JP7427176B2 - Wireless communication information update system and wireless communication information update method - Google Patents

Description

Embodiments of the present invention relate to a wireless communication information updating system and a wireless communication information updating method.

For example, communication based on the IEEE802.11ai standard described in Non-Patent Document 1 is used in wireless information communication systems to handle information exchanged in closed networks that require high security such as in local governments. . Communication based on the IEEE 802.11ai standard is an advanced authentication technology that enables high-speed connections with, for example, initial link setup within 100 ms. Note that in communication based on the IEEE802.11ai standard, frame exchange procedures are integrated in authentication and connection. As a result, connections involving authentication can be made with fewer frame exchanges than in the past, resulting in faster connections.

These high-speed wireless information communication systems require that each node such as an access terminal has a continuous network connection with one server operated within one LAN (Local Area Network). It is assumed that

For example, one server performs authentication using RADIUS (Remote Authentication Dial In User Service). Further, for example, the connection may be a WPA2 Enterprise connection.

By the way, in extreme environments where continuous network connection is not possible or in mobile environments, Delay Tolerant Networking (DTN), which is a computer network method, is used. For example, as an authentication method in DTN, distributed authentication is performed in which authentication servers are operated at all access points on the network.

IEEE Std 802.11ai-2016 (Amendment to IEEE Std 802.11-2016)

In conventional distributed authentication systems, there is no continuous network connection, so it is difficult to safely update information held by multiple servers.

Embodiments of the present invention provide a wireless communication information update system that can safely update information held by a plurality of servers when high-speed connections are made and each node is not continuously connected to the server. The purpose is to

a first information processing unit that generates first information and second information from first difference information that is information about a difference between pre-update information and post-update information; A first access point having a first base unit side LAN communication unit that transmits as a base unit, and a first wireless transmitter/receiver unit that transmits second information wirelessly in the form of an electrical signal; A movable mobile object having a handset-side wireless LAN communication unit that receives first information as a handset and transmits the received first information as it is; a second base unit side LAN communication unit that receives the second information wirelessly as an electric signal; a second wireless transmitter/receiver unit that receives the second information wirelessly as an electrical signal; and a second information processing unit that generates post-update information from pre-update information and second difference information shared with the first access point. Provides a wireless communication information update system.

Generating first information and second information from first difference information that is information on the difference between the pre-update information and the post-update information, and transmitting the first information as a base unit via a wireless LAN, A first step of wirelessly transmitting the second information as an electrical signal, and a second step of receiving the first information as a slave device via a wireless LAN and transmitting the received first information as it is. Then, the base device receives the first information transmitted in the second step , receives the second information wirelessly as an electrical signal, and generates second difference information from the first information and the second information. and a third step of generating post-update information from the pre-update information and the second difference information.

According to the present invention, it is possible to realize a wireless communication information updating system that can safely update information held by a plurality of servers when high-speed connection is performed and each node is not continuously connected to the server.

FIG. 1 is a block diagram showing the configuration of a wireless communication information update system according to this embodiment. FIG. 2 is a conceptual diagram for explaining the wireless communication information update function according to this embodiment. FIG. 3 is a conceptual diagram for explaining the wireless communication information update function according to this embodiment. FIG. 4 is a sequence diagram for explaining the wireless communication information update function according to this embodiment. FIG. 5 is a flowchart showing the procedure of wireless communication information update processing according to this embodiment. FIG. 6 is a flowchart showing the processing procedure of update source access point processing according to this embodiment. FIG. 7 is a flowchart showing the processing procedure of update destination access point processing according to this embodiment. FIG. 8 is a block diagram showing the configuration of a wireless communication information update system according to another embodiment.

One aspect of the embodiment of the present invention will be described in detail below with reference to the drawings.

(This embodiment)
FIG. 1 is a block diagram showing the configuration of a wireless communication information update system. As shown in FIG. 1, the wireless communication information update system is a system that includes a wireless communication information update function that updates information at each access point in the system, for example, by wireless communication.

An access point is a device that exchanges information through wireless communication, and in FIG. 1, for example, refers to a first access point 10, a second access point 20, a third access point 30, and the like. The access point also has the function of a server. For example, the wireless communication information update system includes a first access point 10, a second access point 20, and a mobile object 40, which will be described later.

The first access point 10, the second access point 20, and the third access point 30 include information processing units 11, 21, and 31 that process information, and a base unit side wireless LAN communication unit 12 that communicates wirelessly. 22, 32, wireless transmitting/receiving units 13, 23, 33, and storage units 16, 26, 36 for storing information.

The information processing unit 11 (hereinafter, this may be referred to as a first information processing unit) updates the pre-update information, which is information before the update stored in the storage unit 16, for example, and updates the updated information, which is the information after the update. Information will be provided later. It is assumed that the updated information is stored in the storage unit 16.

Here, the information processing unit 11 converts the difference information between the pre-update information and the post-update information in the information processing unit 11 into the difference information D of the first access point 10 (hereinafter, this may also be referred to as first difference information). good). The information processing unit 11 generates first information and second information from the difference information D of the first access point 10. Note that the base unit side wireless LAN communication unit 12 transmits the first information as the base unit via the wireless LAN, and the wireless transmitting/receiving unit 13 wirelessly transmits the second information as an electrical signal.

The base unit side wireless LAN communication unit 22 receives the first information as a base unit via the wireless LAN, and the wireless transmitting/receiving unit 13 wirelessly receives the second information in the form of an electrical signal. The information processing unit 21 (hereinafter, this may be referred to as a second information processing unit) generates difference information D (hereinafter, this) of the second access point 20 generated from the received first information and second information. (may be referred to as second difference information) and the pre-update information. It is assumed that the pre-update information is regularly shared among the access points, and is shared among the access points in advance before the information is updated.

In this embodiment, the first access point 10 may also be referred to as an update source access point because it is an access point that generates post-update information and is an update source from which information is updated. good. On the other hand, the second access point 20 and the third access point 30 are called update destination access points because the second access point 20 and the third access point 30 are the access points to which updates are reflected. But that's fine.

The first access point 10 communicates with each node by wireless communication. Here, the term "node" includes not only each access point but also the movable body 40. The mobile body 40 is, for example, a car, and includes an information processing section 41 that processes information, a handset-side wireless LAN communication section 42 that performs wireless communication, and a storage section 46 that stores information. The handset-side wireless LAN communication unit 42 receives first information as a handset via the wireless LAN, and transmits the received first information as it is.

For example, in the first phase, the mobile body 40 is located between the first access point 10 and the second access point 20, and in the second phase, the mobile body 40 is located between the second access point 20 and the third access point 20. Located between access points. The second phase occurs after a certain period of time has elapsed from the first phase.

For example, for wireless communication, the first access point 10 communicates with the second access point 20, the wireless transmitting/receiving section 13, and the wireless receiving section 23 (hereinafter referred to as the first wireless transmitting/receiving section and the second wireless transmitting/receiving section). Wireless communication may be performed via Similarly, the first access point 10 performs wireless communication with the third access point 30 via the wireless transmitter/receiver 13 and the wireless receiver 33.

The wireless communication by the wireless transmitting/receiving units 13, 23, and 33 is assumed to be wireless communication using radio waves having a longer wavelength than that of the wireless LAN. The wireless communication by the wireless transmitting/receiving units 13, 23, and 33 uses a very high frequency (Very High Frequency) such as a commercial transceiver, for example, and uses a frequency band such as 351 MHz, and the communication speed is 4.8 kbps. do.

On the other hand, for wireless communication, the first access point 10 communicates with the mobile body 40, the base unit side wireless LAN communication unit 12 (hereinafter, this may be referred to as the first base unit side wireless LAN communication unit), and the mobile unit 40, Wireless communication by wireless LAN is performed via the machine-side wireless LAN communication unit 42.

Similarly, the second access point 20 communicates with the mobile body 40, the base unit side wireless LAN communication unit 22 (hereinafter, this may be referred to as the second base unit side wireless LAN communication unit), and the slave unit side wireless LAN communication unit. Wireless communication is performed via the unit 42. The third access point 30 also performs wireless communication with the mobile body 40 via a wireless LAN communication unit 32 and a wireless LAN communication unit 42 on the slave side.

The wireless communication between the wireless LAN communication units 12, 22, and 32 on the base unit side and the wireless LAN communication unit 42 on the slave unit side is performed using Ultra High Frequency using wireless LAN. Furthermore, the base unit side wireless LAN communication units 12, 22, and 32 operate as a base unit in wireless LAN communication, and the slave unit side wireless LAN communication unit 42 operates as a slave unit in wireless LAN communication.

It is assumed that the information processing units 11, 21, 31, 41 described above and the authentication units 15, 25, 35 described below are implemented with integrated circuits, etc., and the storage units 16, 26, 36, 46 are, for example, SSD (Solid State Drive) or USB memory.

Next, details of information exchanged between nodes, transmission sources, and transmission destinations will be described using FIGS. 2 and 3, which are conceptual diagrams for explaining the wireless communication information update function according to the present embodiment.

Here, the information processing units 11, 21, and 31 include authentication units 15, 25, and 35, and update information at the first access point 10, and perform authentication using authentication information in the wireless communication information update system. The following is an example of a case where this is performed. The authentication information refers to, for example, a private key KEYS, a public key KEYS', a common key, a node individual certificate, hash information, etc., which will be described later.

The common key is, for example, a one-time common key KEYOC or a pre-shared common key KEYBC. Further, the individual node certificates include a first individual node certificate CER1, a second individual node certificate CER2, and the like. Further, the hash information includes first hash information H1, second hash information H2, third hash information H3, and the like.

The above-mentioned first information is, for example, difference information D_BC encrypted with the pre-shared common key KEYBC. The second information is common key information that is information based on the one-time common key KEYOC, and is, for example, a one-time common key KEYOC_BC encrypted with a pre-shared common key KEYBC to be described later.

First, details of information exchanged between each node will be explained using FIG. 2. In the first access point 10, a secret key KEYS for encrypting information is stored in the storage unit 16, and in the second access point 20 and the third access point 30, the secret key KEYS of the access point 10 is stored in the storage units 26 and 36. It is assumed that a public key KEYS' for decrypting information encrypted with the key KEYS is stored.

Specifically, the first access point 10 generates and makes public a public key KEYS' that decrypts information, which is paired with the private key KEYS. The second access point 20 and the third access point 30 obtain the published public key KEYS' and store the public key KEYS' in the storage units 26 and 36.

Further, it is assumed that the first access point 10, the second access point 20, and the third access point 30 share a pre-shared common key KEYBC that is a common key in advance.

In order to update information in the first access point 10, the authentication unit 16 of the first access point 10 sends the first node individual certificate CER1, second node individual certificate CER2, and third node certificate of the access point 10. An individual certificate CER3 is issued.

The authentication unit 16 generates a one-time common key KEYOC that can be used only for the difference information D of the first access point 10 extracted at that time. The authentication unit 16 generates first hash information H1 including a hash value of the updated information. Further, upon extracting the difference information D of the first access point 10, the authentication unit 16 generates second hash information H2 including a hash value of the difference information D of the first access point 10. The authentication unit 16 also generates third hash information H3 including the hash value of the one-time common key KEYOC.

The authentication unit 16 generates difference information D_OC encrypted with the one-time common key by encrypting the extracted difference information D of the first access point 10 with the generated one-time common key KEYOC. The authentication unit 16 encrypts the generated one-time common key KEYOC with the pre-shared common key KEYBC, and generates a one-time common key KEYOC_BC encrypted with the pre-shared common key.

The authentication unit 16 generates a certificate that signs the difference information D_OC, the first hash information H1, and the second hash information H2 encrypted with the one-time common key using the private key. Hereinafter, this certificate may be referred to as the first node individual certificate CER1_S signed with the private key.

The authentication unit 16 generates a certificate that uses the private key to sign the one-time common key KEYOC_BC encrypted using the pre-shared common key and the third hash information H3. Hereinafter, this certificate may be referred to as a second node individual certificate CER2_S signed with a private key.

The update destination access points, such as the second access point 20 and the third access point 30, send a completion notification when they finish reflecting the information updated by the first access point. Further, the first access point 10 transmits a deletion notification when receiving update completion notifications from all update destination access points registered in the wireless communication information update system.

Next, the source and destination of information exchanged between each node will be explained in a first phase and a second phase using FIG. 3. In the first phase, as shown in table TB1, the first access point 10 provides the second access point 20 and the third access point 30 with a second node individual certificate signed with a private key. CER2_S, a one-time common key KEYOC_BC encrypted with the pre-shared common key, and third hash information H3 are transmitted.

The first access point 10 also sends the mobile unit 40 the first node individual certificate CER1_S signed with the private key, the difference information D_OC encrypted with the one-time common key, the first hash information H1, and the first node individual certificate CER1_S signed with the private key. 2 hash information H2 is transmitted.

The mobile body 40 sends to the second access point 20 the first node individual certificate CER1_S signed with the private key, the difference information D_OC encrypted with the one-time common key, the first hash information H1, and the second The hash information H2 is transmitted.

In the second phase, the first access point 10 sends a deletion notification to the mobile unit 40, as shown in table TB2. The second access point 20 sends an update completion notification to the first access point 10 and the third access point 30.

The mobile unit 40 also sends the third access point 30 the first node individual certificate CER1_S signed with the private key, the difference information D_OC encrypted with the one-time common key, the first hash information H1, and the first node individual certificate CER1_S signed with the private key. 2 hash information H2 is transmitted. The third access point 30 sends an update completion notification to the first access point 10 and the second access point 20.

Next, the timing of information exchanged between each node will be described using FIG. 4, which is a sequence diagram for explaining the wireless communication information update function according to the present embodiment.

First, the first phase will be explained. When the information is updated at the first access point 10, the first access point 10 sends the second access point 20 and the third access point 30 a second node individual certificate signed with a private key. CER2_S, a one-time common key KEYOC_BC encrypted with the pre-shared common key, and third hash information H3 are transmitted (S1, S2).

The first access point 10 also sends the mobile unit 40 the first node individual certificate CER1_S signed with the private key, the difference information D_OC encrypted with the one-time common key, the first hash information H1, and the first node individual certificate CER1_S signed with the private key. 2 hash information H2 is transmitted (S3).

Next, the second phase will be explained. The mobile body 40 sends the first node individual certificate CER1_S signed with the private key received in step S3, the difference information D_OC encrypted with the one-time common key, and the first hash to the second access point 20. The information H1 and the second hash information H2 are transmitted (S4).

When the information is updated by decrypting the difference information D_OC encrypted with the one-time common key based on the information received in steps S1 and S4, the second access point 20 An update completion notification is sent to the access point 30 (S5, S6).

The mobile body 40 transmits to the third access point 30 the first node individual certificate CER1_S signed with the private key, the difference information D_OC encrypted with the one-time common key, and the first node certificate CER1_S received in step S3. The hash information H1 and the second hash information H2 are transmitted as they are (S7).

When the information is updated by decrypting the difference information D_OC encrypted with the one-time common key based on the information received in steps S2 and S7, the third access point 30 An update completion notification is sent to the access point 20 (S8, S9).

Upon receiving update completion notifications from all update destination access points registered in the wireless communication information update system, the first access point 10 transmits a deletion notification to the mobile object 40 (S10).

In this embodiment, all update destination access points registered in the wireless communication information update system are the second access point 20 and the third access point 30. Upon receiving the deletion notification, the mobile body 40 deletes the difference information D_OC encrypted with the one-time common key.

Next, the processing procedure of the wireless communication information update process performed by the wireless communication information update system will be described using FIG. 5, which is a flowchart showing the process procedure of the wireless communication information update process according to the present embodiment. As an overview, the wireless communication information update process first generates first information and second information from the difference information D of the first access point 10, which is the difference information between the pre-update information and the post-update information, and The first information is transmitted as a base unit via the LAN, and the second information is transmitted wirelessly using an electrical signal.

Next, in the communication information update process, the handset receives the first information via the wireless LAN and transmits the received first information as it is. Next, in the communication information update process, the base device receives the first information via the mobile object, receives the second information wirelessly as an electrical signal, and updates the first information and the second information. The difference information D of the second access point 20 is generated from the pre-update information and the difference information D of the second access point 20. The post-update information is generated from the pre-update information and the difference information D of the second access point 20.

Specifically, as the wireless communication information update process, in the first phase, the authentication unit 15 of the first access point that is the update source access point performs the update source access point process (S20).

The processing procedure of the update source access point process (S20) performed by the authentication unit 15 will be described using FIG. 6, which is a flowchart showing the process procedure of the update source access point process according to the present embodiment.

First, the authentication unit 15 extracts the difference between the pre-update information and the post-update information as the difference information D of the first access point 10 (S21). Next, the authentication unit 15 generates a one-time common key KEYOC (S22). Next, the authentication unit 15 generates first hash information H1 of the updated information, second hash information H2 of the difference information D of the first access point 10, and third hash information H3 of the one-time common key KEYOC. (S23).

Next, the authentication unit 15 encrypts the difference information D of the first access point 10 with the one-time common key KEYOC to generate difference information D_OC encrypted with the one-time common key (S51). Next, the authentication unit 15 signs the first hash information H1, the second hash information H2, and the difference information D_OC encrypted with the one-time common key with the private key S, and then signs the difference information D_OC with the private key S. A first node individual certificate CER1_S is generated (S52).

Next, the authentication unit 15 sends the first hash information H1, the second hash information H2, the one-time The difference information D_OC encrypted with the common key and the first node individual certificate CER1_S signed with the private key are transmitted (S53). Note that steps S51 to S53 may be collectively referred to as update source access point difference information related processing S50.

Next, the authentication unit 15 encrypts the one-time common key KEYOC with the pre-shared common key KEYBC (S61). Next, the authentication unit 15 signs the third hash information H3 and the one-time common key KEYOC_BC encrypted with the pre-shared common key with the private key S, and sends a signature to the second node signed with the private key. An individual certificate CER2_S is generated (S62).

Next, the authentication section 15 sends the third hash information H3 and the one-time common key KEYOC_BC encrypted with the pre-shared common key to the authentication sections 25 and 35 via the wireless transmitting and receiving section 13 and the wireless transmitting and receiving sections 23 and 33. and transmits the second node individual certificate CER2_S signed with the private key (S63). Note that steps S61 to S63 may be collectively referred to as update source access point one-time common key related processing S60.

Returning to FIG. 5, the explanation will be continued. In the second phase after the first phase, the information processing unit 41 generates the first node individual certificate CER1_S signed with the private key, the difference information D_OC encrypted with the one-time common key, and the first node individual certificate CER1_S signed with the private key. The hash information H1 and the second hash information H2 are received from the authentication unit 15 and sent as they are to the update destination access point. Note that the difference information D_OC received by the mobile body 40 and encrypted with the one-time common key is stored in the storage device 46.

Next, the update destination access point performs update destination access point processing (S40). Here, the second access point 20 is taken as an example of the update destination access point, and FIG. The processing procedure of the process (S40) will be explained.

First, the authentication unit 25 receives the first hash information H1, the second hash information H2, and the difference information D_OC encrypted with the one-time common key from the information processing unit 41 via the base device side wireless LAN communication unit 22. and receives the first node individual certificate CER1_S signed with the private key (S71).

Next, the authentication unit 25 checks the first node individual certificate CER1_S signed with the received private key (S72). Specifically, the authentication unit 25 compares the first node individual certificate CER1_S signed with the private key with the node individual information held in advance using the public key S', and finds a match. Make sure that. Note that if the comparison results do not match, the update destination access point process (S40) ends.

Next, the authentication unit 25 confirms that it has received information such as common key information that is information based on the one-time common key KEYOC that corresponds to the information received in step S71 (S73). If information such as common key information has not been received, the update destination access point process (S40) ends.

Next, the authentication unit 25 decrypts the difference information D_OC encrypted with the one-time common key (S74). Specifically, the authentication unit 25 generates the difference information D of the second access point 20 using the one-time common key KEYOC.

The authentication unit 25 calculates hash information of the difference information D_OC encrypted with the decrypted one-time common key, and compares the calculated hash information with the second hash information H2 to confirm that they match (S75 ). If they do not match, the update destination access point process (S40) ends.

Next, the authentication unit 25 generates post-update information from the pre-update information shared by the first access point 10 and the second access point 20 before updating the information and the information decrypted in step S74 ( S76).

Next, the authentication unit 25 calculates the hash information of the updated information generated in step S76, and compares the calculated hash information with the first hash information H1 to confirm that they match (S77). If they do not match, the updated information generated in step S76 is discarded, the information held by the second access point is used as the pre-updated information, and the updated access point process (S40) ends.

Next, the authentication unit 25 sends an update completion notification to the authentication unit 15 of the first access point 10, which is the update source access point (S78). The update completion notification is also sent to each access point other than the first access point 10 in the system. Note that steps S71 to S78 may be collectively referred to as update destination access point difference information related processing S70.

Next, the authentication unit 25 receives the third hash information H3, the one-time common key KEYOC_BC encrypted with the pre-shared common key, and the private key from the information processing unit 41 via the base unit side wireless LAN communication unit 22. The signed second node individual certificate CER2_S is received (S81).

Next, the authentication unit 25 checks the second node individual certificate CER2_S signed with the received private key (S82). Specifically, the authentication unit 25 uses the public key S' to compare the second node individual certificate CER2_S signed with the private key with the node individual information held in advance and finds a match. Make sure that. Note that if the comparison results do not match, the update destination access point process (S40) ends.

Next, the authentication unit 25 confirms that it has not received information such as common key information that is information based on the same one-time common key KEYOC as the information received in step S81 (S83). If information such as common key information has been received, the update destination access point process (S40) ends.

Next, the authentication unit 25 decrypts the one-time common key KEYOC_BC encrypted with the pre-shared common key (S84). Specifically, the authentication unit 25 generates a one-time common key KEYOC using the pre-shared common key KEYBC.

The authentication unit 25 calculates hash information of the one-time common key KEYOC_BC encrypted with the decrypted pre-shared common key, and compares the calculated hash information with the third hash information H3 to confirm that they match. (S85). If they do not match, the update destination access point process (S40) ends.

Next, the authentication unit 25 instructs the storage unit 26 to store the one-time common key KEYOC generated by the decryption in step S85 until information corresponding to the information received in step S81 is received (S86). Next, the update destination access point process (S40) ends. Note that steps S81 to S86 may be collectively referred to as update destination access point one-time common key related processing S80.

In this way, the updated information generated at the update destination access point is guaranteed by the hash information such as the first hash information H1, the second hash information H2, and the third hash information H3.

Returning to FIG. 5, the explanation will be continued. When the update destination access point processing S40 at one update destination access point is completed, the authentication unit 15 of the first access point 10, which is the update source access point, receives update completion notifications from all registered access points. It is determined whether or not (S32).

If the determination in step S32 is negative, the update source access point process (S20), step S31, update destination access point process (S40), and step S32 are repeated in the wireless communication information update system.

If a positive result is obtained in step S32, the authentication unit 15 transmits a deletion notification to the mobile unit 40 via the base device side wireless LAN communication unit 12 (S33). When the information processing unit 41 receives the deletion notification via the handset-side wireless LAN communication unit 42, it instructs the storage unit 46 to delete the difference information D_OC encrypted with the one-time common key stored in the storage unit 46. issue. Upon receiving the instruction from the information processing unit 41, the storage unit 46 deletes the stored difference information D_C encrypted with the common key (S34).

Next, the authentication unit 15 of the first access point 10, which is the update source access point, determines whether the deletion notification has been sent to all mobile units 40 registered in the wireless communication information update system (S35). .

If the determination in step S35 is negative, steps S33 to S35 are repeated in the wireless communication information update system. If a positive result is obtained in step S35, the wireless communication information update process ends.

As described above, in this embodiment, communication by wireless LAN and communication by radio such as a transceiver are combined. Wireless LAN communication can exchange large amounts of data at speeds ranging from tens of Mbps to several Gbps, but it can only communicate over short distances of about 100 to 200 meters. On the other hand, wireless communications such as transceivers can only communicate at a low speed of several kbps and a small capacity, but can communicate over long distances of several kilometers to several + kilometers.

Therefore, according to the present embodiment, the first information and the second information, which are two pieces of information with different characteristics, and which are one piece of meaningful information, are made up of two different types of characteristics that match the respective characteristics. exchanged using different radios. For example, since the first information has a large amount of information, it is exchanged using wireless LAN communication, and the second information has a small amount of information, so it is exchanged using wireless communication such as a transceiver. Therefore, compared to the case where a single piece of meaningful information is exchanged over a single type of radio, it is less likely to be overheard, and safety can be improved.

Further, according to the present embodiment, using, for example, the hash information H1, the updated information of the update source access point and the updated information of the update destination access point are compared to confirm that they match. Therefore, according to the present embodiment, it is possible to provide a wireless communication information update system in which tampering can be easily detected and each information held by a plurality of servers can be reliably updated.

Furthermore, as described above, according to this embodiment, when a node connects to another node that operates as a server such as an update source access point, the information held by each node is updated to the latest information. It becomes like this. Therefore, according to this embodiment, it is possible to update information reliably and safely even between nodes that are not continuously connected.

Note that when using the conventional method, each time the authentication information is updated, it is necessary for a system administrator or the like to connect a personal computer or the like to each access point and update the authentication information. As a result, updates may be omitted due to system administrator errors, resulting in a lack of reliability and safety.

For example, the wireless communication information update system of this embodiment may be used as a wide area disaster prevention system configured with a closed network that only users can access. In the wireless communication information update system of this embodiment, since the mobile object 40 moves with the first information, each node can communicate even in areas where the public mobile network is disrupted.

For example, in the wireless communication information update system of this embodiment, it is possible to prevent leakage of sensitive information such as medical record information of disaster victims and falsification of data obtained by photographing the disaster site.

Although the present embodiment has been described with reference to the case where the wireless transmitter/receiver 13 and the wireless transmitter/receiver 33 communicate directly, the present embodiment is not limited to this. In this embodiment, it is assumed that the wireless transmitter/receiver 13 and the wireless transmitter/receiver 33 may communicate via the wireless transmitter/receiver 23.

Further, in this embodiment, the information processing sections 11, 21, 31, and 41 and the authentication sections 15, 25, and 35 are implemented as integrated circuits, but the present embodiment is not limited to this. Each section of the information processing section 11, 21, 31, 41 and the authentication section 15, 25, 35 is a program stored in the storage section 16, 26, 36, 46, for example, and the CPU reads each section and executes the above-mentioned processes. may also be executed.

Furthermore, in this embodiment, a case has been described in which the updated information generated at the update destination access point is guaranteed by the hash information H, but the present invention is not limited to this. For example, in this embodiment, the updated information generated at the update destination access point may be guaranteed by a blockchain.

Furthermore, in this embodiment, the case where the moving body 40 is a car has been described, but the present invention is not limited to this. For example, in the present embodiment, the mobile object 40 may be a device capable of moving in three directions, such as a drone, or a device capable of moving on or under water, such as a ship or a submarine.

Further, in this embodiment, the case where the second hash information H2 and the third hash information H3 are generated has been described, but the present invention is not limited to this. For example, in this embodiment, an error correction function in each node may be used instead of the second hash information H2 and the third hash information H3.

Further, in this embodiment, the update source access point one-time common key related process S60 is performed after the update source access point difference information related process S50, but the present invention is not limited to this. For example, the update source access point difference information related process S50 may be performed after the update source access point one-time common key related process S60. Further, the update source access point difference information related process S50 and the update source access point one-time common key related process S60 may be performed in parallel. The same applies to the order of the update destination access point difference information related process S70 and the update destination access point one-time common key related process S80.

(Other embodiments)
In the above-described embodiment, a case has been described in which the mobile body 40 does not perform authentication, but the present invention is not limited to this. For example, in this embodiment, the configuration may be such that the mobile body 40 and the third access point 30 are combined, such as the mobile body 50.

Specifically, as shown in FIG. 8, which is a block diagram showing the configuration of a wireless communication information update system according to another embodiment, the information processing section 41 of the mobile body 50 includes the authentication section 35. Furthermore, the mobile body 50 further includes a base unit side wireless LAN communication section 32 and a wireless transmitting/receiving section 33 that perform wireless communication.

By having a configuration like the mobile body 50, the mobile body 50 can not only carry data but also perform authentication. Therefore, it is also possible to set up a base using a mobile node such as the mobile body 50.

10... First access point, 11, 21, 31, 41... Information processing section, 12, 22, 32... Base device side wireless LAN communication section, 13, 23, 33... Wireless transmitting/receiving section, 15, 25, 35... Authentication unit, 16, 26, 36, 46... Storage unit, 20... Second access point, 30... Third access point, 40, 50... Mobile object, 42... Child device Side wireless LAN communication department.

Claims (6)

a first information processing unit that generates first information and second information from first difference information that is difference information between pre-update information and post-update information; a first access point having a first base unit side LAN communication unit that transmits the second information as a base unit; and a first wireless transmission/reception unit that transmits the second information wirelessly as an electrical signal;
a movable mobile body having a handset-side wireless LAN communication unit that receives the first information as a handset via a wireless LAN and transmits the received first information as it is;
a second base unit side LAN communication unit that receives the first information as a base unit via the mobile body; and a second wireless transmitting and receiving unit that receives the second information wirelessly as an electrical signal; Generating second difference information from the first information and the second information, and generating the post-update information from the pre-update information and the second difference information shared with the first access point. a second access point having a second information processing unit that generates the information;
A wireless communication information update system comprising: The second information is common key information that is information based on a one-time common key that can be used only for the first difference information, and the first information is the information that is encrypted by the one-time common key. The wireless communication information update system according to claim 1 , wherein the wireless communication information update system is the first difference information. The wireless communication information update according to claim 2, wherein the common key information is information obtained by encrypting the one-time common key using a pre-shared common key shared by the first access point and the second access point. system. When the first access point receives an update completion notification that is sent when the update is completed in each node from all the nodes registered in the first access point, the first access point transmitting a deletion notification to the mobile unit, and upon receiving the deletion notification, the mobile body deletes the first information held by the mobile unit;
The wireless communication information update system according to claim 1. The wireless communication information update system according to claim 1, wherein the updated information generated by the second information processing unit is guaranteed by hash information. Generating first information and second information from first difference information that is information on the difference between the pre-update information and the post-update information, and transmitting the first information as a base unit via a wireless LAN, a first step of wirelessly transmitting the second information in an electrical signal;
a second step of receiving the first information as a slave device via a wireless LAN and transmitting the received first information as it is;
The base device receives the first information transmitted in the second step , receives the second information wirelessly as an electric signal, and obtains second information from the first information and the second information. a third step of generating difference information and generating the post-update information from the pre-update information and the second difference information;
A wireless communication information update method comprising:

Images