JP2012070220A - Wireless communication apparatus, wireless communication system and wireless communication method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To suppress insecurity in a system for wireless communication based on set security information.SOLUTION: A wireless communication apparatus includes: a first wireless communication section and a second wireless communication section for establishing wireless communications based on different pieces of security information to configure independent networks; and a first identification information storage section for storing first identification information assigned to the first wireless communication section. The first wireless communication section does not publish its security information while the second wireless communication section publishes its security information. The second wireless communication section wirelessly communicates with other wireless communication apparatuses on the basis of the security information of the second wireless communication section, and transmits the security information of the first wireless communication section to another wireless communication apparatus transmitting predetermined specific information. The first wireless communication section wirelessly communicates with that wireless communication apparatus on the basis of the security information of the first wireless communication section.

Description

  The present invention relates to a security technique in wireless communication.

  In order to perform wireless communication between a wireless LAN (Local Area Network) access point and a wireless LAN terminal, it is necessary to set security information common to each device. The security information is, for example, an SSID (Service Set Identifier), an authentication method, an encryption method, an encryption key, or the like. However, setting such security information is a complicated task for the user. Therefore, a method for automatically setting security information with a simple operation has been proposed.

  For example, the invention disclosed in Patent Document 1 is as follows. When the power button of the wireless LAN terminal is pressed, the wireless LAN access point and the wireless LAN terminal automatically set common security information. Then, wireless communication is established between both devices. In addition, Wi-Fi Protected Setup (WPS) formulated by Wi-Fi Alliance, which is an industry group related to wireless LAN, has become widespread. WPS is one of security information setting methods. In WPS, a PBC (Push Button Configuration) method and a PIN (Personal Identification Number) method are defined (see Non-Patent Document 1).

  In the PBC system, security information can be set for both devices by pressing a button mounted on the wireless LAN access point and a button mounted on the wireless LAN terminal. In the PIN system, security information can be set for both devices by inputting an 8-digit PIN code set in the wireless LAN access point to the wireless LAN terminal.

JP 2006-50372 A

Wifi Alliance. Wi-fi protected setup specification, version 1.0h, Dec. 2006.

However, once security information is set and wireless communication is possible, the security information is often not updated for a long time. As a result, there is a problem that security is lowered. Such a problem is not limited to a wireless LAN system adopting the PIN method. That is, the same problem is a problem common to wireless communication systems that perform wireless communication based on set security information.
In view of the above circumstances, an object of the present invention is to provide a wireless communication technique that can suppress a decrease in security in a system that performs wireless communication based on set security information.

  One aspect of the present invention is a wireless communication device that performs wireless communication based on different security information and forms a network independent of each other, the first wireless communication unit, and the first wireless communication device A first identification information storage unit that stores first identification information assigned to the communication unit, the first wireless communication unit does not disclose its security information, and the second wireless communication unit The second wireless communication unit performs wireless communication with another wireless communication device based on the security information of the second wireless communication unit, and transmits predetermined specific information. Security information of the first wireless communication unit is transmitted to a communication device, and the first wireless communication unit performs wireless communication with the other wireless communication device based on the security information of the first wireless communication unit. Do.

  One aspect of the present invention is a wireless communication system including a first wireless communication device and a second wireless communication device, wherein the first wireless communication device performs wireless communication based on different security information and is independent of each other. A first wireless communication unit and a second wireless communication unit that form a network; and a first identification information storage unit that stores first identification information assigned to the first wireless communication unit, the second wireless communication The apparatus includes a specific information storage unit that stores predetermined specific information, the first wireless communication device, and a wireless communication unit that performs wireless communication based on security information, and the first wireless communication unit includes: The second wireless communication unit does not disclose its own security information, the second wireless communication unit discloses its own security information, and the wireless communication unit is based on the disclosed security information of the second wireless communication unit. The specific information is transmitted to the second wireless communication unit, and the second wireless communication unit performs wireless communication with the second wireless communication device based on security information of the second wireless communication unit, and is predetermined. The security information of the first wireless communication unit is transmitted to the second wireless communication device that transmits specific information, and the second wireless communication device and the first wireless communication unit are the first wireless communication unit. Wireless communication with each other based on the security information.

  According to one aspect of the present invention, wireless communication is performed based on different security information, and a first wireless communication unit and a second wireless communication unit that configure an independent network, and a first wireless communication unit assigned to the first wireless communication unit A first identification information storage unit that stores one identification information, and a wireless communication method performed by a wireless communication device that does not disclose security information of the first wireless communication unit, wherein the second wireless communication unit Releasing the security information, and the second wireless communication unit performs wireless communication with another wireless communication device based on the security information of the second wireless communication unit and transmits predetermined specific information. Transmitting the security information of the first wireless communication unit to the wireless communication device, and the first wireless communication unit is based on the security information of the first wireless communication unit. Having a step of performing said another wireless communication device and wireless communication Te.

  According to one aspect of the present invention, wireless communication is performed based on different security information, and a first wireless communication unit and a second wireless communication unit that configure an independent network, and a first wireless communication unit assigned to the first wireless communication unit A first identification information storage unit that stores one identification information, a first wireless communication device that does not disclose security information of the first wireless communication unit, and a specific information storage unit that stores predetermined specific information A wireless communication method performed by a wireless communication system including the second wireless communication device, wherein the second wireless communication unit discloses its own security information, and the second wireless communication device is disclosed Transmitting the specific information to the second wireless communication unit based on security information of the second wireless communication unit; and Transmitting the security information of the first wireless communication unit to the second wireless communication device that performs wireless communication with the second wireless communication device based on the security information and transmits predetermined specific information; The second wireless communication device and the first wireless communication unit perform wireless communication with each other based on security information of the first wireless communication unit.

  According to the present invention, it is possible to suppress a decrease in security in a system that performs wireless communication based on set security information.

1 is a system configuration diagram showing a system configuration of a wireless communication system 100. FIG. 3 is a schematic block diagram illustrating a functional configuration of a relay device 1. FIG. It is a figure which shows the specific example of an access management table. 3 is a block diagram illustrating a functional configuration of a first wireless communication unit 103. FIG. 4 is a block diagram illustrating a functional configuration of a second wireless communication unit 104. FIG. 4 is a diagram illustrating a relationship between a first wireless communication unit 103 and a second wireless communication unit 104. FIG. 3 is a schematic block diagram illustrating a functional configuration of a wireless terminal device 2. FIG. It is a sequence diagram showing the flow of processing when the specific wireless terminal device 2a starts wireless communication with the relay device 1. It is a sequence diagram showing the flow of processing when the general wireless terminal device 2b starts wireless communication with the relay device 1. It is a sequence diagram showing the flow of the process regarding an update when the 1st security information of the 1st radio | wireless communication part 103 is updated while the specific radio | wireless terminal apparatus 2a belongs. Processing when the specific wireless terminal device 2a that has performed wireless communication with the first data communication unit 304 of the first wireless communication unit 103 in the past does not belong again and restarts wireless communication with the first wireless communication unit 103 again It is a sequence diagram showing the flow of.

  FIG. 1 is a system configuration diagram illustrating a system configuration of the wireless communication system 100. The wireless communication system 1 includes a relay device 1 and a wireless terminal device 2. Security information for wireless communication is set in the relay device 1 and the wireless terminal device 2. The relay device 1 and the wireless terminal device 2 perform wireless communication based on the set security information. The security information is information necessary for the relay device 1 and the wireless terminal device 2 to perform wireless communication. The security information is information such as an SSID (Service Set Identifier), an authentication method, an encryption method, and an encryption key. The encryption method and authentication method are, for example, WPA2-PSK (AES).

  The relay device 1 is a device that relays communication. The relay device 1 is, for example, a wireless LAN (Local Area Network) access point. The wireless terminal device 2 is an information processing device operated by a user. The wireless terminal device 2 is, for example, a wireless LAN terminal device. The wireless terminal device 2 includes a specific wireless terminal device 2a that transmits specific information and a general wireless terminal device 2b that does not transmit specific information. Even if the relay device 1 and the wireless terminal device 2 perform security information setting (authentication processing) according to the WPS (Wi-Fi Protected Setup) PIN (Personal Identification Number) standard established by the Wi-Fi Alliance. good. In the following description, a configuration in the case where authentication processing is performed using the WPS PIN method will be described. The specific information is information stored only by the wireless terminal device 2 that can perform wireless communication with the first wireless communication unit 103. The specific information may be a predetermined character string or a numerical value, for example. There may be a plurality of types of specific information.

  FIG. 2 is a schematic block diagram illustrating a functional configuration of the relay device 1. The relay device 1 includes a CPU (Central Processing Unit), a memory, an auxiliary storage device, and the like connected by a bus. The relay device 1 executes the communication program to thereby execute the first antenna 101, the second antenna 102, the first wireless communication unit 103, the second wireless communication unit 104, the first identification information storage unit 105, and the second identification information storage. Unit 106, security setting control unit 107, wireless communication control unit 108, timer control unit 109, access management control unit 110, and access management table storage unit 111. Note that all or part of each function of the relay device 1 may be realized by using hardware such as an application specific integrated circuit (ASIC), a programmable logic device (PLD), or a field programmable gate array (FPGA). Further, the relay device 1 may be realized by reading and executing a communication program recorded on a computer-readable recording medium by a computer including the first antenna 101 and the second antenna 102. The computer-readable recording medium is, for example, a portable medium such as a flexible disk, a magneto-optical disk, a ROM, a CD-ROM, or a storage device such as a hard disk built in the computer system.

  The first antenna 101 receives a radio wave propagating in the air, converts the received radio wave into an electric signal, and performs demodulation and decoding. The first antenna 101 transmits the decoded data to the first wireless communication unit 103. The first antenna 101 encodes and modulates data output from the first wireless communication unit 103 to generate an electrical signal. And the 1st antenna 101 transmits the produced | generated electric signal in the air as a radio wave.

  The second antenna 102 receives radio waves propagating in the air, converts the received radio waves into electrical signals, and performs demodulation and decoding. The second antenna 102 transmits the decoded data to the second wireless communication unit 104. The second antenna 102 encodes and modulates the data output from the second wireless communication unit 104 to generate an electrical signal. And the 2nd antenna 102 transmits the produced | generated electric signal in the air as a radio wave.

  The first wireless communication unit 103 performs wireless communication with the specific wireless terminal device 2a registered in the access management table via the first antenna 101. The first wireless communication unit 103 does not perform wireless communication with the wireless terminal devices 2 other than the specific wireless terminal device 2a. Details of the first wireless communication unit 103 will be described later.

  The second wireless communication unit 104 performs wireless communication with the general wireless terminal device 2b registered in the access management table via the second antenna 102. In addition, the second wireless communication unit 104 performs wireless communication with the wireless terminal device 2 corresponding to the terminal identification information set for itself, and performs authentication processing. In addition, the second wireless communication unit 104 transmits a beacon including its own SSID and WPS IE. Details of the second wireless communication unit 104 will be described later.

  The first identification information storage unit 105 is configured using a storage device such as a magnetic hard disk device or a semiconductor storage device. The first identification information storage unit 105 stores first identification information in advance. The first identification information is information dedicated to the first wireless communication unit 103 and is information necessary for starting the authentication process with the first wireless communication unit 103. The first identification information is, for example, a PIN code assigned to the first wireless communication unit 103. The specific wireless terminal device 2a can acquire the security information (first security information) of the first wireless communication unit 103 by performing an authentication process using the first identification information.

  The second identification information storage unit 106 is configured using a storage device such as a magnetic hard disk device or a semiconductor storage device. The second identification information storage unit 106 stores second identification information in advance. The second identification information is information dedicated to the second wireless communication unit 104 and is information used when starting authentication processing with the second wireless communication unit 104. The second identification information is, for example, a PIN code assigned to the second wireless communication unit 104. The first identification information and the second identification information are different. The second identification information storage unit 106 receives an access from an external device (an apparatus other than the relay apparatus 1) and outputs second identification information. On the other hand, the first identification information storage unit 105 does not accept access from an external device (a device other than the relay device 1).

  The security setting control unit 107 controls the setting of security information set in the first wireless communication unit 103 and the setting of security information set in the second wireless communication unit 104. Further, the security setting control unit 107 updates a part or all of the security information of the first wireless communication unit 103 at a predetermined timing. In the following description, the security information set in the first wireless communication unit 103 is referred to as first security information. The security information set in the second wireless communication unit 104 is referred to as second security information.

  The wireless communication control unit 108 generates communication data transmitted by the first wireless communication unit 103 or the second wireless communication unit 104. Further, the wireless communication control unit 108 analyzes communication data received by the first wireless communication unit 103 or the second wireless communication unit 104. The communication data may be wireless LAN communication data or data of another communication format. In the following description, the communication data is wireless LAN communication data.

The timer control unit 109 measures time.
The access management control unit 110 manages access of the wireless terminal device 2 belonging to the first wireless communication unit 103 or the second wireless communication unit 104 based on the access management table stored in the access management table storage unit 111. Note that the wireless terminal device 2 belonging to the first wireless communication unit 103 or the second wireless communication unit 104 transmits and receives communication data by wireless communication with the first wireless communication unit 103 or the second wireless communication unit 104. It is the wireless terminal device 2. In other words, the wireless terminal device 2 belonging to the first wireless communication unit 103 or the second wireless communication unit 104 is the wireless terminal device 2 registered in the access management table.

  The access management table storage unit 111 is configured using a storage device such as a magnetic hard disk device or a semiconductor storage device. The access management table storage unit 111 stores an access management table. FIG. 3 is a diagram illustrating a specific example of the access management table. The access management table has a record in which address information, specific information, and connection end time are associated with each other. The address information is the MAC address of the wireless terminal device 2 authenticated by the WPS PIN method. The specific information indicates whether the specific information is received from the wireless terminal device 2 represented by the MAC address during the WPS PIN authentication process. The connection end time is set when specific information is not received from the wireless terminal device 2 represented by the MAC address. The connection end time represents a time at which the own device (relay device 1) ends wireless communication with the wireless terminal device 2. That is, when the connection end time comes, the record is deleted.

  Note that the connection end time is not set for the wireless terminal device 2 from which the specific information is received. This is to limit the connection from the wireless terminal device 2 (general wireless terminal device 2b) from which the specific information is not received. The time from the start of connection to the end of connection is arbitrarily set by the administrator of the relay device 1 or the like. For example, when the time from the start of connection to the end of connection is set to 30 minutes, the access management control unit 110 uses, for example, the access management table with the time 30 minutes after the completion of WPS PIN authentication as the connection end time. Set to. The time from the start of connection to the end of connection may be set to 0 minutes. In this case, the general wireless terminal device 2b cannot perform wireless communication with the relay device 1.

FIG. 4 is a block diagram illustrating a functional configuration of the first wireless communication unit 103. The first wireless communication unit 103 includes a first security information storage unit 301, a concealment unit 302, a first authentication processing unit 303, and a first data communication unit 304.
The first security information storage unit 301 is configured using a storage device such as a magnetic hard disk device or a semiconductor storage device. The first security information storage unit 301 stores first security information in advance. When the first security information is updated by the security setting control unit 107, the first security information storage unit 301 receives and stores the updated first security information (updated first security information).

  The concealment unit 302 has an SSID concealment function. The SSID concealment function is a function that does not include its own SSID in the transmitted beacon signal. The concealment unit 302 transmits a beacon signal. However, the beacon signal transmitted by the concealment unit 302 does not include a WPS IE (Wi-Fi Protected Setup Information Element). The WPS IE is information for notifying that itself (the first wireless communication unit 103) supports WPS. The concealment unit 302 has an ANY connection rejection function. The ANY connection rejection function is a function that does not return a probe response to the ANY connection probe request from the wireless terminal device 2. Therefore, the concealment unit 302 does not transmit a probe response. Through the operation of the concealment unit 302 as described above, the wireless terminal device 2 cannot acquire the SSID and WPS IE of the first wireless communication unit 103 by using a beacon signal or a probe response. That is, the SSID of the first wireless communication unit 103 is not disclosed and is kept secret.

The first authentication processing unit 303 performs authentication processing by wireless communication using the first identification information. For example, the first authentication processing unit 303 may perform authentication processing according to the WPS PIN method using the first identification information as a PIN code. Note that data transmitted and received by wireless communication when performing authentication processing is referred to as authentication communication data.
The first data communication unit 304 transmits / receives communication data to / from the specific wireless terminal device 2a registered in the access management table by wireless communication. Communication data is data transmitted / received for purposes other than authentication processing among data transmitted / received by wireless communication.

FIG. 5 is a block diagram illustrating a functional configuration of the second wireless communication unit 104. The second wireless communication unit 104 includes a second security information storage unit 401, a disclosure unit 402, a specific information storage unit 403, a second authentication processing unit 404, and a second data communication unit 405.
The second security information storage unit 401 is configured using a storage device such as a magnetic hard disk device or a semiconductor storage device. The second security information storage unit 401 stores second security information.

The disclosure unit 402 does not have an SSID concealment function. Therefore, the disclosure unit 402 includes its own SSID and WPS IE in the beacon signal to be transmitted. The public section 402 does not have an ANY connection rejection function. Therefore, the disclosure unit 402 transmits a probe response in response to the probe request. The wireless terminal device 2 can acquire the SSID and WPS IE of the second wireless communication unit 104 based on the beacon signal and the probe response by the operation of the disclosure unit 402 as described above. That is, the SSID of the second wireless communication unit 104 is made public.
The specific information storage unit 403 is configured using a storage device such as a magnetic hard disk device or a semiconductor storage device. The specific information storage unit 403 stores specific information in advance.

The second authentication processing unit 404 performs authentication processing by wireless communication using the terminal identification information or the second identification information. For example, the second authentication processing unit 404 may perform authentication processing according to the WPS PIN method using the terminal identification information or the second identification information as a PIN code.
The second data communication unit 405 transmits / receives communication data to / from the general wireless terminal device 2b registered in the access management table by wireless communication.

  FIG. 6 is a diagram illustrating the relationship between the first wireless communication unit 103 and the second wireless communication unit 104. A network (first network region) formed by the wireless terminal device 2 that communicates with the first wireless communication unit 103 via the first antenna 101 and a second wireless communication unit 104 via the second antenna 102 The network (second network area) formed by the wireless terminal device 2 to be performed is independent of each other. Therefore, the wireless terminal device 2-1 located in the first network area and the wireless terminal device 2-2 located in the second network area cannot communicate with each other via the relay device 1.

  FIG. 7 is a schematic block diagram illustrating a functional configuration of the wireless terminal device 2. The wireless terminal device 2 includes a CPU, a memory, an auxiliary storage device, and the like connected by a bus. The wireless terminal device 2 is a device including an antenna 201, a wireless communication unit 202, a terminal identification information storage unit 203, a security setting control unit 204, a wireless communication control unit 205, and an identification information storage unit 206 by executing a communication program. Function. All or some of the functions of the wireless terminal device 2 may be realized using hardware such as ASIC, PLD, or FPGA. The wireless terminal device 2 may be realized by reading and executing a communication program recorded on a computer-readable recording medium by a computer including the antenna 201 and the like. The computer-readable recording medium is, for example, a portable medium such as a flexible disk, a magneto-optical disk, a ROM, a CD-ROM, or a storage device such as a hard disk built in the computer system.

  The antenna 201 receives a radio wave propagating in the air, converts the received radio wave into an electric signal, and performs demodulation and decoding. The antenna 201 transmits the decoded data to the wireless communication unit 202. The antenna 201 encodes and modulates data output from the wireless communication unit 202 to generate an electrical signal. The antenna 201 transmits the generated electrical signal as a radio wave to the air.

  The wireless communication unit 202 performs wireless communication with the relay device 1 via the antenna 201. In addition, the wireless communication unit 202 stores preset specific information.

The terminal identification information storage unit 203 is configured using a storage device such as a magnetic hard disk device or a semiconductor storage device. The terminal identification information storage unit 203 stores terminal identification information in advance. The terminal identification information is information dedicated to the wireless terminal device 2 and is information used when starting authentication processing with the relay device 1. The terminal identification information is, for example, a PIN code assigned to the wireless terminal device 2.
The security setting control unit 204 controls the setting of security information set in the wireless communication unit 202.

The wireless communication control unit 205 generates wireless LAN communication data transmitted by the wireless communication unit 202. Further, the wireless communication control unit 205 analyzes wireless LAN communication data received by the wireless communication unit 202.
The identification information storage unit 206 is configured using a storage device such as a magnetic hard disk device or a semiconductor storage device. The identification information storage unit 206 is a storage unit for storing the first identification information stored in the first identification information storage unit 105 of the relay device 1. Before the wireless terminal device 2 starts communication with the relay device 1, the identification information storage unit 206 does not store the first identification information. The identification information storage unit 206 stores the received first identification information when the first identification information is received from the second wireless communication unit 104 of the relay device 1.

  FIG. 8 is a sequence diagram showing the flow of processing when the specific wireless terminal device 2a starts wireless communication with the relay device 1. The process shown in FIG. 8 is a process when the first security information is set according to the WPS PIN method. In the wireless communication system 100, the processing when the relay device 1 and the specific wireless terminal device 2a start communication is not limited to the specific example shown in FIG.

  The first wireless communication unit 103 and the second wireless communication unit 104 regularly transmit a beacon (beacon) (steps S101 and S102). Specifically, the concealment unit 302 of the first wireless communication unit 103 and the disclosure unit 402 of the second wireless communication unit 104 transmit Beacon. The Beacon of the first wireless communication unit 103 does not include the SSID and WPS IE of the first wireless communication unit 103. On the other hand, the Beacon of the second wireless communication unit 104 includes the SSID and WPS IE of the second wireless communication unit 104.

  The specific wireless terminal device 2a periodically transmits a Probe Request (probe request). This Probe Request is received by the disclosure unit 402 of the second wireless communication unit 104 and the concealment unit 302 of the first wireless communication unit 103 (steps S103 and S104). The concealment unit 302 of the first wireless communication unit 103 does not transmit a probe response to the probe request according to the ANY connection rejection function. On the other hand, since the disclosure unit 402 of the second wireless communication unit 104 does not have an ANY connection rejection function, it transmits a probe response to the probe request (step S105).

  As described above, the Beacon transmitted from the first wireless communication unit 103 does not include the SSID and the WPS IE. In addition, the first wireless communication unit 103 does not transmit a probe response to the probe request. Therefore, the specific wireless terminal device 2a cannot receive the SSID of the first wireless communication unit 103 at this stage, and cannot recognize that the first wireless communication unit 103 is a WPS compatible access point. On the other hand, the Beacon transmitted from the second wireless communication unit 104 includes an SSID and a WPS IE. In addition, the second wireless communication unit 104 transmits a probe response to the probe request. Therefore, the specific wireless terminal device 2a receives the SSID of the second wireless communication unit 104, and can recognize that the second wireless communication unit 104 is a WPS-compatible access point.

  The user of the specific wireless terminal device 2a or the administrator of the relay device 1 sets the terminal identification information (PIN code) of the specific wireless terminal device 2a in the relay device 1, so that the authentication processing sequence of the WPS PIN method is The process is started (step S106). For example, when the relay device 1 includes an input device such as a button, the terminal identification information may be set by operating this button. Further, the setting may be performed by opening the management screen of the relay device 1 and inputting the terminal identification information in the information processing device that is communicably connected to the relay device 1. The operation of setting the terminal identification information in the relay device 1 may be performed based on any existing operation.

  When the authentication process is started, first, pre-processing based on the authentication sequence of the conventional WPS PIN method is performed (step S107). Specifically, Authentication and Association are transmitted and received between the second authentication processing unit 404 of the second wireless communication unit 104 and the specific wireless terminal device 2a. Next, the specific wireless terminal device 2 a transmits EAPOL-Start to the second wireless communication unit 104. Next, the second authentication processing unit 404 of the second wireless communication unit 104 transmits EAP-Request / identity to the specific wireless terminal device 2a. Next, the specific wireless terminal device 2 a transmits EAP-Response / identity to the second wireless communication unit 104. Next, the second authentication processing unit 404 of the second wireless communication unit 104 transmits EAP-Request (Start) to the specific wireless terminal device 2a. Next, the specific wireless terminal device 2 a transmits EAP-Resolution (M1) to the second wireless communication unit 104. Then, the second authentication processing unit 404 of the second wireless communication unit 104 transmits EAP-Request (M2) to the specific wireless terminal device 2a. This completes the preprocessing.

  Next, the radio communication unit 202 of the specific radio terminal device 2a adds preset specific information to the data addressed to the second radio communication unit 104 (step S108). In the present embodiment, the data to which the specific information is added is EAP-Response (M7). Then, the wireless communication unit 202 transmits EAP-Response (M7) to which the specific information is added to the second wireless communication unit 104 (step S109).

  When receiving the EAP-Response (M7), the second authentication processing unit 404 of the second wireless communication unit 104 determines whether the received EAP-Response (M7) includes specific information (Step S110). In the sequence shown in FIG. 8, specific information is included in EAP-Response (M7). In this case, the second authentication processing unit 404 of the second wireless communication unit 104 adds the first security information and the first identification information of the first wireless communication unit 103 to the data addressed to the specific wireless terminal device 2a (step S111). ). In the present embodiment, the data to which the first security information and the first identification information are added is EAP-Request (M8). Then, the second authentication processing unit 404 of the second wireless communication unit 104 transmits EAP-Request (M8) to the specific wireless terminal device 2a (step S112).

  EAP-Response (M7) and EAP-Request (M8) are encrypted according to the encryption procedure defined in the WPS standard. This encryption is performed by the second authentication processing unit 404 and the wireless communication unit 202 of the second wireless communication unit 104, for example. Therefore, even if these data are intercepted by a third party, the first security information and the first identification information are not referred to by the third party. Note that the encryption when the first security information and the first identification information are transmitted is not necessarily limited to the WPS standard, and other encryption methods may be employed.

  When receiving the EAP-Request (M8), the wireless communication unit 202 of the specific wireless terminal device 2a extracts the first identification information from the received EAP-Request (M8). Then, the wireless communication unit 202 stores the extracted first identification information in the identification information storage unit 206 (step S113). In addition, the wireless communication unit 202 extracts security information from the received EAP-Request (M8). Then, the wireless communication unit 202 transmits the extracted security information to the security setting control unit 204. The security setting control unit 204 sets the received security information as security information for wireless communication performed by the own device (specific wireless terminal device 2a) (step S114). This security information is the first security information of the first wireless communication unit 103. Therefore, after the process of step S114, until the first security information of the first wireless communication unit 103 is changed, the specific wireless terminal device 2a transmits data (communication data) other than the data related to the authentication process to the first wireless communication. It is possible to transmit and receive with the unit 103 by wireless communication.

  With the above process, the authentication process by the WPS PIN method is completed (step S115). Then, the second authentication processing unit 404 of the second wireless communication unit 104 transmits information related to the specific wireless terminal device 2a (wireless terminal device record) to the access management control unit 110. The access management control unit 110 registers information related to the specific wireless terminal device 2a in the access management table (step S116). Specifically, the access management control unit 110 registers the MAC address and “Yes” of the specific wireless terminal device 2a as address information and specific information, respectively. Further, the access management control unit 110 does not register the connection end time.

  With the above processing, the wireless communication connection is completed between the first wireless communication unit 103 and the specific wireless terminal device 2a. Then, wireless communication is started between the first data communication unit 304 of the first wireless communication unit 103 and the specific wireless terminal device 2a. Specifically, the specific wireless terminal device 2a transmits Authentication and Association to the first wireless communication unit 103 (Steps S117 and S118). Then, the first data communication unit 304 of the first wireless communication unit 103 starts wireless communication (wireless LAN communication) with the specific wireless terminal device 2a (step S119). The specific wireless terminal device 2a starts wireless communication (wireless LAN communication) with the first wireless communication unit 103 (step S120).

  FIG. 9 is a sequence diagram illustrating a processing flow when the general wireless terminal device 2b starts wireless communication with the relay device 1. The process shown in FIG. 9 is a process in the case where the second security information is set according to the WPS PIN method. In the wireless communication system 100, the processing when the relay device 1 and the general wireless terminal device 2b start communication is not limited to the specific example shown in FIG.

  The first wireless communication unit 103 and the second wireless communication unit 104 periodically transmit a beacon (steps S201 and S202). Specifically, the concealment unit 302 of the first wireless communication unit 103 and the disclosure unit 402 of the second wireless communication unit 104 transmit Beacon. The Beacon of the first wireless communication unit 103 does not include the SSID and WPS IE of the first wireless communication unit 103. On the other hand, the Beacon of the second wireless communication unit 104 includes the SSID and WPS IE of the second wireless communication unit 104.

  Also, the general wireless terminal device 2b periodically transmits a Probe Request. This Probe Request is received by the disclosure unit 402 of the second wireless communication unit 104 and the concealment unit 302 of the first wireless communication unit 103 (steps S203 and S204). The concealment unit 302 of the first wireless communication unit 103 does not transmit a probe response to the probe request according to the ANY connection rejection function. On the other hand, since the disclosure unit 402 of the second wireless communication unit 104 does not have the ANY connection rejection function, the disclosure unit 402 transmits a Probe Response to the Probe Request (Step S205).

  As described above, the Beacon transmitted from the first wireless communication unit 103 does not include the SSID and the WPS IE. In addition, the first wireless communication unit 103 does not transmit a probe response to the probe request. Therefore, the general wireless terminal device 2b cannot receive the SSID of the first wireless communication unit 103, and cannot recognize that the first wireless communication unit 103 is a WPS-compatible access point. On the other hand, the Beacon transmitted from the second wireless communication unit 104 includes an SSID and a WPS IE. In addition, the second wireless communication unit 104 transmits a probe response to the probe request. Therefore, the general wireless terminal device 2b receives the SSID of the second wireless communication unit 104, and can recognize that the second wireless communication unit 104 is a WPS-compatible access point.

  The user of the general wireless terminal device 2b or the administrator of the relay device 1 sets the terminal identification information (PIN code) of the general wireless terminal device 2b in the relay device 1, so that the authentication processing sequence of the WPS PIN method is performed. Start (step S206). For example, when the relay device 1 includes an input device such as a button, the terminal identification information may be set by operating this button. Further, the setting may be performed by opening the management screen of the relay device 1 and inputting the terminal identification information in the information processing device that is communicably connected to the relay device 1. The operation of setting the terminal identification information in the relay device 1 may be performed based on any existing operation.

  When the authentication process is started, first, pre-processing based on a conventional WPS PIN authentication sequence is performed (step S207). The specific content of this process is the same as the preprocess shown in step S107 of FIG. Therefore, explanation is omitted. Next, the wireless communication unit 202 of the general wireless terminal device 2b transmits EAP-Response (M7) to the second wireless communication unit 104 (step S208). Specific information is not added to the EAP-Response (M7).

  When receiving the EAP-Response (M7), the second authentication processing unit 404 of the second wireless communication unit 104 determines whether specific information is included in the received EAP-Response (M7) (Step S209). In the sequence shown in FIG. 9, no specific information is included in the EAP-Response (M7). In this case, the second authentication processing unit 404 of the second wireless communication unit 104 adds the second security information of the second wireless communication unit 104 to the data addressed to the general wireless terminal device 2b (step S210). In the present embodiment, the data to which the second security information is added is EAP-Request (M8). Then, the second authentication processing unit 404 of the second wireless communication unit 104 transmits EAP-Request (M8) to the general wireless terminal device 2b (step S211). In the process of step S210, the second authentication processing unit 404 of the second wireless communication unit 104 does not add the first security information and the first identification information of the first wireless communication unit 103 to the data addressed to the general wireless terminal device 2b. . Therefore, it is possible to prevent the first security information and the first identification information of the first wireless communication unit 103 from leaking to the general wireless terminal device 2b.

  When receiving the EAP-Request (M8), the wireless communication unit 202 of the general wireless terminal device 2b extracts security information from the received EAP-Request (M8). Then, the wireless communication unit 202 transmits the extracted security information to the security setting control unit 204. The security setting control unit 204 sets the received security information as security information for wireless communication performed by the own device (general wireless terminal device 2b) (step S212). This security information is the second security information of the second wireless communication unit 104. Therefore, after the process of step S212, the general wireless terminal device 2b can transmit and receive data (communication data) other than data related to the authentication process to and from the second wireless communication unit 104 by wireless communication.

  With the above process, the authentication process by the WPS PIN method is completed (step S213). Then, the second authentication processing unit 404 of the second wireless communication unit 104 transmits information related to the general wireless terminal device 2 b (wireless terminal device record) to the access management control unit 110. The access management control unit 110 registers information related to the general wireless terminal device 2b in the access management table (step S214). Specifically, the access management control unit 110 registers the MAC address of the general wireless terminal device 2b and “none” as address information and specific information, respectively. Further, the access management control unit 110 registers the connection end time.

  With the above processing, the wireless communication connection is completed between the second wireless communication unit 104 and the general wireless terminal device 2b. Then, wireless communication is started between the second data communication unit 405 of the second wireless communication unit 104 and the general wireless terminal device 2b. Specifically, the general wireless terminal device 2b transmits Authentication and Association to the second wireless communication unit 104 (Steps S215 and S216). Then, the second data communication unit 405 of the second wireless communication unit 104 starts wireless communication (wireless LAN communication) with the general wireless terminal device 2b (step S217). In addition, the general wireless terminal device 2b starts wireless communication (wireless LAN communication) with the second wireless communication unit 104 (step S218).

  As described above, the general wireless terminal device 2b starts wireless communication with the second wireless communication unit 104 without receiving the first security information or the first identification information of the first wireless communication unit 103. Further, the general wireless terminal device 2 b connected to the second wireless communication unit 104 cannot access the specific wireless terminal device 2 a connected to the first wireless communication unit 103. Therefore, the relay device 1 can also provide wireless communication to the general wireless terminal device 2b while maintaining high security of wireless communication with the specific wireless terminal device 2a.

  Next, the update process of the 1st security information of the 1st radio | wireless communication part 103 is demonstrated. In order to maintain high wireless communication security in the first wireless communication unit 103, the first security information is updated at a predetermined timing. Therefore, after the first security information of the first wireless communication unit 103 is updated, the specific wireless terminal device 2a receives the data before the update and performs wireless communication with the first wireless communication unit 103 using the first security information. I can't do that. However, the work of resetting the updated first security information every time the specific wireless terminal device 2a is updated is very complicated for the user. Therefore, in the wireless communication system 100, processing for resuming or maintaining wireless communication is performed while maintaining security even after the first security information is updated. Hereinafter, this process will be described.

  FIG. 10 is a sequence diagram showing the flow of processing related to the update when the first security information of the first wireless communication unit 103 is updated while the specific wireless terminal device 2a belongs. At the time when this sequence is started, the first data communication unit 304 of the first wireless communication unit 103 and the specific wireless terminal device 2a are performing wireless communication (step S301). The security setting control unit 107 monitors the timer control unit 109 and determines whether or not the update timing of the first security information has arrived. The update timing may be, for example, when a predetermined time (for example, 20 hours, 2 days, 2 weeks, or the like) has elapsed since the previous update, or when a predetermined time (for example, 0: 0) has arrived every day. Alternatively, other timing may be used.

  If the update timing of the first security information has not arrived, the security setting control unit 107 continues monitoring until the update timing comes. When the update timing of the first security information has arrived, the security setting control unit 107 notifies the first wireless communication unit 103 to update. The first data communication unit 304 of the first wireless communication unit 103 instructs the access management control unit 110 to extract address information of the specific wireless terminal device 2a. The access management control unit 110 refers to the access management table and extracts the address information of the record whose specific information value is “Yes” (step S302). Then, the access management control unit 110 notifies the first data communication unit 304 of the first wireless communication unit 103 of the extracted address information. The first wireless communication unit 103 transmits a security information update frame by unicast to the specific wireless terminal device 2a corresponding to each extracted address information (step S303).

  After the first data communication unit 304 of the first wireless communication unit 103 transmits the security information update frame, the security setting control unit 107 updates the first security information of the first wireless communication unit 103 (step S304). For example, the first security information is updated by updating the SSID and the encryption key. At this time, the security setting control unit 107 may perform the update by changing the SSID and the encryption key to random values. By being configured in this way, it is possible to reduce the possibility that the updated SSID and encryption key are guessed by a third party.

  After the first security information is updated, the wireless communication unit 202 of the specific wireless terminal device 2a reads the first identification information from the identification information storage unit 206 (step S305). Then, the wireless communication unit 202 starts an authentication process according to the WPS PIN method using the read first identification information (step S306). Note that the timing at which the processing of step S305 and step S306 is performed may be a point in time when a predetermined time has elapsed after receiving the security information update frame, or wireless using the first security information before update. It may be a point in time when communication is no longer possible, or any other timing.

  When the authentication process is started, first, pre-processing based on a conventional WPS PIN authentication sequence is performed (step S307). At this time, the first authentication processing unit 303 performs authentication processing only with the specific wireless terminal device 2a that has transmitted the first identification information. The specific content of the preprocessing is the same as the preprocessing shown in step S107 of FIG. Therefore, explanation is omitted. Next, the first authentication processing unit 303 of the first wireless communication unit 103 reads the updated first security information from the first security information storage unit 301 and adds it to the data addressed to the specific wireless terminal device 2a (step S308). ). In the present embodiment, the data to which the first security information is added is EAP-Request (M7). Then, the first authentication processing unit 303 of the first wireless communication unit 103 transmits EAP-Request (M7) to the specific wireless terminal device 2a (step S309).

  The EAP-Request (M7) is encrypted according to an encryption procedure defined in the WPS standard. This encryption is performed by the first authentication processing unit 303 and the wireless communication unit 202 of the first wireless communication unit 103, for example. Therefore, even if intercepted by a third party, the updated first security information is not referred to by the third party.

  When receiving the EAP-Request (M7), the wireless communication unit 202 of the specific wireless terminal device 2a extracts updated security information from the received EAP-Request (M7). Then, the wireless communication unit 202 transmits the extracted security information to the security setting control unit 204. The security setting control unit 204 sets the received security information as security information for wireless communication performed by the own device (specific wireless terminal device 2a) (step S310). This security information is the first security information after the first wireless communication unit 103 is updated. Therefore, after the process of step S310, the specific wireless terminal device 2a communicates with the first data communication unit 304 of the first wireless communication unit 103 and the communication data until the first security information of the first wireless communication unit 103 is further changed. Wireless communication can be performed. Thereafter, the wireless communication unit 202 of the specific wireless terminal device 2a transmits EAP-Response (NACK) and EAP-Fail to the first wireless communication unit 103 (steps S311 and S312).

  With the above processing, the wireless communication connection processing using the updated first security information is completed between the first wireless communication unit 103 and the specific wireless terminal device 2a. Then, wireless communication is started between the first data communication unit 304 of the first wireless communication unit 103 and the specific wireless terminal device 2a. Specifically, the specific wireless terminal device 2a transmits Authentication and Association to the first wireless communication unit 103 (Steps S313 and S314). Then, the first data communication unit 304 of the first wireless communication unit 103 starts wireless communication (wireless LAN communication) with the specific wireless terminal device 2a (step S315). Further, the specific wireless terminal device 2a starts wireless communication (wireless LAN communication) with the first wireless communication unit 103 (step S316).

  Next, after the specific wireless terminal device 2a that has performed wireless communication with the first data communication unit 304 of the first wireless communication unit 103 in the past does not belong, the first data communication unit 304 of the first wireless communication unit 103 again. A process for resuming communication with the client will be described. At the time when this process is started, the first data communication unit 304 of the first wireless communication unit 103 and the specific wireless terminal device 2a are not performing wireless communication. Therefore, no record related to the specific wireless terminal device 2a is registered in the access management table. However, as described above, the specific wireless terminal device 2a has performed wireless communication with the first data communication unit 304 of the first wireless communication unit 103 in the past. Therefore, the first identification information is stored in the identification information storage unit 206 of the specific wireless terminal device 2a.

  Note that the process in which the specific wireless terminal device 2a once belonging to the first wireless communication unit 103 does not belong after that is performed as follows, for example. The specific wireless terminal device 2 a periodically transmits Authentication and Association to the first wireless communication unit 103 even after belonging. When the first data communication unit 304 of the first wireless communication unit 103 does not receive a new Authentication and Association even after a predetermined time has elapsed since the last reception of Authentication and Association, the specific wireless terminal device 2a Stops sending / receiving communication data to / from. In this case, the first data communication unit 304 notifies the access management control unit 110 to delete the record related to the specific wireless terminal device 2a. Upon receiving this notification, the access management control unit 110 deletes the record related to the specific wireless terminal device 2a from the access management table. For example, such a situation may occur when the specific wireless terminal device 2a moves out of the wireless communication area of the relay device 1 or when the specific wireless terminal device 2a is turned off. At this time, the specific wireless terminal device 2a that has lost its belonging continues to store the first identification information stored in the identification information storage unit 206 without deleting it.

  FIG. 11 shows that the specific wireless terminal device 2a that has performed wireless communication with the first data communication unit 304 of the first wireless communication unit 103 in the past resumes wireless communication with the first wireless communication unit 103 again after no longer belonging. It is a sequence diagram showing the flow of the process at the time of doing. First, the wireless communication unit 202 of the specific wireless terminal device 2a reads the first identification information from the identification information storage unit 206 (step S401). Then, the wireless communication unit 202 starts an authentication process according to the WPS PIN method using the read first identification information (step S402). Note that the processing of step S401 and step S402 may be performed periodically regardless of whether or not the relay device 1 is within the wireless communication range, or the user of the specific wireless terminal device 2a instructs to start communication. It may be executed at the timing of input, or may be executed at another timing.

  When the authentication process is started, first, pre-processing based on a conventional WPS PIN authentication sequence is performed (step S403). At this time, the first authentication processing unit 303 performs authentication processing only with the specific wireless terminal device 2a that has transmitted the first identification information. The specific content of the preprocessing is the same as the preprocessing shown in step S107 of FIG. Therefore, explanation is omitted. Next, the first authentication processing unit 303 of the first wireless communication unit 103 reads the first security information stored in the first security information storage unit 301 and adds it to the data addressed to the specific wireless terminal device 2a (step). S404). In the present embodiment, the data to which the first security information is added is EAP-Request (M7). Then, the first authentication processing unit 303 of the first wireless communication unit 103 transmits EAP-Request (M7) to the specific wireless terminal device 2a (step S405).

  The EAP-Request (M7) is encrypted according to an encryption procedure defined in the WPS standard. This encryption is performed by the first authentication processing unit 303 and the wireless communication unit 202 of the first wireless communication unit 103, for example. Therefore, even if intercepted by a third party, the first security information is not referred to by the third party.

  When receiving the EAP-Request (M7), the wireless communication unit 202 of the specific wireless terminal device 2a extracts security information from the received EAP-Request (M7). Then, the wireless communication unit 202 transmits the extracted security information to the security setting control unit 204. The security setting control unit 204 sets the received security information as security information for wireless communication performed by the own device (specific wireless terminal device 2a) (step S406). This security information is the latest first security information of the first wireless communication unit 103. Therefore, after the process of step S406, the specific wireless terminal device 2a communicates with the first data communication unit 304 of the first wireless communication unit 103 and the communication data wirelessly until the first security information of the first wireless communication unit 103 is changed. Communication is possible. Thereafter, the wireless communication unit 202 of the specific wireless terminal device 2a transmits EAP-Response (NACK) and EAP-Fail to the first wireless communication unit 103 (steps S407 and S408).

  With the above processing, the authentication processing by the WPS PIN method is completed. Then, the first authentication processing unit 303 of the first wireless communication unit 103 transmits information related to the specific wireless terminal device 2a to the access management control unit 110. The access management control unit 110 registers information related to the specific wireless terminal device 2a in the access management table (step S409). Specifically, the access management control unit 110 registers the MAC address and “Yes” of the specific wireless terminal device 2a as address information and specific information, respectively. Further, the access management control unit 110 does not register the connection end time.

  With the above processing, the wireless communication connection processing using the latest first security information is completed between the first wireless communication unit 103 and the specific wireless terminal device 2a. Then, wireless communication is started between the first data communication unit 304 of the first wireless communication unit 103 and the specific wireless terminal device 2a. Specifically, the specific wireless terminal device 2a transmits Authentication and Association to the first wireless communication unit 103 (Steps S410 and S411). Then, the first data communication unit 304 of the first wireless communication unit 103 starts wireless communication (wireless LAN communication) with the specific wireless terminal device 2a (step S412). The specific wireless terminal device 2a starts wireless communication (wireless LAN communication) with the first wireless communication unit 103 (step S413).

  The relay device 1 includes a set of two antennas and a wireless communication unit. In the present embodiment, the relay device 1 includes a set of the first antenna 101 and the first wireless communication unit 103 and a set of the second antenna 102 and the second wireless communication unit 104. Different security information is set in the first wireless communication unit 103 and the second wireless communication unit 104. Then, the transmission of the first security information to the other device by the first wireless communication unit 103 is limited to one of the following. One is a case where the second wireless communication unit 104 transmits to the specific wireless terminal device 2a during the authentication process (the process of S112 in FIG. 8). Further, one is a case of transmitting to the specific wireless terminal device 2a during the authentication process using the first identification information (the process of S309 in FIG. 10 and the process of S405 in FIG. 11). These transmissions are performed after being encrypted according to an encryption procedure. Therefore, the possibility that the first security information of the first wireless communication unit 103 leaks to the general wireless terminal device 2b that does not have the specific information can be reduced. In addition, the wireless terminal device 2 that performs wireless communication with the first data communication unit 304 of the first wireless communication unit 103 can be limited to the specific wireless terminal device 2a. From the above, it is possible to maintain high security in the first network area formed by the first wireless communication unit 103.

  Further, the security setting control unit 107 of the relay device 1 updates the first security information of the first wireless communication unit 103 at a predetermined timing. Therefore, it is possible to maintain high security in the first network area. That is, it is possible to suppress a decrease in security.

  In addition, after the first security information of the first wireless communication unit 103 is updated, the specific wireless terminal device 2a that stores the first identification information is related to whether or not it belongs at that time. First, new first security information is set in the specific wireless terminal device 2a without depending on the user's operation. In this process, the user does not need to perform complicated operations regarding the first security information. Therefore, it is easy to maintain or resume wireless communication using the updated first security information. This process is realized by performing an authentication process using the first identification information.

  Further, the updated first security information may be transmitted to the specific wireless terminal device 2a by the WPS PIN method using the first identification information as a PIN code. In this case, since the implementation is performed by the existing method, it is possible to reduce the cost and time required for constructing the configuration for notifying the updated first security information.

  Further, the relay device 1 can provide wireless communication with high security to the specific wireless terminal device 2a, and can also provide wireless communication to the general wireless terminal device 2b.

  Note that the general wireless terminal device 2b can execute the WPS PIN method using the PIN code of the relay device 1 instead of the terminal identification information. In this case, the general wireless terminal device 2b can execute the WPS PIN method by using the second identification information. Since the second identification information storage unit 106 accepts access from an external device (a device other than the relay device 1), such processing is possible. Note that the second identification information may be described so as to be viewable on another medium (such as a manual of the relay device 1 or a sticker attached to the casing of the relay device 1).

[Modification]
The relay device 1 need not be limited to a wireless LAN access point. For example, the relay device 1 may be a device that performs wireless communication in a form different from a wireless LAN. In addition, the wireless communication device configuring the wireless communication system 100 is not necessarily limited to the combination of the relay device and the wireless terminal device. As long as it is a combination of at least a wireless communication device having each configuration of the relay device 1 shown in FIG. 2 and a wireless communication device having each configuration of the wireless terminal device 2 shown in FIG. Can be configured.

  The timing at which the security setting control unit 107 updates the first security information may be a timing unrelated to the time measurement by the timer control unit 109. For example, it may be a timing when an update command is issued by the administrator of the relay device 1, or may be a timing when the number of specific wireless terminal devices 2a registered in the access management table exceeds a predetermined number. However, other timings may be used.

  In the above-described embodiment, the configuration in the case where the WPS PIN method is adopted has been described, but the WPS PBC method may be adopted. For example, the WPS PBC system may be executable by providing the relay apparatus 1 with a button for executing the WPS PBC system. However, when executing WPS PBC in the second wireless communication unit 104, the first security information and the first identification information of the first wireless communication unit 103 must be concealed, as in the above-described embodiment.

  Further, the relay device 1 may be configured not to perform wireless communication with the general wireless terminal device 2b. In this case, the second wireless communication unit 104 is a wireless communication unit for notifying the first security information of the first wireless communication unit 103. The first wireless communication unit 103 is a wireless communication unit for providing secure wireless communication.

  In the process of S303 in FIG. 10, the security information update frame may be configured not to be transmitted. In this case, the timing at which the processes of step S305 and step S306 are executed is implemented as a timing that occurs regardless of the security information update frame.

Each functional unit included in the first wireless communication unit 103 may be provided outside the first wireless communication unit 103. For example, the first security information storage unit 301 may be provided outside the first wireless communication unit 103 and inside the relay device 1. The first identification information storage unit 105 may be provided inside the first wireless communication unit 103.
Each functional unit included in the second wireless communication unit 104 may be provided outside the second wireless communication unit 104. For example, the second security information storage unit 401 or the specific information storage unit 403 may be provided outside the second wireless communication unit 104 and inside the relay device 1. The second identification information storage unit 106 may be provided inside the second wireless communication unit 104.

  The embodiment of the present invention has been described in detail with reference to the drawings. However, the specific configuration is not limited to this embodiment, and includes designs and the like that do not depart from the gist of the present invention.

DESCRIPTION OF SYMBOLS 1 ... Relay apparatus (wireless communication apparatus, 1st wireless communication apparatus), 101 ... 1st antenna, 102 ... 2nd antenna, 103 ... 1st wireless communication part, 104 ... 2nd wireless communication part, 105 ... 1st identification information Storage unit 106 ... Second identification information storage unit 107 ... Security setting control unit 108 ... Wireless communication control unit 109 ... Timer control unit 110 ... Access management control unit 111 ... Access management table storage unit 2 ... Wireless Terminal device (other wireless communication device, second wireless communication device), 2a ... specific wireless terminal device, 2b ... general wireless terminal device, 201 ... antenna, 202 ... wireless communication unit, 203 ... terminal identification information storage unit, 204 ... Security setting control unit, 205 ... wireless communication control unit, 206 ... identification information storage unit

Claims (5)

Wireless communication based on different security information, a first wireless communication unit and a second wireless communication unit constituting a network independent of each other;
A first identification information storage unit for storing first identification information assigned to the first wireless communication unit,
The first wireless communication unit does not publish its own security information, the second wireless communication unit publishes its own security information,
The second wireless communication unit performs wireless communication with another wireless communication device based on security information of the second wireless communication unit, and transmits the predetermined specific information to the other wireless communication device. Send security information of the first wireless communication unit,
The first wireless communication unit performs wireless communication with the other wireless communication device based on security information of the first wireless communication unit.
Wireless communication device. A security setting control unit that updates security information of the first wireless communication unit at a predetermined timing;
The second wireless communication unit further transmits the identification information of the first wireless communication unit to another wireless communication device that transmits the specific information,
The wireless communication device according to claim 1, wherein the first wireless communication unit transmits the latest security information of the first wireless communication unit to another wireless communication device that transmits identification information of the first wireless communication unit. Communication device. A wireless communication system comprising a first wireless communication device and a second wireless communication device,
The first wireless communication device is:
Wireless communication based on different security information, a first wireless communication unit and a second wireless communication unit constituting a network independent of each other;
A first identification information storage unit for storing first identification information assigned to the first wireless communication unit,
The second wireless communication device is
A specific information storage unit for storing predetermined specific information;
The first wireless communication device, and a wireless communication unit that performs wireless communication based on security information,
The first wireless communication unit does not publish its own security information, the second wireless communication unit publishes its own security information,
The wireless communication unit transmits the specific information to the second wireless communication unit based on the security information of the publicly disclosed second wireless communication unit,
The second wireless communication unit performs wireless communication with the second wireless communication device based on security information of the second wireless communication unit, and transmits predetermined specific information to the second wireless communication device. , Sending the security information of the first wireless communication unit,
The second wireless communication device and the first wireless communication unit perform wireless communication with each other based on security information of the first wireless communication unit.
Wireless communication system. A first wireless communication unit and a second wireless communication unit that perform wireless communication based on different security information and configure mutually independent networks, and first identification information assigned to the first wireless communication unit A wireless communication method performed by a wireless communication device that does not disclose security information of the first wireless communication unit, comprising:
The second wireless communication unit publishing its own security information;
The second wireless communication unit performs wireless communication with another wireless communication device based on security information of the second wireless communication unit, and transmits the predetermined specific information to the other wireless communication device. Transmitting security information of the first wireless communication unit;
The first wireless communication unit performs wireless communication with the other wireless communication device based on security information of the first wireless communication unit;
A wireless communication method. A first wireless communication unit and a second wireless communication unit that perform wireless communication based on different security information and configure mutually independent networks, and first identification information assigned to the first wireless communication unit A first wireless communication device that includes one identification information storage unit and that does not disclose security information of the first wireless communication unit; a second wireless communication device that includes a specific information storage unit that stores predetermined specific information; A wireless communication method performed by a wireless communication system comprising:
The second wireless communication unit publishing its own security information;
The second wireless communication device transmitting the specific information to the second wireless communication unit based on the security information of the publicly disclosed second wireless communication unit;
The second wireless communication unit performs wireless communication with the second wireless communication device based on security information of the second wireless communication unit, and transmits predetermined specific information to the second wireless communication device. Sending the security information of the first wireless communication unit;
The second wireless communication device and the first wireless communication unit perform wireless communication with each other based on security information of the first wireless communication unit;
A wireless communication method.

Images