JP4455076B2 - Wireless communication apparatus authentication method, wireless communication apparatus, computer program, and computer-readable recording medium - Google Patents

Wireless communication apparatus authentication method, wireless communication apparatus, computer program, and computer-readable recording medium Download PDF

Info

Publication number
JP4455076B2
JP4455076B2 JP2004020270A JP2004020270A JP4455076B2 JP 4455076 B2 JP4455076 B2 JP 4455076B2 JP 2004020270 A JP2004020270 A JP 2004020270A JP 2004020270 A JP2004020270 A JP 2004020270A JP 4455076 B2 JP4455076 B2 JP 4455076B2
Authority
JP
Japan
Prior art keywords
wireless communication
authentication code
communication device
access right
means
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2004020270A
Other languages
Japanese (ja)
Other versions
JP2005217646A (en
Inventor
修也 替地
Original Assignee
キヤノン株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by キヤノン株式会社 filed Critical キヤノン株式会社
Priority to JP2004020270A priority Critical patent/JP4455076B2/en
Publication of JP2005217646A publication Critical patent/JP2005217646A/en
Application granted granted Critical
Publication of JP4455076B2 publication Critical patent/JP4455076B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Description

The present invention is an authentication method for a wireless communication device, radio communications device, computer program, and a computer-readable recording medium, which are suitably used to enhance the security of the wireless communication system.

  In recent years, wireless communication connections have increased rapidly in data communication and control of various types of information devices such as mobile phones, information terminals such as PDAs (Personal Digital Assistants), personal computers, and peripherals of personal computers represented by printers. ing. In this wireless communication system of wireless communication connection, not only the public line network but also local lines such as Bluetooth (R) and wireless LAN (Wireless LAN) are used.

Furthermore, in addition to the information devices described above, wireless communication functions are being installed in various devices such as imaging devices such as digital cameras, home appliances, and accessories.
When performing wireless communication with an information device, an authentication procedure is often used to prevent connection with an unspecified device or an unintended device. In this authentication, a code such as a PIN (Personal Identification Number) code is exchanged between information devices (terminals) as an authentication code, and two specific information devices (terminals) that exchange this authentication code use this authentication code. Authentication security of wireless communication is ensured by performing one-to-one association (pairing).

  This authentication code must not be disclosed to a third party. If this authentication code is leaked to a third party, the leaked authentication code is used to store the authentication code in the information device. There is a risk of accessing documents, address books, e-mails, personal information, and image data. In addition, there is a possibility that a wireless communication system, a billing system, and a print system may be illegally used by a third party. Under such circumstances, security measures for these information devices are attracting attention.

  There are several methods for inputting an authentication code for mutually authenticating information devices. Specifically, a method in which a user manually inputs, a method in which a SIM (Subscriber Identify Module) card is inserted into a device, a method in which authentication is performed using infrared communication, and a method in which authentication is performed using a connection cable Etc. The authentication code is stored in the storage unit between the information devices after the mutual authentication between the information devices is completed, and authentication is performed using the stored authentication code at the next connection.

  As an information device authentication method and a security measure, for example, Japanese Patent Laid-Open No. 2003-179598 (Patent Document 1) describes an authentication system for a communication device. According to this, when performing wireless communication between two communication devices, the authentication key is created in the communication device, so that the user does not manually create the authentication key. And when performing the next radio | wireless communication, since another authentication key is used, it is effective in the improvement of security.

  Japanese Patent Laying-Open No. 2003-288328 (Patent Document 2) describes a security method for two portable wireless communication devices (portable information devices). According to this, two devices are paired by mutual authentication using short-range wireless communication, and a part of the portable wireless communication device (portable information device) provided when the pair condition is not satisfied Loss of a portable wireless communication device (portable information device) by temporarily revoking the function and then re-enabling some of the revoked functions when the pairing conditions are met It is possible to prevent unauthorized use and leakage of personal information at the time, and is effective as a security measure.

JP 2003-179598 A JP 2003-288328 A

However, the conventional example does not provide a connection control method for a wireless communication system and a sufficient solution for security of an information terminal device.
The authentication code for pairing two specific information devices (terminals) is more secure as the word length is random and longer. However, if the user manually enters the authentication code, the user is required to perform troublesome operations. It will be. For this reason, the authentication code manually input by the user is often a code that has a short word length and is easily guessed by a third party.

  The method of inserting the SIM card is troublesome to obtain the SIM card and insert it into the device. The method of performing authentication by infrared communication causes a troublesome operation to the user, and it is necessary to pay attention to directivity that is too narrow. The method of performing authentication using a connection cable also requires information devices to be wired to each other, which is also troublesome.

  In the prior art, once set, the authentication code is not updated unless manually changed by the user, and authentication is performed with the same authentication code for a long time. For this reason, there is a large risk of decryption by a third party, which is not preferable in terms of security. Further, as an authentication method and connection control method for a portable wireless communication device (portable information device (terminal)), an authentication code and an access right between the host device and the client device are simply set, which is convenient for the user. There was a problem that a system (communication system, print system) could not be provided.

  The present invention has been made in view of the above-described problems, and enables mutual authentication and pairing between wireless communication devices without requiring a difficult operation, and communication using the wireless communication device can be performed at a high level. The purpose is to enable security strength.

In order to solve the above-described problems, an authentication method for a wireless communication device according to the present invention includes: transmitting an authentication code from a first wireless communication device to a portable second wireless communication device; A wireless communication device authentication method for performing pairing of two wireless communication devices using short-range wireless communication, wherein the first wireless communication device generates an authentication code for the second wireless communication device to, and transmits the generated authentication code to said second wireless communication device, and set access rights for authentication code the generated, and authentication code the generated in association with the access rights to the set storage Then, the second wireless communication apparatus that has already been paired is the same until a new authentication code is transmitted and a new access right is set to perform pairing again, or until the set access right expires. Recognition Any of performing wireless communication with the code, and determines based on the transmitted selection result from said second radio communication device.

The wireless communication device of the present invention is generated by an authentication code generation unit that searches for a portable wireless communication device within a certain distance and generates an authentication code for the searched portable wireless communication device, and the authentication code generation unit. An access right setting means for setting an access right for the authentication code, a recording means for associating the authentication code generated by the authentication code generation means with the access right set by the access right setting means, and recording it on a recording medium An authentication code transmitting means for transmitting the authentication code generated by the authentication code generating means to the portable wireless communication device within the fixed distance, transmission of an authentication code by the authentication code generating means, and the access A new portable wireless communication device paired based on the access right setting by the right setting means Re-pairing by sending a new authentication code and setting a new access right, or performing wireless communication with the same authentication code until the access right set by the access right setting means expires It has a pairing determination means for determining either based on the selection result transmitted from the said portable radio | wireless communication apparatus, It is characterized by the above-mentioned.

The computer program according to the present invention performs a short-range wireless transmission of an authentication code from the first wireless communication device to the portable second wireless communication device and pairing of the first and second wireless communication devices. A computer program for causing a computer to execute using communication, wherein the first wireless communication device generates an authentication code for the second wireless communication device, and the generated authentication code is used as the first authentication code. transmitted to the second radio communication device, and set access rights for authentication code the generated, the generated and authentication code, wherein the storing in association with the access rights set, have already paired second For a wireless communication device, issue a new authentication code and set a new access right to perform pairing again or until the set access right expires. Either of or authentication code performs wireless communication with a, determining on the basis of the selection result transmitted from the second wireless communication apparatus, and characterized by causing a computer to execute.
Another feature of the present invention is that an authentication code generation unit that searches for a portable wireless communication device within a certain distance and generates an authentication code for the searched portable wireless communication device, and the authentication code generation unit An access right setting means for setting an access right for the authentication code generated by the step, an authentication code generated by the authentication code generation means, and an access right set by the access right setting means are associated and recorded on the recording medium. Recording means, authentication code transmitting means for transmitting the authentication code generated by the authentication code generating means to the portable wireless communication device within the predetermined distance, and issuing an authentication code by the authentication code generating means A portable wireless communication device paired based on the access right setting by the access right setting means. Re-pairing by issuing a new authentication code and setting a new access right, or wireless communication with the same authentication code until the access right set by the access right setting means expires. The point is to make the computer function as pairing determination means for determining whether to perform the determination based on the selection result transmitted from the portable wireless communication apparatus.
A computer-readable recording medium according to the present invention records any one of the computer programs described above.

According to the present invention, the setting of the issuance and access authentication code, go to active in a wireless communication device on the host side, it is possible to perform mutual authentication with the client side of the portable radio communication device It becomes like this. This allows the host side wireless communication device and the client side portable wireless communication device to be paired without requiring the user to manually set the authentication code or perform difficult operations. It is possible to provide a wireless communication system and a service with high security strength, which are constructed by a highly confidential authentication code and access right.

(First embodiment)
Hereinafter, a first embodiment of the present invention will be described with reference to FIGS.
FIG. 1 is a block diagram showing an example of a configuration of a wireless communication system according to an embodiment of the present invention. In FIG. 1, the wireless communication system of the present embodiment includes a host device 1 and a client device 2, and the host device 1 and the client device 2 include a short-range wireless communication path 3 and a wireless communication path 4. Are connected to communicate with each other.

  An operation in the case where the host device 1 and the client device 2 are mutually authenticated and paired will be briefly described following each functional block shown in FIG. Note that the pairing is a one-to-one association between the host device 1 and the client device 2.

  First, the host device 1 searches for the client device 2 using the short-range wireless communication unit 101. When the client device 2 is found, the host device 1 generates an authentication code used for pairing by the authentication code generation unit 108 based on the random number generated by the random number generation unit 109. As described above, since an artificial code is not involved in the generation of the authentication code in the present embodiment, an authentication code that is difficult to guess and highly confidential is generated. In addition, since the authentication code is generated only when the client device 2 is discovered using the short-range wireless communication unit 101, whether or not the authentication code is generated based on the physical distance between the host device 1 and the client device 2 It is possible to construct a mutual authentication means with high safety (security).

  The generated authentication code is stored in the authentication code management unit 102. At the same time, the system control unit 104 sets an access right for the authentication code, and the authentication code and the access right of the host device 1 and the client device 2 are associated with each other. Is done. The authentication code is sent from the short-range wireless communication unit 101 to the short-range wireless communication unit 201 of the client device 2 via the short-range wireless communication path 3. The authentication code received by the client device 2 is stored in the authentication code storage unit 202. Thus, the host device 1 and the client device 2 are mutually authenticated and paired.

  The access right can be managed by the display unit 106 and the operation unit 107 of the host device 1, and the administrator of the wireless communication system can manage the client device 2 under various access conditions. It can also be managed by a rewritable and impossible control program built in the host device 1. The host device 1 and the client device 2 are provided with reset units 103 and 203, and all or part of the pairing information stored in the host device 1 and the client device 2 is deleted. be able to.

  When performing data communication, the client device 2 searches for the host device 1 from the wireless communication unit 205. When the host device 1 is found, the client device 2 uses the authentication code stored in the authentication code storage unit 202 as an authentication code of an arbitrary wireless communication standard to establish a wireless communication path 4 with the host device 1. I do.

  Here, the host device 1 that has received the authentication code refers to the authentication code and the access right stored in the authentication code management unit 102. When the received authentication code exists in the authentication code management unit 102 and the access right is valid, the wireless communication path 4 is established. On the other hand, if the received authentication code does not exist in the authentication code management unit 102 or the access right is not valid, the wireless communication path 4 is not established. After the wireless communication path 4 is established, the host device 1 and the client device 2 perform data communication using the mutual wireless communication units 105 and 205 or the mutual short-range wireless communication units 101 and 201. However, it is assumed that the pairing between the host device 1 and the client device 2 can be performed only by the mutual short-range wireless communication units 101 and 201.

FIG. 2 is a block diagram showing an example of the configuration of the authentication code management unit 102 of the host device 1 and the authentication code storage unit 202 of the client device 2 of the wireless communication system shown in FIG.
The authentication code management unit 102 of the host device 1 includes an authentication code storage unit 110 and an access right management unit 111. For example, if the host device 1 (referred to as host device A) and a specific client device 2 (referred to as client device A1) are paired, the authentication code storage unit 110 of the host device A stores the specific client device. The name of A1 and the authentication code A1 are stored, and the access right management unit 111 stores the access condition A1 of the client device A1. Here, the access condition A1 can be arbitrarily set, for example, as shown in the following (1a) to (4a). Note that the setting of access conditions is not limited to this example, and various settings can be made.

(1a) The number of connections of the client device A1 is counted, and the access right is revoked after a certain number of connections.
(2a) The number of instructions from the client device A1 is counted, and the access right is revoked when a certain number of instructions are received.
(3a) The time since pairing with the client device A1 is counted, and the access right is revoked when a certain time has elapsed.
(4a) A combination of at least any two of condition (1a), condition (2a), and condition (3a).

  Further, when the host device 1 and a plurality of client devices A2, A3, A4 are paired, the access rights A2, A3, A4 are set in the respective client devices A2, A3, A4 as in the case of the client device A1. Will be.

  When the host device 1 (host device A) and the client device 2 (client device B) are paired, the paired host device 1 is stored in the authentication code storage unit 202 of the client device 2 (client device B). The name of (host device A) and the authentication code A1 are stored. Further, when the client device (client device B) 2 performs pairing with another host device 1 (referred to as host device B), the authentication code storage unit 202 of the client device 2 (client device B) stores The name of the paired host device 1 (host device B) and the authentication code B1 are stored. The client device 2 (client device B) performs data communication with a specific host device based on the authentication code.

  3 and 4 respectively show an example of a state before and during pairing of the printer device 121 as a host device and the mobile phone 221, the PDA 222, and the digital camera 223 as client devices. It is a figure.

  Each of the host device 121 and the client devices 221, 222, and 223 is equipped with a short-range wireless communication unit 101, 224, 225, and 226, and the host device and the client device are used by using the short-range wireless communication unit. Performs mutual authentication and pairing. Note that the short-range wireless communication units 224, 225, and 226 disposed in the client devices 221, 222, and 223 correspond to the short-range wireless communication unit 201 illustrated in FIG.

  Here, the operation in the case of pairing the printer device 121 as the host device and the mobile phone 221 as the client device will be briefly described. First, as illustrated in FIG. 3, the printer device 121, the mobile phone 221, the PDA 222, and the digital camera 223 do not recognize each other, that is, the maximum reachable distance of short-range wireless communication carrier waves (for example, several cm to several 10 cm). In this state, even if the printer device 121 searches for a client device that can be paired, since the client device cannot be found, pairing is not performed.

  Next, as shown in FIG. 4, when the printer device 121 and the mobile phone 221 are brought close to the maximum reachable distance of the short-range wireless communication carrier wave, the short-range wireless communication units 101 and 224 are used for mutual communication. Perform authentication and pairing. Since the PDA 222 and the digital camera 223 are outside the maximum reachable range of the short-range wireless communication carrier wave of the printer device 121, mutual authentication and pairing are not performed.

  After pairing is established, the printer device 121 and the mobile phone 221 use the short-range wireless communication units 101 and 224 or arbitrary wireless communication means (for example, the wireless communication units 105 and 205 shown in FIG. 1) to perform data transmission. Communication can be performed. In this state, even if the printer device 121 and the cellular phone 221 are separated from the maximum reachable range of the short-range wireless communication carrier wave, data communication is continued by the arbitrary wireless communication means. Note that switching of communication means can be performed seamlessly (so that there is no seam) depending on the distance between the host device and the client device.

  As shown in FIGS. 3 and 4, when the printer device 121 is a host device, the access conditions described above may be set as follows, for example. First, the printer device 121 counts the number of prints instructed from a client device (for example, a mobile phone 221). When the number of prints reaches a certain number, the access right of the mobile phone 221 may be revoked.

  3 and 4 show the state when the printer device 121 and the mobile phone 221 are paired. For example, when the printer device 121 and the digital camera 223 are paired, the digital camera 223 is connected to the digital camera 223. If the trigger for printing the stored image data is assigned to the short-distance wireless communication between the printer apparatus 121 and the digital camera 223, the image data can be printed simply by bringing the printer apparatus 121 and the digital camera 223 close to each other. The assignment of the trigger for the printing operation to the short-range wireless communication can be performed in the same manner by the cellular phone 221 or the PDA 222.

  1 to 4 show the case where the client device 2 (the mobile phone 221, the PDA 222, and the digital camera 223) includes the display unit 206, the client device 2 does not necessarily include the display unit 206. You don't have to. 1 to 4 show the case where the client device 2 (the mobile phone 221, the PDA 222, the digital camera 223) is equipped with a wireless communication function as a standard, the client device 2 does not necessarily have the wireless communication function as a standard. It is not necessary to equip the apparatus, and a device having a configuration that can optionally (extended) the configuration corresponding to the short-range wireless communication unit 201 and the wireless communication unit 205 shown in FIG. As described above, when configured as in the present embodiment, a small and simple device can be used as a client device.

  Mutual authentication and pairing between the host device 1 and the client device 2 are performed according to the flowchart shown in FIG. 5 for the host device 1 and FIG. 6 for the client device 2. In FIGS. 5 and 6, description will be made assuming that there is no external interference or communication interruption with respect to the wireless communication means between the host device 1 and the client device 2.

First, the flowchart of FIG. 5 showing the operation in the host device 1 will be described.
When the mutual authentication operation and the pairing operation are started, the host device 1 transmits an inquiry signal and searches for the client device 2 (step S100).

  The host device 1 determines whether there is an inquiry response from the client device 2 (step S101), and if there is an inquiry response from the client device 2, determines whether it is possible to generate an authentication code. (Step S102). Here, when there is no inquiry response from the client device 2, the pairing operation is terminated.

  If the authentication code can be generated, the host device 1 generates an authentication code (step S103). Here, when it is not possible to generate the authentication code, the pairing operation is terminated.

  When the host device 1 generates an authentication code (step S103), the host device 1 stores the authentication code (step S104) and sets an access right corresponding to the authentication code (step S105). The host device 1 transmits the generated authentication code to the client device 2 (step S106), and ends the pairing operation.

Next, the flowchart of FIG. 6 showing the operation in the client device 2 will be described.
When the mutual authentication operation and the pairing operation are started, the client device 2 determines whether or not there is an inquiry signal from the host device 1 (step S200), and upon receiving the inquiry signal from the host device 1, the client device 2 The device 2 transmits an inquiry response (step S201). Here, when there is no inquiry signal from the host device 1, the pairing operation is terminated.

  When the client device 2 transmits an inquiry response (step S201), an authentication code is issued from the host device 1 (step S106 in FIG. 5), and the client device 2 receives the authentication code (step S202). Upon receiving the authentication code, the client device 2 stores the authentication code (step S203) and ends the pairing operation.

  Data communication after pairing between the host device 1 and the client device 2 is performed according to the flowchart shown in FIG. 7 for the host device 1 and FIG. 8 for the client device 2. 7 and 8, the data communication means between the host device 1 and the client device 2 is either the short-range wireless communication units 101 and 201 or any wireless communication unit (for example, the wireless communication units 105 and 205). But it holds. 7 and 8, the description will be made assuming that the wireless communication means between the host device and the client device is free from external interference and communication interruption.

First, the flowchart of FIG. 7 showing the operation in the host device 1 will be described.
When the data communication operation is started, the host device 1 determines whether or not there is an inquiry signal from the client device 2 (step S110). When receiving the inquiry signal from the client device 2, the host device 1 returns an inquiry response. Is transmitted (step S111). Here, when there is no inquiry signal from the client device 2, the pairing operation is terminated.

When the host device 1 transmits an inquiry response (step S111), the client device 2 transmits the authentication code issued when pairing before (step S212 in FIG. 8), and the host device 1 receives the authentication code. Is received (step S112).
When the host device 1 receives the authentication code, the host device 1 determines whether the authentication code is valid (step S113). If the authentication code is valid, the host device 1 determines whether the access right is valid. (Step S114). If the access right is valid as a result of this determination, the host device 1 transmits a connection permission signal to the client device 2 (step S115), and establishes a data communication path. Here, if it is determined in step S113 that the authentication code is not valid, or if it is determined in step S114 that the access right is not valid, the host device 1 transmits a connection non-permission signal to the client device 2. (Step S118), the data communication operation is terminated without establishing the data communication path.

  After transmitting a connection permission signal to the client device 2 (step S115) and establishing a data communication path, the host device 1 performs data communication with the client device 2 (step S116), and performs communication with the client device 2. When the data transmission / reception ends, the host device 1 resets the access right of the client device 2 that has performed data communication (step S117), and ends the data communication operation.

Next, the flowchart of FIG. 8 which shows the operation | movement in the client apparatus 2 is demonstrated.
When the data communication operation is started, the client device 2 transmits an inquiry signal to the host device 1 and searches for the host device 1 (step S210). Then, the client device 2 determines whether there is an inquiry response from the host device 1 (step S211). If there is a response from the host device 1, the client device 2 sends an authentication code to the host device 1. (Step S212). If there is no inquiry response from the host device 1, the client device 2 ends the data communication operation without establishing a data communication path.

  After transmitting the authentication code, the client device 2 determines whether or not there is a connection permission signal from the host device 1 (step S213). If there is a connection permission signal from the host device 1, the data communication path is determined. Since it is established, the client device 2 performs data communication with the host device 1 (step S214). If there is no connection permission signal from the host device 1, the client device 2 ends the data communication operation. When data transmission / reception with the host device 1 is completed, the client device 2 ends the data communication operation.

  As described above, in the present embodiment, when a client device 2 within a certain distance from the host device 1 is found by performing short-range wireless communication, the host device 1 generates an authentication code and performs authentication. Since the access right to the code is set and the access right and the authentication code are stored in association with each other, the generated authentication code is transmitted to the client device 2 and stored in the client device 2, so that the authentication code and the access right are stored. Based on the above, it is possible to determine whether or not to establish the wireless communication path 4. As a result, the user can perform pairing between the host device 1 and the client device 2 without manually setting the authentication code or performing difficult operations. It is possible to provide a user with a wireless communication system and a service with high security strength constructed by setting the right. Therefore, it is possible to prevent unauthorized use of the wireless communication system and leakage of information stored in the host device 1 and the client device 2.

  If the authentication code is not displayed as in the present embodiment, the confidentiality of the authentication code can be improved, but the display unit 106 of the host device 1 and the display unit 206 of the client device 2 An authentication code may be displayed on at least one of them. This display may be performed based on the operation of the operation units 107 and 207 by the user, or at a predetermined timing (for example, when an authentication code is recorded) by the control program of the host device 1 and the client device 2. B) may be performed automatically. This is because depending on the operation method of the wireless communication system, it may be easier to display the authentication code. In other words, the authentication code can be configured to be displayed or can be configured not to be displayed in accordance with the configuration and operation method of the wireless communication system.

Further, the authentication code may be updated.
For example, every time a pairing between the host device 1 and the client device 2 is established, the authentication code already stored in the authentication code management unit 102 of the host device 1 is rewritten and the authentication code storage unit 202 of the client device 2 is rewritten. An already stored authentication code may be rewritten.
When the access right of a certain client device 2 has expired, the authentication code may be rewritten when pairing for the first time after the access right has expired. That is, in this case, an authentication code for the client device 2 whose access right has expired is newly generated, and the authentication code already stored in the authentication code management unit 102 of the host device 1 is rewritten with the generated authentication code. The authentication code already stored in the authentication code storage unit 202 of the client device 2 is rewritten with the new authentication code.

In addition, the user may select whether or not to update the authentication code.
For example, when the host device 1 and the client device 2 for which pairing has already been established and the access right is valid try to perform mutual authentication and pairing again, the host device 1 Inquires whether or not to change the authentication code. For example, an inquiry is made to cause the user of the client device 2 to select whether to generate a new authentication code or to use the same authentication code until the access right expires. Based on this inquiry, the user of the client device 2 operates the operation unit 207 of the client device 2 to select whether or not to update the authentication code. The client device 2 returns the selection result to the host device 1. Based on the response result, the host device 1 determines whether or not to update the authentication code, and when updating, generates the authentication code and the access right again.
As described above, the confidentiality of the authentication code can be further improved by updating the authentication code once set.

(Second Embodiment)
Hereinafter, a second embodiment of the present invention will be described with reference to FIGS. The basic configuration of the wireless communication system, the flowchart of the mutual authentication operation and the pairing operation, and the flowchart of the data communication operation are the same as those in the first embodiment. About the same part, the detailed description is abbreviate | omitted by attaching | subjecting the code | symbol same as the code | symbol attached | subjected to FIGS. 1-8, etc., and the authentication method in case a several host apparatus and a several client apparatus exist below The connection control method will be mainly described.

  9 and 10 respectively show a host device 151 (referred to as host device A), client devices 251, 252, 253, and 254 (referred to as client devices A1, A2, A3, and A4), and a host device 161 (referred to as host). FIG. 4 is a diagram illustrating an example of a state during pairing between a client device 261, 262, 263, and 264 (referred to as client devices B1, B2, B3, and B4) and a state after pairing. is there.

  FIG. 11 shows authentication code management units 152 and 162 of the host devices 151 and 161 (host device A and host device B), and an authentication code storage unit 255 of the client devices 251 and 261 (client device A1 and client device B1). 2 is a block diagram illustrating an example of a configuration with H.265. In FIG. 11, only the authentication code storage units 255 and 265 of the client devices 251 and 261 are shown, but the authentication code storage units of the other client devices 252 to 254 and 262 to 264 are also client devices 251 and 261, respectively. The authentication code storage units 255 and 265 have the same configuration.

  The authentication code management unit 152 of the host device 151 (host device A) includes an authentication code storage unit 153 and an access right management unit 154. Further, the authentication code management unit 162 of the host device 161 (host device B) includes an authentication code storage unit 163 and an access right management unit 164.

  Each of the host devices 151 and 161 and the client devices 251 to 254 and 261 to 264 is equipped with a short-range wireless communication unit (the short-range communication units 101 and 201 shown in FIG. 1). Using the wireless communication unit, the host devices 151 and 161 and the client devices 251 to 254 and 261 to 264 perform mutual authentication and pairing.

An operation when pairing the host devices 151 and 161 with the client devices 251 to 254 and 261 to 264 will be briefly described.
As shown in FIG. 9, client devices 251 to 254 (client devices A1, A2, A3, and A4) are included in the host device 151 (host device A), and client devices 261 are included in the host device 161 (host device B). ˜264 (client devices B1, B2, B3, B4) are brought close to the maximum reachable range of short-range wireless communication carrier waves (for example, several centimeters to several tens of centimeters), the respective host devices and client devices are mutually connected. An authentication operation and a pairing operation are performed.

  Here, for example, as shown in FIG. 11, the maximum number of client devices that can be paired with the host device 151 (host device A) is 7, and the maximum number of client devices that can be paired with the host device 161 (host device B). By setting the number to three, the number of client devices that can be paired with one host device can be limited.

  The state shown in FIG. 9 will be described as an example. On the host device 151 (host device A) side, the host device 151 (host device A) and client devices 251 to 254 (client devices A1, A2, A3, A4). And are paired. Then, the authentication code storage unit 153 of the host device 151 (host device A) stores the name of each client device and each authentication code, and the access right management unit 154 stores the access condition of each client device. The

  On the host device 161 (host device B) side, the host device 161 (host device B) and the client devices 261 to 263 (client devices B1, B2, B3) are paired. The authentication code storage unit 163 of the host device 161 (host device B) stores the name of each client device and each authentication code, and the access right management unit 164 stores the access condition of each client device. The Since the client device 264 (client device B4) exceeds the maximum number of client devices that can be paired with the host device 161 (host device B), pairing with the host device 161 (host device B) is not performed. That is, the client device 264 (client device B4) is a client device that does not belong to any host device. This client device 264 (client device B4) uses the wireless communication system and service provided by the host device even within the maximum reachable range of carrier waves emitted from any wireless communication means possessed by the host device. I can't.

  In this embodiment, the host devices 151 and 161 can limit the maximum number of client devices that can be paired. For example, as shown in FIG. 11, a host that can be paired with the client device 251 (client device A1). Limiting the number of host devices that can be paired with one client device by setting the maximum number of devices to one and setting the maximum number of host devices that can be paired with the client device 261 (client device B1) to three. Can do.

  The limitation on the number of pairings between the host device and the client device may be set using the operation units 107 and 207 included in the respective devices. Instead, the reset units 103 and 203 may be provided so that all the pairing information can be deleted or deleted one by one. As described above, providing a pairing information reset mechanism in the host device and the client device is a simple and useful means for managing the pairing information of a small printer or accessory.

FIG. 10 shows an example of a state during data communication of the host devices 151 and 161 and the client devices 251 to 254 and 261 to 264 after the pairing is established.
The host device and the client device for which pairing has been established include the authentication code and access conditions stored in the authentication code management units 152 and 162 of the host device, and the authentication code stored in the authentication code storage units 255 and 265 of the client device. And data communication based on the pairing information defined by the above.

  As described above, according to the present embodiment, even in a wireless communication system in which a plurality of information devices are mixed, the user does not have to manually set an authentication code or perform difficult operations. A wireless communication system with high security strength that can be paired with multiple client devices, which are type information devices, and multiple host devices, and is constructed by setting a highly confidential authentication code and access right Services can be provided to users.

  The present invention is not limited to the above-described embodiment, but an authentication method in which a user manually inputs an authentication code, an authentication method in which a SIM (Subscriber Identify Module) card is inserted into a device for authentication, and authentication by infrared communication This method can be used in combination with authentication methods that have been used in the past, such as authentication methods using connection methods and connection cables, and how to use all or part of this embodiment and authentication methods that have been used in the past. Whether to combine the authentication method of the wireless communication system can be variously selected according to the security strength.

  It should be noted that the configuration, shape, and structure of each part shown in the above-described embodiments are merely examples of implementation in carrying out the present invention, and the technical scope of the present invention is limited by these. It should not be interpreted as a matter of course. In other words, the present invention can be implemented in various forms without departing from the spirit or main features thereof.

(Other embodiments of the present invention)
In order to operate various devices to realize the functions of the above-described embodiments, program codes of software for realizing the functions of the above-described embodiments are provided to an apparatus or a computer in the system connected to the various devices. What is implemented by operating the various devices according to a program supplied and stored in a computer (CPU or MPU) of the system or apparatus is also included in the scope of the present invention.

  In this case, the program code of the software itself realizes the functions of the above-described embodiments, and the program code itself and means for supplying the program code to the computer, for example, the program code are stored. The recorded medium constitutes the present invention. As a recording medium for storing the program code, for example, a flexible disk, a hard disk, an optical disk, a magneto-optical disk, a CD-ROM, a magnetic tape, a nonvolatile memory card, a ROM, or the like can be used.

  Further, by executing the program code supplied by the computer, not only the functions of the above-described embodiments are realized, but also the OS (operating system) or other application software in which the program code is running on the computer, etc. It goes without saying that the program code is also included in the embodiment of the present invention even when the functions of the above-described embodiment are realized in cooperation with the embodiment.

  Further, after the supplied program code is stored in the memory provided in the function expansion board of the computer or the function expansion unit connected to the computer, the CPU provided in the function expansion board or function expansion unit based on the instruction of the program code Needless to say, the present invention includes a case where the functions of the above-described embodiment are realized by performing part or all of the actual processing.

1 is a block diagram illustrating an example of a configuration of a wireless communication system according to a first embodiment of this invention. 1 is a block diagram illustrating an example of configurations of an authentication code management unit of a host device and an authentication code storage unit of a client device in the wireless communication system according to the first embodiment of this invention. 1 is a diagram illustrating an example of a state before pairing of a printer device that is a host device and a mobile phone, a PDA, and a digital camera that are client devices according to the first embodiment of this invention. FIG. FIG. 2 is a diagram illustrating an example of a state during pairing of a printer device that is a host device and a mobile phone, a PDA, and a digital camera that are client devices according to the first embodiment of this invention. 6 is a flowchart illustrating an example of an operation of the host device when performing mutual authentication and pairing between the host device and the client device according to the first embodiment of this invention. 5 is a flowchart illustrating an example of an operation of a client device when performing mutual authentication and pairing between a host device and a client device according to the first embodiment of this invention. 6 is a flowchart illustrating an example of an operation of the host device when performing data communication after the pairing between the host device and the client device is completed according to the first embodiment of this invention. 6 is a flowchart illustrating an example of an operation of a client device when performing data communication after the pairing between the host device and the client device is completed according to the first embodiment of this invention. FIG. 9 is a diagram illustrating an example of a state during pairing between a plurality of host devices and a plurality of client devices in the wireless communication system according to the second embodiment of this invention. It is the figure which shows the 2nd Embodiment of this invention and showed an example of the state after pairing with the some host apparatus and several client apparatus in a radio | wireless communications system. It is the block diagram which showed the 2nd Embodiment of this invention and showed an example of the structure of the authentication code management part of a some host apparatus, and the authentication code memory | storage part of a some client apparatus.

Explanation of symbols

1, 151, 161 Host device 2, 251 to 254, 261 to 264 Client device 3 Short-range wireless communication path 4 Wireless communication path 101 Short-range wireless communication unit 102 of host device Authentication code management unit 103 of host device Reset host device Unit 104 Host device system control unit 105 Host device wireless communication unit 106 Host device display unit 107 Host device operation unit 108 Host device authentication code generation unit 109 Host device random number generation unit 110 Host device authentication code management unit Authentication code storage unit 111 Access right management unit 121 of host device authentication code management unit Printer 151 Host device A
152 Authentication Code Management Unit 153 of Host Device A Authentication Code Storage Unit 154 of Authentication Code Management Unit of Host Device A Access Right Management Unit 161 of Authentication Code Management Unit of Host Device A Host Device B
162 Authentication code management unit 163 of host device B Authentication code storage unit 164 of authentication code management unit of host device B Access right management unit 201 of authentication code management unit of host device B Short-range wireless communication unit 202 of client device Authentication code storage unit 203 Client device reset unit 204 Client device system control unit 205 Client device wireless communication unit 206 Client device display unit 207 Client device operation unit 221 Mobile phone 222 PDA (Personal Digital Assistants)
223 Digital camera 224 Short-range wireless communication unit 225 of cellular phone Short-range wireless communication unit 226 of PDA Short-range wireless communication unit 251 of digital camera Client device A1
252 Client device A2
253 Client device A3
254 Client device A4
255 Authentication Code Storage Unit 261 of Client Device A1 Client Device B1
262 Client device B2
263 Client device B3
H.264 client device B4
265 Authentication code storage unit of client device B1

Claims (17)

  1. Wireless communication in which authentication code transmission from the first wireless communication device to the portable second wireless communication device and pairing of the first and second wireless communication devices are performed using short-range wireless communication An apparatus authentication method comprising:
    The first wireless communication device is
    Generating an authentication code for the second wireless communication device, and transmitting the generated authentication code to the second wireless communication device ;
    Set access rights for the generated authentication code,
    And authentication code the generated and stored in association with the access rights to the set,
    For a second wireless communication device that has already been paired, either send a new authentication code and set a new access right to perform pairing again, or the same authentication until the set access right expires A method for authenticating a wireless communication device, comprising: determining whether to perform wireless communication using a code based on a selection result transmitted from the second wireless communication device .
  2. The second wireless communication device receives the authentication code transmitted from the first wireless device and stores the authentication code;
    The wireless communication device authentication according to claim 1, wherein the first and second wireless communication devices perform wireless data communication based on pairing information including the authentication code and the access right. Method.
  3. The first wireless communication device generates an authentication code for a second wireless communication device physically within a certain distance, and transmits the authentication code to the second wireless communication device. An authentication method for a wireless communication apparatus according to claim 1 or 2.
  4. The wireless communication apparatus according to claim 1, wherein the first wireless communication apparatus generates an authentication code to be transmitted to the second wireless communication apparatus based on a random number. Authentication method.
  5. Wherein at least one of the first and second wireless communication apparatus, the authentication method for a wireless communication apparatus according to any one of claim 1 to 4, characterized in that displaying the transmitted authentication code .
  6. The first wireless communication device has a wireless communication function, the authentication method of the wireless communication apparatus according to any one of claim 1 to 5, that the device having no display unit.
  7. The second wireless communication device has a wireless communication function, an authentication method of wireless communication device according to any one of claim 1 to 6, that the device having no display unit.
  8. Searching for a portable wireless communication device within a certain distance, and generating an authentication code for the searched portable wireless communication device;
    Access right setting means for setting an access right for the authentication code generated by the authentication code generating means;
    Recording means for associating the authentication code generated by the authentication code generating means with the access right set by the access right setting means and recording it on a recording medium;
    An authentication code transmitting means for transmitting the authentication code generated by the authentication code generating means to the portable wireless communication device within the predetermined distance ;
    Transmission of a new authentication code and setting of a new access right for the portable wireless communication device paired based on the transmission of the authentication code by the authentication code generating means and the setting of the access right by the access right setting means To perform pairing again, or transmit from the portable wireless communication device using the same authentication code until the access right set by the access right setting means expires. And a pairing determining means for determining based on the selected result .
  9. Authentication code receiving means for receiving an authentication code from the portable wireless communication device;
    Only when the authentication code received by the receiving means matches the authentication code recorded in the recording means, the portable wireless communication device that is the transmission source of the authentication code received by the authentication code receiving means and the wireless The wireless communication apparatus according to claim 8 , further comprising a communication unit that performs data communication.
  10. The wireless communication apparatus according to claim 8 or 9 , wherein the authentication code generation unit generates an authentication code based on a random number.
  11. The wireless communication apparatus according to any one of claims 8 to 10, characterized in that an authentication code changing means for changing the authentication code generated by the authentication code generating means.
  12. The wireless communication apparatus according to any one of claims 8-11, characterized in that an authentication code display means for displaying on the display unit an authentication code generated by the authentication code generating means.
  13. Count that counts at least one of the number of commands from the portable wireless communication device, the number of connections from the portable wireless communication device, and the time since the pairing with the portable wireless communication device was established Means,
    Based on the counted value by the counting means, claim 8, wherein the set by the access right setting means to have the access rights revocation means to revoke the access rights of the portable radio communication device The wireless communication device according to any one of to 12 .
  14. Printing means for performing printing based on a print instruction from the portable wireless communication device;
    Counting means for counting the number of printed sheets instructed from the portable wireless communication device;
    Based on the number of printed sheets counted by the counting means, claim 8, characterized in that said set by the access right setting means, and an access right revocation means to revoke the access rights of the portable radio communication device The wireless communication device according to any one of to 13 .
  15. The transmission of the authentication code from the first wireless communication device to the portable second wireless communication device and the pairing of the first and second wireless communication devices are performed using short-range wireless communication. A computer program for causing a computer to execute,
    The first wireless communication device generates an authentication code for the second wireless communication device, and transmits the generated authentication code to the second wireless communication device ;
    Set access rights for the generated authentication code,
    And authentication code the generated and stored in association with the access rights to the set,
    For the second wireless communication device that has already been paired, issue a new authentication code and set a new access right to perform pairing again, or until the set access right expires, the same authentication A computer program that causes a computer to execute determination based on a selection result transmitted from the second wireless communication device as to whether to perform wireless communication using a code .
  16. Searching for a portable wireless communication device within a certain distance, and generating an authentication code for the searched portable wireless communication device;
    Access right setting means for setting an access right for the authentication code generated by the authentication code generating means;
    Recording means for associating the authentication code generated by the authentication code generating means with the access right set by the access right setting means and recording it on a recording medium;
    An authentication code transmitting means for transmitting the authentication code generated by the authentication code generating means to the portable wireless communication device within the predetermined distance;
    Issuing a new authentication code and setting a new access right for the portable wireless communication device paired based on the issuance of the authentication code by the authentication code generation means and the access right setting by the access right setting means To perform pairing again, or transmit from the portable wireless communication device using the same authentication code until the access right set by the access right setting means expires. A computer program for causing a computer to function as pairing determination means for determining based on the selected result.
  17. A computer-readable recording medium characterized by recording a computer program according to Motomeko 15 or 16.
JP2004020270A 2004-01-28 2004-01-28 Wireless communication apparatus authentication method, wireless communication apparatus, computer program, and computer-readable recording medium Active JP4455076B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2004020270A JP4455076B2 (en) 2004-01-28 2004-01-28 Wireless communication apparatus authentication method, wireless communication apparatus, computer program, and computer-readable recording medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2004020270A JP4455076B2 (en) 2004-01-28 2004-01-28 Wireless communication apparatus authentication method, wireless communication apparatus, computer program, and computer-readable recording medium

Publications (2)

Publication Number Publication Date
JP2005217646A JP2005217646A (en) 2005-08-11
JP4455076B2 true JP4455076B2 (en) 2010-04-21

Family

ID=34904231

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2004020270A Active JP4455076B2 (en) 2004-01-28 2004-01-28 Wireless communication apparatus authentication method, wireless communication apparatus, computer program, and computer-readable recording medium

Country Status (1)

Country Link
JP (1) JP4455076B2 (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9289678B2 (en) 2005-01-12 2016-03-22 Microsoft Technology Licensing, Llc System for associating a wireless device to a console device
US8369795B2 (en) 2005-01-12 2013-02-05 Microsoft Corporation Game console notification system
JP4732107B2 (en) * 2005-10-05 2011-07-27 富士フイルム株式会社 Imaging apparatus and imaging system
JP4789569B2 (en) * 2005-10-05 2011-10-12 キヤノン株式会社 Wireless communication device
JP4812089B2 (en) * 2006-02-24 2011-11-09 キヤノン株式会社 Printing apparatus and connection method thereof
JP2009530880A (en) * 2006-03-13 2009-08-27 ノボ・ノルデイスク・エー/エス Secure pairing of electronic devices using complex communication means
US8059573B2 (en) * 2007-07-30 2011-11-15 Qualcomm Incorporated Method of pairing devices
JP4715901B2 (en) 2008-10-15 2011-07-06 コニカミノルタビジネステクノロジーズ株式会社 Management system
WO2010131771A1 (en) 2009-05-14 2010-11-18 日本電気株式会社 Information processor, external device extension system, external device extension method, external device extension program, and program recording medium
CN110708466A (en) 2010-02-19 2020-01-17 株式会社尼康 Electronic device and imaging method for electronic device
US20130297507A1 (en) * 2012-05-04 2013-11-07 Mobilesphere Holdings LLC System and method for wireless transaction authentication
RU2639299C2 (en) * 2012-10-11 2017-12-21 Конинклейке Филипс Н.В. Host-device, customer-device and wireless docking method in dynamic environment for multiple clients
JP6230800B2 (en) * 2013-03-28 2017-11-15 アルパイン株式会社 In-vehicle device
US9258710B2 (en) 2013-05-29 2016-02-09 Panasonic Intellectual Property Corporation Of America Wireless communication device, wireless communication method, remote operation device and remote operation method
JP6320153B2 (en) * 2014-04-24 2018-05-09 キヤノン株式会社 Information processing apparatus, image processing apparatus, control method, and computer program
JP6488865B2 (en) 2014-12-04 2019-03-27 セイコーエプソン株式会社 Printing apparatus, printing apparatus control method, and storage medium
EP3240352A4 (en) * 2014-12-26 2018-01-10 Nationz Technologies Inc. Wireless communication method and apparatus and application system and device thereof
JP2017022562A (en) * 2015-07-10 2017-01-26 船井電機株式会社 Content distribution device and content reproduction device

Also Published As

Publication number Publication date
JP2005217646A (en) 2005-08-11

Similar Documents

Publication Publication Date Title
US9009485B2 (en) Electronic apparatus and communication control method
US10645581B2 (en) Method and apparatus for remote portable wireless device authentication
KR102039522B1 (en) Method and Apparatus for recording a tag using near field communication
EP2811720B1 (en) Method and image forming apparatus using near field communication
JP6264815B2 (en) Communication device
US9268932B2 (en) Authentication of devices in a wireless network
KR102041452B1 (en) Image forming apparatus supporting function of near field communication (NFC) and method for performing setting of image job using NFC device thereof
CN102595643B (en) Connect for wireless device and the system and method for pairing
EP3576442A1 (en) Method and device for downloading profile of operator
US9164712B2 (en) Function executing device
US8947712B2 (en) Image data processing device, program, and management device that are able to manage various types of information in a centralized manner
KR20150114765A (en) Image forming apparatus supporting function of NFC(near field communication) and method for setting NFC operation mode thereof
RU2395839C2 (en) Method of distributing information content for mobile device with digital privileges and mobile device to this end
JP4702944B2 (en) Communication device, its control method, and communication system
CN101682879B (en) Communication apparatus and method for wi-fi protected setup in adhoc network
US8132236B2 (en) System and method for providing secured access to mobile devices
EP2197167B1 (en) Device and method for short range communication
US8898474B2 (en) Support of multiple pre-shared keys in access point
JP4290529B2 (en) Access point, terminal, encryption key setting system, encryption key setting method, and program
US7317712B2 (en) Wireless communication system, communication device, communication controlling method, and communication control program
KR100689504B1 (en) Device for protecting transmission of contents
DE60218124T2 (en) Apparatus and method for restricting access to and storage of content
CN100470567C (en) Authentication system, method of controlling the authentication system, and portable authentication apparatus
US7545941B2 (en) Method of initializing and using a security association for middleware based on physical proximity
KR100778186B1 (en) Wireless communication system allowing group identification information to be publicly available and to be hidden, wireless access point device, and communication method and program for wireless access point device

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20070129

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20090714

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20090908

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20100126

A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

R150 Certificate of patent or registration of utility model

Free format text: JAPANESE INTERMEDIATE CODE: R150

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20100203

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20130212

Year of fee payment: 3

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20140212

Year of fee payment: 4