WO2017038179A1 - Dispositif, système et procédé - Google Patents

Dispositif, système et procédé Download PDF

Info

Publication number
WO2017038179A1
WO2017038179A1 PCT/JP2016/066292 JP2016066292W WO2017038179A1 WO 2017038179 A1 WO2017038179 A1 WO 2017038179A1 JP 2016066292 W JP2016066292 W JP 2016066292W WO 2017038179 A1 WO2017038179 A1 WO 2017038179A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
terminal
wireless
information
network
Prior art date
Application number
PCT/JP2016/066292
Other languages
English (en)
Japanese (ja)
Inventor
大介 川上
伊東 克俊
鈴木 英之
Original Assignee
ソニー株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ソニー株式会社 filed Critical ソニー株式会社
Publication of WO2017038179A1 publication Critical patent/WO2017038179A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/67Risk-dependent, e.g. selecting a security level depending on risk profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/18Selecting a network or a communication service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • H04W88/04Terminal devices adapted for relaying to or from another terminal or user
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present disclosure relates to an apparatus, a system, and a method.
  • a terminal having a WWAN (Wireless Wide Area Network) communication function such as a smartphone and a mobile phone, can access the Internet via a mobile communication network even when the user is away from home.
  • a terminal that does not have a WWAN communication function is required to access the Internet by using another communication method such as a wireless LAN (WLAN).
  • WLAN wireless LAN
  • a communication terminal that indirectly communicates with a service providing apparatus that provides a service via another communication terminal seamlessly receives a service provided by the service providing apparatus.
  • Techniques for enabling are disclosed.
  • a device that does not perform mobile communication using a mobile communication service acquires authentication information from another device that performs mobile communication using a mobile communication service.
  • a technique for connecting to a network through different wireless communication is disclosed.
  • an improvement in convenience related to network authentication is one of the demands.
  • connection destination to the wireless station of the connection destination selected based on one or more network information about the wireless network operated by the wireless station acquired from each of the one or more wireless stations.
  • An apparatus includes a processing unit that performs an authentication process using authentication information of another apparatus according to an authentication method selected based on network information of the wireless station.
  • connection to the wireless station of the connection destination selected based on one or more network information about the wireless network operated by the wireless station acquired from each of the one or more wireless stations
  • An apparatus includes a processing unit that provides authentication information used in the authentication process to another apparatus that performs an authentication process using an authentication method selected based on the network information of the wireless station.
  • connection to the wireless station of the connection destination selected based on one or more network information about the wireless network operated by the wireless station acquired from each of the one or more wireless stations.
  • a method including performing an authentication process using authentication information of another device by a processor according to an authentication method selected based on network information of the wireless station.
  • connection to the wireless station of the connection destination selected based on one or more network information about the wireless network operated by the wireless station acquired from each of the one or more wireless stations Providing the authentication information used in the authentication process to another device that performs the authentication process by the authentication method selected based on the network information of the wireless station is provided by the processor. .
  • an authentication information providing source terminal and an authentication information providing destination terminal are provided, and the authentication information providing destination terminal is operated by the radio station acquired from each of one or more radio stations. Authentication of the authentication information providing source terminal by the authentication method selected based on the network information of the wireless station of the connection destination to the wireless station of the connection destination selected based on one or more network information related to the wireless network
  • a system includes a processing unit that performs authentication processing using information, and wherein the authentication information providing source terminal includes a processing unit that provides the authentication information to the authentication information providing destination terminal.
  • the authentication information providing destination terminal is a connection destination selected based on one or more network information about the wireless network operated by the wireless station, acquired from each of the one or more wireless stations. Performing an authentication process using authentication information of an authentication information providing source terminal according to an authentication method selected based on network information of the wireless station to which the wireless station is connected to the wireless station; and Providing the authentication information to the authentication information providing destination terminal.
  • FIG. 1 is a diagram for describing an overview of a wireless communication system according to an embodiment of the present disclosure.
  • FIG. It is a figure for demonstrating the outline
  • elements having substantially the same functional configuration may be distinguished by adding different alphabets after the same reference numerals.
  • a plurality of elements having substantially the same functional configuration are distinguished as the base stations 510A, 510B, and 510C as necessary.
  • the base stations 510A, 510B, and 510C are simply referred to as the base station 510 when it is not necessary to distinguish them.
  • FIG.1 and FIG.2 is a figure for demonstrating the outline
  • the wireless communication system 1 includes a wireless communication device 100.
  • the wireless communication system 1 includes a wireless communication device 100 and a wireless communication device 200.
  • the wireless communication device 100 is a wireless terminal capable of wireless communication with other devices.
  • the wireless communication device 100 is a notebook PC.
  • the wireless communication device 100 is a WLAN terminal that can be connected to a WLAN according to a communication method such as IEEE (Institute of Electrical and Electronics Engineers) 802.11a, 11b, 11g, 11n, 11ac, or 11ad.
  • IEEE Institute of Electrical and Electronics Engineers
  • the WLAN terminal 100 can connect to a wireless network 500 via a base station 510 and use a service provided by the service network 400.
  • the WLAN terminal 100 can form a wireless connection with the wireless communication device 200.
  • This wireless connection can be formed according to an arbitrary communication method such as Bluetooth (registered trademark) or NFC (Near field communication).
  • the WLAN terminal 100 can be connected to a WLAN whose network information is known, such as a WLAN that is operated at the user's home, for example, but is difficult to connect to a WLAN whose network information such as whereabouts is unknown.
  • the wireless communication device 100 includes a PC, a tablet terminal, a PDA (Personal Digital Assistant), an HMD (Head Mounted Display), a headset, a digital camera, a digital video camera, a smartphone, a mobile phone terminal, a mobile phone, and the like. It may be realized as a music playback device, a portable video processing device, a portable game device, or the like.
  • the wireless communication device 200 is a wireless terminal capable of wireless communication with other devices.
  • the wireless communication apparatus 200 has authentication information for performing authentication to the network, and can be connected to the network independently.
  • the wireless communication device 200 is a smartphone.
  • the wireless communication apparatus 200 can form a wireless connection with the WLAN terminal 100, for example.
  • the wireless communication apparatus 200 is a WWAN terminal that has a WWAN communication function and can be connected to the WWAN.
  • the WWAN terminal 200 has subscriber identification information for connecting to a mobile communication network, performs authentication processing using the subscriber identification information, and establishes wireless connection with a wireless network 300 such as a mobile communication network. Can be formed.
  • the subscriber identification information is, for example, an IMSI (International Mobile Subscriber Identity) stored in a SIM card (Subscriber Identity Module Card).
  • the WWAN terminal 200 can use the service provided by the service network 400 by connecting to the wireless network 300 using the WWAN communication function.
  • the subscriber identification information is an example of authentication information that the WWAN terminal 200 has, and the WWAN terminal 200 may have other arbitrary information as the authentication information.
  • the wireless communication device 200 is not only a smartphone but also a notebook PC, PC, tablet terminal, PDA, HMD, headset, digital camera, digital video camera, mobile phone terminal, portable music player, portable video processing device. Alternatively, it may be realized as a portable game device or the like.
  • the wireless network 300 is a WWAN (first network) such as a mobile communication network.
  • the WWAN 300 is operated according to an arbitrary wireless communication system such as LTE (Long Term Evolution), LTE-A (LTE-Advanced), GSM (registered trademark), UMTS, W-CDMA, or CDMA2000.
  • the WWAN 300 is connected from the wireless communication device 200 located within the range of the cell operated by the base station 310.
  • the service network 400 is a public network such as the Internet.
  • the WWAN terminal 200 can access the service network 400 via the WWAN 300.
  • examples of means for realizing access to the Internet while away from home include tethering by a terminal capable of WWAN communication or use of a public WLAN.
  • Tethering is a technology for connecting other communication terminals to the WWAN 300 via a terminal having a WWAN communication function such as a smartphone.
  • the WWAN terminal 200 can be connected to the WWAN 300 and the WLAN terminal 100, the WWAN terminal 200 can function as an access point that relays communication between the WWAN 300 and the WLAN terminal 100, and can realize tethering.
  • the WLAN terminal 100 can use the service provided by the service network 400.
  • Tethering can be used wherever the WWAN terminal 200 is located in an area where WWAN communication is possible. However, since it is necessary to perform terminal setting for tethering use in both the WWAN terminal 200 and the WLAN terminal 100, the convenience of the user is impaired. Further, during tethering, the power consumption of the WWAN terminal 200 functioning as an access point is large.
  • a public WLAN is a service that provides a connection to the Internet using a WLAN.
  • a wireless network 500 shown in FIG. 2 is a public network (second network) operated by a WLAN, for example.
  • the WLAN terminal 100 can connect to the WLAN 500 to access the service network 400 or further access the service network 400 via the WWAN 300. As a result, the WLAN terminal 100 can use the service provided by the service network 400.
  • a wireless terminal having a WWAN communication function such as a smartphone is an ANDSF (Access Network Discovery and Selection Function) proposed by 3GPP (Third Generation Partnership Project), or Wi-Fi CERTIFIED proposed by Wi-Fi Alliance.
  • ANDSF Access Network Discovery and Selection Function
  • 3GPP Third Generation Partnership Project
  • Wi-Fi CERTIFIED Wi-Fi Alliance
  • the WLAN terminal 100 can be connected to the Internet by operating the WWAN terminal 200 as a tethering AP (Access Point).
  • tethering AP Access Point
  • manual settings such as connection setting to the tethering AP and tethering ON / OFF in the WWAN terminal 200 have occurred, and convenience has been impaired.
  • the WLAN terminal 100 is not compatible with Wi-Fi CERTIFIED Passpoint, it will connect without confirming the safety of the WLAN 500, which may lead to the risk of connecting to the WLAN 500 with a high security risk and damage such as eavesdropping. There was a risk of encounter.
  • the wireless communication system according to an embodiment of the present disclosure has been created with the above circumstances in mind.
  • the wireless communication system according to an embodiment of the present disclosure enables the WLAN terminal 100 to perform easy authentication to an appropriate network.
  • a wireless communication system including the wireless communication device according to an embodiment of the present disclosure will be described in detail with reference to FIGS.
  • the WWAN terminal 200 is an example of a terminal that functions as a provider of authentication information.
  • the authentication information providing source terminal 200 does not necessarily have to be capable of WWAN communication, and may have authentication information for the network.
  • the WLAN terminal 100 is an example of a terminal that functions as a provision destination of authentication information.
  • the authentication information providing destination terminal 100 may not necessarily be capable of WLAN communication, and may be connected to a network of an arbitrary communication method using the authentication information provided from the authentication information providing source terminal 200.
  • FIG. 3 is a block diagram illustrating an example of a configuration of the wireless communication system 1 according to the present embodiment.
  • the wireless communication system 1 includes a WLAN terminal 100 and a WWAN terminal 200, and provides wireless connection to the WWAN 300, the WLAN 500, and the service network 400.
  • the WWAN 300 is operated by a base station 310, a gateway 320, a subscriber information server 330, an authentication server 340, and a network information providing server 350.
  • the base station 310 is a device that serves as a contact point when a wireless terminal having a WWAN communication function is connected to the WWAN 300.
  • the base station 310 accepts a connection from the WWAN terminal 200.
  • the base station 310 corresponds to an eNB.
  • the gateway 320 is a device that relays communication between the WWAN 300 and another network.
  • the gateway 320 relays communication between the WWAN 300 and the service network 400 and communication between the WWAN 300 and the WLAN 500.
  • the gateway 320 corresponds to a P-GW (Packet Data Network Gateway).
  • the subscriber information server 330 is a device that holds subscriber information for the WWAN 300.
  • the subscriber information server 330 also holds information used for authentication processing when a wireless terminal connects to the WWAN 300.
  • the subscriber information server 330 corresponds to an HSS (Home Subscriber Server).
  • the authentication server 340 is a device that authenticates that the connection to the WWAN 300 is a connection by a WWAN 300 subscriber.
  • the authentication server 340 can perform this authentication process with reference to the subscriber information server 330.
  • the authentication server 340 corresponds to an AAA (Authentication, Authorization and Accounting) server.
  • the authentication server 340 has a function of authenticating connection to the WLAN 500.
  • an authentication protocol for the WLAN 500 an authentication protocol using a certificate such as EAP (Extensible Authentication Protocol) -TLS (Transport Layer Security) or EAP-TTLS (Tunneled Transport Layer Security) can be adopted.
  • EAP Extensible Authentication Protocol
  • TLS Transport Layer Security
  • EAP-TTLS Unneled Transport Layer Security
  • EAP-AKA EAP Method for UMTS Authentication and Key Agreement
  • EAP-SIM EAP Method for GSM Subscriber Identity Modules
  • An authentication protocol using information may be employed.
  • the authentication server 340 performs authentication processing with reference to the subscriber information server 330.
  • a terminal that has a WWAN communication function and can be connected to the WWAN 300 through authentication processing using subscriber identification information can be connected to the WLAN 500 through authentication processing using subscriber identification information.
  • IMS-AKA, Security Token, a digital certificate (Credential, Certificate), a public key, or the like may be used as an authentication protocol for the WLAN 500.
  • the network information providing server 350 is a device that provides information on a connection destination wireless network, which is necessary when the connection destination is switched from the wireless network to which the wireless terminal is currently connected to another wireless network.
  • the network information providing server 350 can provide network information for connecting to the WLAN 500 to the WWAN terminal 200.
  • the network information providing server 350 corresponds to an ANDSF server.
  • the TLS server 360 is a server that performs authentication by EAP-TTLS among TLS that is one of EAP authentication protocols. Specifically, the TLS server 360 performs authentication using a user name and password protected by key encryption. Note that the verification of the user name and password is performed by the authentication server 340.
  • the WLAN 500 is a public network operated by the base station 510.
  • the communication system of the public network is described as being WLAN, but may be operated according to any other communication system such as Bluetooth.
  • the base station 510 is a device that serves as a contact point when a wireless terminal having a WLAN communication function connects to the WLAN 500.
  • the base station 510 receives a connection from the WLAN terminal 100.
  • the base station 510 corresponds to an access point.
  • the base station 510 can support one or more authentication protocols.
  • a plurality of base stations 510 may exist in the wireless communication system 1.
  • the BSSID Basic Service Set Identifier
  • the operating frequency may be different among the plurality of base stations 510.
  • a certificate authority may exist outside the wireless communication system 1.
  • the certificate authority issues an electronic certificate for EAP-TLS.
  • FIG. 4 is a block diagram illustrating an example of a logical configuration of the WLAN terminal 100 according to the present embodiment.
  • the WLAN terminal 100 includes a wireless communication unit 110, an output unit 120, a storage unit 130, and a processing unit 140.
  • the wireless communication unit 110 is a communication module that transmits / receives data to / from an external device.
  • the wireless communication unit 110 can perform wireless communication using various communication methods.
  • the wireless communication unit 110 includes a WLAN module 112 and can perform wireless communication using Wi-Fi (registered trademark) or WLAN.
  • the wireless communication unit 110 includes a BT (Bluetooth) module 114 and can perform wireless communication using Bluetooth.
  • the wireless communication unit 110 includes an NFC module 116 and can perform wireless communication using NFC.
  • the wireless communication unit 110 can function as a first wireless communication unit that performs pairing and wireless communication with the WWAN terminal 200.
  • the wireless communication unit 110 performs pairing and wireless communication with the WWAN terminal 200 using a near field communication method such as NFC, Bluetooth, Bluetooth Low Energy, Wi-Fi Direct (registered trademark), or WLAN.
  • the wireless communication unit 110 may perform pairing and wireless communication with the WWAN terminal 200 using a short-range wireless communication method such as ZigBee (registered trademark) or IrDA (Infrared Data Association).
  • the wireless communication unit 110 can function as a second wireless communication unit that performs wireless communication by connecting to a public network.
  • the wireless communication unit 110 connects to the WLAN 500 using a wireless communication method such as WLAN.
  • the public network may support any wireless communication method other than WLAN, and in that case, the wireless communication unit 110 can connect to the public network using a wireless communication method according to the public network.
  • the wireless communication unit 110 may perform measurement processing such as measuring RSSI (Received Signal Strength Indicator) from the strength of the signal received from the WLAN 500.
  • RSSI Receiveived Signal Strength Indicator
  • the wireless communication unit 110 may perform wireless communication using the same communication method for wireless communication with the WWAN terminal 200 and wireless communication with the public network.
  • the wireless communication unit 110 may connect to the WLAN 500 while communicating with the WWAN terminal 200 using WLAN.
  • the wireless communication unit 110 includes ZigBee (registered trademark, IEEE 802.15.4), Z-Wave (registered trademark), ANT (registered trademark), ANT + (registered trademark), WiSUN (registered trademark, IEEE 802.15). .4g), wireless communication may be performed using other communication methods such as Wi-Fi Direct (registered trademark). Further, the wireless communication unit 110 may function as a mesh network node, and may perform wireless communication using, for example, IEEE 802.11s. Of course, the mesh network may be formed using other communication methods such as Bluetooth or ZigBee.
  • the output unit 120 has a function of outputting information by video, image, audio, or the like.
  • the output unit 120 is realized by, for example, a CRT (Cathode Ray Tube) display device, a liquid crystal display (Liquid Crystal Display) device, a speaker, or the like.
  • Storage unit 130 is a part that records and reproduces data on a predetermined recording medium.
  • the storage unit 130 may store information received from the WWAN terminal 200 by the wireless communication unit 110.
  • the processing unit 140 functions as an arithmetic processing device and a control device, and controls the overall operation within the WLAN terminal 100 according to various programs. As illustrated in FIG. 4, the processing unit 140 includes an acquisition unit 142, a selection unit 144, a notification unit 146, and an authentication processing unit 148. The processing unit 140 may further include other components other than these components. That is, the processing unit 140 can have functions other than the functions of these components.
  • the functions of the acquisition unit 142, the selection unit 144, the notification unit 146, and the authentication processing unit 148 will be described in detail later.
  • FIG. 5 is a block diagram illustrating an example of a logical configuration of the WWAN terminal 200 according to the present embodiment.
  • the WWAN terminal 200 includes a wireless communication unit 210, a storage unit 220, an authentication information storage unit 230, and a processing unit 240.
  • the wireless communication unit 210 is a communication module that transmits / receives data to / from an external device.
  • the wireless communication unit 210 can perform wireless communication using various communication methods.
  • the wireless communication unit 210 includes a WWAN module 212 and can perform wireless communication using the WWAN 300.
  • the wireless communication unit 210 includes a WLAN module 214 and can perform wireless communication using Wi-Fi or WLAN.
  • the wireless communication unit 210 includes a BT module 216 and can perform wireless communication using Bluetooth.
  • the wireless communication unit 210 includes an NFC module 218 and can perform wireless communication using NFC.
  • the wireless communication unit 210 can function as a fourth wireless communication unit that performs pairing and wireless communication with the WLAN terminal 100.
  • the wireless communication unit 210 performs pairing and wireless communication with the WLAN terminal 100 using a short-range wireless communication method such as NFC, Bluetooth, Bluetooth Low Energy, Wi-Fi Direct, or WLAN.
  • the wireless communication unit 210 may perform pairing and wireless communication with the WLAN terminal 100 using a short-range wireless communication method such as ZigBee or IrDA (Infrared Data Association).
  • the wireless communication unit 210 can function as a third wireless communication unit that performs wireless communication by connecting to the WWAN 300 using the WWAN module 212.
  • the wireless communication unit 210 communicates with the authentication server 340 via the WWAN module 212.
  • the wireless communication unit 210 can function as a fifth wireless communication unit that performs wireless communication by connecting to the WLAN 500 using the WLAN module 214.
  • the wireless communication unit 210 communicates with the base station 510 via the WLAN module 214.
  • the wireless communication unit 210 wirelessly uses other communication methods such as ZigBee (IEEE 802.15.4), Z-Wave, ANT, ANT +, WiSUN (IEEE 802.15.4g), Wi-Fi Direct, and the like. Communication may be performed. Further, the wireless communication unit 210 may function as a mesh network node, and may perform wireless communication using, for example, IEEE 802.11s. Of course, the mesh network may be formed using other communication methods such as Bluetooth or ZigBee.
  • the storage unit 220 is a part that records and reproduces data on a predetermined recording medium.
  • the storage unit 220 may store information received from the WWAN 300 by the wireless communication unit 210.
  • the storage unit 220 may store device information of the WLAN terminal 100 with which pairing has been established, capability information, or information indicating the purpose of wireless communication with the WLAN 500.
  • the authentication information storage unit 230 has a function of storing authentication information for the network.
  • the authentication information storage unit 230 is realized by a SIM card that stores subscriber identification information for the WWAN 300.
  • the authentication information storage unit 230 may be realized as a storage medium that stores an electronic certificate for EAP-TLS or a user name and password for EAP-TTLS.
  • the authentication information storage unit 230 may be realized as a storage medium that stores a pre-shared key (PSK: Phase Shift Keying) or a passphrase for WPA2-PSK or WPA-PSK.
  • PSK Phase Shift Keying
  • the processing unit 240 functions as an arithmetic processing device and a control device, and controls the overall operation within the WWAN terminal 200 according to various programs. As illustrated in FIG. 5, the processing unit 240 includes a selection unit 242, an authentication processing unit 244, and a tethering processing unit 246. Note that the processing unit 240 may further include other components other than these components. That is, the processing unit 240 can have functions other than the functions of these components.
  • the functions of the selection unit 242, the authentication processing unit 244, and the tethering processing unit 246 will be described in detail later.
  • the WLAN terminal 100 acquires network information related to a wireless network operated by the wireless station from each of one or more wireless stations.
  • the WLAN terminal 100 causes the wireless communication unit 110 to receive a notification signal (for example, a beacon) issued by a wireless station and transmit a network information request (for example, a probe request) to the wireless station that is the notification source of the notification signal. Then, network information is acquired based on the result.
  • the network information may include, for example, radio station identification information, channel information, RSSI information, communication method information, authentication method information, and the like.
  • the identification information may be, for example, an SSID (Service Set Identifier), a BSSID (Basic Service Set Identifier), or an ESSID (Extended Service Set Identifier).
  • the communication method information is information indicating a communication method supported by the wireless station, and may include, for example, information indicating whether each of 802.11a, 11b, 11g, 11n, and 11ac is supported.
  • the authentication method information is information indicating an authentication method supported by the wireless station, and may include, for example, information indicating whether or not 802.1X authentication is supported.
  • the wireless station from which network information is acquired as a connection destination candidate may be the base station 510 or the WWAN terminal 200 operable as a tethering AP.
  • the network information may be acquired from the WWAN terminal 200 that is operating as a tethering AP, or may be acquired from the WWAN terminal 200 that is not operating as a tethering AP.
  • the acquisition of network information may be performed by the WWAN terminal 200.
  • the WWAN terminal 200 can acquire information known to itself such as its communication method information.
  • connection destination selection The WLAN terminal 100 (for example, the selection unit 144) selects a connection destination radio station based on one or more acquired networks.
  • the WLAN terminal 100 selects a wireless station based on information indicating the state of the wireless communication environment between the WLAN terminal 100 and the wireless station, such as RSSI information and channel information. Specifically, the WLAN terminal 100 may preferentially select a radio station that has good RSSI and is not congested. As a result, a more suitable connection destination can be selected.
  • the WLAN terminal 100 selects a radio station based on the communication method information. Specifically, the WLAN terminal 100 may preferentially select a radio station that supports a communication method with a higher transmission speed. As a result, a more suitable connection destination can be selected.
  • the WLAN terminal 100 selects a radio station based on the authentication method information. Specifically, the WLAN terminal 100 may preferentially select a radio station that is compatible with an authentication method with higher security and higher usability. As a result, a more suitable connection destination can be selected.
  • the WLAN terminal 100 may select a connection destination radio station based on the connection history of the WWAN terminal 200. Specifically, the WLAN terminal 100 refers to the connection history of the WWAN terminal 200 and prioritizes a wireless station connected in the past or a wireless station connected more recently when there are a plurality of wireless stations connected in the past. May be selected. Based on the connection history, it is possible to select a connection destination with a connection history in the past. In addition, since a connection destination that has generated authentication information in the past is selected, generation of authentication information by the WWAN terminal 200 can be omitted. Note that the WLAN terminal 100 may also be used for selecting a connection-destination radio station with reference to its own connection history.
  • the WLAN terminal 100 may select a connection destination radio station based on a network selection policy.
  • the network selection policy is information including information relating to a network communication method, network priority, and network identification information. Based on the network selection policy, a more appropriate connection destination can be selected.
  • Set_1 includes information regarding the three networks, and the priority order is set by AccessNetworkPriority.
  • the connection destination may be selected by the WWAN terminal 200 (for example, the selection unit 242).
  • the WLAN terminal 100 selects an authentication method based on network information of a connection destination wireless station.
  • the WLAN terminal 100 may select an authentication method based on the strength of security. Specifically, the WLAN terminal 100 preferentially selects an authentication method with high security strength. This makes it possible to connect to a more secure network.
  • the WLAN terminal 100 may select an authentication method based on high usability. Specifically, the WLAN terminal 100 preferentially selects an authentication method that does not require manual operation such as password entry by the user or installation of an electronic certificate. As a result, it is possible to improve convenience related to authentication to the network.
  • EAP-AKA ′ when an authentication method having a higher priority is arranged in the order of lower priority, for example, EAP-AKA ′, EAP-AKA, EAP-SIM, EAP-TLS, EAP-TTLS, WPA2-PSK, and WPA-PSK are obtained.
  • the higher the priority the higher the security strength and the higher usability. Also, the lower the priority, the lower the security strength and the lower the usability.
  • the authentication method is uniquely determined and the selection of the authentication method is omitted.
  • the WLAN terminal 100 may select an authentication method after selecting a connection-destination wireless station, or may select a connection-destination wireless station after selecting an authentication method. For example, for devices with poor input means such as HMD (Head Mounted Display), the latter selection order in which an authentication method such as EAP-AKA that does not require user input is preferentially selected is desirable. In addition, the WLAN terminal 100 may simultaneously select a connection destination wireless station and an authentication method.
  • HMD Head Mounted Display
  • the selection of the authentication method may be performed by the WWAN terminal 200 (for example, the selection unit 242).
  • either the WLAN terminal 100 or the WWAN terminal 200 may perform selection of a connection destination radio station and selection of an authentication method. Therefore, the WLAN terminal 100 (for example, the selection unit 144) determines whether the wireless terminal and the authentication method of the connection destination are selected by the WLAN terminal 100 or the WWAN terminal 200. For example, the WLAN terminal 100 may select a person who has a network selection policy as a selection subject, and if both have a selection subject, may have a more recent one as a selection subject. Further, the WLAN terminal 100 may use the WLAN terminal 100 as a selection subject by default.
  • the WLAN terminal 100 is difficult to acquire network information when the WWAN terminal 200 operates as a tethering AP. Good. As described above, the WLAN terminal 100 can flexibly change the connection-destination radio station and the authentication method selection subject according to the situation.
  • the network information is notified to the selected entity.
  • the WLAN terminal 100 notifies the acquired network information to the WWAN terminal 200. The reverse is also true.
  • the WLAN terminal 100 (for example, the authentication processing unit 148) performs an authentication process using the authentication information of the WWAN terminal 200.
  • the WLAN terminal 100 authenticates to the network by EAP-AKA ′, EAP-AKA, or EAP-SIM using the subscriber identification information of the WWAN terminal 200.
  • the WLAN terminal 100 may authenticate to the network by EAP-TLS using the electronic certificate of the WWAN terminal 200.
  • the WLAN terminal 100 may authenticate to the network by EAP-TTLS using the user name and password of the WWAN terminal 200.
  • the WLAN terminal 100 may authenticate to the network using WPA2-PSK or WPA-PSK using the PSK or passphrase of the WWAN terminal 200.
  • the WLAN terminal 100 can use the authentication information of the WWAN terminal 200 to authenticate to a network that is difficult to authenticate by itself and connect to the Internet.
  • the WWAN terminal 200 (for example, the authentication processing unit 244) provides authentication information used in authentication processing by the WLAN terminal 100. As a result, the WLAN terminal 100 can authenticate to the network. Note that the WWAN terminal 200 may provide authentication information based on a request from the WLAN terminal 100 when the selection subject of the connection destination wireless station is the WLAN terminal 100. Further, when the selection subject of the connection destination wireless station is itself, the WWAN terminal 200 may provide authentication information together with information indicating the connection destination wireless station.
  • the authentication information provided may not be the information itself stored in the authentication information storage unit 230.
  • the WWAN terminal 200 provides authentication information generated based on at least one of subscriber identification information, electronic certificate, user name and password, PSK or passphrase stored in the authentication information storage unit 230. May be. Thereby, the confidential information of the WWAN terminal 200 is prevented from being leaked, and security can be ensured.
  • a short-range wireless communication system such as Bluetooth or NFC can be used.
  • Wi-Fi Direct or the like may be used to provide authentication information.
  • the WWAN terminal 200 may perform processing for functioning as a wireless station. More simply, the WWAN terminal 200 may operate as a tethering AP.
  • the WWAN terminal 200 may perform processing for functioning as a tethering AP with a request from the WLAN terminal 100 as a trigger. Specifically, the WWAN terminal 200 may perform processing for functioning as a tethering AP with the reception of a request for authentication information from the WLAN terminal 100 as a trigger. For example, the WWAN terminal 200 may be triggered by reception of a request for authentication information from the WLAN terminal 100 to the tethering AP (that is, a request for authentication information specifying identification information of the WWAN terminal 200 itself). Further, the WWAN terminal 200 may be triggered by the reception of a request for authentication information related to the base station 510 that does not have authentication information.
  • the WWAN terminal 200 can start (that is, can be activated) as a tethering AP with the reception of a signal from the WLAN terminal 100 as a trigger. This eliminates the need for manual operation such as connection setting to the tethering AP and tethering ON / OFF in the WWAN terminal 200, thereby improving convenience.
  • the WLAN terminal 100 (for example, the acquisition unit 142, the selection unit 144, the notification unit 146, and the authentication processing unit 148) can output information indicating the processing content.
  • 6 and 7 show examples of user interfaces that can be output to the output unit 120.
  • FIG. For example, when obtaining network information or selecting a connection destination, the user interface 11 is displayed.
  • the user interface 12 is displayed. Note that “AP_NAME” in the figure is the name of the wireless station.
  • the user interface 13 is displayed.
  • a user interface 14 is displayed to search for another connection destination and connect again. When the connection (that is, authentication) is successful again, the user interface 13 is displayed. Note that the user can interrupt the connection process at any time by pressing a cancel button.
  • FIG. 8 is a sequence diagram showing an example of the flow of connection processing executed in the wireless communication system 1 according to the present embodiment. As shown in FIG. 8, the WWAN terminal 200, the WLAN terminal 100, and the base station 510 are involved in this sequence.
  • the communication module used for message exchange is illustrated with the word “module” omitted.
  • a message having a WLAN (Wi-Fi) module 112 as a starting point or an ending point indicates that the WLAN module 112 transmits and receives.
  • the WLAN terminal 100 and the WWAN terminal 200 have been previously paired by near field communication (for example, Bluetooth) and a communication path has been established. In the following description, it is omitted which communication module is sending and receiving messages. These points are the same in other sequences after FIG.
  • the WLAN terminal 100 transmits a network information request to the base station 510 (step S102), and receives network information from the base station 510 (step S104).
  • This series of procedures is, for example, a probe process.
  • the WLAN terminal 100 performs a selection process (step S106). For example, the WLAN terminal 100 selects a connection destination radio station based on the acquired network information, connection history, and network selection policy, and selects an authentication method. In this sequence, it is assumed that the base station 510 is selected as the connection destination.
  • the WLAN terminal 100 performs an authentication process (step S108).
  • the WLAN terminal 100 uses the authentication information provided from the WWAN terminal 200 to perform an authentication process for a connection destination wireless station (that is, the base station 510 in this sequence).
  • the authentication process will be described in detail later with reference to FIGS.
  • the WLAN terminal 100 establishes a security session (step S110). For example, the WLAN terminal 100 performs 4-Way Handshake with the connected wireless station. In 4-Way Handshake, the WLAN terminal 100 generates key information by exchanging random numbers and MAC addresses with a connected wireless station, and establishes a security session.
  • the WLAN terminal 100 establishes an IP session with the connection destination wireless station (step S112).
  • the WLAN terminal 100 receives an IP address assignment by DHCP (Dynamic Host Configuration Protocol) or the like and establishes an IP session.
  • DHCP Dynamic Host Configuration Protocol
  • FIG. 9 is a sequence diagram showing an example of the flow of connection processing executed in the wireless communication system 1 according to the present embodiment.
  • the WWAN terminal 200, the WLAN terminal 100, and a plurality of base stations 510 that is, 510A, 510B, and 510C are involved in this sequence.
  • the WLAN terminal 100 transmits a network information request to the base station 510A (step S102A) and receives network information from the base station 510A (step S104A). Similarly, the WLAN terminal 100 transmits a network information request to the base station 510B (step S102B) and receives network information from the base station 510B (step S104B). Further, the WLAN terminal 100 transmits a network information request to the base station 510C (step S102C) and receives network information from the base station 510C (step S104C).
  • the WLAN terminal 100 performs a selection process (step S106). For example, the WLAN terminal 100 selects a connection destination wireless station based on the acquired three pieces of network information, and selects an authentication method. In this sequence, it is assumed that the base station 510C is selected as the connection destination. Note that the WLAN terminal 100 may perform the selection process after the network information from all the base stations 510 (that is, 510A, 510B, and 510C) that requested the network information has been prepared, or each time it is received. A selection process may be performed.
  • the WLAN terminal 100 performs an authentication process for the base station 510C (step S108), establishes a security session with the base station 510C (step S110), and establishes an IP session (step S112).
  • FIG. 10 is a sequence diagram showing an example of the flow of connection processing executed in the wireless communication system 1 according to the present embodiment.
  • the WWAN terminal 200, the WLAN terminal 100, and the base station 510 are involved in this sequence. It is assumed that the WWAN terminal 200 is not operating as a tethering AP at the start of this sequence.
  • the WLAN terminal 100 transmits a network information request to the base station 510 (step S202), and receives network information from the base station 510 (step S204).
  • the WLAN terminal 100 performs a selection process (step S206). In this sequence, it is assumed that the WWAN terminal 200 is selected as the connection destination.
  • the WLAN terminal 100 performs an authentication process (step S208).
  • the WLAN terminal 100 activates the WWAN terminal 200 as a tethering AP by transmitting a request for authentication information to the tethering AP to the WWAN terminal 200.
  • the WLAN terminal 100 establishes a security session with the WWAN terminal 200 (step S210) and establishes an IP session (step S212).
  • the WWAN terminal 200 is activated as a tethering AP when the WWAN terminal 200 is selected as a connection destination in step S208.
  • the WWAN terminal 200 can be activated as a tethering AP even when a base station 510 to which the WWAN terminal 200 does not have authentication information is selected as a connection destination in step S208. This point will be described in detail later with reference to FIG.
  • the WLAN terminal 100 may once activate the WWAN terminal 200 as a tethering AP, acquire network information, perform a selection process, and select a connection destination.
  • FIG. 11 is a sequence diagram showing an example of the flow of connection processing executed in the wireless communication system 1 according to the present embodiment. As shown in FIG. 11, the WWAN terminal 200, the WLAN terminal 100, and the base station 510 are involved in this sequence. It is assumed that the WWAN terminal 200 is operating as a tethering AP at the start of this sequence.
  • the WLAN terminal 100 transmits a network information request to the base station 510 (step S202A) and receives network information from the base station 510 (step S204A). Similarly, the WLAN terminal 100 transmits a network information request to the WWAN terminal 200 that operates as a tethering AP (step S202B), and receives network information from the WWAN terminal 200 (step S204B).
  • the WLAN terminal 100 performs a selection process (step S206). In this sequence, it is assumed that the WWAN terminal 200 is selected as the connection destination.
  • the WLAN terminal 100 performs an authentication process for the WWAN terminal 200 (step S208), establishes a security session with the WWAN terminal 200 (step S210), and establishes an IP session (step S212).
  • FIG. 12 is a sequence diagram showing an example of the flow of connection processing executed in the wireless communication system 1 according to the present embodiment. As shown in FIG. 12, the WWAN terminal 200, the WLAN terminal 100, and the base station 510 are involved in this sequence.
  • the WLAN terminal 100 transmits a network information request to the base station 510 (step S302), and receives network information from the base station 510 (step S304).
  • the WLAN terminal 100 notifies the WWAN terminal 200 of the network information acquired from the base station 510 (step S306). Specifically, the WLAN terminal 100 determines that the connection-target radio station and authentication method selection entity is the WWAN terminal 200 and notifies the WWAN terminal 200 of network information.
  • the WWAN terminal 200 performs a selection process (step S308). For example, the WWAN terminal 200 selects a connection-destination radio station based on the acquired network information, connection history, and network selection policy, and selects an authentication method. In this sequence, it is assumed that the base station 510 is selected as the connection destination.
  • the WWAN terminal 200 notifies the WLAN terminal 100 of information indicating the selection result (step S310). For example, the WWAN terminal 200 notifies the WLAN terminal 100 of identification information of the selected base station 510, information indicating the selected communication method, information indicating the selected authentication method, and the like.
  • the WLAN terminal 100 performs an authentication process (step S312). For example, the WLAN terminal 100 performs an authentication process to the base station 510 according to information indicating the selection result notified from the WWAN terminal 200.
  • the WLAN terminal 100 establishes a security session with the base station 510C (step S314) and establishes an IP session (step S316).
  • FIG. 13 is a sequence diagram showing an example of the flow of connection processing executed in the wireless communication system 1 according to the present embodiment.
  • the WWAN terminal 200, the WLAN terminal 100, and a plurality of base stations 510 that is, 510A, 510B, and 510C are involved in this sequence.
  • the WLAN terminal 100 transmits a network information request to the base station 510A (step S302A) and receives network information from the base station 510A (step S304A). Similarly, the WLAN terminal 100 transmits a network information request to the base station 510B (step S302B) and receives network information from the base station 510B (step S304B). Also, the WLAN terminal 100 transmits a network information request to the base station 510C (step S302C) and receives network information from the base station 510C (step S304C).
  • the WLAN terminal 100 notifies the WWAN terminal 200 of the network information acquired from the base stations 510A, 510B and 510C (step S306).
  • the WWAN terminal 200 performs a selection process (step S308). In this sequence, it is assumed that the base station 510A is selected as the connection destination.
  • the WWAN terminal 200 notifies the WLAN terminal 100 of information indicating the selection result (step S310).
  • the WLAN terminal 100 performs an authentication process for the base station 510A (step S312), establishes a security session with the base station 510A (step S314), and establishes an IP session (step S316).
  • FIG. 14 is a sequence diagram showing an example of the flow of connection processing executed in the wireless communication system 1 according to the present embodiment. As shown in FIG. 14, the WWAN terminal 200, the WLAN terminal 100, and the base station 510 are involved in this sequence.
  • a mesh network using a WLAN is formed between the WLAN terminal 100 and the WWAN terminal 200.
  • the WLAN module 214 of the WWAN terminal 200 and the WLAN module 112A of the WLAN terminal 100 function as a mesh station and can communicate with each other via a mesh network.
  • the WLAN module 112B of the WLAN terminal 100 also functions as a station that performs communication with an AP (for example, the base station 510).
  • the WLAN terminal 100 transmits a network information request to the base station 510 (step S402) and receives network information from the base station 510 (step S404).
  • the WLAN terminal 100 performs a selection process (step S406). In this sequence, it is assumed that the base station 510 is selected as the connection destination.
  • the WLAN terminal 100 performs an authentication process for the base station 510 (step S408), establishes a security session with the base station 510 (step S410), and establishes an IP session (step S412).
  • the authentication process will be described in detail later with reference to FIGS. 15 to 22, communication between the WWAN terminal 200 and the WLAN terminal 100 is performed by a mesh network instead of Bluetooth.
  • the selection main body may be the WWAN terminal 200 and the WWAN terminal 200 itself which operate
  • the authentication process will be described in detail with reference to FIGS.
  • FIG. 15 is an example in the case where the authentication destination is the base station 510
  • FIG. 16 is an example in the case where the authentication destination is the WWAN terminal 200.
  • FIG. 15 is a sequence diagram showing an example of the flow of authentication processing executed in the wireless communication system 1 according to the present embodiment. As shown in FIG. 15, the WWAN terminal 200, the WLAN terminal 100, and the base station 510 are involved in this sequence.
  • the WLAN terminal 100 transmits a request for authentication information to the WWAN terminal 200 (step S502).
  • the WLAN terminal 100 designates identification information of the connection destination base station 510 and transmits a request for authentication information.
  • the WLAN terminal 100 receives authentication information from the WWAN terminal 200 (step S504).
  • the WLAN terminal 100 receives a PSK or a passphrase as authentication information.
  • the WLAN terminal 100 performs association with the base station 510 using the received PSK or passphrase (step S506).
  • Wi-Fi operation is started between the WLAN terminal 100 and the base station 510 (step S508).
  • FIG. 16 is a sequence diagram showing an example of the flow of authentication processing executed in the wireless communication system 1 according to the present embodiment. As shown in FIG. 16, the WWAN terminal 200, the WLAN terminal 100, and the base station 510 are involved in this sequence.
  • the WLAN terminal 100 transmits a request for authentication information to the WWAN terminal 200 (step S602).
  • the WLAN terminal 100 designates identification information of the connection destination base station 510 and transmits a request for authentication information.
  • the WWAN terminal 200 starts tethering processing and starts up as a tethering AP (step S604).
  • the WWAN terminal 200 may be activated as a tethering AP when it does not have authentication information of the designated base station 510. Further, even if the WWAN terminal 200 has the authentication information of the designated base station 510, the WWAN terminal 200 may be activated as a tethering AP when it is determined that tethering is effective based on communication quality or the like. Further, the WWAN terminal 200 may be activated as a tethering AP when the WWAN terminal 200 itself is designated in the request for authentication information.
  • the WLAN terminal 100 receives authentication information from the WWAN terminal 200 (step S606).
  • the WLAN terminal 100 receives a PSK or a passphrase as authentication information.
  • the WLAN terminal 100 performs association with the WWAN terminal 200 using the received PSK or passphrase (step S608).
  • Wi-Fi operation is started between the WLAN terminal 100 and the WWAN terminal 200 (step S610).
  • FIGS. 17 and 18 are sequence diagrams showing an example of the flow of authentication processing executed in the wireless communication system 1 according to the present embodiment. As shown in FIGS. 17 and 18, the WWAN terminal 200, the WLAN terminal 100, the base station 510, the authentication server 340, and the subscriber information server 330 are involved in this sequence.
  • the WLAN terminal 100 performs association with the base station 510 (step S702).
  • the WLAN terminal 100 establishes a logical connection for authentication processing by association.
  • the WLAN terminal 100 cannot perform data communication other than authentication processing, for example.
  • the WLAN terminal 100 transmits EAPoL-Start to the base station 510 (step S704).
  • the base station 510 transmits EAP-Request / Identity to the WLAN terminal 100 (step S706).
  • the WLAN terminal 100 transmits the EAP-Request / Identity received in step S706 to the WWAN terminal 200 (step S708).
  • This message is a message requesting the WWAN terminal 200 to generate an Identity required for EAP-AKA.
  • the WWAN terminal 200 refers to the subscriber identification module 230 that the WWAN terminal 200 has and generates Identity (step S710).
  • the control unit 240 generates Identity based on information recorded on a SIM card that is the subscriber identification module 230.
  • the authentication protocol is EAP-AKA
  • Identity is generated based on IMSI.
  • the IMSI format is as follows. ⁇ MCC: 3 digits> ⁇ MNC: 2 or 3 digits> ⁇ MSIN: Maximum 10 digits>
  • MCC Mobile Country Code
  • MNC Mobile Network Code
  • MSIN Mobile Subscriber Identification Number
  • the WWAN terminal 200 returns EAP-Response / Identity to the WLAN terminal 100 (step S712). This message stores the Identity generated in step S710.
  • the WLAN terminal 100 transfers the received EAP-Response / Identity to the base station 510 (step S714).
  • the base station 510 transmits RADIUS-Access-Request to the authentication server 340 (step S716).
  • the Identity generated by the WWAN terminal 200 is stored.
  • the authentication server 340 transmits a Retrieval-Authentication-Vector to the subscriber information server 330 and requests an authentication vector for Identity (step S718).
  • the Identity generated by the WWAN terminal 200 is stored.
  • An authentication vector is a set of information required for authenticating a connected terminal. In the case of EAP-AKA, the authentication vector includes the following information.
  • RAND random value. Used as a challenge.
  • AUTN A value for the terminal to authenticate the network.
  • XRES expected response value for challenge.
  • IK Message integrity verification key.
  • CK Key for message encryption.
  • the subscriber information server 330 executes the AKA algorithm and generates an authentication vector corresponding to the Identity stored in the received message (step S720).
  • the subscriber information server 330 transmits the generated authentication vector to the authentication server 340 (step S722).
  • the authentication server 340 transmits RADIUS-Access-Challenge to the base station 510 (step S724).
  • the authentication vector generated by the subscriber information server 330 is stored.
  • the authentication server 340 newly calculates a MAC (Message Authentication Code) and adds it to the message. This MAC is used by the WLAN terminal 100 to verify the integrity of this message.
  • MAC Message Authentication Code
  • the base station 510 transmits EAP-Request / AKA-Challenge to the WLAN terminal 100 (step S726).
  • This message includes authentication vectors RAND and AUTN, and MAC.
  • the authentication vectors XRES, IK, and CK are held by the base station 510 and are not transmitted to the WLAN terminal 100.
  • the WLAN terminal 100 transmits EAP-Request / AKA-Challenge to the WWAN terminal 200 (step S728).
  • This message is a message requesting the WWAN terminal 200 to generate a response value (RES) and a session key (IK, CK).
  • the WWAN terminal 200 executes the AKA algorithm to generate the RES, MAC, and session key (IK, CK) corresponding to the received EAP-Request / AKA-Challenge (step S730).
  • the WWAN terminal 200 transmits EAP-Response / AKA-Challenge to the WLAN terminal 100 (step S732).
  • the RES, MAC, and session key generated by the WWAN terminal 200 are stored.
  • the WLAN terminal 100 transfers the received EAP-Response / AKA-Challenge to the base station 510 (step S734).
  • the base station 510 transmits RADIUS-Access-Request to the authentication server 340 (step S736).
  • This message stores the RES, MAC, and session keys (IK, CK) generated by the WWAN terminal 200.
  • the authentication server 340 verifies the received RES (step S738). Specifically, the authentication server 340 verifies that the RES generated by the WWAN terminal 200 matches the XRES generated by the subscriber information server 330 and the integrity of the message by MAC.
  • the authentication server 340 transmits RADIUS-Access-Accept to the base station 510 (step S740). This message indicates that the connection is permitted.
  • the base station 510 transmits EAP-Success to the WLAN terminal 100 (step S742). This message indicates that the authentication process has been successful for the WLAN terminal 100.
  • the base station 510 transmits EAPoL-Key to the WLAN terminal 100 (step S744).
  • This message sends a key for encrypted communication used between the WLAN terminal 100 and the base station 510.
  • connection for WLAN communication is completed between the WLAN terminal 100 and the base station 510 (step S746).
  • data communication using Wi-Fi is started between the WLAN terminal 100 and the base station 510.
  • FIG. 19 and 20 are sequence diagrams showing an example of the flow of authentication processing executed in the wireless communication system 1 according to the present embodiment. As shown in FIG. 19 and FIG. 20, the WWAN terminal 200, the WLAN terminal 100, the base station 510, and the authentication server 340 are involved in this sequence.
  • the WLAN terminal 100 performs association with the base station 510 (step S802).
  • the WLAN terminal 100 establishes a logical connection for authentication processing by association.
  • the WLAN terminal 100 cannot perform data communication other than authentication processing, for example.
  • the WLAN terminal 100 transmits EAPoL-Start to the base station 510 (step S804).
  • the base station 510 transmits EAP-Request / Identity to the WLAN terminal 100 (step S806).
  • the WLAN terminal 100 transmits EAP-Request / Identity to the WWAN terminal 200 (step S808).
  • This message is a message requesting the WWAN terminal 200 to generate an Identity required for EAP-TLS.
  • the WWAN terminal 200 transmits the generated Identity as EAP-Response / Identity to the WLAN terminal 100 (step S810).
  • the WLAN terminal 100 transmits EAP-Response / Identity to the base station 510 (step S812).
  • the base station 510 transmits RADIUS-Access-Request to the authentication server 340 (step S814).
  • the authentication server 340 transmits RADIUS-Access-Challenge to the base station 510 (step S816). With this message, the authentication server 340 notifies the base station 510 of TLS Start.
  • the base station 510 transmits EAP-Request / TLS Start to the WLAN terminal 100 (step S818).
  • This message includes a notification of TLS Start.
  • the WLAN terminal 100 transmits a Request / TLS Start to the WWAN terminal 200 (step S820).
  • This message is a message for requesting the WWAN terminal 200 to start TLS.
  • the WWAN terminal 200 transmits Response / TLS Client Hello to the WLAN terminal 100 (step S822). Transmission and reception of subsequent messages including this message are performed using the encryption key included in the electronic certificate.
  • the WLAN terminal 100 transfers the message received in step S822 to the base station 510 as EAP-Response / TLS ClientHello (step S824).
  • the base station 510 transmits RADIUS-Access-Request to the authentication server 340 (step S826).
  • This message includes the TLS Client Hello message received in step S824.
  • the authentication server 340 transmits RADIUS-Access-Challenge to the base station 510 (step S828).
  • This message includes Server Certificate.
  • this message includes messages such as TLS server_hello, TLS certificate, TLS server_key_change, TLS certificate_request, and TLS server_hello_done.
  • the base station 510 transfers the message received in step S828 to the WLAN terminal 100 (step S830).
  • it is illustrated as EAP-Request / passthrough.
  • the WLAN terminal 100 transfers the message received in step S830 to the WWAN terminal 200 (step S832).
  • Request / passthrough it is illustrated as Request / passthrough.
  • This message includes Client Certificate. Specifically, this message includes messages such as TLS certificate, TLS client_key_exchange, TLS_certificate_verity, TLS change_cipher_spec, and TLS finished.
  • the WLAN terminal 100 transmits an EAP-Response to the base station 510 (step S836).
  • This message includes the message received in step S834.
  • the base station 510 transmits RADIUS-Access-Request to the authentication server 340 (step S838).
  • This message includes the message received in step S836.
  • the authentication server 340 transmits RADIUS-Access-Challenge to the base station 510 (step S840).
  • This message includes messages such as TLS change_cipher_spec and TLS finished.
  • the base station 510 transfers the message received in step S840 to the WLAN terminal 100 (step S842).
  • the message received in step S840 to the WLAN terminal 100 (step S842).
  • it is illustrated as EAP-Request / passthrough.
  • the WLAN terminal 100 transfers the message received in step S842 to the WWAN terminal 200 (step S844).
  • it is illustrated as Request / passthrough.
  • the WWAN terminal 200 transmits a response to the WLAN terminal 100 (step S846).
  • the WLAN terminal 100 transmits an EAP-Response to the base station 510 (step S848).
  • the base station 510 transmits RADIUS-Access-Request to the authentication server 340 (step S850).
  • the authentication server 340 transmits RADIUS-Access-Accept to the base station 510 (step S852). This message indicates that the authenticating terminal is a valid user and the connection is permitted.
  • the base station 510 transmits EAP-Success to the WLAN terminal 100 (step S854). This message indicates that the authentication process has been successful.
  • the base station 510 transmits EAPoL-Key to the WLAN terminal 100 (step S856).
  • This message sends a key for encrypted communication used between the WLAN terminal 100 and the base station 510.
  • connection for WLAN communication is completed between the WLAN terminal 100 and the base station 510 (step S858).
  • data communication using Wi-Fi is started between the WLAN terminal 100 and the base station 510.
  • EAP-TTLS is selected as the authentication method, and the WLAN terminal 100 authenticates the certificate information, user name, and password of the WWAN terminal 200.
  • the flow of processing when used in the above will be described. 21 and 22, an example in which the authentication destination is the base station 510 will be described.
  • 21 and 22 are sequence diagrams illustrating an example of the flow of authentication processing executed in the wireless communication system 1 according to the present embodiment. As shown in FIGS. 21 and 22, the WWAN terminal 200, the WLAN terminal 100, the base station 510, the TLS server 360 and the authentication server 340 are involved in this sequence.
  • the WLAN terminal 100 performs association with the base station 510 (step S902).
  • the WLAN terminal 100 establishes a logical connection for authentication processing by association.
  • the WLAN terminal 100 cannot perform data communication other than authentication processing, for example.
  • the WLAN terminal 100 transmits EAPoL-Start to the base station 510 (step S904).
  • the base station 510 transmits EAP-Request / Identity to the WLAN terminal 100 (step S906).
  • the WLAN terminal 100 transmits EAP-Request / Identity to the WWAN terminal 200 (step S908).
  • This message is a message for requesting the WWAN terminal 200 to generate an Identity required for EAP-TTLS.
  • the WWAN terminal 200 transmits the generated Identity as EAP-Response / Identity to the WLAN terminal 100 (step S910).
  • the WLAN terminal 100 transmits EAP-Response / Identity to the base station 510 (step S912).
  • the base station 510 transmits a RADIUS-Access-Request to the TLS server 360 (step S914).
  • the TLS server 360 transmits RADIUS-Access-Challenge to the base station 510 (step S916). With this message, the authentication server 340 notifies the base station 510 of TLS Start.
  • the base station 510 transfers the message received in step S916 to the WLAN terminal 100 (step S918).
  • it is illustrated as EAP-Request / passthrough.
  • the WLAN terminal 100 transfers the message received in step S918 to the WWAN terminal 200 (step S920).
  • Request / passthrough This message includes a TTL Start notification. That is, this message is a message for requesting the WWAN terminal 200 to start TLS.
  • the WWAN terminal 200 transmits Response / TTL Client Hello to the WLAN terminal 100 (step S922). Transmission and reception of subsequent messages including this message are performed using the encryption key included in the electronic certificate.
  • the WLAN terminal 100 transfers the message received in step S922 to the base station 510 (step S924).
  • EAP-Response / passthrough is illustrated.
  • the base station 510 transmits a RADIUS-Access-Request to the TLS server 360 (step S926).
  • This message includes the TLS Client Hello message received in step S924.
  • the TLS server 360 transmits RADIUS-Access-Challenge to the base station 510 (step S928).
  • This message includes Server Certificate.
  • this message includes messages such as TLS ServerHello, Certificate, ServerKeyExchange, and ServerHelloDone.
  • the base station 510 transfers the message received in step S928 to the WLAN terminal 100 (step S930).
  • it is illustrated as EAP-Request / passthrough.
  • the WLAN terminal 100 transfers the message received in step S930 to the WWAN terminal 200 (step S932).
  • Request / passthrough it is illustrated as Request / passthrough.
  • This message includes Client Key Exchange. Specifically, this message includes messages such as TTL ClientKeyExchange, ChangeCipherSpec, and Finished.
  • the WLAN terminal 100 transfers the message received in step S934 to the base station 510 (step S936).
  • EAP-Response / passthrough is illustrated.
  • the base station 510 transmits a RADIUS-Access-Request to the TLS server 360 (step S938).
  • This message includes the message received in step S936.
  • the TLS server 360 transmits RADIUS-Access-Challenge to the base station 510 (step S940).
  • This message includes messages such as TTL ChangeCipherSpec and Finished.
  • the base station 510 transfers the message received in step S940 to the WLAN terminal 100 (step S942).
  • the message received in step S940 to the WLAN terminal 100 (step S942).
  • it is illustrated as EAP-Request / passthrough.
  • the WLAN terminal 100 transfers the message received in step S942 to the WWAN terminal 200 (step S944).
  • it is illustrated as Request / passthrough.
  • the WWAN terminal 200 transmits a response to the WLAN terminal 100 (step S946).
  • This message includes User-Name, CHAP-Challenge, CHAP-Password, etc. as authentication information for TLS.
  • the WLAN terminal 100 transfers the message received in step S946 to the base station 510 (step S948).
  • EAP-Response / passthrough is illustrated.
  • the base station 510 transmits a RADIUS-Access-Request to the TLS server 360 (step S950).
  • This message includes the message received in step S948.
  • the TLS server 360 transmits RADIUS-Access-Request to the authentication server 340 (step S952).
  • This message includes authentication information for TLS such as User-Name, CHAP-Challenge, and CHAP-Password.
  • the authentication server 340 verifies the authentication information for TLS such as User-Name, CHAP-Challenge, and CHAP-Password received in step S952, and if there is no problem, the authentication server 340 sends the RADIUS-Access- to the TTL server 360. “Accept” is transmitted (step S954). This message indicates that the authenticating terminal is a valid user and the connection is permitted.
  • the TLS server 360 transmits RADIUS-Access-Accept to the base station 510 (step S956).
  • the base station 510 transmits EAP-Success to the WLAN terminal 100 (step S958). This message indicates that the authentication process has been successful.
  • the base station 510 transmits EAPoL-Key to the WLAN terminal 100 (step S960). This message sends a key for encrypted communication used between the WLAN terminal 100 and the base station 510.
  • connection for WLAN communication is completed between the WLAN terminal 100 and the base station 510 (step S962).
  • data communication using Wi-Fi is started between the WLAN terminal 100 and the base station 510.
  • FIG. 23 is a flowchart showing an example of the flow of a connection destination selection process executed in the WLAN terminal 100 according to the present embodiment.
  • the WLAN terminal 100 extracts connection destination candidates (step S1002). For example, the WLAN terminal 100 extracts connection destination candidates based on the acquired network information and the connection history of the WWAN terminal 200. There may be no extracted connection destination candidates or there may be a plurality of connection destination candidates.
  • the WLAN terminal 100 determines whether or not there are unconsidered connection destination candidates (step S1004).
  • the unconsidered connection destination candidates indicate connection destination candidates for which the condition determination according to step S1006 has not been performed.
  • the WLAN terminal 100 determines whether the RSSI of the unconsidered connection destination candidate is higher than a threshold value. judge.
  • the threshold value is arbitrary.
  • the threshold value may be set to, for example, ⁇ 60 dBm, may be set to ⁇ 50 dBm in a situation where there are a plurality of APs in the surrounding area, or ⁇ 70 dBm in a situation in which almost no AP exists in the surrounding area. May be set.
  • the WLAN terminal 100 selects the connection destination candidate as the connection destination (step S1008).
  • the WLAN terminal 100 (for example, the selection unit 144) excludes the connection destination candidate under consideration from the candidates (step S1010). Thereafter, the process returns to step S1004 again.
  • the WLAN terminal 100 selects the tethering AP as the connection destination (step S1012). Then, the WLAN terminal 100 (for example, the authentication processing unit 148 and the wireless communication unit 110) transmits a request for authentication information to the WWAN terminal 200 (step S1014). Thereby, the WWAN terminal 200 is activated as a tethering AP. Next, the WLAN terminal 100 (for example, the authentication processing unit 148 and the wireless communication unit 110) receives the authentication information from the WWAN terminal 200 (step S1016).
  • the WLAN terminal 100 performs an authentication process (step S1018). For example, if a connection destination is selected in step S1008, the WLAN terminal 100 performs an authentication process for the connection destination. If the tethering AP is selected as the connection destination in step S1012, the WLAN terminal 100 performs an authentication process on the WWAN terminal 200 that operates as the tethering AP.
  • the connection destination supports the 802.1X authentication
  • the WLAN terminal 100 can select an optimum authentication method from any one of EAP-AKA ′, EAP-AKA, EAP-SIM, EAP-TLS, and EAP-TTLS. Select. If the connection destination does not support 802.1X authentication, the WLAN terminal 100 selects WPA-PSK or WPA2-PSK.
  • step S1020 / YES If it is determined that the authentication process is successful (step S1020 / YES), the process ends. On the other hand, when it is determined that the authentication process has failed (step S1020 / NO), the process returns to step S1004 again.
  • the WLAN terminal 100 and the WWAN terminal 200 are fixed to a mobile terminal such as a smartphone, a tablet PC (Personal Computer), a notebook PC, a portable game terminal or a digital camera, a television receiver, a printer, a digital scanner, or a network storage. It may be realized as a terminal or an in-vehicle terminal such as a car navigation device.
  • the WLAN terminal 100 and the WWAN terminal 200 are terminals (MTC (Machine Type Communication) terminals that perform M2M (Machine To Machine) communication, such as smart meters, vending machines, remote monitoring devices, or POS (Point Of Sale) terminals). May also be realized.
  • the WLAN terminal 100 and the WWAN terminal 200 may be wireless communication modules (for example, integrated circuit modules configured by one die) mounted on these terminals.
  • FIG. 24 is a block diagram illustrating an example of a schematic configuration of a smartphone 900 to which the technology according to the present disclosure can be applied.
  • the smartphone 900 includes a processor 901, a memory 902, a storage 903, an external connection interface 904, a camera 906, a sensor 907, a microphone 908, an input device 909, a display device 910, a speaker 911, a wireless communication interface 913, an antenna switch 914, an antenna 915, A bus 917, a battery 918, and an auxiliary controller 919 are provided.
  • the processor 901 may be, for example, a CPU (Central Processing Unit) or a SoC (System on Chip), and controls the functions of the application layer and other layers of the smartphone 900.
  • the memory 902 includes a RAM (Random Access Memory) and a ROM (Read Only Memory), and stores programs and data executed by the processor 901.
  • the storage 903 can include a storage medium such as a semiconductor memory or a hard disk.
  • the external connection interface 904 is an interface for connecting an external device such as a memory card or a USB (Universal Serial Bus) device to the smartphone 900.
  • the camera 906 includes, for example, an image sensor such as a CCD (Charge Coupled Device) or a CMOS (Complementary Metal Oxide Semiconductor), and generates a captured image.
  • the sensor 907 may include a sensor group such as a positioning sensor, a gyro sensor, a geomagnetic sensor, and an acceleration sensor.
  • the microphone 908 converts sound input to the smartphone 900 into an audio signal.
  • the input device 909 includes, for example, a touch sensor that detects a touch on the screen of the display device 910, a keypad, a keyboard, a button, or a switch, and receives an operation or information input from a user.
  • the display device 910 has a screen such as a liquid crystal display (LCD) or an organic light emitting diode (OLED) display, and displays an output image of the smartphone 900.
  • the speaker 911 converts an audio signal output from the smartphone 900 into audio.
  • the wireless communication interface 913 supports one or more wireless LAN standards such as IEEE802.11a, 11b, 11g, 11n, 11ac, and 11ad, and performs wireless communication.
  • the wireless communication interface 913 can communicate with other devices via a wireless LAN access point in the infrastructure mode.
  • the wireless communication interface 913 can directly communicate with other devices in an ad hoc mode or a direct communication mode such as Wi-Fi Direct (registered trademark).
  • Wi-Fi Direct unlike the ad hoc mode, one of two terminals operates as an access point, but communication is performed directly between the terminals.
  • the wireless communication interface 913 can typically include a baseband processor, an RF (Radio Frequency) circuit, a power amplifier, and the like.
  • the wireless communication interface 913 may be a one-chip module in which a memory that stores a communication control program, a processor that executes the program, and related circuits are integrated.
  • the wireless communication interface 913 may support other types of wireless communication methods such as a short-range wireless communication method, a proximity wireless communication method, or a cellular communication method in addition to the wireless LAN method.
  • the antenna switch 914 switches the connection destination of the antenna 915 among a plurality of circuits (for example, circuits for different wireless communication schemes) included in the wireless communication interface 913.
  • the antenna 915 includes a single antenna element or a plurality of antenna elements (for example, a plurality of antenna elements constituting a MIMO antenna), and is used for transmission and reception of radio signals by the radio communication interface 913.
  • the smartphone 900 is not limited to the example of FIG. 24, and may include a plurality of antennas (for example, an antenna for a wireless LAN and an antenna for a proximity wireless communication method). In that case, the antenna switch 914 may be omitted from the configuration of the smartphone 900.
  • the bus 917 connects the processor 901, memory 902, storage 903, external connection interface 904, camera 906, sensor 907, microphone 908, input device 909, display device 910, speaker 911, wireless communication interface 913, and auxiliary controller 919 to each other.
  • the battery 918 supplies electric power to each block of the smartphone 900 shown in FIG. 24 through a power supply line partially shown by a broken line in the drawing.
  • the auxiliary controller 919 operates the minimum necessary functions of the smartphone 900 in the sleep mode.
  • the smartphone 900 shown in FIG. 24 at least one of one or more components (for example, the wireless communication unit 110, the output unit 120, the storage unit 130, or the processing unit 140) included in the WLAN terminal 100 described with reference to FIG. ) May be implemented in the wireless communication interface 913.
  • at least some of these components may be implemented in the processor 901 or the auxiliary controller 919.
  • the smartphone 900 may include a module including the wireless communication interface 913, the processor 901, and / or the auxiliary controller 919, and the one or more components may be mounted on the module.
  • the module stores a program for causing the processor to function as the one or more components (in other words, a program for causing the processor to execute the operation of the one or more components), and stores the program. May be executed.
  • a program for causing a processor to function as one or more components may be installed in the smartphone 900, and the wireless communication interface 913, the processor 901, and / or the auxiliary controller 919 may execute the program.
  • the smartphone 900 or the module may be provided as a device including the one or more components, and a program for causing a processor to function as the one or more components may be provided.
  • a readable recording medium in which the program is recorded may be provided.
  • one or more components may be implemented in the wireless communication interface 913.
  • at least some of these components may be implemented in the processor 901 or the auxiliary controller 919.
  • the smartphone 900 may include a module including the wireless communication interface 913, the processor 901, and / or the auxiliary controller 919, and the one or more components may be mounted on the module.
  • the module stores a program for causing the processor to function as the one or more components (in other words, a program for causing the processor to execute the operation of the one or more components), and stores the program. May be executed.
  • a program for causing a processor to function as one or more components may be installed in the smartphone 900, and the wireless communication interface 913, the processor 901, and / or the auxiliary controller 919 may execute the program.
  • the smartphone 900 or the module may be provided as a device including the one or more components, and a program for causing a processor to function as the one or more components may be provided.
  • a readable recording medium in which the program is recorded may be provided.
  • the smartphone 900 may operate as a wireless access point (software AP) when the processor 901 executes the access point function at the application level. Further, the wireless communication interface 913 may have a wireless access point function.
  • FIG. 25 is a block diagram illustrating an example of a schematic configuration of a car navigation device 920 to which the technology according to the present disclosure can be applied.
  • the car navigation device 920 includes a processor 921, a memory 922, a GPS (Global Positioning System) module 924, a sensor 925, a data interface 926, a content player 927, a storage medium interface 928, an input device 929, a display device 930, a speaker 931, and wireless communication.
  • An interface 933, an antenna switch 934, an antenna 935, and a battery 938 are provided.
  • the processor 921 may be a CPU or SoC, for example, and controls the navigation function and other functions of the car navigation device 920.
  • the memory 922 includes RAM and ROM, and stores programs and data executed by the processor 921.
  • the GPS module 924 measures the position (for example, latitude, longitude, and altitude) of the car navigation device 920 using GPS signals received from GPS satellites.
  • the sensor 925 may include a sensor group such as a gyro sensor, a geomagnetic sensor, and an atmospheric pressure sensor.
  • the data interface 926 is connected to the in-vehicle network 941 through a terminal (not shown), for example, and acquires data generated on the vehicle side such as vehicle speed data.
  • the content player 927 reproduces content stored in a storage medium (for example, CD or DVD) inserted into the storage medium interface 928.
  • the input device 929 includes, for example, a touch sensor, a button, or a switch that detects a touch on the screen of the display device 930, and receives an operation or information input from the user.
  • the display device 930 has a screen such as an LCD or an OLED display, and displays a navigation function or an image of content to be reproduced.
  • the speaker 931 outputs the navigation function or the audio of the content to be played back.
  • the wireless communication interface 933 supports one or more wireless LAN standards such as IEEE802.11a, 11b, 11g, 11n, 11ac, and 11ad, and executes wireless communication.
  • the wireless communication interface 933 can communicate with other devices via a wireless LAN access point in the infrastructure mode.
  • the wireless communication interface 933 can directly communicate with other devices in an ad hoc mode or a direct communication mode such as Wi-Fi Direct.
  • the wireless communication interface 933 may typically include a baseband processor, an RF circuit, a power amplifier, and the like.
  • the wireless communication interface 933 may be a one-chip module in which a memory that stores a communication control program, a processor that executes the program, and related circuits are integrated.
  • the wireless communication interface 933 may support other types of wireless communication systems such as a short-range wireless communication system, a proximity wireless communication system, or a cellular communication system.
  • the antenna switch 934 switches the connection destination of the antenna 935 among a plurality of circuits included in the wireless communication interface 933.
  • the antenna 935 includes a single antenna element or a plurality of antenna elements, and is used for transmission and reception of a radio signal by the radio communication interface 933.
  • the car navigation device 920 is not limited to the example of FIG. 25, and may include a plurality of antennas. In that case, the antenna switch 934 may be omitted from the configuration of the car navigation device 920.
  • the battery 938 supplies power to each block of the car navigation apparatus 920 shown in FIG. 25 through a power supply line partially shown by broken lines in the drawing. Further, the battery 938 stores electric power supplied from the vehicle side.
  • the car navigation device 920 shown in FIG. 25 at least one of the one or more components (for example, the wireless communication unit 110, the output unit 120, the storage unit 130, or the processing unit 140) included in the WLAN terminal 100 described with reference to FIG. Either) may be implemented in the wireless communication interface 933. Further, at least a part of these functions may be implemented in the processor 921.
  • the car navigation device 920 may include a module including the wireless communication interface 933 and / or the processor 921, and the one or more components may be mounted on the module. In this case, the module stores a program for causing the processor to function as the one or more components (in other words, a program for causing the processor to execute the operation of the one or more components), and stores the program. May be executed.
  • a program for causing a processor to function as one or more components may be installed in the car navigation device 920, and the wireless communication interface 933 and / or the processor 921 may execute the program.
  • the car navigation apparatus 920 or the module may be provided as an apparatus including the one or more components, and a program for causing a processor to function as the one or more components may be provided.
  • a readable recording medium in which the program is recorded may be provided.
  • one or more components for example, the wireless communication unit 210, the storage unit 220, the authentication information storage unit 230, or the process included in the WWAN terminal 200 described with reference to FIG. 5). At least one of the units 240) may be implemented in the wireless communication interface 933. Further, at least a part of these functions may be implemented in the processor 921. As an example, the car navigation device 920 may include a module including the wireless communication interface 933 and / or the processor 921, and the one or more components may be mounted on the module.
  • the module stores a program for causing the processor to function as the one or more components (in other words, a program for causing the processor to execute the operation of the one or more components), and stores the program. May be executed.
  • a program for causing a processor to function as one or more components may be installed in the car navigation device 920, and the wireless communication interface 933 and / or the processor 921 may execute the program.
  • the car navigation apparatus 920 or the module may be provided as an apparatus including the one or more components, and a program for causing a processor to function as the one or more components may be provided.
  • a readable recording medium in which the program is recorded may be provided.
  • the technology according to the present disclosure may be realized as an in-vehicle system (or vehicle) 940 including one or more blocks of the car navigation device 920 described above, an in-vehicle network 941, and a vehicle side module 942.
  • vehicle-side module 942 generates vehicle-side data such as vehicle speed, engine speed, or failure information, and outputs the generated data to the in-vehicle network 941.
  • the WLAN terminal 100 is a connection-destination radio station selected based on one or more pieces of network information related to the radio network operated by the radio station, acquired from each of the one or more radio stations.
  • the authentication process using the authentication information of the WWAN terminal 200 is performed by the authentication method selected based on the network information of the connection destination wireless station.
  • the WLAN terminal 100 can select a wireless station that can use the authentication information of the WWAN terminal 200 as a connection destination, and can easily perform an authentication process by using the authentication information of the WWAN terminal 200. It becomes possible. Therefore, for example, the WLAN terminal 100 can safely and easily connect to a wireless station that does not have a connection history and a connection right by using the authentication information of the WWAN terminal 200.
  • the WWAN terminal 200 is activated as a tethering AP with the reception of a request for authentication information from the WLAN terminal 100 as a trigger. For this reason, the WLAN terminal 100 can freely activate the WWAN terminal 200 as a tethering AP and connect to the Internet. Furthermore, connection settings to the tethering AP and manual work such as tethering ON / OFF in the WWAN terminal 200 are not required, and convenience can be improved.
  • the WLAN terminal 100 and the WWAN terminal 200 can simultaneously connect to the same wireless station by sharing authentication information.
  • the WLAN terminal 100 and the WWAN terminal 200 can form a mesh network. That is, the present technology can be applied to IoT (Internet of Things) or M2M (Machine to Machine).
  • IoT Internet of Things
  • M2M Machine to Machine
  • connection-destination radio station to the connection-destination radio station selected based on one or more network information related to the radio network operated by the radio station, acquired from each of the one or more radio stations
  • a processing unit for performing an authentication process using authentication information of another device according to an authentication method selected based on A device comprising: (2) The device according to (1), wherein the connection destination wireless station is selected based on information indicating a state of a wireless communication environment between the device and the wireless station. (3) The apparatus according to (1) or (2), wherein the wireless station to be connected is selected based on information indicating a communication method supported by the wireless station.
  • the apparatus according to any one of (1) to (3), wherein the wireless station to be connected is selected based on information indicating an authentication method supported by the wireless station.
  • the apparatus according to any one of (1) to (4), wherein the wireless station that is a connection destination is selected based on a connection history of the other apparatus.
  • the apparatus according to any one of (1) to (5), wherein the wireless station to be connected is selected based on a network selection policy.
  • the device according to any one of (1) to (8), wherein the wireless station to be connected is selected by the other device.
  • the device according to any one of (1) to (11), wherein the candidate for the wireless station to be connected to includes the other device operable as the wireless station.
  • the authentication information is generated based on at least one of subscriber identification information, electronic certificate, user name and password, pre-shared key or passphrase stored in the other device.
  • a processing unit that provides authentication information used in the authentication process to another device that performs the authentication process based on the authentication method selected based on A device comprising: (15) The device according to (14), wherein the processing unit performs processing for the device to function as the wireless station. (16) The apparatus according to (15), wherein the processing unit performs processing for functioning as the wireless station triggered by reception of the authentication information request from the other apparatus.
  • the processor performs authentication processing using authentication information of another device according to the authentication method selected based on Including methods.
  • Network information of the connection-destination radio station to the connection-destination radio station selected based on one or more network information related to the radio network operated by the radio station, acquired from each of the one or more radio stations Providing a processor with authentication information used in the authentication process to another device that performs an authentication process based on the authentication method selected based on Including methods.
  • An authentication information providing source terminal and an authentication information providing destination terminal With The authentication information providing destination terminal is connected to the wireless station of the connection destination selected based on one or more network information related to the wireless network operated by the wireless station acquired from each of the one or more wireless stations.
  • the authentication information providing source terminal includes a processing unit that provides the authentication information to the authentication information providing destination terminal.
  • connection destination to the wireless station of the connection destination selected based on one or more network information about the wireless network operated by the wireless station acquired from each of the one or more wireless stations by the authentication information providing destination terminal Performing authentication processing using authentication information of an authentication information providing source terminal according to an authentication method selected based on network information of the wireless station;
  • the authentication information providing source terminal providing the authentication information to the authentication information providing destination terminal; Including methods.
  • wireless communication system 100 WLAN terminal 110 wireless communication unit 112 WLAN module 114 BT module 116 NFC module 120 output unit 130 storage unit 140 processing unit 142 acquisition unit 144 selection unit 146 notification unit 148 authentication processing unit 200 WWAN terminal 210 wireless communication unit 212 WWAN module 214 WLAN module 216 BT module 218 NFC module 220 storage unit 230 subscriber identification module 240 processing unit 242 selection unit 244 authentication processing unit 246 tethering processing unit 300 WWAN 310 base station 320 gateway 330 subscriber information server 340 authentication server 350 network information providing server 360 TTL server 400 service network 500 WLAN 510 base station

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Le problème décrit par la présente invention est de fournir un mécanisme permettant de faciliter l'authentification dans un réseau approprié. La solution selon par la présente invention porte sur un dispositif pourvu d'une unité de traitement qui effectue un traitement d'authentification, dans une station sans fil comme destination de connexion sélectionnée sur la base d'un ou de plusieurs éléments d'informations de réseau qui sont acquis à partir de chacune d'une ou de plusieurs stations sans fil et qui concernent un réseau sans fil mis en œuvre par chaque station sans fil, par un procédé d'authentification sélectionné sur la base des informations de réseau de la station sans fil comme destination de connexion et au moyen d'informations d'authentification d'un autre dispositif.
PCT/JP2016/066292 2015-09-03 2016-06-01 Dispositif, système et procédé WO2017038179A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2015-173715 2015-09-03
JP2015173715A JP2017050764A (ja) 2015-09-03 2015-09-03 装置、システム及び方法

Publications (1)

Publication Number Publication Date
WO2017038179A1 true WO2017038179A1 (fr) 2017-03-09

Family

ID=58187385

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/066292 WO2017038179A1 (fr) 2015-09-03 2016-06-01 Dispositif, système et procédé

Country Status (2)

Country Link
JP (1) JP2017050764A (fr)
WO (1) WO2017038179A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220104017A1 (en) * 2020-09-26 2022-03-31 Mcafee, Llc Wireless access point with multiple security modes
JP7467724B1 (ja) 2023-03-30 2024-04-15 Kddi株式会社 情報処理装置、情報処理システム及び情報処理方法

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7204714B2 (ja) * 2020-09-18 2023-01-16 Necプラットフォームズ株式会社 無線中継装置、通信システム、方法及びプログラム
JPWO2022234677A1 (fr) * 2021-05-07 2022-11-10

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009194823A (ja) * 2008-02-18 2009-08-27 Hitachi Ltd 移動体の無線通信制御装置及び無線通信制御方法
JP2010177757A (ja) * 2009-01-27 2010-08-12 Panasonic Corp 無線通信装置および接続先検索方法
JP2010287123A (ja) * 2009-06-12 2010-12-24 Toshiba Corp 無線通信装置および無線通信方法
JP2013235342A (ja) * 2012-05-07 2013-11-21 Canon Inc 通信装置およびその制御方法
JP2014143632A (ja) * 2013-01-25 2014-08-07 Sony Corp 端末装置、プログラム及び通信システム

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009194823A (ja) * 2008-02-18 2009-08-27 Hitachi Ltd 移動体の無線通信制御装置及び無線通信制御方法
JP2010177757A (ja) * 2009-01-27 2010-08-12 Panasonic Corp 無線通信装置および接続先検索方法
JP2010287123A (ja) * 2009-06-12 2010-12-24 Toshiba Corp 無線通信装置および無線通信方法
JP2013235342A (ja) * 2012-05-07 2013-11-21 Canon Inc 通信装置およびその制御方法
JP2014143632A (ja) * 2013-01-25 2014-08-07 Sony Corp 端末装置、プログラム及び通信システム

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220104017A1 (en) * 2020-09-26 2022-03-31 Mcafee, Llc Wireless access point with multiple security modes
US11930359B2 (en) * 2020-09-26 2024-03-12 Mcafee, Llc Wireless access point with multiple security modes
JP7467724B1 (ja) 2023-03-30 2024-04-15 Kddi株式会社 情報処理装置、情報処理システム及び情報処理方法

Also Published As

Publication number Publication date
JP2017050764A (ja) 2017-03-09

Similar Documents

Publication Publication Date Title
JP6904446B2 (ja) 無線通信装置、無線通信方法及びプログラム
CN111869261A (zh) Lwa 通信中的发现与安全
US20150319652A1 (en) Methods and Apparatus for Differencitating Security Configurations in a Radio Local Area Network
US10164967B2 (en) Terminal device and information processing device
WO2017038179A1 (fr) Dispositif, système et procédé
US10292187B2 (en) Wireless communication apparatus, server, payment apparatus, wireless communication method, and program
JP6465108B2 (ja) 無線通信装置
US10051671B2 (en) Terminal device and information processing device
US10225794B2 (en) Terminal device, information processing device, and information providing device
CN113873492B (zh) 一种通信方法以及相关装置
WO2016117211A1 (fr) Dispositif de communication sans fil, procédé de communication sans fil et programme
WO2016027545A1 (fr) Dispositif de communications sans fil, et procédé de communications sans fil

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16841211

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16841211

Country of ref document: EP

Kind code of ref document: A1