JP2007096919A - Communication system and communication terminal - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a communication system and communication terminals constituting the communication system by which the amount of communication and the time necessary for possessing authentication information such as a public key certificate and its invalidation information, are reduced. <P>SOLUTION: Communication terminals (nodes A, D and E) are selected as relay terminals out of communication terminals adjacent to a communication terminal (node S) which generates or receives authentication information, and the terminals broadcast the received authentication information. In this way, the authentication information is forwarded to all the communication terminals further adjacent to all the communication terminals adjacent to the communication terminal which generates or receives the authentication information. All the communication terminals constituting the communication system possess the identical authentication information by repeating these operations. Since the authentication information is forwarded simultaneously and in one direction from the communication terminal which is the generator of the authentication information, the amount of communication and the time are reduced which are necessary for the communication terminals constituting the communication system to possess the authentication information. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a communication system including a plurality of communication terminals, and each communication terminal authenticates a communication partner based on authentication information such as a public key certificate and its revocation information. The present invention also relates to a communication terminal used in the communication system.

  PKI (Public Key Infrastructure) is a basic technology for authenticating a communication partner on the existing Internet. In PKI, authentication using a public key certificate (PKC) is performed. The public key certificate includes signature information that is obtained by encrypting the public key of a specific node and data related to the specific node with the private key of the public key certificate issuer. It is out. Conventionally, an institution that issues and manages public key certificates is called a CA (Certificate Authority), and in a conventional wireless communication system, a fixed base such as a base station or an access point plays a role.

  Communication terminals such as mobile phones, PDAs (Personal Digital Asistance) and PCs (Personal Computers) that make up a wireless LAN connect to each other wirelessly without the need for base stations or access points. A network configuration in which wireless communication is performed by multi-hop connection that connects to a target communication partner via a communication terminal is called a wireless ad hoc network. However, in the case of a wireless ad hoc network that does not have a fixed base such as a base station or an access point, there is no CA that can be absolutely trusted, so public key certificates cannot be issued and managed. In view of this, a public key certificate distributed management method in which each node independently issues and manages a public key certificate (referred to as each communication node plays a CA role) has been proposed (for example, Non-Patent Document 1). reference).

  In this method, each node issues and manages public key certificates of other nodes based on its own judgment (knowledge: knowledge and experience). For example, it is assumed that the node A has not issued a public key certificate to the node B and does not have a trust relationship with the node B. Further, it is assumed that node C directly trusting node A (issuing a public key certificate) directly trusts node B. In this case, node A issues a public key certificate of node C, and node C issues a public key certificate of node B. The public key certificate issued by the node A includes the public key of the node C and the signature information of the node A, and the public key certificate issued by the node C includes the public key of the node B and the certification information of the node C. It is.

  When the node A communicates with the node B, the node A receives the public key certificate of the node B from the node C, and obtains the public key certificate of the node C owned by itself and the acquired public key certificate of the node B. To authenticate Node B. When the validity of the public key of the node B and the validity of the public key certificate can be confirmed, the node A trusts the node B. In this way, the trust relationship established between the node A and the node B is called a circle of trust.

  In the method described in Non-Patent Document 1, each node establishes a trust relationship with those nodes by exchanging public key certificates with nodes that it trusts. Furthermore, these nodes have a trust relationship with other nodes, and each node constructs a circle of trust to the authenticated node using the trust relationship.

  Hereinafter, a method for constructing a circle of trust in the conventional public key certificate distribution management method will be described in detail with reference to FIG. FIG. 5A shows the trust relationship between the nodes 1 to 8 constituting the communication system. The node at the base of the arrow connecting each node trusts the node at the end of the arrow. For example, the node 1 trusts the node 2 and issues a public key certificate of the node 2. This public key certificate includes the public key of node 2 and the signature information of node 1.

  In the following description, a node that starts communication is called an authentication node, and a node that is a communication partner is called a final authenticated node. In FIG. 5A, it is assumed that the node 1 (authentication node) authenticates the node 4 (final authenticated node) that is not directly in the trust relationship. First, the following operations are performed as initial preparation for authentication.

(Public key generation)
Each node creates a public / private key pair.
(Issuance of public key certificate)
Each node issues a public key certificate related to the public key of the trusted other node based on the unique knowledge about the other node that has already been acquired.
(Create repository)
Each node stores and manages the issued public key certificate in a repository (a database constructed in a memory, a hard disk or the like for storing the public key certificate).
(Repository exchange)
Each node exchanges the public key certificate stored in the repository owned by each node (repository exchange) between the nodes, and stores the acquired public key certificate in the repository. Each node periodically exchanges the above-mentioned repository with an adjacent node capable of direct communication by receiving radio waves (FIG. 5B), and finally collects repositories of all nodes. FIG. 5C shows the public key certificate in the repository of the node 1 in the steady state where the acquisition of the public key certificates of all the nodes constituting the communication system has been completed. In the figure, for example, a public key certificate issued by node 1 to node 2 is expressed as 1 → 2.

  Subsequently, when performing node authentication, the node 1 (authentication node) searches a public key certificate necessary for constructing a circle of trust from its own repository. As a result of the search, node 1 (authentication node) determines that the circle of trust up to node 4 (final authenticated node) is connected to node 1 → node 2 → node 3 → node 4 (FIG. 5D). In the conventional public key certificate distributed management system, after the public key certificates of all nodes are once stored in the repository, it is possible to search for a circle of trust in a short time.

  Subsequently, the node 1 (authentication node) confirms the validity of the public key of the node included in the circle of trust and the validity of the public key certificate. In order to confirm the validity of the public key, the node 1 (authentication node) takes out the public key certificate issued for the public key of the node 2 from the repository and decrypts the signature information using the public key of the node 1 And check whether the information is correct. If the information is correct, node 1 (authentication node) has confirmed the validity of the public key of node 2. Similarly, the node 1 (authentication node) takes out the public key certificate issued by the node 2 with respect to the public key of the node 3 from the repository, decrypts the signature information using the public key of the node 2, and the information is Check if it is correct. If the information is correct, the node 1 (authentication node) has confirmed the validity of the public key of the node 3. Similarly, the node 1 (authentication node) confirms the validity of the public key of the node 4 (final authenticated node).

  Subsequently, in order to check the validity of the public key certificate, the node 1 (authentication node) revoked a certificate list (CRL: Certificate Revocation) in which a list of invalid (revoked) public key certificates is described. (List). Each node needs to periodically check the validity of the public key certificate with respect to the node that issued the public key certificate in order to keep the information in the revoked certificate list up to date. Finally, if none of the public key certificates of all the nodes included in the circle of trust exist in the revocation certificate list, node 1 (authentication node) trusts to node 4 (final authenticated node). It is determined that the circle is effective.

On the other hand, Non-Patent Document 2 describes another public key certificate distribution management method. In the public key certificate distributed management method described in Non-Patent Decentralization 2, when there is a need to authenticate a node that is a communication partner, the authentication node only requires a public key certificate from each node. I try to get a certificate. As a result, communication resources and resources of each node are not wasted compared to the public key distribution management method described in Non-Patent Document 1 in which each node manages the public keys of all nodes participating in the network. It is possible to reduce public key management costs.
Srdjan Capkun, Levente Buttyan, and Jean-Pierre Hubaux, "Self-Organized Public-Key Management for Mobile Ad Hoc Networks", IEEE TRANSACTIONS ON MOBILE COMPUTING, Vol.2, No.2, JANUARY-MARCH 2003, p.52- 63 Yuko Kitada, Yutaka Arakawa, Keisuke Takemori, Watanabe, “On-demand public key distribution management method using routing information suitable for wireless ad hoc networks”, CSS2004, October 2004

  The public key certificate distributed management method described in Non-Patent Document 1 has the following problems. That is, when there are few public key certificates stored in the repository, the probability of authentication failure is high. In this method, each node focuses on collecting public key certificates, and each node communicates separately by exchanging repositories between nodes. Therefore, all nodes in the network are made public. It takes a lot of communication and time to collect the key certificate. In a large-scale network with a large number of nodes, the traffic and time increase exponentially.

  In addition, since each node periodically exchanges public key certificates, a large amount of communication is required even after all nodes acquire public key certificates. Furthermore, in order to check the validity of the public key certificate, the processing load for periodically checking the validity of the public key certificate for all nodes that issued the public key certificate and updating the revocation certificate list Is big.

  Further, in the public key certificate distributed management method described in Non-Patent Document 2, since the public key certificate is collected on demand at the time when the authentication request is generated, the validity of the public key certificate is confirmed. Communication is not necessary. However, in this method, since the public key certificate is collected, all the authentication nodes and relay nodes broadcast information for requesting the public key certificate. It cannot be ignored.

  The present invention has been made in view of the above-described problems, and the communication amount and time required until each communication terminal constituting the communication system possesses authentication information such as a public key certificate and its revocation information. An object of the present invention is to provide a communication system and a communication terminal capable of reducing the above.

  The present invention has been made to solve the above-described problems, and a communication system of the present invention includes a plurality of communication terminals, and among the plurality of communication terminals, authentication information ( The communication terminal that generated the public key certificate and the revocation information thereof is adjacent to the end of the adjacent communication terminal (that is, capable of direct communication) based on the OLSR (Optimized Link State Routing) protocol described later. A relay terminal that relays authentication information is selected from adjacent communication terminals so that the authentication information is transferred to all the communication terminals. Then, the communication terminal that has generated the authentication information transmits or broadcasts notification information for notifying that the authentication terminal has been selected as a relay terminal, and broadcasts the authentication information. At least a part of the communication terminals adjacent to the communication terminal that broadcast the authentication information broadcasts the received authentication information only when it is determined that the communication terminal is selected as a relay terminal based on the notification information. It does not matter whether the selection of the relay terminal that relays the authentication information and the transmission of the notification information are before or after the generation of the authentication information.

  The communication system of the present invention includes a plurality of communication terminals, and among the plurality of communication terminals, a communication terminal that has received authentication information from another communication terminal is based on an OLSR protocol or the like. A relay terminal that relays the authentication information is selected from the adjacent communication terminals so that the authentication information is transferred to all the adjacent communication terminals. Then, the communication terminal that has received the authentication information transmits or broadcasts notification information notifying that it has been selected as a relay terminal to another communication terminal, and broadcasts the authentication information. At least a part of the communication terminals adjacent to the communication terminal that broadcast the authentication information broadcasts the received authentication information only when it is determined that the communication terminal is selected as a relay terminal based on the notification information. It does not matter whether the selection of the relay terminal that relays the authentication information and the transmission of the notification information are before or after the reception of the authentication information.

  According to the communication system, the communication terminal selected as the relay terminal among the communication terminals adjacent to the communication terminal that generated or received the authentication information generates the authentication information or broadcasts the received authentication information. Authentication information is transferred to all communication terminals adjacent to the communication terminals adjacent to the received communication terminal. By repeating this, all communication terminals constituting the communication system can have the same authentication information. Since authentication information can be transferred simultaneously and in one direction from the communication information generation source communication terminal (in a direction in which the number of hops seen from the authentication information generation source communication terminal increases) It is possible to reduce the communication amount and time required until each communication terminal constituting the system possesses authentication information.

  In particular, authentication information is broadcast only when it is determined that at least a part of communication terminals adjacent to the communication terminal that broadcast the authentication information is selected as a relay terminal, and authentication is performed when it is determined that the communication terminal is not selected as a relay terminal. Since information is not broadcast, unnecessary traffic can be greatly reduced. In addition, if the above authentication information is certificate revocation information necessary for checking the validity of the certificate, all communication terminals can have the latest information on the validity of the certificate. Therefore, communication for confirming the validity of the certificate with another communication terminal becomes unnecessary. Therefore, it is possible to reduce the management load of the revocation information of each communication terminal.

  In the communication system of the present invention, at least some of the plurality of communication terminals constituting the communication system may further broadcast the authentication information regularly or irregularly. As a result, it is possible to increase the possibility that a communication terminal in a place where radio waves do not reach from any communication terminal temporarily acquire the authentication information, and to synchronize the authentication information possessed by each communication terminal participating in the communication system. it can.

  The communication terminal of the present invention includes an authentication information generation unit, a selection unit, a notification information transmission unit, and an authentication information transmission unit, and the authentication information transmission unit broadcasts the authentication information generated by the authentication information generation unit. The selection means selects a relay terminal that relays authentication information from adjacent communication terminals so that the authentication information is transferred to all communication terminals adjacent to the adjacent communication terminal based on the OLSR protocol or the like. select. The notification information transmitting means transmits or broadcasts notification information notifying that the relay terminal has been selected to other communication terminals. It does not matter whether the selection of the relay terminal that relays the authentication information and the transmission of the notification information are before or after the generation of the authentication information.

  The communication terminal of the present invention comprises an authentication information receiving means, a selecting means, a notification information transmitting means, and an authentication information transmitting means, and the authentication information receiving means receives the authentication information transmitted from another communication terminal, Authentication information transmission means broadcasts authentication information. The selection means and the notification information transmission means are the same as described above. In particular, the authentication information transmitting means of the present invention broadcasts the received authentication information only when it is determined that the relay terminal is selected based on the notification information. It does not matter whether the selection of the relay terminal that relays the authentication information and the transmission of the notification information are before or after the reception of the authentication information.

  According to the communication terminal described above, a communication terminal selected as a relay terminal that relays authentication information among communication terminals adjacent to the communication terminal that generated or received the authentication information receives and broadcasts the authentication information. The authentication information is transferred to all communication terminals adjacent to the communication terminals adjacent to the communication terminal that has generated or received the authentication information. By repeating this, all communication terminals constituting the communication system can have the same authentication information. Since authentication information can be transferred simultaneously and in one direction from the communication information generation source communication terminal (in a direction in which the number of hops seen from the authentication information generation source communication terminal increases) It is possible to reduce the communication amount and time required until each communication terminal constituting the system possesses authentication information.

  In particular, the communication terminal that receives the authentication information from another communication terminal broadcasts the authentication information only when it is determined that the communication terminal is selected as the relay terminal, and does not broadcast the authentication information when it is determined that the communication terminal is not selected as the relay terminal. As a result, the amount of unnecessary communication can be significantly reduced. In addition, when the authentication information is certificate revocation information necessary for confirming the validity of the certificate, as described above, communication for confirming the validity of the certificate with another communication terminal. Becomes unnecessary, and the management load of the revocation information of each communication terminal can be reduced.

  In the communication terminal of the present invention, the authentication information transmitting means may broadcast the authentication information periodically or irregularly. As a result, it is possible to increase the possibility that a communication terminal in a place where radio waves do not reach from any communication terminal temporarily acquire the authentication information, and to synchronize the authentication information possessed by each communication terminal participating in the communication system. it can.

  According to the present invention, it is possible to reduce the amount of communication and time required until each communication terminal constituting the communication system possesses authentication information such as a public key certificate and its revocation information.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. FIG. 1 shows a configuration example of a communication system according to an embodiment of the present invention. This communication system includes nodes A to N and S having a function as a communication terminal. A line connecting the nodes indicates that the nodes are located within a radio wave reachable range and can communicate directly. FIG. 2 shows the configuration of each node. In FIG. 2, an antenna 10 is used to transmit and receive radio waves with other nodes. The communication unit 11 performs modulation / demodulation processing related to data transmission / reception. The operation unit 12 includes keys and the like operated by the user. The display unit 13 displays various information to the user.

  The storage unit 14 includes a recording medium and a circuit for reading and writing data, and stores various types of information. The repository stores a public key certificate issued by the own node to a trusted node and a public key certificate acquired from another node. The public key certificates of all the nodes that have been issued public key certificates are stored in the repository by a method described later. In the 1-hop adjacent node information area, information of a node (referred to as a 1-hop adjacent node) that is adjacent to the own node (can receive radio waves and can communicate directly) is stored. In the 2-hop adjacent node information area, information of a node adjacent to the 1-hop adjacent node (assumed to be a 2-hop adjacent node, not including the own node and the 1-hop adjacent node) is stored. In the MPR information area, information of nodes belonging to an MPR set described later is stored. The MPR selector information area stores information on other nodes that have selected their own node as an MPR set. The revoked certificate list area stores a revoked certificate list in which a list of revoked public key certificates is described.

  The control unit 15 includes a CPU (Central Processing Unit), controls operations of the above-described components, and performs various types of information processing. The configuration described above is an example, and a configuration other than the above may be added, or an unnecessary configuration may be deleted.

Each node in the present embodiment, when it issues a public key certificate to another node or when the public key certificate is revoked, the public key certificate or its revocation information (which public key certificate Flooding the communication system as a whole). Flooding is a technique for distributing information to all terminals by repeating transmission of information by the terminal of the transmission source and transfer of the information by all the terminals that have received the information. Each node performs flooding based on the OLSR (Optimized Link State Routing) protocol, thereby preventing unnecessary flooding. Details of the OLSR protocol are described in, for example, the following documents.
S. Corson and J. Macker, "Mobile ad hoc networking (MANET): Routing protocol performance issues and evaluation consideration", IETF RFC25010, Jan, 1999

  For example, when the node S broadcasts, radio waves reach the nodes A, B, C, D, and E adjacent to the node S, and these nodes receive information from the node S (FIG. 3A). When all of these nodes broadcast, radio waves reach nodes F, G, H, I, J, and M adjacent to these nodes, and these nodes receive information. However, for example, node M receives information from both nodes C and E, and it can be seen that unnecessary communication occurs.

  In the OLSR protocol, in order to perform more efficient flooding, the minimum necessary to transfer information to all 2-hop neighboring nodes adjacent to the one-hop neighboring node that has received the radio wave from the transmission source by broadcast A limited number of nodes become retransmission nodes and broadcast. In this way, a set of 1-hop neighboring nodes in which information is transferred to all 2-hop neighboring nodes existing ahead of the 1-hop neighboring node is called an MPR (Multi Point Relay) set.

  As will be described later, among the nodes adjacent to the node S, the nodes A, D, and E belong to the MPR set. Only these nodes broadcast, and the remaining 1-hop neighbors (Node B and C) do not broadcast when they receive information. Nodes F, G, and H can receive information from node A, node J can receive information from node D, and nodes I and M can receive information from node E (FIG. 3B). ). Therefore, only a part of the one-hop neighboring nodes broadcasts, so that information can be transferred to all the two-hop neighboring nodes adjacent to the one-hop neighboring node. It can be carried out.

  When nodes A, D, and E broadcast, only the nodes that belong to the MPR set of those nodes also broadcast. By repeating this, information can be distributed to all the nodes constituting the communication system while reducing the occurrence of unnecessary communication.

  Next, the detailed operation of the communication system according to the present embodiment will be described. First, a method for selecting nodes belonging to the MPR set will be described. Each node periodically sends a HELLO message to neighboring nodes. Thereby, each node acquires information of other nodes. In the initial state, each node transmits a HELLO message including its own address (identification information) as 1-hop neighboring node information in order to notify the neighboring nodes of its own existence. That is, the control unit 15 of each node generates a HELLO message and outputs it to the communication unit 11. This HELLO message is modulated by the communication unit 11 and then transmitted from the antenna 10 to another node. The transmitted HELLO message is received by the antenna 10 of the adjacent node, demodulated by the communication unit 11, and then output to the control unit 15. The control unit 15 stores the address of the 1-hop adjacent node included in the HELLO message in the 1-hop adjacent node information area of the storage unit 14.

  In addition, each node transmits a HELLO message including the address (identification information) of the node adjacent to itself as 2-hop adjacent node information. This HELLO message is received by an adjacent node. The control unit 15 of the node that has received the address that is not included in the address stored in the 1-hop adjacent node information area of the storage unit 14 among the addresses included in the HELLO message is stored in the 2-hop adjacent node information area of the storage unit 14 Store. As described above, each node obtains information on 1-hop adjacent nodes and 2-hop adjacent nodes.

  Each node has a value in the range of 0 to 7 called Willingness. The higher this value, the easier it is to be selected for the MPR set. The value of Willingness is added to the HELLO message and notified to each node. The control unit 15 of the node that has received the HELLO message associates the address of the other node included in the HELLO message with the value of Willingness and stores them in the 1-hop adjacent node information area or the 2-hop adjacent node information area of the storage unit 14. . A node with a Willingness value of 0 is not selected as an MPR set, and a node of 7 is positively selected as an MPR set. It may be possible to set the Willingness value high on a node that has a power supply source or a node with a large amount of battery remaining, or set the Willingness value high on a node that has a large number of connections to adjacent nodes. In the embodiment, the setting method of Willingness is not particularly limited. Assume that the Willingness values of each node in FIG. 1 are 7 (WILL_ALWAYS) for node A, 5 (WILL_HIGH) for node E, and 3 (WILL_DEFAULT) for other nodes.

The MPR set, which is a set of nodes that actually relay information, is determined as follows. Here, as an example, a method for selecting a node belonging to the MPR set for the node S will be described. Nodes known by the node S are all nodes other than the nodes K, L, and N, and these are the selection targets of the MPR set. The control unit 15 of the node S generates ^two sets of “N” and “N ² ” based on the information of each node stored in the 1-hop adjacent node information area and the 2-hop adjacent node information area of the storage unit 14. Create (FIG. 4A). “N” is a set of 1-hop neighboring nodes indicating candidate nodes to be MPR sets, and includes nodes A, B, C, D, and E. “N ² ” is a set of two-hop neighboring nodes indicating that the information does not reach because a node to be an MPR set has not yet been selected, and includes nodes F, G, H, I, J, and M It is.

Subsequently, the control unit 15 of the node S selects the node A having the highest Willingness value as an MPR set from the nodes included in “N”. If there are a plurality of nodes having the same Willingness value, a node capable of transferring information to more nodes included in “N ² ” is selected as the MPR set. Since the nodes F, G, and H can receive information from the node A, the control unit 15 deletes these nodes from “N ² ”. “N” and “N ² ” at this time are as shown in FIG.

Subsequently, the control unit 15 selects the node E having the highest Willingness value as the MPR set from the remaining nodes included in “N”. Since the nodes I and M can receive information from the node E, the control unit 15 deletes these nodes from “N ² ”. “N” and “N ² ” at this time are as shown in FIG. The above process is repeated until all nodes are deleted from “N ² ”. Subsequently, since the node D is selected as the MPR set and the node J is deleted from “N ² ”, the selection process of the nodes belonging to the MPR set is completed. As a result, the nodes belonging to the MPR set are nodes A, D, and E.

  After calculating the MPR set, the node S transmits a HELLO message (notification information) for notifying that the MPR set is selected to the nodes A, D, and E. The control unit 15 of each node that has received the HELLO message stores the address of the node S included in the HELLO message in the MPR selector information area of the storage unit 14. By referring to the information stored in the MPR selector information area, each node can know which node is selected as the MPR set. Other nodes than the node S also determine the MPR set in the same manner as described above. The transmission of the HELLO message may be broadcast. In this case, it is desirable that the address of the node selected as the MPR set is included in the HELLO message. The node that has received the broadcasted HELLO message determines that it has been selected as the MPR set when the address of the node selected as the MPR set included in the HELLO message matches its own address. The node address is stored in the MPR selector information area of the storage unit 14.

  Next, the operation of the communication system when a public key certificate is issued and when it is revoked will be described. In addition, when each node receives information that overlaps with information that has been received once, the node deletes (discards) the information that has been received again. Therefore, even if the same information is received a plurality of times, each node broadcasts at most once. In the following description, a case where the node S is a transmission source of information will be described, but the same applies to the case where another node is a transmission source.

  When the node S issues a public key certificate to a certain node, the control unit 15 of the node S generates a public key certificate and stores it in the repository of the storage unit 14. When the node S revokes a public key certificate for a certain node, the control unit 15 of the node S generates revocation information, and the revocation certificate stored in the revocation certificate list area of the storage unit 14 Update the list. Subsequently, the node S broadcasts the public key certificate or its revocation information. In the node S, the selection of the MPR set and the transmission of the HELLO message (for notifying each node that the MPR set is selected) are performed before the public key certificate or the revocation information is broadcast. And may be before or after the generation of the public key certificate or the revocation information. Further, the node S may broadcast the public key certificate or the revocation information added with information for notifying each node that it is selected as the MPR set.

  The broadcast public key certificate or revocation information is received by the nodes A, B, C, D, and E adjacent to the node S. When receiving the public key certificate, the control unit 15 of each node stores the public key certificate in the repository of the storage unit 14. In addition, when the revocation information is received, the control unit 15 updates the revocation certificate list stored in the revocation certificate list area of the storage unit 14 based on the revocation information.

  In addition, the control unit 15 determines whether the address of the node that is the transmission source of the public key certificate or the revocation information matches any of the addresses stored in the MPR selector information area of the storage unit 14. Only when the address of the transmission source node matches one of the addresses stored in the MPR selector information area, the control unit 15 performs a process of broadcasting the public key certificate or the revocation information. That is, only the nodes A, D, and E in FIG. 1 broadcast the public key certificate or the revocation information. As described above, these nodes are nodes selected by the node S as an MPR set, and when these nodes broadcast, all the two-hop neighboring nodes of the node S (nodes F, G, H, I, The public key certificate or revocation information can be transferred to M).

  Nodes A, D, and E also determine MPR sets in the same manner as node S, and only nodes selected as MPR sets from among nodes F, G, H, I, and M adjacent to these nodes. Broadcasts public key certificates or revocation information. By repeating the above operation, information is retransmitted in a chained manner, and finally all nodes in the communication system have the public key certificate or revocation information generated by the node S. Become.

  The operation of constructing a circle of trust when the necessity of node authentication occurs is the same as the public key certificate distribution management method described in Non-Patent Document 1. Therefore, after the public key certificates of all the nodes are once stored in the repository, it is possible to search for a circle of trust in a short time. However, in this embodiment, each node always has the latest revocation certificate list by flooding the revocation information of the public key certificate in real time. Communication for confirming the effectiveness is not necessary.

  Next, a modification of this embodiment will be described. When a public key certificate or revocation information is flooded, there is a node that is outside the radio wave range that cannot receive radio waves from other nodes in the communication system and cannot receive the public key certificate or revocation information. May be present. Therefore, when a node outside the radio wave range enters the radio wave range by flooding the entire communication system periodically or irregularly with some public key certificates or revocation information held by some nodes. Enable public key certificates or revocation information to be received. The flooding interval is not particularly limited, and may be a predetermined interval or an indefinite interval.

  The public key certificate flooded by some nodes may be a public key certificate issued by itself or a public key certificate obtained from another node. Further, a single or part of a plurality of public key certificates stored in the repository of the storage unit 14 may be flooded, or all public key certificates may be flooded. For revocation information, single or partial revocation information may be flooded, or all revocation information (which can be managed centrally, such as a revocation certificate list (CRL)) may be flooded. Also good.

  A node that performs flooding regularly or irregularly may be a node having a high Willingness value, for example. In determining whether or not the value of Willingness is high, a criterion such as that the value of Willingness is 7 or the value of Willingness is greater than or equal to a predetermined value may be provided. Further, a node that has issued many public key certificates from other nodes (that is, a node that is trusted by many other nodes) may perform flooding periodically or irregularly. Since each node constituting the communication system of the present embodiment can possess public key certificates of all nodes, it is determined whether or not to perform flooding based on trust relationship information indicated by the nodes. In this determination, the number of issued public key certificates is greater than or equal to a predetermined number, or the number of issued public key certificates of all nodes is within a predetermined number from the top among all nodes, etc. What is necessary is just to set the standard. Further, a public key certificate may be issued, and the flooded node may flood the same public key certificate periodically or irregularly.

  According to this modification, a public key certificate or revocation information that could not be received before when a node that was temporarily unable to receive radio waves from any node came to a location where radio waves could reach from any node. Can increase the possibility of receiving. Also, synchronize the public key certificate or revocation information held by each node participating in the communication system (that is, make sure that each node has the same public key certificate or revocation information for a longer time). Can do.

  As described above, in the communication system according to the present embodiment, the nodes (nodes A, B, C, D, and the like in the above example) adjacent to the node that generated the public key certificate or the revocation information (the node S in the above example). E), or a node that belongs to an MPR set among nodes adjacent to a node that has received a public key certificate or revocation information from another node (that is, a relay node that relays the public key certificate or revocation information). The nodes (nodes A, D, E, etc. in the above example) broadcast the received public key certificate or revocation information. As a result, the public key certificate or revocation is issued to all nodes (2 hop neighbors) that are further ahead of all nodes (1 hop neighbors) that are adjacent to the node that generated or received the public key certificate or revocation information. Information is transferred.

  By repeating this, all nodes constituting the communication system can have the same information. Then, the public key certificate or the revocation information is transferred from the node from which the public key certificate or the revocation information is generated all at once (in a direction in which the number of hops viewed from the information generation node is increased). Therefore, it is possible to reduce the communication amount and time required until each node constituting the communication system possesses the public key certificate or the revocation information. In particular, among the nodes adjacent to the node that broadcasts the public key certificate or revocation information, only the node that is determined to be selected as the relay node broadcasts the public key certificate or revocation information, enabling efficient flooding. The amount of unnecessary communication can be greatly reduced.

  In addition, as a result of the revocation information being sequentially transferred from the node that generated the revocation information to all other nodes as described above, the state in which all nodes always have the latest revocation certificate list is maintained. Therefore, communication for confirming the validity of the public key certificate becomes unnecessary. Therefore, it is possible to reduce the management load of the revocation information of each node.

  As described above, the embodiments of the present invention have been described in detail with reference to the drawings. However, the specific configuration is not limited to these embodiments, and includes design changes and the like without departing from the gist of the present invention. .

It is a block diagram which shows the structure of the communication system by one Embodiment of this invention. It is a block diagram which shows the structure of the communication terminal with which the communication system by one Embodiment of this invention is provided. It is explanatory drawing for demonstrating the delivery method of the authentication information in one Embodiment of this invention. It is explanatory drawing for demonstrating the determination method of the MPR set in one Embodiment of this invention. It is explanatory drawing for demonstrating the construction method of the ring of trust in the conventional communication system.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 ... Antenna, 11 ... Communication part, 12 ... Operation part, 13 ... Display part, 14 ... Memory | storage part, 15 ... Control part

Claims (6)

In a communication system including a plurality of communication terminals,
The communication terminal that generated the authentication information used for authentication of the communication partner
From among adjacent communication terminals, select a relay terminal that relays the authentication information so that the authentication information is transferred to all adjacent communication terminals ahead of the adjacent communication terminal,
Send or broadcast notification information notifying that it has been selected as the relay terminal to other communication terminals,
Broadcast the authentication information;
At least a part of communication terminals adjacent to the communication terminal that broadcast the authentication information broadcasts the received authentication information only when it is determined that the communication terminal is selected as the relay terminal based on the notification information. A communication system. In a communication system including a plurality of communication terminals,
A communication terminal that has received authentication information used for authentication of a communication partner from another communication terminal,
From among adjacent communication terminals, select a relay terminal that relays the authentication information so that the authentication information is transferred to all adjacent communication terminals ahead of the adjacent communication terminal,
Send or broadcast notification information notifying that it has been selected as the relay terminal to other communication terminals,
Broadcast the authentication information;
At least a part of communication terminals adjacent to the communication terminal that broadcast the authentication information broadcasts the received authentication information only when it is determined that the communication terminal is selected as the relay terminal based on the notification information. A communication system.   The communication according to claim 1 or 2, wherein at least some of the plurality of communication terminals constituting the communication system further broadcast the authentication information regularly or irregularly. system. Authentication information generating means for generating authentication information used for communication partner authentication;
Selection means for selecting a relay terminal that relays the authentication information from among the adjacent communication terminals so that the authentication information is transferred to all the communication terminals adjacent to the adjacent communication terminal;
Notification information transmitting means for transmitting or broadcasting notification information to notify that the relay terminal has been selected to another communication terminal;
Authentication information transmitting means for broadcasting the authentication information;
A communication terminal comprising: Authentication information receiving means for receiving authentication information transmitted from another communication terminal and used for authentication of the communication partner;
Selection means for selecting a relay terminal that relays the authentication information from among the adjacent communication terminals so that the authentication information is transferred to all the communication terminals adjacent to the adjacent communication terminal;
Notification information transmitting means for transmitting or broadcasting notification information to notify that the relay terminal has been selected to another communication terminal;
Notification information receiving means for receiving the notification information from another communication terminal;
Authentication information transmitting means for broadcasting the received authentication information only when it is determined that the relay terminal is selected based on the notification information;
A communication terminal comprising: The communication terminal according to claim 5, wherein the authentication information transmitting unit further broadcasts the authentication information periodically or irregularly.

Images