JP7413196B2 - Communications system - Google Patents

Description

The present invention relates to a communication system and a terminal device.

Patent Document 1 (International Publication No. 2017/110969) describes a beacon device that transmits information encrypted using a common key generated by a server, and a beacon device that receives the information and uses a common key generated by the server. A communication system is disclosed that includes a receiving device that decodes information. In this communication system, in order to ensure security, the server generates a new common key at a predetermined timing and updates the common key used in the communication system (see Patent Document 1).

International Publication 2017/110969

Here, when the server updates the common key, there is a possibility that the update timing of the common key is different between the beacon device and the receiving device. In this case, since the beacon device and the receiving device have different common keys, the receiving device cannot decode the information received from the beacon device. Therefore, information may be missing until the common keys of both the beacon device and the receiving device are updated.

For example, it is conceivable that the receiving device has a plurality of common keys without deleting past common keys, and the receiving device attempts to decrypt information received from the beacon device using the plurality of common keys. However, in this case, a delay in data processing may occur.

The present invention has been made to solve the above problems, and its purpose is to provide a communication system that can suppress delays in data processing while improving security.

A communication system according to the present invention is a communication system that uses a common key to encrypt and decrypt information that is transmitted and received. This communication system includes a first device that transmits advertisement packets, a second device that receives advertisement packets, and a third device that generates a new common key and updates the common key of the communication system. The advertising packet includes an encrypted area where encrypted information is stored and a non-encrypted area where unencrypted information is stored. The first device encrypts predetermined information using a common key, stores the encrypted predetermined information in an encrypted area of an advertising packet, and encrypts the common key used to encrypt the predetermined information. Store version information in the unencrypted area of the advertisement packet. Upon receiving the advertisement packet, the second device decrypts the encrypted predetermined information using the common key specified by the version information stored in the received advertisement packet.

According to the present invention, it is possible to suppress delays in data processing while improving security.

1 is a diagram schematically showing the overall configuration of a communication system according to Embodiment 1. FIG. It is a figure for explaining the update of the common key of a beacon device and a receiving device. 1 is a block diagram showing the configuration of a beacon device according to Embodiment 1. FIG. 1 is a block diagram showing the configuration of a receiving device according to Embodiment 1. FIG. 1 is a block diagram showing the configuration of a first management device according to Embodiment 1. FIG. FIG. 3 is a diagram for explaining an example of an update management table. It is a flowchart which shows the procedure of encryption and decryption of biometric information. 3 is a flowchart showing a procedure for updating a common key executed by a receiving device and a first management device. It is a flowchart which shows the procedure of updating a common key performed by a beacon device and a 1st management device. 2 is a diagram schematically showing the overall configuration of a communication system according to Embodiment 2. FIG. It is a figure for explaining the update of the common key of a beacon device. FIG. 2 is a block diagram showing the configuration of a beacon device according to a second embodiment. FIG. 2 is a block diagram showing the configuration of a receiving device according to Embodiment 2. FIG. FIG. 2 is a block diagram showing the configuration of a first management device according to Embodiment 2. FIG. It is a flowchart which shows the procedure of encryption and decryption of biometric information. 3 is a flowchart showing a procedure for updating a common key executed by a receiving device and a first management device. It is a flowchart which shows the procedure of updating a common key performed by a beacon device, a receiving device, and a 1st management device. FIG. 7 is a diagram for explaining updating of a common key of a beacon device according to modification 2. FIG.

Embodiments of the present invention will be described in detail below with reference to the drawings. Note that the same or corresponding parts in the figures are designated by the same reference numerals, and the description thereof will not be repeated in principle.

[Embodiment 1]
<Overall configuration of communication system>
FIG. 1 is a diagram schematically showing the overall configuration of a communication system 1 according to the first embodiment. Below, as an example, a case will be described in which the communication system 1 according to the first embodiment is applied to a ship.

The communication system 1 is a system for managing the positions and conditions of crew members in a ship. The communication system 1 includes a plurality of beacon devices 10 (beacon devices 10-1, 10-2, ...), a plurality of reception devices 20 (reception devices 20-1, 20-2, ...), and a first management device 30. , a second management device 40 , and a communication cable 45 .

The beacon devices 10-1, 10-2, . . . are carried by crew members (sailors) 2-1, 2-2, . In the following, each of the beacon devices 10-1, 10-2, . . . will also be referred to as "beacon device 10" unless the beacon devices 10-1, 10-2, . . . are particularly distinguished. Furthermore, unless the occupants 2-1, 2-2, . . . are particularly distinguished, each of the occupants 2-1, 2-2, . . . is also referred to as "occupant 2."

The beacon device 10 is a device that broadcasts information regarding the occupant 2 (in the first embodiment, biometric information of the occupant 2) using radio waves 60. Beacon device 10 according to Embodiment 1 is a portable beacon device that uses a rechargeable battery as a power source. The beacon device 10 has two communication modes: a first mode for unidirectional communication and a second mode for bidirectional communication. The default communication mode of the beacon device 10 is the first mode. In the first mode, the beacon device 10 broadcasts an advertisement packet (beacon) according to the Bluetooth (registered trademark) Low Energy (BLE) standard using the radio waves 60. In the first mode, the beacon device 10 is always in a connection standby state while broadcasting advertising packets, and switches the communication mode to the second mode by receiving a connection request from the outside. In the second mode, the beacon device 10 stops broadcast transmission of advertisement packets, establishes communication with the device that has made the connection request using a communication protocol that conforms to the BLE standard (hereinafter also referred to as "BLE communication"), and communicates with the device that has made the connection request. Communicate with the other side.

The receiving devices 20-1, 20-2, . . . are installed, for example, in each compartment divided by a wall or the like inside the ship. Each of the receiving devices 20-1, 20-2, . . . is assigned a receiving device ID for individual identification. In the following, each of the receiving devices 20-1, 20-2, . . . is also referred to as a “receiving device 20” unless the receiving devices 20-1, 20-2, . . . are particularly distinguished.

Each of the receiving devices 20-1, 20-2, . . . is communicably connected to the first management device 30 via a communication cable 45. The receiving device 20 is configured to be able to receive the common key from the first management device 30 via the communication cable 45. Moreover, the receiving device 20 is configured to be able to receive an advertisement packet broadcasted from the beacon device 10.

The first management device 30 generates a common key used in the communication system 1. The common key generated by the first management device 30 is used in the beacon device 10 to encrypt biometric information, and in the receiving device 20 to decrypt the encrypted biometric information. Since the biometric information of the occupant 2 is personal information of the occupant 2, the beacon device 10 encrypts the biometric information and stores it in the advertisement packet, so that even if the advertisement packet is intercepted by an unintended person, the biometric information Leakage can be suppressed.

As will be described later, the beacon device 10 includes a biosensor that detects biometric information of the occupant 2. The beacon device 10 encrypts the biometric information detected by the biosensor using the common key generated by the first management device 30. The data area of the advertising packet includes an encrypted area and a non-encrypted area. The beacon device 10 stores the encrypted biometric information in the encrypted area of the advertising packet. Furthermore, the beacon device 10 stores information on a device ID that identifies the beacon device 10 in the non-encrypted area of the advertising packet. Note that the beacon device 10 may encrypt the device ID information using the common key and store the encrypted device ID information in the encrypted area of the advertisement packet.

As the format of the advertisement packet, for example, a format based on the Bluetooth (registered trademark) specifications managed by the Bluetooth SIG (Special Interest Group) can be used. Alternatively, you can use a highly versatile format such as "iBeacon (registered trademark)" published by Apple (registered trademark) or "Eddystone (registered trademark)" published by Google (registered trademark). It's okay. Note that regardless of which format is used, the information stored in the advertisement packet is not limited to biometric information, and any information can be encrypted and stored.

Upon receiving the advertisement packet, the receiving device 20 uses the common key generated by the first management device 30 to decrypt the encrypted biometric information included in the advertisement packet. Then, in addition to the decoded biometric information and the device ID information of the beacon device 10, the receiving device 20 receives reception strength information indicating the reception strength of the advertising packet, reception time information indicating the reception time, and information about the receiving device ID. is transmitted to the second management device 40 by wireless communication. Note that the receiving device 20 and the second management device 40 may be configured to be capable of wired communication.

The second management device 40 manages the occupant 2 based on the reception strength information, reception time information, reception device ID information, device ID information of the beacon device 10, and biological information received from the reception device 20. Specifically, the second management device 40 identifies the occupant 2 from the device ID information of the beacon device 10. The second management device 40 estimates the position of the occupant 2 from the reception strength information, reception time information, and reception device ID information. Further, the second management device 40 estimates the condition of the occupant 2 from the biometric information of the occupant 2. That is, the second management device 40 manages the position of the occupant 2 and the condition of the occupant 2.

Furthermore, the first management device 30 has a function of updating the common key used in the communication system 1. When an update operation for updating the common key (for example, inputting a common key update command) is performed on the first management device 30, the first management device 30 generates a new key in response to the update operation. Generate a common key. The first management device 30 then manages the generated common key as the current (latest) common key of the communication system 1, and updates the common keys of the beacon device 10 and the receiving device 20. The update operation is performed, for example, by an administrator (not shown) of the first management device 30 at every predetermined update cycle. That is, the common key of the communication system 1 is updated regularly. Thereby, even if the common key is leaked to an unintended person, the security problem can be made temporary, and the security of the communication system 1 can be ensured. Note that the update cycle can be set as appropriate depending on the target to which the communication system 1 is applied. The update cycle in the first embodiment is set to, for example, one week or one month.

In the following, as an example, a case will be assumed in which the first management device 30 generates a new common key 51 and the current common key of the communication system 1 is updated from the common key 50 to the common key 51. Update of the common key of beacon device 10 and receiving device 20 in this case will be explained.

FIG. 2 is a diagram for explaining updating of the common key of the beacon device 10 and the receiving device 20.

First, updating of the common key of the receiving device 20 will be described with reference to FIGS. 1 and 2. The common key of the receiving device 20 is updated by wired communication via the communication cable 45. The first management device 30 transmits the common key 51 to the plurality of receiving devices 20 (receiving devices 20-1, 20-2, . . . ) via the communication cable 45. The receiving device 20 that received the common key 51 from the first management device 30 stores the common key 51 as the current common key of the communication system 1. That is, the common keys of all receiving devices 20 (receiving devices 20-1, 20-2, . . . ) connected to the first management device 30 via the communication cable 45 are updated at once.

Next, updating of the common key of the beacon device 10 will be explained. The common key of the beacon device 10 is updated by BLE communication with the first management device 30. When the update cycle arrives, the crew member 2 takes the beacon device 10 that he or she is wearing to the first management device 30 (brings it to a place where BLE communication is possible with the first management device 30), and BLE communication is established between the device 10 and the first management device 30, and the common key is updated.

More specifically, assume that the common key of the beacon device 10-1 is updated. The passenger 2-1 wearing the beacon device 10-1 takes the beacon device 10-1 to the first management device 30 when the update period arrives. Then, the administrator or crew member 2-1 of the first management device 30 performs an operation (hereinafter also referred to as "update target selection operation") to update the common key of the beacon device 10-1 on the first management device 30. Let's do it. For example, the administrator of the first management device 30 selects the beacon device 10-1 from among the plurality of beacon devices 10 (beacon devices 10-1, 10-2,...) displayed on the display of the first management device 30. select. In response to the update target selection operation, a connection request is output from the first management device 30 to the beacon device 10-1. Upon receiving the connection request, the beacon device 10-1 switches the communication mode from the first mode to the second mode and transmits a connection response to the first management device 30. Thereby, BLE communication is established between the beacon device 10-1 and the first management device 30.

Then, when BLE communication is established between the two, a new common key 51 is transmitted from the first management device 30 to the beacon device 10-1. Upon receiving the common key 51, the beacon device 10-1 deletes the previously stored common key 50 and stores the received common key 51. Alternatively, the beacon device 10-1 may overwrite the common key 50 with the common key 51.

When the common key update is completed, the beacon device 10-1 returns the communication mode from the second mode to the first mode and broadcasts the advertisement packet again. After the common key update is completed, the beacon device 10-1 uses the common key 51 to encrypt biometric information.

Note that, for example, each of the plurality of beacon devices 10 (beacon devices 10-1, 10-2, . . . ) and the first management device 30 can be paired in advance according to the BLE standard. If pairing is performed in advance, when BLE communication is established between beacon device 10 and first management device 30, mutual authentication is performed using the link key generated when pairing is performed. Then, in BLE communication, information is encrypted and decrypted using the link key. Thereby, secure communication can be performed in BLE communication.

As described above, when the first management device 30 generates a new common key, the common key of the plurality of receiving devices 20 (receiving devices 20-1, 20-2, ...) connected to the communication cable 45 is Updated all at once. On the other hand, the beacon device 10 establishes BLE communication with the first management device 30 and the common key is updated. Therefore, the common keys of the plurality of beacon devices 10 (beacon devices 10-1, 10-2, . . . ) are not updated all at once, but sequentially one by one.

Therefore, after the common key of the receiving device 20 is updated until the common key of all beacon devices 10 (beacon devices 10-1, 10-2,...) is updated, multiple beacon devices 10 (Beacon devices 10-1, 10-2, . . . ) include those that have a common key 50 and those that have a common key 51. If the receiving device 20 discards the common key 50 or overwrites the common key 51 with the common key 50 when updating the common key, from the beacon device 10 (the beacon device 10 having the common key 50) that has not yet completed the update. The biometric information included in the received advertisement packet cannot be decoded. Therefore, there is a possibility that information will be lost until the common key update of all beacon devices 10 (beacon devices 10-1, 10-2, . . . ) is completed.

Therefore, in the first embodiment, when receiving the common key 51 from the first management device 30, the receiving device 20 stores the common key 51 as the current (latest version) common key, and is retained as the previous version's common key. Thereby, even when receiving an advertising packet from the beacon device 10 having either of the common keys 50 and 51, the biometric information included in the advertising packet can be decoded.

Furthermore, in the first embodiment, beacon device 10 stores version information of the common key used to encrypt biometric information in the non-encrypted area of the advertising packet. Thereby, the receiving device 20 that has received the advertisement packet can determine which common key was used to encrypt the biometric information included in the advertisement packet, based on the version information of the common key included in the non-encrypted area of the advertisement packet. can be recognized. For example, if an attempt is made to decrypt the biometric information included in the advertisement packet using both the common key 50 and the common key 51, there is a possibility that data processing will be delayed. In the first embodiment, since the version information of the common key used to encrypt the biometric information can be recognized, the receiving device 20 can specify the common key used to decrypt the biometric information. Therefore, the delay in data processing can be reduced compared to the case where both the common key 50 and the common key 51 are used to attempt to decrypt the biometric information included in the advertisement packet.

The receiving device 20 stores the common key 51 as the current common key and holds the common key 50 as the previous version of the common key. Upon receiving the advertisement packet, the receiving device 20 reads the version information of the common key stored in the non-encrypted area of the advertisement packet. Then, the receiving device 20 selects one of the common keys 50 and 51 based on the read version information, and decrypts the encrypted biometric information using the selected common key. Thereby, it is possible to suppress the occurrence of delays in data processing while suppressing information loss.

Note that in the next common key update cycle, if the first management device 30 generates a new common key 52, upon receiving the common key 52 from the first management device 30, the receiving device 20 The older one of the keys (ie, the common key 50) is overwritten on the common key 52. Then, the receiving device 20 stores the common key 52 as the current common key and holds the common key 51 as the previous version of the common key.

Further, each of the beacon devices 10-1, 10-2, . . . corresponds to an example of a “first device” according to the present disclosure. Further, each of the receiving devices 20-1, 20-2, . . . corresponds to an example of a “second device” according to the present disclosure. Further, the first management device 30 corresponds to an example of a “third device” according to the present disclosure.

Hereinafter, details of each configuration of the beacon device 10, the receiving device 20, and the first management device 30 included in the communication system 1 will be explained in order.

<Configuration of beacon device>
FIG. 3 is a block diagram showing the configuration of beacon device 10 according to the first embodiment. Referring to FIG. 3, beacon device 10 includes a CPU (Central Processing Unit) 11, a storage device 12, a RAM (Random Access Memory) 13, a communication device 14, a biosensor 15, and a battery 16. .

The storage device 12 includes a rewritable nonvolatile memory such as a ROM (Read Only Memory). The storage device 12 may include at least one of a hard disk drive and a solid state drive (SSD). The storage device 12 stores various programs executed by the CPU 11. Various programs read by the CPU 11 are expanded into the RAM 13. The RAM 13 functions as a working memory that temporarily stores data processed by the CPU 11. The storage device 12 also stores the common key received from the first management device 30.

The communication device 14 has a first mode for unidirectional communication and a second mode for bidirectional communication as communication modes. The communication device 14 is configured to switch between the first mode and the second mode according to instructions from the CPU 11.

In the first mode, the communication device 14 broadcasts advertising packets at a set predetermined period according to a command from the CPU 11. The above-mentioned predetermined period is defined by the BLE standard, and is an integral multiple of 0.625 ms in the range of 20 ms to 10.24 s. The communication device 14 transmits an advertisement packet, for example, about every 1 second.

In the second mode, the communication device 14 stops broadcast transmission of advertisement packets, and establishes BLE communication with the device that sent the connection request (first management device 30 in the first embodiment). The communication device 14 transmits and receives data to and from the first management device 30 using BLE communication.

The biosensor 15 outputs biometric information (for example, pulse rate, heartbeat, body temperature, etc.) of the occupant 2 to whom the beacon device 10 is attached. The biosensor 15 may measure values such as pulse rate, heartbeat, and body temperature, and output the measured values as biometric information, or may evaluate the condition of the occupant 2 based on the measured values and send the evaluation results to the biometric information. It may be output as information.

The battery 16 is mounted on the beacon device 10 as a power source. The battery 16 is, for example, a secondary battery such as a nickel metal hydride battery or a lithium ion battery. For example, the battery 16 can be charged by connecting the beacon device 10 to a dedicated charger (not shown). When charging the battery 16, for example, the CPU 11 monitors the state of charge of the battery 16, and when the SOC (State of Charge) of the battery 16 reaches a predetermined SOC, sends a command to the charger to stop power supply.

The CPU 11 controls various processes of the beacon device 10 by executing various programs stored in the storage device 12. As a specific example, the CPU 11 functions as a communication control section 111, an encryption section 112, a generation section 113, and an update section 114 by executing various programs.

The communication control unit 111 controls the communication mode of the communication device 14. Specifically, the communication control unit 111 controls the communication mode of the communication device 14 to the first mode by default. When updating the common key of the beacon device 10, the communication control unit 111 switches the communication mode of the communication device 14 from the first mode to the second mode. That is, when the condition is satisfied "when updating the common key" of the beacon device 10, the communication control unit 111 switches the communication mode of the communication device 14 from the first mode to the second mode. As described above, the condition according to the first embodiment is that a connection request is received from an external device (first management device 30 in the first embodiment). The communication control unit 111 switches the communication mode of the communication device 14 to the second mode when receiving a connection request from an external device (first management device 30 in the first embodiment). Note that when pairing is performed with an external device, the communication control unit 111 switches the communication mode of the communication device 14 to the second mode, and performs pairing with the external device using a link key. Authentication is performed, and if the authentication using the link key is successful, communication with the external device is established.

When the common key update is completed, the communication control unit 111 switches the communication mode of the communication device 14 from the second mode to the first mode.

The encryption unit 112 encrypts the biometric information output from the biosensor 15 using the common key stored in the storage device 12.

The generation unit 113 generates an advertisement packet according to the BLE standard. The data area of the advertising packet includes an encrypted area and a non-encrypted area. The generation unit 113 performs a process of storing the biometric information encrypted by the encryption unit 112 in the encrypted area of the advertising packet. The generation unit 113 also performs a process of storing version information of the common key used for encrypting the biometric information in the non-encrypted area of the advertising packet.

Upon receiving the common key from the first management device 30 via the communication device 14, the updating unit 114 updates the common key stored in the storage device 12. As a specific example, upon receiving the common key 51 from the first management device 30, the updating unit 114 updates the common key 50 stored in the storage device 12 to the common key 51. In this case, the update unit 114 deletes the common key 50 and stores the common key 51. Alternatively, the updating unit 114 may overwrite the common key 50 with the common key 51.

<Receiving device configuration>
FIG. 4 is a block diagram showing the configuration of receiving device 20 according to the first embodiment. Referring to FIG. 4, receiving device 20 includes a CPU 21, a storage device 22, a RAM 23, a first communication device 24, a second communication device 25, and a third communication device 26.

The storage device 22 includes, for example, a rewritable nonvolatile memory such as a ROM. Storage device 22 may include at least one of a hard disk drive and an SSD. The storage device 22 stores various programs executed by the CPU 21. Various programs read by the CPU 21 are developed in the RAM 23. The RAM 23 functions as a working memory that temporarily stores data processed by the CPU 21.

The storage device 22 also stores the common key received from the first management device 30. When the storage device 22 receives the common key 51 from the first management device 30, the storage device 22 stores the received common key 51 as the current common key, and stores the common key 50 that was stored as the current common key as the previous common key. This version is kept as a common key. Furthermore, when the next update cycle arrives and the common key 52 is generated by the first management device 30 and the common key 52 is received from the first management device 30, the storage device 22 stores the received common key 52 in the current state. While storing the common key, the common key 51 that was stored as the current common key is held as the previous version of the common key. In this case, the storage device 22 deletes the common key 50 held as the previous version of the common key. That is, the storage device 22 stores two common keys except for the initial one. Although it is possible to hold the common key 50 in the storage device 22 without deleting it, security can be improved by limiting the number of usable common keys to two.

A communication cable 45 (see FIG. 1) is connected to the first communication device 24. The first communication device 24 is configured to be able to send and receive data to and from the first management device 30 via the communication cable 45.

The second communication device 25 is configured to be able to receive advertising packets broadcast by the beacon device 10.

The third communication device 26 is configured to be capable of wireless communication with the second management device 40.

The CPU 21 controls various processes of the receiving device 20 by executing various programs stored in the storage device 22 . As a specific example, the CPU 21 functions as a specifying section 211, a decoding section 212, an updating section 213, and a transmitting section 214 by executing various programs.

The identification unit 211 identifies the version of the common key used to encrypt the biometric information stored in the received advertisement packet. Specifically, the specifying unit 211 reads the version information of the common key stored in the non-encrypted area of the received advertisement packet. The identification unit 211 identifies the common key used to encrypt the biometric information based on the read version information.

The decryption unit 212 reads the common key specified by the identification unit 211 from the storage device 22, and uses the read common key to decrypt the biometric information stored in the encrypted area of the received advertisement packet.

Upon receiving the common key from the first management device 30 via the first communication device 24, the update unit 213 causes the storage device 22 to store the common key. As a specific example, upon receiving the common key 51 from the first management device 30, the updating unit 213 stores the common key 51 in the storage device 22 as the current common key, and also stores the common key 51 as the previous version of the common key. The common key 50 is held in the storage device 22. When receiving the common key 52 from the first management device 30 in the next update cycle, the updating unit 213 stores the common key 52 in the storage device 22 as the current common key, and also stores the common key 52 as the common key of the previous version. The key 51 is held in the storage device 22. In this case, the update unit 213 deletes the common key 50 from the storage device 22.

The transmitting unit 214 transmits the decoded biometric information, the device ID of the beacon device 10, the reception strength information, the reception time information, and the information of the receiving device ID to the second management device 40 via the third communication device 26. .

<Configuration of first management device>
FIG. 5 is a block diagram showing the configuration of the first management device 30 according to the first embodiment. Referring to FIG. 5, first management device 30 includes a CPU 31, a storage device 32, a RAM 33, a network communication device 34, a communication device 35, a communication interface 36, and a display 37.

The storage device 32 includes, for example, a rewritable nonvolatile memory such as a ROM. Storage device 32 may include at least one of a hard disk drive and an SSD. The storage device 32 stores various programs executed by the CPU 31. Various programs read by the CPU 31 are expanded into the RAM 33. The RAM 33 functions as a working memory that temporarily stores data processed by the CPU 31.

Furthermore, the storage device 32 stores management information indicating the update status of the common key of the beacon device 10 and the receiving device 20. Details of the management information will be described later.

A communication cable 45 (see FIG. 1) is connected to the network communication device 34. The network communication device 34 transmits and receives data to and from each of the receiving devices 20 via the communication cable 45.

The communication device 35 transmits a connection request to the beacon device 10 according to a command from the CPU 31. Which beacon device 10 of the plurality of beacon devices 10 (beacon devices 10-1, 10-2,...) the connection request is sent to is determined by, for example, the selection of the update target performed on the first management device 30. Follow the instructions. For example, the administrator of the first management device 30 selects on the display 37 the beacon device 10 whose common key is to be updated. By this operation (update target selection operation), a transmission command for a connection request to the selected beacon device 10 is output from the CPU 31 to the communication device 35. The communication device 35 transmits a connection request to the beacon device 10 according to a command from the CPU 31.

The communication device 35 receives a connection response to the connection request from the beacon device 10. Upon receiving the connection response, the communication device 35 establishes BLE communication with the beacon device 10. The communication device 35 transmits a new common key to the beacon device 10 by BLE communication according to a command from the CPU 31.

The communication interface 36 is configured with, for example, a USB (Universal Serial Bus) port or an NFC (Near Field Communication) reader/writer. For example, when the communication interface 36 is a USB port, communication between the first management device 30 and the external device becomes possible by connecting the external device to the USB port. For example, when the communication interface 36 is an NFC reader/writer, by holding the external device over the NFC reader/writer, communication between the NFC reader/writer and the external device becomes possible using electromagnetic induction or electromagnetic coupling. .

Display 37 is, for example, a liquid crystal display. Display 37 displays various information. For example, the display 37 displays the version information of the current common key, and displays various information such as the update status of the common keys of the beacon device 10 and the receiving device 20.

The CPU 31 controls various processes of the first management device 30 by executing various programs stored in the storage device 32. As a specific example, the CPU 31 functions as a key generation section 311, a connection establishment section 312, a transmission section 313, and an update management section 314 by executing various programs.

The key generation unit 311 generates a new common key based on an update operation performed on the first management device 30 (for example, input of a common key update command). For example, the administrator of the first management device 30 performs an update operation every update cycle. The update cycle is set to, for example, one week or one month.

The connection establishment unit 312 transmits a connection request to the selected beacon device 10 via the communication device 35 in accordance with the update target selection operation performed on the first management device 30 . Upon receiving a connection response from the beacon device 10 that transmitted the connection request via the communication device 35, the connection establishment unit 312 establishes BLE communication with the beacon device 10.

When a new common key is generated, the transmitting unit 313 transmits the generated common key to each of the plurality of receiving devices 20 (receiving devices 20-1, 20-2, ...) via the network communication device 34. Send. For example, SFTP (SSH File Transfer Protocol) communication using SSH (Secure Shell) or SCP (Secure Copy Protocol) communication is applied to transmit the common key.

Further, the transmitter 313 transmits a new common key to the beacon device 10 with which BLE communication has been established, via the communication device 35.

The update management unit 314 updates each of the plurality of beacon devices 10 (beacon devices 10-1, 10-2, ...) and each of the plurality of reception devices 20 (reception devices 20-1, 20-2, ...). Manage the update status of the common key. The update management unit 314 updates each of the plurality of beacon devices 10 (beacon devices 10-1, 10-2, ...) and each of the plurality of reception devices 20 (reception devices 20-1, 20-2, ...). The update status of the common key is managed as management information, and the management information is displayed on the display 37 as an update management table, for example.

FIG. 6 is a diagram for explaining an example of an update management table. Referring to FIG. 6, the update management table shows the device ID of beacon device 10 and the version information of the common key stored in beacon device 10 having the device ID. Specifically, a common key 51 is stored in the beacon device 10-1 (device ID: 10-1), and a common key 50 is stored in the beacon device 10-2 (device ID: 10-2). It is shown that Further, the update management table shows the receiving device ID of the receiving device 20 and the version information of the common key stored in the receiving device 20 having the receiving device ID. Specifically, the common key 50 and the common key 51 are stored in the receiving device 20-1 (receiving device ID: 20-1) and the receiving device 20-2 (receiving device ID: 20-2). It is shown.

As a specific example, when the newly generated common key 51 is transmitted to each of the plurality of receiving devices 20 (receiving devices 20-1, 20-2, ...) by the transmitting section 313, the update management section 314 updates the management information of each of the plurality of receiving devices 20 (receiving devices 20-1, 20-2, . . . ). More specifically, the update management unit 314 updates the version information of the common key held by each of the receiving devices 20 to "common keys 50 and 51." Note that when each of the plurality of receiving devices 20 (receiving devices 20-1, 20-2, ...) receives a new common key from the first management device 30 and stores the new common key, the new common key is stored. It may be configured to send a response indicating that the common key has been stored to the first management device 30. In this case, the first management device 30 may update the management information of each of the plurality of receiving devices 20 (receiving devices 20-1, 20-2, . . . ) based on the response.

Further, when the newly generated common key 51 is transmitted to the beacon device 10 by the transmitter 313, the update manager 314 updates the management information of the beacon device 10. More specifically, for example, when the newly generated common key 51 is transmitted to the beacon device 10-1, the update management unit 314 updates the version of the common key held by the beacon device 10-1. The information is updated from "common key 50" to "common key 51." Note that when the beacon device 10 receives a new common key from the first management device 30 and stores the new common key, it transmits a response indicating that the new common key has been stored to the first management device 30. It may be configured as follows. In this case, the first management device 30 may update the management information of the beacon device 10 based on the response.

<Procedure for encrypting and decrypting biometric information>
FIG. 7 is a flowchart showing the procedure for encrypting and decoding biometric information. The process of the flowchart shown in FIG. 7 is started by the beacon device 10 at every predetermined period described above. Beacon device 10 generates advertisement packets at predetermined intervals and broadcasts the generated advertisement packets.

When a predetermined period arrives, the beacon device 10 detects the biometric information of the occupant 2 and encrypts the biometric information using a common key (step 1, hereinafter abbreviated as "S").

The beacon device 10 stores the biometric information encrypted in S1 in the encrypted area of the advertising packet (S3).

The beacon device 10 stores version information of the common key used to encrypt the biometric information in S1 in the non-encrypted area of the advertising packet (S5).

After executing the processes of S1 to S5 and generating an advertisement packet, the beacon device 10 broadcast-transmits the advertisement packet (S7).

The receiving device 20 waits until receiving the advertising packet (NO in S11). Upon receiving the advertisement packet (YES in S11), the receiving device 20 specifies the reception strength of the advertisement packet and stores it as reception strength information (S13). Further, the receiving device 20 stores the reception time of the advertising packet as reception time information (S13).

Next, the receiving device 20 reads version information of the common key used to encrypt the biometric information from the non-encrypted area of the received advertisement packet. Then, based on the version information, a common key used for decryption is specified (S15).

The receiving device 20 reads the common key identified in S15 from the storage device 22, and uses the read common key to decrypt the encrypted biometric information stored in the encrypted area of the advertisement packet (S17). Moreover, the receiving device 20 reads the device ID of the beacon device 10 stored in the advertisement packet.

The receiving device 20 transmits the decoded biometric information, the device ID of the beacon device 10, reception strength information, reception time information, and information on the receiving device ID to the second management device 40 (S19).

<Procedure for updating common key>
<<Updating the common key of the receiving device>>
FIG. 8 is a flowchart showing the procedure for updating the common key executed by the receiving device 20 and the first management device 30. The flowchart shown in FIG. 8 is started when an update operation is performed on the first management device 30. Note that, as described above, the update operation is performed by, for example, the administrator of the first management device 30 when the update cycle arrives.

When the common key update operation is performed, the first management device 30 generates a new common key (S21). As a specific example, the first management device 30 generates a new common key 51. The first management device 30 then manages the common key 51 as the current common key instead of the common key 50 that has been managed as the current common key.

Next, the first management device 30 transmits the generated common key 51 to the receiving device 20 (S23). After transmitting the generated common key 51, the first management device 30 updates the common key management information (information displayed as an update management table) (S25). Specifically, the first management device 30 updates the common key information stored in the receiving device 20 in the management information to the common keys 50 and 51.

Upon receiving the common key 51, the receiving device 20 newly stores the common key 51 (S31). Specifically, the receiving device 20 stores the received common key 51 as the current common key. Further, the receiving device 20 holds the common key 50 stored as the current common key as the previous version of the common key.

Note that, when the receiving device 20 stores the common key 51, the receiving device 20 may transmit a response indicating that the common key 51 has been stored to the first management device 30. In this case, the first management device 30 executes the process of S25 based on the response received from the receiving device 20.

<<Updating the common key of the beacon device>>
FIG. 9 is a flowchart showing the procedure for updating the common key executed by the beacon device 10 and the first management device 30. The flowchart shown in FIG. 9 shows that when an operation for selecting an update target is performed on the first management device 30, in other words, a specific beacon device 10 (for example, beacon device 10-1) is selected for the first management device 30. Triggered when an operation is performed to update the common key.

When an operation for selecting an update target is performed on the first management device 30 (for example, selecting the beacon device 10-1), the first management device 30 transmits a connection request to the beacon device 10 (beacon device 10-1). (S41).

The beacon device 10 (beacon device 10-1) sets the communication mode to the first mode and broadcasts advertising packets until receiving a connection request (S51). Upon receiving the connection request (YES in S52), the beacon device 10 sets the communication mode to the second mode (S53).

Next, mutual authentication using the link key is performed between the beacon device 10 and the first management device 30 (S43, S54). If mutual authentication is successful, BLE communication is established between the beacon device 10 and the first management device 30.

The first management device 30 transmits the new common key to the beacon device 10 by BLE communication (S45). When transmitting the new common key (common key 51) to the beacon device 10, the first management device 30 updates the management information (S47). Specifically, the version information of the common key held by the beacon device 10 (beacon device 10-1) is updated.

When the beacon device 10 receives the common key from the first management device 30, it updates its own common key to the received common key (S55). When the common key update is completed, the beacon device 10 switches the communication mode from the second mode to the first mode (S56). Thereafter, the beacon device 10 encrypts biometric information using the updated common key when generating an advertisement packet to be broadcasted.

Note that, when the beacon device 10 stores the common key received from the first management device 30, the beacon device 10 may transmit a response indicating that the common key has been stored to the first management device 30. In this case, the first management device 30 executes the process of S47 based on the response received from the beacon device 10.

<Advantages>
As described above, in the communication system 1 according to the first embodiment, the receiving device 20 holds the previous version of the common key in addition to the current common key. When the first management device 30 updates the common key, the common keys of all receiving devices 20 (receiving devices 20-1, 20-2, ...) are updated at once via the communication cable 45. Since the beacon devices 10 update the common key through BLE communication, the common key is updated one by one. Therefore, after the common key of the receiving device 20 is updated until the common key of all beacon devices 10 (beacon devices 10-1, 10-2,...) is updated, multiple beacon devices 10 (Beacon devices 10-1, 10-2, . . . ) include those that have the current (latest version) common key and those that have the common key of the previous version. By holding the above-mentioned two common keys, the receiving device 20 can decode advertisement packets from the beacon device 10 having either common key. Thereby, it is possible to suppress information loss until the common key update of all beacon devices 10 (beacon devices 10-1, 10-2, . . . ) is completed.

Furthermore, in the communication system 1 according to the first embodiment, the beacon device 10 includes version information of the common key used for encrypting the biometric information in the advertisement packet that is broadcast. More specifically, the beacon device 10 stores the biometric information encrypted using the common key in the encrypted area of the advertising packet, and stores the version information of the common key used for encryption in the non-encrypted area of the advertising packet. and broadcast the advertisement packet. Since the version information of the common key used for encryption is stored in the non-encrypted area of the advertisement packet, the receiving device 20 that receives the advertisement packet identifies the common key used for encrypting the biometric information. be able to. That is, the receiving device 20 can specify the common key to be used to decrypt the encrypted biometric information. Thereby, data processing speed can be improved compared to, for example, a case where the receiving device 20 attempts to decrypt encrypted biometric information using a plurality of common keys.

Furthermore, in the communication system 1 according to the first embodiment, the common key used in the communication system 1 is updated every update cycle. Thereby, even if the common key is leaked to an unintended person, the security problem can be made temporary, and the security of the communication system 1 can be ensured.

Furthermore, the receiving device 20 continues to hold the two common keys until the common keys are updated next time. For example, at the timing when the update of the common key of all the beacon devices 10 (beacon devices 10-1, 10-2, ...) is completed, the first management device 30 sends the common key of the previous version to the receiving device 20. It is also possible to send a command to delete the key. However, in the communication system 1 according to the first embodiment, by continuing to hold the two common keys until the common key is updated next time, the number of communications between the first management device 30 and the receiving device 20 is reduced. information leakage, etc. can be reduced. Furthermore, the first management device 30 may be connected to the communication cable 45 only when updating the common key. Since the first management device 30 can be separated from the network except when updating the common key, the security of the communication system 1 can be improved.

In the communication system 1 according to Embodiment 1, an example has been described in which a communication protocol according to the BLE standard is used for communication between the beacon device 10 and the first management device 30. Other communication protocols may alternatively be used.

[Modification 1]
In Embodiment 1, an example was described in which the common key is transmitted from the first management device 30 to the beacon device 10 by BLE communication in updating the common key of the beacon device 10. For example, the communication interface 36 of the first management device 30 may be used to update the common key of the beacon device 10.

For example, when the update cycle arrives, the crew member 2 uses the communication interface 36 to connect the beacon device 10 that he/she has to the first management device 30 . Then, for example, when the occupant 2 or the administrator of the first management device 30 operates the first management device 30, the common key is transmitted from the first management device 30 to the beacon device 10 via the communication interface 36.

In this way, even with a configuration like Modification 1, the common key of beacon device 10 can be updated appropriately.

[Embodiment 2]
In the first embodiment, the update of the common key of the communication system 1 is started by the administrator of the first management device 30 performing an update operation every update cycle. Also, when updating the common key of the beacon device 10, when the update cycle arrives, the crew member 2 carries the beacon device 10 to the first management device 30 (a place where BLE communication is possible with the first management device 30). The process was started by performing an operation to select an update target on the first management device 30. However, it is also possible to update a series of common keys automatically.

FIG. 10 is a diagram schematically showing the overall configuration of a communication system 1A according to the second embodiment. The communication system 1A includes a plurality of beacon devices 10A (beacon devices 10A-1, 10A-2, ...), a plurality of receiving devices 20A (receiving devices 20A-1, 20A-2, ...), and a first management device 30A. , a second management device 40 , and a communication cable 45 . A communication system 1A according to Embodiment 2 is different from the communication system 1 according to Embodiment 1 in that a plurality of beacon devices 10 (beacon devices 10-1, 10-2, ...) are connected to a plurality of beacon devices 10A (beacon devices 10-1, 10-2, ...). The plurality of receiving devices 20 (receiving devices 20-1, 20-2, ...) are connected to the plurality of receiving devices 20A (receiving devices 20A-1, 20A-2, ...). In this case, the first management device 30 is changed to a first management device 30A. The second management device 40 and communication cable 45 of the communication system 1A are the same as the second management device 40 and communication cable 45 of the communication system 1, so the same numbers are given and the description thereof will not be repeated.

In the communication system 1A, the common key is automatically updated every update cycle. Specifically, the first management device 30A generates a new common key every update cycle. Then, the first management device 30A transmits the generated common key to the plurality of receiving devices 20A (receiving devices 20A-1, 20A-2, . . . ) via the communication cable 45. Upon receiving the common key from the first management device 30, each of the plurality of receiving devices 20A (receiving devices 20A-1, 20A-2, . . . ) stores the common key as the current common key.

Like the beacon device 10 according to the first embodiment, the beacon device 10A is a portable beacon device powered by a rechargeable battery. Beacon device 10A according to the second embodiment has two communication modes: a third mode for unidirectional communication and a fourth mode for bidirectional communication. The communication mode of the beacon device 10A is set to the third mode by default. In the third mode, the beacon device 10A broadcasts an advertisement packet using the radio waves 60. The beacon device 10A encrypts the biometric information of the occupant 2 using the common key and stores it in the encrypted area of the advertisement packet. Furthermore, the beacon device 10A stores version information of the common key used for encrypting the biometric information in the non-encrypted area of the advertising packet. Furthermore, the beacon device 10A stores information on a device ID that identifies the beacon device 10A in the non-encrypted area of the advertising packet. Note that the beacon device 10A may encrypt the device ID information using the common key and store the encrypted device ID information in the encrypted area of the advertisement packet.

When updating the common key, the beacon device 10A switches the communication mode to the fourth mode, performs bidirectional communication with the receiving device 20A, and acquires the common key from the receiving device 20A using radio waves 62 (FIG. 11). do. That is, beacon device 10A according to the second embodiment receives a new common key via receiving device 20A. 10 A of beacon devices will update a common key, if a common key is received from 20 A of receiving devices. The above-mentioned "case where the common key is updated" in which the communication mode is switched is, for example, when the beacon device 10A is connected to the charger 80 (FIG. 11). As described later, when the beacon device 10A is connected to the charger 80, the beacon device 10A switches the communication mode from the third mode to the fourth mode.

The receiving device 20A is configured to be able to receive advertising packets broadcast from the beacon device 10. Similar to the receiving device 20 according to the first embodiment, the receiving device 20A holds two common keys (common keys 50 and 51 in the example shown in FIG. 10). Upon receiving the advertisement packet, the receiving device 20A identifies the common key used to encrypt the biometric information based on the version information of the common key included in the non-encrypted area of the advertisement packet. The receiving device 20A decrypts the encrypted biometric information using the identified common key. Then, in addition to the decoded biometric information and the information on the device ID of the beacon device 10A, the receiving device 20A receives reception strength information indicating the reception strength of the advertising packet, reception time information indicating the reception time, and information on the receiving device ID. The information is transmitted to the second management device 40 by wireless communication.

As described above, the first management device 30A generates a new common key at each update cycle (for example, the common key 51 shown in FIG. 10). The first management device 30A collectively transmits the generated common key 51 to the plurality of receiving devices 20 (receiving devices 20-1, 20-2, . . . ) via the communication cable 45. As a result, the common keys of all receiving devices 20 (receiving devices 20-1, 20-2, . . . ) are updated at once. Specifically, each of the plurality of receiving devices 20 (receiving devices 20-1, 20-2, ...) stores the common key 51 as the current common key, and also stores the common key 50 as the previous version. Stored as a common key.

FIG. 11 is a diagram for explaining updating of the common key of the beacon device 10A. When the beacon device 10A is connected to the charger 80, the beacon device 10A switches the communication mode from the third mode to the fourth mode. Charger 80 is a charger for charging battery 16A (FIG. 12) of beacon device 10A. In the fourth mode, the beacon device 10A performs bidirectional communication with the receiving device 20A, and acquires the common key 51 from the receiving device 20A using radio waves 62. As a result, the common key of the beacon device 10A is updated from the common key 50 to the common key 51.

Note that each of the plurality of beacon devices 10A (beacon devices 10A-1, 10A-2, ...) and each of the plurality of reception devices 20A (reception devices 20A-1, 20A-2, ...) comply with the BLE standard. Pairing can be done in advance. If pairing is performed in advance, when bidirectional communication is established between beacon device 10A and receiving device 20A, mutual authentication is performed using the link key generated when pairing is performed. In the two-way communication, information is encrypted and decrypted using the link key. Thereby, secure communication can be performed in two-way communication.

Note that each of the beacon devices 10A-1, 10A-2, . . . corresponds to an example of a "first device" according to the present disclosure. Further, each of the receiving devices 20A-1, 20A-2, . . . corresponds to an example of a “second device” according to the present disclosure. Further, the first management device 30A corresponds to an example of a “third device” according to the present disclosure.

Hereinafter, details of each configuration of the beacon device 10A, the receiving device 20A, and the first management device 30A included in the communication system 1A will be explained in order.

<Configuration of beacon device>
FIG. 12 is a block diagram showing the configuration of a beacon device 10A according to the second embodiment. Referring to FIG. 3, the beacon device 10A includes a CPU (Central Processing Unit) 11A, a storage device 12A, a RAM 13A, a communication device 14A, a biosensor 15A, and a battery 16A.

Storage device 12A, RAM 13A, biosensor 15A, and battery 16A are the same as storage device 12, RAM 13, biosensor 15, and battery 16 of beacon device 10 according to Embodiment 1, so the description thereof will not be repeated.

The communication device 14A has a third mode of unidirectional communication and a fourth mode of bidirectional communication as communication modes. The communication device 14A is configured to switch between the third mode and the fourth mode according to instructions from the CPU 11A.

In the third mode, the communication device 14A broadcasts advertisement packets at a set predetermined period according to a command from the CPU 11A. The above-mentioned predetermined period is defined by the BLE standard, and is an integral multiple of 0.625 ms in the range of 20 ms to 10.24 s. The communication device 14A transmits an advertisement packet, for example, about every 1 second.

The advertisement packet includes information on a device ID that identifies the beacon device 10A, and information indicating whether connection is possible or not. When the information indicating whether connection is possible is set to "connection possible", the receiving device 20A that has received the advertisement packet outputs a connection request, and bidirectional communication is established between the beacon device 10A and the receiving device 20A. Ru. On the other hand, if the information indicating whether or not a connection is possible is set to "Connection Not Possible", a connection request is not output from the receiving device 20A that has received the advertisement packet, and two-way communication is performed between the beacon device 10A and the receiving device 20A. is not established. When the communication mode is the third mode, the communication device 14A sets the information indicating whether the connection is possible or not to “connection not possible”.

In the fourth mode, the communication device 14A broadcasts advertisement packets at a predetermined period similar to the third mode. When the communication mode is the fourth mode, the communication device 14A sets the information indicating whether connection is possible in the advertisement packet to "connection possible". When receiving a connection request from the receiving device 20A, the communication device 14A stops transmitting the advertisement packet and establishes bidirectional communication (for example, BLE communication) with the receiving device 20A. After establishing bidirectional communication, the communication device 14A sends and receives data to and from the receiving device 20A.

The CPU 11A controls various processes of the beacon device 10A by executing various programs stored in the storage device 12A. As a specific example, the CPU 11A functions as a communication control section 111A, an encryption section 112A, a generation section 113A, and an update section 114A by executing various programs. Note that the encryption unit 112A, the generation unit 113A, and the update unit 114A are the same as the encryption unit 112, the generation unit 113, and the update unit 114 of the CPU 11 according to the first embodiment, so the description thereof will not be repeated.

The communication control unit 111A controls the communication mode of the communication device 14A. Specifically, the communication control unit 111A controls the communication mode of the communication device 14A to the third mode by default. The communication control unit 111A switches the communication mode of the communication device 14A from the third mode to the fourth mode when updating the common key of the beacon device 10A. That is, the communication mode is switched from the third mode to the fourth mode when the condition is satisfied "when updating the common key" of the beacon device 10A. The condition according to the second embodiment is that the beacon device 10A is connected to the charger 80 as described above. Moreover, 111 A of communication control parts will switch the communication mode of 14 A of communication devices from a 4th mode to a 3rd mode, if the update of the common key of 10 A of beacon devices is completed. Note that the conditions are not limited to the above, and for example, the update interval may be determined in advance, and a predetermined period of time may have passed since the common key of the beacon device 10A was last updated. The conditions can be appropriately set depending on the target to which the communication system 1A is applied.

<Receiving device configuration>
FIG. 13 is a block diagram showing the configuration of a receiving device 20A according to the second embodiment. Referring to FIG. 13, the receiving device 20A includes a CPU 21A, a storage device 22A, a RAM 23A, a first communication device 24A, a second communication device 25A, and a third communication device 26A. The storage device 22A, RAM 23A, and third communication device 26A are the same as the storage device 22, RAM 23, and third communication device 26 of the receiving device 20 according to Embodiment 1, and therefore will not be repeatedly described.

A communication cable 45 (see FIG. 10) is connected to the first communication device 24A. The first communication device 24A is configured to be able to send and receive data to and from the first management device 30A via the communication cable 45.

The second communication device 25A is configured to be able to receive advertising packets broadcast by the beacon device 10. The second communication device 25A transmits a connection request to the beacon device 10A specified from the device ID included in the advertisement packet when the information indicating whether connection is possible in the received advertisement packet is set to allow connection. do.

The second communication device 25A is configured to be able to transmit a common key to the beacon device 10A when bidirectional communication is established with the beacon device 10A.

The CPU 21A controls various processes of the receiving device 20A by executing various programs stored in the storage device 22A. As a specific example, by executing various programs, the CPU 21A functions as a specifying section 211A, a decoding section 212A, an updating section 213A, a transmitting section 214A, and a collating section 215A. Note that the decoding unit 212A and the updating unit 213A are the same as the decoding unit 212 and the updating unit 213 of the CPU 21 according to Embodiment 1, and therefore will not be repeatedly described.

The identifying unit 211A identifies the beacon device 10A from the device ID included in the received advertisement packet.

The identification unit 211A also identifies the version of the common key used to encrypt the biometric information stored in the received advertisement packet. Specifically, the specifying unit 211A reads the version information of the common key from the non-encrypted area of the received advertisement packet. The identification unit 211A identifies the common key used to encrypt the biometric information based on the read version information.

The verification unit 215A verifies whether the version information of the common key included in the received advertisement packet is the latest (current or not). Specifically, the matching unit 215A matches the version information stored in the non-encrypted area of the received advertising packet with the version information of the current common key stored in the storage device 22A. If both versions are the same, the matching unit 215A determines that the beacon device 10A that transmitted the advertising packet has the current (latest) common key. On the other hand, if the versions are different, the matching unit 215A determines that the beacon device 10A that transmitted the advertisement packet does not have the current (latest) common key.

The transmitting unit 214A transmits the current common key to the beacon device 10A via the second communication device 25A when the matching unit 215A determines that the common key of the beacon device 10A that transmitted the advertisement packet is not the current one. Send.

Moreover, 214 A of transmission parts will transmit the information which shows that the common key of 10 A of beacon devices was updated to 30 A of 1st management devices via 24 A of 1st communication devices, if a common key is transmitted to 10 A of beacon devices. The information indicating that the common key of the beacon device 10A has been updated includes information on the device ID of the beacon device 10A and version information of the common key transmitted to the beacon device 10A. Note that, when the beacon device 10A receives the common key from the receiving device 20A and updates the common key, the beacon device 10A may be configured to transmit a response indicating that the common key has been updated to the receiving device 20A. In this case, the transmitter 214A may transmit information indicating that the common key of the beacon device 10A has been updated to the first management device 30A based on the response.

In addition, the transmitter 214A transmits the decoded biometric information, the device ID of the beacon device 10A, the reception strength information, the reception time information, and the receiver ID to the second management device 40 via the third communication device 26A. Send.

<Configuration of first management device>
FIG. 14 is a block diagram showing the configuration of the first management device 30A according to the second embodiment. Referring to FIG. 14, the first management device 30A includes a CPU 31A, a storage device 32A, a RAM 33A, a network communication device 34A, a communication interface 36A, and a display 37A. The storage device 32A, RAM 33A, network communication device 34A, communication interface 36A, and display 37A are the same as the storage device 32, RAM 33, network communication device 34, communication interface 36, and display 37 of the first management device 30A according to the first embodiment. Since they are similar, they will not be explained repeatedly.

The CPU 31A controls various processes of the first management device 30A by executing various programs stored in the storage device 32A. As a specific example, the CPU 31A functions as a key generation section 311A, a transmission section 313A, and an update management section 314A by executing various programs.

The key generation unit 311A generates a new common key every update cycle. The update cycle can be set as appropriate depending on the target to which the communication system 1A is applied. The update cycle in the second embodiment is set to, for example, one week or one month. Moreover, the update period may be determined in consideration of the continuous driving time of the battery of the beacon device 10A. For example, the update cycle may be set to be shorter than the time required for the SOC of the battery 16A to decrease from full charge (SOC 100%) to the threshold SOC when the beacon device 10A is continuously used in the third mode. . The threshold SOC can be appropriately set so as not to cause the battery to run out. Further, for the power consumption of the beacon device 10A in the third mode used for calculation in determining the update cycle, the power consumption according to the specifications may be used, or an actual value measured in an experiment or the like may be used, for example.

When a new common key is generated, the transmitting unit 313A transmits the generated common key to each of the plurality of receiving devices 20A (receiving devices 20A-1, 20A-2, ...) via the network communication device 34A. Send. For example, SFTP communication using SSH or SCP communication is applied to transmit the common key.

The update management unit 314A updates each of the plurality of beacon devices 10A (beacon devices 10A-1, 10A-2, ...) and each of the plurality of reception devices 20A (reception devices 20A-1, 20A-2, ...). Manage the update status of the common key. The update management unit 314A updates each of the plurality of beacon devices 10A (beacon devices 10A-1, 10A-2, ...) and each of the plurality of reception devices 20A (reception devices 20A-1, 20A-2, ...). The update status of the common key is managed as management information, and the management information is displayed on the display 37A as an update management table (FIG. 6), for example.

When the newly generated common key is transmitted to each of the plurality of receiving devices 20A (receiving devices 20A-1, 20A-2, ...) by the transmitting section 313A, the update management section 314A updates the plurality of receiving devices 20A. The management information of each of (receiving devices 20A-1, 20A-2, . . . ) is updated. Further, upon receiving information indicating that the common key of the beacon device 10A has been updated from the receiving device 20A, the update management section 314A updates the management information of the beacon device 10A.

<Procedure for encrypting and decrypting biometric information>
FIG. 15 is a flowchart showing the procedure for encrypting and decoding biometric information. The process of the flowchart shown in FIG. 15 is started by the beacon device 10A every predetermined period. The processing in the flowchart in FIG. 15 is similar to the processing in the flowchart in FIG. Specifically, the processes from S61 to S67 in the flowchart in FIG. 15 are the same as the processes from S1 to S7 in the flowchart in FIG. 7, respectively. Further, the processes from S71 to S79 in the flowchart of FIG. 15 are similar to the processes from S11 to S19 in the flowchart of FIG. 7, respectively. Therefore, details of the processing in the flowchart of FIG. 15 will not be repeatedly described.

<Procedure for updating common key>
<<Updating the common key of the receiving device>>
FIG. 16 is a flowchart showing the procedure for updating the common key executed by the receiving device 20A and the first management device 30A. The flowchart shown in FIG. 16 is repeatedly executed by the first management device 30A at every predetermined control cycle.

The first management device 30A determines whether the common key update cycle has arrived (S81). If the common key update period has not arrived (NO in S81), the first management device 30A moves the process to return.

When the common key update cycle has arrived (YES in S81), the first management device 30A generates a new common key (S83).

Then, the first management device 30A transmits the generated common key to the receiving device 20A (S85). After transmitting the generated common key, the first management device 30A updates the common key management information (information displayed as an update management table) (S87).

Upon receiving the common key, the receiving device 20A stores the received common key (S91). Specifically, the receiving device 20A stores the received common key as the current common key. Furthermore, the receiving device 20A retains the common key stored as the current common key as the previous version of the common key.

Note that, when the receiving device 20A stores the common key received from the first management device 30A, the receiving device 20A may transmit a response indicating that the common key has been stored to the first management device 30A. In this case, the first management device 30A executes the process of S87 based on the response received from the receiving device 20A.

<<Updating the common key of the beacon device>>
FIG. 17 is a flowchart showing the procedure for updating the common key executed by the beacon device 10A, the receiving device 20A, and the first management device 30A. The flowchart in FIG. 17 is started when the beacon device 10A is connected to the charger 80.

When connected to the charger 80, the beacon device 10A switches the communication mode from the third mode to the fourth mode (S101). Specifically, the beacon device 10A switches the communication mode to the fourth mode and changes the information indicating whether connection is possible in the advertising packet to "connection possible". Then, the beacon device 10A transmits an advertisement packet (S102). Moreover, when the beacon device 10A transmits the advertisement packet, it resets the built-in timer and starts a new time count (S103).

The receiving device 20A determines whether an advertising packet has been received (S111). When the receiving device 20A receives the advertisement packet (YES in S111), the receiving device 20A determines whether the information indicating whether connection is possible in the advertisement packet is set to allow connection (S112). If the information indicating connection availability is set to connection rejection (NO in S112), receiving device 20A ends the process. Note that even in this case, the receiving device 20A executes the process of the flowchart in FIG. 15.

When the information indicating whether or not a connection is possible is set to allow connection (YES in S112), the receiving device 20A uses the version information of the common key stored in the non-encrypted area of the advertisement packet to enable the beacon device 10A. It is determined whether the common key is the current common key (S113). Specifically, the version of the common key of the beacon device 10A is compared with the version of the current common key stored in the storage device 22A.

If the common key of the beacon device 10A is the current common key (YES in S113), the receiving device 20A does not need to update the common key of the beacon device 10A, and therefore ends the process.

On the other hand, when the common key of the beacon device 10A is not the current common key (NO in S113), the receiving device 20A identifies the beacon device 10A based on the terminal ID information included in the advertisement packet. Then, the receiving device 20A transmits a connection request to the specified beacon device 10A (S114).

The beacon device 10A waits to receive a connection request from the receiving device 20A (S104, S105). After transmitting the advertisement packet (starting a new time count), if a predetermined period of time has elapsed without receiving a connection request (YES in S104), the beacon device 10A determines that the beacon device 10A has timed out. The determination is made and the process proceeds to S108.

When the beacon device 10A receives a connection request (YES in S105) before timeout (NO in S104), it establishes a connection with the receiving device 20A (S106, S115). That is, bidirectional communication between the beacon device 10A and the receiving device 20A is established.

When bidirectional communication between the beacon device 10A and the receiving device 20A is established, the receiving device 20A transmits the current common key stored in the storage device 22A to the beacon device 10A (S116).

Upon receiving the common key from the receiving device 20A, the beacon device 10A updates the common key (S107). For example, upon receiving the common key 51 from the receiving device 20A, the beacon device 10A deletes the common key 50 stored in the storage device 12A and stores the common key 51.

After updating the common key, the beacon device 10A switches the communication mode to the third mode and broadcasts the advertising packet again (S108). Note that from now on, the beacon device 10 stores the biometric information encrypted using the common key 51 and the version information of the common key 51 in the advertising packet.

When the common key is transmitted to the beacon device 10A, the receiving device 20A transmits information (update information) indicating that the common key of the beacon device 10A has been updated to the first management device 30A (S117). The update information includes information on the device ID of the beacon device 10A and version information on the common key. Note that, when the beacon device 10A updates the common key, it may be configured to transmit a response to the effect that the common key has been updated to the receiving device 20A. In this case, the receiving device 20A may transmit information indicating that the common key of the beacon device 10A has been updated to the first management device 30A based on the response.

When the first management device 30A acquires information (update information) indicating that the common key of the beacon device 10A has been updated from the reception device 20A, the first management device 30A updates the management information based on the acquired update information (S120). The first management device 30A, for example, causes the display 37A to display the updated management information as an update management table.

Note that the process of S113 described above can also be omitted. In this case, regardless of whether the common key of the beacon device 10A is the current common key, bidirectional communication between the beacon device 10A and the receiving device 20A is established, and the communication from the receiving device 20A to the beacon device 10A is established. A common key is sent.

In addition, in the above case, when a timeout occurs, the process proceeds to S108, switches the communication mode of the beacon device 10A from the fourth mode to the third mode, and ends the process, but for example, the beacon device When the connection between 10A and charger 80 is released, the communication mode may be switched from the fourth mode to the third mode by interrupt processing or the like, and the processing may be terminated.

<Advantages>
As described above, in the communication system 1A according to the second embodiment, the receiving device 20A holds the previous version of the common key in addition to the current common key. When the first management device 30A updates the common key, the common keys of all receiving devices 20A (receiving devices 20A-1, 20A-2, ...) are updated at once via the communication cable 45. Since the common keys of the beacon devices 10A are updated at the timing when the beacon devices 10A are connected to the charger 80, the common keys of the plurality of beacon devices 10A are not necessarily updated at the same time. That is, it is assumed that the update timing of the common key of the plurality of beacon devices 10A is different for each individual beacon device 10A. Therefore, after the common key of the receiving device 20A is updated until the common key of all the beacon devices 10A (beacon devices 10A-1, 10A-2,...) is updated, the multiple beacon devices 10A (Beacon devices 10A-1, 10A-2, . . . ) include those that have the current (latest version) common key and those that have the common key of the previous version. By holding the above-mentioned two common keys, the receiving device 20A can decode the advertisement packet from the beacon device 10A having either common key. Thereby, it is possible to suppress information loss until the common key update of all beacon devices 10A (beacon devices 10A-1, 10A-2, . . . ) is completed.

Furthermore, in the communication system 1A according to the second embodiment, the beacon device 10A includes version information of the common key used for encrypting the biometric information in the advertisement packet that is broadcast. More specifically, the beacon device 10A stores the biometric information encrypted using the common key in the encrypted area of the advertising packet, and stores the version information of the common key used for encryption in the non-encrypted area of the advertising packet. and broadcast the advertisement packet. Since the version information of the common key used for encryption is stored in the non-encrypted area of the advertisement packet, the receiving device 20A that received the advertisement packet identifies the common key used for encrypting the biometric information. be able to. That is, the receiving device 20A can specify the common key to be used to decrypt the encrypted biometric information. Thereby, data processing speed can be improved compared to, for example, a case where the receiving device 20A attempts to decrypt encrypted biometric information using a plurality of common keys.

Furthermore, in the communication system 1A according to the second embodiment, the common key used in the communication system 1A is updated every update cycle. Thereby, even if the common key is leaked to an unintended person, the security problem can be made temporary, and the security of the communication system 1A can be ensured.

Furthermore, in the communication system 1A according to the second embodiment, the beacon device 10A receives a new common key generated by the first management device 30A via the receiving device 20A. With such a configuration, in the communication system 1A, the common key of the communication system 1A can be automatically updated every update cycle without requiring any operation by the administrator of the first management device 30A or the passenger 2.

[Modification 2]
In Embodiment 2, an example has been described in which the beacon device 10A acquires the common key from the receiving device 20A. In modification 2, an example will be described in which the beacon device 10A acquires a common key from a charger.

FIG. 18 is a diagram for explaining updating of the common key of the beacon device 10A according to the second modification. Referring to FIG. 18, charger 81 is connected to communication cable 45. That is, the charger 81 is configured to be able to communicate with the first management device 30A via the communication cable 45.

When the first management device 30A generates a new common key, it transmits the generated common key to the receiving device 20A and the charger 81 via the communication cable 45.

Charger 81 includes a communication interface 82 . The communication interface 82 is configured with, for example, a USB port or an NFC reader/writer. For example, when the communication interface 82 is a USB port, by connecting the beacon device 10A to the USB port, charging of the beacon device 10A is started and communication between the beacon device 10A and the charger 81 is possible. Become. When communication between beacon device 10A and charger 81 becomes possible, charger 81 acquires device ID information from beacon device 10A. Charger 81 then transmits the common key to beacon device 10A. Thereby, the beacon device 10A can update the common key.

For example, when the communication interface 82 is an NFC reader/writer, by bringing the beacon device 10A into contact with the NFC reader/writer, information on the device ID is transmitted from the beacon device 10A to the charger 81, and the information on the device ID is transmitted to the charger 81. A common key is transmitted from 81 to beacon device 10A. For example, the charger 81 is configured such that the charging terminal and the NFC reader/writer are close to each other. When the beacon device 10A is connected to the charging terminal, the beacon device 10A approaches or contacts the NFC reader/writer. That is, while the beacon device 10A is charged, the common key of the beacon device 10A is updated. When the charger 81 is a non-contact type charger, the NFC reader/writer is configured such that when the beacon device 10A is placed on the charger 81, the beacon device 10A and the NFC reader/writer are in close proximity or in contact with each other. It is enough if it is placed.

After transmitting the common key to the beacon device 10A, the charger 81 transmits update information including information on the device ID of the beacon device 10A and version information of the common key to the first management device 30A.

The first management device 30A that has acquired the update information from the charger 81 updates the common key management information of the beacon device 10A and the receiving device 20A.

As described above, when the beacon device 10A acquires the common key via the charger 81, the common key can be updated at each update cycle to ensure security.

It should be considered that the embodiments disclosed herein are illustrative in all respects and are not restrictive. The scope of the present invention is indicated by the claims rather than the above description, and it is intended that all changes within the meaning and range equivalent to the claims are included.

1, 1A communication system, 2 crew member, 10, 10A beacon device, 11, 11A CPU, 12, 12A storage device, 13, 13A RAM, 14, 14A communication device, 15, 15A biosensor, 16, 16A battery, 20, 20A, ID Receiving device, 21, 21A CPU, 22, 22A Storage device, 23, 23A RAM, 24, 24A First communication device, 25, 25A Second communication device, 26, 26A Third communication device, 30, 30A 1 Management device, 31, 31A CPU, 32, 32A Storage device, 33, 33A RAM, 34, 34A Network communication device, 35 Communication device, 36, 36A Communication interface, 37, 37A Display, 40 Second management device, 45 Communication cable, 80, 81 charger, 82 communication interface, 111, 111A communication control unit, 112, 112A encryption unit, 113, 113A generation unit, 114, 114A update unit, 211, 211A identification unit, 212, 212A decryption unit, 213, 213A update section, 214, 214A transmission section, 215A collation section, 311, 311A key generation section, 312 connection establishment section, 313, 313A transmission section, 314, 314A update management section.

Claims (5)

A communication system that uses a common key to encrypt and decrypt transmitted and received information,
a first device that transmits an advertisement packet;
a second device that receives the advertising packet;
a third device that generates a new common key and updates the common key of the communication system,
The advertising packet includes an encrypted area where encrypted information is stored and a non-encrypted area where unencrypted information is stored,
The first device encrypts predetermined information using a common key, stores the encrypted predetermined information in the encryption area, and encrypts the predetermined information using the common key used to encrypt the predetermined information. store version information in the non-encrypted area,
Upon receiving the advertisement packet, the second device decrypts the encrypted predetermined information using a common key specified by the version information stored in the received advertisement packet,
When the third device generates a new common key, the third device transmits the new common key to the second device,
The second device holds the received new common key as the current common key, and also stores the common key that was held as the current common key before receiving the new common key as the previous version common key. hold,
The first device has, as communication modes, a first mode in which the advertising packet is communicated in one direction, and a second mode in which bidirectional communication is carried out with the second device,
The first device sets the first mode as the default communication mode, switches the communication mode to the second mode when updating the common key, and acquires the current common key from the second device. A communication system that updates the common key . The first device uses a rechargeable battery as a power source, and changes the communication mode from the first mode to the second mode when the battery is connected to a charger configured to charge the battery. The communication system according to claim 1 , wherein the communication system switches. The communication system according to claim 1 , wherein the first device switches the communication mode from the first mode to the second mode when a predetermined period of time has passed since the common key was last updated. The third device generates a new common key every predetermined update cycle and transmits it to the second device,
The communication system according to any one of claims 1 to 3, wherein the first device acquires the new common key from the second device and updates the common key. The second device includes:
Upon receiving the advertising packet from the first device, determining whether the common key of the first device is a current common key based on the version information stored in the received advertising packet,
If it is determined that the common key of the first device is not the current common key, transmitting a connection request to the first device;
5. The communication system according to claim 4, wherein when bidirectional communication between the first device and the second device is established according to the connection request, a held current common key is transmitted to the first device.

Images