JP2012195823A - Wireless communication device, wireless communication method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve security between an access point and a station.SOLUTION: One wireless communication device in a wireless communication system including a plurality of wireless communication devices, comprises: a calculation processing unit for, when establishing connection with another wireless communication device, performing predetermined calculation processing based on network identification information to be provided by the other communication device; a determination unit for determining whether to establish connection with the other wireless communication device based on the calculation result and a calculation result to be provided by the other wireless communication device; and a connection processing unit for establishing connection with the other wireless communication device according to the determination result.

Description

  The present invention relates to a wireless LAN communication device using a WPS (Wi-Fi Protected Setup) method.

  Wireless LAN technologies such as IEEE802.11a, IEEE802.11g, and IEEE802.11n defined by the IEEE (The Institute of Electrical and Electronic Engineers) 802.11 task group that develops wireless LAN (Local Area Network) standards Is popular worldwide in offices or homes.

  IEEE802.11a is a specification for performing communication using a frequency band of 5 [GHz], while IEEE802.11g is a specification for performing communication using a frequency band of 2.4 [GHz].

  IEEE802.11n is a wireless communication technology called MIMO (Multiple Input Multiple Output) that extends a data transmission / reception band by combining a plurality of antennas on the transmission side and the reception side.

  In the specification of IEEE802.11a / 11g / 11n, the connection mode is divided into an infrastructure mode using an access point and an ad hoc mode using no access point.

  In the infrastructure mode, a station that is a wireless LAN terminal exists around an access point, and data transmission between the station and another station is performed via the access point. The infrastructure mode is often used in environments such as offices and homes, and is a general connection form.

  When a connection is made between a station and an access point, it is necessary to set an SSID (Service Set Identifier) serving as an identifier of the wireless LAN network and a passphrase for generating an encryption key on the station side. For this reason, it becomes complicated when compared with a wired connection.

  Therefore, as a method for solving this complexity, Wi-Fi Alliance, which is a wireless LAN-related industry group, uses WPS (Wi-Fi Protected), a standard for easily executing connection and security settings of wireless LAN devices. The specification of Setup) has been finalized, and the corresponding equipment has been certified since January 2007.

  Also, due to recent technological trends, communication devices equipped with wireless LAN communication functions, that is, Wi-Fi compatible devices, are increasing from personal computers, mobile phones, digital cameras, printers, etc. to keyboards and headphones. For this reason, it is highly necessary to transmit data between communication devices without an access point.

  Therefore, in October 2009, Wi-Fi Alliance, an industry group aiming to promote the spread of wireless LAN products, developed a specification “Wi-Fi CERTIFIED Wi-Fi Direct” for direct communication between Wi-Fi terminals. "announced. As for this specification, a draft specification has been formulated as of October 2010 (see, for example, Non-Patent Document 2).

  Wi-Fi CERTIFIED Wi-Fi Direct specifications (hereinafter referred to as “Wi-Fi Direct”), as a basic concept, each Wi-Fi compatible device realizes the function of an access point in the conventional infrastructure mode on software. The software access point function is installed. Among a plurality of Wi-Fi compatible communication devices (P2P Devices) participating in the network, any one of the communication devices becomes a P2P Group Owner that actually enables the function of the software access point. Communication devices other than P2P Group Owner become P2P Clients and perform communication.

  Note that a method for determining a communication device that operates as a P2P Group Owner is defined as Group Owner Negotiation in the Wi-Fi Direct specification. The value of Group Owner Intent (0 to 15) representing the degree of P2P Group Owner set for each P2P Device is compared, and the P2P Device having a large value becomes the P2P Group Owner. In Wi-Fi Direct, mounting of WPS is an essential item for connection between P2P Client and P2P Group Owner.

  In the future, communication devices equipped with WPS are expected to become more widespread.

  In WPS, a communication device that transmits a connection request, such as a station, is defined as Enrollee. In addition, a communication device having a role of giving information such as an SSID and a passphrase for generating an encryption key to an Enrollee that transmitted a connection request, such as an access point, is defined as an AP / Registrar.

  In WPS, a push button method and a PIN (Personal Identify Number) code method are defined as authentication methods for permitting connection only to authorized users.

  As for the push button method, when the user presses the push button on the AP / Registrar side, the AP / Registrar accepts the connection from the Enrollee only for two minutes after the button is pressed. The user transmits a connection request to the AP / Registrar by pressing a button for requesting connection on the Enrollee side or performing an action corresponding to the button.

  The AP / Registrar sends information necessary for establishing a connection, such as an SSID and a passphrase for generating an encryption key, to the Enrollee that has requested the connection.

  The Enrollee performs subsequent communication by making a connection using information received from the AP / Registrar. However, in the push button method, when a connection is made, it is necessary to go to a place where the AP / Registrar exists and press the button. In addition, there is a problem that a connection is permitted when a person other than the authorized user makes a connection request within 2 minutes after the button is pressed.

  On the other hand, in the PIN code system, the AP / Registrar side and the Enrollee side share a 4-digit or 8-digit number called a PIN code in advance. In the process of generating the encryption key in the connection, a PIN code is used between the AP / Registrar side and the Enrollee side. Information (Credentials) such as a passphrase that is a basis of the encryption key necessary for communication is transmitted from the AP / Registrar to the Enrollee using the encryption key generated based on the PIN code. Therefore, only when the PIN codes shared between the AP / Registrar and the Enrollee match, the encryption keys of both can correctly correspond, and the Credentials can be distributed.

  A technique for automatically generating an SSID based on a PIN code is known (for example, see Patent Document 1). In this technique, an SSID is generated based on a PIN code that is assumed to be known only by an authorized user. For this reason, if the stealth mode that does not include the SSID is set in the beacon frame periodically transmitted by the access point to notify the presence of the wireless network, only the Enrollee that knows the SSID can access the AP / Registrar. On the other hand, it is possible to connect, and connection by a person other than the authorized user can be avoided.

  In addition, a technique using a PIN code generated using code generation information and authentication information associated with each user's user identifier is known (for example, see Patent Document 1).

  The PIN code method in WPS has an advantage that the problem in the push button method can be overcome. Specifically, when making a connection, you must go to the location where the AP / Registrar exists and press the button, or a person other than the authorized user will request a connection within 2 minutes after the button is pressed. In this case, it is possible to solve the problem of allowing the connection.

  However, the PIN code is easily grasped by the user. For example, it is attached to the AP / Registrar side or displayed by clicking a PIN code generation button on the AP / Registrar side web server.

  In the PIN code method, the user must grasp and input the AP / Registrar PIN code. In addition, when the PIN code is affixed to the AP / Registrar side, if the PIN code is grasped by a person other than the authorized user, there is a risk that the AP / Registrar is illegally connected.

  A technique for avoiding the risk of unauthorized connection to an AP / Registrar by a person other than a regular user is known (see, for example, Patent Document 2).

  That is, an account management apparatus corresponding to AP / Registrar generates code generation information. The account management apparatus generates a PIN code based on the code generation information and authentication information associated with the user identifier of each user. The account management apparatus transmits the SSID to Enrollee.

  On the Enrollee side, a PIN code is generated based on the SSID and authentication information received from the account management apparatus.

  However, in this case, it is necessary to create user identifiers and authentication information for each user in advance and manage them on the account management apparatus side. Further, the Enrollee side must manage the user identifier and authentication information of each user.

  Moreover, in the above-mentioned patent document 1, the troublesomeness of grasping and inputting a PIN code cannot be solved.

  Therefore, the present invention has been made in view of at least one of the above-described problems, and is to improve security between an access point and a station.

A wireless communication apparatus according to an embodiment of the disclosure is:
A wireless communication device in a wireless communication system including a plurality of wireless communication devices,
An arithmetic processing unit that performs predetermined arithmetic processing based on network identification information to be notified from the other communication device when establishing a connection with the other wireless communication device;
A determination unit that determines whether or not to establish a connection with the other wireless communication device based on a calculation result by the calculation processing and a calculation result to be notified by the other wireless communication device;
A connection processing unit that establishes a connection with the other wireless communication device according to a determination result by the determination unit.

A wireless communication method according to an embodiment of the disclosure includes:
A wireless communication method in one wireless communication device in a wireless communication system including a plurality of wireless communication devices,
An arithmetic processing step for performing a predetermined arithmetic processing based on network identification information to be notified from the other communication device when establishing a connection with the other wireless communication device;
A determination step for determining whether or not to establish a connection with the other wireless communication device based on a calculation result of the calculation processing step and a calculation result to be notified by the other wireless communication device;
A connection processing step of establishing a connection with the other wireless communication device according to the determination result of the determination step.

The program of an embodiment of the disclosure is
A program for causing a computer to execute the above-described wireless communication method.

  According to the disclosed embodiment, the security between the access point and the station can be improved.

It is a block diagram which shows one Example of a radio | wireless communications system. It is a partial block diagram which shows one Example of a station. It is a figure which shows one Example of operation | movement of a station. It is a flowchart which shows one Example of operation | movement of a station. It is a partial block diagram which shows one Example of an access point. It is a flowchart which shows one Example of a PIN code production | generation process (the 1). It is a flowchart which shows one Example of a PIN code production | generation process (the 2). It is a sequence chart which shows one Example of operation | movement of a radio | wireless communications system. It is a flowchart which shows one Example of a PIN code production | generation process (the 3).

Embodiments will be described below with reference to the drawings.
In all the drawings for explaining the embodiments, the same reference numerals are used for those having the same function, and repeated explanation is omitted.

<Example>
FIG. 1 shows an embodiment of the wireless communication system.

  The wireless communication system includes an access point 200 and a station (Enrollee) 100. The access point 200 includes a wireless communication device that functions as a P2P Group Owner.

  The station 100 uses a wireless LAN (WLAN) defined in the IEEE 802.11 specification as a wireless communication protocol.

  The station 100 includes a station main body 110 and a WLAN card 120. The station main body 110 and the WLAN card 120 are connected via a bus 130.

  The station main body 110 has a main CPU (Central Processing Unit) 113. The main CPU 113 causes an OS (Operating System) 112 to be executed. The main CPU 113 causes the device driver 114 to be executed on the OS 112.

  The station main body 110 has a device driver 114. The device driver 114 controls the WLAN MAC 125 in cooperation with the firmware 121.

  The station main body 110 includes a station wireless utility tool 111.

  The station main body 110 has a bus control unit 115. The bus control unit 115 controls the bus 130 in cooperation with the bus control unit 124 in the WLAN card 120.

  The WLAN card 120 has a local CPU 123. The local CPU 123 causes the OS 122 to be executed. Further, the local CPU 123 causes the firmware 121 to be executed on the OS 122.

  The WLAN card 120 has firmware 121. The firmware 121 controls the WLAN MAC 125. That is, the firmware 121 controls the WLAN MAC 125 by reading and writing a value to a register in the WLAN MAC 125.

  The WLAN card 120 has a bus control unit 124. The bus control unit 124 controls the bus 130 in cooperation with the bus control unit 115 in the station main body 110.

  The WLAN card 120 has a WLAN MAC 125. The WLAN MAC 125 generates a data packet to be transmitted and divides the received data packet.

  The WLAN card 120 has a WLAN PLCP 126. The WLAN PLCP 126 converts the digital data of the data packet generated by the WLAN MAC 125 into an electrical signal. The WLAN PLCP 126 inputs digital data converted into an electrical signal to the WLAN MAC 125. The WLAN PLCP 126 converts the received electrical signal into digital data of a data packet. The WLAN PLCP 126 inputs a data packet converted into digital data to the WLAN MAC 125.

  The WLAN card 120 has an RF 127. The RF 127 performs frequency conversion between the frequency of the electric signal and the frequency of the radio wave.

<Wireless utility tool for stations>
FIG. 2 shows an embodiment of the station wireless utility tool 111.

  The station wireless utility tool 111 serves as an interface between the user and the station main body 110. For example, the station wireless utility tool 111 functions when receiving a connection request from a user. The station wireless utility tool 111 functions when displaying the status of the wireless device and notifying the user.

  The station wireless utility tool 111 includes an SSID display unit 1111. The SSID display unit 1111 displays a list of SSIDs that should be detected by the WLAN card 120. The SSID list includes the SSID set in the access point in the IEEE 802.11 specification and the SSID set in the P2P Group Owner in the Wi-Fi Direct specification.

  For example, the user can select the SSID by moving an instruction device such as a mouse. Specifically, by moving the pointing device, the pointer can be brought to any SSID position in the list of one or more SSIDs to be displayed on the SSID display unit 1111. The color of the SSID indicated by the pointer changes to clearly indicate that the SSID is selected. Further, a connection click button I / F 1112 is displayed at the location of the SSID.

  FIG. 3 shows an example of contents to be displayed by the SSID display unit 1111. FIG. 3 includes one or more areas for selecting an SSID to be detected by the WLAN card 120. Further, each area corresponds to an area to be selected when connecting. The area to be selected when the connection is made may be displayed when the SSID is selected.

  The connection click button I / F 1112 is associated with each SSID to be displayed on the SSID display unit 1111. When the connection click button I / F is clicked by the user, a connection request is transmitted to the access point or P2P Group Owner that is transmitting the SSID corresponding to the connection click button I / F.

  When a connection using WPS is made, it is checked whether the PIN codes set on the Enrollee side and the AP / Registrar side match.

  The station 100 automatically generates a PIN code to be included in the connection request based on the SSID.

  The station wireless utility tool 111 includes a PIN code generation unit 1114. The PIN code generation unit 1114 automatically generates a PIN code. For example, the PIN code generation unit 1114 uses a SSID as an input value of the function using a function that conceals the contents of the arithmetic processing. An operation value obtained as a result of the operation processing is defined as a PIN code.

  The station wireless utility tool 111 includes a WPS method determination unit 1113. When the connection click button I / F 1112 is selected by the user, the WPS method determination unit 1113 has a push button to be notified by the access point corresponding to the SSID corresponding to the selected connection click button I / F 1112. It is determined whether to issue a push button connection request based on information on whether or not the button has been pressed.

  In addition, when the connection click button I / F 1112 is selected by the user, the WPS method determination unit 1113 should be notified by the P2P Group Owner corresponding to the SSID corresponding to the selected connection click button I / F 1112. It may be determined whether to issue a connection request in the push button system based on information on whether or not the push button has been pressed.

  When it is determined that the push button is pressed, the WPS method determination unit 1113 sends a connection request using the push button method. When it is determined that the push button is not pressed, the WPS method determination unit 1113 uses the PIN code method. Send a connection request.

  Information indicating whether or not the push button has been pressed is created in the firmware 121 and the device driver 114. The firmware 121 detects information indicating whether it is within 2 minutes after the push button is pressed, which should be included in the beacon frame transmitted by the access point or the P2P Group Owner.

<Detection method of information indicating whether or not the push button was pressed>
In the WPS specification, the access point or P2P Group Owner (AP / Registrar) sets the value of the Selected Registrar Attribute in the WSC IE area in the beacon frame for 2 minutes after the push button is pressed (Walk Time). It is specified to set to TRUE. When a connection request from a certain station is received during the two minutes, it is stipulated that Credentials be supplied to the station.

  When the AP / Registrar recognizes that two minutes have passed since the push button was pressed using an internal timer, the AP / Registrar is specified to set the value of the Selected Registrar Attribute to FALSE.

  The firmware 121 analyzes the received beacon frame and checks whether the value of the Selected Registrar Attribute is TRUE or FALSE.

  The firmware 121 transmits information indicating whether the value of the Selected Registrar Attribute is TRUE or FALSE to the station wireless utility tool 1111 via the device driver 114.

  In the station wireless utility tool 1111, when the information to be notified from the device driver 114 indicates that the push button is pressed, the connection processing is performed based on the push button method defined in the WPS specification. To do. On the other hand, if the push button is not pressed, the PIN code is automatically generated. The station wireless utility tool 1111 performs connection processing based on the PIN code system defined in the WPS specification using the automatically generated PIN code.

<Connection process>
FIG. 4 shows the connection process.

  The connection process is started when the user presses the connection click button I / F 1112.

  The station wireless utility tool 111 in the station 100 determines whether the information to be notified from the device driver 114 indicates that the push button has been pressed (step S402).

  When it is determined that the push button has not been pressed (step S402: NO), the station 100 automatically generates a PIN code based on the SSID and connects by the PIN code method (step S404). . That is, the PIN code generation unit 1114 automatically generates a PIN code based on the SSID. The stations 100 are connected by a PIN code method.

  If it is determined that the push button has been pressed (step S402: YES), the station 100 connects by the push button method (step S406).

  As described above, the station 100 and the access point 200 are connected by the PIN code method or the push button method.

  In this embodiment, the access point or P2P Group Owner side has a wireless utility tool having the same function as the station wireless utility tool 1111.

  Hereinafter, the wireless utility tool having the same function as the wireless utility tool 1111 for the station on the access point or P2P Group Owner side is referred to as “wireless utility tool for access point”.

  FIG. 5 shows an embodiment of the access point 200.

  The access point 200 has an access point wireless utility tool 211. The configuration other than the access point wireless utility tool 211 is substantially the same as the station described with reference to FIG.

  The access point wireless utility tool 211 is different from the station wireless utility tool 111 shown in FIG. 2 in that it has only a PIN code generation unit 2114.

  The PIN code generation unit 2114 uses a function that conceals the contents of the arithmetic processing, similarly to the PIN code generation unit 1114 that should be included in the station wireless utility tool 1111. The contents of the calculation processing are substantially the same as those of the PIN code generation unit 1114 included in the station wireless utility tool 1111.

  Therefore, when the same SSID is input to each of the PIN code generation unit 1114 included in the station wireless utility tool 1111 and the PIN code generation unit 2114 included in the access point wireless utility tool 211, both The output value obtained by the tool, that is, the PIN code value is the same.

  In addition, as an access point or P2P Group Owner, a product that supports an SSID stealth function in which an SSID is not included in a beacon frame is also widespread. In the present embodiment, a case where the SSID is included in the beacon frame without using the SSID stealth function will be described.

  In the IEEE802.11 specification, an active scan method and a passive scan method are defined.

  In the active scan method, when a station requesting a connection sends a probe request frame indicating a connection request to an access point or a communication apparatus having a function equivalent thereto, the SSID is included in the probe request frame.

  In the passive scan method, when a station requesting connection sends a probe request frame indicating a connection request to an access point or a communication apparatus having a function equivalent thereto, the SSID is not included in the probe request frame.

  In this embodiment, the SSID is designated on the access point wireless utility tool 211. When the connection click button I / F 1112 included in the station wireless utility tool 111 of the station 100 is pressed, the access point that is the transmission source of the SSID corresponding to the connection click button I / F 1112 or a communication device having a function equivalent thereto In order to issue a connection request, it is necessary to clearly indicate the SSID in the Probe Request frame. Therefore, in the present embodiment, a case where a Probe Request frame is transmitted by the active scan method will be described.

<Details of Processing in PIN Code Generation Unit (Part 1)>
Hereinafter, processing of the PIN code generation unit 1114 of the station wireless utility tool 1111 will be described. The processing of the PIN code generation unit 2114 of the access point wireless utility tool 211 is substantially the same.

  The PIN code generation unit 1114 of the station wireless utility tool 1111 sets the input value as the SSID and the output value as the PIN code. Here, a case where “ntwk02” is applied as an example of the SSID to be input to the PIN code generation unit 1114 will be described.

  FIG. 6 shows a process (part 1) of the PIN code generation unit 1114.

  The PIN code generation unit 1114 converts the SSID into an ASCII code for each character (step S602). That is, “ntwk02” is converted to “20 20 6E 74 77 6B 30 32”. When the SSID length is 9 characters or more, the lower 8 characters are extracted, and when the SSID length is less than 8 characters, the upper space is supplemented with a space (space) and expanded to 8 characters. One character may be converted into an ASCII code.

  The PIN code generation unit 1114 sets the first code from the bottom of the SSID converted into the ASCII code as the input value of the hash function (step S604). That is, “0 × 32” is set as the input value of the hash function.

  The PIN code generation unit 1114 sets the last digit of the output value of the hash function as the value of the first digit from the bottom of the PIN code (step S606). For example, when “6” is obtained as the output value of the hash function, “6” is the value of the first digit from the bottom of the PIN code.

  The PIN code generation unit 1114 adds the output value of the hash function and the second character code from the bottom of the SSID (step S608). That is, the output value “6” of the hash function and the second character code “30” from the bottom of the SSID are added.

  The PIN code generation unit 1114 uses the added value as the input value of the hash function (step S610). That is, the added value “0 × 36” is used as the input value of the hash function.

  The PIN code generation unit 1114 sets the last digit of the output value of the hash function as the value of the second digit from the bottom of the PIN code (step S612). For example, when “9” is obtained as the output value of the hash function, “9” is the value of the second digit from the bottom of the PIN code.

  The PIN code generation unit 1114 adds the output value of the hash function and the third character code from the bottom of the SSID (step S614). That is, the output value “9” of the hash function is added to the third character code “6B” from the bottom of the SSID.

  The PIN code generation unit 1114 sets the added value as the input value of the hash function (step S616). That is, the added value “0 × 74” is set as the input value of the hash function.

  The PIN code generation unit 1114 sets the last digit of the output value of the hash function as the value of the third digit from the bottom of the PIN code (step S618). For example, when “2” is obtained as the output value of the hash function, “2” is set as the third digit value from the bottom of the PIN code.

  Thereafter, the above-described processing is repeated until an 8-digit value is calculated as the PIN code (step S620).

  In the example shown in FIG. 6, “81432296” is obtained as the PIN code.

  As described above, the calculation processing in the PIN code generation unit 1114 of the wireless utility tool for station 111 and the calculation processing in the PIN code generation unit 2114 of the wireless utility tool for access point 211 are substantially the same. Accordingly, the PIN code generated at the station side and the PIN code generated at the access point or the communication device side having a function equivalent thereto have the same value if the SSID is the same. The content of the arithmetic processing in the PIN code generation unit 1114 of the station wireless utility tool 111 and the content of the arithmetic processing in the PIN code generation unit 2114 of the access point wireless utility tool 211 are kept secret. For example, a wireless utility tool including arithmetic processing may be distributed to users in the form of a binary file. Accordingly, since only the user having the station wireless utility tool 111 or the access point wireless utility tool 211 can generate the same PIN code from a certain SSID, communication can be performed. Since only the user having the station wireless utility tool 111 or the access point wireless utility tool 211 can generate the same PIN code from a certain SSID, security in safety is increased.

  In the above description, the case where a hash function is included in the calculation process to be concealed in both the station wireless utility tool 111 and the access point wireless utility tool 211 is taken as an example. This is not the case.

<Details of Processing in PIN Code Generation Unit (Part 2)>
Hereinafter, processing of the PIN code generation unit 1114 of the station wireless utility tool 1111 will be described. The processing of the PIN code generation unit 2114 of the access point wireless utility tool 211 is substantially the same.

  FIG. 7 shows the process (part 2) of the PIN code generation unit 1114. Here, a case where “ntwk02” is input as an example of the SSID to be input to the PIN code generation unit 1114 will be described.

  FIG. 7 shows the process (part 2) of the PIN code generation unit 1114.

  The PIN code generation unit 1114 converts the SSID into an ASCII code for each character (step S702). That is, “ntwk02” is converted to “20 20 6E 74 77 6B 30 32”. When the SSID length is 9 characters or more, the lower 8 characters are extracted, and when the SSID length is less than 8 characters, the upper space is supplemented with a space (space) and expanded to 8 characters. One character may be converted into an ASCII code.

  The PIN code generation unit 1114 replaces the upper 4 characters with the lower 4 characters (step S704). That is, “20 20 6E 74 77 6B 30 32” is converted to “77 6B 30 32 20 20 6E 74”. By exchanging the upper 4 characters and the lower 4 characters, it is possible to avoid the space from being easily collected in the upper character string when the length of the SSID is less than eight characters. This is because when the length of the SSID is less than 8 characters, a space is replenished at the top.

  The PIN code generation unit 1114 adds (adds) the upper 4 bits and the lower 4 bits of the character arranged first from the bottom, converts the decimal number, and converts the decimal number to the first digit value. Is the value of the first digit from the bottom of the PIN code (step S706). That is, the upper 4 bits “0 × 7” and the lower 4 bits “0 × 4” of “74” arranged first from the bottom are added to obtain “0 × B”. The “0 × B” is converted to a decimal number to obtain “11”. The first value “1” from the bottom of “11” is the value of the first digit from the bottom of the PIN code.

  The PIN code generation unit 1114 adds (adds) the upper 4 bits and the lower 4 bits of the character arranged second from the bottom, converts the decimal number, and converts the decimal number to the first digit value. Is the value of the second digit from the bottom of the PIN code (step S708). That is, the higher 4 bits “0 × 6” and the lower 4 bits “0 × E” of “6E” arranged second from the bottom are added to obtain “0 × 14”. The “0 × 14” is converted to a decimal number to obtain “20”. The first value “0” from the bottom of “20” is the second digit value from the bottom of the PIN code.

  The PIN code generation unit 1114 adds (adds) the upper 4 bits and the lower 4 bits of the character arranged third from the bottom, converts the decimal number, and converts the decimal number to the first digit value. Is the value of the third digit from the bottom of the PIN code (step S710). That is, the upper 4 bits “0 × 2” and the lower 4 bits “0 × 0” of “20” arranged third from the bottom are added to obtain “0 × 2”. The “0 × 2” is converted to a decimal number to obtain “2”. The first value “2” from the bottom of “2” is the third digit value from the bottom of the PIN code.

  Thereafter, the above-described processing is repeated until an 8-digit value is calculated as the PIN code (step S712).

<Operation of this wireless communication system>
FIG. 8 shows an embodiment of a procedure for distributing Credentials from the access point 200 to the station 100.

  FIG. 8 shows a sequence according to the WPS specification as an example. FIG. 8 also shows a probe response frame and the like between the station 100 and the access point 200. After the access point 200 responds to the connection request transmitted by the station 100, the messages represented by M1 (message 1) to M8 (message 8) are exchanged, whereby Credentials are distributed.

  The PIN code of the station 100 is generated based on the SSID. The station 100 stores the output value of the hash function when the PIN code generated based on the SSID is used as an input value in M3 and sends it out. On the other hand, the access point 200 stores the output value of the hash function when the PIN code generated based on the SSID is used as the input value, and transmits it in M4.

  In M8, the encryption of Credentials is stored and transmitted using the encryption code generated based on the PIN code and the information passed in M3 and M4.

  Since the hash functions used on the station 100 side and the access point 200 side are the same, if the PIN codes generated on the station 100 side and the access point 200 side are the same, the PIN code is used as the hash function. The output value when the input value is the same value on the station 100 side and the access point 200 side is the same.

<Details of operation of this wireless communication system>
The access point 200 transmits a beacon frame (step S802). The beacon frame includes an SSID.

  The station 100 transmits a probe request (step S804). The probe request includes an SSID.

  The access point 200 transmits a probe response (step S806). The probe response includes the MAC address of the station.

  The station 100 transmits an authentication request (step S808). The authentication request includes the MAC address of the access point.

  The access point 200 transmits an authentication response (step S810). The authentication response includes the MAC address of the station.

  The station 100 transmits an association request (step S812). The association request includes the MAC address of the access point.

  The access point 200 transmits an association response (step S814). The association response includes the MAC address of the station.

  The station 100 generates a PIN code by using a function concealed by the tool, using the SSID as an input value (step S816). That is, the PIN code generation unit 1114 generates a PIN code based on the SSID. Here, the SSID may be the SSID notified from the access point 200 in step S802.

  The access point 200 generates a PIN code by using a function concealed by the tool using the SSID as an input value (step S816). That is, the PIN code generation unit 2114 generates a PIN code based on the SSID. Here, the SSID may be the SSID notified from the station 100 in step S804.

  The station 100 transmits EAPOL (Extensible Authentication Protocol over LAN) -Start (step S820).

  The station 100 transmits EAPOL-Response (M1: Message 1) (step S822).

  The access point 200 transmits EAPOL-Request (M2: Message 2) (step S824).

  The station 100 stores the output value of the hash function in message 3 (M3: Message 3) using the PIN code as an input value (step S826).

  The station 100 transmits EAP-Response (M3) (step S828).

  The access point 200 stores the output value of the hash function in message 4 (M4: Message 4) using the PIN code as an input value (step S830).

  The access point 200 transmits EAP-Request (M4) (step S832).

  The station 100 transmits EAP-Response (M5) (step S834).

  The access point 200 transmits EAP-Request (M6) (step S836).

  The station 100 transmits EAP-Response (M7) (step S838).

  The access point 200 encrypts information (Credentials) necessary for authentication with an encryption key generated based on the PIN code, and stores it in the message 8 (M8: Message 8) (step S840).

  The access point 200 transmits EAP-Request (M8) (step S842).

  Thereafter, the station 100 performs authentication processing with the access point 200 by 4-way handshake using the Credentials acquired from the access point. After the authentication process, communication is started between the station 100 and the access point 200.

  Regarding the timing and interval of SSID update at the access point or P2P Group Owner, considering the trade-off between the high level of security required within the P2P Group Owner and the ease with which a PIN code once created can be reused The value may be set to an appropriate value. As an example, when the P2P Group Owner detects that the date has changed since the last update of the SSID and detects that all P2P Clients are disconnected from the P2P Group, It may be set as a timing.

<Modification>
In the above-described embodiment, the case where users who own wireless utility tools communicate with each other has been described.

  Furthermore, the use range of the wireless utility tool may be expanded. For example, it may be disclosed to users outside the company. In this case, it is necessary to limit the range in which communication is possible so that users of a specific group included in the user of the wireless utility tool can communicate with each other.

  Therefore, in this embodiment, parameters are set by the system administrator in the wireless utility tool. That is, the PIN code is generated based on the SSID and the parameters to be set by the system administrator (hereinafter referred to as “setting parameters”). By setting parameters by the system administrator, different calculation processing can be performed for each group to be distributed. Here, an example is shown in which “ntwk02” is used as the SSID and “ricohlan” is used as the setting parameter. The setting parameter may be an arbitrary character string.

<Details of processing in PIN code generation unit (part 3)>
Hereinafter, processing of the PIN code generation unit 1114 of the station wireless utility tool 1111 will be described. The processing of the PIN code generation unit 2114 of the access point wireless utility tool 211 is substantially the same.

  FIG. 9 shows the processing (part 1) of the PIN code generation unit 1114.

  The PIN code generation unit 1114 converts the lower 8 characters of the SSID and the setting parameter into ASCII codes for each character, and obtains an exclusive OR (EOR: exclusive or) for each byte (step S902). That is, “ntwk02” is converted to “00 00 6E 74 77 6B 30 32”, and “ricohlan” is converted to “72 69 63 6F 68 6C 61 6E”. When the SSID length is 9 characters or more, the lower 8 characters are extracted, and when the SSID length is less than 8 characters, the upper space is supplemented with a space (space) and expanded to 8 characters. One character may be converted into an ASCII code. By obtaining EOR for every lower 4 bits between “00 00 6E 74 77 6B 30 32” and “72 69 63 6F 68 6C 61 6E”, “72 69 0D 1B 1F O7 31 3C” is obtained. It is done.

  The PIN code generation unit 1114 sets the code of the first character from the bottom of EOR as the input value of the hash function (step S904). That is, “0 × 3C” is set as the input value of the hash function.

  The PIN code generation unit 1114 sets the last digit of the output value of the hash function as the value of the first digit from the bottom of the PIN code (step S906). For example, when “7” is obtained as the output value of the hash function, “7” is set as the value of the first digit from the bottom of the PIN code.

  The PIN code generation unit 1114 adds the output value of the hash function and the code of the second character from the bottom of the SSID (step S908). That is, the output value of the hash function is added to the second character code “30” from the bottom of the SSID.

  The PIN code generation unit 1114 sets the added value as the input value of the hash function (step S910). That is, the added value “0 × 38” is used as the input value of the hash function.

  The PIN code generation unit 1114 sets the last digit of the output value of the hash function as the value of the second digit from the bottom of the PIN code (step S912). For example, when “4” is obtained as the output value of the hash function, “4” is the value of the second digit from the bottom of the PIN code.

  The PIN code generation unit 1114 adds the output value of the hash function and the third character code from the bottom of the SSID (step S914). That is, the output value “4” of the hash function is added to the third character code “6B” from the bottom of the SSID.

  The PIN code generation unit 1114 sets the added value as the input value of the hash function (step S916). That is, the added value “0 × OB” is used as the input value of the hash function.

  The PIN code generation unit 1114 sets the last digit of the output value of the hash function as the value of the third digit from the bottom of the PIN code (step S918). For example, when “5” is obtained as the output value of the hash function, “5” is set as the third digit value from the bottom of the PIN code.

  Thereafter, the above-described processing is repeated until an 8-digit value is calculated as the PIN code (step S920).

  In the example shown in FIG. 9, “85662547” is obtained as the PIN code.

  In this embodiment, in the group to which the wireless utility tool is distributed, the PIN code corresponding to “ntwk02” as the SSID has a common value “85662547”.

  In other groups, if the character string set by the system administrator is other than “ricohlan”, the exclusive OR value for the same SSID is different from the above value, so the 8-digit PIN code is also , Values other than “856562547”.

  Therefore, even if an SSID used in a certain group is detected by a person other than that group, since the value obtained as the PIN code is different, it is possible to avoid the communication data being decoded by a person other than that group. It becomes possible.

<Operational effect of the present embodiment>
(1) One wireless communication device in a wireless communication system including a plurality of wireless communication devices,
An arithmetic processing unit as a PIN code generation unit that performs predetermined arithmetic processing based on network identification information to be notified from the other communication device when establishing a connection with the other wireless communication device; ,
A wireless utility for station that determines whether or not a connection should be established with the other wireless communication device based on a calculation result by the arithmetic processing unit and a calculation result to be notified by the other wireless communication device Judgment unit as a wireless utility tool for tools and access points,
And a connection processing unit as a wireless utility tool for a station and a wireless utility tool for an access point for establishing a connection with the other wireless communication device according to a determination result by the determination unit.

  According to the present embodiment, in the communication between the wireless terminal device and the base station or the wireless terminal device having the base station function, a function in the wireless communication control software to be distributed to a specific user is used. The specified network identification information is used as an input value of the function, and the obtained output value is used as information for determining whether or not the user is a legitimate user for passing information necessary for establishing a connection. it can. For this reason, the complexity of inputting information for determining whether or not the user is a regular user can be eliminated. Furthermore, since the information for determining whether or not the user is a legitimate user does not touch a person other than the legitimate user, the security can be improved.

(2) In the wireless communication device according to (1),
The wireless communication apparatus operates in accordance with a wireless LAN protocol specified in IEEE 802.11.

  According to the present embodiment, since the wireless LAN protocol described in IEEE 802.11 is used, it is already widely used, and from the viewpoint that many products are on the market, mutual connection with products of other companies is made. The effect is easy.

(3) In the wireless communication device according to (2),
As a wireless utility tool for a station that generates a connection request to be transmitted to the other wireless communication device, a connection request generation unit,
A connection request transmission unit as a wireless LAN card for transmitting the connection request generated by the connection request generation unit;
The connection request generation unit includes the network identification information in the connection request.

  According to the present embodiment, an active scan method is used in which an SSID is included in a Probe Request frame indicating a connection request sent from a station requesting connection to an access point or a communication device having a function equivalent thereto. Therefore, it is possible to reliably specify the SSID that is the target of the connection request.

(4) In the wireless communication device according to any one of (1) to (3),
The arithmetic processing unit performs different arithmetic processing for each group to which the wireless communication device belongs.

  According to the present embodiment, it can be designed to perform different arithmetic processing for each group unit to which software should be distributed. For this reason, for example, when the tool is disclosed to a user outside the company, it is possible to avoid a risk that a normal PIN code is generated by an unintended user.

(5) In the wireless communication device according to (4),
The arithmetic processing unit performs arithmetic processing using an arbitrary character string to be set for each group.

  According to the present embodiment, the parameter for designing so as to perform different arithmetic processing for each group unit to which the software is to be distributed can be an arbitrary character string. Play.

(6) In the wireless communication device according to any one of (1) to (5),
The arithmetic processing unit performs arithmetic processing using a one-way function.

  According to the present embodiment, since the hash function is used for the arithmetic processing in the wireless communication control software, it is possible to further enhance the robustness against the brute force attack using the assumed password as compared with the case of simply using the ASCII code. It becomes possible.

(7) In the wireless communication device according to (2),
It has a detection unit as a WLAN card that detects other wireless communication devices,
When the arithmetic processing unit establishes a connection with another wireless communication device selected by the user from other wireless communication devices to be detected by the detection unit, the arithmetic processing unit notifies the other communication device. Based on the network identification information to be performed, a predetermined calculation process is performed.

  According to the present embodiment, it has a user interface for selecting a desired SSID from one or a plurality of SSIDs to be detected and requesting connection. For this reason, it becomes possible to specify the SSID that is the input value of the function in the wireless communication control software.

(8) In the wireless communication device according to (2),
A connection determination unit that determines whether to perform connection processing based on network identification information to be notified from the other communication device based on a beacon frame to be transmitted from the other wireless communication device;
When the connection determination unit determines that connection processing is to be performed based on network identification information to be notified from the other communication device, the calculation processing unit performs predetermined calculation processing based on the network identification information. Do.

  According to the present embodiment, a method for issuing a connection request can be determined depending on whether information indicating that the push button has been pressed is detected on the access point or the communication device side having a function equivalent thereto. For this reason, for example, it is possible to eliminate inconsistencies and inefficient events such as issuing a connection request using the PIN code method even though the push button is pressed on the access point side. It becomes possible to issue a connection request by the method.

(9) A wireless communication method in one wireless communication device in a wireless communication system including a plurality of wireless communication devices,
An arithmetic processing step for performing a predetermined arithmetic processing based on network identification information to be notified from the other communication device when establishing a connection with the other wireless communication device;
A determination step for determining whether or not to establish a connection with the other wireless communication device based on a calculation result of the calculation processing step and a calculation result to be notified by the other wireless communication device;
A connection processing step of establishing a connection with the other wireless communication device according to the determination result of the determination step.

  (10) A program for causing a computer to execute the method according to (9).

  Although the present invention has been described above with reference to specific embodiments, each embodiment is merely an example, and those skilled in the art will understand various variations, modifications, alternatives, substitutions, and the like. I will. For convenience of explanation, an apparatus according to an embodiment of the present invention has been described using a functional block diagram, but such an apparatus may be implemented in hardware, software, or a combination thereof. The present invention is not limited to the above-described embodiments, and various variations, modifications, alternatives, substitutions, and the like are included without departing from the spirit of the present invention.

100 stations (Enrollee)
110 Station main unit 111 Wireless utility tool for station 1111 SSID display part 1112 Connection click button I / F
1113 WPS system determination unit 1114 PIN code generation unit 112 OS (Operating System)
113 Main CPU
114 Device driver 115 Bus control unit 120 WLAN card 121 Firmware 122 OS
123 Local CPU
124 Bus controller 125 WLAN MAC
126 WLAN PLCP
127 RF
130 Bus 200 Access Point 211 Access Point Wireless Utility Tool 2114 PIN Code Generator

Special table 2009-513089 JP2009-253380

Wi-Fi Protected Setup Specification Version 1.0h Wi-Fi Peer-to-Peer (P2P) Technical Specification Version 1.15

Claims (10)

A wireless communication device in a wireless communication system including a plurality of wireless communication devices,
An arithmetic processing unit that performs predetermined arithmetic processing based on network identification information to be notified from the other communication device when establishing a connection with the other wireless communication device;
A determination unit that determines whether to establish a connection with the other wireless communication device based on a calculation result by the calculation processing unit and a calculation result to be notified by the other wireless communication device;
A wireless communication device comprising: a connection processing unit that establishes a connection with the other wireless communication device according to a determination result by the determination unit. The wireless communication apparatus according to claim 1 or 2,
The wireless communication apparatus operates in accordance with a wireless LAN protocol defined in IEEE 802.11. The wireless communication device according to claim 2,
A connection request generator for generating a connection request to be transmitted to the other wireless communication device;
A connection request transmitter for transmitting the connection request generated by the connection request generator;
The connection request generation unit is a wireless communication apparatus that includes the network identification information in the connection request. The wireless communication apparatus according to any one of claims 1 to 3,
The arithmetic processing unit is a wireless communication device that performs different arithmetic processing for each group to which the wireless communication device belongs. The wireless communication apparatus according to claim 4, wherein
The said arithmetic processing part is a radio | wireless communication apparatus which performs arithmetic processing using the arbitrary character strings which should be set for every said group. The wireless communication device according to any one of claims 1 to 5,
The arithmetic processing unit is a wireless communication device that performs arithmetic processing using a one-way function. The wireless communication device according to claim 2,
A detection unit for detecting other wireless communication devices;
When the arithmetic processing unit establishes a connection with another wireless communication device selected by the user from other wireless communication devices to be detected by the detection unit, the arithmetic processing unit notifies the other communication device. A wireless communication apparatus that performs predetermined arithmetic processing based on network identification information to be performed. The wireless communication device according to claim 2,
A connection determination unit that determines whether to perform connection processing based on network identification information to be notified from the other communication device based on a beacon frame to be transmitted from the other wireless communication device;
When the connection determination unit determines that connection processing is to be performed based on network identification information to be notified from the other communication device, the calculation processing unit performs predetermined calculation processing based on the network identification information. Perform a wireless communication device. A wireless communication method in one wireless communication device in a wireless communication system including a plurality of wireless communication devices,
An arithmetic processing step for performing a predetermined arithmetic processing based on network identification information to be notified from the other communication device when establishing a connection with the other wireless communication device;
A determination step for determining whether or not to establish a connection with the other wireless communication device based on a calculation result of the calculation processing step and a calculation result to be notified by the other wireless communication device;
A wireless communication method comprising: a connection processing step for establishing a connection with the other wireless communication device according to a determination result in the determination step.   A program for causing a computer to execute the method according to claim 9.

Images