JP2008160214A - Communication terminal equipment and communication method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide communication terminal equipment and a communication method for quickly executing data communication to be performed by radio. <P>SOLUTION: This communication method for establishing communication between communication terminal equipment which perform radio communication with each other includes: a step for generating a secret key by each terminal equipment; a step for generating a public key from the secret key by each terminal equipment; a step for exchanging the public key between the terminal equipment; a step for generating and displaying confirmation information by using the public key generated by each terminal equipment and the public key acquired from the other party; a step for generating a common key by using the secret key and the public key acquired from the other party by each terminal equipment; a step for generating an encryption key from a common key by each terminal equipment; a step for encrypting one part of the storage data of one terminal equipment by using the encryption key, and for transmitting the data to the other terminal equipment; a step for permitting the execution of the next step by receiving an instruction input; and a step for encrypting the residual storage data of one terminal equipment by using the encryption key, and for transmitting the data to the other terminal equipment. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a communication terminal device and a communication method, and more particularly to a communication terminal device having a wireless communication function and a communication method for establishing communication between the communication terminal devices.

  In recent years, various communication terminal devices having a wireless communication function for performing wireless data communication have become widespread. When exchanging data by wireless communication between such communication terminal devices or between the communication terminal device and an external device, transmission / reception of encrypted data is performed in order to conceal communication contents. It is common to do so.

  In such wireless data communication, one of conventional wireless communication standards for realizing encrypted communication is a wireless USB (Wiress Universal Sireal Bus; hereinafter abbreviated as WUSB) standard.

  In the WUSB standard, information communicated during wireless data communication between a host device such as a personal computer (hereinafter abbreviated as a PC) and a device device such as an electronic still camera (also referred to as a digital camera). A procedure for preventing leakage of (data) and realizing communication safely is defined.

  That is, in the communication conforming to the WUSB standard, a common key CK (Connection Key) for encryption and decryption of communication data is first exchanged between the host device and the device device, and thereafter, calculation is performed from the CK. Data is encrypted using the derived pair temporary key PTK (Pairwise Temporal Key; also referred to as an encryption key), and encrypted communication is realized by transmitting and receiving the encrypted data.

  In addition, in order to perform encrypted communication based on the WUSB standard, each of the two devices that are to perform data communication is wirelessly combined with each other as a procedure for establishing communication in the flow of the wireless communication procedure. Usually, an authentication operation for determining whether or not data communication can be performed is performed.

  However, since the authentication work performed in the above-described encrypted communication of the WUSB standard includes a confirmation operation procedure by the user, each device is in a standby state until the confirmation operation is performed. It is forced to be.

  That is, in the flow of data communication according to the conventional WUSB standard, the fact that there is a waiting time for the confirmation operation means that the data communication to be performed thereafter is also temporarily in a waiting state. . This has the problem of becoming a factor that hinders the realization of high-speed data communication that has been strongly demanded in recent years.

  Therefore, if devices that have been authenticated once and established wireless communication between a specific host device and a specific device device, authentication information as communication setting information for the wireless communication connection is stored inside each device. It can be considered that the information is stored as registration information in a non-volatile memory or the like provided in the computer. By adopting such a configuration, when performing wireless communication again between the host device and the device device of the same combination, the authentication information is referred to by referring to the registration information in the second and subsequent data communication. The confirmation operation can be omitted. Therefore, according to this, higher-speed data communication can be realized.

  However, in consideration of the application and situation when performing wireless communication, a configuration that always performs processing such as storing data such as authentication information that differs for each communication partner in a nonvolatile memory is not always efficient. it is conceivable that.

  For example, when performing wireless communication between digital cameras and exchanging data of personal image data files and the like that are shot with each digital camera and recorded on a recording medium or the like, wireless communication is performed only once. The possibility of communication is considered high. Even in such a case, if the authentication information is stored every time, the nonvolatile memory is wasted, and in order to secure the storage capacity, the manufacturing cost is affected.

  On the other hand, in the conventional device, when the authentication information confirmation operation is performed, for example, the authentication information is displayed on the display screen of the device, and whether or not the authentication information matches the communication target device. There is a message in which a message or the like for prompting confirmation is displayed with characters or the like. However, the authentication information confirmation screen is not devised, and for example, if only the character display is used, the display becomes incomprehensible to the user or not interesting.

  On the other hand, even if various wireless devices having the wireless communication function as described above are widely spread, other similar wireless devices are operated on a daily basis in the vicinity of a specific wireless device, and are frequently used for authentication. It is thought that this is rare when such communication is performed. Therefore, for example, it is considered that “OK” for always accepting the instruction of the display image is selected and instructed on the authentication confirmation screen when performing wireless communication according to the conventional procedure.

  Furthermore, in some cases, such as the above-described communication situation, that is, wireless communication between cameras, where personal image data files are exchanged, etc., the necessity of concealing the communication content is low, and the security level is high. It is thought that communication that does not require is often performed.

  The present invention has been made in view of the above-described points, and an object of the present invention is to provide a communication terminal device and a communication method capable of performing data communication performed using radio at higher speed. Is.

  In order to achieve the above object, a communication method according to the present invention is a communication method for establishing communication between a first communication terminal apparatus and a second communication terminal apparatus that communicate with each other wirelessly. A secret key generating step for generating a secret key in the communication terminal device; a public key generating step for generating a public key from the secret key in each communication terminal device; the first communication terminal device and the second communication terminal; Confirmation information based on the public key exchange step for exchanging the public key with the device, the public key generated in the public key generation step in each communication terminal device, and the public key acquired in the public key exchange step A common key is generated by the confirmation information display step for generating and displaying the password, and the public key acquired in the public key exchange step and the secret key in each communication terminal device. A common key generation step, an encryption key generation step for generating an encryption key from the common key in each communication terminal device, and a part of data stored in the first communication terminal device is encrypted with the encryption key. A first transmission step for transmitting to the second communication terminal device, a permission step for allowing execution of the next second transmission step in response to an instruction input input by a user, and the first Performing a second transmission step of encrypting the remaining data stored in the communication terminal device with the encryption key and transmitting the encrypted data to the second communication terminal device.

  The communication terminal device according to the present invention is a communication terminal device having a communication function, a communication means for transmitting / receiving data to / from an external device, a storage means for storing information to be transmitted to the external device, A secret key generating means for generating a secret key; a public key generating means for generating a first public key based on the secret key; and transmitting the first public key to the external device via the communication means. And a public key exchanging means for receiving a second public key from the external device via the communication means, and a confirmation information generating means for generating confirmation information from the first public key and the second public key. A confirmation information presenting means for presenting the confirmation information to the user, an operation input means for inputting the user's instruction operation, and a common key generation for generating a common key from the secret key and the second public key hand And an encryption key generating means for generating an encryption key for encrypting data from the common key, and an encryption means for encrypting data with the encryption key, and the encryption means comprises: A part of the data to be transmitted among the data stored in the storage means is encrypted and transmitted through the communication means, and the confirmation information presented to the user by the confirmation information presentation means is approved. When the input is instructed from the operation input means, the remaining data of the data to be transmitted is encrypted using the encryption key and transmitted via the communication means.

  ADVANTAGE OF THE INVENTION According to this invention, the communication terminal device and communication method which can perform the data communication performed using a radio | wireless at higher speed can be provided.

  The present invention will be described below with reference to the illustrated embodiments.

  FIG. 1 is a block configuration diagram showing an internal schematic configuration of a communication terminal device (digital camera) according to an embodiment of the present invention. FIG. 2 is a principal block configuration diagram showing an internal detailed configuration of the key generation unit in the communication terminal apparatus of FIG. FIG. 3 is a flowchart illustrating a communication method according to an embodiment of the present invention. 4 and 5 are diagrams respectively showing examples of display of the authentication information confirmation screen in the communication terminal device of FIG. 1, and FIG. 4 is an authentication information confirmation screen when one image data file is transferred. FIG. 5 is a display example of an authentication information confirmation screen when a plurality of image data files are transferred. FIG. 6 is a flowchart showing a processing sequence for changing the image transfer mode when transferring image data by wireless communication in the communication terminal device of this embodiment. FIG. 7 is a flowchart showing a processing sequence when storing authentication information in the nonvolatile memory in the communication terminal device of the present embodiment.

  The communication terminal device according to the present embodiment receives a subject image formed by an optical lens, for example, and photoelectrically converts the subject image by an image sensor or the like to obtain an electrical image signal, which is recorded as image data. A digital camera having a wireless communication function for performing wireless communication with an external device (for example, a personal computer, an external storage device, or another communication terminal device such as a digital camera). . Note that the digital camera of the present embodiment basically has a wireless communication function compliant with the wireless USB standard (WUSB standard).

  In the present embodiment, the digital camera 1 that is a communication terminal device and the first terminal device is used as a device device, and communication on the other side that performs wireless data communication with the digital camera 1 as the device device. As a host device that is a terminal device and a second terminal device, for example, a personal computer (hereinafter abbreviated as a PC) 2 as shown in FIG. 1 can be exemplified. In addition to the PC 2, the host device that is the wireless communication partner may be another digital camera or an external storage device having a communication function, for example.

  As shown in FIG. 1, a digital camera 1 as a communication terminal device according to the present embodiment includes a CPU 10, a bus controller 20, an imaging unit 11, an image processing unit 12, a temporary memory 13, a display unit 14, Recording medium 15, wired communication unit 16, wireless communication unit 17, encryption / decryption processing unit 18, nonvolatile memory 21, operation input unit 22, RTC (internal clock) 23, and key generation unit 30 Etc. are mainly composed.

  The CPU 10 is a control means for electrically controlling and controlling each circuit in the digital camera 1 and appropriately controlling the entire system of the digital camera 1. The CPU 10 is electrically connected to a non-volatile memory 21, an operation input unit 22, a key generation unit 30, an RTC 13 and the like, and also has an image pickup unit 11, an image processing unit 12, and a temporary memory via a bus controller 20. 13, various circuits such as a display unit 14, a recording medium 15, a wired communication unit 16, a wireless communication unit 17, and an encryption / decryption processing unit 18 are electrically connected.

  The imaging unit 11 is an imaging unit for acquiring a subject image formed by an optical lens or the like as an electrical image signal. The imaging unit 11 includes, for example, an optical lens that forms an optical subject image, an imaging element that receives an optical subject image formed by the optical lens, performs photoelectric conversion processing, and outputs an electrical image signal, An imaging circuit that receives various output signals from the imaging device and performs various analog signal processing, an AD conversion circuit that converts an analog signal output from the imaging circuit into a digital signal, and the like are configured.

  The image processing unit 12 is a circuit that receives a digital image signal output from the imaging unit 11 via the bus controller 20 and performs various digital image signal processing.

  The temporary memory 13 is a storage unit that receives the image signal processed by the image processing unit 12 via the bus controller 20 and temporarily stores the image signal that has been processed and various data related to the image signal. . As the temporary memory 13, for example, a semiconductor memory element such as SDRAM is applied.

  The display unit 14 displays, for example, an image based on an image signal acquired by the imaging unit and subjected to various signal processing in the image processing unit or the like, or displays various information and the like in the digital camera. A device capable of color display is used. The display unit 14 uses a display panel that displays an image signal as an image, a backlight unit that illuminates the display panel from the back side, and an image signal received from the temporary memory 13 via the bus controller 20. In this case, the image signal is converted into an image signal having an optimum form for display, and a drive circuit or the like for controlling the display panel is used.

  The recording medium 15 is a storage means including a nonvolatile memory for recording image data received via the bus controller 20 and other various data, and is a data recording medium. Examples of the recording medium 15 include a configuration in which the recording medium 15 is detachable from a device such as a digital camera, and a configuration in which the recording medium 15 is fixed to an electric circuit inside the device such as a digital camera. There are various forms such as a memory card having a thin plate shape or a card shape, and any form can be applied to the digital camera of the present embodiment.

  The wired communication unit 16 is a connection part (interface) for performing transmission / reception of data and the like between the digital camera 1 and the external device 2 via a connection cable, for example, the USB (Universal Serial Bus) standard, Those conforming to IEEE 1394 are applied.

  The wireless communication unit 17 is a communication unit that transmits and receives image data and the like encrypted by wireless communication between the digital camera 1 and the external device 2. The wireless communication unit 17 receives a wireless signal such as an electromagnetic wave of a predetermined form transmitted from the external device 2 when performing wireless encryption data communication or the like, and also transmits an electromagnetic wave of a predetermined form transmitted from the digital camera 1. For example, a wireless antenna that is an input / output unit for a wireless signal that transmits a wireless signal or the like, or a wireless signal that is input to the wireless antenna is converted into an electrical signal of a predetermined form and output to the CPU 10 or output from the wireless antenna It is mainly configured by a wireless communication connection unit (interface) or the like that converts a wireless signal to be converted into an electric signal of a predetermined form. The wireless communication unit 17 can realize a wireless communication function by being controlled by the CPU 10 via the bus controller 20.

  The encryption / decryption processing unit 18 performs data encryption processing such as image data to be transmitted to the external device 2 through wireless communication, data decryption processing of image data received from the external device 2 through wireless communication, and the like. It is an encryption means and a decryption means. The encryption / decryption processing unit 18 exchanges data with the wireless communication unit 17 via the bus controller 20.

  The non-volatile memory 21 is a processing program (application software) executed by the CPU 10, various data such as communication setting information for communicating with the external device 2, various setting data in the digital camera 1, It is a non-volatile storage medium for storing and holding unique data and the like. For example, a flash ROM is used as the nonvolatile memory 21.

  Of various types of data held in the nonvolatile memory 21, communication setting information for communicating with the external device 2 includes, for example, WUSB authentication information related to communication means and a unique ID for identifying the digital camera 1. There is CDID (Connection Device ID) information, which is a number.

  The digital camera 1 according to the present embodiment can perform wireless communication individually and selectively with respect to a plurality of external devices (host devices). For this purpose, a WUSB authentication information database (hereinafter simply referred to as authentication information data) including a plurality of WUSB authentication information for each external device that is a communication partner is stored and held in a predetermined area of the nonvolatile memory 21.

  The authentication information data registered in the non-volatile memory 21 is information necessary for performing encrypted communication, and is associated with various device-specific information groups, that is, “CC (Connection Context)”. Data such as incidental information is registered in a database format that is grouped for each host device that is a wireless communication partner.

Here, as information included in “CC”,
“CK (Connection Key)”,
“CHID (Connection Host ID)”,
“CDID (Connection Device ID)”
Etc.

  As supplementary information, for example, there are “authentication time information”, “image exchange mode flag information”, and the like. Among these, “authentication date / time information” is information relating to the date / time when authentication with the communication partner device is performed.

  This “authentication date / time information” is new in consideration of the storage capacity of the non-volatile memory 21 when a plurality of authentication information corresponding to each host device is stored (registered) in the non-volatile memory 21. For example, unnecessary information is deleted to secure a storage area. In such a case, the “authentication date / time information” is referred to when determining the priority order when deleting old information.

  The “image exchange mode flag information” is flag information added to the authentication information data when the digital camera 1 operates in an image exchange mode (described later).

  The operation input unit 22 is used as a general term for operation input means including various operation switches and operation buttons provided in the digital camera 1. That is, the operation input unit 22 selects, for example, a four-way selection when performing selection setting on a power button for switching the power state of the digital camera 1 to ON or OFF, a release button for starting a photographing operation, a menu screen, an authentication confirmation screen, and the like Various operation members such as keys (also called cross keys) and OK buttons, switch members that generate corresponding instruction signals and the like in conjunction with these operation members, and electric circuits that transmit instruction signals from the switch members And the like. When each operation member of the operation input unit 22 is appropriately operated by the user, an instruction signal generated accordingly is output to the CPU 10, and the CPU 10 appropriately executes the corresponding control. .

  For example, the RTC 23 is referred to when acquiring the “authentication date / time information” or when the image data file acquired by the photographing operation of the digital camera 1 is recorded on the recording medium 15, the RTC 23 is attached to the recorded image data file. This is an internal clock that is referred to when acquiring “photographing date and time information”.

  The key generation unit 30 is a circuit for generating code information (referred to as a key or a key) for encrypting data to be transmitted when performing encrypted communication or decrypting received encrypted data. . The key generation unit 30 is described as being included in the device-side digital camera 1, but the host side also has a key generation unit having the same configuration.

  This is because the digital camera 1, which is a communication terminal device that can function as a device device that transmits an image data file including image data to another device using wireless encryption communication based on a predetermined communication method, has the same communication method. It can also function as a host device that receives an image data file including image data from another device using wireless encryption communication based on the above.

  Similarly, in the present embodiment, the host PC 2 that functions as a host device also includes the key generation unit 30 having the same configuration, and thus can function as a device as a device.

  As shown in FIG. 2, the key generation unit 30 includes a secret key generation unit 31, a public key generation unit 32, a public key exchange unit 33, a confirmation information generation unit 34, a common key generation unit 35, an encryption key generation unit 36, and the like. It is configured. Various pieces of code information (key) generated by the key generation unit 30 are encrypted regardless of whether the digital camera 1 functions as a device device or a host device. Although it is always used when executing communication, the key generated in each case is slightly different. In the example illustrated in FIG. 2, the digital camera 1 provided with the key generation unit 30 functions as a device device.

  The secret key generation unit 31 is a secret key generation unit that generates a secret key (A, B) composed of random data. Here, the secret key generation unit 31 generates a secret key A when the digital camera 1 is a device device, and generates a secret key B when the digital camera 1 is a host device.

  The public key generation unit 32 is a public key generation unit that generates a public key (PKD, PKH; first public key) using a secret key (A, B). Here, the public key generation unit 32 generates the public key PKD from the secret key A when the digital camera 1 is a device device, and generates the public key PKH from the secret key B when the digital camera 1 is a host device.

  The public key exchange unit 33 passes the public key (PKD, PKH) generated by the public key generation unit 32 to the wireless communication unit 17, and exchanges communication (transmission / reception) with the counterpart device by wireless communication. It is a public key exchange means for performing With this exchange communication, both the device device side and the host device side have both public keys PKD and PKH. The public key acquired by exchange communication in the public key exchange unit 33 is referred to as a second public key.

  The confirmation information generation unit 34 is confirmation information generation means for generating a V value representing an authentication code for connection confirmation from a public key (PKD, PKH). This V value is, for example, a sequence of 2 to 4 digits, and is a number for determining a combination of a host device and a device device.

  The common key generation unit 35 is a common key generation unit that generates a common key CK from the secret key (A, B) and the public key (PKD, PKH).

  The encryption key generation unit 36 is an encryption key generation unit that generates a pair temporary key (also referred to as an encryption key) PTK from the common key CK. The encryption key PTK generated thereby is used to encrypt data or decrypt encrypted data during data encryption and decryption.

  In addition, about the structure of the part which is not related to this invention, it is assumed that it is the structure similar to a normal digital camera normally, The illustration and description are abbreviate | omitted for the detail.

  An operation when performing wireless data communication with the host device using the digital camera 1 configured as described above will be described below.

  The flowchart shown in FIG. 3 shows a communication method according to an embodiment of the present invention. Specifically, the digital camera 1 as a communication terminal device according to the present embodiment and a host device that is an external device other than the above. The flow of processing executed by each device when encrypted data communication is performed with a certain PC 2 (see FIG. 1) is shown.

  First, the power sources of both the digital camera 1 (device side) and the PC 2 (host side) are turned on and are operable in a predetermined operation mode, for example, a wireless data communication mode.

  That is, the PC 2 (hereinafter referred to as the host PC 2), which is the host device, sets a mode (wireless data communication mode) that permits connection of a new device by an operation mode switching operation by the user in step S1A of FIG. Thus, the host PC 2 is in a state of continuously outputting a signal indicating that wireless data communication can be performed in the form of a predetermined electromagnetic wave or the like.

  When the host side is in this state, on the digital camera 1 side which is a device device, first, the wireless data communication mode is set by the operation mode switching operation by the user. Accordingly, the digital camera 1 starts executing a process for searching for a host to which a new device can be connected in step S1B of FIG.

  That is, in step S1B, the digital camera 1 starts searching for a host device that outputs an electromagnetic wave or the like including a signal indicating that wireless data communication can be performed in the vicinity thereof. Here, the digital camera shifts to the mode change process of FIG.

  FIG. 6 is a processing sequence for changing the image transfer mode when transferring image data by wireless communication.

  In the digital camera 1 of the present embodiment, an operation mode when transferring image data by wireless communication, that is, an image transfer mode includes a normal transfer mode compliant with the conventional WUSB standard, an image transfer mode according to the present invention, That is, there are two image transfer modes, that is, a pre-authentication image transfer mode in which a part of the image data file to be transmitted / received is transmitted / received before the authentication of connection confirmation is established.

  The digital camera 1 operates by switching between two image transfer modes according to the situation. The switching operation is realized by the mode change processing sequence shown in FIG.

  That is, when the digital camera 1 starts the host device search process in step S1B described above, the mode change process is executed in the next step S20B. The details of this mode change processing are as shown in FIG.

  In step S21 of FIG. 6, when the digital camera 1 finds a host device that can be connected to a new device around itself, the process proceeds to the next step S22.

  On the other hand, if a host device capable of connecting to a new device cannot be found in the process of step S21 described above, the operation in the communication mode cannot be performed, so the process proceeds to the next step S29. In step S29, the digital camera 1 executes processing for canceling the communication operation. Thereafter, in step S30, the digital camera 1 enters a standby state.

  When the host device is discovered by the digital camera 1 in the above-described step S21 and the process proceeds to the next step S22, the digital camera 1 confirms the presence of another communicable host device in this step S22. I do. This confirmation operation is the same processing as the host device search processing executed in step S1B described above. That is, in this step S22, the digital camera 1 checks whether or not there are a plurality of host devices that can communicate in the vicinity of the digital camera 1.

  In step S23, when the digital camera 1 confirms the presence of another communicable host device, the process proceeds to the next step S25.

  In step S25, the digital camera 1 executes a connection destination host selection process. In this case, the digital camera 1 displays information about a plurality of connectable host devices discovered in the above-described steps S21 and S23 on the display screen of the display unit 14. The user looks at this display screen and performs a selection operation of a host device desired to be connected using a predetermined operation member. Thereafter, the process proceeds to step S26.

  In step S26, the digital camera 1 executes processing for invalidating the operation in the pre-authentication image transfer mode. Thereafter, the process proceeds to step S27.

  In step S <b> 27, the digital camera 1 starts executing an operation process in the normal image transfer mode. Since the subsequent processing is an operation in the conventional normal image transfer mode, description thereof is omitted.

  On the other hand, in the process of step S23 described above, when the digital camera 1 confirms that there is no other communicable host device, the process proceeds to step S24.

  In step S24, the digital camera 1 executes processing for enabling the operation in the pre-authentication image transfer mode, and then returns (returns) to the original processing (processing sequence in FIG. 3) and proceeds to processing in step S2B.

  Returning to FIG. 3, in step S <b> 2 </ b> B, the digital camera 1 performs a process of transmitting a connection request signal to the host device serving as a communication partner whose presence has been confirmed in the process of step S <b> 21 of FIG.

  In response to this, the host side receives a connection request signal from the digital camera 1 in step S2A, and whether or not the digital camera 1 has already been authenticated, that is, is registered in its own nonvolatile memory or the like. The authentication information database is searched, and it is determined whether or not the information included in the connection request signal of the digital camera 1 is already registered. Here, if it is determined that the authentication work has not been completed and the digital camera 1 is a new device device, an authentication request signal is transmitted to the device device (digital camera 1).

  As a result, the digital camera 1 on the device side and the host PC 2 on the host side have identified each other as a communication partner by wireless connection. Subsequently, a process for authenticating each other (Diffie-Hellman key disclosure protocol) is entered.

  That is, in the digital camera 1 on the device side, in response to the authentication request signal from the host PC 2, the secret key generation unit 31 of the key generation unit 30 executes the process of generating the secret key A (secret key generation) in step S3B. Step).

  Subsequently, in step S4B, the public key generation unit 32 executes a process of generating a public key PKD using the secret key A (public key generation step).

  On the other hand, in the host PC 2 on the host side, after transmitting the authentication request signal to the device side, in step S3A, the secret key generation unit (31) of the key generation unit (30) executes a process of generating the secret key B ( Secret key generation step).

  Subsequently, in step S4A, the public key generation unit (32) executes a process of generating a public key PKH using the secret key B (public key generation step).

  Thus, when the public key PKD is generated on the device side and the public key PKH is generated on the host side, both public key exchange units 33 execute this public key exchange process (public key exchange step).

  That is, in steps S5A and S5B, the digital camera 1 and the host PC 2 perform the key exchange process by transmitting and receiving the public keys PKD and PKH, respectively. Thus, both have both public keys PKD and PKH.

  Subsequently, in steps S6A and S6B, the confirmation information generation unit (34) of the digital camera 1 and the host PC 2 executes a process of generating a connection confirmation number V value from the public keys PKD and PKH, respectively. In step S7B, the digital camera 1 displays the V value on the display screen as an authentication confirmation screen. In step S7A, the host PC 2 displays the same V value on the display screen as an authentication confirmation screen (confirmation information display step).

  The V value is a 2- to 4-digit number for determining the combination of the device device and the host device in the currently executing wireless communication connection, and the same value is calculated for the device device and the host device. And displayed.

  In addition, in a device that performs wireless communication compliant with the conventional WUSB standard, at this time, the V value is displayed on the screen of each device, and the displayed V value is checked and approved by the user. An OK button input waiting screen, that is, an authentication confirmation screen is displayed. Each device is configured to execute a communication operation for the first time in response to an input of a “confirmation OK” instruction by the user.

  On the other hand, in the communication terminal device and the communication method according to the present embodiment, at this time, without transmitting the “confirmation OK” instruction, transmission / reception of a part of the image data file to be transmitted / received is executed. The communication operation to start is started.

  Prior to executing the communication operation, first, in step S8A, the host PC 2 executes a process in which the common key generation unit 35 generates a common key CK from the secret key B and the public key PKD (common key generation). Step).

  At the same time, in step S8B, the digital camera 1 executes a process in which the common key generation unit 35 generates the common key CK from the secret key A and the public key PKH (common key generation step).

  Subsequently, both the host PC 2 and the digital camera 1 execute a process in which the encryption key generation unit 36 generates a pair temporary key (encryption key) PTK from the common key CK in steps S9A and S9B (encryption key generation). Step).

  Further, in both the host PC 2 and the digital camera 1, in steps S10A and S10B, the encryption key generation unit (36) generates an authentication code MIC value from the common key CK, and transmits and receives this authentication code MIC value to each other. Perform the replacement process.

  In step S11B, the digital camera 1 starts a thumbnail image transmission loop.

  In step S12B, the encryption / decryption processing unit 18 of the digital camera 1 uses the pair temporary key PTK, the data of the thumbnail image (reduced image) portion and the image information data in the selected image data file to be transmitted. Data encryption processing for encrypting is executed. The encrypted data generated in this way is transmitted to the host device via the wireless communication unit 17 (first transmission step).

  In step S14B, the digital camera 1 displays the transmitted thumbnail image and image information data on the display unit 14 (see FIG. 1) of the digital camera 1 in a predetermined form (index display step). The display form is, for example, a form such as an authentication confirmation screen shown in FIGS. Thereafter, the thumbnail image transmission loop is terminated.

  At the same time, the host PC 2 starts a thumbnail image reception loop in step S11A.

  In step S12A, the host PC 2 receives the encrypted data transmitted from the digital camera 1 by the wireless communication unit 17, and executes a decryption process in which the encryption / decryption processing unit 18 decrypts it using the pair temporary key PTK. To do. The thumbnail image data and the image information data thus decoded are displayed in a predetermined form (index display step) on the display unit 2a (see FIG. 1) of the display device of the host PC 2 in step S13A. The display form is, for example, a form such as an authentication confirmation screen shown in FIGS.

  In step S14A, the host PC 2 ends the thumbnail image reception loop.

  Note that at the time when the thumbnail image transmission loop of the above-described steps S11B to S14B in the digital camera 1 is started, the digital camera 1 has an image desired to be transmitted from among a plurality of image data files recorded on the recording medium 15. It is assumed that a data file (at least one or more) is selected and instructed in advance by a user's selection operation or the like.

  In this case, when there is only one image data file selected and designated in advance by the user, the thumbnail image transmission loop in steps S11B to S14B on the device side and the thumbnail image reception in steps S11A to S14A on the host side are performed. The loop is completed only once, and the authentication confirmation screen on the host side in the process of step S13A has a form as shown in FIG. 4, for example.

  On the other hand, when there are a plurality of image data files selected and designated in advance by the user, the thumbnail image transmission loop in steps S11B to S14B and the thumbnail image reception loop in steps S11A to S14A in the host PC 2 each try to transmit / receive. It wraps around the number of image data files and ends. At this time, the authentication confirmation screen of the host PC 2 in the process of step S13A has a form as shown in FIG. 5, for example.

  Here, the forms of the authentication confirmation screen displayed on the display unit 2a of the host PC 2 in step S13A and the authentication confirmation screen displayed on the display unit 14 of the digital camera 1 in step S13B will be described.

  In this case, the display units 2a and 14 function as confirmation information presenting means for presenting to the user by displaying authentication information (confirmation information) on the display screen.

  When there is one image data file to be transmitted and received, an authentication confirmation screen displayed on the display units 2a and 14 includes an area 41 for displaying an authentication code (V value) and a thumbnail as shown in FIG. An area 42 for displaying an image, an area 43 for displaying image information, an area 44 for displaying an “OK” instruction for confirmation, an area 45 for displaying a “CANCEL” instruction for performing a cancellation operation, and a display screen There are provided an explanatory display area 46 in which the description is expressed in characters, an area 47 for displaying the number of seconds for counting down the effective time of the display, and the like.

  When there are a plurality of image data files to be transmitted and received, the authentication confirmation screen displayed on the display units 2a and 14 includes an area 41 for displaying an authentication code (V value) and a plurality of areas as shown in FIG. Areas 42a, 42b, and 42c for displaying thumbnail images, an area 44 for displaying an “OK” instruction for confirmation, an area 45 for displaying a “CANCEL” instruction for performing a cancel operation, and a description of the display screen as characters And an area 47 for displaying the number of seconds for counting down the effective time of the display.

  In the display example of FIG. 5, a form in which an area for displaying image information is omitted is illustrated, but an area for displaying image information can be further provided by devising a screen layout.

  When the authentication confirmation screen as shown in FIGS. 4 and 5 is displayed, the host PC 2 and the digital camera 1 enter a standby state for an instruction signal from a predetermined operation member (such as an OK button) in steps S15A and S15B. .

  Here, the user confirms the V value and the thumbnail image on the authentication confirmation screen, and then performs an operation of approving or canceling the operation using a predetermined operation member (operation input unit 22). I do. For example, by operating a predetermined operation member (such as the left / right selection key in the four-way selection key), either the “OK” area 44 or the “CANCEL” area 45 is highlighted, and then the predetermined operation member (OK) is displayed. Button, etc.).

  In addition, when the predetermined time elapses without any instruction operation being performed, the authentication confirmation screen automatically disappears after the predetermined time elapses, and the image communication process being executed at that time is canceled. It has become. Therefore, in the area 47, the screen display effective time is displayed. Therefore, the user needs to perform a desired operation within this effective time.

  As described above, when an operation instruction for approval by the user, that is, when an OK button or the like is pressed, the digital camera 1 permits the execution of the processing of the next step S16B (permission step).

  That is, in step S16B, the encryption / decryption processing unit 18 of the digital camera 1 uses the remaining main image data for the original image data file to which the thumbnail image and the image information data were transmitted in the processes of steps S11B to S14B described above. Is encrypted by encryption processing. In response to this, the wireless communication unit 17 transmits the encrypted data to the host PC 2 (second transmission step).

  Thereafter, in step S <b> 18 </ b> B, the digital camera 1 executes a process of storing authentication information data including the common key CK in the nonvolatile memory 21. Then, the digital camera 1 ends a series of operations and shifts to a standby state for an operation instruction.

  On the other hand, in step S16A, the host PC 2 receives the encrypted data transmitted from the digital camera 1 in step S16B in the wireless communication unit (17), and decrypts it in the encryption / decryption processing unit.

  Subsequently, in step S17A, the host PC 2 transmits the thumbnail image and image information data received in step S12A and the main image data received in step S16A from the digital camera 1 in two steps. Each data received separately is merged to generate one image data file. The image data file is recorded on the recording medium (15).

  Thereafter, in step S18A, the host PC 2 performs a process of storing authentication information data, which is connection information including the common key CK, in the nonvolatile memory (21) (connection information storage step). Then, the host PC 2 ends a series of operations and shifts to a standby state for an operation instruction.

  As described above, the host PC 2 and the digital camera 1 store authentication information data, which is connection information including the common key CK, in each nonvolatile memory (21) in steps S18A and 18B in FIG. Processing is executed (connection information storage step). Details of this storage processing will be described below with reference to the flowchart of FIG. In the description of FIG. 7, the flow of the operation of the digital camera 1 is described, but the authentication information is stored in the host PC 2 by the same operation.

  In step S31 shown in FIG. 7, the digital camera 1 executes a process of acquiring information on the current time from the RTC 23 (see FIG. 1). Thereafter, the process proceeds to step S32.

  In step S <b> 32, the digital camera 1 executes processing for acquiring image exchange mode information. Thereafter, the process proceeds to step S33.

  In step S <b> 33, the digital camera 1 executes a search process for searching for an area for storing the authentication information data in the storage area of the nonvolatile memory 21, that is, whether or not there is a vacancy in the authentication information storage table.

  Next, when the digital camera 1 confirms an empty area of the authentication information storage table in the nonvolatile memory 21 in step S34, the process proceeds to step S38.

  In step S <b> 38, the digital camera 1 executes processing for storing authentication information including image exchange mode information in a free area of the nonvolatile memory 21. Then, a series of operation | movement is complete | finished.

  On the other hand, when the digital camera 1 cannot confirm the empty area of the authentication information storage table in the nonvolatile memory 21 in the process of step S34 described above, the process proceeds to the next step S35.

  In step S <b> 35, the digital camera 1 determines whether or not there is a record (information) in which the image exchange mode flag is on (ON) among a plurality of pieces of authentication information recorded in the authentication information storage table in the nonvolatile memory 21. Execute the process to check. Here, when a record (information) whose image exchange mode flag is ON is confirmed, the process proceeds to step S37.

  In step S37, the digital camera 1 deletes the corresponding record, that is, the record (information) whose image exchange mode flag is on (ON), and then deletes the current authentication information, that is, the image exchange mode, in the empty area generated by the deletion. An overwrite storage process for writing the latest authentication information including information is executed. Thereafter, the series of processing is terminated.

  On the other hand, when the record (information) whose image exchange mode flag is ON is not confirmed in the process of step S35 described above, the process proceeds to the next step S36.

  In step S36, the digital camera 1 searches for a record (information) having the oldest authentication date information from among a plurality of authentication information stored in the authentication information storage table of the nonvolatile memory 21, and deletes this record. Overwrite storage processing is executed in which the latest authentication information including the current authentication information, that is, the image exchange mode information, is written in the empty area generated by the deletion. Thereafter, the series of processing is terminated.

  As described above, according to the above-described embodiment, on the device side, while the authentication confirmation screen (FIGS. 4 and 5) is being displayed, the encryption code included in the authentication information data that will be authenticated will be displayed. It is used to encrypt part of the data in the image data file and send the encrypted data to the host side which is the communication destination. Then, upon receiving an approval instruction on the authentication confirmation screen by the user, encryption processing and transmission processing for the remaining main image data are executed. In this case, the partial data of the image data file to be transmitted prior to authentication is thumbnail image or image information data.

  According to such a configuration, while the user is confirming while looking at the authentication confirmation screen, a part of the data of the image data file to be transferred is transferred to the communication partner in advance. While waiting for the authorization instruction while displaying the authentication confirmation screen, the amount of data at the time of data transfer after authentication is smaller than the conventional communication method that stops processing operation and transfers all data for the first time after authentication. Therefore, it is possible to contribute to shortening the transfer time.

  On the side (host device) that receives the image data file, a part of the data is received and displayed in a form included in the authentication confirmation screen before the authentication confirmation by the user. In addition, after the authentication by the user is confirmed, the remaining main image data is received and combined with (merged with) a part of the previously received data (thumbnail image and image information data). A data file is generated and recorded on the recording medium 15.

  By adopting such means, the outline (thumbnail image) of the image data file that will be received by data transfer can be confirmed in advance before the authentication confirmation, so that the user interface that is easy to understand visually Therefore, it is possible to give a good feeling to the user.

  As a condition for transmitting a part of the data of the image data file (thumbnail image etc.) at the stage before the authentication confirmation by the user, when the image exchange mode has a high possibility that the image transfer is limited on the spot. Since it is limited, it can be used as a communication tool that can easily transfer images. Even in this case, in consideration of security, since it is confirmed that there is no device that can communicate with other than the desired communication partner, communication connection other than the desired communication partner is inadvertently made. This can be prevented.

  Authentication information data corresponding to a communication partner that has established a wireless communication connection is stored in a storage area of a nonvolatile memory (21) in each device. In this case, since the image exchange mode flag is included in the authentication information data, it is possible to easily identify whether or not the authentication information data is in the image exchange mode.

  By the way, since the storage capacity of the nonvolatile memory (21) is finite, when there is no free area in the authentication information storage table, which is an area for storing authentication information data in the nonvolatile memory (21). Therefore, an empty area is secured by preferentially deleting the authentication information data in the image exchange mode which is considered to be relatively unimportant. In this case, the authentication information data to be deleted is performed with reference to the image exchange mode flag. Accordingly, the authentication information data for the specific host PC is left, for example, rather than the authentication information data in the image exchange mode that is likely to be limited, so that the finite storage area of the nonvolatile memory (21). Therefore, it is not necessary to unnecessarily increase the capacity of the nonvolatile memory (21), and an increase in manufacturing cost of the device itself can be suppressed.

  It should be noted that the present invention is not limited to the above-described embodiment, and it is needless to say that various modifications and applications can be implemented without departing from the spirit of the invention. Further, the above embodiments include inventions at various stages, and various inventions can be extracted by appropriately combining a plurality of disclosed constituent elements. For example, even if some constituent elements are deleted from all the constituent elements shown in the embodiment, the problem described in the column of the problem to be solved by the invention can be solved, and the effect described in the effect of the invention Can be obtained as an invention.

The block block diagram which shows the internal schematic structure of the communication terminal device of one Embodiment of this invention. The principal part block block diagram which shows the internal detailed structure of the key generation part in the communication terminal device of FIG. The flowchart which shows the communication method of one Embodiment of this invention. The figure which shows the example of a display of the authentication information confirmation screen at the time of transferring one image data file in the communication terminal device of FIG. The figure which shows the example of a display of the authentication information confirmation screen at the time of transferring several image data file in the communication terminal device of FIG. FIG. 3 is a flowchart showing an image transfer mode change processing sequence when image data is transferred by wireless communication in the communication terminal apparatus of FIG. 1. FIG. The flowchart which shows the process sequence at the time of memorize | storing authentication information in a non-volatile memory in the communication terminal device of FIG.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Communication terminal device, digital camera, device apparatus 2 ... External device, PC, host apparatus 2a ... Display unit 10 ... CPU
DESCRIPTION OF SYMBOLS 11 ... Imaging part 14 ... Display part 15 ... Recording medium 17 ... Wireless communication part 18 ... Encryption / decryption processing part 21 ... Non-volatile memory 22 ... Operation input part 30 ... Key generation part 31 ... ... Secret key generation unit 32 ... Public key generation unit 33 ... Public key exchange unit 34 ... Confirmation information generation unit 35 ... Common key generation unit 36 ... Encryption key generation unit

Claims (7)

A communication method for establishing communication between a first communication terminal apparatus and a second communication terminal apparatus that communicate with each other wirelessly,
A secret key generation step of generating a secret key in each communication terminal device;
A public key generation step of generating a public key from the secret key in each communication terminal device;
A public key exchange step for exchanging the public key between the first communication terminal device and the second communication terminal device;
A confirmation information display step for generating and displaying confirmation information based on the public key generated in the public key generation step and the public key acquired in the public key exchange step in each communication terminal device;
A common key generation step of generating a common key from the secret key and the public key acquired in the public key exchange step in each communication terminal device;
An encryption key generation step of generating an encryption key from the common key in each communication terminal device;
A first transmission step of encrypting a part of data stored in the first communication terminal device with the encryption key and transmitting the encrypted data to the second communication terminal device;
A permission step of allowing execution of the next second transmission step in response to an instruction input input by the user;
A second transmission step of encrypting the remaining data stored in the first communication terminal device with the encryption key and transmitting the encrypted data to the second communication terminal device;
The communication method characterized by performing. The first communication terminal device is a first digital camera,
A part of the data transmitted in the first transmission step is reduced image data of the image data transmitted in the second transmission step.
After the processing of the first transmission step,
An index display step of receiving reduced image data transmitted from the first digital camera in the first transmission step and displaying a reduced image based on the reduced image data on a display device of the second communication terminal device; ,
The communication method according to claim 1, further executed.   The communication method according to claim 2, wherein the second communication terminal device is a second digital camera.   The connection information storing step of storing connection information including the encryption key in a non-volatile memory is further executed in at least one of the communication terminal devices after the processing of the permission step. Communication method. A communication terminal device having a communication function,
A communication means for transmitting / receiving data to / from an external device;
Storage means for storing information to be transmitted to the external device;
A secret key generating means for generating a secret key;
Public key generating means for generating a first public key based on the secret key;
Public key exchange means for transmitting the first public key to the external device via the communication means and receiving a second public key from the external device via the communication means;
Confirmation information generating means for generating confirmation information from the first public key and the second public key;
Confirmation information presenting means for presenting the confirmation information to the user;
Operation input means for inputting a user's instruction operation;
A common key generating means for generating a common key from the secret key and the second public key;
Encryption key generation means for generating an encryption key for encrypting data from the common key;
Encryption means for encrypting data with the encryption key;
Comprising
The encryption means encrypts a part of the data to be transmitted among the data stored in the storage means, transmits the encrypted data via the communication means, and is presented to the user by the confirmation information presenting means. When the approval input for the confirmation information is instructed from the operation input means, the remaining data of the data to be transmitted is encrypted using the encryption key and transmitted via the communication means. A communication terminal device. It further has a photographing means for photographing the subject,
The storage means stores image data representing an image photographed by the photographing means,
6. The communication according to claim 5, wherein the encryption unit encrypts the reduced image data based on the image data and the image information data related to the image data, and transmits the encrypted image data via the communication unit. Terminal device.   The communication terminal device according to claim 5, further comprising a nonvolatile memory that stores at least connection information including the common key.

Images