WO2016158866A1 - Communication device, authentication device, and network system - Google Patents

Communication device, authentication device, and network system Download PDF

Info

Publication number
WO2016158866A1
WO2016158866A1 PCT/JP2016/059947 JP2016059947W WO2016158866A1 WO 2016158866 A1 WO2016158866 A1 WO 2016158866A1 JP 2016059947 W JP2016059947 W JP 2016059947W WO 2016158866 A1 WO2016158866 A1 WO 2016158866A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
node
communication
time
message
Prior art date
Application number
PCT/JP2016/059947
Other languages
French (fr)
Japanese (ja)
Inventor
陽輔 西潟
Original Assignee
三菱電機株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 三菱電機株式会社 filed Critical 三菱電機株式会社
Priority to JP2016548389A priority Critical patent/JPWO2016158866A1/en
Publication of WO2016158866A1 publication Critical patent/WO2016158866A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04W4/04
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W56/00Synchronisation arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Definitions

  • the present invention relates to a communication device constituting a wireless multi-hop network system.
  • a wireless multi-hop network system is composed of a terminal, an aggregation device, a higher-level device of the aggregation device, and the like, and generally has a network configuration in which terminals are accommodated in a tree shape under the aggregation device.
  • the aggregation device or a higher-level device of the aggregation device can collect data from each terminal by hopping a plurality of terminals. For example, each terminal transmits data to the aggregation device by transmitting the measured data to the upper terminal and transmitting data received from the lower terminal to the upper terminal. By such a procedure, the aggregation device or the host device collects data measured at each terminal.
  • the communication between the terminals and between the terminals and between the terminals and the aggregation device is configured by applying, for example, specific low power radio and the IEEE 802.15.4 standard.
  • the aggregation device or the host device has a function of determining whether or not terminal authentication, that is, a terminal that wants to participate in the network may participate in the network.
  • the determination as to whether or not to join a terminal that wishes to participate is made using an authentication method called EAP-PSK (A Pre-Shared Key Extensible Authentication Protocol (EAP) Method), for example.
  • EAP-PSK A Pre-Shared Key Extensible Authentication Protocol (EAP) Method
  • Information related to the authentication method can be transmitted by an AA (Authentication and Authorization) protocol such as PANA (Protocol for Carrying Authentication for Network Access) or RADIUS (Remote Authentication Dial In User Service).
  • PANA Protocol for Carrying Authentication for Network Access
  • RADIUS Remote Authentication Dial In User Service
  • the terminal executes terminal authentication when the power is turned on.
  • a wireless channel to be used is determined by using an active scan using a Beacon signal defined in the IEEE 802.15.4 standard.
  • the transmission destination of a message related to terminal authentication is determined, and terminal authentication is performed. If terminal authentication is successful, MSK (Master Session Key) and EMSK (Extended Master Session Key), which are information for generating an encryption key, can be shared (for example, see Non-Patent Document 1).
  • terminal authentication has an expiration date for the authentication. For example, there are cases in which the absolute time until the expiration date is notified, the remaining time until the expiration date is notified, etc. is there. In either case, terminal authentication is performed again based on the expiration date.
  • the terminal is powered off.
  • the terminal operates by receiving power supply from a commercial power supply instead of a battery, for example, when a power failure occurs, the terminal existing in the power failure occurrence area is powered off.
  • the power is turned on and channel scanning and terminal authentication are performed again.
  • Non-Patent Document 1 When the technology disclosed in Non-Patent Document 1 is applied, when the terminal recovers from the power failure, the terminal attempts encrypted communication using the master key that is the MSK or EMSK that has been replaced in the terminal authentication performed before the power failure. When encryption communication fails, such as when there is no response, terminal authentication is performed again with the other party to update the master key.
  • Non-Patent Document 1 when the technology disclosed in Non-Patent Document 1 is applied to a wireless multi-hop network system, the following problems may occur when power is restored from a power failure.
  • Non-Patent Document 1 In a wireless multi-hop network system to which the technology disclosed in Non-Patent Document 1 is applied, when a terminal recovers after a power failure, an apparatus that is an authentication partner via a multi-hop communication path between the terminals, Specifically, cryptographic communication is attempted with an aggregation device or a higher-level device such as a server higher than the aggregation device. When it is determined that there is a problem with the encryption communication, the terminal performs terminal authentication again. Therefore, the transmission of messages by each terminal constituting the tree, specifically, the transmission of messages related to the authentication sequence is concentrated in a short period of time, and there is radio resource depletion and radio congestion in the vicinity of the aggregation device that is the message transmission destination. As a result, communication quality may be degraded.
  • the present invention has been made in view of the above, and an object of the present invention is to obtain a communication device capable of reducing the consumption of radio resources in a radio multi-hop network system.
  • the present invention is a communication device that is under the control of an aggregation device and forms a tree-like wireless multi-hop network, and the time from the aggregation device or another communication device.
  • Time adjustment means for acquiring information and adjusting the time of the own apparatus, and after the time adjustment means adjusts the time of the own apparatus, the wireless multi-hop network is entered based on the adjusted time of the own apparatus.
  • transmission means for transmitting a signal requesting authentication processing is provided.
  • the figure which shows the structural example of a wireless multihop network system Diagram showing an example of node configuration The figure which shows the structural example of an aggregation apparatus The figure which shows the structural example of a time synchronous request message The figure which shows the structural example of a time synchronous response message Flow chart showing an example of node operation after power recovery The figure which shows an example of the operation
  • the figure which shows the other structural example of a wireless multihop network system Diagram showing an example of the configuration of the authentication server The figure which shows an example of the hardware which implement
  • FIG. 1 is a diagram illustrating a configuration example of a wireless multi-hop network system according to the present embodiment.
  • the wireless multi-hop network system includes a plurality of nodes 10a, 10b, and 10c and an aggregation device 20, and has a tree topology.
  • Nodes 10a, 10b and 10c are wireless communication terminals having the same function.
  • the node 10 and the aggregation apparatus 20 should just be 1 or more, and the number described in FIG. 1 is an example, Comprising: It does not limit to this.
  • Each of the node 10 and the aggregation device 20 has individual identification information.
  • the nodes 10a, 10b, and 10c have identification information 10a_adr, 10b_adr, and 10c_adr, respectively, and the aggregation device 20 is described as having identification information 20_adr.
  • the node 10 When receiving a signal from another node 10 or the aggregation device 20, the node 10 which is a communication device according to the present invention checks whether it needs to be transferred, and performs transfer processing if transfer is necessary. In addition, the node 10 has a clock function, acquires time information from the aggregation device 20 or another node 10 that has completed time synchronization with the aggregation device 20, and the time indicated by the acquired time information It is possible to synchronize the time with the aggregation device 20 by adjusting the local time of the own device.
  • another node 10 and the aggregation device 20 when viewed from a certain node 10 may be collectively referred to as other terminals.
  • the nodes 10b and 10c and the aggregation device 20 are other terminals.
  • the other terminals for the aggregation device 20 are nodes 10a, 10b, and 10c.
  • FIG. 2 is a diagram illustrating a configuration example of the node 10.
  • the node 10 needs to transmit to the other node 10 or the aggregation device 20 and the wireless communication unit 12 that transmits / receives a radio signal to / from the other node 10 or the aggregation device 20 via the antenna 11.
  • a message transmission unit 13 that outputs a message to the wireless communication unit 12 to request transmission, a message reception unit 14 that receives a message from another node 10 or the aggregation device 20, and a message that the message transmission unit 13 transmits are generated.
  • the storage unit 16 that stores various information
  • the message processing unit 17 that receives and analyzes the message received by the message reception unit 14, and executes an operation according to the analysis result
  • the aggregation device 20 Time for receiving and holding the acquired time information or the time information acquired via another node 10 It includes a processing section 18, the.
  • the message transmission unit 13 receives a message that needs to be transmitted to another node 10 or the aggregation device 20 from the message generation unit 15, transfers the message to the wireless communication unit 12, and requests transmission. For example, the message transmission unit 13 performs calculation such as transmission timing in accordance with rules such as CSMA-CA (Carrier Sense Multiple Access-Collision Avoidance).
  • CSMA-CA Carrier Sense Multiple Access-Collision Avoidance
  • the message receiving unit 14 receives a message transmitted from another node 10 or the aggregation device 20 to the own device via the antenna 11 and the wireless communication unit 12 and passes the message to the message processing unit 17.
  • the message generator 15 generates a message that needs to be transmitted to another node 10 or the aggregation device 20 and a message that needs to be transferred. In the case of transfer, the message generator 15 receives a message to be transferred from the message processor 17 and rewrites the address. Further, the message generation unit 15 generates a time synchronization request, a message related to terminal authentication, and the like according to an instruction from the message processing unit 17.
  • the storage unit 16 is configured by a non-volatile memory, and the MAC (Media Access Control) address and IP (Internet Protocol) address of the own node, the other node 10 and the aggregation device that constitute the wireless mesh network system together with the own node device Holds 20 MAC addresses and IP addresses.
  • the storage unit 16 also holds route information called a routing table. For example, at least one of the MAC address and IP address of the parent node that is the next hop is stored as route information to the aggregation device 20.
  • the storage unit 16 further holds at least one authentication key and encryption key.
  • the authentication key is used for terminal authentication, and the aggregation device 20 that is the other party of terminal authentication also holds the authentication key having the same value.
  • the encryption key is generated or distributed at the time of terminal authentication.
  • the encryption key generated or distributed at the time of terminal authentication is managed in association with the expiration date of authentication. That is, when authentication is invalidated due to the expiration of the expiration date, the encryption key is also invalidated.
  • the encryption key is used when encrypting a frame in which a message to be transmitted to the aggregation device 20 is stored.
  • the encryption key is updated when the validity period of terminal authentication ends and re-authentication is performed.
  • the encryption key is updated based on a common authentication key held by the aggregation device 20 that performs authentication and the node 10 and information exchanged between the aggregation device 20 and the node 10 at the time of terminal authentication. In general, a key is generated, but a new encryption key generated in the aggregation device 20 can be transmitted to the node 10 and updated.
  • the message processing unit 17 analyzes the message received from the message reception unit 14 and causes the message generation unit 15 to generate a response message, and performs setting and reading of values between the storage unit 16 and the time management unit 18. Then, the message generation unit 15 is notified of a message generation opportunity. For example, when a time synchronization request message is received, the message processing unit 17 checks whether or not the time management unit 18 holds the time. If the time management unit 18 holds the time, the message generation unit generates the held time as a message. Notifying the unit 15 and instructing generation of a time synchronization response message.
  • the message processing unit 17 when the message processing unit 17 receives a time synchronization response message corresponding to the time synchronization request message transmitted by the own device, the message processing unit 17 sets the time notified by the time synchronization response message in the time management unit 18. Further, when the message processing unit 17 receives a message related to terminal authentication, the message processing unit 17 instructs the message generation unit 15 to generate a response message according to the content of the received message. The message processing unit 17 further instructs the message generation unit 15 to generate messages related to these processes when performing time synchronization processing, terminal authentication processing, and the like.
  • the message processing unit 17 constitutes an encryption key update unit and a time information transmission unit.
  • the time management unit 18 is a clock circuit configured by, for example, a crystal resonator, etc., and self-runs after setting the time, and holds time information indicating the local time of the own device. If the power supply is lost, the time information is lost. In this case, time information is transmitted from the aggregation device 20, and when the time management unit 18 of the node 10 receives the time information directly from the aggregation device 20 or via another node 10, the time information is held. . As a result, each node 10 can operate in synchronization with the time held by the aggregation device 20.
  • the time information is transmitted from the node 10 or the aggregation device 20 that is the transmission destination of the time synchronization request message as a time synchronization response message for the time synchronization request message transmitted by each node.
  • the time management unit 18 constitutes time adjustment means.
  • FIG. 3 is a diagram illustrating a configuration example of the aggregation device 20.
  • the aggregation device 20 outputs an antenna 21, a wireless communication unit 22 that transmits and receives wireless signals to and from the node 10 via the antenna 21, and a message that needs to be transmitted to the node 10 to the wireless communication unit 22 for transmission.
  • a message transmission unit 23 that requests a message, a message reception unit 24 that receives a message from the node 10, a message generation unit 25 that generates a message transmitted by the message transmission unit 23, a storage unit 26 that stores various information, and a message
  • a message processing unit 27 that receives and analyzes a message received by the reception unit 24 and executes an operation according to the analysis result; and a time management unit 28 that receives and holds time information acquired from an external time source.
  • the operations of the antenna 21, the wireless communication unit 22, the message transmission unit 23, the message reception unit 24, and the message processing unit 27 are the same as the antenna 11 of the node 10, the wireless communication unit 12, and the message transmission. Since it is the same as the unit 13, the message receiving unit 14, and the message processing unit 17, detailed description thereof is omitted.
  • the storage unit 26 of the aggregation device 20 does not hold the address of the parent node of the next hop that is route information.
  • the storage unit 26 holds, as route information, the downlink route from the own device, that is, the downlink route information of each node 10 under the own device.
  • the time management unit 28 of the aggregation device 20 holds time information acquired from an external time source by a time information acquisition unit (not shown).
  • the time source is, for example, an NTP (Network Time Protocol) server. Time information may be supplied using GPS (Global Positioning System) or the like.
  • the message generation unit 25 of the aggregation device 20 is different from the message generation unit 15 of the node 10 in that No synchronization request message is generated.
  • FIG. 4 is a diagram illustrating a configuration example of a time synchronization request message.
  • the time synchronization request message includes a local destination 41, a local transmission source 42, and a message type 43.
  • the local destination 41 the MAC address or IP address of the node 10 or the aggregation device 20 that is the transmission destination of the time synchronization request message is set.
  • the local transmission source 42 is set with the MAC address or IP address of the node 10 that is the transmission source of the time synchronization request message.
  • the message type 43 information indicating that it is a time synchronization request message is set.
  • FIG. 5 is a diagram illustrating a configuration example of a time synchronization response message.
  • the time synchronization response message includes a local destination 51, a local transmission source 52, a message type 53, and a time 54.
  • the local destination 51 the MAC address or IP address of the node 10 that is the transmission destination of the time synchronization response message is set.
  • the local transmission source 52 the MAC address or IP address of the aggregation device 20 or the node 10 that is the transmission source of the time synchronization response message is set.
  • the message type 53 information indicating a time synchronization response message is set.
  • time information held by the node 10 or the aggregation device 20 that is the transmission source of the time synchronization response message is set.
  • the aggregation device 20 When the wireless multi-hop network system shown in FIG. 1 is formed, generally, the aggregation device 20 is first activated to start operation, and then the node 10, that is, the nodes 10a, 10b, and 10c is activated. Start operation. The aggregation device 20 performs an authentication process by verifying whether each node 10 holds a common authentication key necessary for entering the network system.
  • the aggregation device 20 acquires time information from a time source (not shown) when the power is turned on and started. For example, time information is acquired from an NTP server, GPS, or the like. The acquired time information is managed by the time management unit 28. The time management unit 28 sets the time of the own device, that is, the aggregation device 20 at the time indicated by the acquired time information.
  • the node 10 When the node 10 is powered on and activated, the node 10 starts an entry operation to the wireless multi-hop network system and performs a channel scan.
  • the entry operation to the wireless multi-hop network system may be referred to as the entry operation to the network.
  • a wireless multi-hop network system may be referred to as a network.
  • the channel scan is a process for investigating whether there is an aggregation device 20 or another node 10 that can be connected to the surroundings. For example, an active scan or a passive scan as defined in IEEE 802.15.4 is performed. It is investigated whether other terminals that can be connected, that is, the connectable aggregation device 20 and other nodes 10 exist in the surroundings. When there are a plurality of usable channels, the channel scan periodically checks the presence of other connectable terminals in all usable channels while switching the channels. When there is another terminal that can be connected, the channel in which the other terminal exists is selected and determined as the channel to be used. When a specific channel is specified as a use channel, the specified channel is determined as a use channel without performing channel scanning.
  • the node 10 After determining the channel, the node 10 acquires information indicating the route information from each of the other peripheral terminals that can be connected to the aggregation device 20, the quality information of the route such as the number of hops to the aggregation device 20, and the electric field strength. Based on the acquired information, a parent node serving as a route to the aggregation device 20 is selected from other connectable peripheral terminals. For example, the node 10a existing at a 1-hop position capable of direct communication with the aggregation device 20 selects the aggregation device 20 as a parent node.
  • the node 10 When the parent node is selected, the node 10 starts terminal authentication processing.
  • the terminal authentication process can be performed using an AA (Authentication and Authorization) method such as PANA and an authentication method such as EAP-PSK.
  • AA Authentication and Authorization
  • EAP-PSK an authentication method such as EAP-PSK.
  • the node 10 requests the aggregation device 20 to authenticate its own device, the aggregation device 20 determines whether the requesting node 10 is a terminal that can participate in the network.
  • the aggregation device 20 determines that the node 10 requesting terminal authentication is a terminal that can participate in the network, a notification of successful authentication is transmitted from the aggregation device 20 to the node 10, and the node 10 notifies that it has entered the network. Is transmitted to the aggregation device 20. Note that the notification from the node 10 to the aggregation device 20 can be encrypted and transmitted using a new encryption key generated in the course of the authentication process. With the above procedure, the entry operation of the node 10 to the network is completed.
  • the nodes 10b and 10c that cannot directly communicate with the aggregation device 20 can also enter the network in the same procedure.
  • the node 10b selects the node 10a as a parent node, and communicates with the aggregation device 20 using the node 10a as a relay terminal.
  • the node 10c selects the node 10a as a parent node.
  • Each node 10 stores the encryption key obtained when the terminal authentication is successful when the entry operation to the wireless multi-hop network system is normally completed, and the identification information of the parent node obtained by channel scanning. To remember.
  • the selected channel may also be stored. In this case, it is possible to efficiently search for a channel in which another terminal that can be connected exists by executing a search for another terminal by the next channel scan from the stored channel.
  • the aggregation device 20 stores in the storage unit 26 an encryption key to be shared with the node 10 for which terminal authentication has been successful.
  • the encryption key can be generated by using the terminal authentication function by EAP-PSK and using the encryption key generated in the process of terminal authentication.
  • Communication between the node 10 and the aggregation device 20 can be performed using a common key encryption such as AES (Advanced Encryption Standard).
  • AES Advanced Encryption Standard
  • the aggregation device 20 encrypts transmission information such as a control signal using an encryption key shared with the node 10.
  • each node 10 encrypts information to be transmitted to the aggregation device 20 by using an encryption key shared with the aggregation device 20.
  • the aggregating apparatus 20 can collect and aggregate information acquired by each node 10 using a sensor or the like (not shown), for example, power usage information from each node 10.
  • the startup procedure of the node 10 when power is restored from a power failure in the wireless multi-hop network system having the configuration shown in FIG. 1 will be described.
  • the power supply to all the nodes 10 and the aggregation device 20 is stopped due to the occurrence of a power failure, and when the power is restored, the power supply to all the nodes 10 and the aggregation device 20 is resumed and automatically restarted.
  • the aggregation device 20 that is the top of the tree acquires time information from the outside and adjusts the time.
  • the operation when the aggregation device 20 is activated is as described in the description of the operation when the wireless multi-hop network system shown in FIG. 1 is formed.
  • FIG. 6 is a flowchart showing an operation example of the node 10 after the power recovery.
  • the message processing unit 17 reads the identification information of the parent node before the power failure from the storage unit 16 (step S11).
  • the identification information is a MAC address, an IP address, or the like.
  • the node 10 transmits a time synchronization request message to the parent node indicated by the identification information read in step S11 (step S12). That is, the message processing unit 17 instructs the message generation unit 15 to generate a time synchronization request message, the message generation unit 15 that receives the instruction generates a time synchronization request message, and the time synchronization request generated by the message generation unit 15
  • the message transmission unit 13 transmits the message. For example, since the parent node of the node 10 a is the aggregation device 20, the node 10 a transmits a time synchronization request message to the aggregation device 20.
  • the nodes 10b and 10c Since the parent node of the nodes 10b and 10c is the node 10a, the nodes 10b and 10c transmit a time synchronization request message to the node 10a. In the operation after power recovery, the nodes 10a, 10b and 10c transmit the time synchronization request message at almost the same timing.
  • the aggregation device 20 that has received the time synchronization request message from the node 10a holds the time information when the time synchronization request message is received, and therefore transmits a time synchronization response message to the node 10a.
  • the time synchronization response message includes time information held by the message transmission source terminal as time 54.
  • the node 10a that has received the time synchronization request message from the nodes 10b and 10c does not hold the time information at the time when the time synchronization request message is received. Since the process for adjusting the time of the device is not completed, the time synchronization response message is not transmitted.
  • the node 10a When the node 10a receives the time synchronization response message from the aggregation device 20 after receiving the time synchronization request message from the node 10b or 10c, the node 10a sends the time synchronization response message to the requesting node 10b after the time adjustment of its own device is completed. Or you may make it transmit to 10c. If the nodes 10b and 10c cannot receive the time synchronization response message even after a predetermined time has elapsed after transmitting the time synchronization request message, the nodes 10b and 10c retransmit the time synchronization request message. Further, the nodes 10b and 10c may transmit the time synchronization request message at a timing later than that of the node 10a.
  • each node 10 may transmit the time synchronization request message at an earlier timing as the node 10 has a smaller number of hops according to the number of hops to the aggregation device 20. For example, each node 10 waits for a time obtained by multiplying the number of hops to the aggregation device 20 by N seconds after power is restored, and then transmits the time synchronization request message. N is a positive number. Thereby, each node 10 is more likely to transmit the time synchronization request message after the time synchronization processing by the parent node is completed, and thus it is possible to prevent the number of times of retransmission of the time synchronization request message from increasing more than necessary.
  • the node 10 may hold a plurality of identification information of the parent node. For example, when there are a plurality of other nodes 10 having the same number of hops to the aggregation device 20 and the same communication quality of the route, a plurality of identification information of the parent node is held.
  • a time synchronization request message may be transmitted. Further, when no time synchronization response message is returned from any parent node, the operation may be started from the above-described channel scan, that is, the operation of entering the network may be started.
  • the node 10a that has transmitted the time synchronization request message to the aggregation device 20 receives the time synchronization response message (step S13), and adjusts the time of its own device based on the time information included in the time synchronization response message.
  • the node 10a determines whether or not re-authentication is necessary, that is, whether or not terminal authentication needs to be performed again (step S14). For example, the node 10a determines that re-authentication is necessary when the remaining time until the expiration date of the terminal authentication performed last time is shorter than a predetermined threshold or when the expiration date has already been exceeded. . When the expiration date of terminal authentication ends, the expiration date of the encryption key held in the storage unit 16 also ends.
  • step S14 When re-authentication is necessary (step S14: Yes), the node 10a requests the aggregation device 20 to perform terminal authentication of its own device and performs re-authentication (step S15).
  • the terminal authentication operation is as described above.
  • the message processing unit 14 performs processing for determining whether re-authentication is necessary, and the message generation unit 15 performs processing for requesting terminal authentication of the own device to the aggregation device 20. That is, the message processing unit 14 operates as a processing unit that determines whether or not an authentication process for entering the network is necessary.
  • the message generation unit 15 generates a message requesting the aggregation device 20 to perform authentication processing of its own device.
  • the message generated by the message generation unit 15 is transmitted from the message transmission unit 13 as a transmission unit to the aggregation device 20 as an authentication device.
  • the node 10a updates the encryption key.
  • step S14: No the node 10a transitions to a state in which a time synchronization request message can be accepted (step S16). Thereafter, the node 10a monitors whether or not a time synchronization request message has been received (step S17).
  • Step S17: Yes When the node 10a receives the time synchronization request message (step S17: Yes), the node 10a transmits a time synchronization response message including the time information managed by the time management unit 18 to the other node 10 of the request source ( Step S18).
  • the node 10a does not receive the time synchronization request message (step S17: No)
  • the node 10a continues the monitoring operation. Further, after executing Step S18, the node 10a returns to Step S17 and continues the monitoring operation.
  • Steps S13 to S18 have been described by taking the case of the node 10a as an example, but the same applies to the nodes 10b and 10c.
  • the nodes 10b and 10c determine that re-authentication is necessary in step S14 and perform re-authentication in step S15, the nodes 10b and 10c perform re-authentication with the aggregation device 20 via the parent node 10a. To do.
  • the node 10 may perform re-authentication via a node 10 different from the parent node that performed time synchronization.
  • the node 10b may perform re-authentication via the node 10c instead of the parent node 10a.
  • each node 10 Since each node 10 operates in accordance with the above procedure, each node 10 does not necessarily need to perform re-authentication after power is restored, so that traffic related to the re-authentication process can be reduced.
  • each node 10 transitions to a state in which the parent node can accept the time synchronization request message, and determines whether or not re-authentication is necessary after receiving the time synchronization response message from the parent node. Therefore, it is possible to prevent the occurrence of radio resource depletion and radio congestion.
  • FIG. 7 is a diagram illustrating an example of an operation when the nodes 10a and 10b synchronize the time with the aggregation device 20.
  • the same steps as those shown in FIG. 6 are denoted by the same step numbers.
  • step S14 if both the nodes 10a and 10b determine that re-authentication is required in step S14, first, the node 10a performs re-authentication, and after the re-authentication is completed, The process proceeds to step S16 so that the time synchronization request message can be accepted. Until the re-authentication by the node 10a is completed, the node 10a does not respond to the time synchronization request message transmitted from the node 10b. As a result, the re-authentication timing of the node 10b is distributed from the re-authentication timing of the node 10a.
  • the aggregation device 20 which is the top of the tree responds to the time synchronization request message from the node 10, 10 determines whether to perform the re-authentication process based on the current time acquired by the time synchronization response message, and skips the re-authentication process when the re-authentication process is unnecessary. Thereby, unnecessary traffic related to the re-authentication process can be reduced, and the time required until encryption communication can be performed again can be shortened.
  • the node 10 When the node 10 receives the time synchronization response message from the parent node and determines whether or not re-authentication is necessary after completing the time synchronization processing with the parent node, the node 10 determines that re-authentication is unnecessary Alternatively, since the time synchronization response message is transmitted in response to the time synchronization request message from the other node 10 after the re-authentication is completed, the execution timing of the re-authentication process in the node 10 determined to require re-authentication is distributed. The As a result, wireless congestion can be avoided, message retransmission can be reduced, and the time until encryption communication can be performed again can be shortened.
  • the node 10 when the node 10 receives a time synchronization request message from another node 10 when power is restored from a power failure, the node 10 transmits a time synchronization response message after completing the determination as to whether re-authentication is necessary.
  • the time synchronization response message may be transmitted to the requesting node 10 based on the adjusted time without waiting for the determination of the necessity of re-authentication after completion of the time adjustment processing of the own device.
  • Embodiment 2 a case will be described in which the time synchronization request message and the time synchronization response message used in the time synchronization process described in the first embodiment are encrypted and transmitted.
  • the configuration of the wireless multi-hop network system is the same as that shown in FIG.
  • the configurations of the node 10 and the aggregation device 20 are the same as those in FIGS.
  • each node 10 holds a common group key in the storage unit 16, and encrypts the time synchronization request message and the time synchronization response message using the group key.
  • the group key is a common encryption key distributed to nodes that have been successfully authenticated after terminal authentication by the aggregation device 20. Unlike the encryption key that is uniquely held by each node 10 for transmission / reception with the aggregation device 20, the group key does not need to be updated at the end of the terminal authentication expiration date.
  • the node 10 when transmitting the time synchronization request message, the node 10 reads out the group key from the storage unit 16 and encrypts it, and transmits it to the parent node which is the aggregation device 20 or another node 10.
  • the parent node When receiving the time synchronization request message, the parent node reads the group key held in the storage unit 26 or 16 and decrypts the time synchronization request message.
  • the parent node encrypts and transmits the time synchronization response message using the same group key after performing necessary processing.
  • the node 10 receives the time synchronization response message, the node 10 decrypts it using the same group key used for encryption of the time synchronization request message.
  • the time synchronization request message When sending the above time synchronization request message, the time synchronization is not completed immediately after power is restored from a power failure, and the current time is unknown. For this reason, when the time synchronization request message is encrypted and transmitted using an encryption key that needs to be updated at the end of the validity period of terminal authentication, it is encrypted if the validity period of the encryption key has expired. The transmitted time synchronization request message is discarded at the parent node. However, the time synchronization request message and the time synchronization response message are encrypted using a common group key that does not require renewal at the end of the validity period of terminal authentication, thereby enabling time synchronization processing at the time of power recovery. .
  • the group key can have an expiration date different from the expiration date of terminal authentication (the expiration date of the encryption key).
  • a new group key may be distributed from the aggregation device 20 to each node 10 and updated at a predetermined date and time at each node 10 before a predetermined period of the expiration date of the group key.
  • an authentication code called MIC Message Integrity Check
  • AES-GCM Advanced Encryption Standard Galois / Counter Mode
  • the time synchronization request message and the time synchronization response message are transmitted by being encrypted using the group key, the contents of the message can be concealed and tampering can be detected.
  • traffic for encryption key sharing that occurs when a parent node is changed due to a change in communication quality, compared to a case where an encryption key that is shared only with the parent node is used. Can be avoided.
  • the node 10 according to the first embodiment is configured to hold the identification information of the parent node in the storage unit 16 after selecting the parent node.
  • the quality of the communication path characterized by the strength of the propagated radio signal and the like varies with time, there is no guarantee that the parent node once selected by each node 10 will continue to be optimal after that. It is desirable to review the parent node as necessary. For this reason, for example, the node 10 according to the present embodiment periodically searches for other surrounding nodes 10 and reselects the parent node.
  • the node 10 periodically reviews the parent node. However, in the wireless mesh network system of the second embodiment, the node 10 may periodically review the parent node. .
  • FIG. 8 is a diagram illustrating a configuration example of the wireless multi-hop network system according to the present embodiment.
  • the wireless multi-hop network system shown in FIG. 8 includes a plurality of nodes 10a, 10b, and 10c, an aggregation device 20, and an authentication server 30 that is a server device.
  • terminal authentication is performed between the node 10 and the authentication server 30. That is, in this embodiment, the authentication server 30 corresponds to the authentication device.
  • FIG. 9 is a diagram illustrating a configuration example of the authentication server 30.
  • the authentication server 30 includes a communication unit 32 that transmits and receives signals to and from the aggregation device 20, and a message transmission unit 33 that outputs a message to be transmitted to the node 10 via the aggregation device 20 to the communication unit 32 and requests transmission.
  • a message reception unit 34 that receives a message from the node 10 via the aggregation device 20, a message generation unit 35 that generates a message transmitted by the message transmission unit 33, a storage unit 36 that stores various information, and a message
  • a message processing unit 37 that receives and analyzes a message received by the reception unit 34 and executes an operation according to the analysis result; and a time management unit 38 that receives and holds time information acquired from an external time source.
  • the authentication server 30 performs terminal authentication with each node 10 by performing the same operation as the aggregation device 20 described in the first embodiment.
  • Communication between the authentication server 30 and the aggregation device 20 may be wired communication or wireless communication.
  • information related to terminal authentication can be centrally managed by the host device, and the aggregation device 20 does not need to have information related to terminal authentication, for example, an authentication key.
  • the aggregation device 20 does not need to have information related to terminal authentication, for example, an authentication key.
  • the operation described in the second embodiment that is, the operation of encrypting a message to be transmitted / received in the time synchronization process can be applied to the wireless mesh network system of the present embodiment.
  • the operation described in the third embodiment that is, the operation in which each node 10 periodically reviews the parent node can be applied. Both the operation described in the second embodiment and the operation described in the third embodiment can be applied.
  • the hardware configuration of the node 10, the aggregation device 20, and the authentication server 30 described in each embodiment will be described.
  • the node 10, the aggregation device 20, and the authentication server 30 can be realized by, for example, the hardware 100 illustrated in FIG.
  • the hardware 100 includes a processor 101, a memory 102, a clock 103, and a communication device 104.
  • the processor 101 is a CPU (Central Processing Unit, a central processing unit, a processing unit, an arithmetic unit, a microprocessor, a microcomputer, a processor, or a DSP), a system LSI (Large Scale Integration), or the like.
  • the memory 102 is a nonvolatile or volatile semiconductor such as RAM (Random Access Memory), ROM (Read Only Memory), flash memory, EPROM (Erasable Programmable Read Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory), etc. Memory, magnetic disk, flexible disk, optical disk, compact disk, mini disk, DVD (Digital Versatile Disc), etc.
  • the wireless communication unit 12 of the node 10 is realized by the communication device 104.
  • the message transmission unit 13, the message reception unit 14, the message generation unit 15, and the message processing unit 17 are realized by the processor 101 and the memory 102. That is, each component is realized by the processor 101 reading out the program corresponding to each of the message transmission unit 13, the message reception unit 14, the message generation unit 15, and the message processing unit 17 from the memory 102 and executing it.
  • the storage unit 16 of the node 10 is realized by the memory 102.
  • the time management unit 18 of the node 10 is realized by the clock 103.
  • the wireless communication unit 22 of the aggregation device 20 is realized by the communication device 104.
  • the message transmission unit 23, the message reception unit 24, the message generation unit 25, and the message processing unit 27 are realized by the processor 101 and the memory 102. That is, each component is realized by the processor 101 reading out the program corresponding to each of the message transmission unit 23, the message reception unit 24, the message generation unit 25, and the message processing unit 27 from the memory 102 and executing it.
  • the storage unit 26 of the aggregation device 20 is realized by the memory 102.
  • the time management unit 28 of the aggregation device 20 is realized by the clock 103.
  • the communication unit 22 of the authentication server 30 is realized by the communication device 104.
  • the message transmission unit 33, the message reception unit 34, the message generation unit 35, and the message processing unit 37 are realized by the processor 101 and the memory 102. That is, each component is realized by the processor 101 reading out the program corresponding to each of the message transmission unit 33, the message reception unit 34, the message generation unit 35, and the message processing unit 37 from the memory 102 and executing the program.
  • the storage unit 36 of the authentication server 30 is realized by the memory 102.
  • the time management unit 38 of the authentication server 30 is realized by the clock 103.
  • the aggregation device 20, and the authentication server 30 are realized by a general-purpose processing circuit including the processor 101 and the memory 102 . It is also possible to do. Examples of dedicated processing circuits include FPGA (Field Programmable Gate Array), ASIC (Application Specific Integrated Circuit), single circuit, compound circuit, programmed processor, parallel programmed processor, and the like.
  • FPGA Field Programmable Gate Array
  • ASIC Application Specific Integrated Circuit
  • the configuration described in the above embodiment shows an example of the contents of the present invention, and can be combined with another known technique, and can be combined with other configurations without departing from the gist of the present invention. It is also possible to omit or change the part.
  • 10a, 10b, 10c node 11, 21 antenna, 12, 22 wireless communication unit, 13, 23 message transmission unit, 14, 24 message reception unit, 15, 25 message generation unit, 16, 26 storage unit, 17, 27 message Processing unit, 18, 28 Time management unit, 20 aggregation device, 30 authentication server, 41, 51 local destination, 42, 52 local transmission source, 43, 53 message type, 54 time.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Provided is a communication device which is a node (10) that is subordinate to an aggregation device and that forms a tree-shaped wireless multi-hop network, the communication device comprising: a time management unit (18) for adjusting the time of the device by acquiring time information from the aggregation device or another communication device; a message processing unit (17) that, after the time management unit (18) has adjusted the time of the device, determines on the basis of the time of the adjusted device whether it is necessary to carry out authentication for joining the wireless multi-hop network; and a message transmission unit (13) that, in a case where it was determined that authentication is necessary, transmits the signal required for authentication to an authentication device which determines whether the communication device is a device able to join the wireless multi-hop network.

Description

通信装置、認証装置およびネットワークシステムCommunication device, authentication device, and network system
 本発明は、無線マルチホップネットワークシステムを構成する通信装置に関する。 The present invention relates to a communication device constituting a wireless multi-hop network system.
 無線マルチホップネットワークシステムは、端末、集約装置、また集約装置の上位装置などから構成され、集約装置配下にツリー状に端末を収容するネットワーク構成が一般的である。集約装置または集約装置の上位装置は、複数の端末をホッピングさせることによって、各端末からのデータを収集可能である。例えば各端末は、測定したデータを上位の端末に送信し、また、下位の端末から受信したデータを上位の端末に送信することで、集約装置に対してデータを送信する。このような手順により、集約装置または上位装置は、各端末で測定されたデータを収集する。端末~端末間、端末~集約装置間の通信は、例えば、特定小電力無線およびIEEE802.15.4規格を適用し、構成される。 A wireless multi-hop network system is composed of a terminal, an aggregation device, a higher-level device of the aggregation device, and the like, and generally has a network configuration in which terminals are accommodated in a tree shape under the aggregation device. The aggregation device or a higher-level device of the aggregation device can collect data from each terminal by hopping a plurality of terminals. For example, each terminal transmits data to the aggregation device by transmitting the measured data to the upper terminal and transmitting data received from the lower terminal to the upper terminal. By such a procedure, the aggregation device or the host device collects data measured at each terminal. The communication between the terminals and between the terminals and between the terminals and the aggregation device is configured by applying, for example, specific low power radio and the IEEE 802.15.4 standard.
 上述した無線マルチホップネットワークシステムにおいて、集約装置または上位装置は、端末認証、すなわちネットワークへの参加を希望している端末をネットワークに参加させてよいかどうか判断する機能を有する。参加を希望している端末を参加させるか否かの判断は、例えばEAP-PSK(A Pre-Shared Key Extensible Authentication Protocol(EAP) Method)と呼ばれる認証メソッドを用いて行う。当該認証メソッドに係る情報はPANA(Protocol for carrying Authentication for Network Access)、RADIUS(Remote Authentication Dial In User Service)等のAA(Authentication and Authorization)プロトコルにより伝送する構成とすることができる。 In the above-described wireless multi-hop network system, the aggregation device or the host device has a function of determining whether or not terminal authentication, that is, a terminal that wants to participate in the network may participate in the network. The determination as to whether or not to join a terminal that wishes to participate is made using an authentication method called EAP-PSK (A Pre-Shared Key Extensible Authentication Protocol (EAP) Method), for example. Information related to the authentication method can be transmitted by an AA (Authentication and Authorization) protocol such as PANA (Protocol for Carrying Authentication for Network Access) or RADIUS (Remote Authentication Dial In User Service).
 端末は、電源ONを契機に、端末認証を実行する。また、端末認証に先んじて、使用する無線チャネルの決定を、IEEE802.15.4規格で規定されているBeacon信号を用いたアクティブスキャンなどを使用して行う。また、使用する無線チャネルを決定後、端末認証に係るメッセージの送信先を決定し、端末認証を行う。端末認証が成功すると、暗号鍵を生成するための情報であるMSK(Master Session Key)やEMSK(Extended Master Session Key)を共有することができる(例えば、非特許文献1参照)。 The terminal executes terminal authentication when the power is turned on. Prior to terminal authentication, a wireless channel to be used is determined by using an active scan using a Beacon signal defined in the IEEE 802.15.4 standard. In addition, after determining the wireless channel to be used, the transmission destination of a message related to terminal authentication is determined, and terminal authentication is performed. If terminal authentication is successful, MSK (Master Session Key) and EMSK (Extended Master Session Key), which are information for generating an encryption key, can be shared (for example, see Non-Patent Document 1).
 一般的に、端末認証にはその認証の有効期限があり、例えば有効期限の指定方法として、有効期限までの絶対時刻が通知されるケース、有効期限までの残り時間が通知されるケース、などがある。いずれのケースにおいても、有効期限に基づき端末認証を再度実施する。 In general, terminal authentication has an expiration date for the authentication. For example, there are cases in which the absolute time until the expiration date is notified, the remaining time until the expiration date is notified, etc. is there. In either case, terminal authentication is performed again based on the expiration date.
 また、端末は電源断となるケースがある。端末がバッテリーではなく商用電源から電力供給を受けて動作する構成の場合、例えば停電が発生すると、停電発生エリアに存在する端末が電源断となる。停電から復旧した場合には、電源ONとなりチャネルスキャンおよび端末認証を再度実施する。 Also, there are cases where the terminal is powered off. In the case of a configuration in which the terminal operates by receiving power supply from a commercial power supply instead of a battery, for example, when a power failure occurs, the terminal existing in the power failure occurrence area is powered off. When recovering from a power failure, the power is turned on and channel scanning and terminal authentication are performed again.
 非特許文献1で開示された技術を適用した場合、停電から復帰すると、端末は、停電前に実施した端末認証において交換済のMSKまたはEMSKであるマスター鍵を用いた暗号通信を試みる。応答がないなど、暗号通信が失敗した場合には、相手先との間で端末認証を再度実施してマスター鍵を更新する。 When the technology disclosed in Non-Patent Document 1 is applied, when the terminal recovers from the power failure, the terminal attempts encrypted communication using the master key that is the MSK or EMSK that has been replaced in the terminal authentication performed before the power failure. When encryption communication fails, such as when there is no response, terminal authentication is performed again with the other party to update the master key.
 しかしながら、非特許文献1で開示された技術を無線マルチホップネットワークシステムに適用すると、停電から復電した場合に以下のような問題が発生するおそれがある。 However, when the technology disclosed in Non-Patent Document 1 is applied to a wireless multi-hop network system, the following problems may occur when power is restored from a power failure.
 非特許文献1で開示された技術が適用された無線マルチホップネットワークシステムにおいては、端末が停電後、復電すると、端末間のマルチホップ通信経路を経由して、認証の相手先となる装置、具体的には、集約装置または集約装置よりも上位のサーバ等の上位装置に対して暗号通信を試みる。そして、暗号通信に問題があると判断すると、端末は端末認証を再度行う。そのため、ツリーを構成する各端末によるメッセージの送信、具体的には、認証シーケンスに係るメッセージの送信が短期間に集中し、メッセージの送信先である集約装置の近辺において無線リソースの枯渇、無線輻輳などが発生して通信品質が低下するおそれがあった。 In a wireless multi-hop network system to which the technology disclosed in Non-Patent Document 1 is applied, when a terminal recovers after a power failure, an apparatus that is an authentication partner via a multi-hop communication path between the terminals, Specifically, cryptographic communication is attempted with an aggregation device or a higher-level device such as a server higher than the aggregation device. When it is determined that there is a problem with the encryption communication, the terminal performs terminal authentication again. Therefore, the transmission of messages by each terminal constituting the tree, specifically, the transmission of messages related to the authentication sequence is concentrated in a short period of time, and there is radio resource depletion and radio congestion in the vicinity of the aggregation device that is the message transmission destination. As a result, communication quality may be degraded.
 本発明は、上記に鑑みてなされたものであって、無線マルチホップネットワークシステムにおける無線リソースの消費量を削減可能な通信装置を得ることを目的とする。 The present invention has been made in view of the above, and an object of the present invention is to obtain a communication device capable of reducing the consumption of radio resources in a radio multi-hop network system.
 上述した課題を解決し、目的を達成するために、本発明は、集約装置の配下にありツリー状の無線マルチホップネットワークを形成する通信装置であって、前記集約装置または他の通信装置から時刻情報を取得して自装置の時刻を調整する時刻調整手段と、前記時刻調整手段が自装置の時刻を調整した後に、調整後の自装置の時刻に基づいて、前記無線マルチホップネットワークに参入するための認証処理が必要か否かを判断する処理手段と、前記認証処理が必要と判断された場合、当該通信装置が前記無線マルチホップネットワークに参入可能な装置であるかを判断する認証装置に対し、認証処理を要求する信号を送信する送信手段と、を備えることを特徴とする。 In order to solve the above-described problems and achieve the object, the present invention is a communication device that is under the control of an aggregation device and forms a tree-like wireless multi-hop network, and the time from the aggregation device or another communication device. Time adjustment means for acquiring information and adjusting the time of the own apparatus, and after the time adjustment means adjusts the time of the own apparatus, the wireless multi-hop network is entered based on the adjusted time of the own apparatus. A processing means for determining whether or not authentication processing is necessary, and an authentication device for determining whether or not the communication device is a device capable of entering the wireless multi-hop network when the authentication processing is determined to be necessary On the other hand, transmission means for transmitting a signal requesting authentication processing is provided.
 本発明によれば、無線マルチホップネットワークシステムにおける無線リソースの消費量を削減することができる、という効果を奏する。 According to the present invention, it is possible to reduce the consumption of radio resources in the radio multi-hop network system.
無線マルチホップネットワークシステムの構成例を示す図The figure which shows the structural example of a wireless multihop network system ノードの構成例を示す図Diagram showing an example of node configuration 集約装置の構成例を示す図The figure which shows the structural example of an aggregation apparatus 時刻同期要求メッセージの構成例を示す図The figure which shows the structural example of a time synchronous request message 時刻同期応答メッセージの構成例を示す図The figure which shows the structural example of a time synchronous response message 復電後のノードの動作例を示すフローチャートFlow chart showing an example of node operation after power recovery ノードが集約装置に時刻を同期させる動作の一例を示す図The figure which shows an example of the operation | movement which a node synchronizes time with an aggregation apparatus. 無線マルチホップネットワークシステムの他の構成例を示す図The figure which shows the other structural example of a wireless multihop network system 認証サーバの構成例を示す図Diagram showing an example of the configuration of the authentication server ノード、集約装置および認証サーバを実現するハードウェアの一例を示す図The figure which shows an example of the hardware which implement | achieves a node, an aggregation apparatus, and an authentication server
 以下に、本発明の実施の形態にかかる通信装置および無線マルチホップネットワークシステムを図面に基づいて詳細に説明する。なお、この実施の形態によりこの発明が限定されるものではない。 Hereinafter, a communication device and a wireless multi-hop network system according to an embodiment of the present invention will be described in detail based on the drawings. Note that the present invention is not limited to the embodiments.
実施の形態1.
 図1は、本実施の形態にかかる無線マルチホップネットワークシステムの構成例を示す図である。無線マルチホップネットワークシステムは、複数のノード10a、10bおよび10cと、集約装置20とにより構成され、ツリー状トポロジを有する。なお、ノード10a、10bおよび10cは同じ機能を有する無線通信端末である。以下の説明においては、ノード10a、10bおよび10cを区別する必要がない場合、これらをまとめてノード10と記載することがある。また、ノード10と集約装置20は1台以上あればよく、図1に記載した台数は一例であって、これに限定するものではない。ノード10、集約装置20はそれぞれ個別の識別情報を有している。ノード10a,10b,10cは、それぞれ、識別情報10a_adr,10b_adr,10c_adrを有し、集約装置20は識別情報20_adrを有しているものとして説明を行う。
Embodiment 1 FIG.
FIG. 1 is a diagram illustrating a configuration example of a wireless multi-hop network system according to the present embodiment. The wireless multi-hop network system includes a plurality of nodes 10a, 10b, and 10c and an aggregation device 20, and has a tree topology. Nodes 10a, 10b and 10c are wireless communication terminals having the same function. In the following description, when it is not necessary to distinguish the nodes 10a, 10b, and 10c, they may be collectively referred to as the node 10. Moreover, the node 10 and the aggregation apparatus 20 should just be 1 or more, and the number described in FIG. 1 is an example, Comprising: It does not limit to this. Each of the node 10 and the aggregation device 20 has individual identification information. The nodes 10a, 10b, and 10c have identification information 10a_adr, 10b_adr, and 10c_adr, respectively, and the aggregation device 20 is described as having identification information 20_adr.
 本発明にかかる通信装置であるノード10は、他のノード10または集約装置20から信号を受信した場合、転送する必要があるかどうかを確認し、転送が必要な場合には転送処理を行う。また、ノード10は時計機能を有し、集約装置20から、または、集約装置20との間で時刻同期が完了している他のノード10から時刻情報を取得し、取得した時刻情報が示す時刻に自装置のローカル時刻を合わせることにより、集約装置20との間で時刻を同期させることが可能である。 When receiving a signal from another node 10 or the aggregation device 20, the node 10 which is a communication device according to the present invention checks whether it needs to be transferred, and performs transfer processing if transfer is necessary. In addition, the node 10 has a clock function, acquires time information from the aggregation device 20 or another node 10 that has completed time synchronization with the aggregation device 20, and the time indicated by the acquired time information It is possible to synchronize the time with the aggregation device 20 by adjusting the local time of the own device.
 なお、以下の説明において、あるノード10から見たときの他のノード10および集約装置20をまとめて他の端末と称する場合がある。例えば、図1に示した無線マルチホップネットワークシステムのノード10aにとっては、ノード10b,10cおよび集約装置20が他の端末となる。また、集約装置20にとっての他の端末はノード10a,10b,10cとなる。 In the following description, another node 10 and the aggregation device 20 when viewed from a certain node 10 may be collectively referred to as other terminals. For example, for the node 10a of the wireless multi-hop network system shown in FIG. 1, the nodes 10b and 10c and the aggregation device 20 are other terminals. The other terminals for the aggregation device 20 are nodes 10a, 10b, and 10c.
 図2は、ノード10の構成例を示す図である。ノード10は、アンテナ11と、アンテナ11を介して他のノード10または集約装置20との間で無線信号を送受信する無線通信部12と、他のノード10または集約装置20へ送信する必要があるメッセージを無線通信部12へ出力して送信を依頼するメッセージ送信部13と、他のノード10または集約装置20からメッセージを受信するメッセージ受信部14と、メッセージ送信部13が送信するメッセージを生成するメッセージ生成部15と、各種情報を記憶する記憶部16と、メッセージ受信部14が受信したメッセージを受け取って解析し、解析結果に応じた動作を実行するメッセージ処理部17と、集約装置20から直接取得された時刻情報、または他のノード10を経由して取得された時刻情報を受け取って保持する時刻管理部18と、を備える。 FIG. 2 is a diagram illustrating a configuration example of the node 10. The node 10 needs to transmit to the other node 10 or the aggregation device 20 and the wireless communication unit 12 that transmits / receives a radio signal to / from the other node 10 or the aggregation device 20 via the antenna 11. A message transmission unit 13 that outputs a message to the wireless communication unit 12 to request transmission, a message reception unit 14 that receives a message from another node 10 or the aggregation device 20, and a message that the message transmission unit 13 transmits are generated. Directly from the message generation unit 15, the storage unit 16 that stores various information, the message processing unit 17 that receives and analyzes the message received by the message reception unit 14, and executes an operation according to the analysis result, and the aggregation device 20 Time for receiving and holding the acquired time information or the time information acquired via another node 10 It includes a processing section 18, the.
 メッセージ送信部13は、他のノード10または集約装置20に送信が必要となるメッセージをメッセージ生成部15から受け、無線通信部12に受け渡して送信を依頼する。メッセージ送信部13は、例えば、送信タイミングなどの計算をCSMA-CA(Carrier Sense Multiple Access-Collision Avoidance)などのルールに従って行う。 The message transmission unit 13 receives a message that needs to be transmitted to another node 10 or the aggregation device 20 from the message generation unit 15, transfers the message to the wireless communication unit 12, and requests transmission. For example, the message transmission unit 13 performs calculation such as transmission timing in accordance with rules such as CSMA-CA (Carrier Sense Multiple Access-Collision Avoidance).
 メッセージ受信部14は、他のノード10または集約装置20から自装置宛てに送信されたメッセージをアンテナ11および無線通信部12を介して受信し、メッセージ処理部17に受け渡す。 The message receiving unit 14 receives a message transmitted from another node 10 or the aggregation device 20 to the own device via the antenna 11 and the wireless communication unit 12 and passes the message to the message processing unit 17.
 メッセージ生成部15は、他のノード10または集約装置20に送信が必要なメッセージおよび転送が必要なメッセージを生成する。転送の場合、メッセージ生成部15は、メッセージ処理部17から転送対象となるメッセージを受け取り、アドレスの書き換えなどを行う。また、メッセージ生成部15は、メッセージ処理部17からの指示に従い、時刻同期要求、端末認証に関係するメッセージ等の生成を行う。 The message generator 15 generates a message that needs to be transmitted to another node 10 or the aggregation device 20 and a message that needs to be transferred. In the case of transfer, the message generator 15 receives a message to be transferred from the message processor 17 and rewrites the address. Further, the message generation unit 15 generates a time synchronization request, a message related to terminal authentication, and the like according to an instruction from the message processing unit 17.
 記憶部16は、不揮発性メモリにより構成され、自ノードのMAC(Media Access Control)アドレスおよびIP(Internet Protocol)アドレス、自ノード装置とともに無線メッシュネットワークシステムを構成している他のノード10および集約装置20のMACアドレスおよびIPアドレスを保持する。記憶部16は、ルーティングテーブルとも呼ばれる経路情報も保持する。例えば、集約装置20への経路情報として次ホップとなる親ノードのMACアドレスおよびIPアドレスの少なくとも一方を保持する。記憶部16は、さらに、少なくとも一つの認証鍵および暗号鍵を保持する。認証鍵は端末認証に用いられ、端末認証の相手先である集約装置20も同じ値の認証鍵を保持する。また、暗号鍵は端末認証時に生成または配布される。端末認証時に生成または配布される暗号鍵は、認証の有効期限と紐付けられて管理される。すなわち、有効期限の終了により認証が無効になると、暗号鍵も無効になる。暗号鍵は集約装置20へ送信するメッセージが格納されるフレームを暗号化する際に使用される。暗号鍵は、端末認証の有効期限が終了し、再認証が行われると更新される。暗号鍵の更新は、認証を行う集約装置20とノード10が保持する共通の認証鍵、および端末認証時に両者が互いにやりとりした情報をもとに、集約装置20およびノード10の双方において新たな暗号鍵を生成して行うのが一般的であるが、集約装置20において生成した新たな暗号鍵をノード10に送信して更新することも可能である。 The storage unit 16 is configured by a non-volatile memory, and the MAC (Media Access Control) address and IP (Internet Protocol) address of the own node, the other node 10 and the aggregation device that constitute the wireless mesh network system together with the own node device Holds 20 MAC addresses and IP addresses. The storage unit 16 also holds route information called a routing table. For example, at least one of the MAC address and IP address of the parent node that is the next hop is stored as route information to the aggregation device 20. The storage unit 16 further holds at least one authentication key and encryption key. The authentication key is used for terminal authentication, and the aggregation device 20 that is the other party of terminal authentication also holds the authentication key having the same value. The encryption key is generated or distributed at the time of terminal authentication. The encryption key generated or distributed at the time of terminal authentication is managed in association with the expiration date of authentication. That is, when authentication is invalidated due to the expiration of the expiration date, the encryption key is also invalidated. The encryption key is used when encrypting a frame in which a message to be transmitted to the aggregation device 20 is stored. The encryption key is updated when the validity period of terminal authentication ends and re-authentication is performed. The encryption key is updated based on a common authentication key held by the aggregation device 20 that performs authentication and the node 10 and information exchanged between the aggregation device 20 and the node 10 at the time of terminal authentication. In general, a key is generated, but a new encryption key generated in the aggregation device 20 can be transmitted to the node 10 and updated.
 メッセージ処理部17は、メッセージ受信部14から受け取ったメッセージを解析してメッセージ生成部15に応答のメッセージを生成させるとともに、記憶部16および時刻管理部18との間で値の設定および読み出しを行い、メッセージ生成部15にメッセージ生成の契機を通知する。例えば、時刻同期要求メッセージを受信した場合、メッセージ処理部17は、時刻管理部18が時刻を保持しているか否かを確認し、時刻を保持していれば、保持している時刻をメッセージ生成部15に通知するとともに時刻同期応答メッセージの生成を指示する。また、メッセージ処理部17は、自装置が送信した時刻同期要求メッセージに対応する時刻同期応答メッセージを受信した場合、時刻同期応答メッセージにて通知された時刻を時刻管理部18に設定する。また、メッセージ処理部17は、端末認証に係るメッセージを受信すると、受信したメッセージの内容に従い、応答メッセージの生成をメッセージ生成部15に指示する。メッセージ処理部17は、さらに、時刻同期処理、端末認証処理などを実施する場合には、これらの処理に係るメッセージの生成をメッセージ生成部15に指示する。メッセージ処理部17は暗号鍵更新手段および時刻情報送信手段を構成する。 The message processing unit 17 analyzes the message received from the message reception unit 14 and causes the message generation unit 15 to generate a response message, and performs setting and reading of values between the storage unit 16 and the time management unit 18. Then, the message generation unit 15 is notified of a message generation opportunity. For example, when a time synchronization request message is received, the message processing unit 17 checks whether or not the time management unit 18 holds the time. If the time management unit 18 holds the time, the message generation unit generates the held time as a message. Notifying the unit 15 and instructing generation of a time synchronization response message. Further, when the message processing unit 17 receives a time synchronization response message corresponding to the time synchronization request message transmitted by the own device, the message processing unit 17 sets the time notified by the time synchronization response message in the time management unit 18. Further, when the message processing unit 17 receives a message related to terminal authentication, the message processing unit 17 instructs the message generation unit 15 to generate a response message according to the content of the received message. The message processing unit 17 further instructs the message generation unit 15 to generate messages related to these processes when performing time synchronization processing, terminal authentication processing, and the like. The message processing unit 17 constitutes an encryption key update unit and a time information transmission unit.
 時刻管理部18は、例えば水晶振動子などにより構成されるクロック回路であり、時刻を設定後は自走し、自装置のローカル時刻を示す時刻情報を保持する。なお、電源供給を失うと、時刻情報が失われる。この場合、集約装置20から時刻情報が送信され、ノード10の時刻管理部18は、集約装置20から直接、または他のノード10を経由して時刻情報を受け取ると、受け取った時刻情報を保持する。その結果、各ノード10は、集約装置20が保持する時刻に同期して動作することが可能となる。時刻情報は、各ノードが送信する時刻同期要求メッセージに対する時刻同期応答メッセージとして、時刻同期要求メッセージの送信先のノード10または集約装置20から送信されてくる。時刻管理部18は時刻調整手段を構成する。 The time management unit 18 is a clock circuit configured by, for example, a crystal resonator, etc., and self-runs after setting the time, and holds time information indicating the local time of the own device. If the power supply is lost, the time information is lost. In this case, time information is transmitted from the aggregation device 20, and when the time management unit 18 of the node 10 receives the time information directly from the aggregation device 20 or via another node 10, the time information is held. . As a result, each node 10 can operate in synchronization with the time held by the aggregation device 20. The time information is transmitted from the node 10 or the aggregation device 20 that is the transmission destination of the time synchronization request message as a time synchronization response message for the time synchronization request message transmitted by each node. The time management unit 18 constitutes time adjustment means.
 図3は、集約装置20の構成例を示す図である。集約装置20は、アンテナ21と、アンテナ21を介してノード10との間で無線信号を送受信する無線通信部22と、ノード10へ送信する必要があるメッセージを無線通信部22へ出力して送信を依頼するメッセージ送信部23と、ノード10からメッセージを受信するメッセージ受信部24と、メッセージ送信部23が送信するメッセージを生成するメッセージ生成部25と、各種情報を記憶する記憶部26と、メッセージ受信部24が受信したメッセージを受け取って解析し、解析結果に応じた動作を実行するメッセージ処理部27と、外部の時刻源から取得された時刻情報を受け取って保持する時刻管理部28と、を備える。 FIG. 3 is a diagram illustrating a configuration example of the aggregation device 20. The aggregation device 20 outputs an antenna 21, a wireless communication unit 22 that transmits and receives wireless signals to and from the node 10 via the antenna 21, and a message that needs to be transmitted to the node 10 to the wireless communication unit 22 for transmission. A message transmission unit 23 that requests a message, a message reception unit 24 that receives a message from the node 10, a message generation unit 25 that generates a message transmitted by the message transmission unit 23, a storage unit 26 that stores various information, and a message A message processing unit 27 that receives and analyzes a message received by the reception unit 24 and executes an operation according to the analysis result; and a time management unit 28 that receives and holds time information acquired from an external time source. Prepare.
 集約装置20の上記各構成のうち、アンテナ21、無線通信部22、メッセージ送信部23、メッセージ受信部24およびメッセージ処理部27の各動作は、ノード10のアンテナ11、無線通信部12、メッセージ送信部13、メッセージ受信部14およびメッセージ処理部17と同様であるため、詳しい説明を省略する。 Among the above-described components of the aggregation device 20, the operations of the antenna 21, the wireless communication unit 22, the message transmission unit 23, the message reception unit 24, and the message processing unit 27 are the same as the antenna 11 of the node 10, the wireless communication unit 12, and the message transmission. Since it is the same as the unit 13, the message receiving unit 14, and the message processing unit 17, detailed description thereof is omitted.
 集約装置20の記憶部26は、ノード10の記憶部16とは異なり、経路情報である次ホップの親ノードのアドレスは保持しない。記憶部26は、自装置からの下り経路、すなわち自装置の配下にある各ノード10の下り経路の情報を経路情報として保持する。 Unlike the storage unit 16 of the node 10, the storage unit 26 of the aggregation device 20 does not hold the address of the parent node of the next hop that is route information. The storage unit 26 holds, as route information, the downlink route from the own device, that is, the downlink route information of each node 10 under the own device.
 集約装置20の時刻管理部28は、図示を省略している時刻情報取得部が外部の時刻源から取得した時刻情報を保持する。時刻源は、例えば、NTP(Network Time Protocol)サーバである。GPS(Global Positioning System)などを利用して時刻情報の供給を受けても構わない。 The time management unit 28 of the aggregation device 20 holds time information acquired from an external time source by a time information acquisition unit (not shown). The time source is, for example, an NTP (Network Time Protocol) server. Time information may be supplied using GPS (Global Positioning System) or the like.
 また、集約装置20の時刻管理部28が保持する時刻情報は上述したように外部の時刻源から取得するため、集約装置20のメッセージ生成部25はノード10のメッセージ生成部15とは異なり、時刻同期要求メッセージを生成することはない。 Since the time information held by the time management unit 28 of the aggregation device 20 is acquired from an external time source as described above, the message generation unit 25 of the aggregation device 20 is different from the message generation unit 15 of the node 10 in that No synchronization request message is generated.
 つぎに、本実施の形態にかかるノード10および集約装置20が送受信するメッセージのうち、時刻同期に関するメッセージについて、構成を説明する。 Next, the configuration of the messages related to time synchronization among the messages transmitted and received by the node 10 and the aggregation device 20 according to the present embodiment will be described.
 図4は、時刻同期要求メッセージの構成例を示す図である。時刻同期要求メッセージは、ローカル宛先41、ローカル送信元42およびメッセージ種別43を含んでいる。ローカル宛先41には、時刻同期要求メッセージの送信先となるノード10または集約装置20のMACアドレスまたはIPアドレスが設定される。ローカル送信元42には、時刻同期要求メッセージの送信元となるノード10のMACアドレスまたはIPアドレスが設定される。メッセージ種別43には、時刻同期要求メッセージであることを示す情報が設定される。 FIG. 4 is a diagram illustrating a configuration example of a time synchronization request message. The time synchronization request message includes a local destination 41, a local transmission source 42, and a message type 43. In the local destination 41, the MAC address or IP address of the node 10 or the aggregation device 20 that is the transmission destination of the time synchronization request message is set. The local transmission source 42 is set with the MAC address or IP address of the node 10 that is the transmission source of the time synchronization request message. In the message type 43, information indicating that it is a time synchronization request message is set.
 図5は、時刻同期応答メッセージの構成例を示す図である。時刻同期応答メッセージはローカル宛先51、ローカル送信元52、メッセージ種別53および時刻54を含んでいる。ローカル宛先51には、時刻同期応答メッセージの送信先となるノード10のMACアドレスまたはIPアドレスが設定される。ローカル送信元52には、時刻同期応答メッセージの送信元となる集約装置20またはノード10のMACアドレスまたはIPアドレスが設定される。メッセージ種別53には、時刻同期応答メッセージであることを示す情報が設定される。時刻54には、時刻同期応答メッセージの送信元のノード10または集約装置20で保持されている時刻情報が設定される。 FIG. 5 is a diagram illustrating a configuration example of a time synchronization response message. The time synchronization response message includes a local destination 51, a local transmission source 52, a message type 53, and a time 54. In the local destination 51, the MAC address or IP address of the node 10 that is the transmission destination of the time synchronization response message is set. In the local transmission source 52, the MAC address or IP address of the aggregation device 20 or the node 10 that is the transmission source of the time synchronization response message is set. In the message type 53, information indicating a time synchronization response message is set. At time 54, time information held by the node 10 or the aggregation device 20 that is the transmission source of the time synchronization response message is set.
 つづいて、上述したノード10および集約装置20により図1に示した無線マルチホップネットワークシステムが形成されるまでの動作について説明を行う。 Subsequently, the operation until the wireless multi-hop network system shown in FIG. 1 is formed by the node 10 and the aggregation device 20 described above will be described.
 図1に示した無線マルチホップネットワークシステムを形成する場合、一般的には、まず、集約装置20が起動して動作を開始し、次に、ノード10、すなわちノード10a、10bおよび10cが起動して動作を開始する。集約装置20は、各ノード10がネットワークシステムに参入するために必要な共通の認証鍵を保持しているかを検証することにより認証処理を行う。 When the wireless multi-hop network system shown in FIG. 1 is formed, generally, the aggregation device 20 is first activated to start operation, and then the node 10, that is, the nodes 10a, 10b, and 10c is activated. Start operation. The aggregation device 20 performs an authentication process by verifying whether each node 10 holds a common authentication key necessary for entering the network system.
 集約装置20は、電源が投入されて起動すると、図示を省略している時刻源から時刻情報を取得する。例えば、NTPサーバ、GPSなどから時刻情報を取得する。取得した時刻情報は時刻管理部28で管理する。時刻管理部28は取得した時刻情報が示す時刻に自装置、すなわち集約装置20の時刻を設定する。 The aggregation device 20 acquires time information from a time source (not shown) when the power is turned on and started. For example, time information is acquired from an NTP server, GPS, or the like. The acquired time information is managed by the time management unit 28. The time management unit 28 sets the time of the own device, that is, the aggregation device 20 at the time indicated by the acquired time information.
 ノード10は、電源が投入されて起動すると、無線マルチホップネットワークシステムへの参入動作を開始し、チャネルスキャンを実行する。以下、無線マルチホップネットワークシステムへの参入動作をネットワークへの参入動作と称する場合がある。また、無線マルチホップネットワークシステムをネットワークと称する場合もある。 When the node 10 is powered on and activated, the node 10 starts an entry operation to the wireless multi-hop network system and performs a channel scan. Hereinafter, the entry operation to the wireless multi-hop network system may be referred to as the entry operation to the network. A wireless multi-hop network system may be referred to as a network.
 チャネルスキャンは周囲に接続可能な集約装置20または他のノード10が存在するかどうかを調査する処理であり、例えば、IEEE 802.15.4で規定されているようなアクティブスキャン、またはパッシブスキャンを用い、接続可能な他の端末、すなわち接続可能な集約装置20および他のノード10が周囲に存在するかどうかを調査する。使用可能なチャネルが複数存在する場合、チャネルスキャンでは、周期的にチャネルを切り替えつつ、使用可能な全てのチャネルにおいて、接続可能な他の端末の有無を調査する。接続可能な他の端末が存在する場合、他の端末が存在しているチャネルを選択して使用チャネルに決定する。なお、特定のチャネルが使用チャネルとして規定されている場合には、チャネルスキャンは行わずに、規定されているチャネルを使用チャネルに決定する。 The channel scan is a process for investigating whether there is an aggregation device 20 or another node 10 that can be connected to the surroundings. For example, an active scan or a passive scan as defined in IEEE 802.15.4 is performed. It is investigated whether other terminals that can be connected, that is, the connectable aggregation device 20 and other nodes 10 exist in the surroundings. When there are a plurality of usable channels, the channel scan periodically checks the presence of other connectable terminals in all usable channels while switching the channels. When there is another terminal that can be connected, the channel in which the other terminal exists is selected and determined as the channel to be used. When a specific channel is specified as a use channel, the specified channel is determined as a use channel without performing channel scanning.
 ノード10は、チャネルを決定後、接続可能な周囲の他の端末の各々から集約装置20までの経路情報を表す情報、集約装置20までのホップ数、電界強度等の経路の品質情報を取得し、取得した情報に基づき、接続可能な周囲の他の端末の中から、集約装置20までの経路となる親ノードを選択する。例えば、集約装置20との直接通信が可能な1ホップの位置に存在するノード10aは、集約装置20を親ノードとして選択する。 After determining the channel, the node 10 acquires information indicating the route information from each of the other peripheral terminals that can be connected to the aggregation device 20, the quality information of the route such as the number of hops to the aggregation device 20, and the electric field strength. Based on the acquired information, a parent node serving as a route to the aggregation device 20 is selected from other connectable peripheral terminals. For example, the node 10a existing at a 1-hop position capable of direct communication with the aggregation device 20 selects the aggregation device 20 as a parent node.
 親ノードを選択すると、ノード10は、端末認証処理を開始する。端末認証処理は、PANAといったAA(Authentication and Authorization)メソッドと、EAP-PSK等の認証メソッドを用いて行うことができる。ノード10が集約装置20に対し自装置の端末認証を要求すると、集約装置20は要求元のノード10がネットワークに参加参入可能な端末であるか、判断する。 When the parent node is selected, the node 10 starts terminal authentication processing. The terminal authentication process can be performed using an AA (Authentication and Authorization) method such as PANA and an authentication method such as EAP-PSK. When the node 10 requests the aggregation device 20 to authenticate its own device, the aggregation device 20 determines whether the requesting node 10 is a terminal that can participate in the network.
 集約装置20が、端末認証の要求元のノード10がネットワークに参加可能な端末と判断すると、認証成功の通知が集約装置20からノード10へ送信され、ノード10は、ネットワークに参入した旨の通知を集約装置20へ送信する。なお、ノード10から集約装置20への通知は、認証処理の過程で生成される新たな暗号鍵を用いて暗号化し、送信することも可能である。以上の手順により、ノード10のネットワークへの参入動作が完了となる。 When the aggregation device 20 determines that the node 10 requesting terminal authentication is a terminal that can participate in the network, a notification of successful authentication is transmitted from the aggregation device 20 to the node 10, and the node 10 notifies that it has entered the network. Is transmitted to the aggregation device 20. Note that the notification from the node 10 to the aggregation device 20 can be encrypted and transmitted using a new encryption key generated in the course of the authentication process. With the above procedure, the entry operation of the node 10 to the network is completed.
 集約装置20とは直接通信できないノード10bおよび10cも、同様の手順にてネットワークに参入できる。ノード10bは、ノード10aを親ノードとして選択し、ノード10aを中継端末として集約装置20と通信する。同様に、ノード10cは、ノード10aを親ノードとして選択する。 The nodes 10b and 10c that cannot directly communicate with the aggregation device 20 can also enter the network in the same procedure. The node 10b selects the node 10a as a parent node, and communicates with the aggregation device 20 using the node 10a as a relay terminal. Similarly, the node 10c selects the node 10a as a parent node.
 このような手順により、集約装置20をツリーの頂点とする無線マルチホップネットワークが形成される。 By such a procedure, a wireless multi-hop network having the aggregation device 20 as the top of the tree is formed.
 なお、各ノード10は、無線マルチホップネットワークシステムへの参入動作が正常に完了した場合、端末認証が成功した場合に得られる暗号鍵、およびチャネルスキャンにより得られる親ノードの識別情報を記憶部16に記憶する。ここで、選択したチャネルも記憶する構成としてもよい。この場合、次回のチャネルスキャンによる他の端末の探索を記憶しておいたチャネルから実行することで接続可能な他の端末が存在するチャネルを効率的に探索することが可能となる。集約装置20は、端末認証が成功したノード10との間で共有すべき暗号鍵を記憶部26に記憶する。 Each node 10 stores the encryption key obtained when the terminal authentication is successful when the entry operation to the wireless multi-hop network system is normally completed, and the identification information of the parent node obtained by channel scanning. To remember. Here, the selected channel may also be stored. In this case, it is possible to efficiently search for a channel in which another terminal that can be connected exists by executing a search for another terminal by the next channel scan from the stored channel. The aggregation device 20 stores in the storage unit 26 an encryption key to be shared with the node 10 for which terminal authentication has been successful.
 暗号鍵の生成は、EAP-PSKによる端末認証の機能を利用し、端末認証の過程で生成される暗号鍵を用いて行うことが可能である。ノード10と集約装置20との間の通信は、AES(Advanced Encryption Standard)等の共通鍵暗号を用いて行うことができる。集約装置20は、各ノード10に対して制御信号を送信する場合、当該ノード10との間で共有する暗号鍵を用いて制御信号等の送信情報を暗号化する。各ノード10も同様に、集約装置20に送信する情報を、集約装置20との間で共有する暗号鍵を用いて情報を暗号化する。 The encryption key can be generated by using the terminal authentication function by EAP-PSK and using the encryption key generated in the process of terminal authentication. Communication between the node 10 and the aggregation device 20 can be performed using a common key encryption such as AES (Advanced Encryption Standard). When transmitting a control signal to each node 10, the aggregation device 20 encrypts transmission information such as a control signal using an encryption key shared with the node 10. Similarly, each node 10 encrypts information to be transmitted to the aggregation device 20 by using an encryption key shared with the aggregation device 20.
 集約装置20は、各ノード10が図示していないセンサなどを用いて取得した情報、例えば、電力使用量の情報を各ノード10から収集して集約することができる。 The aggregating apparatus 20 can collect and aggregate information acquired by each node 10 using a sensor or the like (not shown), for example, power usage information from each node 10.
 つづいて、図1に示した構成の無線マルチホップネットワークシステムにおいて、停電から復電した場合のノード10の起動手順について説明する。ここでは、停電の発生により全てのノード10および集約装置20への給電が停止し、復電すると全てのノード10および集約装置20への給電が再開されて自動的に再起動するものとして説明を行う。復電後、ツリーの頂点である集約装置20は外部から時刻情報を取得して時刻の調整を行う。なお、集約装置20が起動した場合の動作は、図1に示した無線マルチホップネットワークシステムを形成する場合の動作説明で示したとおりである。 Next, the startup procedure of the node 10 when power is restored from a power failure in the wireless multi-hop network system having the configuration shown in FIG. 1 will be described. Here, it is assumed that the power supply to all the nodes 10 and the aggregation device 20 is stopped due to the occurrence of a power failure, and when the power is restored, the power supply to all the nodes 10 and the aggregation device 20 is resumed and automatically restarted. Do. After power recovery, the aggregation device 20 that is the top of the tree acquires time information from the outside and adjusts the time. The operation when the aggregation device 20 is activated is as described in the description of the operation when the wireless multi-hop network system shown in FIG. 1 is formed.
 図1、図2および図6を参照しながらノード10の動作を説明する。なお、図6は、復電後のノード10の動作例を示すフローチャートである。 The operation of the node 10 will be described with reference to FIG. 1, FIG. 2, and FIG. FIG. 6 is a flowchart showing an operation example of the node 10 after the power recovery.
 復電後、ノード10においては、まず、メッセージ処理部17が記憶部16から停電前の親ノードの識別情報を読み込む(ステップS11)。識別情報はMACアドレス、IPアドレスなどである。 After the power recovery, in the node 10, first, the message processing unit 17 reads the identification information of the parent node before the power failure from the storage unit 16 (step S11). The identification information is a MAC address, an IP address, or the like.
 ノード10は、次に、ステップS11で読み込んだ識別情報が示す親ノードに対して時刻同期要求メッセージを送信する(ステップS12)。すなわち、メッセージ処理部17がメッセージ生成部15に時刻同期要求メッセージの生成を指示し、指示を受けたメッセージ生成部15が時刻同期要求メッセージを生成し、メッセージ生成部15で生成された時刻同期要求メッセージをメッセージ送信部13が送信する。例えば、ノード10aの親ノードは集約装置20であるため、ノード10aは集約装置20に時刻同期要求メッセージを送信する。ノード10bおよび10cの親ノードはノード10aであるため、ノード10bおよび10cは、ノード10aに時刻同期要求メッセージを送信する。復電後の動作においては、ノード10a、10bおよび10cがほぼ同じタイミングで時刻同期要求メッセージを送信することになる。 Next, the node 10 transmits a time synchronization request message to the parent node indicated by the identification information read in step S11 (step S12). That is, the message processing unit 17 instructs the message generation unit 15 to generate a time synchronization request message, the message generation unit 15 that receives the instruction generates a time synchronization request message, and the time synchronization request generated by the message generation unit 15 The message transmission unit 13 transmits the message. For example, since the parent node of the node 10 a is the aggregation device 20, the node 10 a transmits a time synchronization request message to the aggregation device 20. Since the parent node of the nodes 10b and 10c is the node 10a, the nodes 10b and 10c transmit a time synchronization request message to the node 10a. In the operation after power recovery, the nodes 10a, 10b and 10c transmit the time synchronization request message at almost the same timing.
 なお、説明が煩雑になるのを避けるため、以下の説明ではノード10内の各部の動作および集約装置20内の各部の動作については説明を省略する。 In addition, in order to avoid complicated description, in the following description, description of the operation of each unit in the node 10 and the operation of each unit in the aggregation device 20 is omitted.
 ノード10aから時刻同期要求メッセージを受信した集約装置20は、時刻同期要求メッセージを受信した時点で時刻情報を保持しているため、ノード10aに時刻同期応答メッセージを送信する。図5に示したように、時刻同期応答メッセージは、メッセージの送信元端末が保持している時刻情報を時刻54として含んでいる。一方、ノード10bおよび10cから時刻同期要求メッセージを受信したノード10aは、時刻同期要求メッセージを受信した時点で時刻情報を保持していない、すなわち、集約装置20から時刻同期応答メッセージを受信して自装置の時刻を調整する処理が完了していないため、時刻同期応答メッセージを送信しない。ノード10aは、ノード10bまたは10cから時刻同期要求メッセージを受信した後に集約装置20から時刻同期応答メッセージを受信した場合、自装置の時刻調整が終了してから時刻同期応答メッセージを要求元のノード10bまたは10cへ送信するようにしてもよい。ノード10bおよび10cは、時刻同期要求メッセージを送信後、一定時間が経過しても時刻同期応答メッセージを受信することができない場合、時刻同期要求メッセージを再送信する。また、ノード10bおよび10cは、ノード10aよりも遅いタイミングで時刻同期要求メッセージを送信するようにしてもよい。すなわち、各ノード10は、集約装置20までのホップ数に応じて、ホップ数が小さいノード10ほど時刻同期要求メッセージを早いタイミングで送信するようにしてもよい。例えば、各ノード10は、復電後、集約装置20までのホップ数にN秒を掛け合わせた時間だけ待ってから時刻同期要求メッセージを送信するようにする。なお、Nは正の数とする。これにより、各ノード10は、親ノードによる時刻同期処理が完了してから時刻同期要求メッセージを送信する可能性が高まるので、時刻同期要求メッセージの再送回数が必要以上に増加するのを防止できる。 The aggregation device 20 that has received the time synchronization request message from the node 10a holds the time information when the time synchronization request message is received, and therefore transmits a time synchronization response message to the node 10a. As shown in FIG. 5, the time synchronization response message includes time information held by the message transmission source terminal as time 54. On the other hand, the node 10a that has received the time synchronization request message from the nodes 10b and 10c does not hold the time information at the time when the time synchronization request message is received. Since the process for adjusting the time of the device is not completed, the time synchronization response message is not transmitted. When the node 10a receives the time synchronization response message from the aggregation device 20 after receiving the time synchronization request message from the node 10b or 10c, the node 10a sends the time synchronization response message to the requesting node 10b after the time adjustment of its own device is completed. Or you may make it transmit to 10c. If the nodes 10b and 10c cannot receive the time synchronization response message even after a predetermined time has elapsed after transmitting the time synchronization request message, the nodes 10b and 10c retransmit the time synchronization request message. Further, the nodes 10b and 10c may transmit the time synchronization request message at a timing later than that of the node 10a. That is, each node 10 may transmit the time synchronization request message at an earlier timing as the node 10 has a smaller number of hops according to the number of hops to the aggregation device 20. For example, each node 10 waits for a time obtained by multiplying the number of hops to the aggregation device 20 by N seconds after power is restored, and then transmits the time synchronization request message. N is a positive number. Thereby, each node 10 is more likely to transmit the time synchronization request message after the time synchronization processing by the parent node is completed, and thus it is possible to prevent the number of times of retransmission of the time synchronization request message from increasing more than necessary.
 なお、ノード10は、親ノードの識別情報を複数保持するようにしてもよい。例えば、集約装置20までのホップ数が同一、かつ経路の通信品質が同等の他のノード10が複数存在する場合に、親ノードの識別情報を複数保持するようにする。親ノードの識別情報を複数保持している場合、時刻同期応答メッセージが返ってこないと判断した時点、例えば、時刻同期要求メッセージを送信してから一定時間が経過した時点で、別の親ノードに対して時刻同期要求メッセージを送信するなどしてもよい。また、いずれの親ノードからも時刻同期応答メッセージが返ってこない場合は、上述したチャネルスキャンから動作する、すなわち、ネットワークへの参入動作を開始するようにしてもよい。 Note that the node 10 may hold a plurality of identification information of the parent node. For example, when there are a plurality of other nodes 10 having the same number of hops to the aggregation device 20 and the same communication quality of the route, a plurality of identification information of the parent node is held. When multiple identification information of the parent node is held, when it is determined that the time synchronization response message is not returned, for example, when a certain time has elapsed since the time synchronization request message was sent, Alternatively, a time synchronization request message may be transmitted. Further, when no time synchronization response message is returned from any parent node, the operation may be started from the above-described channel scan, that is, the operation of entering the network may be started.
 集約装置20へ時刻同期要求メッセージを送信したノード10aは、時刻同期応答メッセージを受信し(ステップS13)、時刻同期応答メッセージに含まれている時刻情報に基づいて自装置の時刻を調整する。次に、ノード10aは、再認証が必要か否か、すなわち、端末認証を再度実施する必要があるか否かを判断する(ステップS14)。ノード10aは、例えば、前回実施した端末認証の有効期限が終わるまでの残り時間が予め決められている閾値よりも短い場合、もしくは既に有効期限を超過している場合、再認証が必要と判断する。なお、端末認証の有効期限が終了すると、記憶部16で保持している暗号鍵の有効期限も終了する。再認証が必要な場合(ステップS14:Yes)、ノード10aは、集約装置20に対して自装置の端末認証を要求して再認証を実施する(ステップS15)。端末認証動作は上述したとおりである。なお、再認証が必要か否かを判断する処理はメッセージ処理部14が行い、集約装置20に対して自装置の端末認証を要求する処理はメッセージ生成部15が行う。すなわち、メッセージ処理部14は、ネットワークに参入するための認証処理が必要か否かを判断する処理手段として動作する。また、メッセージ生成部15は、集約装置20に対して自装置の認証処理を要求するメッセージを生成する。メッセージ生成部15が生成したメッセージは、送信手段であるメッセージ送信部13から認証装置としての集約装置20へ送信される。ノード10aは、端末認証が完了すると、暗号鍵の更新を行う。再認証が必要ではない場合(ステップS14:No)、または再認証が正常に終了した場合、ノード10aは、時刻同期要求メッセージを受け付け可能な状態に遷移する(ステップS16)。これ以降、ノード10aは、時刻同期要求メッセージを受信したか否かを監視する(ステップS17)。ノード10aは、時刻同期要求メッセージを受信した場合(ステップS17:Yes)、時刻管理部18で管理している時刻の情報を含んだ時刻同期応答メッセージを要求元の他のノード10へ送信する(ステップS18)。ノード10aは、時刻同期要求メッセージを受信しない場合(ステップS17:No)、監視動作を継続する。また、ノード10aは、ステップS18を実行後、ステップS17に戻って監視動作を継続する。 The node 10a that has transmitted the time synchronization request message to the aggregation device 20 receives the time synchronization response message (step S13), and adjusts the time of its own device based on the time information included in the time synchronization response message. Next, the node 10a determines whether or not re-authentication is necessary, that is, whether or not terminal authentication needs to be performed again (step S14). For example, the node 10a determines that re-authentication is necessary when the remaining time until the expiration date of the terminal authentication performed last time is shorter than a predetermined threshold or when the expiration date has already been exceeded. . When the expiration date of terminal authentication ends, the expiration date of the encryption key held in the storage unit 16 also ends. When re-authentication is necessary (step S14: Yes), the node 10a requests the aggregation device 20 to perform terminal authentication of its own device and performs re-authentication (step S15). The terminal authentication operation is as described above. Note that the message processing unit 14 performs processing for determining whether re-authentication is necessary, and the message generation unit 15 performs processing for requesting terminal authentication of the own device to the aggregation device 20. That is, the message processing unit 14 operates as a processing unit that determines whether or not an authentication process for entering the network is necessary. In addition, the message generation unit 15 generates a message requesting the aggregation device 20 to perform authentication processing of its own device. The message generated by the message generation unit 15 is transmitted from the message transmission unit 13 as a transmission unit to the aggregation device 20 as an authentication device. When the terminal authentication is completed, the node 10a updates the encryption key. When re-authentication is not necessary (step S14: No), or when re-authentication ends normally, the node 10a transitions to a state in which a time synchronization request message can be accepted (step S16). Thereafter, the node 10a monitors whether or not a time synchronization request message has been received (step S17). When the node 10a receives the time synchronization request message (step S17: Yes), the node 10a transmits a time synchronization response message including the time information managed by the time management unit 18 to the other node 10 of the request source ( Step S18). When the node 10a does not receive the time synchronization request message (step S17: No), the node 10a continues the monitoring operation. Further, after executing Step S18, the node 10a returns to Step S17 and continues the monitoring operation.
 ノード10aの場合を例にステップS13~S18を説明したが、ノード10bおよび10cの場合も同様である。ただし、ノード10bおよび10cは、ステップS14で再認証が必要と判断してステップS15の再認証を実施する場合、親ノードであるノード10aを経由し、集約装置20との間で再認証を実施する。 Steps S13 to S18 have been described by taking the case of the node 10a as an example, but the same applies to the nodes 10b and 10c. However, when the nodes 10b and 10c determine that re-authentication is necessary in step S14 and perform re-authentication in step S15, the nodes 10b and 10c perform re-authentication with the aggregation device 20 via the parent node 10a. To do.
 なお、ノード10は、時刻同期を行った親ノードとは異なるノード10を経由して再認証を行うようにしても構わない。例えば、ノード10bは親ノードであるノード10aではなく、ノード10cを経由して再認証を行っても構わない。 Note that the node 10 may perform re-authentication via a node 10 different from the parent node that performed time synchronization. For example, the node 10b may perform re-authentication via the node 10c instead of the parent node 10a.
 以上の手順で各ノード10が動作することにより、各ノード10は復電後、必ずしも再認証を実施する必要がなくなることから、再認証処理に係るトラヒックを削減することができる。 Since each node 10 operates in accordance with the above procedure, each node 10 does not necessarily need to perform re-authentication after power is restored, so that traffic related to the re-authentication process can be reduced.
 また、各ノード10は、親ノードが時刻同期要求メッセージを受付可能な状態に遷移し、親ノードから時刻同期応答メッセージを受信した後に、再認証が必要か否かを判断するので、再認証処理に係るトラヒックが時間的に分散され、無線リソースの枯渇、無線輻輳などが発生するのを防止できる。 Further, each node 10 transitions to a state in which the parent node can accept the time synchronization request message, and determines whether or not re-authentication is necessary after receiving the time synchronization response message from the parent node. Therefore, it is possible to prevent the occurrence of radio resource depletion and radio congestion.
 図7は、ノード10a、ノード10bが集約装置20に時刻を同期させる際の動作の一例を示す図である。なお、図7においては、図6に示した処理と同じ処理に同一のステップ番号を付している。 FIG. 7 is a diagram illustrating an example of an operation when the nodes 10a and 10b synchronize the time with the aggregation device 20. In FIG. 7, the same steps as those shown in FIG. 6 are denoted by the same step numbers.
 図7に示したように、仮に、ノード10aおよび10bの双方がステップS14において再認証が必要と判断する場合、まず、ノード10aが再認証を実施し、再認証が完了した後に、ノード10aがステップS16へ遷移して時刻同期要求メッセージの受付が可能な状態となる。ノード10aによる再認証が完了するまでの間、ノード10aは、ノード10bから送信された時刻同期要求メッセージに応答しない。この結果、ノード10bの再認証の実施タイミングがノード10aの再認証の実施タイミングとは分散される。 As shown in FIG. 7, if both the nodes 10a and 10b determine that re-authentication is required in step S14, first, the node 10a performs re-authentication, and after the re-authentication is completed, The process proceeds to step S16 so that the time synchronization request message can be accepted. Until the re-authentication by the node 10a is completed, the node 10a does not respond to the time synchronization request message transmitted from the node 10b. As a result, the re-authentication timing of the node 10b is distributed from the re-authentication timing of the node 10a.
 以上説明したように、本実施の形態によれば、ツリー状トポロジを有する無線マルチホップネットワークシステムにおいて、ツリーの頂点である集約装置20はノード10からの時刻同期要求メッセージに対して応答し、ノード10は時刻同期応答メッセージにより取得した現在時刻に基づき再認証処理を実施するか否かを判断し、再認証処理が不要の場合には再認証処理をスキップすることとした。これにより、再認証処理に係る不要なトラヒックを削減できるとともに、再度暗号通信が可能な状態となるまでの所要時間を短縮することができる。 As described above, according to the present embodiment, in the wireless multi-hop network system having a tree topology, the aggregation device 20 which is the top of the tree responds to the time synchronization request message from the node 10, 10 determines whether to perform the re-authentication process based on the current time acquired by the time synchronization response message, and skips the re-authentication process when the re-authentication process is unnecessary. Thereby, unnecessary traffic related to the re-authentication process can be reduced, and the time required until encryption communication can be performed again can be shortened.
 また、ノード10は、親ノードから時刻同期応答メッセージを受信して親ノードとの間の時刻同期処理が完了した後に再認証が必要か否かを判断し、再認証が不要と判断された場合または再認証が完了してから、他のノード10からの時刻同期要求メッセージに対し時刻同期応答メッセージを送信するので、再認証が必要と判断されたノード10における再認証処理の実施タイミングが分散される。この結果、無線輻輳を回避することが可能となり、メッセージの再送を減少させることができるとともに、再度暗号通信が可能な状態となるまでの時間を短縮することができる。 When the node 10 receives the time synchronization response message from the parent node and determines whether or not re-authentication is necessary after completing the time synchronization processing with the parent node, the node 10 determines that re-authentication is unnecessary Alternatively, since the time synchronization response message is transmitted in response to the time synchronization request message from the other node 10 after the re-authentication is completed, the execution timing of the re-authentication process in the node 10 determined to require re-authentication is distributed. The As a result, wireless congestion can be avoided, message retransmission can be reduced, and the time until encryption communication can be performed again can be shortened.
 上記の説明において、ノード10は停電から復電した際に他のノード10から時刻同期要求メッセージを受信した場合、再認証が必要か否かの判断が完了してから時刻同期応答メッセージを送信するものとしたが、自装置の時刻調整処理完了後、再認証の要否の判断を待たず、調整後の時刻に基づいて時刻同期応答メッセージを要求元のノード10に送信してもよい。 In the above description, when the node 10 receives a time synchronization request message from another node 10 when power is restored from a power failure, the node 10 transmits a time synchronization response message after completing the determination as to whether re-authentication is necessary. However, the time synchronization response message may be transmitted to the requesting node 10 based on the adjusted time without waiting for the determination of the necessity of re-authentication after completion of the time adjustment processing of the own device.
実施の形態2.
 本実施の形態では、実施の形態1で説明した時刻同期処理で使用される時刻同期要求メッセージおよび時刻同期応答メッセージを暗号化して送信する場合について説明する。無線マルチホップネットワークシステムの構成は図1と同様である。また、ノード10および集約装置20の構成も図2および3と同様である。
Embodiment 2. FIG.
In the present embodiment, a case will be described in which the time synchronization request message and the time synchronization response message used in the time synchronization process described in the first embodiment are encrypted and transmitted. The configuration of the wireless multi-hop network system is the same as that shown in FIG. The configurations of the node 10 and the aggregation device 20 are the same as those in FIGS.
 本実施の形態において、各ノード10は記憶部16に共通のグループ鍵を保持し、当該グループ鍵を用いて時刻同期要求メッセージおよび時刻同期応答メッセージを暗号化する。グループ鍵は、集約装置20による端末認証後、認証が成功したノードに対して配布される共通の暗号鍵である。集約装置20との送受信のために各ノード10が固有に保持する暗号鍵と異なり、グループ鍵は、端末認証の有効期限終了時における更新を必要としない。 In the present embodiment, each node 10 holds a common group key in the storage unit 16, and encrypts the time synchronization request message and the time synchronization response message using the group key. The group key is a common encryption key distributed to nodes that have been successfully authenticated after terminal authentication by the aggregation device 20. Unlike the encryption key that is uniquely held by each node 10 for transmission / reception with the aggregation device 20, the group key does not need to be updated at the end of the terminal authentication expiration date.
 本実施の形態において、ノード10は、時刻同期要求メッセージを送信する際、記憶部16からグループ鍵を読み出して暗号化を行い、集約装置20または他のノード10である親ノードへ送信する。親ノードは、時刻同期要求メッセージを受信した場合、記憶部26または16で保持しているグループ鍵を読み出し、時刻同期要求メッセージを復号する。親ノードは、時刻同期要求メッセージの復号が成功すると、必要な処理を実施した後に同じグループ鍵を使用して時刻同期応答メッセージを暗号化し、送信する。ノード10は、時刻同期応答メッセージを受信すると、時刻同期要求メッセージの暗号化で使用したものと同じグループ鍵を用いて復号する。 In this embodiment, when transmitting the time synchronization request message, the node 10 reads out the group key from the storage unit 16 and encrypts it, and transmits it to the parent node which is the aggregation device 20 or another node 10. When receiving the time synchronization request message, the parent node reads the group key held in the storage unit 26 or 16 and decrypts the time synchronization request message. When the time synchronization request message is successfully decrypted, the parent node encrypts and transmits the time synchronization response message using the same group key after performing necessary processing. When the node 10 receives the time synchronization response message, the node 10 decrypts it using the same group key used for encryption of the time synchronization request message.
 上記の時刻同期要求メッセージを送信する際、停電から復電した直後は時刻同期が完了しておらず、現在時刻が不明である。このため、端末認証の有効期限終了時に更新を必要とするような暗号鍵を用いて時刻同期要求メッセージを暗号化して送信すると、当該暗号鍵の有効期限が満了している場合には暗号化して送信した時刻同期要求メッセージが親ノードで破棄されてしまう。しかし、端末認証の有効期限終了時における更新を必要としない共通のグループ鍵を用いて時刻同期要求メッセージおよび時刻同期応答メッセージの暗号化を行うことにより、復電時の時刻同期処理が可能となる。 When sending the above time synchronization request message, the time synchronization is not completed immediately after power is restored from a power failure, and the current time is unknown. For this reason, when the time synchronization request message is encrypted and transmitted using an encryption key that needs to be updated at the end of the validity period of terminal authentication, it is encrypted if the validity period of the encryption key has expired. The transmitted time synchronization request message is discarded at the parent node. However, the time synchronization request message and the time synchronization response message are encrypted using a common group key that does not require renewal at the end of the validity period of terminal authentication, thereby enabling time synchronization processing at the time of power recovery. .
 なお、グループ鍵には、端末認証の有効期限(暗号鍵の有効期限)と異なる有効期限を設けることが可能である。この場合、グループ鍵の有効期限の一定期間前に新たなグループ鍵を集約装置20から各ノード10に配布し、各ノード10において所定の日時に更新するようにしてもよい。 The group key can have an expiration date different from the expiration date of terminal authentication (the expiration date of the encryption key). In this case, a new group key may be distributed from the aggregation device 20 to each node 10 and updated at a predetermined date and time at each node 10 before a predetermined period of the expiration date of the group key.
 時刻同期要求メッセージおよび時刻同期応答メッセージを暗号化して送信することに加えて、MIC(Message Integrity Check)と呼ばれる認証コードを付与して送信するようにしてもよい。例えばAES-GCM(Advanced Encryption Standard Galois/Counter Mode)等の認証子付き暗号方式を適用する。暗号化された情報を復号する際に認証子の確認処理も併せて行うことにより、改竄の有無を検知できる。 In addition to encrypting and transmitting the time synchronization request message and the time synchronization response message, an authentication code called MIC (Message Integrity Check) may be added and transmitted. For example, an encryption method with an authenticator such as AES-GCM (Advanced Encryption Standard Galois / Counter Mode) is applied. When the encrypted information is decrypted, the authenticator confirmation process is also performed to detect the presence or absence of falsification.
 このように、本実施の形態においては、時刻同期要求メッセージおよび時刻同期応答メッセージをグループ鍵を用いて暗号化して送信する構成としたことにより、メッセージの内容を秘匿できるとともに、改ざんを検出できる。また、各端末で共通のグループ鍵を用いることにより、親ノードのみと共通の暗号鍵を用いる場合に比して、通信品質の変動による親ノード変更に伴って発生する暗号鍵共有のためのトラヒックを回避することが可能となる。 As described above, in the present embodiment, since the time synchronization request message and the time synchronization response message are transmitted by being encrypted using the group key, the contents of the message can be concealed and tampering can be detected. In addition, by using a common group key in each terminal, traffic for encryption key sharing that occurs when a parent node is changed due to a change in communication quality, compared to a case where an encryption key that is shared only with the parent node is used. Can be avoided.
実施の形態3.
 実施の形態1のノード10は、親ノードを選択後、親ノードの識別情報を記憶部16で保持する構成としていた。しかし、例えば、伝搬する無線信号の強度などで特徴づけられる通信路の品質は時間的な変動があるため、各ノード10が一度選択した親ノードがその後もずっと最適なものであり続ける保証はなく、必要に応じて親ノードの見直しを行うことが望ましい。このような理由から、本実施の形態のノード10は、例えば、定期的に、周囲の他のノード10を探索し、親ノードを再選択する。
Embodiment 3 FIG.
The node 10 according to the first embodiment is configured to hold the identification information of the parent node in the storage unit 16 after selecting the parent node. However, for example, since the quality of the communication path characterized by the strength of the propagated radio signal and the like varies with time, there is no guarantee that the parent node once selected by each node 10 will continue to be optimal after that. It is desirable to review the parent node as necessary. For this reason, for example, the node 10 according to the present embodiment periodically searches for other surrounding nodes 10 and reselects the parent node.
 このような構成とすることにより、高品質な通信を維持することができ、各種メッセージの再送等が発生するのを防止できる。復電後の時刻同期処理で送受信する時刻同期要求メッセージおよび時刻同期応答メッセージの再送が発生する頻度を低く抑えることができるため、復電してからネットワークの運用が可能となるまでの所要時間が長くなるのを防止できる。 With such a configuration, it is possible to maintain high-quality communication and prevent various messages from being retransmitted. Since the frequency of retransmission of the time synchronization request message and time synchronization response message that are sent and received in the time synchronization process after power recovery can be kept low, the time required until network operation is possible after power recovery It can prevent becoming longer.
 実施の形態1の無線メッシュネットワークシステムにおいてノード10が親ノードを定期的に見直すこととしたが、実施の形態2の無線メッシュネットワークシステムにおいてノード10が親ノードを定期的に見直すようにしてもよい。 In the wireless mesh network system of the first embodiment, the node 10 periodically reviews the parent node. However, in the wireless mesh network system of the second embodiment, the node 10 may periodically review the parent node. .
実施の形態4.
 実施の形態1では、ノード10と集約装置20との間で端末認証を行うこととしたが、集約装置20が上位装置に対して認証にかかるメッセージを転送し、上位装置とノード10の間で端末認証を行う構成としてもよい。図8は、本実施の形態にかかる無線マルチホップネットワークシステムの構成例を示す図である。図8に示す無線マルチホップネットワークシステムは、複数のノード10a、10bおよび10cと、集約装置20と、サーバ装置である認証サーバ30により構成される。図8に示すネットワークシステムにおいて、端末認証は、ノード10と認証サーバ30との間で行われる。すなわち、本実施の形態においては認証サーバ30が認証装置に相当する。
Embodiment 4 FIG.
In the first embodiment, terminal authentication is performed between the node 10 and the aggregation device 20. However, the aggregation device 20 transfers a message for authentication to the higher-level device, and the higher-level device and the node 10 communicate with each other. It is good also as a structure which performs terminal authentication. FIG. 8 is a diagram illustrating a configuration example of the wireless multi-hop network system according to the present embodiment. The wireless multi-hop network system shown in FIG. 8 includes a plurality of nodes 10a, 10b, and 10c, an aggregation device 20, and an authentication server 30 that is a server device. In the network system shown in FIG. 8, terminal authentication is performed between the node 10 and the authentication server 30. That is, in this embodiment, the authentication server 30 corresponds to the authentication device.
 図9は、認証サーバ30の構成例を示す図である。認証サーバ30は、集約装置20との間で信号を送受信する通信部32と、集約装置20を経由してノード10へ送信するメッセージを通信部32へ出力して送信を依頼するメッセージ送信部33と、集約装置20を経由してノード10からメッセージを受信するメッセージ受信部34と、メッセージ送信部33が送信するメッセージを生成するメッセージ生成部35と、各種情報を記憶する記憶部36と、メッセージ受信部34が受信したメッセージを受け取って解析し、解析結果に応じた動作を実行するメッセージ処理部37と、外部の時刻源から取得された時刻情報を受け取って保持する時刻管理部38と、を備える。 FIG. 9 is a diagram illustrating a configuration example of the authentication server 30. The authentication server 30 includes a communication unit 32 that transmits and receives signals to and from the aggregation device 20, and a message transmission unit 33 that outputs a message to be transmitted to the node 10 via the aggregation device 20 to the communication unit 32 and requests transmission. A message reception unit 34 that receives a message from the node 10 via the aggregation device 20, a message generation unit 35 that generates a message transmitted by the message transmission unit 33, a storage unit 36 that stores various information, and a message A message processing unit 37 that receives and analyzes a message received by the reception unit 34 and executes an operation according to the analysis result; and a time management unit 38 that receives and holds time information acquired from an external time source. Prepare.
 認証サーバ30は、実施の形態1において説明した集約装置20と同様の動作を行うことで、各ノード10との間で端末認証を行う。認証サーバ30と集約装置20との間の通信は有線による通信であってもよいし無線による通信としてもよい。 The authentication server 30 performs terminal authentication with each node 10 by performing the same operation as the aggregation device 20 described in the first embodiment. Communication between the authentication server 30 and the aggregation device 20 may be wired communication or wireless communication.
 このような構成とすることにより、端末認証に係る情報を上位装置で一元管理でき、集約装置20は端末認証に係る情報、例えば、認証鍵を持つ必要がなくなるので、機器の管理、機器の設置の容易性を高める効果を奏する。例えば、集約装置20が複数存在する構成のシステムの場合、集約装置20の故障等により集約装置20を新しいものに交換する際、新しい集約装置20に端末認証に係る情報を設定する作業が不要となる。集約装置20を追加で設置する場合も同様に、追加設置する集約装置20に端末認証に係る情報を設定する作業が不要となる。 With this configuration, information related to terminal authentication can be centrally managed by the host device, and the aggregation device 20 does not need to have information related to terminal authentication, for example, an authentication key. There is an effect of increasing the ease of. For example, in the case of a system with a plurality of aggregation devices 20, when replacing the aggregation device 20 with a new one due to a failure of the aggregation device 20, it is not necessary to set work related to terminal authentication in the new aggregation device 20. Become. Similarly, when the aggregation device 20 is additionally installed, it is not necessary to set information related to terminal authentication in the additional aggregation device 20.
 なお、本実施の形態の無線メッシュネットワークシステムに対して実施の形態2で説明した動作、すなわち、時刻同期処理で送受信するメッセージを暗号化する動作を適用することも可能である。また、実施の形態3で説明した動作、すなわち、各ノード10が親ノードを定期的に見直す動作を適用することも可能である。実施の形態2で説明した動作および実施の形態3で説明した動作の双方を適用することも可能である。 It should be noted that the operation described in the second embodiment, that is, the operation of encrypting a message to be transmitted / received in the time synchronization process can be applied to the wireless mesh network system of the present embodiment. In addition, the operation described in the third embodiment, that is, the operation in which each node 10 periodically reviews the parent node can be applied. Both the operation described in the second embodiment and the operation described in the third embodiment can be applied.
 各実施の形態で説明したノード10、集約装置20および認証サーバ30のハードウェア構成について説明する。ノード10、集約装置20および認証サーバ30は、例えば、図10に示したハードウェア100により実現することができる。ハードウェア100は、プロセッサ101、メモリ102、時計103および通信装置104を備える。 The hardware configuration of the node 10, the aggregation device 20, and the authentication server 30 described in each embodiment will be described. The node 10, the aggregation device 20, and the authentication server 30 can be realized by, for example, the hardware 100 illustrated in FIG. The hardware 100 includes a processor 101, a memory 102, a clock 103, and a communication device 104.
 プロセッサ101は、CPU(Central Processing Unit、中央処理装置、処理装置、演算装置、マイクロプロセッサ、マイクロコンピュータ、プロセッサ、DSPともいう)、システムLSI(Large Scale Integration)などである。メモリ102は、RAM(Random Access Memory)、ROM(Read Only Memory)、フラッシュメモリー、EPROM(Erasable Programmable Read Only Memory)、EEPROM(Electrically Erasable Programmable Read-Only Memory)等の、不揮発性または揮発性の半導体メモリ、磁気ディスク、フレキシブルディスク、光ディスク、コンパクトディスク、ミニディスクまたはDVD(Digital Versatile Disc)等である。 The processor 101 is a CPU (Central Processing Unit, a central processing unit, a processing unit, an arithmetic unit, a microprocessor, a microcomputer, a processor, or a DSP), a system LSI (Large Scale Integration), or the like. The memory 102 is a nonvolatile or volatile semiconductor such as RAM (Random Access Memory), ROM (Read Only Memory), flash memory, EPROM (Erasable Programmable Read Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory), etc. Memory, magnetic disk, flexible disk, optical disk, compact disk, mini disk, DVD (Digital Versatile Disc), etc.
 ハードウェア100でノード10を実現する場合、ノード10の無線通信部12は通信装置104により実現する。 When the node 10 is realized by the hardware 100, the wireless communication unit 12 of the node 10 is realized by the communication device 104.
 ノード10の構成要素のうち、メッセージ送信部13、メッセージ受信部14、メッセージ生成部15およびメッセージ処理部17は、プロセッサ101およびメモリ102により実現する。すなわち、メッセージ送信部13、メッセージ受信部14、メッセージ生成部15およびメッセージ処理部17のそれぞれに対応するプログラムをプロセッサ101がメモリ102から読み出して実行することにより、各構成要素を実現する。 Among the components of the node 10, the message transmission unit 13, the message reception unit 14, the message generation unit 15, and the message processing unit 17 are realized by the processor 101 and the memory 102. That is, each component is realized by the processor 101 reading out the program corresponding to each of the message transmission unit 13, the message reception unit 14, the message generation unit 15, and the message processing unit 17 from the memory 102 and executing it.
 ノード10の記憶部16はメモリ102により実現する。ノード10の時刻管理部18は時計103により実現する。 The storage unit 16 of the node 10 is realized by the memory 102. The time management unit 18 of the node 10 is realized by the clock 103.
 ハードウェア100で集約装置20を実現する場合、集約装置20の無線通信部22は通信装置104により実現する。 When the aggregation device 20 is realized by the hardware 100, the wireless communication unit 22 of the aggregation device 20 is realized by the communication device 104.
 集約装置20の構成要素のうち、メッセージ送信部23、メッセージ受信部24、メッセージ生成部25およびメッセージ処理部27は、プロセッサ101およびメモリ102により実現する。すなわち、メッセージ送信部23、メッセージ受信部24、メッセージ生成部25およびメッセージ処理部27のそれぞれに対応するプログラムをプロセッサ101がメモリ102から読み出して実行することにより、各構成要素を実現する。 Among the components of the aggregation device 20, the message transmission unit 23, the message reception unit 24, the message generation unit 25, and the message processing unit 27 are realized by the processor 101 and the memory 102. That is, each component is realized by the processor 101 reading out the program corresponding to each of the message transmission unit 23, the message reception unit 24, the message generation unit 25, and the message processing unit 27 from the memory 102 and executing it.
 集約装置20の記憶部26はメモリ102により実現する。集約装置20の時刻管理部28は時計103により実現する。 The storage unit 26 of the aggregation device 20 is realized by the memory 102. The time management unit 28 of the aggregation device 20 is realized by the clock 103.
 ハードウェア100で認証サーバ30を実現する場合、認証サーバ30の通信部22は通信装置104により実現する。 When the authentication server 30 is realized by the hardware 100, the communication unit 22 of the authentication server 30 is realized by the communication device 104.
 認証サーバ30の構成要素のうち、メッセージ送信部33、メッセージ受信部34、メッセージ生成部35およびメッセージ処理部37は、プロセッサ101およびメモリ102により実現する。すなわち、メッセージ送信部33、メッセージ受信部34、メッセージ生成部35およびメッセージ処理部37のそれぞれに対応するプログラムをプロセッサ101がメモリ102から読み出して実行することにより、各構成要素を実現する。 Among the components of the authentication server 30, the message transmission unit 33, the message reception unit 34, the message generation unit 35, and the message processing unit 37 are realized by the processor 101 and the memory 102. That is, each component is realized by the processor 101 reading out the program corresponding to each of the message transmission unit 33, the message reception unit 34, the message generation unit 35, and the message processing unit 37 from the memory 102 and executing the program.
 認証サーバ30の記憶部36はメモリ102により実現する。認証サーバ30の時刻管理部38は時計103により実現する。 The storage unit 36 of the authentication server 30 is realized by the memory 102. The time management unit 38 of the authentication server 30 is realized by the clock 103.
 なお、ノード10、集約装置20および認証サーバ30の一部の構成要素をプロセッサ101およびメモリ102からなる汎用の処理回路で実現する場合について説明したが、これらの構成要素を専用の処理回路で実現することも可能である。専用の処理回路としては、FPGA(Field Programmable Gate Array)、ASIC(Application Specific Integrated Circuit)、単一回路、複合回路、プログラム化したプロセッサ、並列プログラム化したプロセッサ、などが該当する。 In addition, although the case where some components of the node 10, the aggregation device 20, and the authentication server 30 are realized by a general-purpose processing circuit including the processor 101 and the memory 102 has been described, these components are realized by a dedicated processing circuit. It is also possible to do. Examples of dedicated processing circuits include FPGA (Field Programmable Gate Array), ASIC (Application Specific Integrated Circuit), single circuit, compound circuit, programmed processor, parallel programmed processor, and the like.
 以上の実施の形態に示した構成は、本発明の内容の一例を示すものであり、別の公知の技術と組み合わせることも可能であるし、本発明の要旨を逸脱しない範囲で、構成の一部を省略、変更することも可能である。 The configuration described in the above embodiment shows an example of the contents of the present invention, and can be combined with another known technique, and can be combined with other configurations without departing from the gist of the present invention. It is also possible to omit or change the part.
 10a,10b,10c ノード、11,21 アンテナ、12,22 無線通信部、13,23 メッセージ送信部、14,24 メッセージ受信部、15,25 メッセージ生成部、16,26 記憶部、17,27 メッセージ処理部、18,28 時刻管理部、 20 集約装置、30 認証サーバ、41,51 ローカル宛先、42,52 ローカル送信元、43,53 メッセージ種別、54 時刻。 10a, 10b, 10c node, 11, 21 antenna, 12, 22 wireless communication unit, 13, 23 message transmission unit, 14, 24 message reception unit, 15, 25 message generation unit, 16, 26 storage unit, 17, 27 message Processing unit, 18, 28 Time management unit, 20 aggregation device, 30 authentication server, 41, 51 local destination, 42, 52 local transmission source, 43, 53 message type, 54 time.

Claims (11)

  1.  集約装置の配下にありツリー状の無線マルチホップネットワークを形成する通信装置であって、
     前記集約装置または他の通信装置から時刻情報を取得して自装置の時刻を調整する時刻調整手段と、
     前記時刻調整手段が自装置の時刻を調整した後に、調整後の自装置の時刻に基づいて、前記無線マルチホップネットワークに参入するための認証処理が必要か否かを判断する処理手段と、
     前記認証処理が必要と判断された場合、当該通信装置が前記無線マルチホップネットワークに参入可能な装置であるかを判断する認証装置に対し、認証処理を要求する信号を送信する送信手段と、
     を備えることを特徴とする通信装置。
    A communication device that is under the control of an aggregation device and forms a tree-like wireless multi-hop network,
    Time adjustment means for obtaining time information from the aggregation device or another communication device and adjusting the time of the own device;
    After the time adjustment means adjusts the time of the own device, based on the adjusted time of the own device, processing means for determining whether or not an authentication process for entering the wireless multi-hop network is necessary,
    When it is determined that the authentication process is necessary, a transmitting unit that transmits a signal requesting the authentication process to an authentication apparatus that determines whether the communication apparatus is an apparatus that can participate in the wireless multi-hop network;
    A communication apparatus comprising:
  2.  他の通信装置から時刻情報を要求された場合、前記時刻調整手段において調整した自装置の時刻情報を要求元の他の通信装置へ送信する時刻情報送信手段、
     をさらに備えることを特徴とする請求項1に記載の通信装置。
    When time information is requested from another communication apparatus, time information transmission means for transmitting the time information of the own apparatus adjusted by the time adjustment means to the other communication apparatus of the request source,
    The communication apparatus according to claim 1, further comprising:
  3.  前記時刻情報送信手段は、他の通信装置から時刻情報を要求された場合、前記認証処理が必要か否かを判断した後に、調整した自装置の時刻情報を要求元の他の通信装置へ送信することを特徴とする請求項2に記載の通信装置。 When time information is requested from another communication device, the time information transmission means determines whether or not the authentication process is necessary, and then transmits the adjusted time information of the own device to the other communication device of the request source. The communication device according to claim 2, wherein:
  4.  前記認証装置により前記無線マルチホップネットワークへの参入を許可された場合、前記認証装置との暗号通信に用いる暗号鍵を更新する暗号鍵更新手段、
     をさらに備えることを特徴とする請求項1から3のいずれか一項に記載の通信装置。
    An encryption key updating means for updating an encryption key used for encrypted communication with the authentication device when entry to the wireless multi-hop network is permitted by the authentication device;
    The communication apparatus according to claim 1, further comprising:
  5.  前記無線マルチホップネットワークを形成する他の通信装置との暗号通信に用いるグループ鍵を前記他の通信装置との間で共有し、
     前記時刻調整手段は、前記グループ鍵を用いた暗号通信により、前記他の通信装置に対する時刻情報の要求を行うことを特徴とする請求項1から4のいずれか一項に記載の通信装置。
    Sharing a group key used for cryptographic communication with other communication devices forming the wireless multi-hop network with the other communication devices;
    5. The communication device according to claim 1, wherein the time adjustment unit requests time information from the other communication device by encrypted communication using the group key.
  6.  前記時刻調整手段は、時刻情報の要求先を、前記集約装置および他の通信装置の中から定期的に再選択することを特徴とする請求項1から5のいずれか一項に記載の通信装置。 6. The communication device according to claim 1, wherein the time adjustment unit periodically reselects a request destination of time information from the aggregation device and another communication device. .
  7.  前記暗号鍵の有効期限は、前記無線マルチホップネットワークに参入するための認証の有効期限であることを特徴とする請求項4から6のいずれか一項に記載の通信装置。 The communication device according to any one of claims 4 to 6, wherein the expiration date of the encryption key is an authentication expiration date for entering the wireless multi-hop network.
  8.  前記認証装置は、前記通信装置との間で情報の送受信を行う集約装置、または前記集約装置の上位にあって前記集約装置を経由して前記通信装置と通信するサーバ装置であることを特徴とする請求項1から7のいずれか一項に記載の通信装置。 The authentication device is an aggregation device that transmits and receives information to and from the communication device, or a server device that is above the aggregation device and communicates with the communication device via the aggregation device. The communication apparatus according to any one of claims 1 to 7.
  9.  ツリー状の無線マルチホップネットワークを形成する複数の通信装置の上位に存在し、前記通信装置が前記無線マルチホップネットワークに参入可能な装置か否かを判断する認証処理を行う認証装置であって、
     前記認証装置は、配下の通信装置に対し時刻情報を送信する時刻情報送信手段を備え、
     配下の通信装置は、前記認証装置から取得した時刻情報または他の通信装置から取得した時刻情報に基づいて前記認証処理が必要か否かを判断し、必要と判断された場合に前記認証処理を要求する信号を前記認証装置に送信し、
     前記認証装置は、前記認証処理を要求した配下の通信装置について前記認証処理を行うことを特徴とする認証装置。
    An authentication device that exists above a plurality of communication devices forming a tree-shaped wireless multi-hop network and performs an authentication process to determine whether the communication device is a device that can participate in the wireless multi-hop network,
    The authentication device includes time information transmission means for transmitting time information to a subordinate communication device,
    The subordinate communication device determines whether or not the authentication processing is necessary based on the time information acquired from the authentication device or the time information acquired from another communication device, and performs the authentication processing when it is determined to be necessary. Sending a requesting signal to the authentication device;
    The authentication apparatus performs the authentication process on a subordinate communication apparatus that has requested the authentication process.
  10.  前記認証処理を要求した配下の通信装置が前記無線マルチホップネットワークに参入可能な通信装置であると判断された場合、当該通信装置との暗号通信に用いる暗号鍵を前記通信装置に送信することを特徴とする請求項9に記載の認証装置。 When it is determined that a communication device under control of the authentication process is a communication device capable of entering the wireless multi-hop network, an encryption key used for encryption communication with the communication device is transmitted to the communication device. The authentication apparatus according to claim 9, wherein
  11.  複数の通信装置により構成されるツリー状の無線マルチホップネットワークと、前記通信装置の上位に存在し、前記通信装置が前記無線マルチホップネットワークに参入可能な装置か否かを判断する認証処理を行う認証装置と、からなるネットワークシステムであって、
     前記認証装置は、配下の通信装置に対し時刻情報を送信する時刻情報送信手段を備え、
     前記通信装置は、前記認証装置から取得した時刻情報または他の通信装置から取得した時刻情報に基づいて前記認証処理が必要か否かを判断し、必要と判断された場合に前記認証処理を要求する信号を前記認証装置に送信し、
     前記認証装置は、前記認証処理を要求した配下の通信装置について前記認証処理を行うことを特徴とするネットワークシステム。
    A tree-like wireless multi-hop network composed of a plurality of communication devices, and an authentication process that determines whether the communication device is a device that exists above the communication device and can enter the wireless multi-hop network. A network system comprising an authentication device,
    The authentication device includes time information transmission means for transmitting time information to a subordinate communication device,
    The communication device determines whether the authentication processing is necessary based on time information acquired from the authentication device or time information acquired from another communication device, and requests the authentication processing if it is determined to be necessary To the authentication device,
    The network system, wherein the authentication apparatus performs the authentication process on a subordinate communication apparatus that has requested the authentication process.
PCT/JP2016/059947 2015-03-30 2016-03-28 Communication device, authentication device, and network system WO2016158866A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2016548389A JPWO2016158866A1 (en) 2015-03-30 2016-03-28 Communication apparatus, network system, and authentication method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2015069455 2015-03-30
JP2015-069455 2015-03-30

Publications (1)

Publication Number Publication Date
WO2016158866A1 true WO2016158866A1 (en) 2016-10-06

Family

ID=57007108

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/059947 WO2016158866A1 (en) 2015-03-30 2016-03-28 Communication device, authentication device, and network system

Country Status (2)

Country Link
JP (1) JPWO2016158866A1 (en)
WO (1) WO2016158866A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017175499A (en) * 2016-03-25 2017-09-28 東芝ライテック株式会社 Communication system and communication method
WO2019217032A1 (en) * 2018-05-10 2019-11-14 Qualcomm Incorporated Methods and apparatuses for concurrent communications in a network
JP2021502749A (en) * 2017-11-06 2021-01-28 オラクル・インターナショナル・コーポレイション Methods, systems, and computer-readable media for using the authentication activation period

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008124810A (en) * 2006-11-13 2008-05-29 Seiko Epson Corp Information display device, communication method and program
JP2011160098A (en) * 2010-01-29 2011-08-18 Oki Electric Industry Co Ltd Communication system and communication device
JP2013153400A (en) * 2011-12-27 2013-08-08 Mitsubishi Electric Corp Radio communication system, radio communication device, and reference device
WO2014020714A1 (en) * 2012-08-01 2014-02-06 株式会社日立製作所 Method for synchronizing time in wireless network system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8886935B2 (en) * 2010-04-30 2014-11-11 Kabushiki Kaisha Toshiba Key management device, system and method having a rekey mechanism
JP5676331B2 (en) * 2011-03-24 2015-02-25 株式会社東芝 Root node and program
JP5944184B2 (en) * 2012-02-29 2016-07-05 株式会社東芝 Information notification apparatus, method, program, and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008124810A (en) * 2006-11-13 2008-05-29 Seiko Epson Corp Information display device, communication method and program
JP2011160098A (en) * 2010-01-29 2011-08-18 Oki Electric Industry Co Ltd Communication system and communication device
JP2013153400A (en) * 2011-12-27 2013-08-08 Mitsubishi Electric Corp Radio communication system, radio communication device, and reference device
WO2014020714A1 (en) * 2012-08-01 2014-02-06 株式会社日立製作所 Method for synchronizing time in wireless network system

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017175499A (en) * 2016-03-25 2017-09-28 東芝ライテック株式会社 Communication system and communication method
JP2021502749A (en) * 2017-11-06 2021-01-28 オラクル・インターナショナル・コーポレイション Methods, systems, and computer-readable media for using the authentication activation period
JP7349984B2 (en) 2017-11-06 2023-09-25 オラクル・インターナショナル・コーポレイション METHODS, SYSTEMS, AND COMPUTER-READABLE MEDIA FOR USING CERTIFICATION VALIDATION PERIOD
WO2019217032A1 (en) * 2018-05-10 2019-11-14 Qualcomm Incorporated Methods and apparatuses for concurrent communications in a network
US11051349B2 (en) 2018-05-10 2021-06-29 Qualcomm Incorporated Concurrent communications in a network
TWI770381B (en) * 2018-05-10 2022-07-11 美商高通公司 Concurrent communications in a network

Also Published As

Publication number Publication date
JPWO2016158866A1 (en) 2017-04-27

Similar Documents

Publication Publication Date Title
US10129745B2 (en) Authentication method and system for wireless mesh network
ES2643290T3 (en) Systems and procedures for carrying out the configuration and authentication of links
WO2019222319A1 (en) A hosted dynamic provisioning protocol with servers and a networked responder
JP6617173B2 (en) Independent security in wireless networks with multiple managers or access points
US20160218866A1 (en) Group key announcement and distribution for a data link group
TW201709764A (en) Method for automatically establishing wireless connection, gateway device and client device using the same
EP3794852B1 (en) Secure methods and systems for identifying bluetooth connected devices with installed application
US20090164785A1 (en) Method for authentication in a communication network
JP2020072442A (en) Communication device, control method, and program
WO2016158866A1 (en) Communication device, authentication device, and network system
US10313118B2 (en) Authenticated access to cacheable sensor information in information centric data network
US20240244039A1 (en) Data transmission method, communication processing method, device, and communication processing program
CN102546184A (en) Method and system for message secure transmission or key distribution in sensor network
JP6804026B2 (en) Encrypted communication system
JP5721183B2 (en) Wireless LAN communication system, wireless LAN base unit, communication connection establishment method, and program
JP4071774B2 (en) Encryption key distribution method and slave unit in wireless network
JP6601774B2 (en) Communication system and communication apparatus
WO2017169957A1 (en) Communication unit, extension, and base unit
TWI756902B (en) Distribution network system and method thereof
US20220255911A1 (en) Method for Secure Communication and Device
JP2018046349A (en) Communication system, time synchronization method, communication device, and communication program
JP2017111599A (en) Authentication device, authentication system, and authentication method
JP6961951B2 (en) Network construction system, method and wireless node
JP6361483B2 (en) Wireless node, coordinator, wireless network and network reconstruction program
AU2023229493A1 (en) Encryption key management in mesh networks

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 2016548389

Country of ref document: JP

Kind code of ref document: A

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16772747

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16772747

Country of ref document: EP

Kind code of ref document: A1