WO2016080398A1 - Connection management control device, wireless connection system, method for managing wireless connection to network, and program for managing wireless connection to network - Google Patents

Connection management control device, wireless connection system, method for managing wireless connection to network, and program for managing wireless connection to network Download PDF

Info

Publication number
WO2016080398A1
WO2016080398A1 PCT/JP2015/082275 JP2015082275W WO2016080398A1 WO 2016080398 A1 WO2016080398 A1 WO 2016080398A1 JP 2015082275 W JP2015082275 W JP 2015082275W WO 2016080398 A1 WO2016080398 A1 WO 2016080398A1
Authority
WO
WIPO (PCT)
Prior art keywords
communication
wireless
setting information
connection
management control
Prior art date
Application number
PCT/JP2015/082275
Other languages
French (fr)
Japanese (ja)
Inventor
創 梅木
亮太 山田
優樹 井上
Original Assignee
オムロン株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by オムロン株式会社 filed Critical オムロン株式会社
Publication of WO2016080398A1 publication Critical patent/WO2016080398A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/126Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M11/00Telephonic communication systems specially adapted for combination with other electrical systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • H04W88/04Terminal devices adapted for relaying to or from another terminal or user

Definitions

  • the present invention relates to a connection management control device that manages wireless connection to a network, a communication device that performs wireless communication with the connection management control device, and a wireless connection system that includes the connection management control device.
  • a predetermined communication device When a predetermined communication device is wirelessly connected to a network such as a LAN or the Internet, wireless communication is performed with a connection management control device such as a wireless LAN access point or router that manages the connection to the network, and there A predetermined process such as authentication is required.
  • a connection management control device such as a wireless LAN access point or router that manages the connection to the network
  • a predetermined process such as authentication is required.
  • AOSS Airstation One-touch Secure System
  • WPS WiFi Secured Setup
  • wireless setting information such as an ID and password for the wireless connection
  • the user of the communication device inputs the information, and the connection management control device determines whether or not wireless connection to the network is possible based on the information.
  • the wireless setting information may be recorded in advance on the communication device side.
  • Patent Document 1 a technology for preventing the information from being visually recognized in the communication device has been developed (for example, Patent Document 1). See).
  • a communication device exchanges wireless setting information with a connection management control device in order to establish a wireless connection to a network
  • both devices are connected by wire for exchange, or both devices are exchanged for transmission / reception.
  • the distance between the communication device and the connection management control device may be required to be within a certain distance.
  • the wireless connection through the connection management control device by the communication device is facilitated, the wireless setting information for the wireless connection spreads unnecessarily, which is undesirable from the viewpoint of network security, network load, etc. There is a risk of allowing connection (illegal connection). Access by such a communication device that performs unauthorized connection should be excluded, but if the number of communication devices wirelessly connected to the network increases, it is not easy to eliminate the access.
  • the present invention has been made in view of such a problem, and provides a management technology for a wireless connection to a network that can easily disconnect a communication device that performs unauthorized connection via a connection management control device. With the goal.
  • the communication device acquires wireless setting information for wireless connection to a network from a communication device that has already performed wireless connection to the network. Based on the information related to the acquisition path of the wireless setting information, a configuration is adopted in which wireless communication by an unauthorized communication device performing unauthorized connection is blocked. As a result, unauthorized wireless communication can be easily blocked.
  • the present invention transmits / receives wireless setting information for wireless connection to a predetermined network to / from a communication device outside the predetermined network, so that the communication device can wirelessly connect to the predetermined network.
  • It is a connection management control device that performs management.
  • the communication device transmits a wireless setting information for wirelessly connecting the communication device to the predetermined network via the connection management control device.
  • the setting information it is configured to acquire from an existing communication device that is already wirelessly connected to the predetermined network via the connection management control device.
  • the connection management control device is configured to acquire the wireless setting information corresponding to each of one or a plurality of communication devices performing wireless communication with the connection management control device by the respective communication devices.
  • Management means for managing acquisition path information relating to, unauthorized detection means for detecting an unauthorized connection state in which one or a plurality of communication devices are illegally connected to the connection management control device, and the unauthorized connection status by the unauthorized detection means And detecting means for blocking wireless communication between the one or more unauthorized communication devices and the connection management control device based on the acquired route information managed by the management means.
  • the communication device uses the wireless setting information for allowing wireless connection by the connection management control device managing the predetermined network, and the communication device is connected to the connection management control device. Need to access.
  • the wireless setting information include identification information for identification in a predetermined network, a password corresponding to the identification information, and the like.
  • the communication device is configured to acquire its own wireless setting information from an existing communication device that is already wirelessly connected to the predetermined network via the connection management control device. The Therefore, the communication device can acquire the wireless setting information not only from the connection management control device but also from the existing communication device, and the processing of wireless connection to the predetermined network becomes easy.
  • an unintended wireless connection is referred to as an unauthorized connection in the present invention, and is targeted for blocking wireless communication with the connection management control device by the blocking means.
  • an unauthorized connection for example, not only a wireless connection represented by unauthorized acquisition of wireless setting information but also a communication device that has performed an appropriate wireless connection accidentally performs an unauthorized wireless connection for some reason.
  • An accidental illegal connection such as a case where the illegal connection has occurred is also included, and a communication device that performs the illegal connection is referred to as an unauthorized communication device.
  • An unauthorized connection state that is an unauthorized connection state by such an unauthorized communication device is detected by the unauthorized detection means.
  • the determination of the unauthorized connection state by the unauthorized detection means is performed based on detection of an event (for example, information flow or network load) in a predetermined network or unauthorized acquisition processing itself of wireless setting information by an unauthorized communication device. .
  • connection management control device manages the acquired route information by the management means.
  • This acquisition route information is information on which route the communication device performing wireless communication has acquired the wireless setting information. In other words, it is wirelessly connected to a predetermined network via the connection management control device. It is also information indicating the correlation between one or a plurality of communication devices related to the acquisition of the respective wireless setting information. Therefore, by using this acquisition path information, if an unauthorized connection state is detected by the unauthorized detection means, one or more unauthorized communication devices related to the unauthorized connection state are transferred to the wireless configuration information acquisition path. It becomes possible to grasp easily from a viewpoint.
  • the blocking means blocks wireless communication between one or more unauthorized communication devices and the connection management control device, thereby easily disconnecting the unauthorized communication device from wireless connection to a predetermined network. Therefore, management of wireless connection by the connection management control device can be suitably performed.
  • the communication device communicates with the predetermined network via the connection management control device according to predetermined wireless setting information that enables wireless communication with the connection management control device.
  • Setting for requesting self-radio setting information which is the radio setting information for self-existing communication device that enables wireless communication with the connection management control device to an existing communication device that has already established a wireless connection Received by the setting information receiving means, the setting information receiving means for receiving from the existing communication apparatus the self-radio setting information prepared by the existing communication apparatus according to the request by the setting information requesting means, and the setting information receiving means And executing means for executing wireless communication to the connection management control device based on the self wireless setting information.
  • the management unit When the communication device performs wireless communication with the connection management control device using the self-radio setting information by the execution unit, the management unit performs the self-communication by the communication device based on the self-radio setting information.
  • the acquisition path of wireless setting information is set as a new management target.
  • the communication device has setting information requesting means and setting information receiving means, so that its own wireless setting information (self wireless setting information) is already wirelessly connected to a predetermined network via the connection management control device.
  • the communication device requests the existing communication device for its own wireless setting information necessary for the communication device itself to wirelessly connect to a predetermined network via the connection management control device by the setting information requesting means.
  • the existing communication device is a device that is already wirelessly connected to a predetermined network via the connection management control device when the communication device attempts to make a wireless connection to the predetermined network. Therefore, the existing communication device has already been granted a wireless connection to the predetermined network by the connection management control device.
  • the existing communication device is exchanged with the connection management control device or other communication devices such as the communication device. After exchanging with the communication device, it has predetermined wireless setting information for the existing communication device.
  • the setting information request means pays attention to the fact that the existing communication device already has the predetermined wireless setting information, and requests the existing communication device to exchange the wireless setting information instead of the connection management control device. is there.
  • the existing communication device prepares self-radio setting information for the communication device.
  • the existing communication device may make the preparation for all requests, or determine whether to make the preparation for each request according to a predetermined judgment criterion. You may make the preparation after having done.
  • the predetermined determination criterion include a criterion set to allow wireless connection from the viewpoint of security of a predetermined network.
  • the self-radio setting information prepared by the existing communication device is sent to the communication device side and received by the setting information receiving means.
  • the communication device acquires the self-radio setting information through the exchange with the existing communication device, instead of directly exchanging the radio setting information with the connection management control device.
  • the communication apparatus can acquire the self-radio setting information from other than the connection management control apparatus, and can easily connect to a predetermined network by radio.
  • the connection management control device if there is a communication device that has made a new access according to the acquired self-radio setting information, the communication means The acquisition route of the device's own wireless setting information is newly managed.
  • the unauthorized connection state is detected later by the unauthorized detection means, the unauthorized communication device can be easily disconnected as described above.
  • unauthorized connection refers to an unintended wireless connection in a predetermined network. Therefore, even if an unauthorized connection state is detected, wireless communication by the unauthorized communication device can be permitted in a predetermined network by restricting a part of the wireless communication function of the unauthorized communication device by the communication function restricting means.
  • the predetermined processing by the wireless communication function of the original communication device is useful for the predetermined network even after becoming the unauthorized communication device.
  • the predetermined function may be a function on the connection management control device side or a function on the unauthorized communication device side. Also good.
  • the unauthorized connection itself by the unauthorized communication device is not preferable for a given network. Therefore, even when the restriction by the communication function restriction unit is performed, the wireless communication of the unauthorized communication device is blocked by the blocking unit.
  • the communication function restriction unit prohibits information transmission from the one or more unauthorized communication devices to the connection management control device, and from the connection management control device. Restricting a part of predetermined functions related to wireless communication between the one or more unauthorized communication devices and the connection management control device in such a format that information transmission to the one or more unauthorized communication devices is permitted. .
  • the communication function restriction unit is configured to transmit the transmission based on the content of transmission information transmitted from the one or more unauthorized communication devices toward the connection management control device.
  • a part of a predetermined function related to wireless communication between the one or more unauthorized communication devices and the connection management control device is limited in a format for determining whether or not information can be transmitted.
  • the wireless communication function of the unauthorized communication device is restricted based on the transmission direction of the transmission information, and as a result, information transmission from the connection management control device to the unauthorized communication device is maintained. Thus, a state where management control of the unauthorized communication device by the connection management control device is possible is maintained.
  • the wireless communication function of the unauthorized communication device is restricted based on the content of the transmission information, for example, based on whether or not the information has useful content. The transmission of information required by the network side is maintained. If the wireless communication function of the unauthorized communication device is restricted and some benefits can be enjoyed for a predetermined network, other restricted forms can be employed.
  • the connection management control device when the connection management control device includes a communication function restriction unit, the connection management control device is a part of the wireless communication function for the connection management control device of the one or more unauthorized communication devices by the communication function restriction unit.
  • a recovery means for recovering at least a part of the unauthorized connection state among the one or more unauthorized communication devices to a normal connection state may be further provided. In this way, the cancellation of the unauthorized connection state by the recovery unit and the restoration to the normal connection state are performed, so that it is not necessary to block the wireless communication by the blocking unit. As a result, the communication device that has been restored to the normal connection state can be prevented from being disconnected from the predetermined network, and wireless connection to the predetermined network can be continued.
  • the present invention can be grasped from the aspect of a wireless connection system for performing wireless connection to a predetermined network.
  • the wireless connection system transmits / receives wireless setting information for wireless connection to a predetermined network to / from a communication device outside the predetermined network, so that the wireless connection of the communication device to the predetermined network is performed.
  • a connection management control device that manages the network, and an existing wireless connection already established to the predetermined network via the connection management control device according to predetermined wireless setting information that enables wireless communication with the connection management control device
  • connection management control device obtains the wireless setting information corresponding to each of one or a plurality of communication devices performing wireless communication with the connection management control device by the respective communication devices.
  • the present invention manages and controls wireless connection of the communication device to the predetermined network by transmitting and receiving wireless setting information for wireless connection to the predetermined network to and from a communication device outside the predetermined network. It may be understood from the aspect of the management method by the connection management control device.
  • the wireless setting information corresponding to each of one or a plurality of communication devices performing wireless communication with the connection management control device is acquired with respect to the acquisition path acquired by each communication device.
  • a blocking step of blocking wireless communication between the one or more unauthorized communication devices and the connection management control device based on the acquired route information managed in the management step is also possible. It should be noted that the technical idea disclosed regarding the invention of the connection management control device can be applied to the invention of the management method as long as there is no technical flaw.
  • the present invention manages and controls the wireless connection of the communication device to the predetermined network by transmitting and receiving wireless setting information for wireless connection to the predetermined network to and from a communication device outside the predetermined network. It may be understood from the aspect of a management program for wireless connection to the network executed by the connection management control device.
  • the communication apparatus transmits a wireless setting information for wirelessly connecting the communication apparatus to the predetermined network via the connection management control apparatus. According to the wireless setting information, it is configured to acquire from an existing communication device that is already wirelessly connected to the predetermined network via the connection management control device. Then, the management program is connected to the connection management control device.
  • a management step of managing the acquisition path information related to the acquisition path acquired by each of the communication apparatuses wherein the wireless setting information corresponding to each of one or a plurality of communication apparatuses performing wireless communication with the connection management control apparatus And an unauthorized detection step for detecting an unauthorized connection state in which one or a plurality of communication devices are illegally connected to the connection management control device, and when the unauthorized connection state is detected in the unauthorized detection step, the management step And a blocking step for blocking wireless communication between the one or more unauthorized communication devices and the connection management control device.
  • the technical idea disclosed regarding the invention of the connection management control device can be applied to the management program invention as long as there is no technical flaw.
  • FIG. 2 is a functional block diagram of a router included in the wireless connection system shown in FIG. 1. It is a flowchart of the wireless connection process performed with a communication apparatus. It is a flowchart of the setting information provision process performed with a communication apparatus.
  • FIG. 2 is a first sequence diagram regarding information exchange between a communication device and a router in the wireless connection system shown in FIG. 1.
  • FIG. 6 is a diagram schematically showing a data structure of a request command and wireless setting information transmitted / received between communication apparatuses in order to acquire wireless setting information in each process shown in FIGS. 4 and 5.
  • FIG. FIG. 6 is a second sequence diagram regarding information exchange between the communication device and the router in the wireless connection system shown in FIG. 1. It is a figure which shows schematic structure of the radio
  • FIG. 11 is a second flowchart of a blocking process executed by the router shown in FIG. 10. It is a figure which shows another database structure of acquisition path
  • the wireless connection system according to the present invention and the communication device included in the wireless connection system will be described with reference to the drawings.
  • the configuration of the following embodiment is an exemplification, and the present invention is not limited to the configuration of this embodiment.
  • FIG. 1 is a diagram showing a schematic configuration of a wireless connection system that is a system for wirelessly connecting to a predetermined network 10.
  • the predetermined network 10 is an arbitrary network such as a LAN or the Internet
  • the router 1 is a device that manages and controls wireless connection to the predetermined network 10.
  • the communication devices 3 and 4 have already made a wireless connection to the predetermined network 10 via the router 1.
  • the communication devices 3 and 4 have already exchanged wireless setting information with the router 1.
  • the wireless setting information is information necessary for wireless connection to a predetermined network 10, and is formed of, for example, identification information for the predetermined network 10 and a password for wireless connection to the network.
  • FIG. 1 is a diagram showing a schematic configuration of a wireless connection system that is a system for wirelessly connecting to a predetermined network 10.
  • the predetermined network 10 is an arbitrary network such as a LAN or the Internet
  • the router 1 is a device that manages and controls wireless connection to the predetermined network 10.
  • the communication devices 3 and 4
  • each of the communication devices 3 and 4 that are already wirelessly connected to the predetermined network 10 via the router 1 stores wireless setting information for realizing the wireless connection in the memory of the device.
  • the wireless setting information of the communication device 3 is referred to by 3a
  • the wireless setting information of the communication device 4 is referred to by 4a.
  • the router 1 is a device that manages and controls the wireless connection of a communication device that is wirelessly connected to a predetermined network 10 via the router 1. Therefore, management wireless setting information is stored as information for management control of the wireless connection and stored in the memory of the router 1.
  • the management wireless setting information is denoted by reference numeral 1a in FIG. 1, and its specific configuration is disclosed in FIG. 9 to be described later.
  • the communication apparatus needs to be located within a certain distance from the router 1. This is because the router 1 is a device for exchanging wireless setting information by the WPS (WiFi Protected Setup) method, and the user must operate the router 1 and the communication device at the same time. Then, it is assumed that the communication devices 3 and 4 have already established a wireless connection to the predetermined network 10 via the router 1 by exchanging wireless setting information with the router 1 by this WPS method.
  • WPS WiFi Protected Setup
  • a new communication device 2 when a new communication device 2 tries to establish a wireless connection to a predetermined network 10, it is the same as the communication devices 3 and 4 as long as the distance from the router 1 can be brought close to the range necessary for processing for wireless connection.
  • wireless connection to a predetermined network 10 is possible by directly exchanging wireless setting information with the router 1.
  • the communication device 2 cannot sufficiently approach the router 1 due to restrictions on the place of use or the like, it is difficult to exchange wireless setting information with the router 1 like the communication devices 3 and 4. Therefore, in the wireless connection system according to the present invention, the communication device 2 that is in a situation where it is difficult to exchange such wireless setting information is not connected to the router 1 but is already wirelessly connected to the predetermined network 10 via the router 1.
  • the communication device (for example, the communication device 3) that realizes the above.
  • the communication device (for example, the communication device 3) that exchanges this alternative wireless setting information in place of the router 1 is a communication device that has already made a wireless connection to the predetermined network 10, and the existing communication device according to the present invention. It corresponds to a communication device.
  • FIG. 2A shows a functional block diagram in which some of the functions of the communication device 2 are imaged
  • FIG. 2B shows a functional block diagram in which some of the functions of the communication device 3 are imaged
  • FIG. 3 shows a functional block diagram in which some of the functions of the router 1 are imaged.
  • the communication device 2 includes a control unit 20, a communication unit 21, and a wireless setting information storage unit 22 as functional units.
  • the control unit 20 is a functional unit that performs various controls in the communication device 2, and particularly includes a communication control unit 201, a setting information request unit 202, and a setting information reception unit 203.
  • the communication control unit 201 transmits / receives information to / from the communication device 3 necessary for acquiring self-radio setting information, which will be described later, and obtains self-radio setting information and wirelessly connects to a predetermined network via the router 1.
  • the wireless setting information corresponding to the communication device 2 that newly attempts to establish a wireless connection to the predetermined network 10 via the router 1 is referred to as self wireless setting information.
  • the communication device 2 does not hold self-radio setting information for wireless connection to the predetermined network 10.
  • the setting information request unit 202 makes a self-communication (communication) to the communication device 3 that has already established a wireless connection in order for the communication device 2 to establish a wireless connection to the predetermined network 10 via the router 1. It is a functional unit that transmits a request signal so as to transmit the self-radio setting information used by the device 2).
  • the request signal generated by the setting information request unit 202 is transmitted to the communication device 3 under the control of the communication control unit 201.
  • the setting information reception unit 203 is a functional unit that receives the self-radio setting information transmitted from the communication device 3 in response to the request signal generated by the setting information request unit 202. The reception of the self wireless setting information is also performed under the control of the communication control unit 201.
  • the setting information receiving unit 203 not only receives the self-radio setting information transmitted by the request signal, but in a situation where the communication apparatus 2 can directly exchange the radio setting information with the router 1, the WPS method is used. Obtained self-radio setting information is also received.
  • the communication unit 21 controls transmission / reception of information to / from the outside through an antenna mounted on the communication device 2. Specifically, according to control from the communication control unit 201, the communication unit 2 and the external device Transmit / receive information to / from devices (communication device 3, router 1, etc.). In the present embodiment, transmission / reception of information to / from an external device is all performed by wireless communication.
  • the wireless setting information storage unit 22 is a functional unit that stores the self-radio setting information received by the setting information receiving unit 203. By following the stored self-radio setting information, the communication device 2 can wirelessly connect to a predetermined network 10 via the router 1.
  • the communication device 3 includes a control unit 30, a communication unit 31, and a wireless setting information storage unit 32 as functional units.
  • the control unit 30 is a functional unit that performs various controls in the communication device 3.
  • the control unit 30 includes a communication control unit 301, a setting information request unit 302, a setting information receiving unit 303, and a setting information preparation unit 304.
  • the communication unit 31 and the wireless setting information storage unit 32 are substantially the same as the communication unit 21 and the wireless setting information storage unit 22 of the communication device 2, and the communication control unit 301 and setting that the control unit 30 has.
  • the information requesting unit 302 and the setting information receiving unit 303 are substantially the same as the communication control unit 201, the setting information requesting unit 202, and the setting information receiving unit 203 that the control unit 20 of the communication device 2 has. I will omit the explanation of the details. Note that, as described above, the communication device 3 directly exchanges wireless setting information with the router 1. In this case, the function by the setting information request unit 302 is not exhibited, and the communication device 3 is not connected to the router 1. Wireless setting information is acquired from
  • the control unit 30 of the communication device 3 further includes a setting information preparation unit 304 as a functional unit.
  • the setting information preparation unit 304 receives a request signal related to the self-radio setting information from another communication device (communication device 2 or the like)
  • the setting information preparation unit 304 relates to preparation for transmitting the requested self-radio setting information to the request source. It is a functional unit that performs processing.
  • each communication device may have a functional unit other than the illustrated functional unit.
  • the control unit 20 in the communication device 2 may have substantially the same function unit as the setting information preparation unit 304 in the communication device 3.
  • the communication device 2 Self-radio setting information for the communication device is prepared.
  • the router 1 includes a communication unit 11, a management wireless setting information storage unit 12, and a connection management unit 13.
  • the communication unit 11 is a functional unit for communicating with a communication device wirelessly connected to a predetermined network 10.
  • the management wireless setting information storage unit 12 is a functional unit that stores management wireless setting information for managing communication apparatuses that perform wireless communication via the communication unit 11.
  • the management wireless setting information includes information such as identification information of a communication device to be managed and authority for wireless connection given to the communication device (for details, refer to FIG. 9 described later). .
  • the connection management unit 13 Based on these management wireless setting information, the connection management unit 13 performs management control of wireless connection to a predetermined network.
  • connection management unit 13 includes an acquisition path information management unit 131, a fraud detection unit 132, and a blocking management unit 133.
  • the acquired route information management unit 131 is a functional unit that manages a route through which the communication device wirelessly connected to the predetermined network 10 via the router 1 has acquired the wireless setting information used at the time of the wireless connection.
  • the fraud detection unit 132 is a functional unit that detects an unauthorized connection state in which an unauthorized wireless connection is performed in the wireless connection to the predetermined network 10 via the router 1.
  • the unauthorized connection state in the present invention refers to a state of wireless connection that is not intended in the predetermined network 10.
  • the blocking management unit 133 is a functional unit that performs processing related to blocking wireless communication between the communication device performing the unauthorized connection and the router 1 when the unauthorized detection state is detected by the unauthorized detection unit 132. is there.
  • the process related to the blocking of the wireless communication includes a predetermined process (a wireless communication function restriction process or a restoration process described later) for a communication device that performs an unauthorized connection before the blocking process is executed. Processing).
  • connection management unit 13 performs management control of the wireless connection not only after the wireless connection is established but also in the previous stage, for example, processing when the communication device 3 exchanges wireless setting information by the WPS method, It is also responsible for the preparation process of the self-radio setting information of the communication device 2 performed in cooperation with the setting information preparation unit 304 of the communication device 3 (see FIG. 8 described later).
  • This exchange process is formed by a wireless connection process executed by the communication apparatus 2 shown in FIG. 4 and a setting information provision process executed by the communication apparatus 3 shown in FIG. Shows a sequence relating to transmission and reception of signals between the communication devices 2 and 3 and the router when each processing is performed.
  • FIG. 7 shows information (message information for requesting wireless setting information (hereinafter referred to as “request message information”) transmitted and received between the communication device 2 and the communication device 3 for exchanging wireless setting information. And the data structure of reply message information (hereinafter referred to as “reply message information”) corresponding to the request.
  • FIG. 7A discloses a data structure common to information sent from the communication device 2 to the communication device 3 and information sent from the communication device 3 to the communication device 2. The information is roughly divided into eight areas. In the present embodiment, among the eight regions, five particularly important regions a1 to a5 will be described. An area a1 (Start Symbol) is a specific byte string indicating the start of message information.
  • Area a2 (Destination Address) represents the address of the destination to which the message information is finally transmitted (the communication device 3 is the destination in the case of request message information, and the communication device 2 is the destination in the case of reply message information).
  • the area a3 (Source Address) represents the address of the message information transmission source (in the case of request message information, the communication device 2 is the transmission source, and in the case of reply message information, the communication device 3 is the transmission source).
  • the area a4 stores identification information of message information, and can identify whether the data is request message information data or reply message information data based on the identification information.
  • the area a42 stores specific data corresponding to each message information. Specifically, in the case of request message information, a command for requesting the self-radio setting information of the communication device 2 is stored. In this case, the data of the self-radio setting information of the communication device 2 is stored as an answer to the request.
  • An area a5 (Terminator Symbol for Data) is a specific byte string indicating the end of transmission information.
  • FIG. 7C discloses specific data contents of request message information transmitted from the communication device 2 to the communication device 3, and FIG. 7D shows the communication device 3 to the communication device. 2 discloses the specific data contents of the reply message information transmitted.
  • Reference numbers a1 to a5 and a41 to a43 in FIGS. 7C and 7D correspond to the reference numbers of the data areas shown in FIGS. 7A and 7B.
  • the identification information of the communication device 2 is “2001”, and the identification information of the communication device 3 is “3001”.
  • the identification information of the area a41 is FF
  • the message information is request message information.
  • the identification information of the area a41 is FE
  • the message information is reply message information.
  • request message information FOG.
  • the data stored in the area a42 is information for wireless connection to a predetermined network 10 (at least identification information for identifying the network and the identification information). This is a command for inquiring a password corresponding to the password.
  • reply message information (FIG. 7 (d))
  • the data stored in the area a42 is reply contents corresponding to the request command (that is, identification information and password for specifying the network).
  • S102 in response to the transmission of the request message information in S101, it is determined whether or not the self wireless setting information is received from the communication device 3.
  • the setting information provision processing shown in FIG. 5 is performed in the communication device 3, and this processing will be described later.
  • the processing of S102 is determined by the communication control unit 201 upon receipt of the self-radio setting information by the setting information receiving unit 203. If an affirmative determination is made in S102, the wireless setting information storage unit 22 stores the self wireless setting information received by the setting information receiving unit 203. On the other hand, if a negative determination is made in S102, the process proceeds to S103. Note that the timing at which affirmative determination is made in S102 is timing T2 in the sequence shown in FIG.
  • reception failure indicates a state in which the self-radio setting information cannot be received from the requested communication device 3. For example, if the self-radio setting information cannot be received from the communication device 3 within a predetermined time after the request for the self-radio setting information in S101 is made, “reception failure” occurs. Also, in the setting information providing process described later, when the communication device 3 determines that the communication device 2 is not a suitable destination for providing the self-radio setting information, the determination result is sent to the communication device 2. Based on this, a “reception failure” occurs.
  • the determination process in S103 may be performed in accordance with a predetermined determination criterion so that the communication device 2 that has requested the self-radio setting information does not wait for a long time to receive the self-radio setting information. If an affirmative determination is made in S103, the process proceeds to S104, an error relating to the request for the self-radio setting information is displayed on the display of the communication apparatus 2, and the user is notified that the self-radio setting information could not be acquired. If a negative determination is made in S103, the processing after S102 is performed again.
  • wireless communication is executed to the router 1 using the self-radio setting information in S105.
  • the process of S105 is executed by the communication control unit 201. Note that the timing at which wireless communication is performed on the router 1 in S105 is timing T3 in the sequence shown in FIG.
  • the communication device 2 can wirelessly connect to the predetermined network 10 via the router 1 after performing the wireless setting information exchange process with the communication device 3 instead of the router 1.
  • S201 it is determined whether or not the request signal for the self-radio setting information, that is, the request message information illustrated in FIG.
  • the determination process is performed by the communication control unit 301. If an affirmative determination is made in S201, the processing after S202 is performed in order to prepare the self-radio setting information for the communication device 2 in the communication device 3. On the other hand, if a negative determination is made in S201, the setting information provision process is terminated.
  • This provision destination authentication is a process for determining whether the requesting communication apparatus 2 is an appropriate communication apparatus as the provision destination of the self-radio setting information, and is executed by the setting information preparation unit 304.
  • the wireless setting information exchange process is performed not for the router 1 but for the communication apparatus 3 that is already wirelessly connected to a predetermined network via the router 1. Since the exchange processing of the wireless setting information with the communication device 3 is an alternative processing performed in place of the router 1, the self-wireless setting information is requested from the communication device 3 without limitation in consideration of network security and the like. Providing the original is not necessarily preferable. Therefore, the provision destination authentication process of S202 is performed, and a certain restriction is imposed on the provision of the self-radio setting information.
  • An example of providing destination authentication is performed according to a list (white list) that includes the address information of communication devices that the setting information preparation unit 304 has in advance to provide or permit self-radio setting information.
  • the request source address included in the request message information shown in FIG. 7 (c) (in this embodiment, the address of the communication device 2) is collated with the white list that the setting information preparation 304 has, and If the address of the communication device 2 is included, the provision of the self-radio setting information to the communication device 2 is permitted. Then, based on the result of the destination authentication in S202, it is determined in S203 whether or not the self wireless setting information can be transmitted to the request source.
  • S203 If a positive determination is made in S203, the process proceeds to S204, and if a negative determination is made, the process proceeds to S206.
  • S206 a notification that the provision of the self-radio setting information by the communication device 3 is not permitted is made to the request source. Based on this notification, in S103 in the wireless connection process, it is determined that a reception failure has occurred.
  • the timing at which the positive determination is made in S203 is the timing T11 in the sequence shown in FIG.
  • the determination of S201 it is determined whether or not the request message information in the predetermined format shown in FIG. 7 has been received. Therefore, the request source that has transmitted the request message information has a predetermined amount to know the predetermined format. It is a communication device related to the network 10, and therefore it can be considered that provision of self-radio setting information to such a request source is not an unlimited provision. Based on such an idea, the processing of S202 and S203 may not be performed.
  • the setting information preparation unit 304 prepares the self-radio setting information provided to the requesting communication device 2.
  • the wireless setting information used when the communication apparatus 3 is currently wirelessly connected to the predetermined network 10 is prepared as the self-radio setting information used by the requesting communication apparatus 2 as it is. Therefore, in this first preparation mode, the communication device 3 can easily prepare the self-radio setting information.
  • the communication device 2 is provided with the self-radio setting information prepared in this way and uses it to access the router 1, the router 1 uses the same radio setting information to perform a plurality of communications. Since the device is in an access state, it becomes difficult for the router 1 to distinguish between the communication devices using the wireless setting information. Such a situation may be undesirable in the management of the wireless connection of the communication device by the router 1.
  • the wireless setting information is different from the wireless setting information used when the communication device 3 is currently wirelessly connected to the predetermined network 10 and is requested by the setting information providing process.
  • the wireless setting information separately stored in the wireless setting information storage unit 32 for providing the original is prepared as self-radio setting information used by the requesting communication device 2.
  • the “wireless setting information separately stored in the wireless setting information storage unit 32 for provision to the request source” may be different wireless setting information for each request source, or shared by a plurality of request sources.
  • the router 1 accesses the communication device 2, and when another communication device acquires the self-radio setting information by the setting information providing process, It is also possible to distinguish from accesses by other communication devices.
  • the self-radio setting information is commonly used by a plurality of requesters, it is difficult to distinguish the access of the communication apparatus using the common self-radio setting information according to the radio setting information.
  • the process proceeds to S205, and the prepared self-radio setting information is transmitted to the requesting communication apparatus 2 in S205.
  • This transmitted information is the reply message information shown in FIG.
  • the timing for completing the preparation of the self-radio setting information and transmitting it is timing T12 in the sequence shown in FIG. After the process of S205, the setting information provision process ends.
  • the communication apparatus 2 replaces the wireless setting information exchange process with the router 1 and performs the self wireless setting from the communication apparatus 3.
  • Information can be acquired and wirelessly connected to a predetermined network 10 via the router 1 using the information. Therefore, the communication device 2 can be wirelessly connected to the predetermined network 10 via the router 1 without being affected by the distance between the communication device 2 and the router 1. Network participation becomes easy.
  • the communication device 2 uses the self-radio setting information to make a wireless connection to the predetermined network 10 via the router 1 after acquiring the self-radio setting information from the communication device 3, the communication device 2 directly In addition, wireless communication with the router 1 may be performed.
  • the communication device 2 may perform wireless communication with the router 1 with a relay device interposed between the communication device 2 and the router 1.
  • the communication device 2 may perform wireless communication with the router 1 via the communication device 3 that provided the self-radio setting information, or alternatively, via the router 1 as with the communication device 3.
  • Wireless communication with the router 1 may be performed via the communication device 4 that is already wirelessly connected to the predetermined network 10.
  • FIG. 8 shows a sequence related to transmission / reception of signals between the communication apparatuses 2 and 3 and the router 1 when the wireless connection process and the setting information provision process are performed, as in FIG. 6.
  • the difference between the sequence shown in FIG. 8 and the sequence shown in FIG. 6 is a preparation mode of the self-radio setting information in the communication device 3.
  • the communication device 3 requests the router 1 to issue self-radio setting information for the requesting communication device 2 after the provision destination authentication ends.
  • the communication device 3 does not prepare the self-radio setting information directly, but the communication device 3 acquires the self-radio setting information from the router 1 and sends it to the communication device 2. It is to provide. Note that the timing at which the communication device 3 requests self-radio setting information from the router 1 is the timing T21 in the sequence shown in FIG.
  • the advantage of causing the router 1 to issue the self-radio setting information of the communication device 2 in this way is that the router 1 that manages and controls the wireless connection to the predetermined network 10 recognizes the existence of the communication device 2 and then sets the self-radio setting. Since the information is provided to the communication device 2 via the communication device 3, the management control of the wireless connection by the router 1 can be suitably performed. Therefore, in order for the router 1 to issue the self-radio setting information, the communication device 3 delivers the address of the communication device 2 included in the request message information to the router 1 together with the issue request. Then, the router 1 issues self-radio setting information dedicated to the communication device 2 in association with the address of the communication device 2.
  • the router 1 identifies that the access is made by the communication device 2 and the router 1 It is also possible to grasp the circumstances that the self-radio setting information is acquired via the communication device 3. This makes the management control of the wireless connection by the router 1 more suitable.
  • the wireless setting information issuance timing by the router 1 is timing T22 in the sequence shown in FIG.
  • the communication device 3 When the communication device 3 receives the issuance of self-radio setting information for the communication device 2 by the router 1, the received self-radio setting information is transmitted to the communication device 2 at timing T2 as prepared self-radio setting information. Thereafter, as described above, the communication device 2 performs wireless communication with the router 1 using the self-radio setting information received from the communication device 3 and wirelessly connects to the predetermined network 10. As described above, also in this modification, since the communication device 2 actually exchanges the wireless setting information is the communication device 3 and not the router 1, the communication device 2 and the router 1 are exchanged as in the above-described embodiment. The communication device 2 can wirelessly connect to the predetermined network 10 without being affected by the distance between the two.
  • the wireless connection process and the setting information provision process are executed by performing wireless communication between the communication device 2 and the communication device 3 by the communication unit 21 and the communication unit 31.
  • wired communication may be formed between the communication device 2 and the communication device 3 in order to perform wireless connection processing and setting information provision processing.
  • information can be transmitted and received between the two devices.
  • the confirmation process of the connection target is executed in each of the two devices, and a state in which wired communication for executing the wireless connection processing and the setting information providing processing is established between the two devices is formed. A determination is made whether or not. By this determination processing, the transmission destination of information is specified in both apparatuses.
  • the wireless connection processing and the setting information provision processing are performed after the state in which wired communication is possible between the communication device 2 and the communication device 3, and wireless communication is performed as in the above embodiment.
  • the communication apparatus 2 can easily acquire the self-radio setting information from the communication apparatus 3 as in the case where both processes are performed via Further, since the transmission destination of the self-radio setting information is uniquely specified by the wire through the wired communication in this way, it is possible to safely transmit the self-radio setting information.
  • FIG. 9 schematically shows the data structure of the management wireless setting information 1 a possessed by the router 1.
  • This management wireless setting information is information for managing and controlling the wireless connection of each communication device that is currently wirelessly connected to the predetermined network 10 via the router 1. Specifically, whether the management wireless setting information is information obtained by directly exchanging the identification information (ID) of the wirelessly connected communication device and the wireless setting information used for wireless connection with the router 1.
  • An information type that is a flag indicating whether or not and a communication permission period during which wireless connection by the communication device is permitted are configured as fields.
  • S0 is obtained when the wireless setting information is directly acquired from the router 1
  • S1 is obtained when the wireless setting information is obtained via a communication device that is already wirelessly connected. Therefore, in this embodiment, the information type is set to S1 for the communication device 2 and the information type is set to S0 for the communication devices 3 and 4.
  • the communication permission period is set according to the information type flag.
  • the communication permission period is a relative period (for example, one week from the time of wireless connection) applied from the time when each communication apparatus is wirelessly connected to the predetermined network 10 for the first time via the router 1. be able to.
  • T0 is set for the communication permission period
  • T1 is set for the communication permission period.
  • the communication permission period T0 is longer than the communication permission period T1.
  • the communication device 2 whose information type is S1 does not acquire the wireless setting information directly from the router 1, but acquires it from the communication device 3. In such a case, the wireless connection by the communication device 2 is often temporary and sufficient, and the setting information providing process according to FIG.
  • the router 1 in providing the self-wireless setting information for the communication device 2. Therefore, it is not necessarily preferable that the wireless connection by the communication device 2 is continued without limitation. Therefore, by making the communication permission period of the communication device 2 with the information type S1 shorter than the communication permission period of the communication devices 3 and 4 with the information type S0, it is possible to prevent the inadvertent wireless connection from continuing. .
  • the communication permission period may be expressed by setting a specific date and time as the last access time limit. For example, the last date and time when access is permitted as of October 31, 2014 may be input to the communication permission period of the management wireless setting information 1a as the last day of the communication permission period.
  • the period of the communication device 2 is set to be shorter than the period of the communication devices 3 and 4 with respect to the access period calculated based on the final deadline of the input access and the first wireless connection.
  • the information type may be further subdivided, and the communication permission period may be set in detail accordingly.
  • the router 1 is involved in providing the self-radio setting information for the communication device 2. Therefore, compared with the setting information providing process according to FIG. From this aspect, it can be considered preferable. Therefore, when the communication apparatus 2 acquires the self-radio setting information by the setting information providing process according to FIG. 8, the information type is set to S2, and the corresponding communication permission period is longer than T1 and shorter than T0. It may be set.
  • the same communication permission period may be set for any communication device regardless of the information type.
  • a period during which wireless connection by the communication device 2 is possible may be managed on the communication device 2 side.
  • the self-radio setting information of the communication device 2 includes information regarding a communicable period during which the communication device 2 can wirelessly connect using the self-radio setting information. Accordingly, a wireless connection to a predetermined network 10 is performed via the router 1.
  • the present invention can be applied to a wireless connection to a LAN via a router that manages access to the LAN provided in a home or office. For example, if the router is installed in a place near the ceiling where it is difficult to reach, if there is a PC terminal that exchanges wireless setting information with the router in advance, a new PC terminal or tablet device Etc. can perform wireless connection to the LAN by performing the above-described wireless connection processing and setting information provision processing with the PC terminal already performing wireless connection.
  • a wireless network operated in a factory may be installed in a place where a router or the like is not conspicuous so as not to hinder the work in the factory.
  • a management terminal is brought in for confirmation of manufacturing progress in a factory and management of manufacturing equipment.
  • the management terminal since the management terminal is used for other purposes outside the factory, it cannot be incorporated in the wireless network in the factory in advance. Therefore, in such a case, the above wireless connection processing and setting information provision processing are performed between the communication device and the management terminal that are already wirelessly connected to the wireless network via the router, so that the wireless network is installed in the factory. Can be wirelessly connected to the wireless network.
  • FIG. 10 shows a schematic configuration of the wireless connection system according to the second embodiment of the present invention.
  • the communication device included in the wireless connection system is a transmission module equipped with sensors for measuring various external environment parameters (temperature, etc.).
  • FIG. 10 shows six transmission modules 52 to 57. Each of the transmission modules 52 to 57 wirelessly communicates with the router 1 using its own wireless setting information so that the measured external environment parameters are collected by the server 50 connected to the predetermined network 10. Transmit external environmental parameters measured through it.
  • the measurement by the sensors mounted on the transmission modules 52 to 57 and the transmission of the measurement data to the server 50 are performed after the power is turned on in each transmission module in order to realize continuous information collection. Are executed repeatedly at regular intervals (for example, at regular intervals).
  • the transmission modules 52 to 57 have all the functional units shown in FIG. 2B.
  • the sensor functional units for measuring the measurement target (reference numbers 52b to 57b in the transmission modules 52 to 57, respectively).
  • sensors mounted on the transmission modules 52 to 57 include physical sensors such as a temperature sensor, a humidity sensor, an acceleration sensor, an illuminance sensor, a flow sensor, a pressure sensor, a ground temperature sensor, and a particle sensor, and CO 2.
  • physical sensors such as a temperature sensor, a humidity sensor, an acceleration sensor, an illuminance sensor, a flow sensor, a pressure sensor, a ground temperature sensor, and a particle sensor, and CO 2.
  • chemical sensors such as sensors, pH sensors, EC sensors, and soil moisture sensors.
  • each transmission module is equipped with a temperature sensor for measuring the external temperature at the position where each transmission module is disposed, and the measured temperature data Is transmitted to the server 50.
  • the transmission module 52 is wirelessly connectable to a predetermined network 10 via the router 1 at the earliest time among the transmission modules shown in FIG. 10.
  • the transmission module 52 receives wireless setting information from the router 1. Get directly. Therefore, the transmission module 52 does not acquire the wireless setting information by executing the wireless connection process, but acquires the wireless setting information from the router 1 according to the WPS method, for example.
  • the wireless connection process is executed in the transmission module 53, and the setting information providing process is executed in response to the transmission module 52 that is already wirelessly connected at that time.
  • wireless setting information usable by the transmission module 53 is acquired from the transmission module 52.
  • the transmission module 54 acquires wireless setting information that can be used by the transmission module 54 from the transmission module 53.
  • the transmission modules 53 and 54 that have acquired the wireless setting information in this way start wireless communication with the router 1 using the wireless setting information and start wireless connection to the predetermined network 10. Acquisition of each wireless setting information by these transmission modules 52, 53, and 54 follows a predetermined acquisition method, and does not constitute unauthorized acquisition. Acquisition of such formal wireless setting information is indicated by a white arrow in FIG.
  • each transmission module uses wireless setting information used for wireless connection to a predetermined network 10 via the router 1 including identification information (login name) and a password. It is formed.
  • the password is used in common for all transmission modules connected wirelessly.
  • the login name is formed by adding the sub-identification information of the own transmission module and the sub-identification information corresponding to the acquisition destination from which the transmission module has acquired the wireless setting information each time the acquisition of the wireless setting information is repeated. Shall be.
  • the transmission module 52 acquires the wireless setting information from the router 1, the login name is RRAA by adding the sub-identification information AA of the transmission module 52 itself to the sub-identification information RR corresponding to the router 1.
  • the login name is RRAABB in which the sub-identification information BB of the transmission module 53 itself is added to the login name RRAA of the transmission module 52.
  • the login name of the transmission module 54 is RRAABBCC obtained by adding the sub-identification information CC of the transmission module 54 itself to the login name RRAABB of the transmission module 53.
  • the transmission module 55 illegally acquired the wireless setting information usable by the transmission module 55 from the transmission module 54 via wireless communication with the transmission module 54 without performing the wireless connection process.
  • the transmission module 55 does not request the transmission module 54 for wireless setting information in a predetermined format, that is, without transmitting the request message information shown in FIG.
  • the wireless setting information possessed by the transmission module 54 is illegally stolen.
  • the transmission module 55 creates its own login name RRAABBCCXX using the login name RRAABBCCC of the transmission module 54 that has been illegally accessed and the sub-identification information XX of the transmission module 55 itself, and a common password together with the login name.
  • the transmission modules 56 and 57 acquire the wireless setting information from the transmission module 55.
  • the acquisition by the transmission modules 56 and 57 is acquisition from the transmission module 55 that has acquired the unauthorized wireless setting information, whether it is the above-described formal acquisition or unauthorized acquisition.
  • the password held by the transmission modules 56 and 57 is considered to be stolen from other transmission modules in the same manner as the password held by the transmission module 55. Therefore, acquisition of the wireless setting by the transmission modules 56 and 57 is indicated by a solid arrow as in the transmission module 55.
  • the sub-identification information corresponding to each of the transmission modules 56 and 57 is YY and ZZ. Therefore, the login names of the transmission modules 56 and 57 are RRAABBCCCXYY and RRAABBCCXXZZ, respectively.
  • the transmission module uses the transmission module.
  • An acquisition route information management process is performed to manage the route through which the wireless setting information is acquired.
  • This acquisition route information management processing is executed by the acquisition route information management unit 131, and the flow of the processing is shown in the flowchart of FIG.
  • the acquired route information management process is performed for each access to the router 1 of each transmission module, whereby the income route information database shown in FIG. 12 is formed.
  • S301 it is determined whether or not the access to the router 1 by each transmission module is a new access using the wireless setting information of the transmission module. The determination of S301 is performed based on whether or not the wireless setting information that each transmission module uses for wireless communication with the router 1 is the first use. If an affirmative determination is made in S301, the process proceeds to S302, and if a negative determination is made, this process ends.
  • the login name (identification used when the transmission module wirelessly connects to the predetermined network 10 via the router 1) included in its own wireless setting information used by the transmission module that has made a new access. Information) is extracted.
  • the transmission module 52 is “AA”
  • the transmission module 55 is “AABBCCXX”.
  • the acquisition path of the wireless setting information held by each transmission module is specified from the extracted login name. The acquisition path is specified in consideration of the fact that the login name of each transmission module is formed by concatenating the sub-identification information of the transmission module that has been traced to acquire the wireless setting information.
  • the acquisition path of the transmission module 52 is determined from “RR” excluding the sub-identification information AA of the transmission module 52 itself given at the end of the login name.
  • the acquisition path corresponds to “RR”.
  • Only the router 1 to be used is the acquisition path for the wireless setting information of the transmission module 52.
  • the acquisition path of the transmission module 55 is determined from “RRABBBCC” excluding the sub-identification information XX of the transmission module 55 itself. In this case, the router 1 and the transmission modules 52, 53, and 54 are set as the acquisition paths.
  • each acquisition path describes the router 1 and the transmission modules that are traced in acquiring the wireless setting information in the order of time as a first acquisition destination, a second acquisition destination, and so on.
  • the identification number (device ID) of each device of the router 1 and the transmission module that is passed is used.
  • the device ID of the router 1 is 0001
  • the device IDs of the transmission modules 52 to 57 are 2001 to 7001, respectively.
  • the acquisition path information management process of FIG. 11 grasps the acquisition path of the wireless setting information acquired by each transmission module in the order of the apparatus ID of the apparatus (router 1, each transmission module) that has passed through. Become.
  • ⁇ Blocking process> When a plurality of transmission modules start wireless connection to a predetermined network 10 via the router 1, temperature data measured in each transmission module is transmitted to the server 50.
  • the load (transmission information amount) of the predetermined network 10 excessively increases, or temperature data to be transmitted to the server 50 is sent to a destination other than the server 50.
  • the occurrence of an event that should not occur originally is naturally undesirable from the viewpoint of network management.
  • the transmission module 55 illegally acquires wireless setting hand information from the transmission module 54, and as a result, an event that should not occur as described above occurs. The possibility is high. Therefore, the transmission module that has obtained the wireless setting information in an unauthorized manner is referred to as an unauthorized transmission module, and according to the description of the wireless connection system in FIG. 10, the transmission modules 55 to 57 correspond to the unauthorized transmission module. .
  • the wireless connection system if it is considered that an event that should not occur originally is generated by the transmission module that is wirelessly connected to the predetermined network 10 via the router 1, the event is illegal.
  • a process of blocking wireless communication between the unauthorized transmission module and the router 1 is performed. This blocking process is executed by the fraud detection unit 132 and the blocking management unit 133, and the flow of the processing is described in the flowchart of FIG.
  • the fraud detection unit 132 determines whether an unauthorized connection state is detected in the wireless connection by the transmission module (in the present embodiment, the transmission modules 52 to 57) managed by the router 1. . Specifically, the fraud detection unit 132 confirms the destination of the temperature data transmitted from each transmission module, and when the destination is not the server 50 that is the original destination but another destination. In this case, the transmission module that transmits the temperature data corresponds to the unauthorized transmission module.
  • data transmitted from each transmission module should be encrypted, but the temperature data is sent without being subjected to cryptographic processing, or is defined. Even when transmission is performed at an extremely shorter interval than the existing transmission interval and the load on the network increases as a result, it is possible to detect that an unauthorized connection has occurred. Further, as another method, it is possible to detect that an unauthorized connection state has occurred even when the data transmitted from the transmission module is not temperature data but other data (not limited to measurement data). . If the unauthorized transmission module is set to perform a Dos attack (Denial of Service attack) for some reason, the unauthorized connection state can be detected based on such an increase in network load and data contents. .
  • Dos attack Delivery of Service attack
  • a user who monitors a predetermined network recognizes the occurrence of an unauthorized connection state, and inputs the occurrence of the unauthorized connection state at a management terminal electrically connected to the router 1.
  • the fraud detection unit 132 may be configured to detect the unauthorized connection state. If an affirmative determination is made in S401, the process proceeds to S402, and if a negative determination is made, the blocking process is terminated.
  • step S ⁇ b> 402 regarding the detected unauthorized connection state, a condition for blocking wireless communication with the router 1 is determined for disconnecting the transmission module performing unauthorized connection from the wireless connection with the predetermined network 10. Specifically, when the destination of the temperature data transmission is used in the detection of the unauthorized connection state, the device ID of the transmission module that has transmitted the temperature data whose destination is not the server 50 and the acquisition path management unit 131 The blocking condition related to the unauthorized connection state is determined using the database of acquired route information.
  • the transmission module 55 is recognized as an unauthorized transmission module that transmits unauthorized temperature data. Then, in the acquisition path information database, the unauthorized transmission module 55, and the transmission module corresponding to the acquisition path including the device ID (5001) of the unauthorized transmission module 55 in the acquisition path of the wireless setting information are blocked transmission modules. To do. This is based on the idea that a transmission module provided with wireless setting information from a transmission module that transmits unauthorized temperature data is also likely to transmit unauthorized temperature data. Based on the above, in this embodiment, the blocking condition related to the unauthorized connection state is “transmission module with device ID 5001 in the acquisition route information database and transmission module with device ID included in the acquisition route of wireless setting information” Is the condition.
  • wireless communication between the router 1 and the transmission module that is the subject of wireless communication interruption in accordance with the interruption condition determined in S402. are blocked all at once. Since the blocking condition is determined based on the acquisition path of the wireless setting information as described above, the transmission module to be blocked can be identified very easily.
  • a command is transmitted from the router 1 to the transmission modules 55 to 57 so as to stop access to the router 1.
  • the router 1 may refuse to receive signals (including temperature data) transmitted from the transmission modules 55 to 57 to the router 1.
  • the wireless communication blocking process when it is detected that an unauthorized connection state is formed by the transmission module wirelessly connected to the router 1, the acquired route information database managed by the acquired route information management unit 131. Accordingly, the blocking condition for the transmission module to be blocked by wireless communication is determined. As a result, the wireless communication blocking process can be performed collectively, and the management of the wireless connection by the router 1 is facilitated.
  • FIG. 14 shows a modification of the blocking process.
  • the same processes as those in the blocking process shown in FIG. 13 are denoted by the same reference numerals, and detailed description thereof is omitted.
  • the process according to this modification when the process of S402 ends, the process proceeds to S501.
  • the wireless communication function of the blocking target module (in the present embodiment, the transmission modules 55 to 57 in the present embodiment) that is the blocking target of wireless communication is limited in accordance with the blocking condition determined in S402.
  • This restriction process is also executed by the cutoff management unit 133.
  • the purpose of this wireless communication function restriction process is that there is a possibility that the interruption target module (illegal transmission module) may be restored to a normal transmission module by the restoration process performed in S502, which will be described later. This is in order not to be disconnected from the predetermined network 10 and to mitigate the influence on the predetermined network 10 by the blocking target module. Therefore, in the blocking target module that has been subjected to the restriction process of the wireless communication function, the wireless communication with the router 1 is still maintained in a state where it can be performed in some form.
  • information from the router 1 to the blocking target module can be transmitted, but information from the blocking target module to the router 1 is transmitted from the blocking target module 1 so that the information does not reach the router 1.
  • the function may be stopped, or the router 1 may refuse to receive information from the blocking target module.
  • the transmission function of the blocking target module may be changed based on the content of information transmitted from the blocking target module to the router 1. For example, if the module to be blocked is sending various information and control commands that should not be sent to the router 1 in addition to the temperature data to the router 1, only the temperature data is sent. Other control commands are not transmitted.
  • the shutdown management unit 133 performs a recovery process.
  • This restoration process is a process for returning the shut-off target module to a normal transmission module. For example, a restart command is transmitted to the block target module whose communication function is limited. If there is no change in the information transmission behavior of the interruption target module after waiting for a certain period of time (for example, the transmission destination of the temperature data does not return to the server 50), the restoration process is unsuccessful. If the behavior of information transmission returns to a normal behavior (for example, the transmission destination of temperature data returns to the server 50), the recovery processing is successful. Therefore, in S503, if it is determined that the restoration process has been successful, the process proceeds to S504, where the blocking condition determined in S402 is reset.
  • the transmission modules 55 to 57 that are the modules to be blocked continue to be wirelessly connected to a predetermined network via the router 1 as normal transmission modules.
  • the process proceeds to S403, where the block-off process for the block-target modules 55 to 57 is performed.
  • the blocking target module detected as being in an unauthorized connection state is not disconnected from the predetermined network 10 immediately after the detection, but is restored to a normal connection state. Therefore, if the recovery is realized, inadvertent disconnection of the transmission module is suppressed, and the temperature data collection process is not hindered.
  • the acquisition path information database shown in FIG. 12 is generated based on the login name included in the wireless setting information of each transmission module by executing the acquisition path information management process shown in FIG. Instead of this mode, the acquisition path information database is also created based on the wireless setting information of each transmission module and information separately transmitted to the router 1 from the transmission module corresponding to the existing communication apparatus that provided the wireless setting information. Can be generated.
  • a transmission module corresponding to an existing communication apparatus provides the wireless setting information prepared according to the first preparation mode or the second preparation mode to the transmission module that requested the wireless setting information in the wireless connection process.
  • the router 1 is also provided with information that can identify the transmission module, such as the device ID of the transmission module that made the request to the router 1. Then, when the transmission module that made the request accesses the router 1, the router 1 obtains the wireless setting information from which transmission module the transmission module that made the request uses the information such as the device ID provided in advance. You can see what happened.
  • a device ID or the like is provided to the router 1 from the transmission module corresponding to the existing communication device. Is not done. Therefore, the router 1 does not generate acquisition path information regarding the transmission module 55.
  • the wireless setting information is also provided from the unauthorized transmission module 55 for the transmission modules 56 and 57, the device ID and the like are not provided from the unauthorized transmission module 55 to the router 1. Also, the acquisition route information regarding the transmission modules 56 and 57 is not generated.
  • the acquired route information database generated by the router 1 is only the one corresponding to the transmission modules 52 to 54 as shown in FIG.
  • the router 1 performs wireless communication between the router and the transmission module that is not included in the database based on the acquired route information database shown in FIG. Therefore, the blocking condition for blocking is determined. Then, wireless communication with the unauthorized transmission module is blocked according to the blocking condition.
  • the router 1 substantially identifies the transmission module that requested the wireless setting information and issues the wireless setting information for that purpose. Therefore, since the router 1 can grasp in advance the transmission module that performs wireless communication with the router 1, a database of acquired route information as shown in FIG. 15 can be generated.
  • ⁇ Type of unauthorized connection> As an aspect of the unauthorized connection by the transmission module, an aspect in which the transmission module performs an unauthorized connection due to virus infection or failure other than the intentional unauthorized connection aspect as described above is also conceivable.
  • a form in which an unauthorized transmission module intentionally uses exactly the same wireless setting information as an existing transmission module and impersonates the existing transmission module is one of the forms of unauthorized connection. In this case, it becomes difficult for the router 1 to distinguish between the existing transmission module impersonated and the unauthorized transmission module, and when the above-described blocking process is performed, even the existing transmission module that is normally performing a normal wireless connection is used.
  • the wireless communication is interrupted.
  • the present invention includes a mode in which the wireless communication is unavoidably interrupted to the existing transmission module in the scope of the right.

Abstract

A connection management control device that manages wireless connection of a communication device to a prescribed network by transmitting and receiving wireless setting information, which is for wireless connection to the prescribed network, to and from a communication device that is external to the prescribed network. The communication device acquires the wireless setting information from an existing communication device that is already wirelessly connected to the prescribed network via the connection management control device. In addition, the connection management control device manages acquisition path information that pertains to an acquisition path with which the wireless setting information corresponding to each of the communication devices is acquired by the communication devices. If an unauthorised connection state is detected, wireless communication between the unauthorised communication device and the connection management control device is blocked on the basis of the acquisition path information. Thus, communication devices that perform unauthorised connection via the connection management control device can easily be disconnected.

Description

接続管理制御装置、無線接続システム、ネットワークへの無線接続管理方法、及びネットワークへの無線接続の管理プログラムConnection management control device, wireless connection system, wireless connection management method to network, and management program for wireless connection to network
 本発明は、ネットワークへの無線接続を管理する接続管理制御装置、および当該接続管理制御装置と無線通信を行う通信装置と、当該接続管理制御装置を含んでなる無線接続システムに関する。 The present invention relates to a connection management control device that manages wireless connection to a network, a communication device that performs wireless communication with the connection management control device, and a wireless connection system that includes the connection management control device.
 所定の通信装置がLANやインターネットなどのネットワークに対して無線接続する場合、当該ネットワークへの接続を管理する無線LANアクセスポイントやルーター等の接続管理制御装置に対して無線通信を行い、そこで装置間の認証等所定の処理が要求される。このネットワークへの無線接続のための処理を簡易なものにするために、AOSS(AirstationOne-touch Secure System)や、WPS(WiFi Protected Setup)等の技術がある。これらの技術を用いると、ルーター等の所定のボタンと、無線通信装置のボタンを押すだけで無線LANの設定が完了する。 When a predetermined communication device is wirelessly connected to a network such as a LAN or the Internet, wireless communication is performed with a connection management control device such as a wireless LAN access point or router that manages the connection to the network, and there A predetermined process such as authentication is required. In order to simplify the process for wireless connection to the network, there are technologies such as AOSS (Airstation One-touch Secure System) and WPS (WiFi Secured Setup). When these technologies are used, the setting of the wireless LAN is completed simply by pressing a predetermined button such as a router or the button of the wireless communication apparatus.
 また、ネットワークに無線接続するにあたって、その無線接続のためのIDやパスワード等の、無線通信のための情報(無線設定情報)の入力が求められる場合がある。このような場合、通信装置のユーザがそれらの情報を入力し、接続管理制御装置がそれらの情報に基づいてネットワークへの無線接続の可否を判断する。ここで、ユーザによる無線設定情報の入力に要する手間を省くために、予め通信装置側に無線設定情報が記録されている場合がある。しかし、ユーザがこの無線設定情報を視認できる状態であれば、当該情報の不正利用が懸念されるため、通信装置において当該情報を視認できないようにする技術が開発されている(例えば、特許文献1を参照)。 Also, when wirelessly connecting to a network, there are cases in which input of wireless communication information (wireless setting information) such as an ID and password for the wireless connection may be required. In such a case, the user of the communication device inputs the information, and the connection management control device determines whether or not wireless connection to the network is possible based on the information. Here, in order to save time and effort required for the user to input the wireless setting information, the wireless setting information may be recorded in advance on the communication device side. However, if the user can visually recognize the wireless setting information, there is a concern about unauthorized use of the information. Therefore, a technology for preventing the information from being visually recognized in the communication device has been developed (for example, Patent Document 1). See).
特許第4296217号公報Japanese Patent No. 4296217
 通信装置にネットワークへの無線接続のための無線設定情報が予め記録されている場合、ユーザは、その通信装置を容易に、当該無線設定情報に対応するネットワークに対して無線接続することができる。しかし、その容易さは、予め記録されている無線設定情報に対応するネットワークに対してのみ発揮されるのであって、多くのネットワークに対する汎用性に欠けている。 When wireless setting information for wireless connection to a network is recorded in advance in the communication device, the user can easily connect the communication device to the network corresponding to the wireless setting information. However, this ease is exhibited only for a network corresponding to wireless setting information recorded in advance, and lacks versatility for many networks.
 また、ネットワークに無線接続するために通信装置が接続管理制御装置と無線設定情報の交換を行う場合、例えば、交換のために両装置間を有線で繋いだり、送受信の際に両装置に対して同時に所定の処理を行ったりする必要がある等の装置の操作上の観点から、通信装置と接続管理制御装置との距離が一定の距離以内となることが要求される場合がある。しかし、既に稼働しているネットワークや接続管理制御装置については、その物理的な位置等を容易に変更したり、また、通信装置を接続管理制御装置に近付けたりすることが困難な場合がある。 In addition, when a communication device exchanges wireless setting information with a connection management control device in order to establish a wireless connection to a network, for example, both devices are connected by wire for exchange, or both devices are exchanged for transmission / reception. From the viewpoint of the operation of the device, such as the necessity of performing predetermined processing at the same time, the distance between the communication device and the connection management control device may be required to be within a certain distance. However, there are cases where it is difficult to easily change the physical position of a network or connection management control device that is already operating, or to bring the communication device close to the connection management control device.
 一方で、通信装置による接続管理制御装置を介した無線接続を容易にすると、その無線接続のための無線設定情報がいたずらに拡散し、ネットワーク時のセキュリティやネットワークの負荷等の観点から好ましくない無線接続(不正接続)を許してしまう恐れがある。このような不正接続を行う通信装置によるアクセスは排除すべきものであるが、ネットワークに無線接続する通信装置の数が多くなると、その排除も容易ではない。 On the other hand, if the wireless connection through the connection management control device by the communication device is facilitated, the wireless setting information for the wireless connection spreads unnecessarily, which is undesirable from the viewpoint of network security, network load, etc. There is a risk of allowing connection (illegal connection). Access by such a communication device that performs unauthorized connection should be excluded, but if the number of communication devices wirelessly connected to the network increases, it is not easy to eliminate the access.
 本発明は、このような問題に鑑みてなされたものであり、接続管理制御装置を介して不正接続を行う通信装置を容易に切り離すことができる、ネットワークへの無線接続の管理技術を提供することを目的とする。 The present invention has been made in view of such a problem, and provides a management technology for a wireless connection to a network that can easily disconnect a communication device that performs unauthorized connection via a connection management control device. With the goal.
 本発明においては、上記課題を解決するために、通信装置が、ネットワークへの無線接続のための無線設定情報を、既に当該ネットワークへの無線接続を行っている通信装置から取得する構成の下、その無線設定情報の取得経路に関する情報に基づいて不正接続を行っている不正通信装置による無線通信を遮断する構成を採用した。これにより不正な無線通信の遮断が容易に行われることになる。 In the present invention, in order to solve the above problems, the communication device acquires wireless setting information for wireless connection to a network from a communication device that has already performed wireless connection to the network. Based on the information related to the acquisition path of the wireless setting information, a configuration is adopted in which wireless communication by an unauthorized communication device performing unauthorized connection is blocked. As a result, unauthorized wireless communication can be easily blocked.
 詳細には、本発明は、所定のネットワークへの無線接続のための無線設定情報を該所定のネットワークの外部の通信装置と送受信することで、該通信装置の該所定のネットワークへの無線接続の管理を行う接続管理制御装置である。そして、前記通信装置は、該通信装置が前記接続管理制御装置を介して前記所定のネットワークに無線接続するための無線設定情報を、該接続管理制御装置との無線通信を可能とする所定の無線設定情報に従って、既に該接続管理制御装置を介して該所定のネットワークに無線接続している既存通信装置から取得するように構成される。更に、前記接続管理制御装置は、前記接続管理制御装置との無線通信を行っている一又は複数の通信装置のそれぞれに対応する前記無線設定情報が、該それぞれの通信装置によって取得された取得経路に関する取得経路情報を管理する管理手段と、一又は複数の通信装置が前記接続管理制御装置に不正に接続している不正接続状態を検知する不正検知手段と、前記不正検知手段によって前記不正接続状態が検知されると、前記管理手段によって管理されている前記取得経路情報に基づいて、前記一又は複数の不正通信装置と前記接続管理制御装置との無線通信を遮断する遮断手段と、を備える。 Specifically, the present invention transmits / receives wireless setting information for wireless connection to a predetermined network to / from a communication device outside the predetermined network, so that the communication device can wirelessly connect to the predetermined network. It is a connection management control device that performs management. Then, the communication device transmits a wireless setting information for wirelessly connecting the communication device to the predetermined network via the connection management control device. According to the setting information, it is configured to acquire from an existing communication device that is already wirelessly connected to the predetermined network via the connection management control device. Further, the connection management control device is configured to acquire the wireless setting information corresponding to each of one or a plurality of communication devices performing wireless communication with the connection management control device by the respective communication devices. Management means for managing acquisition path information relating to, unauthorized detection means for detecting an unauthorized connection state in which one or a plurality of communication devices are illegally connected to the connection management control device, and the unauthorized connection status by the unauthorized detection means And detecting means for blocking wireless communication between the one or more unauthorized communication devices and the connection management control device based on the acquired route information managed by the management means.
 通信装置が所定のネットワークに無線接続するためには、当該所定のネットワークを管理している接続管理制御装置によって無線接続が認められるための無線設定情報を用いて、当該通信装置が接続管理制御装置にアクセスする必要がある。ここで無線設定情報の一例としては、所定のネットワークで識別されるための識別情報や、当該識別情報に対応するパスワード等が挙げられる。そして、所定のネットワークへの無線接続については、通信装置は、自己の無線設定情報を、既に接続管理制御装置を介して所定のネットワークに無線接続している既存通信装置から取得するように構成される。そのため、通信装置は、接続管理制御装置からだけではなく、既存通信装置からも無線設定情報を取得できることになり、その所定のネットワークへの無線接続の処理が容易なものとなる。 In order for a communication device to wirelessly connect to a predetermined network, the communication device uses the wireless setting information for allowing wireless connection by the connection management control device managing the predetermined network, and the communication device is connected to the connection management control device. Need to access. Here, examples of the wireless setting information include identification information for identification in a predetermined network, a password corresponding to the identification information, and the like. For wireless connection to a predetermined network, the communication device is configured to acquire its own wireless setting information from an existing communication device that is already wirelessly connected to the predetermined network via the connection management control device. The Therefore, the communication device can acquire the wireless setting information not only from the connection management control device but also from the existing communication device, and the processing of wireless connection to the predetermined network becomes easy.
 一方で、このような無線接続の処理容易化によれば、その分、所定のネットワークが意図しない無線接続に晒される可能性も高くなる。このような意図されない無線接続を、本発明では不正接続と称し、遮断手段による接続管理制御装置との無線通信の遮断の対象とされる。不正接続としては、例えば、無線設定情報の不正取得等に代表される無線接続だけではなく、適正な無線接続を行っていた通信装置が何らかの理由で偶発的に不正な無線接続を行うようになった場合等の偶発的な不正接続も含まれ、不正接続を行う通信装置を不正通信装置と称する。このような不正通信装置による不正接続の状態である不正接続状態が、不正検知手段によって検知される。この不正検知手段による不正接続状態の判断は、所定のネットワークにおける事象(例えば、情報の流れやネットワーク負荷等)や、不正通信装置による無線設定情報の不正取得処理そのものの検知等に基づいて行われる。 On the other hand, according to such facilitation of wireless connection processing, the possibility that a predetermined network is exposed to an unintended wireless connection increases. Such an unintended wireless connection is referred to as an unauthorized connection in the present invention, and is targeted for blocking wireless communication with the connection management control device by the blocking means. As an unauthorized connection, for example, not only a wireless connection represented by unauthorized acquisition of wireless setting information but also a communication device that has performed an appropriate wireless connection accidentally performs an unauthorized wireless connection for some reason. An accidental illegal connection such as a case where the illegal connection has occurred is also included, and a communication device that performs the illegal connection is referred to as an unauthorized communication device. An unauthorized connection state that is an unauthorized connection state by such an unauthorized communication device is detected by the unauthorized detection means. The determination of the unauthorized connection state by the unauthorized detection means is performed based on detection of an event (for example, information flow or network load) in a predetermined network or unauthorized acquisition processing itself of wireless setting information by an unauthorized communication device. .
 また、接続管理制御装置は、管理手段によって取得経路情報を管理している。この取得経路情報は、無線通信を行っている通信装置がその無線設定情報をどの経路で取得したかに関する情報であり、換言すれば、接続管理制御装置を介して所定のネットワークに無線接続している一又は複数の通信装置が、それぞれの無線設定情報の取得に関しどのように関係し合っているか、その相関関係を示す情報でもある。したがって、この取得経路情報を利用すれば、仮に不正検知手段によって不正接続状態が検知されると、その不正接続状態に関連している一又は複数の不正通信装置を、無線設定情報の取得経路の観点からまとめて容易に把握することが可能となる。そこで、この取得経路情報に基づいて遮断手段が一又は複数の不正通信装置と接続管理制御装置との無線通信を遮断することで、容易に不正通信装置を所定のネットワークへの無線接続から切り離すことができ、接続管理制御装置による無線接続の管理が好適に行い得る。 Also, the connection management control device manages the acquired route information by the management means. This acquisition route information is information on which route the communication device performing wireless communication has acquired the wireless setting information. In other words, it is wirelessly connected to a predetermined network via the connection management control device. It is also information indicating the correlation between one or a plurality of communication devices related to the acquisition of the respective wireless setting information. Therefore, by using this acquisition path information, if an unauthorized connection state is detected by the unauthorized detection means, one or more unauthorized communication devices related to the unauthorized connection state are transferred to the wireless configuration information acquisition path. It becomes possible to grasp easily from a viewpoint. Therefore, based on this acquired route information, the blocking means blocks wireless communication between one or more unauthorized communication devices and the connection management control device, thereby easily disconnecting the unauthorized communication device from wireless connection to a predetermined network. Therefore, management of wireless connection by the connection management control device can be suitably performed.
 ここで、上記の接続管理制御装置において、前記通信装置は、前記接続管理制御装置との無線通信を可能とする所定の無線設定情報に従って、該接続管理制御装置を介して前記所定のネットワークへの無線接続を既に行っている既存通信装置に対して、該通信装置が前記接続管理制御装置との無線通信を可能とするための自己用の前記無線設定情報である自己無線設定情報を要求する設定情報要求手段と、前記設定情報要求手段による要求に従って前記既存通信装置で準備された前記自己無線設定情報を、該既存通信装置から受信する設定情報受信手段と、前記設定情報受信手段によって受信された前記自己無線設定情報に基づいて、前記接続管理制御装置への無線通信を実行する実行手段と、を有するように構成される。そして、前記通信装置が前記実行手段によって前記自己無線設定情報を使用して前記接続管理制御装置に無線通信を行うと、前記管理手段は、該自己無線設定情報に基づいて該通信装置による該自己無線設定情報の取得経路を新たな管理対象とする。 Here, in the above connection management control device, the communication device communicates with the predetermined network via the connection management control device according to predetermined wireless setting information that enables wireless communication with the connection management control device. Setting for requesting self-radio setting information which is the radio setting information for self-existing communication device that enables wireless communication with the connection management control device to an existing communication device that has already established a wireless connection Received by the setting information receiving means, the setting information receiving means for receiving from the existing communication apparatus the self-radio setting information prepared by the existing communication apparatus according to the request by the setting information requesting means, and the setting information receiving means And executing means for executing wireless communication to the connection management control device based on the self wireless setting information. When the communication device performs wireless communication with the connection management control device using the self-radio setting information by the execution unit, the management unit performs the self-communication by the communication device based on the self-radio setting information. The acquisition path of wireless setting information is set as a new management target.
 ここで、上記通信装置は、設定情報要求手段、設定情報受信手段を有することにより、自己の無線設定情報(自己無線設定情報)を、既に接続管理制御装置を介して所定のネットワークに無線接続している既存通信装置から取得するように構成される。すなわち、通信装置は、設定情報要求手段によって、当該通信装置自身が接続管理制御装置を介して所定のネットワークに無線接続するために必要な自己用の無線設定情報を、既存通信装置に対して要求する。この既存通信装置は、通信装置が所定のネットワークへの無線接続を試みようとする時点において既に接続管理制御装置を介して所定のネットワークに無線接続している装置である。したがって、既存通信装置は、接続管理制御装置によって所定のネットワークへの無線接続が既に認められており、例えば、接続管理制御装置との間での交換を経て、又は上記通信装置のように他の通信装置との間での交換を経て、既存通信装置用の所定の無線設定情報を有していることになる。設定情報要求手段は、このように既存通信装置が既に所定の無線設定情報を有していることに着目し、接続管理制御装置に代えて既存通信装置に無線設定情報の交換を要求するものである。 Here, the communication device has setting information requesting means and setting information receiving means, so that its own wireless setting information (self wireless setting information) is already wirelessly connected to a predetermined network via the connection management control device. Configured to obtain from existing communication devices. In other words, the communication device requests the existing communication device for its own wireless setting information necessary for the communication device itself to wirelessly connect to a predetermined network via the connection management control device by the setting information requesting means. To do. The existing communication device is a device that is already wirelessly connected to a predetermined network via the connection management control device when the communication device attempts to make a wireless connection to the predetermined network. Therefore, the existing communication device has already been granted a wireless connection to the predetermined network by the connection management control device. For example, the existing communication device is exchanged with the connection management control device or other communication devices such as the communication device. After exchanging with the communication device, it has predetermined wireless setting information for the existing communication device. The setting information request means pays attention to the fact that the existing communication device already has the predetermined wireless setting information, and requests the existing communication device to exchange the wireless setting information instead of the connection management control device. is there.
 なお、設定情報要求手段による要求が既存通信装置に届くと、既存通信装置は、通信装置のための自己無線設定情報を準備する。この自己無線設定情報の準備に関し、既存通信装置は、全ての要求に対して当該準備を行ってもよく、又は、要求毎に当該準備を行うか否か、所定の判断基準に従った判断を行ったうえで当該準備を行ってもよい。ここでいう所定の判断基準としては、所定のネットワークのセキュリティ等の観点から無線接続を許容するために設定される基準等が例示できる。いずれにせよ既存通信装置で準備された自己無線設定情報は、通信装置側へ送られ、設定情報受信手段によって受信される。 In addition, when the request by the setting information request means arrives at the existing communication device, the existing communication device prepares self-radio setting information for the communication device. Regarding the preparation of the self-radio setting information, the existing communication device may make the preparation for all requests, or determine whether to make the preparation for each request according to a predetermined judgment criterion. You may make the preparation after having done. Examples of the predetermined determination criterion include a criterion set to allow wireless connection from the viewpoint of security of a predetermined network. In any case, the self-radio setting information prepared by the existing communication device is sent to the communication device side and received by the setting information receiving means.
 このように、本発明に係る通信装置は、直接に接続管理制御装置と無線設定情報を交換する代わりに、既存通信装置との交換を介して自己無線設定情報を取得する。これにより、通信装置は、自己無線設定情報を接続管理制御装置以外からも取得できるようになるため、所定のネットワークに容易に無線接続することが可能となる。そして、このように通信装置が自己無線設定情報を容易に取得できる状況において、接続管理制御装置では管理手段が、取得した自己無線設定情報に従って新たなアクセスをしてきた通信装置があれば、当該通信装置の自己無線設定情報の取得経路を新たに管理することになる。これにより、後に不正検知手段によって不正接続状態が検知されたときに、上述したように不正通信装置の切り離しを容易に行うことが可能となる。 As described above, the communication device according to the present invention acquires the self-radio setting information through the exchange with the existing communication device, instead of directly exchanging the radio setting information with the connection management control device. As a result, the communication apparatus can acquire the self-radio setting information from other than the connection management control apparatus, and can easily connect to a predetermined network by radio. Then, in a situation where the communication device can easily acquire the self-radio setting information in this way, the connection management control device, if there is a communication device that has made a new access according to the acquired self-radio setting information, the communication means The acquisition route of the device's own wireless setting information is newly managed. As a result, when the unauthorized connection state is detected later by the unauthorized detection means, the unauthorized communication device can be easily disconnected as described above.
 ここで、上述までの接続管理制御装置において、前記不正検知手段によって前記不正接続状態が検知されると、該一又は複数の不正通信装置と前記接続管理制御装置との間の無線通信に関する所定機能の一部を制限する通信機能制限手段を、更に備えてもよく、その場合、前記通信機能制限手段による制限は、前記遮断手段による無線通信の遮断より前に実行される。本発明において、不正接続は、所定のネットワークにおいて意図しない無線接続を言う。そこで、仮に不正接続状態が検知されたとしても、通信機能制限手段によって不正通信装置の無線通信機能の一部を制限することで、不正通信装置による無線接続が所定のネットワークにおいて許容できるものであれば、当該不正通信装置による無線接続を遮断する必要がない場合もある。逆に、本来正常な通信装置が偶発的に不正通信装置となった場合、当初の通信装置の無線通信機能による所定の処理自体は、不正通信装置となった後においても所定のネットワークにとって有用な場合もあり得る。そのような場合には、通信機能制限手段による無線通信に関する所定機能の一部を制限することで、所定のネットワークとしては享受し得る利益の維持を図ることができる。なお、接続管理制御装置と不正通信装置との間の無線通信が制限されれば、所定機能としては、接続管理制御装置側の機能であってもよく、又は不正通信装置側の機能であってもよい。 Here, in the connection management control device described above, when the unauthorized connection state is detected by the unauthorized detection means, a predetermined function relating to wireless communication between the one or more unauthorized communication devices and the connection management control device. The communication function restriction means for restricting a part of the communication function restriction means may be further provided. In this case, the restriction by the communication function restriction means is executed before the wireless communication is interrupted by the interruption means. In the present invention, unauthorized connection refers to an unintended wireless connection in a predetermined network. Therefore, even if an unauthorized connection state is detected, wireless communication by the unauthorized communication device can be permitted in a predetermined network by restricting a part of the wireless communication function of the unauthorized communication device by the communication function restricting means. For example, it may not be necessary to block the wireless connection by the unauthorized communication device. Conversely, when an originally normal communication device accidentally becomes an unauthorized communication device, the predetermined processing by the wireless communication function of the original communication device is useful for the predetermined network even after becoming the unauthorized communication device. There may be cases. In such a case, it is possible to maintain a profit that can be enjoyed as a predetermined network by limiting a part of the predetermined function related to wireless communication by the communication function limiting unit. As long as wireless communication between the connection management control device and the unauthorized communication device is restricted, the predetermined function may be a function on the connection management control device side or a function on the unauthorized communication device side. Also good.
 なお、たとえ不正通信装置の無線通信機能の一部を制限することで何らかの利益が得られるとしても、不正通信装置による不正接続自体は所定のネットワークにとって好ましいものではない。したがって、通信機能制限手段による制限が行われる場合でも、何れは遮断手段により不正通信装置の無線通信が遮断される。 Note that even if some benefits can be obtained by restricting a part of the wireless communication function of the unauthorized communication device, the unauthorized connection itself by the unauthorized communication device is not preferable for a given network. Therefore, even when the restriction by the communication function restriction unit is performed, the wireless communication of the unauthorized communication device is blocked by the blocking unit.
 ここで、通信機能制限手段による無線通信機能の制限の形態として2つの制限形態が例示できる。第1には、上記の接続管理制御装置において、前記通信機能制限手段は、前記一又は複数の不正通信装置から前記接続管理制御装置に向かう情報伝送が禁止されるとともに、該接続管理制御装置から該一又は複数の不正通信装置への情報伝送が許可されるような形式で、該一又は複数の不正通信装置と前記接続管理制御装置との間の無線通信に関する所定機能の一部を制限する。第2には、上記の接続管理制御装置において、前記通信機能制限手段は、前記一又は複数の不正通信装置から前記接続管理制御装置に向かって伝送される伝送情報の内容に基づいて、該伝送情報の伝送の可否を決定する形式で、該一又は複数の不正通信装置と前記接続管理制御装置との間の無線通信に関する所定機能の一部を制限する。前者の制限形態では、伝送情報の伝送方向に基づいて不正通信装置の無線通信機能の制限が行われることになり、その結果として接続管理制御装置から不正通信装置への情報伝送は維持されるため、接続管理制御装置による不正通信装置の管理制御が可能な状態は維持されることになる。また、後者の制限形態では、伝送情報の内容に基づいて、例えば有益な内容を有する情報か否かに基づいて不正通信装置の無線通信機能の制限が行われることになり、その結果として、所定のネットワーク側が必要とする情報の伝送は維持されることになる。なお、不正通信装置の無線通信機能が制限されることで所定のネットワークにとって何らかの利益を享受し得る場合には、これら以外の制限形態も採用できる。 Here, two forms of restriction can be exemplified as forms of restriction of the wireless communication function by the communication function restriction means. First, in the above connection management control device, the communication function restriction unit prohibits information transmission from the one or more unauthorized communication devices to the connection management control device, and from the connection management control device. Restricting a part of predetermined functions related to wireless communication between the one or more unauthorized communication devices and the connection management control device in such a format that information transmission to the one or more unauthorized communication devices is permitted. . Second, in the above connection management control device, the communication function restriction unit is configured to transmit the transmission based on the content of transmission information transmitted from the one or more unauthorized communication devices toward the connection management control device. A part of a predetermined function related to wireless communication between the one or more unauthorized communication devices and the connection management control device is limited in a format for determining whether or not information can be transmitted. In the former restriction mode, the wireless communication function of the unauthorized communication device is restricted based on the transmission direction of the transmission information, and as a result, information transmission from the connection management control device to the unauthorized communication device is maintained. Thus, a state where management control of the unauthorized communication device by the connection management control device is possible is maintained. In the latter restriction mode, the wireless communication function of the unauthorized communication device is restricted based on the content of the transmission information, for example, based on whether or not the information has useful content. The transmission of information required by the network side is maintained. If the wireless communication function of the unauthorized communication device is restricted and some benefits can be enjoyed for a predetermined network, other restricted forms can be employed.
 ここで、接続管理制御装置が通信機能制限手段を備える場合、当該接続管理制御装置は、前記通信機能制限手段による前記一又は複数の不正通信装置の前記接続管理制御装置に対する無線通信機能の一部の制限が行われている状態において、該一又は複数の不正通信装置のうち少なくとも一部の不正接続状態を正常な接続状態に復旧させる復旧手段を、更に備えてもよい。このように復旧手段による不正接続状態の解消および正常な接続状態への復旧が行われることで、遮断手段による無線通信の遮断を行う必要がなくなる。この結果、正常な接続状態に復旧した通信装置に関しては、所定のネットワークからの切り離しを回避でき、所定のネットワークへの無線接続を継続することが可能となる。 Here, when the connection management control device includes a communication function restriction unit, the connection management control device is a part of the wireless communication function for the connection management control device of the one or more unauthorized communication devices by the communication function restriction unit. In the state where the restriction is performed, a recovery means for recovering at least a part of the unauthorized connection state among the one or more unauthorized communication devices to a normal connection state may be further provided. In this way, the cancellation of the unauthorized connection state by the recovery unit and the restoration to the normal connection state are performed, so that it is not necessary to block the wireless communication by the blocking unit. As a result, the communication device that has been restored to the normal connection state can be prevented from being disconnected from the predetermined network, and wireless connection to the predetermined network can be continued.
 また、本願発明を、所定のネットワークへの無線接続を行うための無線接続システムの側面から捉えることもできる。この場合、当該無線接続システムは、所定のネットワークへの無線接続のための無線設定情報を該所定のネットワークの外部の通信装置と送受信することで、該通信装置の該所定のネットワークへの無線接続の管理を行う接続管理制御装置と、前記接続管理制御装置との無線通信を可能とする所定の無線設定情報に従って、既に該接続管理制御装置を介して該所定のネットワークに無線接続している既存通信装置と、自己が前記接続管理制御装置を介して前記所定のネットワークに無線接続するための無線設定情報を、前記既存通信装置から取得するように構成された通信装置と、を備える。そして、前記接続管理制御装置は、前記接続管理制御装置との無線通信を行っている一又は複数の通信装置のそれぞれに対応する前記無線設定情報が、該それぞれの通信装置によって取得された取得経路に関する取得経路情報を管理する管理手段と、一又は複数の通信装置が前記接続管理制御装置に不正に接続している不正接続状態を検知する不正検知手段と、前記不正検知手段によって前記不正接続状態が検知されると、前記管理手段によって管理されている前記取得経路情報に基づいて、前記一又は複数の不正通信装置と前記接続管理制御装置との無線通信を遮断する遮断手段と、を有する。なお、当該無線接続システムの発明には、上記接続管理制御装置の発明に関し開示した技術思想を、技術的な齟齬が生じない限りで適用することが可能である。 Also, the present invention can be grasped from the aspect of a wireless connection system for performing wireless connection to a predetermined network. In this case, the wireless connection system transmits / receives wireless setting information for wireless connection to a predetermined network to / from a communication device outside the predetermined network, so that the wireless connection of the communication device to the predetermined network is performed. A connection management control device that manages the network, and an existing wireless connection already established to the predetermined network via the connection management control device according to predetermined wireless setting information that enables wireless communication with the connection management control device A communication device, and a communication device configured to acquire wireless setting information for wireless connection to the predetermined network via the connection management control device from the existing communication device. Then, the connection management control device obtains the wireless setting information corresponding to each of one or a plurality of communication devices performing wireless communication with the connection management control device by the respective communication devices. Management means for managing acquisition path information relating to, unauthorized detection means for detecting an unauthorized connection state in which one or a plurality of communication devices are illegally connected to the connection management control device, and the unauthorized connection status by the unauthorized detection means And detecting means for blocking wireless communication between the one or more unauthorized communication devices and the connection management control device based on the acquired route information managed by the management means. It should be noted that the technical idea disclosed with respect to the invention of the connection management control device can be applied to the invention of the wireless connection system as long as there is no technical flaw.
 また、本願発明を、所定のネットワークへの無線接続のための無線設定情報を該所定のネットワークの外部の通信装置と送受信することで、該通信装置の該所定のネットワークへの無線接続を管理制御する接続管理制御装置による管理方法の側面からとらえてもよい。この場合、当該方法は、前記接続管理制御装置との無線通信を行っている一又は複数の通信装置のそれぞれに対応する前記無線設定情報が、該それぞれの通信装置によって取得された取得経路に関する取得経路情報を管理する管理ステップと、一又は複数の通信装置が前記接続管理制御装置に不正に接続している不正接続状態を検知する不正検知ステップと、前記不正検知ステップで前記不正接続状態が検知されると、前記管理ステップで管理されている前記取得経路情報に基づいて、前記一又は複数の不正通信装置と前記接続管理制御装置との無線通信を遮断する遮断ステップと、を含む。なお、当該管理方法の発明には、上記接続管理制御装置の発明に関し開示した技術思想を、技術的な齟齬が生じない限りで適用することが可能である。 In addition, the present invention manages and controls wireless connection of the communication device to the predetermined network by transmitting and receiving wireless setting information for wireless connection to the predetermined network to and from a communication device outside the predetermined network. It may be understood from the aspect of the management method by the connection management control device. In this case, in this method, the wireless setting information corresponding to each of one or a plurality of communication devices performing wireless communication with the connection management control device is acquired with respect to the acquisition path acquired by each communication device. A management step for managing path information; an unauthorized detection step for detecting an unauthorized connection state in which one or a plurality of communication devices are illegally connected to the connection management control device; and the unauthorized connection state is detected in the unauthorized detection step. And a blocking step of blocking wireless communication between the one or more unauthorized communication devices and the connection management control device based on the acquired route information managed in the management step. It should be noted that the technical idea disclosed regarding the invention of the connection management control device can be applied to the invention of the management method as long as there is no technical flaw.
 また、本発明を、所定のネットワークへの無線接続のための無線設定情報を該所定のネットワークの外部の通信装置と送受信することで、該通信装置の該所定のネットワークへの無線接続を管理制御する接続管理制御装置により実行されるネットワークへの無線接続の管理プログラムの側面からとらえてもよい。この場合、当該通信装置は、該通信装置が前記接続管理制御装置を介して前記所定のネットワークに無線接続するための無線設定情報を、該接続管理制御装置との無線通信を可能とする所定の無線設定情報に従って、既に該接続管理制御装置を介して該所定のネットワークに無線接続している既存通信装置から取得するように構成される。そして、当該管理プログラムは、前記接続管理制御装置に、
 前記接続管理制御装置との無線通信を行っている一又は複数の通信装置のそれぞれに対応する前記無線設定情報が、該それぞれの通信装置によって取得された取得経路に関する取得経路情報を管理する管理ステップと、一又は複数の通信装置が前記接続管理制御装置に不正に接続している不正接続状態を検知する不正検知ステップと、前記不正検知ステップで前記不正接続状態が検知されると、前記管理ステップで管理されている前記取得経路情報に基づいて、前記一又は複数の不正通信装置と前記接続管理制御装置との無線通信を遮断する遮断ステップと、を実行させる。なお、当該管理プログラムの発明には、上記接続管理制御装置の発明に関し開示した技術思想を、技術的な齟齬が生じない限りで適用することが可能である。 In addition, the present invention manages and controls the wireless connection of the communication device to the predetermined network by transmitting and receiving wireless setting information for wireless connection to the predetermined network to and from a communication device outside the predetermined network. It may be understood from the aspect of a management program for wireless connection to the network executed by the connection management control device. In this case, the communication apparatus transmits a wireless setting information for wirelessly connecting the communication apparatus to the predetermined network via the connection management control apparatus. According to the wireless setting information, it is configured to acquire from an existing communication device that is already wirelessly connected to the predetermined network via the connection management control device. Then, the management program is connected to the connection management control device.
A management step of managing the acquisition path information related to the acquisition path acquired by each of the communication apparatuses, wherein the wireless setting information corresponding to each of one or a plurality of communication apparatuses performing wireless communication with the connection management control apparatus And an unauthorized detection step for detecting an unauthorized connection state in which one or a plurality of communication devices are illegally connected to the connection management control device, and when the unauthorized connection state is detected in the unauthorized detection step, the management step And a blocking step for blocking wireless communication between the one or more unauthorized communication devices and the connection management control device. It should be noted that the technical idea disclosed regarding the invention of the connection management control device can be applied to the management program invention as long as there is no technical flaw.
 接続管理制御装置を介して不正接続を行う通信装置を容易に切り離すことができる、ネットワークへの無線接続の管理技術を提供することが可能となる。 It becomes possible to provide a management technology for wireless connection to a network that can easily disconnect a communication device that performs unauthorized connection via the connection management control device.
本発明の第1の実施例に係る無線接続システムの概略構成を示す図である。It is a figure which shows schematic structure of the wireless connection system which concerns on 1st Example of this invention. 図1に示す無線接続システムに含まれる通信装置の第1の機能ブロック図である。It is a 1st functional block diagram of the communication apparatus contained in the wireless connection system shown in FIG. 図1に示す無線接続システムに含まれる通信装置の第2の機能ブロック図である。It is a 2nd functional block diagram of the communication apparatus contained in the wireless connection system shown in FIG. 図1に示す無線接続システムに含まれるルーターの機能ブロック図である。FIG. 2 is a functional block diagram of a router included in the wireless connection system shown in FIG. 1. 通信装置で実行される無線接続処理のフローチャートである。It is a flowchart of the wireless connection process performed with a communication apparatus. 通信装置で実行される設定情報提供処理のフローチャートである。It is a flowchart of the setting information provision process performed with a communication apparatus. 図1に示す無線接続システムでの通信装置、ルーター間の情報授受に関する第1のシーケンス図である。FIG. 2 is a first sequence diagram regarding information exchange between a communication device and a router in the wireless connection system shown in FIG. 1. 図4及び図5に示す各処理において無線設定情報の取得のために通信装置間で送受信される要求コマンド及び無線設定情報のデータ構造を概略的に示す図である。6 is a diagram schematically showing a data structure of a request command and wireless setting information transmitted / received between communication apparatuses in order to acquire wireless setting information in each process shown in FIGS. 4 and 5. FIG. 図1に示す無線接続システムでの通信装置、ルーター間の情報授受に関する第2のシーケンス図である。FIG. 6 is a second sequence diagram regarding information exchange between the communication device and the router in the wireless connection system shown in FIG. 1. ルーターが備える管理用の無線設定情報の概略的な構成を示す図である。It is a figure which shows schematic structure of the radio | wireless setting information for management with which a router is provided. 本発明の第2の実施例に係る無線接続システムの概略構成を示す図である。It is a figure which shows schematic structure of the wireless connection system which concerns on 2nd Example of this invention. 図10に示すルーターで実行される取得経路情報管理処理のフローチャートである。It is a flowchart of the acquisition path | route information management process performed with the router shown in FIG. 取得経路情報管理処理によって生成される取得経路情報のデータベース構造を示す図である。It is a figure which shows the database structure of the acquisition route information produced | generated by the acquisition route information management process. 図10に示すルーターで実行される遮断処理の第1のフローチャートである。It is a 1st flowchart of the interruption | blocking process performed with the router shown in FIG. 図10に示すルーターで実行される遮断処理の第2のフローチャートである。FIG. 11 is a second flowchart of a blocking process executed by the router shown in FIG. 10. 取得経路情報の別のデータベース構造を示す図である。It is a figure which shows another database structure of acquisition path | route information.
 図面を参照して本発明に係る無線接続システム、および当該無線接続システムに含まれる通信装置について説明する。なお、以下の実施形態の構成は例示であり、本発明はこの実施の形態の構成に限定されるものではない。 The wireless connection system according to the present invention and the communication device included in the wireless connection system will be described with reference to the drawings. The configuration of the following embodiment is an exemplification, and the present invention is not limited to the configuration of this embodiment.
 図1は、所定のネットワーク10に無線接続するためのシステムである無線接続システムの概略構成を示す図である。所定のネットワーク10は、LANやインターネット等の任意のネットワークであり、ルーター1は、当該所定のネットワーク10への無線接続を管理制御する装置である。そして、通信装置3、4は、既にルーター1を介して所定のネットワーク10への無線接続を行っている。このルーター1を介した無線接続に当たっては、通信装置3、4は、ルーター1との間で既に無線設定情報の交換を行っている。無線設定情報は、所定のネットワーク10に無線接続するために必要とされる情報であり、例えば、所定のネットワーク10での識別情報と、ネットワークに無線接続するためのパスワード等で形成される。図1に示す無線接続システムで、既にルーター1を介して所定のネットワーク10に無線接続している通信装置3、4は、それぞれ、その無線接続を実現させた無線設定情報を装置のメモリ内に記憶しており、図において通信装置3の無線設定情報は3aで参照され、通信装置4の無線設定情報は4aで参照されている。 FIG. 1 is a diagram showing a schematic configuration of a wireless connection system that is a system for wirelessly connecting to a predetermined network 10. The predetermined network 10 is an arbitrary network such as a LAN or the Internet, and the router 1 is a device that manages and controls wireless connection to the predetermined network 10. The communication devices 3 and 4 have already made a wireless connection to the predetermined network 10 via the router 1. In the wireless connection via the router 1, the communication devices 3 and 4 have already exchanged wireless setting information with the router 1. The wireless setting information is information necessary for wireless connection to a predetermined network 10, and is formed of, for example, identification information for the predetermined network 10 and a password for wireless connection to the network. In the wireless connection system shown in FIG. 1, each of the communication devices 3 and 4 that are already wirelessly connected to the predetermined network 10 via the router 1 stores wireless setting information for realizing the wireless connection in the memory of the device. In the figure, the wireless setting information of the communication device 3 is referred to by 3a, and the wireless setting information of the communication device 4 is referred to by 4a.
 また、ルーター1は、ルーター1を介して所定のネットワーク10に無線接続する通信装置の当該無線接続を管理制御する装置である。そこで、その無線接続の管理制御のための情報として管理用無線設定情報を有しており、ルーター1のメモリ内に記憶している。当該管理用無線設定情報は、図1において参照番号1aが付されており、また、後述する図9にその具体的な構成が開示されている。ここで、通信装置が所定のネットワーク10に無線接続するためにルーター1と直接、無線設定情報の交換を行うには、通信装置がルーター1から一定の距離内に位置する必要がある。これは、ルーター1がWPS(WiFi Protected Setup)の方式により、無線設定情報の交換を行う装置であるため、ユーザがルーター1と通信装置とを同時に操作しなければならないことによる。そして、上記の通信装置3、4は、このWPS方式により無線設定情報の交換をルーター1と行うことで、既にルーター1を介した所定のネットワーク10への無線接続を確立したものとする。 The router 1 is a device that manages and controls the wireless connection of a communication device that is wirelessly connected to a predetermined network 10 via the router 1. Therefore, management wireless setting information is stored as information for management control of the wireless connection and stored in the memory of the router 1. The management wireless setting information is denoted by reference numeral 1a in FIG. 1, and its specific configuration is disclosed in FIG. 9 to be described later. Here, in order to exchange wireless setting information directly with the router 1 so that the communication apparatus wirelessly connects to the predetermined network 10, the communication apparatus needs to be located within a certain distance from the router 1. This is because the router 1 is a device for exchanging wireless setting information by the WPS (WiFi Protected Setup) method, and the user must operate the router 1 and the communication device at the same time. Then, it is assumed that the communication devices 3 and 4 have already established a wireless connection to the predetermined network 10 via the router 1 by exchanging wireless setting information with the router 1 by this WPS method.
 ここで、新たな通信装置2が所定のネットワーク10に無線接続を試みる場合、ルーター1との距離を無線接続のための処理に必要な範囲にまで近付けることができれば、通信装置3、4と同じようにルーター1と直接無線設定情報を交換することで所定のネットワーク10への無線接続が可能となる。しかし、通信装置2が、その使用場所等の制限によりルーター1に十分に近付けることができない場合、通信装置3、4のようにルーター1と無線設定情報の交換を行うことが困難となる。そこで、本発明に係る無線接続システムでは、そのような無線設定情報の交換が困難な状況にある通信装置2は、ルーター1とではなく、既にルーター1を介して所定のネットワーク10への無線接続を実現している通信装置(例えば、通信装置3)と代替的な無線設定情報の交換を行うように構成される。ルーター1に代えてこの代替的な無線設定情報の交換を行う通信装置(例えば、通信装置3)は、既に所定のネットワーク10への無線接続を行っている通信装置であり、本発明に係る既存通信装置に相当する。 Here, when a new communication device 2 tries to establish a wireless connection to a predetermined network 10, it is the same as the communication devices 3 and 4 as long as the distance from the router 1 can be brought close to the range necessary for processing for wireless connection. As described above, wireless connection to a predetermined network 10 is possible by directly exchanging wireless setting information with the router 1. However, when the communication device 2 cannot sufficiently approach the router 1 due to restrictions on the place of use or the like, it is difficult to exchange wireless setting information with the router 1 like the communication devices 3 and 4. Therefore, in the wireless connection system according to the present invention, the communication device 2 that is in a situation where it is difficult to exchange such wireless setting information is not connected to the router 1 but is already wirelessly connected to the predetermined network 10 via the router 1. It is configured to exchange alternative wireless setting information with a communication device (for example, the communication device 3) that realizes the above. The communication device (for example, the communication device 3) that exchanges this alternative wireless setting information in place of the router 1 is a communication device that has already made a wireless connection to the predetermined network 10, and the existing communication device according to the present invention. It corresponds to a communication device.
 以下に、通信装置2が、ルーター1を介した所定のネットワーク10への無線接続を実現するために通信装置3と行われる無線設定情報の交換処理について説明する。なお、当該無線設定情報の交換処理は、後述の図4、図5に示す各処理で形成されるものであり、これらの各処理を実行するために通信装置2、3で発揮される様々な機能を説明するために、図2Aに通信装置2の有する機能の一部をイメージ化した機能ブロック図を示し、図2Bに通信装置3の有する機能の一部をイメージ化した機能ブロック図を示す。また、図3には、ルーター1が有する機能の一部をイメージ化した機能ブロック図を示す。これらの機能ブロック図で示される機能は、通信装置2、3、ルーター1が有する演算装置、メモリ等による所定の制御プログラムの実行により実現される。なお、通信装置4に関する機能ブロック図は本明細書では開示されていないが、通信装置4は、通信装置3と同等の機能を有するものとする。 Hereinafter, a wireless setting information exchange process performed by the communication apparatus 2 in order for the communication apparatus 2 to establish a wireless connection to the predetermined network 10 via the router 1 will be described. Note that the wireless setting information exchange process is formed by each process shown in FIGS. 4 and 5 to be described later, and various communication apparatuses 2 and 3 that perform these processes are shown. In order to explain the functions, FIG. 2A shows a functional block diagram in which some of the functions of the communication device 2 are imaged, and FIG. 2B shows a functional block diagram in which some of the functions of the communication device 3 are imaged. . FIG. 3 shows a functional block diagram in which some of the functions of the router 1 are imaged. The functions shown in these functional block diagrams are realized by executing predetermined control programs by the communication devices 2 and 3, the arithmetic device included in the router 1, a memory, and the like. Although a functional block diagram relating to the communication device 4 is not disclosed in this specification, the communication device 4 has functions equivalent to those of the communication device 3.
 以下、順に、通信装置2、3の機能について、それぞれ図2A、図2Bに基づいて説明する。先ず、通信装置2は、機能部として、制御部20、通信部21、無線設定情報記憶部22を有している。制御部20は、通信装置2における様々な制御を司る機能部であるが、特に、通信制御部201、設定情報要求部202、設定情報受信部203を有している。この通信制御部201は、後述する自己無線設定情報の取得のために必要な通信装置3との情報の送受信や、自己無線設定情報を取得しルーター1を介した所定のネットワークへの無線接続が確立された後における情報の送受信等、様々な情報の送受信を行う機能部である。なお、本実施例では、新たにルーター1を介して所定のネットワーク10への無線接続を確立しようとする通信装置2に対応する無線設定情報を、自己無線設定情報と称する。そして、通信装置2が所定のネットワーク10に無線接続する前においては、通信装置2は、所定のネットワーク10への無線接続のための自己無線設定情報は保持していない。 Hereinafter, the functions of the communication devices 2 and 3 will be described in order based on FIGS. 2A and 2B, respectively. First, the communication device 2 includes a control unit 20, a communication unit 21, and a wireless setting information storage unit 22 as functional units. The control unit 20 is a functional unit that performs various controls in the communication device 2, and particularly includes a communication control unit 201, a setting information request unit 202, and a setting information reception unit 203. The communication control unit 201 transmits / receives information to / from the communication device 3 necessary for acquiring self-radio setting information, which will be described later, and obtains self-radio setting information and wirelessly connects to a predetermined network via the router 1. It is a functional unit that performs transmission / reception of various information such as transmission / reception of information after being established. In the present embodiment, the wireless setting information corresponding to the communication device 2 that newly attempts to establish a wireless connection to the predetermined network 10 via the router 1 is referred to as self wireless setting information. Before the communication device 2 is wirelessly connected to the predetermined network 10, the communication device 2 does not hold self-radio setting information for wireless connection to the predetermined network 10.
 また、設定情報要求部202は、通信装置2がルーター1を介して所定のネットワーク10への無線接続を確立するために、既に無線接続を確立している通信装置3に対して、自己(通信装置2)が使用する自己無線設定情報を送信するように要求信号を送信する機能部である。設定情報要求部202で生成された要求信号は、通信制御部201の制御の下、通信装置3に対して送信される。また、設定情報受信部203は、設定情報要求部202で生成された要求信号に応じて通信装置3から送信されてきた自己無線設定情報を受信する機能部である。この自己無線設定情報の受信も、通信制御部201の制御の下で行われる。なお、設定情報受信部203は、上記要求信号によって送信されてきた自己無線設定情報を受信するだけではなく、仮に通信装置2がルーター1と直接無線設定情報を交換可能な状況においてはWPS方式により得られる自己無線設定情報も受信する。 In addition, the setting information request unit 202 makes a self-communication (communication) to the communication device 3 that has already established a wireless connection in order for the communication device 2 to establish a wireless connection to the predetermined network 10 via the router 1. It is a functional unit that transmits a request signal so as to transmit the self-radio setting information used by the device 2). The request signal generated by the setting information request unit 202 is transmitted to the communication device 3 under the control of the communication control unit 201. The setting information reception unit 203 is a functional unit that receives the self-radio setting information transmitted from the communication device 3 in response to the request signal generated by the setting information request unit 202. The reception of the self wireless setting information is also performed under the control of the communication control unit 201. Note that the setting information receiving unit 203 not only receives the self-radio setting information transmitted by the request signal, but in a situation where the communication apparatus 2 can directly exchange the radio setting information with the router 1, the WPS method is used. Obtained self-radio setting information is also received.
 次に、通信部21は、通信装置2に搭載されたアンテナを通し外部との情報の送受信を司るものであり、具体的には、通信制御部201からの制御に従って、通信装置2と外部の装置(通信装置3やルーター1等)との情報の送受信を行う。なお、本実施例では、外部の装置との情報の送受信は、全て無線通信で行われるものとする。また、無線設定情報記憶部22は、設定情報受信部203によって受信された自己無線設定情報等を記憶する機能部である。この記憶された自己無線設定情報に従うことで、通信装置2は、ルーター1を介した所定のネットワーク10への無線接続が可能となる。 Next, the communication unit 21 controls transmission / reception of information to / from the outside through an antenna mounted on the communication device 2. Specifically, according to control from the communication control unit 201, the communication unit 2 and the external device Transmit / receive information to / from devices (communication device 3, router 1, etc.). In the present embodiment, transmission / reception of information to / from an external device is all performed by wireless communication. The wireless setting information storage unit 22 is a functional unit that stores the self-radio setting information received by the setting information receiving unit 203. By following the stored self-radio setting information, the communication device 2 can wirelessly connect to a predetermined network 10 via the router 1.
 次に、通信装置3における機能部について、図2Bに基づいて説明する。通信装置3は、機能部として、制御部30、通信部31、無線設定情報記憶部32を有している。そして、制御部30は、通信装置3における様々な制御を司る機能部であるが、特に、通信制御部301、設定情報要求部302、設定情報受信部303、設定情報準備部304を有している。ここで、通信部31、無線設定情報記憶部32は、通信装置2の通信部21、無線設定情報記憶部22と実質的に同じであり、また、制御部30が有する通信制御部301、設定情報要求部302、設定情報受信部303は、通信装置2の制御部20が有する通信制御部201、設定情報要求部202、設定情報受信部203と実質的に同じであるから、これらの制御部の詳細についてはその説明は割愛する。なお、上記の通り、通信装置3は、ルーター1と直接無線設定情報の交換を行っているため、その場合は、設定情報要求部302による機能は発揮されることなく、通信装置3はルーター1から無線設定情報を取得することになる。 Next, functional units in the communication device 3 will be described with reference to FIG. 2B. The communication device 3 includes a control unit 30, a communication unit 31, and a wireless setting information storage unit 32 as functional units. The control unit 30 is a functional unit that performs various controls in the communication device 3. In particular, the control unit 30 includes a communication control unit 301, a setting information request unit 302, a setting information receiving unit 303, and a setting information preparation unit 304. Yes. Here, the communication unit 31 and the wireless setting information storage unit 32 are substantially the same as the communication unit 21 and the wireless setting information storage unit 22 of the communication device 2, and the communication control unit 301 and setting that the control unit 30 has. The information requesting unit 302 and the setting information receiving unit 303 are substantially the same as the communication control unit 201, the setting information requesting unit 202, and the setting information receiving unit 203 that the control unit 20 of the communication device 2 has. I will omit the explanation of the details. Note that, as described above, the communication device 3 directly exchanges wireless setting information with the router 1. In this case, the function by the setting information request unit 302 is not exhibited, and the communication device 3 is not connected to the router 1. Wireless setting information is acquired from
 ここで、通信装置3の制御部30は、機能部として設定情報準備部304を更に有している。この設定情報準備部304は、他の通信装置(通信装置2等)から自己無線設定情報に関する要求信号を受信した際に、その要求された自己無線設定情報を要求元に送信するための準備に関する処理を行う機能部である。この自己無線設定情報の準備については、様々な準備態様があり、所定のネットワーク10への無線接続上のセキュリティ等を考慮して、適切な準備態様を採用することができる。この自己無線設定情報の準備の詳細については、後述する。 Here, the control unit 30 of the communication device 3 further includes a setting information preparation unit 304 as a functional unit. When the setting information preparation unit 304 receives a request signal related to the self-radio setting information from another communication device (communication device 2 or the like), the setting information preparation unit 304 relates to preparation for transmitting the requested self-radio setting information to the request source. It is a functional unit that performs processing. There are various preparation modes for the preparation of the self-radio setting information, and an appropriate preparation mode can be adopted in consideration of security on wireless connection to a predetermined network 10. Details of the preparation of the self-radio setting information will be described later.
 なお、図2A及び図2Bに示す通信装置2、3の機能ブロック図は、例示である。したがって、各通信装置は、図示した機能部以外の機能部を有していても構わない。例えば、通信装置2における制御部20も、通信装置3における設定情報準備部304と実質的に同一の機能部を有してもよい。この場合、通信装置2が既にルーター1と直接無線設定情報の交換をしている状態において、通信装置2以外の通信装置から自己無線設定情報に関する要求信号を受信したら、その通信装置に対して当該通信装置のための自己無線設定情報を準備することになる。 Note that the functional block diagrams of the communication devices 2 and 3 shown in FIGS. 2A and 2B are examples. Therefore, each communication device may have a functional unit other than the illustrated functional unit. For example, the control unit 20 in the communication device 2 may have substantially the same function unit as the setting information preparation unit 304 in the communication device 3. In this case, when the communication device 2 has already exchanged the wireless setting information directly with the router 1 and receives a request signal related to the self wireless setting information from a communication device other than the communication device 2, the communication device 2 Self-radio setting information for the communication device is prepared.
 次に、ルーター1に形成される機能部について図3に基づいて説明する。ルーター1は、通信部11、管理用無線設定情報記憶部12、接続管理部13を有している。通信部11は、所定のネットワーク10に無線接続する通信装置と通信を行うための機能部である。そして、管理用無線設定情報記憶部12は、通信部11を介して無線通信が行われる通信装置を管理するための管理用無線設定情報を記憶する機能部である。管理用無線設定情報には、管理対象となる通信装置の識別情報や当該通信装置に付与された無線接続のための権限等の情報が含まれている(詳細は、後述の図9を参照)。そして、これらの管理用無線設定情報に基づいて、所定のネットワークへの無線接続を接続管理部13が管理制御する。 Next, functional units formed in the router 1 will be described with reference to FIG. The router 1 includes a communication unit 11, a management wireless setting information storage unit 12, and a connection management unit 13. The communication unit 11 is a functional unit for communicating with a communication device wirelessly connected to a predetermined network 10. The management wireless setting information storage unit 12 is a functional unit that stores management wireless setting information for managing communication apparatuses that perform wireless communication via the communication unit 11. The management wireless setting information includes information such as identification information of a communication device to be managed and authority for wireless connection given to the communication device (for details, refer to FIG. 9 described later). . Based on these management wireless setting information, the connection management unit 13 performs management control of wireless connection to a predetermined network.
 より詳細には、接続管理部13は、取得経路情報管理部131、不正検知部132、遮断管理部133を有している。取得経路情報管理部131は、ルーター1を介して所定のネットワーク10に無線接続している通信装置が、その無線接続の際に使用した無線設定情報を取得した経路を管理する機能部である。また、不正検知部132は、ルーター1を介した所定のネットワーク10への無線接続において不正な無線接続が行われている不正接続状態を検知する機能部である。本発明における不正接続状態は、所定のネットワーク10において意図されない無線接続の状態を指すものである。また、遮断管理部133は、不正検知部132によって不正接続状態が検知された場合に、その不正接続を行っている通信装置とルーター1との無線通信の遮断に関連する処理を行う機能部である。当該無線通信の遮断に関連する処理には、遮断処理そのものに加えて、遮断処理の実行前の、不正接続を行っている通信装置に対する所定の処理(後述の無線通信機能の制限処理や、復旧処理等)も含まれる。 More specifically, the connection management unit 13 includes an acquisition path information management unit 131, a fraud detection unit 132, and a blocking management unit 133. The acquired route information management unit 131 is a functional unit that manages a route through which the communication device wirelessly connected to the predetermined network 10 via the router 1 has acquired the wireless setting information used at the time of the wireless connection. The fraud detection unit 132 is a functional unit that detects an unauthorized connection state in which an unauthorized wireless connection is performed in the wireless connection to the predetermined network 10 via the router 1. The unauthorized connection state in the present invention refers to a state of wireless connection that is not intended in the predetermined network 10. The blocking management unit 133 is a functional unit that performs processing related to blocking wireless communication between the communication device performing the unauthorized connection and the router 1 when the unauthorized detection state is detected by the unauthorized detection unit 132. is there. In addition to the blocking process itself, the process related to the blocking of the wireless communication includes a predetermined process (a wireless communication function restriction process or a restoration process described later) for a communication device that performs an unauthorized connection before the blocking process is executed. Processing).
 また、接続管理部13は、無線接続が確立した後だけではなく、その前の段階における無線接続の管理制御、例えば、通信装置3がWPS方式で無線設定情報を交換した場合の処理や、上記の通信装置3の設定情報準備部304と協働して行う、通信装置2の自己無線設定情報の準備処理も担っている(後述の図8を参照)。 In addition, the connection management unit 13 performs management control of the wireless connection not only after the wireless connection is established but also in the previous stage, for example, processing when the communication device 3 exchanges wireless setting information by the WPS method, It is also responsible for the preparation process of the self-radio setting information of the communication device 2 performed in cooperation with the setting information preparation unit 304 of the communication device 3 (see FIG. 8 described later).
 次に、図4、図5に基づいて、通信装置2と通信装置3との間で行われる無線設定情報の交換のための処理について説明する。この交換のための処理は、図4に示す通信装置2で実行される無線接続処理と、図5に示す通信装置3で実行される設定情報提供処理によって形成されるものであり、図6には、各処理が行われた際の通信装置2、3及びルーター間の信号の授受に関するシーケンスを示している。 Next, processing for exchanging wireless setting information performed between the communication device 2 and the communication device 3 will be described with reference to FIGS. 4 and 5. This exchange process is formed by a wireless connection process executed by the communication apparatus 2 shown in FIG. 4 and a setting information provision process executed by the communication apparatus 3 shown in FIG. Shows a sequence relating to transmission and reception of signals between the communication devices 2 and 3 and the router when each processing is performed.
 また、図7に、無線設定情報の交換のために通信装置2と通信装置3との間で送受信される情報(無線設定情報の要求のためのメッセージ情報(以下、「要求メッセージ情報」という)と、当該要求に対応する回答のメッセージ情報(以下、「回答メッセージ情報」という))のデータ構造を示す。図7(a)には、通信装置2から通信装置3に送られる情報と、通信装置3から通信装置2に送られる情報に共通するデータ構造が開示されている。当該情報は、概略的に8つの領域に区分される。本実施例では、8つの領域のうち、特に重要な5つの領域a1~a5について説明する。領域a1(Start Symbol)は、メッセージ情報の始まりを示す特定のバイト列である。領域a2(Destination Address)は、メッセージ情報が最終的に伝送される宛先(要求メッセージ情報の場合は通信装置3が宛先となり、回答メッセージ情報の場合は通信装置2が宛先となる)のアドレスを表す。領域a3(Source Address)は、メッセージ情報の送信元(要求メッセージ情報の場合は通信装置2が送信元となり、回答メッセージ情報の場合は通信装置3が送信元となる)のアドレスを表す。 FIG. 7 shows information (message information for requesting wireless setting information (hereinafter referred to as “request message information”) transmitted and received between the communication device 2 and the communication device 3 for exchanging wireless setting information. And the data structure of reply message information (hereinafter referred to as “reply message information”) corresponding to the request. FIG. 7A discloses a data structure common to information sent from the communication device 2 to the communication device 3 and information sent from the communication device 3 to the communication device 2. The information is roughly divided into eight areas. In the present embodiment, among the eight regions, five particularly important regions a1 to a5 will be described. An area a1 (Start Symbol) is a specific byte string indicating the start of message information. Area a2 (Destination Address) represents the address of the destination to which the message information is finally transmitted (the communication device 3 is the destination in the case of request message information, and the communication device 2 is the destination in the case of reply message information). . The area a3 (Source Address) represents the address of the message information transmission source (in the case of request message information, the communication device 2 is the transmission source, and in the case of reply message information, the communication device 3 is the transmission source).
 次に、領域a4(Data)は、各メッセージ情報に対応したデータが格納され、具体的には、図7(b)に示すように、領域a4は、3つの領域a41、a42、a43に区分されている。領域a41は、メッセージ情報の識別情報が格納され、当該識別情報により要求メッセージ情報のデータであるのか回答メッセージ情報のデータであるかを識別することができる。そして、領域a42には、各メッセージ情報に対応した具体的なデータが格納され、詳細には、要求メッセージ情報の場合は通信装置2の自己無線設定情報を要求するコマンドが格納され、回答メッセージ情報の場合は当該要求への回答として通信装置2の自己無線設定情報のデータが格納される。そして、領域a43には、チェックサムに関する情報が可能される。そして、領域a5(Terminator Symbol for Data)は、送信情報の終わりを示す特定のバイト列である。 Next, data corresponding to each message information is stored in the area a4 (Data). Specifically, as shown in FIG. 7B, the area a4 is divided into three areas a41, a42, and a43. Has been. The area a41 stores identification information of message information, and can identify whether the data is request message information data or reply message information data based on the identification information. The area a42 stores specific data corresponding to each message information. Specifically, in the case of request message information, a command for requesting the self-radio setting information of the communication device 2 is stored. In this case, the data of the self-radio setting information of the communication device 2 is stored as an answer to the request. In the area a43, information about the checksum is possible. An area a5 (Terminator Symbol for Data) is a specific byte string indicating the end of transmission information.
 そして、図7(c)には、通信装置2から通信装置3に送信される要求メッセージ情報の具体的なデータ内容が開示されており、図7(d)には、通信装置3から通信装置2に送信される回答メッセージ情報の具体的なデータ内容が開示されている。図7(c)、(d)における参照番号a1~a5、a41~a43は、図7(a)、(b)に示すデータ領域の参照番号に対応するものである。これらの具体的なデータ内容から分かるように、通信装置2の識別情報は“2001”、通信装置3の識別情報は“3001”である。そして、領域a41の識別情報がFFのとき、当該メッセージ情報は要求メッセージ情報であり、領域a41の識別情報がFEのとき、当該メッセージ情報は回答メッセージ情報である。なお、要求メッセージ情報の場合(図7(c))、領域a42に格納されるデータは、所定のネットワーク10に無線接続するための情報(少なくとも当該ネットワークを特定するための識別情報と当該識別情報に対応するパスワード等)を問い合わせるコマンドである。また、回答メッセージ情報の場合(図7(d))、領域a42に格納されるデータは、要求コマンドに対応した回答内容(すなわち、上記ネットワーク特定のための識別情報やパスワード等)である。 FIG. 7C discloses specific data contents of request message information transmitted from the communication device 2 to the communication device 3, and FIG. 7D shows the communication device 3 to the communication device. 2 discloses the specific data contents of the reply message information transmitted. Reference numbers a1 to a5 and a41 to a43 in FIGS. 7C and 7D correspond to the reference numbers of the data areas shown in FIGS. 7A and 7B. As can be seen from these specific data contents, the identification information of the communication device 2 is “2001”, and the identification information of the communication device 3 is “3001”. When the identification information of the area a41 is FF, the message information is request message information. When the identification information of the area a41 is FE, the message information is reply message information. In the case of request message information (FIG. 7C), the data stored in the area a42 is information for wireless connection to a predetermined network 10 (at least identification information for identifying the network and the identification information). This is a command for inquiring a password corresponding to the password. In the case of reply message information (FIG. 7 (d)), the data stored in the area a42 is reply contents corresponding to the request command (that is, identification information and password for specifying the network).
 ここで、図4~図6に戻り、通信装置2と通信装置3との間で行われる無線設定情報の交換処理について説明する。先ず、通信装置2で行われる無線接続処理について説明する。S101では、通信装置2に対応する無線設定情報である自己無線設定情報が、通信装置3に対して要求される。S101の処理は、設定情報要求部202によって行われる。具体的には、図7(c)に示した要求メッセージ情報が通信部21を経由して通信装置3に送信される。なお、S101で要求メッセージ情報が送信されたタイミングは、図6に示すシーケンスではタイミングT1となる。S101の処理が終了すると、S102へ進む。 Here, returning to FIGS. 4 to 6, the wireless setting information exchange process performed between the communication device 2 and the communication device 3 will be described. First, the wireless connection process performed by the communication device 2 will be described. In S <b> 101, self-radio setting information that is radio setting information corresponding to the communication device 2 is requested to the communication device 3. The processing of S101 is performed by the setting information request unit 202. Specifically, the request message information illustrated in FIG. 7C is transmitted to the communication device 3 via the communication unit 21. The timing at which the request message information is transmitted in S101 is timing T1 in the sequence shown in FIG. When the process of S101 ends, the process proceeds to S102.
 S102では、S101での要求メッセージ情報の送信を受けて、通信装置3から自己無線設定情報を受信したか否かが判定される。なお、通信装置3から自己無線設定情報が送信されるためには、通信装置3で図5に示す設定情提供処理が行われることになるが、当該処理については後述する。S102の処理は、設定情報受信部203による自己無線設定情報の受信を受けて通信制御部201が判定する。S102で肯定判定されると、設定情報受信部203によって受信された自己無線設定情報を無線設定情報記憶部22に記憶する。一方でS102で否定判定されると、S103の処理へ進む。なお、S102で肯定判定されたタイミングは、図6に示すシーケンスではタイミングT2となる。 In S102, in response to the transmission of the request message information in S101, it is determined whether or not the self wireless setting information is received from the communication device 3. In order to transmit the self-radio setting information from the communication device 3, the setting information provision processing shown in FIG. 5 is performed in the communication device 3, and this processing will be described later. The processing of S102 is determined by the communication control unit 201 upon receipt of the self-radio setting information by the setting information receiving unit 203. If an affirmative determination is made in S102, the wireless setting information storage unit 22 stores the self wireless setting information received by the setting information receiving unit 203. On the other hand, if a negative determination is made in S102, the process proceeds to S103. Note that the timing at which affirmative determination is made in S102 is timing T2 in the sequence shown in FIG.
 次にS103では、S101で要求した自己無線設定情報の受信不良が生じているか否かが判定される。当該受信不良は、要求先の通信装置3から自己無線設定情報を受信できない状態を表すものである。例えば、S101による自己無線設定情報の要求が行われてから所定時間内に通信装置3から自己無線設定情報を受信できなかった場合には、「受信不良」が生じることとなる。また、後述の設定情報提供処理において、通信装置3が通信装置2を自己無線設定情報を提供するのに適した提供先ではないと判定した場合には、その判定結果が通信装置2に送られ、それを踏まえて「受信不良」が生じることになる。その他、自己無線設定情報を要求した通信装置2が自己無線設定情報の受信をいたずらに長期にわたって待つ状態とならないように、所定の判断基準に従ってS103における判定処理が行われてもよい。S103で肯定判定されるとS104へ進み、通信装置2のディスプレイに、自己無線設定情報の要求に関するエラーが表示され、ユーザに自己無線設定情報を取得することができなかったことが報知される。なお、S103で否定判定されると、再びS102以降の処理が行われる。 Next, in S103, it is determined whether or not reception failure of the self-radio setting information requested in S101 has occurred. The reception failure indicates a state in which the self-radio setting information cannot be received from the requested communication device 3. For example, if the self-radio setting information cannot be received from the communication device 3 within a predetermined time after the request for the self-radio setting information in S101 is made, “reception failure” occurs. Also, in the setting information providing process described later, when the communication device 3 determines that the communication device 2 is not a suitable destination for providing the self-radio setting information, the determination result is sent to the communication device 2. Based on this, a “reception failure” occurs. In addition, the determination process in S103 may be performed in accordance with a predetermined determination criterion so that the communication device 2 that has requested the self-radio setting information does not wait for a long time to receive the self-radio setting information. If an affirmative determination is made in S103, the process proceeds to S104, an error relating to the request for the self-radio setting information is displayed on the display of the communication apparatus 2, and the user is notified that the self-radio setting information could not be acquired. If a negative determination is made in S103, the processing after S102 is performed again.
 また、S102で肯定判定され、受信された自己無線設定情報が無線設定情報記憶部22に記憶されると、S105で、その自己無線設定情報を用いてルーター1に対して無線通信が実行される。このS105の処理は、通信制御部201によって実行される。なお、S105でルーター1に対して無線通信を実行したタイミングは、図6に示すシーケンスではタイミングT3となる。この結果、通信装置2は、ルーター1ではなく通信装置3と無線設定情報の交換処理を行った後に、ルーター1を介した所定のネットワーク10への無線接続が可能となる。 Further, when an affirmative determination is made in S102 and the received self-radio setting information is stored in the radio-setting information storage unit 22, wireless communication is executed to the router 1 using the self-radio setting information in S105. . The process of S105 is executed by the communication control unit 201. Note that the timing at which wireless communication is performed on the router 1 in S105 is timing T3 in the sequence shown in FIG. As a result, the communication device 2 can wirelessly connect to the predetermined network 10 via the router 1 after performing the wireless setting information exchange process with the communication device 3 instead of the router 1.
 ここで、通信装置3において、上記無線接続処理と協働して実行される設定情報提供処理について、図5に基づいて説明する。S201では、通信装置2から自己無線設定情報の要求信号、すなわち図7(c)に例示した要求メッセージ情報を受信したか否かが判定される。当該判定処理は、通信制御部301によって行われる。S201で肯定判定されると、通信装置3において通信装置2のための自己無線設定情報を準備するために、S202以降の処理が行われる。一方で、S201で否定判定されると設定情報提供処理は終了される。 Here, the setting information providing process executed in cooperation with the wireless connection process in the communication device 3 will be described with reference to FIG. In S201, it is determined whether or not the request signal for the self-radio setting information, that is, the request message information illustrated in FIG. The determination process is performed by the communication control unit 301. If an affirmative determination is made in S201, the processing after S202 is performed in order to prepare the self-radio setting information for the communication device 2 in the communication device 3. On the other hand, if a negative determination is made in S201, the setting information provision process is terminated.
 S202では、通信装置2からの要求メッセージ情報を受信したことを受けて、提供先認証が行われる。この提供先認証は、要求元の通信装置2が、自己無線設定情報の提供先として適切な通信装置であるかについての判断を行う処理であり、設定情報準備部304によって実行される。本発明では、無線設定情報の交換処理を、ルーター1に対してではなく、既にルーター1を介して所定のネットワークに無線接続している通信装置3に対して行うものである。この通信装置3との無線設定情報の交換処理は、いわばルーター1に代えて行われる代替的な処理であるため、ネットワークのセキュリティ等を考慮すると、通信装置3から無制限に自己無線設定情報を要求元に提供するのは必ずしも好ましいとは言えない。そこで、S202の提供先認証の処理が行われ、自己無線設定情報の提供に関し一定の制限が課せられる。 In S202, upon receiving the request message information from the communication device 2, the destination authentication is performed. This provision destination authentication is a process for determining whether the requesting communication apparatus 2 is an appropriate communication apparatus as the provision destination of the self-radio setting information, and is executed by the setting information preparation unit 304. In the present invention, the wireless setting information exchange process is performed not for the router 1 but for the communication apparatus 3 that is already wirelessly connected to a predetermined network via the router 1. Since the exchange processing of the wireless setting information with the communication device 3 is an alternative processing performed in place of the router 1, the self-wireless setting information is requested from the communication device 3 without limitation in consideration of network security and the like. Providing the original is not necessarily preferable. Therefore, the provision destination authentication process of S202 is performed, and a certain restriction is imposed on the provision of the self-radio setting information.
 提供先認証の一例としては、設定情報準備部304が予め有している、自己無線設定情報の提供か許可される通信装置のアドレス情報を含むリスト(ホワイトリスト)に従って行われる。図7(c)に示す要求メッセージ情報に含まれる要求元のアドレス(本実施例の場合は、通信装置2のアドレス)を、設定情報準備304が有しているホワイトリストと照合し、そこに通信装置2のアドレスが含まれていれば、通信装置2への自己無線設定情報の提供が認められることになる。そして、このS202での提供先認証の結果を踏まえて、S203では自己無線設定情報を、その要求元に送信可能か否かが判定される。S203で肯定判定されるとS204へ進み、否定判定されるとS206へ進む。なお、S206では、通信装置3による自己無線設定情報の提供は認められなかった旨の通知が、要求元に対して行われる。この通知を踏まえて、上記の無線接続処理におけるS103においては、受信不良の発生と判定されることにもなる。 An example of providing destination authentication is performed according to a list (white list) that includes the address information of communication devices that the setting information preparation unit 304 has in advance to provide or permit self-radio setting information. The request source address included in the request message information shown in FIG. 7 (c) (in this embodiment, the address of the communication device 2) is collated with the white list that the setting information preparation 304 has, and If the address of the communication device 2 is included, the provision of the self-radio setting information to the communication device 2 is permitted. Then, based on the result of the destination authentication in S202, it is determined in S203 whether or not the self wireless setting information can be transmitted to the request source. If a positive determination is made in S203, the process proceeds to S204, and if a negative determination is made, the process proceeds to S206. In S206, a notification that the provision of the self-radio setting information by the communication device 3 is not permitted is made to the request source. Based on this notification, in S103 in the wireless connection process, it is determined that a reception failure has occurred.
 そして、S203で肯定判定されたタイミングは、図6に示すシーケンスではタイミングT11となる。なお、設定情報供給処理により自己無線設定情報を要求元に送信するためには、S201で肯定判定される必要がある。そして、S201の判定では、図7に示す所定のフォーマットの要求メッセージ情報の受信の有無が判断されることから、当該要求メッセージ情報を送信した要求元は、その所定のフォーマットを知る程度に所定のネットワーク10に関係のある通信装置であり、故にそのような要求元に対する自己無線設定情報の提供は無制限な提供には当たらないと考えることもできる。このような考えに基づけば、S202、S203の処理を行わなくとも構わない。 And the timing at which the positive determination is made in S203 is the timing T11 in the sequence shown in FIG. In order to transmit the self-radio setting information to the request source by the setting information supply process, it is necessary to make an affirmative determination in S201. Then, in the determination of S201, it is determined whether or not the request message information in the predetermined format shown in FIG. 7 has been received. Therefore, the request source that has transmitted the request message information has a predetermined amount to know the predetermined format. It is a communication device related to the network 10, and therefore it can be considered that provision of self-radio setting information to such a request source is not an unlimited provision. Based on such an idea, the processing of S202 and S203 may not be performed.
 次にS204では、設定情報準備部304によって、要求元の通信装置2に提供される自己無線設定情報の準備が行われる。自己無線設定情報の準備については、幾つかの準備態様が例示できる。第1には、通信装置3が現在所定のネットワーク10に無線接続を行っている際に使用している無線設定情報を、そのまま要求元の通信装置2が使用する自己無線設定情報として準備する。そのため、この第1の準備態様では、通信装置3は自己無線設定情報を容易に準備することができる。その一方で、仮に通信装置2がこのように準備された自己無線設定情報を提供され、それを使用してルーター1にアクセスすると、ルーター1に対しては、同一の無線設定情報で複数の通信装置がアクセスする状態となるため、ルーター1が無線設定情報を利用して通信装置を区別することが困難となる。このような状況は、ルーター1による通信装置の無線接続の管理において、好ましくない場合もあり得る。 Next, in S204, the setting information preparation unit 304 prepares the self-radio setting information provided to the requesting communication device 2. Several preparation modes can be exemplified for the preparation of the self-radio setting information. First, the wireless setting information used when the communication apparatus 3 is currently wirelessly connected to the predetermined network 10 is prepared as the self-radio setting information used by the requesting communication apparatus 2 as it is. Therefore, in this first preparation mode, the communication device 3 can easily prepare the self-radio setting information. On the other hand, if the communication device 2 is provided with the self-radio setting information prepared in this way and uses it to access the router 1, the router 1 uses the same radio setting information to perform a plurality of communications. Since the device is in an access state, it becomes difficult for the router 1 to distinguish between the communication devices using the wireless setting information. Such a situation may be undesirable in the management of the wireless connection of the communication device by the router 1.
 また、第2の準備態様では、通信装置3が現在所定のネットワーク10に無線接続を行っている際に使用している無線設定情報とは異なる無線設定情報であって、設定情報提供処理によって要求元に提供するために無線設定情報記憶部32に別途記憶されている無線設定情報を、要求元の通信装置2が使用する自己無線設定情報として準備する。このとき、「要求元に提供するために無線設定情報記憶部32に別途記憶されている無線設定情報」は、要求元ごとに異なる無線設定情報であってもよいし、複数の要求元によって共通に使用される無線設定情報であってもよい。第2の準備態様によって準備された自己無線設定情報であれば、ルーター1は、少なくとも通信装置2によるアクセスと通信装置3によるアクセスを区別して把握することができる。そして、特に自己無線設定情報が要求元ごとに異なる場合には、ルーター1は、通信装置2によるアクセスを、他の通信装置が設定情報提供処理によってその自己無線設定情報を取得した場合には、その他の通信装置によるアクセスからも区別することが可能となる。一方で、自己無線設定情報が複数の要求元によって共通に使用される場合は、その共通の自己無線設定情報を使用する通信装置のアクセスをそれぞれ無線設定情報に従い区別するのが困難となる。 In the second preparation mode, the wireless setting information is different from the wireless setting information used when the communication device 3 is currently wirelessly connected to the predetermined network 10 and is requested by the setting information providing process. The wireless setting information separately stored in the wireless setting information storage unit 32 for providing the original is prepared as self-radio setting information used by the requesting communication device 2. At this time, the “wireless setting information separately stored in the wireless setting information storage unit 32 for provision to the request source” may be different wireless setting information for each request source, or shared by a plurality of request sources. Wireless setting information used in If it is the self-radio setting information prepared by the second preparation mode, the router 1 can distinguish and grasp at least access by the communication device 2 and access by the communication device 3. In particular, when the self-radio setting information is different for each request source, the router 1 accesses the communication device 2, and when another communication device acquires the self-radio setting information by the setting information providing process, It is also possible to distinguish from accesses by other communication devices. On the other hand, when the self-radio setting information is commonly used by a plurality of requesters, it is difficult to distinguish the access of the communication apparatus using the common self-radio setting information according to the radio setting information.
 そして、S204で自己無線設定情報の準備が終了するとS205へ進み、S205ではその準備された自己無線設定情報が要求元の通信装置2に送信される。この送信される情報が、図7(d)に示す回答メッセージ情報である。この自己無線設定情報の準備が終了してその送信を行うタイミングが、図6に示すシーケンスではタイミングT12となる。S205の処理後、設定情報提供処理は終了する。 When the preparation of the self-radio setting information is completed in S204, the process proceeds to S205, and the prepared self-radio setting information is transmitted to the requesting communication apparatus 2 in S205. This transmitted information is the reply message information shown in FIG. The timing for completing the preparation of the self-radio setting information and transmitting it is timing T12 in the sequence shown in FIG. After the process of S205, the setting information provision process ends.
 上述までの無線接続処理及び設定情報提供処理によって、図6に示すシーケンスが行われた結果、通信装置2は、ルーター1と無線設定情報の交換処理に代えて、通信装置3からの自己無線設定情報を取得し、それを使用してルーター1を介して所定のネットワーク10に無線接続することが可能となる。したがって、通信装置2は、通信装置2とルーター1との間の距離に影響されることなく、最終的にはルーター1を介して所定のネットワーク10に無線接続が可能となるため、通信装置2のネットワーク参加が容易なものとなる。 As a result of the sequence shown in FIG. 6 being performed by the wireless connection process and the setting information providing process up to the above, the communication apparatus 2 replaces the wireless setting information exchange process with the router 1 and performs the self wireless setting from the communication apparatus 3. Information can be acquired and wirelessly connected to a predetermined network 10 via the router 1 using the information. Therefore, the communication device 2 can be wirelessly connected to the predetermined network 10 via the router 1 without being affected by the distance between the communication device 2 and the router 1. Network participation becomes easy.
 なお、通信装置3から自己無線設定情報を取得した後に、通信装置2がその自己無線設定情報を使用してルーター1を介した所定のネットワーク10への無線接続を行う場合、通信装置2は直接にルーター1と無線通信を行ってもよい。また、それに代えて、通信装置2とルーター1との間に中継装置が介在する形で、通信装置2がルーター1と無線通信を行ってもよい。この場合、例えば、通信装置2は、自己無線設定情報を提供した通信装置3を介してルーター1と無線通信を行ってもよく、別法として、通信装置3と同じようにルーター1を介して既に所定のネットワーク10に無線接続していた通信装置4を介してルーター1と無線通信を行ってもよい。前者の場合、通信装置2と通信装置3との間には自己無線設定情報の交換のための無線通信を行っていたことから、通信装置2からルーター1への無線通信は、容易に行い得ると考えられる。一方で、後者の場合、自己無線設定情報の取得と、取得後の所定のネットワーク10への無線接続とで、通信装置2が直接に無線通信する通信装置が替えられることから、特定の通信装置に負荷が集中することを抑制できる。 If the communication device 2 uses the self-radio setting information to make a wireless connection to the predetermined network 10 via the router 1 after acquiring the self-radio setting information from the communication device 3, the communication device 2 directly In addition, wireless communication with the router 1 may be performed. Alternatively, the communication device 2 may perform wireless communication with the router 1 with a relay device interposed between the communication device 2 and the router 1. In this case, for example, the communication device 2 may perform wireless communication with the router 1 via the communication device 3 that provided the self-radio setting information, or alternatively, via the router 1 as with the communication device 3. Wireless communication with the router 1 may be performed via the communication device 4 that is already wirelessly connected to the predetermined network 10. In the former case, since wireless communication for exchanging self-radio setting information was performed between the communication device 2 and the communication device 3, wireless communication from the communication device 2 to the router 1 can be easily performed. it is conceivable that. On the other hand, in the latter case, since the communication device that the communication device 2 directly wirelessly communicates with is acquired by the acquisition of the self-radio setting information and the wireless connection to the predetermined network 10 after the acquisition, the specific communication device It is possible to prevent the load from concentrating on.
 <変形例1>
 設定情報提供処理における自己無線設定情報の準備態様の変形例について、図8に基づいて説明する。図8は、図6と同様、無線接続処理及び設定情報提供処理が行われた際の通信装置2、3及びルーター1間の信号の授受に関するシーケンスを示している。図8に示すシーケンスと図6に示すシーケンスとの相違点は、通信装置3における自己無線設定情報の準備態様である。本変形例に係る準備態様では、通信装置3は、提供先認証の終了後、ルーター1に対して、要求元の通信装置2のための自己無線設定情報を発行するように要求する。すなわち、本変形例に係る準備態様では、自己無線設定情報は通信装置3が直接に準備するのではなく、通信装置3はルーター1から当該自己無線設定情報を取得し、それを通信装置2へ提供するものである。なお、通信装置3がルーター1に対して自己無線設定情報の要求を行うタイミングが、図8に示すシーケンスではタイミングT21となる。 <Modification 1>
A modification of the preparation mode of the self-radio setting information in the setting information providing process will be described with reference to FIG. FIG. 8 shows a sequence related to transmission / reception of signals between the communication apparatuses 2 and 3 and the router 1 when the wireless connection process and the setting information provision process are performed, as in FIG. 6. The difference between the sequence shown in FIG. 8 and the sequence shown in FIG. 6 is a preparation mode of the self-radio setting information in the communication device 3. In the preparation mode according to the present modification, the communication device 3 requests the router 1 to issue self-radio setting information for the requesting communication device 2 after the provision destination authentication ends. That is, in the preparation mode according to this modification, the communication device 3 does not prepare the self-radio setting information directly, but the communication device 3 acquires the self-radio setting information from the router 1 and sends it to the communication device 2. It is to provide. Note that the timing at which the communication device 3 requests self-radio setting information from the router 1 is the timing T21 in the sequence shown in FIG.
 このように通信装置2の自己無線設定情報をルーター1に発行させる利点は、所定のネットワーク10への無線接続を管理制御するルーター1が通信装置2の存在を認識したうえで、その自己無線設定情報が通信装置3を介して通信装置2に提供されるため、ルーター1による無線接続の管理制御が好適に行われ得る。そのため、ルーター1による自己無線設定情報の発行のために、通信装置3は、要求メッセージ情報に含まれている通信装置2のアドレスをルーター1に発行要求とともに引き渡す。そして、ルーター1は、この通信装置2のアドレスと紐付けて、通信装置2専用の自己無線設定情報を発行する。これにより、通信装置2が当該自己無線設定情報を使用してルーター1にアクセスした場合、当該アクセスを通信装置2によるものであることをルーター1は識別するとともに、ルーター1は、通信装置2が通信装置3を介して自己無線設定情報を取得したという経緯も把握することが可能となる。これはルーター1による無線接続の管理制御をより好適なものとする。なお、ルーター1による無線設定情報の発行のタイミングが、図8に示すシーケンスではタイミングT22となる。 The advantage of causing the router 1 to issue the self-radio setting information of the communication device 2 in this way is that the router 1 that manages and controls the wireless connection to the predetermined network 10 recognizes the existence of the communication device 2 and then sets the self-radio setting. Since the information is provided to the communication device 2 via the communication device 3, the management control of the wireless connection by the router 1 can be suitably performed. Therefore, in order for the router 1 to issue the self-radio setting information, the communication device 3 delivers the address of the communication device 2 included in the request message information to the router 1 together with the issue request. Then, the router 1 issues self-radio setting information dedicated to the communication device 2 in association with the address of the communication device 2. Thus, when the communication device 2 accesses the router 1 using the self-radio setting information, the router 1 identifies that the access is made by the communication device 2 and the router 1 It is also possible to grasp the circumstances that the self-radio setting information is acquired via the communication device 3. This makes the management control of the wireless connection by the router 1 more suitable. Note that the wireless setting information issuance timing by the router 1 is timing T22 in the sequence shown in FIG.
 通信装置3がルーター1により通信装置2用の自己無線設定情報の発行を受けると、その受信した自己無線設定情報を、準備した自己無線設定情報としてタイミングT2で通信装置2に送信する。その後は、上記と同じように通信装置2は、通信装置3から受信した自己無線設定情報を使用してルーター1に無線通信を行い、所定のネットワーク10に無線接続する。このように本変形例においても、通信装置2が実際に無線設定情報の交換を行うのは通信装置3でありルーター1ではないため、上記の実施例と同じように、通信装置2とルーター1との間の距離に影響されずに、通信装置2は所定のネットワーク10への無線接続が可能となる。 When the communication device 3 receives the issuance of self-radio setting information for the communication device 2 by the router 1, the received self-radio setting information is transmitted to the communication device 2 at timing T2 as prepared self-radio setting information. Thereafter, as described above, the communication device 2 performs wireless communication with the router 1 using the self-radio setting information received from the communication device 3 and wirelessly connects to the predetermined network 10. As described above, also in this modification, since the communication device 2 actually exchanges the wireless setting information is the communication device 3 and not the router 1, the communication device 2 and the router 1 are exchanged as in the above-described embodiment. The communication device 2 can wirelessly connect to the predetermined network 10 without being affected by the distance between the two.
 <変形例2>
 上述までの実施例では、通信装置2と通信装置3との間は、それぞれの通信部21、通信部31による無線通信が行われることで、無線接続処理及び設定情報提供処理が実行される。この態様に代えて、無線接続処理及び設定情報提供処理が行われるために、通信装置2と通信装置3との間に有線通信が形成されてもよい。この場合、例えば、通信装置2と通信装置3とをケーブルにより電気的に直接つなぐことで、両装置間での情報の送受信が可能となる。このとき、ケーブルがつながれると、両装置のそれぞれにおいて接続対象の確認処理が実行され、両装置間に無線接続処理及び設定情報提供処理を実行するための有線通信が可能な状態が形成されたか否かの判定が行われる。この判定処理により、両装置において情報の送信先が特定されることになる。 <Modification 2>
In the embodiments described above, the wireless connection process and the setting information provision process are executed by performing wireless communication between the communication device 2 and the communication device 3 by the communication unit 21 and the communication unit 31. Instead of this aspect, wired communication may be formed between the communication device 2 and the communication device 3 in order to perform wireless connection processing and setting information provision processing. In this case, for example, by electrically connecting the communication device 2 and the communication device 3 directly with a cable, information can be transmitted and received between the two devices. At this time, when the cable is connected, the confirmation process of the connection target is executed in each of the two devices, and a state in which wired communication for executing the wireless connection processing and the setting information providing processing is established between the two devices is formed. A determination is made whether or not. By this determination processing, the transmission destination of information is specified in both apparatuses.
 このように通信装置2と通信装置3との間に有線通信が可能な状態が形成されたうえで上記の無線接続処理及び設定情報提供処理が行われることで、上記実施例のように無線通信を介して両処理を行った場合と同様に通信装置2は容易に自己無線設定情報を通信装置3から取得することができる。また、このように有線通信を介することで自己無線設定情報の送信先が一義的に有線で特定されているため、自己無線設定情報の送信を安全に行うことが可能となる。 As described above, the wireless connection processing and the setting information provision processing are performed after the state in which wired communication is possible between the communication device 2 and the communication device 3, and wireless communication is performed as in the above embodiment. The communication apparatus 2 can easily acquire the self-radio setting information from the communication apparatus 3 as in the case where both processes are performed via Further, since the transmission destination of the self-radio setting information is uniquely specified by the wire through the wired communication in this way, it is possible to safely transmit the self-radio setting information.
 <その他の実施例>
 ここで、図9にルーター1が有している管理用無線設定情報1aのデータ構造を概略的に示す。この管理用無線設定情報は、現在ルーター1を介して所定のネットワーク10に無線接続している各通信装置の、無線接続を管理制御するための情報である。具体的には、管理用無線設定情報は、無線接続している通信装置の識別情報(ID)と、無線接続のために使用している無線設定情報がルーター1と直接交換したものであるか否かを示すフラグである情報タイプと、通信装置による無線接続が許可される通信許可期間をフィールドとして構成される。情報タイプについては、無線設定情報をルーター1から直接取得した場合はS0とされ、既に無線接続している通信装置を介して無線設定情報を取得した場合にはS1とされる。したがって、本実施例の場合は、通信装置2については情報タイプはS1と設定され、通信装置3、4については情報タイプはS0と設定される。 <Other examples>
Here, FIG. 9 schematically shows the data structure of the management wireless setting information 1 a possessed by the router 1. This management wireless setting information is information for managing and controlling the wireless connection of each communication device that is currently wirelessly connected to the predetermined network 10 via the router 1. Specifically, whether the management wireless setting information is information obtained by directly exchanging the identification information (ID) of the wirelessly connected communication device and the wireless setting information used for wireless connection with the router 1. An information type that is a flag indicating whether or not and a communication permission period during which wireless connection by the communication device is permitted are configured as fields. As for the information type, S0 is obtained when the wireless setting information is directly acquired from the router 1, and S1 is obtained when the wireless setting information is obtained via a communication device that is already wirelessly connected. Therefore, in this embodiment, the information type is set to S1 for the communication device 2 and the information type is set to S0 for the communication devices 3 and 4.
 また、通信許可期間については、情報タイプフラグに応じた期間が設定される。なお、この通信許可期間は、各通信装置がルーター1を介して初めて所定のネットワーク10に無線接続した時点を起点として適用される相対的な期間(例えば、無線接続時から1週間等)とすることができる。本実施例の場合、情報タイプがS0の場合には通信許可期間にT0が設定され、情報タイプがS1の場合には通信許可期間にT1が設定される。そして、通信許可期間T0は、通信許可期間T1より長い。情報タイプがS1である通信装置2は、ルーター1から直接無線設定情報を取得せずに、通信装置3から取得している。このような場合、通信装置2による無線接続は暫定的なもので十分な場合も多く、また、図6に従う設定情報提供処理では通信装置2のための自己無線設定情報の提供にルーター1が関与していないため、通信装置2による無線接続が無制限に継続されるのが必ずしも好ましいとは言えない。そこで、情報タイプがS1の通信装置2の通信許可期間を情報タイプがS0の通信装置3、4の通信許可期間より短くすることで、不用意な無線接続が継続することを抑制することができる。 Also, the communication permission period is set according to the information type flag. The communication permission period is a relative period (for example, one week from the time of wireless connection) applied from the time when each communication apparatus is wirelessly connected to the predetermined network 10 for the first time via the router 1. be able to. In this embodiment, when the information type is S0, T0 is set for the communication permission period, and when the information type is S1, T1 is set for the communication permission period. The communication permission period T0 is longer than the communication permission period T1. The communication device 2 whose information type is S1 does not acquire the wireless setting information directly from the router 1, but acquires it from the communication device 3. In such a case, the wireless connection by the communication device 2 is often temporary and sufficient, and the setting information providing process according to FIG. 6 involves the router 1 in providing the self-wireless setting information for the communication device 2. Therefore, it is not necessarily preferable that the wireless connection by the communication device 2 is continued without limitation. Therefore, by making the communication permission period of the communication device 2 with the information type S1 shorter than the communication permission period of the communication devices 3 and 4 with the information type S0, it is possible to prevent the inadvertent wireless connection from continuing. .
 また、通信許可期間の設定の別法として、特定の日時をアクセスの最終期限として設定することで、通信許可期間を表現してもよい。例えば、2014年10月31日のようにアクセスが許可される最終日時が、通信許可期間の最終日として管理用無線設定情報1aの通信許可期間に入力されてもよい。この場合、入力されたアクセスの最終期限と初めて無線接続した時点とで算出されるアクセス期間について、通信装置2の期間の方が、通信装置3、4の期間よりも短く設定される。 Also, as another method of setting the communication permission period, the communication permission period may be expressed by setting a specific date and time as the last access time limit. For example, the last date and time when access is permitted as of October 31, 2014 may be input to the communication permission period of the management wireless setting information 1a as the last day of the communication permission period. In this case, the period of the communication device 2 is set to be shorter than the period of the communication devices 3 and 4 with respect to the access period calculated based on the final deadline of the input access and the first wireless connection.
 また、情報タイプを更に細分化して、それに応じて通信許可期間を細かく設定してもよい。例えば、図8に従う設定情報提供処理では通信装置2のための自己無線設定情報の提供にルーター1が関与しているため、図6に従う設定情報提供処理と比べて、ルーター1による無線接続の管理の側面からは好ましいと考えることができる。そこで、図8に従う設定情報提供処理により通信装置2が自己無線設定情報を取得した場合には、情報タイプをS2として、それに対応する通信許可期間を、上記T1より長く且つ上記T0より短い期間に設定してもよい。 Also, the information type may be further subdivided, and the communication permission period may be set in detail accordingly. For example, in the setting information providing process according to FIG. 8, the router 1 is involved in providing the self-radio setting information for the communication device 2. Therefore, compared with the setting information providing process according to FIG. From this aspect, it can be considered preferable. Therefore, when the communication apparatus 2 acquires the self-radio setting information by the setting information providing process according to FIG. 8, the information type is set to S2, and the corresponding communication permission period is longer than T1 and shorter than T0. It may be set.
 なお、上記の通信許可期間の設定については、上述の形態以外の設定を採用してもよい。例えば、情報タイプにかかわらず何れの通信装置に対しても同じ通信許可期間を設定してもよい。また、通信装置2による無線接続が可能とされる期間を、通信装置2側で管理してもよい。この場合、通信装置2の自己無線設定情報に、通信装置2が当該自己無線設定情報を使用して無線接続することが可能な通信可能期間に関する情報が含まれ、通信装置2はその通信可能期間に従って、ルーター1を介して所定のネットワーク10への無線接続を行う。 In addition, about the setting of said communication permission period, you may employ | adopt settings other than the above-mentioned form. For example, the same communication permission period may be set for any communication device regardless of the information type. Further, a period during which wireless connection by the communication device 2 is possible may be managed on the communication device 2 side. In this case, the self-radio setting information of the communication device 2 includes information regarding a communicable period during which the communication device 2 can wirelessly connect using the self-radio setting information. Accordingly, a wireless connection to a predetermined network 10 is performed via the router 1.
 <本発明が適用される無線接続システムの具体例>
 上述までの実施例で示した本発明が適用される無線接続システムの具体例をしめす。
 (例1)
 家庭やオフィス等に設けられたLANへのアクセスを管理するルーターを介した当該LANへの無線接続に、本発明を適用できる。例えば、ルーターが天井近くの手の届きにくい場所に設置されているような場合には、当該ルーターと事前に無線設定情報の交換を行っているPC端末があれば、新たなPC端末やタブレット装置等は、既に無線接続を行っている当該PC端末との間で、上記の無線接続処理と設定情報提供処理を行うことで、そのLANに無線接続することが可能となる。 <Specific example of wireless connection system to which the present invention is applied>
A specific example of a wireless connection system to which the present invention shown in the above embodiments is applied will be shown.
(Example 1)
The present invention can be applied to a wireless connection to a LAN via a router that manages access to the LAN provided in a home or office. For example, if the router is installed in a place near the ceiling where it is difficult to reach, if there is a PC terminal that exchanges wireless setting information with the router in advance, a new PC terminal or tablet device Etc. can perform wireless connection to the LAN by performing the above-described wireless connection processing and setting information provision processing with the PC terminal already performing wireless connection.
 (例2)
 工場で運用されている無線ネットワークは、工場での作業に支障が生じないようにルーター等が目立たない場所に設置される場合がある。そのような無線ネットワークにおいて、工場での製造の進捗確認や製造設備の管理のために管理端末を持ち込む場合がある。ただし、当該管理端末は、その工場以外でも別の用途で使用されるものであるため、工場内の無線ネットワークに予め組み込むことができない。そこで、このような場合、既にルーターを介して無線ネットワークに無線接続している通信装置と管理端末との間で、上記の無線接続処理と設定情報提供処理を行うことで、工場内に無線ネットワークが形成された後に、当該無線ネットワークに無線接続することが可能となる。 (Example 2)
A wireless network operated in a factory may be installed in a place where a router or the like is not conspicuous so as not to hinder the work in the factory. In such a wireless network, there is a case where a management terminal is brought in for confirmation of manufacturing progress in a factory and management of manufacturing equipment. However, since the management terminal is used for other purposes outside the factory, it cannot be incorporated in the wireless network in the factory in advance. Therefore, in such a case, the above wireless connection processing and setting information provision processing are performed between the communication device and the management terminal that are already wirelessly connected to the wireless network via the router, so that the wireless network is installed in the factory. Can be wirelessly connected to the wireless network.
 ここで、図10に本発明の第2の実施例に係る無線接続システムの概略構成を示す。当該無線接続システムに含まれる通信装置は、様々な外部環境パラメータ(温度等)を計測するためのセンサが搭載された伝送モジュールである。図10には、伝送モジュール52~57の6台の伝送モジュールが示されている。伝送モジュール52~57は、計測された外部環境パラメータを所定のネットワーク10に接続されているサーバ50に収集するように、各伝送モジュールが自己の無線設定情報を使用してルーター1と無線通信し、そこを介して計測された外部環境パラメータを伝送する。 FIG. 10 shows a schematic configuration of the wireless connection system according to the second embodiment of the present invention. The communication device included in the wireless connection system is a transmission module equipped with sensors for measuring various external environment parameters (temperature, etc.). FIG. 10 shows six transmission modules 52 to 57. Each of the transmission modules 52 to 57 wirelessly communicates with the router 1 using its own wireless setting information so that the measured external environment parameters are collected by the server 50 connected to the predetermined network 10. Transmit external environmental parameters measured through it.
 なお、伝送モジュール52~57に搭載されたセンサによる計測、およびその計測データのサーバ50への伝送は、継続的な情報収集を実現するために、各伝送モジュールで電源が投入されてから、所定の間隔で(例えば、一定の間隔で)繰り返し実行されるものである。また、伝送モジュール52~57は、図2Bに示した機能部を全て有しており、その他に、計測対象を計測するセンサ機能部(伝送モジュール52~57のそれぞれにおいて、参照番号52b~57bとして記されている)、計測した情報を記録したり処理したりする機能部、外部から電源供給を受けずに内蔵のバッテリから制御回路やメモリ等のための電力供給を行う電力供給機能部を有する小型のデバイスとして構成される。 The measurement by the sensors mounted on the transmission modules 52 to 57 and the transmission of the measurement data to the server 50 are performed after the power is turned on in each transmission module in order to realize continuous information collection. Are executed repeatedly at regular intervals (for example, at regular intervals). In addition, the transmission modules 52 to 57 have all the functional units shown in FIG. 2B. In addition, the sensor functional units for measuring the measurement target (reference numbers 52b to 57b in the transmission modules 52 to 57, respectively). A function unit that records and processes measured information, and a power supply function unit that supplies power for a control circuit, a memory, and the like from a built-in battery without receiving power supply from the outside. Configured as a small device.
 このような伝送モジュール52~57に搭載されるセンサとしては、例えば、温度センサ、湿度センサ、加速度センサ、照度センサ、フローセンサ、圧力センサ、地温センサ、パーティクルセンサ等の物理系センサや、COセンサ、pHセンサ、ECセンサ、土壌水分センサ等の化学系センサがある。本実施の形態では、説明を簡便にするために、各伝送モジュールには、それぞれが配置された位置における外部温度を計測するための温度センサが搭載されているものとし、その計測された温度データはサーバ50へと伝送されることになる。 Examples of sensors mounted on the transmission modules 52 to 57 include physical sensors such as a temperature sensor, a humidity sensor, an acceleration sensor, an illuminance sensor, a flow sensor, a pressure sensor, a ground temperature sensor, and a particle sensor, and CO 2. There are chemical sensors such as sensors, pH sensors, EC sensors, and soil moisture sensors. In the present embodiment, in order to simplify the explanation, it is assumed that each transmission module is equipped with a temperature sensor for measuring the external temperature at the position where each transmission module is disposed, and the measured temperature data Is transmitted to the server 50.
 図10に示す無線接続システムが形成された経緯を説明する。伝送モジュール52は、図10に示す伝送モジュールの中で最も早い時期にルーター1を介して所定のネットワーク10に無線接続可能となったものであり、伝送モジュール52は、ルーター1から無線設定情報を直接取得している。したがって、伝送モジュール52は、上記無線接続処理を実行してその無線設定情報を取得したのではなく、例えばWPS方式に従いルーター1からその無線設定情報を取得したものである。 The process of forming the wireless connection system shown in FIG. 10 will be described. The transmission module 52 is wirelessly connectable to a predetermined network 10 via the router 1 at the earliest time among the transmission modules shown in FIG. 10. The transmission module 52 receives wireless setting information from the router 1. Get directly. Therefore, the transmission module 52 does not acquire the wireless setting information by executing the wireless connection process, but acquires the wireless setting information from the router 1 according to the WPS method, for example.
 次に、伝送モジュール53については、伝送モジュール53で上記無線接続処理が実行され、それに呼応して、その時点で既に無線接続を行っている伝送モジュール52で上記設定情報提供処理が実行されることで、伝送モジュール53が使用可能な無線設定情報が伝送モジュール52から取得される。同様に、伝送モジュール54は、自己が使用可能な無線設定情報を伝送モジュール53から取得する。このように無線設定情報を取得した伝送モジュール53、54は、その無線設定情報を利用してルーター1との無線通信を開始し、所定のネットワーク10への無線接続を開始する。これら伝送モジュール52、53、54によるそれぞれの無線設定情報の取得は、所定の取得のための方式に従ったものであり、不正な取得には当たらない。このような正式な無線設定情報の取得は、図10に白抜きの矢印で示される。 Next, for the transmission module 53, the wireless connection process is executed in the transmission module 53, and the setting information providing process is executed in response to the transmission module 52 that is already wirelessly connected at that time. Thus, wireless setting information usable by the transmission module 53 is acquired from the transmission module 52. Similarly, the transmission module 54 acquires wireless setting information that can be used by the transmission module 54 from the transmission module 53. The transmission modules 53 and 54 that have acquired the wireless setting information in this way start wireless communication with the router 1 using the wireless setting information and start wireless connection to the predetermined network 10. Acquisition of each wireless setting information by these transmission modules 52, 53, and 54 follows a predetermined acquisition method, and does not constitute unauthorized acquisition. Acquisition of such formal wireless setting information is indicated by a white arrow in FIG.
 ここで、図10に示す無線接続システムでは、各伝送モジュールはルーター1を介した所定のネットワーク10への無線接続のために使用する無線設定情報は、識別情報(ログイン名)とパスワードを含んで形成される。そして、当該パスワードは無線接続する全ての伝送モジュールにおいて共通に使用されるものとする。また、ログイン名は、自己の伝送モジュールのサブ識別情報と、伝送モジュールが無線設定情報を取得した取得先に対応したサブ識別情報が、無線設定情報の取得が重ねられる度に付加されて形成されるものとする。例えば、伝送モジュール52はルーター1から無線設定情報を取得するため、そのログイン名は、ルーター1に対応したサブ識別情報RRに伝送モジュール52自身のサブ識別情報AAが加えられ、RRAAとなる。次に、伝送モジュール53は伝送モジュール52から無線設定情報を取得するため、そのログイン名は、伝送モジュール52のログイン名RRAAに、伝送モジュール53自身のサブ識別情報BBを付加したRRAABBとなる。同じように、伝送モジュール54のログイン名は、伝送モジュール53のログイン名RRAABBに、伝送モジュール54自身のサブ識別情報CCを付加したRRAABBCCとなる。 Here, in the wireless connection system shown in FIG. 10, each transmission module uses wireless setting information used for wireless connection to a predetermined network 10 via the router 1 including identification information (login name) and a password. It is formed. The password is used in common for all transmission modules connected wirelessly. Also, the login name is formed by adding the sub-identification information of the own transmission module and the sub-identification information corresponding to the acquisition destination from which the transmission module has acquired the wireless setting information each time the acquisition of the wireless setting information is repeated. Shall be. For example, since the transmission module 52 acquires the wireless setting information from the router 1, the login name is RRAA by adding the sub-identification information AA of the transmission module 52 itself to the sub-identification information RR corresponding to the router 1. Next, since the transmission module 53 acquires the wireless setting information from the transmission module 52, the login name is RRAABB in which the sub-identification information BB of the transmission module 53 itself is added to the login name RRAA of the transmission module 52. Similarly, the login name of the transmission module 54 is RRAABBCC obtained by adding the sub-identification information CC of the transmission module 54 itself to the login name RRAABB of the transmission module 53.
 ここで、伝送モジュール55は、上記無線接続処理を行わずに、伝送モジュール54との間の無線通信を経由して、伝送モジュール55が使用可能な無線設定情報を伝送モジュール54から不正に取得したものとする。具体的には、伝送モジュール55は、伝送モジュール54に対して所定のフォーマットの無線設定情報の要求を行わず、すなわち、図7(c)に示す要求メッセージ情報の送信は行わずに、伝送モジュール54への不正なアクセスにより、伝送モジュール54が有している無線設定情報を不正に盗み出す。この結果、伝送モジュール55は、不正にアクセスした伝送モジュール54のログイン名RRAABBCCと伝送モジュール55自身のサブ識別情報XXを利用して、自己のログイン名RRAABBCCXXを作成し、そのログイン名とともに共通のパスワードを用いて伝送モジュール55用の無線設定情報を作成し、それを使用してルーター1への無線通信を実行する。この伝送モジュール55による無線設定情報の取得は不正なものであり、図10においては、上記の正式な取得と区別して、黒塗りの矢印で示される。 Here, the transmission module 55 illegally acquired the wireless setting information usable by the transmission module 55 from the transmission module 54 via wireless communication with the transmission module 54 without performing the wireless connection process. Shall. Specifically, the transmission module 55 does not request the transmission module 54 for wireless setting information in a predetermined format, that is, without transmitting the request message information shown in FIG. By unauthorized access to 54, the wireless setting information possessed by the transmission module 54 is illegally stolen. As a result, the transmission module 55 creates its own login name RRAABBCCXX using the login name RRAABBCCC of the transmission module 54 that has been illegally accessed and the sub-identification information XX of the transmission module 55 itself, and a common password together with the login name. Is used to create wireless setting information for the transmission module 55, and wireless communication to the router 1 is executed using the wireless setting information. Acquisition of the wireless setting information by the transmission module 55 is illegal, and is indicated by a solid arrow in FIG. 10 to distinguish it from the above-mentioned formal acquisition.
 更に、図10に示す無線接続システムでは、伝送モジュール56、57は伝送モジュール55から無線設定情報を取得している。この伝送モジュール56、57による取得は、上記の正式な取得であれ不正な取得であれ、不正な無線設定情報の取得を行った伝送モジュール55からの取得である。そのため、伝送モジュール56、57が保持するパスワードは、いわば伝送モジュール55が保持するパスワードと同様に、他の伝送モジュールから盗み出したものとみなされる。よって、伝送モジュール56、57による無線設定の取得は、伝送モジュール55と同じように黒塗りの矢印で示される。なお、伝送モジュール56、57のそれぞれに対応する自己のサブ識別情報は、YY、ZZであり、よって、伝送モジュール56、57のログイン名は、それぞれ、RRAABBCCXXYY、RRAABBCCXXZZとなる。 Further, in the wireless connection system shown in FIG. 10, the transmission modules 56 and 57 acquire the wireless setting information from the transmission module 55. The acquisition by the transmission modules 56 and 57 is acquisition from the transmission module 55 that has acquired the unauthorized wireless setting information, whether it is the above-described formal acquisition or unauthorized acquisition. For this reason, the password held by the transmission modules 56 and 57 is considered to be stolen from other transmission modules in the same manner as the password held by the transmission module 55. Therefore, acquisition of the wireless setting by the transmission modules 56 and 57 is indicated by a solid arrow as in the transmission module 55. The sub-identification information corresponding to each of the transmission modules 56 and 57 is YY and ZZ. Therefore, the login names of the transmission modules 56 and 57 are RRAABBCCCXYY and RRAABBCCXXZZ, respectively.
 <取得経路情報管理処理>
 ここで、ルーター1では、何れかの伝送モジュールがその無線設定情報を取得してルーター1への無線通信を開始し、所定のネットワーク10に無線接続しようとしたときに、当該伝送モジュールが使用している無線設定情報をどのような経路で取得したか管理を行う取得経路情報管理処理が行われる。この取得経路情報管理処理は、取得経路情報管理部131によって実行され、その処理の流れが図11のフローチャートに示されている。そして、この取得経路情報管理処理が、各伝送モジュールのルーター1へのアクセス毎に行われることで、図12に示す所得経路情報のデータベースが形成されることになる。以下、これらの詳細な説明をする。 <Acquisition route information management processing>
Here, in the router 1, when any one of the transmission modules acquires the wireless setting information, starts wireless communication to the router 1, and attempts to wirelessly connect to a predetermined network 10, the transmission module uses the transmission module. An acquisition route information management process is performed to manage the route through which the wireless setting information is acquired. This acquisition route information management processing is executed by the acquisition route information management unit 131, and the flow of the processing is shown in the flowchart of FIG. The acquired route information management process is performed for each access to the router 1 of each transmission module, whereby the income route information database shown in FIG. 12 is formed. These will be described in detail below.
 S301では、各伝送モジュールによるルーター1へのアクセスが、当該伝送モジュールが有する無線設定情報を使用した新規のアクセスであるか否かが判定される。各伝送モジュールがルーター1との無線通信のために使用する無線設定情報が最初の使用であるか否かに基づいて、S301の判定が行われることになる。S301で肯定判定されるとS302へ進み、否定判定されると本処理を終了する。 In S301, it is determined whether or not the access to the router 1 by each transmission module is a new access using the wireless setting information of the transmission module. The determination of S301 is performed based on whether or not the wireless setting information that each transmission module uses for wireless communication with the router 1 is the first use. If an affirmative determination is made in S301, the process proceeds to S302, and if a negative determination is made, this process ends.
 そして、S302では、新たなアクセスをしてきた伝送モジュールが使用している自己の無線設定情報に含まれるログイン名(伝送モジュールがルーター1を介して所定のネットワーク10に無線接続する際に使用する識別情報)が抽出される。一例を挙げると、伝送モジュール52の場合は「AA」であり、伝送モジュール55の場合は「AABBCCXX」である。その後、S303で、抽出されたログイン名から、各伝送モジュールが保持する無線設定情報の取得経路が特定される。この取得経路の特定に当たっては、各伝送モジュールのログイン名が、無線設定情報の取得のために辿ってきた伝送モジュールのサブ識別情報が連結されて形成されていることを考慮して行われる。したがって、例えば、伝送モジュール52の取得経路は、そのログイン名の最後尾に付与されている伝送モジュール52自身のサブ識別情報AAを除いた「RR」から判断され、この場合、「RR」に対応するルーター1のみが、伝送モジュール52の無線設定情報の取得経路とされる。また、伝送モジュール55の取得経路については、伝送モジュール55自身のサブ識別情報XXを除いた「RRAABBCC」から判断され、この場合、ルーター1、伝送モジュール52、53、54が、その取得経路とされる。 In S302, the login name (identification used when the transmission module wirelessly connects to the predetermined network 10 via the router 1) included in its own wireless setting information used by the transmission module that has made a new access. Information) is extracted. As an example, the transmission module 52 is “AA”, and the transmission module 55 is “AABBCCXX”. Thereafter, in S303, the acquisition path of the wireless setting information held by each transmission module is specified from the extracted login name. The acquisition path is specified in consideration of the fact that the login name of each transmission module is formed by concatenating the sub-identification information of the transmission module that has been traced to acquire the wireless setting information. Accordingly, for example, the acquisition path of the transmission module 52 is determined from “RR” excluding the sub-identification information AA of the transmission module 52 itself given at the end of the login name. In this case, the acquisition path corresponds to “RR”. Only the router 1 to be used is the acquisition path for the wireless setting information of the transmission module 52. Further, the acquisition path of the transmission module 55 is determined from “RRABBBCC” excluding the sub-identification information XX of the transmission module 55 itself. In this case, the router 1 and the transmission modules 52, 53, and 54 are set as the acquisition paths. The
 そして、S303の処理の後S304へ進み、そこで、S303で特定された各伝送モジュールの取得経路が取得経路情報のデータベースに追加される。このようにして生成された取得経路情報のデータベースを図12に示す。なお、図12では、各取得経路が、無線設定情報の取得に当たって辿って行ったルーター1、各伝送モジュールを時間順に、第1取得先、第2取得先、・・・と記載しており、その取得先の表示においては、経由したルーター1、伝送モジュールの各装置の識別番号(装置ID)を用いている。図12においては、ルーター1の装置IDは0001とされ、伝送モジュール52~57のそれぞれの装置IDは、2001~7001とされる。このように図11の取得経路情報管理処理により、各伝送モジュールが取得した無線設定情報の取得経路が、経由してきた装置(ルータ1、各伝送モジュール)の装置IDの順で把握されることになる。 Then, after the process of S303, the process proceeds to S304, where the acquisition path of each transmission module specified in S303 is added to the acquisition path information database. A database of acquired route information generated in this way is shown in FIG. In FIG. 12, each acquisition path describes the router 1 and the transmission modules that are traced in acquiring the wireless setting information in the order of time as a first acquisition destination, a second acquisition destination, and so on. In the display of the acquisition destination, the identification number (device ID) of each device of the router 1 and the transmission module that is passed is used. In FIG. 12, the device ID of the router 1 is 0001, and the device IDs of the transmission modules 52 to 57 are 2001 to 7001, respectively. As described above, the acquisition path information management process of FIG. 11 grasps the acquisition path of the wireless setting information acquired by each transmission module in the order of the apparatus ID of the apparatus (router 1, each transmission module) that has passed through. Become.
 <遮断処理>
 ルーター1を介して複数の伝送モジュールが所定のネットワーク10に無線接続を開始することで、各伝送モジュールにおいて計測された温度データがサーバ50へと伝送される。ここで、所定のネットワーク10において、仮に、所定のネットワーク10の負荷(伝送情報量)が過剰に増大したり、サーバ50に伝送されるべき温度データがサーバ50以外の目的地に送られたりする等、本来起こるべきではない事象が発生するのは、ネットワーク管理の面から当然に好ましくない。ここで、図10に示す無線接続システムでは、伝送モジュール55は、伝送モジュール54から不正に無線設定手情報を取得しており、この結果として、上述のような本来起こるべきではない事象が発生する可能性は高い。そこで、このように不正に無線設定情報を取得した伝送モジュールを不正伝送モジュールと称し、図10の無線接続システムの説明に従えば、伝送モジュール55~57が、不正伝送モジュールに相当することになる。 <Blocking process>
When a plurality of transmission modules start wireless connection to a predetermined network 10 via the router 1, temperature data measured in each transmission module is transmitted to the server 50. Here, in the predetermined network 10, temporarily, the load (transmission information amount) of the predetermined network 10 excessively increases, or temperature data to be transmitted to the server 50 is sent to a destination other than the server 50. The occurrence of an event that should not occur originally is naturally undesirable from the viewpoint of network management. Here, in the wireless connection system shown in FIG. 10, the transmission module 55 illegally acquires wireless setting hand information from the transmission module 54, and as a result, an event that should not occur as described above occurs. The possibility is high. Therefore, the transmission module that has obtained the wireless setting information in an unauthorized manner is referred to as an unauthorized transmission module, and according to the description of the wireless connection system in FIG. 10, the transmission modules 55 to 57 correspond to the unauthorized transmission module. .
 そして、本発明に係る無線接続システムでは、ルーター1を介して所定のネットワーク10に無線接続する伝送モジュールによって、本来起こるべきではない事象が発生していると思われる場合には、当該事象は不正伝送モジュールの不正接続に起因するものと判断し、当該不正伝送モジュールの所定のネットワークへの無線接続を停止させるために、不正伝送モジュールとルーター1との無線通信の遮断処理が行われる。この遮断処理は、不正検知部132と遮断管理部133によって実行され、その処理の流れが図13のフローチャートに記載されている。 In the wireless connection system according to the present invention, if it is considered that an event that should not occur originally is generated by the transmission module that is wirelessly connected to the predetermined network 10 via the router 1, the event is illegal. In order to determine that it is caused by an unauthorized connection of the transmission module and to stop the wireless connection of the unauthorized transmission module to a predetermined network, a process of blocking wireless communication between the unauthorized transmission module and the router 1 is performed. This blocking process is executed by the fraud detection unit 132 and the blocking management unit 133, and the flow of the processing is described in the flowchart of FIG.
 先ず、S401では、不正検知部132により、ルーター1が接続管理する伝送モジュール(本実施例の場合、伝送モジュール52~57)による無線接続において、不正接続状態が検知されたか否かが判定される。具体的には、不正検知部132が、各伝送モジュールから伝送されてくる温度データの宛先を確認し、その宛先が本来の宛先であるサーバ50ではなく、他の宛先となっていた場合には、不正接続状態が発生しているとの検知が可能であり、この場合、当該温度データを伝送している伝送モジュールは不正伝送モジュールに相当する。 First, in S401, the fraud detection unit 132 determines whether an unauthorized connection state is detected in the wireless connection by the transmission module (in the present embodiment, the transmission modules 52 to 57) managed by the router 1. . Specifically, the fraud detection unit 132 confirms the destination of the temperature data transmitted from each transmission module, and when the destination is not the server 50 that is the original destination but another destination. In this case, the transmission module that transmits the temperature data corresponds to the unauthorized transmission module.
 別法としては、本来であればセキュリティのために各伝送モジュールから伝送されるデータには暗号化が施されるべきところその温度データに暗号処理が施されずに送られてきたり、定められている伝送間隔よりも極端に短い間隔で伝送が行われその結果としてネットワークの負荷が増大していたりする場合等も、不正接続が発生しているとの検知が可能である。更に、別法として、伝送モジュールから伝送されてくるデータが温度データではなく、別のデータ(計測データに限られない)である場合にも不正接続状態が発生していると検知することができる。仮に不正伝送モジュールが何らかの理由でDos攻撃(Denial of Service attack)を行うように設定されている場合は、このようなネットワーク負荷の増大やデータ内容に基づいてその不正接続状態を検知することができる。更には、所定のネットワークを監視するユーザ(作業者)が不正接続状態の発生を認知し、ルーター1と電気的に接続される管理端末においてその不正接続状態の発生を入力し、当該入力がルーター1に伝えられることで不正検知部132がその不正接続状態を検知するように構成されてもよい。S401で肯定判定されるとS402へ進み、否定判定されると遮断処理は終了される。 As an alternative, for security purposes, data transmitted from each transmission module should be encrypted, but the temperature data is sent without being subjected to cryptographic processing, or is defined. Even when transmission is performed at an extremely shorter interval than the existing transmission interval and the load on the network increases as a result, it is possible to detect that an unauthorized connection has occurred. Further, as another method, it is possible to detect that an unauthorized connection state has occurred even when the data transmitted from the transmission module is not temperature data but other data (not limited to measurement data). . If the unauthorized transmission module is set to perform a Dos attack (Denial of Service attack) for some reason, the unauthorized connection state can be detected based on such an increase in network load and data contents. . Furthermore, a user (worker) who monitors a predetermined network recognizes the occurrence of an unauthorized connection state, and inputs the occurrence of the unauthorized connection state at a management terminal electrically connected to the router 1. 1, the fraud detection unit 132 may be configured to detect the unauthorized connection state. If an affirmative determination is made in S401, the process proceeds to S402, and if a negative determination is made, the blocking process is terminated.
 次のS402とS403は、遮断管理部133によって実行される。先ず、S402では、検知された不正接続状態に関し、不正接続を行っている伝送モジュールを所定のネットワーク10との無線接続から切り離すための、ルーター1との無線通信の遮断条件が決定される。具体的には、不正接続状態の検知において、温度データの伝送の宛先が使用された場合、その宛先がサーバ50ではない温度データを伝送していた伝送モジュールの装置IDと取得経路管理部131が有している取得経路情報のデータベースを利用して、不正接続状態に関連する遮断条件が決定される。 The next steps S402 and S403 are executed by the blocking management unit 133. First, in step S <b> 402, regarding the detected unauthorized connection state, a condition for blocking wireless communication with the router 1 is determined for disconnecting the transmission module performing unauthorized connection from the wireless connection with the predetermined network 10. Specifically, when the destination of the temperature data transmission is used in the detection of the unauthorized connection state, the device ID of the transmission module that has transmitted the temperature data whose destination is not the server 50 and the acquisition path management unit 131 The blocking condition related to the unauthorized connection state is determined using the database of acquired route information.
 そこで、遮断条件の決定のプロセスの一例を説明する。不正検知部302による不正接続状態の検知において、不正な温度データの伝送を行っている不正伝送モジュールとして伝送モジュール55が認知される。そして、取得経路情報のデータベースにおいて、不正伝送モジュール55と、無線設定情報の取得経路において該不正伝送モジュール55の装置ID(5001)が含まれる取得経路に対応する伝送モジュールを遮断対象の伝送モジュールとする。これは、不正な温度データの伝送を行っている伝送モジュールから無線設定情報が提供された伝送モジュールも、同じように不正な温度データの伝送を行う蓋然性が高いという考えに基づく。以上を踏まえ、本実施例では、不正接続状態に関連する遮断条件は、「取得経路情報のデータベースにおいて、装置IDが5001の伝送モジュールと、無線設定情報の取得経路に装置IDが含まれる伝送モジュール」という条件となる。 Therefore, an example of the process for determining the blocking condition will be described. In the detection of an unauthorized connection state by the unauthorized detection unit 302, the transmission module 55 is recognized as an unauthorized transmission module that transmits unauthorized temperature data. Then, in the acquisition path information database, the unauthorized transmission module 55, and the transmission module corresponding to the acquisition path including the device ID (5001) of the unauthorized transmission module 55 in the acquisition path of the wireless setting information are blocked transmission modules. To do. This is based on the idea that a transmission module provided with wireless setting information from a transmission module that transmits unauthorized temperature data is also likely to transmit unauthorized temperature data. Based on the above, in this embodiment, the blocking condition related to the unauthorized connection state is “transmission module with device ID 5001 in the acquisition route information database and transmission module with device ID included in the acquisition route of wireless setting information” Is the condition.
 そして、S403では、S402で決定された遮断条件に従って、無線通信の遮断対象となる伝送モジュール(本実施例の場合は、図12に示すように伝送モジュール55~57)とルーター1との無線通信の遮断が一括して行われる。上記のように無線設定情報の取得経路に基づいて遮断条件が決定されているため、遮断対象となる伝送モジュールの特定が極めて容易に行われる。なお、具体的な無線通信の遮断については、ルーター1から伝送モジュール55~57に対してルーター1へのアクセスを停止するようにコマンドが送信される。また、別法としては、伝送モジュール55~57からルーター1へ伝送される信号(温度データを含む)の受信をルーター1が拒否してもよい。 Then, in S403, wireless communication between the router 1 and the transmission module (transmission modules 55 to 57 as shown in FIG. 12 in this embodiment) that is the subject of wireless communication interruption in accordance with the interruption condition determined in S402. Are blocked all at once. Since the blocking condition is determined based on the acquisition path of the wireless setting information as described above, the transmission module to be blocked can be identified very easily. For specific wireless communication interruption, a command is transmitted from the router 1 to the transmission modules 55 to 57 so as to stop access to the router 1. As another method, the router 1 may refuse to receive signals (including temperature data) transmitted from the transmission modules 55 to 57 to the router 1.
 上記の遮断処理によれば、ルーター1に無線接続している伝送モジュールにより不正接続状態が形成されていることが検知されると、取得経路情報管理部131によって管理されている取得経路情報のデータベースに従って、無線通信の遮断対象となる伝送モジュールに関する遮断条件が決定される。これにより、無線通信の遮断処理をまとめて行うことができ、ルーター1による無線接続の管理が容易になる。 According to the above-described blocking process, when it is detected that an unauthorized connection state is formed by the transmission module wirelessly connected to the router 1, the acquired route information database managed by the acquired route information management unit 131. Accordingly, the blocking condition for the transmission module to be blocked by wireless communication is determined. As a result, the wireless communication blocking process can be performed collectively, and the management of the wireless connection by the router 1 is facilitated.
 <遮断処理の変形例>
 ここで、図14に遮断処理の変形例を示す。図14に示す遮断処理における各処理のうち、図13に示す遮断処理における各処理と同一のものについては同一の参照番号を付すことで、その詳細な説明を省略する。本変形例に係る遮断処理では、S402の処理が終了するとS501へ進む。 <Modified example of blocking process>
Here, FIG. 14 shows a modification of the blocking process. Among the processes in the blocking process shown in FIG. 14, the same processes as those in the blocking process shown in FIG. 13 are denoted by the same reference numerals, and detailed description thereof is omitted. In the blocking process according to this modification, when the process of S402 ends, the process proceeds to S501.
 S501では、S402で決定された遮断条件に従って、無線通信の遮断対象となる遮断対象モジュール(本実施例の場合は、伝送モジュール55~57)の無線通信機能の制限が行われる。この制限処理も、遮断管理部133によって実行される。この無線通信機能の制限処理の目的は、後述のS502で行われる復旧処理によって遮断対象モジュール(不正伝送モジュール)を正常な状態の伝送モジュールに復旧する可能性があるので、いたずらに遮断対象モジュールを所定のネットワーク10から切り離さないようにするためであり、且つ、遮断対象モジュールによる所定のネットワーク10への影響を緩和するためである。したがって、この無線通信機能の制限処理が行われた遮断対象モジュールにおいては、まだルーター1との無線通信が何らかの形で可能な状態に維持されている。 In S501, the wireless communication function of the blocking target module (in the present embodiment, the transmission modules 55 to 57 in the present embodiment) that is the blocking target of wireless communication is limited in accordance with the blocking condition determined in S402. This restriction process is also executed by the cutoff management unit 133. The purpose of this wireless communication function restriction process is that there is a possibility that the interruption target module (illegal transmission module) may be restored to a normal transmission module by the restoration process performed in S502, which will be described later. This is in order not to be disconnected from the predetermined network 10 and to mitigate the influence on the predetermined network 10 by the blocking target module. Therefore, in the blocking target module that has been subjected to the restriction process of the wireless communication function, the wireless communication with the router 1 is still maintained in a state where it can be performed in some form.
 ここで、無線通信機能の制限の一例としては、ルーター1から遮断対象モジュールへの情報は送信できるが、遮断対象モジュールからルーター1への情報はルーター1に届かないように遮断対象モジュール1の送信機能を停止させ、又は、ルーター1が遮断対象モジュールからの情報の受信を拒否するようにしてもよい。また、別法としては、遮断対象モジュールからルーター1に送信される情報の内容に基づいて、遮断対象モジュールの送信機能を変更してもよい。例えば、遮断対象モジュールがルーター1に対して、温度データ以外に、本来はルーター1に送信されるべきではない、様々な情報や制御コマンドを送信している場合には、温度データのみを送信させ、その他の制御コマンド等は送信させないようにする。S501の処理が終了すると、S502へ進む。 Here, as an example of the restriction of the wireless communication function, information from the router 1 to the blocking target module can be transmitted, but information from the blocking target module to the router 1 is transmitted from the blocking target module 1 so that the information does not reach the router 1. The function may be stopped, or the router 1 may refuse to receive information from the blocking target module. As another method, the transmission function of the blocking target module may be changed based on the content of information transmitted from the blocking target module to the router 1. For example, if the module to be blocked is sending various information and control commands that should not be sent to the router 1 in addition to the temperature data to the router 1, only the temperature data is sent. Other control commands are not transmitted. When the processing of S501 ends, the process proceeds to S502.
 S502では、遮断管理部133により復旧処理が行われる。この復旧処理は、遮断対象モジュールを正常な状態の伝送モジュールに戻すための処理である。例えば、通信機能が制限されている遮断対象モジュールに対して再起動のコマンドを送信する。そして、一定時間の経過を待って遮断対象モジュールの情報伝送の挙動に変化がなければ(例えば、温度データの送信先がサーバ50に戻らないままである等)、その復旧処理は不成功であり、情報伝送の挙動が正常な挙動に戻れば(例えば、温度データの送信先がサーバ50に戻る等)、その復旧処理は成功ということになる。そこで、S503では、当該復旧処理が成功したと判定される場合はS504に進み、そこでS402で決定された遮断条件がリセットされる。したがって、この場合は、遮断対象モジュールとされた伝送モジュール55~57は、正常な伝送モジュールとしてルーター1を介した所定のネットワークへの無線接続を継続する。一方で、S503で復旧処理が成功しなかったと判定される場合はS403へ進み、上記の遮断対象モジュール55~57の一括の遮断処理が行われる。 In S502, the shutdown management unit 133 performs a recovery process. This restoration process is a process for returning the shut-off target module to a normal transmission module. For example, a restart command is transmitted to the block target module whose communication function is limited. If there is no change in the information transmission behavior of the interruption target module after waiting for a certain period of time (for example, the transmission destination of the temperature data does not return to the server 50), the restoration process is unsuccessful. If the behavior of information transmission returns to a normal behavior (for example, the transmission destination of temperature data returns to the server 50), the recovery processing is successful. Therefore, in S503, if it is determined that the restoration process has been successful, the process proceeds to S504, where the blocking condition determined in S402 is reset. Therefore, in this case, the transmission modules 55 to 57 that are the modules to be blocked continue to be wirelessly connected to a predetermined network via the router 1 as normal transmission modules. On the other hand, if it is determined in S503 that the restoration process has not been successful, the process proceeds to S403, where the block-off process for the block-target modules 55 to 57 is performed.
 このように本変形例に係る遮断処理では、不正接続状態にあると検知された遮断対象モジュールについて、検知後直ちに所定のネットワーク10から切り離すのではなく、正常な接続状態への復旧が試みられる。そのため、復旧が叶えば、不用意な伝送モジュールの切り離しが抑制され、温度データの収集処理が阻害されずにすむ。 As described above, in the blocking process according to this modification, the blocking target module detected as being in an unauthorized connection state is not disconnected from the predetermined network 10 immediately after the detection, but is restored to a normal connection state. Therefore, if the recovery is realized, inadvertent disconnection of the transmission module is suppressed, and the temperature data collection process is not hindered.
 <取得経路情報の別例>
 図12に示す取得経路情報のデータベースは、図11に示す取得経路情報管理処理の実行により、各伝送モジュールの無線設定情報に含まれるログイン名に基づいて生成される。この態様に代えて、各伝送モジュールの無線設定情報と、その無線設定情報を提供した既存通信装置に相当する伝送モジュールからルーター1へ別途伝送された情報に基づいても、取得経路情報のデータベースを生成することができる。例えば、既存通信装置に相当する伝送モジュールが、上記の第1の準備態様又は第2の準備態様に従って準備された無線設定情報を、無線接続処理において当該無線設定情報を要求した伝送モジュールに提供する際に、ルーター1に対してもその要求を行った伝送モジュールの装置ID等、伝送モジュールを識別可能な情報がルーター1に提供される。そして、その要求を行った伝送モジュールがルーター1にアクセスした際に、ルーター1は事前に提供された装置ID等の情報により、当該要求を行った伝送モジュールがどの伝送モジュールから無線設定情報を取得したのかを把握することができる。 <Another example of acquisition route information>
The acquisition path information database shown in FIG. 12 is generated based on the login name included in the wireless setting information of each transmission module by executing the acquisition path information management process shown in FIG. Instead of this mode, the acquisition path information database is also created based on the wireless setting information of each transmission module and information separately transmitted to the router 1 from the transmission module corresponding to the existing communication apparatus that provided the wireless setting information. Can be generated. For example, a transmission module corresponding to an existing communication apparatus provides the wireless setting information prepared according to the first preparation mode or the second preparation mode to the transmission module that requested the wireless setting information in the wireless connection process. At this time, the router 1 is also provided with information that can identify the transmission module, such as the device ID of the transmission module that made the request to the router 1. Then, when the transmission module that made the request accesses the router 1, the router 1 obtains the wireless setting information from which transmission module the transmission module that made the request uses the information such as the device ID provided in advance. You can see what happened.
 なお、上記の伝送モジュール55のように既存通信装置に相当する伝送モジュールから不正に無線設定情報を取得した場合については、既存通信装置に相当する伝送モジュールからルーター1に対して装置ID等の提供が行われない。そのため、ルーター1では、伝送モジュール55に関する取得経路情報は生成されないことになる。また、伝送モジュール56、57についても、不正伝送モジュール55から無線設定情報が提供されているため、不正伝送モジュール55からルーター1に対して装置ID等の提供が行われず、その結果、ルーター1では、伝送モジュール56、57に関する取得経路情報も生成されないことになる。 When wireless setting information is illegally acquired from a transmission module corresponding to an existing communication device, such as the transmission module 55 described above, a device ID or the like is provided to the router 1 from the transmission module corresponding to the existing communication device. Is not done. Therefore, the router 1 does not generate acquisition path information regarding the transmission module 55. In addition, since the wireless setting information is also provided from the unauthorized transmission module 55 for the transmission modules 56 and 57, the device ID and the like are not provided from the unauthorized transmission module 55 to the router 1. Also, the acquisition route information regarding the transmission modules 56 and 57 is not generated.
 この結果、ルーター1で生成される取得経路情報のデータベースは、図15に示すように伝送モジュール52~54に対応するもののみとなる。この場合、ルーター1は、不正検知部132によって不正接続状態が検知されれば、図15に示す取得経路情報のデータベースに基づいて、当該データベースに含まれていない伝送モジュールとルーター1との無線通信を遮断するという遮断条件を決定することになる。そして、その遮断条件に従って、不正伝送モジュールとの無線通信が遮断される。 As a result, the acquired route information database generated by the router 1 is only the one corresponding to the transmission modules 52 to 54 as shown in FIG. In this case, if the unauthorized connection state is detected by the unauthorized detection unit 132, the router 1 performs wireless communication between the router and the transmission module that is not included in the database based on the acquired route information database shown in FIG. Therefore, the blocking condition for blocking is determined. Then, wireless communication with the unauthorized transmission module is blocked according to the blocking condition.
 更に、図15に示すような取得経路情報のデータベースの生成の別の態様として、上記の図8に従う設定情報提供処理が実行された場合の生成態様が挙げられる。具体的には、図8に従う設定情報提供処理では、実質的にはルーター1が無線設定情報の要求を行った伝送モジュールを識別した上で、そのための無線設定情報を発行する。そのため、ルーター1は、ルーター1に無線通信をしてくる伝送モジュールを予め把握可能であるから、図15に示すような取得経路情報のデータベースの生成ができる。 Further, as another mode of generating the acquisition path information database as shown in FIG. 15, there is a generation mode when the setting information providing process according to FIG. 8 is executed. Specifically, in the setting information providing process according to FIG. 8, the router 1 substantially identifies the transmission module that requested the wireless setting information and issues the wireless setting information for that purpose. Therefore, since the router 1 can grasp in advance the transmission module that performs wireless communication with the router 1, a database of acquired route information as shown in FIG. 15 can be generated.
 <不正接続の形態>
 伝送モジュールによる不正接続の態様としては、上述のように意図的な不正接続の態様以外にも伝送モジュールがウィルス感染や故障等により不正接続を行ってしまう態様も考えられる。また、不正伝送モジュールが意図的に既存の伝送モジュールと全く同一の無線設定情報を利用し、その既存の伝送モジュールになりすます形態も、不正接続の態様の一つである。この場合、ルーター1ではなりすまされた既存の伝送モジュールと不正伝送モジュールとを区別することが困難となり、上記の遮断処理が行われると本来、正常な無線接続を行っている既存の伝送モジュールまでもその無線通信が遮断される可能性がある。しかし、本発明は、このようにやむを得ず既存の伝送モジュールまでも無線通信が遮断される態様も、その権利範囲の範疇に含むものである。 <Type of unauthorized connection>
As an aspect of the unauthorized connection by the transmission module, an aspect in which the transmission module performs an unauthorized connection due to virus infection or failure other than the intentional unauthorized connection aspect as described above is also conceivable. In addition, a form in which an unauthorized transmission module intentionally uses exactly the same wireless setting information as an existing transmission module and impersonates the existing transmission module is one of the forms of unauthorized connection. In this case, it becomes difficult for the router 1 to distinguish between the existing transmission module impersonated and the unauthorized transmission module, and when the above-described blocking process is performed, even the existing transmission module that is normally performing a normal wireless connection is used. However, there is a possibility that the wireless communication is interrupted. However, the present invention includes a mode in which the wireless communication is unavoidably interrupted to the existing transmission module in the scope of the right.
 1・・・・ルーター
 2、3、4・・・・通信装置
 10・・・・所定のネットワーク
 50・・・・サーバ
 52~57・・・・伝送モジュール DESCRIPTION OF SYMBOLS 1 ... Router 2, 3, 4 ... Communication device 10 ... Predetermined network 50 ... Server 52-57 ... Transmission module

Claims (9)

  1.  所定のネットワークへの無線接続のための無線設定情報を該所定のネットワークの外部の通信装置と送受信することで、該通信装置の該所定のネットワークへの無線接続の管理を行う接続管理制御装置であって、
     前記通信装置は、該通信装置が前記接続管理制御装置を介して前記所定のネットワークに無線接続するための無線設定情報を、該接続管理制御装置との無線通信を可能とする所定の無線設定情報に従って、既に該接続管理制御装置を介して該所定のネットワークに無線接続している既存通信装置から取得するように構成され、
     前記接続管理制御装置は、
     前記接続管理制御装置との無線通信を行っている一又は複数の通信装置のそれぞれに対応する前記無線設定情報が、該それぞれの通信装置によって取得された取得経路に関する取得経路情報を管理する管理手段と、
     一又は複数の通信装置が前記接続管理制御装置に不正に接続している不正接続状態を検知する不正検知手段と、
     前記不正検知手段によって前記不正接続状態が検知されると、前記管理手段によって管理されている前記取得経路情報に基づいて、前記一又は複数の不正通信装置と前記接続管理制御装置との無線通信を遮断する遮断手段と、
     を備える、接続管理制御装置。     A connection management control device that manages wireless connection of the communication device to the predetermined network by transmitting / receiving wireless setting information for wireless connection to the predetermined network to / from a communication device outside the predetermined network. There,
    The communication device has wireless setting information for allowing the communication device to wirelessly connect to the predetermined network via the connection management control device, and predetermined wireless setting information for enabling wireless communication with the connection management control device. Is configured to obtain from an existing communication device that is already wirelessly connected to the predetermined network via the connection management control device,
    The connection management control device includes:
    Management means for managing the acquisition path information relating to the acquisition path acquired by each of the communication apparatuses, wherein the wireless setting information corresponding to each of one or a plurality of communication apparatuses performing wireless communication with the connection management control apparatus When,
    Fraud detection means for detecting an unauthorized connection state in which one or a plurality of communication devices are illegally connected to the connection management control device;
    When the unauthorized connection state is detected by the unauthorized detection unit, wireless communication between the one or more unauthorized communication devices and the connection management control device is performed based on the acquired route information managed by the management unit. Blocking means for blocking;
    A connection management control device.
  2.  前記通信装置は、
     前記接続管理制御装置との無線通信を可能とする所定の無線設定情報に従って、該接続管理制御装置を介して前記所定のネットワークへの無線接続を既に行っている既存通信装置に対して、該通信装置が前記接続管理制御装置との無線通信を可能とするための自己用の前記無線設定情報である自己無線設定情報を要求する設定情報要求手段と、
     前記設定情報要求手段による要求に従って前記既存通信装置で準備された前記自己無線設定情報を、該既存通信装置から受信する設定情報受信手段と、
     前記設定情報受信手段によって受信された前記自己無線設定情報に基づいて、前記接続管理制御装置への無線通信を実行する実行手段と、
     を有し、
     前記通信装置が前記実行手段によって前記自己無線設定情報を使用して前記接続管理制御装置に無線通信を行うと、前記管理手段は、該自己無線設定情報に基づいて該通信装置による該自己無線設定情報の取得経路を新たな管理対象とする、
     請求項1に記載の接続管理制御装置。     The communication device
    In accordance with predetermined wireless setting information that enables wireless communication with the connection management control device, the communication is performed with respect to an existing communication device that has already made a wireless connection to the predetermined network via the connection management control device. A setting information requesting unit for requesting self-radio setting information which is the radio setting information for the device to enable wireless communication with the connection management control device;
    Setting information receiving means for receiving from the existing communication apparatus the self-radio setting information prepared by the existing communication apparatus in accordance with a request by the setting information requesting means;
    Execution means for executing wireless communication to the connection management control device based on the self-radio setting information received by the setting information receiving means;
    Have
    When the communication device performs wireless communication with the connection management control device using the self-radio setting information by the execution unit, the management unit sets the self-radio setting by the communication device based on the self-radio setting information. The information acquisition route is a new management target.
    The connection management control device according to claim 1.
  3.  前記不正検知手段によって前記不正接続状態が検知されると、該一又は複数の不正通信装置と前記接続管理制御装置との間の無線通信に関する所定機能の一部を制限する通信機能制限手段を、更に備え、
     前記通信機能制限手段による制限は、前記遮断手段による無線通信の遮断より前に実行される、
     請求項1に記載の接続管理制御装置。     When the unauthorized connection state is detected by the unauthorized detection means, a communication function restriction unit that restricts a part of a predetermined function related to wireless communication between the one or more unauthorized communication devices and the connection management control device, In addition,
    The restriction by the communication function restriction unit is executed before the wireless communication is blocked by the blocking unit.
    The connection management control device according to claim 1.
  4.  前記通信機能制限手段は、前記一又は複数の不正通信装置から前記接続管理制御装置に向かう情報伝送が禁止されるとともに、該接続管理制御装置から該一又は複数の不正通信装置への情報伝送が許可されるような形式で、該一又は複数の不正通信装置と前記接続管理制御装置との間の無線通信に関する所定機能の一部を制限する、
     請求項3に記載の接続管理制御装置。     The communication function restriction means prohibits information transmission from the one or more unauthorized communication devices to the connection management control device, and transmits information from the connection management control device to the one or more unauthorized communication devices. Restricting a part of a predetermined function related to wireless communication between the one or more unauthorized communication devices and the connection management control device in a permitted form;
    The connection management control device according to claim 3.
  5.  前記通信機能制限手段は、前記一又は複数の不正通信装置から前記接続管理制御装置に向かって伝送される伝送情報の内容に基づいて、該伝送情報の伝送の可否を決定する形式で、該一又は複数の不正通信装置と前記接続管理制御装置との間の無線通信に関する所定機能の一部を制限する、
     請求項3に記載の接続管理制御装置。     The communication function restriction means determines whether or not transmission of the transmission information is possible based on the content of transmission information transmitted from the one or more unauthorized communication devices to the connection management control device. Or a part of a predetermined function related to wireless communication between a plurality of unauthorized communication devices and the connection management control device,
    The connection management control device according to claim 3.
  6.  前記通信機能制限手段による前記一又は複数の不正通信装置の前記接続管理制御装置に対する無線通信機能の一部の制限が行われている状態において、該一又は複数の不正通信装置のうち少なくとも一部の不正接続状態を正常な接続状態に復旧させる復旧手段を、更に備える、
     請求項3に記載の接続管理制御装置。     In a state in which a part of the wireless communication function of the one or more unauthorized communication devices to the connection management control device is restricted by the communication function restriction means, at least some of the one or more unauthorized communication devices Further comprising recovery means for recovering the unauthorized connection state to a normal connection state,
    The connection management control device according to claim 3.
  7.  所定のネットワークへの無線接続を行うための無線接続システムであって、
     所定のネットワークへの無線接続のための無線設定情報を該所定のネットワークの外部の通信装置と送受信することで、該通信装置の該所定のネットワークへの無線接続の管理を行う接続管理制御装置と、
     前記接続管理制御装置との無線通信を可能とする所定の無線設定情報に従って、既に該接続管理制御装置を介して該所定のネットワークに無線接続している既存通信装置と、
     自己が前記接続管理制御装置を介して前記所定のネットワークに無線接続するための無線設定情報を、前記既存通信装置から取得するように構成された通信装置と、
     を備え、
     前記接続管理制御装置は、
     前記接続管理制御装置との無線通信を行っている一又は複数の通信装置のそれぞれに対応する前記無線設定情報が、該それぞれの通信装置によって取得された取得経路に関する取得経路情報を管理する管理手段と、
     一又は複数の通信装置が前記接続管理制御装置に不正に接続している不正接続状態を検知する不正検知手段と、
     前記不正検知手段によって前記不正接続状態が検知されると、前記管理手段によって管理されている前記取得経路情報に基づいて、前記一又は複数の不正通信装置と前記接続管理制御装置との無線通信を遮断する遮断手段と、
     を有する、無線接続システム。     A wireless connection system for performing wireless connection to a predetermined network,
    A connection management control device that manages wireless connection of the communication device to the predetermined network by transmitting / receiving wireless setting information for wireless connection to the predetermined network to / from a communication device outside the predetermined network; ,
    In accordance with predetermined wireless setting information that enables wireless communication with the connection management control device, an existing communication device that is already wirelessly connected to the predetermined network via the connection management control device;
    A communication device configured to acquire wireless setting information for wireless connection to the predetermined network via the connection management control device from the existing communication device;
    With
    The connection management control device includes:
    Management means for managing the acquisition path information relating to the acquisition path acquired by each of the communication apparatuses, wherein the wireless setting information corresponding to each of one or a plurality of communication apparatuses performing wireless communication with the connection management control apparatus When,
    Fraud detection means for detecting an unauthorized connection state in which one or a plurality of communication devices are illegally connected to the connection management control device;
    When the unauthorized connection state is detected by the unauthorized detection unit, wireless communication between the one or more unauthorized communication devices and the connection management control device is performed based on the acquired route information managed by the management unit. Blocking means for blocking;
    A wireless connection system.
  8.  所定のネットワークへの無線接続のための無線設定情報を該所定のネットワークの外部の通信装置と送受信することで、該通信装置の該所定のネットワークへの無線接続を管理制御する接続管理制御装置による管理方法であって、
     前記通信装置は、該通信装置が前記接続管理制御装置を介して前記所定のネットワークに無線接続するための無線設定情報を、該接続管理制御装置との無線通信を可能とする所定の無線設定情報に従って、既に該接続管理制御装置を介して該所定のネットワークに無線接続している既存通信装置から取得するように構成され、
     前記管理方法は、
     前記接続管理制御装置との無線通信を行っている一又は複数の通信装置のそれぞれに対応する前記無線設定情報が、該それぞれの通信装置によって取得された取得経路に関する取得経路情報を管理する管理ステップと、
     一又は複数の通信装置が前記接続管理制御装置に不正に接続している不正接続状態を検知する不正検知ステップと、
     前記不正検知ステップで前記不正接続状態が検知されると、前記管理ステップで管理されている前記取得経路情報に基づいて、前記一又は複数の不正通信装置と前記接続管理制御装置との無線通信を遮断する遮断ステップと、
     を含む、
     ネットワークへの無線接続管理方法。     By a connection management control device that manages and controls wireless connection of the communication device to the predetermined network by transmitting and receiving wireless setting information for wireless connection to the predetermined network to and from a communication device outside the predetermined network A management method,
    The communication device has wireless setting information for allowing the communication device to wirelessly connect to the predetermined network via the connection management control device, and predetermined wireless setting information for enabling wireless communication with the connection management control device. Is configured to obtain from an existing communication device that is already wirelessly connected to the predetermined network via the connection management control device,
    The management method is:
    A management step of managing the acquisition path information related to the acquisition path acquired by each of the communication apparatuses, wherein the wireless setting information corresponding to each of one or a plurality of communication apparatuses performing wireless communication with the connection management control apparatus When,
    A fraud detection step of detecting an unauthorized connection state in which one or a plurality of communication devices are illegally connected to the connection management control device;
    When the unauthorized connection state is detected in the unauthorized detection step, wireless communication between the one or more unauthorized communication devices and the connection management control device is performed based on the acquisition path information managed in the management step. A blocking step to block;
    including,
    A method for managing wireless connection to a network.
  9.  所定のネットワークへの無線接続のための無線設定情報を該所定のネットワークの外部の通信装置と送受信することで、該通信装置の該所定のネットワークへの無線接続を管理制御する接続管理制御装置により実行されるネットワークへの無線接続の管理プログラムであって、
     前記通信装置は、該通信装置が前記接続管理制御装置を介して前記所定のネットワークに無線接続するための無線設定情報を、該接続管理制御装置との無線通信を可能とする所定の無線設定情報に従って、既に該接続管理制御装置を介して該所定のネットワークに無線接続している既存通信装置から取得するように構成され、
     前記プログラムは、前記接続管理制御装置に、
     前記接続管理制御装置との無線通信を行っている一又は複数の通信装置のそれぞれに対応する前記無線設定情報が、該それぞれの通信装置によって取得された取得経路に関する取得経路情報を管理する管理ステップと、
     一又は複数の通信装置が前記接続管理制御装置に不正に接続している不正接続状態を検知する不正検知ステップと、
     前記不正検知ステップで前記不正接続状態が検知されると、前記管理ステップで管理されている前記取得経路情報に基づいて、前記一又は複数の不正通信装置と前記接続管理制御装置との無線通信を遮断する遮断ステップと、
     を実行させる、ネットワークへの無線接続の管理プログラム。     A connection management control device that manages and controls wireless connection of the communication device to the predetermined network by transmitting and receiving wireless setting information for wireless connection to the predetermined network to and from a communication device outside the predetermined network. A wireless connection management program to be executed,
    The communication device has wireless setting information for allowing the communication device to wirelessly connect to the predetermined network via the connection management control device, and predetermined wireless setting information for enabling wireless communication with the connection management control device. Is configured to obtain from an existing communication device that is already wirelessly connected to the predetermined network via the connection management control device,
    The program is stored in the connection management control device.
    A management step of managing the acquisition path information related to the acquisition path acquired by each of the communication apparatuses, wherein the wireless setting information corresponding to each of one or a plurality of communication apparatuses performing wireless communication with the connection management control apparatus When,
    A fraud detection step of detecting an unauthorized connection state in which one or a plurality of communication devices are illegally connected to the connection management control device;
    When the unauthorized connection state is detected in the unauthorized detection step, wireless communication between the one or more unauthorized communication devices and the connection management control device is performed based on the acquisition path information managed in the management step. A blocking step to block;
    A program for managing a wireless connection to a network.
PCT/JP2015/082275 2014-11-20 2015-11-17 Connection management control device, wireless connection system, method for managing wireless connection to network, and program for managing wireless connection to network WO2016080398A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2014-235682 2014-11-20
JP2014235682A JP2016100716A (en) 2014-11-20 2014-11-20 Connection management control device, radio connection system, method for managing radio connection to network, and management program of radio connection to network

Publications (1)

Publication Number Publication Date
WO2016080398A1 true WO2016080398A1 (en) 2016-05-26

Family

ID=56013933

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2015/082275 WO2016080398A1 (en) 2014-11-20 2015-11-17 Connection management control device, wireless connection system, method for managing wireless connection to network, and program for managing wireless connection to network

Country Status (2)

Country Link
JP (1) JP2016100716A (en)
WO (1) WO2016080398A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005286956A (en) * 2004-03-31 2005-10-13 Kddi Corp Ad hoc radio network system and management method for injustice
JP2007082072A (en) * 2005-09-16 2007-03-29 Nippon Telegr & Teleph Corp <Ntt> Wireless communication apparatus
JP2009100064A (en) * 2007-10-15 2009-05-07 Sophia Research Institute Ltd Communication method and communication system for wireless lan
JP2011146978A (en) * 2010-01-15 2011-07-28 Nec Personal Products Co Ltd Communication system, connection provision terminal, connection utilization terminal, server, communication method, and program

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005286956A (en) * 2004-03-31 2005-10-13 Kddi Corp Ad hoc radio network system and management method for injustice
JP2007082072A (en) * 2005-09-16 2007-03-29 Nippon Telegr & Teleph Corp <Ntt> Wireless communication apparatus
JP2009100064A (en) * 2007-10-15 2009-05-07 Sophia Research Institute Ltd Communication method and communication system for wireless lan
JP2011146978A (en) * 2010-01-15 2011-07-28 Nec Personal Products Co Ltd Communication system, connection provision terminal, connection utilization terminal, server, communication method, and program

Also Published As

Publication number Publication date
JP2016100716A (en) 2016-05-30

Similar Documents

Publication Publication Date Title
US8458778B2 (en) System, method, and apparatus for on-demand limited security credentials in wireless and other communication networks
CN108512870B (en) Method for accessing Internet of things platform, Internet of things platform and Internet of things equipment
JP6536251B2 (en) Communication relay device, communication network, communication relay program and communication relay method
US8351602B2 (en) Dual-mode wireless sensor network system and key establishing method and event processing method thereof
JP2012133690A (en) Wireless field instrument, instrument management system, and instrument management method
EP3094040A1 (en) Communication device
KR101681797B1 (en) System for Remote Monitoring of Programmable Logic Controller Using Mobile Device
JP6008850B2 (en) Method for registering a radio communication device in a base device and corresponding system
JP6456929B2 (en) Securing communications within network endpoints
JP2019080119A (en) On-vehicle communication device, on-vehicle communication system, and on-vehicle communication method
WO2020179707A1 (en) Communication control device and communication system
JPH10161880A (en) Remote control system
WO2021005949A1 (en) Relay device and vehicle communication method
JP6270542B2 (en) Authentication system
WO2016080398A1 (en) Connection management control device, wireless connection system, method for managing wireless connection to network, and program for managing wireless connection to network
JP2007129320A (en) Communication system, communication equipment and communication method, and computer program
CN110178339B (en) Data communication method
CN113169865A (en) Control device, industrial control system, and encryption key life prolonging method
JP6628120B2 (en) Communication monitoring device and communication monitoring system
WO2012144135A1 (en) Relay server and relay communication system
JP7430397B2 (en) WIPS sensor, wireless communication system, wireless intrusion prevention method and wireless intrusion prevention program
JP6696727B2 (en) Mobile terminal key system
JP6153031B2 (en) Communication system and communication method
WO2020153402A1 (en) Communication control device and communication control system
WO2016080397A1 (en) Communication device, wireless connection system, wireless network connection method, and wireless network connection program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15861741

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15861741

Country of ref document: EP

Kind code of ref document: A1