JP2007189422A - Mutual authentication method of wireless lan, and access point and station performing mutual authentication - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To eliminate the need to provide an authentication server or authentication station for mutual authentication between a station and an access point, and to improve the security level. <P>SOLUTION: The access station and access point store identification information on connection destinations and themselves, and also uniquely generate and store secret keys based upon radio wave propagation characteristics between radio stations. Then the access point encrypts its identification information with its secret key and transmits the identification information to the station, which deencrypts the received signal with the secret key and authenticates whether the deencrypted signal matches the identification information on the access point stored in its storage section. The station also encrypts its identification information with its secret key and transmits the encrypted information to the access point, which deencrypts the received signal with its secret key and authenticates whether the deencrypted signal matches the identification information stored in its storage section. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a mutual authentication method using a wireless LAN, and more particularly to a method capable of enhancing security in mutual authentication.

  Currently, an authentication method based on IEEE 802.1x has been proposed as an authentication method between an access point and a station using a wireless LAN.

  An outline of the authentication method based on IEEE 802.1x will be described with reference to FIG. First, when a station connects to an access point, the station makes an authentication request to the access point. This authentication request includes user identification information and a password. Upon receiving these pieces of information, the access point transmits information such as user identification information and a password to the RADIUS authentication server, and determines whether or not the user identification information and password transmitted from the station are correct. If there is no problem, information necessary for connection (such as a WEP key) is transmitted to the station via the access point, and then the station performs encrypted communication with the access point using the received WEP key. .

In such IEEE 802.1x, an authentication protocol called EAP is used. This EAP is a method of performing authentication by identification information, password, electronic certificate, etc., and currently there are methods such as EAP-MD5, EAP-TLS, EAP-TTLS, EAP-PEAP, EAP-Cisco (LEAP) is doing. Among these, except for EAP-MD5, it has a function of automatically generating a WEP key at regular intervals, and has a function of performing mutual authentication between a station and an authentication server. It can be said that the security level is secured.
JP 2001-111544 A

  However, in such a method for performing mutual authentication, an authentication server, a certificate authority, and the like are required, which not only takes time to install, but also enormous costs. For this reason, it has been practically difficult for small and medium-sized companies and individuals to adopt the mutual authentication method.

  Therefore, in order to solve the above-described problems, the present invention eliminates the need for providing an authentication server or certificate authority when performing mutual authentication between a station and an access point, and further improves the security level. An object is to provide an authentication method.

  That is, in order to solve the above-described problem, the present invention provides a wireless LAN mutual authentication method between an access point and a station that stores the identification information of the connection destination and the self. A secret key based on the path characteristics is uniquely generated and stored in the storage unit. Then, the access point side encrypts its own identification information with a secret key, and transmits this encrypted identification information (hereinafter referred to as “encrypted identification information”) to the station. When the station receives this encrypted identification information, it decrypts it with the private key stored in its own storage unit, and authenticates whether it matches the access point identification information stored in its own storage unit. To do. Alternatively, it is authenticated whether the received encrypted identification information matches the information obtained by encrypting the identification information of the access point stored in its own storage unit with a secret key. Then, the authentication result is transmitted to the access point. The station side also encrypts its own identification information with a secret key, and transmits the encrypted identification information to the access point. When the access point receives the encrypted identification information, the access point decrypts it with the secret key and authenticates whether or not it matches the station identification information stored in its own storage unit. Alternatively, it is authenticated whether or not the received encryption identification information matches the information obtained by encrypting the station identification information stored in its own storage unit with a secret key. Then, the authentication result is transmitted to the station.

  In this way, it is generated based on the radio wave propagation path characteristics between the respective radio stations (hereinafter, “access point (AP)” and “station (STA)” are collectively referred to as “radio station”). Since the identification information is encrypted by the secret key, the same secret key cannot be generated on the wireless station side placed in a different environment, and mutual authentication cannot be performed. Moreover, since this secret key is generated based on the characteristics of the radio wave propagation path between the access point and the station, it changes geographically and temporally, so that the secret key can be obtained without providing an authentication server or certificate authority. The key can be changed. As a result, mutual authentication can be performed easily and at low cost, and the security level can be improved.

  In such an invention, a new secret key is generated for each authentication, and encrypted communication is performed using the generated secret key.

  In this way, since the secret key is changed for each authentication, even if a third party steals the secret key, it cannot be encrypted or decrypted at the next communication, and the security level is increased. Can be improved.

  Further, the identification information of the access point and the station is updated using the secret key generated in this way.

  In this way, since the identification information is sequentially updated, even if the secret key is stolen, authentication cannot be performed, and the security level can be further improved.

  According to the present invention, since the identification information is encrypted using the secret key generated based on the radio wave propagation path characteristic between the access point and the station, the wireless station placed in a different environment is the same secret key. Cannot be generated and mutual authentication cannot be performed. Moreover, since this secret key is generated based on the characteristics of the radio wave propagation path between the access point and the station, it changes geographically and temporally, and the secret key can be changed without providing an authentication server or certificate authority. Can be made. Thus, mutual authentication can be performed easily and at low cost, and the security level can be improved.

  Hereinafter, an embodiment of the present invention will be described with reference to the drawings. FIG. 1 shows an outline of communication between an access point (AP) and a station (STA) using a wireless LAN in the present embodiment, and FIG. 2 shows the access point (AP) and station (STA). ) Is a functional block diagram.

  First, the outline of this mutual authentication system using a wireless LAN will be described. An access point (AP) and a station (STA) are preliminarily identified with access point (AP) identification information (hereinafter referred to as an access point ID) and a station (STA). ID information (hereinafter referred to as station ID) is stored in each storage unit 17. Such identification information is stored in the storage unit 17 by an operation of an administrator or a user. Here, “identification information” is information for identifying an access point (AP), a station (STA), or a user, and includes a wireless station ID, a user ID, a card ID, and the like. In addition, it is assumed that each wireless station independently generates a secret key based on the radio wave propagation path characteristics between the wireless stations and stores it in the storage unit 17 when performing mutual authentication. Then, with the two identification information and the secret key stored in this way, each wireless station encrypts its own identification information using the secret key, and transmits the encrypted identification information to the other radio station. At the same time, on the wireless station side that has received this, the encrypted identification information is decrypted using the secret key, and mutual authentication is performed.

  First, a method for generating the secret key will be described. Generally, radio wave propagation path reversibility is established between an access point (AP) and a station (STA). In other words, the radio wave output from the access point (AP) fluctuates on the way due to a reflector, scatterer, shield, absorber, etc., and is received by the station (STA). On the other hand, similarly, the radio wave output from the station (STA) fluctuates on the way due to a reflector, scatterer, shield, absorber, etc., and is received by the access point (AP). Here, the “radio wave propagation path characteristic” is a characteristic indicating how the radio wave propagates between the radio stations, for example, “transmission path” which is a characteristic unique between the respective radio stations, In addition to natural radio wave propagation path characteristics such as “attenuation” and “propagation time difference”, it also includes characteristics based on artificially manipulated phenomena. Since these radio wave propagation path characteristics are considered not to change significantly in a short time, signals having the same characteristics can be obtained by transmitting the same signals from the respective radio stations and receiving them from each other. . On the other hand, when a third party accesses the access point (AP), since the communication path is different from that of the regular station (STA), the radio wave propagation path characteristics are also different and the same signal cannot be obtained. For this reason, there is no worry about eavesdropping by an eavesdropper or generation of the same key, and it becomes easy to share information on received signal strength between legitimate senders and receivers.

  Next, a basic configuration of an access point (AP) and a station (STA) constituting the mutual authentication system using the wireless LAN will be described.

  <Basic configuration>

  2 and 3 show basic configurations of an access point (AP) and a station (STA). 2 shows an overall functional block diagram of the access point (AP) and the station (STA), and FIG. 3 generates secret keys for the access point (AP) and the station (STA) in FIG. The detailed block diagram of the key generation means 103 for this is shown.

  The access point (AP) and the station (STA) in the present embodiment respectively share a secret key that is common to the transmitting means 101 and the receiving means 102 for transmitting data via the antenna based on the radio wave propagation path characteristics. Each of the key generation means 103 that is generated individually, the encryption means 104 that encrypts the identification information and transmission data with the secret key, the decryption means 105 that decrypts the received identification information and data with the secret key, and authentication of the identification information Authentication means 106 for performing identification information and identification information updating means 107 for updating identification information.

  Among these, the transmission means 101 transmits a measurement signal to the partner station when generating a secret key, and transmits encrypted data to the partner station in normal secret communication. The receiving unit 102 receives the measurement signal transmitted by the transmitting unit 101 when the secret key is generated and has changed due to the radio wave propagation path characteristics, and the other party during normal communication. Receive encrypted data from the station.

  Next, the key generation unit 103 will be specifically described. FIG. 3 shows a functional block diagram for generating a secret key common to the access point (AP) and the station (STA). The access point (AP) and the station (STA) are configured to generate a secret key as a measurement signal generation unit 10, a transmission processing unit 11, a reception processing unit 12, a propagation path characteristic measurement unit 13, and a key generation unit 14. , A key matching confirmation unit 15, a key matching unit 16, and a storage unit 17.

  The measurement signal generator 10 generates a predetermined common measurement signal and transmits it to the partner station via the transmission processor 11 and the antenna. Here, in addition to a special signal such as a pilot signal, a signal used for general communication can be used as the measurement signal.

  The transmission processing unit 11 performs transmission processing such as modulation, frequency conversion, multiple access, and transmission signal amplification. In addition, the reception processing unit 12 performs reception processing of signals transmitted from the counterpart station via the antenna, and performs processing such as reception amplification, multiple access, frequency conversion, and demodulation. These transmission processing unit 11 and reception processing unit 12 are used for generating a secret key, and are also used for general data communication.

  The propagation path characteristic measurement unit 13 checks the propagation path characteristics of the measurement signal transmitted via the measurement signal generation unit 10 and the transmission processing unit 11 of the counterpart station, and outputs them to the key generation unit 14. In general, a signal transmitted from a partner station is delayed in a route on the way, and is received as a signal superimposed with a direct wave or the like. Regarding the measurement of the propagation path characteristics, for example, a method described in Japanese Patent Application Laid-Open No. 2004-187197 (Applicant School Corporation Doshisha) can be used.

  The key generation unit 14 converts the propagation path characteristic so as to be suitable for generation of a secret key, and then digitizes it to generate a secret key represented by bit information.

  The key matching confirmation unit 15 transmits the key confirmation data to the other party via the transmission processing unit 11 and the antenna, or receives the key confirmation data from the other party and confirms the matching of the secret key.

  The key matching unit 16 performs a process of matching the respective secret keys when the key matching checking unit 15 confirms the mismatch.

  The storage unit 17 temporarily stores a secret key whose match has been confirmed by the key match check unit 15 or a secret key that has been matched by the key match unit 16, and stores the information during one communication, for example. Remember. The storage unit 17 stores a preset authentication key by the user.

  On the other hand, in the functional block diagram of the wireless station in FIG. 2, the encryption means 104 encrypts transmission data using the secret key after confirming the coincidence of the secret key. Then, the encrypted information is transmitted to the other party via the transmission processing unit 11 and the antenna.

  Conversely, the decrypting means 105 decrypts the encrypted data received via the reception processing unit 12 using a secret key or an authentication key, and outputs the decrypted data as received data.

  The authentication means 106 decrypts the encrypted identification information received from the partner station with the secret key, and the decrypted partner station identification information matches the partner station identification information stored in its own storage unit 17. Authenticate whether or not to do.

  After mutual authentication is performed, the identification information updating unit 107 updates the old identification information using the secret key in each wireless station, and stores the new identification information in the storage unit. This identification information is updated using a secret key generated immediately before or a secret key newly generated for each authentication.

  Next, the flow of processing when generating a secret key when the access point (AP) and the station (STA) configured as described above perform mutual authentication will be described with reference to FIG.

  <Private key generation process>

  First, when performing secret communication by wireless LAN between each access point (AP) and a station (STA), a common measurement signal is transmitted from the access point (AP) and the station (STA) (step S1). ), The measurement signals changed based on the propagation path characteristics are received (step S2), and the fluctuation of the propagation path characteristics is measured (step S3).

  Then, a secret key is generated based on the measured measurement value of the propagation path characteristic variation (step S4). In step 4, when generating a secret key, sampling, quantization, and encoding are performed, and conversion from analog information to digital information is performed.

  In step S5, it is confirmed whether or not the generated secret key matches between the access point (AP) and the station (STA). As a confirmation method, first, one wireless station (for example, an access point (AP)) generates key confirmation data based on the generated secret key. This data is converted from the secret key by an irreversible operation or a one-way operation, and includes, for example, hashing. When such conversion is used, the risk of decrypting the secret key information is extremely low even if the key confirmation data is wiretapped. On the other hand, in the wireless station (in this case, the station (STA)) that has received the key confirmation data, the secret key generated by the local station is similarly subjected to the same irreversible calculation or one-way calculation. Key confirmation data is generated, and a match between this data and the transmitted key confirmation data is confirmed. If both data do not match, you can see that the secret keys generated by both parties do not match. On the other hand, if they match, there is a very high probability that the secret keys match. And the secret key is stored in the storage unit 17.

  If it is determined in step S5 that the two confirmation data do not match, error correction is performed (step S6). In this error correction, the mismatch of the secret key is regarded as an error, and the mismatch of the key is resolved by application of error correction. Then, encryption / decryption is performed using the secret key thus matched (step S7).

  Next, a method of mutual authentication between the access point (AP) and the station (STA) configured as described above will be described with reference to the flowchart of FIG.

  <Mutual authentication method in the first embodiment>

  First, when mutual authentication is performed between an access point (AP) and a station (STA), a secret key based on the characteristics of the radio wave propagation path between the station (STA) and the access point (AP) is individually generated as described above. And stored in the storage unit 17 (step T1). Then, the access point (AP) encrypts its own identification information with a secret key (step T2), and transmits this encrypted identification information to the station (STA) (step T3).

  Upon receiving this data, the station (STA) decrypts the access point ID stored in its own storage unit 17 with the private key (step T4), and the access point ID stored in its own storage unit 17 and Compare (step T5). If these data match, the authentication result indicating that they match is similarly encrypted with the secret key and transmitted to the access point (AP) (step T6).

  On the other hand, the station (STA) encrypts its identification information (station ID) with a secret key (step T7) and transmits it to the access point (AP) (step T8).

  Upon receiving this data, the access point (AP) decrypts the station ID stored in its own storage unit 17 with the secret key (step T9) and compares it with the received data (step T10). If these data match, the authentication result indicating that they match is encrypted with a secret key and transmitted to the station (STA) (step T11).

  When mutual authentication is performed in this way, transmission data is encrypted and transmitted using a secret key, and data is transmitted and received using the same secret key.

  Thus, according to the first embodiment, since mutual authentication is performed using the secret key based on the radio wave propagation path characteristics between the access point (AP) and the station (STA), the access point ( The secret key changes depending on the location where the AP and the station (STA) are installed, obstacles, human traffic, etc., and the secret key can be updated without providing an authentication server or certificate authority. Thereby, the mutual authentication method can be realized easily and at low cost.

  In FIG. 1, the flow of the first mutual authentication process is described. In the second and subsequent mutual authentications, a new secret key is generated separately and the immediately preceding secret key or a new one is generated. The identification information of the access point and the station is updated using the secret key. Then, the second and subsequent mutual authentications are performed using the updated identification information and the new secret key.

  <Mutual authentication method in the second embodiment>

  Next, the mutual authentication method in the second embodiment will be described with reference to FIG. In the mutual authentication method in the second embodiment, the encrypted identification information is authenticated without being decrypted by the receiving wireless station.

  First, the access point (AP) and the station (STA) each independently generate a secret key based on the characteristics of the radio wave propagation path between the station (STA) and the access point (AP), as in the first embodiment. And stored in the storage unit 17 (step U1). Then, the access point (AP) encrypts its own identification information with a secret key (step U2), and transmits this encrypted identification information to the station (STA) (step U3).

  Upon receiving this data, the station (STA) encrypts the access point ID stored in its own storage unit 17 with the secret key stored in its own storage unit 17 (step U4), and receives the received encryption. It is authenticated whether or not it matches the identification information (step U5). If these pieces of information match, the authentication result indicating that they match is similarly encrypted with the secret key and transmitted to the access point (AP) (step U6).

  On the other hand, the station (STA) encrypts its identification information (station ID) with a secret key (step U7) and transmits it to the access point (AP) (step U8).

  Upon receiving this data, the access point (AP) encrypts the station ID stored in its own storage unit 17 with the secret key also stored in its own storage unit 17 (step U9), and receives the received data. (Step U10). If these data match, the authentication result indicating that they match is encrypted with a secret key and transmitted to the station (STA) (step U11).

  When mutual authentication is performed in this way, transmission data is encrypted and transmitted using a secret key, and data is transmitted and received using the same secret key.

  As described above, even when the second embodiment is used, similarly, the secret key can be updated without providing an authentication server or a certificate authority, and the mutual authentication method is simple and low cost. Can be realized.

  FIG. 5 also illustrates the flow of the first mutual authentication process. In the second and subsequent mutual authentications, a new secret key is generated separately and the immediately preceding secret key or a new one is generated. The identification information of the access point and the station is updated using the secret key. Then, the second and subsequent mutual authentications are performed using the updated identification information and the new secret key.

  <Mutual authentication method in the third embodiment>

  Next, a mutual authentication method according to the third embodiment will be described with reference to FIG. The mutual authentication method in this embodiment is such that identification information encrypted by each wireless station is hashed and transmitted to the counterpart wireless station.

  First, the access point (AP) and the station (STA) each independently generate a secret key based on the characteristics of the radio wave propagation path between the station (STA) and the access point (AP), as in the first embodiment. And stored in the storage unit 17 (step V1). Then, the access point (AP) encrypts its own identification information with a secret key, and hashes the encrypted identification information (step V2) and transmits it to the station (STA) (step V3).

  When this data is received, the station (STA) encrypts the access point ID stored in its own storage unit 17 with a secret key and hashes it (step V4), and compares it with the received data. (Step V5). If these data match, the authentication result indicating that they match is similarly encrypted with the secret key and transmitted to the access point (AP) (step V6).

  On the other hand, the station (STA) encrypts its own identification information (station ID) with a secret key, and hashes the encrypted identification information (step V7) and transmits it to the access point (AP) (step). V8).

  Upon receiving this data, the access point (AP) encrypts the station ID stored in its own storage unit 17 with a secret key, and hashes this (step V9), and compares it with the received data. (Step V10). If these data match, the authentication result indicating that they match is encrypted with a secret key and transmitted to the station (STA) (step V11).

  When mutual authentication is performed in this way, transmission data is encrypted and transmitted using a secret key, and data is transmitted and received using the same secret key.

  As described above, even when the third embodiment is used, similarly, a secret key can be updated without providing an authentication server or a certificate authority, and a mutual authentication method can be realized easily and at low cost. be able to. Moreover, in the third embodiment, since the ID encrypted with the secret key is hashed and transmitted, there is a risk that the ID or secret key may be decrypted even if data is stolen during transmission. Security can be further strengthened. In the third embodiment, as in the second embodiment, the station ID is encrypted and hashed at the access point and transmitted, and the access point ID is also encrypted and hashed at the station and transmitted. It may be.

  FIG. 6 also illustrates the flow of the first mutual authentication process. In the second and subsequent mutual authentications, a new secret key is generated separately and the immediately preceding secret key or a new one is generated. The identification information of the access point and the station is updated using the secret key. Then, the second and subsequent mutual authentications are performed using the updated identification information and the new secret key.

  In addition, this invention is not limited to the said embodiment, It can implement in a various aspect.

  For example, in the above embodiment, the secret key is generated based on the characteristics of the radio wave propagation path between the station (STA) and the access point (AP). However, the access point (AP) and the station (STA) If it is fixed, the private key may not change. In such a case, a device that randomly changes the radio wave propagation path characteristics may be installed in the vicinity of the station (STA) or the access point (AP). As such a device, a radio wave generator for changing radio wave propagation path characteristics is used. If such a device is provided, the radio wave propagation path characteristics can be forcibly changed, so that the secret key can be changed randomly.

  In the above embodiment, a secret key is generated before mutual authentication is performed, and identification information is encrypted and decrypted using the secret key. However, this secret key is generated for each communication. Also good. That is, after transmitting the authentication result from the access point (AP) to the station (STA), a secret key based on the radio wave propagation path characteristics is generated again, and the station (STA) encrypts using the generated secret key. The converted identification information may be transmitted.

  In the above embodiment, when the authentication request is made, the access point (AP) is authenticated by the station (STA) first. On the contrary, the station (STA) by the access point (AP) is first authenticated. ) Authentication may be performed.

  In the above embodiment, when authentication is performed, both the access point (AP) and the station (STA) decrypt (FIG. 1) or encrypt (FIG. 5) to perform authentication. For example, any one of the wireless stations may be authenticated by decrypting, and the other wireless station may be authenticated by encrypting.

The flowchart which shows the mutual authentication method of the access point (AP) and station (STA) in embodiment of this invention Functional block diagram of access point (AP) and station (STA) in the same form The figure which shows the specific structure of the key generation means in the same form Flowchart for generating a secret key in the same form The flowchart which shows the mutual authentication method in 2nd embodiment of this invention. The flowchart which shows the mutual authentication method in 3rd embodiment of this invention. Diagram showing the outline of conventional authentication

Explanation of symbols

Transmission means 101
Receiving means ... 102
Key generation means 103
Encryption means 104
Decoding means 105
Signal generator for measurement ... 10
Transmission processing unit 11
Reception processing unit ... 12
Propagation path characteristic measurement unit 13
Key generator 14
Key agreement confirmation part ... 15
Key matching unit ... 16
Storage unit ... 17
Station ... STA
Access point AP

Claims (9)

In the mutual authentication method of the wireless LAN in the access point and the station storing the identification information of the connection destination and the self,
Individually generating a secret key based on the radio wave propagation path characteristics at the station and the access point, and storing the secret key in the storage unit;
The access point encrypts its own identification information with a secret key, and transmits the encrypted identification information (hereinafter referred to as “encrypted identification information”) to the station;
The station decrypts the received encrypted identification information with the secret key and authenticates whether or not it matches the identification information of the access point stored in its own storage unit, or the received encrypted identification information And authenticating whether or not the identification information of the access point stored in its own storage unit matches the information encrypted with the secret key;
Sending the authentication result to the access point;
A station encrypts its own identification information with the secret key and transmits the encrypted encrypted identification information to the access point;
The access point decrypts the received encrypted identification information with a secret key and authenticates whether it matches the station identification information stored in its own storage unit, or the received encryption identification information, Authenticating whether the station identification information stored in its own storage unit matches the information encrypted with the secret key;
Sending the authentication result to the station;
A mutual authentication method using a wireless LAN, comprising:   The mutual authentication method according to claim 1, wherein the secret key is newly generated for each authentication.   The mutual authentication method according to claim 1, wherein the identification information of the access point and the station is updated using a secret key. In an access point that performs mutual authentication by wireless LAN between a connection destination and a station that stores its identification information,
A storage unit for storing station identification information and self identification information;
Key generation means for independently generating a secret key based on the characteristics of the radio wave propagation path with the station,
Transmitting means for transmitting the encrypted identification information obtained by encrypting the identification information of the self with a secret key to the station;
Receiving means for receiving, from the station, an authentication result as to whether or not it matches the identification information of the access point stored on the station side based on the transmitted encrypted identification information;
Receiving means for receiving encrypted identification information obtained by encrypting identification information of the station with a secret key from the station;
The received encrypted identification information is decrypted with a secret key, and it is authenticated whether or not it matches the station identification information stored in its own storage unit, or the received encrypted identification information and its own storage Authentication means for authenticating whether or not the identification information of the station stored in the unit matches the information encrypted with the secret key;
Transmitting means for transmitting the authentication result to the station;
An access point that performs mutual authentication using a wireless LAN.   The access point according to claim 4, wherein the key generation unit newly generates a secret key for each authentication.   5. The access point according to claim 4, further comprising identification information updating means for updating identification information between the access point and the station using the generated secret key. In a station that performs mutual authentication by wireless LAN between a connection destination and an access point that stores its own identification information,
A storage unit for storing access point identification information and self identification information;
Key generation means for independently generating a secret key based on the characteristics of the radio wave propagation path with the access point,
Receiving means for receiving, from the access point, encrypted identification information obtained by encrypting the identification information of the access point with a secret key;
The received encrypted identification information is decrypted with a secret key, and it is authenticated whether it matches the identification information of the access point stored in its own storage unit, or the received encrypted identification information and its own Authentication means for authenticating whether or not the identification information of the access point stored in the storage unit matches the information encrypted with the secret key;
A transmission means for transmitting the authentication result to the access point;
Transmission means for transmitting encrypted identification information obtained by encrypting the identification information of the self with a secret key to the access point;
Receiving means for receiving, from the access point, an authentication result as to whether or not it matches the station identification information stored on the access point side based on the encrypted identification information;
A station for performing mutual authentication using a wireless LAN.   The station according to claim 7, wherein the key generation unit newly generates a secret key for each authentication. 8. The station according to claim 7, further comprising identification information updating means for updating identification information of an access point and a station using the generated secret key.

Images