JP6983703B2 - Wireless communication system, wireless communication method - Google Patents

Description

Embodiments of the present invention relate to wireless communication systems and wireless communication methods.

At sites such as factories and plants, wireless communication is useful for monitoring and maintenance of equipment at the site by constructing a wireless communication network and collecting information on wireless terminals and transmitting data from sensors that can communicate using the wireless communication network. The system is widespread. In such a system, information and data can be easily transmitted and received without boundaries, so security management is important. In particular, in order to prevent unauthorized access to the system by wireless communication of unauthorized wireless devices, it is important to perform an authentication process for confirming that the wireless terminals and sensors communicating by the constructed wireless communication network are legitimate. As a system that realizes such an authentication process, a construction support / management system that authenticates a worker with wireless devices and displays the work contents on the wireless devices is known.

In such a conventional system, the information used for authentication can be obtained by a person other than a legitimate user, and there is a problem that it can be disguised as a legitimate wireless terminal or sensor in the constructed wireless communication network. there were.

Japanese Patent Application No. 2010-234581 Japanese Patent Application No. 2000-344019

The present invention has been made to solve such a problem, and an object of the present invention is to provide a wireless communication system and a wireless communication method capable of preventing unauthorized access and authenticating with high security quality.

The wireless communication system of the embodiment includes (1) a wireless terminal, (2) a repeater, and (3) a server. The wireless terminal has a site information acquisition unit that acquires the first site information related to the site where it is located, an authentication information generation unit that generates authentication information using the first site information, and authentication information. It is provided with a first transmission unit for transmission. The repeater forms a communication area corresponding to the site, and includes a first receiving unit that receives authentication information from a wireless terminal located in the communication area. The server has a storage unit that stores a second site information related to the site where the wireless terminal should be located in advance, a site information extraction unit that extracts the first site information from the authentication information received by the repeater, and a site information extraction unit. It is provided with a comparison unit that compares the first site information extracted by the site information extraction unit with the second site information stored in the storage unit and authenticates the wireless terminal when both match.
Further, in the wireless communication method of the embodiment, a repeater is arranged so as to form a communication area at the site where the wireless terminal should be located, and the wireless terminal acquires the first site information related to the site and communicates. In the area, the wireless terminal generates authentication information based on the first site information and sends it to the repeater, and the server is associated with the site with the first site information extracted from the authentication information received by the repeater. It is characterized in that the wireless terminal is authenticated based on the second site information prepared in advance.

According to the embodiment of the present invention, it is possible to provide a wireless communication system and a wireless communication method capable of preventing unauthorized access and authenticating with high security quality.

It is a conceptual diagram which shows the outline of the wireless communication system which concerns on 1st Embodiment. It is a block diagram which shows the structure of the wireless communication system which concerns on 1st Embodiment. It is a flowchart which shows the repeater arrangement method of the wireless communication system which concerns on 1st Embodiment. It is a flowchart which shows the authentication operation of the wireless communication system which concerns on 1st Embodiment. It is a conceptual diagram which shows the outline of the wireless communication system which concerns on 2nd Embodiment. It is a flowchart which shows the authentication operation of the wireless communication system which concerns on 2nd Embodiment. It is a conceptual diagram which shows the outline of the wireless communication system which concerns on 3rd Embodiment. It is a flowchart which shows the authentication operation of the wireless communication system which concerns on 3rd Embodiment. It is a conceptual diagram which shows the outline of the wireless communication system which concerns on 4th Embodiment. It is a figure lock figure which shows the structure of the wireless communication system which concerns on 4th Embodiment. It is a flowchart which shows the authentication operation of the wireless communication system which concerns on 4th Embodiment.

(First Embodiment)
Hereinafter, the wireless communication system and the wireless communication method according to the embodiment will be described in detail with reference to the drawings. As shown in FIG. 1, the wireless communication system 1 of the first embodiment has a plurality of repeaters forming a communication area R surrounding the site F with a radio terminal 10 and / or a sensor 30 existing at the site F. It includes 20a ... 20f, a repeater 20a ... 20f, and a server 40 connected by a network NW or the like. In the wireless communication system 1 of this embodiment, the wireless terminal 10 and the sensor 30 are configured to communicate with the server 40 via the repeater 20a ... 20f at the site F where the plant equipment PT to be worked is arranged. To.

An example of the site F is a site such as various plants and factories, production and manufacturing equipment, and social infrastructure equipment such as a power plant and a water and sewage treatment facility. There are many diverse facilities at such sites, and labor saving and efficiency improvement for monitoring and maintenance of these facilities are extremely important.

The wireless terminal 10 is an information communication terminal realized by various software, and has input, calculation, communication, and display functions configured by a combination of a CPU and software. The wireless terminal 10 can be realized by, for example, a tablet terminal, a PDA (Personal Digital Assistant), a wearable device, an IC chip, a notebook computer or a small PC, a smartphone or a mobile phone, a portable or wearable electronic device, or the like. The wireless terminal 10 makes it possible to save labor and improve the efficiency of the work of the plant equipment PT at the site F, and also to manage the safety, health, work efficiency, etc. of the worker who is the user.

The sensor 30 is, for example, a terminal device including a circuit having a sensing function and a communication function related to the plant device PT, and is, for example, an IC chip. The sensor 30 is disposed in, for example, a plant equipment PT located at the site F, and acquires various information such as vibration, temperature, pressure, distance, speed, water level, and thickness as sensing targets. Various information acquired by the sensor 30 is sent to the server 40 via the repeater 20a ... 20f by the communication function, and it is possible to diagnose and predict the performance, failure and deterioration of the plant equipment PT by analyzing the measurement data. .. As the power source for driving the sensor 30, in addition to the external power source, a primary battery, a capacitor, a lead storage battery, a secondary battery such as a nickel hydrogen battery or a lithium ion battery, or the like can be applied. Further, a circuit that obtains an electromotive force from the heat, light, vibration, radiation, etc. of the environment can be applied as a power source.

In this embodiment, the wireless terminal 10 and the sensor 30 have a common wireless communication function, are authenticated by a common procedure, and are configured to communicate with the server 40 via the repeater 20a ... 20f. ..

The repeater 20a ... 20f is a wireless access point that realizes communication between the wireless terminal 10 or the sensor 30 and the server 40. The repeaters 20a ... 20f cooperate with each other to form a communication area R surrounding the site F, and communicate with the wireless terminal 10 and the sensor 30 existing in the site F. The repeater 20a ... 20f further cooperates with the server 40 to acquire the position information of the wireless terminal 10 or the sensor 30 by receiving the radio wave emitted by the wireless terminal 10 or the sensor 30 existing in the communication area R. It also has a function. As the antenna of the repeater 20a ... 20f, a highly directional antenna such as a Yagi antenna, a parabolic antenna, a Cassegrain antenna, a horn antenna, a plurality of antenna groups, an array antenna, or the like can be applied. The repeater 20a ... 20f and the antenna may be installed in a cover or a housing that transmits radio waves so as not to be distinguished from the repeater from the appearance. This is to increase the confidentiality of the entire wireless communication system.

The server 40 authenticates when communicating with the wireless terminal 10 and the sensor 30, and if the authentication is successful, the server 40 permits access to the server 40 of the wireless terminal 10 and the sensor 30. If the authentication is successful, the sensor 30 transmits the sensing result to the server 40 via the repeater 20a ... 20f, and the wireless terminal 10 is required for the work of the plant equipment PT from the server 40 via the repeater 20a ... 20f. Get various information.

The wireless terminal 10 and the sensor 30 are configured to generate authentication information using the site information that can be acquired only at the site F and send it to the server 40. On the other hand, the server 40 is configured to be able to hold or acquire site information related to site F in advance. That is, the server 40 confirmed that the wireless terminal 10 and the sensor 30 certainly existed at the site F by using the site information that the wireless terminal 10 and the sensor 30 can acquire only at the site F, and the confirmation was obtained. Only in this case, the wireless terminal 10 and the server 30 are authenticated. This makes it possible to prevent unauthorized access to the server 40 by spoofing.

(Structure of the first embodiment)
Subsequently, with reference to FIG. 2, the configuration of the wireless communication system 1 of the first embodiment will be described. As shown in FIG. 2, the wireless terminal 10 of this embodiment includes a transmission / reception unit 11, a storage unit 12, a data processing unit 13, and an authentication information generation unit 14 to which an antenna ANT is connected.

The transmission / reception unit 11 is a functional element responsible for wireless communication in which the wireless terminal 10 transmits / receives information via the antenna ANT. In order to realize communication with the repeater 20a ... 20f, the transmission / reception unit 11 may use a wireless system (wireless system) using a communication standard such as Wi-Fi (registered trademark) or Bluetooth (registered trademark). can.

The storage unit 12 is a functional element that stores various software that makes the wireless terminal 10 function, information acquired from the server 40, and the like. The storage unit 12 can be realized by, for example, a memory or a hard disk drive.

The data processing unit 13 is a functional element that adds processing to the data transmitted and received by the wireless terminal 10. Examples of the processing content carried out by the data processing unit 13 include data encryption.

The authentication information generation unit 14 is a functional element that generates authentication information used for authentication processing performed by the wireless terminal 10 prior to communicating with the server 40 via the repeater 20a ... 20f.

The site information acquisition unit 15 is a functional element that acquires site information that can be acquired only at the site F where the wireless terminal 10 and the sensor 30 exist. As the site information, for example, the position information where the wireless terminal 10 or the sensor 30 is located, the specification information of the radio wave from the repeater 20a ... 20f received by the transmission / reception unit 11 (for example, the reception strength, the frequency of the received radio wave, the reception). Examples include environmental information such as acoustic information and video information that can be acquired at the site F (such as the number of channels that could be created). These on-site information is information that can be acquired only within the area of the communication area R and only in the on-site F. The authentication information generation unit 14 generates authentication information based on the site information acquired by the site information acquisition unit 15.

Further, the wireless communication system 10 of this embodiment includes a position detection unit 16, an image interface 17 to which an image pickup device IMG is connected, and an audio interface 18 to which a speaker SP and a microphone MIC are connected.

The position detection unit 16 is a functional element that acquires position information indicating the self-position of the wireless terminal 10 or the sensor 30. The position detection unit 16 acquires position information by using, for example, a PDR system, a UWB system, GPS, or a three-point positioning method based on the radio wave intensity received by the transmission / reception unit 11.

The image interface 17 is a functional element that acquires image information acquired by the image sensor IMG. The image pickup element IMG is a camera element in the wireless terminal 10, and may acquire not only a still image but also a moving image. The image sensor IMG and the image interface 17 acquire image information of the surrounding environment. The audio interface 18 is a functional element that inputs and outputs acoustic information of the surrounding environment using a speaker SP and a microphone MIC.

The wireless terminal 10 may further include sensors capable of acquiring user's biometric information. Examples of the user's biological information include fingerprint information and retina information.

Further, as shown in FIG. 2, the server 40 of this embodiment has a transmission / reception unit 41, a storage unit 42, a data processing unit 43, an authentication information extraction unit 44, a site information management unit 45, a collation processing unit 46, and a terminal management unit. It is equipped with 47.

The transmission / reception unit 41 is a functional element for communicating with the wireless terminal 10 and the sensor 30 via the repeater 20a ... 20f connected by the network NW. The transmission / reception unit 41 controls each of the repeaters 20a ... 20f to specify the repeater used for transmission / reception, and the wireless terminal 10 or the sensor 30 is based on the strength of the received signal received by each of the repeaters 20a ... 20f. It may also have a function of positioning the position of.

The storage unit 42 is a functional element that stores software for functioning the server 40, sensing data sent from the sensor 30, information to be provided to the wireless terminal 10, and the like. The storage unit 42 can be realized by a memory, a hard disk drive, or the like, and may have a database function.

The data processing unit 43 corresponds to the data processing unit 13 in the wireless terminal 10 and the sensor 30, and has a function of performing various processing on the transmitted / received data.

The authentication information extraction unit 44 is a functional element that extracts authentication information from the reception signals from the wireless terminal 10 and the sensor 30 received by the transmission / reception unit 41.

The site information management unit 45 is a functional element that manages information that can be acquired only at the site F where the wireless terminal 10 or the sensor 30 should be located, and the information to be managed is stored in the storage unit 42. The information managed by the site information management unit 45 corresponds to the site information that can be acquired by the wireless terminal 10 or the sensor 30. For example, the frequency of radio waves transmitted from the repeaters 20a ... 20f, the channels and their numbers used for transmission, the acoustic information and video information provided at the site F, the position information and sensors of the wireless terminal 10 planned in advance. An example is the arrangement information of 30.

The site information management unit 45 may be configured to control the intensity, frequency, band, and propagation direction of the radio waves transmitted by the repeaters 20a ... 20f to adjust the size and position range of the communication area R. That is, the repeater 20a ... 20f may be remotely controlled from the site information management unit 45 of the server 40 to dynamically control the communication area R.

The collation processing unit 46 has authentication information and site information of the wireless terminal 10 and the sensor 30 received by the transmission / reception unit 41 and acquired by the authentication information extraction unit 44, and authentication information and site information based on the site information managed by the site management unit 45. It is a functional element that collates with. The collation processing unit 46 authenticates the wireless terminal 10 and the sensor 30 based on the collation result. That is, the collation processing unit 46 is based on the authentication information of the wireless terminal 10 and the sensor 30 extracted by the authentication information extraction unit 44 and the authentication information based on the site information prepared in advance in association with the site and managed by the site management unit 45. It is configured to authenticate the wireless terminal 10 and the sensor 30.

The terminal management unit 47 is a functional element that manages identification information, position information, and the like of the wireless terminal 10 and the sensor 30 that the server 40 plans to communicate with at the site F. The terminal management unit 47 may also manage the biometric information of the user of the wireless terminal 10 and the worker who installs the sensor 30.

(Operation of the first embodiment: arrangement of repeater and setting of communication area R)
Subsequently, with reference to FIG. 3, the arrangement of the repeaters 20a ... 20f and the setting method of the communication area R will be described. In the wireless communication system 1 of this embodiment, the key of authentication is that the wireless terminal 10 and the sensor 30 are located in the field F, that is, in the communication area R. Therefore, it is necessary to appropriately form the communication area R.

First, for the site F, radio wave propagation analysis is performed assuming the arrangement of the plant equipment PT and the repeater 20a ... 20f, and the range of radio waves from the repeater 20a ... 20f and the communication area R are designed (step 100). . Hereinafter referred to as "S100"). To this design, the method of simulation analysis using the design drawings of the site F and CAD data is applied so that the radio waves from each of the repeaters 20a and 20f form the communication area R corresponding to the position range of the site F. The directivity and transmission power of each antenna of the repeaters 20a and 20f are calculated.

When the design work is completed, the repeaters 20a ... 20f are arranged based on the design (S110). At this time, the antenna positions and directivity of each of the repeaters 20a and 20f are also set based on the design.

Subsequently, the radio wave specifications transmitted by each of the repeaters 20a ... 20f are provisionally set (S120) based on the transmission power and antenna directivity of the repeaters 20a ... 20f calculated in step 100, and temporarily set. Radio waves are emitted from the repeater 20a ... 20f according to the radio wave specifications (S130). Temporary setting of radio wave specifications and emission of radio waves can be performed by remotely controlling the repeaters 20a ... 20f from the terminal management unit 47 of the server 40.

The transmission / reception unit 41 receives the radio waves transmitted by the repeaters 20a ... 20f via the other repeaters 20a ... 20f. The terminal management unit 47 measures the strength of the received radio wave based on the received signals of the repeaters 20a and 20f received by the transmitting / receiving unit 41 (S140).

The terminal management unit 47 calculates the propagation range of the transmitted radio wave of each of the repeaters 20a ... 20f based on the received radio wave strength of each of the measured repeaters 20a ... 20f (S150).

The terminal management unit 47 compares the propagation range of the transmitted radio waves of each of the calculated repeaters 20a and 20f with the communication area R designed in step 100, and when the propagation range and the designed communication area R match ( Yes) of S160, the specifications of the transmitted radio waves of the repeater 20a ... 20f are set as fixed values in the repeater 20a ... 20f (S170).

If the propagation range and the designed communication area R do not match (No in S160), the radio wave specifications transmitted by the repeater 20a ... 20f are temporarily set again, and radio wave emission, radio wave measurement, and comparison are repeated (S120 to S150). ).

By these operations, the communication area R of the wireless communication system 1 according to the embodiment can be matched with the field F. The processes from steps 120 to 170 may be dynamically performed while the wireless communication system 1 is in operation. According to the wireless communication system of this embodiment, since the communication area R by the repeater 20a ... 20f is matched with the site F, it is possible to prevent the leakage of the communication radio wave.

(Operation of the first embodiment: Authentication process)
Subsequently, the operation of the authentication process in the wireless communication system 1 of the first embodiment will be described with reference to FIG. In this embodiment, the position information of the wireless terminal 10 and the sensor 30 is used as the site information.

The wireless terminal 10 is carried by the user at the storage location, and the sensor 30 is also transported from the storage location or the shipping source, but does not hold the authentication information at this point. Hereinafter, a case where the user brings the wireless terminal 10 to the site F will be described as an example.

When the wireless terminal 10 is brought into the site F and enters the area of the communication area R, the site information acquisition unit 15 uses the position detection unit 16 to obtain position information indicating the self-position of the wireless terminal 10 as the first site information. (S200). At this time, the site information acquisition unit 15 may also acquire the biometric information of the user.

The authentication information generation unit 14 concatenates and encrypts the location information and biometric information acquired by the site information acquisition unit 15 and the encryption key, and generates the authentication information (S210). The data processing unit 13 concatenates the authentication information to the transmission data by a preset method. As a concatenation method, for example, there is a method of concatenating data to a higher digit or a lower digit. Match the decimal notation of the data. It is also encrypted as needed. The encryption key is distributed at the site F by a method such as a secret sharing method or a public key cryptosystem, and is shared among the wireless terminal 10, the sensor 30, the repeater 20a ... 20f, and the server 40.

The transmission / reception unit 11 transmits the authentication information generated by the authentication information generation unit 14 via the antenna ANT (S220).

The transmission signal transmitted by the transmission / reception unit 11 of the wireless terminal 10 is received by the transmission / reception unit 41 via the repeater 20a ... 20f (S230).

The authentication information extraction unit 44 decodes the received signal received by the transmission / reception unit 41 to extract the authentication information and the biometric information (S240).

After the transmission / reception unit 41 receives the transmission signal from the wireless terminal 10, the site information management unit 45 remotely controls the repeaters 20a ... 20f, and the repeaters 20a ... 20f receive from the wireless terminals 10 respectively. The position of the wireless terminal 10 is acquired as the second site information by the three-point positioning method using the position information of each of the repeaters 20a and 20f managed by the terminal management unit 47 and the measured radio wave strength. (S250).

The collation processing unit 46 has the location information of the first site information wireless terminal 10 obtained from the authentication information extracted by the authentication information extraction unit 44 and the second site information wireless terminal specified by the site information management unit 45. It is compared and collated with the position information of 10 (S260).

As a result of comparison and collation, when the first site information and the second site information match (Yes in S270), the collation processing unit 46 authenticates the wireless terminal 10 as a terminal located at the site F, and the transmission / reception unit 41. Transmits the access permission information to the wireless terminal 10 (S280).

In addition to the comparison and collation of the first and second site information, the collation processing unit 46 includes biometric information included in the authentication information extracted by the authentication information extraction unit 44 and a wireless terminal managed by the terminal management unit 47. It may be further collated with the user information of 10. That is, the user who operates the wireless terminal 10 may further determine whether the access to the server 40 is permitted at the site F, and comprehensively authenticate the wireless terminal 10.

Further, the collation processing unit 46, in addition to the comparison and collation of the first and second field information and the comparison and collation of the biological information, the identification information of the wireless terminal 10 included in the received signal received by the transmission / reception unit 41 and the terminal. The information of the wireless terminal 10 held by the management unit 47 may be further collated. That is, it may be further determined whether the wireless terminal 10 is a terminal permitted to access the server 40 at the site F, and the wireless terminal 10 may be comprehensively authenticated.

When the transmission / reception unit 11 of the wireless terminal 10 receives the access permission information, the transmission / reception unit 11 accesses the server 40, acquires the information stored in the storage unit 42, and stores the information in its own storage unit 12 (S290).

As a result of comparison and collation, when the position information of the wireless terminal 10 obtained from the authentication information and the position information of the wireless terminal 10 specified by the site information management unit 45 do not match (No of S270), the state of waiting for receiving the authentication information is displayed. Becomes (S230).

Here, an example in which the server 40 authenticates the wireless terminal 10 has been described, but when the server 40 authenticates the sensor 30, it can be authenticated by the same operation.

In the wireless communication system of this embodiment, since the wireless terminal or the sensor cannot acquire the formal authentication information unless it is located at the site F, it is possible to prevent the leakage of the authentication information from the wireless terminal or the sensor. Then, by using wireless communication limited to the communication area R and using the position information of the wireless terminal or sensor, authentication information can be shared between the wireless terminal or sensor and the server without performing wireless communication, which is high. Authentication processing can be realized with security.

(Second embodiment)
Subsequently, with reference to FIG. 5, the wireless communication system 2 according to the second embodiment will be described in detail. The wireless communication system 2 of the second embodiment generates authentication information using ambient light around the wireless terminal 10 and the sensor 30 as field information in the wireless communication system 1 of the first embodiment. In the following description, functional elements common to the first embodiment are designated by a common reference numeral, and duplicate description will be omitted.

As shown in FIG. 5, the wireless communication system 2 of the second embodiment has a plurality of repeaters forming a communication area R surrounding the site F with the radio terminal 10 and / or the sensor 30 existing at the site F. It includes 20a ... 20f, a repeater 20a ... 20f, and a server 40 connected by a network NW or the like. The functional configurations of the wireless terminal 10, the sensor 30, the repeater 20a ... 20f, and the server 40 are the same as the functional configurations of the wireless terminal, the sensor, the repeater, and the server in the first embodiment. Here, at the site F where the plant equipment PT is arranged, an illumination LT that emits light having a predetermined frequency characteristic is arranged as the first site information, and this frequency characteristic is the storage unit 42 of the server 40. It is also stored in advance as the second site information.

(Operation of the second embodiment: Authentication process)
The authentication process will be described with reference to FIG. When the wireless terminal 10 is brought into the site F and enters the area of the communication area R, the site information acquisition unit 15 acquires the ambient light around the wireless terminal 10 from the image sensor IMG via the image interface 17 (S201). ).

Since the image sensor IMG detects the light from the illumination LT in addition to the ambient light as the ambient light around the wireless terminal 10, the site information acquisition unit 15 acquires the frequency characteristics of the light emitted by the illumination LT. Can be done (S202). At this time, the site information acquisition unit 15 may also acquire the biometric information of the user.

The authentication information generation unit 14 concatenates and encrypts the frequency characteristic information and the biometric information as the first site information of the lighting LT acquired by the site information acquisition unit 15, and the encryption key to generate the authentication information (S210).

The transmission / reception unit 11 transmits the authentication information generated by the authentication information generation unit 14 via the antenna ANT (S220).

The transmission signal transmitted by the transmission / reception unit 11 of the wireless terminal 10 is received by the transmission / reception unit 41 via the repeater 20a ... 20f (S230).

The authentication information extraction unit 44 decodes the received signal received by the transmission / reception unit 41 to extract the authentication information and the biometric information (S240).

After the transmission / reception unit 41 receives the transmission signal from the wireless terminal 10, the site information management unit 45 acquires the frequency characteristic information of the light emitted by the illumination LT stored in advance in the storage unit 42 as the second site information. (S255).

The collation processing unit 46 includes the frequency characteristic information of the lighting LT, which is the first site information obtained from the authentication information extracted by the authentication information extraction unit 44, and the lighting LT, which is the second site information acquired by the site information management unit 45. It is compared and collated with the frequency characteristic information of (S260).

As a result of comparison and collation, when the first site information and the second site information match (Yes in S270), the collation processing unit 46 authenticates the wireless terminal 10 as a terminal located at the site F, and the transmission / reception unit 41. Transmits the access permission information to the wireless terminal 10 (S280).

In addition to the comparison and collation of the first and second site information, the collation processing unit 46 includes biometric information included in the authentication information extracted by the authentication information extraction unit 44 and a wireless terminal managed by the terminal management unit 47. It may be further collated with the user information of 10. That is, the user who operates the wireless terminal 10 may further determine whether the access to the server 40 is permitted at the site F, and comprehensively authenticate the wireless terminal 10.

Further, the collation processing unit 46, in addition to the comparison and collation of the first and second field information and the comparison and collation of the biological information, the identification information of the wireless terminal 10 included in the received signal received by the transmission / reception unit 41 and the terminal. The information of the wireless terminal 10 held by the management unit 47 may be further collated. That is, it may be further determined whether the wireless terminal 10 is a terminal permitted to access the server 40 at the site F, and the wireless terminal 10 may be comprehensively authenticated.

When the transmission / reception unit 11 of the wireless terminal 10 receives the access permission information, the transmission / reception unit 11 accesses the server 40, acquires the information stored in the storage unit 42, and stores the information in its own storage unit 12 (S290).

As a result of comparison and collation, if the first site information and the second site information do not match (No in S270), the authentication information is in a waiting state for reception (S230).

Here, an example in which the server 40 authenticates the wireless terminal 10 has been described, but when the server 40 authenticates the sensor 30, it can be authenticated by the same operation.

In the above example, the illumination LT is arranged at the site F, and the frequency characteristic information of the light emitted by the illumination LT is used as the first site information, but the present invention is not limited to this. Authentication information may be generated using the intensity of light emitted by the illumination LT, the lighting cycle, and the temporal or spatial pattern.

Further, instead of the illumination LT, a speaker may be arranged at the site F to radiate an acoustic signal having predetermined acoustic characteristics. In this case, the site information is the intensity of the acoustic signal output from the speaker, the scale or rhythm, the temporal or spatial pattern, and the like. The on-site information acquisition unit 15 of the wireless terminal 10 or the sensor 30 can acquire an acoustic signal that can be detected around the on-site F from the microphone MIC via the audio interface 18, and can acquire the acoustic characteristics as the on-site information.

Further, instead of the lighting LT and the speaker, the magnetic information generated by the plant equipment PT may be used as the site information. In this case, a geomagnetic sensor or the like can be used as the site information acquisition unit 15 of the wireless terminal 10.

According to the wireless communication system of this embodiment, it is possible to realize authentication of wireless terminals and sensors used in the field with higher security by using the field information such as lighting and sound that can be acquired only in the field F. Can be done.

(Third embodiment)
Subsequently, with reference to FIG. 7, the wireless communication system 3 according to the third embodiment will be described in detail. The wireless communication system 3 of the third embodiment generates authentication information using image information that can be acquired at the site F as the site information in the wireless communication system 2 of the second embodiment. In the following description, functional elements common to the second embodiment are designated by a common reference numeral, and duplicate description will be omitted.

As shown in FIG. 7, the wireless communication system 3 of the third embodiment has a plurality of repeaters forming a communication region R surrounding the site F with the radio terminal 10 and / or the sensor 30 existing at the site F. It includes 20a ... 20f, a repeater 20a ... 20f, and a server 40 connected by a network NW or the like. The functional configurations of the wireless terminal 10, the sensor 30, the repeater 20a ... 20f, and the server 40 are the same as the functional configurations of the wireless terminal, the sensor, the repeater, and the server in the second embodiment. Here, at the site F where the plant equipment PT is arranged, a marker MK is posted as the first site information in the designated area of the site F, and the image information related to the marker MK is stored in the storage unit 42 of the server 40. It is stored in advance as the second site information. The marker MK can be, for example, a bar code, a QR code (registered trademark), a number symbol, a number string, a character string, or the like attached to a plant equipment PT or the like. Further, the image information of the work target device itself such as the plant device PT may be used as the marker MK.

(Operation of the third embodiment: Authentication process)
The authentication process will be described with reference to FIG. When the wireless terminal 10 is brought into the site F and enters the area of the communication area R and the user performs a predetermined operation, the site information acquisition unit 15 receives image information including the marker MK from the image sensor IMG via the image interface 17. (S203).

Since the image information acquired by the image sensor IMG includes the image information of the marker MK, the site information acquisition unit 15 acquires the image information of the marker MK posted on the site F as the first site information. Can be done (S204). At this time, the site information acquisition unit 15 may also acquire the biometric information of the user.

The authentication information generation unit 14 concatenates and encrypts the image information and biometric information of the marker MK acquired by the site information acquisition unit 15 and the encryption key, and generates the authentication information (S210).

The transmission / reception unit 11 transmits the authentication information generated by the authentication information generation unit 14 via the antenna ANT (S220).

The transmission signal transmitted by the transmission / reception unit 11 of the wireless terminal 10 is received by the transmission / reception unit 41 via the repeater 20a ... 20f (S230).

The authentication information extraction unit 44 decodes the received signal received by the transmission / reception unit 41 to extract the authentication information and the biometric information (S240).

After the transmission / reception unit 41 receives the transmission signal from the wireless terminal 10, the site information management unit 45 acquires the image information of the marker MK posted in the site F in advance in the storage unit 42 as the second site information. (S255).

The collation processing unit 46 has an image information of the marker MK, which is the first site information obtained from the authentication information extracted by the authentication information extraction unit 44, and an image of the marker MK, which is the second site information acquired by the site information management unit 45. The information is compared and collated (S260).

As a result of comparison and collation, when the first site information and the second site information match (Yes in S270), the collation processing unit 46 authenticates the wireless terminal 10 as a terminal located at the site F, and the transmission / reception unit 41. Transmits the access permission information to the wireless terminal 10 (S280).

In addition to the comparison and collation of the first and second site information, the collation processing unit 46 includes biometric information included in the authentication information extracted by the authentication information extraction unit 44 and a wireless terminal managed by the terminal management unit 47. It may be further collated with the user information of 10. That is, the user who operates the wireless terminal 10 may further determine whether the access to the server 40 is permitted at the site F, and comprehensively authenticate the wireless terminal 10.

Further, the collation processing unit 46, in addition to the comparison and collation of the first and second field information and the comparison and collation of the biological information, the identification information of the wireless terminal 10 included in the received signal received by the transmission / reception unit 41 and the terminal. The information of the wireless terminal 10 held by the management unit 47 may be further collated. That is, it may be further determined whether the wireless terminal 10 is a terminal permitted to access the server 40 at the site F, and the wireless terminal 10 may be comprehensively authenticated.

When the transmission / reception unit 11 of the wireless terminal 10 receives the access permission information, the transmission / reception unit 11 accesses the server 40, acquires the information stored in the storage unit 42, and stores the information in its own storage unit 12 (S290).

As a result of comparison and collation, if the first site information and the second site information do not match (No in S270), the authentication information is in a waiting state for reception (S230).

Here, an example in which the server 40 authenticates the wireless terminal 10 has been described, but when the server 40 authenticates the sensor 30, it can be authenticated by the same operation. Further, the image information as the site information in this embodiment may be a two-dimensional image (2D image) or a three-dimensional image (3D image).

In the wireless communication system of this embodiment, the authentication information is generated by using the marker MK that can be acquired only visually at the site F, so that it is possible to prevent unauthorized acquisition of the site information at a location other than the site F. can.

(Fourth Embodiment)
Subsequently, with reference to FIGS. 9 and 10, the wireless communication system 4 according to the fourth embodiment will be described in detail. The wireless terminals 10a, sensors 30a, and repeaters 25a ... 25f in the wireless communication system 4 of the fourth embodiment are compared with the wireless terminals 10 and sensors 30 and repeaters 20a ... 20f of the first to third embodiments. The difference is that they are provided with a plurality of wireless systems, that is, they are configured to enable wireless communication using a plurality of wireless systems. In the following description, functional elements common to the first to third embodiments are designated by a common reference numeral, and duplicate description will be omitted.

The wireless terminal 10a and the sensor 30a of the fourth embodiment replace the transmission / reception unit 11 in the wireless terminals 10 and the sensor 30 of the first to third embodiments with the first transmission / reception unit 11a and the second transmission / reception unit 11b. have. The first transmission / reception unit 11a is a functional element mainly responsible for wireless communication for transmitting / receiving information used by the user. On the other hand, the second transmission / reception unit 11b is a functional element that mainly carries out wireless communication for authentication at a short distance using a wireless system (wireless method) different from that of the second transmission / reception unit 11b.

That is, the first transmission / reception unit 11a is realized by a first wireless system (wireless system) suitable for large-capacity communication such as Wi-Fi (registered trademark), and the second transmission / reception unit 11b is, for example, Bluetooth. A second wireless system suitable for short-range communication such as (registered trademark), 920 MHz band communication system, ISO / IEC 14443 Type A, ISO / IEC 14443 Type B, FeliCa (registered trademark), NFC (Near Field Communication), etc. It is realized by wireless method). The second wireless system (wireless system) may change the channel according to the radio wave frequency of time and environment. When a proximity communication system is used as the second wireless system, the communication range can be set to non-contact communication of about several centimeters, and since the range of radio waves is extremely narrow, radio wave leakage and information leakage can be suppressed. The first and second wireless systems (wireless systems) may include a non-contact communication system that uses radio waves as described above, as well as a non-contact communication system that communicates using light or sound waves.

The repeater 25a ... 25f is a wireless access point that realizes wireless communication with the wireless terminal 10a and the sensor 30a. Unlike the first to third embodiments, the repeater 25a ... 25f of this embodiment has two types of radios corresponding to the first transmission / reception unit 11a and the second transmission / reception unit 11b of the wireless terminal 10a and the sensor 30a. A system, that is, a first wireless system suitable for large-capacity communication and a second wireless system suitable for close-range communication are provided, respectively, and wireless communication is performed using the first wireless system and the second wireless system. Is configured to be possible.

The server 40a of the fourth embodiment includes a transmission / reception unit 41a. Unlike the transmission / reception unit 41 of the first to third embodiments, the transmission / reception unit 41a has a transmission / reception function corresponding to the two wireless systems included in the repeaters 25a ... 25f.

In the wireless communication system 4 of the fourth embodiment, the wireless terminal 10a and / or the sensor 30a existing at the site F receive and receive the radio wave of the first wireless system from the repeater 25a ... 25f. The radio wave information such as the frequency and the number of channels of the radio wave of the repeater 25a ... 25f is acquired, and the authentication information is generated based on the radio wave information. The generated authentication information is transmitted to the repeater 25a ... 25f using the radio wave of the second wireless system different from the first wireless system, and the server 40a is transmitted by the repeater 25a ... 25f held in advance. The authentication process is performed using the radio wave specifications of the first wireless system.

(Operation of the fourth embodiment: Authentication process)
The authentication process will be described with reference to FIG. When the wireless terminal 10a is brought into the field F and enters the area of the communication area R, the first transmission / reception unit 11a receives the radio wave of the first wireless system from the repeater 25a ... 25f (S205). The site information acquisition unit 15 generates the first site information based on the specification information of the radio waves of the first wireless system that the first transmission / reception unit 11a could receive. Here, examples of the radio wave specification information include the frequency band of the radio wave and the number of channels.

The authentication information generation unit 14 concatenates and encrypts the first site information and biometric information based on the received radio wave of the first radio system generated by the site information acquisition unit 15 and the encryption key, and generates the authentication information (S210). ).

The second transmission / reception unit 11b transmits the authentication information generated by the authentication information generation unit 14 by the second wireless system via the antenna ANT (S225).

The transmission signal transmitted by the second transmission / reception unit 11b of the wireless terminal 10a is received by the transmission / reception unit 41a via the repeater 25a ... 25f (S235).

The authentication information extraction unit 44 decodes the received signal received by the transmission / reception unit 41a to extract the authentication information and the biometric information (S240).

After the transmission / reception unit 41a receives the transmission signal from the wireless terminal 10a by the second wireless system, the site information management unit 45 receives the second site information from the storage unit 42 to the first repeater 25a ... 25f. Acquires the specification information of the radio wave transmitted by the wireless system (S255).

The collation processing unit 46 has the first site information acquired from the wireless terminal 10a via the second radio system obtained from the authentication information extracted by the authentication information extraction unit 44, and the second site information acquired by the site information management unit 45. It is compared and collated with the specification information of the radio wave, which is the site information of the above (S260).

As a result of comparison and collation, when the first site information and the second site information match (Yes in S270), the collation processing unit 46 authenticates the wireless terminal 10a as a terminal located at the site F, and the transmission / reception unit 41a. Transmits the access permission information to the wireless terminal 10 by the second wireless system (S280).

In addition to the comparison and collation of the first and second site information, the collation processing unit 46 includes biometric information included in the authentication information extracted by the authentication information extraction unit 44 and a wireless terminal managed by the terminal management unit 47. It may be further collated with the user information of 10a. That is, the user who operates the wireless terminal 10a may further determine whether the access to the server 40a is permitted at the site F, and comprehensively authenticate the wireless terminal 10a.

Further, the collation processing unit 46, in addition to the comparison and collation of the first and second field information and the comparison and collation of the biological information, the wireless terminal 10a included in the received signal received by the transmission / reception unit 41a by the second wireless system. The identification information of the above may be further collated with the information of the wireless terminal 10a held by the terminal management unit 47. That is, it may be further determined whether the wireless terminal 10a is a terminal permitted to access the server 40a at the site F, and the wireless terminal 10a may be comprehensively authenticated.

When the second transmission / reception unit 11b of the wireless terminal 10a receives the access permission information, the first transmission / reception unit 11a accesses the server 40a, acquires the information stored in the storage unit 42, and stores it in its own storage unit 12. (S290).

As a result of comparison and collation, when the first site information and the second site information do not match (No in S270), the second wireless system waits for the reception of the authentication information (S235).

Here, an example in which the server 40a authenticates the wireless terminal 10a has been described, but when the server 40a authenticates the sensor 30a, the authentication can be performed by the same operation.

In the wireless communication system of this embodiment, a system suitable for proximity communication different from the first wireless system (wireless system) is used as the second wireless system (wireless system), but the system is not limited thereto. That is, as the second wireless system, a communication system using optical communication or acoustic communication may be applied. As an example of optical communication, communication using light of any wavelength from the infrared region to the visible region can be mentioned. In this case, there is almost no communication leakage to the intended purpose due to the straightness of the light. As the second transmission / reception unit 11b, an LED element, an LD element, a semiconductor laser, an optical element such as a light bulb or a fluorescent lamp can be applied. Examples of the light receiving device include various PDs and pyroelectric elements. As acoustic communication, transmission / reception can be performed using the speaker SP and the microphone MIC, and a system can be constructed at low cost.

Further, in the wireless communication system of this embodiment, a completely different type of system (for example, different communication standards such as WiFi (registered trademark) and Bluetooth (registered trademark)) as the first and second wireless systems (wireless systems) will be described as an example. However, it is not limited to this. For example, the first and second wireless systems are the same type of system (for example, WiFi (registered trademark) is applied, and as the first wireless system suitable for large-capacity communication, the 2.4 GHz band with a long propagation distance, suitable for proximity communication. A 5 GHz band with a short propagation distance may be adopted as the second wireless system. That is, the first and second wireless systems (wireless systems) differ in at least a part of their respective communication protocols and are mutual. Two types of wireless systems (wireless systems) that are not expected to communicate between wireless systems (wireless systems) can be freely selected and set.

According to the wireless communication system of this embodiment, since a communication system suitable for proximity communication is used for transmission from the wireless terminal 10a or sensor 30a to the repeater 25a ... 25f, leakage of authentication information can be prevented and security is improved. can do. Further, since the authentication information is generated based on the radio waves received from the repeaters 25a ... 25f at the site F, the site information that can be acquired only at the site F can be easily generated. As a result, unauthorized access to the wireless communication system by wireless devices can be prevented, and legitimate wireless terminals and sensors can be authenticated with high security in the field.

Further, by using optical communication having high straightness and acoustic communication having a short reach as the second wireless system, it is possible to prevent leakage of authentication information and improve security. As a result, unauthorized access to the wireless communication system by wireless devices can be prevented, and legitimate wireless terminals and sensors can be authenticated with high security in the field.

(Fifth Embodiment)
Subsequently, the wireless communication system according to the fifth embodiment will be described in detail. The wireless communication system of the fifth embodiment further includes an authentication process using the calculated value H of the one-way function in the wireless communication system of the first to fourth embodiments. In the following description, functional elements common to the first to fourth embodiments are designated by a common reference numeral, and duplicate description will be omitted.

(Operation of the fifth embodiment: Authentication process)
An example in which the operation of the one-way function is applied to the wireless communication system 1 of the first embodiment will be described with reference to FIG.

When the wireless terminal 10 is brought into the site F and enters the area of the communication area R, the site information acquisition unit 15 uses the position detection unit 16 to obtain position information indicating the self-position of the wireless terminal 10 as the first site information. (S200). At this time, the site information acquisition unit 15 may also acquire the biometric information of the user.

The authentication information generation unit 14 concatenates and encrypts the location information and the biometric information, which is the first site information acquired by the site information acquisition unit 15, and the encryption key, and generates the authentication information (S210). Here, the data processing unit 13 calculates the calculated value H by performing a one-way function calculation using the authentication information as a parameter, and concatenates it to the transmission data together with the authentication information.

The transmission / reception unit 11 transmits the authentication information generated by the authentication information generation unit 14 via the antenna ANT (S220).

The transmission signal transmitted by the transmission / reception unit 11 of the wireless terminal 10 is received by the transmission / reception unit 41 via the repeater 20a ... 20f (S230).

The authentication information extraction unit 44 decodes the received signal received by the transmission / reception unit 41 to extract the authentication information, the calculated value H, and the biological information (S240).

After the transmission / reception unit 41 receives the transmission signal from the wireless terminal 10, the site information management unit 45 remotely controls the repeaters 20a ... 20f, and the repeaters 20a ... 20f receive from the wireless terminals 10 respectively. The position of the wireless terminal 10 is acquired as the second site information by the three-point positioning method using the position information of each of the repeaters 20a and 20f managed by the terminal management unit 47 and the measured radio wave strength. (S250). At this time, the data processing unit 43 calculates the one-way function using the acquired position information of the wireless terminal 10 as a parameter, and calculates the calculated value H'.

The collation processing unit 46 has the location information of the first site information wireless terminal 10 obtained from the authentication information extracted by the authentication information extraction unit 44 and the second site information wireless terminal 10 specified by the site information management unit 45. (S260). At the same time, the collation processing unit 46 compares and collates the calculated value H extracted by the authentication information extraction unit 44 with the calculated value H'calculated by the data processing unit 43.

As a result of comparison and collation, when the first site information and the second site information match (Yes in S270), the collation processing unit 46 authenticates the wireless terminal 10 as a terminal located at the site F, and the transmission / reception unit 41. Transmits the access permission information to the wireless terminal 10 (S280). Further, if the calculated value H and the calculated value H'match, it is confirmed that the sent authentication information has not been tampered with.

In addition, the collation processing unit 46 compares and collates the first and second site information with each other, and also includes the biometric information included in the authentication information extracted by the authentication information extraction unit 44 and the wireless terminal managed by the terminal management unit 47. It may be further collated with the user information of 10. That is, the user who operates the wireless terminal 10 may further determine whether the access to the server 40 is permitted at the site F, and comprehensively authenticate the wireless terminal 10.

Further, the collation processing unit 46, in addition to the comparison and collation of the first and second field information and the comparison and collation of the biological information, the identification information of the wireless terminal 10 included in the received signal received by the transmission / reception unit 41 and the terminal. The information of the wireless terminal 10 held by the management unit 47 may be further collated. That is, it may be further determined whether the wireless terminal 10 is a terminal permitted to access the server 40 at the site F, and the wireless terminal 10 may be comprehensively authenticated.

When the transmission / reception unit 11 of the wireless terminal 10 receives the access permission information, the transmission / reception unit 11 accesses the server 40, acquires the information stored in the storage unit 42, and stores the information in its own storage unit 12 (S290).

As a result of comparison and collation, if the first site information and the second site information do not match (No in S270), the authentication information is in a waiting state for reception (S230).

Here, an example in which the server 40 authenticates the wireless terminal 10 has been described, but when the server 40 authenticates the sensor 30, it can be authenticated by the same operation.

According to the wireless communication system of this embodiment, since the wireless terminal and the sensor are authenticated using a one-way function that makes it difficult to back-calculate the argument including the authentication information, spoofing is prevented and unauthorized access to the wireless communication system by wireless devices is performed. Can be prevented.

With the wireless communication system and wireless communication method described above, the worker can download procedure manuals, books, and various sheets necessary for work and support such as inspection and maintenance from the network through the wireless terminal. Furthermore, work results and records can be uploaded to the network via wireless terminals. As for the sensor, the measurement data of the target equipment can be transmitted at regular time intervals, and it is possible to diagnose and predict the performance, failure and deterioration. At this time, the authentication information can be determined for each communication or at regular time intervals. At regular time intervals, the authentication information for each communication is biometric information, unique code, location information, site information that is limited to site F such as lighting and sound, and one or any combination of encryption keys. By doing so, the processing time in the wireless terminal or the server can be shortened.

Further, the data transmitted from the wireless terminal or the sensor may be configured to be erased after being wirelessly transmitted to any of the repeaters. In particular, in order to prevent the data in the wireless terminal from being accidentally erased, it is desirable to periodically display the data transmission.

Although some embodiments of the present invention have been described, these embodiments are presented as examples and are not intended to limit the scope of the invention. These novel embodiments can be implemented in various other embodiments, and various omissions, replacements, and changes can be made without departing from the gist of the invention. These embodiments and modifications thereof are included in the scope and gist of the invention, and are also included in the scope of the invention described in the claims and the equivalent scope thereof.

1 ... Wireless communication system, 10 ... Wireless terminal, 20a ... 20f ... Repeater, 30 ... Sensor, 40 ... Server, F ... Site, R ... Communication area.

Claims (3)

(1) Site information acquisition department that acquires its own location information as the first site information,
A wireless terminal provided with an authentication information generation unit that generates authentication information using the first site information, and a first transmission unit that transmits the authentication information.
(2) A repeater provided with a first receiving unit that forms a communication area corresponding to the site where the wireless terminal is located and receives the authentication information from the wireless terminal located in the communication area.
(3) A positioning unit that acquires the position of the wireless terminal as second site information based on the radio wave intensity of the wireless terminal received by the repeater.
A site information extraction unit that extracts the first site information from the authentication information received by the repeater.
A server provided with a comparison unit that compares the first site information extracted by the site information extraction unit with the second site information acquired by the positioning unit and authenticates the wireless terminal when both match. A wireless communication system having and. (1) Site information acquisition department that acquires the first site information related to the site where you are located,
A wireless terminal provided with an authentication information generation unit that generates authentication information using the first site information, and a first transmission unit that transmits the authentication information.
(2) A repeater having a first receiving unit that forms a communication area corresponding to the site and receives the authentication information from the wireless terminal located in the communication area.
(3) A storage unit that stores in advance a second site information related to the site where the wireless terminal should be located.
A site information extraction unit that extracts the first site information from the authentication information received by the repeater.
A server provided with a comparison unit that compares the first site information extracted by the site information extraction unit with the second site information stored in the storage unit and authenticates the wireless terminal when both match. ,
(4) It has a signal radiator that is arranged at the site where the wireless terminal should be located and emits an optical signal that can be received at the site.
The site information acquisition unit acquires the optical signal as the first site information,
A wireless communication system characterized in that the storage unit previously stores information indicating the optical signal radiated by the signal radiator as the second field information. A repeater is placed so as to form a communication area at the site where the wireless terminal should be located.
The wireless terminal acquires its own location information as the first site information,
In the communication area, the wireless terminal generates authentication information based on the first site information and transmits it to the repeater.
The server acquires the position of the wireless terminal as the second site information based on the radio field strength of the wireless terminal received by the repeater.
A wireless communication method, wherein the server authenticates the wireless terminal based on the first site information extracted from the authentication information received by the repeater and the acquired second site information.

Images