WO2006009172A1 - 無線通信システム - Google Patents
無線通信システム Download PDFInfo
- Publication number
- WO2006009172A1 WO2006009172A1 PCT/JP2005/013316 JP2005013316W WO2006009172A1 WO 2006009172 A1 WO2006009172 A1 WO 2006009172A1 JP 2005013316 W JP2005013316 W JP 2005013316W WO 2006009172 A1 WO2006009172 A1 WO 2006009172A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- wireless
- encryption key
- transmission
- reception
- terminal device
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
Definitions
- the present invention relates to a wireless communication system of a moving wireless terminal device, and more particularly to a wireless communication system suitable for use in a wide area wireless LAN system, a wireless VoIP network system, and the like.
- the security function in the wireless section is enhanced to prevent damage such as unauthorized intrusion, attack, communication interception, and impersonation of the system, and the confidentiality of transmitted and received data It is essential to ensure.
- IPsec Internet protocol security
- WEP wireless “private privacy”
- the IPsec is an encryption method described in a document group organized in RFC2411 that performs encryption of packets by exchanging encryption keys that are actually used between wireless terminal devices.
- IPsec There are two methods of IPsec: a method of extracting and encrypting only the payload portion of an IP packet, and a method of encapsulating the entire encrypted IP packet into an IP packet (IP tunneling).
- IP tunneling since any method secures security at the IP layer, the data above the transport layer is encrypted. Therefore, in this IPsec, a packet transmitted after being encrypted by one wireless terminal device is transmitted using an encryption key (encryption key) exchanged in advance by the other wireless terminal device received via the network system. Decrypted.
- the WEP is an encryption method described in IEEE802.il which is an encryption system used for IEEE802.1 la and IEEE802.1 lb of the wireless LAN standard.
- IEEE802.il is an encryption system used for IEEE802.1 la and IEEE802.1 lb of the wireless LAN standard.
- the data above the network layer is encrypted, and the encryption key for decrypting this data is the wireless terminal device and the wireless transmitting / receiving device (wireless base station). Both of them are stored in advance.
- a packet transmitted by the wireless terminal device after being encrypted is decrypted by the wireless base station, and conversely, a packet transmitted after being encrypted by the wireless base station is decrypted by the wireless terminal device.
- the wireless terminal device in order to ensure security in the wireless section and to facilitate the transfer of the wireless terminal device, the above two systems are used.
- An authentication server is provided.
- the wireless base station when a wireless terminal device requests permission to access a wireless base station, the wireless base station requests an ID from the wireless terminal device and transfers this ID to an authentication server.
- the authentication server that authenticates the ID sends an encryption key to the wireless base station along with an acceptance message, and the wireless base station notifies the wireless terminal device of the encryption key, and uses this encryption key.
- the wireless terminal device is configured to be able to access the network system.
- the MAC address of the base station (AP) that is to perform wireless communication exists in the AP information management table held by the mobile terminal device. If the MAC address does not exist in the AP management table, a public key authentication request is made to the base station, and the MAC address exists in the AP management table. The public key to the base station A re-authentication request is made (see, for example, Patent Document 1).
- Patent Document 1 Japanese Patent Laid-Open No. 2003-005641
- IPsec when IPsec is used for the construction of a wide area wireless LAN system or a wireless VoIP network system, the data above the transport layer is encrypted.
- both the wireless terminal device and the wireless base station store the encryption key in advance, and it is not necessary to exchange the encryption key.
- the accompanying communication disconnection time is extremely short.
- each wireless base station must store the encryption keys of all wireless terminal devices connected to the communication network system. As the number of wireless terminal devices increases, the cost of the wireless base station increases.
- each wireless base station encrypts all wireless terminal devices connected to the network. There is no need to remember keys.
- the wireless server by the authentication server performs the wireless communication. Since it is necessary to authenticate the terminal device again, there is a problem in that communication between the wireless terminal device and the wireless base station is interrupted during the re-authentication.
- An object of the present invention is to provide a security function in a wireless section and based on data of all layers.
- QoS can be provided, the communication disconnection time when the wireless terminal device is moving is extremely short, and the encryption keys of all wireless terminal devices connected to the communication network system by each wireless transmitting / receiving device must be stored.
- the purpose is to provide a wireless communication system with high cost merit.
- the wireless communication system of the present invention is a wireless communication system in a communication network system including a plurality of wireless transmission / reception devices that can communicate with each other to form a wireless area that can be accessed by a wireless terminal device that transmits and receives wireless signals.
- the wireless terminal device includes a terminal-side encryption unit that encrypts a transmission signal to be transmitted to the wireless transmission / reception device, and the wireless transmission / reception device decrypts the reception signal received from the wireless terminal device.
- An encryption key storage unit for storing the received encryption key for the network, a network side decryption unit for decrypting the received signal based on the received encryption key, and another adjacent to the own wireless area.
- an encryption key delivery unit that delivers the received encryption key to another wireless transmission / reception device that forms a wireless area.
- the radio signal transmitted by the radio terminal device is encrypted by the terminal side encryption unit, the security in the uplink direction in the radio section is maintained. Further, since the network side decryption key unit decrypts the encrypted transmission signal using the reception encryption key stored in the encryption key storage unit of the wireless transmission / reception apparatus, the communication network system decrypts this signal. QoS can be provided based on the data of all layers of the received signal. Further, when the wireless terminal device moves to another wireless area adjacent to its own wireless area, the wireless transmitting / receiving device in the other wireless area promptly uses this received encryption key to quickly transmit this wireless terminal device. Decoding of the transmission signal transmitted by the terminal device can be started.
- the disconnection time of the transmission from the wireless terminal device can be extremely shortened, and the encryption keys of all the wireless terminal devices connected to the communication network system by each wireless transmission / reception device are stored. Therefore, it is possible to provide a wireless communication system with high cost merit.
- FIG. 1 is a block diagram showing a basic configuration of a radio communication system according to Embodiment 1 of the present invention.
- FIG. 2 is a configuration diagram of a table of a radio transmission / reception apparatus of the radio communication system according to Embodiment 1 of the present invention.
- FIG. 3 is a block diagram showing another configuration example of the wireless communication system according to Embodiment 1 of the present invention.
- FIG. 4 is a table of another wireless transmission / reception device of the wireless communication system according to Embodiment 1 of the present invention.
- FIG. 5 is a block diagram showing a basic configuration of a radio communication system according to Embodiment 2 of the present invention.
- FIG. 6 is a configuration diagram of a table of a radio transmission / reception apparatus of the radio communication system according to Embodiment 2 of the present invention.
- FIG. 7 is a block diagram showing another configuration example of the wireless communication system according to Embodiment 2 of the present invention.
- FIG. 8 is a table of another wireless transmission / reception device of the wireless communication system according to Embodiment 2 of the present invention.
- FIG. 9 is a block diagram showing a specific example of a radio transmission / reception apparatus in the radio communication system according to Embodiment 1 and Embodiment 2 of the present invention.
- FIG. 10 is a flowchart showing the operation of the radio terminal apparatus in the radio communication system according to Embodiment 1 and Embodiment 2 of the present invention.
- FIG. 11 is a block diagram showing a basic configuration of a radio communication system according to Embodiment 3 of the present invention.
- FIG. 12 is a configuration diagram of a table of a radio transceiver apparatus of the radio communication system according to Embodiment 3 of the present invention.
- FIG. 13 is a block diagram showing another configuration example of the wireless communication system according to the third embodiment of the present invention.
- FIG. 14 is a configuration diagram of a table of another wireless transmission / reception device of the wireless communication system according to the third embodiment of the present invention.
- FIG. 15 is a block diagram showing a basic configuration of a radio communication system according to Embodiment 4 of the present invention.
- FIG. 16 is a configuration diagram of a table of a radio transmission / reception apparatus of the radio communication system according to Embodiment 4 of the present invention.
- FIG. 17 is a block diagram showing another configuration example of the wireless communication system according to the fourth embodiment of the present invention.
- FIG. 18 is a configuration diagram of a table of another wireless transmission / reception device of the wireless communication system according to the fourth embodiment of the present invention.
- FIG. 19 is a block diagram showing a specific example of a wireless transmission / reception device in the wireless communication system of the present invention.
- FIG. 20 is a block diagram showing a configuration of a radio transmission / reception apparatus in the radio communication system of the present invention.
- FIG. 21 is a block diagram showing a basic configuration of a radio communication system according to Embodiment 5 of the present invention. Configuration diagram of a radio transmitter / receiver table of a radio communication system according to Embodiment 5
- FIG. 23 is a block diagram showing another configuration example of the wireless communication system according to the fifth embodiment of the present invention.
- FIG. 24 is a configuration diagram of a table of another wireless transmission / reception device of the wireless communication system according to the fifth embodiment of the present invention.
- FIG. 25 is a block diagram showing a basic configuration of a radio communication system according to Embodiment 6 of the present invention.
- FIG. 26 is a configuration diagram of a table of a radio transmission / reception apparatus of the radio communication system according to Embodiment 6 of the present invention.
- FIG. 27 is a block diagram showing another configuration example of the wireless communication system according to the sixth embodiment of the present invention.
- FIG. 28 is a configuration diagram of a table of another radio transmission / reception device of the radio communication system according to the sixth embodiment of the present invention.
- FIG. 29 is a block diagram showing a basic configuration of a radio communication system according to Embodiment 7 of the present invention.
- FIG. 30 is a configuration diagram of a table of a radio transmission / reception apparatus of the radio communication system according to Embodiment 7 of the present invention.
- FIG. 31 is a block diagram showing another configuration example of the wireless communication system according to the seventh embodiment of the present invention.
- FIG. 32 is a configuration diagram of a table of another wireless transmission / reception device of the wireless communication system according to the seventh embodiment of the present invention.
- FIG. 34 Block diagram showing the basic configuration of the wireless communication system according to Embodiment 8 of the present invention.
- FIG. 34 Tape of the wireless transmission / reception device of the wireless communication system according to Embodiment 8 of the present invention. Configuration diagram
- FIG. 35 is a block diagram showing another configuration example of the radio communication system according to Embodiment 8 of the present invention.
- FIG. 36 is a configuration diagram of a table of another wireless transmission / reception device of the wireless communication system according to the eighth embodiment of the present invention.
- FIG. 37 is a flowchart showing the operation of the wireless terminal device in the wireless communication system of the present invention.
- FIG. 1 is a block diagram showing a basic configuration of a radio communication system according to Embodiment 1 of the present invention.
- a communication network system 102 includes a plurality of wireless transmission / reception devices 103a, 103b, 103c that can communicate with each other (hereinafter, these are collectively referred to as “wireless transmission / reception device 103”). Called).
- the wireless transmission / reception device 103 transmits / receives a wireless signal to / from each wireless terminal device 101a, 101b (hereinafter collectively referred to as “wireless terminal device 101”) in each wireless area,
- the wireless terminal device 101 is configured to access the communication network system 102.
- the wireless transmission / reception device 103 may be able to communicate with the wired node device 112 in the communication network system 102.
- the wireless transmission / reception device 103a communicates with the wired node device 112! /,
- the wireless transmission / reception device 103a communicates with the wired node device 112! /,
- the wireless transmission / reception device 103a communicates with the wired node device 112! /
- the wireless transmission / reception apparatus 103 includes an encryption key storage unit 105, a network side decryption unit 106, an encryption key delivery unit 107, and a network side encryption unit 109.
- the wireless terminal device 101 includes a terminal side encryption unit 104 and a terminal side decryption unit 111.
- the encryption key storage unit 105 has a configuration in which a reception encryption key RR and a transmission encryption key SS and a terminal ID individually assigned to the wireless terminal device 101 are stored in association with each other.
- FIG. 2 is a configuration diagram of a table of the wireless transmission / reception apparatus of the wireless communication system according to the present embodiment.
- the table a shown in FIG. 2A is stored in the encryption key storage unit 105 of the wireless transmission / reception device 103a. It shows how the received encryption key RRa and the transmission encryption key SSa and the terminal IDa, the reception encryption key RRb and the transmission encryption key SSb and the terminal IDb are stored in association with each other.
- Table b shown in FIG. 2B shows a state in which the encryption key storage unit 105 of the wireless transmission / reception device 103b stores the reception encryption key RRa and the transmission encryption key SSa in association with the terminal IDa. .
- the encryption key storage unit 105 of the wireless transmission / reception device 103c has the reception encryption key RRa and the transmission encryption key SSa and the terminal IDa, the reception encryption key RRb and the transmission encryption key SSb and the terminal IDb. And show how they are stored in association with each other.
- the terminal ID used here may be any terminal ID such as a MAC address or an IP address that can be identified.
- the terminal ID may be a serial number of the wireless terminal device 101 or a user ID of a user who uses the communication network system 102 by the wireless terminal device 101! /.
- the transmission signal AS transmitted by the wireless terminal device 101a is encrypted by the terminal side encryption unit 104 of the wireless terminal device 101a in order to maintain security in the wireless section. Further, the encrypted transmission signal AS is transmitted to the network side decryption unit 106 using the reception encryption key RRa shown in the table a of FIG. 2A stored in the encryption key storage unit 105 of the wireless transceiver 103a. Is decrypted. As a result, the communication network system 102 can provide QoS based on the data of all layers of the decoded signal S.
- the encryption key storage unit 105 of the wireless transmission / reception device 103a is a transmission encryption that is information for encrypting the reception signal AR received by the wireless terminal device 101a.
- the key SSa the key transmitted from the wireless transmission / reception device 103a and received by the wireless terminal device 101a is encrypted by the network side encryption key unit 109 based on the transmission encryption key SSa.
- the terminal side decoding unit 111 of the wireless terminal device 101a is configured to decode this received signal AR. As a result, security in the wireless zone is maintained!
- the reception signal R transmitted from the wired node device 112 of the communication network system 102 and received by the wireless transmission / reception device 103a is not encrypted. Therefore, this communication network system 102 can provide QoS based on data of all layers of the received signal R. Noh.
- the wireless area a of the wireless transmission / reception device 103a is adjacent to the wireless area b of the wireless transmission / reception device 103b and the wireless area c of the wireless transmission / reception device 103c. Also, the wireless transmission / reception device 103a receives a reception encryption key RR for decrypting the transmission signal AS received from the wireless terminal device 101 in the wireless area between the wireless transmission / reception device 103b and the wireless transmission / reception device 103c. a is passed by the mutual encryption key delivery unit 107.
- the encryption key passing unit 107 of the wireless transmission / reception device 103a is connected to the wireless transmission / reception device 103b and the wireless transmission / reception device 103c that form the wireless area b and the wireless area c adjacent to the wireless area a, and to the wireless terminal device 101a.
- the transmission encryption key SSa for encrypting the received signal AR to be transmitted will be passed.
- the wireless transmission / reception apparatus 103b stores the reception encryption key RRa and the transmission encryption key SSa as shown in the table b.
- the wireless transmitting / receiving device 103b quickly transmits the wireless terminal device 101a using the received encryption key RRa received in advance.
- the decoding of the signal AS can be started.
- wireless terminal apparatus 101a can start encryption of reception signal AR received by wireless terminal apparatus 101a quickly using transmission encryption key SSa received in advance.
- the time for which the reception of the device 101a is cut off can be extremely short.
- the wireless transmission / reception device 103a receives the reception encryption key RRb and the transmission used when communicating with the wireless terminal device 101b.
- the encryption key SSb (not shown) is received from the wireless transmission / reception device 103c.
- the encryption key storage unit 105 of the wireless transmission / reception device 103a includes a reception encryption key RRa and a transmission encryption key for communicating with the wireless terminal device 101a in the wireless area a.
- SSa and the reception encryption key received from adjacent wireless transceiver 103c RRb and transmission encryption key SSb can be stored.
- the wireless transmission / reception device 103a reliably decrypts the transmission signal AS from the wireless terminal device 101a using the reception encryption key RRa for communication with the wireless terminal device 101a in its own wireless area a.
- the encryption key storage unit 105 of the wireless transmission / reception device 103 communicates with the encryption key storage unit 105 of the wireless transmission / reception device of another wireless area adjacent to its own wireless area. If the configuration can store the reception encryption key RR and transmission encryption key SS passed by the wireless communication terminal 101 and the reception encryption key RR and transmission encryption key SS for communication with the wireless terminal device 101 in its own wireless area, communication is sufficient. It is not necessary to store the reception encryption key RR and the transmission encryption key SS of all wireless terminal devices having access rights to the network system 102.
- the wireless terminal device 101a is in the wireless area a, and the wireless terminal device 101b is in the adjacent wireless area c. Therefore, the encryption key storage unit 105 of the wireless transmission / reception device 103a and the wireless transmission / reception device 103c transmits / receives to / from the wireless terminal device 101a and the wireless terminal device 101b as shown in the table a of FIG. 2A and the upper table c of FIG. 2C.
- the terminal IDa assigned to each wireless terminal device includes the reception encryption key RRa and reception encryption key RRb for decrypting the transmission / reception signal to be transmitted, and the transmission encryption key SSa and transmission encryption key SSb for encryption. And stored in association with the terminal IDb.
- the encryption key storage unit 105 of the wireless transmission / reception device 103b has no wireless terminal device in the wireless area b and the wireless terminal device 101a in the adjacent wireless area a, so as shown in the table b in FIG. 2B.
- the reception encryption key RRa for decrypting the transmission / reception signal transmitted / received to / from the wireless terminal device 101a and the transmission encryption key SSa for encryption are associated with the terminal IDa assigned to the wireless terminal device 101a.
- the wireless transmitting / receiving device 103b moves to the wireless area b in the same manner as the operation of the wireless transmitting / receiving device 103a described above.
- the reception encryption key RRa and the transmission encryption key SSa for communicating with the wireless terminal device 101a are sent to the wireless transmission / reception device 103a in the wireless area a adjacent to the wireless area b.
- the wireless terminal device 101a moves from the wireless area a to the wireless area b and the wireless terminal device 101a moves out of the wireless area a, the wireless area c not adjacent to the wireless area b
- the wireless transmission / reception device 103c does not receive the reception encryption key RRa and the transmission encryption key SSa for the wireless terminal device 101a from the wireless transmission / reception device 103b.
- the wireless transmission / reception device 103c stores the encryption key storage of the wireless transmission / reception device 103c as shown in the table c (lower part) of Fig. 2C.
- the received encryption key RRa, transmission encryption key SSa, and terminal IDa stored in unit 105 are deleted.
- the wireless transmitting / receiving device 103 transmits the terminal ID of the wireless terminal device 101, the reception encryption key RR, and the transmission It is not necessary for the encryption key SS to be immediately deleted from the encryption key storage unit 105.
- the encryption key SS may be deleted after a certain period of time.
- the wireless transmission / reception device 103 stores the terminal ID, the reception encryption key RR, and the transmission encryption key SS of the wireless terminal device in its own wireless area and the adjacent wireless area.
- the storage area may be configured to store the terminal ID, reception encryption key RR, and transmission encryption key SS of the wireless terminal device 101 newly added to its own wireless area or an adjacent wireless area.
- FIG. 3 shows an operation example when the wireless terminal device 101c is newly added to the wireless area c of the wireless transmission / reception device 103c.
- FIG. 4 is a configuration diagram of a table of another wireless transmission / reception device of the wireless communication system according to the present embodiment.
- the wireless terminal device 101a has moved from the wireless area a to the wireless area b, and the terminal IDa, the reception encryption key RRa, and the upper table a shown in FIG. 4A and the table b shown in FIG.
- the transmission encryption key SSa is associated and stored.
- the encryption key storage unit 105 of the wireless transmission / reception device 103c includes the terminal IDa, the reception encryption key RRa, and the transmission of the wireless terminal device 10la previously included in the adjacent wireless area a in the upper part of the table c illustrated in FIG. 4C.
- the encryption key SSa is stored without being erased.
- the wireless transceiver 103c has the terminal IDa and the reception encryption key R. Ra and the transmission encryption key SSa are stored, and the terminal IDc of the wireless terminal device 101c, the reception encryption key RRc, and the transmission encryption key SSc are newly stored in the storage area of the encryption key storage unit 105 and adjacent to each other.
- the reception encryption key RRc and the transmission encryption key S Sc are sent to the wireless transmission / reception device 103a. Therefore, as shown in the lower part of table a in FIG. 4A, the wireless transmission / reception device 103a associates the terminal IDc of the wireless terminal device 101c with the reception encryption key RRc and the transmission encryption key SSc in the storage area of the encryption key storage unit 105.
- the encryption key storage unit 105 of the wireless transmission / reception device 103 is already outside the wireless area.
- the storage area that stores the encryption key for a certain wireless terminal device 101 is configured to store the encryption key for the new wireless terminal device 101, and the storage capacity of the encryption key storage unit 105 is increased. It has become possible to use it efficiently.
- the encryption key storage unit 105 of the wireless transmission / reception device 103c receives and encrypts the reception encryption keys RRc, RRb and transmission for encrypting and decrypting the wireless signal to be transmitted and received
- Encryption keys SSc, SSb and terminal IDc, IDb are stored in association with each other.
- the wireless terminal device 101 that communicates with each terminal ID stored in advance is determined, and The wireless signal transmitted using the transmission encryption key SS and the reception encryption key RR can be securely encrypted and decrypted.
- FIG. 5 is a block diagram showing a basic configuration of a radio communication system according to Embodiment 2 of the present invention.
- the second embodiment of the present invention components common to the above-described wireless communication system according to the first embodiment will be described with the same reference numerals.
- the radio communication system according to the second embodiment uses the reception encryption key RR and the transmission encryption key SS used in the radio communication system according to the first embodiment, etc.
- the transmission / reception encryption key SR is used.
- the reception signal AR and the transmission signal AS in the wireless section are encrypted. Security is maintained and the received signal R and the communication network system 102 Since the transmission signal S is not encrypted, QoS can be provided based on data of all layers.
- the wireless terminal device 101 and the wireless transmission / reception device 103 have the transmission encryption key as the transmission encryption key. Compared to a configuration in which the reception encryption key and the transmission encryption key need not be distinguished from each other, the cost merit is further increased.
- FIG. 6 is a configuration diagram of a table of the wireless transmission / reception apparatus of the wireless communication system according to the present embodiment.
- the table a shown in FIG. 6A, the table b shown in FIG. 6B, and the table c shown in FIG. 6C are stored in the encryption key storage section 105 of each of the wireless transmission / reception devices 103a, 103b, and 103c. Shows how it is associated and remembered.
- unit 105 is a transmission / reception encryption key for encrypting and decrypting transmission / reception signals transmitted / received to / from radio terminal apparatus 10 la and 10 lb.
- SRa and SRb are stored in association with the terminal IDa and IDb assigned to each of the wireless terminal devices 101a and 101b.
- the encryption key storage unit 105 of the wireless transmitting / receiving device 103b is As shown in table b of 6B, a transmission / reception encryption key SRa for encrypting and decrypting a transmission / reception signal transmitted / received to / from the wireless terminal device 101a is stored in association with the terminal IDa assigned to the wireless terminal device 101a.
- the encryption key storage unit 105 of the wireless transmission / reception device 103a includes a transmission / reception encryption key SRa for encrypting and decrypting a transmission / reception signal transmitted / received to / from the wireless terminal device 101a, and adjacent wireless transmission / reception.
- the wireless transmission / reception device 103a transmits and receives the transmission / reception encryption associated with the terminal IDa of the wireless terminal device 101a in its own wireless area a without using the transmission / reception encryption key S Rb.
- the key SRa it is possible to securely encrypt and decrypt transmitted and received signals.
- the encryption key storage unit 105 of the wireless transmission / reception device 103b stores the transmission / reception encryption key SRa received by the encryption key delivery unit 107 from the adjacent wireless transmission / reception device 103a in association with the terminal IDa of the wireless terminal device 101a. .
- the wireless transmission / reception device 103b uses the transmission / reception encryption key SRa received in advance from the wireless transmission / reception device 103a to quickly encrypt the transmission / reception signal transmitted / received to / from the wireless terminal device 101a. Since the wireless terminal device 10 la moves from the wireless area a to the wireless area b, the wireless transmission / reception device 103a, the wireless transmission / reception device 103b, and the wireless terminal device 101a The transmission / reception is cut off for a very short time.
- the wireless terminal device 101a moves from the wireless area a to the wireless area b, the wireless terminal device 101a disappears from the wireless area a.
- the wireless transmission / reception device 103c in the wireless area c not adjacent to the wireless area b does not receive the transmission / reception encryption key SRa for the wireless terminal device 101a from the wireless transmission / reception device 103b.
- the wireless transmission / reception device 103c stores the encryption key storage unit 105 in the encryption key storage unit 105 as shown in the lower part of the table c in FIG. 6C. Delete the stored transmission / reception encryption key SRa and terminal IDa.
- the wireless transmitting / receiving device 103 immediately obtains the terminal ID of the wireless terminal device 101 and the transmission / reception encryption key SR. It may not be necessary to have a configuration for erasing, but it may be a configuration for erasing after a certain period of time.
- the wireless communication system includes an encryption storage unit that stores the terminal ID and the transmission / reception encryption key SR of the wireless terminal device 101 that is not in its own wireless area and the adjacent wireless area.
- the storage area in 105 may be configured to store the terminal ID of the wireless terminal device 101 newly added to its own wireless area or the adjacent wireless area and the transmission / reception encryption key SR.
- FIG. 7 shows an operation example when the wireless terminal device 101c is newly added to the wireless area c.
- FIG. 8 is a configuration diagram of a table of another wireless transmission / reception device of the wireless communication system according to the present embodiment.
- the wireless terminal device 101a is moving from the wireless area a to the wireless area b.
- the encryption key storage unit 105 of the wireless transmission / reception devices 103a and 103b stores the terminal IDa and the transmission / reception encryption key S Ra in association with each other as shown in the upper part of the tables a and b in FIGS. 8A and 8B. Has been.
- FIG. 8 shows an operation example when the wireless terminal device 101c is newly added to the wireless area c.
- FIG. 8 is a configuration diagram of a table of another wireless transmission / reception device of the wireless communication system according to the present embodiment.
- the wireless terminal device 101a is moving from the wireless area a to the wireless area b.
- the encryption key storage unit 105 of the wireless transmission / reception device 103c includes the terminal IDa and the transmission / reception encryption key SRa of the wireless terminal device 101a that was previously in the adjacent wireless area a. Is stored without erasing.
- the wireless transmission / reception device 103c transmits / receives the terminal IDc of the wireless terminal device 101c and the transmission / reception to the storage area of the encryption key storage unit 105 in which the terminal IDa and the transmission / reception encryption key SRa are stored.
- the encryption key SRc is newly stored, and the transmission / reception encryption key SRc is sent to the adjacent radio transmission / reception apparatus 103a.
- the wireless transmission / reception device 103a associates the terminal IDc of the wireless terminal device 101c and the transmission / reception encryption key SRc with the storage area of the encryption key storage unit 105.
- the wireless transmission / reception device 103 determines the wireless terminal device 101 based on each terminal ID stored in the encryption key storage unit 105.
- the transmission / reception encryption key SR stored in association with the terminal ID can be used to securely encrypt and decrypt the transmitted / received signal.
- FIG. 9 is a specific configuration example of a wireless transmission / reception apparatus in this wireless communication system.
- the radio transmission / reception apparatus in this radio communication system can be provided inside a single radio base station apparatus 210, like radio transmission / reception apparatus 103d shown in FIG. [0073]
- the wireless transmission / reception device in this wireless communication system does not necessarily have to be provided inside a single wireless base station device.
- the base station device 220 having the above and the encryption termination node device 230 having encryption and decryption functions may be combined.
- the radio transmission / reception apparatus in this radio communication system performs physical termination of radio signals at the base station apparatus, as in the radio transmission / reception apparatus 103f shown in FIG.
- the base station apparatuses 250 and 260 may be connected to an encryption communication network system 270 that can communicate with the signal being encrypted.
- radio terminal apparatus 101 in the radio communication system according to Embodiment 1 and Embodiment 2 of the present invention will be described.
- the wireless terminal device 101 includes, for example, a wireless area determination unit as a wireless area determination unit that determines that the wireless terminal device 101 has moved from outside the wireless area into the wireless area based on a reception signal from the wireless transmission / reception device 103; Based on the received signal, an encryption key exchanging unit as an encryption key exchanging means for exchanging an encryption key after the radio area discriminating unit discriminates that the radio area has moved from outside the radio area into the radio area.
- a wireless area switching unit as a wireless area switching means for switching a wireless area for performing wireless communication; and a key management server that manages the encryption key after the wireless area switching unit switches the wireless area.
- a movement notification unit serving as a movement notification means for notifying that the vehicle has moved from outside the wireless area into the wireless area.
- FIG. 10 is a flowchart showing an example of the operation of the wireless terminal device 101 configured as described above.
- the wireless area determination unit determines whether or not the wireless terminal device 101 has entered the wireless area of the communication network system 102 (step). ST301).
- the encryption key exchange unit when it is determined that the wireless terminal device 101 has entered the wireless area of the communication network system 102, the encryption key exchange unit performs the wireless transmission / reception device 103 in the wireless area in which the wireless terminal device 101 has entered. And exchanges encryption keys for transmission / reception between wireless terminal apparatus 101 and wireless transmission / reception apparatus 103 (step ST302).
- the radio area switching unit determines whether or not the radio area accessed by radio terminal apparatus 101 has been switched (step ST304). If it is determined in step ST304 that there is no wireless area switching, the wireless communication state in step ST303 is continued. If it is determined in step ST304 that the wireless terminal device 101 is out of the wireless area, the operation returns to step ST301.
- the movement notifying unit displays the communication network system 102. A key management server (not shown) is notified that the wireless terminal device 101 has moved (step ST305).
- wireless terminal apparatus 101 moves to another wireless area and is notified of the movement to the key management server, the process returns to step ST303, and this wireless terminal apparatus 101 and another wireless terminal 101 Wireless communication is started with the wireless transmitter / receiver in the area.
- the wireless transmission / reception device in the other wireless area to which the wireless terminal device 101 is moving stores the encryption key for communication with the wireless terminal device 101 in advance. Wireless communication can be performed quickly and safely without performing the procedure and the procedure for exchanging the encryption key.
- wireless communication system before wireless terminal apparatus 101 moves to an adjacent wireless area, another wireless area to which wireless terminal apparatus 101 moves is another area.
- the wireless transmission / reception device 103 can receive the reception encryption key RR for decrypting the transmission signal transmitted by the wireless terminal device 101 in advance. Therefore, according to this wireless communication system, it has a security function in the wireless section, can provide QoS based on data of all layers, and the communication disconnection time when the wireless terminal device 101 moves is extremely short. In addition, it is possible to construct a cost-effective wireless communication system that does not require the wireless transmission / reception device 103 to store the encryption keys of all the wireless terminal devices 101 connected to the communication network system 102.
- the radio communication system for example, as shown in FIG. Encryption key storage so that reception encryption key RRa for wireless terminal device 101 in its own wireless area a and reception encryption key RRa received from wireless transmission / reception devices 103b and 103c in adjacent wireless areas b and c can be stored Since the unit 105 is configured, the radio transmitting / receiving apparatus 103a can reliably decrypt the radio signal received using the reception encryption key RRa for the radio terminal apparatus 101a in its own radio area a.
- the encryption key storage unit 105 is configured to store the reception encryption key RRa passed by the encryption key transfer unit 107 and the reception encryption key RRa for the wireless terminal device 101a in its own wireless area a. Therefore, it is possible to provide a wireless communication system with higher cost merit, without having to store the reception encryption keys of all the wireless terminal devices having access rights to the communication network system 102.
- encryption key storage section 105 decrypts a received signal received from radio terminal apparatus 101a. Since the reception encryption key RRa and the terminal ID individually assigned to this wireless terminal device 101a can be stored in association with each other, each stored wireless terminal device can be stored even if there are multiple wireless terminal devices in its own wireless area a. The wireless terminal device 101a is discriminated by the terminal ID of the terminal, and the received signal received using the reception encryption key RRa associated with the terminal ID can be reliably decrypted.
- a transmission encryption key SSa that is information for encrypting a transmission signal to be transmitted to radio terminal apparatus 101a. Can be further stored in the encryption key storage unit 105. Further, the transmission signal transmitted from the network side encryption key unit 109 of the wireless transmission / reception device 103a to the wireless terminal device 101a is encrypted based on the transmission encryption key SSa, and the terminal side decryption key unit of the wireless terminal device 101a is encrypted. In 111, the received signal received from the radio transceiver 103a can be decoded. Therefore, according to this wireless communication system, the downlink security in the wireless section is maintained, and the signal of the communication network system 102 is not encrypted. Therefore, provision of QoS based on the data of all layers of the signal is provided. Is possible.
- the encryption key delivery unit 107 encrypts a transmission signal to be transmitted to the wireless terminal device 101a to the wireless transmission / reception devices 103b and 103c in the wireless area b and the wireless area c adjacent to the wireless area a. It is possible to further pass the transmission encryption key SSa for keying. Therefore, according to this wireless communication system, the wireless terminal device 101a is adjacent to another wireless area. Even when moving to b and wireless area c, the wireless transmission / reception devices 103b and 103c in wireless area b and wireless area c receive the wireless terminal device 101a promptly using the previously received transmission encryption key SSa. Signal encryption can be started, and the reception disconnection time of the wireless terminal device 101a becomes extremely short.
- the transmission encryption key SSa received from the wireless transmission / reception apparatuses 103b and 103c in the wireless area b and wireless area c can be stored in the encryption key storage unit 105.
- the wireless transmission / reception device 103a can securely encrypt a transmission signal to be transmitted to the wireless terminal device 101a by using the transmission encryption key SSa for the wireless terminal device 101a in its own wireless area a.
- the encryption key storage unit 105 stores the transmission encryption key SSa delivered by the encryption key delivery unit 107 and the transmission encryption key SSa for the wireless terminal device 101a in its own wireless area a. Can do. Therefore, according to this wireless communication system, it is not necessary to store the transmission encryption keys of all the wireless terminal devices having the access right to the communication network system 102. Therefore, it is possible to provide a wireless communication system with high cost merit. Can do.
- encryption key storage section 105 includes transmission encryption key SSa for encrypting a transmission signal to be transmitted and its wireless terminal apparatus 101. Since the terminal ID assigned separately is stored in association with each other, even if there are multiple wireless terminal devices in its own wireless area, the terminal device ID is determined by determining the wireless terminal device to communicate with each stored terminal ID.
- the transmission signal transmitted using the associated transmission encryption key SSa, SSb or SSc can be securely encrypted.
- the reception encryption key and the transmission encryption key are equal to each other by using the transmission / reception encryption key SRa of the equal information.
- the device 101a and the wireless transmission / reception device 103a can transmit and receive. Therefore, according to this wireless communication system, the wireless terminal device 101a and the wireless transmission / reception device 103a do not need to distinguish between the transmission and reception encryption keys, thereby further increasing cost merit.
- the encryption key delivery unit 107 encrypts and decrypts transmission / reception signals transmitted to and received from the wireless terminal device 101a to the wireless transmission / reception devices 103b and 103c adjacent to each other in the wireless areas.
- the sending / receiving encryption key SRa can be passed. That is, before the wireless terminal device 101a moves to the adjacent wireless area b or wireless area c, the wireless transmission / reception device 103b in the wireless area b or the wireless transmission / reception device 103c in the wireless area c is transmitted and received by the wireless terminal device 101a.
- the transmission / reception encryption key SRa for encrypting and decrypting the transmitted / received signal can be received in advance.
- the wireless transmission / reception device 103b in the wireless area b or the wireless transmission / reception device 103c in the wireless area c quickly establishes communication with the wireless terminal device 101a using the previously received transmission / reception encryption key SRa. Since the encryption / decryption of the transmission / reception signal to be transmitted / received can be started, the transmission / reception disconnection time between the wireless transmission / reception apparatus 103 and the wireless terminal apparatus becomes extremely short.
- Encryption key storage unit 105 also transmits / receives encryption keys SRa and SRb for encrypting wireless signals to be transmitted to wireless terminal apparatuses 101a and 101b, and wireless transmission / reception in which encryption key delivery unit 107 is adjacent.
- the transmission / reception encryption key SRc received from the device 103c can be stored.
- the wireless transmission / reception device 103a can securely encrypt and decrypt transmission / reception signals transmitted and received using the transmission / reception encryption key SRa for the wireless terminal device 101a in its own wireless area a.
- the encryption key storage unit 105 includes the transmission / reception encryption key SRa delivered by the encryption key delivery unit 107 and the transmission / reception encryption key SRa for the wireless terminal device 101a in its own wireless area a. Therefore, it is possible to provide a wireless communication system with high cost merit without having to store transmission / reception encryption keys of all wireless terminal devices having access rights to the communication network system 102. Can do.
- encryption key storage section 105 includes transmission / reception encryption keys SRa, SRb or SRc for encrypting and decrypting transmitted / received transmission / reception signals
- the terminal IDs individually assigned to the wireless terminal devices 101a, 101b, or 101c can be stored in association with each other. Therefore, according to this wireless communication system, even when there are a plurality of wireless terminal devices in its own wireless area, the wireless terminal device that communicates with each stored terminal ID is determined and stored in association with the terminal ID.
- the transmission / reception signal can be securely encrypted and decrypted using the transmission / reception encryption key SR, SRb or SRc.
- the radio base station apparatus of this radio communication system is the radio transceiver apparatus 103 described above. Therefore, the transmission / reception signal transmitted / received to / from the wireless terminal device 101 can be securely encrypted and decrypted.
- the wireless terminal device of this wireless communication system is connected to the communication network system 102 and the encryption key only once when entering the wireless area a, the wireless area b, or the wireless area c for the first time.
- the movement notification need only be sent to the key management server. Therefore, according to this wireless terminal device, as in the case of using IEEE802.lx, a wireless terminal device that does not have to perform an authentication and key exchange operation every time the wireless area is switched is transmitted to another wireless terminal device.
- the cut-off time for transmission and reception when moving to an area is extremely short, and safe wireless communication can be performed.
- FIG. 11 is a block diagram showing a basic configuration of a radio communication system according to Embodiment 3 of the present invention.
- a communication network system 402 includes a plurality of wireless transmission / reception devices 403a, 403b, and 403c that can communicate with each other (hereinafter, these are collectively referred to as “wireless transmission / reception device 403”). Called).
- the wireless transmission / reception device 403 transmits / receives a wireless signal to / from each wireless terminal device 401a, 401b (hereinafter collectively referred to as “wireless terminal device 401”) in each wireless area,
- the wireless terminal device 401 is configured to access the communication network system 402.
- the wireless transmission / reception device 403 may be able to communicate with the wired node device 412 of the communication network system 402.
- FIG. 11 shows that the wireless transmission / reception device 403a communicates with the wired node device 412!
- the wireless transmission / reception device 403a communicates with the wired node device 412!
- the wireless transmission / reception device 403 includes an encryption key storage device 405, a network side decryption device 406, and a network side encryption device 409.
- the wireless terminal device 401 includes a terminal side encryption unit 404 and a terminal side decryption unit 411.
- the encryption key storage device 405 has a configuration in which a reception encryption key RR and a transmission encryption key SS and a terminal ID individually assigned to the wireless terminal device 401 are stored in association with each other.
- FIG. 12 is a configuration diagram of a table of the wireless transmission / reception apparatus of the wireless communication system according to the present embodiment.
- the table Ta shown in FIG. 12A is stored in the encryption key storage of the wireless transceiver 403a.
- the apparatus 405 shows how the reception encryption key RRa and transmission encryption key SSa and terminal IDa, and the reception encryption key RRb and transmission encryption key SSb and terminal IDb are stored in association with each other.
- the table Tb shown in FIG. 12B shows how the encryption key storage device 405 of the wireless transmission / reception device 403b stores the reception encryption key RRa and the transmission encryption key SSa in association with the terminal IDa. ing.
- the table Tc shown in FIG. 12C includes the encryption key storage device 405 of the wireless transmission / reception device 403c, the reception encryption key RRa, the transmission encryption key SSa, and the terminal IDa, the reception encryption key RRb, the transmission encryption key SSb, and the terminal IDb. And show how they are stored in association with each other.
- the terminal ID used here may be any terminal ID such as a MAC address or an IP address that can be identified.
- this terminal ID may be the serial number of the wireless terminal device 401 or the user ID of a user who uses the communication network system 402 by the wireless terminal device 401! /.
- the wireless signal AS transmitted by the wireless terminal device 401a is encrypted by the terminal side encryption unit 404 of the wireless transmission / reception device 403a in order to maintain security in the wireless section.
- This encrypted wireless signal AS is decrypted by the network side decryption device 406 using the reception encryption key RRa shown in the table Ta of FIG. 12A stored in the encryption key storage device 405 of the wireless transmission / reception device 403a. I will be deceived.
- the communication network system 402 can provide QoS based on the data of all layers of the decoded signal S.
- encryption key storage device 405 of wireless transmission / reception device 403a is a transmission cipher that is information for encrypting wireless signal AR received by wireless terminal device 401a.
- the key SSa the key transmitted from the wireless transmission / reception device 403a and received by the wireless terminal device 40la is encrypted by the network side encryption device 409 based on the transmission encryption key SSa.
- the terminal side decoding unit 411 of the wireless terminal device 401a is configured to decode this wireless signal AR. Thereby, the security in the radio section in this radio communication system is maintained.
- the radio signal R transmitted from the wired node device 412 of the communication network system 402 and received by the wireless transmission / reception device 403a is not encrypted. Therefore, this communication network system 402 can provide QoS based on data of all layers of the radio signal R. Noh.
- wireless transmitting / receiving device 403a since wireless terminal device 401a is present in wireless area Ea of wireless transmitting / receiving device 403a, wireless transmitting / receiving device 403a notifies that wireless terminal device 401a is present in wireless area Ea. Therefore, the terminal presence notification signal Na is sent to the encryption key distribution device 410. In response to this terminal presence notification signal Na, the encryption key distribution device 410 sends the reception encryption key RRa and the transmission encryption key SSa for the wireless terminal device 401a to the wireless transmission / reception device 403a and other wireless devices adjacent to the wireless area Ea. It is distributed to the wireless transmission / reception device 403b and the wireless transmission / reception device 403c in the area.
- the reception encryption key RRa and the transmission encryption key SSa distributed to the wireless transmission / reception device 403b are stored in the table Tb of the wireless transmission / reception device 403b as shown in FIG. 12B.
- the wireless transmitting / receiving device 403b uses the received encryption key RRa received in advance to quickly establish the wireless terminal device 40la. Decoding of the radio signal AS to be transmitted can be started.
- wireless transmitting / receiving device 403c sends terminal presence notification signal Nb to encryption key distribution device 410 (FIG. 11). Not shown). Accordingly, the encryption key distribution device 410 makes the reception encryption key RRb and the transmission encryption key S Sb for the wireless terminal device 40 lb adjacent to the wireless area Ec of the wireless transmission / reception device 403c in response to the terminal presence notification signal Nb. It is distributed to the wireless transmission / reception device 403a in the wireless area (not shown).
- the encryption key storage device 405 of the wireless transmission / reception device 403a includes the reception encryption key R Ra and the transmission encryption key for communicating with the wireless terminal device 401a in the wireless area Ea as shown in the table Ta of FIG. 12A.
- the SSa, the reception encryption key RRb and the transmission encryption key SSb received from the encryption key distribution device 410 can be stored.
- the wireless transceiver The device 403a securely decrypts the radio signal AS from the radio terminal device 401a using the reception encryption key RRa for communication with the radio terminal device 401a in the own radio area Ea, and
- the wireless signal AR received by the wireless terminal device 401a is securely encrypted using the transmission encryption key SSa for communication with the wireless terminal device 401a in
- the encryption key storage device 405 of the wireless transmission / reception device 403a encrypts and decrypts the wireless signal received from the wireless terminal device 401b in another wireless area Ec adjacent to its own wireless area Ea.
- the reception encryption key RRb and the transmission encryption key SSb for communication and the reception encryption key RRa and the transmission encryption key SSa for the wireless terminal device 401a in its own wireless area Ea may be stored. It is not necessary to store the reception encryption key and the transmission encryption key for all wireless terminal devices having access rights to the communication network system 402.
- the wireless terminal device 401a is in the wireless area Ea, and the wireless terminal device 401b is in the adjacent wireless area Ec. Accordingly, the encryption key storage device 405 of the wireless transmission / reception device 403a and the wireless transmission / reception device 403c transmits / receives to / from the wireless terminal device 401a and the wireless terminal device 401b as shown in the table Ta in FIG. 12A and the upper table Tc in FIG. 12C.
- the terminal IDa and the terminal IDa and the transmission encryption key RRa and the reception encryption key RRb for decrypting the transmission radio signal to be transmitted and the transmission encryption key SSa and the transmission encryption key SSb for encryption are assigned to each wireless terminal device. Stored in association with terminal IDb.
- the encryption key storage device 405 of the wireless transmission / reception device 403b since the encryption key storage device 405 of the wireless transmission / reception device 403b has no wireless terminal device in the wireless area Eb and has the wireless terminal device 401a in the adjacent wireless area Ea, as shown in the table Tb of FIG. 12B.
- the reception encryption key RRa for decrypting the transmitted radio signal transmitted and received with the wireless terminal device 401a and the transmission encryption key SSa for encryption are associated with the terminal IDa assigned to the wireless terminal device 401a.
- the wireless transmitting / receiving device 403a does not send the terminal presence notification signal Na to the encryption key distribution device 410.
- the encryption key distribution device 410 does not distribute the reception encryption key RRa and the transmission encryption key SSa to the wireless transmission / reception device 403c.
- the wireless transmission / reception device 403c receives the reception stored in the encryption key storage device 405 as shown in the lower part of the table Tc in FIG. 12C. Delete encryption key RRa, transmission encryption key SSa and terminal IDa.
- the wireless transmission / reception device 403b sends the terminal presence notification signal Na to the encryption key distribution device 410 when the wireless terminal device 401a is newly added to its own wireless area 3b.
- the encryption key distribution apparatus 410 is connected to the wireless area Ea wireless transmission / reception apparatus 403a adjacent to the wireless area Eb and the wireless transmission / reception apparatus 403b of its own wireless area Eb as shown in FIG. And the transmission encryption key SSa are sent, so the information in table Ta and table Tb will not change.
- the wireless transmission / reception device 403 transmits the terminal ID of the wireless terminal device 401, the reception encryption key RR, and It is not necessary for the encryption key SS to be deleted immediately from the encryption key storage device 405. It is also possible to delete the encryption key after a certain period of time has passed.
- the wireless transmission / reception device 403 stores the terminal ID, the reception encryption key RR, and the transmission encryption key SS of the wireless terminal device in its own wireless area and the adjacent wireless area.
- the storage area may be configured to store the terminal ID, reception encryption key RR, and transmission encryption key SS of the wireless terminal device 401 newly added to the own wireless area or the adjacent wireless area.
- FIG. 13 shows an operation example when the wireless terminal device 401c is newly added to the wireless area Ec of the wireless transmitting / receiving device 403c.
- FIG. 14 is a configuration diagram of a table of another wireless transmission / reception apparatus of the wireless communication system according to the present embodiment.
- the wireless terminal device 401a since the wireless terminal device 401a has moved from the wireless area Ea to the wireless area Eb, the upper part of the table Ta shown in FIG. 14A and the table Tb shown in FIG.
- the encryption key SSa is associated and stored. Further, as shown in the upper part of the table Tc shown in FIG.
- the encryption key storage device 405 of the wireless transmission / reception device 403c includes the terminal IDa and the reception encryption key RRa of the wireless terminal device 401a previously included in the adjacent wireless area Ea. And send the encryption key SSa without erasing it.
- the wireless transmission / reception device 403c sends a terminal presence notification signal Nc to the encryption key distribution device 410.
- the encryption key distribution device 410 responds to the terminal presence notification signal Nc with the wireless transmission / reception device 4.
- the reception encryption key RRc and the transmission encryption key SSc are sent to 03c and the wireless transmission / reception apparatus 403a in the wireless area Ea adjacent to the wireless area Ec.
- the wireless transmission / reception device 403c includes the terminal IDa, the reception encryption key RRa, and the transmission as shown in the lower part of the table Tc in FIG. 14C.
- the encryption key SSa is stored, and the terminal IDc of the wireless terminal device 401c, the reception encryption key RRc, and the transmission encryption key SSc are newly stored in the storage area of the encryption key storage device 405.
- the wireless transmission / reception device 403a stores the terminal IDc of the wireless terminal device 401c, the reception encryption key RRc, and the transmission encryption key SSc in the storage area of the encryption key storage device 405. Associate and memorize.
- the encryption key storage device 405 of the wireless transmission / reception device 403 when a new wireless terminal device 401 is added to its own wireless area and a wireless area adjacent thereto, is already outside this wireless area.
- the storage area for storing the encryption key for a certain wireless terminal device 401 is configured to store the encryption key for this new wireless terminal device 401, and the storage capacity of the encryption key storage device 405 is increased. It has become possible to use it efficiently.
- the encryption key storage device 405 of the wireless transmission / reception device 403c receives the reception encryption keys R Rc, RRb for encrypting and decrypting the wireless signal to be transmitted / received. And the transmission encryption keys SSc and SSb and the terminal IDc and IDb are stored in association with each other.
- the wireless terminal device 401 communicating with each pre-stored terminal ID is determined, and this The wireless signal transmitted using the transmission encryption key SS and the reception encryption key RR can be securely encrypted and decrypted.
- FIG. 15 is a block diagram showing a basic configuration of a radio communication system according to Embodiment 4 of the present invention.
- components that are the same as those in the radio communication system according to Embodiment 3 described above are described with the same reference numerals.
- the radio communication system according to the fourth embodiment uses the reception encryption key RR and the transmission encryption key SS used in the radio communication system according to the third embodiment.
- the transmission / reception encryption key SR is used.
- radio signal AR and radio signal AS in this radio section are encrypted as in the configuration of the radio communication system according to Embodiment 3 shown in FIG. 11 and FIG. Security is maintained, and the radio signal R and the radio signal S in the communication network system 402 are not encrypted, so that QoS can be provided based on data of all layers.
- the reception encryption key and the transmission encryption key described above are the same U, and the information transmission / reception encryption key SR, so that the wireless terminal device 401 and the wireless transmission / reception device 403 are transmitted.
- the cost merit is further increased.
- the encryption key storage device 405 of the wireless transmission / reception device 403 in this wireless communication system includes a transmission / reception encryption key SR for encrypting and decrypting a transmitted / received transmission / reception signal, and the wireless terminal device 401.
- the terminal ID assigned individually is stored in association with it.
- FIG. 16 is a configuration diagram of a table of the wireless transmission / reception apparatus of the wireless communication system according to the present embodiment.
- the table Ta shown in FIG. 16A, the table Tb shown in FIG. 16B, and the table Tc shown in FIG.16C are stored in the encryption key storage device 405 of each of the wireless transmission / reception devices 403a, 403b, and 403c. And shows the state of being associated and memorized.
- the wireless transmission / reception device 403a sends a terminal presence notification signal Na to the encryption key distribution device 410.
- the encryption key distribution device 410 sends the transmission / reception encryption key SRa for the wireless terminal device 40 la to the wireless transmission / reception device 403a, the wireless area Eb and the wireless area adjacent to the wireless area Ea.
- the Ec wireless transmission / reception device 403b and the wireless transmission / reception device 403c are distributed.
- the wireless transmission / reception device 403c sends the terminal presence notification signal Nb to the encryption key distribution device 410 because the wireless terminal device 401b is in this wireless area Ec.
- the encryption key distribution device 410 transmits and receives the transmission / reception encryption key SRa for the wireless terminal device 401b to the wireless transmission / reception device 403c and wireless transmission / reception of the wireless area Ea adjacent to the wireless area Ec. Distribute to device 403a.
- the wireless terminal device 401a is provided in the wireless area Ea of the wireless communication system, and the wireless terminal device 401b is provided in the adjacent wireless area Ec.
- the encryption key storage device 405 of the wireless transmission / reception device 403c are transmitted / received to / from the wireless terminal device 401a and the wireless terminal device 401b as shown in the upper part of the table Ta in FIG. 16A and the table Tc in FIG. 16C.
- Transmission / reception encryption keys SRa and SRb for encrypting and decrypting transmitted / received radio signals are stored in association with the terminal IDa and IDb assigned to the respective wireless terminal devices 401a and 40 lb.
- the encryption key storage device 405 of the wireless transmitting / receiving device 403b is shown in FIG.
- the transmission / reception encryption key SRa for encrypting / decrypting the transmission / reception signal transmitted / received to / from the wireless terminal device 401a is stored in association with the terminal IDa assigned to the wireless terminal device 401a. is doing.
- the encryption key storage device 405 of the wireless transmission / reception device 403a includes the transmission / reception encryption key SRa for encrypting and decrypting the transmission / reception signal transmitted / received to / from the wireless terminal device 40la, and the radio.
- the transmission / reception encryption key SRb for the terminal device 401b is stored in association with the terminal IDa and IDb of the wireless terminal device 401a and the wireless terminal device 401b as shown in the table Ta.
- the wireless transmission / reception device 403a uses the transmission / reception encryption key SRa associated with the terminal IDa of the wireless terminal device 401a in its own wireless area Ea without using the transmission / reception encryption key SRb to transmit a transmission / reception signal. Encryption and decryption can be reliably performed.
- the encryption key storage device 405 of the wireless transmission / reception device 403b stores the transmission / reception encryption key SRa received from the encryption key distribution device 410 in association with the terminal IDa of the wireless terminal device 401a.
- the wireless transmission / reception device 403b can quickly start encryption / decryption of transmission / reception signals transmitted / received to / from the wireless terminal device 401a using the transmission / reception encryption key SRa received in advance from the encryption key distribution device 410.
- the wireless terminal device 401a moves from the wireless area Ea to the wireless area Eb, the time during which transmission / reception is disconnected between the wireless transmission / reception device 403a and the wireless transmission / reception device 403b and the wireless terminal device 40la is extremely short. It becomes composition.
- the transmitting / receiving device 403a does not send the terminal presence notification signal Na to the encryption key distribution device 410.
- the encryption key distribution device 410 does not distribute the transmission / reception encryption key SRa to the wireless transmission / reception device 403c.
- the wireless transmission / reception device 403c is placed in the lower part of the table Tc in FIG. As shown, the transmission / reception encryption key SRa and the terminal IDa stored in the encryption key storage device 405 are deleted.
- the wireless transmission / reception device 403b sends the terminal presence notification signal Na to the encryption key distribution device 410 when the wireless terminal device 401a is newly added to its own wireless area 403b.
- the encryption key distribution device 410 sends the transmission / reception encryption key SRa to the wireless transmission / reception device 403a and the wireless transmission / reception device 403b in the wireless area Ea adjacent to the wireless area Eb. Will not occur.
- the wireless transmission / reception device 403a obtains the terminal ID of this wireless terminal device 40la and the transmission / reception encryption key SRa. It is not necessary to have a configuration for erasing immediately from the encryption key storage device 405, and a configuration for erasing after a certain period of time may be used.
- the wireless communication system includes an encryption key storage device 405 that stores the terminal ID of the wireless terminal device 401 and the transmission / reception encryption key SR that are not in its own wireless area and the adjacent wireless area.
- the terminal ID and the transmission / reception encryption key SR of the wireless terminal device 401 newly added to the own wireless area or the adjacent wireless area may be stored.
- FIG. 17 shows an operation example when a wireless terminal device 401c is newly added to the wireless area Ec.
- FIG. 18 is a configuration diagram of a table of another radio transmission / reception apparatus of the radio communication system according to the present embodiment.
- the wireless area Ea force is also moved to the wireless area Eb.
- the terminal IDa and the transmission / reception encryption key SRa are stored in association with each other in the encryption key storage apparatuses 405 of the wireless transmission / reception apparatuses 403a and 403b as shown in the upper part of the tables Ta and Tb in FIGS. ing.
- table Tc shows an operation example when a wireless terminal device 401c is newly added to the wireless area Ec.
- FIG. 18 is a configuration diagram of a table of another radio transmission / reception apparatus of the radio communication system according to the present embodiment.
- the wireless area Ea force is also moved to the wireless area Eb.
- the terminal IDa and the transmission / reception encryption key SRa are stored in association with each other in the encryption key storage
- the encryption key storage device 405 of the wireless transmission / reception device 403c uses the terminal IDa of the wireless terminal device 401a and the transmission / reception encryption key SRa that were previously in the adjacent wireless area Ea. Remember it without erasing it!
- the wireless transmission / reception device 403c sends a terminal presence notification signal Nc to the encryption key distribution device 410.
- the encryption key distribution device 410 responds to the terminal presence notification signal Nc with the wireless transmission / reception device 4.
- the transmission / reception encryption key SRc is sent to 03c and the wireless transmission / reception device 403a in the wireless area Ea adjacent to the wireless area Ec.
- wireless transmission / reception device 403c since the wireless transmission / reception device 403c does not have the wireless terminal device 40 la in the wireless area Ea adjacent to the wireless area Ec, as shown in the lower part of the table Tc in FIG.
- the key SRa is stored, and the terminal IDc of the wireless terminal device 401c and the transmission / reception encryption key SRc are newly stored in the storage area of the encryption key storage device 405.
- wireless transmission / reception device 403a stores the terminal IDc of wireless terminal device 401c and the transmission / reception encryption key SRc in the storage area of encryption key storage device 405 in association with each other.
- the wireless transmission / reception device 403 determines the wireless terminal device 401 based on each terminal ID stored in the encryption key storage device 405.
- the transmission / reception encryption key SR stored in association with the terminal ID can be used to securely encrypt and decrypt the transmission / reception signal.
- FIG. 19 is a specific configuration example of a wireless transmission / reception apparatus in this wireless communication system.
- the radio transmission / reception device 403 in this radio communication system can be provided inside a single radio base station device 510, like the radio transmission / reception device 403d shown in FIG.
- the network side encryption device 409 of the wireless transmission / reception device 403 includes, for example, an encryption unit 4091 that encrypts a signal transmitted by the wireless transmission / reception device 403, and this encryption unit 4091 as shown in FIG. And a wireless transmission unit 4092 for transmitting the signal encrypted by the above as a wireless signal.
- the network side decoding device 406 of the wireless transmission / reception device 403 includes a wireless reception unit 4062 that receives a wireless signal and a decoding unit 4061 that decodes a signal received by the wireless reception unit 4062. Yes.
- the wireless transmission / reception device 403 in this wireless communication system includes an encryption unit 4091 of the network side encryption device 409 and a decryption unit 4061 of the network side decryption device 406.
- the configuration is separable into an encryption terminator 4031 and a wireless device 4032 including a wireless transmission unit 4092 and a wireless reception unit 4062.
- the wireless transmission / reception device 403 in this wireless communication system is similar to the wireless transmission / reception device 403e shown in FIG. It may be configured to combine with the cryptographic terminator 4031 with the functions of
- B note terminator 4031 can be connected to a plurality of radio units 4032, encrypts signals transmitted from each of the plurality of radio units 4032, and transmits a plurality of radio units.
- the signal received by each of the units 4032 can be decoded. Therefore, the wireless transmission / reception device 403 in this wireless communication system performs the physical termination of the wireless signal by the wireless device 4032 and transmits the encryption terminator 4031 and the plurality of wireless devices 4032, like the wireless transmission / reception device 403f shown in FIG. This means that it is connected to the encryption communication network system 520 that can communicate with the encrypted signal.
- FIG. 21 is a block diagram showing a basic configuration of a radio communication system according to Embodiment 5 of the present invention.
- the same components as those in the wireless communication system according to the third embodiment and the fourth embodiment described above are denoted by the same reference numerals.
- a communication network system 402 includes a plurality of wireless transmission / reception devices 403 that can communicate with each other, and these wireless transmission / reception devices 403 are connected to the wireless terminal device 401 and the wireless signal in each wireless area. And the wireless terminal device 401 accesses the communication network system 402.
- the wireless transmission / reception device 403 may be communicable with the wired node device 412 of the communication network system 402.
- FIG. 11 shows an example in which the wireless transmission / reception device 403a communicates with the wired node device 412.
- the encryption key storage device 405 has a configuration in which a reception encryption key RR and a transmission encryption key SS and a terminal ID individually assigned to the wireless terminal device 401 are associated with each other and stored. 22
- the table shown in 2 shows that each encryption key storage device 405 of each wireless transmission / reception device 403 includes a reception encryption key RRa, a transmission encryption key SSa and a terminal IDa, a reception encryption key RRb, a transmission encryption key S Sb, and a terminal IDb. Show the state of storing and associating.
- the terminal ID used here is an individual wireless device such as a MAC address or an IP address. Any device that can identify the terminal device 401 may be used. For example, this terminal ID may be the serial number of the wireless terminal device 401 or the user ID of a user who uses the communication network system 402 by the wireless terminal device 401! /.
- the wireless signal AS transmitted by the wireless terminal device 401a is encrypted by the terminal-side encryption unit 404 of the wireless terminal device 401a in order to maintain security in the wireless section.
- This encrypted radio signal AS is decrypted by the network side decryption key device 400 using the reception cipher key RRa shown in the table of FIG. 22 stored in the cipher key memory device 405 of the radio transceiver 403a.
- the communication network system 402 can provide QoS based on the data of all layers of the decoded signal S.
- the encryption key storage device 405 of the wireless transmission / reception device 403a receives a transmission encryption key SSa, which is information for encrypting the wireless signal AR to be transmitted to the wireless terminal device 401, as shown in the table of FIG. I remember it. Further, the radio signal AR transmitted from the network side encryption device 409 of the wireless transmission / reception device 403a is encrypted based on the transmission encryption key SSa, and thus the terminal side decryption device provided in the wireless terminal device 401 is provided.
- the collar unit 411 is configured to decode the radio signal AR. As a result, the security in the radio section in this radio communication system is maintained! /.
- the signal R of the communication network system 402 is not encrypted as described above, it is possible to provide QoS based on the data of all layers of the signal R.
- wireless transmitting / receiving device 403a notifies that wireless terminal device 401a is present in wireless area Ea.
- Terminal presence notification signal Na is sent to encryption key distribution apparatus 410 shown in FIG.
- the encryption key distribution device 410 sends the reception encryption key RRa and the transmission encryption key SSa for the wireless terminal device 401a to all the wireless transmission / reception devices 403a, 403b, 403c, 403d, 403e. To distribute.
- the wireless transmission / reception device 403b can store the reception encryption key RRa and the transmission encryption key SSa as shown in the table of FIG. Even if you move to the wireless area Eb adjacent to the wireless area Ea, The transmission / reception device 403b can quickly start decryption of the wireless signal AS transmitted by the wireless terminal device 401a using the received encryption key RRa received in advance, and transmission from the wireless terminal device 4 Ola is disconnected. The time is very short. Similarly, in this wireless communication system, since the encryption of the radio signal AR received by the wireless terminal device 401a can be quickly started using the previously received transmission encryption key SSa, reception of the wireless terminal device 401a is disconnected. The time to be used is also extremely short.
- the wireless transmission / reception device 403c sends a terminal presence notification signal Nb to the encryption key distribution device 410.
- the encryption key distribution device 410 sends the reception encryption key RRb and the transmission encryption key SSb for the wireless terminal device 401b to all the wireless transmission / reception devices 403a, 403b, 403b, in response to the terminal presence notification signal Nb. Distribute to 403c, 403d, 403e.
- the encryption key storage device 405 of the wireless transmission / reception device 403a receives a reception encryption key RRb for encrypting and decrypting the wireless signal received from the encryption key distribution device 410. It is possible to store the transmission encryption key SSb, the reception encryption key RRa and the transmission encryption key SSa for the wireless terminal device 401a in its own wireless area Ea. Further, the wireless transmission / reception device 403a securely decrypts the received radio signal AS using the reception encryption key RRa for the wireless terminal device 401a in the own wireless area Ea, and is in the own wireless area Ea. The radio signal AR to be transmitted using the transmission encryption key SSa for the wireless terminal device 401a is securely encrypted.
- the encryption key storage device 405 only needs to be configured to store the reception encryption key and the transmission encryption key for the wireless terminal device that is accessing the communication network system 402. It is not necessary to memorize the reception encryption key and transmission encryption key for the wireless terminal device while having the right of access.
- the wireless transmission / reception device 403b sends the terminal presence notification signal Na to the encryption key distribution device 410 when the wireless terminal device 401a is newly added to its own wireless area Eb. Since the key distribution device 410 sends the reception encryption key RRa and the transmission encryption key SSa to all the wireless transmission / reception devices 403, the information in the table shown in FIG. 22 does not change.
- wireless terminal device 401c is newly added to wireless area Ec.
- the wireless transmission / reception device 403c sends a terminal presence notification signal Nc to the encryption key distribution device 410.
- the encryption key distribution apparatus 410 sends the reception encryption key RRc and the transmission encryption key SSc to all the radio transmission / reception apparatuses 403a, 403b, 403c, 403d, 403e in response to the terminal presence notification signal Nc.
- each wireless transceiver 403a, 403b, 403c, 403d, 403e stores the terminal IDc of the wireless terminal device 401c and the received encryption key in the storage area of the encryption key storage device 405 as shown in the lower part of the table of FIG. RRc and transmission encryption key SSc are stored in association with each other.
- FIG. 25 is a block diagram showing a basic configuration of a radio communication system according to Embodiment 6 of the present invention.
- FIG. 25 components common to the above-described radio communication system according to Embodiment 5 are described with the same reference numerals.
- the radio communication system according to the sixth embodiment uses the reception encryption key RR and the transmission encryption key SS used in the radio communication system according to the fifth embodiment, etc.
- the transmission / reception encryption key SR is used.
- the wireless signals AR and AS in the wireless section are encrypted and secured. Is maintained.
- the signals R and S in the communication network system 402 are not encrypted, it is possible to provide QoS based on data of all layers.
- the wireless terminal device 401 and the wireless transmission / reception device 403 have a distinction between transmission and reception.
- the transmission / reception encryption key SR can be used for encryption and decryption of transmitted and received signals, and the cost is further reduced compared to a wireless communication system with different information capabilities for the reception encryption key RR and the transmission encryption key SS. It is possible to provide a wireless communication system capable of doing so.
- Encryption key storage device 405 stores transmission / reception encryption key SR for encrypting and decrypting wireless signals to be transmitted and received and terminal IDs individually assigned to wireless terminal devices 401 in association with each other.
- the table shown in FIG. 26 shows how the transmission / reception encryption key SR and the terminal ID are stored in association with each other in the encryption key storage device 405 of the wireless transmission / reception device 403.
- the receiving device 403a sends a terminal presence notification signal Na to the encryption key distribution device 410, and the encryption key distribution device 410 sends a transmission / reception encryption key SRa for the wireless terminal device 401a in response to the terminal presence notification signal Na. , Distributed to all wireless transceivers 403.
- the wireless transmission / reception device 403c sends the terminal presence notification signal Nb to the encryption key distribution device 410, and the encryption key distribution device 410 In response to the terminal presence notification signal Nb, the transmission / reception encryption key SRb for the wireless terminal device 401b is distributed to all the wireless transmitting / receiving devices 403.
- the encryption key storage device 405 of each wireless transmission / reception device 403 encrypts and decrypts wireless signals transmitted and received with the wireless terminal device 401a and the wireless terminal device 401b.
- Transmission / reception encryption keys SRa and SRb for hesitation are stored in association with terminal IDa and IDb assigned to each wireless terminal device.
- the wireless transmission / reception device 403a transmits a wireless signal using the transmission / reception encryption key SRa associated with the terminal IDa of the wireless terminal device 401a in its own wireless area Ea without using the transmission / reception encryption key SRb. Encrypted and decrypted reliably.
- the wireless transmission / reception device 403b uses the transmission / reception encryption key SRa received in advance from the encryption key distribution device 410 to quickly start encryption / decryption of a wireless signal transmitted / received to / from the wireless terminal device 401a. Therefore, when the wireless terminal device 401a moves from the wireless area Ea to the wireless area Eb, the time required for transmission / reception to be cut off between the wireless transmitting / receiving device 403a and the wireless transmitting / receiving device 403b and the wireless terminal device 401a is extremely short. It becomes composition.
- the radio transmitting / receiving apparatus 403b sends the terminal presence notification signal Na to the encryption key distribution apparatus 410 when the radio terminal apparatus 401a is newly added to its own radio area Eb. Since the encryption key distribution device 410 sends the transmission / reception encryption key SRa to all the wireless transmission / reception devices 403 and 403b, the information in the table shown in FIG. 26 does not change.
- FIG. 27 shows an operation example when a wireless terminal device 401c is newly added to the wireless area Ec.
- the wireless transmission / reception device 403c sends a terminal presence notification signal Nc to the encryption key distribution device 410.
- the encryption key distribution device 410 responds to this terminal presence notification signal Nc for all wireless transmissions.
- the transmission / reception encryption key SRc is sent to the receiving devices 403a, 403b, 403c, 403d, and 403e.
- each wireless transceiver 403a, 403b, 403c, 403d, 403e includes the terminal IDc of the wireless terminal 401c and the transmission / reception key SRc in each encryption key storage device 405, as shown in the lower part of the table of FIG. Is newly memorized.
- the wireless transmission / reception device 403 determines the wireless terminal device 401 based on each terminal ID stored in the encryption key storage device 405, and the terminal Wireless signals can be reliably encrypted and decrypted using the transmission / reception encryption key SR stored in association with the ID.
- Each radio transmission / reception apparatus of the radio communication system according to Embodiment 5 and Embodiment 6 is the same as that of each of the radio communication systems according to Embodiment 3 and Embodiment 4 shown in FIG.
- the transmission / reception apparatus can be configured in the same manner.
- FIG. 29 is a block diagram showing a basic configuration of a radio communication system according to Embodiment 7 of the present invention.
- FIG. 29 components common to the radio communication system according to Embodiment 3 and Embodiment 4 described above are described with the same reference numerals.
- a communication network system 402 includes a plurality of wireless transmission / reception devices 403 that can communicate with each other, and these wireless transmission / reception devices 403 are connected to the wireless terminal device 401 and the wireless signal in each wireless area. And the wireless terminal device 401 accesses the communication network system 402.
- FIG. 29 in which the wireless transmission / reception device 403 can communicate with the wired node device 412 shows an example in which the wireless transmission / reception device 403a communicates with the wired node device 412.
- the encryption key storage device 405 is configured to store the reception encryption key RR and the transmission encryption key SS in association with the terminal ID individually assigned to the wireless terminal device 401.
- FIG. 30 is a configuration diagram of a table of the wireless transmission / reception apparatus of the wireless communication system according to the present embodiment. Tables Ta, Tb, and Tc shown in FIGS. 30A, 30B, and 30C are respectively stored in the encryption key storage device 405 of each of the wireless transmission / reception devices 403a, 403b, and 403c, the reception encryption key RR, the transmission encryption key SS, the terminal ID, Show the state of storing and associating.
- the terminal ID can be identified by each wireless terminal device 401 such as a MAC address or IP. As long as it is possible, the manufacturing number of the wireless terminal device 401 or the user ID of the user who uses the communication network system 402 by the wireless terminal device 401 may be used.
- the wireless signal AS transmitted by the wireless terminal device 401a is encrypted by the terminal side encryption unit 404 of the wireless terminal device 401a in order to maintain security in the wireless section.
- This encrypted radio signal AS is decrypted by the network side decryption device 406 using the received encryption key RRa shown in the table Ta of FIG. 30A stored in the encryption key storage device 405 of the wireless transmission / reception device 403a. To do.
- this communication network system 402 can provide QoS based on the data of all layers of the decoded signal S.
- encryption key storage device 405 of wireless transmission / reception device 403a is transmission information for encrypting wireless signal AR to be transmitted to wireless terminal device 401a.
- the radio signal AR transmitted from the network side encryption key device 409 of the wireless transmission / reception device 403a is encrypted based on the transmission encryption key SSa, and the terminal side decryption key portion of the wireless terminal device 401a. 411 decodes this radio signal AR.
- security in the wireless section of this wireless communication system is maintained.
- the signal R of the communication network system 402 since the signal R of the communication network system 402 is not encrypted, it is possible to provide QoS based on the data of all layers of the signal R.
- the wireless transmission / reception device 403a transmits a terminal to notify that the wireless terminal device 401a is in the wireless area Ea.
- the presence notification signal Na is sent to the encryption key distribution device 410.
- the encryption key distribution device 410 distributes the reception encryption key RRa and the transmission encryption key SSa for the wireless terminal device 401a to the wireless transmission / reception device 403a in response to the terminal presence notification signal Na.
- the encryption key storage device 405 of the wireless transmission / reception device 403a encrypts the wireless signal transmitted to and received from each wireless terminal device 401 received from the encryption key distribution device 410, as shown in the upper part of the table Ta in Fig. 30A.
- the reception encryption key RRa and the transmission encryption key S Sa for storing and decrypting are stored.
- the wireless transmission / reception device 403b sends the terminal presence notification signal Na to the encryption key distribution device 410.
- the encryption key distribution device 410 wirelessly receives the reception encryption key RRa and the transmission encryption key SSa for the wireless terminal device 401a without performing authentication of the wireless terminal device 401a again by the authentication server. This is distributed to the transmission / reception device 403b.
- the encryption key storage device 405 of the wireless transmission / reception device 403a encrypts and transmits the wireless signal transmitted / received to / from the wireless terminal device 401a received from the encryption key distribution device 410, as shown in the lower part of the table Ta in FIG. 30A. Delete the reception encryption key RRa and the transmission encryption key SSa for decryption.
- the encryption key storage device 405 of the wireless transmission / reception device 403b newly stores the reception encryption key RRa and the transmission encryption key SSa as shown in the lower part of the table Tb in FIG. 30B.
- the wireless transmission / reception device 403b can promptly start encryption / decryption of the wireless signal AS transmitted / received to / from the wireless terminal device 401a. Therefore, in this wireless communication system, the time required for disconnecting communication between the communication network system 402 and the wireless terminal device 401a can be extremely short.
- the wireless transmission / reception device 403c sends the terminal presence notification signal Nb to the encryption key distribution device 410.
- the encryption key distribution device 410 sends the reception encryption key RRb and the transmission encryption key SSb for the wireless terminal device 401b to the wireless transmission / reception device 403c and the wireless area Ea adjacent to the wireless area Ec. Distributed to the wireless transceiver 403a.
- Each wireless transmission / reception device when its own wireless area power wireless terminal device is lost, transmits the terminal ID, reception encryption key RR and transmission encryption key SS of this wireless terminal device to the encryption key storage device 405. It is not necessary for the configuration to be erased immediately from the beginning. Also, after storing the terminal ID, reception encryption key RR, and transmission encryption key SS in all storage areas of the encryption key storage device 405, the terminal ID and reception encryption key of the wireless terminal device newly added to its own wireless area are stored. The configuration may be such that the RR and the transmission encryption key SS are overwritten.
- FIG. 31 shows an operation example when the wireless terminal device 401c is newly added to the wireless area Ec of the wireless transmission / reception device 403c.
- FIG. 32 is a configuration diagram of a table of another wireless transmission / reception apparatus of the wireless communication system according to the present embodiment. As shown in Figure 31, When the device 401a moves from the wireless area Ea to the wireless area Eb, the encryption key storage device 405 includes the terminal IDa, the reception encryption key RRa, and the transmission encryption key SSa as shown in the upper part of the table Ta and the table Tb in FIGS. 32A and 32B. Are stored in association with each other.
- FIG. 31 is used to show an operation example when a wireless terminal device 401c is newly added to the wireless area Ec.
- the encryption key storage device 405 of the wireless transmission / reception device 403c includes the terminal IDb, the reception encryption key RRb, and the transmission encryption key of the wireless terminal device 4 Olb in the wireless area Ec as shown in the upper part of the table Tc in FIG. 32C. I remember SSb.
- the wireless transmission / reception device 403c sends a terminal presence notification signal Nc to the encryption key distribution device 410.
- the encryption key distribution apparatus 410 sends the reception encryption key R Rc and the transmission encryption key SSc to the wireless transmission / reception apparatus 403c in response to the terminal presence notification signal Nc. Since there is no wireless terminal device 401a in the wireless area Ea adjacent to the wireless area Ec, the wireless transmission / reception device 403c is connected to the encryption key storage device 405 as shown in the lower part of the table Tc in FIG. 32C.
- the terminal IDc of 401c, the reception encryption key RRc, and the transmission encryption key SSc are stored in association with each other.
- FIG. 33 is a block diagram showing a basic configuration of a radio communication system according to Embodiment 8 of the present invention.
- FIG. 33 components common to the radio communication system according to Embodiment 7 described above are described with the same reference numerals.
- the radio communication system according to the eighth embodiment uses the reception encryption key RR and the transmission encryption key SS used in the radio communication system according to the seventh embodiment.
- the transmission / reception encryption key SR is used.
- radio signals AR and AS in the radio section are encrypted and secured. Is maintained.
- the signals R and S in the communication network system 402 are not encrypted, it is possible to provide QoS based on data of all layers.
- the wireless terminal device 401 and the wireless transmission / reception device 403 receive the transmission encryption key and the reception encryption key.
- the encryption key storage device 405 of the wireless transmission / reception device 403 includes a transmission / reception encryption key SR for encrypting and decrypting a wireless signal to be transmitted and received, and a terminal ID individually assigned to the wireless terminal device 401.
- FIG. 34 is a configuration diagram of a table of the radio transmission / reception apparatus of the radio communication system according to the present embodiment. 34A, B, and C, table Ta, table Tb, and table Tc are stored in association with transmission / reception encryption key SR and terminal ID in encryption key storage device 405 of each wireless transmission / reception device 403a, 403b, 403c. It shows how it is.
- the wireless transmission / reception device 403a since the wireless terminal device 401a is in the wireless area Ea of the wireless transmission / reception device 403a, the wireless transmission / reception device 403a sends the terminal presence notification signal Na to the encryption key distribution device 410, and Distribution device 410 distributes transmission / reception encryption key SRa for wireless terminal device 401a to wireless transmission / reception device 403a in response to terminal presence notification signal Na.
- the wireless transmission / reception device 403c sends the terminal presence notification signal Nb to the encryption key distribution device 410, and the encryption key distribution device 410 In response to this terminal presence notification signal Nb, the transmission / reception encryption key SRb for the wireless terminal device 401b is distributed to the wireless transmitting / receiving device 403c.
- the encryption key storage device 405 of the wireless transmission / reception device 403a encrypts and decrypts the wireless signal transmitted and received with the wireless terminal device 401a as shown in the upper part of the table Ta in FIG. 34A.
- the transmission / reception encryption key SRa is stored in association with the terminal IDa assigned to the wireless terminal device 401a.
- the encryption key storage device 405 of the wireless transmission / reception device 403c wirelessly transmits / receives the transmission / reception encryption key SRb for encrypting and decrypting the wireless signal transmitted / received to / from the wireless terminal device 401b.
- the information is stored in association with the terminal IDb assigned to the terminal device 401b.
- the wireless transmission / reception device 403a can encrypt and decrypt the wireless signal transmitted / received to / from the wireless terminal device 401a, and the wireless transmission / reception device 4003c can To encrypt and decrypt radio signals sent and received it can.
- the encryption key storage device 405 of the wireless transmission / reception device 403b stores the transmission / reception encryption key SR and the terminal ID as shown in the upper part of the table Tb in FIG. / ,!
- the wireless transmission / reception device 403b sends the terminal presence notification signal Na to the encryption key distribution device 410 to distribute the encryption key.
- the device 410 distributes the transmission / reception encryption key SRa for the wireless terminal device 401a to the wireless transmitting / receiving device 403a without re-authenticating the wireless terminal device 401a by the authentication server.
- the encryption key storage device 405 of the wireless transmission / reception device 403a encrypts the wireless signal transmitted / received to / from the wireless terminal device 401a received from the encryption key distribution device 410, as shown in the lower part of the table Ta in FIG. 34A. Delete transmission / reception encryption key SRa for decryption and decryption. Also, the encryption key storage device 405 of the radio transmission / reception device 403b newly stores the transmission / reception encryption key SRa as shown in the lower part of the table Tb in FIG. 34B.
- the radio transmission / reception device 403b can start encryption and decryption of the radio signal AS to be transmitted / received to / from the radio terminal device 401a promptly. Therefore, in this wireless communication system, the time required for disconnecting communication between the communication network system 402 and the wireless terminal device 40 la is extremely short.
- the wireless transmission / reception apparatus in this wireless communication system immediately transmits the terminal ID and transmission / reception encryption key of this wireless terminal apparatus from the encryption key storage apparatus 405 when the wireless area power wireless terminal apparatus disappears. It is also possible to delete after a certain amount of time has elapsed, and after storing the terminal ID and transmission / reception encryption key in all storage areas of the encryption key storage device 405, It may be configured to overwrite the terminal ID and transmission / reception encryption key of the newly added wireless terminal device in its own wireless area.
- FIG. 35 shows an operation example when the wireless terminal device 401c is newly added to the wireless area Ec of the wireless transmission / reception device 403c.
- FIG. 36 is a configuration diagram of a table of another wireless transmission / reception apparatus of the wireless communication system according to the present embodiment.
- the encryption key storage device 405 is configured so that the wireless terminal device 401a moves from the wireless area Ea to the wireless area Eb, so that the table Ta and the table Tb in FIGS. , Send with device IDa Store the encryption key SRa in association with it.
- FIG. 35 is used to show an operation example when a wireless terminal device 401c is newly added to the wireless area Ec. 35, the encryption key storage device 405 of the wireless transmission / reception device 403c is the wireless terminal device 4 in the wireless area Ec as shown in the upper part of the table Tc in FIG. 36C.
- Olb terminal IDb and send / receive encryption key SRb are stored.
- the wireless transmission / reception device 403c sends a terminal presence notification signal Nc to the encryption key distribution device 410.
- the wireless transmission / reception device 403c is connected to the encryption key storage device 405 as shown in the lower part of the table Tc in FIG. 36C.
- the terminal IDc and the send / receive encryption key SRc are stored in association with each other.
- the radio transmission / reception apparatuses of the radio communication system according to Embodiments 7 and 8 are the same as those of the radio communication system according to Embodiment 3 and Embodiment 4 shown in FIG.
- the transmission / reception apparatus can be configured in the same manner.
- FIG. 37 is a flowchart showing an example of the operation of the wireless terminal device in this wireless communication system.
- step ST501 when the operation of wireless terminal device 401 described above starts, it is determined whether or not wireless terminal device 401 has entered the wireless area of communication network system 402 (step ST501).
- the key is exchanged between the wireless terminal device 401 and the wireless transmitting / receiving device 403 (step ST502).
- step ST503 it is determined whether or not the wireless area accessed by the wireless terminal device 401 has been switched. If it is determined in step ST504 that there is no wireless area switching, the wireless communication state in step ST503 is continued. If it is determined in step ST504 that the wireless terminal device 401 is out of the wireless area, the operation returns to step ST501. Even when the wireless terminal device 401 moves and enters another wireless area adjacent to the wireless area that has been communicating so far and the wireless area is switched, the wireless communication state is continued by returning to step ST503.
- the wireless terminal device of this wireless communication system can change the IEEE802.lx only by exchanging the encryption key with the communication network system 402 only once when it first enters the communicable wireless area.
- the wireless terminal device that does not need to perform authentication and key exchange every time the wireless area is switched the transmission / reception disconnection time when moving to another wireless area is extremely short.
- safe wireless communication can be performed.
- a plurality of wireless transmission / reception devices 403a, 403b, 403c provided in communication network system 402 that can communicate with each other are provided in each wireless area. It is possible to access the communication network system 402 from the wireless terminal devices 401a and 401b by transmitting and receiving wireless signals to and from the wireless terminal devices 401a and 401b. Further, since the radio signals transmitted by the respective radio terminal devices 401a and 401b are encrypted by the terminal side encryption key unit 404, the security in the uplink direction in the radio section is maintained.
- the network side decryption device 406 uses the received encryption key R Ra stored in the encryption key storage device 405 of the wireless transmission / reception device 403a to decrypt this encrypted wireless signal. Therefore, it is possible to provide QoS based on the data of all layers of the decoded signal.
- encryption key distribution apparatus 410 has wireless transmission / reception apparatus 403a with wireless terminal apparatus 401a in wireless area Ea capable of transmitting and receiving wireless signals, and adjacent to wireless transmission / reception apparatus 403a. Since the reception encryption key RRa is distributed to the wireless transmission / reception devices 403b and 400c in the wireless areas Eb and Ec, even when the wireless terminal device 401a moves to the adjacent wireless areas Eb and Ec The wireless transmission / reception devices 403b and 403c in the wireless areas Eb and Ec use the received encryption key RRa received in advance to quickly Decoding of the radio signal transmitted by the end device 401a can be started, and the disconnection time of transmission from the radio terminal device 401a is extremely short.
- encryption key storage device 405 is adjacent to reception encryption key RRa for wireless terminal device 401a in its own wireless area Ea.
- the wireless transmission / reception device 403a is configured to store the reception encryption key RRb for decrypting the wireless signal received from the wireless terminal device 40 lb in the wireless areas Eb and Ec.
- the radio signal received using the reception encryption key RRa for the radio terminal device 401a in the area Ea can be reliably decrypted.
- the encryption key storage device 405 receives the reception encryption key RRb for decrypting the radio signal received from the wireless terminal device 401b in the wireless area Eb adjacent to the encryption key storage device 405, and the own wireless area Ea. It is only necessary to store the reception encryption key RRa for a certain wireless terminal device 401a, and it is not necessary to store the reception encryption keys of all wireless terminal devices having access rights to the network 402. It is possible to provide a wireless communication system that can be reduced.
- encryption key storage apparatus 405 includes reception encryption key RRa for decrypting a wireless signal received from wireless terminal apparatus 401a, and this wireless Since the terminal IDa assigned individually to the terminal device 401a can be stored in association with each other, even when there are a plurality of wireless terminal devices in its own wireless area Ea, the wireless terminal device is identified based on each stored terminal ID. Thus, the received radio signal can be reliably decrypted using the reception encryption key associated with the terminal ID.
- transmission encryption key SSa that is information for encrypting a wireless signal transmitted to wireless terminal device 401a is stored in encryption key storage device 405. Is done. Further, the wireless signal transmitted to the wireless terminal device 401a is also encrypted on the network side encryption device 409 of the wireless transmission / reception device 403a based on the transmission encryption key SSa, and the terminal side decryption unit 411 of the wireless terminal device 401a The radio signal received from the radio transmission / reception device 403a is decoded. Therefore, in this wireless communication system, the downlink security in the wireless section is maintained, and the signal of the communication network system 402 is not encrypted. Therefore, QoS based on the data of all layers of the signal is used. Can be provided.
- the encryption key distribution device 410 includes a wireless transmission / reception device 403a having a wireless terminal device 40la in a wireless area Ea capable of transmitting and receiving wireless signals, and wireless areas Eb and Ec adjacent to the wireless transmission / reception device 403a.
- the transmission encryption key SSa is distributed to the wireless transmission / reception devices 403b and 403c. Therefore, even when the wireless terminal device 401a moves to the adjacent wireless areas Eb and Ec, the wireless transmission / reception devices 403b and 403c in the wireless areas Eb and Ec can quickly use the previously received transmission encryption key SSa. Since the encryption of the wireless signal received by 401a can be started, the reception disconnection time of the wireless terminal device 401a is extremely short.
- the transmission encryption key for the radio terminal apparatus in its own radio area and the transmission for the radio terminal apparatus in the adjacent radio area Since the encryption key storage device 405 stores the encryption key, the wireless transmission / reception device 403a transmits to this wireless terminal device 401a using the transmission encryption key SSa for the wireless terminal device 401a in its own wireless area Ea.
- the wireless signal can be securely encrypted.
- the encryption key storage device 405 only needs to store a transmission encryption key for a wireless terminal device in an adjacent wireless area and a transmission encryption key for a wireless terminal device in its own wireless area. Therefore, it is not necessary to store the transmission encryption keys of all the wireless terminal devices having access rights to the network 402, so that it is possible to provide a wireless communication system capable of reducing costs.
- encryption key storage apparatus 405 individually assigns a transmission encryption key for encrypting a wireless signal to be transmitted and this wireless terminal apparatus. Therefore, even if there are multiple wireless terminal devices in its own wireless area, the wireless terminal device is identified by each stored terminal ID, and the transmission associated with the terminal ID is performed. The radio signal transmitted using the encryption key can be securely encrypted.
- the encryption key distribution device 410 includes a wireless transmission / reception device 403a having a wireless terminal device 40la in a wireless area Ea capable of transmitting / receiving a wireless signal, and wireless areas Eb, Ec adjacent to the wireless transmission / reception device 403a.
- the wireless transmission / reception encryption key SRa is further distributed to the wireless transmission / reception devices 403b and 403c, before the wireless terminal device 401a moves to the adjacent wireless areas Eb and Ec, the wireless transmission / reception devices 403b and 403c of the wireless areas Eb and Ec Can receive in advance a transmission / reception encryption key SRa for encryption and decryption of a wireless signal transmitted and received by the wireless terminal device 401a.
- the wireless transmission / reception device 403a in the wireless area Ea can start encryption and decryption of a wireless signal transmitted / received to / from the wireless terminal device 401a promptly using the received encryption key RRa received in advance.
- the transmission / reception interruption time between the wireless transmission / reception device 403a and the wireless terminal device 401a is extremely short.
- the encryption key storage device 405 is a transmission / reception encryption key for encrypting and decrypting a radio signal transmitted / received to / from a wireless terminal device in its own wireless area, and a wireless signal transmitted / received to / from a wireless terminal device in an adjacent wireless area.
- the wireless transmission / reception apparatus Since the transmission / reception encryption key for encrypting and decrypting the signal is stored, the wireless transmission / reception apparatus reliably transmits / receives the wireless signal transmitted / received using the transmission / reception encryption key for the wireless terminal apparatus in its own wireless area. Can encrypt and decrypt.
- the encryption key storage device 405 is a transmission / reception encryption key for a wireless terminal device in an adjacent wireless area distributed by the encryption key distribution device 410, and a wireless terminal device in its own wireless area. Since it is not necessary to store the transmission / reception encryption keys of all the wireless terminal devices having access rights to the wireless network system 402 as long as the transmission / reception encryption keys are stored, a wireless communication system capable of reducing costs can be provided. Can be provided.
- encryption key storage apparatus 405 transmits / receives encryption keys for encrypting and decrypting wireless signals to be transmitted and received, and individual wireless terminal apparatuses. Therefore, even when there are multiple wireless terminal devices in its own wireless area, the wireless terminal device is determined based on each stored terminal ID and associated with the terminal ID. Wireless signals can be reliably encrypted and decrypted using the stored transmission / reception encryption key.
- radio in the radio communication system according to the third embodiment and the fourth embodiment According to the base station apparatus, since it has the above-described radio transmission / reception apparatus, it is possible to reliably encrypt and decrypt radio signals transmitted to and received from the radio terminal apparatus.
- the encryption key for the wireless terminal device accessing the communication network system 402 is managed.
- the encryption key distribution device 410 can reliably distribute this encryption key to the wireless transmission / reception devices.
- the cryptographic terminator in the wireless communication system according to Embodiment 3 and Embodiment 4 it is possible to connect to a plurality of wireless devices 4032, and each of the plurality of wireless devices 4032 transmits. Since the signal to be transmitted can be encrypted and the signal received by each of the plurality of wireless devices 4032 can be decrypted, it is not necessary to prepare the encryption terminator 4031 for each wireless device 4032.
- a plurality of wireless transmission / reception devices provided in communication network system 402 that can communicate with each other are connected to wireless terminal devices and wireless signals in each wireless area. And the wireless terminal device accesses the communication network system 402.
- the radio signal transmitted by each radio terminal device is encrypted by the terminal side encryption key section 404, the uplink security in the radio section is maintained.
- the network-side decryption device 406 decrypts the encrypted wireless signal using the reception encryption key stored in the encryption key storage device 405 of the wireless transmission / reception device, the communication network system 402 performs this decryption. It is possible to provide QoS based on the data of all layers of the transmitted signals.
- the encryption key distribution device 410 distributes the reception encryption key for decrypting the radio signal received from the wireless terminal device accessing the communication network system 402 to all of the wireless transmission / reception devices.
- the wireless transmitting / receiving device in this wireless area can promptly start decryption of the wireless signal transmitted by the wireless terminal device using the received encryption key received in advance. Therefore, the disconnection time for transmission from the wireless terminal device is extremely short.
- encryption key storage device 405 is configured to store a plurality of received encryption keys distributed by encryption key distribution device 410. Therefore, the radio transmission / reception apparatus can reliably decrypt the radio signal received using the reception encryption key for the radio terminal apparatus in its own radio area. Also, the encryption key storage device 405 stores only the received encryption key for decrypting the radio signal received by the wireless terminal device currently accessing the communication network system 402, so that it is sufficient. Since there is no need to store the received encryption key of the wireless terminal device by connecting to the communication network system 402 with access right to the 402, it is possible to provide a wireless communication system that can further reduce costs it can.
- encryption key storage device 405 includes a reception encryption key for decrypting a wireless signal received from a wireless terminal device, and the wireless terminal device.
- Individually assigned terminal IDs can be stored in association with each other, so even if there are multiple wireless terminal devices in its own wireless area, the wireless terminal device is determined based on each stored terminal ID, and the terminal ID is assigned.
- the received radio signal can be securely decrypted.
- the encryption key distribution apparatus 410 distributes the encrypted wireless signal to be transmitted to the wireless terminal apparatus that is accessing the communication network system 402.
- the encryption key storage device 405 stores the transmitted transmission encryption key.
- the wireless signal transmitted from the network side encryption device 409 of the wireless transmission / reception device to the wireless terminal device is encrypted based on this transmission encryption key, and wirelessly transmitted by the terminal side decoding unit 411 of the wireless terminal device.
- Transmitter / receiver capability Decodes the received radio signal. Therefore, according to this wireless communication system, the downlink security in the radio section is maintained and the signal of the communication network system 402 is not encrypted, so QoS based on the data of all layers of the signal is used. Can be provided.
- encryption key distribution apparatus 410 transmits to a wireless transmission / reception apparatus having a wireless terminal device in a wireless area where wireless signals can be transmitted / received, and to a wireless transmission / reception apparatus in a wireless area adjacent to this wireless transmission / reception apparatus.
- the encryption key is distributed.
- the wireless transmitting / receiving device in this wireless area uses the transmission encryption key received in advance to promptly encrypt the wireless signal received by the wireless terminal device. Therefore, the reception disconnection time of the wireless terminal device is extremely short.
- the transmission encryption key for the wireless terminal device in its own wireless area and the transmission for the wireless terminal device in the adjacent wireless area Since the encryption key storage device 405 stores the encryption key, the wireless transmission / reception device uses the transmission encryption key for the wireless terminal device in its own wireless area to reliably transmit the wireless signal to be transmitted to this wireless terminal device. Can be encrypted.
- the encryption key storage device 405 stores the transmission encryption key for the wireless terminal device in the adjacent wireless area and the transmission encryption key for the wireless terminal device in its own wireless area. Therefore, it is not necessary to store the transmission encryption keys of all the wireless terminal devices having access rights to the communication network system 402! Therefore, it is possible to provide a wireless communication system capable of reducing costs.
- encryption key storage apparatus 405 individually assigns a transmission encryption key for encrypting a wireless signal to be transmitted and this wireless terminal apparatus. Therefore, even if there are multiple wireless terminal devices in its own wireless area, the wireless terminal device is identified by each stored terminal ID, and the transmission associated with the terminal ID is performed. The radio signal transmitted using the encryption key can be securely encrypted.
- the reception encryption key and the transmission encryption key are transmission / reception encryption keys of the same information, and the wireless terminal device and the wireless transmission / reception device are for transmission and reception. Since there is no need to distinguish between the transmission and reception encryption keys, the cost merit is further increased.
- the encryption key distribution device 410 is configured to distribute the transmission / reception encryption key for encrypting and decrypting the wireless signal transmitted / received to / from the wireless terminal device accessing the communication network system 402 to all wireless transmission / reception devices. Before the terminal device moves to the adjacent wireless area, the wireless transmitting / receiving device in this wireless area receives in advance a transmission / reception encryption key for encryption / decryption of a wireless signal transmitted / received by the wireless terminal device. Can do.
- the wireless transmission / reception device in this wireless area can start encryption and decryption of the wireless signal transmitted / received to / from the wireless terminal device quickly using the received encryption key received in advance.
- the disconnection time for transmission and reception with the device is extremely short.
- the encryption key storage device 405 includes a transmission / reception encryption key for encrypting and decrypting a radio signal transmitted / received to / from a wireless terminal device in its own wireless area, and a wireless terminal in an adjacent wireless area.
- the wireless transmission / reception device Since a transmission / reception encryption key for encrypting and decrypting a wireless signal transmitted / received to / from a terminal device is stored, the wireless transmission / reception device transmits / receives using a transmission / reception encryption key for a wireless terminal device in its own wireless area. Wireless signals can be reliably encrypted and decrypted.
- the encryption key storage device 405 is used for the transmission / reception encryption key for the wireless terminal device in the adjacent wireless area distributed by the encryption key distribution device 410 and the wireless terminal device in its own wireless area. Since it is not necessary to store the transmission / reception encryption keys of all the wireless terminal devices having the access right to the communication network system 402, it is possible to reduce the cost.
- a communication system can be provided.
- encryption key storage device 405 individually transmits / receives encryption keys for encrypting and decrypting transmitted / received wireless signals and this wireless terminal device. Is stored in association with the terminal ID assigned to the wireless terminal device, so even if there are multiple wireless terminal devices in its own wireless area, the wireless terminal device is identified by each stored terminal ID and stored in association with the terminal ID.
- the wireless signal can be securely encrypted and decrypted using the transmitted / received encryption key.
- the radio base station apparatus in the radio communication system according to the fifth embodiment and the sixth embodiment, since the radio base station apparatus has the above-described radio transmission / reception apparatus, transmission / reception with the radio terminal apparatus is performed. It is possible to securely encrypt and decrypt a wireless signal to be transmitted.
- the encryption key management server device in the wireless communication system according to the fifth embodiment and the sixth embodiment, is a wireless terminal device that accesses the communication network system 4002. Therefore, the encryption key distribution device 410 can reliably distribute the encryption key to the wireless transmission / reception device.
- the cryptographic terminator in the radio communication system according to the fifth embodiment and the sixth embodiment, it is possible to connect to a plurality of radio devices 4032, and each of the plurality of radio devices 4032 transmits. Therefore, it is not necessary to prepare a cryptographic terminator 4031 for each wireless device 4032 since the signal received by each of the plurality of wireless devices 4032 can be decrypted.
- a plurality of wireless transmission / reception apparatuses provided in communication network system 402 that can communicate with each other are provided in each wireless area.
- Wireless signals are transmitted to and received from the wireless terminal device, and the communication network system 402 is accessed from the wireless terminal device. Since the radio signal transmitted by each radio terminal device is encrypted by the terminal side encryption unit 404, the uplink security in the radio section is maintained, and this encrypted radio signal is further transmitted by radio. Since the network-side decryption device 406 decrypts the received encryption key stored in the encryption key storage device 405 of the transmission / reception device, the communication network system 402 in all layers of the decrypted signal It is possible to provide QoS based on data.
- the encryption key distribution device 410 distributes the reception encryption key to the wireless transmission / reception device having the wireless terminal device in a wireless area where wireless signals can be transmitted and received. Therefore, even when the wireless terminal device moves to an adjacent wireless area, the wireless transmission / reception device in this wireless area does not need to authenticate the terminal again by the authentication server and receives the received encryption key from the encryption key distribution device 410 immediately. Since the decoding of the radio signal transmitted by the wireless terminal device can be started, the disconnection time of transmission from the wireless terminal device is extremely short. Further, since the encryption key storage device 405 stores only the reception encryption key for the wireless terminal device in its own wireless area, it is possible to provide a wireless communication system that can further reduce costs.
- encryption key storage apparatus 405 includes a reception encryption key for decrypting a radio signal received from a radio terminal apparatus and the radio terminal apparatus.
- Individually assigned terminal IDs can be stored in association with each other, so even if there are multiple wireless terminal devices in its own wireless area, the wireless terminal device is determined based on each stored terminal ID, and the terminal ID is assigned.
- the received radio signal can be reliably decrypted using the associated reception encryption key.
- encryption key storage device 405 further transmits a transmission encryption key, which is information for encrypting a wireless signal transmitted to the wireless terminal device.
- the wireless signal stored and transmitted from the network side encryption key device 409 of the wireless transmission / reception device to the wireless terminal device is encrypted by the terminal side decryption key unit 411 provided in the wireless terminal device after being encrypted based on the transmission encryption key. Decodes the radio signal received from the radio transceiver device. Therefore, according to this wireless communication system, the downlink security in the wireless section is Keep it!
- the signal of the communication network system 402 is encrypted, it is possible to provide QoS based on data of all layers of the signal.
- the encryption key distribution device 410 is configured to further distribute the transmission encryption key to a wireless transmission / reception device having a wireless terminal device in a wireless area where wireless signals can be transmitted and received. Therefore, according to this wireless communication system, even when the wireless terminal device moves to an adjacent wireless area, the wireless transmitting / receiving device in this wireless area can quickly receive the wireless terminal device using the previously received transmission encryption key. Since the encryption of the wireless signal to be started can be started, the reception disconnection time of the wireless terminal device is extremely short. Further, since the encryption key storage device 405 only needs to store the transmission encryption key for the wireless terminal device in its own wireless area, it is possible to provide a wireless communication system capable of reducing costs.
- encryption key storage apparatus 405 individually assigns a transmission encryption key for encrypting a wireless signal to be transmitted and this wireless terminal apparatus. Therefore, even when there are multiple wireless terminal devices in its own wireless area, the wireless terminal device is identified by each stored terminal ID, and the transmission encryption associated with the terminal ID is stored. The radio signal transmitted using the key can be securely encrypted.
- the reception encryption key and the transmission encryption key are transmission / reception encryption keys of the same information, and the wireless terminal device and the wireless transmission / reception device are for transmission and reception. Since there is no need to distinguish between the transmission and reception encryption keys, the cost merit is further increased.
- the encryption key distribution device 410 is configured to distribute the transmission / reception encryption key to a wireless transmission / reception device that has the wireless terminal device in a wireless area where wireless signals can be transmitted / received, and when the wireless terminal device moves to an adjacent wireless area However, the wireless transmission / reception apparatus in this wireless area does not need to authenticate the terminal again by the authentication server.
- the wireless transmission / reception encryption key is received from the encryption key distribution device 410 and the wireless signal transmitted / received to / from the wireless terminal device can be started immediately, the wireless transmission / reception device and the wireless terminal can be started.
- the disconnection time of transmission / reception with the apparatus is extremely short.
- the encryption key storage device 405 stores a transmission / reception encryption key for encrypting and decrypting a wireless signal transmitted / received to / from a wireless terminal device in its own wireless area, the wireless transmitting / receiving device is in its own wireless area. Securely encrypt and transmit wireless signals to be transmitted / received using transmission / reception encryption keys for wireless terminal devices.
- the encryption key storage device 405 only needs to store a transmission / reception encryption key for a wireless terminal device in its own wireless area, so that it is possible to reduce costs. Can provide.
- encryption key storage apparatus 405 transmits / receives encryption keys for encrypting and decrypting wireless signals to be transmitted / received separately to this wireless terminal apparatus. Is stored in association with the terminal ID assigned to the wireless terminal device, so even if there are multiple wireless terminal devices in its own wireless area, the wireless terminal device is identified by each stored terminal ID and stored in association with the terminal ID. The wireless signal can be securely encrypted and decrypted using the transmitted / received encryption key.
- the radio base station apparatus in the radio communication system according to the seventh embodiment and the eighth embodiment since the radio base station apparatus has the above-described radio transmission / reception apparatus, transmission / reception with the radio terminal apparatus is performed. It is possible to securely encrypt and decrypt a wireless signal to be transmitted.
- the encryption key management server apparatus in the wireless communication system according to the seventh embodiment and the eighth embodiment, is a wireless terminal apparatus that accesses the communication network system 402. Therefore, the encryption key distribution device 410 can reliably distribute the encryption key to the wireless transmission / reception device.
- the cryptographic terminator in the wireless communication system according to the seventh embodiment and the eighth embodiment, it is possible to connect to a plurality of wireless devices 4032, and each of the plurality of wireless devices 4032 transmits. Therefore, it is not necessary to prepare a cryptographic terminator 4031 for each wireless device 4032 since the signal received by each of the plurality of wireless devices 4032 can be decrypted.
- the wireless terminal device of this wireless communication system only has to exchange the encryption key with the communication network system 402 once when entering the wireless area for the first time. Therefore, according to this wireless terminal device, as in the case of using IEEE802.lx, it is not necessary to perform authentication and key exchange operations every time the wireless area is switched. The disconnection time for transmission and reception when moving to an area is extremely short, and safe wireless communication can be performed.
- the wireless communication system has a security function in a wireless section, can provide QoS based on data of all layers, has a very short communication disconnection time when the wireless terminal device moves, It is necessary for the wireless transmitter / receiver to store the encryption keys of all wireless terminals connected to the communication network system! High cost merit, useful as a wide area wireless LAN system and wireless VoIP network system that requires a wireless communication system It is.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2004-213581 | 2004-07-21 | ||
JP2004213581A JP2006033761A (ja) | 2004-07-21 | 2004-07-21 | 無線通信システム |
JP2004214957A JP2006041641A (ja) | 2004-07-22 | 2004-07-22 | 無線通信システム |
JP2004-214957 | 2004-07-22 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006009172A1 true WO2006009172A1 (ja) | 2006-01-26 |
Family
ID=35785279
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2005/013316 WO2006009172A1 (ja) | 2004-07-21 | 2005-07-20 | 無線通信システム |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2006009172A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2018064142A (ja) * | 2016-10-11 | 2018-04-19 | 富士通株式会社 | エッジサーバ,その暗号化通信制御方法,及び端末 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001111543A (ja) * | 1999-10-07 | 2001-04-20 | Nec Corp | 無線lanの暗号鍵更新システム及びその更新方法 |
JP2001258059A (ja) * | 2000-02-09 | 2001-09-21 | Lucent Technol Inc | ネットワーク内のハンドオフの実行方法 |
JP2002247047A (ja) * | 2000-12-14 | 2002-08-30 | Furukawa Electric Co Ltd:The | セッション共有鍵共有方法、無線端末認証方法、無線端末および基地局装置 |
JP2004135178A (ja) * | 2002-10-11 | 2004-04-30 | Matsushita Electric Ind Co Ltd | ハンドオーバプログラム |
-
2005
- 2005-07-20 WO PCT/JP2005/013316 patent/WO2006009172A1/ja active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001111543A (ja) * | 1999-10-07 | 2001-04-20 | Nec Corp | 無線lanの暗号鍵更新システム及びその更新方法 |
JP2001258059A (ja) * | 2000-02-09 | 2001-09-21 | Lucent Technol Inc | ネットワーク内のハンドオフの実行方法 |
JP2002247047A (ja) * | 2000-12-14 | 2002-08-30 | Furukawa Electric Co Ltd:The | セッション共有鍵共有方法、無線端末認証方法、無線端末および基地局装置 |
JP2004135178A (ja) * | 2002-10-11 | 2004-04-30 | Matsushita Electric Ind Co Ltd | ハンドオーバプログラム |
Non-Patent Citations (1)
Title |
---|
IINO S. ET AL: "A Study of Authentication Architecture for Mobile Access Networks", DENSHI JOHO TSUSHIN GAKKAI 2003 NENSOGO ZENKOKU TAIKAI KOEN RONBUNSHU, 19 March 2003 (2003-03-19), pages 233, XP002997755 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2018064142A (ja) * | 2016-10-11 | 2018-04-19 | 富士通株式会社 | エッジサーバ,その暗号化通信制御方法,及び端末 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR100704202B1 (ko) | 무선 lan 접근 인증 시스템 | |
US7362736B2 (en) | Wireless information transmitting system, radio communication method, radio station, and radio terminal device | |
EP1422875B1 (en) | Wireless network handoff key | |
US7158777B2 (en) | Authentication method for fast handover in a wireless local area network | |
EP1484856B1 (en) | Method for distributing encryption keys in wireless lan | |
US7945777B2 (en) | Identification information protection method in WLAN inter-working | |
TWI393414B (zh) | 安全交談金鑰上下文 | |
US7310424B2 (en) | Encryption key distribution and network registration system, apparatus and method | |
CN103945376B (zh) | 用于高吞吐量无线通信的在减少分组丢失情况下进行密钥重置的无线设备和方法 | |
US7107051B1 (en) | Technique to establish wireless session keys suitable for roaming | |
US20060153375A1 (en) | Data security in wireless network system | |
US20060251255A1 (en) | System and method for utilizing a wireless communication protocol in a communications network | |
US20070223701A1 (en) | Method and apparatus for utilizing multiple group keys for secure communications | |
US20060262932A1 (en) | Systems and methods for negotiating security parameters for protecting management frames in wireless networks | |
US20180288013A1 (en) | End-to-end secured communication for mobile sensor in an iot network | |
JP2012523202A (ja) | 無線ネットワークにおける直接ピアリンク確立 | |
US8631234B2 (en) | Apparatus and method for establishing encryption information common to a plurality of communication paths coupling two apparatuses | |
WO2006009172A1 (ja) | 無線通信システム | |
CN101834722B (zh) | 一种加密设备和非加密设备混合组网的通信方法 | |
JPH11239184A (ja) | スイッチングハブ | |
Wekhande | Wi-Fi Technology: Security Issues | |
JP2006041641A (ja) | 無線通信システム | |
JP2951311B1 (ja) | 移動通信ダイナミックセキュアグルーピング通信方式 | |
JP2006033761A (ja) | 無線通信システム | |
CN110650476B (zh) | 管理帧加密和解密 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |