JP2016178562A - Communication control system, radio connection device, and communication control method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To suppress a communication deterioration caused by connection concentration to an access point.SOLUTION: A communication control system includes a first radio connection device and a second radio connection device. The first radio connection device includes: a connection unit which permits a new connection request received from a mobile terminal located in the communication range of the first radio connection device; and a switchover unit which, on receiving a handover request from the mobile terminal which is already connected to the second radio connection device, performs processing to switch the connection destination of the mobile terminal from the second radio connection device to the first radio connection device. The second radio connection device includes: a connection unit which refuses a new connection request received from a mobile terminal located in the communication range of the second radio connection device; and a switchover unit which, on receiving a handover request from a mobile terminal which is already connected to the first radio connection device, performs processing to switch the connection destination of the mobile terminal from the first radio connection device to the second radio connection device.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a communication control system, a wireless connection device, and a communication control method.

Mobile terminal, such as a recent smartphone, LTE (Long Term Evolution) and 3G (3 ^rd Generation) and the communication means to be connected to the mobile telephone line, such as, Wi-Fi (Wireless Fidelity) wireless LAN, such as (Local Area Network And a communication means for connection.

  Normally, in an environment where both a mobile phone line and a wireless LAN can be connected, the mobile terminal is connected to a wireless LAN with a high priority, and when the wireless LAN goes out of service area, the mobile terminal switches to the mobile phone line and executes communication. In this way, the mobile terminal performs communication by automatically switching the line to be used.

  Such line switching also occurs when a mobile terminal of a passenger who is moving by a transportation means such as a train, a bus, or an elevator temporarily stops within a wireless LAN area. For example, when a train arrives at a place where a public wireless LAN access point is installed, such as a railway station, the mobile terminals of passengers in the train connect to the wireless LAN.

  In addition, as one of the techniques for restricting the connection by such a moving mobile terminal, a technique for detecting the movement state of the mobile terminal and restricting the connection to other than a predetermined access point when it is in the movement state It has been known. There is also known a technique for restricting communication when a mobile terminal receives radio waves from a specific base station.

JP 2014-68151 A JP 2007-324821 A

  However, with the technology that restricts the connection of a terminal that is in a moving state, it is difficult to restrict the connection from a terminal that has stopped due to a temporary stop or the like. In the case of the second technique, it is generally difficult to determine the position of the terminal according to the reception state of a specific radio wave, and the cost for adjusting the installation of the base station increases in order to increase the processing accuracy. Further, if the processing accuracy is lowered, there may be a case where a terminal that should be excluded is connected and a communication quality of a connected terminal is deteriorated, and a terminal that can be connected cannot be connected.

  An object of one aspect is to provide a communication control system, a wireless connection device, and a communication control method that suppress communication deterioration.

  In one proposal, the communication control system includes a first wireless connection device and a second wireless connection device. The first wireless connection device includes a connection unit that permits a new connection request received from a mobile terminal located in a communication range of the first wireless connection device, and a mobile body that is already connected to the second wireless connection device. And a switching unit that performs processing to switch the connection destination of the mobile terminal from the second wireless connection device to the first wireless connection device when a handover request is received from the terminal. The second wireless connection device includes a connection unit that rejects a request for a new connection received from a mobile terminal located in a communication range of the second wireless connection device, and a mobile that is already connected to the first wireless connection device. A switching unit that performs processing to switch the connection destination of the mobile terminal from the first wireless connection device to the second wireless connection device when a handover request is received from the terminal.

  According to one embodiment, communication degradation can be suppressed.

FIG. 1 is an explanatory diagram illustrating an example of a communication control system according to the first embodiment. FIG. 2 is a functional block diagram illustrating an example of the first access point according to the first embodiment. FIG. 3 is a functional block diagram illustrating an example of the second access point according to the first embodiment. FIG. 4 is a functional block diagram illustrating an example of the authentication server according to the first embodiment. FIG. 5 is a diagram illustrating an example of a table recorded in the setting data storage unit of the authentication server according to the first embodiment. FIG. 6 is an explanatory diagram illustrating an example of a mobile terminal movement pattern and an access point process according to the first embodiment. FIG. 7 is a sequence diagram regarding a connection request and a handover request to an access point by a mobile terminal according to the first embodiment. FIG. 8 is a processing flow when the access point according to the first embodiment receives a connection request. FIG. 9 is a processing flow when the authentication server in the first embodiment receives an authentication request. FIG. 10 is a processing flow when the access point according to the first embodiment receives a handover request. FIG. 11 is a functional block diagram illustrating an example of the first access point according to the second embodiment. FIG. 12A is a diagram illustrating an example of a table recorded in the setting data storage unit of the first access point in the second embodiment. FIG. 12B is a diagram illustrating an example of a table recorded in the setting data storage unit of the second access point according to the second embodiment. FIG. 13 is a processing flow when the access point according to the second embodiment receives a connection request. FIG. 14 is an explanatory diagram illustrating an example of a communication control system according to the third embodiment. FIG. 15 is a functional block diagram illustrating an example of a second access point according to the third embodiment. FIG. 16 is a diagram illustrating an example of a table recorded in the setting data storage unit of the second access point according to the third embodiment. FIG. 17 is an explanatory diagram illustrating an example of a communication control system according to the fourth embodiment. FIG. 18 is a diagram illustrating an example of a table recorded in the setting data storage unit of the authentication server according to the fourth embodiment. FIG. 19 is a hardware configuration diagram of the access point according to the first to fourth embodiments. FIG. 20 is a hardware configuration diagram of the authentication server according to the first and fourth embodiments.

  Hereinafter, embodiments of a communication control system, a wireless connection device, and a communication control method disclosed in the present application will be described in detail based on the drawings. The disclosed technology is not limited by the present embodiment. Moreover, you may combine suitably each Example shown below in the range which does not cause contradiction.

[overall structure]
FIG. 1 is an explanatory diagram illustrating an example of a communication control system according to the first embodiment. In FIG. 1, the communication control system is installed at a station 10 having a ticket gate 11, a platform 12, and a track 13. A train 14 arrives and departs at an arbitrary timing on the station 10 through the track 13. A user who owns the mobile terminal 30 gets on the train 14 from the station 10, and a passenger who owns the mobile terminal 31 gets on the train 14 and arrives at the station 10.

  The communication control system illustrated in FIG. 1 includes a plurality of access points (AP) 20, 21-1, 21-2, 21-3, a network 40, and an authentication server 50. Each access point is an example of a device that accepts access from the mobile terminal 30 or 31 within the communication range and relays communication to the Internet. In addition, circles 20a, 21-1a, 21-2a, and 21-3a in FIG. 1 indicate communication ranges of the APs 20, 21-1, 21-2, and 21-3, respectively. Note that the AP 20 illustrated in FIG. 1 is an example of a first access point, and the APs 21-1, 21-2, and 21-3 are examples of a second access point. Each AP can communicate with other APs and the authentication server 50 directly or through the network 40.

  The mobile terminals 30 and 31 are terminals owned by users such as users of the station 10 and passengers on the train 14, and are examples of mobile phones, smartphones, tablet terminals, and the like.

  The authentication server 50 is an example of a server device that receives an authentication request from each AP through the network 40, performs an authentication process, and transmits an authentication result to each AP. The authentication processing in the present embodiment is user authentication using a user ID (IDentifier) and a password, for example.

  In such a state, the AP 20 that is the first access point is arranged near the ticket gate 11 and permits a new connection from the mobile terminal 30, for example. APs 21-1, 21-2 and 21-3, which are the second access points, are arranged near the home 12, for example, refuse new connection from the mobile terminal 31 and perform handover from the mobile terminal 30 connected to the AP 20. Only allow.

  That is, in the example of FIG. 1, the mobile terminal 31 located in the train 14 enters the communication range of at least one of the APs 21-1, 21-2, and 21-3 when the train 14 arrives at the station 10. However, it does not enter the communication range of the AP 20. On the other hand, the APs 21-1, 21-2, and 21-3 permit only a handover request from the mobile terminal 30 already connected to the AP 20, and reject a new connection request. Thereby, the portable terminal 31 of the passenger who got on the train 14 and arrived at the station 10 cannot be connected to the AP 21-1, and only the portable terminal 30 that entered the home 12 via the ticket gate 11, It is possible to reconnect to the AP 21-1. Therefore, the communication control system shown in FIG. 1 can prevent concentration of connections from mobile terminals in the arrived train and suppress communication deterioration.

[Functional configuration of the first access point]
Next, the function of each operation subject in the first embodiment will be described. FIG. 2 is a functional block diagram illustrating an example of the first access point according to the first embodiment. 2 includes a network communication unit 201, a wireless communication unit 202, a processing distribution unit 203, a connection determination unit 204, a handover processing unit 205, and a handover confirmation unit 206. The processing distribution unit 203, the connection determination unit 204, the handover processing unit 205, and the handover confirmation unit 206 are an example of an electronic circuit or an example of a process executed by a processor.

  The network communication unit 201 is connected to the network 40 using wired or wireless communication, and communicates with other APs and the authentication server 50. The wireless communication unit 202 communicates with a mobile terminal such as a smartphone via an antenna (not shown).

  The processing distribution unit 203 determines the type of request received through the network communication unit 201 or the wireless communication unit 202, and outputs a processing instruction to another processing unit. For example, when receiving a request from the portable terminal 30 through the wireless communication unit 202, the processing distribution unit 203 determines the type of the request.

  When association (connection request) is described as a command in the frame received from the mobile terminal 30, the processing distribution unit 203 determines that the connection request (association request) is requested by the mobile terminal 30 for a new connection. Then, a processing instruction is output to the connection determination unit 204. When reassociation (handover request) is described as a command in the frame received from the mobile terminal 30, the processing distribution unit 203 causes the mobile terminal 30 to switch the connection destination from the other AP to the AP 20 (handover request ( Reassociation request). In this case, the processing distribution unit 203 outputs a processing instruction to the handover processing unit 205.

  In addition, when receiving a request from another AP through the network communication unit 201, the processing distribution unit 203 has an authentication status necessary for a handover request for switching the connection destination of the portable terminal 30 from the AP 20 to the other AP. It is determined that this is an inquiry. In this case, the processing distribution unit 203 outputs a processing instruction to the handover confirmation unit 206.

  The connection determination unit 204 is a processing unit that performs a connection response as to whether or not to permit connection in response to a connection request from a mobile terminal. For example, when an instruction for processing of a connection request for the mobile terminal 30 to request a new connection is input from the processing distribution unit 203, the connection determination unit 204 sends the authentication server 50 to the authentication server 50 through the network communication unit 201. An authentication request for the connection request is sent. When the connection determination unit 204 receives an “OK” authentication response from the authentication server 50, the connection determination unit 204 transmits a “OK” connection response to the mobile terminal 30 through the wireless communication unit 202. Thereafter, the mobile terminal 30 can connect to the Internet via the AP 20.

  When the connection determination unit 204 receives an “NG” authentication response from the authentication server 50, the connection determination unit 204 transmits an “NG” connection response to the mobile terminal 30. Thereafter, the mobile terminal 30 ends the communication with the AP 20 without starting the connection to the Internet.

  The handover processing unit 205 is a processing unit that executes processing related to handover. For example, when an instruction for processing of a handover request from the AP 21-1 to the AP 20 by the mobile terminal 30 is input from the processing distribution unit 203 to the handover processing unit 205, the handover processing unit 205 passes through the network communication unit 201 to the AP 21-1. Send an authentication status query.

  When receiving the response of the authentication status “OK” from the AP 21-1, the handover processing unit 205 transmits a “OK” handover response to the mobile terminal 30 through the wireless communication unit 202. Thereafter, the mobile terminal 30 connected to the AP 21-1 can continue the connection to the Internet by switching the connection destination to the AP 20. On the other hand, when a response of the authentication status “NG” is received from the AP 21-1, a “NG” handover response is transmitted to the mobile terminal 30 through the wireless communication unit 202.

  The handover confirming unit 206 is a processing unit that confirms an authentication status necessary for a handover process from the AP 20 to another AP. For example, the handover confirming unit 206 confirms the authentication status when the processing allocation unit 203 receives an authentication status inquiry instruction for the portable terminal 30 to switch the connection destination from the AP 20 to the AP 21-1.

  If there is no problem in the authentication status, the handover confirmation unit 206 transmits a response of the authentication status “OK” to the AP 21-1 through the network communication unit 201. If there is untransmitted data from the AP 20 to the mobile terminal 30, the handover confirming unit 206 transmits the untransmitted data to the AP 21-1 in response to the response. Thereafter, the mobile terminal 30 can continue the connection to the Internet by switching the connection destination from the AP 20 to the AP 21-1. On the other hand, when there is a problem in the authentication status, the handover confirming unit 206 transmits a response of the authentication status “NG” to the AP 21-1 through the network communication unit 201.

[Function configuration of the second access point]
FIG. 3 is a functional block diagram illustrating an example of the second access point according to the first embodiment. In addition, since AP21-1, 21-2, and 21-3 shown in FIG. 1 have the same function, AP21-1 is demonstrated here. The AP 21-1 illustrated in FIG. 3 includes a network communication unit 211, a wireless communication unit 212, a processing distribution unit 213, a connection determination unit 214, a handover processing unit 215, and a handover confirmation unit 216.

  Note that the network communication unit 211, the wireless communication unit 212, the processing distribution unit 213, the handover processing unit 215, and the handover confirmation unit 216 are the network communication unit 201, the wireless communication unit 202, the processing distribution unit 203, and the handover processing unit 205, respectively. Since the same processing as that performed by the handover confirmation unit 206 is performed, detailed description thereof is omitted.

  The connection determination unit 214 is a processing unit that makes a response as to whether or not to permit connection in response to a connection request from the mobile terminal. For example, when an instruction for processing of a connection request for the mobile terminal 31 to request a new connection is input from the processing distribution unit 213, the connection determination unit 214 responds to the connection request to the authentication server 50 through the network communication unit 211. Send an authentication request. When the connection determination unit 214 receives the authentication response “NG” from the authentication server 50, the connection determination unit 214 transmits the connection response “NG” to the mobile terminal 31 through the wireless communication unit 212. Thereafter, the mobile terminal 31 ends the communication with the AP 21-1 without starting connection to the Internet.

[Functional configuration of authentication server]
FIG. 4 is a functional block diagram illustrating an example of the authentication server according to the first embodiment. The authentication server 50 illustrated in FIG. 4 includes a network communication unit 501, a setting data storage unit 502, an authentication data storage unit 503, and an authentication unit 504. Note that the authentication unit 504 is an example of an electronic circuit or an example of a process executed by a processor. The setting data storage unit 502 and the authentication data storage unit 503 are an example of a storage device such as a memory or a hard disk.

  The network communication unit 501 is connected to the network 40 using a wired or wireless connection, and communicates with each AP.

  When receiving an authentication request from the AP, the setting data storage unit 502 stores a table that records whether the authentication request is valid or invalid. FIG. 5 is a diagram illustrating an example of a table recorded in the setting data storage unit of the authentication server according to the first embodiment. In FIG. 5, the “AP” column indicates a list of access points in the first embodiment, and the “authentication” column indicates whether the authentication request received from each access point is valid or invalid.

  The authentication data storage unit 503 stores information used for authentication processing such as a user ID and a password.

  The authentication unit 504 is a processing unit that determines whether or not to permit an authentication request received from the AP, and performs an authentication process when the authentication request is permitted. Specifically, when the authentication unit 504 receives an authentication request for the connection request from the AP, the authentication unit 504 refers to the setting data storage unit 502 to determine whether the authentication request received from the AP is valid or invalid. To do.

  Further, when the authentication request is validated, the authentication unit 504 refers to the authentication data storage unit 503 and performs authentication processing based on the authentication request. On the other hand, when invalidating the authentication request, the authentication unit 504 does not perform authentication processing. Thereafter, the authentication unit 504 transmits an authentication response invalidating the authentication processing result or the authentication request to the AP through the network communication unit 501.

  When the authentication unit 504 receives an authentication request from the AP 20, for example, “valid” is associated with “AP20” in the table shown in FIG. An authentication response is transmitted. For example, the authentication unit 504 transmits an “OK” authentication response if the user ID and password included in the authentication request match the user ID and password stored in the authentication data storage unit 503, otherwise “ NG "authentication response is transmitted.

  The authentication unit 504 also transmits an authentication response “NG” even when the authentication request is invalidated and the authentication process is not performed. For example, when the authentication unit 504 receives an authentication request from the AP 21-1, since “invalid” is associated with “AP 21-1” in the table illustrated in FIG. 5, the AP 21-1 does not perform the authentication process. The authentication response “NG” is transmitted to -1.

[Access point processing]
Next, the flow of processing of the communication control system in the first embodiment will be described based on the movement pattern of the mobile terminal. FIG. 6 is an explanatory diagram illustrating an example of a mobile terminal movement pattern and an access point process according to the first embodiment.

  For example, the user who owns the portable terminal 30 shown in FIG. 6 moves to the place on the home 12 through the ticket gate 11. The vicinity of the ticket gate 11 before moving is included in the communication range of the AP 20, and the location on the home 12 after moving is included in the communication range of the AP 21-1. The AP 20 permits a connection request from the mobile terminal 30 near the ticket gate 11, and the AP 21-1 permits a handover request from the mobile terminal 30 that has moved to a location on the home 12.

  On the other hand, the passenger who owns the mobile terminal 31 shown in FIG. 6 gets on the train 14 and arrives at the station 10. With the arrival of the train 14, the passenger on the platform 12 without passing through the ticket gate 11 from the train. Go to the location. Note that both the location before moving and the location after moving are included in the communication range of the AP 21-2. The AP 21-2 rejects the connection request from the mobile terminal 31 that has arrived at the station 10.

[Sequence Diagram]
FIG. 7 is a sequence diagram regarding a connection request and a handover request to an access point by a mobile terminal according to the first embodiment. The mobile terminals 30 and 31 in FIG. 7 each move within the station 10 as shown in FIG. The portable terminal 30 transmits a connection request (association request) to the first access point AP 20 arranged near the ticket gate 11. When receiving the connection request from the mobile terminal 30 (S101), the connection determination unit 204 of the AP 20 transmits an authentication request to the authentication server 50 (S102).

  The authentication unit 504 of the authentication server 50 that has received the authentication request performs an authentication process as a result of referring to the setting data storage unit 502. If the authentication process is successful, an authentication response “OK” is given. Transmit (S103). When receiving the authentication response from the authentication server 50, the connection determination unit 204 of the AP 20 transmits an “OK” connection response (association response) to the portable terminal 30 (S104). Thereafter, the mobile terminal 30 can connect to the Internet via the AP 20 (S105).

  Next, when the mobile terminal 30 moves to the communication range of the second access point AP 21-1, it becomes communicable with the AP 21-1, and transmits a disassociation request to the AP 20 (S110). At this time, the AP 20 does not transmit a response to the mobile terminal 30.

  Next, the portable terminal 30 transmits a handover request (reassociation request) to the AP 21-1 (S111). The handover processing unit 215 of the AP 21-1 that has received the handover request inquires of the authentication status not to the authentication server 50 but to the AP 20 to which the mobile terminal 30 was connected immediately before (S112).

  When the handover processing unit 215 of the AP 21-1 receives the response of the authentication status “OK” indicating that it has been connected to the mobile terminal 30 from the AP 20 (S 113), the handover response (“OK”) to the mobile terminal 30 ( reassociation response) is transmitted (S114). As a result, the portable terminal 30 can continue the connection to the Internet by switching the connection destination from the AP 20 to the AP 21-1 (S115).

  On the other hand, the portable terminal 31 transmits a connection request to the second access point AP 21-1 without transmitting a connection request to the first access point AP20 (S121). The connection determination unit 214 of the AP 21-1 that has received the connection request transmits the authentication request to the authentication server 50 (S122). Upon receiving the authentication request, the authentication unit 504 of the authentication server 50 refers to the setting data storage unit 502, and transmits an authentication response “NG” to the AP 21-1 without performing authentication processing (S123). The connection determination unit 214 of the AP 21-1 transmits a connection request “NG” response to the mobile terminal 31 (S124). As a result, the mobile terminal 31 ends the communication without starting the connection to the Internet via the AP 21-1.

[Processing flow for access point connection request]
Subsequently, a flow of processing of the connection request and the handover request from the mobile terminals 30 and 31 described above will be described. FIG. 8 is a processing flow when the access point according to the first embodiment receives a connection request. As shown in FIG. 8, when the processing distribution unit 203 of the AP 20 receives a connection request from the mobile terminal 30 (S201), the connection determination unit 204 of the AP 20 transmits an authentication request to the authentication server 50 (S202).

  When the network communication unit 201 of the AP 20 receives an “OK” authentication response from the authentication server 50 (S203: Yes), the connection determination unit 204 transmits a “OK” connection response to the mobile terminal 30, and the mobile terminal Connection is started with 30 (S204).

  On the other hand, when the mobile terminal 31 transmits a connection request to the AP 21-1, the network communication unit 211 of the AP 21-1 receives an authentication response “NG” from the authentication server 50 (S203: No). Thereafter, the connection determination unit 214 transmits a connection response of “NG” to the mobile terminal 31 (S205). As a result, the mobile terminal 31 ends the communication without starting the connection to the Internet via the AP 21-1.

[Processing flow of authentication server]
Next, processing in the authentication server 50 that has received the authentication request will be described. FIG. 9 is a processing flow when the authentication server in the first embodiment receives an authentication request. As shown in FIG. 9, when the network communication unit 501 of the authentication server 50 receives an authentication request from, for example, the AP 20 (S301), the authentication unit 504 refers to the setting of the AP 20 stored in the setting data storage unit 502. (S302).

  The authentication unit 504 refers to the setting data storage unit 502 and determines whether the authentication request is valid (S303). The authentication unit 504 determines that the authentication request is valid because “valid” is associated with the AP 20 in the table shown in FIG. 5 (S303: Yes), and performs authentication processing (S304).

  If the authentication is successful as a result of the authentication process (S304: Yes), the authentication unit 504 transmits an “OK” authentication response to the AP 20 (S305). If the authentication process fails as a result of the authentication process (S304: No), the authentication unit 504 transmits an authentication response of “NG” to the AP 20 (S306).

  On the other hand, when the portable terminal 31 transmits a connection request to the AP 21-1, the authentication unit 504 associates “invalid” with the AP 21-1 in the table shown in FIG. 5 (S303: No). It is determined that the authentication request is invalid. In this case, the authentication unit 504 transmits an authentication response “NG” to the AP 21-1 without performing authentication processing (S306).

[Processing flow for access point handover request]
Next, handover request processing of the mobile terminal 30 will be described. FIG. 10 is a processing flow when the access point according to the first embodiment receives a handover request. As illustrated in FIG. 10, the wireless communication unit 212 of the AP 21-1 receives a handover request from the mobile terminal 30, for example (S401). The handover request includes identification information of the AP 20 that is the old AP to which the mobile terminal 30 was connected immediately before. Upon receiving the handover request processing instruction, the handover processing unit 215 of the AP 21-1 transmits an authentication status inquiry to the AP 20 instead of the authentication server 50 (S402).

  In the AP 20 that has received the authentication status inquiry, since the mobile terminal 30 has already been connected to the AP 20, the handover confirmation unit 206 of the AP 20 transmits a response of the authentication status “OK” to the AP 21-1 (S403: Yes). ). The handover processing unit 215 of the AP 21-1 that has received the response transmits a “OK” handover response to the mobile terminal 30 (S404).

  Note that authentication may fail for some reason in the AP 20 (S403: No). For example, there is a case where the mobile terminal 30 does not actually connect to the AP 20 but transmits a handover request in which the identification information of the AP 20 is disguised. In this case, the handover processing unit 215 of the AP 21-1 transmits a “NG” handover response to the mobile terminal 30 (S405).

  According to the first embodiment, the AP 21-1 rejects the connection request from the mobile terminal 31, and permits only the handover request from the mobile terminal 30 that is already connected to the AP 20. Thereby, when the train 14 arrives, it can prevent that the portable terminal of the passenger in a train connects to AP21-1 all at once, and can suppress communication degradation.

  In addition, according to the first embodiment, the mobile terminals of passengers in the train are prevented from switching from the mobile phone line to the wireless LAN line in a short time, and further switching from the mobile phone line to the passengers in the train. Communication degradation of the mobile terminal can also be suppressed. Note that the configuration of the first embodiment can be introduced without changing the setting of an individual AP that is normally used.

  In the first embodiment, the external authentication server determines whether the connection request to the access point is valid or invalid. However, the embodiment is not limited to this. For example, the access point may include a storage unit that stores a table, and the access point may determine whether to validate or invalidate a connection request with reference to the table.

  In the communication control system according to the second embodiment, each access point has a setting data storage unit that stores whether the request from the mobile terminal is valid or invalid. Each access point according to the second embodiment determines whether the request from the mobile terminal is valid or invalid with reference to the setting data storage unit. If it is determined that the request is valid, each access point transmits an authentication request to, for example, an authentication server.

  Since the communication control system according to the second embodiment is the same as that of the first embodiment, detailed description thereof is omitted. In addition, the structure which does not provide the authentication server 50 shown in FIG. 1 may be sufficient.

[Description of Access Point in Embodiment 2]
FIG. 11 is a functional block diagram illustrating an example of the first access point according to the second embodiment. The first access point AP22 shown in FIG. 11 includes a network communication unit 221, a wireless communication unit 222, a processing distribution unit 223, a connection determination unit 224, a handover processing unit 225, a handover confirmation unit 226, a setting A data storage unit 227.

  Note that the network communication unit 221, the wireless communication unit 222, the processing distribution unit 223, and the handover confirmation unit 226 perform the same processes as the network communication unit 201, the wireless communication unit 202, the processing distribution unit 203, and the handover confirmation unit 206, respectively. Detailed explanation will be omitted. The setting data storage unit 227 is an example of a storage device such as a memory or a hard disk. The second access point has the same configuration as this.

  FIG. 12A is a diagram illustrating an example of a table recorded in the setting data storage unit 227 of the first access point in the second embodiment. In FIG. 12A, the “function” column indicates the type of request received from the mobile terminal, and the “status” column indicates whether the request processing is enabled or disabled in the first access point AP22. Show. In the table shown in FIG. 12A, it is indicated that “valid” is set for both “association (connection request)” and “reassociation (handover request)” requests.

  On the other hand, FIG. 12B is a diagram illustrating an example of a table recorded in the setting data storage unit 227 of the second access point in the second embodiment. The table shown in FIG. 12B indicates that “invalid” is set for “association (connection request)” and “valid” is set for “reassociation (handover request)”.

  When a connection request processing instruction for requesting a new connection is received from the processing distribution unit 223, the connection determination unit 224 refers to the setting data storage unit 227 and the request for new connection is valid. It is determined whether or not there is. When the new connection request is valid, the connection determination unit 224 transmits an authentication request for the connection request from the portable terminal 30 to the authentication server 50 through the network communication unit 221. Thereafter, the same processing as that of the connection determination unit 205 is performed, and thus detailed description thereof is omitted. On the other hand, when the request for new connection is invalid, the connection determination unit 224 transmits a connection response “NG” to the portable terminal 30 without transmitting an authentication request to the authentication server 50.

  The handover processing unit 225 is a processing unit that executes processing related to handover. For example, when an instruction for processing of a handover request from the AP 21-1 to the AP 20 by the mobile terminal 30 is input from the processing distribution unit 223, the handover processing unit 225 refers to the setting data storage unit 227 and receives a handover request. It is determined whether or not it is valid.

  When the handover request is valid, the handover processing unit 225 transmits an authentication status inquiry to the AP 21-1 through the network communication unit 221. Thereafter, the same processing as that performed by the handover processing unit 205 is performed, and thus detailed description thereof is omitted. On the other hand, when the handover request is invalid, the handover processing unit 225 transmits a “NG” handover response to the mobile terminal 30 without transmitting an authentication status query to the AP 21-1.

[Processing flow for access point connection request]
A flow of processing of a connection request by the access point AP 22 in the second embodiment will be described. FIG. 13 is a processing flow when the access point AP 22 according to the second embodiment receives a connection request. For example, when the processing distribution unit 223 of the first access point AP22 receives a connection request from the portable terminal 30 (S501), the connection determination unit 224 of the first access point AP22 refers to the setting data storage unit 227 ( S502).

  Since “valid” is associated with “association (connection request)” in the table shown in FIG. 12A (S503: Yes), the connection determination unit 224 transmits an authentication request to, for example, the authentication server. If the result of the authentication process received from the authentication server is “OK” (S504: Yes), the connection determination unit 224 sends a connection response “OK” to the mobile terminal 30 via the wireless communication unit 222. Is transmitted (S505). Thereafter, the mobile terminal 30 can connect to the Internet via the first access point AP22.

  If the result of the authentication process received from the authentication server is “NG” (S504: No), the connection determination unit 224 sends a connection request “NG” to the mobile terminal 30 through the wireless communication unit 222. A connection response is transmitted (S506). As a result, the mobile terminal 30 ends communication without starting connection to the Internet via the first access point AP22.

  On the other hand, when the portable terminal 31 transmits a connection request to the second access point, “invalid” is associated with “association (connection request)” in the table shown in FIG. 12B (S503: No). In this case, the connection determination unit 224 transmits a connection response of the connection request “NG” to the portable terminal 31 without transmitting an authentication request to the authentication server (S506). As a result, the mobile terminal 31 ends the communication without starting the connection to the Internet via the second access point.

  Note that the handover request processing by the access point in the second embodiment is the same as the processing shown in FIG. However, when “reassociation (handover request)” is set to “invalid” in the setting data storage unit 227, the handover processing unit 225 transmits the inquiry of the authentication status to another AP without transmitting the inquiry to the mobile terminal. An “NG” handover response is transmitted.

  According to the second embodiment, the connection determination unit 224 of the second access point can reject the connection request from the portable terminal without transmitting an inquiry to the authentication server. Thereby, in the configuration provided with the authentication server, the load on the authentication server is not increased, and the communication deterioration due to the concentration of communication from the mobile terminal to the AP is suppressed faster than in the case of the first embodiment. can do. Even in a configuration in which an authentication server that collectively manages a plurality of APs is not used, concentration of connections from mobile terminals can be prevented and communication deterioration can be suppressed.

  In the first and second embodiments described above, even if the passenger who owns the mobile terminal 31 and gets off at the station 10 on the train 14 stays at the home 12 after the train 14 departs, the second access The point continues to reject connection requests from the mobile terminal 31. However, if the train 14 carrying a large number of mobile terminals is not within the communication range of the second access point, communication degradation will occur even if a connection request from the mobile terminal 31 owned by a passenger staying at the home 12 is received. Is unlikely to occur.

  Therefore, in the third embodiment, a configuration in which a connection request from a mobile terminal staying at the home 12 after the departure of the train 14 can be permitted will be described. FIG. 14 is an explanatory diagram illustrating an example of a communication control system according to the third embodiment. In addition to the configuration shown in FIG. 1, the communication control system according to the third embodiment further includes a vehicle sensor 90 that determines whether or not a train exists in the station premises. As the vehicle sensor 90, an existing premises sensor or the like at the station 10 may be used. In the third embodiment, as in the second embodiment, the authentication server may not be provided. Note that circles 24a, 25-1a, 25-2a, and 25-3a in FIG. 14 indicate communication ranges of the access points AP24, 25-1, 25-2, and 25-3, respectively.

  Next, the function of each operation subject in the third embodiment will be described. Since the first access point AP24 in the third embodiment is the same as the first access point AP22 in the second embodiment, detailed description thereof is omitted. In addition, since the second access points AP 25-1, 25-2, and 25-3 in the third embodiment have the same function, the AP 25-1 will be described here.

[Function configuration of the second access point]
FIG. 15 is a functional block diagram illustrating an example of a second access point according to the third embodiment. The second access point AP 25-1 shown in FIG. 15 includes a network communication unit 251, a wireless communication unit 252, a processing distribution unit 253, a connection determination unit 254, a handover processing unit 255, and a handover confirmation unit 256. , A setting data storage unit 257 and a vehicle detection unit 258.

  Note that the network communication unit 251, the wireless communication unit 252, the processing distribution unit 253, the handover processing unit 255, and the handover confirmation unit 256 are the network communication unit 211, the wireless communication unit 212, the processing distribution unit 213, and the handover processing unit 215, respectively. Since the same processing as that performed by the handover confirming unit 216 is performed, detailed description thereof is omitted. The setting data storage unit 257 is an example of a storage device such as a memory or a hard disk.

  The vehicle detection unit 258 acquires, from the vehicle sensor 90, a vehicle sensor value indicating whether or not a train exists within the station premises. For example, the vehicle detection unit 258 acquires the vehicle sensor value “ON” when the train is present in the station, and acquires the vehicle sensor value “OFF” when the train is not present in the station.

  The setting data storage unit 257 according to the third embodiment stores a table that records whether the process is enabled or disabled according to the type of request received from the mobile terminal 30 or 31 and the vehicle sensor value. FIG. 16 is a diagram illustrating an example of a table recorded in the setting data storage unit of the second access point according to the third embodiment. In FIG. 16, the “function” column is the same as the example of FIG. 12B, but the “state” column is further divided depending on whether the vehicle sensor value is “ON” or “OFF”. .

  In the table shown in FIG. 16, “association (connection request)” when the vehicle sensor value is “ON” is set to “invalid”, and “valid” is set in other cases. It has been shown.

  The connection determination unit 254 according to the third embodiment is a processing unit that makes a response to a connection request from a mobile terminal. For example, the connection determination unit 254 acquires a vehicle sensor value from the vehicle detection unit 258 when a connection request processing instruction for the mobile terminal 31 to request a new connection is input from the processing distribution unit 253, and setting data The storage unit 257 is referred to.

  For example, when the train 14 is stopped at the station 10, the connection determination unit 254 acquires the vehicle sensor value “ON” from the vehicle detection unit 258. Since “invalid” is associated with “association (connection request)” when the vehicle sensor value is “ON” in the setting data storage unit 257, the connection determination unit 254 receives the connection from the mobile terminal 31. It is determined that the request is “invalid”. Thereafter, the connection determination unit 254 transmits a connection response of the connection request “NG” to the mobile terminal 31 through the wireless communication unit 252.

  On the other hand, the connection determination unit 254 acquires the vehicle sensor value “OFF” from the vehicle detection unit 258 when the train 14 does not stop at the station 10. Since “valid” is associated with “association (connection request)” when the vehicle sensor value is “OFF” in the setting data storage unit 257, the connection determination unit 254 receives the connection from the mobile terminal 31. It is determined that the request is “valid”. Thereafter, the connection determination unit 254 transmits an authentication request to the authentication server, for example, and when the result of the authentication process received from the authentication server is “OK”, the connection determination unit 254 connects to the mobile terminal 31 through the wireless communication unit 252. A connection response of the request “OK” is transmitted.

  According to the third embodiment, it is possible to determine whether to permit or reject a connection request from the mobile terminal to the second access point depending on whether or not a train exists in the station premises. As a result, for example, a new connection request can be permitted depending on the situation where communication deterioration is unlikely to occur.

  The configuration including the vehicle sensor as in the third embodiment can also be applied to the first embodiment. Thus, in the fourth embodiment, a configuration that includes a vehicle sensor in addition to the configuration in which the authentication server determines whether or not to permit a connection request from the mobile terminal will be described.

  FIG. 17 is an explanatory diagram illustrating an example of a communication control system according to the fourth embodiment. In addition, since access point AP20, 21-1, 21-2, 21-3 in Example 4 is the same as the access point in Example 1, respectively, detailed description is abbreviate | omitted.

[Configuration of authentication server]
An authentication server 51 illustrated in FIG. 17 includes a network communication unit 511, a setting data storage unit 512, an authentication data storage unit 513, an authentication unit 514, and a vehicle detection unit 515. The authentication unit 514 and the vehicle detection unit 515 are an example of an electronic circuit or an example of a process executed by a processor. The setting data storage unit 512 and the authentication data storage unit 513 are an example of a storage device such as a memory or a hard disk.

  The vehicle detection unit 515 acquires a vehicle sensor value indicating whether or not a train exists in the station premises from the vehicle sensor 90. The vehicle detection unit 515 acquires the vehicle sensor value “ON” when, for example, a train is present in the station, and acquires the vehicle sensor value “OFF” when the train is not present in the station.

  FIG. 18 is a diagram illustrating an example of a table recorded in the setting data storage unit of the authentication server according to the fourth embodiment. In FIG. 18, the “AP” column is the same as the example of FIG. 5, but the “authentication” column is further divided depending on whether the vehicle sensor value is “ON” or “OFF”. . In FIG. 18, when the “AP” column is “AP21-1”, “AP21-2”, and “AP21-3” and the “vehicle sensor value” is “ON”, the “authentication” column is “Invalid” is set. In FIG. 18, in the other cases, the “authentication” column is set to “valid”.

[Connection request processing]
Next, processing of the authentication server 51 in the fourth embodiment will be described. For example, the connection determination unit 214 of the AP 21-1 according to the fourth embodiment receives the connection request from the authentication server 51 through the network communication unit 211 when an instruction for processing of a connection request for the mobile terminal 31 to request new connection is input. Send an authentication request for.

  The authentication part 514 of the authentication server 51 acquires a vehicle sensor value from the vehicle detection part 515, when the authentication request with respect to a connection request is received from AP21-1. Next, the authentication unit 514 refers to the setting data storage unit 512 illustrated in FIG. 18 and determines whether to validate or invalidate the authentication request received from the AP 21-1.

  When validating the authentication request, the authentication unit 514 refers to the authentication data storage unit 513 and executes an authentication process. Then, the authentication unit 514 transmits an authentication response to the AP 21-1 through the network communication unit 511. For example, the authentication unit 514 validates the authentication request and transmits an “OK” authentication response when the authentication process is successful, and does not perform the authentication process when the authentication process fails or the authentication request is invalidated. In this case, an authentication response “NG” is transmitted.

  For example, when the train 14 is stopped at the station 10, the authentication unit 514 acquires the vehicle sensor value “ON” from the vehicle detection unit 515. In the setting data storage unit 512, “invalid” is associated with the authentication request received from “AP21-1” when the vehicle sensor value is “ON”. In this case, the authentication unit 514 transmits an authentication response “NG” to the AP 21-1 through the network communication unit 511 without performing authentication processing.

  On the other hand, the authentication unit 514 acquires the vehicle sensor value “OFF” from the vehicle detection unit 515 when the train 14 does not stop at the station 10. In the setting data storage unit 512, “valid” is associated with the authentication request received from “AP21-1” when the vehicle sensor value is “OFF”. In this case, the authentication unit 514 performs authentication processing, and when the authentication processing is successful, transmits an “OK” authentication response to the AP 21-1 through the network communication unit 511.

  Also in the fourth embodiment, as in the third embodiment, it is determined whether to permit or reject the connection request from the mobile terminal to the second access point depending on whether a train exists in the station premises. be able to. In the configuration of the fourth embodiment, even when there are a large number of access points, it can be easily managed collectively using an authentication server.

  Although the embodiments of the present invention have been described so far, the present invention may be implemented in various different forms other than the above-described embodiments.

  For example, in the second or third embodiment, even if the configuration data storage unit of the access point described above does not store whether “reassociation (handover request)” is “valid” or “invalid” Good. In this case, the handover processing unit of the access point that has received the handover request processing instruction always executes the handover processing without referring to the setting data storage unit.

  In the first or fourth embodiment, the authentication unit of the authentication server does not perform the authentication process when the authentication request received from the access point is invalidated, but transmits the authentication response after performing the authentication process. It may be a simple configuration. For example, when the authentication request is invalidated, the authentication unit may transmit an authentication response “NG” regardless of whether the result of the authentication process is success or failure.

  Of the processes described in the present embodiment, all or a part of the processes described as being automatically performed may be manually performed. Alternatively, all or part of the processing described as being performed manually can be automatically performed by a known method. In addition, the processing procedure, control procedure, specific name, and information including various data and parameters shown in the above-described document and drawings can be arbitrarily changed unless otherwise specified.

  Further, each component of each illustrated apparatus is functionally conceptual, and does not necessarily need to be physically configured as illustrated. That is, the specific form of distribution / integration of each device is not limited to that shown in the figure. That is, all or a part of them can be configured to be functionally or physically distributed / integrated in arbitrary units according to various loads or usage conditions. For example, the processing allocation unit 203, the connection determination unit 204, the handover processing unit 205, and the handover confirmation unit 206 of the first AP 20 are integrated, or the authentication unit 504 of the authentication server 50 is integrated with the setting data confirmation unit and the user. It can also be distributed to authentication processing units. Further, all or any part of each processing function performed in each device may be realized by a CPU and a program analyzed and executed by the CPU, or may be realized as hardware by wired logic.

[Hardware configuration of access point]
Next, the hardware configuration of the access point and the authentication server will be described with reference to FIGS. 19 and 20. FIG. 19 is a hardware configuration diagram of the access point according to the first to fourth embodiments. As illustrated in FIG. 19, the access point 2000 according to the first to fourth embodiments includes a network interface 2001, an RF circuit 2002, an antenna 2003, a processor 2004, and a storage device 2005. The network interface 2001, the RF circuit 2002, the processor 2004, and the storage device 2005 are connected to each other via a bus 2006. The antenna 2003 is connected to the RF circuit 2002.

  The network interface 2001 is connected to the network 40 via a cable such as a LAN cable or via a wireless connection, and communicates with other access points and authentication servers. For example, the functions of the network communication units 201 and 211 illustrated in FIGS. 2 and 3 are realized by the network interface 2001, the processor 2004, and the storage device 2005.

  The RF circuit 2002 communicates with the mobile terminal via the antenna 2003. For example, the functions of the wireless communication units 202 and 212 illustrated in FIGS. 2 and 3 are realized by the RF circuit 2002, the processor 2004, and the storage device 2005.

  In addition, the processor 2004 and the storage device 2005 include, for example, the processing distribution units 203 and 213, the connection determination units 204 and 214, the handover processing units 205 and 215, and the handover confirmation units 206 and 216 illustrated in FIGS. Realize functions such as.

  For example, the processor 2004 reads various programs stored in the storage device 2005 and generates processes for realizing various functions on the storage device 2005. The processor 2004 performs various processes by executing processes generated on the storage device 2005 together with the respective units.

[Hardware configuration of authentication server]
FIG. 20 is a hardware configuration diagram of the authentication server according to the first and fourth embodiments. As illustrated in FIG. 20, the computer 5000 includes a communication interface 5001, a processor 5002, a storage device 5003, an input device 5004, and an output device 5005. 20 are connected to each other via a bus 5006.

  The input device 5004 is a mouse or a keyboard, the output device 5005 is a display or the like, and the communication interface 5001 is an interface such as a NIC (Network Interface Card). A communication interface 5001 is connected to the network 40 and communicates with other access points.

  The storage device 5003 stores information of each table shown in FIGS. As an example of the recording device, other computer-readable recording devices such as a hard disk drive (HDD), a read only memory (ROM), a random access memory (RAM), and a CD-ROM may be used.

  Further, the processor 5002 and the storage device 5003 realize functions such as the setting data storage unit 502, the authentication data storage unit 503, and the authentication unit 504 illustrated in FIG.

  For example, the processor 5002 reads various programs stored in the storage device 5003 and generates processes for realizing various functions on the storage device 5003. Then, the processor 5002 performs various processes by executing processes generated on the storage device 5003 together with the respective units.

  The following supplementary notes are further disclosed with respect to the embodiments including the above examples.

(Supplementary note 1) In a communication control system including a first wireless connection device and a second wireless connection device,
The first wireless connection device is:
A connection unit that permits a request for a new connection received from a mobile terminal located in a communication range of the first wireless connection device;
When a handover request is received from a mobile terminal connected to the second wireless connection device, the connection destination of the mobile terminal is switched from the second wireless connection device to the first wireless connection device. A switching unit,
The second wireless connection device is:
A connection unit for rejecting a request for a new connection received from a mobile terminal located in a communication range of the second wireless connection device;
When a handover request is received from a mobile terminal connected to the first wireless connection device, the connection destination of the mobile terminal is switched from the first wireless connection device to the second wireless connection device. A communication control system comprising: a switching unit.

(Supplementary Note 2) The connection part of the first wireless connection device is:
When the request for the new connection is received, the request for the authentication process is transmitted to an external authentication server that executes an authentication process for the request for the new connection, and the authentication server is received by the first wireless connection device. Receiving the result of the authentication process executed on condition that it is an authentication process for the new connection request, and sending a response to the mobile terminal according to the result,
The connection part of the second wireless connection device is:
When the request for new connection is received, the request for the authentication process is transmitted to the authentication server, and the authentication server is an authentication process for the request for new connection received by the second wireless connection device. Receiving a result of refusing execution of the authentication process as a condition, and transmitting a response to the mobile terminal according to the result;
The communication control system according to Supplementary Note 1, wherein

(Supplementary Note 3) The first wireless connection device further includes a first storage unit that stores first setting information indicating that the first wireless connection device requests authentication processing for the request for new connection,
The second wireless connection device further includes a second storage unit that stores second setting information indicating that a request for authentication processing for the request for new connection is suppressed,
When the connection unit of the first wireless connection device receives the request for new connection, the connection unit requests an authentication process from an external authentication server according to the first setting information, and receives the request from the authentication server. Based on the result of the authentication process, the request for the new connection is permitted or denied,
The connection unit of the second wireless connection device, when receiving the request for new connection, rejects the request for new connection according to the second setting information. Communication control system.

(Supplementary Note 4) The first wireless connection device is installed at a position where a communication gate is a ticket gate of a station,
The second wireless connection device is installed at a position where the platform of the station is a communication range,
Regardless of whether the train is detected on the premises of the station by the vehicle detection unit installed at the station when the connection unit of the first wireless connection device receives the request for the new connection. Allow the new connection request,
The connection unit of the second wireless connection device rejects the request for new connection when a train is detected on the premises of the station by the vehicle detection unit when the request for new connection is received. The communication control system according to claim 1, wherein when the train is not detected on the premises of the station by the vehicle detection unit, the request for the new connection is permitted.

(Additional remark 5) The said communication control system further has an authentication apparatus,
The authentication device
A storage unit that stores information indicating whether to perform an authentication process for the request for new connection in association with each of the first wireless connection device and the second wireless connection device;
A receiving unit that receives the request for authentication processing from the first wireless connection device or the second wireless connection device that has received the request for new connection from the mobile terminal;
A determination unit that determines whether or not to execute the authentication process according to information stored in the storage unit when the request for the authentication process is received by the reception unit;
When the determination unit determines to execute the authentication process, the result of the authentication process is returned to the first wireless connection device or the second wireless connection device, and the authentication unit executes the authentication process. The apparatus according to claim 1, further comprising: a response unit that responds to the first wireless connection device or the second wireless connection device in response to rejecting the request for the authentication process when it is determined that the authentication processing is not to be performed. Communication control system.

(Additional remark 6) The said determination part determines to perform the said authentication process, when the request | requirement of the said authentication process is received from said 1st wireless connection apparatus installed in the position which uses the ticket gate of a station as a communication range, When a request for the authentication process is received from the second wireless connection device installed at a position where the platform of the station is a communication range, a train is installed on the premises of the station by a vehicle detection unit installed at the station. If detected, it is determined to suppress the execution of the authentication process, and if the train is not detected on the premises of the station by the vehicle detection unit, it is determined to execute the authentication process. The communication control system described in 1.

(Appendix 7) When a request for a new connection is received from a mobile terminal, a request for the authentication process is transmitted to an authentication apparatus that executes an authentication process for the request for the new connection, and a handover for switching the connection destination from the mobile terminal When receiving a request, a transmission unit that transmits a request for permission of the handover request to a connection destination immediately before the mobile terminal;
A connection unit that controls connection with the mobile terminal based on a response to the request for the authentication process received from the authentication device;
When the response received from the previous connection destination is the handover request permission response, a switching unit that switches the connection destination of the mobile terminal;
A wireless connection device.

(Supplementary Note 8) Communication control including a first wireless connection device installed at a position where the ticket gate of a station is a communication range, and a second wireless connection device installed at a position where the platform of the station is a communication range In the communication control method executed by the system,
The first wireless connection device is
Processing for permitting a request for new connection received from a mobile terminal located in the communication range of the first wireless connection device;
When a handover request is received from a mobile terminal connected to the second wireless connection device, the connection destination of the mobile terminal is switched from the second wireless connection device to the first wireless connection device. Process and execute
The second wireless connection device is
A process of rejecting a request for new connection received from a mobile terminal located in the communication range of the second wireless connection device;
When a handover request is received from a mobile terminal connected to the first wireless connection device, the connection destination of the mobile terminal is switched from the first wireless connection device to the second wireless connection device. The communication control method characterized by performing a process.

(Appendix 9) The wireless connection device is
When a request for new connection is received from a mobile terminal, the request for authentication processing is transmitted to an authentication apparatus that executes authentication processing for the request for new connection, and a handover request for switching a connection destination is received from the mobile terminal A request for permission of the handover request is transmitted to the connection destination immediately before the mobile terminal,
Based on a response to the authentication processing request received from the authentication device, control connection with the mobile terminal,
A communication control method, comprising: executing a process of switching a connection destination of the mobile terminal when a response received from the immediately previous connection destination is a permission response of the handover request.

(Appendix 10)
When a request for new connection is received from a mobile terminal, the request for authentication processing is transmitted to an authentication apparatus that executes authentication processing for the request for new connection, and a handover request for switching a connection destination is received from the mobile terminal A request for permission of the handover request is transmitted to the connection destination immediately before the mobile terminal,
Based on a response to the authentication processing request received from the authentication device, control connection with the mobile terminal,
A communication control program for executing a process of switching a connection destination of the mobile terminal when a response received from the immediately previous connection destination is an acceptance response of the handover request.

(Supplementary Note 11) A storage unit that stores information indicating whether an authentication request is permitted in association with a wireless connection device that controls wireless communication with a mobile terminal;
A receiving unit that receives the authentication request from the wireless connection device that has received the request for new connection from the mobile terminal;
When the authentication request is received by the reception unit, a determination unit that determines whether to permit the authentication request according to information stored in the storage unit;
An authentication device comprising: a response unit that responds to the wireless connection device with a determination result determined by the determination unit.

(Supplementary note 12) The authentication device is
Storing information indicating whether or not to permit an authentication request in association with a wireless connection device that controls wireless communication with a mobile terminal;
Receiving the authentication request from the wireless connection device that has received the request for new connection from the mobile terminal;
When receiving the authentication request, according to the stored information, determine whether to permit the authentication request,
An authentication method comprising: executing a process of responding to the wireless connection device with the determined determination result.

(Supplementary note 13)
Storing information indicating whether or not to permit an authentication request in association with a wireless connection device that controls wireless communication with a mobile terminal;
Receiving the authentication request from the wireless connection device that has received the request for new connection from the mobile terminal;
When receiving the authentication request, according to the stored information, determine whether to permit the authentication request,
An authentication program for executing a process of responding to the wireless connection device with the determined determination result.

10 station 11 ticket gate 12 home 13 track 14 train 20 first access points 21-1, 21-2, 21-3 second access points 30, 31 mobile terminal 40 network 50 authentication server 90 vehicle sensor

Claims (8)

In a communication control system including a first wireless connection device and a second wireless connection device,
The first wireless connection device is:
A connection unit that permits a request for a new connection received from a mobile terminal located in a communication range of the first wireless connection device;
When a handover request is received from a mobile terminal connected to the second wireless connection device, the connection destination of the mobile terminal is switched from the second wireless connection device to the first wireless connection device. A switching unit,
The second wireless connection device is:
A connection unit for rejecting a request for a new connection received from a mobile terminal located in a communication range of the second wireless connection device;
When a handover request is received from a mobile terminal connected to the first wireless connection device, the connection destination of the mobile terminal is switched from the first wireless connection device to the second wireless connection device. A communication control system comprising: a switching unit. The connection part of the first wireless connection device is:
When the request for the new connection is received, the request for the authentication process is transmitted to an external authentication server that executes an authentication process for the request for the new connection, and the authentication server is received by the first wireless connection device. Receiving the result of the authentication process executed on condition that it is an authentication process for the new connection request, and sending a response to the mobile terminal according to the result,
The connection part of the second wireless connection device is:
When the request for new connection is received, the request for the authentication process is transmitted to the authentication server, and the authentication server is an authentication process for the request for new connection received by the second wireless connection device. Receiving a result of refusing execution of the authentication process as a condition, and transmitting a response to the mobile terminal according to the result;
The communication control system according to claim 1. The first wireless connection device further includes a first storage unit that stores first setting information indicating that an authentication process for the new connection request is requested.
The second wireless connection device further includes a second storage unit that stores second setting information indicating that a request for authentication processing for the request for new connection is suppressed,
When the connection unit of the first wireless connection device receives the request for new connection, the connection unit requests an authentication process from an external authentication server according to the first setting information, and receives the request from the authentication server. Based on the result of the authentication process, the request for the new connection is permitted or denied,
The connection unit of the second wireless connection device, when receiving the request for new connection, rejects the request for new connection according to the second setting information. Communication control system. The first wireless connection device is installed at a position where a communication gate is a ticket gate of a station,
The second wireless connection device is installed at a position where the platform of the station is a communication range,
Regardless of whether the train is detected on the premises of the station by the vehicle detection unit installed at the station when the connection unit of the first wireless connection device receives the request for the new connection. Allow the new connection request,
The connection unit of the second wireless connection device rejects the request for new connection when a train is detected on the premises of the station by the vehicle detection unit when the request for new connection is received. 2. The communication control system according to claim 1, wherein when the train is not detected on the premises of the station by the vehicle detection unit, the request for the new connection is permitted. The communication control system further includes an authentication device,
The authentication device
A storage unit that stores information indicating whether to perform an authentication process for the request for new connection in association with each of the first wireless connection device and the second wireless connection device;
A receiving unit that receives the request for authentication processing from the first wireless connection device or the second wireless connection device that has received the request for new connection from the mobile terminal;
A determination unit that determines whether or not to execute the authentication process according to information stored in the storage unit when the request for the authentication process is received by the reception unit;
When the determination unit determines to execute the authentication process, the result of the authentication process is returned to the first wireless connection device or the second wireless connection device, and the authentication unit executes the authentication process. A response unit that responds to the first wireless connection device or the second wireless connection device with a response that rejects the request for authentication processing when it is determined not to perform the authentication processing. The communication control system described.   The determination unit determines to execute the authentication process when the request for the authentication process is received from the first wireless connection device installed at a position where the ticket gate of the station is a communication range, and the home of the station When a train is detected on the premises of the station by the vehicle detection unit installed at the station when the request for the authentication process is received from the second wireless connection device installed at a position having a communication range of 6. The method according to claim 5, wherein it is determined that the execution of the authentication process is suppressed, and the authentication process is determined to be performed when the train is not detected on the premises of the station by the vehicle detection unit. Communication control system. When a request for new connection is received from a mobile terminal, the request for authentication processing is transmitted to an authentication apparatus that executes authentication processing for the request for new connection, and a handover request for switching a connection destination is received from the mobile terminal A transmission unit that transmits a request for permission of the handover request to a connection destination immediately before the mobile terminal;
A connection unit that controls connection with the mobile terminal based on a response to the request for the authentication process received from the authentication device;
When the response received from the previous connection destination is the handover request permission response, a switching unit that switches the connection destination of the mobile terminal;
A wireless connection device comprising: A communication control system including a first wireless connection device installed at a position having a ticket gate of a station as a communication range and a second wireless connection device installed at a position having the platform of the station as a communication range is executed. In the communication control method,
The first wireless connection device is
Processing for permitting a request for new connection received from a mobile terminal located in the communication range of the first wireless connection device;
When a handover request is received from a mobile terminal connected to the second wireless connection device, the connection destination of the mobile terminal is switched from the second wireless connection device to the first wireless connection device. Process and execute
The second wireless connection device is
A process of rejecting a request for new connection received from a mobile terminal located in the communication range of the second wireless connection device;
When a handover request is received from a mobile terminal connected to the first wireless connection device, the connection destination of the mobile terminal is switched from the first wireless connection device to the second wireless connection device. The communication control method characterized by performing a process.

Images