JP2009118231A - Information relay system and communication terminal - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent the unauthorized use of information communication and secure the security of information by dynamically changing an encryption key while reducing a user's effort for the authentication of a communication terminal, with respect to information transmission/reception using a LAN. <P>SOLUTION: An information relay system includes: a collation information notification means which automatically acquires first identification information 3g preliminarily held in the communication terminal and second identification information 3h held so as to be updated through the LAN, and holds first collation information and second collation information and collates the first identification information acquired by a first acquisition means with the first collation information and collates the second identification information with the second collation information, and in the case of coincidence between the first identification information and the first collation information, transmits update information 8h to the communication terminal through the LAN so as to update the second identification information to information coincident with the second collation information; an information control means which allows a relay of information transmission/reception using the communication terminal in the case of coincidence between the second identification information and the second collation information. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an information relay system and a communication terminal, and in particular, in information transmission / reception via a local communication network by a communication terminal, the information relay system that ensures the security of information transmitted and received and enables highly secure information transmission / reception. Etc.

  In recent years, various information can be transmitted and received by a communication terminal connected to a wide area communication network such as the Internet network. If a communication terminal such as a personal computer (hereinafter referred to as a personal computer) is used to connect to a wide area communication network, a user of the communication terminal can communicate with another communication terminal (for example, a server) connected to the wide area communication network. Various information such as information and music information can be transmitted and received.

  Connection to a wide area communication network by a communication terminal can be performed using wireless communication. A communication base station called an access point connected to a wide area communication network and a communication terminal having a wireless communication function (hereinafter referred to as a wireless communication terminal) perform wireless communication, thereby enabling a wide area communication network by the wireless communication terminal to be established. It is possible to transmit and receive information through the network. In addition to the conventional IEEE802.11 series, development of broadband wireless technology such as WiMAX (IEEE802.16E) is also progressing, and it is expected that the convenience will increase further in the future.

  A communication network that has an access point connected to a wide area communication network and enables a wireless communication terminal to connect to the wide area communication network is called a wireless local area communication network (also referred to as a wireless LAN). A large number of wireless local area communication networks are connected to the wide area communication network, and wireless local area communication networks are constructed at various locations.

  If there is a wireless communication terminal in a range where radio waves transmitted from an access point as a communication base station can reach (hereinafter, this range is referred to as a communication area), the wireless communication terminal and the access point must perform wireless communication. Can do. Therefore, even when the wireless communication terminal is carried, information can be transmitted and received in various places without being restricted by the place as long as the carried destination is within the communication area of the access point.

  Voice communication using the wide area communication network is also possible by transmitting and receiving voice information via the wide area communication network. In general, a voice call using a wide area communication network often requires a low charge, is very convenient, and its spread is remarkable.

  Even if the wireless communication terminal is carried around in various places, it is possible to carry out a voice call using the wide area communication network and the wireless local area communication network connected to the wireless communication terminal. A voice call can be easily and easily made via an access point without connecting to a wide area communication network.

  As an example of what enables transmission and reception of information using a wide area communication network by a wireless communication terminal as described above, for example, there are those disclosed in Patent Documents 1 to 3.

JP 2006-222549 A JP 2005-277517 A JP 2004-304824 A

  In order for a wireless communication terminal to transmit and receive information via an access point, the wireless communication terminal must be authenticated for that access point. More specifically, the access point and the wireless communication terminal encrypt information for wireless communication using an encryption key such as a WEP (Wired Equivalent Privacy) key. That is, the access point authenticates the wireless communication terminal using common information (encryption key) used for information encryption (hereinafter referred to as encryption authentication).

  The encryption key is often generated based on information held as unique information on the access point side. The wireless communication terminal generates an encryption key that matches the access point and sends the encryption key to the access point. As a result, authentication of the communication terminal and information transmission / reception are performed.

  Therefore, a different encryption key is generated (that is, different unique information is held). When the wireless communication terminal moves to the access point communication area, the encryption key is set again on the wireless communication terminal side each time. Otherwise, authentication and information transmission / reception cannot be performed, which is very troublesome. Note that the information that is the source of the encryption key between the terminals that communicate in this way is also referred to as PSK (Pre-Shared Key).

  If the effort of authentication is omitted, information transmission / reception is performed between the wireless communication terminal and the access point without being encrypted, and information is easily intercepted by a third party, which is not preferable in terms of security.

  In addition, when an encryption key is illegally obtained by some means, if the encryption key set in the access point is always the same, information can be continuously transmitted and received using the illegally obtained encryption key. There is also the problem of being able to do it.

  Furthermore, even if the information is encrypted with an encryption key and sent and received, if the information is intercepted and decrypted with an illegally obtained encryption key, the contents of the information can be easily seen. The confidentiality of information is also impaired, and information cannot be transmitted and received safely.

  The present invention has been made in view of the above circumstances, and by dynamically changing the encryption key while reducing the time and effort of the user for authentication of the communication terminal in information transmission / reception using the local communication network. Another object is to provide an information relay system and a communication terminal that can prevent unauthorized use of information communication and ensure the safety of information transmitted and received by wireless communication.

  In order to solve the above-described problem, an information relay system as an exemplary aspect of the present invention uses a communication terminal connected to a local communication network, via a local communication network and a wide area communication network connected thereto. An information relay system that relays information transmission / reception to be performed, and can be updated to a communication terminal to be used for information transmission / reception by the communication terminal and first identification information held in advance in the communication terminal for use by the communication terminal Information for collating the first identification information for collating with the first identification information and the second identification information for automatically obtaining the second identification information held in the first identification information via the local area communication network The first holding means for holding the second collation information updated based on the predetermined condition, the collation between the first identification information acquired by the first acquisition means and the first collation information, and the first acquisition To the means When the first identification information and the first verification information match in the verification by the first verification means and the first verification means for verifying the second identification information and the second verification information acquired in the second In order to update the identification information to information that matches the second verification information, verification information notifying means for transmitting the update information to the communication terminal via the local communication network, and the second identification information in the verification by the first verification means And information control means for allowing relaying of information transmission / reception using a communication terminal when the second verification information matches.

  In addition to the case where the first identification information and the first collation information match, when the second identification information and the second collation information coincide, information transmission / reception by the communication terminal is allowed. Information eavesdropping and unauthorized information transmission / reception by an unauthorized third party can be suitably prevented. The second verification information is updated based on a predetermined condition, and the update information is transmitted to the communication terminal when the first identification information matches the first verification information. Can be difficult.

  In addition, the second verification information is updated based on a predetermined condition, and the second identification information is updated so as to match the second verification information, so that the second identification information is obtained illegally. However, it is possible to minimize the chances of unauthorized information transmission / reception using the information. For example, when a business operator who operates this information relay system permits information transmission / reception only to contractors, damage caused by unauthorized information transmission / reception can be minimized.

  The “predetermined condition” for updating the second verification information may be a “predetermined period” such as “1 day” or “January” or “when a predetermined operation is performed” such as “every time information is transmitted / received”. Good.

  Since the acquisition means automatically acquires the first identification information and the second identification information, it is very convenient because the information can be collated, that is, the communication terminal can be authenticated without bothering the user. The automatic acquisition can be performed when the communication terminal is turned on or when the user performs an operation for transmitting and receiving information. If the local area communication network is a wireless local area communication network, automatic acquisition may be performed when a communication terminal enters the communication area. That is, “automatic acquisition of information” in the present application means that the information relay system can acquire information without the user of the communication terminal performing a special operation for transmitting information. For example, acquiring information automatically sent from a communication terminal that has received a request signal issued by an information relay system also corresponds to “automatic acquisition”, and when a user performs a dial operation for a voice call, etc. The acquisition of information automatically transmitted from the communication terminal is also included in the concept of “automatic acquisition”.

  Here, the wide area communication network refers to a relatively large-scale communication network such as the Internet network, for example, and refers to a communication network that enables transmission and reception of information between communication terminals in different buildings and different areas. On the other hand, the local communication network is a communication network having a smaller scale than the wide area communication network. For example, it is possible to transmit and receive information between communication terminals in the same building. If the local communication network is connected to the wide area communication network, the communication terminal connected to the local communication network can pass through the wide area communication network. It is also possible to send and receive information.

  Also, “connected to the local communication network” means that the communication terminal can transmit / receive information to / from a repeater (for example, a router) that relays information between the communication terminal and the wide area communication network. Say something. When the local area communication network is a wireless local area communication network (wireless LAN), it means a state in which the wireless communication terminal is in the communication area of the access point as a communication base station.

  Here, the communication terminal refers to a communication terminal device, and examples thereof include a device having a function of transmitting and receiving information via a wide area communication network, such as a personal computer and a mobile phone terminal. Further, a communication terminal having software (soft phone) for realizing a voice call through a wide area communication network, for example, a mobile phone type soft phone (mobile phone type terminal) is also included in the concept of the communication terminal.

  The first identification information is information held in advance in the communication terminal. For example, it may be held in the memory of the communication terminal before shipment of the communication terminal. The second identification information is information held in the communication terminal in an updatable manner. Similarly to the first identification information, the second identification information may be held in a memory or the like of the communication terminal. The first identification information may be SSID (Service Set Identifier) as static information stored in advance in the communication terminal, PSK, or any of these static information and dynamic parameters such as one-time password and date / time. It is also possible to use the derived dynamic information by inputting into the function.

  Other static information includes ID, password, electronic certificate, and the like. If this static information is leaked for some reason, there is a possibility that the local or wide area network may be used illegally, but information derived using dynamic parameters was used as the first identification information. In this case, even if static information such as PSK is leaked, it is impossible to illegally use the local area communication network / wide area communication network unless the dynamic parameter fluctuation method is leaked, which can increase the security strength. it can.

  Examples of the second identification information include PSK, ID, password, electronic certificate and the like in addition to SSID. These are updated at an arbitrary timing. The second identification information is acquired by the communication terminal via a protected communication path established as a result of normal authentication of the first identification information and the first verification information by the first verification means.

  The first acquisition means acquires the first identification information and the second identification information via the local area communication network. For example, an access point as a communication base station connected to a wide area communication network may have this function.

  The first holding unit holds the first verification information and the second verification information. For example, an access point connected to the wide area network may have a function as the first holding unit.

  The first collation means can collate the first collation information and the first identification information, the second collation information and the second identification information, and determine, for example, whether or not these pieces of information match. For example, an access point connected to a wide area communication network may have this function.

  The collation information notification means transmits the update information to the communication terminal. The update information is information for updating the second identification information to information that matches the second collation information. For example, the update information may be the same information as the second collation information. It may be algorithm information for changing to the same information as the collation information. For example, an access point connected to a wide area communication network may exhibit a function as a collation information notification means, or a server that is connected to an access point via a wide area communication network and manages collation information performs this function. It may be demonstrated.

  The first holding means can hold a plurality of pieces of first collation information, and can exclude one of the plurality of pieces of first collation information from a collation target with the first identification information. May be.

  By excluding specific first verification information from the plurality of first verification information from the verification target, information transmission / reception using the specific first identification information can be restricted. For example, if there is a communication terminal that holds first identification information that matches specific excluded first collation information, the communication terminal is restricted from transmitting and receiving information because the first identification information does not match the first collation information. The

  In order to collate the third identification information, which is given differently for each communication terminal to identify the communication terminal, with the second acquisition means for automatically acquiring the third identification information from the communication terminal via the wide area communication network. The second holding means for holding the plurality of third collation information and the second collation means for collating the acquired third identification information with the third collation information, and the update information by the collation information notification means Transmission is performed when the second identification information and the second verification information match in the verification by the first verification means, and when the third identification information and the third verification information match in the verification by the second verification means. May be used.

  Since the update information is transmitted when the third identification information given differently for each communication terminal matches the third verification information, the first identification information is obtained illegally, Even when the identification information is overlooked, transmission / reception of information can be restricted by the third identification information uniquely given to the communication terminal. Therefore, the safety of information transmission / reception by the communication terminal can be further enhanced.

  Since the second holding means holds the third collation information, the amount of information held by the first holding means can be reduced. Further, if the second holding means is provided in a server or the like that is capable of transmitting / receiving information to / from a plurality of local communication networks via a wide area communication network, the third identification information is provided without providing the second holding means for each local communication network. Can be managed collectively. Therefore, the management cost of the third identification information can be reduced.

  The third identification information may be a MAC address of the communication terminal. The MAC address is unique ID information given to each terminal that can be connected to an information communication network such as a wide area communication network or a private communication network. Therefore, if this MAC address is used as the third identification information, the communication terminal can be identified without newly giving information to the communication terminal.

  As the third identification information, a manufacturing serial number of the communication terminal can be used. This is because the manufacturing serial number is also given as information unique to the communication terminal and can identify the communication terminal.

  The private communication network may be a wireless private communication network, and information transmission / reception may be performed by wireless communication. Since information transmission / reception is performed by wireless communication, wiring for the communication terminal to transmit / receive information becomes unnecessary. Therefore, the communication terminal can be freely carried without being limited to connection wiring to the local communication network.

  Here, the wireless local area communication network enables a communication terminal to transmit / receive information to / from the wide area communication network, and generally, the local area communication network is connected to the wide area communication network. By having an access point as a station and wirelessly communicating between the access point and a communication terminal, information can be transmitted and received. Of course, the communication terminal needs to have a function of performing wireless communication, and a communication terminal having such a function is also referred to as a wireless communication terminal. The range where radio waves emitted from the access point can reach is called “communication area” where wireless communication is possible. In this application, the phrase “wireless local area network” and the phrase “communication area” of the access point are used. Used almost synonymously.

  Here, the wireless communication is not limited to the conventional IEEE802.11 series, but may use WiMAX (IEEE802.16E) or a wireless technology developed in the future, and is limited to a specific wireless system. Is not to be done.

  The information transmission / reception may be audio information transmission / reception. By transmitting and receiving voice information, a voice call can be made through a wide area communication network. If information is transmitted / received via a wireless local area communication network, voice communication via a wide area communication network can be easily performed at various locations. Since the cost of voice calls over a wide area communication network is generally low, it is very convenient for users to use. Further, since there is no troublesome authentication of the communication terminal, it can be easily used like a mobile phone terminal.

  A communication terminal according to another exemplary aspect of the present invention is a communication terminal for transmitting and receiving information via a local communication network and a wide area communication network connected thereto, and first identification information used for information transmission and reception is preliminarily stored. The information relay system includes: a holding unit that holds information that is used for information transmission and reception, and that holds second identification information different from the first identification information in an updatable manner; and the first identification information and the second identification information. Information that updates the transmitting unit that automatically transmits to the mobile station via the local communication network, the acquisition unit that acquires the update information via the local communication network, and the second identification information to information that matches the acquired update information And an update unit.

  Since the first identification information and the second identification information are automatically transmitted toward the information relay system, the communication terminal is automatically authenticated. Therefore, the user of the communication terminal is very convenient because it is automatically authenticated without having to input identification information. The automatic transmission can be performed when the communication terminal is turned on or when a user performs an operation for transmitting and receiving information. If the local area communication network is a wireless local area communication network, automatic transmission may be performed when a communication terminal enters the communication area. In other words, “automatic transmission of information” in the present application means that the communication terminal transmits information without the user of the communication terminal performing a special operation for transmitting information. For example, automatic transmission of information by a communication terminal that has received a request signal issued by an information relay system also corresponds to “automatic transmission”, and communication is performed when a user performs a dial operation for a voice call. The automatic transmission of information from the terminal is also included in the concept of “automatic transmission”.

  In addition, when the transmitted / received information is encrypted and decrypted using the second identification information, even if the second identification information is illegally acquired by a third party, if the second verification information is updated, Since the information cannot be combined with the second identification information obtained illegally, the damage caused by eavesdropping can be minimized. Even if the encryption / decryption key itself dynamically changes depending on the dynamic parameters, the identification information itself does not change dynamically, so if the identification information is obtained illegally, the data is wiretapped. Although the risk of impersonation is small, the risk of impersonation of a specific user is high, and such impersonation can be prevented.

  The holding unit may be provided so as to be detachable from the communication terminal. This is convenient because the communication terminal can be a communication terminal capable of transmitting and receiving information by simply replacing the holding unit with a different communication terminal.

  The holding unit may be a SIM card. This is convenient because the communication terminal can be a communication terminal capable of transmitting and receiving information by simply replacing the SIM card with a different communication terminal. Since the SIM card is small and easy to attach and detach, it can be made more convenient.

  The holding unit may be capable of holding a plurality of first identification information, and the transmission unit may be capable of selectively transmitting the plurality of first identification information.

  Since the holding unit can hold a plurality of first identification information and the transmission unit can selectively transmit the plurality of first identification information, for example, first identification information that differs depending on the type of information to be transmitted and received Can be used. The type of information to be transmitted / received and the transmission time can also be grasped on the relay system side. Different first identification information can be used depending on the type of information such as voice information, character information, and communication terminal position information. Also, the type of information that can be transmitted and received for each communication terminal can be varied. A communication terminal that does not hold identification information used when transmitting / receiving character information cannot transmit / receive character information. Therefore, the type of service provided to the user can be varied depending on the type of first identification information. .

  The private communication network may be a wireless private communication network, and information transmission / reception may be performed by wireless communication. Since information transmission / reception is performed by wireless communication, wiring for the communication terminal to transmit / receive information becomes unnecessary. Therefore, the communication terminal can be freely carried without being limited to connection wiring to the local communication network.

  The information transmission / reception may be transmission / reception of audio information. By transmitting and receiving voice information, a voice call can be made through a wide area communication network. If information is transmitted / received via a wireless local area communication network, voice communication via a wide area communication network can be easily performed at various locations. Since the cost of voice calls over a wide area communication network is generally low, it is very convenient for users to use. Further, since there is no troublesome authentication of the communication terminal, it can be easily used like a mobile phone terminal.

  Further objects and other features of the present invention will become apparent from the preferred embodiments described below with reference to the accompanying drawings.

  According to the present invention, it is possible to authenticate a communication terminal without causing a user of the communication terminal to perform a special operation, and it is possible to easily use information transmission / reception via a wide area communication network. In addition, since a plurality of information is used for authentication of the communication terminal, information transmission / reception with high security can be realized. Furthermore, since the plurality of pieces of information includes information updated based on a predetermined condition, information transmission / reception with higher security can be realized.

[Embodiment 1]
The information relay system S1 according to Embodiment 1 of the present invention will be described below with reference to the drawings. FIG. 1 is a schematic block diagram illustrating an overall configuration of an information transmission / reception system S2 that includes an information relay system S1 and that performs information transmission / reception using a communication terminal.

  The information transmission / reception system has a mobile phone terminal (communication terminal) 2 and an information relay system S1 and is roughly configured.

  The mobile phone type terminal 2 is a communication terminal for transmitting and receiving information by wireless communication via wireless local area communication networks (local area communication networks) 34a and 34b and an internet network (wide area communication network) W, which will be described later. The mobile phone type terminal 2 has a function of making a voice call via the Internet network W. However, in order to make a voice call, “purchase of a call service” described later is required. Hereinafter, the procedure for transmitting and receiving information by the mobile phone type terminal 2 will be described on the assumption that the mobile phone type terminal 2 is in the communication area of the wireless local area communication network 34a.

  FIG. 2 is a diagram showing a schematic configuration of the mobile phone type terminal 2. The mobile phone type terminal 2 has a main body part 3 and an antenna part (radio wave transmission / reception part) 5 and is generally configured. On the surface of the main body 3, an operation button 2e for the user of the display unit 2a and the mobile phone type terminal 2 to perform various operations is arranged. The display unit 2a displays information necessary for the operation of the mobile phone type terminal 2, or when accessing a WEB page held by a server connected to the Internet network W using the mobile phone type terminal 2. WEB page can be displayed. In the first embodiment, the portal site 20 (see also FIG. 8), which is a WEB page, is displayed on the display unit 2a so that an information transmission / reception service by the information relay system S1 can be purchased. .

  Inside the main body 3, a SIM card 3a as a storage device, a memory 3n, and a CPU 3b as an arithmetic processing unit are arranged.

  The SIM card 3a of the mobile phone type terminal 2 has an area that functions as a terminal-side PSK holding unit (holding unit) 3c. As shown in FIGS. 3A and 3B, the terminal-side PSK holding unit 3c includes a terminal-side fixed PSK database 3d and a terminal-side variable PSK database 3e. Note that PSK (Pre-Shared Key) is information held by communication terminals and servers that transmit and receive information. For example, because the server that performs information transmission / reception and the communication terminal hold the same PSK, the information (PSK information) derived from a specific function or variable based on the PSK becomes the same information, and mutual information transmission / reception is possible. It will be. In the first embodiment and the second embodiment, the word of PSK information is used as a word indicating information derived by a specific function or variable based on PSK.

  The terminal side fixed PSK database 3d holds terminal side fixed PSK information (first identification information) 3g. The terminal-side fixed PSK information 3g is information necessary when the mobile phone type terminal 2 accesses the portal site 20. Access to the portal site 20 is achieved when the terminal-side fixed PSK information 3g matches AP-side fixed PSK information (first collation information) 30d (see also FIG. 10) held in access points AP1 and AP2 described later. It becomes possible. The collation procedure between the terminal-side fixed PSK information 3g and the AP-side fixed PSK information 30d will be described in detail later.

  The terminal-side fixed PSK information 3g is information that is held in the terminal-side PSK holding unit 3c so that it cannot be changed. It has come to be. The timing at which the terminal side fixed PSK information 3g is held in the terminal side PSK holding means 3c includes various variations such as when the mobile phone type terminal 2 is sold.

  The terminal side variable PSK database 3e holds terminal side variable PSK information (second identification information) 3h. The terminal-side variable PSK information 3h is information necessary for making a voice call via the Internet network W using the mobile phone type terminal 2. When the terminal-side variable PSK information 3h matches the AP-side variable PSK information (second verification information) 30e (see also FIG. 10) held in the access points AP1 and AP2, a voice call through the Internet network W can be performed. It becomes possible. The collation procedure between the terminal side variable PSK information 3h and the AP side variable PSK information 30e will be described in detail later. The terminal-side variable PSK information 3h is held in the terminal-side PSK holding unit 3c in an updatable manner and is updated by the terminal-side updating unit 3k described later.

  In the SIM card 3a of the mobile phone type terminal 2, an area functioning as terminal side MAC address holding means 3l that holds the MAC address 3m of the mobile phone type terminal 2 is constructed. The MAC address is information unique to each communication terminal allocated so as to be different for each communication terminal, and the communication terminal can be identified by the MAC address. The MAC address is generally composed of a 48-bit code, and the first 24 bits are allocated so as to differ depending on the manufacturer of the communication terminal. Therefore, the manufacturer of the mobile phone type terminal 2 can be specified by the MAC address.

  The memory 3 n of the mobile phone type terminal 2 is a storage device that is provided inside the main body 3 so as to be difficult to attach and detach. The memory 3n stores a terminal program P1. Based on the command of the terminal program P1, the CPU 3b of the mobile phone type terminal 2 exhibits the following various functions.

  The CPU 3b of the mobile phone type terminal 2 has a function as a transmission unit 3i that transmits the terminal-side fixed PSK information 3g and the terminal-side variable PSK information 3h toward the access points AP1 and AP2 of the information relay system S1. The transmission unit 3i automatically transmits the terminal side fixed PSK information 3g and the MAC address 3m to the access point AP1 when the user operates the operation button 2e to try to access the portal site 20. Therefore, the user can transmit the terminal-side fixed PSK information 3g for browsing the portal site 20 without performing the operation of transmitting the terminal-side fixed PSK information 3g.

  When the user operates the operation button 2e and tries to transmit / receive information such as a voice call via the Internet network W (for example, when a dial operation is performed), the transmission unit 3i and the terminal-side variable PSK information 3h and The MAC address 3m is automatically transmitted to the access point AP1. Therefore, the user can transmit the terminal-side variable PSK information 3h for performing a voice call without performing the operation of transmitting the terminal-side variable PSK information 3h.

  The CPU 3b of the mobile phone type terminal 2 has a function as an acquisition unit 3j that acquires purchase amount PSK information (update information) 8h transmitted from the authentication server 4 described later via the wireless local area communication network 34a. Further, the CPU 3b of the mobile phone type terminal 2 updates the terminal-side variable PSK information 3h held by the terminal-side PSK holding means 3c based on the acquired purchase PSK information 8h. It also has a function as That is, the terminal-side PSK holding means 3c holds a plurality of terminal-side variable PSK information 3h for purchase (in the first embodiment, a call service is purchased on a monthly basis, details will be described later). Become. The purchase unit can be set to various units such as a daily unit or a week unit.

  Note that information transmission / reception from the terminal side before collation using the first identification information (terminal-side fixed PSK information) is performed using a common encryption key with the terminal side based on the first identification information (terminal-side fixed PSK information). It has a function of decrypting communication from the point (AP1 etc.) side and encrypting communication to the access point (AP1 etc.).

  When collation of first identification information (terminal-side fixed PSK information), second identification information (terminal-side variable PSK information), and third identification information (terminal identification information) is agreed with an access point (AP1 or the like), A common encryption key based on the second identification information (terminal-side variable PSK information) has a function of decrypting communication from the AP side and encrypting communication to the AP side. This makes it possible to prevent eavesdropping along the way.

  The transmission unit 3i described above sequentially transmits the terminal-side variable PSK information 3h until a voice call is established (that is, until it matches the AP-side variable PSK information 30e).

  The antenna unit 5 of the mobile phone type terminal 2 wirelessly transmits and receives various information such as terminal-side fixed PSK information 3g and terminal-side variable PSK information 3h by wireless communication with access points AP1 and AP2 described later. It is for receiving and transmitting radio waves.

  The information relay system S1 is roughly configured to include an authentication server 4, a portal server 6, an Internet network (wide area communication network) W, and access points AP1 and AP2. The authentication server 4 and the portal are connected to the Internet network W. The server 6 and the access points AP1 and AP2 are connected so that information can be transmitted and received.

  FIG. 4 is a diagram showing a schematic configuration of the authentication server 4. The authentication server 4 is a server for authenticating the mobile phone type terminal 2. Here, “authentication” determines whether or not the mobile phone terminal 2 that has attempted to transmit and receive information via the Internet network W is a communication terminal that should be allowed to relay information transmission and reception by the information relay system S1. That means. The “communication terminal that is allowed to relay information transmission / reception” refers to, for example, a communication terminal sold by an operator that provides an information transmission / reception service by the information relay system S1 or an information transmission / reception service with the operator. This refers to a communication terminal with a contract. In the first embodiment, whether or not the authentication server 4 is a mobile phone type terminal manufactured or sold by a provider (hereinafter referred to as the provider) that provides an information transmission / reception service by the information relay system S1. Is determined using the MAC address 3m. The determination procedure will be described in detail later.

  The authentication server 4 includes a hard disk 8 as a storage device and a CPU 10 as an arithmetic processing unit. The authentication server 4 is connected to the Internet network W so as to be able to transmit and receive information. Information can be transmitted to and received from the access points AP1 and AP2.

  The hard disk 8 of the authentication server 4 functions as an area for storing and holding the MAC address of the mobile phone type terminal 2 as terminal identification information (third identification information) 8c, that is, a server-side MAC address holding means (second holding means) 8a. Has an area.

  As shown in FIG. 5, a MAC address database 8b is constructed in the server-side MAC address holding means 8a. In the MAC address database 8b, a plurality of MAC addresses 3m assigned to communication terminals that should be allowed to relay information transmission / reception by the information relay system S1 are held as terminal identification information 8c. The MAC address database 8b can be updated. In the first embodiment, the MAC address of the mobile phone type terminal 2 is sold before the mobile phone type terminal 2 sold by the operator is shipped from the manufacturing factory. Are added and updated as needed. The timing at which the MAC address is additionally updated includes various variations such as when the mobile phone type terminal 2 is actually sold, and is limited to before the shipment from the factory as in the first embodiment. Is not to be done.

  Note that a service that can be used for each terminal identification information (for example, voice communication or browsing of a WEB page) is stored in the hard disk 8 of the authentication server 4 in association with the mobile phone type at the time of authentication using the MAC address. Different services can be permitted for each terminal 2.

  The hard disk 8 of the authentication server 4 periodically uses the AP-side variable PSK information 30e (second verification information) (see also FIG. 10) held in the access points AP1 and AP2 (in the first embodiment, January). It has an area that functions as update PSK holding means 8d for holding a plurality of update PSK information 8f for updating every time (predetermined conditions). As shown in FIG. 6, an update PSK database 8e is constructed in the update PSK holding means 8d. The update PSK database 8e has update PSK information 8f and update time information 8g, and holds them in association with each other. The update time information 8g is information representing a calendar month. For example, the AP side variable PSK information 30e is updated to the update PSK information 8f “012” corresponding to the update time information 8g “April” in April, and the AP side variable PSK information 30e is updated in May. The update PSK information 8 f “259” corresponding to the information 8 g “May” is updated.

  The hard disk 8 of the authentication server 4 stores a server program P2. Based on the command of the server program P2, the CPU 10 of the authentication server 4 performs the following various functions.

  The CPU 10 of the authentication server 4 has a function as a MAC address acquisition unit (second acquisition unit) 10a that acquires the MAC address 3m via the Internet network W.

  The CPU 10 of the authentication server 4 has a function as the second collating unit 10b that collates the acquired MAC address with the terminal identification information 8c held in the MAC address database 8b. If the acquired MAC address 3m matches the terminal identification information 8c as a result of the verification by the second verification unit 10b, it is determined that the mobile phone type terminal manufactured and sold by the operator and the match signal 11 is the MAC. It is transmitted to the transmission source (transfer source) of address 3m. That is, when the MAC address 3m transmitted from the mobile phone type terminal 2 is directly transmitted from the access point AP1 to the authentication server 4, it is transmitted to the access point AP1 from the portal server 6 to the authentication server 4. If it is received, it is transmitted to the portal server 6. On the other hand, if the acquired MAC address 3m and the terminal identification information 8c do not match, the mismatch signal 12 is transmitted toward the transmission source (portal server 6 or access point AP1).

  When acquiring the purchase information 22 transmitted from the portal server 6, the CPU 10 of the authentication server 4 functions as a PSK information extraction unit 10 c that extracts purchase PSK information corresponding to the purchase information 22 from the update PSK information. Have. Here, the purchase information 22 is transmitted from the portal server 6 when the user makes a contract for information transmission / reception (voice call) service using the information relay system S1 (hereinafter referred to as purchase of the call service). Information. The call service purchase procedure will be described in detail later. The purchase information 22 includes purchase period information (period for receiving a call service). For example, if the current month is April and the purchase period information indicates two months, the update PSK information 8f “012” corresponding to the update time information 8g “April” is selected from the update PSK information 8f. The update PSK information 8f “259” corresponding to the update time information 8g “May” is extracted as purchase PSK information 8h. The CPU 10 of the authentication server 4 has a function as purchase amount PSK transmission means 10 d for transmitting the extracted purchase amount PSK information 8 h to the portal server 6.

  The CPU 10 of the authentication server 4 has a function as server-side update means 10e that updates the AP-side variable PSK information (second collation information) 30e held in the access points AP1 and AP2. For example, when the calendar changes from April to May, the server-side update unit 10e updates the AP-side variable PSK information to the update PSK information 8f “259” corresponding to the update time information 8g “May”. . Specifically, the AP update information 24 is transmitted to the access points AP1 and AP2. In the first embodiment, the update by the update means is performed every month, but the present invention is not limited to this, and it may be updated every day or updated every shorter period. You may comprise.

  FIG. 7 is a diagram showing a schematic configuration of the portal server 6. The portal server 6 includes a hard disk 16 as a storage device and a CPU 18 as an arithmetic processing unit. The portal server 6 is connected to the Internet network W so as to be able to transmit and receive information. Information can be transmitted to and received from the access points AP1 and AP2.

  A portal site 20 is constructed on the hard disk 16 of the portal server 6, and a certain area of the hard disk 16 is allocated to the portal site 20. When the portal site 20 is accessed using the mobile phone type terminal 2, a purchase screen 2b is displayed on the display unit 2a of the mobile phone type terminal 2 as shown in FIG.

  A purchase period selection unit 2c and a transmission button 2d are arranged in the purchase screen 2b. In order to make a voice call with the mobile phone type terminal 2, it is necessary to purchase a call service, but the purchase procedure is performed using the portal site 20. The user operates the operation button 2e of the mobile phone type terminal 2 to display the purchase period desired by the purchase period selection unit 2c. Then, by highlighting the transmission button 2d and operating a decision button (not shown) of the operation button 2e, the call service for the period displayed on the purchase period selection unit 2c can be purchased. It can be done.

  On the portal site 20, in addition to the purchase period, the use area, the use country, the use service (WEB page browsing, e-mail transmission / reception, etc.) may be selected.

  The CPU 18 of the portal server 6 has a function as purchase information transmission means 18a for transmitting purchase information 22 to the authentication server 4 when a call service specifying a purchase period is purchased. The purchase information 22 includes information indicating a purchase period.

  The CPU 18 of the portal server 6 places the MAC address 3m or terminal identification information recorded on the IP packet transmitted from the mobile phone type terminal 2 when the user tries to access the portal site 20 on the IP packet. , Having a function as first MAC address transfer means 18b for transferring to the authentication server 4.

  The CPU 18 of the portal server 6 has a function as portal site display means 18c for displaying the portal site 20 on the mobile phone type terminal 2 when the match information 11 is acquired from the authentication server 4 after transferring the MAC address 3m. On the other hand, when the mismatch signal 12 is acquired from the authentication server 4, it also has a function as a rejection display means 18 d for displaying that the portal site 20 cannot be displayed (not shown) on the mobile phone type terminal 2.

  In the first embodiment, the authentication server 4 and the portal server 6 are configured separately, but may be configured as one server.

  FIG. 9 is a diagram showing a schematic configuration of the access points AP1 and AP2. The access points AP1 and AP2 are roughly configured to include a housing 28, a memory 30, and a CPU 32. The access point is connected to the Internet network W and is arranged in various places. The casing 28 constitutes the outline of the access points AP1 and AP2, and an antenna portion 28a is formed so as to protrude. Wireless communication with the mobile phone type terminal 2 is possible by transmitting and receiving wireless radio waves by the antenna unit 28a. The access points AP1 and AP2 are connected to the Internet network W so that information can be transmitted and received. And in this Embodiment 1, the reach | attainment range of the radio wave transmitted from the antenna part 28a of access point AP1 and AP2 can perform the information transmission / reception via the internet network W using the mobile telephone type | mold terminal 2. FIG. It is defined as a wireless local area communication network (local area communication network) 34a, 34b.

  The memory 30 of the access points AP1 and AP2 is a storage device accommodated in the housing 28. The memory 30 of the access points AP1 and AP2 has a function as AP side PSK information holding means 30a (first holding means) for holding a plurality of PSK information.

  In the AP side PSK information holding means 30a, as shown in FIGS. 10A and 10B, an AP side fixed PSK database 30b and an AP side variable PSK database 30c are constructed. AP side fixed PSK database 30b holds AP side fixed PSK information 30d (first collation information) in an unchangeable manner.

  The AP-side fixed PSK information 30d is information used when the mobile phone terminal 2 accesses the portal site 20 and purchases an information transmission / reception service. A procedure for permitting access to the portal site 2 by the mobile phone terminal 2 using the AP-side fixed PSK information 30d will be described later.

  The AP side variable PSK database 30c holds the AP side variable PSK information 30e in an updatable manner. The AP-side variable PSK information 30e is information used when a voice call is made via the Internet network W using the mobile phone type terminal 2. A procedure for allowing a voice call or the like by the mobile phone type terminal 2 using the AP-side variable PSK information 30e will be described later. In the first embodiment, a voice call is exemplified as information transmission / reception, but other examples include browsing a WEB page and transmission / reception of an e-mail.

  The memory 30 of the access points AP1 and AP2 has an area that functions as temporary holding means 30h that temporarily holds the MAC address 3m transmitted from the mobile phone type terminal 2 that attempts a voice call. In addition, the memory 30 of the access points AP1 and AP2 stores the MAC address of the mobile phone type terminal 2 that is allowed to transmit and receive information such as voice calls via the Internet network W as AP-side MAC address information 30g. It has a function as the address holding means 30f. As shown in FIG. 11, the AP-side MAC address information 30g is held in the AP-side MAC address database 30i constructed in the AP-side MAC address holding unit 30f, and can be written / erased by writing means described later. Yes.

  The AP program P3 is stored in the memory 30 of the access points AP1 and AP2. Based on the command of the AP program P3, the CPUs 32 of the access points AP1 and AP2 perform the following various functions.

  The CPU 32 of the access points AP1 and AP2 functions as an AP side PSK information acquisition unit 32a (first acquisition unit) that acquires the terminal side fixed PSK information 3g and the terminal side variable PSK information 3h transmitted from the mobile phone type terminal 2. Have

  The CPU 32 of the access points AP1 and AP2 compares the acquired terminal-side fixed PSK information 3g with the AP-side fixed PSK information 30d held in the AP-side PSK information holding unit 30a (first holding unit), and acquires the acquired terminal side. It has a function as a first collating unit 32b that collates the variable PSK information 3h and the AP side variable PSK information 30e held in the AP side PSK information holding unit 30a (first holding unit).

  The CPU 32 of the access points AP1 and AP2 acquires purchase PSK information 8h transmitted from the portal server 6 and transfers (transmits) the purchase PSK information 8h to the mobile phone terminal 2 as a purchase PSK information transfer means (verification information notification means) 32c. It has the function of.

  When the CPU 32 of the access points AP1 and AP2 acquires the coincidence signal transmitted from the authentication server 4, the MAC address 3m held in the temporary holding unit 30h is transferred to the AP side MAC address holding unit 30f and AP side MAC address information 30g. As a MAC address writing means 32d. The CPU 32 of the access points AP1 and AP2 has a function as a MAC address deleting unit 32e that deletes the written MAC address when a specific condition is satisfied. In the first embodiment, the passage of 2 hours from the writing of the MAC address is a specific condition. This specific condition can be set in various ways, for example, when a call ends or when a predetermined number of calls have ended.

  Note that information transmission / reception from the terminal side before collation using the first identification information (terminal-side fixed PSK information) is performed using a common encryption key with the terminal side based on the first identification information (terminal-side fixed PSK information). It has a function of decrypting communication from the point (AP1 etc.) side and encrypting communication to the access point (AP1 etc.).

  When collation of first identification information (terminal-side fixed PSK information), second identification information (terminal-side variable PSK information), and third identification information (terminal identification information) is agreed with an access point (AP1 or the like), A common encryption key based on the second identification information (terminal-side variable PSK information) has a function of decrypting communication from the AP side and encrypting communication to the AP side. This makes it possible to prevent eavesdropping along the way.

  The CPUs 32 of the access points AP1 and AP2 have a function as information control means 32f that allows information transmission / reception using the mobile phone type terminal 2 when the information matches in the collation by the first collation means. Specifically, when the terminal-side fixed PSK information 3g transmitted when the mobile phone type terminal 2 tries to access the portal site 20 and the AP-side fixed PSK information 30d match, the portal site 20 is accessed. Access is allowed. In addition, when the mobile phone type terminal 2 attempts a voice call via the Internet network W, the terminal side variable PSK information 3h and the AP side variable PSK information 30e match, and the AP side MAC A voice call is allowed when the address information 30g and the MAC address 3m match. Therefore, in order for the mobile phone type terminal 2 to be allowed to make a voice call, the MAC address 3m of the mobile phone type terminal 2 needs to be held in the AP side MAC address holding means 30f instead of the temporary holding means 30h. is there.

  As described above, the terminal program P1, the server program P2, and the AP program P3 cooperate with each other to exhibit a function as an information relay program.

  The mobile phone type terminal 2 has a function of making a voice call via the Internet network W. However, even if the mobile phone type terminal 2 has a function of making a voice call via the public telephone network, Good. In this case, for example, when the mobile phone is in the wireless communication network, a voice call is made through the Internet network with a relatively low call charge, and when the mobile phone is out of the wireless communication network, the voice is sent through the public telephone network. You can also make a call.

  Next, a procedure for purchasing a call service using the information relay system S1 will be described with reference to the flowchart of FIG.

  When the user attempts to access the portal site 20 by operating the mobile phone type terminal 2 (S.1), the transmitting unit 3i sets the terminal side fixed PSK information 3g and the MAC address 3m toward the access point AP1. Data is encrypted with a common encryption key based on one identification information (terminal-side fixed PSK information) and transmitted, and all subsequent communications are also encrypted / decrypted. (S.2). The terminal-side fixed PSK information 3g and the MAC address 3m are acquired by the AP-side PSK information acquisition unit 32a of the access point AP1, and the terminal-side fixed PSK information 3g and the AP-side fixed PSK information 30d are verified by the first verification unit 32b. (S.3). If the terminal side fixed PSK information 3g and the AP side fixed PSK information 30d do not match as a result of the verification by the first verification unit 32b (S.4), access to the portal site 20 is denied (S.5). . If the terminal side fixed PSK information 3g matches the terminal side fixed PSK information 3g as a result of the verification by the first verification unit 32b (S.4), the MAC address 3m or the terminal identification information is transferred to the portal site. (S.6).

  The MAC address 3m acquired by the MAC address acquisition unit 10a and the terminal identification information 8c are verified by the second verification unit 10b (S.7). If the MAC address 3m and the terminal identification information 108c do not match as a result of the verification by the second verification means 10b (S.8), the mismatch signal 12 is transmitted to the portal server 6 and the mobile phone type terminal 2 Is displayed on the display unit 2a to the effect that access to the portal site 20 is not permitted (S.9). If the MAC address 3m matches the terminal identification information 8c as a result of the verification by the second verification means 10b (S.8), a match signal 11 is transmitted to the portal site, and the portal site by the mobile phone type terminal 2 20 is permitted, and the purchase screen 2b is displayed on the display unit 2a (S.10).

  When the user selects “February” in the purchase period selection unit 2c on the purchase screen 2b, highlights the send button 2d, and operates the enter button (S.11), the purchase information 22 is displayed in the authentication server 4 (S.12). The purchase PSK information 8h is extracted by the PSK information extraction unit 10c, and the purchase PSK information 8h is transmitted to the portal server 6 by the purchase PSK transmission unit 10d (S.13).

  The purchase PSK information transfer unit 32c of the portal server 6 transfers the purchase PSK information 8h toward the mobile phone type terminal 2 (S.14). Then, the terminal-side variable PSK information 3h is updated by the terminal-side update means 3k of the mobile phone type terminal 2, and thereafter all communication is performed using a common encryption key based on the second identification information (terminal-side variable PSK information). It is encrypted / decrypted (S.15).

  Using the updated terminal-side variable PSK information 3h, a voice call using the information relay system S1 can be performed during a period in which the call service is purchased.

  Next, a procedure for performing a voice call through the wireless local area communication network 34a and the Internet network W using the mobile phone type terminal 2 will be described with reference to the flowchart of FIG.

  When the user operates the operation button 2e of the mobile phone type terminal 2 to make a call to the other party to make a voice call (S.16), the terminal side variable PSK information 3h and the MAC address 3m are accessed by the transmission unit 3i. It is transmitted toward the point AP1 (S.17). Then, the MAC address 3m is temporarily stored in the temporary storage unit 30h (S.18), and the first verification unit 32b collates the terminal-side variable PSK information 3h and the AP-side variable PSK information 30e (S.19). If the terminal side variable PSK information 3h and the AP side variable PSK information 30e do not match as a result of the verification by the first verification means (S.20), the voice call is rejected (S.21), and the transmission unit 3i transmits other terminal-side variable PSK information 3h held by the terminal-side PSK holding means (S.17). For example, if the terminal side variable PSK information for April and May is held, and if the present is May, the terminal side variable PSK information “012” for April may be transmitted. The voice call is rejected without matching with the AP-side variable PSK information “259”. In this case, when the transmitting unit transmits the terminal-side variable PSK information “259” for May, both information match and a voice call is established.

  When the terminal side variable PSK information 3h and the AP side variable PSK information 30e match as a result of the collation by the first collating means (S.20), the MAC address 3m is transferred to the authentication server 4 (S .22). The MAC address 3m and the terminal identification information 8c are verified by the second verification unit 10b of the authentication server 4 (S.23). When the MAC address 3m and the terminal identification information 8c do not match (S.24), the mismatch signal 12 is transmitted toward the access point AP1 (S.25). If the MAC address 3m matches the terminal identification information 8c (S.24), the match signal 11 is transmitted to the access point AP1 (S.26), and the temporarily held MAC address 3m is changed to the AP side. It is written in the MAC address holding means 30f (S.27). Then, the AP-side MAC address information matches the MAC address 3m, information transmission / reception is permitted by the information control means 32f (S.28), a call is made to the other communication terminal, and a voice call is established.

  Here, the other party who makes a call from the mobile phone type terminal 2 may be a communication terminal connected to the Internet network W and capable of making a voice call, or a telephone (not shown) connected to a public telephone network (not shown). .).

  In the first embodiment, the terminal side variable PSK information is automatically updated based on the purchased PSK information transmitted from the access point. However, the present invention is not limited to this, and the user carries the terminal side variable PSK information. It may be updated manually by inputting to a telephone type terminal. For example, when a user accesses a portal site with a personal computer and purchases a telephone service, the purchased PSK information may be displayed on the display unit of the personal computer. In this case, if the user manually inputs the purchased PSK information displayed on the display unit of the personal computer to the mobile phone type communication terminal, the user can make a voice call according to the procedure of the flowchart shown in FIG. .

  Further, in the first embodiment, the authentication by the third identification information is configured to be performed after the authentication by the first identification information or the authentication by the second identification information is performed, but is not limited thereto, You may comprise so that the authentication by 1st identification information or the authentication by 2nd identification information may be performed after the authentication by 3rd identification information.

  For example, transmission and authentication of the MAC address 3m as the third identification information is automatically performed when the mobile phone type terminal 2 enters the communication area of the access point AP1, and then the user selects the mobile phone type terminal. The terminal side variable PSK information 3h may be transmitted / authenticated when the information transmission / reception operation is performed. If the access point AP1 broadcasts a signal requesting a MAC address to the communication area, the MAC address can be automatically transmitted when the mobile phone type terminal enters the communication area. .

  In this case, when the mobile phone type terminal enters the communication area, authentication with the MAC address as the third identification information is performed in advance between the access point and the authentication server, and the MAC address is written in the access point holding means. Will be. Therefore, in the authentication by the terminal-side variable PSK information 3h when the user performs the information transmission / reception operation, the information transmission / reception by the access point and the authentication server is not required, so the information transmission / reception by the mobile phone type terminal can be performed more smoothly and in a short time. Is possible.

  In addition, you may comprise so that the update of AP side variable PSK information can be stopped for a fixed period (update invalidation). While updating of the AP-side variable PSK information is invalidated, continuous information transmission / reception is possible without updating the terminal-side variable PSK information.

  It is also possible to select a service that can be used based on the MAC address or terminal identification information. For example, a communication terminal whose MAC address is “A” can only perform voice communication, and a communication terminal whose MAC address is “B” can perform voice communication, e-mail transmission / reception, and Web page browsing. It is also possible to define applications (services) that can be used by linking the control function and the authentication server.

  In addition, specific functions and variables for deriving PSK information (terminal-side fixed PSK information, terminal-side variable PSK information) from PSK may be dynamically changed. A specific function or the like may be updated at a predetermined interval (for example, one minute interval / one hour interval) or periodically (for example, every day at 12:00). Further, when the terminal-side variable PSK information is notified to the mobile phone type communication terminal, a new specific function or the like may be notified together. As the information that is changed (updated) increases, it becomes difficult to illegally obtain the latest PSK information, specific functions, and the like, and information transmission / reception with even higher security becomes possible.

[Embodiment 2]
Hereinafter, the information relay system S3 according to Embodiment 2 of the present invention will be described with reference to the drawings. FIG. 14 is a schematic block diagram illustrating an overall configuration of an information transmission / reception system S4 that includes the information relay system S3 and performs information transmission / reception using a communication terminal.

  The information transmission / reception system S4 has a mobile phone terminal (communication terminal) 102 and an information relay system S3, and is roughly configured.

  The cellular phone terminal 102 has substantially the same function and configuration as that described in the first embodiment, and has a main unit 103 and an antenna unit (radio wave transmitter / receiver) 105 as shown in FIG. Has been. On the surface of the main body 103, a display unit 102a and operation buttons 102e for the user of the mobile phone terminal 102 to perform various operations are arranged.

  Inside the main body 103, a SIM card 103a as a storage device, a memory 103n, and a CPU 103b as an arithmetic processing unit are arranged. The SIM card 103a of the mobile phone type terminal 102 has an area that functions as the terminal-side PSK holding unit 103c. In the terminal-side PSK holding unit 103c, as in the first embodiment, a terminal-side fixed PSK database 103d and a terminal-side variable PSK database 103e are constructed. The terminal-side fixed PSK database 3d holds available service types 103f and terminal-side fixed PSK information (first identification information) 103g as shown in FIG. 16A, and these are associated with each other. The available service type 103f is information indicating a service that can be used by the mobile phone type terminal 102. The mobile phone type terminal 102 according to the second embodiment uses a voice call function using the information relay system S3, a WEB page browsing function, E-mail transmission / reception function can be used. The service that can be used can be set for each mobile phone type terminal 102, and is determined by the type of the available service type 103f held by the mobile phone type terminal 102.

  The terminal-side variable PSK database 103e holds terminal-side variable PSK information (second identification information) 103h so as to be updatable as shown in FIG. The terminal-side fixed PSK information 103g and the terminal-side variable PSK information 103h are information necessary when information is transmitted / received via the Internet network W1 using the mobile phone type terminal 102.

  In the SIM card 103a of the mobile phone type terminal 102, an area that functions as the terminal-side MAC address holding unit 103l that holds the MAC address 103m of the mobile phone type terminal 102 is also constructed.

  The memory 103 n of the mobile phone terminal 102 is a storage device that is provided inside the main body 103 so as to be difficult to attach and detach. The memory 103n stores a terminal program P4. Based on the command of the terminal program P4, the CPU 103b of the mobile phone type terminal 102 exhibits the following various functions.

  The CPU 103b of the mobile phone type terminal 102 serves as a transmission unit 103i that automatically transmits the terminal-side fixed PSK information 103g, the terminal-side variable PSK information 103h, and the MAC address 103m to the access points AP3 and AP4 of the information relay system S3. It has a function.

  For example, when the user attempts to transmit / receive information such as a voice call via the Internet network W with the mobile phone terminal 102 (for example, when a dial operation is performed), the transmission unit 103i firstly sets the terminal-side fixed PSK information 103g. And MAC address 103m are automatically transmitted. Thereafter, after the terminal-side variable PSK information 103h is updated based on update PSK information (update information) 108h transmitted from the authentication server 104 described later, the terminal-side variable PSK information 103h is automatically transmitted. ing.

  Therefore, even if the user does not bother to perform the operation of transmitting the terminal-side fixed PSK information 103g and the terminal-side variable PSK information 3h, the terminal-side fixed PSK information 103g and the terminal-side variable PSK information 103h necessary for performing information transmission / reception. Is sent.

  Further, the transmission unit 103l can selectively transmit a plurality of terminal-side fixed PSK information 103g. In the second embodiment, when the user attempts a voice call, “111” is displayed on the WEB page. “222” is transmitted when browsing is attempted, and “333” is transmitted when attempting to send and receive e-mail. That is, the terminal-side fixed PSK information 103g to be transmitted is selected in accordance with the type of information to be transmitted / received.

  The CPU 103b of the mobile phone type terminal 102 has a function as an acquisition unit 103j that acquires the update PSK information 108h transmitted from the authentication server 104 via the wireless local area communication network 134a. In addition, the CPU 103b of the mobile phone type terminal 102 updates the terminal-side variable PSK information 103h held by the terminal-side PSK holding means 103c, based on the acquired update PSK information 108h, the terminal-side update means (information update unit) 103k. It also has a function as

  The antenna unit 105 of the mobile phone terminal 102 transmits radio waves to and from the access points AP3 and AP4 to transmit and receive various types of information such as terminal side fixed PSK information 103g and terminal side variable PSK information 103h by wireless communication. It is for sending and receiving.

  The information relay system S3 is roughly configured to include an authentication server 104, an Internet network (wide area communication network) W, and access points AP3 and AP4. The authentication server 104 and access points AP3 and AP4 are connected to the Internet network W1. Are connected to send and receive information.

  FIG. 17 is a diagram illustrating a schematic configuration of the authentication server 104. The authentication server 104 is a server for authenticating the mobile phone type terminal 102.

  The authentication server 104 has substantially the same function and configuration as in the first embodiment, and includes a hard disk 108 as a storage device and a CPU 110 as an arithmetic processing device.

  The hard disk 108 of the authentication server 104 functions as an area for storing and holding the MAC address 103m of the mobile phone type terminal 102 as terminal identification information (third identification information) 108c, that is, a server-side MAC address holding means (second holding means) 108a. It has the area to do.

  In the server-side MAC address holding means 108a, a MAC address database 108b is constructed as in the first embodiment (see also FIG. 5). In the MAC address database 108b, a plurality of MAC addresses assigned to communication terminals that should be allowed to relay information transmission / reception by the information relay system S3 are held as terminal identification information 108c.

  The hard disk 108 of the authentication server 104 is held in the access points AP3 and AP4 and updated on the AP side variable PSK information 130e (second time in the second embodiment every 1 hour (predetermined condition)). It has an area that functions as the latest PSK information holding means 108d that holds the latest PSK information 108f that matches (matching information) (see also FIG. 19).

  The hard disk 108 of the authentication server 104 stores a server program P5. Based on the command of the server program P5, the CPU 110 of the authentication server 104 performs the following various functions.

  The CPU 110 of the authentication server 104 has a function as a MAC address acquisition unit (second acquisition unit) 110a that acquires the MAC address 103m via the Internet network W.

  The CPU 110 of the authentication server 4 has a function as second collating means 110b that collates the acquired MAC address 103m with the terminal identification information 108c held in the MAC address database 108b. As a result of the collation by the second collating means 110b, when the acquired MAC address 103m matches the terminal identification information 108c, the latest PSK information 108f is transmitted to the access point AP3 as the update PSK information 108h. On the other hand, in the case of mismatch, a mismatch signal 112 is transmitted toward the access point AP3.

  The CPU 110 of the authentication server 4 has a function as server-side update means 110e that updates the AP-side variable PSK information (second verification information) 130e and the latest PSK information 108f held in the access points AP3 and AP4. In the second embodiment, the AP-side variable PSK information (second collation information) 130e and the latest PSK information 108f are updated at the same time every one hour, and the AP-side variable PSK information (second collation information) 130e and the latest PSK are updated. The information 108f always matches.

  FIG. 18 is a diagram showing a schematic configuration of the access points AP3 and AP4. The access points AP3 and AP4 have substantially the same functions and configurations as those in the first embodiment, and are roughly configured to include a housing 128, a memory 130, and a CPU 132. The casing 128 constitutes the outline of the access points AP3 and AP4, and an antenna portion 128a is formed to protrude. By receiving and transmitting radio waves from the antenna unit 128a, wireless communication with the cellular phone terminal 102 is enabled. The access points AP3 and AP4 are connected to the Internet network W so that information can be transmitted and received. As in the first embodiment, the wireless local area communication network in which the radio wave transmitted from the antenna unit 128a can transmit and receive information via the Internet network W1 using the mobile phone terminal 102 is used. (Local communication network) 134a and 134b.

  The memory 130 of the access points AP3 and AP4 has a function as an AP side PSK information holding unit 130a (first holding unit) that holds a plurality of PSK information.

  The AP side PSK information holding unit 130a includes an AP side fixed PSK database 130b and an AP side variable PSK database 130c. In the AP-side fixed PSK database 130b, as shown in FIG. 19A, a plurality of AP-side fixed PSK information 130d (first collation information) is held unchangeable.

  The AP side variable PSK database 130c holds the AP side variable PSK information 130e in a changeable manner as shown in FIG. The AP-side fixed PSK information 130d and the AP-side variable PSK information 130e are information used when information is transmitted / received via the Internet network W1 using the mobile phone terminal 102.

  AP program P6 is stored in memory 130 of access points AP3 and AP4. Based on the command of the AP program P6, the CPUs 132 of the access points AP3 and AP4 perform the following various functions.

  The CPU 132 of the access points AP3 and AP4 functions as an AP-side PSK information acquisition unit (first acquisition unit) 132a that acquires the terminal-side fixed PSK information 103g and the terminal-side variable PSK information 103h transmitted from the mobile phone type terminal 102. Have

  The CPUs 132 of the access points AP3 and AP4 have a function as AP-side MAC address transfer means 132g that transfers the MAC address 103m transmitted from the mobile phone type terminal 102 toward the authentication server 4.

  The CPUs 132 of the access points AP3 and AP4 collate the acquired terminal-side fixed PSK information 103g with the AP-side fixed PSK information 130d and check the acquired terminal-side variable PSK information 103h with the AP-side variable PSK information 130e. It has a function as the 1st collation means 132b. The first collating unit 132b can exclude any AP-side fixed PSK information 130d from the collation targets among the plurality of AP-side fixed PSK information 130d held by the AP-side PSK information holding unit 130a. For example, in the access point AP2, if the AP side fixed PSK information 130d “333” for email transmission / reception is excluded from the verification target, the email transmission / reception is performed in the wireless local area communication network 134b constructed by the access point AP2. Can not be.

  The CPU 132 of the access points AP3 and AP4 serves as update PSK information transfer means (collation information notification means) 132h for transferring (transmitting) the update PSK information 108h transmitted from the authentication server 4 to the mobile phone terminal 102. It has a function.

  The CPUs 132 of the access points AP3 and AP4 have a function as information control means 132f that allows information transmission / reception using the mobile phone type terminal 2 when each information is matched in the collation by the first collation means 132b.

  Specifically, when the terminal-side fixed PSK information 103g and the AP-side fixed PSK information 130d do not match, the information transmitted / received from the mobile phone terminal 102 to the Internet network W1 is blocked. On the other hand, when the terminal side fixed PSK information 103g matches the AP side fixed PSK information 130d, the MAC address 103m is transferred by the AP side MAC address transfer means 132g.

  When the mismatch signal 112 is transmitted from the authentication server 104, the information from the mobile phone type terminal 102 is blocked. On the other hand, when the update PSK information 108h is transmitted from the authentication server 104, the update PSK information transfer unit 132h transfers the update PSK information 108h. Further, when the terminal side variable PSK information 103h transmitted from the mobile phone type terminal 102 matches the AP side variable PSK information 130e, information transmission / reception by the mobile phone type terminal 2 is permitted by the information control means 132f.

  As described above, the terminal program P4, the server program P5, and the AP program P6 cooperate with each other to exhibit a function as an information relay program.

  Next, a procedure for performing a voice call through the wireless local area communication network 134a and the Internet network W1 using the mobile phone type terminal 102 will be described with reference to the flowchart of FIG.

  When the user operates the operation button 2e of the mobile phone type terminal 102 in the communication area of the wireless local area communication network 134a to make a call to the other party to make a voice call (S.1), the terminal is transmitted by the transmission unit 103i. Side fixed PSK information 103g “111” and MAC address 103m are transmitted to access point AP3 (S.2). The first collating unit 132b collates the terminal side fixed PSK information 103g and the AP side fixed PSK information 130d (S.3). If the terminal-side fixed PSK information 103g and the AP-side fixed PSK information 130d do not match as a result of the verification by the first verification unit (S.4), the information transmitted from the mobile phone type terminal 102 is information controlled. It is blocked by means 132f (S.5).

  If the terminal-side fixed PSK information 103g and the AP-side fixed PSK information 130d match as a result of the verification by the first verification means (S.4), the MAC address 103m is transferred to the authentication server 104 (S. .6). The MAC address 103m and the terminal identification information 108c are verified by the second verification unit 110b of the authentication server 4 (S.7). When the MAC address 103m and the terminal identification information 8c do not match (S.8), the mismatch signal 112 is transmitted to the access point AP3 (S.9) and transmitted from the mobile phone type terminal 102 Information is blocked by the information control means 132f (S.10). When the MAC address 103m matches the terminal identification information 8c (S.8), the update PSK information 108h is transmitted to the access point AP3 (S.11), and is transferred by the update PSK information transfer means 132h. (S.12).

  Based on the update PSK information 108h, the terminal-side update unit 103k updates the terminal-side variable PSK information 103h (S.13), and the updated terminal-side variable PSK information 103h is transmitted to the access point AP3 ( S.14). If the terminal-side variable PSK information 103h and the AP-side variable PSK information 130e match (S.15), information transmission / reception is allowed (S.16), and if they do not match (S.15), the information is blocked. (S.17).

  As mentioned above, although preferable embodiment of this invention was described, this invention is not limited to these, A various deformation | transformation and change are possible within the range of the summary.

It is a schematic block diagram which shows the whole structure of the information transmission / reception system comprised including the information relay system which concerns on Embodiment 1. FIG. It is a figure which shows schematic structure of the mobile telephone type | mold terminal which comprises the information transmission / reception system shown in FIG. FIG. 3A is a diagram illustrating a data configuration of a terminal-side fixed PSK database constructed in a terminal-side PSK holding unit included in the mobile phone type terminal illustrated in FIG. 2, and FIG. 3B is a diagram illustrating a data configuration of a terminal-side variable PSK database. . It is a figure which shows schematic structure of the authentication server which comprises the information transmission / reception system shown in FIG. It is a figure which shows the data structure of the MAC address database constructed | assembled in the server side MAC address holding means which the authentication server shown in FIG. 4 has. FIG. 5 is a diagram showing a data structure of an update PSK database built in an update PSK holding unit included in the authentication server shown in FIG. 4. It is a figure which shows schematic structure of the portal server which comprises the information transmission / reception system shown in FIG. It is a figure which shows the state by which the portal site was displayed on the display part of the mobile telephone type terminal shown in FIG. It is a figure which shows schematic structure of the access point which comprises the information transmission / reception system shown in FIG. FIG. 10A is a diagram illustrating a data configuration of an AP-side fixed PSK database constructed in an AP-side PSK information holding unit included in the access point illustrated in FIG. 9, and FIG. 10A is a diagram illustrating a data configuration of an AP-side variable PSK database. It is a figure which shows the data structure of AP type MAC address database constructed | assembled in the AP side MAC address holding means which the access point shown in FIG. 9 has. It is a flowchart which shows the procedure of the purchase of the telephone service using the information relay system shown in FIG. It is a flowchart which shows the procedure which performs the voice call by a mobile telephone type terminal using the information relay system shown in FIG. It is a schematic block diagram which shows the whole structure of the information transmission / reception system comprised including the information relay system which concerns on Embodiment 2. FIG. It is a figure which shows schematic structure of the mobile telephone type | mold terminal which comprises the information transmission / reception system shown in FIG. FIG. 16A is a diagram illustrating a data configuration of a terminal-side fixed PSK database constructed in a terminal-side PSK holding unit included in the mobile phone type terminal illustrated in FIG. 15; FIG. 16B is a diagram illustrating a data configuration of a terminal-side variable PSK database. . It is a figure which shows schematic structure of the authentication server which comprises the information transmission / reception system shown in FIG. It is a figure which shows schematic structure of the access point which comprises the information transmission / reception system shown in FIG. FIG. 19A is a diagram illustrating a data configuration of an AP-side fixed PSK database constructed in an AP-side PSK information holding unit included in the access point illustrated in FIG. 18, and FIG. 19A is a diagram illustrating a data configuration of an AP-side variable PSK database. It is a flowchart which shows the procedure which performs the voice call by a mobile telephone type terminal using the information relay system shown in FIG.

Explanation of symbols

AP1, AP2, AP3, AP4: Access point P1, P4: Terminal program P2, P5: Server program P3, P6: AP program S1, S3: Information relay system S2, S4: Information transmission / reception system W, W1: Internet Network (wide area communication network)
2: Mobile phone type terminal (communication terminal)
2a: Display unit 2b: Purchase screen 2c: Purchase period selection unit 2d: Send button 2e: Operation button 3: Main unit 3a: SIM card 3b: CPU (arithmetic processing unit)
3c: Terminal-side PSK holding means (holding unit)
3d: Terminal-side fixed PSK database 3e: Terminal-side variable PSK database 3g: Terminal-side fixed PSK information (first identification information)
3h: Terminal-side variable PSK information (second identification information)
3i: Transmission unit 3j: Acquisition unit 3k: Terminal side update means (information update unit)
3l: Terminal-side MAC address holding means 3m: MAC address 3n: Memory 4: Authentication server 5: Antenna unit (radio wave transmission / reception unit)
6: Portal server 8: Hard disk (storage device)
8a: Server-side MAC address holding means (second holding means)
8b: MAC address database 8c: terminal identification information (third identification information)
8d: Update PSK holding means 8e: Update PSK database 8f: Update PSK information 8g: Update time information 8h: Purchased PSK information (update information)
10: CPU (arithmetic processing unit)
10a: MAC address acquisition means (second acquisition means)
10b: Second collating means 10c: PSK information extracting means 10d: Purchased PSK transmitting means 10e: Server side updating means 11: Match signal 12: Mismatch signal 16: Hard disk 18: CPU
18a: Purchase information transmission means 18b: First MAC address transfer means 18c: Portal site display means 18d: Rejection display means 20: Portal site 22: Purchase information 24: AP update information 28: Housing 28a: Antenna unit 30: Memory 30a: AP side PSK information holding means (first holding means)
30b: AP side fixed PSK database 30c: AP side variable PSK database 30d: AP side fixed PSK information (first collation information)
30e: AP variable PSK information (second verification information)
30f: AP side MAC address holding means 30g: AP side MAC address information 30h: Temporary holding means 30i: AP type MAC address database 32: CPU
32a: AP side PSK information acquisition means (first acquisition means)
32b: First verification unit 32c: Purchase PSK information transfer unit (verification information notification unit)
32d: MAC address writing means 32e: MAC address deleting means 32f: information control means 34a, 34b: wireless local area communication network (local area communication network)
102: Mobile phone type terminal (communication terminal)
102a: Display unit 102e: Operation button 103: Main unit 103a: SIM card 103b: CPU
103c: Terminal-side PSK holding means (holding unit)
103d: Terminal-side fixed PSK database 103e: Terminal-side variable PSK database 103f: Available service type 103g: Terminal-side fixed PSK information (first identification information)
103h: Terminal-side variable PSK information (second identification information)
103i: transmission unit 103j: acquisition unit 103k: terminal side update means (information update unit)
103l: Terminal-side MAC address holding means 103m: MAC address 103n: Memory 104: Authentication server 105: Antenna unit (radio wave transmission / reception unit)
108: Hard disk 108a: MAC address holding means on the server side (second holding means)
108b: MAC address database 108c: terminal identification information (third identification information)
108d: Latest PSK information holding means 108f: Latest PSK information 108h: Update PSK information 110: CPU
110a: MAC address acquisition means (second acquisition means)
110b: second collating means 110e: server side updating means 112: mismatch signal 128: casing 128a: antenna unit 130: memory 130a: AP side PSK information holding means (first holding means)
130b: AP side fixed PSK database 130c: AP side variable PSK database 130d: AP side fixed PSK information (first collation information)
130e: AP variable PSK information (second verification information)
132: CPU
132a: AP-side PSK information acquisition means (first acquisition means)
132b: first verification means 132f: information control means 132g: AP side MAC address transfer means 132h: update PSK information transfer means 134a, 134b: wireless local area communication network (local area communication network)

Claims (12)

An information relay system that relays information transmission / reception performed via the local communication network and a wide area communication network connected thereto using a communication terminal connected to the local communication network,
First identification information held in advance in the communication terminal for use in information transmission / reception by the communication terminal, and second identification information held in the communication terminal in an updatable manner for use in information transmission / reception by the communication terminal. First acquisition means for automatically acquiring via the local area communication network;
First holding means for holding first collation information for collating with the first identification information and second collation information which is information for collating with the second identification information and is updated based on a predetermined condition;
First verification is performed to verify the first identification information acquired by the first acquisition means and the first verification information, and to verify the second identification information acquired by the first acquisition means and the second verification information. Matching means;
In the collation by the first collating means, when the first identification information and the first collation information match, the local communication network is updated to update the second identification information to information that coincides with the second collation information. Collation information notification means for transmitting update information to the communication terminal via
An information relay system comprising: an information control unit that permits relaying of the information transmission / reception using the communication terminal when the second identification information and the second verification information match in the verification by the first verification unit .   The first holding means can hold a plurality of the first collation information, and exclude any one of the plurality of first collation information from a collation target with the first identification information. The information relay system according to claim 1, which is possible. Second acquisition means for automatically acquiring, from the communication terminal via the wide-area communication network, third identification information given differently for each communication terminal in order to identify the communication terminal;
Second holding means for holding a plurality of pieces of third verification information for verification with the third identification information;
A second verification means for verifying the acquired third identification information with the third verification information;
The transmission of the update information by the collation information notification means is performed when the second identification information and the second collation information match in the collation by the first collation means, and the third identification in the collation by the second collation means. The information relay system according to claim 1, wherein the information relay system is performed when the information matches the third verification information.   The information relay system according to claim 3, wherein the third identification information is a MAC address of the communication terminal. The local area communication network is a wireless local area communication network;
The information relay system according to any one of claims 1 to 4, wherein the information transmission / reception is performed by wireless communication.   The information relay system according to claim 1, wherein the information transmission / reception is transmission / reception of voice information. A communication terminal for transmitting and receiving information via a local area communication network and a wide area communication network connected thereto,
A holding unit that holds first identification information used for information transmission / reception in advance, and that is used for information transmission / reception, and holds second identification information different from the first identification information in an updatable manner;
A transmitter capable of automatically transmitting the first identification information and the second identification information to the information relay system according to any one of claims 1 to 6 via the local area communication network. ,
An acquisition unit for acquiring the update information via the local area communication network;
An information update unit that updates the update information to information that matches the acquired second collation information.   The communication terminal according to claim 7, wherein the holding unit is detachably attached to the communication terminal.   The communication terminal according to claim 8, wherein the holding unit is a SIM card. The holding unit is capable of holding a plurality of first identification information;
The communication terminal according to any one of claims 7 to 9, wherein the transmission unit can selectively transmit the plurality of first identification information. The local area communication network is a wireless local area communication network;
The communication terminal according to any one of claims 7 to 10, wherein the information transmission / reception is performed by wireless communication.   The communication terminal according to any one of claims 7 to 11, wherein the information transmission / reception is transmission / reception of audio information.

Images