WO2008075626A1 - Système d'authentification de terminal de communication et système de téléphone utilisant internet - Google Patents

Système d'authentification de terminal de communication et système de téléphone utilisant internet Download PDF

Info

Publication number
WO2008075626A1
WO2008075626A1 PCT/JP2007/074143 JP2007074143W WO2008075626A1 WO 2008075626 A1 WO2008075626 A1 WO 2008075626A1 JP 2007074143 W JP2007074143 W JP 2007074143W WO 2008075626 A1 WO2008075626 A1 WO 2008075626A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
communication terminal
mobile phone
communication
terminal
Prior art date
Application number
PCT/JP2007/074143
Other languages
English (en)
Japanese (ja)
Inventor
Eiji Matsuoka
Original Assignee
Feel & Tec.2 Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feel & Tec.2 Co., Ltd. filed Critical Feel & Tec.2 Co., Ltd.
Priority to JP2008550129A priority Critical patent/JPWO2008075626A1/ja
Publication of WO2008075626A1 publication Critical patent/WO2008075626A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the present invention relates to a communication terminal authentication system and a telephone system using the Internet, and in particular, automatically authenticates a communication terminal used for information transmission / reception via a wide-area communication network such as the Internet network, thereby reducing authentication effort.
  • the present invention relates to a communication terminal authentication system and the like.
  • the present invention relates to a telephone system using the Internet.
  • the telephone system using the Internet of the present invention is such that a mobile phone equipped with a softphone is connected to the Internet via a wireless LAN connection service.
  • the information transmitted and received via the Internet network includes voice information, so that a voice call can be made by a communication terminal via the Internet network.
  • Such a voice call can be realized, for example, when a communication terminal connected to the Internet network has software (soft phone) for voice call.
  • a soft phone can cause a personal computer (personal computer) or the like as a communication terminal connected to the Internet to function as a telephone capable of voice calls. If the other party is also a communication terminal that has this softphone, you can make a free call without any restrictions of the region (even overseas), so the softphone can be connected to the Internet. Is rapidly becoming popular among owners.
  • a softphone does not have a special server for managing IP address information, and can make a call on a peer-to-peer basis with a call partner.
  • the communication is done via a special personal computer called “Super Node” on the Internet.
  • the super node has a soft phone, and is in the personal computer that is running the soft phone.
  • Softphones that are automatically selected and connected to the Internet always belong to some super-node group, and IP address information is managed by the super node.
  • Calling the other party with a soft phone is not a telephone number like a public telephone. Calling is performed by specifying a destination communication terminal using a telephone book managed by a super node called a “contact list”. It is like that.
  • a communication terminal such as a personal computer or wirelessly.
  • a communication base station called an access point connected to the Internet network and a wireless communication terminal capable of transmitting and receiving information wirelessly communicate with each other, thereby transmitting and receiving information via the Internet network. Can do it.
  • a communication network that enables connection to the Internet network by wireless communication is called a wireless local area communication network (also called a wireless LAN), and a number of wireless local area communication networks are connected to the Internet network.
  • Wireless local area networks are being built in various locations (regions) around the world.
  • the wireless communication terminal has a soft phone! /, Even if the wireless communication terminal is moved to various locations, it is possible to make a call as long as there is an access point.
  • Some wireless communication terminals with softphones are small and have excellent portability, and they can be easily carried around like a mobile phone and can make calls in various places (hereinafter referred to as this Such a wireless communication terminal is called a mobile phone type soft phone.)
  • the mobile phone type softphone is equipped with a personal computer function and a wireless LAN function necessary for the softphone inside the telephone so that a voice call can be made without a personal computer in a wireless LAN environment.
  • Mobile phone type softphones also have a function to make calls to general subscriber phones and mobile phones that can be made only by free calls between softphones, and to receive calls from general subscriber phones and mobile phones.
  • the feature of this mobile phone-type softphone is that this phone can use the softphone alone, and the main body is equipped with a wireless LAN function! /, So a wireless LAN router (a kind of access point) at home.
  • the information transmitted / received via the communication terminal power S Internet network such as a mobile phone type soft phone is not limited to voice information, but includes text information, image information, and various other types of information.
  • Patent Document 1 Japanese Unexamined Patent Publication No. 2006-222549
  • Patent Document 2 JP 2005-277517 A
  • Patent Document 3 Japanese Patent Application Laid-Open No. 2004-304824
  • Patent Document 4 Japanese Unexamined Patent Application Publication No. 2005 304005
  • the wireless communication terminal In order for a wireless communication terminal to transmit and receive information via an access point, the wireless communication terminal must be authenticated to the access point. More specifically, the access point and the wireless communication terminal encrypt the information for wireless communication using a key such as a WEP (Wired Epuivalent Privacy) key. In other words, the access point authenticates the wireless communication terminal with the common information (encryption key) used to encrypt the information (hereinafter referred to as encryption authentication).
  • WEP Wired Epuivalent Privacy
  • the key number is often set as unique information on the access point side.
  • an encryption key is set according to the access point, and the encryption key is sent to the communication terminal. By doing so, authentication of a communication terminal and information transmission / reception are performed.
  • the data is not encrypted between the wireless communication terminal and the access point! / Since the information is simply transmitted and received, the information can be easily wiretapped by a third party. Sekiyurite This is not preferable.
  • mobile phone softphones do not come with web authentication! Therefore, they are being introduced to station platforms, restaurants, and other public wireless LAN services such as “hot spots” and “BB mopoint points”.
  • the wireless LAN service such as "cannot be used! /, So there are major restrictions on the usable area, and the convenience of mobile phones has not been realized.
  • the present invention has been made in view of the above circumstances. For information transmission / reception using a local communication network, authentication is possible without bothering the user even if the communication terminal moves. It is an exemplary problem to provide a communication terminal authentication system that can perform information transmission and reception by performing the above-described process.
  • a communication terminal authentication system as an exemplary aspect of the present invention includes first identification information provided differently for each communication terminal in order to identify the communication terminal. Holds a plurality of first verification information for verification, and is connected to the first holding means connected to the wide area communication network so that information can be transmitted and received, and to the first holding means via the wide area communication network
  • a first acquisition means for acquiring first identification information automatically acquired from a communication terminal connected to a relay device for constructing a local communication network via a wide area communication network
  • a first collation unit that collates the first identification information obtained by the stage with the first collation information, and a relay device based on a result of the collation by the first collation unit, via the relay device by the communication terminal
  • transmitting means for transmitting permission information to permit information transmission / reception.
  • Whether or not information transmission / reception is permitted can be determined for each communication terminal.
  • the communication information of the communication terminal connected to the relay device that constructs the local communication network is acquired via the wide area communication network, the communication information is transmitted without holding the first identification information on the local communication network side.
  • Authentication terminal can be authenticated. For example, even when multiple relay devices are connected to a wide area communication network and a plurality of local communication networks are constructed, the holding means acquires the first identification information via the wide area communication network and collates it. Therefore, it is possible to authenticate from any local communication network using the same first identification information.
  • the cost of information management can be reduced by collectively managing the first verification information on the holding means side. Can be planned.
  • the first identification information is automatically acquired from the communication terminal, information verification, that is, authentication of the communication terminal can be performed without bothering the player, which is very convenient.
  • Automatic acquisition can be performed when the communication terminal is turned on or when the user performs an operation for transmitting and receiving information. If the local area communication network is a wireless local area communication network, automatic acquisition may be performed when a communication terminal enters the communication area. That is, “automatic acquisition of information” in the present application means that the communication terminal authentication system can acquire information without the user of the communication terminal performing a special operation for transmitting information.
  • acquiring information automatically sent from a communication terminal that has received a request signal issued by the communication terminal authentication system also falls under “automatic acquisition”, and the user has performed a dial operation for a voice call, etc. It is also included in the concept of “automatic acquisition” to acquire information sent automatically from the communication terminal.
  • the wide area communication network refers to a relatively large communication network such as the Internet network, for example, which enables information transmission / reception between communication terminals in different buildings or different areas. Through Refers to a trust net.
  • the local communication network is a communication network having a smaller scale than the wide area communication network. For example, it is possible to send and receive information between communication terminals in the same building. If the local communication network is connected to a wide area communication network, the wide area communication network can be connected to the communication terminal connected to the local communication network. It is also possible to send and receive information via
  • a communication terminal can transmit / receive information to / from a relay device (for example, a router that relays information between the communication terminal and a wide area network). It means being in a state.
  • a relay device for example, a router that relays information between the communication terminal and a wide area network. It means being in a state.
  • the local area communication network is a wireless local area communication network (wireless LAN), it means that the wireless communication terminal is in the communication area of the relay device as a communication base station.
  • the communication terminal refers to a communication terminal device, and includes a device having a function of transmitting and receiving information via a wide area communication network, such as a personal computer or a mobile phone terminal. Further, a communication terminal having software (soft phone) for realizing a voice call through a wide area communication network, for example, a mobile phone type soft phone (mobile phone type terminal) is also included in the concept of the communication terminal.
  • a communication terminal having software (soft phone) for realizing a voice call through a wide area communication network for example, a mobile phone type soft phone (mobile phone type terminal) is also included in the concept of the communication terminal.
  • the automatic acquisition of the first identification information is a request signal transmission in which the relay device transmits a first request signal for requesting transmission of the first identification information to a communication terminal connected to the relay device at a predetermined interval. It may be realized by having means and second acquisition means for acquiring first identification information transmitted from the communication terminal in response to the first request signal.
  • the relay device transmits the first request signal at predetermined intervals, the first identification information can be automatically acquired more reliably from the communication terminal connected to the relay device. For example, when the local area communication network is a wireless local area communication network, even if a communication terminal in the communication area fails to receive the first request signal, the next first request signal transmitted at a predetermined interval is not received. If it can be received, automatic acquisition of the first identification information is established.
  • the local area communication network is a wireless local area communication network
  • the relay device further includes a relay device, and when the relay device obtains permission information, the relay device permits information transmission / reception via the relay device by the communication terminal, and receives a first request from the communication terminal permitted to transmit / receive information. If the first identification information cannot be acquired for signal transmission, the communication terminal may have information control means for rejecting information transmission / reception via the relay device.
  • the communication with the communication terminal is refused, so the connection with the relay device is released ( If it was a wireless local area network, it moved outside the communication area. ) There is no need to allow transmission / reception of information for communication terminals.
  • the relay device stores identification information of a communication terminal that allows information transmission / reception, information on the communication terminal that has moved out of the communication area can be deleted as appropriate to reject information transmission / reception. Therefore, the relay device does not need to hold identification information more than necessary, and there is no need to provide an excessive storage device. Therefore, it is possible to reduce the cost for the relay device.
  • the second holding means in which the relay device holds in advance the second collation information for collating with the second identification information given in common to the plurality of communication terminals, and the second identification transmitted from the communication terminal
  • a third acquisition unit for automatically acquiring information and a second verification unit for comparing the acquired second identification information with the second verification information, and the information control unit not only acquires the permission information but also the second verification unit.
  • the communication terminal may allow information transmission / reception via the relay device.
  • the communication terminal may be a wireless communication terminal, and the private communication network may be a wireless private communication network.
  • the wireless local area communication network enables a communication terminal to transmit and receive information by wireless communication with a wide area communication network.
  • a local area communication network has an access point as a relay device connected to a wide area communication network, and information can be transmitted and received by wireless communication between the access point and a communication terminal.
  • a communication terminal having such a function is also called a wireless communication terminal. Range power that radio waves emitted from the access point can reach.This is called “communication area” where wireless communication is possible.
  • wireless local area network and “communication area where wireless communication with the access point” is possible. Are used almost synonymously.
  • the second acquisition unit is configured to transmit and receive information to and from a relay device different from the relay device.
  • the first identification information transmitted from the communication terminal in response to the first request signal may be acquired. Since the first identification information is obtained from the communication terminal capable of transmitting / receiving information to / from a different relay device, it is not necessary to interrupt the transmission / reception of information when the communication terminal moves in the communication area. In other words, when the communication terminal moves to a range where the communication areas overlap, the first identification information is acquired by the second acquisition means of the relay device, and authentication for the relay device is performed in advance. Therefore, even if the communication terminal completely moves to a different communication area, authentication has already been completed, and information transmission / reception can be performed via the destination relay device without interruption of information transmission / reception.
  • the communication terminal authentication system according to any one of claims 4 to 6, wherein the first identification information is a MAC address, and the second identification information is a WEP key.
  • the MAC address is unique ID information assigned to each terminal that can be connected to an information communication network such as a wide area communication network or a private communication network. Therefore, if this MAC address is used as the second identification information, the communication terminal can be identified without adding new information to the communication terminal.
  • the WEP key is an encryption key for encrypting information transmitted and received between the relay device and the communication terminal. Therefore, more secure information transmission / reception is possible by encrypting information and identifying the communication terminal by MAC address.
  • Information transmission / reception may be transmission / reception of audio information.
  • Sending and receiving voice information enables voice calls over a wide area communication network. If information is transmitted and received via a wireless local area network, voice calls can be easily made via a wide area network at various locations. Since the cost of voice calls over a wide-area communication network is generally low, it is very convenient for users to use. Moreover, since there is no troublesome authentication of the communication terminal, it can be used as easily as a mobile phone terminal.
  • the present invention is equipped with a personal computer function and a wireless LAN function, and has a function of making a softphone call by transmitting and receiving communications with a wireless LAN access point using a preset authentication key! Type softphone and a predetermined communication area that has an access server connected to the Internet circuit and can transmit / receive to / from the mobile phone type softphone, and the mobile phone type softphone was used in the communication area
  • the mobile phone softphone can be connected via wireless communication by confirming the preset authentication key.
  • the wireless LAN access point that can be connected to one network circuit and the authentication key of the mobile phone soft phone are stored in the database, and whether or not the authentication key is registered in the database in response to a request from the access server.
  • the communication terminal can be authenticated without requiring the user of the communication terminal to perform a special operation, and information transmission / reception via the wide area communication network can be easily used. Even if the communication terminal moves, authentication can be performed without bothering the user.
  • identification information used for authentication of the communication terminal is collectively managed by the holding means, the information management cost can be reduced. Furthermore, since authentication of the communication terminal is performed by collating with identification information managed in a batch, authentication can be performed with the same identification information from any local communication network constructed in various places.
  • the range of use of the mobile phone type softphone is expanded, so that a telephone system using the Internet that provides convenience to a mobile phone type softphone like a mobile phone is realized.
  • FIG. 1 is a block diagram showing a configuration of a telephone system using the Internet of the present invention.
  • reference numerals 11, 12, and 13 denote mobile phone type softphones (communication terminals).
  • Mobile phone type softphones 11, 12 and 13 are equipped with a PC function and WE Equipped with a wireless LAN function based on P (Wired Epuivalent Privacy) authentication, and if you have a wireless LAN environment that can be connected via WEP authentication, you can send and receive communications with a wireless LAN access point without a computer to make a softphone call have.
  • P Wired Epuivalent Privacy
  • the mobile phone type softphones 11, 12, 13 can make calls to general subscriber phones and mobile phones via the connection points of general subscriber phones that can be used only by free calls between softphones via the Internet circuit. On the other hand, it also has a function to receive calls from general subscriber phones and mobile phones.
  • IN is an Internet circuit (wide area communication network).
  • A, B, and C are wireless LAN access points (private communication networks). Each of the wireless LAN access points A, B, and C has a predetermined communication area that can transmit and receive with the mobile phone type softphones 11, 12, and 13. Each wireless LAN access point is configured such that when a mobile phone softphone is used in the communication area, wireless communication can be performed with the mobile phone softphone using WEP authentication. ing. In addition, mobile phone-type softphones cannot communicate with wireless LAN access points A, B, and C wirelessly without receiving WEP authentication!
  • Each wireless LAN access point A, B, C has antennas 21, 22, 23 for wireless transmission and reception and access sano (relay devices) 31, 32, 33 connected to the Internet circuit, and is portable.
  • antennas 21, 22, and 23 receive wireless communication from telephone-type softphones 11, 12, and 13, they are transmitted to access servers 31, 32, and 33, and transmission signals from each access server are transmitted to each antenna.
  • communication is transmitted wirelessly to each mobile phone type softphone in the communication area.
  • the access servers 31, 32, and 33 of the wireless LAN access points A, B, and C are connected to the Internet circuit of the mobile phone type soft phone according to the WEP authentication process, the MAC address authentication and management process, and the traffic state. It has a function to execute the control process.
  • a WEP key is set in the mobile phone type softphone, and authentication is performed to match the WEP setting when the mobile phone type softphone is connected to the wireless LAN.
  • the same WEP key (encryption key) is set for both the access point and the mobile phone softphone by WEP authentication, and a function for encrypting data to be communicated by the common key encryption method is added. Data is encrypted and communication confidentiality is maintained.
  • SV is an authentication server provided in the Internet circuit.
  • the authentication server SV registers and holds the MAC addresses of all mobile phone softphones that can communicate from the access point in the database, and the access server responds to the request from the access server of each access point. It searches whether the MAC address of the mobile phone softphone that has been authenticated is registered in the database of the authentication server SV, and returns the result to the requested access server.
  • the MAC address of the mobile phone type softphone that has contracted to communicate from the access point of the telephone system of the present invention is sequentially registered in the database of the authentication server SV, and the MAC address is registered! /, N! /, Mobile phone softphones refuse to communicate with the access point.
  • Reference numerals 41 and 42 denote a personal computer in which a softphone connected to the Internet circuit is installed.
  • TL is a general subscriber telephone line.
  • Reference numeral 50 denotes a connection point between the Internet circuit of the softphone and the general subscriber telephone line.
  • the connection point 50 executes a function of making a call to a general subscriber phone or a mobile phone to a softphone user who has contracted in advance, or receiving a call from a general subscriber phone or a mobile phone.
  • the mobile phone softphones 11, 12, and 13 While the power is on, the mobile phone softphones 11, 12, and 13 perform notification processing by the function of the wireless LAN interface, and perform mobile phone softphones at regular time intervals. 11, 12, 13 Transmit broadcast information including a WEP authentication key and MAC address (Media Access Control address) as unique identification information.
  • WEP authentication key and MAC address (Media Access Control address) as unique identification information.
  • MAC address Media Access Control address
  • This mobile phone type softphone 11, 12, 13 enters the wireless LAN access point and The operation connected to the net circuit and the operation up to exiting from the access point are executed by the steps of the flowchart as shown in Fig.2.
  • a notification process for transmitting notification information including a WEP authentication key and MAC address (Media Access Control Address) as identification information unique to the mobile phone type softphone to the access servers 31, 32, and 33 is executed.
  • the access servers 31, 32, and 33 are connected to the mobile phone type soft phone at predetermined intervals. Broadcast information including WEP authentication key and MAC address from 11, 12 and 13 will be received.
  • the predetermined interval is an interval at which the presence of a mobile phone softphone can be immediately detected when the mobile phone softphone enters the communication area of the wireless LAN access point. This is the interval at which it can be detected immediately when it moves out of the area.
  • the access servers 31, 32, and 33 When the access servers 31, 32, and 33 receive communication including the WEP authentication key and MAC address of the mobile phone type softphone, the access servers 31, 32 and 33 first execute WEP authentication processing.
  • the access servers 31, 32, 33 perform the MAC address authentication and management process. If the result of this WEP authentication process is negative, the access server blocks communication with the mobile phone type softphone.
  • the access servers 31, 32, and 33 when the WEP key is stored in the storage unit and WEP authentication is successful, the MAC of the mobile phone softphone with respect to the authentication server SV. Send the address and check whether this MAC address is registered in the authentication server SV database.
  • the authentication server SV receives the broadcast information of the MAC address from the access servers 31, 32, 33. If received, the MAC address search process is executed to search whether the MAC address of the received mobile phone type softphone is registered in the database of the authentication server SV. Then, if the MAC address searched in the database is registered! /, The authentication server SV returns this fact to the access server of the sender.
  • the access servers 31, 32, and 33 Upon receiving the return result of the authentication server SV, the access servers 31, 32, and 33 register the MAC address of the mobile phone type softphone in the storage unit. As a result, the access servers 31, 32, and 33 use the force S for recognizing that the mobile phone type softphone exists within their own communication area.
  • the access servers 31, 32, 33 execute an address addition process, add an IP address to the mobile phone softphone, and connect to the Internet circuit IN.
  • the mobile phone type softphone is connected to the Internet circuit IN via the access server 31, 32, 33 of the wireless LAN access point, all the mobile phone types connected to the Internet circuit IN are connected. It is possible to make a soft phone call with a personal computer 41 or 42 installed with a soft phone or a soft phone connected to the Internet circuit.
  • the access servers 31, 32, and 33 monitor the state in which all mobile phone type softphones registered in the storage unit that are in the communication area of the mobile phone are making a call.
  • the number of connections to the Internet circuit is executed, and control is performed so that the phone call is stable.
  • the mobile phone type softphone in which the access servers 31, 32, and 33 exist in its own communication area and are registered in the storage unit moves out of its own communication area and no notification information is received.
  • the access servers 31, 32, and 33 delete the MAC address of the mobile phone software phone registered in the storage unit from the storage unit.
  • connection point 50 In the softphone, the Internet circuit IN and the general subscriber telephone line TL are connected by the connection point 50, and the connection point 50 is connected to the softphone user who has contracted in advance with a general subscriber telephone or a cellular phone. Mobile phone type softphone users can also make calls with general subscriber phones and mobile phones.
  • the mobile phone type softphones 11, 12, 13 always transmit the notification information at a predetermined time interval at predetermined intervals only by turning on the power by the function of the wireless LAN interface, If a mobile phone type soft phone exists in the communication area of LAN access points A, B, and C, broadcast information continues to be transmitted to the wireless LAN access point. For this reason, users of mobile phone type softphones do not need to reconnect each time they enter the communication area of a new wireless LAN access point.
  • the telephone system using the Internet of the present invention has the following features.
  • the mobile phone type softphone can talk to the partner softphone connected to the Internet for free, and there are no restrictions on the area! / Can be done easily.
  • Mobile phone type softphones are easy to introduce, and you can make free calls with the other party connected to the Internet. It is necessary to be a member of the same provider, and it is not possible to make free calls with partners who have contracts with different providers! /, So it is wider than IP phones! /!
  • FIG. 3 is a schematic block diagram showing an overall configuration of an information transmission / reception system S2 that includes the communication terminal authentication system S1 and that performs information transmission / reception using the communication terminal.
  • the information transmission / reception system S2 includes a mobile phone type terminal (soft phone) (communication terminal) 102 and a communication terminal authentication system S1, and is roughly configured.
  • the mobile phone terminal 102 performs voice communication (information transmission / reception) by wireless communication via the wireless local area communication networks (local area communication networks) 134a and 134b and the Internet network (wide area communication network) INI, which will be described later. Communication terminal.
  • the procedure for transmitting and receiving information by the mobile phone type terminal 102 will be described on the assumption that the mobile phone type terminal 102 is within the communication area of the wireless local area communication network 134a.
  • FIG. 4 is a diagram showing a schematic configuration of the mobile phone type terminal 102.
  • the mobile phone type terminal 102 has a main unit 103 and an antenna unit (radio wave transmission / reception unit) 105 and is roughly configured.
  • On the surface of the main body 103 there are arranged a display 102a and operation buttons 102d for the user of the mobile phone terminal 102 to perform various operations.
  • the display unit 102a displays information necessary for the operation of the mobile phone type terminal 102 or when the mobile phone type terminal 102 is used to access a web page held by a server connected to the Internet network IN1.
  • the web page can be displayed on the screen.
  • SIM card 108 as a storage device, a memory 109, and a CPU 110 as an arithmetic processing unit are arranged!
  • the SIM card 108 of the mobile phone terminal 102 is a storage device that is easily provided in the main body 103.
  • the SIM card 108 of the mobile phone type terminal 102 an area that functions as the terminal-side MAC address holding means 108b that holds the MAC address (first identification information) 108a of the mobile phone type terminal 102 is constructed. ing.
  • the MAC address is assigned differently for each communication terminal. This information is unique to the communication terminal and can be identified using this MAC address.
  • the MAC address is generally composed of a 48-bit code, and the first 24 bits are assigned differently depending on the manufacturer of the communication terminal. Therefore, the manufacturer of the mobile phone terminal 102 can be specified by the MAC address.
  • the SIM card 108 of the mobile phone type terminal 102 has an area that functions as terminal-side WEP key holding means (holding unit) 108c.
  • the terminal-side WEP key holding means 108c holds a terminal-side WEP key (second identification information) 108d as encryption key information.
  • This WEP key is information that is assigned in common to a plurality of mobile phone terminals capable of transmitting / receiving information to / from an access point described later, and is held in advance in the terminal-side WEP key holding means 108c.
  • WEP Wired Epuivalent Privacy
  • the memory 109 of the mobile phone type terminal 102 is a storage device that is provided inside the main body 103 so as to be difficult to attach and detach.
  • the memory 109 stores a terminal program P1. Based on the command of the terminal program P1, the CPU 110 of the mobile phone type terminal 102 performs the following various functions.
  • CPU 110 of mobile phone terminal 102 automatically transmits MAC address 108a to the access point when mobile phone terminal 102 receives MAC request signal 136 broadcast from an access point, which will be described later.
  • the MAC address transmission means (transmission unit) 110a functions as a.
  • the CPU 110 of the mobile phone type terminal 102 has an access point (relay device) API, which will be described later,
  • the terminal-side WEP key 108d is sent to the access point. Part) It has a function as 110b.
  • the concept of "transmission of WEP key” includes not only transmitting the WEP key as it is, but also encrypting specific information using the WEP key and transmitting the encrypted information. It is.
  • the access point also encrypts specific information with its own WEP key, and the encrypted information is the same as the encrypted information sent from the mobile phone terminal 102. If it matches, it can be confirmed that the specific information is encrypted with the common WEP key, in other words, that the common WEP key is held. In other words, such indirect WEP key transmission is also included in the concept of “WEP key transmission”. In the challenge response method, which is known as authentication using a WEP key, this indirect WEP key transmission is used. In the second embodiment, the terminal-side WEP key 108d is transmitted as it is to the access point API, AP2.
  • the antenna unit 105 of the mobile phone type terminal 102 is used to receive and transmit radio waves in order to transmit and receive various types of information such as the MAC address 108a by wireless communication with the access point API and AP2, which will be described later. Is.
  • the communication terminal authentication system S1 is roughly configured to include an access point API, AP2, an authentication server 104, and an Internet network (wide area communication network) IN1, and the access point API is connected to the Internet network IN1. , AP2 and authentication server 104 are connected to transmit and receive information.
  • FIG. 5 is a diagram showing a schematic configuration of the access point API, AP2.
  • the access points A PI and AP2 are roughly configured with a casing 128, a memory 130, and a CPU 132.
  • the access points are connected to the Internet network IN1 and are installed in various places around the world.
  • the casing 128 constitutes the outline of the access point API, AP2, and an antenna portion 128a is formed to protrude. Wireless communication with the cellular phone terminal 102 is possible by transmitting and receiving wireless radio waves by the antenna unit 128a.
  • the access point API, AP2 is connected to the Internet network IN1 so that information can be sent and received.
  • the wireless radio wave transmission range transmitted from the antenna unit 128a of the access point API and AP2, that is, the communication area of the access point API and AP2, uses the mobile phone terminal 102. It is defined as wireless local area network (local area network) 134a, 134b that can send and receive information via Internet network IN1.
  • wireless local area network local area network
  • the memory 130 of the access point API, AP2 is a storage device accommodated in the housing 128.
  • the memory 130 of the access point API, AP2 has an area that functions as the AP-side WEP key holding means (second holding means) 130a.
  • AP side WEP key holding means 130a holds an AP side WEP key (second verification information) 130b.
  • AP side WEP key 13 Ob is information used when a voice call is made via the Internet network INI using the mobile phone terminal 102.
  • the memory 130 of the access point API, AP2 has an area that functions as temporary holding means 130c that temporarily holds the MAC address 108a to which the mobile phone type terminal 102 has also been transmitted.
  • the memory 130 of the access point API and AP2 holds the MAC address 108a of the mobile phone terminal 102 that is allowed to transmit and receive information via the Internet network IN1 as the AP-side MAC address information 130d. It has an area that functions as the MAC address holding means 130e. As shown in FIG. 6, the AP-side MAC address information 130d is held in the AP-side MAC address database 130f constructed in the AP-side MAC address holding unit 130e, and is written by the writing unit 132c and the deleting unit 132d described later. ⁇ Erasable.
  • AP program P2 is stored in memory 130 of access point API and AP2. Based on the command of the AP program P2, the access point API and the CPU 132 of the AP2 perform the following various functions.
  • the CPU 132 of the access point API, AP2 sends a MAC request signal 136 for requesting transmission of the MAC address 108a to the local communication networks 134a, 134b at a predetermined interval (one minute interval in the second embodiment).
  • Broadcast request transmission MAC request signal transmission means (request signal transmission means) It has a function as 132a. As described above, the MAC address 108a is automatically transmitted from the mobile phone terminal 102 that has received the MAC request signal 136. Broadcast cast transmission means sending a signal without identifying the other party.
  • the mobile phone type terminal 102 having the MAC address transmission means 110a enters the wireless local area network 134a, 134b, that is, within the communication area, it automatically responds to the MAC request signal 136 broadcasted at intervals of 1 minute. MAC address 108a will be transmitted
  • the CPU 132 of the access point API, AP2 acquires the MAC address 108a transmitted from the mobile phone terminal 102, and forwards it to the authentication server 104.
  • Access point API CPU 132 of AP2 is sent from authentication server 4 to be described later
  • the coincidence signal (permission information) 111 is received
  • the MAC address 108a held in the temporary holding means 130c is written into the AP-side MAC address database 130f, and functions as a writing means 132c.
  • the mismatch signal 112 is received, the MAC address 108a is not written! /.
  • the CPU 132 of the access point API, AP2 also has a function as a deletion means 132d for deleting the MAC address 108a written in the AP-side MAC address data base 130f.
  • the MAC address 108a is deleted by the XI removal means 132d after the MAC address 108a is written in the AP-side MAC address database 130f, and the MAC request signal 1 36 is sent a predetermined number of times (in this embodiment 2, three times). .) Even if a call is made, it is performed when the mobile phone terminal 102 does not transmit the MAC address 108a.
  • the mobile phone terminal 102 that does not transmit the MAC address 108a is determined to have already moved to a position away from the access point API, AP2, The MAC address 108a is deleted.
  • the CPU 132 of the access point API, AP2 transmits a WEP request signal 137 to the mobile phone terminal 102 when acquiring the coincidence signal 111 transmitted from the authentication server 104.
  • WEP request signal transmission means It has a function as 132e.
  • the terminal-side WEP key 108d is automatically transmitted from the mobile phone terminal 102 that has received the WEP request signal 137.
  • WEP request signal 137 is transmitted to a specific mobile phone terminal 102 that has transmitted MAC address 108a, unlike MAC request signal 136 that is broadcast.
  • the CPU 132 of the access point API, AP2 has a function as second verification means 132f for verifying the terminal-side WEP key 108d and the AP-side WEP key 130b transmitted from the mobile phone type terminal 102.
  • the CPU 132 of the access point API, AP2 has a function as information control means 132g that allows the mobile phone terminal 102 to transmit and receive information via the access point API, AP2.
  • the information control unit 132g sends a match signal 111 from the authentication server 104, and writes that the MAC address 108a is written in the AP-side MAC address database 130f (that is, the match) Obtaining signal 111.
  • the second verification means only when the terminal side WEP key 108d and the AP side WEP key 130b match, information transmission / reception is allowed.
  • the MAC address 108a is written in the AP-side MAC address database 130f. Therefore, transmission of voice information is permitted.
  • the voice information transmitted from the call destination to the mobile phone terminal 102 also includes information indicating the MAC address 108a of the mobile phone terminal 102, the voice information of the mobile phone terminal 102 Reception is allowed. Therefore, the communication terminal corresponding to the MAC address 108a deleted from the AP-side MAC address database 130f by the deleting means 132d is refused to transmit / receive information such as a voice call.
  • FIG. 7 is a block diagram showing a schematic configuration of the authentication server 104.
  • the authentication server 104 is a server for authenticating the mobile phone type terminal 102.
  • “authentication” means whether or not the mobile phone terminal 102 that has attempted to transmit / receive information via the Internet IN1 is a communication terminal that should be allowed to relay information transmission / reception by the communication terminal authentication system S1. It means to judge.
  • “Communication terminals that should be allowed to relay information transmission / reception” refers to, for example, communication terminals sold by operators providing information transmission / reception services using this communication terminal authentication system S1, and information transmission / reception to / from operators. A communication terminal with a contract for service.
  • authentication server 104 is a mobile phone type terminal manufactured by a provider (hereinafter referred to as the provider) that provides an information transmission / reception service by communication terminal authentication system S1. Is determined using the MAC address 108a. The determination procedure will be described in detail later.
  • the authentication server 104 is configured to include a hard disk 138 as a storage device and a CPU 140 as an arithmetic processing unit.
  • the authentication server 104 is connected to the Internet network IN1 so as to be able to transmit and receive information, and passes through the Internet network IN1. Information can be sent to and received from the access point API and AP2.
  • the hard disk 138 of the authentication server 104 is an area that stores and holds the MAC address of the mobile phone terminal 102 as terminal identification information (first verification information) 138c, that is, the server-side MAC.
  • the address holding means (first holding means) has a region functioning as 138a.
  • the MAC address database 138b is constructed in the server-side MAC address holding means 138a.
  • the MAC address database 138b a plurality of MAC addresses 108a assigned to communication terminals that should be allowed to relay information transmission / reception by the communication terminal authentication system S1 are held as terminal identification information 138c.
  • the MAC address database 138b can be updated.
  • the mobile phone type terminal 102 sold by the operator before the mobile phone type terminal 102 is shipped from the manufacturing factory.
  • the MAC address 108a is added to the MAC address database 138b as needed and updated.
  • the timing at which the MAC address is additionally updated includes various nominations such as when the mobile phone terminal 102 is purchased by the user, and is shipped from the factory as in the second embodiment. It is not limited before.
  • the server program P3 is stored in the hard disk 138 of the authentication server 104. Based on the command of the server program P3, the CPU 140 of the authentication server 104 performs the following various functions.
  • the CPU 140 of the authentication server 104 has a function as a MAC address acquisition means (first acquisition means) 140a for acquiring the MAC address 108a transferred from the access point API via the Internet network IN1.
  • the CPU 140 of the authentication server 104 has a function as first verification means 140b for verifying the acquired MAC address 108a and the terminal identification information 138c held in the MAC address database 138b.
  • the CPU 140 of the authentication server 104 determines that the acquired MAC address 108a matches the terminal identification information 138c, and the mobile phone type terminal manufactured and sold by the operator And has a function as permission information transmitting means (transmitting means) 140c for transmitting the coincidence signal 111 to the access point API.
  • the permission information transmitting means 140c also has a function of transmitting the mismatch signal 112 to the access point API when the MAC address 108a and the terminal identification information 138c do not match.
  • the terminal program P1, the AP program P2, and the server program P3 cooperate with each other to exhibit a function as a communication terminal authentication program. It is.
  • the communication terminal authentication system S1 has a handover function that prevents a voice call from being interrupted when the mobile phone terminal 102 moves to a different wireless local area communication network. .
  • the mobile phone terminal 102 in the wireless local area communication network 134a moves in the direction indicated by the arrow X, and moves to the region H where the wireless local area communication network 134a and the wireless local area communication network 134b overlap. . Then, the mobile phone terminal 102 can receive not only the MAC request signal 136 from the access point API but also the MAC request signal 136 transmitted from the access point AP2. In this case, the cellular phone terminal 102 transmits the MAC address 108a by the MAC address transmission means 110a without blocking the voice call via the access point API, and the cellular phone terminal 102 is completely connected to the wireless local area network. Before moving to 134b (see also arrow Y), authentication must be completed in advance to enable voice calls via access point AP2.
  • the cellular phone terminal 102 When the cellular phone terminal 102 enters the wireless local area network 134a and receives the MAC request signal 136 transmitted from the access point API (S. 1), the MAC address 108a of the cellular phone terminal 102 accesses. Sent toward the API (S. 2). The MAC address 108a is held in the access point API temporary holding means 130c (S. 3), and the MAC address 108a is transferred to the authentication server 104 (S. 4).
  • the permission information transmission means 140c sends a mismatch signal 112 to the access point API (S 7) Voice call is rejected (S. 8). If the MAC address 108a and the terminal identification information 138c match in the verification by the first verification means 140b (S. 6), the permission information transmission means 140c sends the match signal 111 to the access point. Sent to the API (S. 9), the MAC address 108a held in the temporary holding means 130c is written in the AP MAC address database 130f (S. 10), and the WEP request signal 137 is sent to the mobile phone. Is sent to the type terminal 102 (S. 11).
  • the terminal-side WEP key 10 8d is transmitted from the mobile phone terminal 102 to the access point API (S. 12), and the terminal-side WEP key 108d and the AP-side WEP key 130b are transmitted.
  • the second collating means 132f S. 13
  • the voice call is permitted (S. 15).
  • S. 14) The voice call is rejected (S. 16).
  • the other party with whom the mobile phone terminal 102 makes a voice call may be a communication terminal capable of making a voice call connected to the Internet network IN1, or connected to a public telephone network (not shown). It may be a telephone (not shown).
  • the mobile phone terminal 102 described in the second embodiment has a function of performing a voice call via the Internet network IN1, but the mobile phone terminal 2 is connected only via the public telephone network. May have a function of making a voice call.
  • a voice call is made via the Internet network with a relatively low call charge, and when the mobile phone is away from the wireless communication network, a voice call is made via a public telephone network. Start making calls.
  • the automatic transmission of MAC address 108a by MAC address transmission means 110a and the automatic transmission of terminal-side WEP key 108d by WEP key transmission means 110b are performed at different timings.
  • Configured force The timing may be simultaneous.
  • the MAC address 108a and the terminal-side WEP key 108d are automatically transmitted at the same time when a dial operation is performed to make a voice call using the mobile phone terminal 102 in the wireless local area network 134a.
  • Authentication may be performed. In this case, the access point API AP2 does not need to send the MAC request signal 136.
  • the authentication using the MAC address 108a may be performed based on reception of the MAC request signal, and the authentication using the terminal-side WEP key 108d may be performed at the time of dial operation.
  • the authentication server performs authentication of the mobile phone terminal using the MAC address S, and a switch that controls transmission / reception of information between the Internet network and the authentication server. Install a device, etc., and configure the switch device to perform part or all of the authentication function.
  • FIG. 1 is a block diagram showing a configuration of a telephone system using the Internet of the present invention.
  • FIG. 2 is a flowchart showing the operation up to connection to a mobile phone type softphone internet circuit.
  • FIG. 3 is a schematic block diagram showing an overall configuration of an information transmission / reception system configured to include the communication terminal authentication system according to Embodiment 2 of the present invention.
  • FIG. 4 is a diagram showing a schematic configuration of a mobile phone type terminal constituting the information transmission / reception system shown in FIG.
  • FIG. 5 is a diagram showing a schematic configuration of an access point constituting the information transmission / reception system shown in FIG.
  • FIG. 7 is a diagram showing a schematic configuration of an authentication server constituting the information transmission / reception system shown in FIG.
  • FIG. 8 is a diagram showing a data structure of a MAC address database constructed in server side MAC address holding means possessed by the authentication server shown in FIG.
  • FIG. 9 is a flowchart showing a procedure from the authentication of the mobile phone terminal using the communication terminal authentication system shown in FIG. 1 until the voice call through the access point is permitted.
  • A, B, C Wireless LAN access point (private communication network)
  • IN Internet circuit (wide area communication network)
  • SV Authentication server provided in the Internet circuit
  • API, AP2 Access point (relay device)
  • IN1 Internet network (wide area communication network)
  • Access server (relay device)
  • Mobile phone type terminal (soft phone) (communication terminal)
  • Terminal side WEP key holding means (holding part)
  • MAC request signal transmission means (request signal notification means)
  • 134a, 134b Wireless local area network (local area network)
  • 138a Server side MAC address holding means (first holding means)
  • 138b MAC address database
  • Terminal identification information (first verification information)

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

L'invention concerne un système d'authentification de terminal de communication capable d'effectuer une authentification et d'activer un terminal de communication pour émettre/recevoir des informations sans nécessiter d'opération manuelle par un utilisateur même si le terminal de communication se déplace dans une transmission/réception d'informations à l'aide d'un réseau de communication local. Le système (S1) d'authentification de terminal de communication contient une pluralité de premières informations de corrélation (138c) devant être corrélées avec un premier identifiant (108a) attribué à chaque terminal de communication (102). Le système (S1) comprend : des premiers moyens de support (138a) connectés à un réseau de communication grande amplitude (IN1) de telle sorte que des informations peuvent être transmises et reçues ; des premiers moyens d'acquisition (140a) qui acquièrent, par l'intermédiaire du réseau de communication grande amplitude, le premier identifiant automatiquement acquis à partir d'un terminal de communication connecté à un dispositif de relais (AP1) pour construire le réseau de communication local ; des premiers moyens de corrélation (140b) qui réalisent la corrélation du premier identifiant acquis par les moyens d'acquisition avec les premières informations de corrélation ; et des moyens d'émission (140c) qui émettent des informations de permission (111) au dispositif de relais selon le résultat de corrélation obtenu par les premiers moyens de corrélation.
PCT/JP2007/074143 2006-12-18 2007-12-14 Système d'authentification de terminal de communication et système de téléphone utilisant internet WO2008075626A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2008550129A JPWO2008075626A1 (ja) 2006-12-18 2007-12-14 通信端末認証システム、インターネットを使用した電話システム

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
JP2006340103 2006-12-18
JP2006-340103 2006-12-18
JP2007240895 2007-09-18
JP2007-240895 2007-09-18

Publications (1)

Publication Number Publication Date
WO2008075626A1 true WO2008075626A1 (fr) 2008-06-26

Family

ID=39536257

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2007/074143 WO2008075626A1 (fr) 2006-12-18 2007-12-14 Système d'authentification de terminal de communication et système de téléphone utilisant internet

Country Status (2)

Country Link
JP (1) JPWO2008075626A1 (fr)
WO (1) WO2008075626A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101276483B1 (ko) 2010-05-13 2013-06-18 샤프 가부시키가이샤 회로 기판 및 표시 장치
JP2021010150A (ja) * 2019-07-03 2021-01-28 ダイハツ工業株式会社 アクセスポイント接続システム

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001111544A (ja) * 1999-10-05 2001-04-20 Nec Corp 無線lanシステムにおける認証方法と認証装置
JP2006261850A (ja) * 2005-03-15 2006-09-28 Canon Inc 通信装置及びそのネットワーク構築方法

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001111544A (ja) * 1999-10-05 2001-04-20 Nec Corp 無線lanシステムにおける認証方法と認証装置
JP2006261850A (ja) * 2005-03-15 2006-09-28 Canon Inc 通信装置及びそのネットワーク構築方法

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101276483B1 (ko) 2010-05-13 2013-06-18 샤프 가부시키가이샤 회로 기판 및 표시 장치
JP2021010150A (ja) * 2019-07-03 2021-01-28 ダイハツ工業株式会社 アクセスポイント接続システム
JP7324068B2 (ja) 2019-07-03 2023-08-09 ダイハツ工業株式会社 アクセスポイント接続システム

Also Published As

Publication number Publication date
JPWO2008075626A1 (ja) 2010-05-13

Similar Documents

Publication Publication Date Title
EP4007321A1 (fr) Procédé de partage d'informations, appareil terminal, support d'informations et produit-programme d'ordinateur
US8046583B2 (en) Wireless terminal
US7903646B2 (en) Wireless communication system allowing group identification information to be publicly available and to be hidden, wireless access point device, and communication method and program for wireless access point device
US8494164B2 (en) Method for connecting wireless communications, wireless communications terminal and wireless communications system
KR100653172B1 (ko) 무선 lan 통신시스템, 무선 lan 통신방법 및 무선 lan 통신프로그램을 기록한 컴퓨터에 의해 판독가능한 기록매체
JP2005110112A (ja) 通信システムにおける無線通信装置の認証方法及び無線通信装置及び基地局及び認証装置。
JP2000269959A (ja) キー更新による認証方法
JP2003188885A (ja) 通信システム及びサーバ装置及びクライアント装置、ならびにそれらを制御するための方法及びそれらを実施するためのプログラム及びそれらのプログラムをコンピュータ読み出し可能に記憶した記憶媒体
JP4962237B2 (ja) 携帯装置の位置に関する情報とファイル用暗号鍵とを管理するためのプログラムおよび方法
JP4405309B2 (ja) アクセスポイント、無線lan接続方法、無線lan接続プログラムを記録した媒体および無線lanシステム
US20050071682A1 (en) Layer 2 switch device with verification management table
JP6366113B2 (ja) 通信システム、通信装置及び通信方法
JP4716644B2 (ja) 移動通信システム及び該システムを構成する装置
JP2004072631A (ja) 無線通信における認証システム、認証方法及び端末装置
JP3865317B2 (ja) 無線lan端末の無線lanへの参加制御方法および無線lan基地局装置並びに無線lan端末装置
JP3892031B2 (ja) ピアツーピア通信装置及びコンピュータ・プログラム
WO2012026932A1 (fr) Procédé et appareil pour configuration radio dans dispositif sans fil
WO2008075626A1 (fr) Système d'authentification de terminal de communication et système de téléphone utilisant internet
JP2009188765A (ja) 無線端末及び無線通信方法
JP4482643B2 (ja) 無線端末認証システム,自局無線端末,他局無線端末及び無線端末の認証方法
JPWO2002082852A1 (ja) 携帯情報端末、無線通信システム及びリンク確立方法
JP4118714B2 (ja) 無線LAN配下におけるVoIP通信端末のなりすましを識別するネットワーク通信システム
WO2016165429A1 (fr) Procédé et appareil de traitement de service, et terminal
CN114640975A (zh) 蓝牙通道建立方法、电子设备及系统
US9980143B2 (en) Communication system, base station, and terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07850647

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2008550129

Country of ref document: JP

Kind code of ref document: A

122 Ep: pct application non-entry in european phase

Ref document number: 07850647

Country of ref document: EP

Kind code of ref document: A1