JP2021057834A - Data collection system and data collection method - Google Patents

Abstract

To provide a data collection system, having a host apparatus and a sensor apparatus for transmitting measurement data to the host apparatus through a network, the data collection system being capable of achieving secure communication between the host apparatus and the sensor apparatus as well as suppression of power consumption of the sensor apparatus.SOLUTION: A data collection system 1 includes a host apparatus 200 and a sensor apparatus 100 of battery drive type transmitting measurement data D to the host apparatus through a network 20. The host apparatus includes encryption key generation section 240 for generating an encryption key unique to the sensor apparatus, a storage section 230 for storing the encryption key, a transmission section 220 for transmitting the encryption key to the sensor apparatus using a public key encryption and a reception section 210 for receiving the measurement data of the sensor apparatus. The sensor apparatus includes a reception section 130 for receiving an encryption key transmitted by the host apparatus, a packet generating section 160 for generating a packet including the measurement data encrypted with the encryption key and a transmission section 140 for transmitting the packet by broadcasting.SELECTED DRAWING: Figure 2

Description

The present invention relates to a data collection system including a host device, a sensor device connected to the host device via a network and transmitting measurement data to the host device, and a data collection method.

A data collection system including a host device and a sensor device connected to the host device via a network and receiving and collecting measurement data of the sensor device by the host device is used for various purposes (for example, a patent). Document 1 (Japanese Unexamined Patent Publication No. 2005-182441).

In such a data collection system, security measures are important in order to avoid problems such as spoofing in which false information is transmitted from a device other than the original sensor device and data eavesdropping or falsification.

Therefore, in order to realize secure communication, it is conceivable to use communication using a public key cryptosystem. However, communication using a public key cryptosystem consumes a relatively large amount of power because there are many communication sequences. Many sensor devices have limited available power because they use the power supplied by the battery or the power generated by the environmental power generation element. Therefore, if the power consumption is high, the battery needs to be replaced frequently. However, there is a possibility that problems such as insufficient power required for data transmission may occur. Such a problem becomes particularly prominent when the sensor device transmits measurement data relatively frequently.

The data collection system according to the first aspect includes a host device and a sensor device. The sensor device is connected to the host device via a network. The sensor device transmits measurement data to the host device. The sensor device has a battery or an energy harvesting element, and is driven by the electric power supplied by the battery or the electric power generated by the energy harvesting element. The host device includes an encryption key generation unit, a host side storage unit, an encryption key transmission unit, and a measurement data reception unit. The encryption key generator generates an encryption key unique to the sensor device. The host-side storage unit stores the encryption key generated by the encryption key generation unit. The encryption key transmission unit transmits the encryption key to the sensor device via the network using the public key cryptography infrastructure. The measurement data receiving unit receives the measurement data from the sensor device. The sensor device includes an encryption key receiving unit, a sensor-side storage unit, a packet generating unit, and a packet transmitting unit. The encryption key receiver receives the encryption key transmitted by the host device. The sensor-side storage unit stores the encryption key received by the encryption key reception unit. The packet generation unit encrypts the measurement data with the encryption key stored in the sensor-side storage unit, and generates a packet containing the encrypted measurement data. The packet transmission unit broadcasts the packets generated by the packet generation unit.

In the data collection system of the first aspect, the host device transmits the encryption key to the sensor device in a secure environment using the public key cryptosystem, and the sensor device consumes the measurement data encrypted using this encryption key. Send with relatively few broadcasts. Therefore, in the data collection system of the first aspect, it is possible to achieve both a secure communication environment between the host device and the sensor device and power saving of the sensor device.

Further, since the data collection system of the first viewpoint uses broadcast, it is possible to collect measurement data from a large number of sensor devices with one host device theoretically without limiting the number of devices.

The data collection system according to the second aspect is the data collection system of the first aspect, and the host device and the sensor device communicate with each other using the Bluetooth (registered trademark) standard. The encryption key transmitter transmits the encryption key to the sensor device at the time of pairing between the host device and the sensor device. The packet generation unit generates an advertisement packet including encrypted measurement data as a packet.

In the data collection system of the second aspect, the Bluetooth (registered trademark) standard can be used to achieve both a secure communication environment and power saving of the sensor device.

The data collection system according to the third viewpoint is the data collection system of the first viewpoint or the second viewpoint, and the host side storage unit and the sensor side storage unit store a common identification character string. The packet generation unit generates a packet including the encrypted measurement data and the identification character string.

In the data collection system of the third aspect, since the packet contains a common identification character string stored in the host device and the sensor device, a secure system can be easily realized.

The data collection system according to the fourth aspect is the data collection system of the third aspect, and the host device further includes a decoding unit and a first determination unit. The decryption unit uses the encryption key to decrypt the encrypted measurement data and the identification character string contained in the received packet. The first determination unit determines whether or not the identification character string decoded by the decoding unit matches the identification character string stored in the host-side storage unit.

In the data collection system of the fourth viewpoint, it is possible to suppress the occurrence of a situation in which inappropriate measurement data is erroneously collected.

The data collection system according to the fifth aspect is the data collection system of the fourth aspect, and the first determination unit includes an identification character string decoded by the decoding unit and an identification character string stored in the host side storage unit. If it is determined that they do not match, the received packet is determined to be a packet transmitted by a device that is not the target of data collection.

In the data collection system of the fifth aspect, a device that is not the target of data collection is determined based on the mismatch of the identification character strings, so that a secure system can be realized.

The data collection system according to the sixth aspect is any of the data collection systems from the first aspect to the fifth aspect, and the host device further includes a second determination unit. The second determination unit determines whether or not the received measurement data is the measurement data transmitted by a device that is not the target of data collection, based on the time change of the measurement data received by the measurement data reception unit.

In the data collection system of the sixth aspect, it can be determined that the measurement data is the measurement data transmitted by a device that is not subject to data collection, such as a spoofing device (camouflaged device), based on the time change of the measurement data.

The data collection system according to the seventh aspect includes a host device and a sensor device. The sensor device is connected to the host device via a network. The sensor device transmits measurement data to the host device. The sensor device has a battery or an energy harvesting element, and is driven by the electric power supplied by the battery or the electric power generated by the energy harvesting element. The sensor device includes an encryption key generation unit, a sensor-side storage unit, an encryption key transmission unit, a packet generation unit, and a packet transmission unit. The encryption key generator generates an encryption key unique to the sensor device. The sensor-side storage unit stores the encryption key generated by the encryption key generation unit. The encryption key transmission unit transmits the encryption key to the host device via the network using the public key cryptography infrastructure. The packet generation unit encrypts the measurement data with the encryption key stored in the sensor-side storage unit, and generates a packet containing the encrypted measurement data. The packet transmission unit broadcasts the packets generated by the packet generation unit. The host device includes an encryption key receiving unit, a host-side storage unit, and a measurement data receiving unit. The encryption key receiving unit receives the encryption key transmitted by the sensor device. The host-side storage unit stores the encryption key received by the encryption key reception unit. The measurement data receiving unit receives the measurement data transmitted by the sensor device.

In the data collection system of the seventh aspect, the sensor device transmits the encryption key to the host device in a secure environment using the public key cryptosystem, and the sensor device encrypts the measurement data using the encryption key created by itself. It is transmitted by broadcast with relatively low power consumption. Therefore, in the data collection system of the seventh aspect, it is possible to achieve both a secure communication environment between the host device and the sensor device and power saving of the sensor device.

Further, since the data collection system of the seventh aspect uses broadcast, it is possible to collect measurement data from a large number of sensor devices with one host device without theoretically limiting the number of devices.

The data collection method according to the eighth aspect is a data collection method in which the measurement data transmitted by the sensor device is collected by the host device connected to the sensor device via the network. The sensor device has a battery or an energy harvesting element, and is driven by the electric power of the battery or the electric power generated by the energy harvesting element. The data collection method includes an encryption key generation step, a first storage step, an encryption key transmission step, an encryption key reception step, a second storage step, a packet generation step, and a packet transmission step. In the encryption key generation step, the host device generates an encryption key unique to the sensor device. In the first storage step, the host device stores the generated encryption key unique to the sensor device in the host-side storage unit of the host device. In the encryption key transmission step, the host device transmits the encryption key to the sensor device via the network using the public key cryptography infrastructure. In the encryption key reception step, the sensor device receives the encryption key transmitted by the host device. In the second storage step, the sensor device stores the received encryption key in the sensor-side storage unit of the sensor device. In the packet generation step, the sensor device encrypts the measurement data with the encryption key stored in the sensor-side storage unit, and generates a packet containing the encrypted measurement data. In the packet transmission step, the sensor device broadcasts the generated packet.

The data collection method according to the ninth aspect is a data collection method in which the measurement data transmitted by the sensor device is collected by the host device connected to the sensor device via the network. The sensor device has a battery or an energy harvesting element, and is driven by the electric power of the battery or the electric power generated by the energy harvesting element. The data collection method includes an encryption key generation step, a first storage step, an encryption key transmission step, an encryption key reception step, a second storage step, a packet generation step, and a packet transmission step. In the encryption key generation step, the sensor device generates an encryption key unique to the sensor device. In the first storage step, the sensor device stores the generated encryption key unique to the sensor device in the sensor-side storage unit of the sensor device. In the encryption key transmission step, the sensor device transmits the encryption key to the host device via the network using the public key cryptography infrastructure. In the encryption key reception step, the host device receives the encryption key transmitted by the sensor device. In the second storage step, the host device stores the received encryption key in the host-side storage unit of the host device. In the packet generation step, the sensor device encrypts the measurement data with the encryption key stored in the sensor-side storage unit, and generates a packet containing the encrypted measurement data. In the packet transmission step, the sensor device broadcasts the generated packet.

It is a schematic block diagram of a data collection system. It is a schematic block diagram of the data collection system which concerns on 1st Embodiment. It is a sequence chart mainly for explaining the exchange of data between a host device and a sensor device performed by the data collection system of FIG. It is a flowchart of the encryption key transmission to the sensor device performed by the data collection system of FIG. It is a flowchart of the process concerning the collection of the measurement data of the sensor device performed by the data collection system of FIG. It is a schematic block diagram of the data collection system which concerns on 2nd Embodiment. It is a sequence chart mainly for explaining the exchange of data between a host device and a sensor device performed by the data collection system of FIG. It is a schematic block diagram of the data collection system of the modification A. It is a schematic block diagram of the data collection system of the modification B.

Hereinafter, embodiments of the data collection system and the data collection method will be described.

<First Embodiment>
(1) Overall Overview An overall outline of the data collection system 1 of the first embodiment will be described with reference to FIG. FIG. 1 is a schematic configuration diagram of the data collection system 1.

The data collection system 1 is generally a system that collects measurement data of sensor devices 100a to 100n. Although the application is not limited, the measurement data collected by the data collection system 1 is used, for example, for various monitoring, various analyzes, control of various devices, and the like.

As shown in FIG. 1, the data collection system 1 includes a host device 200 and sensor devices 100a to 100n. The data collection system 1 includes, but is not limited to, a plurality of sensor devices 100a to 100n. For example, the data collection system 1 includes 10 or more sensor devices 100a to 100b. The host device 200 and the plurality of sensor devices 100a to 100n are communicably connected by the network 20. Each of the sensor devices 100a to 100n performs a predetermined measurement and transmits the measurement data to the host device 200 via the network 20. The host device 200 stores the measurement data acquired from the sensor devices 100a to 100n in the storage unit 230 of the host device 200.

In the present embodiment, the host device 200 is mounted on the indoor unit of the air conditioner 10. For example, the host device 200 is a device independent of the control device of the air conditioner 10. The host device 200 may be incorporated in the control device of the air conditioner 10. In other words, a part of the control device of the air conditioner 10 may function as the host device 200. Further, the host device 200 may be mounted on a device other than the air conditioner. For example, the host device 200 is mounted on a device other than an air conditioner that can adjust at least one of the temperature, humidity, radiation temperature, air volume, wind direction, air quality, illuminance, brightness, and color temperature of the target space. It may have been done. Such equipment includes, for example, dehumidifiers, humidifiers, floor heaters, blowers, air purifiers, ventilators, and lighting devices. Further, for example, the host device 200 may be mounted on a central monitoring device such as a building or a factory. Further, the host device 200 does not need to be mounted on another device, and may be an independent device.

Each sensor device 100a to 100n is a sensor that performs a predetermined measurement. Although the type of the sensor device is not limited, the sensor devices 100a to 100n include, for example, at least one of temperature, humidity, radiation temperature, air volume, wind direction, air quality (for example, CO2 concentration), illuminance, brightness, and color temperature. It is a sensor that measures the temperature. Further, the sensor devices 100a to 100n may be digital signal type sensor devices such as a human detection sensor. Further, the sensor devices 100a to 100n may be sensor devices (sensor devices for measuring position information and biological information) built in a smartphone or a wearable device carried by a person, instead of being an installation type. The plurality of sensor devices 100a to 100n do not necessarily have to be the same type of sensor, and may be different types of sensors. In the present embodiment, the sensor devices 100a to 100n are temperature sensors arranged in the air-conditioned space of the air-conditioning device 10.

The host device 200 and the sensor devices 100a to 100b are connected via a network 20 which is a wireless network. In the present embodiment, the host device 200 and the sensor devices 100a to 100b communicate with each other using the Bluetooth (registered trademark) standard.

The processing performed by the data collection system 1 of the present disclosure will be outlined.

In the data collection system 1, in order to share the encryption key, the encryption key (common key) unique to each sensor device 100a to 100n generated by the host device 200 is used via the network 20 using the public key cryptography infrastructure. It is transmitted to the sensor devices 100a to 100n. Then, after sharing the encryption key, each sensor device 100a to 100n transmits the measurement data encrypted with the encryption key unique to each sensor device 100a to 100n to the host device 200 by broadcasting with relatively low power consumption. .. In short, in the present data collection system 1, an encryption key unique to each sensor device 100a to 100n is transmitted from the host device 200 to each sensor device 100a to 100n in a secure environment. Then, the sensor devices 100a to 100n transmit the measurement data by a broadcast capable of saving power by using the encryption key unique to each sensor device 100a to 100n. Details will be described later.

(2) Detailed Configuration The details of the sensor devices 100a to 100n and the host device 200 will be described below with reference to FIG. FIG. 2 is a schematic block diagram of the data collection system 1.

The sensor devices 100a to 100n may be sensor devices that perform different types of measurement as described above. However, the sensor devices 100a to 100n all perform the same operation with respect to the generation of the packet including the measurement data and the transmission of the packet to the host device 200. Therefore, here, instead of explaining each of the sensor devices 100a to 100n, the sensor device 100 representing the sensor devices 100a to 100n will be described.

(2-1) Sensor device The sensor device 100 is a device that has a communication function and transmits measurement data via the network 20. The sensor device 100 may be a device that combines a sensor device that performs measurement and a communication device that is independent of the sensor device and can communicate with the host device 200 via the network 20.

The sensor device 100 is not connected to the power system. The sensor device 100 is battery-powered. The battery-powered sensor device 100 has a higher degree of freedom in selecting the installation location and is easier to install than the sensor device that requires power supply from the power system. On the other hand, in the battery-powered sensor device 100, if the power consumption is large, the battery needs to be replaced frequently.

The sensor device 100 includes a sensor module 110 and a battery 120. Further, the sensor device 100 includes a microcomputer having a CPU and a memory, an input / output device, a wireless communication module, and the like (not shown). When the CPU executes a program stored in the memory, the sensor device 100 functions as a receiving unit 130, a transmitting unit 140, a storage unit 150, and a packet generating unit 160.

(2-1-1) Sensor module The sensor module 110 performs predetermined measurement using a sensor device (not shown). In the present embodiment, the sensor module 110 measures the temperature of the air at the installation location of the sensor device by using a thermistor as a sensor device (not shown).

(2-1-2) Battery The battery 120 is used to drive the sensor device 100. In short, the various devices included in the sensor device 100 are driven by the electric power supplied by the battery 120.

(2-1-3) Reception unit The reception unit 130 receives various signals transmitted by the host device 200 via the network 20.

The receiving unit 130 receives, for example, the encryption key K transmitted by the host device 200. In short, the receiving unit 130 is an example of the encryption key receiving unit. The encryption key K received by the receiving unit 130 is stored in the storage unit 150.

The encryption key K is an encryption key K unique to the sensor device 100 generated by the encryption key generation unit 240 of the host device 200, which will be described later. In other words, different encryption keys are transmitted to the sensor devices 100a to 100n. The encryption key K is a common key used for both encryption and decryption of information.

(2-1-4) Transmission unit The transmission unit 140 transmits various signals to the host device 200 via the network 20.

For example, the transmission unit 140 broadcasts the packets generated by the packet generation unit 160, which will be described later, to the host device 200 via the network 20. In short, the transmission unit 140 is an example of a packet transmission unit. Specifically, the transmission unit 140 broadcasts an advertisement packet including the measurement data D of the sensor module 110 generated by the packet generation unit 160.

(2-1-5) Storage unit The storage unit 150 stores various information.

The storage unit 150 is an example of a sensor-side storage unit. The storage unit 150 stores the encryption key K received by the reception unit 130.

Further, the storage unit 150 stores the identification character string C and the measurement data D.

The identification character string C is information stored in advance in the storage unit 150 of the sensor device 100. The same identification character string C is stored in advance in the storage unit 230 of the host device 200, which will be described later. In other words, the storage unit 150 of the sensor device 100 and the storage unit 230 of the host device 200 store a common identification character string C.

The measurement data D is the measurement data of the sensor module 110. The storage unit 150 stores the measurement date and time of the sensor module 110 and the measurement value of the sensor module 110 in association with each other.

(2-1-6) Packet Generation Unit The packet generation unit 160 generates a packet including measurement data D for transmission to the host device 200. In particular, the packet generation unit 160 encrypts the measurement data D stored in the storage unit 150 with the encryption key K stored in the storage unit 150, and generates a packet including the encrypted measurement data D. A known encryption algorithm (for example, AES encryption) may be used for encryption using the encryption key K of the packet generation unit 160.

The packet generation unit 160 generates an advertisement packet including the encrypted measurement data D as a packet. The packet generated by the packet generation unit 160 is broadcast by the transmission unit 140 as described above.

In the present embodiment, the measurement data D stored and encrypted in the storage unit 150 is the measurement data itself of the sensor module 110. However, the present invention is not limited to this, and the encrypted measurement data D is calculated based on the measurement value of the sensor module 110, such as the average value or the median value of the measurement data measured by the sensor module 110 a plurality of times. It may be a value.

The packet generation unit 160 preferably generates a packet including the identification character string C in addition to the measurement data D. Specifically, the packet generation unit 160 encrypts the measurement data D and the identification character string C stored in the storage unit 150 with the encryption key K, and the packet including the encrypted measurement data D and the identification character string C. It is preferable to generate.

(2-2) Host device The host device 200 is realized by, for example, a computer. The host device 200 includes a control arithmetic unit and a storage device (not shown). A processor such as a CPU or GPU can be used as the control arithmetic unit. The control arithmetic unit reads and executes the program stored in the storage device, and performs a predetermined process. Further, the control arithmetic unit writes the arithmetic result in the storage device according to the program and reads out the information stored in the storage device.

As shown in FIG. 2, the host device 200 executes a program stored in the storage device by the control arithmetic unit, so that the reception unit 210, the transmission unit 220, the storage unit 230, the encryption key generation unit 240, and the decryption unit 250 are executed. , The first determination unit 260, the second determination unit 270, and the writing unit 280.

(2-2-1) Receiving unit The receiving unit 210 receives various signals transmitted from the sensor device 100 via the network 20.

The receiving unit 210 receives the measurement data D from, for example, the sensor device 100. In short, the receiving unit 210 is an example of the measurement data receiving unit. Specifically, the receiving unit 210 receives the packet including the measurement data D encrypted with the encryption key K, which is transmitted by the transmitting unit 140 of the sensor device 100 by broadcasting. More specifically, the receiving unit 210 receives the advertisement packet including the measurement data D encrypted with the encryption key K, which is transmitted by the transmitting unit 140 of the sensor device 100 by broadcasting. In particular, in the data collection system 1 of the present embodiment, the receiving unit 210 receives a packet including the measurement data D encrypted with the encryption key K and the identification character string C transmitted by the transmitting unit 140 of the sensor device 100. Receive.

(2-2-2) Transmission unit The transmission unit 220 transmits various signals to the sensor device 100 via the network 20. The transmission unit 220 transmits, for example, the encryption key K unique to the sensor device 100 generated by the encryption key generation unit 240 to the sensor device 100 using the public key cryptography infrastructure via the network 20. Specifically, when the host device 200 and the sensor device 100 are paired, the transmission unit 220 transmits the encryption key K unique to the sensor device 100 to the sensor device 100 using the public key cryptosystem. The encryption key generation unit 240 generates different encryption keys for each of the sensor devices 100a to 100n. Therefore, the transmission unit 220 transmits a different encryption key to each of the sensor devices 100a to 100n to the sensor device 100 using the public key cryptosystem.

(2-2-3) Storage unit The storage unit 230 is an example of a host-side storage unit. The storage unit 230 stores various information. The information stored in the storage unit 230 includes the encryption key K, the identification character string C, and the measurement data D.

The encryption key K is a unique encryption key of each sensor device 100a to 100n generated individually by the encryption key generation unit 240 for each of the sensor devices 100a to 100n. The storage unit 230 stores the identification information of the sensor devices 100a to 100n and the encryption key of each sensor device 100a to 100n in association with each other.

The identification character string C is information stored in advance in the storage unit 230 of the host device 200. The same, in other words, the common identification character string C is also stored in the storage unit 150 of the sensor device 100.

The measurement data D is the measurement data D of the sensor device 100. Here, when the following two conditions are satisfied, the writing unit 280 described later stores the measurement data D decoded by the decoding unit 250 described later in the storage unit 230. If both of the following two conditions are not satisfied, the packet received by the receiving unit 210 is discarded.
Condition 1: The measurement data decoded by the decoding unit 250, which will be described later, is valid data included in the packet received by the receiving unit 210. In other words, the encryption key used for encryption in the packet received by the receiving unit 210 is the encryption key K stored in the storage unit 230.
Condition 2: The identification character string C included in the packet received by the reception unit 210 and decoded by the decoding unit 250, which will be described later, matches the identification character string C stored in the storage unit 230. In other words, the first determination unit 260, which will be described later, does not determine that the packet received by the reception unit 210 is not the measurement data transmitted by the sensor device 100 to be collected.

(2-2-4) Encryption key generation unit The encryption key generation unit 240 generates an encryption key K unique to the sensor device 100. In other words, the encryption key generation unit 240 generates different encryption keys for each of the sensor devices 100a to 100n.

(2-2-5) Decryption unit The decryption unit 250 decrypts the encrypted measurement data D included in the packet received by the reception unit 210 by using the encryption key K stored in the storage unit 230. In particular, in the data collection system 1 of the present embodiment, the decryption unit 250 decodes the packet including the measurement data D and the identification character string C encrypted with the encryption key K included in the packet received by the reception unit 210.

If the data included in the packet received by the receiving unit 210 is not encrypted using the encryption key K, the decrypted data will not be valid data. If the decrypted data is not valid data, the packet data received by the receiving unit 210 is discarded as invalid data. Specifically, when the decoded data is not valid data, the writing unit 280, which will be described later, does not store the data of the packet received by the receiving unit 210 in the storage unit 230.

(2-2-6) First Judgment Unit The first judgment unit 260 compares the identification character string C decoded by the decoding unit 250 with the identification character string C stored in the storage unit 230, and both match. Decide whether to do it or not.

When the identification character string C decoded by the decoding unit 250 and the identification character string C stored in the storage unit 230 do not match, the first determination unit 260 obtains data of the packet received by the reception unit 210. Judge that the packet was sent by a device that is not the target of collection. For example, it is a device (impersonation device) that impersonates the sensor device 100 and transmits data. When the first determination unit 260 determines that the packet received by the reception unit 210 is a packet transmitted by a device not subject to data collection, the data of the packet received by the reception unit 210 is discarded as invalid data. Specifically, when the first determination unit 260 determines that the packet received by the reception unit 210 is a packet transmitted by a device not subject to data collection, the writing unit 280, which will be described later, is received by the reception unit 210. The packet data is not stored in the storage unit 230.

(2-2-7) Second Judgment Unit The second judgment unit 270 is based on the time change of the measurement data D received by the reception unit 210, and the received measurement data D is the data transmitted by the device that is not the target of data collection. Judge whether or not. Specifically, in the second determination unit 270, the received measurement data D is not subject to data collection based on the time change of the measurement data D included in the packet received by the reception unit 210 and decoded by the decoding unit 250. Judge whether it is the data transmitted by the device of. More specifically, in the second determination unit 270, when the temperature of the measurement data D received by the reception unit 210 and stored in the storage unit 230 does not change for a long period of time, the received measurement data D is the data. Judge that the data is transmitted by a device that is not subject to collection.

(2-2-8) Writing unit In the writing unit 280, when the receiving unit 210 receives the packet, the decrypted data of the decoding unit 250 is valid data, and the first determination unit 260 determines that the data is valid. When the receiving unit 210 does not determine that the packet received is not the measurement data transmitted by the sensor device 100 to be collected, the decoded measurement data of the decoding unit 250 is stored in the storage unit 230 as the measurement data D. ..

(3) Operation of Data Collection System The operation of the data collection system 1 will be described with reference to FIGS. 3 to 5. FIG. 3 is a sequence chart mainly for explaining the exchange of data between the host device 200 and the sensor device 100 performed by the data collection system 1. Note that the sequence chart of FIG. 3 is not drawn assuming that a packet is transmitted from a device other than the sensor device 100 that is not subject to data collection (for example, a spoofing device (impersonation device)). FIG. 4 is a flowchart of encryption key transmission to the sensor device 100 performed by the data collection system 1. FIG. 5 is a flowchart of processing related to the collection of measurement data of the sensor device 100 performed by the data collection system 1.

(3-1) Data exchange between the sensor device and the host device With reference to FIG. 3, data exchange between the sensor device 100 and the host device 200 will be described.

First, when the power of the sensor device 100 is turned on for the first time, the sensor device 100 transmits an authentication profile together with a pairing request by broadcasting from the transmission unit 140 via the network 20. On the other hand, the host device 200 performs a pairing process, and the host device 200 and the sensor device 100 start pairing. After that, in the host device 200, the encryption key generation unit 240 generates the encryption key K unique to the sensor device 100 and stores it in the storage unit 230. Further, the transmission unit 220 of the host device 200 transmits the encryption key K generated by the encryption key generation unit 240 to the sensor device 100 via the network 20 using the public key cryptography infrastructure. The sensor device 100 stores the encryption key K received by the receiving unit 130 in the storage unit 150. The above is the flow of data exchange between the host device 200 and the sensor device 100 in the process of transmitting the encryption key K from the host device 200 to the sensor device 100.

After the sensor device 100 receives the encryption key K, the sensor module 110 of the sensor device 100 acquires the measurement data D at a predetermined timing, and stores the acquired measurement data D in the storage unit 150. Then, the packet generation unit 160 encrypts the measurement data D and the identification character string C stored in the storage unit 150 with the encryption key K, and generates an advertisement packet including the encrypted measurement data D and the identification character string C. To do. Then, the transmission unit 140 transmits the advertisement packet by broadcasting. When the receiving unit 210 receives the advertisement packet, the host device 200 decrypts the encrypted measurement data D included in the advertisement packet with the encryption key K for the sensor device 100 that is the source of the advertisement packet, and obtains the measurement data. It is stored in the storage unit 230. Various processes performed when the host device 200 receives the advertisement packet will be described later.

(3-2) Transmission of Encryption Key to Sensor Device The flow of processing up to transmission of the encryption key to the sensor device 100 performed by the data collection system 1 will be described again with reference to FIG. The flowchart described here is only an example, and may be appropriately changed as long as there is no contradiction.

First, when the power of the sensor device 100 is turned on for the first time, the sensor device 100 transmits an authentication profile together with a pairing request by broadcasting from the transmission unit 140 via the network 20 (step S1).

When the receiving unit 210 receives the pairing request and the authentication profile, the host device 200 performs the pairing process. As a result, pairing between the host device 200 and the sensor device 100 is started (step S2).

Next, the encryption key generation unit 240 of the host device 200 generates the encryption key K unique to the sensor device 100 (step S3).
Next, the host device 200 stores the encryption key K generated by the encryption key generation unit 240 in the storage unit 230 in association with the information that identifies the sensor device 100 (step S4).
Next, the transmission unit 220 of the host device 200 transmits the encryption key K generated by the encryption key generation unit 240 to the sensor device 100 via the network 20 using the public key cryptography infrastructure (step S5).

The receiving unit 130 of the sensor device 100 receives the encryption key K transmitted by the host device 200 (step S6). Then, the sensor device 100 stores the encryption key K received by the receiving unit 130 in the storage unit 150 (step S7).

Then, the pairing between the sensor device 100 and the host device 200 is completed (step S8).

The process of generating and transmitting the encryption key K described above may be executed not only at the time of installing the sensor device 100 but also at regular intervals. By updating the encryption key K on a regular basis, the security of communication can be enhanced.

(3-3) Collection of Measurement Data of Sensor Equipment in Data Collection System The processing related to collection of measurement data of sensor equipment 100 performed in data collection system 1 will be described again with reference to FIG. The flowchart described here is only an example, and may be appropriately changed as long as there is no contradiction.

As a premise, it is assumed that the sensor module 110 (here, the temperature sensor module) of the sensor device 100 measures the temperature at a predetermined timing, and the storage unit 150 stores the measurement data D.

The packet generation unit 160 of the sensor device 100 encrypts the measurement data D stored in the storage unit 150 with the encryption key K stored in the storage unit 150 at a predetermined timing. More specifically, the packet generation unit 160 encrypts the measurement data D and the identification character string C stored in the storage unit 150 with the encryption key K stored in the storage unit 150 (step S11).

Then, the packet generation unit 160 generates a packet including the encrypted measurement data D. More specifically, the packet generation unit 160 generates an advertisement packet including the encrypted measurement data D and the identification character string C (step S12).

Next, in step S13, the transmission unit 140 broadcasts the packet generated by the packet generation unit 160. Specifically, the transmission unit 140 broadcasts the advertisement packet generated by the packet generation unit 160.

Next, in step S14, the receiving unit 210 of the host device 200 receives the measurement data D from the sensor device 100. More specifically, the receiving unit 210 receives the advertisement packet transmitted from the sensor device 100.

Next, in step S15, the decryption unit 250 of the host device 200 uses the encryption key K corresponding to the sensor device 100 that is the source of the packet, and the encrypted measurement included in the packet received by the reception unit 210. The data D and the identification character string C are decrypted.

Next, in step S16, the sensor device 100 determines whether or not the decoded measurement data D and the identification character string C are valid data. If the decoded measurement data D and the identification character string C are valid data, the process proceeds to step S17, and if the decoded measurement data D and the identification character string C are not valid data, the process proceeds to step S22.

Next, in step S17, the first determination unit 260 determines whether or not the identification character string C decoded by the decoding unit 250 and the identification character string C stored in the storage unit 230 match. Then, when the first determination unit 260 determines that the identification character string C decoded by the decoding unit 250 and the identification character string C stored in the storage unit 230 do not match, the receiving unit 210 determines in step S14. The received packet is determined to be a packet transmitted by a device that is not the target of data collection.

In step S17, when the first determination unit 260 determines that the identification character string C decoded by the decoding unit 250 and the identification character string C stored in the storage unit 230 match, the process proceeds to step S18. On the other hand, in step S17, when the first determination unit 260 determines that the identification character string C decoded by the decoding unit 250 and the identification character string C stored in the storage unit 230 do not match, step S22 is performed. move on.

In step S18, the writing unit 280 of the host device 200 stores the measurement data D decoded in step S15 in the storage unit 230.

In step S19, the second determination unit 270 analyzes the time change of the measurement data D received by the reception unit 210. Specifically, the second determination unit 270 analyzes the time change of the past measurement data D stored in the storage unit 230, including the measurement data D stored most recently.

Next, in step S20, the second determination unit 270 determines whether or not the past measurement data D is a predetermined constant value for a long time. When the past measurement data D is constant for a long time, the second determination unit 270 determines that the received measurement data D is the measurement data transmitted by a device not subject to data collection, and performs a series of processes. It ends (step S21). When the second determination unit 270 determines that the measurement data D of the sensor device 100 stored in the storage unit 230 is the measurement data transmitted by the device not subject to data collection, the host device 200 determines the measurement data. In various processes using D, the data stored as the measurement data D of the sensor device 100 in the storage unit 230 may be ignored as invalid data.

On the other hand, if there is a change in the past measurement data D in step S20 (No in step S20), the second determination unit 270 determines that the received measurement data D is the measurement data transmitted by the sensor device 100. Then, when the process proceeds from step S16 and step S17 to step S22 to end the series of processing, the host device 200 discards the data. Specifically, the writing unit 280 of the host device 200 ends a series of processes without storing the measurement data D decoded in step S15 in the storage unit 230.

(4) Features (4-1)
The data collection system 1 of the present embodiment includes a host device 200 and a sensor device 100. The sensor device 100 is connected to the host device 200 via the network 20. The sensor device 100 transmits the measurement data D to the host device 200. The sensor device 100 has a battery 120 and is driven by the electric power supplied by the battery 120. The host device 200 includes an encryption key generation unit 240, a storage unit 230 as an example of a host-side storage unit, a transmission unit 220 as an example of an encryption key transmission unit, and a reception unit 210 as an example of a measurement data reception unit. Have. The encryption key generation unit 240 generates an encryption key K unique to the sensor device 100. The storage unit 230 stores the encryption key K generated by the encryption key generation unit 240. The transmission unit 220 transmits the encryption key K to the sensor device 100 via the network 20 using the public key cryptography infrastructure. The receiving unit 210 receives the measurement data D from the sensor device 100. The sensor device 100 includes a receiving unit 130 as an example of an encryption key receiving unit, a storage unit 150 as an example of a sensor-side storage unit, a packet generating unit 160, and a transmitting unit 140 as an example of a packet transmitting unit. Have. The receiving unit 130 receives the encryption key K transmitted by the host device 200. The storage unit 150 stores the encryption key K received by the reception unit 130. The packet generation unit 160 encrypts the measurement data D with the encryption key K stored in the storage unit 150, and generates a packet including the encrypted measurement data D. The transmission unit 140 broadcasts the packet generated by the packet generation unit 160.

In the data collection system 1, the host device 200 transmits the encryption key K to the sensor device 100 in a secure environment using the public key cryptosystem, and the sensor device 100 transmits the measurement data D encrypted using the encryption key K. , Sends in a broadcast with relatively low power consumption. Therefore, in the data collection system 1, it is possible to achieve both a secure communication environment between the host device 200 and the sensor device 100 and power saving of the sensor device 100.

Further, since the data collection system 1 uses broadcast, one host device 200 can theoretically collect measurement data D from a large number of sensor devices 100 without limiting the number of devices.

(4-2)
In the data collection system 1 of the present embodiment, the host device 200 and the sensor device 100 communicate with each other using the Bluetooth (registered trademark) standard. The transmission unit 220 transmits the encryption key K to the sensor device 100 at the time of pairing between the host device 200 and the sensor device 100. The packet generation unit 160 generates an advertisement packet including the encrypted measurement data D as a packet.

In this data collection system 1, the Bluetooth (registered trademark) standard can be used to achieve both a secure communication environment and power saving of the sensor device 100.

(4-3)
In the data collection system 1 of the present embodiment, the storage unit 230 of the host device 200 and the storage unit 150 of the sensor device 100 store a common identification character string C. The packet generation unit 160 generates a packet including the encrypted measurement data D and the identification character string C.

In the data collection system 1, since the packet includes the common identification character string C stored in the host device 200 and the sensor device 100, a secure system can be easily realized.

(4-4)
In the data collection system 1 of the present embodiment, the host device 200 includes a decoding unit 250 and a first determination unit 260. The decryption unit 250 uses the encryption key K to decrypt the encrypted measurement data D and the identification character string C included in the received packet. The first determination unit 260 determines whether or not the identification character string C decoded by the decoding unit 250 and the identification character string C stored in the storage unit 230 match.

In this data collection system 1, it is possible to suppress the occurrence of a situation in which inappropriate measurement data is erroneously collected.

(4-5)
In the data collection system 1 of the present embodiment, in the first determination unit 260, the identification character string C decoded by the decoding unit 250 and the identification character string C stored in the storage unit 230 of the host device 200 do not match. If it is determined, the received packet is determined to be a packet transmitted by a device not subject to data collection.

In this data collection system 1, a device that is not the target of data collection is determined based on the mismatch of the identification character strings C, so that a secure system can be realized.

(4-6)
In the data collection system 1 of the present embodiment, the host device 200 includes a second determination unit 270. The second determination unit 270 determines whether or not the received measurement data D is the measurement data transmitted by a device that is not the target of data collection, based on the time change of the measurement data D received by the reception unit 210.

In this data collection system 1, it can be determined that the measurement data D is the measurement data transmitted by a device other than the target of data collection such as a camouflaged device, based on the time change of the measurement data D.

(4-7)
The data collection method of the present embodiment is a data collection method in which the measurement data transmitted by the sensor device 100 is collected by the host device 200 connected to the sensor device 100 via the network 20. The sensor device 100 has a battery 120 and is driven by the electric power of the battery 120. The data collection method includes an encryption key generation step, a first storage step, an encryption key transmission step, an encryption key reception step, a second storage step, a packet generation step, and a packet transmission step. In the encryption key generation step, the host device 200 generates the encryption key K unique to the sensor device 100. In the first storage step, the host device 200 stores the generated encryption key K unique to the sensor device 100 in the storage unit 230, which is an example of the host-side storage unit. In the encryption key transmission step, the host device 200 transmits the encryption key K to the sensor device 100 via the network 20 using the public key cryptography infrastructure. In the encryption key receiving step, the sensor device 100 receives the encryption key K transmitted by the host device 200. In the second storage step, the sensor device 100 stores the received encryption key K in the storage unit 150, which is an example of the sensor-side storage unit. In the packet generation step, the sensor device 100 encrypts the measurement data D with the encryption key K stored in the storage unit 150, and generates a packet including the encrypted measurement data D. In the packet transmission step, the sensor device 100 broadcasts the generated packet.

<Second Embodiment>
The data collection system 1A of the second embodiment will be described with reference to FIGS. 6 and 7. FIG. 6 is a schematic block diagram of the data collection system 1A. In FIG. 6, the functional unit represented by using the same reference code as in FIG. 2 has substantially the same function as the functional unit described with the same reference code of the data collection system 1. FIG. 7 is a sequence chart for mainly explaining the exchange of data between the host device 200A and the sensor device 100A performed by the data collection system 1A.

The main difference between the data collection system 1A and the data collection system 1 of the first embodiment is that, as shown in the block diagram of FIG. 6, the host device 200A does not have the encryption key generation unit 240, while the sensor device. The point is that 100A has an encryption key generation unit 170. In other respects, the data collection system 1A and the data collection system 1 are the same.

The processing of the data collection system 1 and the data collection system 1A is generally different in the following points.

In the data collection system 1, the host device 200 generates the encryption key K, and the generated encryption key K is transmitted to the sensor device 100 and stored in the sensor device 100.

On the other hand, in the data collection system 1A of the second embodiment, the encryption key generation unit 170 of the sensor device 100A generates the encryption key K, and the generated encryption key K is stored in the storage unit 150 (see FIG. 7). Further, in the data collection system 1A of the second embodiment, the transmission unit 140 of the sensor device 100A uses the public key cryptography infrastructure to send the encryption key K generated by the encryption key generation unit 170 to the host device via the network 20. It is transmitted to 200 (see FIG. 7). Then, in the host device 200, the receiving unit 210 receives the encryption key K and stores the received encryption key K in the storage unit 230 (see FIG. 7).

The other points are the same as those of the data collection system 1A and the data collection system 1 of the first embodiment. For example, the process of transmitting the measurement data D of the sensor device 100A to the host device 200A in the data collection system 1A is the same as the process in the data collection system 1. Therefore, further description will be omitted here.

(1) Features The data collection system 1A of the present embodiment has the following features. Further, the data collection system 1A has the same characteristics as (4-2)-(4-6) of the data collection system 1 of the first embodiment.

(1-1)
The data collection system 1A of the present embodiment includes a host device 200A and a sensor device 100A. The sensor device 100A is connected to the host device 200A via the network 20. The sensor device 100A transmits the measurement data D to the host device 200A. The sensor device 100A has a battery 120 and is driven by the electric power supplied by the battery 120. The sensor device 100A includes an encryption key generation unit 170, a storage unit 150 as an example of a sensor-side storage unit, a transmission unit 140 as an example of an encryption-side transmission unit and a packet transmission unit, and a packet generation unit 160. .. The encryption key generation unit 170 generates an encryption key K unique to the sensor device 100A. The storage unit 150 stores the encryption key K generated by the encryption key generation unit 170. The transmission unit 140 transmits the encryption key K to the host device 200A via the network 20 using the public key cryptography infrastructure. The packet generation unit 160 encrypts the measurement data D with the encryption key stored in the storage unit 150, and generates a packet including the encrypted measurement data D. The transmission unit 140 broadcasts the packet generated by the packet generation unit 160. The host device 200A includes a receiving unit 210 as an example of an encryption key receiving unit and a measurement data receiving unit, and a storage unit 230 as an example of a host-side storage unit. The receiving unit 210 receives the encryption key K transmitted by the sensor device 100A. The storage unit 230 stores the encryption key K received by the reception unit 210. The receiving unit 210 receives the measurement data D transmitted by the sensor device 100A.

In the data collection system 1A of the present embodiment, the sensor device 100A transmits an encryption key to the host device 200A in a secure environment using a public key cryptosystem, and the sensor device 100A encrypts using the encryption key K created by itself. The measured measurement data D is transmitted by a broadcast having a relatively low power consumption. Therefore, in this data collection system 1A, it is possible to achieve both a secure communication environment between the host device 200A and the sensor device 100A and power saving of the sensor device 100A.

Further, in the data collection system 1A of the present embodiment, since broadcasting is used, measurement data can be collected from a large number of sensor devices 100A with one host device 200A without theoretically limiting the number of devices.

However, when the sensor device 100A generates the encryption key K, there is a risk that a third party may pair it with his / her own PC and snoop on the encryption key K. Therefore, preferably, the encryption key K is generated on the host device 200 side as in the data collection system 1 of the first embodiment.

(1-2)
The data collection method of the present embodiment is a data collection method in which the measurement data D transmitted by the sensor device 100A is collected by the host device 200A connected to the sensor device 100A via the network 20. The sensor device 100A has a battery 120 and is driven by the electric power of the battery 120. The data collection method includes an encryption key generation step, a first storage step, an encryption key transmission step, an encryption key reception step, a second storage step, a packet generation step, and a packet transmission step. In the encryption key generation step, the sensor device 100A generates an encryption key K unique to the sensor device 100A. In the first storage step, the sensor device 100A stores the generated encryption key K unique to the sensor device 100A in the storage unit 150 of the sensor device 100A. In the encryption key transmission step, the sensor device 100A transmits the encryption key K to the host device 200A via the network 20 using the public key cryptography infrastructure. In the encryption key reception step, the host device 200A receives the encryption key K transmitted by the sensor device 100A. In the second storage step, the host device 200A stores the received encryption key K in the storage unit 230 of the host device 200A. In the packet generation step, the sensor device 100A encrypts the measurement data D with the encryption key K stored in the storage unit 150, and generates a packet including the encrypted measurement data D. In the packet transmission step, the sensor device 100A broadcasts the generated packet.

<Modification example>
A modified example of the above embodiment is shown below. The modified examples may be appropriately combined with each other within a consistent range.

(1) Modification A
As shown in FIG. 8, the sensor device 100 of the first embodiment has an energy harvesting element 122 instead of the battery 120 (or in addition to the battery 120), and is driven by the electric power generated by the energy harvesting element 122. May be good. The sensor device 100 is not connected to the power system.

Here, the energy harvesting element 122 is an element that generates electricity by utilizing energy such as sunlight, illumination light, vibration, electromagnetic waves, and waste heat. Since the electric power obtained by the energy harvesting element 122 is generally limited, it is preferable that the sensor device 100 is reduced in electric power.

Although illustration and description are omitted here, the sensor device 100A of the second embodiment may also have an energy harvesting element 122 instead of (or in addition to) the battery 120.

(2) Modification B
In the data collection system 1 of the first embodiment, the measurement data D of the sensor device 100 is stored in the storage unit 230 of the host device 200. However, the present invention is not limited to this, and the measurement data D of the sensor device 100 received by the host device 200 may be stored in the storage unit 310 of the server 300 connected via a network 30 such as the Internet. Good. Although illustration and description are omitted here, the data collection system 1A of the second embodiment may be configured in the same manner.

<Additional notes>
Although the embodiments of the present disclosure have been described above, it will be understood that various modifications of the forms and details are possible without departing from the purpose and scope of the present disclosure described in the claims. ..

The present disclosure is widely applicable and useful to a data collection system including a host device and a sensor device for transmitting measurement data to the host device via a network, and a data collection method.

1,1A data collection system 20 Network 100,100A Sensor device 120 Battery 122 Energy harvesting element 130 Receiver (encryption key receiver)
140 Transmitter (packet transmitter, encryption key transmitter)
150 Storage unit (Sensor side storage unit)
160 Packet generator 170 Encryption key generator 200, 200A Host device 210 Receiver (measurement data receiver, encryption key receiver)
220 Transmitter (encryption key transmitter)
230 Storage unit (host side storage unit)
240 Encryption key generation unit 250 Decryption unit 260 First judgment unit 270 Second judgment unit C Identification character string D Measurement data K Encryption key

Japanese Unexamined Patent Publication No. 2005-182441

Claims (9)

A data collection system including a host device (200) and a sensor device (100) connected to the host device via a network and transmitting measurement data (D) to the host device.
The sensor device has a battery (120) or an energy harvesting element (122), and is driven by the electric power supplied by the battery or the electric power generated by the energy harvesting element.
The host device is
An encryption key generator (240) that generates an encryption key (K) unique to the sensor device, and
A host-side storage unit (230) that stores the encryption key generated by the encryption key generation unit, and
An encryption key transmission unit (220) that transmits the encryption key to the sensor device via the network using a public key encryption infrastructure.
A measurement data receiving unit (210) that receives the measurement data from the sensor device, and
Have,
The sensor device is
An encryption key receiving unit (130) that receives the encryption key transmitted by the host device, and
A sensor-side storage unit (150) that stores the encryption key received by the encryption key receiving unit, and
A packet generation unit (160) that encrypts the measurement data with the encryption key stored in the sensor-side storage unit and generates a packet containing the encrypted measurement data.
A packet transmission unit (140) that broadcasts the packet generated by the packet generation unit, and a packet transmission unit (140).
Have,
Data collection system (1). The host device and the sensor device communicate with each other using the Bluetooth® standard.
The encryption key transmission unit transmits the encryption key to the sensor device at the time of pairing between the host device and the sensor device.
The packet generation unit generates an advertisement packet containing the encrypted measurement data as the packet.
The data collection system according to claim 1. The host-side storage unit and the sensor-side storage unit store a common identification character string (C), and store the common identification character string (C).
The packet generation unit generates the packet including the encrypted measurement data and the identification character string.
The data collection system according to claim 1 or 2. The host device is
A decryption unit (250) that decrypts the encrypted measurement data and the identification character string contained in the received packet by using the encryption key.
A first determination unit (260) for determining whether or not the identification character string decoded by the decoding unit and the identification character string stored in the host-side storage unit match.
Further prepare
The data collection system according to claim 3. When the first determination unit determines that the identification character string decoded by the decoding unit and the identification character string stored in the host-side storage unit do not match, the first determination unit receives the packet as data. Judge as a packet sent by a device that is not subject to collection,
The data collection system according to claim 4. The host device determines whether or not the received measurement data is measurement data transmitted by a device other than the target of data collection, based on the time change of the measurement data received by the measurement data receiving unit. Further equipped with a judgment unit (270),
The data collection system according to any one of claims 1 to 5. A data collection system including a host device (200A) and a sensor device (100A) connected to the host device via a network (20) and transmitting measurement data (D) to the host device.
The sensor device has a battery (120) or an energy harvesting element (122), and is driven by the electric power supplied by the battery or the electric power generated by the energy harvesting element.
The sensor device is
An encryption key generator (170) that generates an encryption key (K) unique to the sensor device, and
A sensor-side storage unit (150) that stores the encryption key generated by the encryption key generation unit, and
An encryption key transmission unit (140) that transmits the encryption key to the host device via the network using a public key encryption infrastructure.
A packet generation unit (160) that encrypts the measurement data with the encryption key stored in the sensor-side storage unit and generates a packet containing the encrypted measurement data.
A packet transmission unit (140) that broadcasts the packet generated by the packet generation unit, and a packet transmission unit (140).
Have,
The host device is
An encryption key receiving unit (210) that receives the encryption key transmitted by the sensor device, and
A host-side storage unit (230) that stores the encryption key received by the encryption key receiving unit,
A measurement data receiving unit (210) that receives the measurement data transmitted by the sensor device, and
Have,
Data collection system (1A). The sensor device transmits measurement data (D) transmitted by a sensor device (100) having a battery (120) or an energy harvesting element (122) and driven by the electric power of the battery or the electric power generated by the energy harvesting element. It is a data collection method that collects data from a host device (200) connected via a network (20).
A cryptographic key generation step in which the host device generates a cryptographic key (K) unique to the sensor device,
A first storage step in which the host device stores the generated encryption key unique to the sensor device in the host-side storage unit (230) of the host device.
A cryptographic key transmission step in which the host device transmits the cryptographic key to the sensor device via the network using a public key cryptosystem.
An encryption key receiving step in which the sensor device receives the encryption key transmitted by the host device, and
A second storage step in which the sensor device stores the received encryption key in the sensor-side storage unit (150) of the sensor device,
A packet generation step in which the sensor device encrypts the measurement data with the encryption key stored in the sensor-side storage unit and generates a packet containing the encrypted measurement data.
A packet transmission step in which the sensor device broadcasts the generated packet,
A data collection method that includes. The sensor device transmits measurement data (D) transmitted by a sensor device (100A) having a battery (120) or an energy harvesting element (122) and driven by the electric power of the battery or the electric power generated by the energy harvesting element. It is a data collection method that collects data from a host device (200A) connected via a network (20).
An encryption key generation step in which the sensor device generates an encryption key (K) unique to the sensor device, and
A first storage step in which the sensor device stores the generated encryption key unique to the sensor device in the sensor-side storage unit (150) of the sensor device.
A cryptographic key transmission step in which the sensor device transmits the cryptographic key to the host device via the network using a public key cryptosystem.
An encryption key receiving step in which the host device receives the encryption key transmitted by the sensor device, and
A second storage step in which the host device stores the received encryption key in the host-side storage unit (230) of the host device,
A packet generation step in which the sensor device encrypts the measurement data with the encryption key stored in the sensor-side storage unit and generates a packet containing the encrypted measurement data.
A packet transmission step in which the sensor device broadcasts the generated packet,
A data collection method that includes.

Images