WO2008053703A1 - Système de communication sans fil - Google Patents

Système de communication sans fil Download PDF

Info

Publication number
WO2008053703A1
WO2008053703A1 PCT/JP2007/070146 JP2007070146W WO2008053703A1 WO 2008053703 A1 WO2008053703 A1 WO 2008053703A1 JP 2007070146 W JP2007070146 W JP 2007070146W WO 2008053703 A1 WO2008053703 A1 WO 2008053703A1
Authority
WO
WIPO (PCT)
Prior art keywords
communication device
communication
unit
wireless communication
recording medium
Prior art date
Application number
PCT/JP2007/070146
Other languages
English (en)
Japanese (ja)
Inventor
Tsukasa Fujiwara
Original Assignee
Megachips Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Megachips Corporation filed Critical Megachips Corporation
Publication of WO2008053703A1 publication Critical patent/WO2008053703A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present invention relates to a wireless communication system, and particularly to a technique for easily performing wireless communication setting.
  • a wireless communication system using a wireless local area network includes an access point device that is a relay device and a client device that performs wireless communication with the access point device.
  • the user needs to make various settings related to wireless LAN communication in order to enable wireless communication between the client device and the access point device.
  • Patent Documents 1 and 2 are disclosed as techniques related to the present invention.
  • Patent Document 1 Japanese Unexamined Patent Application Publication No. 2004_215232
  • Patent Document 2 Japanese Unexamined Patent Publication No. 2006-100957
  • an object of the present invention is to provide a wireless communication system that can easily realize settings and security related to wireless communication.
  • a first aspect of the wireless communication system is a wireless communication system including a first communication device and a second communication device that performs wireless communication with the first communication device, wherein the first communication device includes: One communication device includes a first encryption unit that encrypts communication data with a first encryption key generated using a seed and identification information unique to the first communication device, and the encrypted communication A first wireless communication unit for transmitting data to the second communication device, wherein the second communication device A second wireless communication unit that receives the encoded communication data from the first communication device, a first recording medium on which the type is recorded prior to the wireless communication, and the first communication device A first decryption unit for decrypting the encrypted communication data with a first decryption key generated using the identification information and the seed recorded on the first recording medium.
  • a second aspect of the wireless communication system is the wireless communication system according to the first aspect, wherein the second communication device includes the identification information acquired from the first communication device and A second encryption unit that encrypts the communication data with a second encryption key generated using the seed recorded on the first recording medium, wherein the second wireless communication unit The encrypted communication data is transmitted to the first communication device, the first wireless communication unit receives the encrypted communication data from the second communication device, and the first communication device A second decryption unit that decrypts the communication data encrypted by the second encryption unit with a second decryption key generated using the identification information and the seed.
  • a third aspect of the wireless communication system is a wireless communication system including a first communication device and a second communication device that performs wireless communication with the first communication device, wherein the first communication device includes: The first communication device includes a first recording medium on which a first identifier generated using a seed and first identification information unique to the first communication device is recorded, and the first identification name as the second identification name.
  • a first wireless communication unit that wirelessly transmits to the communication device, wherein the second communication device receives the first identification name from the first communication device; Using the second recording medium recorded prior to the wireless communication, the first identification name acquired from the first communication device, and the seed recorded on the second recording medium, the first identification information is obtained.
  • a determination unit that generates and determines whether connection with the first communication device is possible based on the first identification information.
  • a fourth aspect of the wireless communication system is the wireless communication system according to the third aspect, wherein each of the first communication devices is recorded on the first recording medium.
  • a first encryption unit that encrypts communication data with a first encryption key generated using a seed and the first identification information, and the first wireless communication unit stores the encrypted communication data.
  • the second wireless communication unit Transmitted to the second communication device, the second wireless communication unit receives the encrypted communication data from the first communication device, and the second communication device is generated by the determination unit
  • a fifth aspect of the wireless communication system is the wireless communication system according to the third or fourth aspect, wherein the second communication device is generated by the determination unit.
  • a second encryption unit that encrypts the communication data with a second encryption key generated using the identification information and the seed recorded in the second recording medium; and the second wireless communication unit Transmits the encrypted communication data to the first communication device, and the first wireless communication unit receives the encrypted communication data from the second communication device, and transmits the first communication data to the first communication device.
  • Each of the devices includes the communication data encrypted by the second encryption unit with the second decryption key generated using the first identification information recorded on the first recording medium and the seed.
  • a second decoding unit for decoding.
  • a sixth aspect of the wireless communication system according to the present invention is the wireless communication system according to the third to fifth aspects, wherein the first identification device is the second communication Used in registration communication for registering second identification information unique to the device, generated on the first recording medium using the seed and the first identification information, and different from the first identification name; A second identification name for normal communication is recorded, and the second communication device uses the seed recorded on the second recording medium and the first identification information generated by the determination unit. Further provided is an identification name generator for generating two identification names.
  • a seventh aspect of the wireless communication system according to the present invention is the wireless communication system according to the sixth aspect, wherein the second identification name is the type used for generation of the first identification name.
  • the first type is recorded on the second recording medium, and the identification name generation unit records the first type recorded on the second recording medium.
  • the second identification name is generated using the seed and the first identification information generated by the determination unit.
  • An eighth aspect of the wireless communication system is the wireless communication system according to any one of the fourth to sixth aspects, wherein the first encryption key and the first decryption are performed.
  • the key is used during registration communication in which the first communication device registers second identification information unique to the second communication device, and the first encryption unit is recorded on the first recording medium.
  • Communication data is encrypted with a third encryption key for normal communication, which is generated using the first identification information and the seed and is different from the first encryption key, and the first decryption unit A third decryption key for normal communication that is generated using the first identification information generated by the determination unit and the seed recorded on the second recording medium, and is different from the first decryption key. Then, the communication data encrypted by the third encryption key is decrypted.
  • a ninth aspect of the wireless communication system according to the present invention is the wireless communication system according to the eighth aspect, wherein the species recorded in the first recording medium and the second recording medium are:
  • Each of the first encryption key and the first decryption key is a second type different from the type used for generation, and the third encryption key and the third decryption key are the second type. It is generated using.
  • a tenth aspect of the wireless communication system according to the present invention is the wireless communication system according to the fifth aspect, wherein the second encryption key and the second decryption key are the first communication.
  • the second encryption unit is used in registration communication for registering second identification information unique to the second communication device, and the second encryption unit uses the first identification information generated by the determination unit and the second recording medium.
  • the communication data is encrypted with a normal encryption fourth encryption key that is generated using the recorded seed and is different from the second encryption key.
  • a fourth decryption key for normal communication which is generated using the first identification information and the seed recorded on the first recording medium, and is different from the second decryption key,
  • the communication data encrypted by the conversion key is decrypted.
  • An eleventh aspect of the wireless communication system according to the present invention is the wireless communication system according to the tenth aspect, wherein the species recorded on the first recording medium and the second recording medium are:
  • the second encryption key and the second decryption key are the third kind different from the seeds used for the generation, and the fourth encryption key and the fourth decryption key are generated using the third kind.
  • a twelfth aspect of the wireless communication system according to the present invention is the wireless communication system according to any one of the third to eleventh aspects, wherein the determination unit is connected to the second communication apparatus.
  • the first identification name of the first communication device determined to be recorded is recorded, and a setting completion notification is transmitted to the first communication device.
  • the first communication device is unique to the second communication device.
  • the registration of the second identification information is invalidated because the period from when the registration operation for registering the second identification information is started until the setting completion notification is received exceeds a predetermined value.
  • a registration permission unit is further provided.
  • a thirteenth aspect of the radio communication system according to the present invention is the radio communication system according to any one of the third to eleventh aspects, wherein the determination unit is connected to the second communication apparatus.
  • the first identification name determined to be recorded is recorded, a setting completion notification is transmitted to the first communication device, and the first communication device registers second identification information unique to the second communication device.
  • a fourteenth aspect of the wireless communication system according to the present invention is the wireless communication system according to any one of the third to eleventh aspects, wherein the determination unit is connected to the second communication apparatus.
  • the first identification name determined to be recorded is recorded, a setting completion notification is transmitted to the first communication device, and the first communication device registers second identification information unique to the second communication device.
  • a registration permission unit that invalidates registration of the identification information of the second communication device when a plurality of the setting completion notifications are received within a predetermined period of time after the start of the registration operation for performing the registration operation.
  • a fifteenth aspect of the radio communication system according to the present invention is the radio communication system according to any one of the third to eleventh aspects, wherein the determination unit is connected to the second communication apparatus.
  • the first identification name determined to be recorded is recorded as one of setting information, and a setting completion notification is transmitted to the first communication device, and the first communication device receives the setting completion notification.
  • a registration permission unit for notifying the second identification information unique to the second communication device to the outside.
  • the user can easily perform wireless setting without having to specify an encryption key or a decryption key.
  • the encryption key and the decryption key do not communicate between the access point device and the client device, security can be improved.
  • the user can It is not necessary to specify which access point device the client device communicates with wirelessly, so convenience can be improved.
  • the user at the time of wireless setting, the user does not need to specify with which access point device the client device is wirelessly communicated. There is no need to set an encryption key or a decryption key.
  • the first network identifier is used for registration communication
  • the second network identifier is used for normal communication, so that the client of the third party Unauthorized registration by the device can be suppressed.
  • the encryption key and the decryption key used during registration communication are different from the encryption key and the decryption key used during normal communication. Therefore, it is possible to suppress the unauthorized registration by the client device of a third party with the power S.
  • the access point device when the setting completion command is received, the registration operation is completed. Therefore, the access point device can shorten the time for accepting registration, which is illegal. Registration of a client device can be suppressed.
  • the user wants to register.
  • the client device can be confirmed, so that unauthorized registration by a client device owned by a third party can be prevented.
  • FIG. 1 is a schematic configuration diagram showing an example of a radio communication system according to the present invention.
  • FIG. 2 is a schematic configuration diagram showing an example of an internal configuration of an access point device.
  • FIG. 3 is a schematic configuration diagram showing an example of an internal configuration of a client device.
  • FIG. 4 is a flowchart showing a wireless LAN setting operation in the wireless communication system.
  • FIG. 5 is a diagram illustrating an example of calculation processing of an identification name generation unit and an encryption key generation unit.
  • FIG. 6 is a diagram illustrating an example of calculation processing of an identification name generation unit and an encryption key generation unit.
  • FIG. 7 is a flowchart showing the operation of the registration permission unit according to the second embodiment.
  • FIG. 8 is a flowchart showing the operation of the registration permission unit according to the second embodiment.
  • FIG. 1 shows an example of a schematic configuration diagram of the radio communication system according to the first embodiment of the present invention.
  • the wireless communication system includes an access point device 1 and a client device 2.
  • the access point device 1 is connected to the network 3 via a LAN or WAN (Wide Area Network).
  • the client device 2 can be connected to the access point device 1 by wireless communication, and can be connected to the network 3 using the access point device 1 as a relay device.
  • FIG. 2 is a schematic configuration diagram showing an example of the internal configuration of the access point device 1
  • FIG. 3 is a schematic configuration diagram showing an example of the internal configuration of the client device 2.
  • the access point device 1 includes an antenna 11, a wireless communication unit 12, a network communication unit 13, a control unit 14, a recording medium 15, a timer unit 16, and an input unit 17. It is equipped with.
  • the wireless communication unit 12 can wirelessly communicate with the client device 2 via the antenna 11.
  • the network communication unit 13 is connected to the network 3 and can send and receive signals to and from other devices (not shown) connected to the network 3.
  • a setting information generation key and identification information unique to the access point device 1 are recorded in advance.
  • the setting information generation key is used to generate setting information (network identification name, network key, etc. described later) common to the access point device 1 and the client device 2 among the setting information for wireless LAN communication. It is a parameter.
  • the identification information is, for example, a manufacturing serial number or a MAC (Media Access Control) address.
  • the recording medium 15 stores a wireless LAN setting file for recording various setting information.
  • the input unit 17 includes an input button that functions as a registration button when setting a wireless LAN with the client device 2, for example.
  • the access point device 1 When the user presses the registration button, as will be described later, the access point device 1 performs a wireless LAN setting operation (including a registration operation for registering identification information unique to the client device 2 as one of the setting information. Say).
  • the trigger for starting the wireless LAN setting operation is not limited to pressing the registration button, but may be reception of a signal from the client device 2, for example.
  • the control unit 14 refers to the wireless LAN setting file recorded on the recording medium 15, and controls the operation of the wireless communication unit 12 based on various setting information recorded here. Further, the control unit 14 includes an identification name generation unit 14a, a ⁇ key generation unit 14b, a routing unit 14c, a ⁇ / decryption unit 14d, and a registration permission unit 14e.
  • the identification name generation unit 14a performs a first calculation process using the setting information generation key recorded in advance in the recording medium 15 and the identification information unique to the access point device 1 to obtain a network identification name. Generate. Further, the network identification name can be written in the network identification name field 15a in the wireless LAN setting file and recorded on the recording medium 15.
  • the network identifier is a name for distinguishing from other access point devices. For example, SSID (Service Set Identifier No. C) is used.
  • the encryption key generation unit 14b uses the setting information generation key pre-recorded on the recording medium 15 as an encryption seed and also uses the identification information unique to the access point device 1 to perform the second arithmetic processing. (Different from the first calculation process) to generate network keys as encryption and decryption keys. Further, the network key can be written in the network key column 15b in the wireless LAN setting file and recorded on the recording medium 15.
  • the force identification name generation unit 14a and the encryption key generation unit 14b which will be described in detail later, can individually generate a network identification name and a network key for registration and normal communication, respectively.
  • the routing unit 14c performs routing processing for transmitting and receiving communication data from the client device 2 to other devices (not shown) connected to the network 3.
  • the number / decoding unit 14d stores the network recorded in the wireless LAN setting file of the recording medium 15.
  • the communication data is encrypted and transmitted to the client device 2 using an encryption technique such as WEP (Wired Equivalent Privacy) or WPA (Wi-Fi Protected Access), or the client device 2 is transmitted using the network key.
  • WEP Wi-Fi Protected Access
  • Wi-Fi Protected Access Wi-Fi Protected Access
  • the registration permission unit 14e permits recording (registration) of identification information unique to the client device 2 in the wireless lan setting file of the recording medium 15. Specifically, the registration permission unit 14e initializes the timer unit 16 when a trigger for wireless LAN setting (registration) operation (for example, pressing of the registration button) is obtained. Then, when the counter value of the timer unit 16 does not exceed a predetermined value (for example, 3 minutes), the registration of the client device 2 is permitted only when the setting completion notification is received from the client device 2. In other words, the registration of the client device 2 is invalidated when the counter value of the timer unit 16 exceeds a predetermined value.
  • a trigger for wireless LAN setting (registration) operation for example, pressing of the registration button
  • the client device 2 includes an antenna 21, a radio communication unit 22, a control unit 23, a recording medium 24, and an input unit 25.
  • the wireless communication unit 22 uses the force S to communicate with the access point device 1 wirelessly via the antenna 21.
  • the input unit 25 includes an input button that functions as a registration button for starting a wireless LAN setting operation with the access point device 1, for example.
  • the client apparatus 2 starts an operation for setting the wireless LAN as will be described later.
  • the trigger for starting the AN setting by wireless is not limited to pressing the registration button, but may be, for example, reception of a signal from the access point device 1, or the setting information is not recorded in the wireless LAN setting file. Good, triggered by a certain thing.
  • the setting information generation key and identification information unique to the client device 2 are recorded on the recording medium 24.
  • the setting information generation key is the same as that recorded on the recording medium 15 of the access point device 1.
  • the recording medium 24 records a wireless LAN setting file for recording various setting information for wireless communication with the access point device 1.
  • the control unit 23 refers to the wireless LAN setting file recorded on the recording medium 24 and controls the wireless communication unit 22 based on various setting information recorded here.
  • the control unit 23 The identification name generation unit 23a, the encryption key generation unit 23b, the determination unit 23c, and the sign / decoding unit 23d are provided.
  • the determination unit 23c uses the registration network identification name (described later) acquired from the access point device 1 and the setting information generation key recorded in the recording medium 24 to The identification information is calculated. Then, it determines whether or not the access point device 1 can be connected based on the obtained identification information.
  • the identification name generation unit 23a uses the setting information generation key recorded in advance in the recording medium 24 and the identification information of the access point device 1 obtained by the determination unit 23c to use the network identification name for normal communication. (Described later). Also, the network identification name is written in the network identification name field 24a in the wireless LAN setting file and recorded on the recording medium 24 with the force S.
  • the encryption key generation unit 23b is the same as the encryption key generation unit 14b by using the setting information generation key recorded in advance on the recording medium 24 and the identification information of the access point device 1 obtained by the determination unit 23c.
  • a network key is generated by the calculation process of. Also, it is possible to write the network key in the network key field 24b of the wireless LAN setting file and record it in the recording medium 24 with the force S.
  • the encryption key generation unit 23b can individually generate a network identification name and a network key for registration and normal communication.
  • the number / decoding unit 23d performs the same operation as the number / decoding unit 14d included in the access point device 1, and the network recorded in the wireless LAN setting file (recording medium 24). Encrypt / decrypt communication data using a key.
  • the key / decryption units 14d and 23d are not limited to this, which performs encryption and decryption processing using a common network key.
  • the key generation unit 14b, 23b generates different encryption keys and decryption keys, and the key / decryption units 14d, 23d encrypt / decrypt the communication data using the encryption key and decryption key. It ’s going to be.
  • the identification name generation units 14a and 23a, the ⁇ key generation units 14b and 23b, the determination unit 23c, the ⁇ / decoding units 14d and 23d, and the registration permission unit 14e may be configured by hardware.
  • it is composed of software that realizes functions using a CPU!
  • FIG. 4 is a flowchart showing the wireless LAN setting operation of the access point device 1 and the client device 2.
  • the access point device 1 and the client device 2 are powered on.
  • the identification name generation unit 14a and the setting information generation key recorded in advance on the recording medium 15 and the identification information unique to the access point device 1 are displayed.
  • the MAC address is used as an example
  • the first arithmetic processing is executed to generate a network identification name for normal communication (hereinafter, SSID).
  • SSID network identification name for normal communication
  • the encryption key generation unit 14b uses the setting information generation key recorded in advance on the recording medium 15 and the MAC address of the access point device 1 to perform the second calculation process (different from the first calculation process). To generate a network key for normal communication. Then, the network key for normal communication is written in the network key field 15b in the wireless LAN setting file and recorded on the recording medium 15.
  • step S 103 the control unit 14 refers to the wireless LAN setting file recorded on the recording medium 15, and records various setting information (the SSID and network identity for normal communication) recorded here. Transition to a state in which wireless communication with the outside is performed based on the first level. However, at this time, the MAC address of the client device 2 is not registered in the wireless LAN setting file. Note that the processing in steps S102 and S103 is processing for performing wireless communication with the client device 2 when another registered client device 2 exists.
  • step S 104 the user presses a registration button assigned to the input unit 17, for example, in order to register the unregistered client device 2.
  • a registration operation for registering identification information unique to the client apparatus 2 is started.
  • the registration permission unit 14e initializes the counter value of the timer unit 16, and executes Step S105 described later.
  • step S105 the identification name generation unit 14a uses the setting information generation key recorded in advance in the recording medium 15 and the MAC address of the access point device 1 to describe the first calculation process. A different third calculation process is executed to generate an SSID for registration. Then, the SSID for registration is overwritten in the network identification name field 15a in the wireless LAN setting file and recorded in the recording medium 15.
  • the encryption key generation unit 14b uses a setting information generation key recorded in advance on the recording medium 15 and the MAC address of the access point device 1 to perform a fourth calculation process different from the second calculation process. To generate a network key for registration. Then, the network key for registration is overwritten on the network key field 15b in the wireless LAN setting file and recorded on the recording medium 15.
  • step S 106 the control unit 14 refers to the wireless LAN setting file recorded on the recording medium 15 and shifts to a state where wireless communication with the outside is performed. In other words, after that, wireless communication is performed using the SSID for registration and the network key for registration.
  • the client device 2 searches for (scans) the access point device 1 existing in the surroundings in step S203. Specifically, for example, the wireless communication unit 22 receives a beacon that is transmitted from the access point device 1 at regular intervals and carries the SSID, and acquires the SSID for registration of the access point device 1. Note that a probe request may be broadcast from the client device 2 to obtain an SSID for registration.
  • step S204 the determination unit 23c uses the acquired registration SSID and the setting information generation key recorded in the recording medium 24 to perform a decoding process corresponding to the third calculation process. Execute to calculate the MAC address of the access point device 1. This operation is performed for all acquired SSIDs when multiple SSIDs are acquired from multiple access point devices 1.
  • step S205 the determination unit 23c determines whether or not to connect to the access point device 1 having the MAC address.
  • the determination is made by checking the manufacturer code of the MAC address. Then, when determining that there is no access point device to be connected or when there are a plurality of access point devices determined to be connected, the determination unit 23c ends the registration operation in step S206. At this time, for example, an error may be displayed and the user notified.
  • the determination unit 23c sets the MAC address and the SSID for registration to the wireless LAN.
  • the encryption key generation unit 23b executes a fourth calculation process (the same operation as the encryption key generation unit 14b) using the setting information generation key recorded on the recording medium 24 and the MAC address, and performs registration. Generate a network key for. Then, the information is written in the network key field 24b in the wireless LAN setting file and registered in the recording medium 24.
  • step S208 the sign / decoding unit 23d uses the registration network key V, for example, the identification information of the client device 2 (for example, in the identification information column 24e of the client device).
  • the stored MAC address is encrypted.
  • the wireless communication unit 22 transmits the result to the access point device 1 indicated by the registration SSID. If the MAC address of the client device 2 is placed in the header of the communication data, it is not always necessary to send the MAC address of the client device 2! /.
  • step S209 the wireless communication unit 22 transmits to the access point device 1 a setting completion notification in which the ⁇ / decryption unit 23d performs encryption processing using the network key for registration. To do.
  • step S107 the signature / decoding unit 14d performs a decryption process on the received (encrypted) setting completion notification using the registration network key. Then, the registration permission unit 14e that has recognized the reception of the setting completion notification determines whether or not the counter value from the timer unit 16 exceeds a predetermined value (for example, 3 minutes). At 8, the registration of client device 2 is invalidated. At this time, it is also possible to send an error to the client device 2 and display the error on the client device 2! /.
  • a predetermined value for example, 3 minutes
  • the registration permission unit 14e permits registration of the client device 2 only when the counter value does not exceed the predetermined value, the time for the access point device 1 to accept registration can be limited. It is possible to suppress unauthorized registration from the client device 2 possessed by the user.
  • the registration permission unit 14e sets the acquired MAC address of the client device 2 in step S109. It is recorded in the identification information column 15c of the client device of the fixed file and recorded in the recording medium 15. Then, the registration operation ends. Specifically, by executing steps S110 and S111, which will be described later, the registration operation is terminated and the normal communication is started.
  • the time for the access point device 1 to accept the registration can be shortened, and consequently, unauthorized registration from the client device 2 held by the third party is suppressed. can do.
  • step S110 the identification name generation unit 14a executes the first calculation process using the setting information generation key recorded in advance in the recording medium 15 and the MAC address of the access point device 1, Generate SSID for normal communication. Then, the SSID for normal communication is overwritten on the network identification name field 15a in the wireless LAN setting file and recorded in the recording medium 15.
  • the encryption key generation unit 14b executes the second calculation process using the setting information generation key recorded in advance on the recording medium 15 and the MAC address of the access point device 1, and obtains the network key for normal communication. Generate. Then, the network key for normal communication is overwritten on the network key field 15b in the wireless LAN setting file and recorded on the recording medium 15.
  • step S111 the control unit 14 refers to the wireless LAN setting file recorded on the recording medium 15, and can perform wireless LAN communication with the client device 2 indicated by the registered MAC address. Transition to a new state.
  • step S210 the identification name generation unit 23a sets the setting information generation key recorded in the recording medium 24 and the MAC of the access point device 1 recorded in the wireless LAN setting file of the recording medium 24.
  • the first calculation process is executed using the address and an SSID for normal communication is generated. Then, the SSID for normal communication is overwritten on the network identification name field 24a in the wireless LAN setting file and recorded on the recording medium 24.
  • the key generation unit 23b executes the second calculation process using the setting information generation key recorded on the recording medium 24 and the MAC address, and generates a network key for normal communication. Then, the network key for normal communication is overwritten on the network key field 24b in the wireless LAN setting file and recorded on the recording medium 24.
  • the signature / decryption unit 23d performs the signature / decryption processing on the communication data using the network key for normal communication in the wireless LAN setting file recorded on the recording medium 24.
  • the control unit 23 transmits / receives the communication data to / from the access point device 1 indicated by the SSID for normal communication via the wireless communication unit 22.
  • the access point device 1 and the client device 2 have the same setting information.
  • Network identification name and network key are generated, so the user can easily set up the wireless LAN without having to input the setting information.
  • the network key is not wirelessly communicated between the access point device 1 and the client device 2, security can be improved. And since the user does not need to set a network key, convenience can be improved.
  • the identifier generation unit 14a executes different first and third arithmetic processes to generate two different SSIDs for registration and normal communication.
  • the encryption key generation units 14b and 23b execute different second and fourth calculation processes, respectively, to generate two different registration and normal communication network keys. However, not all of these processes are essential.
  • the identification name generation unit 14a uses the bit string obtained by concatenating additional information for normal communication (for example, service) to the MAC address, and the first setting information generation key.
  • the SSID for normal communication is generated by the calculation process of, and for the registration by the first calculation process using the bit string obtained by concatenating additional information for registration (for example, entry) to the bit string of the MAC address and the setting information generation key You may also generate an SSID.
  • the determination unit 23c uses the registration SSID searched in step S204 (see FIG. 4) and the setting information generation key recorded in the recording medium 24 to perform the first calculation process.
  • the reverse first decoding process is executed to calculate a bit string (MAC address + “entry”).
  • the determination unit 23c recognizes the manufacturer code of the MAC address of the bit string and The access point device can be determined. Note that the entry of the bit string may be recognized to determine that the access point device is to be connected.
  • the identification name generation unit 23a adds the normal communication additional information to the setting information generation key recorded in advance on the recording medium 24 and the MAC address extracted from the bit string.
  • the SSID for normal communication may be generated by the first arithmetic processing using a bit string concatenated (for example, service).
  • the secret key generation units 14b and 23b are the same as the identification name generation unit 14a.
  • the ⁇ key generation unit 14b, 23b uses a setting information generation key recorded in advance in the recording media 15, 24, respectively, and a bit string obtained by concatenating additional information for normal communication (for example, service) to the MAC address.
  • the second computation process generates a network key for normal communication by using the second computation process, and uses the setting information generation key and a bit string obtained by concatenating additional information for registration (for example, entry) to the MAC address.
  • a network key for registration may be generated by this.
  • each of the identification name generation unit 14a and the sign key generation units 23a and 23b only needs to execute one type of operation processing. Therefore, the circuit scale is hardware, and the program configuration is software. Can be simplified.
  • the identification name generation units 14a and 23a and the key number key generation units 14b and 23b may perform the same calculation process.
  • four patterns of additional information are set in advance.
  • servicename is set in advance for the SSID for normal communication, entryname for the SSID for registration, servicekey for the network key for normal communication, and entry key additional information for the network key for registration. Keep it.
  • the first calculation process is executed using the bit string obtained by concatenating additional information corresponding to each MAC address and the setting information generation key, and the SSID for normal communication, the SSID for registration, and the normal communication for registration.
  • Ability to generate network keys Not limited to this, it is possible to record four setting information generation keys in advance. Two different setting information generation keys and two additional information can be set, and four different setting information (SSID, network key). Can be generated! / ,.
  • the identification name generation units 14a and 23a and the encryption key generation units 14b and 23b only need to execute one type of arithmetic processing.
  • the program configuration can be further simplified.
  • a radio communication system according to the second embodiment of the present invention will be described.
  • the schematic configuration diagram of the radio communication system according to the second embodiment is the same as FIGS.
  • the wireless communication system according to the second embodiment is intended to more effectively suppress unauthorized registration by a client device possessed by a third party, as compared with the first embodiment.
  • FIG. 7 is a flowchart for explaining the operation of the registration permission unit 14e according to the second embodiment. For convenience, the operation of the registration permission unit 14e is described as registration determination.
  • the registration permission unit 14e that has recognized the reception of the setting completion notification from the client device 2 determines whether or not the counter value of the timer unit 16 is within a predetermined value (for example, 3 minutes) in step ST1, If the value is within the range (eg 3 minutes), execute ST1 again.
  • a predetermined value for example, 3 minutes
  • step ST2 If the counter value exceeds the predetermined value, it is determined in step ST2 whether or not the force has received two or more setting completion notifications. If two or more are received, the registration permission unit 14e invalidates the registration from all the client apparatuses 2 in step ST3. At this time, an error may be transmitted to all the client apparatuses 2 that have transmitted the setting completion notification.
  • step ST4 the registration permission unit 14e records the MAC address of the client device 2 in the recording medium 15 and ends the registration operation. To do.
  • the registration permission unit 14e may be configured to execute the flowchart shown in FIG.
  • the registration permission unit 14e that received the setting completion notification from the client device 2 determines whether or not the counter value of the timer unit 16 is within a predetermined value (for example, 3 minutes) in step ST10. If exceeded, the registration of client device 2 that sent the setting completion notification in step ST11 is invalidated. [0102] If the counter value is within a predetermined value (for example, 3 minutes), in step ST12, the received identification information (MAC address, manufacturing serial number, etc.) of client device 2 is notified to the outside.
  • a predetermined value for example, 3 minutes
  • step ST13 the user confirms the identification information of the client device 2 and determines that the client device 2 is not a legitimate (own) client device 2. Then, the user presses the non-permission button assigned to the input unit 17. To do.
  • the registration permission unit 14e invalidates the registration of the client device 2 in step ST14.
  • step ST13 If it is determined in step ST13 that the user is a legitimate (own) client device 2, the permission button assigned to the input unit 17 is pressed.
  • step ST15 the registration permission unit 14e records the MAC address of the client device 2 on the recording medium 15 and completes the registration operation.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un système de communication sans fil où des réglages et la sécurité peuvent être exécutés facilement. Au niveau de chacun d'un appareil de point d'accès (1) et d'un appareil client (2), une clé commune de génération des informations de réglage est enregistrée à l'avance. L'appareil de point d'accès (1) utilise à la fois la clé de génération des informations de réglage enregistrée dans un support d'enregistrement de l'appareil de point d'accès (1) et l'adresse MAC de celui-ci pour générer un nom d'identification du réseau. L'appareil client (2) détermine, sur la base de l'adresse MAC calculée à la fois à partir du nom d'identification du réseau acquis depuis l'appareil de point d'accès (1) et la clé de génération des informations de réglage enregistrée sur un support d'enregistrement de l'appareil client (2), l'appareil de point d'accès (1) devant être connecté. De plus, l'appareil de point d'accès (1) et l'appareil client (2) utilisent les clés communes de génération des informations de réglage respectives afin de réaliser les traitements de calcul communs respectifs pour générer les clés communes de réseau respectives. Par conséquent, un utilisateur n'a pas besoin de désigner l'appareil de point d'accès (1) pour être connecté et n'a pas besoin de définir la clé de réseau.
PCT/JP2007/070146 2006-10-30 2007-10-16 Système de communication sans fil WO2008053703A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2006293893A JP5061290B2 (ja) 2006-10-30 2006-10-30 無線通信システム
JP2006-293893 2006-10-30

Publications (1)

Publication Number Publication Date
WO2008053703A1 true WO2008053703A1 (fr) 2008-05-08

Family

ID=39344047

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2007/070146 WO2008053703A1 (fr) 2006-10-30 2007-10-16 Système de communication sans fil

Country Status (2)

Country Link
JP (1) JP5061290B2 (fr)
WO (1) WO2008053703A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2016057726A (ja) * 2014-09-08 2016-04-21 Necプラットフォームズ株式会社 認証システム、ホームゲートウェイ、認証端末、接続制御方法及びプログラム

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5281106B2 (ja) * 2011-03-02 2013-09-04 株式会社バッファロー 無線lan装置
JP2013031021A (ja) * 2011-07-29 2013-02-07 Kyoritsu Denki Kk 電力線通信システム
JP5101742B1 (ja) 2011-08-23 2012-12-19 シャープ株式会社 通信装置、通信システム、通信方法、制御プログラム、記録媒体、およびテレビジョン受像システム
JP6732460B2 (ja) 2016-01-26 2020-07-29 キヤノン株式会社 通信装置、通信方法、プログラム

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004320410A (ja) * 2003-04-16 2004-11-11 Matsushita Electric Ind Co Ltd 無線装置、無線端末装置及び無線システム
JP2005142907A (ja) * 2003-11-07 2005-06-02 Buffalo Inc アクセスポイント、端末、暗号鍵設定システム、暗号鍵設定方法、および、プログラム

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003258790A (ja) * 2002-03-04 2003-09-12 Canon Inc 無線通信システムおよびその制御方法
JP2005094096A (ja) * 2003-09-12 2005-04-07 Toshiba Corp 受信装置、伝送システム及び伝送方法
JP4438054B2 (ja) * 2004-05-31 2010-03-24 キヤノン株式会社 通信システム、通信装置、アクセスポイント、通信方法およびプログラム
EP1615380A1 (fr) * 2004-07-07 2006-01-11 Thomson Multimedia Broadband Belgium Dispositif et méthode pour la registration dans un réseau local sans fil

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004320410A (ja) * 2003-04-16 2004-11-11 Matsushita Electric Ind Co Ltd 無線装置、無線端末装置及び無線システム
JP2005142907A (ja) * 2003-11-07 2005-06-02 Buffalo Inc アクセスポイント、端末、暗号鍵設定システム、暗号鍵設定方法、および、プログラム

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2016057726A (ja) * 2014-09-08 2016-04-21 Necプラットフォームズ株式会社 認証システム、ホームゲートウェイ、認証端末、接続制御方法及びプログラム

Also Published As

Publication number Publication date
JP5061290B2 (ja) 2012-10-31
JP2008113133A (ja) 2008-05-15

Similar Documents

Publication Publication Date Title
US11399027B2 (en) Network system for secure communication
JP6165904B2 (ja) 無線接続を自動的に確立する方法、同方法を用いるモノのインターネット用のゲートウェイ装置及びクライアント装置
EP2986045B1 (fr) Procédé, dispositif et système permettant de configurer un terminal sans fil
JP4647903B2 (ja) 情報通信装置、通信システム及びデータ伝送制御プログラム
JP4735809B2 (ja) 利用者固有情報の配布方法、装置およびシステム
RU2005101217A (ru) Генерирование ключей в системе связи
JP4987939B2 (ja) 保安モードに応じる手動型rfid保安方法
JP2002159053A (ja) 無線通信システムで用いられる登録・認証方法
KR20100071209A (ko) 디바이스 태그 기반의 디바이스 인증 장치 및 방법
JP2007202112A (ja) 無線ローカルエリアネットワークへアクセスする電子装置を設定するシステム及び方法
EP2063601A2 (fr) Procédés permettant de renforcer la sécurité d'un réseau local sans fil
JP2017085225A (ja) 通信装置、通信方法および通信システム
WO2008053703A1 (fr) Système de communication sans fil
KR20080050937A (ko) 인증 수행 방법 및 그 장치
WO2016035466A1 (fr) Système de communication, programme pour dispositif serveur, support d'enregistrement enregistrant ce programme, programme pour un dispositif de communication, support d'enregistrement pour ce programme, programme pour dispositif terminal, et support d'enregistrement enregistrant ce programme
KR20200086829A (ko) 가전제품 등록 장치 및 가전제품 등록 방법
TWI489899B (zh) 應用於無線網路之連線方法以及應用其之無線網路裝置以及無線網路存取點
JP7099461B2 (ja) 無線通信装置、無線通信方法および無線通信システム
JP5545433B2 (ja) 携帯電子装置および携帯電子装置の動作制御方法
JP2008035044A (ja) 情報送受信システム
JP4602384B2 (ja) 情報通信装置
JP6353412B2 (ja) Idパスワード認証方法、パスワード管理サービスシステム、情報端末、パスワード管理サービス装置、利用端末及びそれらのプログラム
JP6443918B2 (ja) アクセスポイント装置、接続情報設定プログラム及び接続情報設定方法
TWI271961B (en) A method for automatically setting up a WLAN system has a security certification
JP5756136B2 (ja) 通信システム、通信方法及び無線通信装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07829880

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07829880

Country of ref document: EP

Kind code of ref document: A1