WO2004082206A1 - 無線通信ネットワークシステムにおける接続認証 - Google Patents
無線通信ネットワークシステムにおける接続認証 Download PDFInfo
- Publication number
- WO2004082206A1 WO2004082206A1 PCT/JP2004/003141 JP2004003141W WO2004082206A1 WO 2004082206 A1 WO2004082206 A1 WO 2004082206A1 JP 2004003141 W JP2004003141 W JP 2004003141W WO 2004082206 A1 WO2004082206 A1 WO 2004082206A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- wireless communication
- wireless
- identification information
- authentication
- management unit
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/50—Secure pairing of devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Definitions
- the present invention relates to a radio communication terminal having a control function as a radio station (hereinafter referred to as an “access point”) in a radio communication network system capable of transmitting data using a radio communication standard such as Bluetooth. ) And a wireless communication terminal controlled by a wireless station (hereinafter, also simply referred to as a “terminal”).
- a radio communication terminal having a control function as a radio station (hereinafter referred to as an “access point”) in a radio communication network system capable of transmitting data using a radio communication standard such as Bluetooth. )
- a wireless communication terminal controlled by a wireless station hereinafter, also simply referred to as a “terminal”.
- BT wireless communication terminals
- An electronic device equipped with such a function (hereinafter sometimes abbreviated as “BT”) is being developed.
- An electronic device equipped with such a function (hereinafter referred to as ⁇ ⁇ ⁇ terminal J) is a single BT terminal called a master (hereinafter referred to as ⁇ ⁇ ⁇ ⁇ ⁇ access point) or simply as an“ access point ”.
- ⁇ ⁇ ⁇ terminal J An electronic device equipped with such a function
- ⁇ ⁇ ⁇ terminal J is a single BT terminal called a master (hereinafter referred to as ⁇ ⁇ ⁇ ⁇ access point) or simply as an“ access point ”.
- slaves hereinafter simply referred to as “terminals”
- This network is called a piconet (Piconet).
- One master communicates while controlling one or more connected slaves. That is, all data packets and control packets are transmitted and received between the master and the slave, and the slaves cannot directly communicate with each other.
- a service system that prints an image represented by an image file stored in a digital camera (BT terminal) brought in by a user via a service providing server (BT access point). It is assumed that then, it is assumed that each user can receive the print service via the monitor installed on the table where he or she is seated by the print service process individually provided by the service providing server.
- BT terminal digital camera
- BT access point service providing server
- each user can select an image file to be printed while referring to the image file of his / her digital camera and instruct the printing of the image.
- the user U1 can refer to the image file of his digital camera CM1 by the process PS1 he is using, select an image file to be printed, and instruct the printing of the image. Desirable.
- the image file of the digital camera CM 1 can be referred to by the process PS 2 used by another user U 2 instead of the process PS 1, the other user U 2 refers to the image file of the user U 1. Can be printed.
- a digital camera owned by the user U 1 is used for a process PS 1 used by a certain user U 1. It is desirable that only CM 1 be communicably connected and that only digital camera CM 2 owned by user U 2 be communicably connected to process PS 2 used by other user U 2.
- the BT terminal is given a 48-bit identifier called a BT address.
- This BT address is an identifier unique to the device. Therefore, if the process used by the user recognizes the BT address of the digital camera owned by the user, the service providing server uniquely identifies the process and the digital camera. It is possible. In addition, digital camera information can be transferred to the specified process.
- the service providing server as an access point can be connected to the BT terminal. However, it can be confirmed that the communication connection with the digital camera as a BT terminal connected to this is normally performed.
- a service providing server installed in a public place cannot usually recognize in advance an unspecified number of users the combination of the user and the BT address of the BT terminal owned by the user in advance. Therefore, the user who uses the service providing server needs to notify the BT address of his BT terminal to the process he is going to use.
- the user must recognize and correctly input a BT address having 48 b ⁇ i '.
- the method (2) as in (1), the user must recognize the BT address and select his / her own BT terminal.
- a BT access point can be simply and safely provided without requiring a user to input or select a BT address. It is possible to confirm that the communication link with the BT terminal connected to this terminal is normally performed, and to uniquely identify the process used by the user and the BT terminal of the user. It is hoped that a mechanism that can do this will be provided.
- the above-mentioned problem is caused when a plurality of BT terminals are connected to a BT access point. This is not limited to the case of a wireless communication network system, but is also considered to be common to wireless communication network systems that perform data transmission using wireless communication standards other than BT.
- the present invention has been made to solve the above-described problems.
- a wireless communication network system in which a plurality of wireless communication terminals are connected to an access point (wireless station) of wireless communication, a plurality of wireless communication terminals are provided.
- the purpose of the present invention is to provide a technology that can easily and securely confirm the authentication of a user and that can uniquely identify a process used by a user and a BT terminal of the user. I do. Disclosure of the invention
- the present invention provides a wireless communication network system including a wireless station and a plurality of wireless communication terminals connected to the wireless station via a wireless line.
- the radio station comprises:
- An identification information management unit that provides a plurality of pieces of identification information to be registered in each of the plurality of wireless communication terminals
- a link management unit that manages a communication link between the wireless station and the plurality of wireless communication terminals
- the link management unit includes:
- the identification information management unit stores information
- identification information used for generating a candidate for authentication information that matches authentication information of an authenticated wireless communication terminal is managed in association with the authenticated wireless communication terminal.
- the authentication of each wireless communication terminal for which the authentication request has been made is provided from the identification information management unit and registered in each wireless communication terminal. It is possible to easily and safely confirm based on the identification information provided. Also, it is possible to specify the identification information registered in each authenticated wireless communication terminal.
- the radio station comprises:
- a processing process providing unit that provides a plurality of processing processes respectively corresponding to the plurality of wireless communication terminals
- the identification information management unit stores information
- each processing process and each authenticated wireless communication end can be specified.
- wireless communication can be performed between the specified processing process and the wireless communication terminal.
- Bluetooth may be used as the wireless communication standard of the wireless line. Can be.
- the present invention also provides a wireless communication network system including a wireless station and a plurality of wireless communication terminals connected to the wireless station via a wireless line,
- the radio station comprises:
- a process providing device comprising: a process providing unit that provides a plurality of processing processes; and a first wireless control unit.
- a wireless communication unit and a second wireless communication unit, wherein the wireless communication unit is connected to the process providing device via a predetermined line, and is wirelessly connected to the plurality of wireless communication terminals by the wireless communication unit.
- a wireless communication device that performs communication
- the first wireless control unit includes:
- ID information issuance management that issues different first identification information to the plurality of processing processes, and manages the plurality of processing processes in association with the issued plurality of first identification information.
- the second wireless control unit includes:
- An identification information management unit that registers and holds the plurality of first identification information issued by the identification information issuance management unit;
- a link management unit that manages a communication link between the plurality of wireless communication terminals
- the wireless communication terminal generates second authentication information based on the registered second identification information, transmits the second authentication information via the wireless line,
- the link management unit includes:
- the identification information management unit Upon receiving the transmitted second authentication information, the identification information management unit holds A plurality of first authentication information candidates are generated based on the plurality of first identification information, and the received second identification information matches any one of the plurality of generated first authentication information candidates. It is also possible to adopt a configuration characterized in that it is checked whether or not the wireless communication terminal transmits the matched second authentication information if the two match.
- the identification information management unit manages the authenticated wireless communication terminal by associating the authenticated wireless communication terminal with the first identification information corresponding to the matched first authentication information candidate.
- the plurality of first identification information is transmitted from the first wireless control unit to the logical interface X-interface by a first control command defined in a logical interface mounted on the predetermined line. It is preferable that the notification is sent to the second wireless control unit via the PC and registered in the identification information management unit.
- the first identification information issued for each processing process in the identification information issue management unit of the first wireless control unit can be easily transmitted to the identification information management unit of the second wireless control unit. It is possible to register.
- the second wireless control unit differs from the registered plurality of first identification information items.
- the specified information is notified to the first wireless control unit via the logical interface, and the identification information issuance management unit includes a plurality of the specified information respectively corresponding to the plurality of first identification information. And manage them,
- the second wireless control unit when the link management unit authenticates the wireless communication terminal, is associated with the first identification information corresponding to the matched first authentication information candidate. Notifying the specific information to the first wireless control unit via the logical interface:!: Source, and the identification information issuance management unit includes the first radio control unit associated with the notified specific information.
- the processing process corresponding to the identification information can be specified.
- the first identification information corresponding to the matched candidate of the first authentication information is obtained by transmitting the logical interface from the second wireless control unit according to a second control command defined for the logical interface. Notified to the first wireless control unit via
- the identification information issuance management unit can also specify the corresponding processing process based on the notified first identification information.
- the authenticated wireless communication terminal and the corresponding processing process can be specified.
- the logical interface is a host control interface.
- the present invention can be realized in various forms.
- a wireless communication network is used to establish a tight link between a plurality of wireless communication terminals connected to the wireless station device and the wireless station.
- the present invention can be implemented in various forms, such as an authentication method of the present invention and a computer program product for establishing a communication link between a plurality of wireless communication terminals via a wireless line in a computer provided in a wireless station. it can.
- FIG. 1 is a schematic configuration diagram showing a print service providing system as a configuration example of a communication network system to which the present invention is applied.
- FIG. 2 is a functional block diagram showing a schematic configuration of the server PSV.
- FIG. 3 is a functional block diagram illustrating a schematic configuration of the digital camera CM1.
- Figure 4 is an explanatory diagram showing the principle of connection authentication.
- Figure 5 is an explanatory diagram showing the principle of connection authentication.
- FIG. 6 is an explanatory diagram showing the principle of connection authentication.
- FIG. 7 is an explanatory diagram illustrating connection authentication processing according to the embodiment.
- FIG. 8 is an explanatory diagram illustrating the connection authentication processing according to the embodiment.
- FIG. 9 is an explanatory diagram illustrating the connection authentication processing according to the embodiment.
- FIG. 10 is a functional block diagram illustrating a schematic configuration of the server PSV ′.
- FIG. 11 is a functional block diagram showing a schematic configuration of the digital camera CM 1 ′.
- FIG. 12 is an explanatory diagram showing a problem in the case where connection authentication is performed at the time of establishing a communication link according to the principle of the BT communication standard.
- FIG. 13 is an explanatory diagram showing a PIN code registration process in the connection authentication process of the embodiment that is executed when a communication link is established.
- FIG. 14 is an explanatory diagram showing connection authentication when a communication link is established, which is executed after registration of a PIN code, when a plurality of connections cannot be made with one registered PIN code.
- FIG. 15 is an explanatory diagram showing connection authentication when a communication link is established, which is executed after PIN code registration, when a plurality of connections are possible with one registered PIN code.
- FIG. 16 is an explanatory diagram showing a problem in a case where connection authentication is performed in accordance with the principle of the BT communication standard after the communication link is established.
- FIG. 17 is an explanatory diagram showing the PIN registration process in the connection authentication process of the embodiment after the communication link is established.
- FIG. 18 is an explanatory diagram showing connection authentication after a communication link is established.
- FIG. 19 is an explanatory diagram showing connection authentication after a communication link is established.
- FIG. 20 is a schematic configuration diagram showing a print service providing system as a modification of the communication network system to which the present invention is applied.
- FIG. 1 is a schematic configuration diagram showing a print service providing system as a configuration example of a communication network system to which the present invention is applied.
- This print service providing system includes a server PSV for providing a print service and a printer PR connected to the server PSV.
- the server PSV has a BT communication function and functions as a BT access point (radio station). Up to seven BT terminals (wireless communication terminals) can be connected to the server PSV according to the BT standard. For this reason, seven monitors DP 1 to DP 7 are connected to this server PSV so that a maximum of seven users can receive the print service at the same time.
- the server PSV provides the print service processes PS 1 to PS 7 to the respective users through the screens of the monitors DP 1 to DP 7.
- a process refers to a functional block that controls an interface with a user and various services executed on a server and provided to each user.
- a process block controls a print service.
- Each user receives the print service using the print service process provided through the monitor in front of him, and can print the images etc. stored in his BT terminal with the printer PR. it can.
- FIG. 1 shows the maximum number of BT terminals (slaves) that can be connected to the server PSV in the area (communication area) WA that can communicate with the server PSV as a BT access point (master).
- the digital cameras G1 to C7 are present.
- FIG. 2 is a functional block diagram showing a schematic configuration of the server PSV.
- the server PSV includes a BT control unit 20, a BT wireless communication unit 30, a service providing unit 40, and a printer control unit 50.
- the server PSV also includes various peripheral devices such as an internal storage device, an external storage device, and a wired communication device, and various interfaces generally provided in a computer, such as various interfaces such as a display interface and an input interface.
- peripheral devices, a control device, and an interface are provided, illustration and description are omitted because they are not particularly necessary for the description of this example.
- the BT control unit 20 controls wireless communication by the BT wireless communication unit 30.
- the BT control unit 20 includes a link management unit 22 that manages a connection authentication process required to establish a communication link between the digital cameras CM1 to CM7, turtle And a PIN code management unit (identification information management unit) 24 for providing different PIN codes (identification information) to be registered in CM1 to CM7.
- the provided PIN code is notified to the user of each process through the corresponding monitors DP 1 to DP 7 by the respective processes PS “! To PS 7 of the service providing unit 40 described later.
- the operation of 22 will be described later in detail.
- the service providing unit 40 executes the first to seventh processes PS1 to PS7 and simultaneously controls the print service provided to the seven users U1 to U7.
- the first to seventh processes P S1 to P S7 display guidance screens for providing a print service on the corresponding first to seventh monitors D P1 to D P7, respectively.
- the first to seventh input devices IP such as a touch panel, a tablet, etc.! It is provided corresponding to DP 7.
- each process PS1 to PS7 7 executes the print service according to each corresponding input or selection.
- the printer control unit 50 controls the operation of the printer PR and executes printing in accordance with an instruction from each of the processes PS1 to PS7 of the service providing unit 40.
- FIG. 3 is a functional block diagram illustrating a schematic configuration of the digital camera CM1.
- FIG. 3 shows a configuration for wireless communication performed with the server PSV in the printing service providing system of FIG. 1, and omits essential components such as an imaging function of a camera. Is shown.
- the digital camera CM 1 includes an operation unit 120, a BT control unit 130, a BT wireless communication unit 140, and a memory card control unit 150. Also, a memory card MC is provided so that it can be inserted and removed.
- the operation unit 120 includes input means such as a switch group and a touch panel for operating the digital camera, display means, and the like.
- the BT control unit 130 controls wireless communication by the BT wireless communication unit 140.
- the BT control unit 130 includes, in particular, a link management unit 132 that manages a connection authentication process required to establish a communication link with the server PSV. The operation of the link manager 13 will be described later in detail.
- the memory card control unit 150 controls writing or reading of various data such as image data to the memory card MC.
- the image data stored in the memory card MC can be transferred to the server PSV via the BT control unit 130.
- the configuration for wireless communication performed with the server PSV in the print service providing system of FIG. 1 is the same as that of the digital camera CM1 of FIG. The same is true.
- the print service when each user instructs the start of the print service according to the screen displayed on the monitor, the print service is stored in the memory card of the digital camera.
- the image data is transferred to a storage device (not shown) in the server PSV, and is displayed in a list, for example, in the form of a thumbnail or a file name.
- the selected image data is transferred from the server PSV to the printer PR (FIG. 1) and printed.
- Each user can receive their own printing service by using the process provided through the screen displayed on each monitor. That is, in this print service providing system, each user can receive a unique print service by using a process provided through a screen displayed on each monitor.
- BT wireless communication is required between the server PSV as a BT access point (master) and the digital cameras CM1 to CM7 as BT terminals (slaves). Synchronization confirmation according to After the stand-by phase, synchronization within the piconet is established between the master and each slave, and it is necessary for the communication connection phase to be able to perform bucket communication.
- This communication connection phase has two processing states, a connection state and a data transfer state.
- a connection state actual data packets are not transmitted / received, but control packets for setting up communication links, control buckets related to security, etc. are transmitted / received.
- control packets for setting up communication links, control buckets related to security, etc. are transmitted / received.
- data transfer state actual data bucket transmission / reception is performed.
- BT uses radio waves as a communication medium, there is no physical restriction between terminals such as a cable.
- terminals such as a cable.
- the transmitted information propagates radially, it is desirable to provide a security function to prevent erroneous connection and eavesdropping between the master and slave. Therefore, BT transitions to the data transfer state when it first transitions to the connection state after the synchronization establishment phase, unless the master and slave have completed mutual connection authentication processing and encryption settings. It is stipulated that it is not possible to send and receive data.
- connection authentication specified by the BT communication standard and its problems will be described, and then the connection authentication of the embodiment will be described.
- 4 to 6 are explanatory diagrams showing the principle of connection authentication. 4 to 6 show that in the print service providing system of FIG. 1, the server PSV provides only one process PS1, and only the digital camera CM1 owned by one user U1 is connected to the server PSV. Assuming that this is the case, the principles of the connection authentication procedure in accordance with the provisions of the BT communication standard are shown.
- the server PSV may be simply referred to as a master
- the digital camera CM1 may be simply referred to as a slave.
- the BT security is managed by a 128-bit secret key called a link key.
- the link key refers to a parameter for managing one-to-one security between two specific terminals. And this link key is 3rd Is not disclosed to the public. That is, unless this parameter is set between the master and the slave, communication using the communication protocol of a layer higher than the link management layer level is not possible. Therefore, before the connection authentication process is actually performed, first, the link management unit 22 included in the BT control unit 20 of the master (server PSV) and the BT of the slave (digital camera CM 1) A link key is set between the master and the slave by performing a pairing process with the link management unit 132 included in the control unit 130. Then, the connection authentication processing is executed between the master and the slave based on the set link key. When mutual authentication is confirmed, connection authentication is completed.
- the pairing process and the connection authentication process will be described more specifically.
- the master and the slave agree on the pairing. That is, the master requests pairing with the slave by sending a control packet “LMP-in-randj” to the slave to request the setting of the initialization key.
- a 128-bit random number RAD_init is generated as an initialization key generation random number used to generate an initialization key, and the generated initialization key generation random number RAND_init is transmitted from the master to the slave.
- the slave If the slave accepts the pairing request, the slave returns a control packet “LMP—acceptedj.” As a result, the agreement on the pairing between the two is established. , The control packet "LMP one not one acceptedj is returned.
- both the master and the slave When the pairing agreement is established, both the master and the slave generate an initialization key.
- the initialization key is calculated by the initialization key algorithm (E22).
- the input parameters of the initialization key algorithm (E2 2) are PIN code, PIN code length, Random number for initializing key generation RAND—init.
- the random number RAND-init for generating the initialization key is transmitted from the master to the slave when the pairing is agreed upon. Therefore, if the same PIN code is input to both the link management unit 22 of the master (server PSV) and the link management unit 132 of the slave (digital camera CM 1), the same initialization key Kinit will be input to both. Generated.
- the PIN code and the PIN code length are input from the process PS1 to the link management unit 22. Also in the slave, when the user U1 inputs a PIN code through the operation unit 120, the PIN code and the PIN code length are input from the main control unit 110 to the link management unit 132.
- the PIN code input by the user is a variable value of up to 16 bytes (128 bits). If the input PIN code length is less than 16 bytes, an appropriate value is supplemented.
- the master and slave negotiate to use the composite key as the link key. That is, the master sends a control packet “LMP_comb_key” to the slave and requests registration of the composite key as a link key. At this time, the master generates a 128-bit random number U and RAND_A as the composite key generation random number used to generate the composite key, and the generated composite key generation random number LI and RAND_A are sent from the master to the slave. Sent.
- the slave similarly to the master, the slave generates a 128-bit random number LK-RAND-B as a random number for generating a composite key by transmitting the control packet “LMP—comb—keyj” to the slave.
- the generated random number LK—RANDJB for generating a composite key is transmitted from the master to the slave.
- the master uses the exclusive OR of the initialization key Kinit and the first composite key generation random number LK_RAND_A. Sends the result to the slave, and the slave sends the initialization key Kinit and the second Combined key generation random number LK_RAND—Sends the result of exclusive OR with B to the master. Then, the first composite key generation random number LK—RAND_A and the first composite key generation random number LK—RAND_A are calculated by executing the exclusive OR of the result of the exclusive OR transmitted and received between the master and the slave and the initialization key Kinit. The composite key generation random number LK_RAND_B of 2 is exchanged.
- both the master and the slave When the master and slave negotiate to use the composite key as the link key, both the master and the slave generate the composite key.
- the composite key is generated by calculating the exclusive OR of the master temporary key and the slave temporary key.
- the master's provisional single key is calculated by the single key algorithm (E 21) using the master's BT address BD_ADDR_A and the first composite key generation random number LK—RAND—A as two input parameters.
- the provisional single key of the slave is calculated by the single key algorithm (E 21) using the BT address BD—ADDR—B of the slave and the random number LK_RAND_B for generating the second composite key as two input parameters.
- the two random numbers LK—RAND_A and LK_RAND_B for generating the composite key are exchanged between the master and the slave during the above negotiation.
- the BT addresses BD_ADDR_A and BD_ADDR_B are mutually exchanged in the synchronization establishment phase, and are well-known parameters for both the master and the slave. Therefore, on both the master and slave, the provisional simple keys LI and KA of the master and the provisional simple keys — LK_KB of the slaves with the same result should be generated, and as a result, these provisional simple keys LK — KA and As the exclusive OR with LK_KB, a composite key Kcomb with the same result should be generated.
- the generated composite key Kcomb is set and registered as a link key Linkey in a memory (not shown) on both the master and the slave.
- the actual connection authentication process is performed using the link key Linkey generated on both sides.
- the slave sends an authentication request to the master, and then the master sends an authentication request to the slave to determine mutual connection authentication.
- the master sends a control packet “LMP—au_rand” to the slave.
- the master generates a 128-bit authentication challenge random number AILRAND, and the generated random number AU-RAND is transmitted from the master to the slave.
- SRES—B is calculated.
- the authentication response parameter SRES—B is calculated using ADDR—B and the authentication challenge random number AILRAND as input parameters.
- the slave sends the control packet “LMP_SRESJ to the master, and At this time, the calculated authentication response parameter SRES_B is sent to the master.
- the master Upon receiving the authentication response parameter SRES-B, the master compares the authentication response parameter SRES_B 'calculated by itself to determine whether or not to connect to the slave. This allows the master to authenticate the slave.
- the slave transmits a control packet “LMP—au one randj” to the master.
- LMP—au one randj the master's BT address BD_ADDR_A.
- the authentication response parameter SRES-A ' is calculated by the connection authentication algorithm (E 1) using the three authentication challenge random numbers AU_RAND as input parameters.
- the control packet “LMP—au—randj receives the authentication challenge random number AU—RAND.
- the master that receives the authentication challenge random number AU—RAND like the slave, uses the connection authentication algorithm (E 1) to generate the link key.
- the master sends a control packet “LMP—SRESJ to the slave to request connection to the slave. At this time, the calculated authentication response parameter SRES_A is sent to the slave.
- the slave Upon receiving the authentication response parameter SRES_A, the slave determines whether or not to connect to the master by comparing it with the authentication response parameter SRES-A 'calculated by itself. As a result, the master is authenticated in the slave.
- the connection authentication is completed. If the link keys generated by both the master and slave are different, that is, if the mutually common parameters used for link key generation are different, the authentication response parameter Since they do not match, it is determined that they cannot be connected to each other. Thereby, mutual security of the master and the slave can be ensured.
- connection authentication processing based on the above principle has the following disadvantages.
- connection authentication based on the above principle is executed between each digital camera CM1 to CM7 and the server PSV, connection authentication processing is performed between each and the communication link is established. Is possible. However, in this case, only the unique BT address can be used as a parameter for identifying the seven digital cameras CM1 to CM7.
- each user U1 to U7 needs to notify the process PS1 to PSf that they are using of the BT address of their digital camera CM1 to CM7. .
- PIN_1 to PIN—7 are assigned to the processes PS1 to PS7 used by the users U1 to U7, respectively, and the respective users U1 to U7 are assigned by the monitors DP1 to DP7. 1 to U7. Then, it is assumed that the presented PIN codes PIN-1 to PIN-7 are input to their digital cameras CM1 to CM7 by the users U1 to U7.
- the first device will be up to 7 times and the second device will be up to 7 times. 6 times, 3 times up to 5 times, 4th time up to 4 times, 5th time up to 3 times, 6th time up to 2 times, 7th time up to 1 time, up to 28 times Repeatedly, it is not possible to make a one-to-one relationship between the seven connected digital cameras CM "! ⁇ CM 7 and the processes PS 1-PS 7 used by each user U 1-U 7 is not.
- connection authentication process In order to complete the connection authentication for all of the digital cameras CM1 to CM7, the connection authentication process must be repeated up to 28 times, which is very inefficient.
- connection authentication processing is performed by the method described below.
- FIGS. 7 to 9 are explanatory diagrams illustrating connection authentication processing according to the embodiment.
- FIGS. 7 to 9 show that, as shown in FIG. 1, the server PSV provides the first to seventh processes PS 1 to PS 7 and the digital camera CM owned by the seven users U 1 to U 7. 1 to CM7 are connected to the server PSV, and among the connection authentications performed between each digital camera GM1 to CM7 and the server PSV, the connection authentication between the first digital camera CM1 is shown.
- the server PSV may be simply referred to as a master
- the first digital camera CM1 may be referred to as a slave.
- connection authentication is basically performed in the same sequence as the above principle. That is, first, the link management unit 22 included in the BT control unit 20 of the master (server PSV) and the link management unit 130 included in the BT control unit 130 of the slave (first digital camera CM1) A pairing process is performed with the unit 132, and a link key is set between the master and the slave. Then, the connection authentication processing is executed between the master and the slave based on the set link key. When mutual authentication is confirmed, connection authentication is completed. In the following, this pairing process and connection authentication process This will be described more specifically.
- a pairing agreement is made between the master and the slave. That is, the master requests pairing with the slave by transmitting a control packet “LMP_in_rand” to the slave to request the setting of the initialization key. At this time, the master generates an initialization key generation random number RAND_init, and the generated initialization key generation random number RAND_init is transmitted from the master to the slave.
- both the master and the slave generate an initialization key.
- the PIN code and PIN code length assigned to each of the processes PS1 to PS7 by the PIN ⁇ ⁇ code management unit 24 are input to the link management unit 22 and the initialization key algorithm ( By E22), the initialization keys Kinit1 to Kinit-7 corresponding to each PIN code are calculated as shown in the following equations (al) to (a7).
- the IN codes of the processes P S1 to P S 87 are indicated by PIN_1 to PIN-7, respectively, and the PIN code lengths are indicated by PIN-11 Lng to PIN_7 Lng, respectively.
- the operation unit 1 2 0 is also operated by the user U 1 of the first digital camera CM 1
- the PIN code PIN_1 corresponding to the first process PS1 is input from (FIG. 1)
- the PIN code PIN-1 and the PIN code length PIN_l_Lng are input to the link management unit 132 in response to the input.
- the initialization key Kinit_trm is calculated by the initialization key algorithm (E22) as shown in the following equation (bl).
- the master and slave negotiate to use the composite key as the link key. That is, the master, controls the bucket preparative "LMP_ C omb- key” was sent to the slave registers require composite key as a link key.
- the control packet “LMP—combined key” uses the exclusive OR of the composite key generation random number LK_RA D—A generated by the master and the initialization key Kinit. Is sent from the master to the slave. However, in this embodiment, seven initialization key candidates Kinit— :! Since Kinit_7 has been calculated, the same cannot be done.
- the master generates a 128-bit random number COMB— ⁇ D-1A, and transmits the generated random number C (MB_RAND_A from the master to the slave.
- this random number C0MB_RA D_A By calculating the exclusive-OR (XOR) with the initialization key candidates Kinit_l to Kinit-7, the first seven candidate LK_RAND_A_1 to LK_RAND_A_7 of the first composite key generation random number are calculated by the following equations (cl) to (c7). It is calculated as shown.
- LK_RAND_A_1 (COMB-RAND-A) XOR (Kinit-1 1)... (Cl)
- LK_RA D_A_3 (C0MB_RAND_A) XOR (Kinit_3)... (C3)
- LK_RAND_A_4 (C0MB_RAND_A) XOR (Kinit— 4)... (C4)
- LK_RAND_A_5 (COMB-RAND— A) XOR (Kinit— 5)... (C5)
- LK_RAND_A_7 (C0MB_RAND_A) XOR (Kinit_7)... (C7)
- the slave calculates the exclusive-OR (XOR) of the random number COMB—RAND—A transmitted from the master and the initialization key Kinit_trm, and obtains the random number LK—RANDJLtrm as the first composite key generation random number. It is calculated as shown in the following equation (dl).
- LK_RAND_A_trm (C0MB_RAND_A) XOR (Kinit—trm)... (Dl)
- the slave generates the random number LK— RAND_B as the second composite key generation random number, and generates the generated second composite key generation random number LK_RAND_B and the initialization key in the same manner as the connection authentication principle shown in FIG.
- the result of exclusive OR with Kinit_trm is transmitted to the master as a random number C0MB_RAND_B using the control packet “LMP_comb—key”.
- the master receiving the random number COMB-RAD_B obtains the exclusive-OR (XOR) of this random number C0MB_RAND-B and each of the initialization key candidates Kinit_l to Kinit_7, thereby obtaining the second composite key generation random number.
- the two candidates LK_RAND_B_1 to LK_RAND_B_7 are calculated as shown in the following equations (el) to (e7).
- LK—RAND-B-1 2 (COMB-RAND—B) XOR (Kinit_2)... (E2)
- LK_RAND_B_3 (C0MB_RAND_B) XOR (Kinit_3)... (E3)
- LK_RAND_B_5 (COMB-RAND-B) XOR (Kinit-1 5)... (E5)
- the master and the slave negotiate to use the composite key as the link key in this way, the master and the slave both generate the composite key.
- the master's provisional simple key candidates LK_KA_1 to LK_KA_7 and the slave's provisional simple key candidates LK_KB-1 to LK_KB-7 are calculated by the following equations (fl) to (F7), calculated as shown in (gl) to (g7).
- LK—KA—L2 E21 (LK_RAND_A_1, BD—ADDR-1A). •. (F 1)
- LK_KA_2 E21 (LK-RAND— A-1 2 'BD-ADDR—A)... (F 2)
- LK_KA_3 E21 (LK— RAND— A— 3, BD_ADDR_A)... (F 3)
- LK-KA- 4 E21 (LK- RAND-A-1, BD- ADDR-A)... (F 4)
- LK_KA_5 E21 (LK_RAND_A_5, BD-ADDR-A)... (F5)
- LK-1 KA—6 E21 (LK—R brain—A-1 6, BD—ADDR—A). •. (F 6)
- LK_KA_7 E21 (LK_RAND-A-17, BD-ADDR-A).. ⁇ (F 7)
- LK—KB-1 E21 (LK_RAND_B_1, BD—ADDR—B)... (Gl)
- LK_KB_2 E21 (LK-RAND-B1-2, BD-ADDR-B)... (G2)
- LK_KB_3 E21 (LK_RAND_B_3, BD—ADDR—B)... (G3)
- LK_KB_4 E21 (LK_RAND_B_4, BD—ADDR—B)... (G4)
- LK—KB_5 E21 (LK ⁇ ⁇ D ⁇ B-1 5, BD ⁇ ADDR ⁇ B)... (G5)
- LK-KB_6 E21 (LK_RA D_B_6, BD—ADDR—B).. • (g6)
- LK—KB—7 E21 (LK_RAND_B_7, BD_ADDR_B)... (G7)
- Kcorab—l (LK—KA—l) XOR (LK-KB—1)... (Hi)
- Kcomb— 2 (LK—KA— 2) XOR (LK—KB— 2) •.. (H2)
- Kcomb— 3 (LK—KA— 3) XOR (LK—KB— 3)... (H3)
- Kcomb-1 4 (LK-1 KA-1 4) XOR (LK—KB— 4)... (H4)
- Kcomb— 5 (LK-1 KA-1 5) XOR (LK-1 KB_5)... (H5)
- Kcomb-1 6 (LK-KA-6) XOR (LK-KB-1 6)... (H6)
- Kcomb— 7 (LK-KA- 7) XOR (LK—KB-1 7)... (H7)
- the master's provisional unit is also determined by the unit key 'algorithm (E21).
- the body key LK_KA_trm and the provisional single key LK_KB_trm of the slave are calculated as shown in the following equations (il) and (jl).
- LK_KA_trm E21 (LK_RAND_A_trm, BD— ADDR—A)... (Il)
- LK-KB-trm E21 (LK_RAND_B_trm, BD_ADDR_B)... (Jl)
- the composite key Kcomb_trm is expressed by the following equation (kl). It is calculated as follows.
- Kcomb_trm (LK—KA-trm) XOR (LK_KB_trm)... (Kl)
- the composite key candidates Kcomb-1 to Kcomb-7 generated by the master as described above are set and registered in a memory (not shown) as link key Linkey candidates.
- the composite key Kcomb-trm generated by the slave is set and registered in a memory (not shown) as a link key Linkey.
- the actual connection authentication process is performed using the link keys generated by both parties.
- the slave makes an authentication request to the master, and then the master makes an authentication request to the slave, and the connection authentication is mutually confirmed.
- the master generates an authentication challenge random number AU_RAND and sends it to the slave using the control packet “LMP-au-randj” in the same way as the connection authentication principle shown in Fig. 6.
- the authentication response parameters are calculated using the connection authentication algorithm (E 1), but different from the above principle, seven authentication responses corresponding to the seven compound key candidates Kcomb_l to Kcomb—7 as the link key Linkey Parameter candidates SRES-1 to SRESJ7 are calculated as shown in the following equations (ml) to (m7).
- SRES-1 E1 (Kcomb-1, BD_ADDR-B, AU-RAND)... (Ml)
- SRES-1 3 El (Kcomb-3, BD-1 ADDR-B, AU-RAND)... (M3)
- SRES_4 E1 (Kcomb_4, BD—ADDR—B, AU—RAND)... (M4)
- SRES-1 6 E1 (Kcomb_6, BD—ADDR—B, AU—RAND)... (M6)
- SRES-1 7 E1 (Kcomb_7, BD—ADDR—B, AU—RAND)... (M7)
- the slave that has received the authentication challenge random number ALLRAND calculates the authentication response parameter SRES-trm as shown in the following equation (nl) according to the principle of connection authentication.
- the slave requests the connection authentication by transmitting the calculated authentication response parameter SRES1 trm to the master using the control packet “LMP_sres”.
- the master Upon receiving the authentication response parameter SRES_trm, the master compares the authentication response parameter candidate SRES_1 to SRES_7 calculated by itself and searches for a matching authentication response parameter. In this example, only the first authentication response parameter SRES-1 and the received authentication response parameter SRES_trra should match. As a result, connection authentication between the server PSV as a master and the first digital camera CM1 as a slave is confirmed. Furthermore, the first process PS 1 associated with the first PIN code PIN_1 used to calculate the first candidate SRES_1 and the first digital camera CM 1 have a one-to-one relationship. There is a monkey.
- the server PSV as the master shifts to the slave as the slave.
- the connection authentication for the request for connection authentication to the first digital camera CM1 is executed. Specifically, in the same way as the connection authentication principle shown in Fig. 6, the slave generates an authentication challenge random number AU-RAND and transmits it to the slave using the control bucket "LMP_au_randJ.” Based on (E 1), the authentication response parameter SRES_trm is calculated as shown in equation (n 1).
- Linkey Kerkey-1 in this example
- the slave that has received the authentication response parameter SRES_1 compares the authentication response parameter SRES_trm calculated by itself with the received authentication response parameter SRES-1, and checks whether they match. This confirms the connection authentication.
- connection authentication can be performed for other digital cameras CM2 to CM7 in the same procedure.
- the master uses all seven authentication response parameter candidates that can be generated based on the seven compound key candidates in the connection authentication of each of the seven digital cameras CM1 to CM7. It is not necessary to perform authentication, and the parameter candidates confirmed in order may be excluded from the authentication candidates.
- connection authentication when the server PSV as the master issues a connection authentication request from the first to seventh digital cameras CM "! While confirming the connection authentication between the PSV and the first to seventh digital cameras CM1 to CM7, it can recognize the respective PIN codes input to the first to seventh digital cameras CM1 to CM7.
- the relationship between the first to seventh processes PS 1 to PS 7 and the PIN codes PIN— :! to PIN—7 assigned to them is managed by the PIN code management unit 24, and Therefore, each digital camera CM 1 to CM 7 and each of the first to seventh processes PS 1 to PS 7 used by each digital camera owner U 1 to U 7 have a one-to-one correspondence.
- the user can input a simple PIN code to his / her digital camera, thereby enabling BT wireless communication only for the process that he or she is using.
- connection authentication the sequence of transmitting and receiving the control bucket between the server PSV as the master and the digital camera as the slave is exactly the same as the sequence described in connection authentication principle.
- the digital camera as a slave does not need to have a special mechanism, and a digital camera having a general BT communication function is used in the printing service providing system of the embodiment to provide a printing service. There is an advantage that it is possible to receive the offer.
- connection authentication in the case where the server becomes the master and the digital camera becomes the slave has been described as an example.However, the present invention is not limited to this. In such a case, connection authentication can be performed in exactly the same procedure.
- a server PSV 'as a BT access point (wireless station) and digital cameras CM1' to CM7 as BT terminals (wireless communication terminals) will be described for a print service providing system as a second embodiment.
- FIG. 10 is a functional block diagram illustrating a schematic configuration of the server PSV ′.
- the server PSV ' has a configuration in which a BT module 300 that executes BT wireless communication is connected to a computer 200 as a service providing device that provides a print service.
- the service providing apparatus 200 and the BT module 300 are connected by a physical IF (Interface) with a UART (Universal Asynchronous Receiver Transmitter) or a USB (Universal serial Bus). Here, it is assumed that they are connected by USB.
- the service providing device 200 includes an internal storage device, an external storage device and a wired communication device.
- Various peripheral devices such as devices, various interface devices such as a display interface and an input interface interface, and various peripheral devices, control devices, and interfaces generally provided in a computer. However, illustration and description of those not particularly required for the description of this example are omitted.
- the service providing device 200 includes a service providing unit 210, a printer control unit 220, and a BT control unit 230.
- the service providing unit 210 executes the first to seventh processes PS “! To PS” in the same manner as the service providing unit 40 in FIG. 2 to simultaneously execute the seven users U 1 to U 7
- the first to seventh processes PS 1 to PS 7 control the print service to be provided, and the first to seventh monitors DP 1 to DP 7 (shown in FIG.
- the first to seventh input devices IP1 to P7 such as a touch panel and a tablet are connected to the first to seventh monitors D ⁇ "! ⁇ D ⁇ 7 are provided.
- each process PS1 to PS7 prints according to the corresponding input and selection. Perform printing services.
- the printer control unit 220 controls the operation of the printer PR and executes printing in accordance with instructions from the processes PS1 to PS7 of the service providing unit 210, similarly to the printer control unit 50 in FIG.
- the BT control unit 30 controls wireless communication by the BT module 300.
- the BT module 300 includes a BT control unit 310 and a BT wireless communication unit 320.
- the BT wireless communication unit 320 has a function of actually transmitting and receiving data wirelessly, and is a so-called transceiver.
- the BT control unit 310 controls wireless communication by the BT wireless communication unit 320 according to control by the BT control unit 230 of the service providing device 200.
- the BT control unit 230 of the service providing apparatus 200 is also referred to as “service-side BT control unit 230”
- the BT control unit 310 of the BT module 300 is also referred to as “module-side BT control unit 310”.
- the service-side BT control unit 230 includes an HCI control unit 234, and the module-side BT control unit 310 includes an HCI control unit 316.
- These HCI control units 234 and 316 are logical IFs implemented in the physical IF connecting the service providing device 200 and the BT module 300, and are HCI (Host Control) defined by the BT communication standard. Interface), the communication between the service-side BT control unit 230 and the module-side BT control unit 310 is controlled.
- the HCI control unit 234 of the service-side BT control unit 230 is also referred to as a “service-side HCI control unit 234”, and the HCI control unit 316 of the module-side BT control unit 310 is referred to as ⁇ Module-side HCI control. Part 3 16 J is also called.
- the service-side BT control unit 230 includes a PIN code issuance management unit 232
- the module-side BT control unit 310 includes a PIN code management unit 314.
- the PIN code issue management unit 232 issues different PIN codes (identification information) to be allocated to the respective processes PS1 to PS7. Further, as described later, the assigned PIN code is notified to the PIN code management unit 314 via the HCI control units 234 and 316.
- the module-side BT control unit transmits information indicating the relationship between the connection handle for identifying the communication partner BT terminal and the PIN code used for communication connection authentication. Acquire and manage.
- the PIN code management unit 314 holds and manages the PIN code notified from the PIN issue management unit 232 via the service-side HCI control unit 234 and the module-side HCI control unit 316.
- the module-side BT control unit 310 includes a link management unit 312.
- the link management unit 312 establishes a communication link with a BT terminal (in this example, digital cameras CM1 'to CM7') connected to the server PSV 'as a BT access point. Manage the required connection authentication process.
- the operation of the link management section 312 is the same as that of the link management section 22 in the first embodiment shown in FIG.
- the service-side BT control unit 230 and the module-side BT control unit 310 correspond to the BT control unit 20 (FIG. 2) in the server PSV of the first embodiment.
- FIG. 11 is a functional block diagram illustrating a schematic configuration of the digital camera CM 1 ′.
- the digital camera CM1 ' is a computer as a camera device having a so-called imaging function.
- a configuration is provided in which a BT module 500 that executes BT wireless communication is connected.
- a physical connection between the camera device 400 and the BT module 500 such as UART and USB.
- this camera device 400 shows a configuration for wireless communication by BT executed with the server PSV ', and omits essential components of the imaging device such as an imaging function. ⁇
- the force camera device 400 includes an operation unit 410, a BT control unit 420, and a memory force control unit 430.
- the operation unit 410 includes input means such as a switch group and a touch panel for operating the digital camera, display means, and the like, similarly to the operation unit 120 in FIG.
- the memory card control unit 430 also controls writing or reading of various data such as image data to a memory card MC (not shown), similarly to the memory card control unit 150 in FIG.
- BT control section 420 controls wireless communication by BT module 500.
- the BT module 500 includes a BT control unit 510 and a wireless communication unit 520.
- the wireless communication unit 520 is a so-called transceiver having a function of actually transmitting and receiving data wirelessly.
- the BT control unit 510 controls wireless communication by the BT wireless communication unit 520 according to control by the BT control unit 420 of the camera device 400.
- the BT control unit 420 of the camera device 400 is also referred to as “camera-side BT control unit 420”
- the BT control unit 510 of the BT module 500 is also referred to as “module-side BT control unit 510”.
- the camera-side BT controller 420 includes an HCI controller 424
- the module-side BT controller 510 includes an HCI controller 516.
- These HCI control units 424 and 516 are logical IFs implemented in a physical IF connecting the camera device 400 and the BT module 500, and are HCI (Host Control) defined in the BT communication standard. Interface), the communication between the camera-side BT controller 420 and the module-side BT controller 510 is controlled.
- the HCI control unit 424 of the camera-side BT control unit 420 is also referred to as the “camera-side HCI control unit 424”, and the HCI control unit 516 of the module-side BT control unit 510 is referred to as “module-side HCI control unit. Part 51 6 ”.
- the module-side BT control unit 510 includes a link management unit 512.
- the link management unit 512 manages a connection authentication process required to establish a link for communication with the server PSV 'as the B-th access point.
- the operation of the link management unit 512 is the same as that of the link management unit 132 in the first embodiment shown in FIG.
- Image data stored in a memory card MC can be transferred to the server PSV via the camera-side BT control unit 420 and the module-side BT control unit 510.
- the camera-side BT control unit 420 and the module-side BT control unit 510 correspond to the BT control unit 130 (FIG. 3) in the digital camera CM1 of the first embodiment.
- the configuration for wireless communication performed with the server PSV 'in the print service providing system is the digital camera shown in Fig. 11. Same as CM 1 '.
- the print service providing system in which the first to seventh digital cameras CM1 'to CM7' are connected to the server PSV 'as described above is similar to the print service providing system of the first embodiment (Fig. 1).
- each user receives its own printing service by using the process provided through the screen displayed on each monitor. be able to.
- connection authentication in the print service providing system will be described in two cases, connection authentication when a communication link is established and connection authentication after the communication link is established.
- connection authentication when establishing a communication link (ACL (Asynchronus Connection-Less) link) according to the principle of the BT communication standard will be described.
- ACL Asynchronus Connection-Less
- FIG. 12 is an explanatory diagram showing a problem in a case where connection authentication is performed when a communication link is established in accordance with the principles of the BT communication standard.
- FIG. 12 shows that the service side BT control unit 230 of the server PSV ′ in FIG.
- the service providing unit 210 provides the first to seventh processes PS1 to PS7, If the digital cameras CM1 'to CM7' owned by the users U1 to U7 are connected to the server PSV ', the digital cameras CM1' to CM7 'and the server PSV' The figure shows the connection authentication between the first digital camera CM1 and the connection authentication performed in (1).
- first to seventh processes PS 1 to PS 7 of the service providing unit 210 are provided with PINs to be input to the first to seventh digital cameras CM 1 ′ to CM 7 ′ respectively connected thereto. It is assumed that the code is presented to first to seventh users U1 to U7 through respective monitors (not shown). In the following, this assumed server is also simply referred to as a server, and the first to seventh digital cameras CM1 'to CM7' are also simply referred to as camera1 to cameraf. Digital cameras are sometimes simply called BT terminals.
- the first processing (S1) Whether to validate connection authentication from the service-side HCI control unit 234 of the service providing device 200 to the module-side HCI control unit 316 of the BT module 300 when establishing a communication link Issue the control command "HCI-Write-Authentication-Enabel" with the command parameter "Authentication-Enable” indicating whether to invalidate it enabled.
- the authentication process is executed in the process of establishing a communication link between the server and the BT terminal (here, camera 1). Communication between the service providing device 200 and the BT module 300 in the server is performed via the service-side HCI control unit 234 and the module-side HCI control unit 316 as described above. Executed.
- the description “from the service-side HCI control unit 234 of the service providing device 200 to the module-side HCI control unit 316 of the BT module 300” is simply described as “from the service providing device 200 to the BT For the module 300 "or” the service-side BT control unit 230 to the module-side BT control unit 310 ", it may be abbreviated as J.
- connection authentication can be started between the link management unit 312 in the module side BT control unit 310 of the server and the module side BT control unit 5110 of the camera 1.
- the link management unit 312 in the BT control unit 310 on the module side of the server holds the link key necessary for the authentication described in the first embodiment.
- the BT module of the partner BT terminal to be authenticated (here, camera 1) is authenticated from the BT module 300 to the service providing apparatus 200.
- the event “HCI—Link—key—Request_eventJ” with the dress as a command parameter (parameter name “BD—ADDRJ”) is issued, and the link key is queried.
- the BT control unit 230 on the service side originally does not know the BT address of the BT terminal (camera 1) on the other side, so the link key corresponding thereto is not known. I can't even answer one. Therefore, as a fourth process (S 4), the control command “HCI_Link_Key_Negative_Request_reply” is issued from the service providing apparatus 200 to the BT module 300 to deny that the link key cannot be notified. A response is made.
- the service-side BT control unit 230 normally holds the combination of the partner's BT address and link key, so that the control command “HCI—Link—Key—Request” is used. — Link key can be notified to BT module by replyj.
- the link management unit 312 of the module control unit 310 of the server starts the pairing process as described in the first embodiment.
- the PI ⁇ code is used.
- the ⁇ ⁇ module 300 transmits the 1 ⁇ address of the camera 1 to the service providing apparatus 200 as a copy.
- the event “HCI—PIN—Code_Request—event” with the command parameter “BD_ADDR” is issued and the PIN code is queried.
- the service-side BT control unit 230 does not usually know the BT address of the BT terminal of the other party (here, camera 1). More specifically, the service-side BT control unit 230 can know the PIN codes provided by the processes PS1 to PS7. However, these PIN codes and the respective BT terminals (to which the PIN codes have been input) can be obtained. Since it is not possible to know the correspondence between the digital camera CM 1 ' ⁇ CM7') and the unique BT address, the PIN code corresponding to the inquired BT address cannot be answered.
- control command “HCI_WLCode—Negative—Request—replyj is not issued from the service providing apparatus 200 to the BT module 300, and the P ⁇ code cannot be notified. A negative response to the effect is made.
- the link management unit 312 of the module-side control unit 310 cannot perform the pairing process and the authentication process described in the first embodiment, and as a result, the connection between the server and the camera 1 fails. It becomes. Then, on the server side, as a seventh process (S7), the status (parameter name rstatusj) indicating the communication link establishment result (success / failure) and the BT of the camera 1 are transmitted from the module 300 to the service providing device.
- An address parameter name “BD_ADDRJ”
- a connection handle parmeter name rconnection—event including parameters such as HandleJ——Connection—Complete—event ”are issued to notify the connection failure.
- the eighth processing (S8) includes parameters such as the status, the BT address of the server, and the connection handle from the BT module 500 to the camera device 400.
- Event ⁇ HCI_Connection—Complete_eventJ is issued to notify connection failure.
- the service-side BT control unit 230 does not include the PIN code issue management unit
- the module-side BT control unit 310 does not include the PIN code management unit 314. If connection authentication is performed when establishing a communication link between the server assumed to be and the BT terminal (digital camera CM1 'to CM7'), the module included in the BT module 300 of the assumed server Even if the terminal BT control unit 310 inquires the service side BT control unit 230 included in the service providing apparatus 200 about the PIN code of the BT terminal that is the authentication partner, the service side BT control unit 230 However, the corresponding PIN code cannot be answered for the BT control unit 310 on the module side, and as a result, connection authentication cannot be performed.
- connection authentication processing is performed when a communication link is established, according to the method described below.
- the service providing unit 210 of the server PSV ′ in FIG. 10 provides the first to seventh processes PS 1 to PS 7,
- the digital cameras CM1 'to CM7 owned by the seven users U1 to U7 are connected to the server PSV', and are mutually performed between the digital cameras CM1 'to CM7' and the server PSV.
- the connection authentication with the first digital camera CM 1 ′ (FIG. 11) will be described.
- the PIN code issuance management section 232 issues a PIN code to be provided to each of the processes PS1 to PS7 and manages the corresponding relationship.
- the module-side BT control unit 310 constituting the BT module 300 includes the PIN code management unit 314 as described above. Therefore, in the connection authentication processing of the embodiment at the time of establishing a communication link, as described below, first, the PIN code issued by the PIN code issuance management unit 232 is registered in the PIN code management unit 314. After the communication link is established. (Register DPIN code
- FIG. 13 is an explanatory diagram showing a PIN code registration process executed when a communication link is established.
- HCI in the BT communication standard allows users to define control commands in advance. Therefore, in the registration process of the PIN code, for example, a user-defined control command is used as shown below.
- HCI_WriteStoredCodeJ is defined as a control command from the service-side HCI controller 2 34 to the module-side HCI controller 3 16.
- the parameters of this control command include the parameter names “PIN_CodeJ, ⁇ PIN_Code_LengthJ, Connections ”are specified.
- PIN_Cod e j is a parameter indicating the PIN code issued by the PIN code allocation management unit 2 3 2
- ⁇ - Code- LengthJ is a parameter indicating the length of the PIN code.” Multiple connection ", the same PIN This parameter indicates whether to allow multiple connections by code.
- the PIN code is registered using the control command defined as described above. Specifically, as a first process (S 1), the control command “HCI-WriteStoredCodeJ” is issued from the service providing device 200 to the BT module 300. As a result, the PIN code issuance management The PIN code assigned to each of the processes PS1 to PS7, the PIN code length thereof, and information as to whether a plurality of connections are permitted or not with this PIN code are transmitted in the unit 232. The information obtained is registered in the PIN code management section 314 of the module side BT control section 310. Then, as a second process (S2), the BT module 300 transmits the information to the service providing apparatus 200.
- the event “HCI_Complete—event” is issued, and the status (parameter name ⁇ Status) indicating whether the registration was successful or unsuccessful, and the connection handle (Normal The name "Connection_HandleJ) is notified.
- the connection handle in the case of disabled multiple connections reserved that are implicated only P 1 N code registered The value is notified. Then, the notified connection handle indicating the reserved value is managed together with the corresponding PIN code by the PIN code issuance management unit 232. On the other hand, if multiple connections are allowed, this connection handle has no meaning, as will be described later, so any normally defined value is reported.
- One PIN code can be registered in advance in the PIN code management unit 314 of the module-side BT control unit 310 as a candidate for use in authentication.
- FIG. 14 is an explanatory diagram showing connection authentication when a communication link is established after registration of a PIN code when a plurality of connections cannot be made with one registered PIN code.
- the procedure for establishing a communication link in this case is also basically performed according to the principles of the BT communication standard.
- a control command “from the service providing apparatus 200 to the BT module 300” is sent to the BT module 300.
- HCI_Write_Authentication_EnabelJ is issued so that connection authentication is performed when a communication link is established, whereby authentication processing is executed in the process of establishing a communication link between the server and the BT terminal (camera 1 in this case).
- the camera 1 transmits the server BT address from the camera device 400 to the BT module 500 using command parameters (parameter name). “BD_ADDR”) control command “HCI_Create—Connection” is issued. Then, a call processing operation (Page) from the camera 1 side to the server side is executed, and a call response processing operation (Page Response) from the server side to the camera 1 side is executed accordingly.
- the call processing operation (Page) and the call response processing operation (Page Response) are executed between the server and the camera 1, the link management unit 3 1 2 in the BT control unit 3 10 on the module side of the server.
- the connection authentication can be started between (FIG.
- the BT module 300 sends the BT address of the partner BT terminal (camera 1) to be authenticated to the service providing apparatus 200 as a command parameter (parameter The event “HCI_Link_key_Request_event” with the name “BD—ADDRJ” is issued and the link key is queried.
- the service-side BT control unit 230 since the service-side BT control unit 230 originally does not know the BT address of the partner BT terminal (camera 1), it cannot answer the link key corresponding to this. Therefore, as a fourth process (S4), the control command “HCI—Link—Key_Negative—Request_reply” is sent from the service providing device 200 to the BT module 300. Is issued, and a negative response is given that the link key cannot be notified.
- the link management unit 312 of the module-side BT control unit 310 of the server and the link management unit 512 of the module-side BT control unit 5110 of the camera 1 have been described in the first embodiment. To perform the pairing process and connection authentication.
- a PIN code is required for pair link processing.
- the PIN code management section 314 of the BT control section 310 on the module side of the server the PIN code candidates required for connection authentication in the above PIN code registration are registered. It is possible to execute connection authentication processing.
- the BT module 500 sends the server BT address to the camera device 400.
- the event “HCI—PIN_Code_Request—eveni:” with the address as a command parameter (parameter name ⁇ BD_ADDR) is issued, and the PIN code inquiry is executed.
- a control command “HCI_PIN—Code_Request_reply” is issued from the camera device 400 to the BT module 500, and the PIN code (parameter name “PIN-1”) is issued.
- Code J) and PIN code length are notified.
- the notified PIN code and PIN code length are provided to the user (here, U1) through the monitor.
- the PIN code input to camera 1 is entered when inquiring for the PIN code in the fifth process May be input or may be input in advance.
- the server side performs the seventh processing (S7).
- the event “HCI—Link—key—Notification—event J” is issued from the BT module 300 to the service providing device 200, and the generated link key (parameter name “Link—Key”) and link are generated.
- the type of key (parameter name "Key-typeJ") is notified, etc.
- the BT module 500 output, camera device, etc.
- an event “HCI—Link—key—Notification—event” is issued to notify the generated link key / link key type and the like.
- the event “HCI—Connection—Complete_eventJ” is issued from the BT module 300 to the service providing device 200, and the communication link succeeds.
- a status (parameter name "StatusJ") indicating whether or not connection has been performed, a connection handle (parameter name rconnection-HandleJ) indicating a reserved value associated with the PIN code used for connection authentication, and the like are notified.
- the camera 1 On the camera 1 side, as the 10th process (S10), the camera 1 An event “HCI_Connection_Complete_event” is issued to the device 400, and a status (parameter name rstatusj) indicating whether or not the communication link is successful, a connection handle (parameter name “Connection_HandleJ”), and the like are notified. The communication link between the server and camera 1 is established, and connection authentication is completed.
- the PIN code issuance management section 232 of the service-side BT control section 230 can manage the process, the PIN code, and the connection handle by uniquely associating them. Therefore, based on the connection handle notified in the ninth process (S9), the PIN code of the partner BT terminal (in this case, force 1) that has authenticated the connection can be recognized. Recognize the process that provided the code. As a result, the person using the process can be identified as the connection authenticated partner.
- FIG. 15 is an explanatory diagram showing connection authentication at the time of establishing a communication link executed after registration of a PIN code when multiple connections are possible with one registered PIN code.
- the procedure for establishing a communication link in this case is also the same as when multiple connections cannot be made with one PIN code (FIG. 14), and the first processing (S 1) to the tenth processing (S 10) Is executed, an authentication process is executed in the process of establishing a communication link between the server and the BT terminal (here, camera 1).
- connection handle notified in the ninth process (S9) and the tenth process (S10) when multiple connections are possible is the same as the connection handle in the case where multiple connections are not possible (Fig. 14).
- PIN used for connection authentication such as the connection handle notified in process 9 (S 9) and 10th process (S 10)] PIN code, not a reserved value Is an arbitrary value usually defined at the time of registration.
- the connection handle is not a reserved value corresponding to the PIN code as in the case where multiple connections are not possible. Since the PIN code and the connection handle are not uniquely associated, the PIN code used for authentication cannot be specified. For this reason, it is not possible to associate the connected BT terminal with the used PIN code, and it is not possible to specify the correspondence between the corresponding processes.
- the following commands are user-defined as HCI control commands.
- rHCI—Check—PIN—CodeJ is defined as a control command from the module-side HCI controller 316 of the service / PSV ′ to the service-side HCI controller 234.
- the BT address (parameter name “BD @ ADDRJ”) of the BT terminal on the connection partner side is specified.
- the PIN code information is queried using the control command defined as described above. Specifically, as the first process (S11), the control command “HCI_Check_PIN_CodeJ” is issued from the service providing apparatus 200 to the BT module 300, and the P ⁇ N code information is issued. Then, as a second process (S12), an event rHCI_Command_Complete_eventJ is issued from the ⁇ module 300 to the service providing device 200. Then, the PIN code used to authenticate the connection of the BT terminal with the specified BT address (here, camera 1) is notified.
- the PIN code of the BT terminal (camera 1 in this case) whose connection has been authenticated can be specified, and the process that provided the PIN code can be specified.
- the person using the process can be specified as the connection authenticated partner.
- ACL Asynchronus Connection-Less
- FIG. 16 is an explanatory diagram showing a problem in a case where connection authentication is performed in accordance with the principles of the BT communication standard after establishing a communication link.
- FIG. 16 shows the service-side BT control unit 230 of the server PS V ′ in FIG. 10 in the same way as described in the problem when establishing a communication link (FIG. 12). It is assumed that a certain PIN code issuance management unit is not provided, and that the module side BT control unit 310 is not provided with the PIN code management unit 314 which is a feature of the present embodiment. If the first to seventh processes PS "!
- PS 7 are provided and the digital cameras CM 1 ' ⁇ CC7' owned by the seven users U 1 ⁇ U 7 are connected to the server PS V ', It shows the connection authentication between the first digital camera CM 1 and the connection authentication performed between the digital camera CM 1 ′ to G! Vl 7 ′ and the server PS V ′.
- the first to seventh processes PS 1 to PS of the providing unit 210 are connected to the first to seventh digital It is assumed that PIN codes to be input to the cameras CiVM 'to GM7' are presented to the first to seventh users U1 to U7 through respective monitors (not shown).
- this assumed server is also simply referred to as a server, and the first to seventh digital cameras CM1, to CM7 'are also simply referred to as cameras 1 to 7. Also, the digital camera is simply referred to as a BT terminal. There is also.
- the BT module 300 sends an event “ HCI—Connection—Complete_event ”is issued and the status (parameter name rstatusj) indicating the success or failure of establishing the communication link, the BT address of the connected partner BT terminal (camera 1) (parameter name“ BD_ADDRJ ”), Connection handle indicating any normally defined value (parameter name "Connection—HandleJ”) Is notified.
- HCI—Connection—Complete_event the status
- the BT address of the connected partner BT terminal (parameter name“ BD_ADDRJ ”)
- Connection handle indicating any normally defined value (parameter name "Connection—HandleJ") Is notified.
- the event “HCI_Connection_Complete—eventj” is issued from the BT module 500 to the camera device 400, and the same status (parameter name rstatusj) and the BT address of the server are set. (Parameter name: BD—ADDR J), connection node (nomenclature name: rConnection_HandleJ), etc. are notified.
- connection handle notified at the time of establishing the communication link from the service providing apparatus 200 to the BT module 300 is stored in a command parameter (parameter name ⁇ Connection—Handle J). ) Is issued as the control command “HCI_Authentication_Requested”.
- a command parameter parameter name ⁇ Connection—Handle J.
- connection authentication can be started by the link management unit 312 in the module side BT control unit 310 of the BT module 300.
- the link management unit 312 does not hold the link key required for authentication described in the first embodiment.
- the BT module 30 transmits the BT address of the BT terminal to be authenticated (here, camera 1) to the service providing apparatus 200 using the command parameter ( Parameter name "BD-ADDR") Event "HCI-Link-key-Request-eventj" is issued and the link key is queried.
- the service-side BT control unit 230 as described in the problem, Since the BT address of the other party's BT terminal (camera 1) is not known, it is not possible to answer the link key corresponding to the BT terminal.
- the control command “HCI—Link—Key_Negative—Request_reply” is issued to the module 300, and a negative response is given that the link key cannot be notified.
- the link management unit 312 of the BT control unit 310 on the module side of the server starts the pairing process as described in the first embodiment, but this process requires a PIN code. Therefore, on the server side, as a fourth process (S4), the BT address of camera 1 is transmitted from the BT module 300 to the service providing apparatus 200.
- the event “HCI—PIN_Code_Request_event” is issued as the man parameter (parameter name “BD_ADDR J”), and the PIN code is inquired.
- the service-side BT control unit 230 usually does not know the BT address of the other-side BT terminal (here, camera 1).
- the service-side BT control unit 230 has the ability to know the PIN codes provided by the processes 31 to 37. These PIN codes and the respective BT terminals (digital camera) to which the PIN codes are input are provided. Since it is not possible to know the correspondence between the BT address specific to CM1 'to CM7'), the PIN code corresponding to the BT address for which an inquiry has been made cannot be answered. Therefore, as a fifth process (S5), a negative response is sent from the service providing apparatus 200 to the BT module 300 indicating that the control command “HCI_PIN_Code—Negative_Request_reply” is issued and the PIN code cannot be notified. Be done.
- the link management unit 312 of the module-side BT control unit 310 cannot perform the pairing process and the authentication process described in the first embodiment.
- the link between the server and the camera 1 cannot be established. Connection authentication fails.
- the status (parameter name rstatusj) indicating whether connection authentication was successful or unsuccessful from the BT module 300 to the service providing device 200 and the setting at the start of connection authentication are performed.
- HCI_Authentication_Complete_eventJ which uses the connection handle ((parameter name ⁇ Connection_Handle J)) as a command parameter, the failure of the authentication is notified.
- the server that assumes that the service-side BT control unit 230 does not include the PIN code issuance management unit, and that the module-side BT control unit 310 does not include the PIN code management unit 314, and the BT terminal If connection authentication is performed after establishing a communication link with the digital camera (CM1 'to CM7'), the module-side BT control unit 310 included in the assumed BT module 300 will be included in the service providing device 200.
- connection authentication process is performed after the establishment of the communication link by the method described below.
- the service providing unit 210 of the server PSV ′ in FIG. 10 provides the first to seventh processes PS “!
- the digital cameras CM1 'to CM7 owned by the seven users U1 to U7 are connected to the server PSV', and connections are made between each digital camera CM1 'to CM7' and the server PSV '.
- a description will be given of the connection authentication between the first digital camera CM 1 ′ and the authentication.
- connection authentication After the establishment of the communication link, as described below, before executing the connection authentication, first, the PIN code issued by the PIN code issuance management unit 232 is transferred to the PIN code management unit 314. be registered. Then, connection authentication is executed.
- FIG. 17 is an explanatory diagram showing a PIN registration process in the connection authentication process of the embodiment after a communication link is established.
- the communication link (ACL link) is established, and the event “HCI—” is sent from the BT module 300 to the service provider 200 on the server side (Fig. 10).
- the “Connection_Complete_event” is issued and the status (parameter name “Status”), BT address (parameter name “BD—ADDR”), connection handle (parameter name “Connection—Handle J”), etc. are notified, the communication link
- the first process (S1) is a service
- the control command “HCI—WriteStoredCodeJ” is issued from the providing device 200 to the BT module 300.
- the PIN code, the PIN code length, and the PIN code are used.
- the sent information is registered in the PIN code management section 314 of the module-side BT control section 310.
- the control command "HCI_WriteStoredCodeJ is This is the same as the user-defined control command described in “Connection authentication at the time of establishing a communication link.”
- the BT module 300 sends the service providing device 200
- the event “HCI—Complete—event” notifies the status (parameter name rstatusj) indicating whether the registration was successful or unsuccessful, and the connection handle (parameter name (“Connection—HandleJ”). connection The bundle, multiple connections irrespective of whether they are soluble, any value normally defined is notified.
- the P1N code can be registered in advance in the PIN code management unit 314 of the BT control unit 310 on the module side as a candidate for use in authentication.
- connection authentication can be executed next.
- connection authentication is performed in the same procedure regardless of whether or not multiple connections are possible with one PIN code. Therefore, the following description will be made assuming that multiple connections are not possible.
- FIGS. 18 and 19 are explanatory diagrams showing connection authentication after a communication link is established.
- the connection authentication procedure in this case is also basically performed according to the principles of the BT communication standard.
- a command notified from the service providing apparatus 200 to the BT module 300 when a communication link is established is provided on the server side (FIG. 10).
- the control command “HCI_Authentication_Requested” is issued using the connection handle as a command parameter (parameter name rConnection—HandleJ).
- connection authentication can be started by the link management unit 312 (FIG. 10) in the module-side B-chome control unit 310 of the BT module 300.
- the link management unit 312 does not hold the link key required for the authentication described in the first embodiment.
- the BT module 300 transmits the BT address of the BT terminal to be authenticated (here, camera 1) to the service providing apparatus 200 as a command parameter.
- the event “HCI_Link_key_Request_event” with the parameter name “BD-ADDRJ” is issued, and the link key is queried.
- the service-side BT control unit 230 originally does not know the BT address of the other-side BT terminal (camera 1) as described in the problem, it cannot respond with the link key corresponding to this. Therefore, as a third process (S3), the control command “HCI_Link-Key_Negative_Request_reply” is issued from the service providing apparatus 200 to the BT module 300. However, a negative response is given that the link key cannot be notified.
- the link management unit 312 of the module-side BT control unit 310 of the server and the link management unit 512 of the module-side BT control unit 5110 of the camera 1 have been described in the first embodiment. To perform the pairing process and connection authentication.
- a PIN code is required for the pairing process.
- the PIN code management section 3 14 of the BT control section 3 10 of the module side of the server candidates for the PIN code required for connection authentication are registered. It is possible to execute on the other hand, in the camera 1, as the fourth processing (S 4), an event “server BT address” from the BT module 500 to the camera device 400 with the server BT address as a command parameter (parameter name “BD_ADDRJ”) HCI_PIN — Code — Request_eventJ issued Issuing of a PIN code inquiry, and the fifth processing (S 5)
- a control command “HCI_PIN_Code_Request—reply” is issued from the camera device 400 to the BT module 500, and a PIN code (parameter name ⁇ —Code) and a PIN code length (parameter name “PIN_Code_LengthJ”) are issued.
- the notified PIN code and PIN code length are provided to the user U 1 (here, U 1) through the monitor and input to the user's BT terminal (here, camera 1).
- the PIN code input to the camera 1 may be input when inquiring for the PIN code in the fifth process, or may be input in advance.
- the server performs the sixth processing (S 6).
- the event “HCI_Link—key_Not: ification—event” is issued from the BT module 300 to the service providing apparatus 200, and the generated link key (parameter name “Link_Key”) and the type of link key ( Parameter name “Key_type”) is notified.
- the event “HCI_Link—key-notification_event” is sent from the BT module 500 to the camera device 400. Is issued to notify the generated link key and the type of the link key.
- an event rHCI_Authentication-Complete-event is issued from the BT module 300 to the service providing device 200, and the connection authentication result is output.
- the status (parameter name rstatusj) and the connection handle (parameter name “Connection—HandleJ”) are notified.
- connection between the server and camera 1 is performed in the same way as the process of executing connection authentication when establishing a communication link (Fig. 15). Authentication is possible.
- the PIN code and the connection handle are associated in a one-to-one relationship. Therefore, the PIN code used for authentication cannot be specified. For this reason, it is not possible to correlate the connected BT terminal with the used PIN code, and it is not possible to specify the correspondence between each process.
- the control command “HCI_Check—PIN—CodeJ” is issued from the service providing apparatus 200 to the BT module 300 to obtain the PIN code information.
- the control command “HCI—Check one PIN_Code” is the same as the user-defined control command described in Connection authentication when establishing a communication link.
- the BT module 300 sends the service providing device 200 a BT terminal (here, the camera 1 The PIN code used to authenticate the connection is notified.
- the PIN code of the BT terminal (camera 1 in this case) whose connection has been authenticated can be specified, and the process that provided this PIN code can be specified.
- the person using the process can be specified as the connection authenticated partner.
- the server PS V when a connection authentication request is made from the first to seventh digital cameras CM1 ′ to CM7 ′ in the server PS V ′, the server PS V and the first to seventh digital cameras CM1 ′ to CM7 ′.
- the relationship between the first to seventh processes PS 1 to PS 7 and the PIN codes assigned to them is managed by the PIN code issue management unit 234 and is known.
- Cameras CM1 to CM7, The first to seventh processes PS1 to PS7 used by the owners U1 to U7 of the respective digital cameras can be associated one-to-one.
- connection authentication the user can input a simple PIN code to his / her digital camera, thereby enabling BT wireless communication only for the process that he or she is using.
- the PIN code issue management unit 234 included in the service side BT control unit 230 of the service providing device 200 in the server PSV ′ and the module side BT control unit 31 of the BT module 300 The service in the server PSV 'is used to notify the PIN code assigned to each process and confirm the PIN code used for connection authentication with the PIN code management unit 314 included in 0.
- control commands in the logical IF (HCI) defined by the BT communication standard between the providing device 200 and the BT module 300 a control command “HCI—WriteStoredPinCode” for controlling PIN code registration and a PIN
- the control command “HCI—Check-PIN—CodeJ” for controlling the code confirmation is newly added.
- HCI logical IF
- the HCI specification allows the addition of user-defined commands. Therefore, adding these control commands does not deviate from the HCI specification.
- the communication procedure executed between the server PS V 'and the BT terminal conforms to the BT communication standard. Is exactly the same as the connection authentication procedure in. For this reason, there is no need to have a special mechanism in the digital camera as a BT terminal connected to the server to obtain the effect of the connection authentication described above, and a digital camera that has a general BT communication function There is an advantage that the print service can be received in the print service providing system of the embodiment using the camera.
- a control command is newly added to the logical IF (HCI) between the service providing apparatus 200 of the server PSV 'and the BT module 300.
- HCI logical IF
- the digital camera as a BT terminal connected to the server PSV ' also has a configuration in which the BT module 500 is connected to the camera device 400 as shown in FIG. 11 as an example.
- the BT terminal connected to this server PSV ' may be the digital camera (FIG. 3) in the first embodiment.
- FIG. 20 is a schematic configuration diagram showing a print service providing system as a modified example of the communication network system to which the present invention is applied.
- a plurality of servers may be provided as BT access points, and each server may be connected via a wired network.
- FIG. 20 shows two servers PSV 1, PSV 2, and communication between the seven digital cameras CM 1 to CiV] 7 in the communication area WA 1 of the first server PSV 1 and the second server PSV 2 This figure shows a configuration in which 14 digital cameras CM1 to CM14 are connected to 7 cameras CiV18 to CM14 in the circle WA2.
- each BT access point can associate the process used by each user with its own digital camera by executing the same connection authentication as the connection authentication described in the above embodiment.
- the communication range of the BT access point overlaps, the digital cameras within that communication range can be connected to either BT access point.
- the 10th digital camera CM10 is in the two communication ranges WA "I and WA2. In such a case, it is unknown which access point is connected.
- the information of the PIN code corresponding to the process provided from the server as each access point is provided to the server. It is sufficient that the link keys are mutually exchanged and the link key corresponding to each PIN code is calculated as a candidate for the link key.
- the service providing unit of the server has a configuration in which it provides seven processes PS1 to PS7. Seven client terminals connected to the server via a wired network have seven client terminals. One process PS "! ⁇ PS 7 may be provided.
- the print service providing system is shown as an example of the communication network system.
- the present invention is not limited to this, and can be applied to various BT communication network systems.
- a communication network system using BT is shown as an example, but the present invention is not limited to this, and the present invention can be applied to a communication network system using various wireless communication standards.
- the wireless communication network system according to the present invention is suitable for use in a service industry that provides various services such as printing services to users in public places such as family restaurants.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP04719141A EP1605627A4 (en) | 2003-03-11 | 2004-03-10 | CONNECTION ASSIGNMENT IN WIRELESS COMMUNICATION NETWORK SYSTEMS |
CN2004800007397A CN1701560B (zh) | 2003-03-11 | 2004-03-10 | 无线通信网络系统中的连接认证 |
US10/548,862 US7668533B2 (en) | 2003-03-11 | 2004-03-10 | Connection authentication in wireless communication network system |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2003-064707 | 2003-03-11 | ||
JP2003064707 | 2003-03-11 | ||
JP2003353625A JP2004297759A (ja) | 2003-03-11 | 2003-10-14 | 無線通信ネットワークシステムにおける接続認証 |
JP2003-353625 | 2003-10-14 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2004082206A1 true WO2004082206A1 (ja) | 2004-09-23 |
Family
ID=32992945
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2004/003141 WO2004082206A1 (ja) | 2003-03-11 | 2004-03-10 | 無線通信ネットワークシステムにおける接続認証 |
Country Status (5)
Country | Link |
---|---|
US (1) | US7668533B2 (ja) |
EP (1) | EP1605627A4 (ja) |
JP (1) | JP2004297759A (ja) |
CN (1) | CN1701560B (ja) |
WO (1) | WO2004082206A1 (ja) |
Families Citing this family (47)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4202536B2 (ja) * | 1999-07-09 | 2008-12-24 | 富士フイルム株式会社 | プリント注文システムおよびその方法 |
US7793342B1 (en) * | 2002-10-15 | 2010-09-07 | Novell, Inc. | Single sign-on with basic authentication for a transparent proxy |
US7366901B2 (en) * | 2003-08-01 | 2008-04-29 | Ixi Mobile (R&D), Ltd. | Device, system, method and computer readable medium for identifying and authenticating a cellular device using a short-range radio address |
US9160811B2 (en) * | 2004-08-10 | 2015-10-13 | Nokia Technologies Oy | Client provisioning with enhanced linking |
US7409550B2 (en) * | 2004-08-16 | 2008-08-05 | Mitsubishi Electric Research Laboratories, Inc. | Method for binding networked devices |
KR100587158B1 (ko) | 2004-10-28 | 2006-06-08 | 에스케이 텔레콤주식회사 | 무선 인터넷에서 자동 인증 방법 및 그 장치 |
JP2008522470A (ja) * | 2004-11-25 | 2008-06-26 | フランス テレコム | 端末ユーザ識別情報モジュールを接続した通信端末を保護する方法 |
KR100643325B1 (ko) * | 2005-02-18 | 2006-11-10 | 삼성전자주식회사 | 네트워크 및 그의 도메인 설정방법 |
US8353011B2 (en) | 2005-06-13 | 2013-01-08 | Nokia Corporation | Apparatus, method and computer program product providing mobile node identities in conjunction with authentication preferences in generic bootstrapping architecture (GBA) |
US8087069B2 (en) | 2005-06-13 | 2011-12-27 | Nokia Corporation | Method, apparatus and computer program product providing bootstrapping mechanism selection in generic bootstrapping architecture (GBA) |
KR100736047B1 (ko) * | 2005-07-28 | 2007-07-06 | 삼성전자주식회사 | 무선 네트워크 장치 및 이를 이용한 인증 방법 |
US7882545B2 (en) * | 2005-12-14 | 2011-02-01 | Intel Corporation | Secure wireless network |
JP4763447B2 (ja) * | 2005-12-19 | 2011-08-31 | 株式会社ソニー・コンピュータエンタテインメント | 認証システム及び認証対象装置 |
ATE458328T1 (de) | 2005-12-22 | 2010-03-15 | Axis Ab | Überwachungssystem und -verfahren zur verbindung eines überwachungsgeräts mit einem dienstserver |
JP4921196B2 (ja) * | 2006-02-08 | 2012-04-25 | キヤノン株式会社 | 撮像システム、撮像装置及びレンズ装置 |
US7464865B2 (en) | 2006-04-28 | 2008-12-16 | Research In Motion Limited | System and method for managing multiple smart card sessions |
EP1850255B1 (en) * | 2006-04-28 | 2013-09-25 | BlackBerry Limited | System and method for managing multiple smart card sessions |
EP2036015A1 (en) * | 2006-06-08 | 2009-03-18 | Planetech Inc. | Tracking items in a distribution channel |
US8112794B2 (en) | 2006-07-17 | 2012-02-07 | Research In Motion Limited | Management of multiple connections to a security token access device |
US8079068B2 (en) | 2006-07-17 | 2011-12-13 | Research In Motion Limited | Management of multiple connections to a security token access device |
US7766243B2 (en) | 2006-07-19 | 2010-08-03 | Research In Motion Limited | Method, system and smart card reader for management of access to a smart card |
ATE510266T1 (de) | 2006-07-19 | 2011-06-15 | Research In Motion Ltd | Verfahren, system und chipkartenleser zur verwaltung des zugangs zu einer chipkarte |
US7974622B1 (en) * | 2007-01-16 | 2011-07-05 | Sprint Communications Company L.P. | Provisioning system for fixed vs. nomadic wireless services |
JP5207654B2 (ja) * | 2007-04-16 | 2013-06-12 | 塩谷 安男 | 通信装置、通信装置間のペアリング方法、ウェアラブルキーとicカードとをペアリングする方法、及びウェアラブルキーとicカードからなるシステム |
JP4887431B2 (ja) | 2007-12-28 | 2012-02-29 | パナソニック株式会社 | 通信装置 |
JP4692580B2 (ja) | 2008-06-06 | 2011-06-01 | コニカミノルタビジネステクノロジーズ株式会社 | 画像処理装置、画像処理方法及び画像処理プログラム |
US8555063B2 (en) * | 2009-09-30 | 2013-10-08 | Qualcomm Incorporated | Method for establishing a wireless link key between a remote device and a group device |
JP5252315B2 (ja) * | 2009-11-10 | 2013-07-31 | 株式会社ホンダアクセス | 無線通信システムおよび装置 |
US8560012B2 (en) * | 2009-11-30 | 2013-10-15 | Panasonic Corporation | Communication device |
USRE45980E1 (en) * | 2009-11-30 | 2016-04-19 | Panasonic Intellectual Property Corporation Of America | Communication device |
KR101110778B1 (ko) * | 2010-09-07 | 2012-03-13 | 비씨카드(주) | 블루투스 통신 방법 및 시스템 |
JP2013251871A (ja) * | 2012-06-04 | 2013-12-12 | Toshiba Corp | 無線装置、情報提供装置および無線通信方法 |
CN103748943A (zh) * | 2012-08-17 | 2014-04-23 | 华为技术有限公司 | 用户设备配对处理方法、网络侧设备和用户设备 |
DE102012108062B4 (de) * | 2012-08-30 | 2022-02-17 | Gigaset Communications Gmbh | Verfahren zur sicheren Authentifizierung eines Sensors oder Aktors eines Hausautomatisierungssystems |
CN104219665B (zh) * | 2013-06-05 | 2017-12-22 | 腾讯科技(深圳)有限公司 | 通信方法、装置及终端 |
US9870138B2 (en) * | 2013-09-04 | 2018-01-16 | Samsung Electronics Co., Ltd. | Method for displaying content and electronic device thereof |
CN103825746B (zh) * | 2014-03-17 | 2017-03-01 | 联想(北京)有限公司 | 信息处理方法和装置 |
US10250698B2 (en) | 2014-08-25 | 2019-04-02 | Futurewei Technologies, Inc. | System and method for securing pre-association service discovery |
KR102296901B1 (ko) * | 2015-03-30 | 2021-08-31 | 에스케이플래닛 주식회사 | 비콘 신호 유효성 검증 방법 및 이를 위한 장치 |
US10152718B1 (en) * | 2015-07-14 | 2018-12-11 | Ujet, Inc. | Agent initiated actions |
FR3044134A1 (fr) * | 2015-11-19 | 2017-05-26 | Awox | Procede et systeme de securisation de communication entre un terminal communicant et un dispositif communicant |
US11457809B1 (en) * | 2015-12-08 | 2022-10-04 | Verily Life Sciences Llc | NFC beacons for bidirectional communication between an electrochemical sensor and a reader device |
JP2017124917A (ja) * | 2016-01-14 | 2017-07-20 | 株式会社日立ビルシステム | 昇降機保守システム |
US10831381B2 (en) | 2016-03-29 | 2020-11-10 | International Business Machines Corporation | Hierarchies of credential and access control sharing between DSN memories |
US9949065B1 (en) | 2016-12-30 | 2018-04-17 | Capital One Services, Llc | System and method for automatic bluetooth pairing |
JP6969455B2 (ja) * | 2018-03-13 | 2021-11-24 | オムロン株式会社 | 制御装置、制御システム、制御方法、および、制御プログラム |
CN108521474B (zh) * | 2018-03-30 | 2021-05-25 | 青岛海尔空调电子有限公司 | 多联式控制系统的地址竞争方法 |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH118618A (ja) * | 1997-06-17 | 1999-01-12 | Toshiba Corp | 機器認証方法及び装置並びに認証システム |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3593241B2 (ja) * | 1997-07-02 | 2004-11-24 | 株式会社日立製作所 | 計算機の再起動方法 |
JP2000341292A (ja) | 1999-05-28 | 2000-12-08 | Toshiba Corp | パケット通信システム、このパケット通信システムに用いられる基地局装置及び端末装置 |
KR100619005B1 (ko) | 1999-11-25 | 2006-08-31 | 삼성전자주식회사 | 장치간의 연결 설정을 위한 인증방법 |
JP4679684B2 (ja) | 2000-01-11 | 2011-04-27 | 富士フイルム株式会社 | 無線通信装置及び無線通信制御方法 |
JP2001285956A (ja) | 2000-04-03 | 2001-10-12 | Toshiba Corp | 無線通信ネットワークシステムとその無線局装置 |
JP4187935B2 (ja) * | 2000-08-23 | 2008-11-26 | 株式会社東芝 | 無線通信システム、送信装置、受信装置及びコンテンツデータ転送方法 |
JP2003023433A (ja) | 2001-07-09 | 2003-01-24 | Sony Corp | 無線伝送システム、無線伝送装置、無線伝送装置認証方法、および認証プログラム |
-
2003
- 2003-10-14 JP JP2003353625A patent/JP2004297759A/ja active Pending
-
2004
- 2004-03-10 WO PCT/JP2004/003141 patent/WO2004082206A1/ja active Application Filing
- 2004-03-10 EP EP04719141A patent/EP1605627A4/en not_active Withdrawn
- 2004-03-10 CN CN2004800007397A patent/CN1701560B/zh not_active Expired - Fee Related
- 2004-03-10 US US10/548,862 patent/US7668533B2/en not_active Expired - Fee Related
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH118618A (ja) * | 1997-06-17 | 1999-01-12 | Toshiba Corp | 機器認証方法及び装置並びに認証システム |
Non-Patent Citations (2)
Title |
---|
MIYATSU KAZUHIRO: "Technology kaitai shinsho bluetooth gijutsu kaisetsu guide", KABUSHIKI KAISHA RIC TELECOM, 11 June 2001 (2001-06-11), pages 192 - 204, XP002986791 * |
See also references of EP1605627A4 * |
Also Published As
Publication number | Publication date |
---|---|
JP2004297759A (ja) | 2004-10-21 |
US7668533B2 (en) | 2010-02-23 |
US20060148402A1 (en) | 2006-07-06 |
CN1701560A (zh) | 2005-11-23 |
CN1701560B (zh) | 2010-06-02 |
EP1605627A4 (en) | 2007-08-01 |
EP1605627A1 (en) | 2005-12-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2004082206A1 (ja) | 無線通信ネットワークシステムにおける接続認証 | |
US9642174B2 (en) | Secure pairing of networked devices | |
JP4416392B2 (ja) | 撮像機器及び無線通信装置 | |
CN103621127B (zh) | 用于无线认证的接入点控制器、方法及集成电路 | |
JP4000111B2 (ja) | 通信装置および通信方法 | |
JP4218934B2 (ja) | ネットワーク構築方法、無線通信システムおよびアクセスポイント装置 | |
EP1345386A2 (en) | Method of controlling network access in wireless environment and recording medium therefor | |
JP4345596B2 (ja) | 無線通信ネットワークシステムにおける接続認証 | |
JP2001186121A (ja) | 通信装置、通信装置セット、認証方法および端末間ワイヤレス接続方法 | |
JP2001312472A (ja) | 無線通信装置及びユーザ認証方法 | |
JP2005509977A5 (ja) | ||
WO2003061205A1 (fr) | Systeme de communication sans fil sur courte distance utilisant un terminal mobile et dispositif de communication sans fil pour un tel systeme | |
JP3979491B2 (ja) | 通信認証方法 | |
JP2005229597A (ja) | 通信認証方法 | |
JP2007202112A (ja) | 無線ローカルエリアネットワークへアクセスする電子装置を設定するシステム及び方法 | |
US8341703B2 (en) | Authentication coordination system, terminal apparatus, storage medium, authentication coordination method, and authentication coordination program | |
JP2002271318A (ja) | 無線通信装置、認証管理サーバ | |
JP4355611B2 (ja) | 通信システム、通信方法、基地局装置、コントローラ、機器及び制御プログラム | |
JP4574122B2 (ja) | 基地局、および、その制御方法 | |
JP2019068219A (ja) | 情報処理装置とその制御方法、及びプログラム | |
JP2002366529A (ja) | 機器認証システム及び機器認証方法 | |
JP5388088B2 (ja) | 通信端末装置、管理装置、通信方法、管理方法及びコンピュータプログラム。 | |
EP1469631A1 (en) | Network device and system for authentication and method thereof | |
JP2002232420A (ja) | 無線通信装置及び無線通信システム、並びに、接続認証方法 | |
JP2007207016A (ja) | 情報送受信システム、クライアント装置及びサーバ装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 20048007397 Country of ref document: CN |
|
ENP | Entry into the national phase |
Ref document number: 2006148402 Country of ref document: US Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10548862 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2004719141 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2004719141 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 10548862 Country of ref document: US |