JP4705411B2 - Communication terminal - Google Patents

Description

  The present invention relates to a communication technology, and more particularly, to an ad hoc network technology for constructing a wireless communication network.

  2. Description of the Related Art Conventionally, a technique for exchanging data via an ad hoc network configured by communication terminals connected to each other wirelessly without depending on an infrastructure such as a base station is widely known.

  Each communication terminal connected to the wireless ad hoc network has a function of relaying data addressed to other communication terminals. Therefore, even if the distance to the communication terminal that is the destination of the data is a distance that radio waves do not reach and it is impossible to send the data directly to that communication terminal, the Is relayed, data can be sent to the destination communication terminal.

  In this technique, when a communication terminal sends data, it is necessary to secure a communication route to the destination communication terminal in advance. Therefore, a communication terminal that transmits data transmits control information to another unspecified communication terminal. And after the communication terminal which received the control information registers the information on the transmission route of the data between the transmission source communication terminal and the own communication terminal in the control information, the control information is transferred to another unspecified communication terminal. Send further to.

  In this way, when control information is transmitted one after another between the communication terminals and reaches the destination communication terminal, a data transmission route from the transmission source communication terminal to the destination communication terminal is established. The data is transmitted based on the route information registered in the control information.

  As described above, in a wireless ad hoc network, since a communication terminal other than the original counterpart relays the transmission data to transmit and receive the data, leakage of the transmission data may be a problem. Therefore, data encryption technology is widely used.

  For example, Patent Literature 1 discloses an authentication header generated using an authentication header key in a header portion of a frame including a data body and a header portion in a transmission terminal. In addition, by confirming the validity of the authentication header at the receiving terminal, it is possible to confirm whether the received frame is transmitted from an authorized legitimate terminal, and unnecessary communication can be performed. A technique for avoiding this is disclosed.

In addition, as a technology for encrypting information exchanged over a wireless ad hoc network, for example, TKIP (Temporal Key Integrity Protocol) adopted in WPA (Wi-Fi Protected Access) established by the Institute of Electrical and Electronic Engineers (IEEE) However, the difficulty of decryption is increased by automatically updating the encryption key at regular intervals.
JP 2004-241865 A

  In the technique disclosed in Patent Document 1 described above, a receiving terminal that performs mere frame relay holds all authentication header keys that are different for each transmitting terminal, and the transmitting terminal uses an identifier for identifying its own terminal. It is included in the header part of the frame, and at the time of relaying the frame, the receiving terminal selects the authentication header key held for the transmitting terminal identified by the identifier and uses it for authentication. It was. For this reason, it is conceivable that the transmission rate of the data body decreases due to the large amount of data in the header portion of the frame having the data body. In addition, since the authentication header key is different for each transmitting terminal, data transmission within the network is only by unicast, and it is difficult to support efficient data transmission such as broadcast and multicast. Conceivable.

Further, in the above-described encryption using TKIP, it is conceivable that the difficulty of decryption decreases if the timing of changing the encryption key is predicted by monitoring transmission data for a long time.
The present invention has been made in view of the above-described problems, and a problem to be solved is to provide a method for concealing information suitable for a wireless ad hoc network.

A communication terminal which is one aspect of the present invention is information indicating destination information of data required for transmission to a destination communication terminal which is one of communication terminals constituting a wireless communication network for each destination communication terminal. Encryption means for encrypting certain control information using a common encryption key in all communication terminals constituting the wireless communication network, and transmission means for transmitting the control information subjected to the encryption And receiving means for receiving the control information, decrypting means for decrypting the information encrypted with the common encryption key, and when the received control information is decrypted. A routing information for creating the routing information indicating the communication terminal as the first transfer destination for relaying the data when sending the data to the destination communication terminal based on the control information It possesses a grayed information creating means, and a rejection information storage means included in the communication stores the exclusion information is information indicating what has been eliminated between the other communication terminal in the communication terminal, create the routing information The means is characterized in that the destination communication terminal creates only routing information for those not indicated in the exclusion information, and solves the above-described problems by this feature.

  According to this configuration, since the common encryption key is given only to the communication terminals constituting the wireless communication network, such terminals cannot participate in the wireless communication network. Accordingly, it is possible to prevent information exchanged over the wireless communication network from leaking from such a terminal.

In addition, according to this configuration, even for communication terminals having a common encryption key, no routing information is generated for the communication terminal indicated in the exclusion information, so that the communication information is exchanged in the wireless communication network. Information is prevented from leaking from such terminals.

  Further, in the above-described wireless terminal according to the present invention, the encryption means further encrypts the destination information, which is information for specifying the destination communication terminal, using the common encryption key, and The data body to be sent to the communication terminal is further encrypted using an individual encryption key that can be decrypted only by the destination communication terminal, and the transmission means applies the encrypted data body to the data body. The encrypted destination information attached is further transmitted to the communication terminal that is the first transfer destination indicated in the routing information, and the receiving means receives the encrypted data body. Is further received, and the decryption means possessed by the communication terminal as the destination communication terminal is encrypted with the individual encryption key. Decrypt information Further carried out, may be configured to.

  According to this configuration, since the data body cannot be decrypted by a communication terminal other than the destination communication terminal, the content of the data body is prevented from leaking from such a communication terminal.

  Further, in the above-described wireless terminal according to the present invention, the encryption means further encrypts the destination information, which is information for specifying the destination communication terminal, using the common encryption key, and The data body to be sent to the communication terminal is distributed in advance only to the communication terminals defined in the wireless communication network and belonging to the group to which the destination communication terminal belongs. The routing means indicates that the encrypted data body is attached with the encrypted destination information attached to the encrypted data body. The data is further transmitted to the communication terminal that is the first transfer destination, and the reception means includes the encrypted destination information attached to the encrypted data body. So that the decryption means possessed by the communication terminal belonging to the group to which the destination communication terminal belongs further decrypts the information encrypted with the group encryption key. It may be configured.

  According to this configuration, since the data body cannot be decrypted by a communication terminal to which the group encryption key is not distributed because the destination communication terminal does not belong to the group to which the destination communication terminal belongs, Content is prevented from leaking.

  A communication terminal according to another aspect of the present invention is a communication terminal that constitutes a wireless communication network, and includes a positioning unit that measures its own position, and an encryption key generation unit that generates an encryption key based on the position. Encryption means for encrypting the data body to be sent using the encryption key, and transmission means for transmitting the position information which is information indicating the position and the encrypted data body And the receiving means for receiving the encrypted data body and the location information, and the decryption key necessary for decrypting the encrypted data body has been received. A decryption key generating means for generating based on the position information; and a decrypting means for decrypting the received data body using the decryption key. This feature To solve the problem was.

  According to this configuration, since the data body is encrypted / decrypted using the encryption key generated based on the position of the reference communication terminal, the difficulty of predicting the encryption key change timing increases. The confidentiality of the data body is improved.

  In the communication terminal according to the present invention described above, the encryption unit further encrypts the position information using an encryption key common to all the communication terminals constituting the wireless communication network, and The transmitting means transmits the encrypted position information attached to the data body, and the receiving means receives the encrypted position information attached to the data body. The decryption unit further decrypts the position information encrypted with the common encryption key, and the decryption key generation unit performs the decryption based on the decrypted position information. You may comprise so that a key may be produced | generated.

According to this configuration, leakage of position information is protected by transmitting the position information on the wireless communication network after encrypting the position information.
In the wireless terminal according to the present invention described above, the encryption key generation unit generates a different encryption key when the position moves beyond a predetermined threshold, and the decryption key generation unit It may be configured such that a decryption key necessary for performing the decryption is generated by detecting a movement of the position information that has been performed exceeding the threshold value.

  According to this configuration, the encryption / decryption of the data body is performed using the encryption key generated based on the movement amount of the reference communication terminal, so that the difficulty of predicting the encryption key change timing is increased. This improves the confidentiality of the data body.

  According to another aspect of the present invention, a communication terminal is an encryption that is individually assigned to each communication terminal for data to be sent to a destination communication terminal that is one of the communication terminals constituting the wireless communication network. Sending the encrypted data to the encryption means for performing encryption using the key and the communication terminal as the first transfer destination for relaying the data when sending the data to the destination communication terminal Transmitting means, receiving means for receiving data sent from other communication terminals constituting the wireless communication network, and encryption means when the received data is not addressed to itself And further encrypting the data using an encryption key individually assigned to each communication terminal, and controlling the transmission means to further encrypt the data. Relay control means for further transmitting the received data, and when the received data is addressed to itself, depending on the transfer route of the data from the communication terminal that is the first transmission source of the data to itself And decrypting means for obtaining the original data by repeating the decryption of the data by sequentially using the encryption keys individually assigned to the respective communication terminals. Solve the above-mentioned problems.

  According to this configuration, since the communication terminal that relays the transmission data performs further encryption on the transmission data, the communication terminal that does not know the transfer path cannot decrypt the transmission data, and thus has excellent secrecy. Data transmission can be performed.

  In the communication terminal according to the present invention described above, the encryption unit uses an encryption key common to all the communication terminals constituting the wireless communication network for the transfer route information that is information indicating the transfer route. The transmission means further transmits the encrypted transfer path information, the reception means receives the transfer path information, and the decryption means The transfer path information encrypted with the encryption key may be decrypted, and the data may be decrypted according to the decrypted transfer path information.

  According to this configuration, leakage of transfer path information is protected by transmitting the transfer path information on the wireless communication network after encrypting the transfer path information.

  With the configuration as described above, according to the present invention, there is an effect that information can be appropriately concealed in a wireless ad hoc network.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
First, FIG. 1 will be described. This figure is a block diagram showing a functional configuration of a communication terminal implementing the present invention. The communication terminal 10 is, for example, a personal computer, PDA (Personal Digital Assistants), mobile phone, or the like that can be connected to each other wirelessly. A wireless ad hoc network is constructed by preparing a plurality of communication terminals 10. can do.

  As shown in the figure, the communication terminal 10 includes a wireless transmission / reception processing unit 11, a data transmission / reception unit 12, a control information transmission / reception unit 13, a routing table creation / update processing unit 14, an encryption / decryption processing unit 15, and a position information acquisition unit. 16, a storage unit 17, a display unit 18, an input unit 19, and a control unit 20.

  The wireless transmission / reception processing unit 11 performs a process of connecting its own terminal to a wireless ad hoc network including a plurality of communication terminals 10 and wirelessly transmitting / receiving transmission data, control information, and the like to / from other communication terminals 10.

  The data transmission / reception unit 12 transmits / receives transmission data using the wireless transmission / reception processing unit 11. Further, the control information transmission / reception unit 13 performs transmission / reception of control information for establishing a transmission route of the transmission data to the communication terminal that is the destination of transmission data, using the wireless transmission / reception processing unit 11.

The routing table creation / update processing unit 14 creates and updates the routing table 21 stored in the storage unit 17 based on the received control information.
The encryption / decryption processing unit 15 uses the encryption key distributed in advance and stored in the storage unit 17 to receive encrypted data and information received by the data transmitting / receiving unit 12 or the control information receiving unit 13. And the transmission data and control information transmitted by the data transmitting / receiving unit 12 or the control information transmitting / receiving unit 13 are encrypted. Further, as will be described later, processing for changing the encryption key is also performed according to a predetermined rule. In the present embodiment, the encryption / decryption processing unit 15 performs encryption / decryption using a common key encryption method.

  The position information acquisition unit 16 performs positioning of the physical position of the communication terminal 10 at a predetermined interval, and is, for example, a well-known GPS (Global Positioning System).

  The storage unit 17 is a storage device such as a hard disk device or a flash memory, and includes a routing table 21 in which routing information related to a transfer route when sending data is registered, and the transmission / reception data and control information of the encryption / decryption processing unit 15. An encryption key used for encryption and decryption, and an unreachable terminal list 23 in which information indicating a communication terminal that excludes participation in the network (transmission of transmission data and control information is prohibited) are registered. As an encryption key, a common encryption key 22-1 that is commonly given to all communication terminals that construct this wireless ad hoc network, and is individually assigned to each communication terminal that constructs this wireless ad hoc network. The terminal-specific encryption key 22-2 and the group encryption key 22-3 that is common for each group of communication terminals defined in the wireless ad hoc network are stored in the storage unit 17.

The display unit 18 is a display device such as a liquid crystal display, and the input unit 19 is an input device such as a keyboard or a pen-type input device.
The control unit 28 is a control unit that controls the entire communication terminal 10. The control unit 28 includes, for example, a CPU (Central Processing Unit), a ROM in which a control program for causing the CPU to control the communication terminal 10 as a whole is stored, and the CPU when the control program is executed. Comprises a RAM used as a work memory as necessary and an interface unit that manages the exchange of various data between the units of the communication terminal 10 and causes the CPU to execute the control program. It is realized by.

  Next, the data structures of the routing table 21, transmission data, control information, and unreachable terminal list 23 will be described. In the following description, a case where a wireless ad hoc network (hereinafter simply referred to as “network”) as shown in FIG. 2 is constructed will be described as an example.

  The network shown in FIG. 2 is composed of terminal A, terminal B, terminal C, terminal D, and terminal E, and is between terminal A and terminal B, between terminal A and terminal D, between terminal B and terminal C, Data exchange by wireless transmission can be directly performed between the terminals D and C and between the terminals C and E. On the other hand, data cannot be directly exchanged between terminals of other combinations, and data is exchanged by relaying other terminals. For example, data can be exchanged between terminal A and terminal D by transferring data received by either terminal B or terminal D.

  First, each figure of FIGS. 3A to 3E will be described. These are all examples of the routing table 21. FIG. 3A shows what the terminal A has, FIG. 3B shows what the terminal B has, FIG. 3C shows what the terminal C has, FIG. Shows what the terminal D has, and FIG. 3E shows what the terminal E has.

  As shown in FIGS. 3A to 3E, the routing table 21 includes identification information for identifying a destination terminal indicating a communication terminal that is a final receiving destination of transfer data, and when data is sent to the destination terminal. In addition, in order to have the data relayed, the identification information for identifying the first transfer destination terminal that is the first transfer destination of each communication terminal, and the data transferred by each communication terminal in the process of data arrival at the destination terminal Routing information consisting of the number of freshness to be registered is registered. Here, the freshness number is defined. The freshness number is the number of transfers required to transmit control information from the destination communication terminal to the own communication terminal, and is a value obtained by adding 1 to the number of hops and a predetermined time interval. The number of transmissions when considering the number of hops and the number of transmissions when considering time are combined. Note that the form of holding routing information is not limited to that shown in these figures, and can be held in various other forms.

  When the control unit 20 executes the processes of FIGS. 13 and 14 to be described later, the location information indicating the location of each terminal acquired by positioning by the location information acquisition unit 16 is included in the identification information of each destination terminal. Added in the form of latitude / longitude.

  In each of FIGS. 3A to 3E, the terminal name (A to E) of the destination terminal is used as the identification information for identifying the destination terminal, and the first transfer destination is used as the identification information for identifying the first transfer destination terminal. Terminal names (A to E) of the terminals are shown. The identification information is not limited to the terminal name as long as it can identify the communication terminal on the network.

The routing table 21 of terminal A shown in FIG. 3A will be described as an example.
When the destination terminal is the terminal A, since the terminal A is its own terminal and data transfer is not necessary, the first transfer destination terminal is blank and the freshness number is set to zero. When the destination terminal is the terminal B, the first transfer destination terminal is the terminal B, and since the terminal B at this time is the destination terminal itself, the freshness number is 1.

  Further, when the destination terminal is the terminal C, the first transfer destination terminal is the terminal B (or the terminal D), and the freshness number is 2. When the destination terminal is the terminal D, the first transfer destination terminal is the terminal D, and since the terminal D at this time is the destination terminal itself, the freshness number is 1. When the destination terminal is terminal C, the first transfer destination terminal is terminal B (or terminal D), and the freshness number is 3.

The routing table 21 of the terminal A has the above information. The same applies to the routing table 21 of each terminal shown in FIGS. 3B to 3E.
For example, when data is sent from terminal A to terminal E, the destination terminal is terminal E. The terminal A that is the data transmission source searches the routing table 21 (FIG. 3A) of its own terminal for a line whose destination terminal is the terminal E. Since terminal B (or terminal D) is registered as the first transfer destination terminal in the row where the destination terminal is terminal E, terminal A transmits data to terminal B (or terminal D).

  The terminal B (or terminal D) that has received this data retrieves the row in which the destination terminal is the terminal E from the routing table 21 of its own terminal (FIG. 3B or 3D) in the same manner as the terminal A. Since the terminal C is registered as the first transfer destination terminal in the row where the destination terminal is the terminal E, the terminal B (or the terminal D) transmits data to the terminal C.

  The terminal C that has received the data searches for a row in which the destination terminal is the terminal E from the routing table 21 (FIG. 3C) of the terminal itself. In the row where the destination terminal is the terminal E, the terminal E is registered as the first transfer destination terminal, and since the terminal E is also the destination terminal, the terminal C transmits data to the terminal E.

As described above, transmission of data from terminal A to terminal E is completed. Thereafter, the terminal E returns a reception completion message to the transmission source terminal (that is, the terminal A).
In this way, each communication terminal can send data to a desired communication terminal. Here, in the routing table 21, not all the information of the communication terminals that have passed through is registered, but only the information of the first transfer destination terminal and the freshness information for each destination terminal are registered. There is an advantage that the capacity of the storage device is not compressed.

  The routing table 21 is not fixed, but is updated periodically. For example, when the power source of the terminal B is cut off or when the terminal B deviates from a communicable range where radio waves reach, data transmission via the terminal B becomes impossible.

  Therefore, each communication terminal transmits control information for updating the routing table 21 every predetermined time, and the latest state of the network is reflected in the routing table 21 to cope with a change in the state of each communication terminal. I can do it. Hereinafter, a method for updating the routing table 21 based on the control information will be described.

  First, FIG. 4A will be described. The figure shows an example of the routing table 21 of the terminal B before being updated by the control information. The structure of this table is the same as that in each of FIGS. 3A to 3E. In addition, the structure of the network at this time is shown in FIG. 4B, and between each terminal between terminal A-terminal C, between terminal A-terminal D, between terminal B-terminal C, and between terminal C-terminal E, It is assumed that data can be directly exchanged by wireless transmission.

  Now, after the network configuration is changed to the configuration shown in FIG. 2, the control information shown in FIG. 4C is sent to the terminal B having the routing table 21 shown in FIG. 4A. Think about the case.

  The control information in FIG. 4C will be described. The control information 30 includes the identification information of the transmission source terminal indicating the transmission source of the control information, and the data in the case where the terminal receiving the control information 30 sends the data to the destination terminal via the transmission source terminal. Information indicating the number of freshnesses to the destination terminal for each destination terminal. In addition, although the terminal name of the communication terminal is used as the terminal identification information in these pieces of information, the information is not limited to the terminal name as long as it can identify each communication terminal.

  In the example of FIG. 4C, since the terminal A is shown as the transmission destination terminal, it can be understood that the control information 30 is transmitted from the terminal A. The terminal A generates information on the freshness number for each destination terminal in the control information 30 by adding “1” to the freshness number for each destination terminal in the routing table 21 that the terminal A has.

  When the terminal B acquires this control information 30, it interprets it as follows. That is, the freshness number is 1 when data whose destination terminal is terminal A is sent via terminal A, the freshness number is 2 when data whose destination terminal is terminal B is sent via terminal A, and the destination terminal is terminal The number of freshness when the data C is sent via the terminal A is 3, the freshness number when the destination terminal is sent via the data terminal A which is the terminal D is 2, and the data whose destination terminal is the terminal E is The freshness number when it is sent via terminal A is interpreted as four. Then, a change is made to add “1” to the freshness number for each destination terminal in the control information 30 and the information of the transmission source terminal is changed to the terminal B, and then the control information 30 is transferred to another terminal. To do.

  Further, the routing table creation / update processing unit 14 of the terminal B creates and updates the routing table 21 that the terminal B has based on the control information 30 of FIG. 4C. The routing table is created / updated as follows.

  First, the freshness number for each destination terminal shown in the routing table 21 (FIG. 4A) of the terminal B, and the freshness number for each destination terminal shown in the acquired control information 30 (FIG. 4C) Are extracted, and the number of freshness in the control information 30 is less than that in the routing table 21. In the example of FIGS. 4A and 4C, the freshness numbers for the destination terminal A and the destination terminal D are extracted because they meet this condition.

  Next, in the routing table 21, the freshness number for the extracted destination terminal is changed to that shown in the control information 30, and the identification information of the first transfer destination terminal is changed to the source terminal in the control information 30. Change to what is shown. That is, the freshness number for the destination terminal A in FIG. 4A is changed to 1, the freshness number for the destination terminal D is changed to 2, and the identification information of the first transfer destination terminal for the destination terminal A and the destination terminal D is changed. The terminal A is changed to the one indicating the terminal A. As a result, the routing table 21 of the terminal B is updated from that in FIG. 4A to that in FIG. 3B.

  As described above, when data is sent to the destination terminal, an efficient data transmission route having a smaller freshness number is registered in the routing table 21.

  If the destination terminal indicated in the acquired control information 30 is not indicated in the routing table 21 of the own terminal, the freshness number for the destination terminal is added to the routing table 21 as it is. The first transfer destination terminal for the destination terminal is the source terminal of the control information 30.

  Further, when the control unit 20 executes the processes of FIGS. 13 and 14 to be described later, each terminal transmits control information 30 attached with its own position information. The terminal that has received the control information 30 updates the position information of each terminal in the routing table 21 based on the position information attached to the control information 30.

  Next, FIG. 5 will be described. The figure shows an example of the structure of transmission data transmitted in accordance with the transfer route established in this way. As shown in the figure, the transmission data 40 is composed of a header part 41 composed of data ID, identification information for identifying the destination terminal, identification information for identifying the data transmission source terminal, and the number of hops, And a data body 42 as a target. In addition, although the identification information which shows a terminal is a terminal name of a communication terminal in the example of FIG. 5, if it is information which can identify a communication terminal, it will not be limited to a terminal name.

  The data ID is identification information used to detect and discard the data when the same data is transmitted to the same terminal a plurality of times. Here, the number “1028” is set as the ID. However, the ID is not limited to a number, and any information that can identify data can be used.

  The number of hops is incremented by 1 each time each communication terminal transmits data. When the number of hops exceeds the preset maximum number of hops, the data reaches the destination terminal. It is considered that it could not be destroyed. In the example of FIG. 5, the structure of transmission data when the transmission data transmitted from the terminal A as the transmission source terminal to the terminal E as the destination terminal is received by the terminal E is shown. The number of hops has increased to 3 while the data arrives.

  Next, FIG. 6 will be described. The figure shows an example of the unreachable terminal list 23. The inaccessible terminal list 23 indicates communication terminals that exclude participation in the network (inhibit and exclude communication that exchanges transmission data 40 and control information 30 with other terminals that configure the network). Identification information is shown, and in this example, terminal D and terminal E are excluded from network participation. In addition, although the identification information which shows a terminal is a terminal name of a communication terminal in the example of FIG. 6, if it is information which can identify a communication terminal, it will not be limited to a terminal name.

Hereinafter, various control processes performed by the control unit 20 in the communication terminal 10 of FIG. 1 will be described.
First, FIG. 7 will be described. This figure is a flowchart showing the contents of the control information transmission process. This process is a process for creating and transmitting the control information 30 as described with reference to FIG. 4C.

First, in S101, a process for creating the control information 30 based on the routing table 21 in the storage unit 17 is performed.
In S102, the encryption / decryption processing unit 15 performs encryption on the created control information 30 using the common encryption key 22-1 in the storage unit 17.

In S103, an instruction is given to the control information transmission / reception unit 13 to cause the wireless transmission / reception processing unit 11 to transmit the encrypted control information 30.
In S104, the progress of the process is waited for a predetermined time, and thereafter, the process returns to S101 and the above-described process is repeated.

The above processing is the control information transmission processing.
Next, FIG. 8 will be described. This figure is a flowchart showing the processing contents of the control information reception processing. This process is a process for updating the routing table 21 in the storage unit 17 based on the received control information 30. However, the common encryption key 22-1 is given only to terminals that have the eligibility to participate in the network. Therefore, since the terminal that does not have the participation qualification cannot decode the control information 30, it cannot update its own routing table 21. Further, even if a terminal has a qualification to participate in the network, information about the terminal whose identification information is shown in the unreachable terminal list 23 is not reflected in the routing table 21.

First, in S <b> 111, a process of causing the wireless transmission / reception processing unit 11 to receive the encrypted control information 30 and obtaining the control information transmission / reception unit 13 is performed.
In subsequent S112, a process of causing the encryption / decryption processing unit 15 to decrypt the received control information 30 using the common encryption key 22-1 in the storage unit 17 is performed. In S113, a process for determining whether or not the decryption using the common encryption key 22-1 has been performed is performed. Here, when it is determined that decryption has been completed (when the determination result is Yes), the source of the control information 30 is regarded as one of the terminals constituting the network of FIG. 2, and the process proceeds to S115. To proceed. On the other hand, when it is determined that decryption could not be performed (when the determination result is No), it is assumed that the source of the control information 30 is not a terminal constituting the network of FIG. 2, and the control information 30 is discarded in S114. After that, the control information receiving process is terminated. By this process, irrelevant terminals are excluded from the network of FIG.

  In S115, the control information 30 that has been decrypted is referred to, and it is determined whether or not the destination terminal indicated in the control information 30 still remains as the processing target of the determination process in S116 described below. A determination process is performed. Here, when it is determined that such a destination terminal still remains (when the determination result is Yes), the process proceeds to S116. On the other hand, when it is determined that the processing has been completed for all the destination terminals (when the determination result is No), the control information reception processing ends.

  In S 116, attention is paid to one of the destination terminals indicated in the control information 30, and processing for determining whether or not the destination terminal is indicated in the non-connectable terminal list 23 in the storage unit 17 is performed. . Here, when it is determined that the destination terminal is shown in the unreachable terminal list 23 (when the determination result is Yes), the destination terminal is regarded as being excluded from the network, and the process proceeds to S115. And the above-described processing is repeated. On the other hand, when it is determined that the destination terminal is not shown in the unreachable terminal list 23 (when the determination result is No), an instruction is given to the routing table creation / update processing unit 14 in S117, and the storage unit 17 The process of creating / updating the control information 30 in the routing table 21 is performed, the process is returned to S115, and the above-described process is repeated. With this process, even a terminal that can participate in the network of FIG. 2 can be excluded from the network for the purpose of concealing information. The method for creating and updating the routing table 21 based on the control information 30 is performed by the same method as that described with reference to FIGS. 4A and 4C.

The above processing is the control information reception processing.
Next, FIG. 9 will be described. This figure is a flowchart showing the processing contents of the first example of the information transmission processing. The information transmission process is a process for encrypting transmission data 40 to be sent to the destination terminal and transmitting it. In this first example, the header 41 of the transmission data 40 is encrypted using the common encryption key 22-1 while the data body 42 is encrypted for each terminal. Processing is performed in which encryption is performed using a different terminal-specific encryption key 22-2 assigned to the terminal itself.

In FIG. 9, first, in S <b> 201, a process for causing the encryption / decryption processing unit 15 to encrypt the data body 42 using the terminal-specific encryption key 22-2 in the storage unit 17 is performed.
In the subsequent S202, processing for creating the header section 41 is performed as described with reference to FIG.

In S203, the encryption / decryption processing unit 15 performs encryption on the created header unit 41 using the common encryption key 22-1 in the storage unit 17.
In S204, a process of creating the transmission data 40 by attaching the encrypted header part 41 to the encrypted data body 42 is performed.

  In S205, an instruction is given to the data transmitting / receiving unit 12, and the generated transmission data 40 is sent to the first transfer destination terminal associated with the destination terminal that is the destination of the transmission data 40 in the routing table 21 in the storage unit 17. Is transmitted to the wireless transmission / reception processing unit 11, and thereafter, the information transmission process is terminated.

The above processing is the first example of the information transmission processing.
Next, FIG. 10 will be described. This figure is a flowchart showing the processing contents of the first example of the information reception processing. In the first example of the information reception process, the transmission / reception processing unit 11 receives the transmission data 40 created and transmitted by executing the first example of the information transmission process shown in FIG. Is started. When the transmission data 40 is addressed to the terminal itself, the data body 42 is decrypted. On the other hand, when the transmission data 40 is not addressed to the terminal itself, the transmission data 40 is transferred. It is processing.

  10, first, in S211, the header part 41 is extracted from the received transmission data 40, and the extracted header part 41 is decrypted by using the common encryption key 22-1 in the storage unit 17 as an encryption / decryption processing unit. 15 is performed.

In S212, processing for determining whether or not the identification information of the destination terminal indicated in the decrypted header section 41 represents the own terminal is performed.
Here, when it is determined that the identification information represents the own terminal (when the determination result is Yes), the decoding of the data body 42 in the received transmission data 40 is distributed only to the destination terminal in S213. The encryption / decryption processing unit 15 performs processing using the terminal-specific encryption key 22-2 for the transmission source terminal stored in advance in the storage unit 17, and thereafter ends this information reception processing. To do. As described above, the terminal-specific encryption key 22-2 unique to the transmission source terminal is distributed only to the destination terminal, and therefore, the data body 42 cannot be decrypted by other terminals. Accordingly, leakage of the contents of the data body 42 at other terminals is prevented.

  On the other hand, when it is determined in the determination process of S212 that the identification information does not represent the own terminal (when the determination result is No), the value of the hop count of the header section 41 is increased by 1 in S214. In S215, the encryption / decryption processing unit 15 performs encryption using the common encryption key 22-1 in the storage unit 17, and in S216, the data transmission / reception unit 12 is instructed. In the routing table 21 in the storage unit 17, processing for causing the wireless transmission / reception processing unit 11 to transmit the created transmission data 40 to the first transfer destination terminal associated with the destination terminal that is the destination of the transmission data 40 is performed. After that, this information reception process is terminated.

The above processing is the first example of information reception processing.
Next, FIG. 11 will be described. This figure is a flowchart showing the processing contents of the second example of the information transmission processing. In this second example, the header 41 of the transmission data 40 is encrypted using the common encryption key 22-1 while the data body 42 is defined in the network. Only a group belonging to a group of communication terminals is encrypted using a group encryption key 22-3 distributed in advance.

  In FIG. 11, first, in S <b> 301, a process for causing the encryption / decryption processing unit 15 to encrypt the data body 42 using the group encryption key 22-3 in the storage unit 17 is performed.

In the subsequent S302, processing for creating the header section 41 is performed as described with reference to FIG.
In S303, the encryption / decryption processing unit 15 performs encryption on the created header unit 41 using the common encryption key 22-1 in the storage unit 17.

In S304, a process of creating the transmission data 40 by attaching the encrypted header part 41 to the encrypted data body 42 is performed.
In S <b> 305, an instruction is given to the data transmission / reception unit 12, and the generated transmission data 40 is transmitted to the first transfer destination terminal associated with the destination terminal that is the destination of the transmission data 40 in the routing table 21 in the storage unit 17. Is transmitted to the wireless transmission / reception processing unit 11, and thereafter, the information transmission process is terminated.

The above processing is the second example of the information transmission processing.
Next, FIG. 12 will be described. This figure is a flowchart showing the processing contents of the second example of the information reception processing. In the second example of the information reception process, the transmission / reception processing unit 11 receives the transmission data 40 created and transmitted by executing the second example of the information transmission process shown in FIG. Is started. When the transmission data 40 is addressed to the terminal itself, the data body 42 is decrypted. On the other hand, when the transmission data 40 is not addressed to the terminal itself, the transmission data 40 is transferred. It is processing.

  In FIG. 12, first, in S <b> 311, the header part 41 is extracted from the received transmission data 40, and the extracted header part 41 is decrypted using the common encryption key 22-1 in the storage unit 17. 15 is performed.

  In S312, processing is performed to determine whether or not the destination terminal identification information indicated in the decrypted header section 41 represents the terminal itself. Here, when it is determined that the identification information represents the own terminal (when the determination result is Yes), in S313, the decoding of the data body 42 in the received transmission data 40 is performed in the storage unit 17. Processing to be performed by the encryption / decryption processing unit 15 is performed using the group encryption key 22-3, and thereafter, the information reception processing is terminated. Thus, since the group encryption key 22-3 is distributed in common only to the group to which the own terminal belongs in the network, the data body 42 is decrypted by the terminal belonging to only the other group. I can't. Therefore, the content of the data body 42 is prevented from leaking to a terminal that does not belong to the group.

  On the other hand, in the determination process of S312, when it is determined that the identification information does not represent the own terminal (when the determination result is No), the value of the hop count of the header section 41 is increased by 1 in S314. Thus, the encryption / decryption processing unit 15 performs encryption using the common encryption key 22-1 in the storage unit 17, and in the subsequent S315, the data transmission / reception unit 12 is instructed, and the storage unit 17 In the routing table 21, a process for causing the wireless transmission / reception processing unit 11 to transmit the created transmission data 40 to the first transfer destination terminal associated with the destination terminal that is the destination of the transmission data 40 is performed. Ends this information reception process.

The above processing is the second example of the information reception processing.
For example, in each terminal configuring the network of FIG. 2, the second example of the information transmission process and the second example of the information reception process described above are executed, and the terminal A, the terminal B, and the terminal E perform the first group. And a terminal C and a terminal D form a second group. Here, when the information encrypted by using the group encryption key is broadcast / multicast distributed from the terminal A to the same group as the own terminal, the terminal B and the terminal E have the same group encryption key 22-3 as the terminal A. Therefore, if this encrypted information is received, it can be decrypted and information can be obtained. On the other hand, since the terminal C and the terminal D have a group encryption key 22-3 different from that of the terminal A, even if this encrypted information is received, it cannot be decrypted and information is obtained. I can't. Thus, by distributing different group encryption keys 22-3 for each group, it is possible to efficiently distribute information by broadcast / multicast distribution of encrypted information.

  Next, FIG. 13 will be described. This figure is a flowchart showing the contents of a third example of the information transmission process. In the third example, as in the first example shown in FIG. 9, the header 41 of the transmission data 40 is encrypted using the common encryption key 22-1 while the data body For 42, encryption is performed using a terminal-specific encryption key 22-2 which is different for each terminal and assigned to the terminal itself. However, each terminal changes the terminal-specific encryption key 22-2 according to a predetermined rule and uses it for encryption of the header section 41.

  As described above, when this process is executed, the position information indicating the position of each terminal acquired by positioning by the position information acquisition unit 16 is included in the latitude / longitude format in the identification information of each destination terminal. It has been added. Each terminal transmits control information 30 with its own position information attached. Further, the terminal that has received the control information 30 updates the position information of each terminal in the routing table 21 based on the attached position information. As described above, since the control information 30 is transmitted after being encrypted using the common encryption key 22-1, leakage of position information is protected.

First, in S401, a process of acquiring position information of a reference terminal (for example, the own terminal) from the routing table 21 in the storage unit 17 is performed.
In S402, encryption key update determination processing is performed. In the present embodiment, it is determined whether or not the positioning position of the reference terminal acquired by the processing in the previous step has moved beyond a predetermined threshold from the initial position, and when it is determined that such movement has occurred, the terminal Assume that another encryption key 22-2 needs to be updated.

In S403, a process is performed to determine whether or not it is determined in the determination process in the previous step that the terminal-specific encryption key 22-2 needs to be updated.
If it is determined that updating is necessary (when the determination result is Yes), the terminal-specific encryption key update process is executed for the terminal-specific encryption key 22-2 in the storage unit 17 in S404. To do. Note that this update process itself may be well-known, for example, when an encryption key creation table in which a plurality of numerical values are written is distributed to each terminal in advance, and when the terminal-specific encryption key 22-2 is updated, The numerical value in the next order of the last used one is read from the encryption key creation table, a random number is generated by a predetermined algorithm based on the read numerical value, and the obtained random number and the terminal-specific encryption key 22-in the storage unit 17 are generated. It is also possible to obtain a unique terminal-specific encryption key 22-2 by obtaining an exclusive OR with 2.

  On the other hand, when it is determined in S403 that there is no need for updating (when the determination result is No), the process proceeds directly to S405 without updating the terminal-specific encryption key 22-2.

  Since the subsequent processing from S405 to S409 is the same as the processing from S201 to S205 in the first example of the information transmission processing shown in FIG. 9, the description thereof is omitted.

The above processing is the third example of the information transmission processing.
Next, FIG. 14 will be described. This figure is a flowchart showing the contents of a third example of the information reception process. In the third example of the information reception process, the transmission / reception processing unit 11 receives the transmission data 40 created and transmitted by executing the third example of the information transmission process shown in FIG. Is started. When the transmission data 40 is addressed to the terminal itself, the data body 42 is decrypted. On the other hand, when the transmission data 40 is not addressed to the terminal itself, the transmission data 40 is transferred. It is processing.

  In FIG. 14, first, in S411, the header portion 41 is extracted from the received transmission data 40, and the extracted header portion 41 is decrypted using the common encryption key 22-1 in the storage unit 17. 15 is performed.

  In S412, a process is performed to determine whether or not the destination terminal identification information indicated in the decrypted header section 41 represents the terminal itself. Here, when it is determined that the identification information represents the own terminal (when the determination result is Yes), the process proceeds to S413, and when it is determined that the identification information does not represent the own terminal (determination) If the result is No), the process proceeds to S418.

  In S413, the process of acquiring the position information of the reference terminal (for example, the own terminal) from the routing table 21 in the storage unit 17 is performed, and in the subsequent S414, the encryption key update determination process is performed. The contents of the process of S414 are the same as those of S402 in FIG. That is, in the present embodiment, it is determined whether or not the positioning position of the reference terminal acquired by the process of the previous step has moved beyond a predetermined threshold (the same value as that in S402) from the initial position, When it is determined that such movement has occurred, it is assumed that the terminal-specific encryption key 22-2 needs to be updated.

In S415, a process is performed to determine whether or not it is determined in the determination process in the previous step that the terminal-specific encryption key 22-2 needs to be updated.
Here, when it is determined that the update is necessary (when the determination result is Yes), in S416, the transmission source terminal that is distributed only to the destination terminal and is stored in advance in the storage unit 17 is determined. The terminal-specific encryption key update process is executed for the terminal-specific encryption key 22-2. This update process is the same as the process of S404 in FIG. Therefore, the terminal-specific encryption key 22-2 updated by the process of S416 is the same as that updated by the process of S404.

  On the other hand, when it is determined in S415 that there is no need for updating (when the determination result is No), the process proceeds to S417 as it is without updating the terminal-specific encryption key 22-2.

  In S417, a process of causing the encryption / decryption processing unit 15 to decrypt the data body 42 in the received transmission data 40 using the current terminal-specific encryption key 22-2 for the transmission source terminal is performed. Ends this information reception process. As described above, since the body data 42 is encrypted / decrypted using the terminal-specific encryption key 22-2 that is changed based on the movement amount of the reference terminal, the encryption key is changed at regular time intervals, for example. Compared to a simple method, the degree of difficulty in predicting the encryption key change timing increases, and as a result, the confidentiality of the body data 42 is improved.

  Note that the processing of S418 and S419 executed when the determination result of S412 is No is the same as the processing from S214 to S216 in the first example of the information reception processing shown in FIG. The description is omitted.

The above processing is the third example of the information reception processing.
Next, FIG. 15 will be described. This figure is a flowchart showing the processing contents of the fourth example of the information transmission processing. In the fourth example, when the terminal relays the transmission data 40, the terminal-specific encryption key 22-2 assigned to the relay terminal is assigned to the already encrypted data body 42. It is used for further encryption and transfer, and route information indicating the transfer path of the transmission data 40 is sent to the destination terminal separately from the transmission data 40.

Before describing FIG. 15, route information will be described.
An example of the data structure of the route information is shown in FIG. As shown in the figure, the route information 50 includes data IDs similar to those in the transmission data 40 shown in FIG. 5, identification information for identifying the destination terminal, and identification information for identifying the data transmission source terminal. And identification information for identifying a relay terminal that is a terminal that transfers the transmission data 40 when the transmission data 40 is transmitted from the transmission source terminal to the destination terminal. Here, the relay terminal item is indicated by sequentially adding its own identification information when each relay terminal transfers the route information 50 itself.

In the example of FIG. 16, the identification information indicating the terminal is the terminal name of the communication terminal, but is not limited to the terminal name as long as the information can identify the communication terminal.
Hereinafter, the process of FIG. 15 will be described.

First, in S501, the route information 50 in which no relay terminal identification information is shown is created and encrypted with the common encryption key 22-1.
In S502, the data transmission / reception unit 12 is instructed, and the route information encrypted in the routing table 21 in the storage unit 17 is transmitted to the first transfer destination terminal associated with the destination terminal that is the destination of the transmission data 40. 50 is transmitted to the wireless transmission / reception processing unit 11.

  Since the subsequent processing from S503 to S507 is the same as the processing from S201 to S205 in the first example of the information transmission processing shown in FIG. 9, the description thereof is omitted.

The process so far is the fourth example of the information transmission process.
Next, FIG. 17 will be described. This figure is a flowchart showing the processing contents of the route information reception processing. This process is started when the wireless transmission / reception processing unit 11 receives the route information 50 created and transmitted by the execution of the fourth example of the information transmission process shown in FIG. When the information is the information 50 (when the identification information of the own terminal is indicated in the destination terminal of the route information 50), the route information 50 is stored, whereas when the route information is not the address destined for the own terminal, the route information 50 This is a process for transferring the route information 50 after updating the information of the 50 relay terminals.

In FIG. 17, first, in S511, a process of causing the encryption / decryption processing unit 15 to decrypt the received route information 50 using the common encryption key 22-1 in the storage unit 17 is performed.
In S512, processing for determining whether or not the identification information of the destination terminal indicated in the decrypted route information 50 represents the own terminal is performed.

  Here, when it is determined that the identification information represents the own terminal (when the determination result is Yes), in S513, the decrypted route information 50 is stored in the storage unit 17 and saved. Thereafter, the route information receiving process is terminated. As a result, the transfer route of the transmission data 40 is grasped at the destination terminal.

  On the other hand, in the determination process of S512, when it is determined that the identification information does not represent the own terminal (when the determination result is No), the decoded route information 50 is updated in S514 to identify the own terminal. The information is added as relay terminal information, and in the subsequent S515, the updated route information 50 is encrypted with the common encryption key 22-1. In S516, the route information 50 encrypted in the routing table 21 in the storage unit 17 is sent to the first transfer destination terminal associated with the destination terminal that is the destination of the transmission data 40 in the wireless transmission / reception processing unit 11. Processing for transmission is performed, and thereafter, this route information reception processing is terminated.

The process so far is the route information reception process.
Next, FIG. 18 will be described. This figure is a flowchart showing the processing contents of the fourth example of the information reception processing. In the fourth example of the information reception process, the transmission / reception processing unit 11 receives the transmission data 40 created and transmitted by executing the fourth example of the information transmission process shown in FIG. Is started, and when it is transmission data 40 addressed to its own terminal, the data body 42 is decrypted. On the other hand, when it is not transmission data 40 addressed to its own terminal, In this process, the transmission data 40 is transferred after further encryption.

  When the control unit 20 executes this process, the terminal-specific encryption key 22-2 assigned to each terminal constituting the network is distributed to the destination terminal and stored in the storage unit 17 in advance. It shall be.

  18, first, in S521, the header part 41 is extracted from the received transmission data 40, and the extracted header part 41 is decrypted by using the common encryption key 22-1 in the storage unit 17 as an encryption / decryption processing unit. 15 is performed.

In S522, processing for determining whether or not the identification information of the destination terminal indicated in the decrypted header section 41 represents the own terminal is performed.
Here, when it is determined that the identification information represents the terminal itself (when the determination result is Yes), the route information 50 stored in the storage unit 17 by the above-described route information reception process in S523. In subsequent S524, the terminal-specific encryption key 22-2 for the relay terminal stored in advance in the storage unit 17 is used in an order opposite to the order of the relay terminal indicated in the route information 50, A process of decoding the data body 42 in the received transmission data 40 is performed, and thereafter this information reception process is terminated.

  On the other hand, if it is determined in the determination processing in S522 that the identification information does not represent the own terminal (when the determination result is No), further encryption of the data body 42 in the received transmission data 40 is performed in S525. Is processed by the encryption / decryption processing unit 15 using the terminal-specific encryption key 22-2 of the own terminal in the storage unit 17.

In S526, a process of causing the encryption / decryption processing unit 15 to encrypt the decrypted header unit 41 using the common encryption key 22-1 in the storage unit 17 is performed.
In S527, the process of creating the transmission data 40 is performed by attaching the header part 41 encrypted by the process of S525 to the data body 42 encrypted by the process of S526.

  In S528, an instruction is given to the data transmission / reception unit 12, and the created transmission data 40 is sent to the first transfer destination terminal associated with the destination terminal that is the destination of the transmission data 40 in the routing table 21 in the storage unit 17. Is transmitted to the wireless transmission / reception processing unit 11, and thereafter, the information reception process is terminated.

  The process so far is the fourth example of the information reception process. As described above, the terminal that cannot obtain the contents of the route information 50 by encrypting the data body 42 at each relay terminal that transmits the transmission data 40 cannot decrypt the data body 42, so that it is confidential. It is possible to transmit information with excellent characteristics.

The present invention is not limited to the above-described embodiment, and various improvements and changes can be made without departing from the scope of the present invention.
The technical idea of the following configuration is derived from the above-described embodiment.

(Supplementary note 1) For the control information, which is information indicating the freshness number of data required for transmission to a destination communication terminal, which is one of the communication terminals constituting the wireless communication network, for each destination communication terminal, the radio Encryption means for performing encryption using a common encryption key in all communication terminals constituting the communication network;
Transmitting means for transmitting the control information subjected to the encryption;
Receiving means for receiving the control information;
Decryption means for decrypting information encrypted with the common encryption key;
When the received control information has been decoded, routing information indicating a communication terminal that is a first transfer destination for relaying the data when sending data to the destination communication terminal, Routing information creation means for creating based on the control information;
A communication terminal comprising:

(Additional remark 2) It has further the exclusion information storage means which stores the exclusion information which is the information which shows what is excluded between communication terminals among communication terminals,
The routing information creating means creates only routing information for the destination communication terminal that is not indicated in the exclusion information.
The communication terminal according to Supplementary Note 1, wherein

(Supplementary Note 3) The encryption unit further encrypts the destination information, which is information for specifying the destination communication terminal, using the common encryption key, and adds the encrypted data to the data body to be sent to the destination communication terminal. On the other hand, further encryption is performed using an individual encryption key that can be decrypted only by the destination communication terminal,
The transmission means further transmits the encrypted data body attached with the encrypted destination information to the communication terminal that is the first transfer destination indicated in the routing information And
The receiving means further receives the encrypted data body attached with the encrypted destination information;
The decryption means possessed by the communication terminal which is the destination communication terminal further decrypts the information encrypted with the individual encryption key.
The communication terminal according to appendix 1 or 2, characterized in that.

(Supplementary Note 4) The encryption unit further encrypts the destination information, which is information for specifying the destination communication terminal, using the common encryption key, and adds the encrypted data to the data body to be sent to the destination communication terminal. On the other hand, encryption is performed using a group encryption key distributed in advance only to a group of communication terminals defined in the wireless communication network and belonging to the group to which the destination communication terminal belongs. ,
The transmission means further transmits the encrypted data body attached with the encrypted destination information to the communication terminal that is the first transfer destination indicated in the routing information And
The receiving means further receives the encrypted data body attached with the encrypted destination information;
The decryption means possessed by a communication terminal belonging to the group to which the destination communication terminal belongs further decrypts information encrypted with the group encryption key;
The communication terminal according to appendix 1 or 2, characterized in that.

(Supplementary note 5) A communication terminal constituting a wireless communication network,
A positioning means for positioning its own position;
An encryption key generating means for generating an encryption key based on the position;
Encryption means for encrypting the data body to be sent using the encryption key;
Transmitting means for transmitting the position information which is information indicating the position and the encrypted data body;
Receiving means for receiving the encrypted data body and the location information;
Decryption key generation means for generating a decryption key necessary for decrypting the encrypted data body based on the received location information;
Decryption means for decrypting the received data body using the decryption key;
A communication terminal comprising:

(Additional remark 6) The said encryption means further encrypts using the encryption key common to all the communication terminals which comprise the said wireless communication network with respect to the said positional information,
The transmission means transmits the encrypted location information attached to the data body,
The receiving means receives the data body attached with the encrypted location information,
The decryption means further performs decryption of the position information encrypted with the common encryption key;
The decryption key generating means generates the decryption key based on the decrypted position information;
The communication terminal according to Supplementary Note 5, wherein

(Appendix 7) The encryption key generation means generates a different encryption key when the position moves beyond a predetermined threshold value,
The decryption key generation means generates a decryption key necessary for performing the decryption by detecting a movement of the received position information that is greater than or equal to the threshold value.
The communication terminal according to appendix 5 or 6, characterized by the above.

(Supplementary Note 8) Encryption means for encrypting data to be sent to a destination communication terminal, which is one of communication terminals constituting a wireless communication network, using an encryption key individually assigned to each communication terminal; ,
A transmission means for transmitting the encrypted data to a communication terminal as an initial transfer destination for relaying the data when sending data to the destination communication terminal;
Receiving means for receiving data sent from other communication terminals constituting the wireless communication network;
If the received data is not addressed to itself, the encryption means is controlled to perform further encryption on the data using an encryption key individually assigned to each communication terminal. And relay control means for controlling the transmission means to further transmit the further encrypted data;
When the received data is addressed to itself, the encryption individually assigned to each communication terminal according to the transfer path of the data from the communication terminal that is the first transmission source of the data to itself Decryption means for obtaining the original data by repeating the decryption of the data using the keys sequentially;
A communication terminal comprising:

(Supplementary Note 9) The encryption unit further performs encryption on transfer path information, which is information indicating the transfer path, using a common encryption key in all communication terminals constituting the wireless communication network,
The transmission means further transmits the encrypted transfer path information,
The receiving means receives the transfer path information,
The decryption means decrypts the transfer path information encrypted with the common encryption key, and decrypts the data according to the decrypted transfer path information.
The communication terminal according to appendix 8, characterized in that.

(Supplementary Note 10) For control information that is information indicating the freshness number of data required for transmission to a destination communication terminal, which is one of communication terminals constituting a wireless communication network, for each destination communication terminal, the wireless communication network Encrypt using a common encryption key in all the communication terminals that make up the communication network,
Sending the encrypted control information,
Receiving the control information,
Decrypting the information encrypted with the common encryption key;
When the received control information has been decoded, routing information indicating a communication terminal that is a first transfer destination for relaying the data when sending data to the destination communication terminal, Create based on control information,
A communication method characterized by the above.

(Additional remark 11) The exclusion information which is the information which shows what the communication between other communication terminals is excluded among communication terminals,
In creating the routing information, the destination communication terminal creates only routing information for those not indicated in the exclusion information.
The communication method according to supplementary note 10, characterized by:

(Supplementary Note 12) In the encryption, the destination information, which is information for specifying the destination communication terminal, is further encrypted using the common encryption key, and the data body to be sent to the destination communication terminal On the other hand, further encryption is performed using an individual encryption key that can be decrypted only by the destination communication terminal,
Sending the encrypted data body attached with the encrypted destination information to the communication terminal as the first transfer destination indicated in the routing information,
Further receiving the encrypted data body with the encrypted destination information attached to the encrypted data body,
In the decryption in the communication terminal which is the destination communication terminal, further decryption of the information encrypted with the individual encryption key,
The communication method according to appendix 10 or 11, characterized in that.

(Additional remark 13) In the said encryption, while encrypting further using the said common encryption key with respect to the destination information which is the information which identifies the said destination communication terminal, it is added to the data text sent to the said destination communication terminal. On the other hand, encryption is performed using a group encryption key distributed in advance only to a group of communication terminals defined in the wireless communication network and belonging to the group to which the destination communication terminal belongs. ,
Sending the encrypted data body attached with the encrypted destination information to the communication terminal as the first transfer destination indicated in the routing information,
Further receiving the encrypted data body with the encrypted destination information attached to the encrypted data body,
In the decryption in the communication terminal belonging to the group to which the destination communication terminal belongs, the information encrypted with the group encryption key is further decrypted.
The communication method according to appendix 10 or 11, characterized in that.

(Supplementary note 14) A communication method used in a communication terminal constituting a wireless communication network,
Measure your position,
Generating an encryption key based on the location;
Encrypt the data body to be sent using the encryption key,
Sending the location information that is the information indicating the location and the encrypted data body,
Receiving the encrypted data body and the location information,
Generating a decryption key necessary for decrypting the encrypted data body based on the received location information;
Decrypting the received data body using the decryption key;
A communication method characterized by the above.

(Supplementary note 15) The position information is further encrypted using a common encryption key in all the communication terminals constituting the wireless communication network,
In the transmission, transmission of the encrypted location information attached to the data body,
In the reception, reception of the data body attached with the encrypted location information is performed,
In the decryption, the position information encrypted with the common encryption key is further decrypted,
In the generation of the decryption key, the decryption key is generated based on the decrypted position information.
The communication method according to supplementary note 14, characterized by:

(Supplementary Note 16) In the generation of the encryption key, when the position moves beyond a predetermined threshold, a different encryption key is generated,
In the generation of the decryption key, a decryption key necessary for performing the decryption is generated by detecting a movement of the received position information that is greater than or equal to the threshold value.
The communication method according to appendix 14 or 15, characterized in that:

(Supplementary Note 17) Data sent to a destination communication terminal which is one of communication terminals constituting a wireless communication network is encrypted using an encryption key assigned to each communication terminal,
Sending the encrypted data to the communication terminal as the first transfer destination for relaying the data when sending the data to the destination communication terminal,
Receiving data sent from other communication terminals constituting the wireless communication network,
When the received data is not addressed to itself, the data is further encrypted using an encryption key individually assigned to each communication terminal, and the further encryption is performed. Send further data,
When the received data is addressed to itself, the encryption individually assigned to each communication terminal according to the transfer path of the data from the communication terminal that is the first transmission source of the data to itself The original data is obtained by repeating the decryption of the data using the keys sequentially,
A communication method characterized by the above.

(Supplementary Note 18) The transfer route information, which is information indicating the transfer route, is further encrypted using a common encryption key in all the communication terminals constituting the wireless communication network,
Further transmission of the encrypted transfer path information,
Receiving the transfer path information;
In the decryption, the transfer path information encrypted with the common encryption key is decrypted, and the data is decrypted according to the decrypted transfer path information.
The communication method according to supplementary note 17, characterized by:

It is a block diagram which shows the functional structure of the communication terminal which implements this invention. It is a figure which shows an example of a wireless ad hoc network. 6 is a diagram showing an example of a routing table of terminal A. FIG. FIG. 6 is a diagram showing an example of a routing table of terminal B. 4 is a diagram illustrating an example of a routing table of terminal C. FIG. 4 is a diagram illustrating an example of a routing table of a terminal D. FIG. 6 is a diagram showing an example of a routing table of terminal E. FIG. It is a figure which shows the routing table of the terminal B before update. It is a figure which shows an example of the radio | wireless ad hoc network before an update. It is a figure which shows the example of the data structure of control information. It is a figure which shows the example of the data structure of transmission data. It is a figure which shows the example of a non-connectable terminal list. It is a flowchart which shows the processing content of a control information transmission process. It is a flowchart which shows the processing content of a control information reception process. It is a flowchart which shows the processing content of the 1st example of an information transmission process. It is a flowchart which shows the processing content of the 1st example of an information reception process. It is a flowchart which shows the processing content of the 2nd example of an information transmission process. It is a flowchart which shows the processing content of the 2nd example of an information reception process. It is a flowchart which shows the processing content of the 3rd example of an information transmission process. It is a flowchart which shows the processing content of the 3rd example of information reception processing. It is a flowchart which shows the processing content of the 4th example of an information transmission process. It is a figure which shows the example of the data structure of route information. It is a flowchart which shows the processing content of a route information reception process. It is a flowchart which shows the processing content of the 4th example of information reception processing.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Communication terminal 11 Wireless transmission / reception processing part 12 Data transmission / reception part 13 Control information transmission / reception part 14 Routing table creation / update processing part 15 Encryption / decryption processing part 16 Location information acquisition part 17 Storage part 18 Display part 19 Input part 20 Control part 21 Routing Table 22-1 Common encryption key 22-2 Terminal encryption key 22-3 Group encryption key 23 Unreachable terminal list 30 Control information 40 Transmission data 41 Header part 42 Data body 50 Route information

Claims (2)

The wireless communication network is configured with respect to control information, which is information indicating the destination information of data required for transmission to a destination communication terminal that is one of the communication terminals constituting the wireless communication network, for each destination communication terminal. Encryption means for performing encryption using a common encryption key in all communication terminals to be
Transmitting means for transmitting the control information subjected to the encryption;
Receiving means for receiving the control information;
Decryption means for decrypting information encrypted with the common encryption key;
When the received control information has been decoded, routing information indicating a communication terminal that is a first transfer destination for relaying the data when sending data to the destination communication terminal, Routing information creation means for creating based on the control information;
Exclusion information storage means for storing exclusion information that is information indicating that communication with other communication terminals among communication terminals is excluded ;
Have,
The routing information creating means creates only routing information for the destination communication terminal that is not indicated in the exclusion information.
Communication terminal you wherein a. The encryption means further encrypts the destination information, which is information for specifying the destination communication terminal, using the common encryption key, and for the data body to be sent to the destination communication terminal, A group of communication terminals defined in the wireless communication network, and performing encryption using a group encryption key distributed in advance only to communication terminals belonging to the group to which the destination communication terminal belongs,
The transmission means further transmits the encrypted data body attached with the encrypted destination information to the communication terminal that is the first transfer destination indicated in the routing information And
The receiving means further receives the encrypted data body attached with the encrypted destination information;
The decryption means possessed by the communication terminal belonging to the group to which the destination communication terminal belongs further decrypts the destination information encrypted with the common encryption key, and encrypts with the group encryption key Further decrypting the generated information,
The communication terminal according to claim 1 .