JP6326735B2 - Wireless communication system, wireless connection device, method, computer program - Google Patents

Description

  The present invention relates to a wireless communication system.

  Conventionally, in order to perform security communication in which security is ensured in a wireless LAN, an access point (hereinafter also referred to as “AP”) transmits setting information such as encryption information and authentication information to the wireless LAN terminal. There is a need. In the technique of Patent Document 1, wireless setting information is transmitted from an AP to a wireless LAN terminal via a wireless LAN.

  In the technique of Patent Document 2, the AP setting value is registered in the server in advance, and the mobile terminal includes the terminal information of the mobile terminal itself and the MAC address of the AP in the server via the cellular communication network. Send query information. And with the technique of patent document 2, a server transmits the connection information of AP to a portable terminal with reference to a MAC address.

JP2013-38498A JP 2005-86471 A JP 2011-135325 A JP 2002-236632 A JP 2010-98765 A

  However, when sending wireless setting values from an access point to a wireless LAN terminal via a wireless LAN, there are the following problems. (I) When a setting value acquisition request is transmitted from the wireless LAN terminal to the AP, since the IP address of the AP is unknown, transmission is performed using a broadcast packet. For this reason, there is a problem that the firewall on the wireless LAN terminal side blocks the transmission of the packet and the reception of the response packet transmitted from the AP in response to the packet, and the setting may not be completed.

  (Ii) If radio waves are congested when sending wireless setting values via a wireless LAN, it is necessary to wait for wireless communication to be transmitted, and therefore it takes time for each piece of information to be transmitted. When the wireless LAN terminal searches for an AP via the wireless LAN, the wireless LAN terminal searches for a frequency that can be connected to the AP while switching the channel of the frequency being used. As a result, there has been a problem that connection failure or time is required for connection.

  (Iii) When radio waves are congested, it takes time because it is necessary to transmit after waiting for an empty wireless communication when returning a packet reception confirmation response via the wireless LAN. As a result, the packet transmission side cannot confirm reception within a predetermined time, and packet retransmission occurs. When the same packet transmitted to the wireless LAN increases due to packet retransmission, wireless communication is congested accordingly, and the frequency of packet transmission failure increases. As a result, there has been a problem that a connection failure by the wireless LAN or a long time is required for the connection.

  (Iv) Some wireless LAN terminals limit the number of APs that can be detected at one time. As a result, if there are a plurality of APs in the vicinity, the AP to be connected may not be detected because the AP to be connected does not fall within the above limitation among the APs that can be detected at one time. In such a case, there is a problem that the wireless LAN terminal cannot connect to the AP via the wireless LAN.

  Moreover, there is a method of transmitting wireless connection information via a cellular communication network, as in the technique of Document 2. However, in the technique of Document 2, the wireless setting value is registered in the server. For this reason, there was a problem in safety. In the technique of Document 2, the connection information of the AP is transmitted to the mobile terminal by checking the MAC address. However, since the MAC address can be easily obtained, there is a problem in safety. In addition, in the conventional wireless communication system, it has been desired to simplify the operation, improve the usability, improve the processing speed, reduce the cost, and save resources.

SUMMARY An advantage of some aspects of the invention is to solve at least a part of the problems described above, and the invention can be implemented as the following forms or application examples.
The first aspect of the present invention is:
A first communication device connected to the Internet via a first communication line and having a wireless LAN client function;
A second communication device having a wireless LAN access point function and connected to the Internet via a second communication line different from the first communication line;
A wireless communication system comprising a server device connected to the Internet and connectable to the first communication device and the second communication device,
The second communication device is:
Security information including wireless LAN connection information for the first communication device to connect to the second communication device by the first wireless communication to the first communication device by the wireless LAN access point function. A first transmission unit that transmits to the server device via the second communication line,
The server device
A storage unit for storing the security information;
A second transmitter capable of transmitting the wireless LAN connection information to the first communication device via the Internet,
The security information further includes identification information of the second communication device,
The first communication device includes a third transmission unit that transmits the identification information to the server device via the first communication line,
The second transmission unit transmits the wireless LAN to the first communication device via the Internet when the identification information stored in the storage unit matches the identification information received from the first communication device. Send connection information,
The identification information is a pairing token that is a random number and a different value each time,
The second communication device includes a generation unit that generates the pairing token ,
The second communication device includes a fourth transmission unit that transmits data including the identification information to the first communication device by second wireless communication using the wireless LAN access point function. It is.
The second aspect of the present invention is:
A wireless connection device that is connected to a server device and that can share wireless LAN connection information for first wireless communication with other communication devices,
An access point unit for realizing a wireless LAN access point function;
A connection information transmission unit for transmitting security information including the wireless LAN connection information to the server device;
A communication start unit that starts the first wireless communication with the other communication device using the wireless LAN connection information;
The security information further includes identification information of the wireless connection device,
The communication start unit is transmitted from the server device to the other communication device when the identification information transmitted to the server device matches the identification information transmitted from the other communication device to the server device. Starting the first wireless communication with the other communication device using wireless LAN connection information;
The identification information is a pairing token that is a random number and a different value each time,
A generating unit for generating the pairing token ;
An identification information transmitting unit that transmits data including the identification information to the other communication device by second wireless communication using the wireless LAN access point function .
The third aspect of the present invention is:
A first communication device connected to the Internet via a first communication line and having a wireless LAN client function;
A second communication device having a wireless LAN access point function and connected to the Internet via a second communication line different from the first communication line;
In a wireless communication system comprising a server device connected to the Internet and connectable to the first communication device and the second communication device, the wireless LAN access point function provides access to the first communication device. Wireless LAN connection information for connecting the first communication device to the second communication device is shared between the first communication device and the second communication device by the first wireless communication. A method,
(A) the second communication device transmitting security information including the wireless LAN connection information to the server device via the second communication line;
(B) the server device storing the security information;
(C) The server device includes a step of transmitting the wireless LAN connection information to the first communication device via the Internet,
The security information further includes identification information of the second communication device,
further,
(D) the first communication device transmitting the identification information to the server device via the first communication line,
In the step (c), when the identification information stored in the server device matches the identification information received from the first communication device, the server device transmits the first communication device via the Internet. Transmitting the wireless LAN connection information to
The identification information, the generated by the second communication device, Ri pairing token der to be each time a random number different values,
(E) the second communication device, the second wireless communication by the wireless LAN access point function, the step of transmitting the data containing the identification information to the first communication device, Ru provided with is a method .
The fourth aspect of the present invention is
A computer program that is connected to the Internet via a first communication line and that is executed in a communication device having a wireless LAN client function, and that is connected to the communication device by a wireless LAN access point function of the wireless connection device. A computer program for the communication device to acquire wireless LAN connection information for the communication device to connect to the wireless connection device by wireless communication of
A function of receiving identification information of the wireless connection device by second wireless communication from the wireless connection device;
A function of transmitting the identification information to the server device connected to the Internet and connectable to the communication device and the wireless connection device via the first communication line;
A function of receiving the wireless LAN connection information from the server device via the Internet,
The identification information is a computer program that is a pairing token generated by the wireless connection device, which is a random number and a different value each time. The present invention can also be realized as the following forms.

(1) According to one aspect of the present invention, a wireless communication system is provided. The wireless communication system is connected to the Internet via a first communication line, and has a first communication device having a wireless LAN client function; a wireless LAN access point function, and a first communication line. A second communication device connected to the Internet via a different second communication line; a server device connected to the Internet and connectable to the first communication device and the second communication device And the second communication device performs the first wireless communication with the first wireless communication device by the wireless LAN access point function, whereby the first communication device transfers to the second communication device. A first transmission unit configured to transmit security information including wireless LAN connection information for connection to the server device via the second communication line; Includes a storage unit for storing the security information, and a second transmission section capable of transmitting the wireless LAN connection information to the first communication device via the Internet. According to the wireless communication system of this aspect, the first communication device can receive the wireless LAN connection information transmitted from the second communication device to the server device via the second communication line from the server device. Therefore, the first communication device can acquire the wireless LAN connection information in a state where safety is maintained.

(2) In the wireless communication system of the above aspect, the security information further includes identification information of the second communication device, and the first communication device transmits the identification information to the first communication line. A third transmission unit that transmits to the server device via the second transmission unit, wherein the second transmission unit matches the identification information stored in the storage unit with the identification information received from the first communication device In this case, the wireless LAN connection information may be transmitted to the first communication device via the Internet. According to this form of the wireless communication system, the wireless LAN connection information is exchanged using the identification information. For this reason, the first communication apparatus can acquire the wireless LAN connection information in a state where safety is maintained.

(3) In the wireless communication system of the above aspect, the identification information may be a pairing token. According to the wireless communication system of this embodiment, since the pairing token is used as the identification information, the first communication device can acquire the wireless LAN connection information while maintaining safety.

(4) In the wireless communication system of the above aspect, the second communication device further transmits data including the identification information to the first communication device through second wireless communication using the wireless LAN access point function. A fourth transmitter may be provided. According to the wireless communication system of this aspect, the first communication device can obtain data including identification information from the second communication device through the second wireless communication.

(5) In the wireless communication system of the above aspect, the first communication line may be a mobile communication line. According to this form of the wireless communication system, a terminal that can use a mobile communication line can safely acquire wireless LAN connection information.

(6) According to another aspect of the present invention, a wireless connection device is provided. The wireless connection device is a wireless connection device that is connected to the server device and that can share wireless LAN connection information for the first wireless communication with other communication devices, and is a wireless LAN access point An access point that realizes a function; a connection information transmission unit that transmits security information including the wireless LAN connection information to the server device; and the other communication device and the first using the wireless LAN connection information A communication start unit for starting wireless communication. According to the wireless connection device of this aspect, the wireless LAN connection information transmitted from the wireless connection device to the server device via the second communication line can be received from the server device by another communication device. Therefore, the wireless connection device of this embodiment can cause other communication devices to acquire wireless LAN connection information while maintaining safety.

(7) In the wireless connection device of the above aspect, the security information further includes identification information of the wireless connection device; the communication start unit includes identification information transmitted to the server device and the other communication device. When the identification information transmitted to the server matches, the first wireless communication with the other communication device is started using the wireless LAN connection information transmitted from the server device to the other communication device. It is good. According to this form of wireless connection device, wireless LAN connection information is exchanged using the identification information. For this reason, other communication apparatuses can acquire wireless LAN connection information in a state where safety is maintained.

(8) In the wireless connection device of the above aspect, the identification information may be a pairing token. According to the wireless connection device of this aspect, since the pairing token is used as the identification information, other communication devices can acquire the wireless LAN connection information while maintaining safety.

(9) The wireless connection device of the above aspect may further include a generation unit that generates the pairing token. According to the wireless connection device of this embodiment, a pairing token can be generated.

(10) The wireless connection device of the above aspect further includes an identification information transmission unit that transmits data including the identification information to the other communication device by second wireless communication using the wireless LAN access point function. Also good. According to the wireless connection device of this aspect, other communication devices can obtain data including identification information from the wireless connection device by the second wireless communication.

(11) According to another aspect of the present invention, there is provided a method for sharing wireless LAN connection information between a first communication device and a second communication device. A method of sharing wireless LAN connection information between a first communication device and a second communication device is connected to the Internet via a first communication line and has a wireless LAN client function. A second communication device having a wireless LAN access point function and connected to the Internet via a second communication line different from the first communication line; connected to the Internet And a server device connectable to the first communication device and the second communication device, by a first wireless communication to the first communication device by the wireless LAN access point function Wireless LAN connection information for connecting the first communication device to the second communication device is shared between the first communication device and the second communication device. (A) the second communication device transmits security information including the wireless LAN connection information to the server device via the second communication line; and (b) the server. A device storing the security information; and (c) the server device transmitting the wireless LAN connection information to the first communication device via the Internet. According to the method of this aspect, the first communication apparatus can receive the wireless LAN connection information transmitted from the second communication apparatus to the server apparatus via the second communication line from the server apparatus. Therefore, the first communication device can acquire the wireless LAN connection information in a state where safety is maintained.

(12) In the method of the above aspect, the security information further includes identification information of the second communication device, and (d) the first communication device includes the identification information of the first communication device. Transmitting to the server device via a communication line; and the step (c) is performed when the identification information stored in the server matches the identification information received from the first communication device. The server device may be a step of transmitting the wireless LAN connection information to the first communication device via the Internet. According to this method, wireless LAN connection information is exchanged using identification information. For this reason, the first communication apparatus can acquire the wireless LAN connection information in a state where safety is maintained.

(13) In the method of the above aspect, the identification information may be a pairing token. According to the method of this embodiment, since the pairing token is used as the identification information, the first communication device can acquire the wireless LAN connection information in a state where safety is maintained.

(14) In the method of the above aspect, further, (e) the second communication device transmits data including the identification information to the first communication device by the second wireless communication using the wireless LAN access point function. A step of transmitting. According to the method of this aspect, the first communication device can obtain data including identification information from the second communication device by the second wireless communication.

(15) In the method of the above aspect, further, (f) notifying the second communication device that the server device has transmitted the wireless LAN connection information to the first communication device; ) Before the step (f), the server device may include a step of deleting the wireless LAN connection information. According to the method of this aspect, the server device deletes the wireless LAN connection information before the server device notifies the second communication device that the wireless LAN connection information has been transmitted to the first communication device. In this way, since the time during which the wireless LAN connection information is stored in the server device can be shortened, the risk of unauthorized acquisition of the wireless LAN connection information from a third party can be reduced. For this reason, safety is improved.

(16) In the method according to the above aspect, (h) the second communication device terminates the second wireless communication and uses the wireless LAN connection information in response to the notification in the step (f). And starting the first wireless communication with the first communication device. According to the method of this aspect, the second communication device terminates the second wireless communication and uses the wireless LAN connection information and the first communication device in response to the notification in step (f). Start wireless communication. In this way, the second wireless communication that is less secure than the first wireless communication can be terminated. For this reason, safety is improved.

(17) In the method of the above aspect, the server device may further include a step of (i) deleting the wireless LAN connection information when a predetermined time has elapsed from the step (b). According to the method of this aspect, the server device deletes the wireless LAN connection information when a predetermined time has elapsed from the step (b). For this reason, since the state in which the wireless LAN connection information is stored in the server device is limited to a certain time, safety is improved.

(18) According to another aspect of the present invention, a computer program is provided. The computer program is a computer program that is connected to the Internet via a first communication line and executed in a communication device having a wireless LAN client function, and the communication device using the wireless LAN access point function of the wireless connection device A computer program for the communication device to acquire wireless LAN connection information for the communication device to connect to the wireless connection device by the first wireless communication to the communication device; A function of receiving identification information of the wireless connection device by wireless communication, and a server device connected to the Internet and connectable to the communication device and the wireless connection device via the first communication line. The function of transmitting the identification information and the server device via the Internet And a function of receiving the wireless LAN connection information Te. According to this form of computer program, wireless LAN connection information is exchanged using identification information. For this reason, the communication device can acquire the wireless LAN connection information in a state where safety is maintained.

(19) In the computer program of the above aspect, the identification information may be a pairing token. According to this form of the computer program, since the pairing token is used as the identification information, the communication device can acquire the wireless LAN connection information while maintaining safety.

(20) In the computer program of the above aspect, the first communication line may be a mobile communication line. A communication device that can use a mobile communication line can safely acquire wireless LAN connection information.

  The present invention can be implemented in various modes other than the wireless communication system and method. For example, the present invention can be realized in the form of a computer program for realizing the method, a non-temporary recording medium on which the computer program is recorded, or the like.

1 is a diagram illustrating a schematic configuration of a wireless communication system 20. The figure which shows schematic structure of access point AP. The figure which shows schematic structure of radio | wireless terminal TE. The figure which shows schematic structure of server SV. The flowchart which shows the process which transmits the wireless LAN connection information of access point AP to wireless terminal TE. The flowchart which shows the process which transmits the wireless LAN connection information of access point AP to wireless terminal TE. The flowchart which shows the process which transmits the wireless LAN connection information of access point AP to wireless terminal TE. The flowchart which shows the process which transmits the wireless LAN connection information of access point AP to wireless terminal TE.

A. Embodiment:
A-1. overall structure:
FIG. 1 is a diagram illustrating a schematic configuration of a wireless communication system 20. The wireless communication system 20 includes an access point AP, a server SV, and a wireless terminal TE. In the present embodiment, the wireless communication system 20 is a wireless communication system compliant with IEEE 802.11.

  The access point AP has a wireless LAN access point function that is a function of relaying wireless communication of the wireless terminal TE. The access point AP is connected to the Internet INT via a wired communication line. The access point AP may be connected to the Internet INT via a mobile communication line (wireless line) like a mobile router. In the present embodiment, the access point AP supports an automatic setting process for automatically assigning setting information to a wireless terminal for performing a predetermined level of security communication such as encryption setting and authentication information. Specifically, the access point AP supports AOSS (AirStation One-Touch Secure System, a registered trademark of Buffalo Co., Ltd.) and WPS (Wi-Fi Protected Setup).

  The access point AP includes a simple setting button 160. The easy setting button 160 is a button for giving an access point AP an instruction to start AOSS processing or WPS processing. In the present embodiment, the simple setting button 160 is used for both AOSS processing and WPS processing. The simple setting button 160 may be prepared for each process.

  The wireless terminal TE is a smartphone provided with a display panel 202 and a command input unit 206. The wireless terminal TE has a wireless LAN client function and a mobile communication function. The mobile communication function refers to a function of performing wireless communication using a mobile communication network via a base station. Specifically, the mobile communication function executes wireless data communication conforming to standards such as 3G / HSPA (High Speed Packet Access), LTE (Long Term Evolution), and WiMAX (Worldwide Interoperability for Microwave Access). Refers to function.

  The server SV is connected to the Internet INT and can be connected to the access point AP and the wireless terminal TE. The server SV has a storage unit 320 and has a function of storing wireless LAN connection information of an access point AP described later.

A-2. Schematic configuration of access point AP:
FIG. 2 is a diagram showing a schematic configuration of the access point AP. The access point AP includes a CPU 110, a flash ROM 120, a RAM 130, a WAN interface (I / F) 140, a wireless communication interface 150, and a simple setting button 160, and each unit is connected to an internal bus 180. Each part can communicate with each other.

  The CPU 110 controls the overall operation of the access point AP by developing a program such as firmware stored in the flash ROM 120 in the RAM 130 and executing the program. In the firmware, information on the MAC address of the server SV, which will be described later, is set when the access point AP is shipped.

  The WAN interface 140 is an interface for connecting to an external network through a fixed line. The WAN interface 140 may be an interface for connecting to a partial network via a wireless communication line. In this embodiment, the WAN interface is connected to the Internet INT as an external network.

  The wireless communication interface 150 is a control circuit for performing wireless communication conforming to the wireless LAN standard, and includes hardware such as a modulator, an amplifier, and an antenna. The wireless communication interface 150 is controlled by the CPU 110 and operates as an access point.

  As described above, the easy setting button 160 is a button for giving the access point AP an instruction to start AOSS processing or WPS processing. Note that the interface for accepting the start instruction is not limited to a button. For example, when the access point AP includes a display, the interface for accepting the start instruction may be a GUI (Graphical User Interface), and infrared communication, a contact type or non-contact type IC card is used. It may be used. From the viewpoint of preventing a malicious third party from giving a start instruction to the access point AP against the user's intention, the user can give a start instruction to the access point AP by directly touching the access point AP. It is preferable to set it as an aspect.

A-3. Schematic configuration of the radio terminal TE:
FIG. 3 is a diagram illustrating a schematic configuration of the radio terminal TE. The wireless terminal TE includes a CPU 210, a flash ROM 220, a RAM 230, a display unit 240, an input unit 250, a wireless communication interface 260, and a mobile communication interface 270, and each unit is connected to an internal bus 280. Each unit can communicate with each other.

  The CPU 210 controls the overall operation of the wireless terminal TE by developing a program such as firmware stored in the flash ROM 220 in the RAM 230 and executing it.

  The display unit 240 is a liquid crystal display that can display an image. The input unit 250 is provided so as to overlap the display unit 240, and can receive an operation from the user with a finger or a pen.

  The wireless communication interface 260 is a control circuit for performing wireless communication conforming to the wireless LAN standard, and includes hardware such as a modulator, an amplifier, and an antenna. The wireless communication interface 260 is controlled by the CPU 210 and operates as a client. The mobile communication interface 270 is a control circuit for performing wireless communication using a mobile communication network via a base station.

  The wireless terminal TE downloads an application program for receiving wireless LAN connection information, which will be described later, from the home page of the access point AP vendor. The download destination may not be the home page of the access point AP vendor. The CPU 210 controls the mobile communication interface 270 so that this download is performed via the mobile communication line.

  The application program at least (i) receives data including a pairing token from the access point AP using the wireless communication interface 260, and (ii) transmits security information to the server SV using the mobile communication interface 270. And (iii) a function for receiving wireless LAN connection information from the server SV via the Internet. Note that the information on the MAC address of the server SV is also acquired when the application is downloaded.

  When the download request includes the type of the wireless terminal TE and the type / version of the OS installed in the wireless terminal TE, the application is provided based on the information. Otherwise, a versatile application is provided.

  By this download, the simple setting button 242 is displayed on the display unit 240. The simple setting button 242 is a button for giving a start instruction of AOSS processing or WPS processing to the wireless terminal TE by the user, like the simple setting button 160 of the access point AP. Note that the wireless terminal TE may be shipped in a state in which this program is mounted in advance.

A-4. Schematic configuration of server SV:
FIG. 4 is a diagram showing a schematic configuration of the server SV. The server SV includes a CPU 310, a storage unit 320, and a WAN interface 330. Each unit is connected to the internal bus 340, and each unit can communicate with each other.

  The storage unit 320 includes a flash ROM 322 and a RAM 324. The storage unit 320 is used to store wireless LAN connection information and a pairing token, which will be described later.

  The CPU 310 controls the overall operation of the server SV by developing a program such as firmware stored in the flash ROM 322 in the RAM 324 and executing it.

  The WAN interface 330 is an interface for connecting to an external network through a fixed line. The WAN interface 330 may be an interface for connecting to a network through a wireless communication line. In this embodiment, the WAN interface is connected to the Internet INT as an external network.

A-5. Transmission processing of wireless LAN connection information as the first embodiment:
FIG. 5 is a flowchart showing a process of transmitting the wireless LAN connection information of the access point AP to the wireless terminal TE. The wireless LAN connection information includes encryption information and communication information.

  "Encryption information" refers to wireless LAN encryption methods such as WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access), WPA2-PSK (Wi-Fi Protected Access 2 Pre-Shared Key), and encryption It means the key used in the case of “Communication information” means information necessary for establishing communication such as BSSID (Basic Service Set Identifier), ESSID (Extended Service Set Identifier), and SSID (Service Set Identifier). In addition, since the wireless LAN connection information of the access point AP has not been notified to the wireless terminal TE, communication between the wireless terminal TE and the access point AP has not been established yet.

  Further, the access point AP of the present embodiment supports a multi-SSID function. Therefore, the access point AP can operate one physical access point as a plurality of virtual access points that are a plurality of logical access points. The access point AP can control the connection to the virtual access point independently by setting a different SSID for each virtual access point. The virtual access point is also called a “virtual port”.

  The connection target to the access point AP is a client that knows the SSID (or ESSID, BSSID) set in the virtual port of the access point AP, in other words, the same SSID set in the virtual port of the access point AP. Restricted to clients with SSID set.

  In step S110, when the simple setting button 242 of the wireless terminal TE is pressed, the CPU 210 of the wireless terminal TE transmits a probe request using the wireless communication interface 260. The frame structure of the probe request is defined by the IEEE 802.11 standard.

  When the easy setting button 160 of the access point AP is pressed, in step S130, the CPU 110 sends the wireless LAN connection information of the access point AP and the identification information of the access point AP to the server SV using the WAN interface 140. Send. In this embodiment, the MAC address of the access point AP is used as the identification information of the access point AP. Note that the functional unit of the CPU 110 in step S130 is shown as “first transmission unit 112” in FIG.

  In step S140, the CPU 310 of the server SV stores the wireless LAN connection information received from the access point AP in the storage unit 320.

  In step S150, the CPU 310 transmits information indicating that the wireless LAN connection information is stored in the storage unit 320 to the access point AP using the WAN interface 330.

  In step S160, the CPU 110 of the access point AP transmits a probe response to the probe request of the wireless terminal TE using the wireless communication interface 150. Identification information of the access point AP is given to the probe response. The function unit of the CPU 110 in step S160 is shown in FIG. 2 as “fourth transmission unit 114”.

  In step S170, the CPU 210 of the wireless terminal TE transmits the identification information of the access point AP to the server SV using the mobile communication interface 270. The functional unit of the CPU 210 in step S170 is shown in FIG. 3 as the “first transmission unit 212”.

  In step S185, the CPU 310 of the server SV identifies the access point AP identification information received from the wireless terminal TE from the identification information of the access point AP attached to each wireless LAN connection information stored in the storage unit 320. Find what matches. The CPU 310 transmits wireless LAN connection information associated with the identification information of the access point AP to the wireless terminal TE using the WAN interface 330. This process ends when the wireless LAN connection information is transmitted. The function unit of the CPU 310 in step S185 is shown in FIG. 4 as a “second transmission unit 312”.

  After the end of this process, the CPU 210 of the wireless terminal TE makes a highly secure connection with the access point AP by using the wireless LAN connection information (step S300). Specifically, for example, when the wireless LAN connection information includes a WPA2-PSK key as encryption information, the access point AP establishes WPS2-PSK encrypted communication using a virtual port. The function unit of the CPU 110 of the access point AP in step S300 is shown as “communication start unit 119” in FIG.

  In step S190, the CPU 310 of the server SV deletes the access point AP identification information and the wireless LAN connection information stored in the storage unit 320. By doing so, the time for which the wireless LAN connection information is stored in the storage unit 320 can be shortened. For this reason, it is possible to reduce the risk of unauthorized acquisition of wireless LAN connection information from a third party. For this reason, safety can be improved.

  In step S <b> 195, the CPU 310 transmits information indicating that the wireless LAN connection information stored in the storage unit 320 has been deleted to the access point AP using the WAN interface 330.

  In step S200, the CPU 110 of the access point AP ends the communication at the stage where the wireless LAN connection is not established. By doing in this way, communication with low safety compared with communication using wireless LAN connection information can be terminated. For this reason, safety is improved. The function unit of the CPU 110 in step S200 is shown as “communication end unit 118” in FIG. Note that the processing from step S185 to step S300 and the processing from step S190 to step S200 may be mixed.

  If the CPU 310 of the server SV saves the wireless LAN connection information in step S140 and then a predetermined time has elapsed, the CPU 310 deletes the wireless LAN connection information (step S145). In this embodiment, the fixed time is 2 minutes. By doing so, the time for which the wireless LAN connection information is stored in the storage unit 320 can be shortened. For this reason, safety can be improved by reducing the risk of unauthorized acquisition of wireless LAN connection information from a third party.

A-6. effect:
By transmitting the wireless LAN communication information from the access point AP to the wireless terminal TE in this way, the transmission of the wireless LAN communication information from the wireless terminal TE to the server SV is not a broadcast packet. For this reason, the firewall on the wireless terminal TE side blocks the transmission of the packet and the reception of the response packet transmitted from the AP in response to the packet, thereby solving the problem that the setting may not be completed.

  When the wireless LAN communication information is sent via the wireless LAN, when the radio wave is congested, it is necessary to wait for the wireless communication to be transmitted, so that it takes time for each piece of information to be transmitted. Further, when the wireless terminal TE searches for an AP via the wireless LAN, the wireless terminal TE searches for a frequency that can be connected to the AP while switching the channel of the frequency being used. As a result, there has been a problem that connection failure or time is required for connection. However, according to the present embodiment, the WAN interface 330 is used to transmit the wireless LAN communication information from the server SV to the wireless terminal TE. For this reason, wireless LAN communication information can be transmitted in a short time.

  Some wireless LAN terminals limit the number of APs that can be detected at one time. As a result, when there are a plurality of APs around, there is a case where an AP to be connected is not detected among APs that can be detected at one time. In such a case, the wireless LAN terminal has a problem that it is difficult to connect to the AP. However, by transmitting wireless LAN communication information from the access point AP to the wireless terminal TE in this way, the number of APs that can be detected is irrelevant. For this reason, the said subject is solved.

  Moreover, according to this embodiment, the time maintained in the state where the wireless LAN communication information is registered in the server SV can be limited to a certain time. For this reason, safety can be ensured.

A-7. Transmission Process of Wireless LAN Connection Information as Second Embodiment FIG. 6 is a flowchart showing a process of transmitting the wireless LAN connection information of the access point AP to the wireless terminal TE. The second embodiment (FIG. 6) is different from the first embodiment (FIG. 5) in that a pairing token is used. Specifically, the second embodiment is different from the first embodiment from after step S110 to before step S190. Hereinafter, step S120 to step S185 will be described.

  When the easy setting button 160 of the access point AP is pressed, the CPU 110 of the access point AP generates a pairing token in step S120. In this embodiment, the pairing token uses a random number. The function unit of the CPU 110 in step S120 is referred to as a “generation unit”.

  In step S130, the CPU 110 transmits the wireless LAN connection information of the access point AP and the pairing token generated in step S120 to the server SV using the WAN interface 140. Note that the functional unit of the CPU 110 in step S130 is shown as “first transmission unit 112” in FIG.

  In step S140, the CPU 310 of the server SV associates the wireless LAN connection information received from the access point AP and the pairing token, and stores them in the storage unit 320.

  In step S150, CPU 310 transmits information indicating that wireless LAN connection information and the pairing token are stored in storage unit 320 to access point AP using WAN interface 330.

  In step S160, the CPU 110 of the access point AP transmits a probe response to the probe request of the wireless terminal TE using the wireless communication interface 150. The frame structure of the probe response is defined by the IEEE 802.11 standard, and an optional area that can be freely defined by the vendor is prepared for the frame elements constituting the probe response frame. In the present embodiment, the CPU 110 gives a pairing token to the probe response by writing the pairing token in this optional area. The function unit of the CPU 110 in step S160 is shown in FIG. 2 as “fourth transmission unit 114”.

  In the present embodiment, the probe response to which the pairing token is assigned is performed after step S150. However, the probe response to which the pairing token is added may be transmitted after the pairing token is generated in step S120. By transmitting the probe response with the pairing token at an early stage, the wireless terminal TE can be notified of the pairing token quickly and reliably.

  The CPU 210 of the wireless terminal TE that has obtained the pairing token by the probe response transmits the pairing token to the server SV using the mobile communication interface 270 in step S170. Note that the functional unit of the CPU 210 in step S170 is shown in FIG. 3 as a “third transmission unit 212”.

  In step S180, the CPU 310 of the server SV searches the pairing tokens attached to the wireless LAN connection information stored in the storage unit 320 for a match with the pairing token received from the wireless terminal TE. . If the CPU 310 determines that the pairing token stored in the storage unit 320 matches the pairing token received from the wireless terminal TE (step S180: Yes), the process proceeds to step S185.

  In step S185, the CPU 310 transmits the wireless LAN connection information associated with the pairing token and stored in the storage unit 320 to the wireless terminal TE using the WAN interface 330. This process ends when the wireless LAN connection information is transmitted. The function unit of the CPU 310 in step S185 is shown in FIG. 4 as a “second transmission unit 312”.

  On the other hand, if the CPU 310 determines that there is no matching pairing token received from the wireless terminal TE among the pairing tokens attached to the wireless LAN connection information stored in the storage unit 320 (step S1). S180: Yes), the CPU 310 transmits a message to that effect to the wireless terminal TE using the WAN interface 330 (step S182). By doing this, the CPU 310 determines that there is no matching pairing token received from the wireless terminal TE among the pairing tokens attached to each wireless LAN connection information stored in the storage unit 320. If determined, the server SV does not transmit the wireless LAN connection information to the wireless terminal TE. For this reason, safety can be ensured.

A-8. effect:
According to the present embodiment, the MAC address is verified and wireless LAN communication information is not transmitted to the wireless terminal TE, but the pairing token is verified. Since the MAC address is a fixed value, so-called “spoofing” is possible by obtaining it in advance. On the other hand, the pairing token is a random number and has a different value every time. For this reason, it is necessary to capture and obtain a pairing token from time to time, and “spoofing” is difficult. For this reason, safety can be ensured.

  Further, by giving a pairing token to a beacon or a probe response, only the wireless terminal TE existing within a range where radio communication can be performed from the access point AP (a range where radio waves reach) can obtain the pairing token. For this reason, since the wireless terminal TE that is not within the predetermined range from the access point AP cannot obtain the pairing token, safety can be ensured.

  Note that the “wireless terminal TE” in the present embodiment corresponds to a “first communication device”, “another communication device”, or “communication device” in a means for solving the problem. “Access point AP” corresponds to “second communication device” or “wireless connection device”. “Server SV” corresponds to “server device”.

  In addition, the “wireless communication interface 150” in the present embodiment corresponds to an “access point unit” in a means for solving the problem. The “first transmission unit 112” corresponds to a “connection information transmission unit”. The “fourth transmission unit 114” corresponds to an “identification information transmission unit”.

  “Step S130” in this embodiment corresponds to “Step (a)”, “Step S140” to “Step (b)”, “Step S185” to “Step (c)”, and “Step S170”. Is “step (d)”, “step S160” is “step (e)”, “step S195” is “step (f)”, “step S190” is “step (g)”, “step “S300” corresponds to “step (h)”, and “step S145” corresponds to “step (i)”.

B. Variations:
In addition, this invention is not restricted to said embodiment, In the range which does not deviate from the summary, it can be implemented in a various aspect, For example, the following deformation | transformation is also possible.

B-1. Modification 1:
In the present embodiment, the pairing token is generated at the access point AP. However, the present invention is not limited to this. The pairing token may be generated in the server SV or the wireless terminal TE.

  FIG. 7 is a flowchart showing a process of transmitting the wireless LAN connection information of the access point AP to the wireless terminal TE. The flowchart in FIG. 7 differs from the flowchart in FIG. 6 in that the server SV generates a pairing token. Specifically, the second embodiment and this embodiment are different in the processing from step S120 to step S150, but the other processing is the same. Hereinafter, step S125 to step S150 will be described.

  In step S125, when the simple setting button 160 of the access point AP is pressed, the CPU 110 of the access point AP transmits the wireless LAN connection information of the access point AP to the server SV using the WAN interface 140.

  In step S135, the CPU 310 of the server SV generates a pairing token. Thereafter, in step S140, the CPU 310 of the server SV associates the wireless LAN connection information received from the access point AP with the pairing token, and stores them in the storage unit 320.

  In step S150, CPU 310 transmits a pairing token to access point AP using WAN interface 330. By doing so, the wireless LAN connection information using the pairing token from the access point AP to the wireless terminal TE is generated by generating the pairing token in the server SV without generating the pairing token in the access point AP. Can be delivered.

  FIG. 8 is a flowchart showing a process of transmitting the wireless LAN connection information of the access point AP to the wireless terminal TE. The flowchart in FIG. 8 differs from the flowchart in FIG. 6 in that the server SV generates a pairing token. Specifically, the second embodiment and this embodiment are different from step S105 to step S130, but the other processes are the same. Hereinafter, step S105 to step S130 will be described.

  In step S105, when the easy setting button 242 of the wireless terminal TE is pressed, the CPU 210 of the wireless terminal TE generates a pairing token.

In step S110, the CPU 210 transmits a probe request with a pairing token. An optional area that can be freely defined by the vendor is prepared for the frame elements constituting the probe request frame. In the present embodiment, the CPU 210 gives a pairing token to the probe request by writing a pairing token in this optional area.

  When the simple setting button 160 of the access point AP is pressed and the probe request is received, the CPU 110 of the access point AP receives the wireless LAN connection information of the access point AP and the pairing token generated in step S120 in step S130. Then, the data is transmitted to the server SV using the WAN interface 140. By doing so, the pairing token is transmitted to the access point AP and the server SV by generating the pairing token in the wireless terminal TE.

B-2. Modification 2:
In the present embodiment, a smartphone is used as the wireless terminal TE. However, the present invention is not limited to this, and the wireless terminal TE may be a wireless LAN terminal having a function of connecting to the Internet (for example, a mobile communication function). Examples of the wireless LAN terminal include a PC and a game machine.

B-3. Modification 3:
In the present embodiment, one server SV is used. However, the present invention is not limited to this. A plurality of server SVs may be used. By using a plurality of servers SV, wireless LAN connection information can be obtained from other servers SV even if a trouble such as a failure occurs in one server SV. For this reason, the wireless terminal TE can reliably acquire the wireless LAN connection information.

B-4. Modification 4:
In this embodiment, the access point AP supports the multi-SSID function. However, the present invention is not limited to this. The access point AP may switch the value of one SSID as appropriate.

B-5. Modification 5:
Transmission in step S130, step S170, step S185, step S195, and the like in the present embodiment may be encrypted transmission using HTTPS (Hypertext transfer protocol over transport layer security). Specifically, each of the transmission source and the transmission destination may have a certificate, and encryption based on AES (Advanced Encryption Standard) using a public key and a private key may be performed. By doing so, information can be exchanged more securely.

B-6. Modification 6:
In the present embodiment, the pairing token is given to the probe response (step S160). However, the present invention is not limited to this. The pairing token may be given to the beacon. The frame configuration of the beacon is defined by the IEEE 802.11 standard, and an optional area that can be freely defined by the vendor is prepared for the frame element that configures the beacon. Therefore, the pairing token can be given to the beacon by writing the pairing token in this optional area.

  The pairing token may be given in the SSID. For example, by setting the SSID for easy setting to “ESSID-AOSS-12345”, a pairing token (“12345” part) is given to a fixed keyword part (“ESSID-AOSS” part). Also good. When a pairing token is assigned to an SSID, a pairing token may be assigned to one simple setting SSID in a multi-SSID, and in a simple connection sequence, a pairing token is temporarily assigned to an SSID. It may be changed. Any one method may be used as a method for informing a pairing token, or a plurality of methods may be combined. Compared to the case where any one method is used, the pairing token can be notified to the radio terminal TE quickly and reliably by combining a plurality of methods.

B-7. Modification 7:
In this embodiment, when the CPU 310 determines that there is no match with the pairing token received from the wireless terminal TE (step S180: Yes), the CPU 310 notifies the wireless terminal TE using the WAN interface 330. Transmit (step S182). However, the present invention is not limited to this. When the CPU 310 makes a rejection response (step S182) a plurality of times (for example, three times), the CPU 310 may discard each wireless LAN connection information stored in the storage unit 320. By doing so, safety can be ensured.

B-8. Modification 8:
In this embodiment, the address of the server SV is determined in advance, the access point AP is stored in the firmware at the time of shipment, and the wireless terminal TE is acquired when the application is downloaded. However, the present invention is not limited to this. Examples of a method for determining the address of the server SV include the following methods.

  The server SV may be selectable within the application of the wireless terminal TE. In this case, a screen for selecting the server SV is displayed on the display unit 240 before pressing the simple setting button 242 in step S110 (FIG. 5). When the user selects a specific server SV, the MAC address of the selected server SV can be notified to the access point AP by giving it to the probe request in step S110.

  Further, the firmware of the access point AP may select the server SV by the following method. The method includes (i) a method in which the access point AP collects load information of each server SV held in advance by the access point AP and selects a server SV having a low load, and (ii) a server in advance held by the access point AP. There are a method of selecting the server SV in order from the top of the list, and (iii) a method of selecting at random from each server SV held in advance by the access point AP.

  The server SV is selected by the firmware of the access point AP at the time of processing in step S120, and the access point AP can be notified to the wireless terminal TE by adding the MAC address of the selected server SV to the probe response in step S160.

  The present invention is not limited to the above-described embodiments and modifications, and can be realized with various configurations without departing from the spirit thereof. For example, the technical features in the embodiments and the modifications corresponding to the technical features in each embodiment described in the summary section of the invention are to solve some or all of the above-described problems, or In order to achieve part or all of the effects, replacement or combination can be performed as appropriate. Further, if the technical feature is not described as essential in the present specification, it can be deleted as appropriate.

20 ... Wireless communication system 110 ... CPU
DESCRIPTION OF SYMBOLS 112 ... 1st transmission part 114 ... 4th transmission part 118 ... Communication end part 119 ... Communication start part 150 ... Wireless communication interface 160 ... Simple setting button 180 ... Internal bus 202 ... Display panel 206 ... Command input part 210 ... CPU
212 ... third transmission unit 240 ... display unit 242 ... simple setting button 250 ... input unit 260 ... wireless communication interface 270 ... mobile communication interface 280 ... internal bus 310 ... control unit 312 ... second transmission unit 320 ... storage unit TE ... Wireless terminal AP ... Access point BS ... Base station SV ... Server INT ... Internet

Claims (9)

A first communication device connected to the Internet via a first communication line and having a wireless LAN client function;
A second communication device having a wireless LAN access point function and connected to the Internet via a second communication line different from the first communication line;
A wireless communication system comprising a server device connected to the Internet and connectable to the first communication device and the second communication device,
The second communication device is:
Security information including wireless LAN connection information for the first communication device to connect to the second communication device by the first wireless communication to the first communication device by the wireless LAN access point function. A first transmission unit that transmits to the server device via the second communication line,
The server device
A storage unit for storing the security information;
A second transmitter capable of transmitting the wireless LAN connection information to the first communication device via the Internet,
The security information further includes identification information of the second communication device,
The first communication device includes a third transmission unit that transmits the identification information to the server device via the first communication line,
The second transmission unit transmits the wireless LAN to the first communication device via the Internet when the identification information stored in the storage unit matches the identification information received from the first communication device. Send connection information,
The identification information is a pairing token that is a random number and a different value each time,
The second communication device includes a generation unit that generates the pairing token ,
The second communication device, wherein the second radio communication by the wireless LAN access point function, the fourth transmission unit for transmitting data including the identification information to the first communication device, Ru provided with a radio communication system. The wireless communication system according to claim 1 ,
The wireless communication system, wherein the first communication line is a mobile communication line. A wireless connection device that is connected to a server device and that can share wireless LAN connection information for first wireless communication with other communication devices,
An access point unit for realizing a wireless LAN access point function;
A connection information transmission unit for transmitting security information including the wireless LAN connection information to the server device;
A communication start unit that starts the first wireless communication with the other communication device using the wireless LAN connection information;
The security information further includes identification information of the wireless connection device,
The communication start unit is transmitted from the server device to the other communication device when the identification information transmitted to the server device matches the identification information transmitted from the other communication device to the server device. Starting the first wireless communication with the other communication device using wireless LAN connection information;
The identification information is a pairing token that is a random number and a different value each time,
A generating unit for generating the pairing token ;
A wireless connection device comprising: an identification information transmission unit configured to transmit data including the identification information to the other communication device by second wireless communication using the wireless LAN access point function . A first communication device connected to the Internet via a first communication line and having a wireless LAN client function;
A second communication device having a wireless LAN access point function and connected to the Internet via a second communication line different from the first communication line;
In a wireless communication system comprising a server device connected to the Internet and connectable to the first communication device and the second communication device, the wireless LAN access point function provides access to the first communication device. Wireless LAN connection information for connecting the first communication device to the second communication device is shared between the first communication device and the second communication device by the first wireless communication. A method,
(A) the second communication device transmitting security information including the wireless LAN connection information to the server device via the second communication line;
(B) the server device storing the security information;
(C) The server device includes a step of transmitting the wireless LAN connection information to the first communication device via the Internet,
The security information further includes identification information of the second communication device,
further,
(D) the first communication device transmitting the identification information to the server device via the first communication line,
In the step (c), when the identification information stored in the server device matches the identification information received from the first communication device, the server device transmits the first communication device via the Internet. Transmitting the wireless LAN connection information to
The identification information, the generated by the second communication device, Ri pairing token der to be each time a random number different values,
(E) the second communication device, the second wireless communication by the wireless LAN access point function, the step of transmitting the data containing the identification information to the first communication device, Ru includes a method. The method of claim 4 , further comprising:
(F) notifying the second communication device that the server device has transmitted the wireless LAN connection information to the first communication device;
(G) Before the step (f), the server device includes a step of deleting the wireless LAN connection information. The method of claim 5 , further comprising:
(H) In response to the notification in the step (f), the second communication device terminates the second wireless communication and uses the wireless LAN connection information to perform the first communication with the first communication device. Initiating wireless communication. The method according to any one of claims 4 to 6 , further comprising:
(I) The server device includes a step of deleting the wireless LAN connection information when a predetermined time has elapsed from the step (b). A computer program that is connected to the Internet via a first communication line and that is executed in a communication device having a wireless LAN client function, and that is connected to the communication device by a wireless LAN access point function of the wireless connection device. A computer program for the communication device to acquire wireless LAN connection information for the communication device to connect to the wireless connection device by wireless communication of
A function of receiving identification information of the wireless connection device by second wireless communication from the wireless connection device;
A function of transmitting the identification information to the server device connected to the Internet and connectable to the communication device and the wireless connection device via the first communication line;
A function of receiving the wireless LAN connection information from the server device via the Internet,
The identification information, the generated by the wireless connection device, a pairing token to be each time a random number different values, the computer program. A computer program according to claim 8 ,
The computer program, wherein the first communication line is a mobile communication line.

Images