireless access authentication method and device
JP3865317B2 (en) Wireless LAN terminal participation control method, wireless LAN base station apparatus, and wireless LAN terminal apparatus
JP6366113B2 (en) COMMUNICATION SYSTEM, COMMUNICATION DEVICE, AND COMMUNICATION METHOD
JP2005244936A (en) Communication system, communication terminal and communication program
JP2008028892A (en) Wireless communication system
US20050238033A1 (en) Connection system, information supply apparatus, connection method and program
KR101747927B1 (en) System for registrating additional user for device
JP2006314138A (en) Control method for wireless lan terminal to take part in wireless lan, wireless lan base station device and wireless lan terminal device
US20070091858A1 (en) Method and apparatus for tracking unauthorized nodes within a network
KR102390887B1 (en) Method and apparatus for registering wireless device in wireless communication system
JP2010074481A (en) Lan system, terminal device, utilization application device, and user account acquiring method
JP2004320731A (en) Network apparatus and system for authentication, and network apparatus authentication method using the apparatus
JP2013152584A (en) Internet connection authentication system, internet connection authentication method and program
US7720603B2 (en) Method and apparatus for providing GPS data using network
EP4391471A1 (en) System and method for provisioning and registration of a device with an energy- or power system

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20080109

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20100514

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A132

Effective date: 20100518

A02 Decision of refusal

Free format text: JAPANESE INTERMEDIATE CODE: A02

Effective date: 20110310