WO2012114528A1 - Key setting method, node, server and network system - Google Patents

Key setting method, node, server and network system Download PDF

Info

Publication number
WO2012114528A1
WO2012114528A1 PCT/JP2011/054405 JP2011054405W WO2012114528A1 WO 2012114528 A1 WO2012114528 A1 WO 2012114528A1 JP 2011054405 W JP2011054405 W JP 2011054405W WO 2012114528 A1 WO2012114528 A1 WO 2012114528A1
Authority
WO
WIPO (PCT)
Prior art keywords
gateway
key
node
acquisition request
specific
Prior art date
Application number
PCT/JP2011/054405
Other languages
French (fr)
Japanese (ja)
Inventor
尚 兒島
和快 古川
武仲 正彦
伊豆 哲也
Original Assignee
富士通株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 富士通株式会社 filed Critical 富士通株式会社
Priority to PCT/JP2011/054405 priority Critical patent/WO2012114528A1/en
Priority to JP2013500815A priority patent/JP5621905B2/en
Publication of WO2012114528A1 publication Critical patent/WO2012114528A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0827Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving distinctive intermediate devices or communication paths
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks
    • H04W84/22Self-organising networks, e.g. ad-hoc networks or sensor networks with access to wired networks

Definitions

  • the present invention relates to a key setting method, a node, a server, and a network system for setting a key for encrypting data.
  • An ad hoc network is a type of self-configuring network that is linked by wireless communication.
  • An ad hoc network is composed of a plurality of nodes. Each node in the ad hoc network transmits and receives packets by multi-hop communication. Multi-hop communication is a technique in which nodes that do not exist within each other's communication area communicate with each other via another node that exists within the communication area of each node.
  • ad hoc network when connecting an ad hoc network and another network such as the Internet, LAN (Local Area Network), WAN (Wide Area Network), etc., communication between networks is transferred using a relay device called a gateway.
  • LAN Local Area Network
  • WAN Wide Area Network
  • a node capable of wireless communication is incorporated in each home electric power meter, and a worker performs work such as meter confirmation via an ad hoc network without going to the site.
  • a node capable of wireless communication is incorporated in each home electric power meter, and a worker performs work such as meter confirmation via an ad hoc network without going to the site.
  • an ad hoc network that handles personal information such as the amount of power used in each home, it is required to perform secure communication from the viewpoint of confidentiality and tampering prevention.
  • the new node when the new node is initially introduced into the system, the new node cannot communicate securely with other nodes in the ad hoc network until the encryption key is set. For this reason, it is difficult to automatically set an encryption key to a new node via an ad hoc network, and a worker goes to the site to set the encryption key.
  • An object of the present invention is to provide a key setting method, a node, a server, and a network system that can improve the security of an ad hoc network in order to solve the above-described problems caused by the related art.
  • a node in which a key specific to a gateway in any ad hoc network is not set is set in each of the plurality of ad hoc networks. Detecting a connection with a mobile terminal capable of communicating with a server connected to each gateway in the ad hoc network, and when a connection with the mobile terminal is detected, a transmission instruction information of an acquisition request for a key for encrypting data The transmission request is transmitted to the server via the mobile terminal, and the transmission instruction information is transmitted. As a result, the acquisition request is encrypted with the key unique to each gateway from the server via the mobile terminal.
  • a key specific to a specific gateway reached by any one of the encryption acquisition request groups notified simultaneously is received from the server via the portable terminal and received.
  • the key specific to the specific gateway can be set as a key for encrypting the data.
  • a server connected to each gateway in each ad hoc network of the plurality of ad hoc networks and storing each key unique to each gateway is a portable terminal connected to the server.
  • the transmission instruction information of the acquisition request for the key for encrypting data is received, and when the transmission instruction information is received, the acquisition request is transmitted to each key.
  • Each of the encrypted acquisition request group encrypted in the step, and the generated encrypted acquisition request group is transmitted to the node via the mobile terminal, and the transmitted encrypted acquisition request group is transmitted from the node to the node.
  • a server that is connected to each gateway in each ad hoc network of the plurality of ad hoc networks and stores the gateway-specific key and the location information of the gateway for each gateway, Via a portable terminal connected to the server, from a node for which a key for encrypting data is not set, receiving transmission instruction information of a request for acquiring a key for encrypting data, the transmission instruction information being received, and If the location information of the node is included in the transmission instruction information, the neighboring gateway of the node is identified based on the location information of the node and the location information of each gateway, and the acquisition request is sent to the neighboring gateway An encrypted acquisition request group encrypted with each unique key is generated, and the generated encrypted acquisition request group is The encrypted acquisition request group transmitted to the unconfigured node via the terminal is transmitted to the plurality of ad hoc networks from the unconfigured node at the same time.
  • the notification instruction information of the specific gateway-specific key is received from the specific gateway to which any encryption acquisition request has arrived, and the specific gateway-specific key specified in the received notification instruction information is extracted.
  • the extracted key specific to the specific gateway can be transmitted to the unset node via the portable terminal.
  • the ad hoc network can be improved in safety.
  • FIG. 1 is an explanatory diagram of an example of setting an encryption key to a new node by the upload type according to the first embodiment.
  • FIG. 2 is an explanatory diagram of a system configuration example of the network system 100 according to the first embodiment.
  • FIG. 3 is a block diagram illustrating a hardware configuration example of the management server 101.
  • FIG. 4 is a block diagram illustrating a hardware configuration example of the node.
  • FIG. 5 is an explanatory diagram of an example of introducing the new node Nx into the network system 100 according to the first embodiment.
  • FIG. 6 is a sequence diagram illustrating an operation example of the network system 100 when the new node Nx according to the first embodiment is introduced.
  • FIG. 7 is a block diagram of a functional configuration of the node according to the first embodiment.
  • FIG. 1 is an explanatory diagram of an example of setting an encryption key to a new node by the upload type according to the first embodiment.
  • FIG. 2 is an explanatory diagram of a system configuration example of the
  • FIG. 8 is an explanatory diagram of a data structure example of the transmission instruction information EI according to the first embodiment.
  • FIG. 9 is an explanatory diagram of an example of the data structure of the encrypted GW search frame Ki (TF) according to the first embodiment.
  • FIG. 10 is a block diagram of a functional configuration example of the gateway according to the first embodiment.
  • FIG. 11 is an explanatory diagram of an example of a data structure of the key notification frame NFi according to the first embodiment.
  • FIG. 12 is a block diagram of a functional configuration example of the management server 101 according to the first embodiment.
  • FIG. 13 is an explanatory diagram of an example of storage contents of the encryption key DB 110 according to the first embodiment.
  • FIG. 14 is an explanatory diagram of an example of authentication information of the management server 101 according to the first embodiment.
  • FIG. 15 is an explanatory diagram of an example of authentication information of the mobile terminal MT according to the first embodiment.
  • FIG. 16 is a flowchart of an example of a key setting process procedure of the node N according to the first embodiment.
  • FIG. 17 is a flowchart of an example of a key notification processing procedure of the gateway according to the first embodiment.
  • FIG. 18 is a flowchart of an example of a key provision processing procedure of the management server 101 according to the first embodiment.
  • FIG. 19 is an explanatory diagram of an example of setting an encryption key for the new node Nx according to the upload type according to the second embodiment.
  • FIG. 20 is a sequence diagram illustrating an operation example of the network system 100 when the new node Nx according to the second embodiment is introduced.
  • FIG. 20 is a sequence diagram illustrating an operation example of the network system 100 when the new node Nx according to the second embodiment is introduced.
  • FIG. 21 is an explanatory diagram of a data structure example of the transmission instruction information EI according to the second embodiment.
  • FIG. 22 is an explanatory diagram of an example of the contents stored in the encryption key DB 110 according to the second embodiment.
  • FIG. 23 is a block diagram of a functional configuration of the management server 101 according to the second embodiment.
  • FIG. 24 is a flowchart of an example of a key provision processing procedure of the management server 101 according to the second embodiment.
  • the upstream type is a process for setting a key by uploading a gateway search frame (hereinafter referred to as “GW search frame”) for searching for a gateway from a new node to the upstream side (gateway).
  • GW search frame a gateway search frame
  • an encrypted GW search frame group encrypted with a key specific to each gateway is uploaded to each ad hoc network.
  • a node with an encryption key set in each ad hoc network discards an unencrypted packet and a packet that cannot be decrypted even if encrypted.
  • the encrypted GW search frame group is transmitted, the encrypted GW search frame that cannot be decrypted with the held encryption key is discarded.
  • the encrypted GW packet that can be decrypted is subjected to multi-hop communication in the ad hoc network to which the packet belongs and reaches the gateway.
  • an illegal packet such as an unencrypted packet or an encrypted packet that cannot be decrypted does not propagate within the ad hoc network, and therefore a retransmission attack can be prevented.
  • it demonstrates concretely using drawing.
  • FIG. 1 is an explanatory diagram of an example of setting an encryption key to a new node by the upload type according to the first embodiment.
  • the network system 100 of FIG. 1 four ad hoc networks A1 to A4 are constructed as an example.
  • the size of the cloud shape representing each of the ad hoc networks A1 to A4 represents the number of nodes to which it belongs.
  • the ad hoc network A1 includes 10 nodes
  • the ad hoc network A2 includes 4 nodes
  • the ad hoc network A3 includes 7 nodes
  • the ad hoc network A4 includes 3 nodes. .
  • the nodes in each ad hoc network A1 to A4 and the gateways G1 to G4 are set with encryption keys K1 to K4 unique to the gateways G1 to G4.
  • the encryption key K1 unique to the gateway G1 is assigned to the node and gateway G1 in the ad hoc network A1
  • the encryption key K2 unique to the gateway G2 is assigned to the node and gateway G2 in the ad hoc network A2
  • an encryption key K4 unique to the gateway G4 is set in the nodes in the ad hoc network A4 and the gateway G4.
  • the management server 101 is connected to the gateways G1 to G4 of each ad hoc network via a network NW1 such as the Internet, LAN, and WAN so that they can communicate with each other.
  • the management server 101 has an encryption key database (DB) 110.
  • the encryption key DB 110 stores, for each gateway address (GW address), the encryption keys K1 to K4 unique to the gateways G1 to G4 and the number of nodes of the ad hoc networks A1 to A4 to which the gateways G1 to G4 belong.
  • the encryption keys K1 to K4 unique to the gateways G1 to G4 are keys for encrypting packets transmitted and received between nodes in the ad hoc networks A1 to A4 to which the gateways G1 to G4 belong.
  • the encryption keys K1 to K4 are binary data of about 128 to 256 bits, for example.
  • Each of the encryption keys K1 to K4 is a common key that can encrypt, for example, a packet and decrypt a packet encrypted using the encryption keys K1 to K4.
  • the number of nodes is incremented when a node is set.
  • the GW address is expressed by G1 to G4 (gateway codes) for convenience.
  • FIG. 1 when a new node Nx is installed, it is assumed that it is within the communication area of the ad hoc networks A1 and A2 and outside the communication area of the ad hoc networks A3 and A4. Since the encryption key K1 to K4 is not set for the new node Nx, the encrypted packet cannot be transmitted and the received packet cannot be decrypted, but the packet can be simply received.
  • intercepted packet Receiving a packet even though it cannot be decoded in this way is called “interception”.
  • the intercepted packet cannot be decrypted because the new node Nx does not have any of the encryption keys K1 to K4, but can be transmitted without being discarded.
  • packets that are not encrypted with the respective encryption keys K1 to K4 are discarded even if they are received.
  • the new node Nx communicates with the management server 101 via a secure network other than the ad hoc networks A1 to A4, the new node Nx is connected to the mobile terminal MT that can communicate with the management server 101.
  • the mobile terminal MT is a mobile communication device used by the worker OP, and is, for example, a mobile phone, a PHS (Personal Handy-phone System) phone, a smartphone, a laptop personal computer, or the like.
  • the network NW3 is set.
  • communication between the portable terminal MT and the management server 101 is enabled by connecting the portable terminal MT and the management server 101.
  • the network NW2 is set.
  • the portable terminal MT can perform secure communication with the management server 101 using, for example, SSL (Secure Socket Layer).
  • the mobile terminal MT acquires the ID of the new node Nx from the new node Nx via the network NW3.
  • Examples of the ID of the new node Nx include a MAC (Media Access Control) address.
  • the mobile terminal MT acquires the ID of the new node Nx, but the new node Nx may acquire the ID of the mobile terminal MT.
  • the mobile terminal MT transmits the transmission instruction information EI of the GW search frame via the network NW2.
  • the transmission instruction information EI includes description data indicating the transmission instruction, the ID of the portable terminal MT, and the ID of the new node Nx.
  • the transmission instruction information EI is transmitted from the mobile terminal MT.
  • the new node Nx acquires the ID of the mobile terminal MT, it may be transmitted from the new node Nx via the networks NW3 and NW2. .
  • the management server 101 Upon receiving the transmission instruction information EI, the management server 101 extracts the ID of the new node Nx and the ID of the mobile terminal MT from the transmission instruction information EI and includes them in the GW search frame. Then, the management server 101 generates an encrypted GW search frame group K (TF) obtained by encrypting the GW search frame with the encryption keys K1 to K4 stored in the encryption key DB 110.
  • the encrypted GW search frame group K (TF) is the encrypted GW search frames K1 (TF) to K4 (TF).
  • the management server 101 transmits the generated encrypted GW search frame group K (TF) to the mobile terminal MT via the network NW2.
  • the mobile terminal MT transfers the encrypted GW search frame group K (TF) transmitted from the management server 101 via the network NW2 to the new node Nx via the network NW3.
  • the new node Nx broadcasts the encrypted GW search frame group K (TF) transferred from the mobile terminal MT.
  • the neighboring nodes N1a and N2b within the communication area of the new node Nx each receive the encrypted GW search frame group K (TF).
  • the encrypted GW search frame group K (TF) is not received by the nodes N3c and N4d of the ad hoc networks A3 and A4 outside the communication range of the new node Nx.
  • the node N1a of the ad hoc network A1 receives the encrypted GW search frame group K (TF) from the new node Nx.
  • the node N1a holds an encryption key K1 unique to the gateway G1. Therefore, the encrypted GW search frames K2 (TF) to K4 (TF) encrypted with the encryption keys K2 to K4 cannot be decrypted with the encryption key K1, and are discarded at the node N1a.
  • the encrypted GW search frame K1 (TF) encrypted with the encryption key K1 in the encrypted GW search frame group K (TF) can be decrypted by the node N1a. Therefore, the encrypted GW search frame K1 (TF) is subjected to multihop communication within the ad hoc network A1.
  • the gateway G1 of the ad hoc network A1 receives the encrypted GW search frame K1 (TF) that has been subjected to multihop communication from the node N1a in the ad hoc network A1.
  • the gateway G1 confirms that it is a GW search frame by decrypting the encrypted GW search frame K1 (TF) with the encryption key K1 unique to the gateway G1. If confirmed, the gateway G1 generates a key notification frame NF1 and transmits it to the management server 101 via the network NW1.
  • the key notification frame NF1 is information for notifying transmission permission of the encryption key K1 unique to the gateway G1 to the new node Nx.
  • the node N2b of the ad hoc network A2 receives the encrypted GW search frame group K (TF) from the new node Nx.
  • the node N2b holds an encryption key K2 unique to the gateway G2. Therefore, the encrypted GW search frames K1 (TF), K3 (TF), and K4 (TF) encrypted with the encryption keys K1, K3, and K4 cannot be decrypted with the encryption key K2, and are discarded at the node N2b.
  • the encrypted GW search frame K2 (TF) encrypted with the encryption key K2 can be decrypted by the node N2b. Accordingly, the encrypted GW search frame K2 (TF) is subjected to multihop communication within the ad hoc network A2.
  • the gateway G2 of the ad hoc network A2 receives the encrypted GW search frame K2 (TF) that has been subjected to multihop communication from the node N2b within the ad hoc network A2.
  • the gateway G2 confirms that it is a GW search frame by decrypting the encrypted GW search frame K2 (TF) with the encryption key K2 unique to the gateway G2. If it can be confirmed, the gateway G2 generates a key notification frame NF2 and transmits it to the management server 101 via the network NW1.
  • the key notification frame NF2 is information for notifying the transmission permission of the encryption key K2 unique to the gateway G2 to the new node Nx.
  • the management server 101 identifies the encryption keys K1 and K2 to be provided from the key notification frames NF1 and NF2, and extracts them from the encryption key DB 110.
  • the encryption keys K1 and K2 are specified, but only one encryption key is provided to the new node Nx. Accordingly, when a plurality of encryption keys to be provided are specified, for example, a key unique to the gateway of the ad hoc network having the larger number of nodes is set as the encryption key to be provided.
  • the encryption key K1 is specified as the encryption key to be provided. Is done. Thereby, since the new node Nx is added to the ad hoc network having the larger number of nodes, after the addition, the number of communication paths increases and stable communication can be performed.
  • a key specific to the gateway of the ad hoc network having a smaller number of nodes may be used as the encryption key to be provided.
  • the encryption key K2 is specified as the encryption key to be provided. Is done.
  • the new node Nx is added to the ad hoc network having the smaller number of nodes, so that the number of nodes in the ad hoc networks A1 to A4 can be averaged.
  • the encryption key specified by the first key notification frame may be used as the encryption key to be provided.
  • the encryption key K1 is specified as the encryption key to be provided. Thereby, it is possible to speed up the key setting work.
  • the management server 101 When the management server 101 identifies the encryption key to be provided, the management server 101 transmits the identified encryption key to the mobile terminal MT via the network NW2. For example, when the encryption key K1 is specified, the management server 101 transmits the encryption key K1 to the mobile terminal MT.
  • the mobile terminal MT transfers the encryption key transmitted from the management server 101 to the new node Nx via the network NW3. For example, when the encryption key K1 is transmitted, the mobile terminal MT transfers the encryption key K1 to the new node Nx.
  • the new node Nx receives the encryption key transferred from the mobile terminal MT. For example, when the encryption key K1 is transmitted, the new node Nx receives the encryption key K1.
  • the new node Nx sets the received encryption key as a key for encrypting data. For example, when the encryption key K1 is received, the new node Nx can be encrypted or decrypted with the encryption key K1. As a result, the new node Nx is incorporated into the ad hoc network A1. Therefore, the new node Nx can decrypt the encrypted packet that is multi-hoply communicated in the ad hoc network A1 with the encryption key K1. Further, when data is transmitted, it can be encrypted with the encryption key K1 and transmitted to neighboring nodes.
  • FIG. 2 is an explanatory diagram of a system configuration example of the network system 100 according to the first embodiment.
  • the network system 100 includes a management server 101, gateways G1 to Gn, and nodes N1-1 to N1-m1, N2-1 to N2-m2,..., Nn-1 to Nn-mn. It is a configuration.
  • the management server 101 is connected to the gateways G1 to Gn via the network NW1 so that they can communicate with each other.
  • the management server 101 is a computer that acquires and holds encryption keys unique to the gateways G1 to Gn from the gateways G1 to Gn.
  • the encryption keys K1 to Kn unique to the gateways G1 to Gn are key information for encrypting data transmitted and received between the nodes in the ad hoc networks A1 to An to which the gateways G1 to Gn belong.
  • a description will be given using a packet in which a header portion including a destination is added to a payload portion including a data body.
  • the management server 101 can communicate with the mobile terminal MT via the network NW2 such as a mobile phone network or the Internet.
  • the mobile terminal MT is a mobile communication device used by the worker OP, and is, for example, a mobile phone, a PHS (Personal Handy-phone System) phone, a smartphone, a laptop personal computer, or the like.
  • the gateway Gi understands both the protocol of the ad hoc network Ai and the protocol of the network NW1, and transfers communication between the ad hoc network Ai and the network NW1.
  • the gateway Gi has an encryption key Ki unique to the gateway Gi for encrypting packets transmitted and received between nodes in the ad hoc network Ai.
  • Nodes Ni-1 to Ni-mi are wireless communication devices that perform multi-hop communication with other nodes within a predetermined communication range.
  • the gateway Gi it is not necessary for all the nodes Ni-1 to Ni-mi to directly communicate with the gateway Gi, and it is sufficient that some nodes can communicate with the gateway Gi.
  • the network system 100 can be applied to, for example, a system that collects the amount of power and gas used in each household. Specifically, for example, by incorporating each node Ni-1 to Ni-mi into a power meter or gas meter in each home, the amount of power or gas used in each home is transmitted and received between nodes in the ad hoc network Ai. Note that the power consumption and gas consumption of each household may be measured by each node Ni-1 to Ni-mi, or each node Ni-1 to Ni-mi may be obtained from a power meter or gas meter. Good.
  • the gateway Gi uses the power and gas usage of each home received from the nodes Ni-1 to Ni-mi in the ad hoc network Ai to the server of the power company or gas company (for example, the management server 101) via the network NW1. Send to. Thereby, the usage amount of electric power and gas can be collected without the operator OP going to the site.
  • the packet is encrypted using the encryption key Ki unique to the gateway Gi for each ad hoc network Ai. This ensures secure communication (data confidentiality, tampering prevention, etc.) of the ad hoc network Ai. Moreover, the risk at the time of key leakage is reduced by changing the encryption key Ki for every ad hoc network Ai.
  • a single gateway Gi is provided in the ad hoc network Ai.
  • a plurality of gateways Gi may be provided in the same ad hoc network Ai.
  • the encryption key Ki for encrypting packets transmitted and received in the ad hoc network Ai is common to a plurality of gateways Gi.
  • FIG. 3 is a block diagram illustrating a hardware configuration example of the management server 101.
  • the management server 101 includes a CPU (Central Processing Unit) 301, a ROM (Read Only Memory) 302, a RAM (Random Access Memory) 303, a magnetic disk drive 304, a magnetic disk 305, and an optical disk drive 306.
  • the CPU 301 to the mouse 311 are connected by a bus 300.
  • the CPU 301 controls the entire management server 101.
  • the ROM 302 stores a program such as a boot program.
  • the RAM 303 is used as a work area for the CPU 301.
  • the magnetic disk drive 304 controls the reading / writing of the data with respect to the magnetic disk 305 according to control of CPU301.
  • the magnetic disk 305 stores data written under the control of the magnetic disk drive 304.
  • the optical disc drive 306 controls the reading / writing of the data with respect to the optical disc 307 according to control of CPU301.
  • the optical disk 307 stores data written under the control of the optical disk drive 306, and causes the computer to read data stored on the optical disk 307.
  • the I / F 308 is connected to the networks NW1 and NW2 through communication lines, and is connected to other devices (for example, the gateway Gi and the portable terminal MT) via the networks NW1 and NW2.
  • the I / F 308 controls an internal interface with the networks NW1 and NW2, and controls input / output of data from an external device.
  • a modem or a LAN adapter may be employed as the I / F 308.
  • Display 309 displays data such as a document, an image, and function information as well as a cursor, an icon, or a tool box.
  • a CRT a CRT
  • TFT liquid crystal display a plasma display, or the like can be adopted.
  • the keyboard 310 includes keys for inputting characters, numbers, various instructions, etc., and inputs data. Moreover, a touch panel type input pad or a numeric keypad may be used.
  • the mouse 311 performs cursor movement, range selection, window movement, size change, and the like. A trackball or a joystick may be used as long as they have the same function as a pointing device.
  • the mobile terminal MT shown in FIG. 1 can also be realized by the same hardware configuration as the management server 101 shown in FIG.
  • FIG. 4 is a block diagram illustrating a hardware configuration example of the node. 4, the node includes a CPU 401, a RAM 402, a flash memory 403, an I / F 404, and an encryption circuit 405. The CPU 401 to the encryption circuit 405 are connected by a bus 400.
  • the CPU 401 controls the entire node and the like.
  • the RAM 402 is used as a work area for the CPU 401.
  • the flash memory 403 stores key information such as programs and encryption keys.
  • the I / F 404 transmits and receives packets by multi-hop communication.
  • the gateway Gi I / F 404 is connected to the network NW1 through a communication line, and is connected to the management server 101 via the network NW1.
  • the encryption circuit 405 is a circuit that encrypts data using an encryption key when encrypting data. When encryption is executed by software, the encryption circuit 405 is not required by storing a program corresponding to the encryption circuit 405 in the flash memory 403.
  • FIG. 5 is an explanatory diagram of an example of introducing a new node Nx into the network system 100 according to the first embodiment.
  • a new node Nx is introduced in the ad hoc network Ai of the network system 100.
  • FIG. 5 shows nodes Ni-1 to Ni-3 as representatives among the nodes Ni-1 to Ni-mi in the ad hoc network Ai.
  • the worker OP When the new node Nx is introduced, the worker OP does not know which ad hoc network Ai the new node Nx belongs to. Therefore, in the first embodiment, using the mobile terminal MT used by the worker OP, the encryption key Ki to be set for the new node Nx is acquired from the management server 101 and automatically set for the new node Nx.
  • the network system 100 when the new node Nx illustrated in FIG. 5 is introduced will be described.
  • FIG. 6 is a sequence diagram illustrating an operation example of the network system 100 when the new node Nx according to the first embodiment is introduced.
  • the mobile terminal MT is connected to the management server 101 via the network NW2.
  • the mobile terminal MT performs secure communication with the management server 101 using, for example, SSL.
  • a communication method for realizing secure communication between the management server 101 and the portable terminal MT will be described later with reference to FIGS. 15 and 16.
  • the mobile terminal MT is connected to the new node Nx via a wired or wireless network NW3.
  • NW3 is connected between the mobile terminal MT and the new node Nx. Is established.
  • the new node Nx When the new node Nx detects connection with the mobile terminal MT, the new node Nx transmits the ID of the new node Nx to the mobile terminal MT.
  • the mobile terminal MT Upon receiving the ID of the new node Nx, the mobile terminal MT transmits the transmission instruction information EI for the GW search frame to the management server 101 via the network NW2.
  • the transmission instruction information EI includes the ID of the new node Nx and the ID of the mobile terminal MT.
  • the management server 101 Upon receiving the transmission instruction information EI, the management server 101 generates an encrypted GW search frame group K (TF). (4) The management server 101 transmits the generated encrypted GW search frame group K (TF) to the mobile terminal MT via the network NW2. The encrypted GW search frame group K (TF) is transferred to the new node Nx by the mobile terminal MT.
  • the new node Nx broadcasts the received encrypted GW search frame group K (TF). Thereby, the neighboring node in the communication area of the new node Nx receives the encrypted GW search frame group K (TF).
  • the neighboring node attempts to decrypt each frame in the encrypted GW search frame group K (TF). Since the neighboring node holds the encryption key Ki unique to the gateway Gi among the encryption keys K1 to Kn, the encrypted GW search frame Ki (TF) is decrypted from the encrypted GW search frame group K (TF). Since it can be confirmed that the frame is a GW search frame by decryption, the encrypted GW search frame Ki (TF) is subjected to multi-hop communication within the ad hoc network Ai and reaches the gateway Gi.
  • the gateway Gi Upon receiving the encrypted GW search frame Ki (TF), the gateway Gi decrypts it with the encryption key Ki. Thereby, the gateway Gi can confirm the GW search frame. Then, the gateway Gi generates a key notification frame NFi.
  • the key notification frame NFi includes the notification permission flag of the encryption key Ki, the ID of the new node Nx and the ID of the mobile terminal MT obtained by decryption.
  • the gateway Gi transmits the key notification frame NFi to the management server 101 via the network NW1.
  • the management server 101 identifies the encryption key Ki unique to the gateway Gi that is the transmission source of the key notification frame NFi from the key notification frame NFi and extracts it from the encryption key DB 110.
  • the management server 101 transmits the encryption key Ki to the mobile terminal MT via the network NW2.
  • the mobile terminal MT transmits the encryption key Ki to the new node Nx via the network NW3.
  • the new node Nx sets the received encryption key as a key for encrypting data. As a result, the new node Nx can securely perform multi-hop communication within the ad hoc network Ai.
  • the connection between the mobile terminal MT and the new node Nx is maintained until the setting of the encryption key Ki for the new node Nx is completed. Further, when the setting of the encryption key Ki is completed and the connection between the mobile terminal MT and the new node Nx is disconnected, the encryption key Ki may be automatically deleted from the mobile terminal MT. Thereby, the risk when the mobile terminal MT is lost can be reduced.
  • the new node Nx when the new node Nx is installed, it is not necessary to confirm which gateway the worker who has visited the site can actually communicate with. Therefore, the work time and work load required for the worker's encryption key setting work are reduced. Also, since the encrypted GW search frame group K (TF) is uploaded from the new node Nx, the encryption key used in the ad hoc network that cannot receive the encrypted GW search frame group K (TF) is not provided. It becomes. Also, an encrypted GW search frame that cannot be decrypted even if the encrypted GW search frame group K (TF) can be received is discarded.
  • the encrypted GW search frame that cannot be decrypted is discarded, even if a DoS attack such as a large number of packets being transferred and paralyzing the network, the packets will not circulate in the ad hoc network. Therefore, the stability of encrypted communication can be improved.
  • FIG. 7 is a block diagram of a functional configuration of the node according to the first embodiment.
  • the node N includes a detection unit 701, a first transmission unit 702, a first reception unit 703, a second transmission unit 704, and a second reception unit 705.
  • a setting unit 706 Specifically, each function unit (detection unit 701 to setting unit 706), for example, causes the CPU 401 to execute a program stored in a storage device such as the RAM 402 and the flash memory 403 illustrated in FIG. The function is realized by the I / F 404. Further, the processing results of the respective function units (the detection unit 701 to the setting unit 706) are stored in a storage device such as the RAM 402 and the flash memory 403 unless otherwise specified.
  • the detection unit 701 detects a connection with the mobile terminal MT that can communicate with the management server 101. Specifically, for example, as a result of the worker OP connecting the portable terminal MT and the node N using a USB cable, the detection unit 701 detects the connection with the portable terminal MT via the USB cable.
  • the first transmission unit 702 sends the transmission instruction information EI for the acquisition request for the key for encrypting data to the management server 101 via the portable terminal MT.
  • the acquisition request is the above-described GW search frame.
  • the transmission instruction information EI is a packet including the ID of the new node Nx, the ID of the mobile terminal MT, and the transmission instruction description.
  • the transmission instruction information EI will be specifically described.
  • FIG. 8 is an explanatory diagram of a data structure example of the transmission instruction information EI according to the first embodiment.
  • the instruction description “search gw”, the ID “MT” of the mobile terminal MT, and the ID “Nx” of the new node Nx are stored in the transmission instruction information EI.
  • the instruction description “search gw” is a command for causing a node in the ad hoc network to search for a gateway. Specifically, it is a command for transferring a GW search frame to the upstream side of the ad hoc network to which each node belongs.
  • the first transmission unit 702 acquires the ID of the portable terminal MT from the portable terminal MT, generates transmission instruction information EI, and transmits the transmission instruction information EI to the management server 101 via the portable terminal MT. How to send. The other is that the first transmission unit 702 transmits the ID of the new node Nx to the mobile terminal MT, causes the mobile terminal MT to generate transmission instruction information EI, and causes the management server 101 to transmit the transmission instruction information EI. Is the method. In the latter case, a transmission instruction information EI generation instruction or transmission instruction is transmitted from the first transmission unit 702 to the mobile terminal MT. In the latter case, when the mobile terminal MT receives the ID of the new node Nx from the new node Nx, the mobile terminal MT autonomously generates transmission instruction information EI and transmits it to the management server 101. Good.
  • the first reception unit 703 encrypts the acquisition request from the management server 101 via the portable terminal MT with each gateway-specific key.
  • the encryption acquisition request group is the above-described encrypted GW search frame group K (TF).
  • TF the data structure of the encrypted GW search frame in the encrypted GW search frame group K (TF) will be described.
  • FIG. 9 is an explanatory diagram of an example of the data structure of the encrypted GW search frame Ki (TF) according to the first embodiment.
  • (A) shows an example of the data structure of the encrypted GW search frame Ki (TF)
  • (B) shows the GW search frame TF.
  • the encrypted GW search frame Ki (TF) and the GW search frame TF are configured to include a header portion 910 and a payload portion 920.
  • the header portion 910 describes a destination address, a source address, a type, a size, and a hop number.
  • the destination address is the destination address.
  • the broadcast MAC address “FF: FF: FF: FF: FF: FF” is described.
  • the sending address is a sender address.
  • the MAC address of the new node Nx is described.
  • the type is a frame type.
  • “2” indicating the GW search frame is described.
  • the size is the data size (byte) of the frame.
  • the number of hops is the remaining number of transfers indicating how many times the encrypted GW search frame Ki (TF) is transferred between nodes.
  • the maximum value of the number of hops of the encrypted GW search frame Ki (TF) broadcast from the new node Nx is set in advance.
  • the hop count is decremented when the encrypted GW search frame Ki (TF) is transferred, and the encrypted GW search frame Ki (TF) with the hop count of “0” is rejected.
  • the number of hops “10” of the encrypted GW search frame Ki (TF) is described.
  • the MAC address is used as an example of the destination address and the source address, but an address such as an IP (Internet Protocol) address may be used.
  • the payload portion 920 describes a character string in which the ID of the mobile terminal MT and the ID of the new node Nx are encrypted.
  • the unencrypted ID of the mobile terminal MT and the ID of the new node Nx are described in the payload section 920.
  • the first receiving unit 703 waits for the encrypted GW search frame group K (TF) for a predetermined period after the transmission instruction information EI is transmitted from the first transmitting unit 702. If no encrypted GW search frame is received within the predetermined period, a setting error occurs. That is, it turns out that at that position, it cannot participate in any ad hoc network Ai. As a result, it is understood that the installation position of the new node Nx is not suitable just by waiting for a predetermined period, and the efficiency of the installation work can be improved.
  • the second transmission unit 704 reports the encrypted acquisition request group received by the first reception unit 703 simultaneously to a plurality of ad hoc networks. Specifically, for example, the second transmission unit 704 broadcasts the encrypted GW search frame group K (TF) to a plurality of ad hoc networks A1 to An. As a result, for the ad hoc network in which the encrypted GW search frame group K (TF) has not been received, the gateway-specific key is not provided to the new node Nx. Therefore, it is not necessary for the worker to perform a confirmation work such as “to which gateway to upload”, and the work load can be reduced.
  • the second receiving unit 705 includes, among a plurality of gateways, a specific gateway-specific key that has been reached by one of the encryption acquisition requests in the encryption acquisition request group distributed by the second transmission unit 704. Received from the management server 101 via the portable terminal MT. Specifically, for example, as illustrated in FIG. 1, the second reception unit 705 includes an encryption key K1, unique to the gateways G1, G2 to which the encrypted GW search frames K1 (TF), K2 (TF) have arrived. Either one of K2 is received via the portable terminal MT.
  • the setting unit 706 sets a specific gateway-specific key received by the second receiving unit 705 as a key for encrypting data. Specifically, for example, as illustrated in FIG. 1, the setting unit 706 sets the received encryption key K1 unique to the gateway G1 as a key for encrypting data.
  • the setting unit 706 writes the received encryption key Ki in a specific storage area.
  • the address of the specific storage area is an address designated when encrypting a packet or decrypting an encrypted packet. This makes it possible for the new node Nx to encrypt a packet to be transmitted and decrypt the encrypted packet thereafter, and secure communication can be performed between the nodes in the ad hoc network Ai.
  • FIG. 10 is a block diagram of a functional configuration example of the gateway according to the first embodiment.
  • the gateway Gi is configured to include a GW receiving unit 1001, a creating unit 1002, and a GW transmitting unit 1003.
  • each functional unit causes the CPU 401 to execute a program stored in a storage device such as the RAM 402 and the flash memory 403 illustrated in FIG.
  • the function is realized by the I / F 404.
  • the processing results of the respective functional units (GW receiving unit 1001 to GW transmitting unit 1003) are stored in a storage device such as the RAM 402 and the flash memory 403.
  • the GW receiving unit 1001 receives the encrypted GW search frame Ki (TF) broadcast from the new node Nx via the ad hoc network Ai. Specifically, for example, the GW receiving unit 1001 receives the encrypted GW search frame Ki (TF) transferred without being discarded from the encrypted GW search frame group K (TF).
  • the creation unit 1002 decrypts the encrypted GW search frame Ki (TF) with the encryption key Ki unique to the gateway Gi when the encrypted GW search frame Ki (TF) is received.
  • the creation unit 1002 generates the key notification frame NFi by adding the gateway Gi ID to the payload of the GW search frame TF obtained by decryption.
  • FIG. 11 is an explanatory diagram of an example of the data structure of the key notification frame NFi according to the first embodiment.
  • the key notification frame NFi is information including the ID of the mobile terminal MT, the ID of the new node Nx, and the ID of the gateway Gi.
  • the ID of the gateway Gi may be unique identification information determined in the network system 100. For example, a MAC address or an IP address is used.
  • the GW transmission unit 1003 transmits the key notification frame NFi to the management server 101 via the network NW1. Thereby, the management server 101 can specify the encryption key Ki to be set to the new node Nx.
  • FIG. 12 is a block diagram of a functional configuration example of the management server 101 according to the first embodiment.
  • the management server 101 includes an encryption key DB 110, a first reception unit 1201, a generation unit 1202, a first transmission unit 1203, a second reception unit 1204, an extraction unit 1205, a second And a transmission unit 1206.
  • each functional unit (the first receiving unit 1201 to the second transmitting unit 1206) is stored in a storage device such as the ROM 302, the RAM 303, the magnetic disk 305, and the optical disk 307 illustrated in FIG.
  • the function is realized by causing the CPU 401 to execute the program or by the I / F 308.
  • the processing results of the respective functional units are stored in a storage device such as the RAM 303, the magnetic disk 305, and the optical disk 307, for example.
  • FIG. 13 is an explanatory diagram of an example of the contents stored in the encryption key DB 110 according to the first embodiment.
  • the encryption key DB 110 has fields for gateway ID, encryption key, and number of nodes. By setting information in each field, key information 1300-1 to 1300-n for each of the gateways G1 to Gn is obtained. It is memorized as a record.
  • the gateway ID is an identifier of the gateway Gi.
  • the encryption key is an encryption key Ki unique to the gateway Gi.
  • the number of nodes is the number of nodes in the ad hoc network Ai to which the gateway Gi belongs. Taking the key information 1300-1 as an example, an encryption key K1 unique to the gateway G1 and the number of nodes “10” are stored.
  • the encryption key DB 110 is realized by a storage device such as the RAM 303, the magnetic disk 305, and the optical disk 307, for example.
  • the first receiving unit 1201 transmits a request for acquiring a key for encrypting data from a node to which the key for encrypting data is not set via the mobile terminal MT connected to the server.
  • Information EI is received.
  • the first receiving unit 1201 receives the transmission instruction information EI of the GW search frame TF from the new node Nx via the mobile terminal MT connected to the management server 101.
  • the generating unit 1202 When the transmission instruction information EI is received by the first receiving unit 1201, the generating unit 1202 generates an encrypted acquisition request group obtained by encrypting the acquisition request with each key. Specifically, for example, when the transmission instruction information EI is received, the generation unit 1202 extracts the ID of the mobile terminal MT and the ID of the new node Nx included in the transmission instruction information EI. Then, as illustrated in FIG. 9, the generation unit 1202 generates a GW search frame TF in which the extracted mobile terminal MT ID and new node Nx ID are used as the payload unit 920. Then, the generation unit 1202 generates an encrypted GW search frame group K (TF) by encrypting the payload portion 920 of the GW search frame TF with the encryption keys K1 to Kn.
  • TF encrypted GW search frame group K
  • the first transmission unit 1203 transmits the encryption acquisition request group generated by the generation unit 1202 to the node via the mobile terminal MT. Specifically, for example, the first transmission unit 1203 transmits the encrypted GW search frame group K (TF) generated by the generation unit 1202 to the new node Nx via the mobile terminal MT.
  • TF encrypted GW search frame group K
  • the second receiving unit 1204 determines that any one of the encryption acquisition request groups transmitted as a result of simultaneous notification of the encryption acquisition request group transmitted by the first transmission unit 1203 from the node to the plurality of ad hoc networks.
  • the notification instruction information of the key unique to the specific gateway is received from the specific gateway to which the acquisition request has arrived.
  • the second reception unit 1204 receives the key notification frame NFi.
  • the extraction unit 1205 extracts a specific gateway-specific key designated by the notification instruction information received by the second reception unit 1204 from the encryption key DB 110. Specifically, for example, the extraction unit 1205 extracts the gateway ID from the key notification frame NFi. Then, the extracting unit 1205 extracts the encryption key Ki associated with the extracted gateway Gi ID from the encryption key DB 110.
  • the extraction unit 1205 extracts one encryption key Ki to be provided based on the number of nodes associated with the extracted gateway Gi ID. . As shown in FIG. 1, since the number of nodes of the ad hoc network A1 to which the gateway G1 belongs is 10 and the number of nodes of the ad hoc network A2 to which the gateway G2 belongs is 4, specifically, as follows.
  • the extraction unit 1205 extracts the encryption key K1 from the encryption key DB 110 as the encryption key to be provided. Thereby, since the new node Nx is added to the ad hoc network having the larger number of nodes, after the addition, the number of communication paths increases and stable communication can be performed.
  • the extraction unit 1205 extracts the encryption key K2 from the encryption key DB 110 as the encryption key to be provided.
  • the new node Nx is added to the ad hoc network having the smaller number of nodes, so that the number of nodes in the ad hoc networks A1 to A4 can be averaged.
  • the extraction unit 1205 may extract the encryption key Ki specified by the first key notification frame NFi as a provision target. For example, if the key notification frame NF1 is the first of the key notification frames NFiNF1 and NF2, the extraction unit 1205 extracts the encryption key K1 as the encryption key to be provided. Thereby, it is possible to speed up the key setting work.
  • the second transmission unit 1206 transmits the specific gateway-specific key extracted by the extraction unit 1205 to an unset node via the mobile terminal MT. Specifically, for example, the second transmission unit 1206 transmits the extracted encryption key Ki to be provided to the new node Nx via the mobile terminal MT. As a result, the encryption key Ki is set to the new node Nx.
  • the management server 101 may be connected to a plurality of portable terminals MT via the network NW2.
  • the management server 101 can identify the transmission destination mobile terminal MT from the user ID included in the key notification frame NFi.
  • the management server 101 transmits the key notification frame NFi to the mobile terminal MT having the user ID “D1”.
  • Communication method between the management server 101 and the portable terminal MT Communication method between the management server 101 and the portable terminal MT
  • server authentication of the management server 101 as viewed from the mobile terminal MT will be described.
  • the mobile terminal MT connects to the management server 101 using a predetermined IP address.
  • the mobile terminal MT receives the SSL server certificate from the management server 101.
  • the received SSL server certificate is stored in the storage device of the portable terminal MT in association with the IP address of the management server 101 as shown in FIG.
  • FIG. 14 is an explanatory diagram of an example of authentication information of the management server 101 according to the first embodiment.
  • the authentication information 1400 of the management server 101 has an IP address and an SSL server certificate.
  • the IP address is the IP address of the management server 101.
  • the 509 certificate is an SSL server certificate (public key certificate) of the management server 101.
  • the mobile terminal MT performs server authentication by decrypting the SSL server certificate using a public key incorporated in the terminal in advance.
  • the public key is issued by, for example, a third-party certification body. If the SSL server certificate can be correctly decrypted using this public key, it can be seen that the SSL server certificate is a correct certificate certified by a third-party certification authority, and that the identity of the management server 101 has been guaranteed. Become.
  • the authentication information 1500 is stored in a storage device such as the ROM 302, RAM 303, magnetic disk 305, or optical disk 307 of the management server 101, for example.
  • FIG. 15 is an explanatory diagram of an example of authentication information of the mobile terminal MT according to the first embodiment.
  • the authentication information 1500 of the mobile terminal MT has a user ID and a password.
  • the user ID is an identifier of the mobile terminal MT.
  • the password is for authenticating a user who uses the mobile terminal MT.
  • the mobile terminal MT transmits a user ID and password pair to the management server 101.
  • the user ID and password may be registered in advance in the storage device of the mobile terminal MT, or may be received by a user operation input using an input device (not shown) of the mobile terminal MT.
  • the management server 101 determines that the user ID and password pair from the mobile terminal MT matches the user ID and password pair of the authentication information 1500.
  • the user ID and password of the authentication information 1500 match, the identity of the user of the mobile terminal MT is guaranteed.
  • the mobile terminal MT communicates with the management server 101 by encrypting the packet using, for example, a public key included in the SSL server certificate of the management server 101. Thereby, secure communication can be performed between the management server 101 and the portable terminal MT.
  • FIG. 16 is a flowchart of an example of a key setting process procedure of the node N according to the first embodiment.
  • the node N determines whether or not the detection unit 701 has detected a connection with the mobile terminal MT that can communicate with the management server 101 (step S1601).
  • the node N waits to detect the connection with the portable terminal MT (step S1601: No), and if detected (step S1601: Yes), the node N is transmitted by the first transmission unit 702.
  • the instruction information EI is transmitted to the management server 101 via the mobile terminal MT (step S1602).
  • the node N waits for reception of the encrypted GW search frame group K (TF) by the first receiving unit 703 (step S1603: No). Then, the node N determines whether or not a predetermined period has elapsed since the transmission instruction information EI was transmitted (step S1604). If the predetermined period has not elapsed (step S1604: NO), the process returns to step S1603. On the other hand, if the predetermined period has elapsed (step S1604: YES), the encryption key Ki cannot be set, and the series of processing ends.
  • step S1603 When the encrypted GW search frame group K (TF) is received in step S1603 (step S1603: Yes), the node N receives the encrypted GW search frame group K received by the second transmission unit 704. Broadcast (TF) (step S1605). Thereafter, the node N waits for the second receiving unit 705 to receive the encryption key Ki via the portable terminal MT (step S1606: No).
  • the node N determines whether or not a predetermined period has elapsed after broadcasting the encrypted GW search frame group K (TF) (step S1607). If the predetermined period has not elapsed (step S1607: NO), the process returns to step S1606. On the other hand, if the predetermined period has elapsed (step S1607: YES), the encryption key Ki cannot be set, and the series of processing ends.
  • step S1606 when the encryption key Ki is received (step S1606: Yes), the node N sets the received encryption key Ki as a key for encrypting data by the setting unit 706 (step S1608).
  • the encryption key Ki unique to the gateway Gi for encrypting packets transmitted and received between nodes in the ad hoc network Ai is managed via the communication path temporarily established using the mobile terminal MT. 101 can be obtained and set.
  • FIG. 17 is a flowchart of an example of a key notification processing procedure of the gateway according to the first embodiment.
  • the gateway Gi determines whether or not the GW receiving unit 1001 has received a GW search frame broadcast from the node N via the ad hoc network Ai (step S1701).
  • the gateway Gi waits for the reception of the encrypted GW search frame Ki (TF) (step S1701: No), and if it is received (step S1701: Yes), the gateway Gi uses the creation unit 1002 to encrypt the gateway Gi.
  • a key notification frame NFi indicating a notification request for the key Ki is created (step S1702).
  • the gateway Gi uses the GW transmission unit 1003 to transmit the created key notification frame NFi to the management server 101 via the network NW1 (step S1703), and ends a series of processes according to this flowchart.
  • the key notification frame NFi representing the notification request of the encryption key Ki unique to the gateway Gi can be transmitted to the management server 101 in accordance with the GW search frame from the node N in the ad hoc network Ai.
  • FIG. 18 is a flowchart of an example of a key provision processing procedure of the management server 101 according to the first embodiment.
  • the management server 101 first waits for the reception of the transmission instruction information EI from the new node Nx via the mobile terminal MT by the first receiving unit 1201 (step S1801: No).
  • the management server 101 analyzes the transmission instruction information EI (step S1802). Specifically, the management server 101 extracts the ID of the portable terminal MT and the ID of the new node Nx from the transmission instruction information EI.
  • the management server 101 uses the generation unit 1202 to generate a GW search frame TF including the extracted ID of the mobile terminal MT and the ID of the new node Nx. Furthermore, the management server 101 encrypts the GW search frame TF with the encryption keys K1 to Kn using the generation unit 1202, and generates an encrypted GW search frame group K (TF) (step S1803).
  • the management server 101 transmits the encrypted GW search frame group K (TF) to the new node Nx via the mobile terminal MT by using the first transmission unit 1203 (step S1804). Thereafter, the management server 101 waits for the second receiving unit 1204 to receive the key notification frame NFi from the gateways G1 to Gn (step S1805: No). Then, the management server 101 determines whether or not a predetermined period has elapsed after transmitting the encrypted GW search frame group K (TF) (step S1806). If the predetermined period has not elapsed (step S1806: NO), the process returns to step S1805. On the other hand, if the predetermined period has elapsed (step S1806: YES), the encryption key Ki cannot be provided, and the series of processing ends.
  • step S1805 when the key notification frame NFi is received (step S1805: Yes), the management server 101 determines whether a plurality of key notification frames NFi are received within a predetermined period (step S1807). If the number is singular (step S1807: No), the management server 101 uses the extraction unit 1205 to extract the encryption key Ki unique to the gateway Gi specified by the key notification frame NFi from the encryption key DB 110 (step S1808).
  • the management server 101 extracts the encryption key Ki to be provided based on the number of nodes / the number of nodes by the extraction unit 1205 (step S1809).
  • the second transmission unit 1206 transmits the extracted encryption key Ki to the new node Nx via the mobile terminal MT (step S1810).
  • the encryption key Ki can be provided, and the series of processing ends.
  • the first embodiment it is possible to reduce the workload of workers involved in setting the encryption key for the nodes in the ad hoc network and to shorten the work time.
  • the encrypted GW search frame group K (TF) is broadcast from the new node Nx, it is not transmitted to the ad hoc network Ai outside the communication range of the new node Nx.
  • the encrypted GW search frame Ki (TF) encrypted with the encryption key Ki held by the neighboring node Only) are uploaded within the ad hoc network and the rest are discarded.
  • the new node Nx can participate in the ad hoc network Ai having a large number of nodes after the encryption key Ki is set for the new node Nx. Can do. Therefore, since the communication path of the encrypted communication of the new node Nx increases, the stability of the encrypted communication within the ad hoc network Ai can be achieved.
  • the number of nodes in the ad hoc network in which the new node Nx is introduced increases. Therefore, variations in the number of nodes between the ad hoc networks A1 to An can be suppressed. In this way, by averaging the number of nodes, in an ad hoc network with a large number of nodes, communication load variation such as an increase in communication load can be reduced, and communication stability across multiple ad hoc networks can be reduced. Can be improved.
  • the encryption key DB 110 stores the encryption keys K1 to Kn specific to the gateways G1 to Gn for each gateway Gi. However, in the second embodiment, the location information of the gateways G1 to Gn is also stored.
  • the encryption key Ki for encrypting the GW search frame TF is narrowed down to the encryption key unique to the neighboring gateway.
  • the new node Nx can belong to the ad hoc network to which the neighboring gateway belongs. As a result, each time a new node Nx is introduced, the density of nodes increases, and efficient encrypted communication can be performed.
  • the generation of the encrypted GW search frame group K (TF) can be speeded up. Also, by reducing the number of frames in the encrypted GW search frame group K (TF), the number of frames discarded by neighboring nodes when broadcast from a new node Nx is reduced. Therefore, it is possible to reduce the processing load on the neighboring nodes.
  • FIG. 19 is an explanatory diagram of an example of setting an encryption key for the new node Nx according to the upload type according to the second embodiment.
  • the management server 101 stores the location information P1 to P4 of the gateways G1 to G4 in the encryption key DB 110. Further, the position information of the mobile terminal MT is included in the transmission instruction information EI transmitted in (2). Also, in (3), the location information of the mobile terminal MT included in the transmission instruction information EI and the neighboring gateway that becomes the location information within a predetermined distance are specified, and the encrypted GW encrypted with the encryption key unique to the neighborhood gateway.
  • a search frame group K (TF) is generated. In FIG. 19, specifically, the encrypted GW search frames K1 (TF) and K2 (TF) encrypted with the encryption keys K1 and K2 become the encrypted GW search frame group K (TF).
  • the new node Nx broadcasts the encrypted GW search frame group K (TF), but the encrypted GW search frame group K (TF) is encrypted GW search frames K1 (TF), K2 ( Therefore, in (7-1), the encrypted GW search frame K2 (TF) is discarded. Similarly, in (7-2), the encrypted GW search frame K1 (TF) is discarded.
  • FIG. 20 is a sequence diagram illustrating an operation example of the network system 100 when the new node Nx according to the second embodiment is introduced.
  • the gateway Gi neighborhboring gateway of the position information that is within a predetermined distance (for example, radius 10 [km]) from the position information of the mobile terminal MT included in the transmission instruction information EI is set to the encryption key. It identifies from the positional information memorize
  • FIG. 21 is an explanatory diagram of a data structure example of the transmission instruction information EI according to the second embodiment.
  • the position information of the mobile terminal MT is further added in FIG.
  • the position information of the mobile terminal MT can be added to the transmission instruction information EI.
  • FIG. 22 is an explanatory diagram of an example of the contents stored in the encryption key DB 110 according to the second embodiment.
  • FIG. 22 further includes a position information field in FIG.
  • the location information field stores gateway location information.
  • the position information P1 to Pn of the gateways G1 to Gn is transmitted from the gateways G1 to Gn together with the encryption keys K1 to Kn and stored in the encryption key DB 110.
  • FIG. 23 is a block diagram of a functional configuration of the management server 101 according to the second embodiment.
  • FIG. 23 shows a configuration in which a specifying unit 1207 is added to FIG.
  • the specifying unit 1207 causes the CPU 301 to execute a program stored in a storage device such as the ROM 302, the RAM 303, the magnetic disk 305, and the optical disk 307 illustrated in FIG. Realize its function.
  • the processing result of the specifying unit 1207 is stored in a storage device such as the RAM 303, the magnetic disk 305, and the optical disk 307, for example.
  • the specifying unit 1207 When the transmission instruction information EI is received by the first reception unit 1201 and the position information of the node N is included in the transmission instruction information EI, the specifying unit 1207 includes the position information of the node N and the position information of each gateway. Based on the above, the neighboring gateway of the node N is specified. Specifically, for example, since the position information of the mobile terminal MT and the gateway is a coordinate value expressed by latitude and longitude, the specifying unit 1207 is within a predetermined distance by calculating the distance between two points. By determining whether or not, a gateway within a predetermined distance is specified as a neighboring gateway.
  • FIG. 24 is a flowchart of an example of a key provision processing procedure of the management server 101 according to the second embodiment.
  • the management server 101 waits for the reception of the transmission instruction information EI from the new node Nx via the mobile terminal MT by the first receiving unit 1201 (step S2401: No).
  • the management server 101 analyzes the transmission instruction information EI (step S2402). Specifically, the management server 101 extracts the ID of the portable terminal MT and the ID of the new node Nx from the transmission instruction information EI.
  • the management server 101 uses the specifying unit 1207 to specify the neighboring gateway of the mobile terminal MT (step S2403). Then, the management server 101 uses the generation unit 1202 to generate a GW search frame TF including the extracted ID of the mobile terminal MT and the ID of the new node Nx. Furthermore, the management server 101 encrypts the GW search frame TF with the encryption key Ki of the neighboring gateway Gi by using the generation unit 1202, and generates the encrypted GW search frame group K (TF) (step S2404).
  • the management server 101 transmits the encrypted GW search frame group K (TF) to the new node Nx via the mobile terminal MT by using the first transmission unit 1203 (step S2405). Thereafter, the management server 101 waits for the second reception unit 1204 to receive the key notification frame NFi from the neighboring gateway Gi (step S2406: No).
  • the management server 101 determines whether or not a predetermined period has elapsed after transmitting the encrypted GW search frame group K (TF) (step S2407). If the predetermined period has not elapsed (step S2407: NO), the process returns to step S2406. On the other hand, if the predetermined period has elapsed (step S2407: Yes), the encryption key Ki cannot be provided, and the series of processing ends.
  • step S2406 when the key notification frame NFi is received (step S2406: Yes), the management server 101 determines whether or not a plurality of key notification frames NFi are received within a predetermined period (step S2408). If the number is singular (step S2408: No), the management server 101 uses the extraction unit 1205 to extract the encryption key Ki unique to the gateway Gi specified by the key notification frame NFi from the encryption key DB 110 (step S2409).
  • step S2408 the management server 101 extracts the encryption key Ki to be provided based on the number of nodes / the number of nodes using the extraction unit 1205 (step S2410).
  • the second transmission unit 1206 transmits the extracted encryption key Ki to the new node Nx via the mobile terminal MT (step S2411).
  • the encryption key Ki can be provided, and the series of processing ends.
  • the GW search frame TF only needs to be encrypted using only the encryption key unique to the neighboring gateway, so that the generation of the encrypted GW search frame group K (TF) can be accelerated. Can do. Also, by reducing the number of frames in the encrypted GW search frame group K (TF), the number of frames discarded by neighboring nodes when broadcast from a new node Nx is reduced. Therefore, it is possible to reduce the processing load on the neighboring nodes. Further, the new node Nx can belong to the ad hoc network to which the neighboring gateway belongs. As a result, each time a new node Nx is introduced, the density of nodes increases, and efficient encrypted communication can be performed.
  • the encrypted GW search frame group K is obtained by utilizing the property that the neighboring node of the new node Nx discards an unencrypted packet.
  • the encrypted GW search frame Ki TF
  • the remaining frames can be discarded.
  • unencrypted data can be discarded without allowing an exception, so that it is difficult to be attacked by unauthorized packets, and the safety of the ad hoc network Ai can be improved.
  • the encryption key Ki to be set to the node N can be easily acquired, and the efficiency of setting work of the encryption key Ki used by the node N can be improved.
  • work such as checking the communication status between the gateway and the node N, which is a candidate for which the worker OP is narrowed down geographically, is unnecessary, The efficiency of setting the encryption key Ki for the node N can be improved.
  • the risk of information leakage at the time of carrying can be reduced. As described above, it is possible to reduce the work burden on the worker and to shorten the work time for setting the encryption key for the node in the ad hoc network.
  • the key setting method described in the present embodiment can be realized by executing a program prepared in advance on a computer such as a personal computer or a workstation.
  • the key setting program is recorded on a computer-readable recording medium such as a hard disk, a flexible disk, a CD-ROM, an MO, and a DVD, and is executed by being read from the recording medium by the computer.
  • the key setting program may be distributed through a network such as the Internet.

Abstract

A node (N1a) of an ad-hoc network (A1) receives an encrypted GW search frame group (K (TF)) from a new node (Nx). Because encrypted GW search frames (K2 (TF)-(K4 (TF)), which have been encrypted using encryption keys ((K2)-(K4)), cannot be decrypted using an encryption key (K1), the encrypted GW search frames are discarded at the node (N1a). By contrast, an encrypted GW search frame (K1 (TF), which has been encrypted using the encryption key (K1) can be decrypted at the node (N1a). Thus, the encrypted GW search frame (K1 (TF)) is transmitted by means of multipop communication within the ad-hoc network (A1). A gateway (G1) receives the encrypted GW search frame (K1 (TF)) that has been transmitted from the node (N1a) by means of the multipop communication within the ad-hoc network (A1). The gateway (G1) generates a key notification frame (NF1) and transmits the key notification frame to an administrative server (101) via a network (NW1).

Description

鍵設定方法、ノード、サーバおよびネットワークシステムKey setting method, node, server, and network system
 本発明は、データを暗号化するための鍵を設定する鍵設定方法、ノード、サーバおよびネットワークシステムに関する。 The present invention relates to a key setting method, a node, a server, and a network system for setting a key for encrypting data.
 アドホックネットワークは、無線通信でリンクする自己構成型のネットワークの一種である。アドホックネットワークは複数のノードにより構成される。また、アドホックネットワーク内の各ノードは、マルチホップ通信によりパケットの送受信を行う。マルチホップ通信は、互いの通信圏内に存在しないノード同士が、各ノードの通信圏内に存在する別のノードを介して通信を行う技術である。 An ad hoc network is a type of self-configuring network that is linked by wireless communication. An ad hoc network is composed of a plurality of nodes. Each node in the ad hoc network transmits and receives packets by multi-hop communication. Multi-hop communication is a technique in which nodes that do not exist within each other's communication area communicate with each other via another node that exists within the communication area of each node.
 また、アドホックネットワークとインターネット、LAN(Local Area Network)、WAN(Wide Area Network)などの他のネットワークとを接続する場合、ゲートウェイと呼ばれる中継機器を用いて、ネットワーク間の通信の転送が行われる。 In addition, when connecting an ad hoc network and another network such as the Internet, LAN (Local Area Network), WAN (Wide Area Network), etc., communication between networks is transferred using a relay device called a gateway.
 アドホックネットワークを利用した技術として、各家庭の電力メータに無線通信可能なノードを組み込んで、作業員が現地に出向くことなく、アドホックネットワーク経由でメータ確認などの業務を行うシステムがある。各家庭の電力の使用量などの個人情報を扱うアドホックネットワークでは、秘匿性や改ざん防止の観点からセキュアな通信を行うことが要求される。 As a technology using an ad hoc network, there is a system in which a node capable of wireless communication is incorporated in each home electric power meter, and a worker performs work such as meter confirmation via an ad hoc network without going to the site. In an ad hoc network that handles personal information such as the amount of power used in each home, it is required to perform secure communication from the viewpoint of confidentiality and tampering prevention.
 そこで、従来のシステムでは、アドホックネットワーク内のノード間で送受信されるパケットを暗号化することで、セキュアな通信を確保することが行われている。この際、システム内の全ノードで共通の暗号鍵を用いた場合、鍵漏洩時のリスクが大きいため、ゲートウェイごとに暗号鍵を変えるシステムがある。 Therefore, in conventional systems, secure communication is ensured by encrypting packets transmitted and received between nodes in an ad hoc network. At this time, when a common encryption key is used in all nodes in the system, there is a system in which the encryption key is changed for each gateway because the risk at the time of key leakage is great.
 また、システムへの新規ノードの初期導入時などにおいて、新規ノードは、暗号鍵が設定されるまでの間、アドホックネットワーク内の他のノードとセキュアな通信を行うことができない。このため、アドホックネットワーク経由で新規ノードに暗号鍵を自動設定することが難しく、作業員が現地に出向いて暗号鍵の設定作業を行っている。 Also, when the new node is initially introduced into the system, the new node cannot communicate securely with other nodes in the ad hoc network until the encryption key is set. For this reason, it is difficult to automatically set an encryption key to a new node via an ad hoc network, and a worker goes to the site to set the encryption key.
 また、セキュア通信に関する先行技術として、たとえば、端末が通信制御を行うのに必要な各種の通信制御情報を端末とは異なる他の通信装置を利用して認証サーバから取得する技術がある(たとえば、下記特許文献1参照。)。また、アドホックネットワークにおいて通信開始時の鍵交換を安定して行うための技術がある(たとえば、下記特許文献2参照。)。また、各通信端末が最寄りの通信端末と公開鍵を用いて相互認証を行うアドホックネットワークに関する技術がある(たとえば、下記特許文献3参照。)。 Further, as a prior art related to secure communication, for example, there is a technique for acquiring various types of communication control information necessary for a terminal to perform communication control from an authentication server using another communication device different from the terminal (for example, (See Patent Document 1 below.) There is also a technique for stably performing key exchange at the start of communication in an ad hoc network (see, for example, Patent Document 2 below). In addition, there is a technique related to an ad hoc network in which each communication terminal performs mutual authentication with the nearest communication terminal using a public key (see, for example, Patent Document 3 below).
特開2006-135874号公報JP 2006-135874 A 特開2007-88799号公報JP 2007-88799 A 特開2007-13386号公報JP 2007-13386 A
 しかしながら、暗号鍵を設定する場合、設定経路となるアドホックネットワークにおいて、設定に必要なデータを特別扱いして、暗号化せずに送信できることとすると、アドホックネットワークに対し、当該設定に必要なデータを用いた再送攻撃が可能となる。したがって、アドホックネットワークの安全性に問題がある。 However, when setting an encryption key, if the ad hoc network that is the setting route can handle the data necessary for the setting specially and transmit it without encryption, the data necessary for the setting is sent to the ad hoc network. The used retransmission attack becomes possible. Therefore, there is a problem with the security of the ad hoc network.
 本発明は、上述した従来技術による問題点を解消するため、アドホックネットワークの安全性の向上を図ることができる鍵設定方法、ノード、サーバおよびネットワークシステムを提供することを目的とする。 An object of the present invention is to provide a key setting method, a node, a server, and a network system that can improve the security of an ad hoc network in order to solve the above-described problems caused by the related art.
 上述した課題を解決し、目的を達成するため、本願の一観点によれば、複数のアドホックネットワークのいずれのアドホックネットワーク内のゲートウェイ固有の鍵が未設定なノードが、前記複数のアドホックネットワークの各アドホックネットワーク内の各ゲートウェイと接続されたサーバと通信可能な携帯端末との接続を検知し、前記携帯端末との接続が検知された場合、データを暗号化する鍵の取得要求の送信指示情報を、前記携帯端末を介して前記サーバに送信し、前記送信指示情報が送信された結果、前記サーバから前記携帯端末を介して、前記取得要求が前記各ゲートウェイ固有の鍵でそれぞれ暗号化された暗号化取得要求群を受信し、受信された暗号化取得要求群を、前記複数のアドホックネットワークに同時通報し、前記複数のゲートウェイのうち、同時通報された暗号化取得要求群の中のいずれかの暗号化取得要求が到達した特定のゲートウェイ固有の鍵を、前記サーバから前記携帯端末を介して受信し、受信された前記特定のゲートウェイ固有の鍵を、前記データを暗号化する鍵に設定することができる。 In order to solve the above-described problem and achieve the object, according to one aspect of the present application, a node in which a key specific to a gateway in any ad hoc network is not set is set in each of the plurality of ad hoc networks. Detecting a connection with a mobile terminal capable of communicating with a server connected to each gateway in the ad hoc network, and when a connection with the mobile terminal is detected, a transmission instruction information of an acquisition request for a key for encrypting data The transmission request is transmitted to the server via the mobile terminal, and the transmission instruction information is transmitted. As a result, the acquisition request is encrypted with the key unique to each gateway from the server via the mobile terminal. Receiving the encrypted acquisition request group, simultaneously reporting the received encrypted acquisition request group to the plurality of ad hoc networks, Among the number of gateways, a key specific to a specific gateway reached by any one of the encryption acquisition request groups notified simultaneously is received from the server via the portable terminal and received. The key specific to the specific gateway can be set as a key for encrypting the data.
 また、本発明の一観点によれば、前記複数のアドホックネットワークの各アドホックネットワーク内の各ゲートウェイと接続され、前記各ゲートウェイ固有の各鍵を記憶するサーバが、前記サーバに接続された携帯端末を介して、データを暗号化する鍵が未設定なノードから、データを暗号化する鍵の取得要求の送信指示情報を受信し、前記送信指示情報が受信された場合、前記取得要求を前記各鍵でそれぞれ暗号化した暗号化取得要求群を生成し、生成された暗号化取得要求群を、前記携帯端末を介して前記ノードに送信し、送信された暗号化取得要求群が、前記ノードから前記複数のアドホックネットワークに同時通報された結果、前記暗号化取得要求群の中のいずれかの暗号化取得要求が到達した特定のゲートウェイから、前記特定のゲートウェイ固有の鍵の通知指示情報を受信し、受信された通知指示情報で指定された前記特定のゲートウェイ固有の鍵を抽出し、抽出された前記特定のゲートウェイ固有の鍵を、前記携帯端末を介して前記未設定なノードに送信することができる。 Further, according to one aspect of the present invention, a server connected to each gateway in each ad hoc network of the plurality of ad hoc networks and storing each key unique to each gateway is a portable terminal connected to the server. Via a node that has not yet set a key for encrypting data, the transmission instruction information of the acquisition request for the key for encrypting data is received, and when the transmission instruction information is received, the acquisition request is transmitted to each key. Each of the encrypted acquisition request group encrypted in the step, and the generated encrypted acquisition request group is transmitted to the node via the mobile terminal, and the transmitted encrypted acquisition request group is transmitted from the node to the node. As a result of being simultaneously notified to a plurality of ad hoc networks, the specific gateway from which the encryption acquisition request in the encryption acquisition request group has reached the specific Receiving gateway specific key notification instruction information, extracting the specific gateway specific key specified in the received notification instruction information, and extracting the extracted specific gateway specific key via the portable terminal To the unset node.
 また、本発明の一観点によれば、前記複数のアドホックネットワークの各アドホックネットワーク内の各ゲートウェイと接続され、ゲートウェイごとに、前記ゲートウェイ固有の鍵と前記ゲートウェイの位置情報を記憶するサーバが、前記サーバに接続された携帯端末を介して、データを暗号化する鍵が未設定なノードから、データを暗号化する鍵の取得要求の送信指示情報を受信し、前記送信指示情報が受信され、かつ、前記送信指示情報に前記ノードの位置情報が含まれている場合、前記ノードの位置情報と前記各ゲートウェイの位置情報とに基づいて、前記ノードの近隣ゲートウェイを特定し、前記取得要求を近隣ゲートウェイ固有の各鍵でそれぞれ暗号化した暗号化取得要求群を生成し、生成された暗号化取得要求群を、前記携帯端末を介して前記未設定なノードに送信し、送信された暗号化取得要求群が、前記未設定なノードから前記複数のアドホックネットワークに同時通報された結果、前記暗号化取得要求群の中のいずれかの暗号化取得要求が到達した特定のゲートウェイから、前記特定のゲートウェイ固有の鍵の通知指示情報を受信し、受信された通知指示情報で指定された前記特定のゲートウェイ固有の鍵を抽出し、抽出された前記特定のゲートウェイ固有の鍵を、前記携帯端末を介して前記未設定なノードに送信することができる。 Further, according to one aspect of the present invention, a server that is connected to each gateway in each ad hoc network of the plurality of ad hoc networks and stores the gateway-specific key and the location information of the gateway for each gateway, Via a portable terminal connected to the server, from a node for which a key for encrypting data is not set, receiving transmission instruction information of a request for acquiring a key for encrypting data, the transmission instruction information being received, and If the location information of the node is included in the transmission instruction information, the neighboring gateway of the node is identified based on the location information of the node and the location information of each gateway, and the acquisition request is sent to the neighboring gateway An encrypted acquisition request group encrypted with each unique key is generated, and the generated encrypted acquisition request group is The encrypted acquisition request group transmitted to the unconfigured node via the terminal is transmitted to the plurality of ad hoc networks from the unconfigured node at the same time. The notification instruction information of the specific gateway-specific key is received from the specific gateway to which any encryption acquisition request has arrived, and the specific gateway-specific key specified in the received notification instruction information is extracted. The extracted key specific to the specific gateway can be transmitted to the unset node via the portable terminal.
 本発明の鍵設定方法、ノード、サーバおよびネットワークシステムによれば、アドホックネットワークの安全性の向上を図ることができるという効果を奏する。 According to the key setting method, node, server, and network system of the present invention, the ad hoc network can be improved in safety.
図1は、実施の形態1にかかるアップロード型による新規ノードへの暗号鍵の設定例を示す説明図である。FIG. 1 is an explanatory diagram of an example of setting an encryption key to a new node by the upload type according to the first embodiment. 図2は、実施の形態1にかかるネットワークシステム100のシステム構成例を示す説明図である。FIG. 2 is an explanatory diagram of a system configuration example of the network system 100 according to the first embodiment. 図3は、管理サーバ101のハードウェア構成例を示すブロック図である。FIG. 3 is a block diagram illustrating a hardware configuration example of the management server 101. 図4は、ノードのハードウェア構成例を示すブロック図である。FIG. 4 is a block diagram illustrating a hardware configuration example of the node. 図5は、実施の形態1にかかるネットワークシステム100への新規ノードNxの導入例を示す説明図である。FIG. 5 is an explanatory diagram of an example of introducing the new node Nx into the network system 100 according to the first embodiment. 図6は、実施の形態1にかかる新規ノードNxの導入時におけるネットワークシステム100の動作例を示すシーケンス図である。FIG. 6 is a sequence diagram illustrating an operation example of the network system 100 when the new node Nx according to the first embodiment is introduced. 図7は、実施の形態1にかかるノードの機能的構成を示すブロック図である。FIG. 7 is a block diagram of a functional configuration of the node according to the first embodiment. 図8は、実施の形態1にかかる送信指示情報EIのデータ構造例を示す説明図である。FIG. 8 is an explanatory diagram of a data structure example of the transmission instruction information EI according to the first embodiment. 図9は、実施の形態1にかかる暗号化GW探索フレームKi(TF)のデータ構造例を示す説明図である。FIG. 9 is an explanatory diagram of an example of the data structure of the encrypted GW search frame Ki (TF) according to the first embodiment. 図10は、実施の形態1にかかるゲートウェイの機能的構成例を示すブロック図である。FIG. 10 is a block diagram of a functional configuration example of the gateway according to the first embodiment. 図11は、実施の形態1にかかる鍵通知フレームNFiのデータ構造例を示す説明図である。FIG. 11 is an explanatory diagram of an example of a data structure of the key notification frame NFi according to the first embodiment. 図12は、実施の形態1にかかる管理サーバ101の機能的構成例を示すブロック図である。FIG. 12 is a block diagram of a functional configuration example of the management server 101 according to the first embodiment. 図13は、実施の形態1にかかる暗号鍵DB110の記憶内容の一例を示す説明図である。FIG. 13 is an explanatory diagram of an example of storage contents of the encryption key DB 110 according to the first embodiment. 図14は、実施の形態1にかかる管理サーバ101の認証情報の一例を示す説明図である。FIG. 14 is an explanatory diagram of an example of authentication information of the management server 101 according to the first embodiment. 図15は、実施の形態1にかかる携帯端末MTの認証情報の一例を示す説明図である。FIG. 15 is an explanatory diagram of an example of authentication information of the mobile terminal MT according to the first embodiment. 図16は、実施の形態1にかかるノードNの鍵設定処理手順の一例を示すフローチャートである。FIG. 16 is a flowchart of an example of a key setting process procedure of the node N according to the first embodiment. 図17は、実施の形態1にかかるゲートウェイの鍵通知処理手順の一例を示すフローチャートである。FIG. 17 is a flowchart of an example of a key notification processing procedure of the gateway according to the first embodiment. 図18は、実施の形態1にかかる管理サーバ101の鍵提供処理手順の一例を示すフローチャートである。FIG. 18 is a flowchart of an example of a key provision processing procedure of the management server 101 according to the first embodiment. 図19は、実施の形態2にかかるアップロード型による新規ノードNxへの暗号鍵の設定例を示す説明図である。FIG. 19 is an explanatory diagram of an example of setting an encryption key for the new node Nx according to the upload type according to the second embodiment. 図20は、実施の形態2にかかる新規ノードNxの導入時におけるネットワークシステム100の動作例を示すシーケンス図である。FIG. 20 is a sequence diagram illustrating an operation example of the network system 100 when the new node Nx according to the second embodiment is introduced. 図21は、実施の形態2にかかる送信指示情報EIのデータ構造例を示す説明図である。FIG. 21 is an explanatory diagram of a data structure example of the transmission instruction information EI according to the second embodiment. 図22は、実施の形態2にかかる暗号鍵DB110の記憶内容の一例を示す説明図である。FIG. 22 is an explanatory diagram of an example of the contents stored in the encryption key DB 110 according to the second embodiment. 図23は、実施の形態2にかかる管理サーバ101の機能的構成を示すブロック図である。FIG. 23 is a block diagram of a functional configuration of the management server 101 according to the second embodiment. 図24は、実施の形態2にかかる管理サーバ101の鍵提供処理手順の一例を示すフローチャートである。FIG. 24 is a flowchart of an example of a key provision processing procedure of the management server 101 according to the second embodiment.
 以下に添付図面を参照して、この発明にかかる鍵設定方法、ノード、およびネットワークシステムの実施の形態を詳細に説明する。本実施の形態では、アップストリーム型による暗号鍵設定について説明する。アップストリーム型とは、新規ノードから上流側(ゲートウェイ)に対しゲートウェイを探索するゲートウェイ探索フレーム(以下、「GW探索フレーム」)をアップロードすることで、鍵設定を行う処理である。 Hereinafter, embodiments of a key setting method, a node, and a network system according to the present invention will be described in detail with reference to the accompanying drawings. In this embodiment, an upstream type encryption key setting will be described. The upstream type is a process for setting a key by uploading a gateway search frame (hereinafter referred to as “GW search frame”) for searching for a gateway from a new node to the upstream side (gateway).
 本実施の形態では、それぞれゲートウェイが存在する複数のアドホックネットワークに対し、それぞれのゲートウェイ固有の鍵で暗号化された暗号化GW探索フレーム群を、各アドホックネットワークにアップロードする。各アドホックネットワーク内の暗号鍵設定済みのノードは、暗号化されていないパケットや、暗号化されていても復号できないパケットは廃棄する。 In this embodiment, for a plurality of ad hoc networks each having a gateway, an encrypted GW search frame group encrypted with a key specific to each gateway is uploaded to each ad hoc network. A node with an encryption key set in each ad hoc network discards an unencrypted packet and a packet that cannot be decrypted even if encrypted.
 したがって、暗号化GW探索フレーム群が送信されてきても、保持している暗号鍵で復号できない暗号化GW探索フレームは廃棄される。一方、復号できる暗号化GWパケットは、所属するアドホックネットワーク内でマルチホップ通信されて、ゲートウェイに到達される。これにより、暗号化されていないパケットや、暗号化されていても復号できないパケットのような不正パケットは、アドホックネットワーク内で伝搬しないため、再送攻撃を防止することができる。以下、図面を用いて具体的に説明する。 Therefore, even if the encrypted GW search frame group is transmitted, the encrypted GW search frame that cannot be decrypted with the held encryption key is discarded. On the other hand, the encrypted GW packet that can be decrypted is subjected to multi-hop communication in the ad hoc network to which the packet belongs and reaches the gateway. As a result, an illegal packet such as an unencrypted packet or an encrypted packet that cannot be decrypted does not propagate within the ad hoc network, and therefore a retransmission attack can be prevented. Hereinafter, it demonstrates concretely using drawing.
(実施の形態1)
<アップロード型による新規ノードへの暗号鍵の設定例>
 図1は、実施の形態1にかかるアップロード型による新規ノードへの暗号鍵の設定例を示す説明図である。図1のネットワークシステム100では、例として4つのアドホックネットワークA1~A4が構築されている。また、各アドホックネットワークA1~A4を表現している雲形図形の大きさは所属するノード数の多さを表している。図1では、例として、アドホックネットワークA1には10個のノード、アドホックネットワークA2には4個のノード、アドホックネットワークA3には7個のノード、アドホックネットワークA4には3個のノードが属している。 (Embodiment 1)
<Setting example of encryption key to new node by upload type>
FIG. 1 is an explanatory diagram of an example of setting an encryption key to a new node by the upload type according to the first embodiment. In the network system 100 of FIG. 1, four ad hoc networks A1 to A4 are constructed as an example. In addition, the size of the cloud shape representing each of the ad hoc networks A1 to A4 represents the number of nodes to which it belongs. In FIG. 1, as an example, the ad hoc network A1 includes 10 nodes, the ad hoc network A2 includes 4 nodes, the ad hoc network A3 includes 7 nodes, and the ad hoc network A4 includes 3 nodes. .
 各アドホックネットワークA1~A4内のノードおよびゲートウェイG1~G4には、ゲートウェイG1~G4固有の暗号鍵K1~K4が設定されている。たとえば、アドホックネットワークA1内のノードおよびゲートウェイG1にはゲートウェイG1固有の暗号鍵K1、アドホックネットワークA2内のノードおよびゲートウェイG2にはゲートウェイG2固有の暗号鍵K2、アドホックネットワークA3内のノードおよびゲートウェイG3にはゲートウェイG3固有の暗号鍵K3、アドホックネットワークA4内のノードおよびゲートウェイG4にはゲートウェイG4固有の暗号鍵K4が設定されている。 The nodes in each ad hoc network A1 to A4 and the gateways G1 to G4 are set with encryption keys K1 to K4 unique to the gateways G1 to G4. For example, the encryption key K1 unique to the gateway G1 is assigned to the node and gateway G1 in the ad hoc network A1, the encryption key K2 unique to the gateway G2 is assigned to the node and gateway G2 in the ad hoc network A2, and the node and gateway G3 to the ad hoc network A3. Is set with an encryption key K3 unique to the gateway G3, and an encryption key K4 unique to the gateway G4 is set in the nodes in the ad hoc network A4 and the gateway G4.
 また、管理サーバ101は、インターネット、LAN、WANなどのネットワークNW1を介して、各アドホックネットワークのゲートウェイG1~G4と相互に通信可能に接続されている。管理サーバ101は、暗号鍵データベース(DB)110を有する。暗号鍵DB110は、ゲートウェイアドレス(GWアドレス)ごとに、ゲートウェイG1~G4固有の暗号鍵K1~K4とゲートウェイG1~G4が所属するアドホックネットワークA1~A4のノード数を記憶する。 In addition, the management server 101 is connected to the gateways G1 to G4 of each ad hoc network via a network NW1 such as the Internet, LAN, and WAN so that they can communicate with each other. The management server 101 has an encryption key database (DB) 110. The encryption key DB 110 stores, for each gateway address (GW address), the encryption keys K1 to K4 unique to the gateways G1 to G4 and the number of nodes of the ad hoc networks A1 to A4 to which the gateways G1 to G4 belong.
 ゲートウェイG1~G4固有の暗号鍵K1~K4は、そのゲートウェイG1~G4が所属するアドホックネットワークA1~A4内のノード間で送受信されるパケットを暗号化するための鍵である。暗号鍵K1~K4は、たとえば、128~256ビット程度のバイナリデータである。また、各暗号鍵K1~K4は、たとえば、パケットを暗号化するとともに、暗号鍵K1~K4を用いて暗号化されたパケットを復号することができる共通鍵である。ノード数は、ノードが設定されるとインクリメントされる。また、図1の暗号鍵DB110では、GWアドレスを便宜上G1~G4(ゲートウェイの符号)で表現している。 The encryption keys K1 to K4 unique to the gateways G1 to G4 are keys for encrypting packets transmitted and received between nodes in the ad hoc networks A1 to A4 to which the gateways G1 to G4 belong. The encryption keys K1 to K4 are binary data of about 128 to 256 bits, for example. Each of the encryption keys K1 to K4 is a common key that can encrypt, for example, a packet and decrypt a packet encrypted using the encryption keys K1 to K4. The number of nodes is incremented when a node is set. Further, in the encryption key DB 110 of FIG. 1, the GW address is expressed by G1 to G4 (gateway codes) for convenience.
 ここで、新規ノードNxを導入する場合について説明する。図1では、新規ノードNxを設置した場合、アドホックネットワークA1,A2の通信圏内にあり、アドホックネットワークA3,A4の通信圏外にあるとする。新規ノードNxは、いずれの暗号鍵K1~K4も未設定であるため、暗号化パケットの送信や受信パケットの復号はできないが、パケットの単なる受信は可能である。 Here, a case where a new node Nx is introduced will be described. In FIG. 1, when a new node Nx is installed, it is assumed that it is within the communication area of the ad hoc networks A1 and A2 and outside the communication area of the ad hoc networks A3 and A4. Since the encryption key K1 to K4 is not set for the new node Nx, the encrypted packet cannot be transmitted and the received packet cannot be decrypted, but the packet can be simply received.
 このように、復号ができないにもかかわらずパケットを受信することを、「傍受」と称す。また、傍受されたパケットについては、新規ノードNxはいずれの暗号鍵K1~K4も持っていないため復号できないが、廃棄せずに送信することもできることとする。なお、アドホックネットワークA1~A4では、それぞれの暗号鍵K1~K4で暗号化されていないパケットは、受信しても廃棄される。 Receiving a packet even though it cannot be decoded in this way is called “interception”. The intercepted packet cannot be decrypted because the new node Nx does not have any of the encryption keys K1 to K4, but can be transmitted without being discarded. In the ad hoc networks A1 to A4, packets that are not encrypted with the respective encryption keys K1 to K4 are discarded even if they are received.
 新規ノードNxは、アドホックネットワークA1~A4以外のセキュアなネットワーク経由で管理サーバ101と通信するため、管理サーバ101と通信可能な携帯端末MTに接続する。携帯端末MTは、作業員OPが使用する携帯型の通信装置であり、たとえば、携帯電話機、PHS(Personal Handy-phone System)電話機、スマートフォン、ノート型のパーソナル・コンピュータなどである。これにより、ネットワークNW3が設定される。また、携帯端末MTと管理サーバ101とが接続されることで、携帯端末MTと管理サーバ101間で通信が可能となる。これにより、ネットワークNW2が設定される。そして、携帯端末MTは、たとえば、SSL(Secure Socket Layer)を用いて、管理サーバ101とセキュアな通信を行うことができる。 Since the new node Nx communicates with the management server 101 via a secure network other than the ad hoc networks A1 to A4, the new node Nx is connected to the mobile terminal MT that can communicate with the management server 101. The mobile terminal MT is a mobile communication device used by the worker OP, and is, for example, a mobile phone, a PHS (Personal Handy-phone System) phone, a smartphone, a laptop personal computer, or the like. Thereby, the network NW3 is set. In addition, communication between the portable terminal MT and the management server 101 is enabled by connecting the portable terminal MT and the management server 101. Thereby, the network NW2 is set. The portable terminal MT can perform secure communication with the management server 101 using, for example, SSL (Secure Socket Layer).
 つぎに、ネットワークNW2,NW3経由での暗号鍵設定処理手順について説明する。(1)まず、携帯端末MTは、ネットワークNW3を介して新規ノードNxから新規ノードNxのIDを取得する。新規ノードNxのIDとしては、たとえば、MAC(Media Access Control)アドレスが挙げられる。ここでは、携帯端末MTが新規ノードNxのIDを取得することとしているが、新規ノードNxが携帯端末MTのIDを取得することとしてもよい。 Next, an encryption key setting process procedure via the networks NW2 and NW3 will be described. (1) First, the mobile terminal MT acquires the ID of the new node Nx from the new node Nx via the network NW3. Examples of the ID of the new node Nx include a MAC (Media Access Control) address. Here, the mobile terminal MT acquires the ID of the new node Nx, but the new node Nx may acquire the ID of the mobile terminal MT.
(2)携帯端末MTは、GW探索フレームの送信指示情報EIを、ネットワークNW2を介して送信する。送信指示情報EIには、送信指示を示す記述データと、携帯端末MTのIDと、新規ノードNxのIDを含む。ここでは、携帯端末MTから送信指示情報EIを送信することとしているが、新規ノードNxが携帯端末MTのIDを取得した場合は、新規ノードNxからネットワークNW3,NW2を介して送信してもよい。 (2) The mobile terminal MT transmits the transmission instruction information EI of the GW search frame via the network NW2. The transmission instruction information EI includes description data indicating the transmission instruction, the ID of the portable terminal MT, and the ID of the new node Nx. Here, the transmission instruction information EI is transmitted from the mobile terminal MT. However, when the new node Nx acquires the ID of the mobile terminal MT, it may be transmitted from the new node Nx via the networks NW3 and NW2. .
(3)管理サーバ101は、送信指示情報EIを受信すると、送信指示情報EIから新規ノードNxのIDと携帯端末MTのIDとを抽出し、GW探索フレームに含める。そして、管理サーバ101は、GW探索フレームを、暗号鍵DB110に記憶されている暗号鍵K1~K4でそれぞれ暗号化した暗号化GW探索フレーム群K(TF)を生成する。暗号化GW探索フレーム群K(TF)は、暗号化GW探索フレームK1(TF)~K4(TF)である。 (3) Upon receiving the transmission instruction information EI, the management server 101 extracts the ID of the new node Nx and the ID of the mobile terminal MT from the transmission instruction information EI and includes them in the GW search frame. Then, the management server 101 generates an encrypted GW search frame group K (TF) obtained by encrypting the GW search frame with the encryption keys K1 to K4 stored in the encryption key DB 110. The encrypted GW search frame group K (TF) is the encrypted GW search frames K1 (TF) to K4 (TF).
(4)管理サーバ101は、生成された暗号化GW探索フレーム群K(TF)を、ネットワークNW2を介して携帯端末MTに送信する。 (4) The management server 101 transmits the generated encrypted GW search frame group K (TF) to the mobile terminal MT via the network NW2.
(5)携帯端末MTは、管理サーバ101からネットワークNW2を介して送信されてくる暗号化GW探索フレーム群K(TF)を、ネットワークNW3を介して新規ノードNxに転送する。 (5) The mobile terminal MT transfers the encrypted GW search frame group K (TF) transmitted from the management server 101 via the network NW2 to the new node Nx via the network NW3.
(6)新規ノードNxは、携帯端末MTから転送されてきた暗号化GW探索フレーム群K(TF)をブロードキャストする。これにより、新規ノードNxの通信圏内にある近隣ノードN1a,N2bは、それぞれ暗号化GW探索フレーム群K(TF)を受信する。これに対し、新規ノードNxの通信圏外であるアドホックネットワークA3,A4のノードN3c,N4dには、暗号化GW探索フレーム群K(TF)は受信されない。 (6) The new node Nx broadcasts the encrypted GW search frame group K (TF) transferred from the mobile terminal MT. Thereby, the neighboring nodes N1a and N2b within the communication area of the new node Nx each receive the encrypted GW search frame group K (TF). On the other hand, the encrypted GW search frame group K (TF) is not received by the nodes N3c and N4d of the ad hoc networks A3 and A4 outside the communication range of the new node Nx.
(7-1)アドホックネットワークA1のノードN1aは、新規ノードNxからの暗号化GW探索フレーム群K(TF)を受信する。ノードN1aは、ゲートウェイG1固有の暗号鍵K1を保持している。このため、暗号鍵K2~K4で暗号化された暗号化GW探索フレームK2(TF)~K4(TF)は、暗号鍵K1で復号できないため、ノードN1aで廃棄される。 (7-1) The node N1a of the ad hoc network A1 receives the encrypted GW search frame group K (TF) from the new node Nx. The node N1a holds an encryption key K1 unique to the gateway G1. Therefore, the encrypted GW search frames K2 (TF) to K4 (TF) encrypted with the encryption keys K2 to K4 cannot be decrypted with the encryption key K1, and are discarded at the node N1a.
(8-1)一方、暗号化GW探索フレーム群K(TF)のうち、暗号鍵K1で暗号化された暗号化GW探索フレームK1(TF)は、ノードN1aで復号できる。したがって、暗号化GW探索フレームK1(TF)は、アドホックネットワークA1内でマルチホップ通信される。 (8-1) On the other hand, the encrypted GW search frame K1 (TF) encrypted with the encryption key K1 in the encrypted GW search frame group K (TF) can be decrypted by the node N1a. Therefore, the encrypted GW search frame K1 (TF) is subjected to multihop communication within the ad hoc network A1.
(9-1)アドホックネットワークA1のゲートウェイG1は、アドホックネットワークA1内でノードN1aからマルチホップ通信されてきた暗号化GW探索フレームK1(TF)を受信する。ゲートウェイG1は、暗号化GW探索フレームK1(TF)をゲートウェイG1固有の暗号鍵K1で復号することで、GW探索フレームであることを確認する。確認できた場合は、ゲートウェイG1は、鍵通知フレームNF1を生成し、ネットワークNW1を介して管理サーバ101に送信する。鍵通知フレームNF1は、新規ノードNxへのゲートウェイG1固有の暗号鍵K1の送信許可を通知する情報である。 (9-1) The gateway G1 of the ad hoc network A1 receives the encrypted GW search frame K1 (TF) that has been subjected to multihop communication from the node N1a in the ad hoc network A1. The gateway G1 confirms that it is a GW search frame by decrypting the encrypted GW search frame K1 (TF) with the encryption key K1 unique to the gateway G1. If confirmed, the gateway G1 generates a key notification frame NF1 and transmits it to the management server 101 via the network NW1. The key notification frame NF1 is information for notifying transmission permission of the encryption key K1 unique to the gateway G1 to the new node Nx.
(7-2)上記(7-1)と同様、アドホックネットワークA2のノードN2bは、新規ノードNxからの暗号化GW探索フレーム群K(TF)を受信する。ノードN2bは、ゲートウェイG2固有の暗号鍵K2を保持している。このため、暗号鍵K1,K3,K4で暗号化された暗号化GW探索フレームK1(TF),K3(TF),K4(TF)は、暗号鍵K2で復号できないため、ノードN2bで廃棄される。 (7-2) Similar to (7-1) above, the node N2b of the ad hoc network A2 receives the encrypted GW search frame group K (TF) from the new node Nx. The node N2b holds an encryption key K2 unique to the gateway G2. Therefore, the encrypted GW search frames K1 (TF), K3 (TF), and K4 (TF) encrypted with the encryption keys K1, K3, and K4 cannot be decrypted with the encryption key K2, and are discarded at the node N2b. .
(8-2)一方、暗号化GW探索フレーム群K(TF)のうち、暗号鍵K2で暗号化された暗号化GW探索フレームK2(TF)は、ノードN2bで復号できる。したがって、暗号化GW探索フレームK2(TF)は、アドホックネットワークA2内でマルチホップ通信される。 (8-2) On the other hand, among the encrypted GW search frame group K (TF), the encrypted GW search frame K2 (TF) encrypted with the encryption key K2 can be decrypted by the node N2b. Accordingly, the encrypted GW search frame K2 (TF) is subjected to multihop communication within the ad hoc network A2.
(9-2)アドホックネットワークA2のゲートウェイG2は、アドホックネットワークA2内でノードN2bからマルチホップ通信されてきた暗号化GW探索フレームK2(TF)を受信する。ゲートウェイG2は、暗号化GW探索フレームK2(TF)をゲートウェイG2固有の暗号鍵K2で復号することで、GW探索フレームであることを確認する。確認できた場合は、ゲートウェイG2は、鍵通知フレームNF2を生成し、ネットワークNW1を介して管理サーバ101に送信する。鍵通知フレームNF2は、新規ノードNxへのゲートウェイG2固有の暗号鍵K2の送信許可を通知する情報である。 (9-2) The gateway G2 of the ad hoc network A2 receives the encrypted GW search frame K2 (TF) that has been subjected to multihop communication from the node N2b within the ad hoc network A2. The gateway G2 confirms that it is a GW search frame by decrypting the encrypted GW search frame K2 (TF) with the encryption key K2 unique to the gateway G2. If it can be confirmed, the gateway G2 generates a key notification frame NF2 and transmits it to the management server 101 via the network NW1. The key notification frame NF2 is information for notifying the transmission permission of the encryption key K2 unique to the gateway G2 to the new node Nx.
(10)このあと、管理サーバ101は、鍵通知フレームNF1,NF2から提供対象となる暗号鍵K1,K2を特定し、暗号鍵DB110から抽出する。図1の例では、管理サーバ101は、鍵通知フレームNF1,NF2を受信しているため、暗号鍵K1,K2が特定されるが、新規ノードNxに提供される暗号鍵は1つである。したがって、提供対象となる暗号鍵が複数特定された場合は、たとえば、ノード数が多い方のアドホックネットワークのゲートウェイ固有の鍵を、提供対象の暗号鍵とする。 (10) Thereafter, the management server 101 identifies the encryption keys K1 and K2 to be provided from the key notification frames NF1 and NF2, and extracts them from the encryption key DB 110. In the example of FIG. 1, since the management server 101 has received the key notification frames NF1 and NF2, the encryption keys K1 and K2 are specified, but only one encryption key is provided to the new node Nx. Accordingly, when a plurality of encryption keys to be provided are specified, for example, a key unique to the gateway of the ad hoc network having the larger number of nodes is set as the encryption key to be provided.
 たとえば、図1の例では、ゲートウェイG1が所属するアドホックネットワークA1のノード数が10、ゲートウェイG2が所属するアドホックネットワークA2のノード数が4であるため、暗号鍵K1が提供対象の暗号鍵として特定される。これにより、新規ノードNxは、ノード数が多い方のアドホックネットワークに追加されるため、追加後は、通信経路が多くなり、安定した通信をおこなうことができる。 For example, in the example of FIG. 1, since the number of nodes of the ad hoc network A1 to which the gateway G1 belongs is 10 and the number of nodes of the ad hoc network A2 to which the gateway G2 belongs is 4, the encryption key K1 is specified as the encryption key to be provided. Is done. Thereby, since the new node Nx is added to the ad hoc network having the larger number of nodes, after the addition, the number of communication paths increases and stable communication can be performed.
 また、提供対象となる暗号鍵が複数特定された場合は、たとえば、ノード数が少ない方のアドホックネットワークのゲートウェイ固有の鍵を、提供対象の暗号鍵としてもよい。たとえば、図1の例では、ゲートウェイG1が所属するアドホックネットワークA1のノード数が10、ゲートウェイG2が所属するアドホックネットワークA2のノード数が4であるため、暗号鍵K2が提供対象の暗号鍵として特定される。これにより、新規ノードNxは、ノード数が少ない方のアドホックネットワークに追加されるため、アドホックネットワークA1~A4のノード数の平均化を図ることができる。 In addition, when a plurality of encryption keys to be provided are specified, for example, a key specific to the gateway of the ad hoc network having a smaller number of nodes may be used as the encryption key to be provided. For example, in the example of FIG. 1, since the number of nodes of the ad hoc network A1 to which the gateway G1 belongs is 10 and the number of nodes of the ad hoc network A2 to which the gateway G2 belongs is 4, the encryption key K2 is specified as the encryption key to be provided. Is done. As a result, the new node Nx is added to the ad hoc network having the smaller number of nodes, so that the number of nodes in the ad hoc networks A1 to A4 can be averaged.
 また、ノード数にかかわらず、先着した鍵通知フレームで特定される暗号鍵を提供対象の暗号鍵としてもよい。たとえば、鍵通知フレームNF1,NF2のうち鍵通知フレームNF1が先着の場合は、暗号鍵K1が提供対象の暗号鍵として特定されることとなる。これにより、鍵設定作業の高速化を図ることができる。 Also, regardless of the number of nodes, the encryption key specified by the first key notification frame may be used as the encryption key to be provided. For example, when the key notification frame NF1 is the first of the key notification frames NF1 and NF2, the encryption key K1 is specified as the encryption key to be provided. Thereby, it is possible to speed up the key setting work.
(11)管理サーバ101は、提供対象となる暗号鍵を特定すると、特定した暗号鍵を、ネットワークNW2を介して携帯端末MTに送信する。たとえば、暗号鍵K1が特定されると、管理サーバ101は、暗号鍵K1を携帯端末MTに送信する。 (11) When the management server 101 identifies the encryption key to be provided, the management server 101 transmits the identified encryption key to the mobile terminal MT via the network NW2. For example, when the encryption key K1 is specified, the management server 101 transmits the encryption key K1 to the mobile terminal MT.
(12)携帯端末MTは、管理サーバ101から送信されてくる暗号鍵を、ネットワークNW3を介して新規ノードNxに転送する。たとえば、暗号鍵K1が送信されてくると、携帯端末MTは、暗号鍵K1を新規ノードNxに転送する。 (12) The mobile terminal MT transfers the encryption key transmitted from the management server 101 to the new node Nx via the network NW3. For example, when the encryption key K1 is transmitted, the mobile terminal MT transfers the encryption key K1 to the new node Nx.
(13)新規ノードNxは、携帯端末MTから転送されてくる暗号鍵を受信する。たとえば、暗号鍵K1が送信されてくると、新規ノードNxは、暗号鍵K1を受信する。 (13) The new node Nx receives the encryption key transferred from the mobile terminal MT. For example, when the encryption key K1 is transmitted, the new node Nx receives the encryption key K1.
(14)新規ノードNxは、受信した暗号鍵を、データを暗号化する鍵に設定する。たとえば、暗号鍵K1が受信されると、新規ノードNxは、暗号鍵K1により暗号化や復号が可能となる。これにより、新規ノードNxは、アドホックネットワークA1に組み込まれることになる。したがって、新規ノードNxは、アドホックネットワークA1内でマルチホップ通信されてくる暗号化パケットを暗号鍵K1で復号することができる。また、データを送信する場合は、暗号鍵K1で暗号化して、近隣のノードに送信することができる。 (14) The new node Nx sets the received encryption key as a key for encrypting data. For example, when the encryption key K1 is received, the new node Nx can be encrypted or decrypted with the encryption key K1. As a result, the new node Nx is incorporated into the ad hoc network A1. Therefore, the new node Nx can decrypt the encrypted packet that is multi-hoply communicated in the ad hoc network A1 with the encryption key K1. Further, when data is transmitted, it can be encrypted with the encryption key K1 and transmitted to neighboring nodes.
(ネットワークシステム100の一実施例)
 図2は、実施の形態1にかかるネットワークシステム100のシステム構成例を示す説明図である。図2において、ネットワークシステム100は、管理サーバ101と、ゲートウェイG1~Gnと、ノードN1-1~N1-m1,N2-1~N2-m2,…,Nn-1~Nn-mnと、を含む構成である。 (One Example of Network System 100)
FIG. 2 is an explanatory diagram of a system configuration example of the network system 100 according to the first embodiment. 2, the network system 100 includes a management server 101, gateways G1 to Gn, and nodes N1-1 to N1-m1, N2-1 to N2-m2,..., Nn-1 to Nn-mn. It is a configuration.
 管理サーバ101は、ネットワークNW1を介して、ゲートウェイG1~Gnと相互に通信可能に接続されている。管理サーバ101は、各ゲートウェイG1~Gn固有の暗号鍵を、各ゲートウェイG1~Gnから取得して保持するコンピュータである。 The management server 101 is connected to the gateways G1 to Gn via the network NW1 so that they can communicate with each other. The management server 101 is a computer that acquires and holds encryption keys unique to the gateways G1 to Gn from the gateways G1 to Gn.
 各ゲートウェイG1~Gn固有の暗号鍵K1~Knは、各ゲートウェイG1~Gnが属する各アドホックネットワークA1~An内のノード間で送受信されるデータを暗号化するための鍵情報である。以下の説明では、データの一例として、データ本体を含むペイロード部に宛先などを含むヘッダ部が付加されたパケットを用いて説明する。 The encryption keys K1 to Kn unique to the gateways G1 to Gn are key information for encrypting data transmitted and received between the nodes in the ad hoc networks A1 to An to which the gateways G1 to Gn belong. In the following description, as an example of data, a description will be given using a packet in which a header portion including a destination is added to a payload portion including a data body.
 また、管理サーバ101は、携帯電話網やインターネットなどのネットワークNW2を介して、携帯端末MTと相互に通信可能である。携帯端末MTは、作業員OPが使用する携帯型の通信装置であり、たとえば、携帯電話機、PHS(Personal Handy-phone System)電話機、スマートフォン、ノート型のパーソナル・コンピュータなどである。 In addition, the management server 101 can communicate with the mobile terminal MT via the network NW2 such as a mobile phone network or the Internet. The mobile terminal MT is a mobile communication device used by the worker OP, and is, for example, a mobile phone, a PHS (Personal Handy-phone System) phone, a smartphone, a laptop personal computer, or the like.
 ゲートウェイGiは、アドホックネットワークAiとネットワークNW1とを接続する中継機器である(i=1,2,…,n)。具体的には、ゲートウェイGiは、アドホックネットワークAiを介して、ノードNi-1~Ni-miと接続されている。また、ゲートウェイGiは、ネットワークNW1を介して、管理サーバ101と接続されている。 The gateway Gi is a relay device that connects the ad hoc network Ai and the network NW1 (i = 1, 2,..., N). Specifically, the gateway Gi is connected to the nodes Ni-1 to Ni-mi via the ad hoc network Ai. The gateway Gi is connected to the management server 101 via the network NW1.
 ゲートウェイGiは、アドホックネットワークAiのプロトコルとネットワークNW1のプロトコルの両方を理解し、アドホックネットワークAiとネットワークNW1との間の通信の転送を行う。ゲートウェイGiは、アドホックネットワークAi内のノード間で送受信されるパケットを暗号化するためのゲートウェイGi固有の暗号鍵Kiを有している。 The gateway Gi understands both the protocol of the ad hoc network Ai and the protocol of the network NW1, and transfers communication between the ad hoc network Ai and the network NW1. The gateway Gi has an encryption key Ki unique to the gateway Gi for encrypting packets transmitted and received between nodes in the ad hoc network Ai.
 ノードNi-1~Ni-miは、所定の通信圏内の他ノードとマルチホップ通信を行う無線通信装置である。アドホックネットワークAiでは、すべてのノードNi-1~Ni-miがゲートウェイGiと直接通信できる必要はなく、一部のノードがゲートウェイGiと通信可能であればよい。 Nodes Ni-1 to Ni-mi are wireless communication devices that perform multi-hop communication with other nodes within a predetermined communication range. In the ad hoc network Ai, it is not necessary for all the nodes Ni-1 to Ni-mi to directly communicate with the gateway Gi, and it is sufficient that some nodes can communicate with the gateway Gi.
 ネットワークシステム100は、たとえば、各家庭の電力やガスの使用量を収集するシステムに適用することができる。具体的には、たとえば、各家庭の電力メータやガスメータに各ノードNi-1~Ni-miを組み込むことで、アドホックネットワークAi内のノード間で各家庭の電力やガスの使用量を送受信する。なお、各家庭の電力やガスの使用量は、各ノードNi-1~Ni-miが計測してもよく、また、各ノードNi-1~Ni-miが電力メータやガスメータから取得してもよい。 The network system 100 can be applied to, for example, a system that collects the amount of power and gas used in each household. Specifically, for example, by incorporating each node Ni-1 to Ni-mi into a power meter or gas meter in each home, the amount of power or gas used in each home is transmitted and received between nodes in the ad hoc network Ai. Note that the power consumption and gas consumption of each household may be measured by each node Ni-1 to Ni-mi, or each node Ni-1 to Ni-mi may be obtained from a power meter or gas meter. Good.
 ゲートウェイGiは、アドホックネットワークAi内のノードNi-1~Ni-miから受信した各家庭の電力やガスの使用量を、ネットワークNW1を介して電力会社やガス会社のサーバ(たとえば、管理サーバ101)に送信する。これにより、作業員OPが現地に出向くことなく電力やガスの使用量を収集することができる。 The gateway Gi uses the power and gas usage of each home received from the nodes Ni-1 to Ni-mi in the ad hoc network Ai to the server of the power company or gas company (for example, the management server 101) via the network NW1. Send to. Thereby, the usage amount of electric power and gas can be collected without the operator OP going to the site.
 また、ネットワークシステム100では、アドホックネットワークAiごとにゲートウェイGi固有の暗号鍵Kiを用いてパケットを暗号化する。これにより、アドホックネットワークAiのセキュア通信(データ秘匿性、改ざん防止など)を確保する。また、アドホックネットワークAiごとに暗号鍵Kiを変えることで、鍵漏洩時のリスクを低減させる。 In the network system 100, the packet is encrypted using the encryption key Ki unique to the gateway Gi for each ad hoc network Ai. This ensures secure communication (data confidentiality, tampering prevention, etc.) of the ad hoc network Ai. Moreover, the risk at the time of key leakage is reduced by changing the encryption key Ki for every ad hoc network Ai.
 なお、図2の例では、アドホックネットワークAi内に1台のゲートウェイGiを設ける構成としたが、同一のアドホックネットワークAi内に複数台のゲートウェイGiを設ける構成としてもよい。この場合、アドホックネットワークAi内で送受信されるパケットを暗号化するための暗号鍵Kiは、複数台のゲートウェイGiで共通である。 In the example of FIG. 2, a single gateway Gi is provided in the ad hoc network Ai. However, a plurality of gateways Gi may be provided in the same ad hoc network Ai. In this case, the encryption key Ki for encrypting packets transmitted and received in the ad hoc network Ai is common to a plurality of gateways Gi.
(管理サーバ101のハードウェア構成例)
 図3は、管理サーバ101のハードウェア構成例を示すブロック図である。図3において、管理サーバ101は、CPU(Central Processing Unit)301と、ROM(Read Only Memory)302と、RAM(Random Access Memory)303と、磁気ディスクドライブ304と、磁気ディスク305と、光ディスクドライブ306と、光ディスク307と、I/F(Interface)308と、ディスプレイ309と、キーボード310と、マウス311と、を備えている。また、CPU301~マウス311はバス300によってそれぞれ接続されている。 (Example of hardware configuration of the management server 101)
FIG. 3 is a block diagram illustrating a hardware configuration example of the management server 101. 3, the management server 101 includes a CPU (Central Processing Unit) 301, a ROM (Read Only Memory) 302, a RAM (Random Access Memory) 303, a magnetic disk drive 304, a magnetic disk 305, and an optical disk drive 306. An optical disk 307, an I / F (Interface) 308, a display 309, a keyboard 310, and a mouse 311. The CPU 301 to the mouse 311 are connected by a bus 300.
 ここで、CPU301は、管理サーバ101の全体の制御を司る。ROM302は、ブートプログラムなどのプログラムを記憶している。RAM303は、CPU301のワークエリアとして使用される。磁気ディスクドライブ304は、CPU301の制御に従って磁気ディスク305に対するデータのリード/ライトを制御する。磁気ディスク305は、磁気ディスクドライブ304の制御で書き込まれたデータを記憶する。 Here, the CPU 301 controls the entire management server 101. The ROM 302 stores a program such as a boot program. The RAM 303 is used as a work area for the CPU 301. The magnetic disk drive 304 controls the reading / writing of the data with respect to the magnetic disk 305 according to control of CPU301. The magnetic disk 305 stores data written under the control of the magnetic disk drive 304.
 光ディスクドライブ306は、CPU301の制御に従って光ディスク307に対するデータのリード/ライトを制御する。光ディスク307は、光ディスクドライブ306の制御で書き込まれたデータを記憶したり、光ディスク307に記憶されたデータをコンピュータに読み取らせたりする。 The optical disc drive 306 controls the reading / writing of the data with respect to the optical disc 307 according to control of CPU301. The optical disk 307 stores data written under the control of the optical disk drive 306, and causes the computer to read data stored on the optical disk 307.
 I/F308は、通信回線を通じてネットワークNW1,NW2に接続され、このネットワークNW1,NW2を介して他の装置(たとえば、ゲートウェイGi、携帯端末MT)に接続される。I/F308は、ネットワークNW1,NW2と内部のインターフェースを司り、外部装置からのデータの入出力を制御する。I/F308には、たとえば、モデムやLANアダプタなどを採用することができる。 The I / F 308 is connected to the networks NW1 and NW2 through communication lines, and is connected to other devices (for example, the gateway Gi and the portable terminal MT) via the networks NW1 and NW2. The I / F 308 controls an internal interface with the networks NW1 and NW2, and controls input / output of data from an external device. For example, a modem or a LAN adapter may be employed as the I / F 308.
 ディスプレイ309は、カーソル、アイコンあるいはツールボックスをはじめ、文書、画像、機能情報などのデータを表示する。このディスプレイ309は、たとえば、CRT、TFT液晶ディスプレイ、プラズマディスプレイなどを採用することができる。 Display 309 displays data such as a document, an image, and function information as well as a cursor, an icon, or a tool box. As the display 309, for example, a CRT, a TFT liquid crystal display, a plasma display, or the like can be adopted.
 キーボード310は、文字、数字、各種指示などの入力のためのキーを備え、データの入力を行う。また、タッチパネル式の入力パッドやテンキーなどであってもよい。マウス311は、カーソルの移動や範囲選択、あるいはウィンドウの移動やサイズの変更などを行う。ポインティングデバイスとして同様に機能を備えるものであれば、トラックボールやジョイスティックなどであってもよい。なお、図1に示した携帯端末MTについても、図3に示した管理サーバ101と同様のハードウェア構成により実現できる。 The keyboard 310 includes keys for inputting characters, numbers, various instructions, etc., and inputs data. Moreover, a touch panel type input pad or a numeric keypad may be used. The mouse 311 performs cursor movement, range selection, window movement, size change, and the like. A trackball or a joystick may be used as long as they have the same function as a pointing device. The mobile terminal MT shown in FIG. 1 can also be realized by the same hardware configuration as the management server 101 shown in FIG.
(ノードのハードウェア構成例)
 図4は、ノードのハードウェア構成例を示すブロック図である。図4において、ノードは、CPU401と、RAM402と、フラッシュメモリ403と、I/F404と、暗号化回路405と、を備えている。CPU401~暗号化回路405は、バス400によってそれぞれ接続されている。 (Example of node hardware configuration)
FIG. 4 is a block diagram illustrating a hardware configuration example of the node. 4, the node includes a CPU 401, a RAM 402, a flash memory 403, an I / F 404, and an encryption circuit 405. The CPU 401 to the encryption circuit 405 are connected by a bus 400.
 ここで、CPU401は、ノード等の全体の制御を司る。RAM402は、CPU401のワークエリアとして使用される。フラッシュメモリ403は、プログラムや暗号鍵などの鍵情報を記憶している。I/F404は、マルチホップ通信によりパケットを送受信する。また、ゲートウェイGiのI/F404は、通信回線を通じてネットワークNW1に接続され、このネットワークNW1を介して管理サーバ101に接続される。 Here, the CPU 401 controls the entire node and the like. The RAM 402 is used as a work area for the CPU 401. The flash memory 403 stores key information such as programs and encryption keys. The I / F 404 transmits and receives packets by multi-hop communication. The gateway Gi I / F 404 is connected to the network NW1 through a communication line, and is connected to the management server 101 via the network NW1.
 暗号化回路405は、データを暗号化する場合に暗号鍵によりデータを暗号化する回路である。暗号化をソフトウェア的に実行する場合は、暗号化回路405に相当するプログラムをフラッシュメモリ403に記憶させておくことで、暗号化回路405は不要となる。 The encryption circuit 405 is a circuit that encrypts data using an encryption key when encrypting data. When encryption is executed by software, the encryption circuit 405 is not required by storing a program corresponding to the encryption circuit 405 in the flash memory 403.
(新規ノードNxの導入時における暗号鍵Kiの設定例)
 つぎに、図2に示したネットワークシステム100への新規ノードNxの導入時における暗号鍵Kiの設定例について説明する。 (Setting example of encryption key Ki when new node Nx is introduced)
Next, an example of setting the encryption key Ki when the new node Nx is introduced into the network system 100 shown in FIG. 2 will be described.
 図5は、実施の形態1にかかるネットワークシステム100への新規ノードNxの導入例を示す説明図である。図5において、ネットワークシステム100のアドホックネットワークAi内に新規ノードNxが導入されている。なお、図5では、アドホックネットワークAi内のノードNi-1~Ni-miのうち、代表としてノードNi-1~Ni-3を示している。 FIG. 5 is an explanatory diagram of an example of introducing a new node Nx into the network system 100 according to the first embodiment. In FIG. 5, a new node Nx is introduced in the ad hoc network Ai of the network system 100. FIG. 5 shows nodes Ni-1 to Ni-3 as representatives among the nodes Ni-1 to Ni-mi in the ad hoc network Ai.
 新規ノードNxの導入時は、作業員OPは新規ノードNxがどのアドホックネットワークAiに属しているのかわからない。そこで、本実施の形態1では、作業員OPが使用する携帯端末MTを利用して、新規ノードNxに設定すべき暗号鍵Kiを管理サーバ101から取得して新規ノードNxに自動設定する。以下、図5に示した新規ノードNxの導入時におけるネットワークシステム100の動作例について説明する。 When the new node Nx is introduced, the worker OP does not know which ad hoc network Ai the new node Nx belongs to. Therefore, in the first embodiment, using the mobile terminal MT used by the worker OP, the encryption key Ki to be set for the new node Nx is acquired from the management server 101 and automatically set for the new node Nx. Hereinafter, an operation example of the network system 100 when the new node Nx illustrated in FIG. 5 is introduced will be described.
 図6は、実施の形態1にかかる新規ノードNxの導入時におけるネットワークシステム100の動作例を示すシーケンス図である。図6のシーケンスにおいて、携帯端末MTは、ネットワークNW2を介して管理サーバ101に接続されている。この際、携帯端末MTは、たとえば、SSLを用いて、管理サーバ101とセキュアな通信を行う。なお、管理サーバ101と携帯端末MTとの間でセキュア通信を実現するための通信方式については、図15および図16を用いて後述する。 FIG. 6 is a sequence diagram illustrating an operation example of the network system 100 when the new node Nx according to the first embodiment is introduced. In the sequence of FIG. 6, the mobile terminal MT is connected to the management server 101 via the network NW2. At this time, the mobile terminal MT performs secure communication with the management server 101 using, for example, SSL. A communication method for realizing secure communication between the management server 101 and the portable terminal MT will be described later with reference to FIGS. 15 and 16.
 また、携帯端末MTは、有線または無線のネットワークNW3を介して新規ノードNxに接続されている。具体的には、たとえば、作業員OPが、USB(Universal Serial Bus)ケーブルを用いて、携帯端末MTと新規ノードNxとを接続することで、携帯端末MTと新規ノードNxとの間にネットワークNW3が確立される。 The mobile terminal MT is connected to the new node Nx via a wired or wireless network NW3. Specifically, for example, when the worker OP connects the mobile terminal MT and the new node Nx using a USB (Universal Serial Bus) cable, the network NW3 is connected between the mobile terminal MT and the new node Nx. Is established.
(1)新規ノードNxは、携帯端末MTとの接続を検知すると、携帯端末MTに新規ノードNxのIDを送信する。 (1) When the new node Nx detects connection with the mobile terminal MT, the new node Nx transmits the ID of the new node Nx to the mobile terminal MT.
(2)携帯端末MTは、新規ノードNxのIDを受信すると、GW探索フレームの送信指示情報EIを、ネットワークNW2を介して管理サーバ101に送信する。送信指示情報EIには、新規ノードNxのIDおよび携帯端末MTのIDが含まれている。 (2) Upon receiving the ID of the new node Nx, the mobile terminal MT transmits the transmission instruction information EI for the GW search frame to the management server 101 via the network NW2. The transmission instruction information EI includes the ID of the new node Nx and the ID of the mobile terminal MT.
(3)管理サーバ101は、送信指示情報EIを受信すると、暗号化GW探索フレーム群K(TF)を生成する。
(4)管理サーバ101は、生成された暗号化GW探索フレーム群K(TF)を、ネットワークNW2を介して携帯端末MTに送信する。暗号化GW探索フレーム群K(TF)は、携帯端末MTにより、新規ノードNxに転送される。 (3) Upon receiving the transmission instruction information EI, the management server 101 generates an encrypted GW search frame group K (TF).
(4) The management server 101 transmits the generated encrypted GW search frame group K (TF) to the mobile terminal MT via the network NW2. The encrypted GW search frame group K (TF) is transferred to the new node Nx by the mobile terminal MT.
(5)新規ノードNxは、受信した暗号化GW探索フレーム群K(TF)をブロードキャストする。これにより、新規ノードNxの通信圏内にある近隣ノードは、暗号化GW探索フレーム群K(TF)を受信する。 (5) The new node Nx broadcasts the received encrypted GW search frame group K (TF). Thereby, the neighboring node in the communication area of the new node Nx receives the encrypted GW search frame group K (TF).
(6)近隣ノードは、暗号化GW探索フレーム群K(TF)内の各々のフレームの復号を試みる。近隣ノードは、暗号鍵K1~KnのうちゲートウェイGi固有の暗号鍵Kiを保持するため、暗号化GW探索フレーム群K(TF)のうち、暗号化GW探索フレームKi(TF)が復号される。復号によりGW探索フレームであることが確認できるため、暗号化GW探索フレームKi(TF)は、アドホックネットワークAi内でマルチホップ通信され、ゲートウェイGiに到達する。 (6) The neighboring node attempts to decrypt each frame in the encrypted GW search frame group K (TF). Since the neighboring node holds the encryption key Ki unique to the gateway Gi among the encryption keys K1 to Kn, the encrypted GW search frame Ki (TF) is decrypted from the encrypted GW search frame group K (TF). Since it can be confirmed that the frame is a GW search frame by decryption, the encrypted GW search frame Ki (TF) is subjected to multi-hop communication within the ad hoc network Ai and reaches the gateway Gi.
(7)また、それ以外の暗号化GW探索フレームKj(TF)(j≠i)は、暗号鍵Kiで復号できないため廃棄される。 (7) The other encrypted GW search frames Kj (TF) (j ≠ i) are discarded because they cannot be decrypted with the encryption key Ki.
(8)ゲートウェイGiは、暗号化GW探索フレームKi(TF)を受信すると、暗号鍵Kiで復号する。これにより、ゲートウェイGiは、GW探索フレームを確認することができる。そして、ゲートウェイGiは、鍵通知フレームNFiを生成する。鍵通知フレームNFiは、暗号鍵Kiの通知許可フラグと、復号で得られた新規ノードNxのIDおよび携帯端末MTのIDとを含む。 (8) Upon receiving the encrypted GW search frame Ki (TF), the gateway Gi decrypts it with the encryption key Ki. Thereby, the gateway Gi can confirm the GW search frame. Then, the gateway Gi generates a key notification frame NFi. The key notification frame NFi includes the notification permission flag of the encryption key Ki, the ID of the new node Nx and the ID of the mobile terminal MT obtained by decryption.
(9)ゲートウェイGiは、鍵通知フレームNFiを、ネットワークNW1を介して管理サーバ101に送信する。 (9) The gateway Gi transmits the key notification frame NFi to the management server 101 via the network NW1.
(10)管理サーバ101は、鍵通知フレームNFiの送信元となるゲートウェイGi固有の暗号鍵Kiを、鍵通知フレームNFiから特定し、暗号鍵DB110から抽出する。 (10) The management server 101 identifies the encryption key Ki unique to the gateway Gi that is the transmission source of the key notification frame NFi from the key notification frame NFi and extracts it from the encryption key DB 110.
(11)管理サーバ101は、暗号鍵Kiを、ネットワークNW2を介して携帯端末MTに送信する。携帯端末MTは、暗号鍵Kiを、ネットワークNW3を介して新規ノードNxに送信する。 (11) The management server 101 transmits the encryption key Ki to the mobile terminal MT via the network NW2. The mobile terminal MT transmits the encryption key Ki to the new node Nx via the network NW3.
(12)新規ノードNxは、受信した暗号鍵を、データを暗号化する鍵に設定する。これにより、新規ノードNxは、アドホックネットワークAi内でセキュアにマルチホップ通信をおこなうことができる。 (12) The new node Nx sets the received encryption key as a key for encrypting data. As a result, the new node Nx can securely perform multi-hop communication within the ad hoc network Ai.
 なお、携帯端末MTと新規ノードNxとの接続は、新規ノードNxに対する暗号鍵Kiの設定が終了するまで維持する。また、暗号鍵Kiの設定が終了して携帯端末MTと新規ノードNxとの接続を切断すると、携帯端末MTの中から暗号鍵Kiが自動で削除されるようにしてもよい。これにより、携帯端末MTの紛失時などにおけるリスクを低減させることができる。 Note that the connection between the mobile terminal MT and the new node Nx is maintained until the setting of the encryption key Ki for the new node Nx is completed. Further, when the setting of the encryption key Ki is completed and the connection between the mobile terminal MT and the new node Nx is disconnected, the encryption key Ki may be automatically deleted from the mobile terminal MT. Thereby, the risk when the mobile terminal MT is lost can be reduced.
 このように、本実施の形態1のアップロード型では、新規ノードNxの設置の際、現地に出向いた作業員が実際にどのゲートウェイと通信可能であるかといった確認作業が不要である。したがって、作業員の暗号鍵の設定作業にかかる作業時間および作業負荷が低減される。また、新規ノードNxからは、暗号化GW探索フレーム群K(TF)をアップロードするため、暗号化GW探索フレーム群K(TF)を受信できないアドホックネットワーク内で使用される暗号鍵は、提供対象外となる。また、暗号化GW探索フレーム群K(TF)が受信できても復号できない暗号化GW探索フレームは廃棄される。 As described above, in the upload type according to the first embodiment, when the new node Nx is installed, it is not necessary to confirm which gateway the worker who has visited the site can actually communicate with. Therefore, the work time and work load required for the worker's encryption key setting work are reduced. Also, since the encrypted GW search frame group K (TF) is uploaded from the new node Nx, the encryption key used in the ad hoc network that cannot receive the encrypted GW search frame group K (TF) is not provided. It becomes. Also, an encrypted GW search frame that cannot be decrypted even if the encrypted GW search frame group K (TF) can be received is discarded.
 このように、「どのアドホックネットワークのどのノードが近いか」といったことを作業員が確認しなくても、新規ノードNxを設置して暗号化GW探索フレーム群K(TF)をブロードキャストするだけで、受信可能な近隣ノードに絞り込むことができる。また、暗号化GW探索フレーム群が受信されても、復号できない暗号化GW探索フレームはその近隣ノードで廃棄され、マルチホップ通信されない。 Thus, even if the worker does not confirm that “which node of which ad hoc network is near”, only by installing the new node Nx and broadcasting the encrypted GW search frame group K (TF), It is possible to narrow down to neighboring nodes that can be received. Further, even if an encrypted GW search frame group is received, an encrypted GW search frame that cannot be decrypted is discarded at the neighboring node and is not subjected to multi-hop communication.
 すなわち、復号された暗号化GW探索フレームのみがマルチホップ通信されて、ゲートウェイまでアップロードされる。したがって、作業員が「どのゲートウェイにアップロードするか」といった確認作業をおこなわなくても、暗号化GW探索フレーム群が淘汰され、復号可能な暗号化GW探索フレームのみがアップロードされる。このように、作業員が確認作業をしなくても、新規ノードNxに対し、マルチホップ通信に必要な暗号鍵を設定することができる。 That is, only the decrypted encrypted GW search frame is subjected to multi-hop communication and uploaded to the gateway. Therefore, even if the worker does not perform the confirmation work such as “to which gateway to upload”, the encrypted GW search frame group is deceived and only the decryptable encrypted GW search frame is uploaded. In this way, an encryption key necessary for multi-hop communication can be set for the new node Nx without a worker performing confirmation work.
 また、復号できない暗号化GW探索フレームは廃棄されるため、大量のパケットを転送させられてネットワークが麻痺する等のDoS攻撃を受けても、アドホックネットワーク内にはパケットは流通しないこととなる。したがって、暗号化通信の安定性の向上を図ることができる。 In addition, since the encrypted GW search frame that cannot be decrypted is discarded, even if a DoS attack such as a large number of packets being transferred and paralyzing the network, the packets will not circulate in the ad hoc network. Therefore, the stability of encrypted communication can be improved.
(ノードNの機能的構成)
 図7は、実施の形態1にかかるノードの機能的構成を示すブロック図である。図7において、ノードN(新規ノードNx含む)は、検知部701と、第1の送信部702と、第1の受信部703と、第2の送信部704と、第2の受信部705と、設定部706と、を含む構成である。各機能部(検知部701~設定部706)は、具体的には、たとえば、図4に示したRAM402、フラッシュメモリ403などの記憶装置に記憶されたプログラムをCPU401に実行させることにより、または、I/F404により、その機能を実現する。また、各機能部(検知部701~設定部706)の処理結果は、特に指定する場合を除いて、RAM402、フラッシュメモリ403などの記憶装置に記憶される。 (Functional configuration of node N)
FIG. 7 is a block diagram of a functional configuration of the node according to the first embodiment. In FIG. 7, the node N (including the new node Nx) includes a detection unit 701, a first transmission unit 702, a first reception unit 703, a second transmission unit 704, and a second reception unit 705. , And a setting unit 706. Specifically, each function unit (detection unit 701 to setting unit 706), for example, causes the CPU 401 to execute a program stored in a storage device such as the RAM 402 and the flash memory 403 illustrated in FIG. The function is realized by the I / F 404. Further, the processing results of the respective function units (the detection unit 701 to the setting unit 706) are stored in a storage device such as the RAM 402 and the flash memory 403 unless otherwise specified.
 検知部701は、管理サーバ101と通信可能な携帯端末MTとの接続を検知する。具体的には、たとえば、作業員OPがUSBケーブルを用いて携帯端末MTとノードNとを接続した結果、検知部701が、USBケーブルを介した携帯端末MTとの接続を検知する。 The detection unit 701 detects a connection with the mobile terminal MT that can communicate with the management server 101. Specifically, for example, as a result of the worker OP connecting the portable terminal MT and the node N using a USB cable, the detection unit 701 detects the connection with the portable terminal MT via the USB cable.
 第1の送信部702は、検知部701によって携帯端末MTとの接続が検知された場合、データを暗号化する鍵の取得要求の送信指示情報EIを、携帯端末MTを介して管理サーバ101に送信する。ここで、取得要求とは、上述したGW探索フレームである。送信指示情報EIとは、新規ノードNxのIDと携帯端末MTのIDと送信指示記述とを含むパケットである。ここで、送信指示情報EIについて具体的に説明する。 When the detection unit 701 detects the connection with the portable terminal MT, the first transmission unit 702 sends the transmission instruction information EI for the acquisition request for the key for encrypting data to the management server 101 via the portable terminal MT. Send. Here, the acquisition request is the above-described GW search frame. The transmission instruction information EI is a packet including the ID of the new node Nx, the ID of the mobile terminal MT, and the transmission instruction description. Here, the transmission instruction information EI will be specifically described.
 図8は、実施の形態1にかかる送信指示情報EIのデータ構造例を示す説明図である。図8において、送信指示情報EIには、指示記述“search gw”と、携帯端末MTのID「MT」と、新規ノードNxのID「Nx」が記憶されている。指示記述“search gw”は、アドホックネットワーク内のノードにゲートウェイを探索させるコマンドである。具体的には、各ノードが所属するアドホックネットワークの上流側にGW探索フレームを転送させるコマンドである。 FIG. 8 is an explanatory diagram of a data structure example of the transmission instruction information EI according to the first embodiment. In FIG. 8, the instruction description “search gw”, the ID “MT” of the mobile terminal MT, and the ID “Nx” of the new node Nx are stored in the transmission instruction information EI. The instruction description “search gw” is a command for causing a node in the ad hoc network to search for a gateway. Specifically, it is a command for transferring a GW search frame to the upstream side of the ad hoc network to which each node belongs.
 また、送信指示情報EIの送信方法は2種類ある。1つは、第1の送信部702が、携帯端末MTのIDを携帯端末MTから取得して、送信指示情報EIを生成し、携帯端末MTを介して、送信指示情報EIを管理サーバ101に送信する方法である。もう1つは、第1の送信部702が、新規ノードNxのIDを携帯端末MTに送信し、携帯端末MTで送信指示情報EIを生成させて、送信指示情報EIを管理サーバ101に送信させる方法である。後者の場合は、第1の送信部702から送信指示情報EIの生成指示や送信指示を携帯端末MTに送信する。また、後者の場合、携帯端末MTが、新規ノードNxから新規ノードNxのIDを受信したときに、携帯端末MTが自律的に送信指示情報EIを生成し、管理サーバ101に送信することとしてもよい。 There are two methods for transmitting the transmission instruction information EI. First, the first transmission unit 702 acquires the ID of the portable terminal MT from the portable terminal MT, generates transmission instruction information EI, and transmits the transmission instruction information EI to the management server 101 via the portable terminal MT. How to send. The other is that the first transmission unit 702 transmits the ID of the new node Nx to the mobile terminal MT, causes the mobile terminal MT to generate transmission instruction information EI, and causes the management server 101 to transmit the transmission instruction information EI. Is the method. In the latter case, a transmission instruction information EI generation instruction or transmission instruction is transmitted from the first transmission unit 702 to the mobile terminal MT. In the latter case, when the mobile terminal MT receives the ID of the new node Nx from the new node Nx, the mobile terminal MT autonomously generates transmission instruction information EI and transmits it to the management server 101. Good.
 第1の受信部703は、第1の送信部702によって送信指示情報EIが送信された結果、管理サーバ101から携帯端末MTを介して、取得要求が各ゲートウェイ固有の鍵でそれぞれ暗号化された暗号化取得要求群を受信する。暗号化取得要求群とは、上述した暗号化GW探索フレーム群K(TF)である。ここで、暗号化GW探索フレーム群K(TF)内の暗号化GW探索フレームのデータ構造について説明する。 As a result of the transmission instruction information EI being transmitted by the first transmission unit 702, the first reception unit 703 encrypts the acquisition request from the management server 101 via the portable terminal MT with each gateway-specific key. Receives an encryption acquisition request group. The encryption acquisition request group is the above-described encrypted GW search frame group K (TF). Here, the data structure of the encrypted GW search frame in the encrypted GW search frame group K (TF) will be described.
 図9は、実施の形態1にかかる暗号化GW探索フレームKi(TF)のデータ構造例を示す説明図である。図9において、(A)は、暗号化GW探索フレームKi(TF)のデータ構造例を示しており、(B)は、GW探索フレームTFを示している。暗号化GW探索フレームKi(TF)およびGW探索フレームTFは、ヘッダ部910とペイロード部920とを含む構成である。ヘッダ部910には、宛先アドレス、差出アドレス、種別、サイズおよびホップ数が記述されている。 FIG. 9 is an explanatory diagram of an example of the data structure of the encrypted GW search frame Ki (TF) according to the first embodiment. In FIG. 9, (A) shows an example of the data structure of the encrypted GW search frame Ki (TF), and (B) shows the GW search frame TF. The encrypted GW search frame Ki (TF) and the GW search frame TF are configured to include a header portion 910 and a payload portion 920. The header portion 910 describes a destination address, a source address, a type, a size, and a hop number.
 また、宛先アドレスは、送信先のアドレスである。ここでは、ブロードキャスト用のMACアドレス『FF:FF:FF:FF:FF:FF』が記述されている。差出アドレスは、送信元のアドレスである。ここでは、新規ノードNxのMACアドレスが記述されている。種別は、フレームの種別である。ここでは、GW探索フレームを示す『2』が記述されている。サイズは、フレームのデータサイズ(バイト)である。 Also, the destination address is the destination address. Here, the broadcast MAC address “FF: FF: FF: FF: FF: FF” is described. The sending address is a sender address. Here, the MAC address of the new node Nx is described. The type is a frame type. Here, “2” indicating the GW search frame is described. The size is the data size (byte) of the frame.
 ホップ数は、ノード間で暗号化GW探索フレームKi(TF)を残り何回転送するのかを示す残余の転送回数である。新規ノードNxからブロードキャストされる暗号化GW探索フレームKi(TF)のホップ数の最大値は予め設定されている。ホップ数は暗号化GW探索フレームKi(TF)の転送時にデクリメントされ、ホップ数が『0』となった暗号化GW探索フレームKi(TF)は棄却される。ここでは、暗号化GW探索フレームKi(TF)のホップ数『10』が記述されている。 The number of hops is the remaining number of transfers indicating how many times the encrypted GW search frame Ki (TF) is transferred between nodes. The maximum value of the number of hops of the encrypted GW search frame Ki (TF) broadcast from the new node Nx is set in advance. The hop count is decremented when the encrypted GW search frame Ki (TF) is transferred, and the encrypted GW search frame Ki (TF) with the hop count of “0” is rejected. Here, the number of hops “10” of the encrypted GW search frame Ki (TF) is described.
 なお、ここでは宛先アドレスおよび差出アドレスの一例として、MACアドレスを用いて説明したが、IP(Internet Protocol)アドレスなどのアドレスを用いることにしてもよい。 Note that, here, the MAC address is used as an example of the destination address and the source address, but an address such as an IP (Internet Protocol) address may be used.
 ペイロード部920には、携帯端末MTのIDおよび新規ノードNxのIDが暗号化された文字列が記述されている。GW探索フレームTFでは、ペイロード部920に、暗号化されていない携帯端末MTのIDおよび新規ノードNxのIDが記述されている。 The payload portion 920 describes a character string in which the ID of the mobile terminal MT and the ID of the new node Nx are encrypted. In the GW search frame TF, the unencrypted ID of the mobile terminal MT and the ID of the new node Nx are described in the payload section 920.
 図7に戻り、第1の受信部703は、第1の送信部702から送信指示情報EIが送信されてから所定期間、暗号化GW探索フレーム群K(TF)を待ち受ける。所定期間内に、暗号化GW探索フレームが1つも受信されなかった場合は、設定エラーとなる。すなわち、その位置では、いずれのアドホックネットワークAiにも参加できないことが判明する。これにより、所定期間待機するだけで、新規ノードNxの設置位置にふさわしくないことがわかり、設置作業の効率化を図ることができる。 Returning to FIG. 7, the first receiving unit 703 waits for the encrypted GW search frame group K (TF) for a predetermined period after the transmission instruction information EI is transmitted from the first transmitting unit 702. If no encrypted GW search frame is received within the predetermined period, a setting error occurs. That is, it turns out that at that position, it cannot participate in any ad hoc network Ai. As a result, it is understood that the installation position of the new node Nx is not suitable just by waiting for a predetermined period, and the efficiency of the installation work can be improved.
 第2の送信部704は、第1の受信部703によって受信された暗号化取得要求群を、複数のアドホックネットワークに同時通報する。具体的には、たとえば、第2の送信部704は、暗号化GW探索フレーム群K(TF)を複数のアドホックネットワークA1~Anにブロードキャストする。これにより、暗号化GW探索フレーム群K(TF)が受信されなかったアドホックネットワークについては、そのゲートウェイ固有の鍵は、新規ノードNxに提供されないこととなる。したがって、作業員が「どのゲートウェイにアップロードするか」といった確認作業をおこなう必要がなく、作業負担の軽減を図ることができる。 The second transmission unit 704 reports the encrypted acquisition request group received by the first reception unit 703 simultaneously to a plurality of ad hoc networks. Specifically, for example, the second transmission unit 704 broadcasts the encrypted GW search frame group K (TF) to a plurality of ad hoc networks A1 to An. As a result, for the ad hoc network in which the encrypted GW search frame group K (TF) has not been received, the gateway-specific key is not provided to the new node Nx. Therefore, it is not necessary for the worker to perform a confirmation work such as “to which gateway to upload”, and the work load can be reduced.
 第2の受信部705は、複数のゲートウェイのうち、第2の送信部704によって配信された暗号化取得要求群の中のいずれかの暗号化取得要求が到達した特定のゲートウェイ固有の鍵を、管理サーバ101から携帯端末MTを介して受信する。具体的には、たとえば、図1に示したように、第2の受信部705は、暗号化GW探索フレームK1(TF),K2(TF)が到達したゲートウェイG1,G2固有の暗号鍵K1,K2のいずれか一方を、携帯端末MTを介して受信する。 The second receiving unit 705 includes, among a plurality of gateways, a specific gateway-specific key that has been reached by one of the encryption acquisition requests in the encryption acquisition request group distributed by the second transmission unit 704. Received from the management server 101 via the portable terminal MT. Specifically, for example, as illustrated in FIG. 1, the second reception unit 705 includes an encryption key K1, unique to the gateways G1, G2 to which the encrypted GW search frames K1 (TF), K2 (TF) have arrived. Either one of K2 is received via the portable terminal MT.
 設定部706は、第2の受信部705によって受信された特定のゲートウェイ固有の鍵を、データを暗号化する鍵に設定する。具体的には、たとえば、図1に示したように、設定部706は、受信したゲートウェイG1固有の暗号鍵K1を、データを暗号化する鍵に設定する。 The setting unit 706 sets a specific gateway-specific key received by the second receiving unit 705 as a key for encrypting data. Specifically, for example, as illustrated in FIG. 1, the setting unit 706 sets the received encryption key K1 unique to the gateway G1 as a key for encrypting data.
 具体的には、たとえば、設定部706は、特定の記憶領域に受信した暗号鍵Kiを書き込む。特定の記憶領域のアドレスは、パケットを暗号化する際、または暗号化パケットを復号する際に指定されるアドレスである。これにより、以降において新規ノードNxが送信対象となるパケットを暗号化、および暗号化パケットを復号することが可能となり、アドホックネットワークAi内のノード間でセキュア通信をおこなうことができる。 Specifically, for example, the setting unit 706 writes the received encryption key Ki in a specific storage area. The address of the specific storage area is an address designated when encrypting a packet or decrypting an encrypted packet. This makes it possible for the new node Nx to encrypt a packet to be transmitted and decrypt the encrypted packet thereafter, and secure communication can be performed between the nodes in the ad hoc network Ai.
(ゲートウェイGiの機能的構成例)
 図10は、実施の形態1にかかるゲートウェイの機能的構成例を示すブロック図である。図10において、ゲートウェイGiは、GW受信部1001と、作成部1002と、GW送信部1003と、を含む構成である。各機能部(GW受信部1001~GW送信部1003)は、具体的には、たとえば、図4に示したRAM402、フラッシュメモリ403などの記憶装置に記憶されたプログラムをCPU401に実行させることにより、または、I/F404により、その機能を実現する。また、各機能部(GW受信部1001~GW送信部1003)の処理結果は、RAM402、フラッシュメモリ403などの記憶装置に記憶される。 (Functional configuration example of gateway Gi)
FIG. 10 is a block diagram of a functional configuration example of the gateway according to the first embodiment. In FIG. 10, the gateway Gi is configured to include a GW receiving unit 1001, a creating unit 1002, and a GW transmitting unit 1003. Specifically, each functional unit (GW receiving unit 1001 to GW transmitting unit 1003) causes the CPU 401 to execute a program stored in a storage device such as the RAM 402 and the flash memory 403 illustrated in FIG. Alternatively, the function is realized by the I / F 404. Further, the processing results of the respective functional units (GW receiving unit 1001 to GW transmitting unit 1003) are stored in a storage device such as the RAM 402 and the flash memory 403.
 GW受信部1001は、アドホックネットワークAiを介して、新規ノードNxからブロードキャストされた暗号化GW探索フレームKi(TF)を受信する。具体的には、たとえば、GW受信部1001が、暗号化GW探索フレーム群K(TF)のうち廃棄されずに転送されてきた暗号化GW探索フレームKi(TF)を受信する。 The GW receiving unit 1001 receives the encrypted GW search frame Ki (TF) broadcast from the new node Nx via the ad hoc network Ai. Specifically, for example, the GW receiving unit 1001 receives the encrypted GW search frame Ki (TF) transferred without being discarded from the encrypted GW search frame group K (TF).
 作成部1002は、暗号化GW探索フレームKi(TF)が受信された場合、ゲートウェイGi固有の暗号鍵Kiで暗号化GW探索フレームKi(TF)を復号する。作成部1002は、復号で得られるGW探索フレームTFのペイロードに、ゲートウェイGiのIDを付与することで、鍵通知フレームNFiを生成する。 The creation unit 1002 decrypts the encrypted GW search frame Ki (TF) with the encryption key Ki unique to the gateway Gi when the encrypted GW search frame Ki (TF) is received. The creation unit 1002 generates the key notification frame NFi by adding the gateway Gi ID to the payload of the GW search frame TF obtained by decryption.
 図11は、実施の形態1にかかる鍵通知フレームNFiのデータ構造例を示す説明図である。鍵通知フレームNFiは、携帯端末MTのIDと、新規ノードNxのIDと、ゲートウェイGiのIDとを含む情報である。ゲートウェイGiのIDは、ネットワークシステム100において決めた一意な識別情報であればよく、たとえば、MACアドレスやIPアドレスが用いられる。 FIG. 11 is an explanatory diagram of an example of the data structure of the key notification frame NFi according to the first embodiment. The key notification frame NFi is information including the ID of the mobile terminal MT, the ID of the new node Nx, and the ID of the gateway Gi. The ID of the gateway Gi may be unique identification information determined in the network system 100. For example, a MAC address or an IP address is used.
 図10の説明に戻り、GW送信部1003は、ネットワークNW1を介して、鍵通知フレームNFiを管理サーバ101に送信する。これにより、管理サーバ101では、新規ノードNxに設定すべき暗号鍵Kiを特定することができる。 Returning to the description of FIG. 10, the GW transmission unit 1003 transmits the key notification frame NFi to the management server 101 via the network NW1. Thereby, the management server 101 can specify the encryption key Ki to be set to the new node Nx.
(管理サーバ101の機能的構成例)
 図12は、実施の形態1にかかる管理サーバ101の機能的構成例を示すブロック図である。図12において、管理サーバ101は、暗号鍵DB110と、第1の受信部1201と、生成部1202と、第1の送信部1203と、第2の受信部1204と、抽出部1205と、第2の送信部1206と、を含む構成である。各機能部(第1の受信部1201~第2の送信部1206)は、具体的には、たとえば、図3に示したROM302、RAM303、磁気ディスク305、光ディスク307などの記憶装置に記憶されたプログラムをCPU401に実行させることにより、または、I/F308により、その機能を実現する。また、各機能部(第1の受信部1201~第2の送信部1206)の処理結果は、たとえば、RAM303、磁気ディスク305、光ディスク307などの記憶装置に記憶される。 (Functional configuration example of the management server 101)
FIG. 12 is a block diagram of a functional configuration example of the management server 101 according to the first embodiment. In FIG. 12, the management server 101 includes an encryption key DB 110, a first reception unit 1201, a generation unit 1202, a first transmission unit 1203, a second reception unit 1204, an extraction unit 1205, a second And a transmission unit 1206. Specifically, each functional unit (the first receiving unit 1201 to the second transmitting unit 1206) is stored in a storage device such as the ROM 302, the RAM 303, the magnetic disk 305, and the optical disk 307 illustrated in FIG. The function is realized by causing the CPU 401 to execute the program or by the I / F 308. Further, the processing results of the respective functional units (first receiving unit 1201 to second transmitting unit 1206) are stored in a storage device such as the RAM 303, the magnetic disk 305, and the optical disk 307, for example.
 図13は、実施の形態1にかかる暗号鍵DB110の記憶内容の一例を示す説明図である。図13において、暗号鍵DB110は、ゲートウェイID、暗号鍵、およびノード数のフィールドを有し、各フィールドに情報を設定することで、ゲートウェイG1~Gnごとの鍵情報1300-1~1300-nをレコードとして記憶している。 FIG. 13 is an explanatory diagram of an example of the contents stored in the encryption key DB 110 according to the first embodiment. In FIG. 13, the encryption key DB 110 has fields for gateway ID, encryption key, and number of nodes. By setting information in each field, key information 1300-1 to 1300-n for each of the gateways G1 to Gn is obtained. It is memorized as a record.
 ここで、ゲートウェイIDは、ゲートウェイGiの識別子である。暗号鍵は、ゲートウェイGi固有の暗号鍵Kiである。ノード数は、ゲートウェイGiが所属するアドホックネットワークAi内のノード数である。鍵情報1300-1を例に挙げると、ゲートウェイG1固有の暗号鍵K1、ノード数「10」が記憶されている。なお、暗号鍵DB110は、たとえば、RAM303、磁気ディスク305、光ディスク307などの記憶装置により実現される。 Here, the gateway ID is an identifier of the gateway Gi. The encryption key is an encryption key Ki unique to the gateway Gi. The number of nodes is the number of nodes in the ad hoc network Ai to which the gateway Gi belongs. Taking the key information 1300-1 as an example, an encryption key K1 unique to the gateway G1 and the number of nodes “10” are stored. The encryption key DB 110 is realized by a storage device such as the RAM 303, the magnetic disk 305, and the optical disk 307, for example.
 図12に戻り、第1の受信部1201は、サーバに接続された携帯端末MTを介して、データを暗号化する鍵が未設定なノードから、データを暗号化する鍵の取得要求の送信指示情報EIを受信する。具体的には、たとえば、第1の受信部1201は、管理サーバ101に接続された携帯端末MTを介して、新規ノードNxから、GW探索フレームTFの送信指示情報EIを受信する。 Returning to FIG. 12, the first receiving unit 1201 transmits a request for acquiring a key for encrypting data from a node to which the key for encrypting data is not set via the mobile terminal MT connected to the server. Information EI is received. Specifically, for example, the first receiving unit 1201 receives the transmission instruction information EI of the GW search frame TF from the new node Nx via the mobile terminal MT connected to the management server 101.
 生成部1202は、第1の受信部1201によって送信指示情報EIが受信された場合、取得要求を各鍵でそれぞれ暗号化した暗号化取得要求群を生成する。具体的には、たとえば、生成部1202は、送信指示情報EIが受信されると、送信指示情報EIに含まれている携帯端末MTのIDと新規ノードNxのIDとを抽出する。そして、生成部1202は、図9に示したように、抽出された携帯端末MTのIDと新規ノードNxのIDとをペイロード部920とするGW探索フレームTFを生成する。そして、生成部1202は、GW探索フレームTFのペイロード部920を各暗号鍵K1~Knで暗号化することにより、暗号化GW探索フレーム群K(TF)を生成する。 When the transmission instruction information EI is received by the first receiving unit 1201, the generating unit 1202 generates an encrypted acquisition request group obtained by encrypting the acquisition request with each key. Specifically, for example, when the transmission instruction information EI is received, the generation unit 1202 extracts the ID of the mobile terminal MT and the ID of the new node Nx included in the transmission instruction information EI. Then, as illustrated in FIG. 9, the generation unit 1202 generates a GW search frame TF in which the extracted mobile terminal MT ID and new node Nx ID are used as the payload unit 920. Then, the generation unit 1202 generates an encrypted GW search frame group K (TF) by encrypting the payload portion 920 of the GW search frame TF with the encryption keys K1 to Kn.
 第1の送信部1203は、生成部1202によって生成された暗号化取得要求群を、携帯端末MTを介してノードに送信する。具体的には、たとえば、第1の送信部1203は、生成部1202によって生成された暗号化GW探索フレーム群K(TF)を、携帯端末MTを介して新規ノードNxに送信する。 The first transmission unit 1203 transmits the encryption acquisition request group generated by the generation unit 1202 to the node via the mobile terminal MT. Specifically, for example, the first transmission unit 1203 transmits the encrypted GW search frame group K (TF) generated by the generation unit 1202 to the new node Nx via the mobile terminal MT.
 第2の受信部1204は、第1の送信部1203によって送信された暗号化取得要求群が、ノードから複数のアドホックネットワークに同時通報された結果、暗号化取得要求群の中のいずれかの暗号化取得要求が到達した特定のゲートウェイから、特定のゲートウェイ固有の鍵の通知指示情報を受信する。 The second receiving unit 1204 determines that any one of the encryption acquisition request groups transmitted as a result of simultaneous notification of the encryption acquisition request group transmitted by the first transmission unit 1203 from the node to the plurality of ad hoc networks. The notification instruction information of the key unique to the specific gateway is received from the specific gateway to which the acquisition request has arrived.
 具体的には、たとえば、第1の送信部1203によって送信された暗号化GW探索フレーム群K(TF)が、新規ノードNxに受信されると、図1に示したように、暗号化GW探索フレーム群K(TF)のうち、廃棄されなかったGW探索フレームK1(TF),K2(TF)がゲートウェイG1,G2に到達する。これにより、ゲートウェイG1,G2からそれぞれ鍵通知フレームNFiが送信されるため、第2の受信部1204は、その鍵通知フレームNFiを受信する。 Specifically, for example, when the encrypted GW search frame group K (TF) transmitted by the first transmitter 1203 is received by the new node Nx, as shown in FIG. Of the frame group K (TF), the GW search frames K1 (TF) and K2 (TF) that have not been discarded reach the gateways G1 and G2. Accordingly, since the key notification frame NFi is transmitted from each of the gateways G1 and G2, the second reception unit 1204 receives the key notification frame NFi.
 抽出部1205は、第2の受信部1204によって受信された通知指示情報で指定された特定のゲートウェイ固有の鍵を、暗号鍵DB110から抽出する。具体的には、たとえば、抽出部1205は、鍵通知フレームNFiからゲートウェイのIDを抽出する。そして、抽出部1205は、抽出したゲートウェイGiのIDに関連づけられている暗号鍵Kiを、暗号鍵DB110から抽出する。 The extraction unit 1205 extracts a specific gateway-specific key designated by the notification instruction information received by the second reception unit 1204 from the encryption key DB 110. Specifically, for example, the extraction unit 1205 extracts the gateway ID from the key notification frame NFi. Then, the extracting unit 1205 extracts the encryption key Ki associated with the extracted gateway Gi ID from the encryption key DB 110.
 また、鍵通知フレームNFiが複数のゲートウェイから受信された場合、抽出部1205は、抽出したゲートウェイGiのIDに関連づけられているノード数に基づいて、提供対象となる暗号鍵Kiを1つ抽出する。図1に示したように、ゲートウェイG1が所属するアドホックネットワークA1のノード数が10、ゲートウェイG2が所属するアドホックネットワークA2のノード数が4であるため、具体的には、以下のようになる。 When the key notification frame NFi is received from a plurality of gateways, the extraction unit 1205 extracts one encryption key Ki to be provided based on the number of nodes associated with the extracted gateway Gi ID. . As shown in FIG. 1, since the number of nodes of the ad hoc network A1 to which the gateway G1 belongs is 10 and the number of nodes of the ad hoc network A2 to which the gateway G2 belongs is 4, specifically, as follows.
 たとえば、ノード数が多い方のアドホックネットワークのゲートウェイ固有の鍵を提供対象の暗号鍵とする場合、抽出部1205は、暗号鍵DB110から暗号鍵K1を提供対象の暗号鍵として抽出する。これにより、新規ノードNxは、ノード数が多い方のアドホックネットワークに追加されるため、追加後は、通信経路が多くなり、安定した通信をおこなうことができる。 For example, when the gateway-specific key of the ad hoc network having the larger number of nodes is used as the encryption key to be provided, the extraction unit 1205 extracts the encryption key K1 from the encryption key DB 110 as the encryption key to be provided. Thereby, since the new node Nx is added to the ad hoc network having the larger number of nodes, after the addition, the number of communication paths increases and stable communication can be performed.
 また、ノード数が少ない方のアドホックネットワークのゲートウェイ固有の鍵を提供対象の暗号鍵とする場合、抽出部1205は、暗号鍵DB110から暗号鍵K2を提供対象の暗号鍵として抽出する。これにより、新規ノードNxは、ノード数が少ない方のアドホックネットワークに追加されるため、アドホックネットワークA1~A4のノード数の平均化を図ることができる。 Also, when the gateway-specific key of the ad hoc network with the smaller number of nodes is used as the encryption key to be provided, the extraction unit 1205 extracts the encryption key K2 from the encryption key DB 110 as the encryption key to be provided. As a result, the new node Nx is added to the ad hoc network having the smaller number of nodes, so that the number of nodes in the ad hoc networks A1 to A4 can be averaged.
 また、ノード数にかかわらず、抽出部1205は、先着した鍵通知フレームNFiで特定される暗号鍵Kiを提供対象として抽出してもよい。たとえば、鍵通知フレームNFiNF1,NF2のうち鍵通知フレームNF1が先着の場合は、抽出部1205は、暗号鍵K1が提供対象の暗号鍵として抽出することとなる。これにより、鍵設定作業の高速化を図ることができる。 Also, regardless of the number of nodes, the extraction unit 1205 may extract the encryption key Ki specified by the first key notification frame NFi as a provision target. For example, if the key notification frame NF1 is the first of the key notification frames NFiNF1 and NF2, the extraction unit 1205 extracts the encryption key K1 as the encryption key to be provided. Thereby, it is possible to speed up the key setting work.
 第2の送信部1206は、抽出部1205によって抽出された特定のゲートウェイ固有の鍵を、携帯端末MTを介して未設定なノードに送信する。具体的には、たとえば、第2の送信部1206は、抽出された提供対象となる暗号鍵Kiを、携帯端末MTを介して新規ノードNxに送信する。これにより、新規ノードNxに暗号鍵Kiが設定されることとなる。 The second transmission unit 1206 transmits the specific gateway-specific key extracted by the extraction unit 1205 to an unset node via the mobile terminal MT. Specifically, for example, the second transmission unit 1206 transmits the extracted encryption key Ki to be provided to the new node Nx via the mobile terminal MT. As a result, the encryption key Ki is set to the new node Nx.
 また、管理サーバ101は、ネットワークNW2を介して、複数の携帯端末MTと通信可能に接続されている場合がある。この場合、管理サーバ101は、たとえば、鍵通知フレームNFiに含まれるユーザIDから送信先の携帯端末MTを識別することができる。鍵通知フレームNFiの例では、管理サーバ101は、ユーザID『D1』の携帯端末MTに鍵通知フレームNFiを送信する。 Also, the management server 101 may be connected to a plurality of portable terminals MT via the network NW2. In this case, for example, the management server 101 can identify the transmission destination mobile terminal MT from the user ID included in the key notification frame NFi. In the example of the key notification frame NFi, the management server 101 transmits the key notification frame NFi to the mobile terminal MT having the user ID “D1”.
(管理サーバ101と携帯端末MTとの間の通信方式)
 ここで、管理サーバ101と携帯端末MTとの間の通信方式の一実施例について説明する。まず、携帯端末MTからみた管理サーバ101のサーバ認証について説明する。具体的には、たとえば、まず、携帯端末MTが、予め決められたIPアドレスを用いて管理サーバ101に接続する。 (Communication method between the management server 101 and the portable terminal MT)
Here, an embodiment of a communication method between the management server 101 and the mobile terminal MT will be described. First, server authentication of the management server 101 as viewed from the mobile terminal MT will be described. Specifically, for example, first, the mobile terminal MT connects to the management server 101 using a predetermined IP address.
 そして、携帯端末MTが、管理サーバ101からSSLサーバ証明書を受信する。受信されたSSLサーバ証明書は、たとえば、図14に示すように管理サーバ101のIPアドレスと関連づけて携帯端末MTの記憶装置に記憶される。 Then, the mobile terminal MT receives the SSL server certificate from the management server 101. The received SSL server certificate is stored in the storage device of the portable terminal MT in association with the IP address of the management server 101 as shown in FIG.
 図14は、実施の形態1にかかる管理サーバ101の認証情報の一例を示す説明図である。図14において、管理サーバ101の認証情報1400は、IPアドレスおよびSSLサーバ証明書を有する。IPアドレスは、管理サーバ101のIPアドレスである。X.509証明書は、管理サーバ101のSSLサーバ証明書(公開鍵証明書)である。 FIG. 14 is an explanatory diagram of an example of authentication information of the management server 101 according to the first embodiment. In FIG. 14, the authentication information 1400 of the management server 101 has an IP address and an SSL server certificate. The IP address is the IP address of the management server 101. X. The 509 certificate is an SSL server certificate (public key certificate) of the management server 101.
 携帯端末MTは、予め自端末に組み込まれている公開鍵を用いて、SSLサーバ証明書を復号することでサーバ認証を行う。公開鍵は、たとえば、第三者認証機関によって発行されたものである。この公開鍵を用いてSSLサーバ証明書を正しく復号できれば、SSLサーバ証明書が第三者認証機関によって証明された正しい証明書であることがわかり、ひいては管理サーバ101の身元が保証されたことになる。 The mobile terminal MT performs server authentication by decrypting the SSL server certificate using a public key incorporated in the terminal in advance. The public key is issued by, for example, a third-party certification body. If the SSL server certificate can be correctly decrypted using this public key, it can be seen that the SSL server certificate is a correct certificate certified by a third-party certification authority, and that the identity of the management server 101 has been guaranteed. Become.
 つぎに、管理サーバ101からみた携帯端末MTのユーザ認証について説明する。ここでは、図15に示すような携帯端末MTの認証情報1500を用いて、携帯端末MTのユーザ認証を行う場合を例に挙げて説明する。認証情報1500は、たとえば、管理サーバ101のROM302、RAM303、磁気ディスク305、光ディスク307などの記憶装置に記憶されている。 Next, user authentication of the mobile terminal MT viewed from the management server 101 will be described. Here, a case where user authentication of mobile terminal MT is performed using authentication information 1500 of mobile terminal MT as shown in FIG. 15 will be described as an example. The authentication information 1500 is stored in a storage device such as the ROM 302, RAM 303, magnetic disk 305, or optical disk 307 of the management server 101, for example.
 図15は、実施の形態1にかかる携帯端末MTの認証情報の一例を示す説明図である。図15において、携帯端末MTの認証情報1500は、ユーザIDおよびパスワードを有する。ユーザIDは、携帯端末MTの識別子である。パスワードは、携帯端末MTを使用するユーザを認証するためのものである。 FIG. 15 is an explanatory diagram of an example of authentication information of the mobile terminal MT according to the first embodiment. In FIG. 15, the authentication information 1500 of the mobile terminal MT has a user ID and a password. The user ID is an identifier of the mobile terminal MT. The password is for authenticating a user who uses the mobile terminal MT.
 具体的には、たとえば、まず、携帯端末MTが、ユーザIDおよびパスワードのペアを管理サーバ101に送信する。このユーザIDおよびパスワードは、携帯端末MTの記憶装置に予め登録されていてもよく、また、携帯端末MTの入力装置(不図示)を用いたユーザの操作入力により受け付けてもよい。 Specifically, for example, first, the mobile terminal MT transmits a user ID and password pair to the management server 101. The user ID and password may be registered in advance in the storage device of the mobile terminal MT, or may be received by a user operation input using an input device (not shown) of the mobile terminal MT.
 このあと、管理サーバ101は、携帯端末MTからのユーザIDおよびパスワードのペアを、認証情報1500のユーザIDおよびパスワードのペアと一致判定する。ここで、認証情報1500のユーザIDおよびパスワードと一致すれば、携帯端末MTのユーザの身元が保証されたことになる。 Thereafter, the management server 101 determines that the user ID and password pair from the mobile terminal MT matches the user ID and password pair of the authentication information 1500. Here, if the user ID and password of the authentication information 1500 match, the identity of the user of the mobile terminal MT is guaranteed.
 なお、認証後において、携帯端末MTは、たとえば、管理サーバ101のSSLサーバ証明書に含まれる公開鍵を用いてパケットを暗号化して管理サーバ101との通信を行う。これにより、管理サーバ101と携帯端末MTとの間でセキュアな通信を行うことができる。 Note that after authentication, the mobile terminal MT communicates with the management server 101 by encrypting the packet using, for example, a public key included in the SSL server certificate of the management server 101. Thereby, secure communication can be performed between the management server 101 and the portable terminal MT.
(ノードNの鍵設定処理手順)
 図16は、実施の形態1にかかるノードNの鍵設定処理手順の一例を示すフローチャートである。図16のフローチャートにおいて、まず、ノードNは、検知部701により、管理サーバ101と通信可能な携帯端末MTとの接続を検知したか否かを判断する(ステップS1601)。 (Key setting processing procedure of node N)
FIG. 16 is a flowchart of an example of a key setting process procedure of the node N according to the first embodiment. In the flowchart of FIG. 16, first, the node N determines whether or not the detection unit 701 has detected a connection with the mobile terminal MT that can communicate with the management server 101 (step S1601).
 ここで、ノードNは、携帯端末MTとの接続を検知するのを待って(ステップS1601:No)、検知した場合(ステップS1601:Yes)、ノードNは、第1の送信部702により、送信指示情報EIを、携帯端末MTを介して管理サーバ101に送信する(ステップS1602)。 Here, the node N waits to detect the connection with the portable terminal MT (step S1601: No), and if detected (step S1601: Yes), the node N is transmitted by the first transmission unit 702. The instruction information EI is transmitted to the management server 101 via the mobile terminal MT (step S1602).
 つぎに、ノードNは、第1の受信部703により、暗号化GW探索フレーム群K(TF)の受信を待ち受ける(ステップS1603:No)。そして、ノードNは、送信指示情報EIを送信してから所定期間が経過したか否かを判断する(ステップS1604)。所定期間経過していない場合(ステップS1604:No)、ステップS1603に戻る。一方、所定期間経過した場合(ステップS1604:Yes)、暗号鍵Kiが設定できないこととなり、一連の処理を終了する。 Next, the node N waits for reception of the encrypted GW search frame group K (TF) by the first receiving unit 703 (step S1603: No). Then, the node N determines whether or not a predetermined period has elapsed since the transmission instruction information EI was transmitted (step S1604). If the predetermined period has not elapsed (step S1604: NO), the process returns to step S1603. On the other hand, if the predetermined period has elapsed (step S1604: YES), the encryption key Ki cannot be set, and the series of processing ends.
 また、ステップS1603において、暗号化GW探索フレーム群K(TF)が受信された場合(ステップS1603:Yes)、ノードNは、第2の送信部704により、受信された暗号化GW探索フレーム群K(TF)をブロードキャストする(ステップS1605)。このあと、ノードNは、第2の受信部705により、携帯端末MTを介して暗号鍵Kiを受信するのを待ち受ける(ステップS1606:No)。 When the encrypted GW search frame group K (TF) is received in step S1603 (step S1603: Yes), the node N receives the encrypted GW search frame group K received by the second transmission unit 704. Broadcast (TF) (step S1605). Thereafter, the node N waits for the second receiving unit 705 to receive the encryption key Ki via the portable terminal MT (step S1606: No).
 そして、ノードNは、暗号化GW探索フレーム群K(TF)をブロードキャストしてから所定期間が経過したか否かを判断する(ステップS1607)。所定期間経過していない場合(ステップS1607:No)、ステップS1606に戻る。一方、所定期間経過した場合(ステップS1607:Yes)、暗号鍵Kiが設定できないこととなり、一連の処理を終了する。 Then, the node N determines whether or not a predetermined period has elapsed after broadcasting the encrypted GW search frame group K (TF) (step S1607). If the predetermined period has not elapsed (step S1607: NO), the process returns to step S1606. On the other hand, if the predetermined period has elapsed (step S1607: YES), the encryption key Ki cannot be set, and the series of processing ends.
 また、ステップS1606において、暗号鍵Kiを受信した場合(ステップS1606:Yes)、ノードNは、設定部706により、受信した暗号鍵Kiを、データを暗号化する鍵に設定する(ステップS1608)。 In step S1606, when the encryption key Ki is received (step S1606: Yes), the node N sets the received encryption key Ki as a key for encrypting data by the setting unit 706 (step S1608).
 これにより、アドホックネットワークAi内のノード間で送受信されるパケットを暗号化するためのゲートウェイGi固有の暗号鍵Kiを、携帯端末MTを利用して一時的に確立された通信路を介して管理サーバ101から取得して設定することができる。 As a result, the encryption key Ki unique to the gateway Gi for encrypting packets transmitted and received between nodes in the ad hoc network Ai is managed via the communication path temporarily established using the mobile terminal MT. 101 can be obtained and set.
(ゲートウェイGiの鍵通知処理手順)
 図17は、実施の形態1にかかるゲートウェイの鍵通知処理手順の一例を示すフローチャートである。図17のフローチャートにおいて、まず、ゲートウェイGiは、GW受信部1001により、アドホックネットワークAiを介して、ノードNからブロードキャストされたGW探索フレームを受信したか否かを判断する(ステップS1701)。 (Key notification procedure for gateway Gi)
FIG. 17 is a flowchart of an example of a key notification processing procedure of the gateway according to the first embodiment. In the flowchart of FIG. 17, first, the gateway Gi determines whether or not the GW receiving unit 1001 has received a GW search frame broadcast from the node N via the ad hoc network Ai (step S1701).
 ここで、暗号化GW探索フレームKi(TF)を受信するのを待って(ステップS1701:No)、受信した場合(ステップS1701:Yes)、ゲートウェイGiは、作成部1002により、ゲートウェイGi固有の暗号鍵Kiの通知要求を表す鍵通知フレームNFiを作成する(ステップS1702)。 Here, the gateway Gi waits for the reception of the encrypted GW search frame Ki (TF) (step S1701: No), and if it is received (step S1701: Yes), the gateway Gi uses the creation unit 1002 to encrypt the gateway Gi. A key notification frame NFi indicating a notification request for the key Ki is created (step S1702).
 そして、ゲートウェイGiは、GW送信部1003により、ネットワークNW1を介して、作成された鍵通知フレームNFiを管理サーバ101に送信して(ステップS1703)、本フローチャートによる一連の処理を終了する。 Then, the gateway Gi uses the GW transmission unit 1003 to transmit the created key notification frame NFi to the management server 101 via the network NW1 (step S1703), and ends a series of processes according to this flowchart.
 これにより、アドホックネットワークAi内のノードNからのGW探索フレームに応じて、ゲートウェイGi固有の暗号鍵Kiの通知要求を表す鍵通知フレームNFiを管理サーバ101に送信することができる。 Thereby, the key notification frame NFi representing the notification request of the encryption key Ki unique to the gateway Gi can be transmitted to the management server 101 in accordance with the GW search frame from the node N in the ad hoc network Ai.
(管理サーバ101の鍵提供処理手順)
 図18は、実施の形態1にかかる管理サーバ101の鍵提供処理手順の一例を示すフローチャートである。図18のフローチャートにおいて、まず、管理サーバ101は、第1の受信部1201により、新規ノードNxから携帯端末MTを介して、送信指示情報EIの受信を待ち受ける(ステップS1801:No)。送信指示情報EIを受信した場合(ステップS1801:Yes)、管理サーバ101は、送信指示情報EIを解析する(ステップS1802)。具体的には、管理サーバ101は、送信指示情報EIから携帯端末MTのIDと新規ノードNxのIDとを抽出する。 (Key providing procedure of management server 101)
FIG. 18 is a flowchart of an example of a key provision processing procedure of the management server 101 according to the first embodiment. In the flowchart of FIG. 18, the management server 101 first waits for the reception of the transmission instruction information EI from the new node Nx via the mobile terminal MT by the first receiving unit 1201 (step S1801: No). When the transmission instruction information EI is received (step S1801: Yes), the management server 101 analyzes the transmission instruction information EI (step S1802). Specifically, the management server 101 extracts the ID of the portable terminal MT and the ID of the new node Nx from the transmission instruction information EI.
 そして、管理サーバ101は、生成部1202により、抽出した携帯端末MTのIDおよび新規ノードNxのIDを含むGW探索フレームTFを生成する。さらに、管理サーバ101は、生成部1202により、暗号鍵K1~KnでそれぞれGW探索フレームTFを暗号化して、暗号化GW探索フレーム群K(TF)を生成する(ステップS1803)。 Then, the management server 101 uses the generation unit 1202 to generate a GW search frame TF including the extracted ID of the mobile terminal MT and the ID of the new node Nx. Furthermore, the management server 101 encrypts the GW search frame TF with the encryption keys K1 to Kn using the generation unit 1202, and generates an encrypted GW search frame group K (TF) (step S1803).
 そして、管理サーバ101は、第1の送信部1203により、暗号化GW探索フレーム群K(TF)を、携帯端末MTを介して新規ノードNxに送信する(ステップS1804)。このあと、管理サーバ101は、第2の受信部1204により、ゲートウェイG1~Gnから鍵通知フレームNFiを受信するのを待ち受ける(ステップS1805:No)。そして、管理サーバ101は、暗号化GW探索フレーム群K(TF)を送信してから所定期間が経過したか否かを判断する(ステップS1806)。所定期間経過していない場合(ステップS1806:No)、ステップS1805に戻る。一方、所定期間経過した場合(ステップS1806:Yes)、暗号鍵Kiが提供できないこととなり、一連の処理を終了する。 Then, the management server 101 transmits the encrypted GW search frame group K (TF) to the new node Nx via the mobile terminal MT by using the first transmission unit 1203 (step S1804). Thereafter, the management server 101 waits for the second receiving unit 1204 to receive the key notification frame NFi from the gateways G1 to Gn (step S1805: No). Then, the management server 101 determines whether or not a predetermined period has elapsed after transmitting the encrypted GW search frame group K (TF) (step S1806). If the predetermined period has not elapsed (step S1806: NO), the process returns to step S1805. On the other hand, if the predetermined period has elapsed (step S1806: YES), the encryption key Ki cannot be provided, and the series of processing ends.
 また、ステップS1805において、鍵通知フレームNFiが受信された場合(ステップS1805:Yes)、管理サーバ101は、鍵通知フレームNFiが所定期間内に複数受信されたか否かを判断する(ステップS1807)。単数の場合(ステップS1807:No)、管理サーバ101は、抽出部1205により、鍵通知フレームNFiで特定されるゲートウェイGi固有の暗号鍵Kiを暗号鍵DB110から抽出する(ステップS1808)。 In step S1805, when the key notification frame NFi is received (step S1805: Yes), the management server 101 determines whether a plurality of key notification frames NFi are received within a predetermined period (step S1807). If the number is singular (step S1807: No), the management server 101 uses the extraction unit 1205 to extract the encryption key Ki unique to the gateway Gi specified by the key notification frame NFi from the encryption key DB 110 (step S1808).
 一方、複数の場合(ステップS1807:Yes)、管理サーバ101は、抽出部1205により、ノード数の多さ/少なさに基づいて、提供対象となる暗号鍵Kiを抽出する(ステップS1809)。管理サーバ101は、暗号鍵Kiを抽出した場合、第2の送信部1206により、抽出した暗号鍵Kiを、携帯端末MTを介して新規ノードNxに送信する(ステップS1810)。これにより、暗号鍵Kiを提供できたこととなり、一連の処理を終了する。 On the other hand, in the case where there are a plurality of nodes (step S1807: Yes), the management server 101 extracts the encryption key Ki to be provided based on the number of nodes / the number of nodes by the extraction unit 1205 (step S1809). When the management server 101 extracts the encryption key Ki, the second transmission unit 1206 transmits the extracted encryption key Ki to the new node Nx via the mobile terminal MT (step S1810). As a result, the encryption key Ki can be provided, and the series of processing ends.
 このように、本実施の形態1によれば、アドホックネットワーク内のノードに対する暗号鍵の設定作業にかかる作業員の作業負担の軽減化および作業時間の短縮化を図ることができる。 As described above, according to the first embodiment, it is possible to reduce the workload of workers involved in setting the encryption key for the nodes in the ad hoc network and to shorten the work time.
 また、新規ノードNxからは暗号化GW探索フレーム群K(TF)がブロードキャストされるため、新規ノードNxの通信圏外のアドホックネットワークAiには送信されない。また、新規ノードNxの通信圏内のアドホックネットワークAiに送信されても、1ホップ先で受信した近隣ノードでは、当該近隣ノードが保持する暗号鍵Kiで暗号化された暗号化GW探索フレームKi(TF)だけがアドホックネットワーク内でアップロードされ、残余については廃棄される。 Also, since the encrypted GW search frame group K (TF) is broadcast from the new node Nx, it is not transmitted to the ad hoc network Ai outside the communication range of the new node Nx. In addition, even if transmitted to the ad hoc network Ai within the communication area of the new node Nx, the neighboring node received one hop away, the encrypted GW search frame Ki (TF) encrypted with the encryption key Ki held by the neighboring node Only) are uploaded within the ad hoc network and the rest are discarded.
 したがって、アドホックネットワークAi内では、GW探索フレームTFだけを特別扱いして転送を許可する必要がない。したがって、暗号化されていないパケットは、アドホックネットワークAi内では廃棄されるため、暗号鍵Kiで暗号化されていないパケットによるDoS攻撃を防止することができる。 Therefore, in the ad hoc network Ai, it is not necessary to allow only the GW search frame TF to be transferred specially. Therefore, since the unencrypted packet is discarded in the ad hoc network Ai, it is possible to prevent a DoS attack by a packet not encrypted with the encryption key Ki.
 また、ノード数の多さにより提供対象の暗号鍵Kiを抽出することにより、新規ノードNxに暗号鍵Kiが設定された後において、新規ノードNxは、ノード数が多いアドホックネットワークAiに参加することができる。したがって、新規ノードNxの暗号化通信の通信経路が多くなるため、アドホックネットワークAi内での暗号化通信の安定性を図ることができる。 In addition, by extracting the encryption key Ki to be provided based on the number of nodes, the new node Nx can participate in the ad hoc network Ai having a large number of nodes after the encryption key Ki is set for the new node Nx. Can do. Therefore, since the communication path of the encrypted communication of the new node Nx increases, the stability of the encrypted communication within the ad hoc network Ai can be achieved.
 また、ノード数の少なさにより提供対象となる暗号鍵Kiを抽出することにより、新規ノードNxが導入されたアドホックネットワークのノード数が増加する。したがって、アドホックネットワークA1~An間のノード数のばらつきを抑制することができる。このように、ノード数の平均化を図ることで、ノード数が多いアドホックネットワークでは、通信負荷が増大するといった通信負荷のばらつきを低下させることができ、複数のアドホックネットワーク全体での通信の安定性の向上を図ることができる。 Also, by extracting the encryption key Ki to be provided due to the small number of nodes, the number of nodes in the ad hoc network in which the new node Nx is introduced increases. Therefore, variations in the number of nodes between the ad hoc networks A1 to An can be suppressed. In this way, by averaging the number of nodes, in an ad hoc network with a large number of nodes, communication load variation such as an increase in communication load can be reduced, and communication stability across multiple ad hoc networks can be reduced. Can be improved.
(実施の形態2)
 つぎに、実施の形態2について説明する。実施の形態1では、暗号鍵DB110には、ゲートウェイGiごとにゲートウェイG1~Gn固有の暗号鍵K1~Knを記憶しているが、実施の形態2では、さらに、ゲートウェイG1~Gnの位置情報も記憶しておく。これにより、新規ノードNxの近隣ゲートウェイを特定することができるため、GW探索フレームTFを暗号化する暗号鍵Kiを、近隣ゲートウェイ固有の暗号鍵に絞り込む。これにより、新規ノードNxを、近隣ゲートウェイが所属するアドホックネットワークに所属させることができる。これにより、新規ノードNxを導入する都度、ノードの密集度が高くなり、効率的な暗号化通信をおこなうことができる。 (Embodiment 2)
Next, a second embodiment will be described. In the first embodiment, the encryption key DB 110 stores the encryption keys K1 to Kn specific to the gateways G1 to Gn for each gateway Gi. However, in the second embodiment, the location information of the gateways G1 to Gn is also stored. Remember. Thereby, since the neighboring gateway of the new node Nx can be specified, the encryption key Ki for encrypting the GW search frame TF is narrowed down to the encryption key unique to the neighboring gateway. Thereby, the new node Nx can belong to the ad hoc network to which the neighboring gateway belongs. As a result, each time a new node Nx is introduced, the density of nodes increases, and efficient encrypted communication can be performed.
 また、近隣ゲートウェイ固有の暗号鍵だけでGW探索フレームTFを暗号化すればよいため、暗号化GW探索フレーム群K(TF)の生成の高速化を図ることができる。また、暗号化GW探索フレーム群K(TF)内のフレーム数を少なくすることで、新規ノードNxからブロードキャストされた場合、近隣ノードが廃棄するフレーム数も低減される。したがって、近隣ノードの処理負荷の低減化を図ることができる。 Also, since the GW search frame TF has only to be encrypted with the encryption key unique to the neighboring gateway, the generation of the encrypted GW search frame group K (TF) can be speeded up. Also, by reducing the number of frames in the encrypted GW search frame group K (TF), the number of frames discarded by neighboring nodes when broadcast from a new node Nx is reduced. Therefore, it is possible to reduce the processing load on the neighboring nodes.
 以下、実施の形態2について説明するが、以下の説明では、実施の形態1と異なる内容について説明し、特に断りがない限り、それ以外は実施の形態1と同一構成、同一処理とする。 Hereinafter, the second embodiment will be described. In the following description, the contents different from the first embodiment will be described, and unless otherwise specified, the other configurations are the same as those of the first embodiment and the same processing.
<アップロード型による新規ノードNxへの暗号鍵の設定例>
 図19は、実施の形態2にかかるアップロード型による新規ノードNxへの暗号鍵の設定例を示す説明図である。図19のネットワークシステム100では、管理サーバ101において、ゲートウェイG1~G4の位置情報P1~P4が暗号鍵DB110に記憶されている。また、(2)で送信される送信指示情報EIに、携帯端末MTの位置情報が含まれる。また、(3)では、送信指示情報EIに含まれる携帯端末MTの位置情報と所定距離以内の位置情報となる近隣ゲートウェイを特定し、近隣ゲートウェイ固有の暗号鍵でそれぞれ暗号化された暗号化GW探索フレーム群K(TF)が生成される。図19では、具体的には、暗号鍵K1,K2で暗号化された暗号化GW探索フレームK1(TF),K2(TF)が暗号化GW探索フレーム群K(TF)となる。 <Example of setting encryption key to new node Nx by upload type>
FIG. 19 is an explanatory diagram of an example of setting an encryption key for the new node Nx according to the upload type according to the second embodiment. In the network system 100 of FIG. 19, the management server 101 stores the location information P1 to P4 of the gateways G1 to G4 in the encryption key DB 110. Further, the position information of the mobile terminal MT is included in the transmission instruction information EI transmitted in (2). Also, in (3), the location information of the mobile terminal MT included in the transmission instruction information EI and the neighboring gateway that becomes the location information within a predetermined distance are specified, and the encrypted GW encrypted with the encryption key unique to the neighborhood gateway. A search frame group K (TF) is generated. In FIG. 19, specifically, the encrypted GW search frames K1 (TF) and K2 (TF) encrypted with the encryption keys K1 and K2 become the encrypted GW search frame group K (TF).
 また、(6)では、新規ノードNxは暗号化GW探索フレーム群K(TF)をブロードキャストするが、暗号化GW探索フレーム群K(TF)は、暗号化GW探索フレームK1(TF),K2(TF)だけなので、(7-1)では、暗号化GW探索フレームK2(TF)が廃棄される。同様に、(7-2)では、暗号化GW探索フレームK1(TF)が廃棄されることとなる。 In (6), the new node Nx broadcasts the encrypted GW search frame group K (TF), but the encrypted GW search frame group K (TF) is encrypted GW search frames K1 (TF), K2 ( Therefore, in (7-1), the encrypted GW search frame K2 (TF) is discarded. Similarly, in (7-2), the encrypted GW search frame K1 (TF) is discarded.
 図20は、実施の形態2にかかる新規ノードNxの導入時におけるネットワークシステム100の動作例を示すシーケンス図である。図20では、図6において、(23)が追加された処理となる。すなわち、(23)では、送信指示情報EIに含まれている携帯端末MTの位置情報から所定距離以内(たとえば、半径10[km])となる位置情報のゲートウェイGi(近隣ゲートウェイ)を、暗号鍵DB110に記憶されている位置情報から特定する。携帯端末MTやゲートウェイの位置情報は、たとえば、緯度経度などで表現される座標値であるため、2点間距離を算出することで、所定距離以内であるか特定される。 FIG. 20 is a sequence diagram illustrating an operation example of the network system 100 when the new node Nx according to the second embodiment is introduced. In FIG. 20, (23) is added in FIG. That is, in (23), the gateway Gi (neighboring gateway) of the position information that is within a predetermined distance (for example, radius 10 [km]) from the position information of the mobile terminal MT included in the transmission instruction information EI is set to the encryption key. It identifies from the positional information memorize | stored in DB110. Since the position information of the portable terminal MT and the gateway is a coordinate value expressed by, for example, latitude and longitude, the distance between the two points is calculated to specify whether the distance is within a predetermined distance.
 図21は、実施の形態2にかかる送信指示情報EIのデータ構造例を示す説明図である。図21では、図8においてさらに、携帯端末MTの位置情報が付加されている。携帯端末MTは、たとえば、内蔵のGPSにより位置情報を特定することができるため、送信指示情報EIに、携帯端末MTの位置情報を付加することができる。 FIG. 21 is an explanatory diagram of a data structure example of the transmission instruction information EI according to the second embodiment. In FIG. 21, the position information of the mobile terminal MT is further added in FIG. For example, since the mobile terminal MT can specify the position information by the built-in GPS, the position information of the mobile terminal MT can be added to the transmission instruction information EI.
 図22は、実施の形態2にかかる暗号鍵DB110の記憶内容の一例を示す説明図である。図22では、図13において、さらに、位置情報のフィールドを有している。位置情報のフィールドには、ゲートウェイの位置情報が記憶されている。たとえば、各ゲートウェイG1~Gnの位置情報P1~Pnは、各ゲートウェイG1~Gnから暗号鍵K1~Knとともに送信されて、暗号鍵DB110に記憶される。 FIG. 22 is an explanatory diagram of an example of the contents stored in the encryption key DB 110 according to the second embodiment. FIG. 22 further includes a position information field in FIG. The location information field stores gateway location information. For example, the position information P1 to Pn of the gateways G1 to Gn is transmitted from the gateways G1 to Gn together with the encryption keys K1 to Kn and stored in the encryption key DB 110.
(管理サーバ101の機能的構成)
 図23は、実施の形態2にかかる管理サーバ101の機能的構成を示すブロック図である。図23は、図12において、特定部1207が追加された構成である。特定部1207は、具体的には、たとえば、図3に示したROM302、RAM303、磁気ディスク305、光ディスク307などの記憶装置に記憶されたプログラムをCPU301に実行させることにより、または、I/F308により、その機能を実現する。また、特定部1207の処理結果は、たとえば、RAM303、磁気ディスク305、光ディスク307などの記憶装置に記憶される。 (Functional configuration of the management server 101)
FIG. 23 is a block diagram of a functional configuration of the management server 101 according to the second embodiment. FIG. 23 shows a configuration in which a specifying unit 1207 is added to FIG. Specifically, for example, the specifying unit 1207 causes the CPU 301 to execute a program stored in a storage device such as the ROM 302, the RAM 303, the magnetic disk 305, and the optical disk 307 illustrated in FIG. Realize its function. The processing result of the specifying unit 1207 is stored in a storage device such as the RAM 303, the magnetic disk 305, and the optical disk 307, for example.
 特定部1207は、第1の受信部1201によって送信指示情報EIが受信され、かつ、送信指示情報EIにノードNの位置情報が含まれている場合、ノードNの位置情報と各ゲートウェイの位置情報とに基づいて、ノードNの近隣ゲートウェイを特定する。具体的には、たとえば、携帯端末MTやゲートウェイの位置情報は、緯度経度などで表現される座標値であるため、特定部1207は、2点間距離を算出することで、所定距離以内であるか判断することで、所定距離以内のゲートウェイを近隣ゲートウェイとして特定する。 When the transmission instruction information EI is received by the first reception unit 1201 and the position information of the node N is included in the transmission instruction information EI, the specifying unit 1207 includes the position information of the node N and the position information of each gateway. Based on the above, the neighboring gateway of the node N is specified. Specifically, for example, since the position information of the mobile terminal MT and the gateway is a coordinate value expressed by latitude and longitude, the specifying unit 1207 is within a predetermined distance by calculating the distance between two points. By determining whether or not, a gateway within a predetermined distance is specified as a neighboring gateway.
(管理サーバ101の鍵提供処理手順)
 図24は、実施の形態2にかかる管理サーバ101の鍵提供処理手順の一例を示すフローチャートである。図24のフローチャートにおいて、まず、管理サーバ101は、第1の受信部1201により、新規ノードNxから携帯端末MTを介して、送信指示情報EIの受信を待ち受ける(ステップS2401:No)。送信指示情報EIを受信した場合(ステップS2401:Yes)、管理サーバ101は、送信指示情報EIを解析する(ステップS2402)。具体的には、管理サーバ101は、送信指示情報EIから携帯端末MTのIDと新規ノードNxのIDとを抽出する。 (Key providing procedure of management server 101)
FIG. 24 is a flowchart of an example of a key provision processing procedure of the management server 101 according to the second embodiment. In the flowchart of FIG. 24, first, the management server 101 waits for the reception of the transmission instruction information EI from the new node Nx via the mobile terminal MT by the first receiving unit 1201 (step S2401: No). When the transmission instruction information EI is received (step S2401: Yes), the management server 101 analyzes the transmission instruction information EI (step S2402). Specifically, the management server 101 extracts the ID of the portable terminal MT and the ID of the new node Nx from the transmission instruction information EI.
 つぎに、管理サーバ101は、特定部1207により、携帯端末MTの近隣ゲートウェイを特定する(ステップS2403)。そして、管理サーバ101は、生成部1202により、抽出した携帯端末MTのIDおよび新規ノードNxのIDを含むGW探索フレームTFを生成する。さらに、管理サーバ101は、生成部1202により、近隣ゲートウェイGiの暗号鍵KiでそれぞれGW探索フレームTFを暗号化して、暗号化GW探索フレーム群K(TF)を生成する(ステップS2404)。 Next, the management server 101 uses the specifying unit 1207 to specify the neighboring gateway of the mobile terminal MT (step S2403). Then, the management server 101 uses the generation unit 1202 to generate a GW search frame TF including the extracted ID of the mobile terminal MT and the ID of the new node Nx. Furthermore, the management server 101 encrypts the GW search frame TF with the encryption key Ki of the neighboring gateway Gi by using the generation unit 1202, and generates the encrypted GW search frame group K (TF) (step S2404).
 そして、管理サーバ101は、第1の送信部1203により、暗号化GW探索フレーム群K(TF)を、携帯端末MTを介して新規ノードNxに送信する(ステップS2405)。このあと、管理サーバ101は、第2の受信部1204により、近隣ゲートウェイGiから鍵通知フレームNFiを受信するのを待ち受ける(ステップS2406:No)。 Then, the management server 101 transmits the encrypted GW search frame group K (TF) to the new node Nx via the mobile terminal MT by using the first transmission unit 1203 (step S2405). Thereafter, the management server 101 waits for the second reception unit 1204 to receive the key notification frame NFi from the neighboring gateway Gi (step S2406: No).
 そして、管理サーバ101は、暗号化GW探索フレーム群K(TF)を送信してから所定期間が経過したか否かを判断する(ステップS2407)。所定期間経過していない場合(ステップS2407:No)、ステップS2406に戻る。一方、所定期間経過した場合(ステップS2407:Yes)、暗号鍵Kiが提供できないこととなり、一連の処理を終了する。 Then, the management server 101 determines whether or not a predetermined period has elapsed after transmitting the encrypted GW search frame group K (TF) (step S2407). If the predetermined period has not elapsed (step S2407: NO), the process returns to step S2406. On the other hand, if the predetermined period has elapsed (step S2407: Yes), the encryption key Ki cannot be provided, and the series of processing ends.
 また、ステップS2406において、鍵通知フレームNFiが受信された場合(ステップS2406:Yes)、管理サーバ101は、鍵通知フレームNFiが所定期間内に複数受信されたか否かを判断する(ステップS2408)。単数の場合(ステップS2408:No)、管理サーバ101は、抽出部1205により、鍵通知フレームNFiで特定されるゲートウェイGi固有の暗号鍵Kiを暗号鍵DB110から抽出する(ステップS2409)。 In step S2406, when the key notification frame NFi is received (step S2406: Yes), the management server 101 determines whether or not a plurality of key notification frames NFi are received within a predetermined period (step S2408). If the number is singular (step S2408: No), the management server 101 uses the extraction unit 1205 to extract the encryption key Ki unique to the gateway Gi specified by the key notification frame NFi from the encryption key DB 110 (step S2409).
 一方、複数の場合(ステップS2408:Yes)、管理サーバ101は、抽出部1205により、ノード数の多さ/少なさに基づいて、提供対象となる暗号鍵Kiを抽出する(ステップS2410)。管理サーバ101は、暗号鍵Kiを抽出した場合、第2の送信部1206により、抽出した暗号鍵Kiを、携帯端末MTを介して新規ノードNxに送信する(ステップS2411)。これにより、暗号鍵Kiを提供できたこととなり、一連の処理を終了する。 On the other hand, if there are a plurality of nodes (step S2408: Yes), the management server 101 extracts the encryption key Ki to be provided based on the number of nodes / the number of nodes using the extraction unit 1205 (step S2410). When the management server 101 extracts the encryption key Ki, the second transmission unit 1206 transmits the extracted encryption key Ki to the new node Nx via the mobile terminal MT (step S2411). As a result, the encryption key Ki can be provided, and the series of processing ends.
 このように、実施の形態2によれば、近隣ゲートウェイ固有の暗号鍵だけでGW探索フレームTFを暗号化すればよいため、暗号化GW探索フレーム群K(TF)の生成の高速化を図ることができる。また、暗号化GW探索フレーム群K(TF)内のフレーム数を少なくすることで、新規ノードNxからブロードキャストされた場合、近隣ノードが廃棄するフレーム数も低減される。したがって、近隣ノードの処理負荷の低減化を図ることができる。また、新規ノードNxを、近隣ゲートウェイが所属するアドホックネットワークに所属させることができる。これにより、新規ノードNxを導入する都度、ノードの密集度が高くなり、効率的な暗号化通信をおこなうことができる。 As described above, according to the second embodiment, the GW search frame TF only needs to be encrypted using only the encryption key unique to the neighboring gateway, so that the generation of the encrypted GW search frame group K (TF) can be accelerated. Can do. Also, by reducing the number of frames in the encrypted GW search frame group K (TF), the number of frames discarded by neighboring nodes when broadcast from a new node Nx is reduced. Therefore, it is possible to reduce the processing load on the neighboring nodes. Further, the new node Nx can belong to the ad hoc network to which the neighboring gateway belongs. As a result, each time a new node Nx is introduced, the density of nodes increases, and efficient encrypted communication can be performed.
 以上説明したように、本実施の形態によれば、新規ノードNxの近隣ノードが、暗号化されていないパケットを廃棄するという性質を利用することで、暗号化GW探索フレーム群K(TF)をアップロードすることで、近隣ノードの暗号鍵Kiで復号できる暗号化GW探索フレームKi(TF)をゲートウェイGiに到達させ、残余のフレームを廃棄することができる。このように、GW探索フレームであっても例外を認めることなく暗号化されていないデータを廃棄できるため、不正なパケットによる攻撃を受けにくくなり、アドホックネットワークAiの安全性の向上を図ることができる。 As described above, according to the present embodiment, the encrypted GW search frame group K (TF) is obtained by utilizing the property that the neighboring node of the new node Nx discards an unencrypted packet. By uploading, the encrypted GW search frame Ki (TF) that can be decrypted with the encryption key Ki of the neighboring node can reach the gateway Gi, and the remaining frames can be discarded. In this way, even if it is a GW search frame, unencrypted data can be discarded without allowing an exception, so that it is difficult to be attacked by unauthorized packets, and the safety of the ad hoc network Ai can be improved. .
 また、ノードNの鍵設定時に、ノードNに設定すべき暗号鍵Kiを容易に取得することができ、ノードNが用いる暗号鍵Kiの設定作業の効率化を図ることができる。具体的には、たとえば、ノードNの初期導入時などにおいて、作業員OPが地理的に絞り込まれた候補となるゲートウェイとノードNとの通信状況をしらみつぶしに確認するなどの作業が不要となり、ノードNに対する暗号鍵Kiの設定作業の効率化を図ることができる。また、確認作業のために候補となる各ゲートウェイの暗号鍵を携帯端末MTなどに記録しておく必要がないため、持ち運びの際の情報漏洩のリスクを低減させることができる。このように、アドホックネットワーク内のノードに対する暗号鍵の設定作業にかかる作業員の作業負担の軽減化および作業時間の短縮化を図ることができる。 In addition, when setting the key of the node N, the encryption key Ki to be set to the node N can be easily acquired, and the efficiency of setting work of the encryption key Ki used by the node N can be improved. Specifically, for example, at the time of initial introduction of the node N, work such as checking the communication status between the gateway and the node N, which is a candidate for which the worker OP is narrowed down geographically, is unnecessary, The efficiency of setting the encryption key Ki for the node N can be improved. Moreover, since it is not necessary to record the encryption key of each gateway used as a candidate for confirmation work in the portable terminal MT etc., the risk of information leakage at the time of carrying can be reduced. As described above, it is possible to reduce the work burden on the worker and to shorten the work time for setting the encryption key for the node in the ad hoc network.
 なお、本実施の形態で説明した鍵設定方法は、予め用意されたプログラムをパーソナル・コンピュータやワークステーション等のコンピュータで実行することにより実現することができる。本鍵設定プログラムは、ハードディスク、フレキシブルディスク、CD-ROM、MO、DVD等のコンピュータで読み取り可能な記録媒体に記録され、コンピュータによって記録媒体から読み出されることによって実行される。また本鍵設定プログラムは、インターネット等のネットワークを介して配布してもよい。 The key setting method described in the present embodiment can be realized by executing a program prepared in advance on a computer such as a personal computer or a workstation. The key setting program is recorded on a computer-readable recording medium such as a hard disk, a flexible disk, a CD-ROM, an MO, and a DVD, and is executed by being read from the recording medium by the computer. The key setting program may be distributed through a network such as the Internet.
100 ネットワークシステム
101 管理サーバ
701 検知部
702 第1の送信部(ノード側)
703 第1の受信部(ノード側)
704 第2の送信部(ノード側)
705 第2の受信部(ノード側)
706 設定部
1201 第1の受信部(サーバ側)
1202 生成部
1203 第1の受信部(サーバ側)
1204 第2の受信部(サーバ側)
1205 抽出部
1206 第2の送信部(サーバ側)
1207 特定部
MT 携帯端末
Nx 新規ノード 100 network system 101 management server 701 detection unit 702 first transmission unit (node side)
703 First receiver (node side)
704 Second transmitter (node side)
705 Second receiver (node side)
706 Setting unit 1201 First receiving unit (server side)
1202 Generation unit 1203 First reception unit (server side)
1204 2nd receiving part (server side)
1205 Extraction unit 1206 Second transmission unit (server side)
1207 specific part MT portable terminal Nx new node

Claims (15)

  1.  複数のアドホックネットワークのいずれのアドホックネットワーク内の、ゲートウェイ固有の鍵が未設定なノードにおける鍵設定方法であって、
     前記複数のアドホックネットワークの各アドホックネットワーク内の各ゲートウェイと接続されたサーバと通信可能な携帯端末との接続を検知する検知工程と、
     前記検知工程によって前記携帯端末との接続が検知された場合、データを暗号化する鍵の取得要求の送信指示情報を、前記携帯端末を介して前記サーバに送信する第1の送信工程と、
     前記第1の送信工程によって前記送信指示情報が送信された結果、前記サーバから前記携帯端末を介して、前記取得要求が前記各ゲートウェイ固有の鍵でそれぞれ暗号化された暗号化取得要求群を受信する第1の受信工程と、
     前記第1の受信工程によって受信された暗号化取得要求群を、前記複数のアドホックネットワークに同時通報する第2の送信工程と、
     前記複数のゲートウェイのうち、前記第2の送信工程によって同時通報された暗号化取得要求群の中のいずれかの暗号化取得要求が到達した特定のゲートウェイ固有の鍵を、前記サーバから前記携帯端末を介して受信する第2の受信工程と、
     前記第2の受信工程によって受信された前記特定のゲートウェイ固有の鍵を、前記データを暗号化する鍵に設定する設定工程と、
     を含むことを特徴とする鍵設定方法。     A key setting method in a node in which no gateway-specific key is set in any one of a plurality of ad hoc networks,
    A detection step of detecting a connection with a mobile terminal capable of communicating with a server connected to each gateway in each ad hoc network of the plurality of ad hoc networks;
    A first transmission step of transmitting transmission instruction information of an acquisition request for a key for encrypting data to the server via the portable terminal when a connection with the portable terminal is detected by the detection step;
    As a result of transmission of the transmission instruction information in the first transmission step, the server receives an encrypted acquisition request group in which the acquisition request is encrypted with a key unique to each gateway via the portable terminal. A first receiving step,
    A second transmission step of simultaneously notifying the plurality of ad hoc networks of the encryption acquisition request group received by the first reception step;
    Among the plurality of gateways, a key specific to a specific gateway reached by any encryption acquisition request in the encryption acquisition request group simultaneously notified by the second transmission step is transferred from the server to the portable terminal. A second receiving step for receiving via:
    A setting step of setting the specific gateway-specific key received by the second reception step as a key for encrypting the data;
    Including a key setting method.
  2.  前記送信指示情報内の前記取得要求は、前記サーバに前記データを暗号化する鍵の設定先を識別させる前記ノードの識別情報を含むことを特徴とする請求項1に記載の鍵設定方法。 The key setting method according to claim 1, wherein the acquisition request in the transmission instruction information includes identification information of the node that causes the server to identify a setting destination of a key for encrypting the data.
  3.  前記送信指示情報内の前記取得要求は、前記サーバに通信先を識別させる前記携帯端末の識別情報を含むことを特徴とする請求項1または2に記載の鍵設定方法。 3. The key setting method according to claim 1, wherein the acquisition request in the transmission instruction information includes identification information of the mobile terminal that causes the server to identify a communication destination.
  4.  前記送信指示情報内の前記取得要求は、前記サーバに前記ノードに対する近隣ゲートウェイを特定させる前記ノードの位置情報を含むことを特徴とする請求項1~3のいずれか一つに記載の鍵設定方法。 The key setting method according to any one of claims 1 to 3, wherein the acquisition request in the transmission instruction information includes position information of the node that causes the server to specify a neighboring gateway for the node. .
  5.  複数のアドホックネットワークのいずれのアドホックネットワーク内で用いられるノードであって、
     前記複数のアドホックネットワークの各アドホックネットワーク内の各ゲートウェイと接続されたサーバと通信可能な携帯端末との接続を検知する検知手段と、
     前記検知手段によって前記携帯端末との接続が検知された場合、データを暗号化する鍵の取得要求の送信指示情報を、前記携帯端末を介して前記サーバに送信する第1の送信手段と、
     前記第1の送信手段によって前記送信指示情報が送信された結果、前記サーバから前記携帯端末を介して、前記取得要求が前記各ゲートウェイ固有の鍵でそれぞれ暗号化された暗号化取得要求群を受信する第1の受信手段と、
     前記第1の受信手段によって受信された暗号化取得要求群を、前記複数のアドホックネットワークに同時通報する第2の送信手段と、
     前記複数のゲートウェイのうち、前記第2の送信手段によって同時通報された暗号化取得要求群の中のいずれかの暗号化取得要求が到達した特定のゲートウェイ固有の鍵を、前記サーバから前記携帯端末を介して受信する第2の受信手段と、
     前記第2の受信手段によって受信された前記特定のゲートウェイ固有の鍵を、前記データを暗号化する鍵に設定する設定手段と、
     を備えることを特徴とするノード。     A node used in any one of a plurality of ad hoc networks,
    Detecting means for detecting connection with a mobile terminal capable of communicating with a server connected to each gateway in each ad hoc network of the plurality of ad hoc networks;
    First connection means for transmitting transmission instruction information of a key acquisition request for encrypting data to the server via the portable terminal when a connection with the portable terminal is detected by the detecting means;
    As a result of transmission of the transmission instruction information by the first transmission means, the server receives an encrypted acquisition request group in which the acquisition request is encrypted with a key unique to each gateway via the portable terminal. First receiving means to:
    Second transmission means for simultaneously reporting the encryption acquisition request group received by the first reception means to the plurality of ad hoc networks;
    Among the plurality of gateways, a key specific to a specific gateway reached by any encryption acquisition request in the encryption acquisition request group simultaneously notified by the second transmission unit is transmitted from the server to the portable terminal. Second receiving means for receiving via:
    Setting means for setting the specific gateway-specific key received by the second receiving means as a key for encrypting the data;
    A node characterized by comprising:
  6.  前記送信指示情報内の前記取得要求は、前記サーバに前記データを暗号化する鍵の設定先を識別させる前記ノードの識別情報を含むことを特徴とする請求項5に記載のノード。 The node according to claim 5, wherein the acquisition request in the transmission instruction information includes identification information of the node that causes the server to identify a setting destination of a key for encrypting the data.
  7.  前記送信指示情報内の前記取得要求は、前記サーバに通信先を識別させる前記携帯端末の識別情報を含むことを特徴とする請求項5または6に記載のノード。 The node according to claim 5 or 6, wherein the acquisition request in the transmission instruction information includes identification information of the mobile terminal that causes the server to identify a communication destination.
  8.  前記送信指示情報内の前記取得要求は、前記サーバに前記ノードに対する近隣ゲートウェイを特定させる前記ノードの位置情報を含むことを特徴とする請求項5~7のいずれか一つに記載のノード。 The node according to any one of claims 5 to 7, wherein the acquisition request in the transmission instruction information includes location information of the node that causes the server to specify a neighboring gateway for the node.
  9.  複数のアドホックネットワークの各アドホックネットワーク内の各ゲートウェイと接続されたサーバであって、
     前記各ゲートウェイ固有の各鍵を記憶する記憶手段と、
     前記サーバに接続された携帯端末を介して、データを暗号化する鍵が未設定なノードから、データを暗号化する鍵の取得要求の送信指示情報を受信する第1の受信手段と、
     前記第1の受信手段によって前記送信指示情報が受信された場合、前記取得要求を前記各鍵でそれぞれ暗号化した暗号化取得要求群を生成する生成手段と、
     前記生成手段によって生成された暗号化取得要求群を、前記携帯端末を介して前記ノードに送信する第1の送信手段と、
     前記第1の送信手段によって送信された暗号化取得要求群が、前記ノードから前記複数のアドホックネットワークに同時通報された結果、前記暗号化取得要求群の中のいずれかの暗号化取得要求が到達した特定のゲートウェイから、前記特定のゲートウェイ固有の鍵の通知指示情報を受信する第2の受信手段と、
     前記第2の受信手段によって受信された通知指示情報で指定された前記特定のゲートウェイ固有の鍵を、前記記憶手段から抽出する抽出手段と、
     前記抽出手段によって抽出された前記特定のゲートウェイ固有の鍵を、前記携帯端末を介して前記ノードに送信する第2の送信手段と、
     を備えることを特徴とするサーバ。     A server connected to each gateway in each ad hoc network of a plurality of ad hoc networks,
    Storage means for storing each key unique to each gateway;
    First receiving means for receiving transmission instruction information of a request for acquiring a key for encrypting data from a node to which the key for encrypting data is not set via a portable terminal connected to the server;
    Generating means for generating an encrypted acquisition request group obtained by encrypting the acquisition request with the keys when the transmission instruction information is received by the first receiving means;
    First transmission means for transmitting the encryption acquisition request group generated by the generation means to the node via the portable terminal;
    As a result of simultaneous notification of the encryption acquisition request group transmitted by the first transmission means from the node to the plurality of ad hoc networks, one of the encryption acquisition requests in the encryption acquisition request group arrives. Second receiving means for receiving notification instruction information of the key specific to the specific gateway from the specific gateway,
    Extracting means for extracting the key specific to the specific gateway designated by the notification instruction information received by the second receiving means from the storage means;
    Second transmission means for transmitting the specific gateway-specific key extracted by the extraction means to the node via the portable terminal;
    A server comprising:
  10.  前記ノードの近隣ゲートウェイを特定する特定手段をさらに備え、
     前記記憶手段は、ゲートウェイごとに、前記ゲートウェイ固有の鍵と前記ゲートウェイの位置情報を記憶しており、
     前記特定手段は、前記第1の受信手段によって前記送信指示情報が受信され、かつ、前記送信指示情報に前記ノードの位置情報が含まれている場合、前記ノードの位置情報と前記記憶手段により記憶された各ゲートウェイの位置情報とに基づいて、前記ノードの近隣ゲートウェイを特定し、
     前記生成手段は、前記取得要求を前記特定手段によって特定された近隣ゲートウェイ固有の各鍵でそれぞれ暗号化した暗号化取得要求群を生成することを特徴とする請求項9に記載のサーバ。     Further comprising identifying means for identifying a neighboring gateway of the node;
    The storage means stores the gateway-specific key and the gateway location information for each gateway,
    If the transmission instruction information is received by the first receiving means and the position information of the node is included in the transmission instruction information, the specifying means stores the position information of the node and the storage means. And the neighboring gateway of the node based on the location information of each gateway
    The server according to claim 9, wherein the generation unit generates an encrypted acquisition request group obtained by encrypting the acquisition request with each key unique to a neighboring gateway specified by the specifying unit.
  11.  前記記憶手段は、さらにゲートウェイごとに、前記ゲートウェイが所属するアドホックネットワーク内のノード数を記憶しており、
     前記抽出手段は、前記記憶手段に記憶された前記特定のゲートウェイが所属するアドホックネットワーク内のノード数に基づいて、前記第2の受信手段によって受信された通知指示情報で指定された前記特定のゲートウェイ固有の鍵の中から設定対象鍵を抽出することを特徴とする請求項9または10に記載のサーバ。     The storage means further stores, for each gateway, the number of nodes in the ad hoc network to which the gateway belongs,
    The extracting unit is configured to specify the specific gateway specified by the notification instruction information received by the second receiving unit based on the number of nodes in the ad hoc network to which the specific gateway belongs, stored in the storage unit. The server according to claim 9 or 10, wherein a setting target key is extracted from a unique key.
  12.  前記抽出手段は、
     通知指示情報で指定された前記特定のゲートウェイ固有の鍵の中から、前記ノード数が最大の特定のゲートウェイ固有の鍵を抽出することを特徴とする請求項11に記載のサーバ。     The extraction means includes
    12. The server according to claim 11, wherein a key specific to a specific gateway having the maximum number of nodes is extracted from keys specific to the specific gateway specified in the notification instruction information.
  13.  前記抽出手段は、
     通知指示情報で指定された前記特定のゲートウェイ固有の鍵の中から、前記ノード数が最小の特定のゲートウェイ固有の鍵を抽出することを特徴とする請求項11に記載のサーバ。     The extraction means includes
    The server according to claim 11, wherein a key specific to a specific gateway with the smallest number of nodes is extracted from the key specific to the specific gateway specified in the notification instruction information.
  14.  複数のアドホックネットワークと、前記複数のアドホックネットワークの各アドホックネットワーク内のゲートウェイと接続されたサーバと、を含むネットワークシステムであって、
     前記サーバは、
     前記各ゲートウェイ固有の各鍵を記憶する記憶手段と、
     前記サーバに接続された携帯端末を介して、データを暗号化する鍵が未設定なノードから、データを暗号化する鍵の取得要求の送信指示情報を受信する第1の受信手段と、
     前記第1の受信手段によって前記送信指示情報が受信された場合、前記取得要求を前記各鍵でそれぞれ暗号化した暗号化取得要求群を生成する生成手段と、
     前記生成手段によって生成された暗号化取得要求群を、前記携帯端末を介して前記ノードに送信する第1の送信手段と、
     前記第1の送信手段によって送信された暗号化取得要求群が、前記ノードから前記複数のアドホックネットワークに同時通報された結果、前記暗号化取得要求群の中のいずれかの暗号化取得要求が到達した特定のゲートウェイから、前記特定のゲートウェイ固有の鍵の通知指示情報を受信する第2の受信手段と、
     前記第2の受信手段によって受信された通知指示情報で指定された前記特定のゲートウェイ固有の鍵を、前記記憶手段から抽出する抽出手段と、
     前記抽出手段によって抽出された前記特定のゲートウェイ固有の鍵を、前記携帯端末を介して前記ノードに送信する第2の送信手段と、を備え、
    前記ノードは、
     前記携帯端末との接続を検知する検知手段と、
     前記検知手段によって前記携帯端末との接続が検知された場合、前記送信指示情報を、前記携帯端末を介して前記サーバに送信する第3の送信手段と、
     前記第3の送信手段によって前記送信指示情報が送信された結果、前記サーバから前記携帯端末を介して、前記暗号化取得要求群を受信する第3の受信手段と、
     前記第1の受信手段によって受信された暗号化取得要求群を、前記複数のアドホックネットワークに同時通報する第4の送信手段と、
     前記複数のゲートウェイのうち、前記第4の送信手段によって同時通報された暗号化取得要求群の中のいずれかの暗号化取得要求が到達した特定のゲートウェイ固有の鍵を、前記サーバから前記携帯端末を介して受信する第4の受信手段と、
     前記第2の受信手段によって受信された前記特定のゲートウェイ固有の鍵を、前記データを暗号化する鍵に設定する設定手段と、
     を備えることを特徴とするネットワークシステム。     A network system including a plurality of ad hoc networks and a server connected to a gateway in each ad hoc network of the plurality of ad hoc networks,
    The server
    Storage means for storing each key unique to each gateway;
    First receiving means for receiving transmission instruction information of a request for acquiring a key for encrypting data from a node to which the key for encrypting data is not set via a portable terminal connected to the server;
    Generating means for generating an encrypted acquisition request group obtained by encrypting the acquisition request with the keys when the transmission instruction information is received by the first receiving means;
    First transmission means for transmitting the encryption acquisition request group generated by the generation means to the node via the portable terminal;
    As a result of simultaneous notification of the encryption acquisition request group transmitted by the first transmission means from the node to the plurality of ad hoc networks, one of the encryption acquisition requests in the encryption acquisition request group arrives. Second receiving means for receiving notification instruction information of the key specific to the specific gateway from the specific gateway,
    Extracting means for extracting the key specific to the specific gateway designated by the notification instruction information received by the second receiving means from the storage means;
    Second transmission means for transmitting the specific gateway-specific key extracted by the extraction means to the node via the portable terminal;
    The node is
    Detecting means for detecting connection with the portable terminal;
    A third transmission unit configured to transmit the transmission instruction information to the server via the portable terminal when the detection unit detects a connection with the portable terminal;
    A third receiving means for receiving the encrypted acquisition request group from the server via the portable terminal as a result of the transmission instruction information being transmitted by the third transmitting means;
    Fourth transmission means for simultaneously reporting the encryption acquisition request group received by the first reception means to the plurality of ad hoc networks;
    Among the plurality of gateways, a key specific to a specific gateway reached by any encryption acquisition request in the encryption acquisition request group simultaneously notified by the fourth transmission unit is transmitted from the server to the portable terminal. 4th receiving means to receive via,
    Setting means for setting the specific gateway-specific key received by the second receiving means as a key for encrypting the data;
    A network system comprising:
  15.  前記サーバは、前記ノードの近隣ゲートウェイを特定する特定手段をさらに備え、
     前記記憶手段はゲートウェイごとに、前記ゲートウェイ固有の鍵と前記ゲートウェイの位置情報を記憶しており、
     前記特定手段は、前記第1の受信手段によって前記送信指示情報が受信され、かつ、前記送信指示情報に前記ノードの位置情報が含まれている場合、前記ノードの位置情報と前記各ゲートウェイの位置情報とに基づいて、前記ノードの近隣ゲートウェイを特定し、
     前記生成手段は、前記取得要求を前記特定手段によって特定された近隣ゲートウェイ固有の各鍵でそれぞれ暗号化した暗号化取得要求群を生成し、
     前記ノードの前記第3の送信手段は、
     前記検知手段によって前記携帯端末との接続が検知された場合、前記ノードに対する近隣ゲートウェイを特定させる前記ノードの位置情報を含む前記送信指示情報を、前記携帯端末を介して前記サーバに送信することを特徴とする請求項14に記載のネットワークシステム。     The server further comprises a specifying means for specifying a neighboring gateway of the node;
    The storage means stores a gateway-specific key and location information of the gateway for each gateway,
    When the transmission instruction information is received by the first reception means and the transmission instruction information includes the position information of the node, the specifying means includes the position information of the node and the position of each gateway. Based on the information, identify the neighboring gateway of the node,
    The generation unit generates an encrypted acquisition request group obtained by encrypting the acquisition request with each key unique to the neighboring gateway specified by the specifying unit,
    The third transmission means of the node is
    When the connection with the portable terminal is detected by the detection means, the transmission instruction information including the position information of the node for specifying a neighboring gateway for the node is transmitted to the server via the portable terminal. The network system according to claim 14, characterized in that:
PCT/JP2011/054405 2011-02-25 2011-02-25 Key setting method, node, server and network system WO2012114528A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2011/054405 WO2012114528A1 (en) 2011-02-25 2011-02-25 Key setting method, node, server and network system
JP2013500815A JP5621905B2 (en) 2011-02-25 2011-02-25 Key setting method, node, server, and network system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2011/054405 WO2012114528A1 (en) 2011-02-25 2011-02-25 Key setting method, node, server and network system

Publications (1)

Publication Number Publication Date
WO2012114528A1 true WO2012114528A1 (en) 2012-08-30

Family

ID=46720342

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2011/054405 WO2012114528A1 (en) 2011-02-25 2011-02-25 Key setting method, node, server and network system

Country Status (2)

Country Link
JP (1) JP5621905B2 (en)
WO (1) WO2012114528A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006197025A (en) * 2005-01-11 2006-07-27 Ntt Docomo Inc Security group managing system
JP2009071707A (en) * 2007-09-14 2009-04-02 Oki Electric Ind Co Ltd Key sharing method, and key distribution system
JP2010503327A (en) * 2006-09-07 2010-01-28 モトローラ・インコーポレイテッド Sending management traffic over multihop mesh networks

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006197025A (en) * 2005-01-11 2006-07-27 Ntt Docomo Inc Security group managing system
JP2010503327A (en) * 2006-09-07 2010-01-28 モトローラ・インコーポレイテッド Sending management traffic over multihop mesh networks
JP2009071707A (en) * 2007-09-14 2009-04-02 Oki Electric Ind Co Ltd Key sharing method, and key distribution system

Also Published As

Publication number Publication date
JPWO2012114528A1 (en) 2014-07-07
JP5621905B2 (en) 2014-11-12

Similar Documents

Publication Publication Date Title
US7596368B2 (en) Wireless access point apparatus and method of establishing secure wireless links
JP5423907B2 (en) Key setting method, node, server, and network system
JP5293284B2 (en) COMMUNICATION METHOD, MESH TYPE NETWORK SYSTEM, AND COMMUNICATION TERMINAL
EP2856789B1 (en) Method for tracking a mobile device onto a remote displaying unit via a mobile switching center and a head-end
JP5408354B2 (en) Key setting method, node, and network system
JP4405309B2 (en) Access point, wireless LAN connection method, medium recording wireless LAN connection program, and wireless LAN system
JP5397547B2 (en) Key setting method, node, and network system
Wang et al. ARPLR: An all-round and highly privacy-preserving location-based routing scheme for VANETs
JP5488716B2 (en) Key update method, node, gateway, server, and network system
KR20190040443A (en) Apparatus and method for creating secure session of smart meter
JP5488715B2 (en) Key update method, node, server, and network system
JP5621905B2 (en) Key setting method, node, server, and network system
JP5494828B2 (en) Key setting method, node, server, and network system
JP5418700B2 (en) Key setting method, node, server, and network system
JP5418699B2 (en) Key setting method, node, server, and network system
JP6961951B2 (en) Network construction system, method and wireless node
KR20230104979A (en) Terminal positioning method, terminal positioning system, storage medium and electronic device
JP2005242547A (en) Remote service execution method, remote client, and remote service server
CN117880805A (en) Network distribution method and device of intelligent equipment and electronic equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11859151

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2013500815

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11859151

Country of ref document: EP

Kind code of ref document: A1