JP2011087249A - Communication device and communication control method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a communication device and a communication control method which perform data communication while maintaining high confidentiality even if a communication data amount is increased. <P>SOLUTION: The communication device 100 performs wireless communication with the other equipment 200 via a first communication channel C1 for performing encrypted communication and a second communication channel C2 different from the first communication channel C1 and has a determination means 42 for determining whether or not it is necessary to modify an encryption key used for the first communication channel C1 based on communication setting information 31D exchanged between equipment via the second communication channel C2 and a control means 43 for controlling the modification of the encryption key used for the first communication channel C1 via the second communication channel C2 based on a result of determination by the determination means 42. While data communication is performed between equipment via the first communication channel C1, the control means 43 continuously modifies the encryption key based on the determination result. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a communication device that communicates with one or a plurality of devices, and more particularly to a technique for performing wireless communication while maintaining high confidentiality.

  In wireless communication represented by wireless LAN (Wireless Local Area Network), main communication is based on information exchanged between devices using a communication path (sub-communication path) different from the communication path (main communication path) for actual data communication. It is known to perform communication settings such as a communication method and an encryption method in a communication path. Examples of the communication setting standard include WPS (Wi-Fi Protected Setup). WPS is a standard for easily executing connection and security settings of wireless LAN compatible devices.

  For example, Cited Document 1 discloses wireless LAN communication using NFC (Near Field Communication) for the purpose of easily setting communication of IEEE (The Institute of Electrical and Electronics Engineers, Inc.) 802.11b. A method for setting a method and an encryption method is disclosed. NFC is one of the standards for short-range wireless communication.

  As described above, conventionally, communication setting of the main communication path using short-range wireless communication as the sub communication path is performed.

  However, with the conventional communication setting as disclosed in Patent Document 1, wireless communication through the main communication path cannot be performed while maintaining high confidentiality.

  For example, in communication settings such as WPS using NFC, a wireless LAN communication method and encryption method are set based on information exchanged between devices using NFC communication, and data communication is performed via the main communication path. Among them, NFC communication ends its own communication after exchanging information necessary for wireless LAN communication setting. Therefore, on the main communication path, data communication is performed using an encryption key generated according to the encryption method set before the start of communication.

  Thus, when data communication is performed using the same encryption key, the possibility that the encryption key can be decrypted increases as the amount of communication data increases.

  In order to perform data communication while maintaining high confidentiality, it is necessary to make it difficult to decrypt the encryption key even if the amount of communication data increases.

  The present invention has been proposed in view of the above-described problems of the prior art, and an object of the present invention is to provide a communication device capable of performing data communication while maintaining high confidentiality even when the amount of communication data increases. And providing a communication control method.

  In order to achieve the above object, a communication apparatus according to the present invention wirelessly communicates with other devices via a first communication path that performs encrypted communication and a second communication path that is different from the first communication path. Whether or not the encryption key used in the first communication path needs to be changed based on communication setting information related to the first communication path exchanged between devices via the second communication path. And a control means for controlling a change of an encryption key used in the first communication path via the second communication path based on a determination result by the determination means. The means continues to change the encryption key based on the determination result while performing data communication between devices via the first communication path.

  In order to achieve the above object, the communication device according to the present invention continues to determine whether the encryption key needs to be changed while the determination unit performs data communication between devices via the first communication path. Do.

  With such a configuration, the communication device according to the present invention enables the encryption key used in the main communication path (first communication path) based on information exchanged between devices via the sub communication path (second communication path). Threshold value (upper limit value of communication data amount) for determining whether or not to change is calculated. The communication device compares the calculated threshold value with the accumulated value of the communication data amount in the main communication path, and determines whether or not the encryption key used in the main communication path needs to be changed based on the comparison result. When it is determined that the encryption key needs to be changed by determining whether or not the change is necessary, the communication device changes the encryption key used in the main communication path via the sub communication path, and calculates the accumulated value of the communication data amount. Reset. The communication device continuously performs the communication control processing including the encryption key change necessity determination and the encryption key change while performing data communication on the main communication path.

  Accordingly, the communication device according to the present invention continues to update the encryption key used in the main communication path via the sub communication path while performing data communication in the main communication path. As a result, it is possible to make it difficult to decrypt the encryption key even if the amount of communication data increases, and data communication can be performed while maintaining high confidentiality.

  In order to achieve the above object, a communication control method according to the present invention wirelessly communicates with another device via a first communication path for performing encrypted communication and a second communication path different from the first communication path. A communication control method in a communication apparatus for performing communication, wherein encryption is used in the first communication path based on communication setting information related to the first communication path exchanged between devices via the second communication path. A determination procedure for determining whether or not to change the key, and a control procedure for controlling the change of the encryption key used in the first communication path via the second communication path based on the determination result of the determination procedure. And the control procedure is continuously performed while data communication is performed between devices via the first communication path.

  By such a procedure, the communication control method according to the present invention realizes an operation of continuously updating the encryption key used in the main communication path via the sub communication path while performing data communication in the main communication path.

  As a result, the communication control method according to the present invention makes it difficult to decipher the encryption key even if the amount of communication data increases, and provides an environment in which data communication is possible while maintaining high confidentiality. it can.

  According to the present invention, while performing data communication in the main communication path, high confidentiality is maintained even if the amount of communication data increases by continuously updating the encryption key used in the main communication path via the sub communication path. It is possible to provide a communication device and a communication control method capable of performing data communication in the state where the communication is performed.

It is a figure which shows the structural example of the communication system which concerns on the 1st Embodiment of this invention. It is a figure which shows the hardware structural example of the information processing apparatus which concerns on the 1st Embodiment of this invention. It is a figure which shows the hardware structural example of the image processing apparatus which concerns on the 1st Embodiment of this invention. It is a figure which shows the structural example of the communication control function which concerns on the 1st Embodiment of this invention. It is a sequence diagram which shows the process sequence example (the 1) concerning the communication between apparatuses which concerns on the 1st Embodiment of this invention. It is a flowchart which shows the process sequence example (the 1) which concerns on the communication control which concerns on the 1st Embodiment of this invention. It is a flowchart which shows the process sequence example (the 2) which concerns on the communication control which concerns on the 1st Embodiment of this invention. It is a figure which shows the operation example of the communication restriction | limiting which concerns on the 1st Embodiment of this invention. It is a sequence diagram which shows the process sequence example (the 2) which concerns on the communication between apparatuses which concern on the modification of this invention. It is a figure which shows the structural example of the communication control function which concerns on the 2nd Embodiment of this invention. It is a sequence diagram which shows the example of a process sequence which concerns on the communication between apparatuses which concern on the 2nd Embodiment of this invention. It is a flowchart which shows the process sequence example which concerns on the communication control which concerns on the 2nd Embodiment of this invention.

  DESCRIPTION OF EMBODIMENTS Hereinafter, preferred embodiments of the present invention (hereinafter referred to as “embodiments”) will be described in detail with reference to the drawings.

[First Embodiment]
<System configuration>
A communication system according to the present embodiment will be described.

FIG. 1 is a diagram illustrating a configuration example of a communication system 1 according to the present embodiment.
In FIG. 1, an information processing apparatus 100 such as a PC (Personal Computer) that is a user terminal and an image processing apparatus 200 such as an MFP (Multifunction Peripheral) that performs predetermined image processing in accordance with a request from the user perform data communication. A configuration example is shown.

  In the communication system 1 shown in FIG. 1, a wireless LAN that can perform encrypted communication is a main communication path C1 (encrypted communication path that actually performs data communication), and data communication between devices is realized. In the communication system 1, NFC is used as a sub communication path C2 (communication path different from the main communication path), information is exchanged between devices, and various communication settings in the main communication path C1 such as a communication method and an encryption method are performed. Is called. Therefore, each of the devices 100 and 200 includes, as first wireless communication means, devices 10w and 20w that perform data communication by wireless LAN (hereinafter referred to as “W-LAN devices 10w and 20w”) and second wireless communication means. Are equipped with devices 10n and 20n (hereinafter referred to as "NFC devices 10n and 20n") that perform near field communication by NFC. In addition, about the said wireless LAN, communication systems, such as IEEE802.11a / b / g / n, shall not be ask | required.

  FIG. 1A shows a configuration example in which the information processing apparatus 100 includes a W-LAN apparatus 10w and an NFC apparatus 10n, and the image processing apparatus 200 includes a W-LAN apparatus 20w and an NFC apparatus 20n. It is shown. On the other hand, FIG. 1B shows a configuration example in which the image processing device 200 does not include the NFC device 20n and is connected as an external device via a predetermined data transmission path. As described above, the W-LAN devices 10w and 20w and the NFC devices 10n and 20n have either a built-in configuration of each device 100 or 200 or a configuration that can be expanded by being connected as an external device. Good.

  In the communication system 1, the information processing apparatus 100 and the image processing apparatus 200 are examples of devices that perform data communication. Configurations of devices that perform data communication include, for example, information processing devices, image processing devices, information processing device 100 and a portable information terminal (not shown) such as a mobile phone or a PDA (Personal Digital Assistant), and an image processing device. Various configurations such as 200 and a portable information terminal are conceivable.

  In the communication system 1, the example in which communication is performed using the wireless LAN for the main communication path C1 and NFC for the sub-communication path C2 has been described. The main communication channel C1 includes, for example, Bluetooth (trademark or registered trademark: hereinafter abbreviated), wireless USB (Certified Wireless USB), and the like. The sub-communication path C2 includes evanescent communication, TransferJet (trademark or registered trademark: hereinafter abbreviated), infrared communication, etc., if it is difficult to intercept at a short distance.

<Hardware configuration>
Next, the hardware configuration of the information processing apparatus 100 and the image processing apparatus 200 will be described.

《Information processing device》
FIG. 2 is a diagram illustrating a hardware configuration example of the information processing apparatus 100 according to the present embodiment.
As shown in FIG. 2, the information processing apparatus 100 includes an input device 101, a display device 102, a drive device 103, a RAM (Random Access Memory) 104, a ROM (Read Only Memory) 105, a CPU (Central Processing Unit) 106, a communication. A control device 107, an HDD (Hard Disk Drive) 108, an external I / F device 109, and the like are provided and are connected to each other via a bus B.

  The input device 101 includes a keyboard and a mouse, and is used to input each operation signal to the information processing device 100. The display device 102 includes a display or the like, and displays a processing result by the information processing device 100 (for example, “operation status” or “result information” of the image processing for which a processing request is made).

  The communication control apparatus 107 is an interface that connects the information processing apparatus 100 to another device via a predetermined communication path. The communication control apparatus 107 controls data communication between the information processing apparatus 100 and other devices. As a result, the information processing apparatus 100 can perform data communication with the image processing apparatus 200 via the communication control apparatus 107. Note that the communication controlled by the communication control device 107 may be wired or wireless. However, in the present embodiment, as described above in the communication system 1, wireless data communication is taken as an example.

  The HDD 108 is a non-volatile storage device that stores various programs and data. The stored programs and data include, for example, an OS (Operating System) that is basic software such as an information processing system (for example, “Windows (registered trademark)” or “UNIX (registered trademark)) that controls the entire information processing apparatus 100. ), And an application that provides various functions (for example, “communication control function”) on the information processing system. The HDD 108 manages the stored program and data by a predetermined file system and / or DB (Data Base).

  The external I / F device 109 is an interface that connects the information processing device 100 to the external device 109a via a predetermined data transmission path. The external I / F device 109 controls data communication between the information processing device 100 and the external device 109a. The external device 109a mentioned here includes the W-LAN device 10w and the NFC device 10n as described above in the communication system 1.

  The drive device 103 is an interface with a removable recording medium 103a. As a result, the information processing apparatus 100 can read and / or write the recording medium 103 a via the drive apparatus 103.

  The ROM 105 is a nonvolatile semiconductor memory (storage device) that can retain internal data even when the power is turned off. The ROM 105 stores data such as a basic input / output system (BIOS) that is executed when the information processing apparatus 100 is activated, and system settings and network-related settings of the information processing apparatus 100.

  The RAM 104 is a volatile semiconductor memory (storage device) that temporarily stores programs and data read from the various storage devices. The CPU 106 implements the overall control of the information processing apparatus 100 and the operation of various functions by executing the program read out on the RAM 104.

  With such a hardware configuration, for example, the information processing apparatus 100 can execute a program (software component that realizes a mounting function) read from the HDD 108 onto the RAM 104 by the CPU 106 to realize the mounting function.

<Image processing device>
FIG. 3 is a diagram illustrating a hardware configuration example of the image processing apparatus 200 according to the present embodiment.
As shown in FIG. 3, the image processing apparatus 200 includes a controller 210, an operation panel 220, a plotter 230, a scanner 240, and the like, which are connected to each other via a bus B.

  The operation panel 220 includes an input unit such as a touch panel in addition to the display unit, and provides various information such as device information to the user and accepts various user operations such as operation settings and operation instructions.

  The plotter 230 includes an image forming unit and forms an output image on a sheet. Examples of a method for forming an output image include an electrophotographic method and an inkjet method. The scanner 240 optically reads a document and generates a read image.

  The controller 210 includes a CPU 211, a storage device 212, a communication control device 213, an external storage I / F device 214, an external I / F device 215, and the like, which are connected to each other via a bus B.

  The CPU 211 executes various programs and controls various functions and the entire apparatus. The storage device 212 stores and holds the program and various data (for example, “image data”). Examples of the storage device 212 include a RAM that is a volatile memory, a ROM that is a nonvolatile memory, and an HDD having a large-capacity storage area. The RAM functions as a work area for the CPU 211 (a storage area from which programs and data are temporarily read). ROM and HDD are used as storage locations for programs and various data. As a result, in the image processing apparatus 200, the CPU 211 reads the program stored in the ROM onto the RAM and executes the program.

  The communication control device 213 is an interface that connects the image processing device 200 to another device via a predetermined communication path. The communication control device 213 controls data communication between the image processing device 200 and other devices. As a result, the image processing apparatus 200 can perform data communication with the information processing apparatus 100 via the communication control apparatus 213. Note that the communication controlled by the communication control device 213 may be wired or wireless. However, in the present embodiment, as described above in the communication system 1, wireless data communication is taken as an example.

  The external storage I / F device 214 is an interface with a recording medium 214a corresponding to a removable external storage. As a result, the image processing apparatus 200 can read and / or write to the recording medium 214 a via the external storage I / F device 214.

  The external I / F device 215 is an interface that connects the image processing device 200 to the external device 215a via a predetermined data transmission path. The external I / F device 215 controls data communication between the image processing device 200 and the external device 215a. The external device 215a referred to here includes the W-LAN device 20w and the NFC device 20n as described in the communication system 1.

  With such a hardware configuration, the image processing apparatus 200, for example, in the controller 210, the CPU 211 executes a program (software component that implements a mounted function) read from the ROM to the RAM, and is connected to the bus B. By controlling a device (for example, “plotter” or “scanner”), a mounting function can be realized.

  In the present embodiment, the case where the image processing apparatus 200 is an MFP has been described as an example. For example, when the image processing apparatus 200 is an LP (Laser Printer), the scanner 240 is not provided.

  Further, as can be seen from the above hardware configuration, the image processing apparatus 200 has a controller 210 substantially the same configuration as the information processing apparatus 100 such as a PC.

  As described above, the information processing apparatus 100 and the image processing apparatus 200 include the communication control apparatuses 107 and 213, and are referred to as “communication apparatuses” from the viewpoint of performing wireless data communication between the apparatuses. Can be generic. Therefore, in the following description, the information processing apparatus 100 is referred to as a “first communication apparatus 100”, and the image processing apparatus 200 is referred to as a “second communication apparatus 200”.

<Communication control function>
A communication control function according to the present embodiment will be described.

  In the first communication device 100 according to the present embodiment, a threshold (communication data) for determining whether or not to change the encryption key used in the main communication channel C1 is based on information exchanged between devices via the sub communication channel C2. The upper limit of the amount is calculated. The first communication device 100 compares the calculated threshold value with the accumulated value of the communication data amount in the main communication path C1, and determines whether or not the encryption key used in the main communication path C1 needs to be changed based on the comparison result. The first communication device 100 changes the encryption key used in the main communication channel C1 and resets the accumulated value of the communication data amount when it is determined that the encryption key needs to be changed by determining whether or not the change is necessary. To do. The first communication device 100 continuously performs the communication control process including the encryption key change necessity determination and the encryption key change while performing data communication on the main communication path C1. The first communication device 100 has such a communication control function.

  Conventionally, various communication settings such as a communication method and an encryption method of the main communication channel C1 are performed using the short-range wireless communication for the sub communication channel C2. However, in the conventional method, the data communication is performed using the same encryption key generated according to the encryption method set before the communication is started until the data communication is completed on the main communication channel C1, so that the amount of communication data increases. Then, there is a high possibility that the encryption key is decrypted. Therefore, in the conventional method, when the amount of communication data increases, data communication via the main communication path C1 cannot be performed while maintaining high confidentiality.

  Therefore, in the first communication device 100 according to the present embodiment, while performing data communication in the main communication path C1, the encryption key used in the main communication path C1 is continuously updated via the sub communication path C2.

  Thereby, the communication apparatus 100 according to the present embodiment can perform data communication in a state where high confidentiality is maintained even if the communication data amount increases.

The configuration and operation of the communication control function will be described below.
FIG. 4 is a diagram illustrating a configuration example of a communication control function according to the present embodiment.
As shown in FIG. 4, in the communication system 1 according to the present embodiment, the first communication device 100 includes an NFC communication control unit 11n, a W-LAN communication control unit 11w, a threshold value calculation unit 41, and a change necessity determination unit 42. And the encryption key change control unit 43, etc., and the second communication device 200 has an NFC communication control unit 21n, a W-LAN communication control unit 21w, and the like.

  The first communication device 100 and the second communication device 200 have functional units that control the NFC devices 10n and 20n and the W-LAN devices 10w and 20w included in the devices 100 and 200, respectively. These functional units correspond to the NFC communication control units 11n and 21n and the W-LAN communication control units 11w and 21w.

  The NFC communication control units 11n and 21n control near field communication (sub communication path C2) using NFC performed between devices.

  Between the NFC communication control units 11n and 21n, communication control such as start / end of short-range wireless communication is performed, and a sub-communication path C2 between devices is established.

  Further, when the sub-communication channel C2 is established between the NFC communication control units 11n and 21n, various information (hereinafter referred to as “communication setting information 31D”) for communication settings such as a communication method and an encryption method in the main communication channel C1. ") Is exchanged. For example, when the NFC communication control unit 11n makes an information acquisition request via the sub communication path C2, a response result (request information) is transmitted from the NFC communication control unit 21n. The communication setting information 31D acquired in this way is stored, for example, in a predetermined storage area of a storage device included in the first communication device 100 (information acquisition request source) and held as data.

  Further, between the NFC communication control units 11n and 21n, an encryption key used in the main communication path C1 generated according to the encryption method included in the communication setting information 31D is exchanged. For example, when the NFC communication control unit 11n makes an encryption key change request via the sub communication channel C2, the NFC communication control unit 21n changes the setting of the encryption key used in the main communication channel C1 in response to the request.

  The W-LAN communication control units 11w and 21w control data communication (main communication path C1) using a wireless LAN performed between devices.

  Communication control such as start / end of data communication is performed between the W-LAN communication control units 11w and 21w, and the main communication path C1 between the devices is established.

  In addition, when the main communication path C1 is established between the W-LAN communication control units 11w and 21w, the setting and setting are performed via the sub communication path C2 based on the settings related to the communication method included in the communication setting information 31D. Actual data communication (encrypted communication) using the updated encryption key is performed.

Next, each functional unit included in the first communication device 100 will be described.
The threshold value calculation unit 41 is a functional unit that calculates a threshold value (upper limit value of communication data amount) when determining whether or not to change the encryption key used in the main communication channel C1. The threshold value calculation unit 41 calculates the threshold value based on the setting relating to the encryption method included in the communication setting information 31D (information exchanged between devices using the sub communication channel C2).

  The change necessity determination unit 42 is a functional unit that determines whether it is necessary to change the encryption key used in the main communication channel C1. The change necessity determination unit 42 compares the threshold value calculated by the threshold value calculation unit 41 with the accumulated value of the communication data amount using the same encryption key in the main communication channel C1, and changes the encryption key based on the comparison result. Determine whether it is necessary. The change necessity determination unit 42 determines that it is necessary to change the encryption key when the accumulated value of the communication data amount exceeds the threshold value (accumulated value of communication data> threshold value).

  The encryption key change control unit 43 is a functional unit that controls the change of the encryption key used in the main communication channel C1. The encryption key change control unit 43 requests the NFC communication control unit 11n to change the encryption key when the change necessity determination unit 42 determines that the encryption key needs to be changed. As a result, the setting of the encryption key used in the main communication path C1 is changed between the devices via the sub communication path C2. In addition, when the encryption key change control unit 43 makes an encryption key change request, the encryption key change control unit 43 resets the accumulated value of the communication data amount.

  The communication control process including the encryption key change necessity determination by the change necessity determination unit 42 and the encryption key change by the encryption key change control unit 43 is performed during data communication between the W-LAN communication control units 11w and 21w. (While performing data communication through the main communication path C1), it is continuously performed. Therefore, the encryption key change control unit 43 returns the result of changing the encryption key (change result response from the NFC communication control unit 21n) to the change necessity determination unit 42. As a result, the change necessity determination unit 42 continues the encryption key change necessity determination process based on the change result of the encryption key and the data communication state in the main communication path C1 from the W-LAN communication control unit 11w. .

  As described above, the communication control function according to the present embodiment is realized by the above-described functional units linking to each other. In the functional configuration described above, the configuration in which the information processing device (first communication device) 100 has the communication control function has been described. For example, the image processing apparatus (second communication apparatus) 200 may have a configuration having the communication control function (the functional configuration shown in FIG. 4 is reversed). Hereinafter, for the sake of convenience (for the sake of unified description), the information processing apparatus (first communication apparatus) 100 will be described based on the configuration having the communication control function.

  Next, a detailed operation of the communication control function (operation of function unit group) will be described with reference to a sequence diagram and a flowchart showing a processing procedure.

  As for the communication control function, a program (software component that realizes the communication control function) installed (installed) in the first communication device 100 and the second communication device 200 is stored by the CPUs 106 and 211 (in the storage device). This is realized by reading out from a predetermined storage area) onto the memory and executing the following processing.

  In the following description, an overall process related to data communication performed between the first communication apparatus 100 and the second communication apparatus 200 and a communication control process performed in the first communication apparatus 100 will be described in this order.

<Overall processing>
FIG. 5 is a sequence diagram illustrating a processing procedure example (part 1) related to the inter-device communication according to the present embodiment. FIG. 5 shows an example of a processing procedure when the second communication device 200 requests the first communication device 100 having the communication control function to establish the main communication channel C1 and the sub communication channel C2. ing.

  As shown in FIG. 5, first, the second communication device 200 transmits NFC communication (nearly) to the first communication device 100 via the NFC device 20n included in the device (by the NFC communication control unit 21n). The start of distance wireless communication is requested (step S11). Thereby, the first communication device 100 receives the start request via the NFC device 10n included in the device (by the NFC communication control unit 11n). As a result, a sub-communication path C2 based on short-range wireless communication is established between the first communication device 100 and the second communication device 200.

  The first communication device 100 transmits the start request source first communication device 100 from the NFC device 10n via the sub communication channel C2 via the main communication channel C1 such as a wireless LAN communication method or an encryption method. It requests acquisition of various information (communication setting information 31D) necessary for communication (step S12). As a result, the second communication device 200 responds to the first communication device 100, which is the information acquisition request source, from the NFC device 20n via the sub communication path C2. As a result, in the first communication device 100, the information received by the NFC device 10n is stored as communication setting information 31D in a storage device included in the device.

  Subsequently, the second communication device 200 starts wireless LAN communication with the first communication device 100 via the W-LAN device 20w included in the device (by the W-LAN communication control unit 21w) ( (Start of data communication through the main communication path C1) is requested (step S21). Thereby, the first communication device 100 receives the start request via the W-LAN device 10w included in the device (by the W-LAN communication control unit 11w). As a result, the main communication path C1 is established between the first communication device 100 and the second communication device 200.

  In response, wireless LAN communication using an encryption key generated according to the encryption method based on the communication method included in the communication setting information 31D is performed between the devices (step S31). That is, actual data communication (encrypted communication) by the main communication unit C1 is started between the devices.

  Meanwhile, the first communication device 100 calculates a threshold value based on the setting related to the encryption method included in the communication setting information 31D, and performs encryption key change necessity determination processing on the main communication channel C1. Details of this process will be described later in the communication control process.

  If it is determined by the above-described encryption key change necessity determination process that the encryption key needs to be changed, the first communication device 100 transmits the second communication device 200 from the NFC device 10n via the sub communication path C2. Is requested to change the encryption key (step S13). Thereby, the second communication device 200 changes the setting of the encryption key in the W-LAN device 20w in response to the change request, and the result (change result) is transmitted from the NFC device 20n via the sub communication path C2. Then, it responds to the requesting first communication device 100 (encryption key change process).

  In response, wireless LAN communication is continued between devices using an encryption key (changed encryption key) different from the data communication processing in step S31 (step S32).

  Again, the first communication device 100 performs the encryption key change necessity determination process in the main communication channel C1, and if it is determined that the encryption key needs to be changed, the first communication device 100 transmits the encryption to the second communication device 200. A key change is requested (step S14). Thereby, the second communication device 200 changes the setting of the encryption key in the W-LAN device 20w in response to the change request, and sends the result (change result) to the first communication device 100 that is the request source. Respond (encryption key change processing).

  In response, the wireless LAN communication is continued between the devices using an encryption key (changed encryption key) different from the data communication processing in step S32 (step S33).

  As described above, between the devices, the W-LAN device 20w included in the second communication device 200 ends the wireless LAN communication from the W-LAN device 10w included in the first communication device 100 (by the main communication path C1). The encryption key change necessity determination process and the encryption key change process (steps S13 and S14) are repeatedly performed until notification of completion of data communication (step S22 is executed). The first communication device 100 receives an end notification via the W-LAN device 10w. As a result, the main communication path C1 established between the first communication device 100 and the second communication device 200 is disconnected.

  Finally, when the second communication apparatus 100 notifies the end of the wireless LAN communication, the NFC apparatus 20n sends the end of the NFC communication (sub communication path) to the first communication apparatus 100 via the sub communication path C2. The end of short-range wireless communication by C2 is notified (step S15). The first communication device 100 receives an end notification via the NFC device 10n. As a result, the sub communication path C <b> 2 by the short-range wireless communication established between the first communication device 100 and the second communication device 200 is disconnected.

<< Communication control processing: Part 1 >>
FIG. 6 is a flowchart illustrating a processing procedure example (part 1) related to communication control according to the present embodiment. FIG. 6A shows an example of a processing procedure related to communication control performed by the first communication apparatus 100 including the above-described encryption change necessity determination and encryption key change.

  As shown in FIG. 6A, the first communication device 100 uses the NFC communication control unit 11n to obtain various information (for example, “communication method” and the like acquired from the second communication device 200 via the sub communication path C2. "Encryption method") is stored as communication setting information 31D, and settings necessary for wireless LAN communication (data communication through the main communication path C1) between devices are performed on the W-LAN communication control unit 21w. This is performed (step S101).

  Subsequently, when the first communication apparatus 100 determines whether or not the encryption key used in the main communication path C1 needs to be changed based on the setting relating to the encryption method included in the communication setting information 31D by the threshold calculation unit 41. (The upper limit value of the communication data amount) is calculated (step S102). In the threshold value calculation unit 41, for example, when data communication is performed using the same encryption key, the cumulative value of the communication data amount that can be deciphered with a probability of 10 [%] is used as the threshold value. It is calculated from the encryption method and encryption key length. As described above, in the communication control function according to the present embodiment, the threshold for determining whether or not to change the encryption key is determined in advance before the actual data communication through the main communication path C1 is started.

  Subsequently, when the first communication device 100 receives a wireless LAN communication start request from the W-LAN communication control unit 21w of the second communication device 200, the W-LAN communication control unit 11w causes the communication setting information 31D to be received. The main communication channel C1 is established based on the setting relating to the communication method included in the data communication, and data communication using the encryption key generated according to the encryption method is started (step S103).

  The first communication device 100 determines whether or not the encryption key used in the established main communication path C1 needs to be changed by the change necessity determination unit 42. The change necessity determination unit 42 compares the previously calculated threshold value with the accumulated value of the communication data amount using the same encryption key in the main communication path C1, and determines whether the encryption key needs to be changed based on the comparison result. Determination is made (step S104).

FIG. 6B shows the relationship between the accumulated value of the communication data amount on the main communication channel C1 and the change timing of the used encryption key.
As shown in FIG. 6B, the amount of communication data using the same encryption key in the main communication channel C1 increases as the communication time elapses. As has been clarified in the conventional problems, the increase in the amount of communication data increases the possibility that the encryption key used in the main communication path C1 will be decrypted. For this reason, in this embodiment, when the accumulated value of the communication data amount exceeds a certain value (threshold value), the encryption key used in the main communication path C1 is reduced below a certain level by changing the encryption key used. The communication control is suppressed. For example, FIG. 6B shows a state in which the used encryption key is changed at timings (1), (2), and (3) when the accumulated value of the communication data amount exceeds the threshold value.

  Returning to the description of FIG. The change necessity determination unit 42 determines that the encryption key needs to be changed when the accumulated value of the communication data amount exceeds the threshold (step S104: YES).

  Upon receiving the determination result of step S104, the first communication device 100 requests the NFC communication control unit 11n to change the encryption key used in the main communication path C1 by the encryption key change control unit 43 (step S105). ).

  Specifically, the following encryption key change process is performed. Between devices, NFC communication (near field communication) is performed via the sub communication path C2, and the second communication device 200 is requested to change to an encryption key different from the encryption key used in the main communication path C1. Is done. In the second communication device 200, the NFC communication control unit 21n accepts an encryption key change request, and instructs the W-LAN communication control unit 21w to change the used encryption key. As a result, the first communication device 100 receives an encryption key change result response from the NFC communication control unit 21n included in the second communication device 200 by the NFC communication control unit 11n via the sub communication path C2.

  Thereby, data communication using the changed encryption key is performed on the main communication path C1 between the devices.

  Subsequently, when receiving the response, the first communication device 100 causes the encryption key change control unit 43 to reset the accumulated value of the communication data amount used in the encryption key change necessity determination process (step S106).

  On the other hand, the first communication device 100 skips the processes of step S105 and step S106 while the accumulated value of the communication data amount in the main communication path C1 does not exceed the threshold (step S104: NO). That is, during this period, it is determined that there is no need to change the encryption key used in the main communication path C1, and the encryption key change process is not performed.

  Subsequently, the first communication device 100 determines whether the wireless LAN communication end notification has been received from the W-LAN communication control unit 21w of the second communication device 200 by the W-LAN communication control unit 11w. (Step S107).

  The first communication device 100 is established by the W-LAN communication control unit 11w when receiving a data communication end notification from the second communication device 200 by the W-LAN communication control unit 11w (step S107: YES). The main communication path C1 is disconnected, and the data communication between the devices is terminated (step S108). In the first communication device 100, the NFC communication control unit 11n disconnects the established sub communication path C2, and ends the short-range wireless communication between the devices.

  On the other hand, the first communication device 100 returns to the process of step S104 until a data communication end notification is received from the second communication device 200 (step S107: NO). That is, the encryption key change necessity determination process and the encryption key change process are repeatedly performed until the actual data communication on the main communication path C1 ends.

  As described above, in this embodiment, the encryption key used in the main communication path C1 is continuously changed while data communication is performed.

<< Communication control processing: Part 2 >>
FIG. 7 is a flowchart illustrating a processing procedure example (part 2) related to communication control according to the present embodiment. FIG. 7A shows an example of a processing procedure related to communication control including encryption key change necessity determination and encryption key change considering not only communication data amount but also communication time.

  In FIG. 6, it is determined whether or not the encryption key used in the main communication path C1 needs to be changed based on the cumulative value of the communication data amount using the same encryption key and the threshold value calculated from the encryption method included in the communication setting information 31D. did. However, the following cases can be considered.

  For example, even if the accumulated value of the communication data amount does not reach the threshold value, if the communication time is long, the encryption key used in the main communication path C1 can be decrypted as in the case of the increase in the communication data amount. Increases nature. Therefore, in the processing procedure shown in FIG. 7A, even if the cumulative value of the communication data amount using the same encryption key has not reached a constant value (first threshold), the communication time is constant (first When the threshold value (2) is exceeded, communication control is performed to change the encryption key used to suppress the possibility of decryption of the encryption key used in the main communication path C1 to a certain level or less.

In the following description of FIG. 7A, processing procedures different from those in FIG.
As shown in FIG. 7A, the first communication apparatus 100 determines whether or not the encryption key used in the established main communication path C1 needs to be changed by the change necessity determination unit 42. The change necessity determination unit 42 compares the threshold value (first threshold value) calculated in step S202 with the accumulated value of the communication data amount using the same encryption key in the main communication channel C1, and based on the comparison result, It is determined whether or not the encryption key needs to be changed (step S204).

  The change necessity determination unit 42 determines that it is necessary to change the encryption key when the accumulated value of the communication data amount exceeds the first threshold (first threshold) (step S204: YES), The process proceeds to the encryption key change process in step S206.

  On the other hand, when it is determined that the accumulated value of the communication data amount in the main communication path C1 does not exceed the threshold (first threshold) (step S104: NO), the first communication device 100 determines whether or not to change. The unit 42 compares a predetermined time (second threshold) set in advance with a communication time using the same encryption key in the main communication channel C1, and whether or not the encryption key needs to be changed based on the comparison result. Is determined (step S205).

FIG. 7B shows the relationship between the communication time on the main communication channel C1 and the change timing of the used encryption key.
For example, FIG. 7B shows that the communication time is set in advance even if the cumulative value of the communication data amount using the same encryption key in the main communication channel C1 does not reach the threshold (first threshold). It is shown that the used encryption key is changed at the timings (2) and (3) when the predetermined time (second threshold) is exceeded. The predetermined time (second threshold) is set in consideration of the possibility that the encryption key is decrypted when data communication is performed using the same encryption key in the main communication channel C1. For example, when data communication is performed using the same encryption key, a communication time that is likely to be decrypted with a probability of 10 [%] is defined as the predetermined time (second threshold value), and the encryption method And the length of the encryption key.

  Returning to the description of FIG. The change necessity determination unit 42 determines that the encryption key needs to be changed when the communication time exceeds a predetermined time (second threshold) (step S205: YES), and changes the encryption key in step S206. Transition to processing.

  On the other hand, in the first communication device 100, the accumulated value of the communication data amount in the main communication channel C1 does not reach the threshold value (first threshold value), and the communication time exceeds the predetermined time (second threshold value). While there is not (step S104: NO), the processing of step S206 and step S207 is skipped. That is, during this period, it is determined that there is no need to change the encryption key used in the main communication path C1, and the encryption key change process is not performed.

  As described above, in the present embodiment, data communication in a state in which higher confidentiality is maintained by performing communication control including encryption key change necessity determination processing considering not only communication data amount but also communication time. Can be realized.

<Operation example>
FIG. 8 is a diagram illustrating an operation example of communication restriction according to the present embodiment.

  The communication control function according to the present embodiment functions by executing the above-described processing, and can realize a communication restriction environment as shown in FIG.

  For example, the three first communication devices 100A, 100B, and 100C shown in FIG. 8 are located within the range of the NFC communication area (area in which communication by the sub communication path C2 is possible) AR1, and therefore are subject to data communication. The encryption key in the main communication channel C1 is continuously changed with the second communication device 200. As a result, the first communication devices 100A, 100B, and 100C normally perform encrypted data communication with the second communication device 200 using the wireless LAN communication area (area where communication is possible via the main communication path C1) AR2. Can do.

  On the other hand, the remaining three first communication devices 100D, 100E, and 100F are located outside the range of the NFC communication area AR1, and therefore, the main communication channel C1 with the second communication device 200 that is a data communication target. The encryption key cannot be changed continuously. Therefore, the first communication devices 100D, 100E, and 100F cannot perform encrypted data communication with the second communication device 200 using the wireless LAN communication area AR2.

  As described above, in the communication control function according to the present embodiment, the encryption key in the main communication path C1 that performs actual data communication is obtained via the short-range wireless communication (sub-communication path C2) that is difficult to intercept from a long distance. By changing continuously, even if a third party intercepts the main communication path C1, an environment in which data communication cannot be performed is realized. Thereby, in the communication system 1 which concerns on this embodiment, the confidentiality of radio | wireless communication can be maintained.

[Modification]
From here, the modification of the communication control function which concerns on this embodiment is demonstrated.

  In the above description, the configuration has been described in which the encryption key on the main communication path C1 is continuously changed during data communication between devices, thereby making it difficult to decrypt the encryption key on the main communication path C1 and maintaining confidentiality.

  In this modification, the encryption key to be changed during data communication between devices is a random number key by a one-time pad, and the confidentiality in the main communication path C1 is improved. One time pad (OTP) is a cryptographic operation method that uses a random number key only once. In the one-time pad, a random number having the same length as the data length in the main communication channel C1 is used as the encryption key. It is said that this encryption key is theoretically indecipherable when it is operated correctly (in the case of operation strictly adhering to “confidentiality management of random number table”, “prohibition of reuse of same random number”, etc.).

  FIG. 9 is a sequence diagram illustrating a processing procedure example (part 2) related to the inter-device communication according to the present modification. FIG. 9 shows a processing procedure example in which the second communication device 200 requests the first communication device 100 having the communication control function to establish the main communication channel C1 and the sub communication channel C2. .

  As shown in FIG. 9, first, the second communication device 200 transmits NFC communication (nearly) to the first communication device 100 via the NFC device 20n included in the device (by the NFC communication control unit 21n). The start of distance wireless communication is requested (step S41). Thereby, the first communication device 100 receives the start request via the NFC device 10n included in the device (by the NFC communication control unit 11n). As a result, a sub-communication path C2 based on short-range wireless communication is established between the first communication device 100 and the second communication device 200.

  The first communication device 100 communicates from the NFC device 10n via the sub communication channel C2 with the main communication channel C1 such as the wireless LAN communication method to the first communication device 100 that is the start request source. To obtain various information necessary for communication (communication setting information 31D) (step S42). As a result, the second communication device 200 responds to the first communication device 100, which is the information acquisition request source, from the NFC device 20n via the sub communication path C2. As a result, in the first communication device 100, the information received by the NFC device 10n is stored as communication setting information 31D in a storage device included in the device.

  Subsequently, the second communication device 200 starts wireless LAN communication with the first communication device 100 via the W-LAN device 20w included in the device (by the W-LAN communication control unit 21w) ( (Start of data communication through the main communication path C1) is requested (step S51). Thereby, the first communication device 100 receives the start request via the W-LAN device 10w included in the device (by the W-LAN communication control unit 11w). As a result, the main communication path C1 is established between the first communication device 100 and the second communication device 200.

  In response, wireless LAN communication is performed between the devices using the encryption key generated by the one-time pad based on the communication method included in the communication setting information 31D (step S61). That is, between the devices, actual data communication (encrypted communication) using the one-time pad encryption in the main communication unit C1 is started.

  Meanwhile, the first communication device 100 sends a random number having the same length as the data length in the main communication channel C1 from the NFC device 10n to the NFC device 20n included in the second communication device 200 via the sub communication channel C2. (True random bit string) is supplied as an encryption key used in the main communication channel C1 (step S43). Thereby, data communication using the supplied encryption key is performed between the devices on the main communication path C1. In addition, since the encryption key is supplied in units of data length in the main communication path C1, in this modification as well, the encryption key used in the main communication path C1 is continuously changed while data communication is performed. The

  As described above, between the devices, the W-LAN device 20w included in the second communication device 200 ends the wireless LAN communication from the W-LAN device 10w included in the first communication device 100 (by the main communication path C1). The one-time pad encryption communication process (step S61) and the one-time pad encryption key supply process (step S43) are performed until notification of the end of data communication (step S52 is executed). The first communication device 100 receives an end notification via the W-LAN device 10w. As a result, the main communication path C1 established between the first communication device 100 and the second communication device 200 is disconnected.

  Finally, when the second communication apparatus 100 notifies the end of the wireless LAN communication, the NFC apparatus 20n sends the end of the NFC communication (sub communication path) to the first communication apparatus 100 via the sub communication path C2. The end of short-range wireless communication by C2 is notified (step S44). The first communication device 100 receives an end notification via the NFC device 10n. As a result, the sub communication path C <b> 2 by the short-range wireless communication established between the first communication device 100 and the second communication device 200 is disconnected.

  In the one-time pad encryption key supply process (step S43), it is desirable to use the following short-range wireless communication when high-speed communication is required on the main communication path C1. Since the speed of NFC communication is significantly slow due to wireless LAN communication, it is desirable to use high-speed short-range wireless communication such as evanescent communication or TransferJet.

  In the one-time pad, since the random number having the same length as the data length in the main communication channel C1 is used as the encryption key, the encryption key and the communication data amount are the same. Therefore, although it seems that data communication between devices may be performed only with no encryption and short-range wireless communication, the following usage method is assumed. For example, an encryption key is supplied to a plurality of devices via a sub-communication channel C2 based on short-range wireless communication, and actual data is transmitted to the plurality of devices via a main communication channel C1 based on a wireless LAN. The usage method is mentioned.

  As described above, in this modified example, data communication in a state where higher confidentiality is maintained can be realized by performing communication processing using the one-time pad encryption that cannot be theoretically deciphered.

<Summary>
As described above, according to the first communication device 100 according to the present embodiment, the main communication is performed based on the information (communication setting information 31D) exchanged between devices by the threshold value calculation unit 41 via the sub communication path C2. A threshold value (upper limit value of communication data amount) for determining whether or not to change the encryption key used in the path C1 is calculated.

  The first communication device 100 compares the calculated threshold value with the accumulated value of the communication data amount in the main communication channel C1 by the change necessity determination unit 42, and from the comparison result, the encryption key used in the main communication channel C1 is compared. Determine whether or not to change.

  When the first communication device 100 determines that the encryption key needs to be changed by determining whether or not the change is necessary, the encryption change control unit 43 changes the encryption key used in the main communication channel C1 and Resets the accumulated communication data amount.

  The first communication device 100 continuously performs the communication control process including the encryption key change necessity determination and the encryption key change while performing data communication on the main communication path C1.

  Accordingly, the first communication device 100 continues to update the encryption key used in the main communication path C1 via the sub communication path C2 while performing data communication in the main communication path C1. As a result, it is possible to make it difficult to decrypt the encryption key even if the amount of communication data increases, and data communication can be performed while maintaining high confidentiality.

[Second Embodiment]
In the first embodiment, the configuration for changing the encryption key used in the main communication path has been described. In the present embodiment, a configuration for changing the communication method and encryption method in the main communication path will be described. In the following description, the same reference numerals are assigned to the same points as in the first embodiment, and the description thereof is omitted.

<Communication control function>
A communication control function according to the present embodiment will be described.
FIG. 10 is a diagram illustrating a configuration example of the communication control function according to the present embodiment.
The difference between FIG. 4 and FIG. 10 is that a communication setting change control unit 44 is provided instead of the encryption key change control unit 43.

  The communication setting change control unit 44 is a functional unit that controls the change of the communication method and the encryption method in the main communication channel C1. The communication setting change control unit 44 changes the communication method and the encryption method based on the determination result by the change necessity determination unit 42. The settings related to the communication method and the encryption method in the main communication channel C1 are included in the acquired information by the NFC communication control unit 11n and are stored as communication setting information 31D. Therefore, the communication setting change control unit 44 changes the setting contents related to the communication method and the encryption method included in the communication setting information 31D, and also sets the communication setting for the second communication device 200 to the NFC communication control unit 11n. Request changes. As a result, from the NFC communication control unit 11n to the second communication device 200 via the sub communication path C2, the changed communication method, encryption method, and encryption key based on the changed encryption method are transferred. Changes are required. Thereby, data communication using the encryption key by the changed encryption method based on the changed communication method is performed between the devices by the W-LAN communication control units 11w and 21w included in each device.

  When the communication setting change control unit 44 makes a communication setting change request, the communication setting change control unit 44 resets the accumulated value of the communication data amount in the main communication path C1 used in the encryption key change necessity determination process.

  The communication control process including the encryption key change necessity determination by the change necessity determination unit 42 and the communication setting change by the communication setting change control unit 44 is performed between the W-LAN communication control unit 11w and the W-LAN communication control unit 21w. During data communication (during data communication through the main communication path C1).

  As described above, the communication control function according to the present embodiment is realized by the cooperation of the functional units. In the present embodiment, the configuration in which the information processing apparatus (first communication apparatus) 100 has a communication control function has been described. However, the present embodiment is not limited to this, as in the first embodiment. For example, the image processing apparatus (second communication apparatus) 200 may have a configuration having a communication control function (the functional configuration shown in FIG. 10 is reversed). Hereinafter, for the sake of convenience (for the sake of unified description), the information processing apparatus (first communication apparatus) 100 will be described based on a configuration having a communication control function.

  Next, a detailed operation of the communication control function (operation of function unit group) will be described with reference to a sequence diagram and a flowchart showing a processing procedure.

  As for the communication control function, a program (software component that realizes the communication control function) installed (installed) in the first communication device 100 and the second communication device 200 is stored by the CPUs 106 and 211 (in the storage device). This is realized by reading out from a predetermined storage area) onto the memory and executing the following processing.

  In the following description, an overall process related to data communication performed between the first communication apparatus 100 and the second communication apparatus 200 and a communication control process performed in the first communication apparatus 100 will be described in this order.

<Overall processing>
FIG. 11 is a sequence diagram illustrating an example of a processing procedure related to inter-device communication according to the present embodiment. FIG. 11 shows an example of a processing procedure when the second communication device 200 requests the first communication device 100 having the communication control function to establish the main communication channel C1 and the sub communication channel C2. ing.

  As shown in FIG. 11, first, the second communication device 200 communicates with the first communication device 100 via the NFC device 20n included in the device (by the NFC communication control unit 21n). Request to start (distance wireless communication) (step S71). Thereby, the first communication device 100 receives the start request via the NFC device 10n included in the device (by the NFC communication control unit 11n). As a result, a sub-communication path C2 based on short-range wireless communication is established between the first communication device 100 and the second communication device 200.

  The first communication device 100 transmits the start request source first communication device 100 from the NFC device 10n via the sub communication channel C2 via the main communication channel C1 such as a wireless LAN communication method or an encryption method. It requests acquisition of various information (communication setting information 31D) necessary for communication (step S72). As a result, the second communication device 200 responds to the first communication device 100, which is the information acquisition request source, from the NFC device 20n via the sub communication path C2. As a result, in the first communication device 100, the information received by the NFC device 10n is stored as communication setting information 31D in a storage device included in the device.

  Subsequently, the second communication device 200 starts wireless LAN communication with the first communication device 100 via the W-LAN device 20w included in the device (by the W-LAN communication control unit 21w) ( (Start of data communication via the main communication path C1) is requested (step S81). Thereby, the first communication device 100 receives the start request via the W-LAN device 10w included in the device (by the W-LAN communication control unit 11w). As a result, the main communication path C1 is established between the first communication device 100 and the second communication device 200.

  In response, wireless LAN communication using an encryption key generated according to the encryption method based on the communication method included in the communication setting information 31D is performed between the devices (step S91). That is, actual data communication (encrypted communication) by the main communication unit C1 is started between the devices.

  Meanwhile, the first communication device 100 calculates a threshold value based on the setting related to the encryption method included in the communication setting information 31D, and performs encryption key change necessity determination processing on the main communication channel C1. Details of this process will be described later in the communication control process.

  If it is determined by the above-described encryption key change necessity determination process that the encryption key needs to be changed, the first communication device 100 transmits the second communication device 200 from the NFC device 10n via the sub communication path C2. Is requested to change the communication method, encryption method, and encryption key in the main communication path C1 (step S73). Accordingly, the second communication device 200 changes the communication method, encryption method, and encryption key setting in the W-LAN device 20w in response to the change request, and the result (change result) is changed to the NFC device 20n. To the first communication device 100 that is the request source via the sub communication path C2 (communication setting change processing).

  In response to this, wireless LAN communication is continued between devices using an encryption key (changed encryption key) based on a communication method and encryption method different from the data communication processing in step S91 (step S92).

  Again, the first communication device 100 performs the encryption key change necessity determination process in the main communication channel C1, and when it is determined that the encryption key needs to be changed, A request is made to change the communication method, encryption method, and encryption key in the communication path C1 (step S74). Thereby, the second communication device 200 changes the communication method, encryption method, and encryption key setting in the W-LAN device 20w in response to the change request, and the result (change result) is changed at the request source. Responds to a certain first communication device 100 (communication setting change processing).

  In response to this, wireless LAN communication is continued between devices using an encryption key (changed encryption key) based on a communication method and encryption method different from the data communication processing in step S92 (step S93).

  As described above, between the devices, the W-LAN device 20w included in the second communication device 200 ends the wireless LAN communication from the W-LAN device 10w included in the first communication device 100 (by the main communication path C1). The encryption key change necessity determination process and the communication setting change process (steps S73 and S74) are repeatedly performed until notification of completion of data communication is sent (step S82 is executed). The first communication device 100 receives an end notification via the W-LAN device 10w. As a result, the main communication path C1 established between the first communication device 100 and the second communication device 200 is disconnected.

  Finally, when the second communication apparatus 100 notifies the end of the wireless LAN communication, the NFC apparatus 20n sends the end of the NFC communication (sub communication path) to the first communication apparatus 100 via the sub communication path C2. The end of short-range wireless communication by C2 is notified (step S75). The first communication device 100 receives an end notification via the NFC device 10n. As a result, the sub communication path C <b> 2 by the short-range wireless communication established between the first communication device 100 and the second communication device 200 is disconnected.

<Communication control processing>
FIG. 12 is a flowchart illustrating an example of a processing procedure related to communication control according to the present embodiment. FIG. 12 shows an example of a processing procedure related to communication control performed by the first communication apparatus 100 including the above-described encryption change necessity determination and communication setting change.

  As shown in FIG. 12, the first communication device 100 has various information (for example, “communication method” and “encryption” acquired from the second communication device 200 via the sub communication path C2 by the NFC communication control unit 11n. System ") as communication setting information 31D, and settings necessary for wireless LAN communication (data communication through the main communication path C1) between the devices are performed on the W-LAN communication control unit 21w (Step S1). S301).

  Subsequently, when the first communication device 100 receives a wireless LAN communication start request from the W-LAN communication control unit 21w of the second communication device 200, the W-LAN communication control unit 11w causes the communication setting information 31D to be received. The main communication channel C1 is established based on the settings related to the communication method included in the data communication, and data communication using the encryption key generated according to the encryption method is started (step S302).

  Subsequently, the first communication device 100 uses the threshold value calculation unit 41 to determine whether the encryption key used in the main communication path C1 needs to be changed based on the encryption method included in the communication setting information 31D ( An upper limit value of the communication data amount is calculated (step S303).

  The first communication device 100 determines whether or not the encryption key used in the established main communication path C1 needs to be changed by the change necessity determination unit 42. The change necessity determination unit 42 compares the previously calculated threshold value with the accumulated value of the communication data amount using the same encryption key in the main communication path C1, and determines whether the encryption key needs to be changed based on the comparison result. Determination is made (step S304). The change necessity determination unit 42 determines that it is necessary to change the communication setting in the main communication path C1 when the accumulated value of the communication data amount exceeds the threshold (step S304: YES).

  In response to the determination result of step S304, the first communication device 100 causes the communication setting change control unit 44 to transmit the communication method, encryption method, and encryption key of the main communication channel C1 to the NFC communication control unit 11n. A change is requested (step S305). In addition, the communication setting change control unit 44 changes the setting contents related to the communication method and the encryption method included in the communication setting information 31D. Note that the communication method is changed, for example, to ch, SSID (Service Set IDentifier), or to IEEE 802.11a / b / g / n. In addition, the encryption scheme is changed to, for example, WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access), WPA2, or the like.

  Specifically, the following communication setting change process is performed. Between devices, NFC communication (short-range wireless communication) is performed via the sub communication path C2, and communication settings (communication method, encryption method, and encryption) in the main communication path C1 are set for the second communication device 200. Change of each key setting) is required. In the second communication device 200, the NFC communication control unit 21n accepts a communication setting change request, and the W-LAN communication control unit 21w is instructed to change the used communication method, encryption method, and encryption key. The As a result, the first communication device 100 receives a communication setting change result response from the NFC communication control unit 21n included in the second communication device 200 by the NFC communication control unit 11n via the sub communication path C2.

  Thereby, in the main communication path C1 between the devices, data communication using the changed communication method, encryption method, and encryption key generated according to the encryption method is performed.

  Subsequently, when receiving a response, the first communication device 100 causes the communication setting change control unit 44 to reset the accumulated value of the communication data amount used in the encryption key change necessity determination process (step S306).

  On the other hand, the first communication device 100 skips the processing of step S305 and step S306 while the accumulated value of the communication data amount in the main communication path C1 does not exceed the threshold (step S304: NO). That is, during this period, it is determined that there is no need to change the communication setting in the main communication path C1, and the communication setting change process is not performed.

  Subsequently, the first communication device 100 determines whether the wireless LAN communication end notification has been received from the W-LAN communication control unit 21w of the second communication device 200 by the W-LAN communication control unit 11w. (Step S307).

  The first communication device 100 is established by the W-LAN communication control unit 11w when receiving a data communication end notification from the second communication device 200 by the W-LAN communication control unit 11w (step S307: YES). The main communication path C1 is disconnected, and the data communication between the devices is terminated (step S308). In the first communication device 100, the NFC communication control unit 11n disconnects the established sub communication path C2, and ends the short-range wireless communication between the devices.

  On the other hand, the first communication device 100 returns to the process of step S302 until a data communication end notification is received from the second communication device 200 (step S307: NO). That is, the encryption key change necessity determination process and the communication setting change process are repeatedly performed until the actual data communication in the main communication path C1 ends. In addition, among the processes repeatedly performed, the threshold value used in the encryption change necessity determination process is recalculated based on the changed encryption method.

  As described above, in this embodiment, each communication setting (communication method or encryption method) including the encryption key used in the main communication channel C1 is continuously changed while data communication is performed.

<Summary>
As described above, according to the first communication device 100 according to the present embodiment, the main communication is performed based on the information (communication setting information 31D) exchanged between devices by the threshold value calculation unit 41 via the sub communication path C2. A threshold value (upper limit value of communication data amount) for determining whether or not to change the encryption key used in the path C1 is calculated.

  The first communication device 100 compares the calculated threshold value with the accumulated value of the communication data amount in the main communication channel C1 by the change necessity determination unit 42, and from the comparison result, the encryption key used in the main communication channel C1 is compared. Determine whether or not to change.

  When the first communication device 100 determines that the encryption key needs to be changed by determining whether or not the change is necessary, the communication setting change control unit 44 sets the communication setting (communication method, encryption) in the main communication path C1. System, encryption key) is changed, and the accumulated value of the communication data amount is reset.

  The first communication device 100 continuously performs the communication control process including the encryption key change necessity determination and the communication setting change while performing data communication on the main communication path C1.

  Thus, the first communication device 100 performs each communication setting (communication method and encryption method) including the encryption key used in the main communication channel C1 via the sub communication channel C2 while performing data communication in the main communication channel C1. ) Keep updating. As a result, it is possible to make it difficult to decrypt the encryption key even if the amount of communication data increases, and data communication can be performed while maintaining high confidentiality.

  The above-described embodiment has been described so far. The “communication control function” is a program in which each processing procedure described with reference to the drawings is coded in a programming language suitable for the operating environment (platform). Is implemented by the CPUs 106 and 211 included in the first communication device 100 and the second communication device 200.

  The program can be stored in the computer-readable recording media 103a and 214a. Examples of the recording medium 103a corresponding to the first communication device 100 include a floppy (registered trademark) disk, a CD (Compact Disk), a DVD (Digital Versatile Disk), an SD memory card (SD Memory Card), and a USB. (Universal Serial Bus) memory. The recording medium 214a corresponding to the second communication device 200 includes, for example, an SD memory card and a USB memory.

  Therefore, in the first communication device 100, the program can be installed in the device via the drive device 103 that can read the recording medium 103a. Similarly, in the case of the second communication device 200, the program can be installed in the device via the external storage I / F device 214 capable of reading the recording medium 214a.

  Further, since the first communication device 100 includes the communication control device 107, the program can be downloaded using an electric communication line such as the Internet and installed in the device. Similarly, in the case of the second communication device 200, the program can be downloaded via the communication control device 213 and installed in the device.

  In the above-described embodiment, the configuration in which the second communication device (image processing device) 200 requests the start of data communication through the main communication path C1 has been described. A start request may be issued from the first communication device (information processing device) 100.

  In the above embodiment, the communication setting function (communication method, encryption method, and encryption key) has been changed by the communication control function. However, the present invention is not limited to this. For example, the structure which changes a communication means may be sufficient. The communication means mentioned here includes a wireless USB, Bluetooth, etc. in addition to the wireless LAN. Therefore, in the communication control function, the communication means in the communication setting may be changed (switched) from wireless LAN to wireless USB, Bluetooth, or the like. However, in this case, devices that perform data communication must have the above-described plurality of types of communication means in common.

  In the above embodiment, the configuration in which the communication method, the encryption method, and the encryption key in the main communication channel C1 are simultaneously changed by the communication control function has been described. You may change at a different timing, respectively.

  Finally, the present invention is not limited to the requirements shown here, such as combinations of other elements with the shapes and configurations described in the above embodiments. With respect to these points, the present invention can be changed within a range that does not detract from the gist of the present invention, and can be appropriately determined according to the application form.

1 Communication control system 10n, 20n NFC device (10: information processing device side, 20: image processing device side)
10w, 20w W-LAN device (10: information processing device side, 20: image processing device side)
11n, 21n NFC communication control unit (10: information processing device side, 20: image processing device side)
11w, 21w W-LAN communication control unit (10: information processing device side, 20: image processing device side)
31D communication setting information 41 threshold calculation unit 42 change necessity determination unit 43 encryption key change control unit 44 communication setting change control unit 100 information processing apparatus (first communication apparatus)
101 Input Device 102 Display Device 103 Drive Device (a: Recording Medium)
104 RAM (volatile semiconductor memory)
105 ROM (nonvolatile semiconductor memory)
106 CPU (Central Processing Unit)
107 Communication controller (NIC: Network I / F Card)
108 HDD (nonvolatile storage device)
109 External I / F device (a: External device)
200 Image processing apparatus (second communication apparatus)
210 Controller (control board)
211 CPU (Central Processing Unit)
212 storage devices (including ROM, RAM, HDD, etc.)
213 Communication control device (NIC)
214 External storage I / F device (a: recording medium)
215 External I / F device (a: External device)
220 Operation panel 230 Plotter (image forming unit)
240 Scanner (Original reading unit)
C communication channel (1: main communication channel, 2: sub communication channel)
B bus

JP 2007-166538 A

Claims (9)

A communication device that performs wireless communication with another device via a first communication path that performs encrypted communication and a second communication path that is different from the first communication path,
Determination means for determining whether or not the encryption key used in the first communication path needs to be changed based on communication setting information related to the first communication path exchanged between devices via the second communication path;
Control means for controlling the change of the encryption key used in the first communication path via the second communication path based on the determination result by the determination means,
The control means includes
While performing data communication between devices through the first communication path, the communication device continuously changes the encryption key based on the determination result. The determination means includes
The communication apparatus according to claim 1, wherein the determination of whether or not to change the encryption key is continuously performed while performing data communication between devices via the first communication path. Calculating means for calculating a threshold value used for determining whether or not to change the encryption key based on a setting relating to an encryption method included in the communication setting information exchanged between devices via the second communication path; Have
The determination means includes
The threshold value calculated by the calculating means is compared with the accumulated value of the communication data amount in the first communication path, and when the accumulated value exceeds the threshold value, it is determined that the encryption key needs to be changed. The communication device according to claim 1 or 2. The determination means includes
If the cumulative value does not exceed the threshold,
A predetermined time set in advance and a communication time in the first communication path are compared, and when the communication time exceeds the predetermined time, it is determined that the encryption key needs to be changed. The communication apparatus according to claim 3. The control means includes
When the determination unit determines that the encryption key needs to be changed,
5. A device that performs data communication is requested to change to an encryption key different from the encryption key used in the first communication path via the second communication path. The communication device according to any one of the above. The control means includes
When the determination unit determines that the encryption key needs to be changed,
A random number having the same length as the data length in the first communication path is supplied as an encryption key used in the first communication path to the device performing data communication via the second communication path. The communication apparatus according to any one of claims 1 to 4, wherein the communication apparatus is characterized in that The control means includes
Any one of 1 to 6, wherein a change of a communication method, an encryption method, and an encryption key in the first communication path is controlled via the second communication path based on a determination result by the determination unit. The communication device according to claim 1. The second communication path is
The communication apparatus according to claim 1, wherein the communication apparatus is a communication path for performing short-range wireless communication. A communication control method in a communication device that performs wireless communication with another device via a first communication path that performs encrypted communication and a second communication path that is different from the first communication path,
A determination procedure for determining whether or not it is necessary to change the encryption key used in the first communication path based on communication setting information related to the first communication path exchanged between devices via the second communication path;
A control procedure for controlling the change of the encryption key used in the first communication path via the second communication path based on the determination result by the determination procedure,
The control procedure is:
A communication control method, which is continuously performed while performing data communication between devices through the first communication path.

Images